pre-commit has been introduced to number of projects like oslo to run
lint checks such as hacking. The pre-commit config file does not affect
functionality, so devstack job is not needed when only the file is
updated.
Change-Id: I4294fe0c4df2c36c8575613b05a1f9c2eb745d18
The datetime.utcnow() is deprecated in Python 3.12.
Replace datetime.utcnow() with
datetime.now(datetime.timezone.utc).replace(tzinfo=None).
Change-Id: I9bf6f69d9e174d490bb4f3eaef3b364ddf97a954
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
smooney noted that using your DevStack host as a jump host is yet
another reasonable option. Add this option also.
Change-Id: I24887c254e131a8979653a7d17e64a708acf294a
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Detail how one can SSH into guests running on a remote DevStack host.
Change-Id: I9f988b1193d67859b129f05d08b32a23e50aee49
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is really easy win for people using DevStack for the first time.
Change-Id: I8de2d4d115d34e9d87dd461016b5b894d3f000e7
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
sphinxcontrib-nwdiag does not appear to be maintained anymore [1] and
there have been no releases in nearly 5 years. Statically generate the
images and include them this way. We can revert this change if the
maintainership issue resolves itself.
sphinxcontrib-blockdiag has had activity more recently [2], but it's
still been nearly 3 years. More importantly, we don't actually use it so
there's no reason to keep it around.
[1] https://pypi.org/project/sphinxcontrib-nwdiag/#history
[1] https://pypi.org/project/sphinxcontrib-blockdiag/#history
Change-Id: Ic5244c792acd01f8aec5ff626e53303c1738aa69
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is the latest cirros release, featuring an updated kernel and some
fixes and added features, let's use it.
[0] https://github.com/cirros-dev/cirros/releases/tag/0.6.3
Change-Id: I2506fa713e0426789fa40a5f4f7fd4e963a158f0
Do this the same way we do it for Nova, to make for easier review.
Change-Id: I31877705894a21570f130723e0a27ff38f945eea
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is optional. There's no need to include it.
Change-Id: I2e745865696dbb317f819ecb74f5b5df88a9ed76
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This was needed when 'block-storage' pointed to the v2 API. This is no
longer the case (and hasn't been for some time). This is unnecessary
duplication now.
Change-Id: I00cfb56d3e54d0162b1609f4bf58814e9000c103
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/tempest/+/930296
devstack-platform-ubuntu-noble was added in
Ie1f8ebc5db75d6913239c529ee923395a764e19c
and has been runnning for a little over 2 months
in that time
https://zuul.openstack.org/builds?job_name=devstack-platform-ubuntu-noble
the job has been pretty stable so its time to make
this voting in advance of it becoming required in the
2025.1 release.
Change-Id: Iffd6ccf9603117d6720931e260afa2da13c26ec4
... to resolve the following warning.
[WARNING] Deprecated '--debug' flag is set to true (use
'--log-level=debug' instead
Change-Id: Idb412cea64dfc42e3d1223b77f134804eeb7bd60
Glance is implementing new location APIs, for which, cinder needs
to pass service token to register a location in glance.
This is required in the case when glance is using cinder as a backend
and cinder tries to upload a volume in the optimized path.
We are adding a new option, ``CINDER_USE_SERVICE_TOKEN`` that will
configure the service user section in cinder.conf. By default, it
is set to False.
Change-Id: I0045539f1e31a6d26c4f31935c5ddfaaa7607a48
When glance is using cinder as a backend, we can use optimized
path for upload volume to image operation.
The config options image_upload_use_cinder_backend and
image_upload_use_internal_tenant are used to configure optimization
in the upload volume to image workflow where we create a cinder
volume in the internal service project and register the location
in glance.
Recently it was found that the glance location API workflow was
broken[1] for the upload volume case and it wasn't detected because we
are not testing it in our glance cinder job "cinder-for-glance-optimized".
This patch adds the config option to test the optimized path.
Note that the optimized upload functionality is only possible when glance
uses cinder as it's backend since it uses clone volume functionality to
clone the Image-Volume from the source volume.
[1] https://bugs.launchpad.net/glance/+bug/2054575
Change-Id: I521ed04696a5a545b2a2923cf8008bd64add7782
This is another occurrence of the issue fixed in bug
1786259 with change I30bf655f which occurs when there
are multiple IPv6 gateways present.
Before this change:
$ source openrc
+++++functions-common:get_default_host_ip:776 ip -f inet6 addr show 100
Device "100" does not exist.
This is because the ip route command returns:
default proto ra metric 100 expires 1497sec pref medium
nexthop via fe80::4e16:fc01:298c:98ed dev ens3 weight 1
nexthop via fe80::4e16:fc01:2983:88aa dev ens3 weight 1
Related-Bug: #1786259
Change-Id: I7729730df66a4dc7ee11df1d23b19b9c0794b575
This generates the test images in os-test-images and also configures
tempest to know where it is (and if image conversion is enabled in
glance).
Change-Id: Ib74002828a77838ab95d2322e92bdab68caac37c
The configuration variable can be checked in the Neutron configuration
during the post-config phase when the configuration files and sections
are merged together.
Closes-Bug: #2075342
Change-Id: Ic42463e2f72488a1b14ce49e4e435cb4a2c0c855
Relatively recently oslo.log 6.1.0 was released and contains change
I7966d4f4977b267f620946de4a5509f53b043652 which added an option to
enable color in logs which defaults to False. This caused a change in
behavior for DevStack such that viewing logs with journalctl no longer
showed different colors for different log levels, which can make
debugging more difficult when developing with DevStack.
This adds olso.log color configuration based on the existing $LOG_COLOR
DevStack variable for log color which defaults to True for interactive
invocations.
Change-Id: If10aada573eb4360e81585d4fb7e5d97f15bc52b
This can be fleshed out more in the future, including with information
about managing plugins, but this is a start.
Change-Id: I1094d093b704e37370e3e434ebf3697954e99da3
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The "neutron-rpc-server" is not a configurable service that can be
enabled or disabled. This service is a dependant process of the
"neutron-api-server" service that is spawned when the Neutron API
uses the WSGI module. The execution of this child service will depend
on:
* The Neutron API service when running with the WSGI module. If
the Neutron API uses the eventlet module, this service won't run
(the RPC workers will be spawned by the eventlet server).
* The "rpc_workers" configuration variable. If this variable is
explicitly set to "0", the server must not run.
Closes-Bug: #2073844
Related-Bug: #2073572
Change-Id: Ic019423ca033ded8609d82bb11841b975862ac14
When the Neutron WSGI module is used, an independent service called
"neutron-rpc-server" is configured and executed. However it will fail
if the number of RPC workers is configured to zero. In that case,
the configuration and execution of this service should be skipped.
If the service is explicitly disabled in the devstack configuration,
it won't be executed neither.
Closes-Bug: #2073572
Change-Id: Idd023a2a8f588152221f20a13ae24fbb7d1618a4
one observation we had in down stream ci is
sometimes the cirros 0.6.2 image appared to
crash when using 128MB of ram.
upstream we have been dealing with semi random
kernel panics which are losely corralated with
cinder volume usage.
Recently we optimisted the devstack jobs by using zswap
this has reduced memory pressure in the jobs.
This patch increase the ram allocated to a flavor
to see if we can afford that with the current conncurnace
level in an attempt to reduce kernel panics.
Two new parmaters are added to allow jobs or users
to set the desired ram size.
TEMPEST_FLAVOR_RAM=${TEMPEST_FLAVOR_RAM:-192}
TEMPEST_FLAVOR_ALT_RAM=${TEMPEST_FLAVOR_ALT_RAM:-256}
Change-Id: Ib6a2d5ab61a771d4f85bd2c2412052efadc77ac5
Each service should only be using that service's user account within its
configuration, in order to reduce the possible impact of credential
leaks. Start with nova, other services will follow.
Change-Id: I6b3fef5de05d5e0cc032b83a2ed834f1c997a048
This new service is spawned when using Neutron WSGI module. This new
service executes the OVN maintenance task that syncs the Neutron
database and the OVN database.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/922074
Related-Bug: #1912359
Change-Id: I495459cd9e35e2e76ba7fc9611a589e1685814f5
A config option is being added in nova with [1]
in order to allow configuring lower tb-cache size
for qemu guest VMs.
This patch adds a flag in devstack so jobs can
utilize it to set required tb-cache size.
[1] https://review.opendev.org/c/openstack/nova/+/868419
Co-Authored-By: Sean Mooney <work@seanmooney.info>
Related: blueprint libvirt-tb-cache-size
Change-Id: Ifde737eb5d87dfe860445097d1f2b0ce16b0de05
This commit enabeles a number of performance optimizations
to tune the host vms memory and io by leveraging zswap
and other kernel parmaters to minimize the effect of io
latency and memory pressure.
The openstack-cli-server has been enabled in the nova ci
for several months now and has proven to speed up devstack
signifcantly, while this change does not enable it by
default in devstack it does enable it by default in the ci
jobs.
simiarly the zswap and other tuning remain disabled by default
in devstack but are enabled by default in the devstack job.
This change limits the qemu tb_cache_size to 128MB form 1G,
this requires libvirt 8.0.0 or newer. as bullseye and
openeuler-22.03 do not meet that requirement they have been
removed. libvirt 8.0.0 will be the new min version supported
in nova in the 2025.1 release so the decions was made
to drop supprot for older release now instead of doing it
at the start of the 2025.1 cycle. debain coverage is still
provided by the newer bookworm relase. openeuler-22.03 has
been superseded by the openeuler-24.03 lts release.
openeuler-24.03 is not currnetly aviable in ci but supprot
could be readded if desired however that is out os scope of
this change.
Change-Id: Ib45ca08c7e3e833b14f7e6ec496ad2d2f7073f99
This change installs setuptools in the requirements
and global venv to ensure that distutils is present
This change also adds new single and two node
nodeset for noble and a devstack platform job as nonvoting.
Change-Id: Ie1f8ebc5db75d6913239c529ee923395a764e19c
This new service is spawned when using Neutron WSGI module. This new
service executes the plugin workers inside a wrapper executor class
called ``AllServicesNeutronWorker``. The workers are executed as
threads inside the process.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/922110
Related-Bug: #2069581
Change-Id: I6b76b7bcee1365c80f76231e0311406831f8ce41
Only branches with stable/ as prefix were considered
but now we have branches even with different
prefix like unmaintained/, fix it to consider
such cases by using a generic filter instead of
assuming branch name starts with stable.
Change-Id: I967de13094ff6df46737a22d4e1758f9900dfbc9
After patch [1] deploying neutron with uwsgi was not working correctly
due to the fact that there was different paths for the applications
set in the api-paste.ini file. Instead of default ones like:
/: neutronversions_composite
/healthcheck: healthcheck
/v2.0: neutronapi_v2_0
it was changing it to something like:
/networking/: neutronversions_composite
/networking/healthcheck: healthcheck
/networking/v2.0: neutronapi_v2_0
where 'networking' can be configured to something else.
This patch fixes deployment of neutron with uwsgi by not changing its
api-paste.ini file when NEUTRON_DEPLOY_MOD_WSGI=True.
[1] https://review.opendev.org/c/openstack/devstack/+/849145
Closes-bug: #2069418
Change-Id: I12b860d4d98442e2b5ac0c9fd854f1226633b518
This is no longer necessary and any users of this should be updated to
remove references.
Change-Id: Ice5083d8897376fd2ed6bd509419526e15baaf12
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
All clients - OSC included - use keystoneauth under the hood which
hasn't required this in a very long time. Stop setting it and remove the
warning.
We also remove references to 'NOVA_*' variables that haven't been a
thing since well before *I* started working on OpenStack 😅
Change-Id: I882081040215d8e32932ec5d03be34e467e4fbc2
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Currently, when enabling c-bak service, the backup tab will not
be shown on Horizon by default. This patch tells Horizon to
display backup dashboard when c-bak is enabled.
Closes-Bug: 2064496
Change-Id: I06295706e985bac58de2878c6d24c51f3267c205
Signed-off-by: MinhNLH2 <minh.nlh.work@gmail.com>
OpenStackClient has a significant amount of startup overhead, which
adds a non-trivial amount of time to each devstack run because it makes
a lot of OSC calls. This change uses the OSC service from [0] to run
a persistent process that handles openstack calls. This removes most
of the startup overhead and in my local testing removes about three
minutes per devstack run.
Currently this is implemented as an opt-in feature. There are likely a
lot of edge cases in projects that use a devstack plugin so turning it
on universally is going to require boiling the ocean. I think getting
this in and enabled for some of the major projects should give us a lot
of the benefit without the enormous effort of making it 100% compatible
across all of OpenStack.
Depends-On: https://review.opendev.org/c/openstack/nova/+/918689
Depends-On: https://review.opendev.org/c/openstack/ironic/+/918690
Change-Id: I28e6159944746abe2d320369249b87f1c4b9e24e
0: http://lists.openstack.org/pipermail/openstack-dev/2016-April/092546.html
Make it a little more obvious what the difference between the two helper
functions is.
Change-Id: I07ec34ecfcd2b7925485145c4b4bf68eda385a32
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We'd like to move from configuring uWSGI with '.wsgi' files to
configuring with module paths. Do this for all in-tree services and log
a deprecation warning for anyone still passing a path.
Note that since 'basepath foo' returns 'foo', this is effectively a
no-op for the services being converted here.
Change-Id: Ia1ad5ff160a9821ceab97ff1c24bc48cd4bf1d6f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
devstack doesn't do releases, so there should be no release notes,
either. Drop the one that was accidentally created to avoid confusion.
Change-Id: I75a295e50c36925a0137a5458444fb48bd5d9f8a
This is more likely how people will actually upload their images, but
it also prevents the "osc as a service" feature from working because
stdin isn't proxied (of course). So just convert our uses of "image
create" to use --file instead of stdin.
Change-Id: I7205eb0100ba7406650ed609cf517cba2c8d30aa
Running stack.sh on a python 3.12 system generates this
warning from worlddump.py:
DeprecationWarning: datetime.datetime.utcnow() is deprecated
Use datetime.now(timezone.utc) instead, which should be
backwards-compatible with older python versions.
TrivialFix
Change-Id: I11fe60f6b04842412045c6cb97f493f7fef66e1a
pbr's 'wsgi_scripts' entrypoint functionality is not long for this world
so we need to start working towards an alternative. We could start
packaging our own WSGI scripts in DevStack but using module paths seems
like a better option, particularly when it's supported by other WSGI
servers like gunicorn.
Currently only nova is migrated. We should switch additional projects as
they migrate and eventually remove the support for WSGI scripts
entirely.
Change-Id: I057dc635c01e54740ee04dfe7b39ef83db5dc180
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/nova/+/902687/
The variable should be in quotes for the check to work
Testing the behavior in bash:
current behavior:
$ config_file=""
$ if [ -n ${config_file} ]; then echo a; fi
a
$ config_file="abc"
$ if [ -n ${config_file} ]; then echo a; fi
a
behavior with quotes:
$ config_file=""
$ if [ -n "$config_file" ]; then echo a; fi
$ config_file="abc"
$ if [ -n "$config_file" ]; then echo a; fi
a
Change-Id: Iba956d9d4f43b925848174a632aabe58999be74b
This patch removes a couple of tempest.conf settings that are being
overwrriten when Keystone is set to enforce scope.
These settings are already being set by the keystone devstack plugin [1]
and do not need to be overwritten here.
Keystone is changing the default admin credentials to be project-admin
instead of system-admin to address some failing tests in services that
require project-scoped admin for their admin APIs. [2] These overrides
are preventing that change from taking effect.
[1] https://opendev.org/openstack/keystone/src/branch/stable/2024.1/devstack/lib/scope.sh#L24-L25
[2] https://review.opendev.org/c/openstack/keystone/+/913999
Change-Id: I48edbcbaa993f2d1f35160c415986d21a15a4999
Updated clean.sh to remove Glance's Apache uWSGI config files in
APACHE_CONF_DIR, including /etc/apache2/sites-enabled/ on Ubuntu.
Test Plan:
- Run clean.sh.
- Confirm Glance uWSGI configs are removed from APACHE_CONF_DIR.
Closes-Bug: #2057999
Change-Id: I44475b8e084c4b20d7b7cb7f28574f797dbda7a2
The ubuntu-xenial labels are going to disappear from opendev as that
image is EOL and will we deleted. Clean up our zuul config.
Update some example reference as well.
Change-Id: Id04110f7c871caa1739ff2b62e9796be4fb9aa00
In the _setup_package_with_constraints_edit name of the package was
always discovered from the setup.cfg file. But as some projects
implements PEP-621 (see [1] for the SQLAlchemy for example) it is not
enough now.
This patch adds parsing pyproject.toml file also if name is not found in
the setup.cfg file.
[1] https://github.com/sqlalchemy/sqlalchemy/commit/a8dbf8763a8fa2ca53cc01033f06681a421bf60b
Closes-Bug: #2052509
Change-Id: Iee9262079d09a8bd22cd05a8f17950a41a0d1f9d
Making newly introduced `centralized_db` driver as default cache
driver for glance so that it can be tested in available CI jobs.
New cache driver `centralized_db` needs `worker_self_reference_url`
in glance-api.conf file otherwise glance api service will fail to
start.
Related blueprint centralized-cache-db
Depends-On: https://review.opendev.org/c/openstack/glance/+/899871
Change-Id: I75267988b1c80ac9daa5843ce8462bbac49ffe27
The bashate tool has been very stable for a while and we rarely expect
changes which may break existing scripts.
This removes the current capping to avoid updating the upper limit when
when a new release is created in bashate.
Change-Id: Iae94811aebf58b491d6b2b2773db88ac50fdd737
zswap should only be enabled if ENABLE_ZSWAP is true.
The if condition was checking ENABLE_KSMTUNED.
That is now fixed.
Change-Id: I76ba139de69fb1710bcb96cc9f638260463e2032
This change add a new lib/host-mem file and moves the existing
ksm support to a new configure_ksm function.
Additional support for ksmtuned is added with a new flag
"ENABLE_KSMTUNED" which defaults to true.
This change also adds support for zswap. zswap is disabled
by default. When enabled on ubuntu lz4 will
be used as the default compressor and z3fold as the zpool.
On non debian distros the compressor and zpool are not set.
The default values should result in very low overhead although
the zstd compressor may provide better overall performance in ci
or with slow io due to the higher compression ratio.
Additionally memory and network sysctl tunings are optionally applied
to defer writes, prefer swapping and optimise tcp connection
startup and keepalive. The sysctl tunings are disabled by default
The base devstack job has been modifed to enable zram and sysctl
tuning.
Both ksm and zswap are wrapped by a tune_host function
which is now called very early in devstack to ensure
they are configured before any memory/network intensive
operations are executed.
The ci jobs do not enable this functionality by default.
To use this functionaltiy define
ENABLE_SYSCTL_MEM_TUNING: true
ENABLE_SYSCTL_NET_TUNING: true
ENABLE_ZSWAP: true
in the devstack_localrc section of the job vars.
Change-Id: Ia5202d5a9903492a4c18b50ea8d12bd91cc9f135
The Neutron OVN agent is a service that could run in any node. The
functionality will depend on the extensions configured. This new
agent is meant to be the replacement for the Neutron OVN metadata
agent once the "metadata" extension is implemented in this service
[1].
[1]https://review.opendev.org/c/openstack/neutron/+/898238
Related-Bug: #2017871
Change-Id: I8f82f0047e89aac122a67f59db84f03e1a6bf519
This preserved `ADITIONAL_VENV_PACKAGES` as an input for backwards
compatiblity, but takes `ADDITIONAL_VENV_PACKAGES` with priority.
Fixes spelling in comment.
Related-Bug: #2046936
Change-Id: I84151d8f71b12da134e8fb9dbf3ae30f2a171fe2
Looking at the recent failures in the tempest-integrated-compute
job, the reimage operation seems to be taking longer than our
expected time of 60 seconds (which was increased because of a similar
failure in the past, default is 20 seconds).
The main culprit for this failure is the image conversion from qcow2
to raw which is taking ~159 seconds.
Dec 05 13:29:59.709129 np0035951188 cinder-volume[77000]: DEBUG oslo_concurrency.processutils [req-5113eccb-05ba-486a-8130-a58898c8ad35 req-0edf972a-109a-465f-a771-ceb87ecbda3e tempest-ServerActionsV293TestJSON-1780705112 None] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf qemu-img convert -O raw -t none -f qcow2 /opt/stack/data/cinder/conversion/image_download_dbe01f18-1c90-4536-a09a-b49f0811c7a0_copod3cm /dev/mapper/stack--volumes--lvmdriver--1-volume--073a98e8--3c89--4734--9ae5--59af25f8914a" returned: 0 in 159.272s {{(pid=77000) execute /opt/stack/data/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422}}
The recent run took ~165 seconds on the cinder side but it failed
early since the nova operation timed out in 60 seconds hence
deleting the volume.
To be on the safer side, 180 seconds seems to be a sane time for
the operation to complete which this patch configures.
Closes-Bug: 2046252
Change-Id: I8a9628216038f6d363cab5dd8177274c9cfc17c2
Downloading an image can fail due to network issues, so let's
retry 5 times before giving up. We have seen issues in CI due
to network issues as described below and in the Related-Bug:-
Often times fetching Fedora image in FIPS jobs fails due to
"GnuTLS: One of the involved algorithms has insufficient security level."
This occurs when request to pull image is redirected to a mirror that's
incompatible with FIPS enabled system.
Making multiple attempts to download images could provide better chance of
pulling images from different mirrors and avoid failure of the job.
This will also save a few rechecks.
Related-Bug: #2045725
Change-Id: I7163aea4d121cb27620e4f2a083a543abfc286bf
Added new devstack variable `GLANCE_CACHE_DRIVER` default
to `sqlite` to set the cache driver for glance service.
Related blueprint centralized-cache-db
Change-Id: I76d064590356e2d65bfc6a3f57d1bdaeeb83a74a
This reverts commit 67630d4c52.
Reason for revert: Seeing random failures across jobs as sometimes
'keyring_pass.cfg' gets duplicated keys and that makes executions
of any openstackclient command to fail until the file is removed.
This should be handled before re enabling the token caching again.
Change-Id: I3d2fe53a2e7552ac6304c30aa2fe5be33d77df53
Related-Bug: #2042943
Originally we only had the openeuler jobs there, but the other platforms
could also do with some regular testing.
Change-Id: I93526a4c592d85acd4debf72eb59e306ab8e6382
openEuler 22.03 LTS support was removed from devstack in last
few months due to its libvirt version is too old and the CI job
always fail.
This Patch add a yum repository for libvirt7.2.0, and add the
related CI job to make sure its works well.
Change-Id: Ic507f165cfa117451283360854c4776a968bbb10
currently id you run devstack with the dbcounter service enabled
the created subdirs show up in git status
this change justs add them to .gitgnore
Change-Id: Iee48eb4e12ac22734c8a2c1dcbe0b92a0a387eaa
SDK uses python keyring library to enable token caching. Normally this
is requiring a proper desktop (interactive) session, but there are some
backend plugins working in non-interactive mode. Store cache in an
unencrypted file on FS (this is not worse than storing passwords in
plaintext).
Change-Id: I42d698f15db5918443073fff8f27b926126d1d0f
Neutron bobcat release has enabled the RBAC new defaults
by default. With the latest release of Neutron have new
defaults enable, we should configure the same by default in
devstack. This change make NEUTRON_ENFORCE_SCOPE flag to
True by default so that every job will run with Neutron
new defaults.
As old defaults are still supported (in deprecated way),
we will keep this flag so that we can have one job disable
it and test the old defaults.
Change-Id: I3361d33885b2e3af7cad0141f9b799b2723ee8a1
... so that we can use PyMemcacheCache backend. The MemcachedCache
backend, which has been used previously, has been removed in recent
Django, and we are switching the default backend in [1].
[1] https://review.opendev.org/c/openstack/horizon/+/891828
Change-Id: Ie1da8970628e34c41721198cdada8c7bb3b26ec0
Developers that need to stack and re-stack non-AIO compute-only
environments will want to be able to keep the compute node uuid the
same across runs. This mimics the behavior of a deployment tool that
pre-creates the uuids, so it matches pretty well. Default to the
current behavior of create-on-start, but allow forcing it ahead of
time to something specific.
Change-Id: Icab0b783e2233cad9a93c04758a5bccac0832203
Neutron has deprecated linuxbridge support and is only doing reduced
testing for the neutron-linuxbridge-tempest job, so we need no longer
run it in devstack, even less gate on it.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie1a8f978efe7fc9b037cf6a6b70b67d539d76fd6
The depends-on patch adds a new backup_driver option to tempest.
The goal of this change is to be able to do a proper cleanup of
containers when swift is used as a backup driver.
Thich change makes sure that the new option is properly set to
"swift" when Swift is used as the driver.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/896011/13
Change-Id: I76e7fd712ee352051f8aa2f2912a29abad9ad017
This makes the glance-api-remote setup honor the GLOBAL_VENV flag,
and not pass the --venv stuff to uwsgi if it is disabled. This should
fix the glance-multistore-cinder-import-fips job.
Change-Id: I2005da5ced027d273e1f25f47b644fecafffc6c1
local.sh, if present, will be executed at the end of stack.sh. The
sample file here is meant to be copied to devstack root if desired.
Unfortunately, due to Change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
changing to use OS_CLOUD in stack.sh, sourcing openrc here will cause
both OS_CLOUD and traditional OS_* env vars to be set, which causes a
conflict.
Change-Id: Id80b46acab7d600ad7394ab5bc1984304825a672
It has been very stable for some time and it is going to be a major
platform for the next cycle.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Id2df9514b41eda0798179157282a8486b1e9ae23
The openeuler job running version 22.03 fails due to old libvirt.
Nova requires version 7.0.0 or greater.
Related-Bug: #2035224
Change-Id: I4ad6151c3d8555de059c9228253d287aecf9f953
In order for Ironic perform full testing with devstack, it uses
virtual machines attached to a ovs bridge network to simulate
bare metal machines. This worked great for OVS because often
OVS was already running on the nodes due to the package, and
we could just apply configuration and be done with it when
Ironic's devstack plugin was applying initial configuration and
setting up the test environment.
With OVN, and the requirement of a specific co-installed OVS
version, Ironic has discovered that we cannot perform this same
configuration without having already started OVN during the
initial system setup. Which is fine, but we can't initialize
and start OVN twice. It just doesn't work.
The original form of this patch was proposed by lucasgnomes
in order to validate that we, did, indeed, need to do this
to enable Ironic to successfully test an OVN based
configuration, and is now being revised to handle that case
automatically when Ironic is the selected virt plugin.
Co-Authored-By: Julia Kreger <juliaashleykreger@gmail.com>
Change-Id: Ifbfdaaa97fdbe75ede49dc47235e92a8035d1de6
Add's the OVN_BRIDGE_MAPPINGS variable to ovn_agent.
Uses the same format as OVS_BRIDGE_MAPPINGS, it defaults
to "$PYSICAL_NETWORK:$PUBLIC_BRIDGE".
This enables use of providernet for public network and
setting up additional bridges, for example a for baremetal.
Example:
Q_USE_PROVIDER_NETWORKING="True"
OVS_PHYSICAL_BRIDGE="brbm"
PHYSICAL_NETWORK="mynetwork"
PUBLIC_PHYSICAL_NETWORK="public"
PUBLIC_BRIDGE="br-ex"
OVN_BRIDGE_MAPPINGS="public:br-ex,mynetwork:brbm"
Change-Id: I37317251bbe95d64de06d6232c2d472a98c0ee4d
This was dropped in tempest, too[0], and we want to focus on getting and
keeping the jammy job stable.
Still retaining the nodeset definitions until we are sure they are not
needed in other projects.
[0] https://review.opendev.org/c/openstack/tempest/+/884952
Change-Id: Iafb5a939a650b763935d8b7ce7069ac4c6d9a95b
This was missed as part of [1], neutron sets
exec_dirs in rootwrap.conf differently so that
also needs to be fixed.
Without it neutron openvswitch jobs relying on
neutron-keepalived-state-change scripts were
failing when deployed with GLOBAL_VENV=True as
binaries no longer found at /usr/local/bin.
[1] https://review.opendev.org/c/openstack/devstack/+/558930
Closes-Bug: #2031415
Change-Id: I9aa56bff02594f253381ffe47a70949079f4c240
As far as I could tell, the global_filter config added in change
I5d5c48e188cbb9b4208096736807f082bce524e8 wasn't actually making it
into the lvm.conf. Given the volume (or rather LVM volume) related
issues we've been seeing in the gate recently, we can give this a try
to see if the global_filter setting has any positive effect.
This also adds the contents of /etc/lvm/* to the logs collected by the
jobs, so that we can see the LVM config.
Change-Id: I2b39acd352669231d16b5cb2e151f290648355c0
The base systemd unit file setup now writes an Environment= line to
the file for the venv. The glance-remote code was setting that to
point at the alternate config location, using iniset which was
clobbering the venv one. Switch to iniadd to fix.
Also, we need to explicitly put the --venv flag into the command since
we write our unit file ourselves. This probably needs a cleanup at
this point, but since the glance gate is blocked, do this for now.
Change-Id: I2bd33de45c41b18ed7d4270a7301b1e322134987
As a temporary workaround, let's set the GLOBAL_VENV to false
specifically for centos 9 stream and rocky distros where we
encountered issues after changing the default value
of GLOBAL_VENV to True in Devstack:
https://review.opendev.org/c/openstack/devstack/+/558930
Related-Bug: #2031639
Change-Id: I708b5a81c32b0bd650dcd63a51e16346863a6fc0
* etcd 3.3 is no longer maintained.
* etcd 3.4 removes deprecated interfaces, and clients may
need updated configs.
* The cinder backend coordination URL needs to explicitly
specify the version, until tooz can be updated
https://review.opendev.org/c/openstack/tooz/+/891355
* etcd only supports in-place upgrades between minor
versions, so any jobs testing upgrades could fail if
they skip from 3.2 directly to 3.4
Change-Id: Ifcecdffa17a3a2b1075aa503978c44545c4a2a3c
This reverts commit 113689ee46.
Reason for revert: systemd-252-17.el9 which includes the fix is now available in CentOS 9-stream repos.
Change-Id: I6fe19838a75a30fd5d2434c03b7f403f1c7e4b50
While the patch where this was first introduced and set to 120 [1] is
sensible for the vast majority of jobs, it's conceivable that some
jobs might want a different value.
Specifically, the whitebox-tempest-plugin changes configurations and
restarts Nova services, and to do so it waits for the service status
to update in the API before continuing with the tests. With the report
interval set to 120 and the down time threshold set to 720, the
service would continue showing 'up' in the API long after it was
actually down, causing the wait to time out.
Whitebox is a low-traffic project with only a couple of devstack jobs
that run tempest tests sequentially (concurrency=1). Its CI is also
pretty stable. It seems legitimate for it to keep the old default
values of report_interval and service_down_time.
This patch keeps the 120 default for NOVA_SERVICE_REPORT_INTERVAL, but
makes it configurable by individual jobs. Since the original patch
also introduced CINDER_SERVICE_REPORT_INTERVAL as a constant, make
that configurable as well.
[1] https://review.opendev.org/c/openstack/devstack/+/890439
Needed-by: https://review.opendev.org/c/openstack/whitebox-tempest-plugin/+/891612
Change-Id: I64fa2059537ea072a38fb4900d3c7d2d8f0ce429
glance and rally binaries are also needed.
Also make sure the cinder-rtstool is only called when cinder is actually
enabled.
Change-Id: I18113eabf2fa83e36bace276883775303f6a1e9a
This is being used in some nova jobs, so we need to add it. Also order
the list of linked binaries to allow easier maintenance.
Change-Id: Ief012f7842d6e14380c9575740d1856bc1f2355e
I have seen this failure in the gate a few times:
[ERROR] /opt/stack/devstack/functions-common:2334 Neutron did not start
/opt/stack/devstack/functions-common: line 310:
/opt/stack/logs/error.log: Permission denied
So whatever was trying to be written to error.log never
happened. Change to be like other directories in this
file and make the $LOGDIR owner stack.stack.
Change-Id: I673011aba10c8d03234100503ccc5876e75baff2
RDO has moved rdo-release packages to a new infra which supports EMS so
we do not need to wget it and install it using local rpm install.
This partially reverts [1].
[1] https://review.opendev.org/c/openstack/devstack/+/884277/
Change-Id: I189d0c3da0e7b017e2568022c14e6c8fb28251f1
This will cause apache to no longer wait forever for a connection
pool member to become available before returning 503 to the client.
This may help us determine if some of the timeouts we see when
talking to the services come from an overloaded apache.
Change-Id: Ibc19fc9a53e2330f9aca45f5a10a59c576cb22e6
Heavily-loaded workers in CI consistently fail to complete the
service checkin task, which is configured for every ten seconds in
nova and cinder. This generates additional load on the database server
as well as consumes a threadpool worker. If we're not making the
deadline, there's really no point in having it be so high. Further,
since the workers must remain up for all the tempest tests we're
running against them, there's really no benefit to a fast-fail
detection.
This sets the report_interval to 120s for nova and cinder, and sets
service_down_time to 6x that value, which is consistent with the
default scale.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/890448
Change-Id: Idd7aa1daf354256b143a3778f161cfc72b318ea5
systemd-252-16.el9 introduced a regression
where libvirtd process exits after 120s of
inactivity.
Add a workaround to unset 120s timeout for
libvirtd, the workaround can be removed once
the fix is available in systemd rpm.
Related-Bug: #2029335
Change-Id: Id6db6c17518b54d5fef7c381c509066a569aff6d
Since we are python3 only for openstack we create a single python3
virtualenv to install all the packages into. This gives us the benefits
of installing into a virtualenv while still ensuring coinstallability.
This is a major change and will likely break many things.
There are several reasons for this. The change that started this effort
was pip stopped uninstalling packages which used distutils to generate
their package installation. Many distro packages do this which meant
that pip installed packages and distro packages could not coexist in the
global install space. More recently git has made pip installing repos as
root more difficult due to file ownership concerns.
Currently the switch to the global venv is optional, but if we go down
this path we should very quickly remove the old global installation
method as it has only caused us problems.
Major hurdles we have to get over are convincing rootwrap to trust
binaries in the virtualenvs (so you'll notice we update rootwrap
configs).
Some distros still have issues, keep them using the old setup for now.
Depends-On: https://review.opendev.org/c/openstack/grenade/+/880266
Co-Authored-By: Dr. Jens Harbott <frickler@offenerstapel.de>
Change-Id: If9bc7ba45522189d03f19b86cb681bb150ee2f25
It was made voting some time ago, but we missed also running it in gate.
With that RHEL platform test in place, we can keep c9s permanently
non-voting, which is better suited to match its instability.
Change-Id: I6712ac6dc64e4fe2203b2a5f6a381f6d2150ba0f
This relaxes the limits for dbcounter to make it flush stats to the
database less often. Currently every thirty seconds or 100 hits, we
write a stats line to the database. In some services (like keystone)
this can trigger more than one write per second because of the
massive number of SELECT calls that service makes.
This removes the hit limit and decreases the mandatory flush interval
to once a minute. Hopefully this will manifest as lower load on the
database triggered by what would be readonly operations.
Change-Id: I43a58532c0541075a2d36408abc50a41f7994bda
This patch: https://review.opendev.org/c/openstack/devstack/+/882299
provides functionality, that commit hash can be passed as last arugment,
however when GIT_DEPTH is set, it fails, as in:
timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git ./ovn
--depth 1 --branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
fatal: Remote branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
not found in upstream origin
Closes-Bug: #2023020
Change-Id: I748354964a133e028e12458cc9014d6d014cbdb9
When there is only a single image, configure_tempest()
needs to always set image_uuid_alt the same as image_uuid,
else it will fail trying to determine the size of the
flavor to use for it later in the function.
Introduced by [0], and subsequent change did not fix it.
[0] https://review.opendev.org/c/openstack/devstack/+/886795
Change-Id: Ibfe99ff732570dbd415772c5625f43e35b68c871
Related-bug: #2028123
[1] caused a regression causing failures when
more than 1 images are setup. Fixing it by correctly
using the array variable. Also add a break in the
for loop once if condition is met.
[1] https://review.opendev.org/c/openstack/devstack/+/886795
Closes-Bug: #2028123
Change-Id: I4f13c1239312bbcca8c65e875d65d03702161c18
This increases the timeout we use to wait for cinder to perform a
volume reimage. Since devstack is often running on a single machine
with non-production IO performance, we should bump this limit to avoid
hitting it before the rebuild completes.
Change-Id: Ie2663b951acb0c1a65597a39e032948764e6ae6a
In current logic to set two different image in Tempest in config
option image_ref and image_ref_alt, we consider if DEFAULT_IMAGE_NAME
is found in glance then set the same image in tempest for those
two config option. This means even we have two different image available
in glance, still we set same image in image_ref as well as image_ref_alt
and all the rebuild tests are rebuilt on the same image.
I could not find any reason why we set same image if DEFAULT_IMAGE_NAME
exist, below are the original change added this logic
- https://review.opendev.org/c/openstack/devstack/+/17553
We had a requirement of test to run on two different images
- https://review.opendev.org/c/openstack/tempest/+/831018
and for that we need to set DEFAULT_IMAGE_NAME to non exist image
name but that broke the Ironic which was reply on the valid name
in DEFAULT_IMAGE_NAME
- https://review.opendev.org/c/openstack/ironic/+/886790
As we do not have any reason not to set two different image
if DEFAULT_IMAGE_NAME is set, I am removing the condition of
DEFAULT_IMAGE_NAME from lib/tempest logic and always set two
different images if they are available.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/886796
Change-Id: I9d215f48d4440f2fa6dcc0d222a10896caf01215
To facilitate that this change removes it form the default filter
list. By default nova has used placement for AZs so this filter
has not been requried since xena.
Change-Id: Ie5e216dd8c2a7ecf43cc6954ec4f73d4d67b5b3b
Default for systemd TimeoutStopSec is 90 seconds
and that is same for default graceful shutdown of
uwsgi service(WORKER_TIMEOUT).
Due to the Related-Bug graceful stop attempt
fails and there is no room for force shutdown.
This patch reduces default for WORKER_TIMEOUT by
10 seconds so there is a buffer to force stop the
service.
Closes-Bug: #2020643
Related-Bug: #2015065
Change-Id: I6aacac94f9697088338b3d2f99d8eaa22c2be67b
Cirros has made a new release, including a newer kernel that should fix
some issues when using nested virtualization.
Related-Bug: 2023559
Change-Id: I63469371b13801094a3ee1baae6e343999fbefa5
Fedora 36 is EOL, also opendev is dropping support for Fedora images
completely since interest in running jobs on that platform is no longer
existing. CentOS 9 Stream has evolved as replacement platform for new
features.
Only drop the Zuul configuration and the tag in stack.sh for now plus
update some docs. Cleanup of the deployment code will be done in a
second step.
Change-Id: Ica483fde27346e3939b5fc0d7e0a6dfeae0e8d1e
On Debian-based distros, the 'coredumpctl' command is
provided by the systemd-coredump package, which is not
installed by default. On failure, when "post" commands
are executed this error is seen:
controller | /bin/bash: line 1: coredumpctl: command not found
Install it along with other libvirt packages to avoid
the error.
On Fedora distros it is in the systemd package, so the
problem is not seen since it is always installed.
Change-Id: I6012bd3240d68736a5db8ae49dc32098a086f320
Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.
In order to install the rdo-release rpm from repo.fedoraproject.org,
which does not support EMS, I'm using a workaround to wget, which works
with non-EMS servers because it uses gnutls instead of openssl, and
install it locally with rpm.
This is also consistent to CentOS 8 implementatioin.
Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
The distutils package is deprecated and slated for removal in
Python 3.12. Let's use shutil.which which is also recomended
by PEP 632: https://peps.python.org/pep-0632/#migration-advice
Closes-Bug: #2009229
Change-Id: Ibb2a9731449e765c4a56952a9f02679e9618778b
We have lots of evidence that this is a net benefit, so enable it
by default instead of everyone having to opt-in.
Change-Id: I66fa1799ff5177c3667630a89e15c072a8bf975a
This reverts commit 37d11d00e5.
Reason for revert: reverting this revert as the issue caused by the original patch (before the first revert) is fixed by:
https://review.opendev.org/c/openstack/devstack/+/881504
Therefore we can proceed with the cirros version bump.
Change-Id: I43e2b04a0142c19fb1a79da5a33cc444149e18f1
This change allows us to bump the default cirros version
in devstack. Since cirros version 0.6.0 dhcpcd is the default
dhcp client. The older cirros images used udhcpc client (the only
available client at that time) which is also the default client
in Tempest.
This patch makes devstack configure dhcpcd client in tempest.conf
if cirros >= 0.6.0 is going to be used in scenario tests.
The commit also introduces a new SCENARIO_IMAGE_TYPE option.
It is now a trigger for cirros specific settings, later it might
be used for any other image's settings.
Closes-Bug: #2007973
Change-Id: I2738c3b1d302c6656ce2c209671ea954fbc1b05b
Glance antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/glance/+/872522
With the latest release of Glance have new defaults enable,
we should test the same by default in devstack. This change
make GLANCE_ENFORCE_SCOPE flag to True by default so that every
job will run with Glance new defaults.
As old defaults are still supported (in deprecated way), we will keep
GLANCE_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/883701
Change-Id: Idde6f3cb766597575ca822f21b4bb3a465e5e753
Nova antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/nova/+/866218
With the latest release of Nova have new defaults enable,
we should test the same by default in devstack. This change
make NOVA_ENFORCE_SCOPE flag to True by default so that every
job will run with Nova new defaults.
As old defaults are still supported (in deprecated way), we will keep
NOVA_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.
Change-Id: Id56819f03c19a5b7fe30adf799ecd3b8aeb67695
The neutron-debug command was deprecated and finally removed,
so tools/ping_neutron.sh can no longer rely on it to create
a probe namespace. Instead, just try and use any namespace
with the network ID in it, since it's either the DHCP (ML2/OVS)
or Metadata (OVN) namespace, which should work just as well.
As this code is rarely (never?) used, this best-effort attempt
is good enough.
Change-Id: I98c992a2a774ef1fb22cee2e90ee342ab2d537ac
Depends-on: https://review.opendev.org/c/openstack/neutron/+/883081
git_clone assumes a branch or a tag is passed as the last argument, and
it fails when a commit hash is passed, as in:
timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git
/opt/stack/ovn --branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0
Cloning into '/opt/stack/ovn'...
fatal: Remote branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0 not found
in upstream origin
Change-Id: Id1328d7cba418fa7c227ae9db4fe83c09fd06035
devstack-base is changed to descend from
openstack-multinode-fips which is defined in
project-config.
This allows jobs to execute the enable_fips playbook
to enable FIPS mode on the node, but only if they
opt-in by setting enable_fips to True. Otherwise,
this is a no-op.
Change-Id: I5631281662dbd18056ffba291290ed0978ab937e
Irrespective of build_modules is True
or False reload ovs modules always.
If ovs is installed from package before(like
with multi-node-bridge role), then installing
ovs from source requires openvswitch kernel
module to be reloaded.
The issue was not seen before jammy as there
module was reloaded when build_modules was set
to True.
Closes-Bug: #2015364
Change-Id: I1785b49b2ef72ca1f817f504d5ea56021410c052
This change enables httpd in systemd so that it
starts after a reboot and updates how selinux is
disabled to use /etc/selinux/config in addtion
to setenforce.
Change-Id: I5ea8693c0b967937483bd921b1d9984ea14bc723
Creating multiattach volume is a non-admin operation but creating
multiattach volume type is an admin operation.
Previously cinder allowed creating multiattach volumes without a
volume type but that support is being removed with[1].
The change requires updating tempest tests[2] but some tempest
tests are non-admin, which require admin priviledges to create the
multiattach volume type.
Based on the last discussion with tempest team[3], the proposed
solution is to create a multiattach volume type in devstack,
if ENABLE_VOLUME_MULTIATTACH is True, and use it in tempest
tests. Similar to how admins create multiattach volume types
for non-admin users.
This patch creates a multiattach volume type if
ENABLE_VOLUME_MULTIATTACH is True. Also we set the multiattach
type name as a tempest config option 'volume_type_multiattach'.
[1] https://review.opendev.org/c/openstack/cinder/+/874865
[2] https://review.opendev.org/c/openstack/tempest/+/875372
[3] https://meetings.opendev.org/irclogs/%23openstack-cinder/%23openstack-cinder.2023-03-13.log.html#t2023-03-13T18:47:56
Change-Id: Icd3690565bf7b27898cd206641e612da3993703d
This patch includes changes required to run devstack on RHEL 9.
- en_US.utf8 is provided by glibc-langpack-en
- iptables command is provided by iptables-nft
- Use /etc/os-release to identify the distro in RHEL 9 as it doesn't
provide lsb_release command.
- CRB repository name is different from CentOS 9
Change-Id: I8f6d9263b24f9c2cf82e09258e2d14d7766ad337
stop_dstat() calls stop_process() for dstat, memory_tracker and
file_tracker respectively. Inside stop_process(), a check for the
existence of the service is performed by is_service_enabled().
So even if we apply this seemingly dangerous commit,
is_service_enabled() is respected, so it's safe.
Closes-Bug: #1998990
Change-Id: Ica58cdb1d60c4c796f582d82ed2cde0be94b1a7e
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
These are a few tweaks I applied to my own memory-constrained cloud
instances that seemed to help. I have lower performance requirements
so this may make things worse and not better, but it's worth seeing
what the impact is. I'll admit to not knowing the full impact of these
as they're mostly collected from various tutorials on lowering memory
usage.
Enable this for now on devstack-multinode
Change-Id: I7b223391d3de01e3e81b02076debd01d9d2f097c
We haven't been testing the distro for a while in CI, e.g. in
Tempest, the jobs on opensuse15 haven't been executed for a year
now.
Therefore the patch removes opensuse support from devstack.
Closes-Bug: #2002900
Change-Id: I0f5e4c644e2d14d1b8bb5bc0096d1469febe5fcc
Some rockylinux deployments have the curl-minimal package installed by
default (the latest GenericCloud image still has the curl package), it
triggers an error when devstack wants to install the curl package.
Fix this issue by swaping curl-minimal with curl before installing base
packages.
Change-Id: I969e8dc22e7d11c9917a843d9245f33a04fe197d
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: I2c26063896ab2679cffd01227a40a3283caa3b17
Devstack set the env var TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE
which are used to use the constraints during Tempest virtual env installation.
Those env var are set to non-master constraint when we need to use non-master
constraints but when we need to use the master constraints we do not set/reset
them point to master constraints. This create the issue when running the grenade
job where we run Tempest on the old devstack as well as in the new devstack.
When tempest is installed on old devstack then old tempest is used and it sets
these env var to stable/<branch> constraints (this is the case when old devstack
(the stable branch is in EM phase) uses the old tempest not the master tempest),
all good till now. But the problem comes when in the same grenade script run
upgrade-tempest install the master tempest (when new devstack branches are in
the 'supported' phase and use the master tempest means) and are supposed to use
the master constraints. But the TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE env
var set by old tempest is used by the tempest and due to a mismatch in constraints
it fails.
This happened when we tried to pin the stable/wallaby with Tempest 29.0.0
- https://review.opendev.org/c/openstack/devstack/+/871782
and table/xena grenade job failed (stable/xena use master tempest and supposed
to use master constraints)
- https://zuul.opendev.org/t/openstack/build/fb7b2a8b562c42bab4c741819f5e9732/log/controller/logs/grenade.sh_log.txt#16641
We should set/reset those constraint env var to master constraints if configuration
tell devstack to use the master constraints.
[1] https://github.com/openstack/devstack/blob/71c3c40c269a50303247855319d1d3a5d30f6773/lib/tempest#L124
Closes-Bug: #2003993
Change-Id: I5e938139b47f443a4c358415d0d4dcf6549cd085
pkill already takes care that it does not kill itself, however the
same problem may happen with 'sudo pkill -f' killing sudo. Use one
of the usual regex tricks to avoid that.
Change-Id: Ic6a94f516cbc509a2d77699494aa7bcaecf96ebc
Closes-Bug: #1999395
Cirros has made a fresh release, let us use it. Switch the download URLs
to https and drop an old example that no longer is available.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/871271
Change-Id: I1d391b871fc9bfa825db30db9434922226b94d8a
The python-neutronclient CLI code is going to be removed from this
repository.
Change-Id: I39b3a43a7742481ec6d9501d5459bf0837ba0122
Related-Bug: #2003861
Just like we remove db files let's also remove
socket files when initializing ovn. Those will
reappear once service fully restarts along with
db files. Without it we see random issue as
described in the below bug.
Closes-Bug: #2002629
Change-Id: I726a9cac9c805d017273aa79e844724f0d00cdf0
In this release cycle, a few services are enabling the
enforce scope and new defaults by default. Example Nova:
- https://review.opendev.org/c/openstack/nova/+/866218)
Until the new defaults enalbing by default is not released we
should keep testing the old defaults in existing jobs and we can
add new jobs testing new defautls. To do that we can provide the
way in devstack to keep scope/new defaults disable by default which
can be enabled by setting enforce_scope variable to true.
Once any service release the new defaults enabled by default then
we can switch the bhavior, enable the scope/new defaults by default
and a single job can disbale them to keep testing the old defaults
until service does not remove those.
Change-Id: I5c2ec3e1667172a75e06458f16cf3d57947b2c53
Module lib/neutron was introduced long time ago as new module to deploy
neutron. It was intended to replace old lib/neutron-legacy module. But
since very long time it wasn't really finished and used by anyone and
lib/neutron-legacy is defacto standard module used by everyone to deploy
neutron with devstack.
In [1] unfinished lib/neutron was deprecated and now it's time to remove
it from the devstack code.
This patch also renames old "lib/neutron-legacy" module to be
"lib/neutron" now.
Previously "old" lib/neutron-legacy module was accepting neutron
services names wit "q-" prefix and "new" lib/neutron module was accepting
services with "neutron-" prefix. Now, as there is only one module it
accepts both prefixes.
For historical reasons and to be consistent with old lib/neutron-legacy
which was widely used everywhere, services will be named with "q-"
prefix but both prefixes will be accepted to enable or disable services.
This patch also moves _configure_neutron_service function to be called
at the end of the "configure_neutron" after all agents and service
plugins are already configured.
[1] https://review.opendev.org/c/openstack/devstack/+/823653
Related-bug: #1996748
Change-Id: Ibf1c8b2ee6b6618f77cd8486e9c687993d7cb4a0
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.
----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------
We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.
This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/867066
Related-Bug: #1999183
[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.
Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
In the past firewall_driver setting was configured for ML2 plugin
because it was used in the
neutron.agent.securitygroups_rpc.is_firewall_enabled() function but
currently it's not needed anymore as there is other config option
"enable_security_group" for that.
Related-bug: #1996748
Change-Id: I9b09c6afb3f1f1c33d1bdfea52ba6f4c0d0cf2dc
openEuler 20.03 LTS SP2 support was removed from devstack in last
few months due to its python version is too old and the CI job
always fail. And openEuler 20.03 LTS SP2 was out of maintainer in May
2022 by openEuler community.
The newest LTS version was released in March 2022 called 22.03 LTS.
This release will be maintained for at least 2 years. And the python
version is 3.9 which works well for devstack.
This Patch add the openEuler distro support back. And add the related
CI job to make sure its works well.
Change-Id: I99c99d08b4a44d3dc644bd2e56b5ae7f7ee44210
The option was already deprecated in os-vif 2.2.0[1]. The override is
no longer required since bug 1929446 was already resolved.
[1] https://review.opendev.org/c/openstack/os-vif/+/744816
Related-Bug: #1929446
Change-Id: I5bc55723a178b32d947da2ac91d2f62aa8124990
Nova is ready with the scope and new defaults as per the new
RBAC design. Adding devstack flag to enable the scope checks
and new defaults enforcement in nova side.
Change-Id: I305ea626a4b622c5534d523f4b619832f9d35f8d
The dbcounter install on Debian Bullseye is broken in a really fun way.
The problem is that we end up mixing pypi openssl and distro
cryptography under pip and those two versions of libraries are not
compatible.
The reason this happens is that debian's pip package debundles the pip
deps. This splits them out into /usr/share/python-wheels and it will
prefer distro versions of libraries over pypi installed versions of
libraries. But if a pypi version is installed and a distro version is
not then the pypi version is used. If the pypi version of library A does
not work with distro version of library B then debundled pip breaks.
This has happened with crypytography and pyOpenSSL.
This happens because urllib3 (a debundled pip dep) appears to use
pyopenssl conditionally. Novnc depends on python3-cryptography, and
openstack depends on cryptogrpahy from pypi ensuring we get both a
distro and a pypi version installed. However, pyOpenSSL is only pulled
in from pypi via openstack deps. This leaves debundled urllib3
attempting to use pypi pyOpenSSL with distro cryptography and that combo
isn't valid due to an interface change.
To fix this we install python3-openssl ensuring that debundled pip will
use distro pyOpenSSL with distro cryptography making everything happy
again. But we only do this when we install novnc as novnc is what pulls
in distro cryptography in the first place. We can't simply install
python3-openssl on all debuntu platforms because this breaks Ubuntu
Focal in the other direction. On Ubuntu focal distro pip uses distro
pyOpenSSL when no pypi pyOpenSSl is installed (prior to keystone
install) and is not compatible with pypi cryptography.
Honestly, this whole intersection between distro and pypi installs of
cryptography and pyOpenSSL could probably be made cleaner. One option
would be for us to always install the constraints version of both
packages from pypi and the distro pacakges very early in the devstack
run. But that seems far more complicated so I'm not attempting that
here.
Change-Id: I0fc6a8e66e365ac49c6c7ceb4c71c68714b9f541
Adding a second exception for single-core-review in Devstack
repository - changes which do not affect core functionality, like
f.e. job cleanups, can be reviewed by a single core.
Change-Id: Idb6cefa510fdbfed41379eb410f4884852d1177f
It seems that setting "sysctl kernel.dmesg_restrict" was changed
in Ubuntu 22.04 (Jammy) to "1" and because of that running "dmesg"
command requires now root privileges.
Closes-bug: #1994023
Change-Id: I2adc76e3025fadf994bab2e2e1fd608e688874fc
If stack.sh is run on a system that already has OVN packages
installed, it could fail to find its DB sockets. This is because
the 'ln -s' will place the symlink inside of /var/run/ovn
instead of using a single directory as intended.
Change the code in neutron_plugins/ovn_agent to not make the
symlink and instead use separate directories for OVS and OVN.
Closes-bug: #1980421
Change-Id: Ic28a93bdc3dfe4a6159234baeabd0064db452b07
Some services fail when using special characters in passwords, add some
warnings to our docs.
Closes-Bug: 1744985
Change-Id: I601149e2e7362507b38f01719f7197385a27e0a8
This commit fixes the tox command option to run the smoke tests. The
original arguments fail with the error[1], and `-efull` and
`tempest.scenario.test_network_basic_ops` are not for the smoke tests.
[1]
$ tox -efull tempest.scenario.test_network_basic_ops
...
tempest run: error: unrecognized arguments: tempest.scenario.test_network_basic_ops
Change-Id: I9c3dd9fb4f64bf856c5cab88a2aeaae355c84a65
The issue that Horizon had with python3.10 has been fixed some time ago,
so we can stop disabling it for those jobs.
Also stop including roles from devstack-gate which we no longer need.
Change-Id: Ia5d0b31561adc5051acd96fcaab183e60c3c2f99
Because adding the role is idempotent, we can save doing the initial
check for role assignment. Also simplify the output matching by using
osc's filters where appropriate.
Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: If2a661cc565a43a7821b8f0a10edd97de08eb911
Similar to other functions, this uses "--or-show" to avoid double
calls.
Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: I548f9acd812687838e04b705f86f3b70d2b10caf
This patch adds NVMe LVM support to the existing iSCSI LVM configuration
support.
We deprecate the CINDER_ISCSI_HELPER configuration option since we are
no longer limited to iSCSI, and replace it with the CINDER_TARGET_HELPER
option.
The patch also adds another 3 target configuration options:
- CINDER_TARGET_PROTOCOL
- CINDER_TARGET_PREFIX
- CINDER_TARGET_PORT
These options will have different defaults based on the selected target
helper. For tgtadm and lioadm they'll be iSCSI,
iqn.2010-10.org.openstack:, and 3260 respectively, and for nvmet they'll
be nvmet_rdma, nvme-subsystem-1, and 4420.
Besides nvmet_rdma the CINDER_TARGET_PROTOCOL option can also be set to
nvmet_tcp, and nvmet_fc.
For the RDMA transport protocol devstack will be using Soft-RoCE and
creating a device on top of the network interface.
LVM NVMe-TCP support is added in the dependency mentioned in the footer
and LVM NVMe-FC will be added in later patches (need os-brick and cinder
patches) but the code here should still be valid.
Change-Id: I6578cdc27489b34916cdeb72ba3fdf06ea9d4ad8
This patch changes user who runs ovsdb-server and ovn-nortd services
to root.
It also adds installation of the libssl dev package before compilation
of the openvswitch if TLS service is enabled.
Co-Authored-By: Fernando Royo <froyo@redhat.com>
Closes-Bug: #1987832
Change-Id: I83fc9250ae5b7c1686938a0dd25d66b40fc6c6aa
In case of online mode, there is a procedure to recreate tempest venv.
For consistency of tempest venv during the entire stack.sh process,
add logic to consider the TEMPEST_VENV_UPPER_CONSTRAINTS option here.
Closes-bug: #1980483
Signed-off-by: June Yi <june.yi@samsung.com>
Change-Id: I0cea282152fd363af8671cab1b5f733ebe2bd4df
neutron-ns-metadata-proxy was dropped from Neutron 5 years ago, no need
to keep trying to kill it.
Change-Id: I20b6d68dd8dde36057a2418bca0841bdea377b07
When barbican is enabled, add the "creator" role to cinder's service
user so that cinder can create secrets. Cinder needs to create
barbican secrets when migrating encryption keys from the legacy
ConfKeyManager to barbican. Cinder also needs to create barbican
secrets in order to support transferring encrypted volumes.
Implements: bp/transfer-encrypted-volume
Depends-On: I216f78e8a300ab3f79bbcbb38110adf2bbec2196
Change-Id: Ia3f414c4b9b0829f60841a6dd63c97a893fdde4d
In I90316208d1af42c1659d3bee386f95e38aaf2c56 support for nova-network
was removed, but some bits remained, fix this up.
Change-Id: Iba7e1785fd0bdf0a6e94e5e03438fc7634621e49
Openstack client can return the id field for create/show commands using
`-f value -c id`. Cleaned up the use of grep 'id' with get_field
Change-Id: I2f4338f30c11e5139cda51c92524782b86f0aacc
Right now we don't officialy support LinuxMint as our
documentation says [1], it seems LinuxMint is a relict
and got forgotten over time.
This patch removes LinuxMint from the code in order not to
confuse users.
[1] https://docs.openstack.org/devstack/latest/
Closes-Bug: #1983427
Change-Id: Ie1ced25f89389494b28a7b2e9bb1c4273e002dd5
Attempting to set a value containing the ampersand
character (&) by iniset would corrupt the value.
So, add an escaping process.
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Closes-Bug: #1983816
Change-Id: Ie2633bacd2d761d110e6cb12f95382325c329415
Writing NOPASSWD directive into /etc/sudoers was throwing
permission denied errors. This commit writes the directive
to the /etc/sudoers.d/stack file instead.
Closes-Bug: #1981541
Change-Id: If30f01aa5f3a33dda79ff4a6892116511c8e1542
Recently the experimental mechanism has been added to Neutron and now
it requires the [experimental] linuxbridge option when the linuxbridge
mechanism driver is used.
Depends-on: https://review.opendev.org/c/openstack/neutron/+/845181
Change-Id: Ice82a391cda9eb0193f23e6794be7ab3df12c40b
We see some cases where OVN startup takes much longer than 5 seconds, up
to 28 seconds have been observed, so increase the limit to 40 to be on
the safe side.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1980421
Change-Id: I6da4a537e6a8d527ff71a821f07164fc7d342882
Because of the missing "$" before ENFORCE_SCOPE in the lib/neutron
module, it was treated as an ENFORCE_SCOPE string instead of variable
and Neutron was deployed always with old defaults and disabled scope
enforcement.
Change-Id: Ibe67fea634c5f7abb521c0369ff30dd5db84db8c
Some of the API services are not properly mounted under /$service/
in the apache proxy. This patch tries to avoid recording data
for "services" like "v2.0" (in the case of neutron) by only adding
names if they're all letters. A single warning is emitted for any
services excluded by this check.
For the moment this will mean we don't collect data for those services,
but when their devstack API config is fixed, they'll start to show
up.
Change-Id: I41cc300e89a4f97a008a8ba97c91f0980f9b9c3f
Currently Devstack uses short hostname for configuration of OVN.
This leads to inability to start instances (failing port binding)
on hosts with full hostnames (including dots). Open vSwitch expects
hostname in external_ids that corresponds to one returned by
``hostname`` command.
Closes-Bug: #1943631
Change-Id: I15b71a49c482be0c8f15ad834e29ea1b33307c86
Due to the below bug the job has been constantly failing.
Let's make it n-v until the bug is resolved:
- https://bugs.launchpad.net/neutron/+bug/1979047
Change-Id: Ifc8cc96843a8eac5c98cd1e1f9e4b6287a7f2e7c
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.
The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.
The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory. As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB. If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.
This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.
Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
We are seeing failures when using an updated setuptools version
installed together with distro pip on Ubuntu 22.04. Install the version
from u-c only when we are also installing pip from upstream.
Change-Id: Ibb6e9424e5794ccbf9a937d2eecfa3bf60ed312e
Currently, neutron tunnel endpoints must be IPv4 addresses,
i.e. $HOST_IP, although IPv6 endpoints are supported by most
drivers.
Create a TUNNEL_IP_VERSION variable to choose which host IP
to use, either HOST_IP or HOST_IPV6, and configure it in the
OVS and Linuxbridge agent driver files. The default is still
IPv4, but it can be over-ridden by specifying TUNNEL_ENDPOINT_IP
accordingly.
This behaves similar to the SERVICE_IP_VERSION option, which
can either be set to 4 or 6, but not 4+6 - the tunnel overhead
should be consistent on all systems in order not to have MTU
issues.
Must set the ML2 overlay_ip_version config option to match
else agent tunnel sync RPC will not work.
Must set the OVN external_ids:ovn-encap-ip config option to
the correct address.
Updated 'devstack-ipv6-only' job definition and verification role
that will set all services and tunnels to use IPv6 addresses.
Closes-bug: #1619476
Change-Id: I6034278dfc17b55d7863bc4db541bbdaa983a686
When cephadm is used, if ENABLE_CEPH_C_BAK is True both pool and
key are created by devstack-plugin-ceph. This piece of code can
still stay here to make sure the cinder config is properly built.
Change-Id: I799521f008123b8e42b2021c1c11d374b834bec3
Some of the hardest-to-debug issues are qemu crashes deep in a nova
workflow that can't be reproduced locally. This adds a post task to
the playbook so that we capture the most recent qemu core dump, if
there is one.
Change-Id: I48a2ea883325ca920b7e7909edad53a9832fb319
Swift removed sha1 from supported digests with [1] and
that broked ironic tinyipa job. Temorary add sha1 to
allowed_digests until it's fixed in ironic.
[1] https://review.opendev.org/c/openstack/swift/+/525771
Story: 2010068
Task: 45539
Change-Id: I68dfc472ce901058b6a7d691c98ed1641d431e54
Grenade jobs stop services, check fip connectivity
for a nova server and then upgrade to next release.
But since ovn data plane and db services are stopped along
with other services, fip connectivity fails as a result.
We shouldn't stop these services along with other
neutron services. This patch adds a new variable
"SKIP_STOP_OVN" which can be used by grenade jobs
to skip stop of ovn services.
This will also fix the ovn grenade jobs.
Also source fixup_stuff.sh so function fixup_ovn_centos
is available. It's already sourced in stack.sh but
that's not used in grenade run.
Change-Id: I94818a19f19973779cb2e11753d2881d54dfa3bc
Packages for OVN are now available in bullseye, so we can drop the
special handling.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5e5c78aa19c5208c207ddcf14e208bae8fbc3c55
RHEL based distros set homedir permissions to 700,
and Ubuntu 21.04+ to 750[1], i.e missing executable
permission for group or others, this results into failures
as defined in the below bug.
Since in doc we add useradd command, it's good to
add instructions to fix the permissions there itself
instead of getting failures during installation and then
fixing it.
Also update user create script to fix permissions
by adding executable bit to DEST directory if missing.
[1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533
Closes-Bug: #1966858
Change-Id: Id2787886433281238eb95ee11a75eddeef514293
This can happen if devstack fails to run, but we still run the post
tasks. Also could happen if some sort of hybrid job configuration
does not run all of devstack but we still end up running post jobs.
Just warn to stderr and assume no DB info.
Change-Id: I211a331ab668dbb0ad7882908cca4363f865d924
The previous change, I237f5663b0f8b060f6df130de04e17e2b1695f8a, removed
a SETUPTOOLS flag, but not the comment explaining why that flag was
previously set. Clean up that comment.
Change-Id: I32b0240fd56310d7f10596aaa8ef432679bfd66a
There are two problems with dbcounter installation on Jammy. The first
is straightforward. We have to use `py_modules` instead of `modules` to
specify the source file. I don't know how this works on other distros
but the docs [0] seem to clearly indicate py_modules does this.
The second issue is quite an issue and requires story time. When
pip/setuptools insteall editable installs (as is done for many of the
openstack projects) it creates an easy-install.pth file that tells the
python interpreter to add the source dirs of those repos to the python
path. Normally these paths are appended to your sys.path. Pip's isolated
build env relies on the assumption that these paths are appeneded to the
path when it santizes sys.path to create the isolated environemnt.
However, when SETUPTOOLS_SYS_PATH_TECHNIQUE is set to rewrite the paths
are not appended and are inserted in the middle. This breaks pip's
isolated build env which broke dbcounter installations. We fix this by
not setting SETUPTOOLS_SYS_PATH_TECHNIQUE to rewrite. Upstream indicates
the reason we set this half a decade ago has since been fixed properly.
The reason Jammy and nothing else breaks is that python3.10 is the first
python version to use pip's isolated build envs by default.
I've locally fiddled with a patch to pip [1] to try and fix this
behavior even when rewrite is set. I don't plan to push this upstream
but it helps to illustrate where the problem lies. If someone else would
like to upstream this feel free.
Finally this change makes the jammy platform job voting again and adds
it to the gate to ensure we don't regress again.
[0] https://docs.python.org/3/distutils/sourcedist.html#specifying-the-files-to-distribute
[1] https://paste.opendev.org/show/bqVAuhgMtVtfYupZK5J6/
Change-Id: I237f5663b0f8b060f6df130de04e17e2b1695f8a
The job is broken since it is running with python3.7 and most services
now require at least python3.8.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie21f71acffabd78c79e2b141951ccf30a5c06445
We missed to add the jobs to the gate queue and so they have already
regressed before they were actually in place. Make them non-voting for
now until the issues are fixed.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5d1f83dfe23747096163076dcf80750585c0260e
Glance image import is asynchronous and may be configured to do image
conversion. If image import is being used, it's possible that the
tempest configuration code is executed before the import has
completed and there may be no active images yet. In that case,
we will poll glance every TEMPEST_GLANCE_IMPORT_POLL_INTERVAL seconds
(default: 1) to see if there are TEMPEST_GLANCE_IMAGE_COUNT active
images (default: 1) up to TEMPEST_GLANCE_IMPORT_POLL_LIMIT times
(default: 12).
You can see an example of the issue this patch addresses in real
life:
https://review.opendev.org/c/openstack/glance/+/841278/1#message-456096e48b28e5b866deb8bf53e9258ee08219a0
Change-Id: Ie99f12691d9062611a8930accfa14d9540970cc5
Without it segment plugin fails to connect with
placement api. Configure the placement section
if service is deployed.
Closes-Bug: #1973783
Change-Id: Ie7f37770a04f622735cf2263c601257669ab5064
Two runs of the same job on the same patch can yield quite different
numbers for API calls if we just count the raw calls. Many of these
are tempest polling for resources, which on a slow worker can require
many more calls than a fast one.
Tempest seems to not change its User-Agent string, but the client
libraries do. So, if we ignore the regular "python-urllib" agent
calls, we get a much more stable count of service-to-service API
calls in the performance report.
Note that we were also logging in a different (less-rich) format for
the tls-proxy.log file, which hampers our ability to parse that
data in the same format. This switches it to "combined" which is used
by the access.log and contains more useful information, like the
user-agent, among other things.
Change-Id: I8889c2e53f85c41150e1245dcbe2a79bac702aad
The mysql performance_schema method for counting per-database queries
is very heavyweight in that it requires full logging (in a table) of
every query. We do hundreds of thousands in the course of a tempest
run, which ends up creating its own performance problem.
This changes the approach we take, which is to bundle a very tiny
sqlalchemy plugin module which counts just what we care about in
a special database.
It is more complex than just enabling the features in mysql, but it
is a massively smaller runtime overhead. It also provides us the
opportunity to easily zero the counters just before a tempest run.
Change-Id: I361bc30bb970cdaf18b966951f217862d302f0b9
The new Ubuntu LTS release has been made last week, start running
devstack on it as a platform job.
Horizon has issues with py310, so gets disabled for now.
Run variants with OVS and OVN(default).
Co-Authored-By: yatinkarel <ykarel@redhat.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I47696273d6b009f754335b44ef3356b4f5115cd8
When OVN is setup from distro packages, the
main service is ovn-central which when restarted,
restarts ovn-northd, ovn nb and db services.
And during the restart ovn dbs(ovnnb_db.db and ovnsb_db.db)
are created, which may sometime takes time as seen with
ubuntu jammy tests[1].
We already checking for socket's file to be available,
let's also check for db files as without it ovn-*ctl
operations succeed but changes are not persisted until
db files are available and changes are lost with the restart.
[1] https://review.opendev.org/c/openstack/devstack/+/839389
Change-Id: I178da7af8cba8bcc8a67174e439df7c0f2c7d4d5
Would be helpful in troubleshooting services
which either fails to start or takes time to
start.
Related-Bug: #1970679
Change-Id: Iba2fce5f8b1cd00708f092e6eb5a1fbd96e97da0
In order to run on systems where not all requirements are present,
we should be tolerant of missing external dependencies, such as
psutil and pymysql. Print a warning (to stderr) and just leave out
those stats in that case.
Also make running the stats collector use ignore_errors:yes to avoid
failures in the future. I think the stats is not critical enough to
fail a job for bugs like this.
Related-Bug: #1970195
Change-Id: I132b0e1f5033c4f109a8b8cc776c0877574c4a49
In some cases the value is [not set], in this case
the conversion to integer does not work.
Closes-Bug: #1970431
Change-Id: I74df7d8bc9f5cbe0709a6471cf7639caea0b58e8
A long time ago, Ironic's IPv6 only job started to fail working with
errors indicated the host was unreacable. Turns out, this was because
the $ext_gw_interface was not being set to up, and thus could
be found in a Down state, and thus the kernel would not accept routes
for it.
Adds an explicit step to turn up the public bridge, much as done in
the IPv4 router plugin code which would also be executed in 4+6.
That being said, Ironic's CI jobs are very intentionally IPv6 only
to ensure that we have no chances of v4 addressing getting used
at any point in time.
This should allow Ironic to return it's IPv6 only CI job back
to the normal check queue, once a ironic plugin issue has been
resolved which was introduced while it was removed.
Change-Id: I121ec8a2e9640b21a7126f2eeb23da36b4aa95bf
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.
Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
I941ef5ea90970a0901236afe81c551aaf24ac1d8 added a sed command that
should match and delete path values but used '/' as sed separator. This
leads to error in unstack.sh runs when the path also contains '/':
+./unstack.sh:main:188 sudo sed -i '/directory=/opt/stack/ d' /etc/gitconfig
sed: -e expression #1, char 13: unknown command: `o'
So this patch replace '/' separator with '+'.
Change-Id: I06811c0d9ee7ecddf84ef1c6dd6cff5129dbf4b1
This change adds mod_ssl to the default set of rpms installed
on rpm based distros.
this is required if the tls-proxy service is enabled
for multi node centos based jobs.
Change-Id: I52652de88352094c824da68e5baf7db4c17cb027
the value of LOGDAYS in samples/local.conf is 2, so change the
value in the comment and the sample value in the document to
be consistent with it.
Change-Id: I5822bbf1d6ad347c67c886be1e3325113d079114
This makes us gather a bunch of consistent statistics after we run
tempest that can be use to measure the impact of a given change. These
are stable metrics such as "number of DB queries made" and "how much
memory is each service using after a tempest run."
Note that this will always run after devstack to generate the JSON
file, but there are two things that control its completeness:
- MYSQL_GATHER_PERFORMANCE must be enabled to get per-db stats
- Unless tls-proxy is enabled, we will only get API stats for keystone
Change-Id: Ie3b1504256dc1c9c6b59634e86fa98494bcb07b1
We are using the latest OVS, however, OVN needs to build using the
OVS submodule since some of the signatures don't work[1].
[1]: https://github.com/ovn-org/ovn/issues/128
Change-Id: I3ad7e5e80f1141c3d94f7ce7c8b8f8fdb9fb7c3c
Without this, running DevStack on an `aarch64` environment will end
up in cpu_model set to "Nehalem" and cpu_mode set to "host-passthrough"
which does not work.
This patch drops that value under aarch64 environments.
Change-Id: I30be5a388dda5ccf08718670dbb14a28a4a8a8eb
This is necessary for more consistent behavior across multiple
distro versions. Apparently somewhere along the way, git started
looking at the current user's home directory instead of $HOME.
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
Change-Id: I941ef5ea90970a0901236afe81c551aaf24ac1d8
git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.
This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history. So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.
This plays havoc with our model. Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks. We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.
This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe. This is an
encroachment of the global system for sure, but is about the only
switch available at the moment. For discussion of other approaches,
see [2].
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636
Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
After ./unstack.sh trying to 'enable_plugin venus https://opendev.org/openstack/venus' gived following error:
+lib/neutron_plugins/ovn_agent:install_ovn:363 sudo ln -s /var/run/openvswitch /var/run/ovn
ln: failed to create symbolic link '/var/run/ovn/openvswitch': File exists
which led to:
+lib/neutron_plugins/ovn_agent:cleanup_ovn:801 sudo rm -f /var/run/ovn
rm: cannot remove '/var/run/ovn': Is a directory
Change-Id: I1cafdc0c71093ed7249bb9748b57d51110986686
osc is typicaly installed in /usr/local/bin
to avoid command not found errors when invoking osc
in devstack ensure that /usr/local/bin is included
in the PATH.
Change-Id: I605fbc4b131149bf5d1b6307b360fe365c680b1a
OpenEuler job fails 100% of the time. As discussed in QA meeting,
we agreed to move OpenEuler job to experimental pipeline.
- https://meetings.opendev.org/meetings/qa/2022/qa.2022-03-22-15.00.log.html#l-76
Once it is fixed, we can think of adding back to regular pipeline.
Change-Id: I831889a09fabe5bed5522d17e352ec8009eac321
devstack isn't a python project, these were introduced only for docs
building and made redundant with [0]. We can remove them now.
[0] Iedcc008b170821aa74acefc02ec6a243a0dc307c
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I90ca1c6918c016d10c579fbae49d13fff1ed59af
After patch [1] project_id in that module is no longer needed as to make
it working with new secure RBAC policies we had to hardcode "demo"
project to be used always.
This is small follow-up patch with cleaning after [1].
[1] https://review.opendev.org/c/openstack/devstack/+/826851/
Change-Id: Iddf9692817c91807fc3269547910e4f83585f07f
There are a couple of places that still use a hardcoded
127.0.0.1 value, even if devstack is run with
SERVICE_IP_VERSION=6 in local.conf. While things still
work, SERVICE_LOCAL_HOST should be used instead since
everything else could be using IPv6.
Change-Id: I2dd9247a4ac19f565d4d5ecb2e1490501fda8bca
Newer versions of openssl (CentOS9Stream for example) do not like using sha1.
Devstack will fail on these systems[1] with the following error:
801B93DCE77F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:333:
This patch updates the tls-proxy code in devstack to use sha256 instead of sha1 which allows devstack to complete when tls-proxy is enabled.
[1] https://zuul.opendev.org/t/openstack/build/1d90b22a39c74e24a8390861b3c5f957/log/job-output.txt#5535
Closes-Bug: #1962600
Change-Id: I71e1371affe32f070167037b0109a489d196bd31
If the ci images do not have any cached data
we should ignore any error when trying to copying it.
This is requried when using unmodified cloud images.
Change-Id: Ia6e94fc01343d0c292b1477905f8a96a6b43bcf8
This is a followup for change Ifdef3510bc7da3098a71739814e35dbaf612ae34
which added configuration of unified limits for nova. This removes an
unnecessary wrapper unsetting of OS_ env variables, unnecessary quoting
on an iniset config value, and a hardcoding of user domain. The glance
code from which the nova code was originally copied is also cleaned up.
Change-Id: I4921af5cc0f624dd5aa848533f7049ee816be593
Previously, Swift's backing disk were not be mounted after reboots,
causing swift-proxy-server service to fail with cryptic error
messages such as 'proxy-server: ERROR Insufficient Storage'. Now,
we use Dan Smith' create_disk function from functions to create
the backing disk for us and add it to /etc/fstab.
Change-Id: I9cbccc87bc94a55b58e9badf3fdb127d6f1cf599
The rsync debian package is required for swift service. This
requirement has been covered by rpms but not for deb packages.
Change-Id: Iefd1302be9c7fd80e037bbae3638602d6d823580
This change use uname -m to get the portable host arch and uses that
as a new default. on x86_64 hosts this should result in no visable change
in behavior however on a non x86 host it will cause devstack to attempt
to download a cirros image that matches the host.
Change-Id: I6d1495a23400ef4cf496302028324fa5794dd45f
This patch fixes several issues related to the installation with
OVN backend with the OVS/OVN compilation enabled.
The OVS/OVN local directories prefix, when both services are compiled,
is now "/usr/local".
The "ovn_agent._run_process" function is calling "ovs-appctl" to
configure the logging settings of several services. Instead of
using the service name, the ctl socket file is used instead. That
is more robust and does not fail in systems with previous
installations.
Closes-Bug: #1960514
Change-Id: I69de5333393957593db6e05495f0c3c758efefdf
Previously, loop devices for LVM volume groups backing files were not
created after reboots, causing e.g. Cinder to fail with messages such
as
ERROR cinder.service [-] Manager for service cinder-volume
devstack@lvmdriver-1 is reporting problems, not sending
heartbeat. Service will appear "down".
Now, we use systemd services to manage loop devices for backing files.
Change-Id: I27ec027834966e44aa9a99999358f5b4debc43e0
This change reverts the execute permissions from
stackrc which is not meant to be run as a script but sourced
as part of stack.sh
Change-Id: I9a05051e5a297cfaf78d097fa5f90a7c5fd254a6
Since pip v22, python3.6 is not supported (the minimum version is
python3.7). This patch adds the reference for the pip3.6 URL to be
used instead of the default one.
Closes-Bug: #1959600
Change-Id: Iab2c391d5388461fe9e9037cee81884ce8032e72
This enables the configuration of nova to use unified limits in
keystone and enforcement in oslo.limit.
Related to blueprint unified-limits-nova
Depends-On: https://review.opendev.org/c/openstack/nova/+/715271
Change-Id: Ifdef3510bc7da3098a71739814e35dbaf612ae34
This reverts commit be7b5bf671.
As related bug is fixed, lets enabled scope enforcement in Neutron
again.
Related-bug: #1959196
Change-Id: I72db7ef533e78a10734d105e6a0debef288e41a1
After patch [1] new RBAC policies changed in the way that SYSTEM_ADMIN
user isn't anymore allowed to e.g. create resources in behalf of some
projects. Now PROJECT_ADMIN needs to create such resources instead.
So this patch basically reverts most of the changes which were done
in [2] some time ago.
It also introduces new entry in the clouds.yaml file -
"devstack-admin-demo" which is "admin" user in the "demo" project as
it's needed to create some resouces in the demo project now.
Additionally, because of bug [3] this patch changes way how IPv6
external gateway IP is found using Neutron API. This change may be
reverted in the future when bug [3] will be fixed.
[1] https://review.opendev.org/c/openstack/neutron/+/821208
[2] https://review.opendev.org/c/openstack/devstack/+/797450
[3] https://bugs.launchpad.net/neutron/+bug/1959332
Depends-On: https://review.opendev.org/c/openstack/neutron/+/826828
Closes-Bug: #1959196
Change-Id: I32a6e8b9b59269a8699644b563657363425f7174
After patch [1] was merged in Neutron, enforcing scopes there
is broken.
So lets disable it temporary to unblock Devstack's gate for now.
[1] https://review.opendev.org/c/openstack/neutron/+/821208
Related-Bug: #1959196
Change-Id: I24da6f3897a638749d16f738329a873a5f9a291d
This reverts commit 26bd94b45e.
Reason for revert: Devstack keystone creation/setup are moved to
scope tokens, so we can reintroduce the scope check enable.
Change-Id: I6e1c261196dbcaf632748fb6f04e0867648b76c7
This is needed so we can set keystone into enforcing secure RBAC.
This also adjusts lib/glance, which already partially used
devstack-system-admin.
Change-Id: I6df8ad23a3077a8420340167a748ae23ad094962
Running get-pip.py fails on Ubuntu when running twice, e.g. after a
unstack/stack cycle. Just use distro pip instead.
Closes-Bug: #1957048
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I87a8d53ed8860dd017a6c826dee6b6f4baef3c96
The default Neutron configuration is now using OVN, but the multinode
lab was using an incompatible configuration:
The q-agt/neutron-agt service must be disabled with OVN.
Change-Id: I518a739a3daac941880463cde6b47951331d0911
Recent iputils release in CentOS 8-stream causing
ping failures with non root user. This needs a fix
in systemd package as mentioned in the Related Bugs,
until it's fixed and is in 8-stream mirrors let's
workaround it by setting net.ipv4.ping_group_range
setting manually.
Related-Bug: #1957941
Related-Bug: rhbz#2037807
Change-Id: I0d8dac910647968b625020c2a94e626ba5255058
This patch allows to skip the installation
of the database backend packages (MySQL or Postgres)
with the introduction of the INSTALL_DATABASE_SERVER_PACKAGES
variable (defaulted to True).
This is useful in such environments that do not require
to install the MySQL/Postgres server packages directly but using
a container serving that purpose, for those cases all the
remaining steps should be executed just skipping the
packages install.
Change-Id: I26628a31fdda3ce95ed04a2b7ae7b132c288581f
We always need the master branch of requirements in order to be able to
install tempest with it, so override GIT_DEPTH when cloning that repo.
Closes-Bug: 1956616
Change-Id: Id0b409bfadd73f2c30314724178d6e199121050b
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
For some reason, setting the CHAPAlgorithms as in c3b705138
breaks OpenEuler. Making this conditional so that tests continue
to pass.
Change-Id: Iaa740ecfbb9173dd97e90485bad88225caedb523
There was no space after the --project option in the command that
creates the public subnet, thus if any option follows, the option itself
will be parsed as part of the value passed to the --project option. This
change just adds the missing space.
Change-Id: I1e7375578342a82717222e902fcd65a4a62e33a7
When deploying devstack in a stable branch, the master branch is
available locally only in a CI environment where Zuul prepares all
available branches. For a non-CI deployment we need to stick to using
the remote branch as was the case before [0].
While the situation on the master branch isn't really broken, we apply
the fix here anyway so that future stable branches are created in a
working state.
[0] I5d42ac6b54bf20804d7e5faa39d1289102318b64
Closes-Bug: #1956219
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib7719cb2d48b34db70f885e0afe77d904abba3b5
mysqladmin is incorrectly installed in Fedora 34 with mariadb. This
causes the failure of Zuul Fedora based jobs. The issue is a conflict
between mariadb and community mysql that is described in [1] and [2].
The workaround is to explicitly install package "mariadb"
Also configure an increased swap size like for the other platform jobs
in order to avoid OOM issues.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2026933
[2] https://lists.launchpad.net/maria-discuss/msg06179.html
Closes-Bug: #1956116
Change-Id: Icf6d7e1af5130689ea10b29d37cc9b188b2c9754
We still are seeing regular job failures because the pcp package fails
to install. Assume that we can still enable it on demand when someone
needs to debug specific job issues, let us just disable it by default.
Related-Bug: 1943184
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I32ef8038e21c818623db9389588b3c6d3f98dcad
When we need to read a DATABASE_PASSWORD from the user, make sure we
actually use it in our database URLs.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5ebf6b0280e82f2c87a63cbee7a9957c6bd26898
That function was accepting 3 positional arguments and first
of them was boolean value "build_modules" which isn't used anywhere in
that function.
So this patch cleans it a bit by removing that not used parameter.
Change-Id: I5c57b9116338a63b7bfb170c02e33bb4eae725da
openEuler is an open-source Linux based operating system. The current
openEuler kernel is based on Linux and supports multi arch, such as X86_64
and aarch64. It fully unleashes the potential of computing chips. As an
efficient, stable, and secure open-source OS built by global open-source
contributors, openEuler applies to database, big data, cloud computing,
and AI scenarios. openEuler is using RPM for package management.
Note:
Currently there is no available package for uwsgi-plugin-python3 and ovn, so that
openEuler needs manually install them from source.
Website: https://www.openeuler.org/en/
Change-Id: I169a0017998054604a63ac6c177d0f43f8a32ba6
Co-Authored-By: wangxiyuan <wangxiyuan1007@gmail.com>
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
This patch adds new config option NEUTRON_ENFORCE_NEW_DEFAULTS which
if set to True will deploy Neutron with enforce new rbac defaults and
scopes.
It will also use SYSTEM_ADMIN user to interact with Neutron where it is
needed.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/798821
Change-Id: I14d934f0deced34d74003b92824cad3c44ec4f5e
The default CHAP algorithm for iscsid is md5, which is disallowed
under fips. We will set the chap algorithm to "SHA3-256,SHA256",
which should work under all configurations.
Change-Id: Ide186fb53b3f9826ff602cb7fb797f245a15033a
Function _neutron_ovs_base_install_agent_packages always tried to
install openvswitch from packages and start it using systemd units.
That was failing when ovs was expected to be installed from source.
This patch fixes that.
Change-Id: Iae8625dd800d30061ea3dbed9eb0dfbe16f21572
Previously this would always happen for Nova and Cinder even if n-api
and c-api were not enabled on the host respectively.
This change stops this by placing both calls write_uwsgi_config behind
is_service_enabled checks.
Change-Id: I997685da771736dbad79bcfe4b00dbc63bd6d6b6
Additionally make the repo name lowercase to match the project name in
our zuul config so that jobs can check the repo out.
Change-Id: Ic2d9c4fa837461bbc29e067a81912b5f72efd3ca
This patch includes changes required to run devstack on CentOS Stream 9
which has been already published in official repos by CentOS team [1]:
- Add RDO deps repository for CS9.
- remove xinetd package from installation for swift. Note that
rsync-daemon is installed which should work fine.
- Replace genisoimage by xorriso in CS9.
- Use /etc/os-release to identify the distro in CS9 as it doesn't
provide lsb_release command.
- Use pip from rpm package instead of from get-pip.py as done in Fedora.
- Add non-voting job devstack-platform-centos-9-stream to the check
pipeline.
Change-Id: Ic67cddabd5069211dc0611994b8b8360bcd61bef
Jobs with OVN_BUILD_FROMS_SOURCE=True are broken
since [1] as ovn nortd not starting due to permission
issues. Fix it by not using sudo for creating OVN_DATADIR
when building from source.
[1] https://review.opendev.org/c/openstack/devstack/+/806858
Closes-Bug: #1952393
Change-Id: I00f0c8c8173b4d8270fbb3e6079d0d8b332e9de5
Before, we needed to unset a couple of parameters that would make the
client return a project-scoped token instead of a system-scoped token,
which we need when interacting with registered limits in keystone.
This commit removes those unsets since we no longer source those
variables by default. This commit also cleans up some of the redundant
parameters in the registered limit calls, like region.
Change-Id: I1af8a168a29e895d57504d41e30efea271ea232d
When initializing OVN, clean up the correct database directory when
using OVN from packages (/var/lib/ovn/ instead of /opt/stack/data/ovn/).
The /opt/stack/data/ovn location is used only when building OVN from
sources, so a fresh devstack deployment with OVN packages may already
have hundreds of existing routers and ports, creating ARP collisions.
Closes-Bug: #1942201
Change-Id: Ic90d4f2f9d8aaef825ea3325c0ad8fef2a1c5e39
The admin_endpoint parameter has been removed from keystone[1], and
setting the parameter is no longer effective.
[1] 192cde56e57a06750641b319da8a72cdcaa554d0
Change-Id: I6ae6a3122668551acc018972624e914fcbb79a22
This user already has the admin role assignment on a project, which
implies the member role, making explicit calls to add the member role
redundant.
Change-Id: I398c5e2f098aeeb896de83872085cbce529a778a
OS_CLOUD is used to communiate to CLI tools what cloud
credentials to utilize.
The change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
unfortunately set an explicit OS_CLOUD account which breaks
any jobs which are expecting a previosuly set OS_CLOUD which
may be different to work. For example, OS_CLOUD being set
as devstack-system-admin to facilitate Secure RBAC testing.
Change-Id: Iee900e552584dda622f57eea3508df48dff2e071
Previously those functions were defined in the neutron's devstack plugin
but with [1] we moved qos related code into devstack and we missed about
moving them too.
This is follow up patch to fix that issue.
[1] https://review.opendev.org/c/openstack/devstack/+/815686
Change-Id: Icf459a2f8c6ae3c3cb29b16ba0b92766af41af30
We can use the devstack-admin cloud configuration everywhere now
and don't need to set environment variables with cloud credentials
any longer.
Fix the swift setup, where some more options need to be explicitly
specified now and the default OS_CLOUD setting overridden.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
QoS service is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: I48f65d530db53fe2c94cad57a8072e1158d738b0
This commit formalizes some additional users to act as different project
users and updates clouds.yaml file so they're easy to use.
It creates:
- a reader on the demo project
- a reader on the alt_demo project
- a member on the alt_demo project
With the adoption of secure RBAC personas, these are useful for using
OpenStack APIs as that work continues.
Change-Id: I3237a771275311377313b7d7d80ac059ac69d031
IDENTITY_API_VERSION is hardcoded to 3 in most locations already, drop
the remaining occurrences, but keep the variable definition since some
plugins still depend on it. Drop ENABLE_IDENTITY_V2 which no longer
has any effect.
Amend variable list for bootstrap_keystone().
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I06f476d2105bc6ec2b511fc5effcfcc3973eaf97
Keystone has supported system-scope since Queens and we already make
sure we create a cloud profile for system-admin in
/etc/openstack/clouds.yaml.
This commit ensures keystone creates a couple of new users to model
system-member and system-reader personas. Doing this by default in
devstack makes it easier for people to use.
We've already taken a similar approach in tempest by setting up the
various system personas for tempest clients to use.
Change-Id: Iceb7c5f517db20072e121dc7538abaa888423c67
Since Bullseye like Centos 8 Stream needs more memory due to changed
default settings in newer qemu versions, set the swap size to 4G, which
is the same setting already being used for the CS8 jobs successfully.
Change-Id: I83ea34d6aa647d2ab9d4d78ed354904fce836e68
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
If ERROR_ON_CLONE is set to True which is case for
all the devstack based job, devstack does not clone the
repo instead raise error. From current error message, it
is difficult to know that ERROR_ON_CLONE is True until we
traceback the code or check devstack-base job set ERROR_ON_CLONE
to True.
Current error message is like:
-------
+ functions-common:git_clone:560 : echo
'The /opt/stack/oslo.limit project was not found; if this is a gate job, add'
The /opt/stack/oslo.limit project was not found; if this is a gate job, add
+ functions-common:git_clone:561 : echo 'the project to the
$PROJECTS variable in the job definition.'
the project to the $PROJECTS variable in the job definition.
+ functions-common:git_clone:562 : die 562 'Cloning not
allowed in this configuration'
--------
Adding ERROR_ON_CLONE info in error message will help to
know the reason of devstack not cloning the repo.
Change-Id: I9e9852f046fefb299b4ef4446323e9c86437212f
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: Ib86071881f16de1b69c0f9b1b19b6df8b7e66a07
CentOS/RHEL 9 are being compiled for the x86_64-v2 architecture which is
newer than the qemu default of qemu64. This means that for devstack to
boot these instances we need a newer CPU model. Nehalem is apparently
the oldest model that works for x86_64-v2 and is expected to work on
Intel and AMD cpus with kvm or qemu. Switch devstack to this model by
default.
Note that we cannot use host-passthrough or host-model because we want
to support live migration between devstack deployed nova-compute
instances and even within the CI instances that we get the host CPUs can
differ.
Also, we should run this change against as many clouds as possible to
ensure that the newer model works across all of our clouds. There is
some fear that the virtual CPUs presented to us in some clouds may not
be able to run these newer CPU models.
Change-Id: Ibd6e11b59f3c8655bc60ace7383a08458b2177f2
With the depending patch, the endpoint will still be created for
heat tests, so we can turn it off for everyone else.
Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/777343
Change-Id: I0dc7d6cedd07e942b9f23b26a785b386aff41fbc
The keystone admin endpoint technically isn't different any longer from
the other keystone endpoints in v3 of the API. However, some
applications like heat are still relying on it to exist.
So we make the creation of the admin endpoint during bootstrap optional
here, with the intention to change the default to False once all jobs
that still need this are modified to explicitly require it.
Change-Id: I7ab12141c558186e397c174c248a613d1810011b
Keystone no longer has any special functionality hidden behind the admin
site. KEYSTONE_AUTH_URI which used to point to the admin site has long
ago been changed to be a copy of KEYSTONE_SERVICE_URI, which points to
the public site.
Drop all KEYSTONE_AUTH_* variables except KEYSTONE_AUTH_URI which may
still be in use in some plugins.
This also allows to finally drop the fixup_keystone() function.
Change-Id: I549f3cadc27d137e014241cdd47e90267859c848
The use of this function has been deprecated for a long time[0]. With
PyYAML==6.0 the call is now failing, so replace it with the safe
version.
[0] https://msg.pyyaml.org/load
Signed-off-by: Jens Harbott <frickler@offenerstapel.de>
Change-Id: I7a170262b50a5c80a516095b872d52e1bea5479d
When using glance limits, the create_glance_accounts call needs access
to the devstack-system-admin cloud definition, so we need to create
the clouds.yaml file before that step.
Change-Id: Ie6d807c46b88b16b316aa166870a6a13f2bb346d
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
It may be that it is already compiled in the kernel so there is no
need to load kernel module in such case.
Change-Id: Ie1d32e3fd529e13958857cb3ced6710eebde1e4d
The official Ubuntu cloud images have some further python pkgs
preinstalled that conflict with our requirements. Allow to
overwrite them.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1871485
Change-Id: I793c250cae5e7b9bc835b7016d790d1f9ae8a7f3
continue is not used in a proper context here (outside of loop). Use
null cmd instead to simply fall through the pip installation.
Signed-off-by: Michal Berger <michallinuxstuff@gmail.com>
Change-Id: Iaea2e5c0177b475edf19d08d71933a74debbb5d9
The current initiator name embedded in our CI images is not unique at
present and can often cause failures during live migrations with
attached volumes. This change ensures the name is unique by running
iscsi-iname again and overwriting the existing name.
We could potentially do this during the image build process itself but
given that devstack systems are not supposed to be multi-purpose this
should be safe to do during the devstack run.
Closes-Bug: #1945983
Change-Id: I9ed26a17858df96c04be9ae52bf2e33e023869a5
Some adaption in database handling is all that is missing. Also add a
platform job that tests this.
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I6dd3e48444dd415d84df5e7f5c74540847cdd6db
oslo.limit isn't currently in the list of libraries that can be
installed from a git repo via LIBS_FROM_GIT.
This adds oslo.limit to enable integrated testing against unmerged
oslo.limit changes.
Change-Id: I26cc567fdf4c84014040ae586bbb029b8de7a236
I83d56c9363d481bb6d5921f5e1f9b024f136044b switched the default of
DEVSTACK_PARALLEL over to True so this dedicated job is no longer
required as *all* jobs should now be using it.
Change-Id: I0f475ab177c2cd49eeb6be861cdd11581e8e0b97
In devstack job, cinder is not a valid service name and logs error
in gate[1] so remove it.
2021-09-28 05:44:47.791807 | controller | + functions-common:service_check:1603 : for service in ${ENABLED_SERVICES//,/ }
2021-09-28 05:44:47.795506 | controller | + functions-common:service_check:1605 : sudo systemctl is-enabled devstack@cinder.service
2021-09-28 05:44:47.809647 | controller | Failed to get unit file state for devstack@cinder.service: No such file or directory
[1] https://e978bdcfc0235dcd9417-6560bc3b6382c1d289b358872777ca09.ssl.cf1.rackcdn.com/801989/7/check/tempest-integrated-storage/779d1e7/job-output.txt
Change-Id: I7ca105201d82b72c7e56778425d3bce7c76047db
Attempting to use LIBS_FROM_GIT="ALL" results in a failure
due to a typo in stackrc for os-resource-classes repo.
Cloning into '/opt/stack/os-resource-classes'...
fatal: protocol ':-https' is not supported
<snip>
[ERROR] /opt/stack/devstack/functions-common:629 git call failed: [git clone :-https://opendev.org/openstack/os-resource-classes.git /opt/stack/os-resource-classes --branch master]
Remove the extraneous '='.
Change-Id: I21f86324dc15fe808b38e366f7af18c96fd3890c
It was required to build MySQL-python bindings but, for some time,
we test and rely solely on PyMySQL which is pure Python and hence
does not require this dep.
This package is going away as distros move towards MariaDB.
Change-Id: I6004ccf28a23009a0fc07bfc9458b59a927b969a
Neutron L3 module in Devstack has way to conigure access to physical
network on the node. It can put physical interface to the physical
bridge or, in case when such physical device isn't set, it creates
NAT rule in iptables.
There was missing the same operation for ML2/OVN backend as L3 agent is
not used there at all.
This patch adds the same to be done in both L3 agent and ovn_agent
modules.
Closes-Bug: #1939627
Change-Id: I9e558d1d5d3edbce9e7a025ba3c11267f1579820
This change fixes the empty value set to the gid option in rsyncd.conf,
which was caused by reference to the invalid USER_GROUP variable, and
ensures the option is set to the group which STACK_USER belongs to.
This also fixes duplicate declaration of the local user_group variable.
Closes-Bug: #1940742
Change-Id: Ifd0a5ef0bc5f3647f43b169df1f7176393971853
This change enables [workarounds]libvirt_disable_apic when devstack is
deployed using the libvirt virt driver and qemu virt type in an effort
to avoid issues outlined in bug #1939108 caused by the older kernel
currently used in Cirros 0.5.2.
Depends-On: https://review.opendev.org/c/openstack/nova/+/766043
Closes-Bug: #1939108
Change-Id: Ibb6c34133bb1c95ef11cc59d9b12a0f65502c61b
... when installed from distribution.
This is mostly to fix Ironic's gate as their ecosystem is too
broad and complex to quickly remove libvirt-python from all
possible requirements.txt
More details inline.
See also: https://review.opendev.org/c/openstack/devstack/+/798514
aka f0bf2bdff1
Change-Id: Ic44daf15e952bbe3c424984ffb2474261e68008f
ironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa
job is voting on Ironic and neutron gate which mean it is
stable enough and make sense to make it voting on devstack gate too.
ironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa is alias
job of ironic-tempest-bios-ipmi-direct-tinyipa so using the original
job instead of alias
- https://opendev.org/openstack/ironic/src/branch/master/zuul.d/ironic-jobs.yaml#L784
Change-Id: I95c67ad69e6eae6a72d25a851a71b7de85e56fd2
swift-dsvm-functional job test swift under python3 and
voting on swift gate whihc means this is a stable job now,
let's make this voting to devstack gate too.
Removing swift-dsvm-functional-py3 job as it does not exist anymore
after- https://review.opendev.org/c/openstack/swift/+/731318
swift-dsvm-functional itself is py3 job now.
Change-Id: I58847f74306194eaad132680815101a134fb4022
The MDB backend is the default in Ubuntu and specifying
HDB in debconf doesn't change it to HDB.
Closes-Bug: #1939700
Change-Id: If98f7fc8395678365fb73f0c5cd926cef083e470
Tempest is failing randomly with different reasons
as mentioned in the bug, updating swap size those
issues are not seen.
Before [1] default swap size used to be 8GB but was dropped
to 1G so need to configure it in required job itself.
Did couple of tests in [2] and with 4GB+ swap jobs are
running green. On investigation found that with qemu-5
both Ubuntu and CentOS jobs have memory crunch, currently
Ubuntu jobs are not impacted as they are running with
qemu-4.
[1] https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/750941
[2] https://review.opendev.org/c/openstack/devstack/+/803144
Closes-Bug: #1938914
Change-Id: I57910b5fde5ddf2bd37d93e06c1aff77c6e231e9
keystone has system scope feature implemented since
queens release. Now Devstack also started moving towards the new RBAC.
This commit adds a new job 'devstack-enforce-scope' which enable the
scope checks on service side and see if devstack setting are fine or not.
This job will be expanded to enable the scope checks for the other service
also once they start supporting the system scope.
This will help us to test the scope check setting.
Change-Id: Ie9cd9c7e7cd8fdf8c8930e59ae9d297f86eb9a95
The uninstall here has been around since
Ibb4b42119dc2e51577c77bbbbffb110863e5324d. At the time, there might
have been conflicts between packaged and installed pip. We don't need
it today; get-pip.py keeps itself separate enough in /usr/local on all
platforms. Thus we can also remove the suse/centos special-casing.
python3-pip is in the RPM list so we don't need to
re-install for Fedora.
Add a note on why we are over-installing pip.
Remove some old setuptools workarounds that are commented out.
Change-Id: Ie3cb81a8ff71cf4b81e23831c380f83b0381de71
* update the support distro filter
* don't install xinetd which doesn't exist in F34 any more. I think
there is probably a bit more to do with swift ring-server but that
can be a problem for another time.
* remove old F31 workaround
Change-Id:If2f74f146a166b9721540aaf3f1f9fce3030525c
This uses the python3-pip package for Fedora but maintains the status
quo for existing distributions (i.e. for Suse we run get-pip.py but
don't uninstall, and for everything else we uninstall python3-pip and
run get-pip.py to be running the latest pip).
As noted inline, installing get-pip.py over Fedora 34's package no
longer works, and likely won't ever work again. Unlike the LTS
distributions, the Fedora pip should be more up-to-date, so I think
it's best we just avoid any package overwrites.
Change-Id: I84129aadfcf585bb150a3daa39616246d3d84bbd
Earlier glance remote worker was using same cache directory used by
glance worker. Ideally both should use their own cache directory.
This patch makes provision for the same by setting different path
for image_cache_dir config option.
Change-Id: If2627e9c212fd765b96d925046c04e9cb1001c3d
This reverts commit 9dc2b88eb4.
Reason for revert: Devstack creation/setup the things are not yet moved to scope tokens so we need to wait for that first and then do the scope check enable globally.
Change-Id: If0368aca39c1325bf90abd23831118b89e746222
On some platforms, "python -m pip" isn't available. Currently this is
run undconditionally from the "get_versions" function; remove the call.
Change-Id: I91d6c66d055f02fa7b4368593b629933f82d8117
This reverts commit 7a3a7ce876 and
bcd0acf6c0 and part of
f1ed7c77c5 which all cap our pip
installs.
Given the pip ecosystem can often incorporate major changes, tracking
upstream at least generally gives us one problem at a time to solve
rather than trying to handle version jumps when LTS distros update.
The new dependency resolver included some changes that disallow
setting URL's like "file:///path/to/project#egg=project" in
constraints. Apparently the fact it used to work was an accident of
the requires/constraints mechanism; it does make some sense as the URL
doesn't really have a version-number that the resolver can put in an
ordering graph.
The _setup_package_with_constraints_edit function comment highlights
what this is trying to do
# Updates the constraints from REQUIREMENTS_DIR to reflect the
# future installed state of this package. This ensures when we
# install this package we get the from source version.
In other words; if constraints has "foo==1.2.3" and Zuul has checked
out "foo" for testing, we have to make sure pip doesn't choose version
1.2.3 from pypi.
It seems like removing the entry from upper-requirements.txt is the
important part; adding the URL path to the on-disk version was just
something that seemed to work at the time, but isn't really necessary.
We will install the package in question which will be the latest
version (from Zuul checkout) and without the package in
upper-requirements.txt nothing will try and downgrade it.
Therefore the solution proposed here is to remove the adding of the
URL parts.
This allows us to uncap pip and restore testing with the new
dependency resolver.
Closes-Bug: #1906322
Change-Id: Ib9ba52147199a9d6d0293182d5db50c4a567d677
Now, if no arguments are passed to make_cert.sh script, it will fail on:
tools/make_cert.sh: line 30: [: missing `]'
and might go on with generating certs depending on the bash settings.
It is fixed within this patch.
Change-Id: I62bf9c972ebd1644da622439e05114f245f20809
The default cinder quotas for volumes, backups, or snapshots may
be too low for highly concurrent testing, so make these configurable
in devstack.
Change-Id: Ie3cf3239b48f9905f5760ad0166eea954ecf5eed
rdo-release.el8.rpm rpm points to latest RDO release,
so use it for master, for stable releases use corresponding
release rpm.
Change-Id: I508eceb00d7501ffcfac73d7bc2272badb241494
The usage of sudo with su is not recommended. It results in incosnistent
environment variables. Instead use just sudo with appropriate arguments.
The argument '-u stack' specifies that the sudo will execute as user 'stack'.
The last argument '-i' will launch an interactive shell.
Closes-Bug: #1938148
Change-Id: I42387660480377cdf9a0b04f190e7e1f21fb354f
Starting Wallaby release, nova sanitizes instance hostnames having
freeform characters with dashes. It should be tested in Devstack.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/795699
Change-Id: I54794e58b67620c36e8f2966ec3b62dd24da745b
The glance image size limitation was added and unfortuantely
does prevent larger images from being uploaded to glance. In the
case of all baremetal testing, this value is realistically smaller
than stock "cloud" images which support booting to baremetal with
often requisite firmware blobs, which forces some images over 1GB
in size.
Adds GLANCE_LIMIT_IMAGE_SIZE_TOTAL which allows users who need
larger images to be able to override the default while still
enabling limits enforcement in their deployment. The default
value is 1000.
Change-Id: Id425aa546f1a5973bae8be9c017782d18f0b4a47
As set out in bug #1933096 these bindings are dynamically built against
the version of libvirt present in the environment at build time.
As a result using a pre-built wheel can cause AttributeError's when the
bindings have previously been built elsewhere against an older version
of libvirt installed on the host. This is currently the case in CentOS 8
stream based CI jobs where we try to use 7.4.0 bindings that appear to
be built against libvirt <= 6.10 leading to bug #1933096.
This change seeks to avoid this by installing the bindings from packages
that will always be built against the correct corresponding version of
libvirt.
Change-Id: I76184c17a776c4e1ecaab9549d9d36c8c07c60fa
Closes-Bug: #1933096
The tempest plugin expects the classic environment variables
to be present for credentials to access the cloud, but this is
wrong in cases where we're trying to setup system
scoped services and need to remove the environment variables
that was being used.
Instead, change the plugin to use the os-cloud entry definitions,
and specifically in this case devstack-admin which makes sense
until we begin to start to make tempest itself scope aware.
We likely will want to change the environment variables from being
registered in devstack at some point and completely shift towards
passing an-os-cloud parameter, but that is outside the scope of
this change as doing so will likely break all plugins.
Change-Id: I8d4ec68f116eea07bc7346f939e134fa2e655eac
In RHEL-based distributions, updating setuptools using pip removes the
files from the python3-setuptools RPM. It breaks some tools such as
semanage (which is used by diskimage-builder) that use the -s flag of
the python interpreter (don't import modules from /usr/local).
This commit reinstalls python3-setuptools to fix those applications.
Change-Id: Ib44857e83f75acf37823fae912960a801c83cf7f
Move the 'Starting Horizon' task after the end of the wait for
create_flavors.
The start_horizon function restarts the httpd server, the openstack
services are unavailable during a short period of time, so the
"openstack flavor create" calls might fail randomly.
Closes-Bug: #1932580
Change-Id: I32ee7457586e3de8ba4dfce3b1a12025f9776542
This change add an os-vif lib that declares two new variables
OS_VIF_OVS_OVSDB_INTERFACE and OS_VIF_OVS_ISOLATE_VIF
The former is introduced to workaround bug #1929446 which cause the nova
and neutron agents to periodically block waiting for ovs to respond.
OS_VIF_OVS_ISOLATE_VIF is added to address bug #1734320 when using
ml2/ovs vif isolation should always be used to prevent cross tenant
traffic during a live migration. This makes devstack more closely
mirror reality by enabling it when ml2/ovs is used and disabling it
otherwise.
Related-Bug: #1734320
Related-Bug: #1929446
Related-Bug: #1912310
Change-Id: I88254c6e22b52585506ee4907c1c03b8d4f2dac7
The Secure RBAC effort has updated Ironic such that it
can support a mode where it is scope enforcing for all
interactions with the API. Due to the design, and operating
nature of Ironic's API, services speaking with it must
authenticate with a system scope to have a full picture
of the universe.
In this case, we need to update the nova configuration
accordingly such that the compute service understands
how to talk to ironic so that it can see the nodes under
management.
Ironic will likely update this again at a later point in
time to enable a "hybrid" mixed-mode as the operating model
and related permissions *should* allow nova to use a project
scoped "owner" account with Ironic, in order to access
and command nodes to deploy. But at this time, we're
focusing on the exclusive operating mode.
Change-Id: I1946725ce08c495178c419eaf38829f921c91bbe
Needed-By: https://review.opendev.org/c/openstack/ironic/+/778957
OpenStackSDK has a feature branch "feature/r1" as a preparation for the
R1.0 release. Due to different branch naming functional tests with
devstack are not running. Add temporarily (for the duration of the
feature branch) pragma to the zuul.yaml to allow Zuul run functional
tests. It will be dropped once SDK gets next major release.
Previous attemp didn't work well for other projects, therefore
explicitly include master as well.
Change-Id: I3a5722873f395bc52cc55a0fd6bcea0ebe3b74fc
This table is no longer present on most installations, drop it
from the list to avoid error messages during log collection
that people mistake to be the real error why devstack is failing.
This may lose some debugging information in edge cases, but I
think the improvement of the general user experience is more
important.
Change-Id: Ibb9b247a018a788c8c4b40487762319fe470bf0f
Closes-Bug: 1885198
This fixes various reported and unreported issues with the new
behaviour.
Removes code repetition as well to pay off some technical debt.
Closes-Bug: #1930360
Change-Id: I726c532e96ca434520838ae8a35d5b88b6dd337b
from Tempest to DevStack as it tests DevStack side of things and
is useful for projects not using Tempest.
Verbatim copy except for the devstack- prefix and the /devstack/
path.
Change-Id: Ie166730843f874b9c99e37244e460d7ad33b7eeb
CentOS Stream 8 (aka CentOS 8 Stream) is the currently
supported runtime platform. [0]
Some background history:
The Manila team has asked QA to test centos-8-stream
in the common gate.
A bit later it turned out the point releases of CentOS 8 (aka
CentOS Linux 8) will stop happening entirely by the end of 2021.
[1]
Includes a workaround to the edk2-ovmf issue on CentOS Stream 8
x86_64.
[0] https://governance.openstack.org/tc/reference/runtimes/xena.html
[1] https://lists.centos.org/pipermail/centos-devel/2020-December/075451.html
Change-Id: Iee5a262af757f27f79ba1d6f790e949427dca190
This reverts commit 6843bc798c.
Reason for revert: not sure why but this end up disabling the integration job on check pipeline,
Change-Id: Icfaf8ea17b3ce2e405414c23f8075b18d297bf8b
example: latest recheck on PS12 check pipeline job for neutron - https://review.opendev.org/c/openstack/neutron/+/790060
OpenStackSDK has a feature branch "feature/r1" as a preparation for the
R1.0 release. Due to different branch naming functional tests with
devstack are not running. Add temporarily (for the duration of the
feature branch) pragma to the zuul.yaml to allow Zuul run functional
tests. It will be dropped once SDK gets next major release.
Change-Id: I671b589150fe731125e16316a994a5942219920b
Enable IPv6 private subnet routing in ML2/OVN, it uses the behavior that
already exists in ML2/OVS: add a route from the devstack node to the
CIDRs of the default IPv6 subnet pool. Any IPv6 subnet created using the
default subnet pool and plugged into the default router is reachable
from the host (ex: ipv6-private-subnet).
Change-Id: I02ca1d94e9f4d5ad4a06182f5ac9a2434941cf08
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: I6b8e791c06319fa5fa0935337520c36800b1abd6
This patch moves the OVS compilation module from Neutron into DevStack.
It also renamed it to "ovs_source" to highlight its function, and the
include has been moved to where the rest of the includes are located.
Although this module is not required since by default DevStack installs
OVS/OVN from the host OS packages instead of compiling from source,
this is a nice to have as it avoids having bits and pieces of the code
scattered around multiple repositories.
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: I39ec9ce0a91bea05cf8c446a9767ab879ac8e8f3
This patch makes the OVN_L3_CREATE_PUBLIC_NETWORK configuration True by
default. This option makes the OVN lib in DevStack create & configure
the external bridge, matching the same behavior from the OVS driver
in DevStack.
Change-Id: Icda53b95fdc3c169ac48a6ec4343c87ba404baa4
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
devstack unit test job does not set any nodeset
and so does use default nodeset defined in base jobs
in opendev. When opendev switches the default nodeset to
the latest distro version, devstack unit test job can start
failing. Example:
- https://review.opendev.org/q/I01408f2f2959b0788fe712ac268a526502226ee9
- https://review.opendev.org/q/Ib1ea47bc7384e1f579cb08c779a32151fccd6845
To avoid such a situation in future, let's set the working nodeset
for this job also so that when we cut the stable branch we can
run it on the working distro version.
Change-Id: I302140778fedf08bc8ba72c453837fa7b8f8f9ae
When Glance is configured with a cinder glance_store, Cinder can be
configured to allow cloning of image data directly in the backend
instead of transferring data through Glance. Expose these
configuration options in devstack to facilitate testing this feature.
Adds:
- CINDER_ALLOWED_DIRECT_URL_SCHEMES
- GLANCE_SHOW_DIRECT_URL
- GLANCE_SHOW_MULTIPLE_LOCATIONS
Change-Id: Iee619b443088fd77cf7b1a48563203bdf4a93a39
The dstat project is no longer maintained.
The pcp-dstat package installs a dstat command so no further updates to
the scripts should be needed.
Change-Id: Ied8c9d29bed4f887c364db7080a0f2a0c02328af
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This reverts commit 5c304d8176.
Reason for revert: There are more things to fix/move like done in 791085 and 791282 Also let's change all required default in devstack scripts instead of devstack's zuul job side. Basically do this change without any change in .zuul.yaml
Change-Id: Ie0f59d1b9a4b97ad9fd8131819054dfb616f31fd
Sphinx 4.0.0 added a new dependency [0] which is causing the job to fail
at the moment.
This patch fix the problem by adding UC to the docs jobs.
[0] https://www.sphinx-doc.org/en/master/changes.html (LaTeX: add
tex-gyre font dependency)
Change-Id: I28019331017405c06577ada88f8e9f6d9a2afc23
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
As part of the Victoria PTG the Neutron community [0] agreed on changing
the default backend driver from ML2/OVS to ML2/OVN in DevStack. A lot of
changes have been submitted towards this goal including but not limted
to:
* Moving the OVN module to DevStack:
https://review.opendev.org/c/openstack/devstack/+/734621
* Updating the OVN module to use distro packages instead of compiling
OVN from source: https://review.opendev.org/c/openstack/devstack/+/763402o
And now this patch is changing the the actual Q_AGENT,
Q_ML2_TENANT_NETWORK_TYPE and Q_ML2_PLUGIN_MECHANISM_DRIVERS values in
devstack to what is expected by OVN as well as updating the Zuul
templates to enable the OVN services.
[0] https://etherpad.opendev.org/p/neutron-victoria-ptg
Change-Id: I92054ce9d2ab7a42746ed5dececef583b0f8a833
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
The configure_neutron_nova function updates nova configs. While that is
still running we separately update nova configs in stack.sh. This can
result in unexpected configs (that don't work). Fix this by waiting for
configure_neutron_nova to complete its work before we do nova config
updates directly in stack.sh.
For specifics we say that:
[neutron]
project_domain_name = Default
was missing from both nova.conf and nova-cpu.conf and instances could
not be created because keystone complained about not finding domain in
project. The strong suspicion here is that on some systems
configure_neutron_nova would write out project_domain_name while the
stack.sh inisets were running resulting in stack.sh overwriting the
project_domain_name content.
One theory is that disabling swift makes this problem more likely as
there is swift work in the middle of the async period. This is supported
by the fact that our job that hits this problem does indeed disable
swift.
Change-Id: I0961d882d555a21233c6b4fbfc077cfe33b88499
Since victoria cycle, we have moved upstream testing to
Ubuntu Focal (20.04) and so does no Bionic distro in
Xena cycle testing runtime[1]. Grenade jobs also started
running on Focal since victoria was released.
Only thing left was legacy jobs which were not migrated to
Ubuntu Focal in Victoria and as per another community-wide
goal[2], all the lgeacy jobs were suppsoed to be migrated
to zuulv3 native jobs in victoria cycle itself. One of the
pending job was in nova (nova-grenade-multinode) which is also
migrated to zuulv3 native now
- https://review.opendev.org/c/openstack/nova/+/778885
If there is any job running on bionic, we strongly recommend
to migrate it to Ubuntu Focal.
[1] https://governance.openstack.org/tc/reference/runtimes/xena.html
[2] https://governance.openstack.org/tc/goals/selected/victoria/native-zuulv3-jobs.html
Change-Id: I39e38e4a6c2e52dd3822c9fdea354258359a9f53
If a pid disappears on us while we're reading, we should just continue
on.
EnvironmentError is just an alias for OSError since Python 3.3, so use
the latter name. [0]
[0] https://docs.python.org/3/library/exceptions.html#OSError
Change-Id: I3a25cca328e1469f72c84a118a9691c1c0258bc4
Closes-Bug: #1926434
If5c860d1e69aaef9a9236303c370479a7714ad43 attempted to move this default
to lioadm while pinning certain Bionic based jobs to tgtadm.
Unfortunately it missed the legacy dsvm based jobs within various
projects that do not inherit from the devstack-platform-bionic base job
and that are also not covered by devstack's gate.
This change simply forces CINDER_ISCSI_HELPER to tgtadm on Bionic based
hosts to ensure it is always used.
Closes-Bug: #1926411
Change-Id: Ib4b38b45f25575c92fb09b8e97fa1b24af0cc06a
As outlined in bug #1917750 the use of tgtadm in multinode environments
with multiple c-vol services can cause volumes to use duplicate WWNs.
This has been shown to cause some encrypted volume test failures as
os-brick returns a /dev/disk/by-id path to n-cpu that can point to the
wrong underlying volume when multiple volumes with the same WWN are
connected to a host.
There is also some speculation that the duplicate WWNs are also causing
libvirt to fail to detach volumes from instances but as yet this has not
been proven.
This change aims to avoid all of the above by switching the default of
CINDER_ISCSI_HELPER to lioadm for all deployments instead of just EL and
SUSE based deployments.
The Bionic platform job however is pinned to tgtadm as there issues
installing python3-rtslib-fb.
Closes-Bug: #1917750
Change-Id: If5c860d1e69aaef9a9236303c370479a7714ad43
This dumps some data in the case where we fail to wait for a child
pid to help debug what is going on. This also cleans up a few review
comments from the actual fix.
Change-Id: I7b58ce0cf2b41bdffa448973edb4c992fe5f730c
Related-Bug: #1923728
Apparently bash (via POSIX) only guarantees a small (32ish) number of
children can be started and their statuses retrieved at any given
point. On larger jobs with lots of plugins and additional work, we
may go over that limit, especially for long-lived children, such
as the install_tempest task.
This works around that issue by creating a fifo for each child at
spawn time. When the child is complete, it will block on a read
against that fifo (and thus not exit). When the parent goes to wait
on the child, it first writes to that fifo, unblocking the child so
that it can exit near the time we go to wait.
Closes-Bug: #1923728
Change-Id: Id755bdb1e7f1664ec08742d034c174e87a3d2902
Due to issue on stckviz side, job start
failing with POST_FAILURE. If we fix the
issue still we need to wait for periodic job
periodic-package-stackviz-element to publish
the latest tarball on https://tarballs.openstack.org/stackviz/dist/.
Let's not fail the job for any issue occur during
stackviz processing.
Closes-Bug: 1863161
Change-Id: Ifee04f28ecee52e74803f1623aba5cfe5ee5ec90
Ceph adds the osd pool default size option on ceph.conf via [1];
this means we don't need to specify the size of this pool if
the same value (same variable) is used (CEPH_REPLICAS).
This change is an attempt of removing the size setting, relying
on the implicit declaration of the value provided by ceph.conf.
[1] https://github.com/openstack/devstack-plugin-ceph/blob/master/devstack/lib/ceph#L425
Change-Id: I5fa2105ceb3b97a4e38926d76c1e4028f1108d4a
As reported in bug #1920136 the tempest-integrated-compute job has
started to see insufficient free virtual space errors being reported by
c-sch and c-vol when creating volumes. This change simply increases the
default size of the underlying LVM PV used to host these volumes within
the default LVM/iSCSI c-vol backend deployed by devstack.
Change-Id: I965d4a485215ac482403f1e83609452550dfd860
Closes-Bug: #1920136
This patch adds a new environment variable, CINDER_BACKUP_DRIVER for
configuring cinder backup driver used when c-bak service is enabled.
This gets cinder backup driver configurable with a similar pattern to
cinder backends. Although the current configurable backup drivers don't
need cleanup functions, the interface for cleanup is prepared for the
future.
The following backup drivers can be configured:
swift:
This is the default backup driver.
ceph:
This already can be configured if ceph backend driver is enabled. For
backward compatibility, ceph backup driver is used if ceph backend
driver is enabled and no backup driver is specified.
s3_swift:
The s3 backup driver gets configurable with this patch. By specifying
's3_swift', the driver is configured for swift s3api.
In the future, lib/cinder_backups/s3 should be created separatedly for
external S3 compatible storage. This file will just set given parameters
such as a URL and credentials.
Change-Id: I356c224d938e1aa59c8589387a03682b3ec6e23d
Devstack script for setting post-config needs gawk.
So this patch moves gawk from files/*/nova into files/*/general.
Closes-Bug: #1909041
Change-Id: I06a1a5524f146a8d7337963e846b5a6b7561be13
Several jobs have been running in parallel since the late Wallaby
cycle, and other developers have had it enabled locally. I have heard
no async-related stability or debug-ability complaints thus far.
I think that we should convert the default to parallel early in the
Xena cycle in an attempt to spread the speed improvements across the
board, while also collecting data on a wider set of configurations.
Change-Id: I83d56c9363d481bb6d5921f5e1f9b024f136044b
When OVN is built from source, the value of OVS_PREFIX is set to
"/usr/local". All other paths referring to OVS should be prefixed
with this value.
Closes-Bug: #1920634
Related-Bug: #1918656
Change-Id: I9a45a5379d1c47cdf67b9c6d3d0409a88501e61e
In case when OVN_UUID isn't set by user, and it isn't stored
in /etc/openvswith/system-id.conf file, Devstack will reuse it.
If it's not, it will generate and store it in the
/etc/openvswitch/system-id.conf file so it can be set to same value
after openvswitch will be e.g. restarted.
In case when OVN_UUID is set by user, it will be also saved in
/etc/openvswitch/system-id.conf file to make it persistent when e.g
openvswitch will be restarted.
Closes-Bug: #1918656
Change-Id: I8e3b05f3ab83e204bc1ce895baec0e1ba515895b
Instead of doing a flush/add, use replace like the ML2/OVS
code does. Should have the same behavior of not failing if
the address is already present.
Change-Id: If9d8a848b079ccb8c0c9b8e6fb708107aa0d46c7
This cleans up some of the quote and variable handling that was
pointed out in review of the previous patch. This is non-critical,
so I'm putting it in a subsequent patch to avoid disturbing the
careful alignment of patches across three projects that are mostly
approved.
Change-Id: I9b281efd74ba5cd78f97b84e5704b41fd040e481
In order to be able to test glance's distributed import function,
we need to have multiple workers in an arrangement like they
would be if one was on another host (potentially at another site).
This extra worker must be separate from the default image service
in order to repeatedly hit one and then the other to test cross-
service interactions.
This allows you to enable_service g-api-r, which will clone the main
g-api service, modify it to run on a different port, and start it.
The service will be registered in the catalog as image_remote.
Depends-On: https://review.opendev.org/c/openstack/glance/+/769976
Change-Id: I0e2bb5412701d515153c023873addb9d7abdb8a4
Conder started moving to new RBAC and cinder-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on cinder side and on Temepst side to tell
cinder is all configured with scope checks and test can be run with
scoped token.
Change-Id: Ic7cd919c000c4e7b9a3a06638a5bd87b1617e749
Glance started moving to new RBAC and glance-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on glance side and so does on Temepst side to tell
glance is ready with scope checks so that test can be run with
scoped token.
Change-Id: I09f513d08212bc80a3a86a750b29b1c6625d2f89
Keystone-tempest-plugin has implemented the secure RBAC
tests and enabling the enforce_scope via keystone devstack
plugin. Doing those setting in devstack will help to manage
easily and in central place also avoid restarting the api
service.
Change-Id: I30da189474476d3397152a0a15c2e30a62d712ad
This file is mega out-of-date and no longer helpful. Remove it.
Change-Id: Ic7e215c3e48a9c453d19355ad7d683494811d2af
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The XenAPI driver was removed during the Victoria release [1], while the
libvirt+xen driver has been removed in the Wallaby release [2]. Remove
references to Xen from DevStack since its all a no-op now.
[1] I42b302afbb1cfede7a0f7b16485a596cd70baf17
[2] I73305e82da5d8da548961b801a8e75fb0e8c4cf1
Change-Id: If7055feb88391f496a5e5e4c72008bf0050c5356
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This was removed this service from nova in Ussuri [1]. There's no need
to keep this around.
[1] I2f7f2379d0cd54e4d0a91008ddb44858cfc5a4cf
Change-Id: Idc95c6467a8c6e0c0ed07a6458425ff0a10ff995
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
os-ken is used by neutron ML2/OVS agent.
We need to install os-ken from source to test os-ken changes
against neutron. We already have tempest-integrated-networking job
in os-ken repo but it turns out it consumes os-ken from PyPI :-(
Change-Id: Ibcff212591e9fed25f1316403627269d81455b09
We require the 'tls-proxy' service to set up certificates for us. Hard
fail if 'NOVA_CONSOLE_PROXY_COMPUTE_TLS' is enabled but the 'tls-proxy'
service is not.
Change-Id: I52fec12b78ecd8f76f835551ccb84dfb1d5b3d8a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
When installing OVN from packages, the rpm for Fedora / CentOS pre set
some configurations that conflicts with the post configuration done by
DevStack.
This patch fixes this problem by erasing the pre-set configuration from
the packages and leaving it to DevStack to configure OVN for its use
(just like we would do when compiling it from source).
Change-Id: I9c18023c9aa79c0633748a6169f4f283e9d74ef0
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
We use Tempest master for testing the supported stable
branches so using master upper constraints works fine but
when we need to use old Tempest in the below cases then master
upper constraints do not work and devstack will not be
able to install Tempest in vnenv:
- Testing Extended Maintenance branch
- Testing py2.7 jobs until stable/train with in-tree tempest plugins
This commit adds a variable to set the compatible upper constraint
to use for Tempest's old version.
Few of the current failure which can be fixed by this new configurable var:
- networking-generic-switch-tempest-dlm-python2
- https://zuul.opendev.org/t/openstack/build/ebcf3d68d62c4af3a43a222aa9ce5556
- devstack-platform-xenial on stable/steinand stable/train
- https://zuul.opendev.org/t/openstack/build/37ffc1af6f3f4b44b5ca8cbfa27068ac
Change-Id: I5b2217d85e6871ca3f7a3f6f859fdce9a50d3946
CentOS 8.3 changed the name of the PowerTools repository to powertools:
https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.2011#Yum_repo_file_and_repoid_changes
With this repository disabled, DevStack fails to install libyaml-devel,
which causes a failure to install many packages. In my environment
DevStack stopped with an error caused by a missing wget.
Keep the command using the old repository name, for compatibility with
older CentOS releases.
Change-Id: I5541a8aee8467abf10ce8a10d770618bdd693f02
When I reordered the nova database creation for better performance
and cleaner arrangement, I broke the non-standard arrangement where
the super and cell conductors are squashed together. In devstack,
this is implemented by pointing the controllers at cell1 in the
config, which makes it hard to create and sync the databases in the
natural order. This manifested in a failure when running in this
mode (which apparently Trove is).
As a quick fix, this special-cases the setup for cell0 if that mode
is enabled. I will follow this up with a cleaner refactor of all that
stuff so this hack isn't required, but that will take a bit longer.
Change-Id: I5385157c281beb041bf67cba546be20cf9497cbe
Introduced in devstack by I2d7348c4a72af96c0ed2ef6c0ab75d16e9aec8fc and
long tested by nova-next this enabled by most deployment tools by
default now and should be enabled by default in devstack.
Change-Id: Ia76b96fe87d99560db947a59cd0660aab9b05335
This change introduces a basic role to copy the contents of /etc/ceph
between the controller and subnodes during orchestrate-devstack allowing
a multinode ceph job to be introduced by
I9ffdff44a3ad42ebdf26ab72e24dfe3b12b1ef8b.
Note that this role is only used when devstack-plugin-ceph is enabled.
Change-Id: I324c0f35db34f8540ca164bf8c6e3dea67c5b1b4
We have a *ton* of stuff in devstack that is very linear, specifically
the ten-ish minutes we spend loading osc to run a single API command
against something. We also generate configs, sync databases, and other
things that use one core of our worker and make our runtime longer
than it really needs to be.
The idea in this patch is to make it super simple to run some things
in the background and then wait for them to finish before proceeding
to something that will require them to be done. This avoids the
interleaving you would expect by redirecting the async tasks to a log
file, and then cat'ing that log file synchronously during the wait
operation. The per-task log file remains so it's easier to examine
it in isolation.
Multiple people have reported between 22-30% improvement in the
time it takes to stack with this. More can be done, but what is here
already makes a significant difference.
Change-Id: I270a910b531641b023c13f75dfedca057a1f1031
This patchset adds configuration support for network logging
when the OVN driver is enabled.
Depends-On: https://review.opendev.org/768129
Change-Id: I6fc0973bedfd1dcc72b01981cd64f9283662d37c
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
If we are backing glance with cinder, we will use more volumes and
if timing is right, we will clash with other tests and be unable
to create what we need. If we are backing glance with cinder, we
should increase the volumes quota, which this patch does (to 50 from
a default of 10).
Closes-Bug: #1914665
Change-Id: I2ad1c4d21f996ee1a9ce29ba4f1a4b8f5720f8fb
This commit fixes use of die function before it's defined.
die function can be used after sourcing $TOP_DIR/functions chain-
sources $TOP_DIR/functions-common.
Because fixed portion of stack.sh checks existence of $TOP_DIR/inc
and sourcing $TOP_DIR/function chain source $TOP_DIR/inc, this commit
uses echo & exit command instead of die function.
Closes-Bug: #1913021
Change-Id: I5ec174cf7b02269525b1bfd0bfa94ea889d16fce
On master, we should always enable tempest's verification of Glance's
os_glance namespace enforcement.
Change-Id: Ia71878e6c53ee683a868112959876798e946e2ce
Depends-On: https://review.opendev.org/c/openstack/glance/+/771070
I am still unable to stack because of pip 20.3, but this time
because of the tempest venv build. This forces it to the same
capped pip, which further works around the problem.
Change-Id: Icfaaefe1aa576733764b393cba96d276c9b1cf68
Related-Bug: #1906367
I'm not sure if others will find this useful, but I use this
script to run pieces of devstack while trying to write/debug
things. It saves me a lot of time being able to get to some
project-lib function without a full clean/re-stack.
Figured I'd share in case it's worth putting into the tree.
Change-Id: I9a92fa71d34f50c2f5ba7d11c1a45301bd4478bf
It has been broken for over a month. Feel free to revert in combination
with a fix, better with a commitment to keep the job in working shape
permanently.
Change-Id: I2604374c23716d56de29e16a459b7c7f45b84891
The create_disk() helper had some redundant checks and dead code. This
refactors it to put all the stale cleanup at the top, and groups the
new actions together with more relevant comments to make it easier
to understand.
Change-Id: I1f6218a1994e66786ed9a8065e30bcceec7b8956
Bug #1873234 documents a number of CI failures caused by RPC requests
from c-api to c-vol timing out due to `lvchange` taking longer than the
default rpc_response_timeout of 60 seconds to complete.
While the underlying reason for the slowness should be investigated by
the cinder team a trivial workaround to the fallout created by these
timeouts is to simply double the client RPC timeout used by c-api,
allowing c-vol to return and overall the request to succeed.
Change-Id: I53dc0ae10af6aa13f1349b58373932eb6a15ab02
Related-Bug: #1873234
Since the introduction of I8f24b839bf42e2fb9803dc7df3a30ae20cf264
s-proxy is no longer able to launch as keystonemiddleware (listed under
test-requirements.txt) has not been installed.
keystonemiddleware is listed as extras requirements in swift
- https://github.com/openstack/swift/blob/e0d46d77fa740768f1dd5b989a63be85ff1fec20/setup.cfg#L79
Let's install swift keystone extra requirements also.
Closes-Bug: #1909018
Change-Id: I02c692e95d70017eea03d82d75ae6c5e87bde8b1
This patch changes the OVN module from DevStack to allow for using the
OSapackaged version of OVN instead of compiling it from source.
A new variable called OVN_BUILD_FROM_SOURCE has been introduced and when
set to False (the default value) OVN will then use the packaged version
for setting up DevStack.
Note, in the stop_ovn() function, the OVN metadata agent service name
was wrong and the service wasn't being stopped as part of ./unstack.sh.
This patch also fixed it as well.
Change-Id: Ib41e3b486550200572afd6b3ba783d7644d70d44
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Co-Authored-By: Slawek Kaplonski <skaplons@redhat.com>
When deploying on the centos 8 stream variant
the output of "lsb_release -i -s" is
CentOSStream instead of CentOS
This breaks the is_fedora function in devstack
preventing package installation and removal.
Change-Id: I39ccefbd06f46adf5077f8d8001f37d3b190f040
This patch caps pip version during bootstrap to avoid the issue:
"ERROR: Links are not allowed as constraints"
A proper fix would be to adapt to new pip behavior.
Depends-On: https://review.opendev.org/764811
Change-Id: I1feed4573820436f91f8f654cc189fa3a21956fd
As documented in the associated TODO this job can be removed now that it
has been migrated to zuulv3 by Ib342e2d3c395830b4667a60de7e492d3b9de2f0a.
Change-Id: Id7c0fd8eec09386cd638956a46c1f75844194b9d
This change updates bionic installs to use the
ussuri cloud archive to enable the use of libvirt 6.0.0.
This is required to prevent a libvirt bug that causes intermittent
failures for the tempest test_live_block_migration_paused testcase.
Change-Id: I9c395c2b5fdfe6ad9a43477280e88e9a9b34f057
Related-Bug: 1901739
At this moment, only image_ssh_user is present in the config
of Tempest. It's set to cirros by default and used for
SSH connections in tests. However, several tests build
instances with image_ref_alt, but still use image_ssh_user to
connect, which results in failure if image_ref_alt is set to
a non-cirros image. They should use image_alt_ssh_user instead,
which can be set to whichever user the image_ref_alt needs in
either local.conf or during plugin installation.
Change-Id: I899909fb71a9862c891e94ba54c6a8fa137f9769
Partial-Bug: #1844535
Right now a system configured with the ceph plugin will not survive
a reboot because the backing disk we create and mount isn't mounted
at startup, preventing ceph from starting and the rest of nova/glance
from working.
This makes create_disk() idempotently write an fstab rule for the
disk we make, and adds a destroy_disk() handler for cleanup.
Change-Id: I50cd4234f51a335af25be756bd2459dca5aa343c
For change 739139 [1] PS 12, the
neutron-tempest-plugin-scenario-linuxbridge died in devstack with
"/opt/stack/devstack/functions-common:237 Failure retrieving default
route device", which comes from
"/opt/stack/devstack/lib/neutron-legacy:237:die_if_not_set".
Looking at the worlddump.txt for that job [2] I see that there is a
default ipv6 route; the vm was not configured with ipv4 networking.
ip route
--------
ip -6 route
-----------
::1 dev lo proto kernel metric 256 pref medium
2607:ff68:100:54::/64 dev ens3 proto kernel metric 256 expires 86380sec pref medium
fe80::/64 dev ens3 proto kernel metric 256 pref medium
default via fe80::f816:3eff:fe77:b05c dev ens3 proto ra metric 1024 expires 280sec hoplimit 64 pref medium
Looking at the devstack code that throws the error [3] it looks like
it only looks for a default route in the output of `ip route`, which
does not include ipv6 information. This change should look in both
the ipv4 and ipv6 route table. A similar check in the L3 setup code
is also updated.
[1] https://review.opendev.org/#/c/739139/
[2] https://d4eb7e3efe98cba79a4b-f4d168cdb20f40841821e4b213645c0f.ssl.cf2.rackcdn.com/739139/12/gate/neutron-tempest-plugin-scenario-linuxbridge/9a6b4f7/controller/logs/worlddump-latest.txt
[3] https://opendev.org/openstack/devstack/src/branch/master/lib/neutron-legacy#L236
Closes-Bug: #1902002
Change-Id: I839e8c222368df98fec308cf41248a9dd0a8c187
(MTU - 50) only supports VxLAN over IPv4, decrease it
to support IPv6 as well, which is 20 bytes larger.
Change-Id: I0cf258770f628c1b4fb590bd274b5433fbcc1450
Sometimes instances don't have an IPv4 default route, so only check for
it when we actually need it. In a followup patch we could extend the
code to check for an IPv6 default route instead or in addition.
Related-Bug: 1902002
Change-Id: Ie6cd241721f6b1f8e030960921a696939b2dab10
This function has been deprecated for a long time, let's finally
remove it. It is only generating a warning anyway.
Change-Id: I7bd440adf2ce8283e3ad3d5d09e6b2b877e2b42e
This patch set the os-vif "ovsdb_connection" configuration option so it
can connect to the local OVSDB. By default, this option points to
tcp:127.0.0.1:6640 and would fail if SERVICE_IP_VERSION == 6.
Also, if SERVICE_IP_VERSION is an IPv6 address, it should be wraped with
square brackets for it to work.
Change-Id: Ie6eec4e140c7464936cf0b0c6307026a94c9f4ee
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
this change corrects the flag order from 'route -6'
to '-6 route' as the -6 flag is an option when used with
ip is an argument to the the ip command and not the route
subcommand.
-6 is accpeted as an argument to the standalone 'route'
commannd but not 'ip route' subcommand.
Change-Id: Ic2ae472e42b7b455693d0aade48dc5109e1f21ba
The "ip route" command only outputs IPv4 routes, add a command to also
show IPv6 route information.
Drop output from "ip link" as that information is contained within the
"ip addr" output already.
Change-Id: Iae87f43c4b1c57f07de041e823da9d350c670389
The current code always overrides tox_environment when running
functional tests, but the correct behavior is to add
the discovered environment variables to tox_environments,
while keeping the user-specified value for it.
The current behavior breaks the devstack-tox-functional children
jobs, like openstacksdk-functional-devstack-ironic, which set
tox_environment.
Change-Id: I5dc9054a1495ca0ef7745c08316441ab153956f4
The situation around glance under WSGI has changed a lot in a week.
We can now run tasks and imports under WSGI, so let's switch the
default back so that glance is consistent (by default) with the
other projects.
Change-Id: I3ae285b2ac4972c0b8abaccfc7c0ede0e1c49bf1
Nova has newer qemu requirements which needs opensuse 15.2 to meet. The
infra opensuse 15 images are 15.2 now to accomodate that. Update
opensuse's supported version to match.
Change-Id: I6f3c5234920b185b2b0cd9c358371402f7a7b922
This includes a workaround to a known dnsmasq >= 2.81 issue that
results in unanswered DHCP requests from instances as documented in the
following Neutron bug:
dnsmasq >= 2.81 not responding to DHCP requests with current q-dhcp configs
https://bugs.launchpad.net/neutron/+bug/1896945
For the time being we will attempt to downgrade to 2.80 to avoid this.
Related-Bug: #1896945
Change-Id: I3a760c43956221424926bd9dad0ebe9b28ae2b52
Enable the compute feature for shelve_migrate on all but LXC and
Xen virt_types.
Related-Bug: #1732428
Depends-On: https://review.opendev.org/#/c/696084/
Change-Id: I31cd00c9117607682213cfa0399709e560f4ad0d
This patch will enable user to configure single cinder store as well as
multiple cinder stores for glance. Below are the parameters needs to be
added in local.conf.
A. For single store
USE_CINDER_FOR_GLANCE=True
B. For Multiple stores
USE_CINDER_FOR_GLANCE=True
GLANCE_ENABLE_MULTIPLE_STORES=True
CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1,lvm:lvmdriver-2,nfs:nfsdriver-1,ceph:cephdriver-1}
GLANCE_CINDER_DEFAULT_BACKEND=lvmdriver-1
enable_plugin devstack-plugin-nfs https://opendev.org/openstack/devstack-plugin-nfs
enable_plugin devstack-plugin-ceph https://opendev.org/openstack/devstack-plugin-ceph
NOTE:
GLANCE_CINDER_DEFAULT_BACKEND should be one of the value from CINDER_ENABLED_BACKENDS.
If you need to configure nfs and ceph backend for cinder then you need to add respective plugins in
local.conf file.
If GLANCE_ENABLE_MULTIPLE_STORES is True then it will not configure
swift store for glance even if it is enabled in local.conf file.
Needed-by: https://review.opendev.org/#/c/750018
Change-Id: Id0d63c4ea41cce389eee8dc9a96913a7d427f186
nova-ceph-multistore is defined in nova side to test the
glance multistore on ceph and it is voting on nova gate.
There are other multistore testing enhancement going on for
example- https://review.opendev.org/#/c/743800/. so to avoid
any regression, let's run exiting mutistore job on devstack
gate too.
Change-Id: Ie82b4057463df4b6138c53b14a582bd84866aebd
There is flag Q_BUILD_OVS_FROM_GIT which can be used to not compile
ovs from source.
But this wasn't respected in the ovn_agent's module in install_ovn
function which was always installing from source ovn and ovs.
We need to disable that e.g. on grenade jobs when new version is
installed.
Change-Id: I7d3f92365e880191dcfe7c618a6f79d5f741144f
This is will allow the openstack/nova project to facilitate a minimum
required version bump of QEMU and libvirt within the libvirt virt driver
in I8e349849db0b1a540d295c903f1470917b82fd97 ahead of the planned switch
to focal later in Victoria.
Change-Id: I85eb45632ff229676f7c29708f4a7cc64b3d90e3
Previously pyc files were only cleaned if clean.sh was run.
with this change a new clean_pyc_files function was introduced
with the logic that was previously in clean.sh but it is now
invoked from unstack.sh
With the previous behavior you could not stack with horizon
enabled then unstack and stack again due to the presence of pyc
files that were owned by root.
By moving the clean to unstack in stead of clean.sh you can
now stack, unstack and stack again without hitting the pyc issue.
since unstack is invoked by clean the existing clean.sh behavior has
not changed in practice except for the fact the pyc files are
removed sooner in the process.
This change also removes support for findutils < 4.2.3
Ubuntu 12.04 and CentOS 6 both have 4.4.2 since they were
released 8 years ago and are now EOL its fair to assume
that all modern distros have 4.2.3+
https://repology.org/project/findutils/versions
Change-Id: I13c9aad9be7e0930a0d875b7d382090caf0b8982
This reverts the changes made to the zuul config in [0]. Since the
backports to the stable branches have been merged, the jobs can be
voting again.
[0] I5d8aa0e58e0409c54451b51de5eb70ba9a68d849
Change-Id: I3f5972e05faea8f11d7e87f3f8b05e4979e6c328
A new setuptools release has changed the way pip installs are done,
see [0]. With this change we switch back to using the distro
method for global pip installs.
Temporarily make grenade jobs non-voting in order to allow this
patch to be backported.
[0] http://lists.openstack.org/pipermail/openstack-discuss/2020-August/016905.html
Change-Id: I5d8aa0e58e0409c54451b51de5eb70ba9a68d849
This patch is a follow-up of Ib4194329474e8d68a90886d2a04f027eecd741df.
This patch removes the configure_port_forwarding call from the
neutron-legacy module because port forwarding (just like other
extensions such as DNS, QOS, etc...) are already enabled in the
plugin.sh file in the neutron repository [0]. The
configure_port_forwarding method itself is also defined in the neutron
repository so calling it here may result in a failure in case the plugin
is not enabled.
We are also removing the "dns" extensions from the default
Q_ML2_PLUGIN_EXT_DRIVERS variable because this extension conflicts with
the default DNS extensions that is enabled by Neutron when
q-dns/neutron-dns service is enabled (also in [0]). The LP for this
conflict problem is: https://bugs.launchpad.net/neutron/+bug/1887163.
[0]
https://github.com/openstack/neutron/blob/945a244588b81064e4301b6f055a3c90f472bd7e/devstack/plugin.sh#L101-L103
Change-Id: Iafb9e45520798b2a612192cfc6cca28501465862
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This patch fixes an early stack issue where the following error message
would be presented:
ERROR: Cannot uninstall 'PyYAML'. It is a distutils installed project
and thus we cannot accurately determine which files belong to it which
would lead to only a partial uninstall.
We also drop references to removal of Python 2 library egg infos now
that Python 2 is EOL.
Closes-Bug: #1892363
Change-Id: I2876ee58ab6b73682869d6b4e684e10ac5e56ad9
The role reads the OS_* variables set by devstack through openrc
for the specified user and project and exports them as
the os_env_vars fact. It is meant to be used as a porting aid
for the jobs of the non-unified *clients only.
This is useful to run functional tests against the generated
environment. A slightly less generic version of this role
is currently used by python-cinderclient and python-novaclient
(get-os-environment).
In order to make this more useful, call it from
devstack-tox-functional and derived jobs. The role
execution is disabled by default and it can be enabled
by setting openrc_enable_export: true.
Change-Id: I15f5a187dbc54c82e8f4a08b4bb58d56e0d66961
There are a few dependencies which are really os-brick-specific.
They are listed in its bindep.txt file, but os-brick is usually
installed from pip, so its bindep.txt file is not available.
As those dependencies are needed by the various services
which use os-brick, move them to their own dependency file
(with the addition of the new lsscsi, required by the next
os-brick stable release) and make sure that file is parsed
when installing the services which require os-brick.
Side note: there should be a way to avoid this duplication
also for pip-installed libraries (normal services can use
files/ or even bindep, but in this case the source is not always
available), (temporarily?) duplicate them, as it has been
the case for the other os-brick dependencies already listed here.
Change-Id: I9ab6e215dbef9ebdb1946da2f9a40ce020ecc95b
As part of the Victoria PTG the Neutron team entertained the idea of
having the OVN driver as the default backend in DevStack (this hasn't
yet being decided by the community, this will be discussed within this
cycle).
For this to happen, we also would need to move the module that configures
OVN to the DevStack repository. This is what this patch is doing.
Note that we are updating the lib/neutron-legacy module instead of
lib/neutron in this patch, this is because as part of the PTG the
Neutron team has decided to un-deprecate the neutron-legacy module since
the "new" lib/neutron module is broken and nobody is current working on
it (also all services uses neutron-legacy).
Also, the ovsdbapp has been added to the ALL_LIBS list because a gate
job in the ovsdbapp project repository relies on installing the library
from source instead of pip to run.
Depends-On: https://review.opendev.org/#/c/740663/
Change-Id: Ib4194329474e8d68a90886d2a04f027eecd741df
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
We need to use python3, our deps are no longer installed in python.
Includes the current set of updates to the plugin registry.
Change-Id: I4753ddf60ed066cc11fa74dbbd63210dbad733a8
While RHEL 7 is detected as RedHatEnterpriseServer, RHEL 8 is
RedHatEnterprise.
$ lsb_release -i -s
RedHatEnterprise
Change-Id: I3d750d808c6ebea9c230f0508cdbc016415b9922
Most libs maintain their own system packages in a local bindep.txt file.
We don't currently use those when installing packages from source, which
can result in broken package installs.
This adds a flag to always attempt to install bindep packages if the
bindep.txt file exists. If a file cannot be found, it will just emit a
warning and carry on.
Change-Id: Ia0570f837b8af1c3fee0a314b026a4a7ed27e6a9
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
If glance is in standalone mode, image import works
fine so enable the tempest tests. Once we will have image
import or other async tasks working with glance under uwsgi
then we can remove this flag and run import tests by default.
Depends-On: https://review.opendev.org/#/c/741425/
Change-Id: I853e8a3815187f0aa8f05c70488ec948a97e55a6
As of the referenced patch in glance, we can do import in wsgi mode.
Also remove the enforcement that import methods are disabled.
Change-Id: I8da4b4ad6105bb64c4045ca80db9742591d01564
Depends-On: https://review.opendev.org/#/c/742065
We always want to start glance on the internal port now,
regardless of whether or not tls-proxy is in use, because we
write_local_proxy_http_config() for the standalone case.
Change-Id: I47dea645d4a852e02e25af0e1df9c28fec92c42a
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
While removing registry [1] we by mistake removed some code related to
multiple store configuration for glance. This must be happened during
resolving merged conflicts.
Adding it back.
[1] https://review.opendev.org/708062
Change-Id: I2b84f7b7c51b7b20765a06b48c75006fd2e8ab71
Glance should not be exposing import methods that cannot work via its
API, but it does today. In order for tempest (et al) to be able to
properly detect whether import is possible, we must configure the
import methods in standalone mode, or disable them in wsgi mode. The
referenced Glance patch will make this a requirement.
Change-Id: I3bf3498d83607c5e98b70877c061dc54fc3c0a6e
Needed-By: https://review.opendev.org/#/c/741497/
A whole set of Glance functionality is not usable under uwsgi, including any
of the more powerful async import, customization, and copying functions.
In order to facilitate writing and running tempest tests for these features
in all environments covered by the various jobs across all the projects that
include Glance, we should default to this deployment method.
It is still possible to deploy glance in uwsgi mode by setting the flag to
False, and we can do that for some jobs to make sure that it continues to
work. However, the default should be what we expect deployers will use,
which is standalone mode.
Depends-On: https://review.opendev.org/741479
Change-Id: I141acab2a07a4eebd8d850f900058bc8cbf9c7bf
This makes no sense to set on _every_ devstack deployment, only
if we are using libvirt qemu or kvm. Make it conditional.
Change-Id: I860e899274646ff73b8f084a0583325239aee9cc
This abstracts out the conversion of key=value,... property lists to a function
and makes both _upload_image() and the two ami/aki image create calls use it. The
move to bare key=value properties introduced a regression for ami/aki where
the --property flag stopped being passed to osc in that case.
Change-Id: Idf7fdfe3f5800f79f6c48f9d9606a7b53436a730
Full Glance functionality requires Glance being run in a configuration
where it can spawn long-running task threads. The default uwsgi mode
does not allow this, and the current workaround is to set WSGI_MODE
to something other than uwsgi to get the devstack code to deploy
Glance as a standalone service. Since this affects the entire rest of
the deployment, this patch separates out a flag to control this behavior
specifically for Glance. When WSGI_MODE=uwsgi, control of the Glance
deployment mechanism is allowed via GLANCE_STANDALONE=True|False. If
WSGI_MODE!= uwsgi then we deploy standalone Glance anyway.
Change-Id: I79068ce0bd7414bc48ff534ee22f0de5d7b091cb
Added new boolean option 'GLANCE_USE_IMPORT_WORKFLOW' default to False.
If this parameter set in local.conf as True then devstack will use the
new import workflow to create the image.
In order to use new import workflow of glance;
user need to set below options in local.conf
GLANCE_USE_IMPORT_WORKFLOW=True
Note that the import workflow does not work in uwsgi because of
some fundamental restrictions it has. Thus, devstack must be configured
with WSGI_MODE=mod_wsgi, otherwise glance will not be able to process
the imports. The new helper function will abort to avoid in that case
to avoid the image never being moved to "active" state by an import
task that will never be executed.
Co-Authored-By: Abhishek Kekane <akekane@redhat.com>
Co-Authored-By: Dan Smith <dansmith@redhat.com>
Needed-By: https://review.opendev.org/#/c/734184
Change-Id: I1306fe816b7a3eca1e2312c0c454be3d81118eca
Replace legacy-tempest-dsvm-lvm-multibackend with its native version,
cinder-tempest-lvm-multibackend.
Remove legacy-tempest-dsvm-neutron-dvr-multinode-full, which was defined
as an experimental job in neutron and removed during the ussuri lifecycle.
See https://review.opendev.org/#/c/693630/
Change-Id: I76d1efaa3a6c1fe9825e8457438f514114b2ecad
The old peakmem_tracker service has been disabled in [0], now enable
the replacement memory_tracker.
Also fail when the old service is still configured, otherwise
consumers might never notice.
Depends-On: https://review.opendev.org/739995
Change-Id: I583caf3f36a8ff41d7d4106dabc6c5f24243085e
Starting up n-api-metadata service on every compute nodes does
not solve the problem of isolated networks (no route to metadata
service). It all depends on how 'enable_isolated_metadata' and
related options (e.g. force_metadata) are set in dhcp agent and
what is configured for the 'nova_metadata_host' option of q-meta
service. Having a global n-api-metadata service in the control
node is sufficient for a mult-node lab setup.
Besides, the n-api-metadata services on compute nodes are not
really working due to https://bugs.launchpad.net/nova/+bug/1815082
Change-Id: Ib8691c3eeee59758fbd98989d9460f1458ea422f
Related-Bug: 1815082
This reverts commit f6286cb586.
This patch is blocking glance as it needs mod_wsgi to perform new import workflow.
Change-Id: I4475247dfe986114d37678b3d3d552c0c7d02ddc
Recent regression spotted by Dmitry Tantsur.
DevStack dropped Py2 support but the now-unused-in-devstack
python3_enable got its result nastily inversed.
Change-Id: I4b37cc847a24705c4955cec2e6e45f0514705f1b
The non-voting flag was accidentally dropped in [0].
[0] Ib4416dc2f5e003fd770f5240a8f78213c56af8e6
Change-Id: If9519f1ac9afd66553e1c1410fdc16369f166b98
No targetcli package on Ubuntu Focal, it should use targetcli-fb also
when "$CINDER_ISCSI_HELPER" == "lioadm".
Although Xenial only has targetcli, but Xenial is dropped from CI. And
starting from bionic, Ubuntu uses targetcli-fb to replace targetcli. So
here we can use is_ubuntu to make ubuntu use targetcli-fb.
Change-Id: I6d35b6651d486e716980dcd9f4d693bed560463a
This option sets enable_v1_api in glance-api.conf, a setting that
was removed by change Ia086230cc8c92f7b7dfd5b001923110d5bc55d4d
in July 2018, so remove the devstack option from lib/glance.
It occurs in two other places:
This option is used in lib/cinder to set an option that was removed
from Cinder by change Ice379db9ae83420bacf9e96e242c7515930eae86 in
Queens, so remove the related code.
When this option is False, it is used in lib/tempest to set
[image-feature-enabled]/api_v1 to False in the tempest config file.
However, the default value of ths setting has been False since
change Iab3a209c744375bf2618afc00a3f7731b62f557e in Sept 2018,
so remove the related code.
Change-Id: I4b18a0a388ed7e7a392fabeac613778e0d23dee7
Those historic references to port 5000 and 35357 aren't being used
anymore for some time, so let us drop them.
Clean up some python2/3 wording along the way.
No longer mention Identity API v2, which is also a thing of the past.
Change-Id: Iafff097eee082f24ea2ae27ad038ad115aa36c61
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.
Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
This commit adds the focal nodeset for
multinode so that those can be used for
projects side jobs or testing.
We need to define these as first step to avoid
any conflict on nodeset name if project started
defining these.
Example: three node focal nodeset is already
defined in x/tobiko, fixing the same in depends on.
-I30a6bb63269f031a74f9bff6c765d59d91088797
Depends-On: https://review.opendev.org/#/c/738128/
Change-Id: I5ce49f7a7d52d00555c14b08864bc8975956b20c
Story: #2007865
Task: #40212
Some arping versions only accept an integer number for the
"deadline" (-w) parameter.
Change-Id: Ie21c9b5820262d049c0fcd8147d85cc110d88272
Closes-Bug: #1885169
Dragonflow was retired in 2018 and is now being retired. This removes a
documentation reference to it.
Change-Id: I24ab79482306a7c816b5242a981f1b508ff8f6ec
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
We haven't had a working job for stretch or jessie in years, attempts
to get things fixed have been dropped, set let's be honest and drop
those from our support list.
Change-Id: Ia6152be79f8044f7ff039ec0911ad4938d6271f4
- Add a nodeset and a platform job
- Drop uwsgi-py2 pkg that no longer exists
- Blacklist tests that are currently failing
Change-Id: Ib4416dc2f5e003fd770f5240a8f78213c56af8e6
Focal only provides a pip3 binary, no pip3.8. Instead of working around
that with a symlink, use the module instead.
Add version information output for this variant.
Change-Id: I7af194ecc40e4d43c10ce067a661bb6ab4ca37d4
process-stackviz role currently defined in Tempest repo[1] and used
in tempest jobs. Issue with having it in branchless Tempest is that any
fix in that role cannot be backported to older Tempest. Also stackviz is
not Tempest things it is only used by Tempest jobs.
Stackviz can be considered as a service similar to Tempest so inatlling it in
Devstack side make sense. Also that will give us advantage to handle the
branch specific fixes or backpoting the fixes.
This can solve the current issues we are facing on rocky branch
- https://zuul.opendev.org/t/openstack/build/c1e2da80537448bfb24331fb4198a931/console#4/0/29/controller
[1] https://opendev.org/openstack/tempest/src/branch/master/roles/process-stackviz
Change-Id: I0ba1fd05c6391cd8bb978119ecfbb891def2d497
During the Victoria cycle we plan to switch default Neutron backend in
Devstack from OVS to OVN.
As first step before we will start discussion about this change with
whole community, we want to add tempest ovn based neutron job to
the devstack check queue so that we can keep verifying that with
devstack changes.
Change-Id: I8484baa7398b28ed5ef62f86b55022c7d8703f56
Glance has deprecated registry serivce for long and now efforts are placed to
remove the registry code from the glance repo.
To avoid regression on other projects, gate jobs etc. removing
configuring registry service from the devstack.
Change-Id: I6a7be6bdc97acc43c8e985060aeea05d92642e80
Neutron-fwaas is going to be deprecated in master branch with [1].
[1] https://review.opendev.org/#/c/735828/
Change-Id: I513ef36e681fc3f9e5aa9f81c9aedba716366729
Building uwsgi from source was a workaround that was introduced a long
time ago, it doesn't seem like it is needed anymore and will actually
fail for Ubuntu 20.04.
Also it doesn't match what will happen for most real-world
installations, so let's try to get back to using distro packages. We'll
still use the source install for RHEL/Centos, it remains to be tested
whether we can get back to using distro versions there, too.
Change-Id: I82f539bfa533349293dd5a8ce309c9cc0ffb0393
uwsgi broke installation from source with their latest release [0].
Since we want to move away from source installation anyway, make
grenade based jobs non-voting for the moment so that we can backport
[1] properly.
[0] https://bugs.launchpad.net/bugs/1883468
[1] https://review.opendev.org/577955
Related-Bug: 1883468
Change-Id: I8e47bb7c70031a4df7f1af6b811df4c6cc784b2a
Tempest option scenario.img_dir has been deprecated more than 4 years, it's
time to remove it from devstack.
img_file option should contain the full path to the image.
This patch removes setting of img_dir option and makes img_file
one contain the full path of an image.
Change-Id: I71102095f3603915f0bc7d21f2e18c4eac4e95ec
Depends-On: https://review.opendev.org/#/c/710996/
Related-Bug: #1393881
The FLOATING_RANGE variable should specify the network address of the
used prefix for clarity.
Change-Id: I547bd42d8bdc5f0f2001d47f2d5b43729773b1bc
Closes-Bug: 1870204
This is already unconditionally installed via install_apache_uwsgi in
stack.sh; we don't need to install it again in keystone. Since we
need workarounds on some platforms (see
I3bc5260e77cebe852cc8d70d9eddf84ef71d74bb) we only want to do this in
one place.
Change-Id: I40d84cbdf68cf6bb5cba143b6c0c126cdb8a84d4
All these uwsgi invocations assume that the uwsgi binary is in the
same directory as their project binaries are installed into (probably
/usr/bin). That may not be correct -- for example if using a packaged
uwsgi on Fedora the binary will live in /usr/sbin/uwsgi (not /usr/bin
where the project files from pip are).
Switch invocations to just find it in the path.
Change-Id: I298e3374e9c84e209ffcabbaaacda17f8df19f4f
Centos 7 is no longer supported, replace with Centos 8. Also Debian
hasn't been working for some time and progress in fixing it has stalled,
so drop it for now.
Change-Id: Ic1513b20f296978bca095c7aa79f022d7d9ab7ac
Closes-Bug: 1881183
This option was deprecated in Ussuri [1] as nova no longer provided any
schedulers aside from the filter scheduler and the existence of
third-party schedulers was very unlikely. Stop configuring this and
simply use the default.
[1] https://review.opendev.org/#/c/707225/
Change-Id: Iabdd1d00e00ee269334f0fe0db265a97207e2dc6
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We need an appropriate auth_uri for s3token to be able to contact
Keystone.
Since tempauth is always enabled, we want to delay the auth decision
until after tempauth has had a chance to try.
Change-Id: Ie4ff33a617b9dc74d51d037ec8ebd0d9787dd76d
For a long time, swift3 recommended a pipeline like
... swift3 s3token authtoken keystoneauth ...
This led to inefficiencies where the proxy would first contact Keystone
to validate the S3 signature and issue a token, then contact Keystone
*again* to validate the token ID that was just issued.
After s3token moved into the swift3 repo, it was improved to be able
to put all of the headers into the WSGI environment that Swift's
keystoneauth middleware expected and the recommended pipeline was
changed to something like
... authtoken s3api s3token keystoneauth ...
At the time, the old order would still work, it would just be less
efficient. When support was added for Keystone v3, however, the new
order became mandatory.
All of that happened before swift3 moved back into Swift as s3api, but
the pipeline placement problems are the same: Keystone users won't be
able to use the S3 api with the current order.
Change-Id: Id0659f109cc2fc12ddb371df0b26812ba8c442d9
Related-Change: I21e38884a2aefbb94b76c76deccd815f01db7362
Related-Change: Ic9af387b9192f285f0f486e7171eefb23968007e
The bug has been fixed since a while, also in recent distributions,
for example Ubuntu 20.04, the sgabios.bin ROM is provided directly
by qemu-system-data as an actual file under /usr/share/qemu and
it conflicts with the one provided by sgabios, so removing the
workaround is actually needed to prevent failures.
Change-Id: Ib5f23dbd8839a0927418692054f4ed4abd76babc
Switch to openstackdocstheme 2.2.1 version. Using
this version will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
Set openstackdocs_auto_version to not auto-version the documents.
Set openstackdocs_auto_name to use 'project' as name.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I26887b175b9c1ced7347289b7d5d4f57a20ec36a
tmpfs exhaustion has long been suspected as the root issue behind
failures to load ssh keys and other metadata from local config drives as
documented in bug #1808010. This can also lead to failures fetching
metadata from n-metadata-api leaving Tempest unable to SSH into
instances.
This change increases the RAM of the m1.nano and m1.micro flavors by
64MB to hopefully avoid these errors going forward. This is also ahead
of our eventual upgrade to Cirros 0.5.0 where 128MB becomes a
requirement.
Related-Bug: #1808010
Change-Id: I4b597579cf89939955d3c110c0bd58ca05de61f0
Disable insecure option for glance_store with
swift backend when tls is enabled.
Specify swift_store_cacert option.
Change-Id: Ia1e8f596c95dd7b6e63cb21a94c8316dc71bf945
Follow the pattern of the other configuration keys. The new variables
allows tests to enable/disable volume revert tests provided
by cinder-tempest-plugin.
Revert-to-snapshot was introduced in pike, and so the tests.
Change-Id: If137f201c2f646703f5a1ff96e71e48caed63b67
Ubuntu Focal doesn't have python-pip, only python3-pip. Trying to
uninstall a package that apt doesn't know about (installed or
uninstalled) results in a nonzero exit code so devstack fails. This
patch makes the package removal safer for both python2 and python3 cases
by checking first if the package exists.
Change-Id: I3b1118888cb0617ffb99b72c7e9a32308033783e
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove obsolete section from setup.cfg
- Use newer openstackdocstheme and Sphinx version for python 3
- Remove install_command from tox.ini, the default is fine
- Move basepython into testenv
- Update bashate version
Change-Id: I3d78b3787af2efce831d223dbcab6cf84c358028
The integrated gate template (integrated-gate-py3) has been switched
to the new grenade name (grenade-py3 -> grenade). This repo uses the
template but also has for irrelevant files an extra entry.
Rename the job following the template change to avoid duplicate
grenade runs.
Details:
- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014602.html
Depends-On: https://review.opendev.org/725148
Change-Id: I73e67c0e01ca231678903b2460dab672f17251e3
We no longer support platforms with Yum on master. Cleanup old
references and convert to dnf.
We don't need any of the failure wrapper stuff as dnf runs in strict
mode by default.
There seem to be a few callers out there, so we'll leave it called
yum_install for now.
Change-Id: Ie71a48fd85b00a97a14bf260cd013b18af4cce06
This package isn't available on some distributions hasn't been
required in Neutron for several years
If679e79fa3242ee1cd8610b5525deca35b41c87e. Remove it.
Change-Id: I7308a885c1d084efe2f0b9f542443d35966140ed
The paths for the devstack source directories are currently hardcoded,
this patch allows overriding that list.
Change-Id: I2b673b0d110d84658b89bb14663584330deaf3aa
With the removal of CentOS 7, we can re-evaluate the rpm
installations.
We should not need virtualenv after https://review.opendev.org/712609
There should be no need for python-devel as we're python3
pyOpenSSL was added to workaround memory issues in
9e98f9435e (2015) ... I think we've
moved on.
pyxattr is not a package; remove it.
I don't see we need packaged m2crypto, which isn't a package on CentOS
8. nor libxml2-python; these days it has wheels which should work
with the normal installation process.
centos8 has:
* targetcli
* pcp-system-tools (and no dstat)
* iptables-services
* java-1.8.0-openjdk-headless
* kernel-modules
* rsync-daemon
just as all supported fedora's do, so we can remove any matching here.
Change-Id: I542c426a67a98f331d2a29bacd220af81fab8cc4
We have lib/databases/mysql which is installing databases, remove it
from the bulk package lists.
Split is_fedora (fedora & centos8 -- soon) to install mariadb-server
and mariadb-devel to retain status-quo.
On suse this seems to be a meta-package
'mariadb-server' not found in package names. Trying capabilities.
so split that out. It seems it has never been installing the -devel
package, and things work (presumably clients are coming from wheels so
don't need to build against it).
Change-Id: I86433318e8f76c40c5c792b795411a5c9d8351d3
We do not support CentOS 7 on master branch due to no Python 3 or
ongoing eco-system (i.e. RDO) support; see
Id9ef507dd6f4226d65c6ed3043666b0aa6a3bd1c.
Change-Id: If98581708568e7a8d15e6edc588a008df0cac0fb
This includes the addition of the python3-virtualenv package required to
provide the virtualenv binary that is no longer present in the image.
Change-Id: Ie8e66d8b9f93063b97f88f41a626daddf235339b
Using venv, which is part of python3, we avoid an extra dependency on
the virtualenv package. For Debuntu, which splits this out into a
separate package, add this to debs/general.
This is part of the infra efforts to ship "plain" nodes without any
dependencies installed. While devstack can re-install virtualenv, we
don't need any features it provides and it means one less dependency.
Change-Id: I3c323640f288e57581a4eb8adba2a08d0b0cbd8f
There's a bug[1] with the combination of the p11-kit and
ca-certificates-mozilla packages available on the latest built
opensuse-15 node in nodepool (which has not been rebuilt for weeks due
to a separate issue[2]) which causes the standard CA bundle to not be
installed correctly and causes jobs that call to external HTTPS services
to fail. Upgrading both packages in sync fixes the issue.
[1] https://bugzilla.suse.com/show_bug.cgi?id=1154871
[2] http://bugzilla.suse.com/show_bug.cgi?id=1166139
Change-Id: Ia8fdfe12fd9089e178adcb2b5eec997eebada262
Needed-by: https://review.opendev.org/713566
When stacking outside of Zuul CI the wheels have to be built locally and
python3-dev package is required.
Story: 2007491
Task: 39213
Change-Id: I0960269d5cf193c9ececc5490485522c74646382
This first came in with Id749c37ab7fefa96b35f11816b56b9def5ef4b08. It
talks about ancient versions of pip; can't see we need it any more.
Change-Id: I9d4831955070990a81a809d988612d9d5b1aa672
Recent change to devstack dropped installing test-requirements [1]
However, this caused gate failures due to lack of glance-store
deps for cinder and swift support.
This patch makes devstack install relevant extras depending on
enabled features.
Additionally, relevant functions are added/fixed to make this
possible.
glance-store = glance_store (for gerrit search match)
[1] https://review.opendev.org/715469
Change-Id: I0bf5792a6058b52936115b515ea8360f6264a7c9
Swift keeps testing py2 but we should keep both in shape.
To fix stestr on py2:
Depends-on: https://review.opendev.org/715942
Change-Id: I616e39c64e22d467d7186dba98226cc5beef23ea
This is a test of installing openstack and then seeing if it works.
OpenStack components do not need test-requirements to operate,
that's why they are test-requirements.
Additionally, as we look forward to depsolver pip, this is going
to screw us because we don't apply constraints to linters, which
are expressed in - you guessed it, test-requirements.
Change-Id: I8f24b839bf42e2fb9803dc7df3a30ae20cf264eb
This reverts commit 79b8e79488.
This is breaking things in various jobs, most notably because
we do not put constraints on linters - but we install
test-requirements which then can conflict with each other.
Change-Id: Ibc5603c61b38ce44db58fb27a27352f59123ad09
The new pip depsolver is coming this summer. Until it's ready,
run pip check at the end of devstack to make sure we're not
somehow installing conflicting package versions. We shouldn't
be, because of constraints, but if we are, better to know and
start figuring it out.
Change-Id: Id98f0848ff5a252d93e5f8029df2d069924d603f
The function was using a hard coded value of localhost:11211 when
we have an option MEMCACHE_SERVERS that can be defined and used
inside DevStack.
Change-Id: I4947928fe406a9844d5bdaa3c826d273952fa097
DEVSTACK_GATE_FEATURE_MATRIX seems to be an old legacy thing that
is no longer being used. It currently prevents using the jobs in
openstack/devstack without adding openstack/devstack-gate for the
role.
Change-Id: Iab9b4862c01043d2c158398bac4b3b289a0adba0
tempest-multinode-full is py2 job and not needed to
run on ussuri onwards. Chaning this to its py3
version tempest-multinode-full-py3
Change-Id: Iff271eabcf1a39d6bf6c1fcd55ff2749cab2373f
The networking-ovn code is being moved into the neutron repository as
part of the effort [0].
This change is needed so we are able to install OVN from packages
when running the networking-ovn functional tests along with
the Neutron ones (see [1]). In the old networking-ovn repository we did
compile OVN from source instead of installing it from packages but
that took time. We want to do better in the Neutron repository.
[0] https://blueprints.launchpad.net/neutron/+spec/neutron-ovn-merge
[1] https://review.opendev.org/#/c/697440/
Change-Id: I92ab727d9954eb729c41b9a67ecb60b56883097b
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
From Train release Glance has added support [0][1] to configure multiple stores
of same or different types. This patch enables developers to configure
multiple file stores for glance. In order to configure multiple file stores
user need to set below options in local.conf
GLANCE_ENABLE_MULTIPLE_STORES=True/False
To enable multiple stores of glance.
GLANCE_MULTIPLE_FILE_STORES=veryfast,fast,cheap,verycheap,slow,veryslow
Comma separated list of store identifiers.
GLANCE_DEFAULT_BACKEND=fast
Default glance store in which image should be stored if store identifier not
specified explicilty. Should be one of the store identifier from
GLANCE_MULTIPLE_FILE_STORES config option.
NOTE: This support is added so that we can start adding tempest/CI tests for
glance multiple stores.
[0] 515412b59f5b3af07a1787b9f8e85a4d656d3e1c
[1] https://docs.openstack.org/glance/train/admin/multistores.html
Change-Id: I494f77555cfe9115356ce0ee75c7d7f192141447
Building on I5c3e1b7b632fd73310c462530990cdb0e0c0ceea we can now add a
Fedora job using the virt-preview repo that will be used by Nova's
experimental queue.
Change-Id: Iad9d64912bb07f307e4897ece1621f275f1d5211
'str' type in python2 is 'bytes' type in python3,
when use python3, we will get a prefix 'b':
sudo ip netns exec b'qrouter-39cc2b45-a27c-49c5-94a6-26443a49ac63' ip
neigh
--------------------------------------------------------------------------
*** Failed to run 'sudo ip netns exec
b'qrouter-39cc2b45-a27c-49c5-94a6-26443a49ac63' ip neigh': Command 'sudo
ip netns exec b'qrouter-39cc2b45-a27c-49c5-94a6-26443a49ac63' ip neigh'
returned non-zero exit status 1.
The message above is raised by running tools/worlddump.py with python3.
Change-Id: Ic254af86fa27729839f00c0ad4a5bbbc9e545a09
With fedora-latest now using Fedora 30 images and Fedora 29 itself EOL
we can now remove support for it from devstack. This change also cleans
up references to earlier Fedora releases under files/rpms/.
Change-Id: I24332f7016ebb549ea678acf677c477b55ec4d4b
With the open-iscsi rebase we should now be able to move the
fedora-latest job to fedora 30 ahead of the removal of support for 29.
Change-Id: Ia80f03f275e595d3b26b52b3478f303036d59438
I2f16658c5a3e22cac70912a0f3ad65cdd7071a1e worked around an open-iscsi
bug that remains unpatched in Fedora 30 and 31 by using a private copr
repo with the patch applied. Rawhide has finally been rebased to 2.1.0
where this issue and many others have been resolved.
We can now use a new repo that has been built for Fedora 30 and 31 that
provides this rebased package that we can either use until the rebase is
backported to 31 and 30 or 32 is supported.
Change-Id: I5ba5885bd9c784949602aeb4ddff9d75fecc6b3d
With the recent switch to py3 we need to ensure python3-devel is
installed on Fedora >= 29 before pip installing any dependencies.
Change-Id: I21417687db5b3827c5272ed22f6dc95db13f2870
The GRANT command in mysql8 can no longer create a user implicitly.
Split that part into a dedicated CREATE USER command.
Also drop disabling the query_cache, it is off by default for some time
and the option got removed in mysql8.
Change-Id: I31bcc285ff8e373abbacb303c1269857c9cfa9ed
After Python 2 is getting unsupported, new distros
like CentOS 8 and RHEL8 have stopped providing 'python'
package forcing user to decide which alternative to
use by installing 'python2' or 'python3.x' package
and then setting python alternative.
This change is intended to make using python3 command as
much as possible and use it as default 'python' alternative
where needed.
The final goals motivating this change are:
- stop using python2 as much as possible
- help adding support for CentOS 8 and RHEL8
Change-Id: I1e90db987c0bfa6206c211e066be03ea8738ad3f
Set default python3 version as 3 for cases python3
is not installed before running DevStack.
Implements installation of required python3x package
for RedHat family distros with package name depending on
configurable ${PYTHON3_VERSION}. Examples:
3 => python3 python3-devel (default one)
3.6 => python36 python36-devel
3.7 => python37 python37-devel
This should help in situations where there are more
than one python available for given platform and
DevStack is asked to pick one by its full 3.x version
Change-Id: I49d86bc9193165e0a41e8e8720be37d81a4e7ee0
We have dropped the tempest-full from
Tempest gate and made this to run on py2
explicitly which is nothing but for stable gates.
- I75868d5c9b6630fe78958ff89e58a0aced09a6b3
This job is not supposed to run on ussuri onwards master
gate as everything will be python3-only.
Change-Id: I372bde6a1753884efaf15da5fab48f1bddb4dab5
We are hitting this error:
+ tools/fixup_stuff.sh:fixup_ubuntu:82 :
sudo rm -f /usr/lib/python3/dist-packages/httplib2-0.11.3.egg-info
rm: cannot remove
'/usr/lib/python3/dist-packages/httplib2-0.11.3.egg-info': Is a directory
This patch adds the -r option to allow removing folders.
Change-Id: Ib7bb8b0a3dcf747bcc06da1a2fb17fa9d8808484
When starting 'memory_peak' service is using python command instead of
python3, while psutil (required package) is most probably being
installed into the python3 environment (as we are dropping python2.7
support).
Closes-Bug: #1860753
Change-Id: Ia2b7e2e33d784560443131e2965f520b361a54e3
TEMPEST_BRANCH which is mostly set as master so
that Tempest master is run to test the env. With
stable branch going to EM state and Tempest master
might not work due to incompatibility of code or
requirements. In that case we pin the Tempest so that
older Tempest can be used for their testing.
Till now for ocata, pike and, queens we used the gerrit style
ref to pin the Tempest which is not preferred way. We should be
able to use the tag name on TEMPEST_BRANCH.
This commit explicitly checkout the tag set in TEMPEST_BRANCH
as git_clone does not checkout the tag directly until RECLONE
is true or tempest dir does not exist.
After this stable branch or job can set the tag directly with name.
For exmaple: TEMPEST_BRANCH=23.0.0.
Change-Id: Ic777e4b56c4932dde135ac909cb5c6f4a7d5cc78
Work on the new neutron scripts has stalled and they aren't in a useable
state yet. Given the ongoing decline in contributions, let us
acknowledge this and undeprecate the neutron-legacy scripts so that
people can continue to use them without feeling guilty about it.
Change-Id: I4bce19da861abf18ddb89d82fd312c5e49a4ee7c
The virt-preview repo provides the latest rawhide versions of QEMU,
Libvirt and other virt tools for older releases of Fedora. This repo is
extremely useful when testing features in OpenStack that rely on these
latest builds well in advance of them landing in full Fedora, CentOS or
RHEL releases.
This change adds a ``ENABLE_FEDORA_VIRT_PREVIEW_REPO`` configurable
to control when this repo is enabled and used when deploying on Fedora.
Change-Id: I5c3e1b7b632fd73310c462530990cdb0e0c0ceea
'tools/mlock_report.py' script requires 'psutil' package to be
installed. This ensures it is done before memory_peak service is
started.
Partial-Bug: #1860753
Change-Id: I7b2b6eaf9856c6057e1a4a0054d15074150a6cb6
The hack has be around for pip 1.4.1 and older. It should be safe to
remove it by now. In fact it causes problems in my Ubutu Bionic VM when
trying to overwrite httplib2 library installed from the distro package.
Change-Id: I34b826f4e8f10f8d44b888120f19fcc7ba501b3d
[1] stopped installing pip for py2 when py3 is being used.
This patch makes sure we check only for py3 pip then.
Also removed some no-longer-relevant comment and
made uninstall behave the same.
Check for pip>=6 removed too.
See also [2].
[1] 279a7589b0
[2] http://lists.openstack.org/pipermail/openstack-discuss/2020-January/012182.html
Change-Id: I36ee53e57e468d760b80a7e621b90899867a8efd
We dropped the ability to override USE_SYSTEMD to False when we deleted
screen support in [0], so we can also clean up any conditionals based
on it.
Also clean up the logging setup functions, dropping local vars for
parameters that we don't actually support anymore.
[0] I8c27182f60b0f5310b3a8bf5feb02beb7ffbb26a
Change-Id: I5cbce9f2c42e111761e8689447b3f8cbb7ea2eb5
The Sheepdog project has been defunct for awhile now, and the Sheepdog
driver and os-brick connector is now being removed from Cinder. This
cleans up plugin references for the driver.
Change-Id: Ieb2d9cf653b2d3a4af30cab26b8428a7c7edff98
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The proposal job to update the plugin list has been failing for a long
time as it gets a 500 error from gitea on the openstack/openstack
repo. This is an odd "superrepo" with all projects as submodules;
thus openstack/openstack/devstack is actually a project, not the
directory with a plugin in it.
Skip this repo (gitea shouldn't return a 500, but that's another
thing...)
Regenerate the list manually for this run.
Change-Id: I6ed65bcb720d4cb10702cbf66106120e001ec35f
Some distros do not install python3/python3-devel with the minimal
install. F29 doesn't install -devel, and neither Centos 7 or 8
install either. This patch ensures that these packages get installed.
Ideally, PYTHON3_VERSION would be set *after* ensuring that python3
was installed, but it gets a little tricky with all of the includes.
This sets it to 3.6 as nothing uses 3.5 anymore.
Change-Id: I7bdfc408b7c18273639ec26eade475856ac43593
Need to make PyYAML overridable on Ubuntu, it is a dependency for e.g.
cloud-init, so we cannot remove it.
Depends-On: https://review.opendev.org/703792
Change-Id: I4423dfb2c30299903b52a2bb06d846dd487f5b8b
nova-live-migration is legacy job and and rely on
devstack-gate + devstack setting so any change in devstack can
break it. Example bug: 1860021
We can remove this job once it is migrated to zuulv3 native.
Change-Id: Ie34d4dc1ab30ced8161796fe32628db07de86cc9
Related-bug: #1860021
In same cases, the hypervisor presents to the guest OS a named CPU model
is similar to the host CPU and adds extra features to approximate the
host model. However, this does not guarantee all features will be
precisely match.
This patch adds LIBVIRT_CPU_MODE to allow users to define the CPU mode
they want to use, for example "host-passthrough".
Change-Id: I83792c776b50d1d22584be2a37cc6a166f09c72b
This reverts commit d8dec362ba. This has
knock on effects for devstack-gate, which configures g-api on subnodes
node but not mysql, resulting in failures. A longer term fix would be to
either a) stop configuring g-api on subnodes if we can determine it's
not necessary or b) only configure the database if on the main node.
However, both options are subject to debate so for now just unclog the
gate.
Change-Id: I58baa3b6c63c648836ae8152c2d6d7ceff11a388
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Closes-bug: #1860021
This reverts commit d7dfcdb467. A
subsquent change that depends on this,
d8dec362ba, has knock on effects for
devstack-gate and needs to be reverted. Revert this first.
Change-Id: Ic5402f57052648e10eacf3c3de67d2cdd2d42f63
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Partial-bug: #1860021
Everything in OpenStack *must* be Python 3 supporting now, which means
it's time to remove the functionality that allows us to blacklist
packages that didn't support Python 3.
Change-Id: I7c8cf538ec88bd4056b0109f19671e3d65f5da3a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Since [1] Glance init depends on either g-api or g-reg being
enabled.
This broke multinode g-api deployments with singlenode database
backend.
This commit aligns Glance with other services w.r.t when to
apply database init.
[1] d8dec362ba
Change-Id: Idc07764d6ba3a828f19691f56c73cbe9179c2673
Closes-bug: #1860021
This has now been removed and even prior to removal defaulted to True.
Change-Id: I847a873d833a4dbee96afa1d2726fea2b8045eeb
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This option has default to the 'NoopFirewallDriver' for some time and
will soon be removed. Stop configuring it entirely.
Change-Id: I4dbc0015cf26d7edf51d0d5fd978ccd3a1ad1b79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Currently VMs created by a previous DevStack run still exists even
after re-run stack.sh. This leads to a failure in launching a VM after
the second run of stack.sh. We need to check the reason of the failure
by nova compute log and clean up remaining VMs. It is annoying.
IIRC we cleaned up existing VMs. While I failed to identify which commit
changed this behavior, I believe it is worth recovering it.
This commit changes unstack.sh to call cleanup_nova. cleanup_cinder()
already cleans up LVM volumes and some of them may be used by VMs,
so I believe it is reasonable to clean up VMs in unstack.sh.
Change-Id: I9fcbc5105e443037fada1ef6a76a078145964256
This change removes the .gz extension from the
service and syslog logs exported via journalctl.
This change nolonger gzip compresses the exported
logs so that they can be rendered in the browser
directly when served from swift.
Change-Id: I4557a737cb13b9c2406056be08ab8a32ddd45162
This was added in 2012 with I89677fd54635e82b10ab674ddeb9ffb3f1a755f0,
but I can not see it being used anywhere currently.
It's use of virtualenv's has become problematic in a python2
deprecated world, but since it is not used, remove it to avoid further
confusion.
Change-Id: I65d44d24f449436ca6229928eee2c5a021793055
Just calling "virtualenv" makes a Python 2 based environment;
setuptools just dropped Python 2 support (as Python 2 reached EOL in
Jan 2020) so this has now become a breakage.
Although the Python 2 path won't work, use the abstracted command.
This should stop us having to revisit this for any future cleanups (or
switing to venv, etc).
Change-Id: I531e971b78491a9276753c0d86b04c4adbd224aa
In Train, the access rules API was introduced in keystone. This change
enables testing it in tempest.
Depends-on: https://review.opendev.org/699519
Change-Id: I2af21868cbf584a6881c6208bc2afc3bdb323ab9
lib/tempest uses 'tempest-account-generator'
which is deprecated 4 years back.
In addition to above, lib/tempest also uses
'os-tenant-name' which is also deprecated.
Use of 'tempest account-generator' and
'os-project-name' should be done now.
Signed-off by: Soniya Vyas<svyas@redhat.com>
Change-Id: I624e1dc57a3d3533322fb298c01f70241d0400ed
Tempest's service_availability config option includes all the service
availability which is further used by tests to take decision of skip
or run the test.
For example, [service_availability].nova is true then, compute test will run
or if [service_availability].aodh is false then, all aodh related tests either
in aodh tempest plugin or any other plugins will be skipped.
Now question is what is the best way to set the each service availability for
tempest or tempest plugins tests. We have 2 category of service here-
1. Service tested by Tempest (nova, cinder, keystone, glance, swift, neutron)
(let's say type1 service)
2. Services tested by Tempest plugins (all other than above list)
(let's say type2 service)
We need the standard way to set both type of service so that we can maintain
the setting of service_availability config options in consistent way.
As discussed on bug#1743688/ and review https://review.openstack.org/#/c/536723/,
we will use devstack lib/tempest to set the type1 service which is services test
owned by Tempest and type2 service setting will be done by devstack plugins of
those service.
For example - [service_availability].ironic will be set by ironic's devstack plugin.
because that is best place we know ironic is installed and available.
To do that we need:
1. Add setting of [service_availability].* in devstack plugins
2. Remove setting of type2 service from devstack lib/tempest
This commit does the second part and all depends-on patches handle the first part.
Related-Bug: #1743688
Change-Id: If3aec9fd1c61e2bb53233be437b97b811dc82414
This package provides dhcp_release tool but in files/debs/neutron-common
it was listed to be installed only on Ubuntu Precise.
The same file is also in Nova's packages but there is no restriction to
Ubuntu Precise only there.
So on all Neutron jobs it was fine but on Ironic's job where Nova
wasn't enabled, this package was not installed and caused problems
in Neutron DHCP agent.
Change-Id: Idd0711cfe6d43f21754a2f0c230cd094ea33cb27
Closes-Bug: #1855910
We've seen jobs where tests fail due to what appears to be rng
starvation. Enable virtio rng device to try and alleviate this.
Change-Id: I70d800cdc45b6008f775110f22c0000736421529
input() should work on both python versions for what we need. I
understand the concern about eval() on python2 but, in the case it's
used we should be fine, plus, python2 is being removed from OpenStack
projects.
Change-Id: I86a7c31374986f81132bc4f49aee0a76b90e6553
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This variable can be now set in Devstack's config file and in
such case Devstack will not set it automatically to value most
likely correct for the distro.
By default this value is empty string and in such case Devstack
will work in exactly same way as it was before this patch and
will determine automatically what name should be used there.
In addition in case of Ubuntu package $MYSQL_SERVICE_NAME-server
will be now installed instead of mysql-server always.
This will allow to easy configure e.g. CI job which will run using
Mariadb instead of Mysql on Ubuntu.
Change-Id: I25af0b54ad235b08c6c399b4125c737acf57ee2e
This will avoid the creation of an unneeded file in the "tempest"
repository directory.
TrivialFix
Change-Id: Id3f46b3537cd3232cb29c42808bde44c667565f1
With the goals of Ussuri being Python 3.6 [1], the python 3.5
environment on Xenial is too old. Remove testing and the most obvious
bits of support from devstack.
Also drop claimed support for artful, which is long EOL.
[1] https://governance.openstack.org/tc/reference/runtimes/ussuri.html
Change-Id: Iefcca99904dde76b34efbbfc0e04515dfa5a09e5
This reverts commit f99d1771ba.
Added workarounds that might want to get split into their own patch
before merging:
- Don't install python-psutil
- Don't run peakmem_tracker
Change-Id: If4fb16555e15082a4d97cffdf3cfa608a682997d
Since Stein, gate jobs have been using bionic nodes so they
are running with python 3.6, so it makes sense to also default
devstack itself to run with python3 by default.
Depends-On: https://review.opendev.org/688731
Change-Id: I52b03caee0ba700da3a15035201ea6cd91baa06b
We need to source the environment overrides before they get evaluated.
Otherwise e.g. USE_PYTHON3 is factually being ignored for some settings.
Also fix creating python3 venvs by using the "virtualenv" command for
that task.
Change-Id: I16c78a7fef80372d9a1684c3256c5b50b052ecae
This job is still running python 2.7. As we are dropping py2 support in
Ussuri cycle, lets drop this job now.
There is same job called "grenade-py3" which runs on python 3 already
and this will be now used in project's CI.
Depends-On: https://review.opendev.org/#/c/695036/
Change-Id: I5cd8e137a3ae06e49a4351629c5eb207c4e6bf1a
The centos7 job is running with python2, which is no longer supported by
nova, so we can drop it in master.
Change-Id: Id9ef507dd6f4226d65c6ed3043666b0aa6a3bd1c
With Glance defining default policies in code, it's no longer necessary
to install policy.json from the repo.
Change-Id: I9f9160f5a2bf9fd77fb3807e12de219b7a49952d
Depends-On: https://review.opendev.org/693129
In cases where global REQUIREMENTS_DIR is set, use it
instead of overwriting it. This is particularly needed
in cases where users of pip_install wrapper have the
upper-constraints.txt at another location.
Change-Id: I34e9f94548c575e1af5bca9655a3b7d1915375a8
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
Some distros no longer ship brctl, iproute2 should be used
in its place. The linuxbridge agent plugin script was still
using it, as was worlddump, which generates this warning on
a failure:
Running devstack worlddump.py
/bin/sh: 1: brctl: not found
Conditionalizing worlddump based on whether brctl is installed
to make this go away.
Change-Id: Iafbf4038bab08c261d45d117b12d4629ba32d65e
When configuring TLS between the console proxy (where the n-novnc
service runs) and the compute host, some configuration for QEMU needs
to be done on the compute host. The existing code for this requires the
n-novnc service to be running, which it is in a single node all-in-one
deployment. However, when running in a multinode deployment, the
n-novnc service runs only on the controller and not on the subnode.
Yet, we need to configure QEMU on the subnode compute host as well.
This removes the n-novnc service requirement to enable TLS QEMU
configuration to occur on a compute subnode in a multinode deployment.
Closes-Bug: #1849418
Change-Id: I8b6970e91ad7f52ff489cb9f776ca216d8f86aa4
Based on resolution [1], there's no clear indication that next
steps involve the removal of the DB from Devstack or from the gate.
[1] I332cef8ec4539520adcf37c6d2ea11488289fcfd
This reverts commit d9aaae95f2.
Change-Id: I8410d65c0e0b24035aa035fac7560a686d53ec50
This reverts commit 168ca7f0a4.
Removing postgresql support from devstack was unnecessary
since it's not broken and not causing maintenance issues
as far as I know. The commit being reverted said that pg
support was deprecated in Pike but nothing in the docs or
commit message refer to official deprecation of postgres
support in devstack or openstack in general. Not to mention
that there are still postgres-based jobs that will no
longer work *and* the notification to the mailing list about
doing this happened *after* it was already done [1] leaving
stakeholders with no time to reply.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010196.html
Change-Id: Ie7036d37d79e6aba462b7c97f917e2e7aed108f9
This only applies to the LVM driver (when using
thick provisioning), and doesn't have any effect on
other backends like NFS, so only write the conf entry
for LVM.
Change-Id: I722ba2fa0010d9887ed9b7fdd9e050cd4694768e
keystone v3 is the default API version in horizon now,
so there is no need to specify it in local_settings.py explicitly.
This commit also makes minor changes in lib/horizon
_horizon_config_set().
* Do not insert a blank line after each setting.
* Use the local variable $file to specify the target file
consistently.
Change-Id: I5faea3e1f357726a256d2b48fc1afeabfead4998
The default permissions for the zuul home directory
are not the same in the various distributions.
As /home/zuul contains the sources, a 700 default may be
problematic when accessing those files, so make sure
that the executable permissions are set.
Closes-Bug: 1846251
Change-Id: Ic9769e56274d7205844b86d3b5200a6415e4acad
Since Queens [1] nova has been able to be configured with
cinder service user credentials for operating on cinder
resources without a user auth token similar to things nova
needs to do without a user auth token for working with neutron
and placement resources.
This change:
- centralizes the nova [cinder] section configuration
- adds the necessary auth configuration
Needed by: https://review.opendev.org/549130/
[1] I3c35bba43fee81baebe8261f546c1424ce3a3383
Change-Id: I5640ee431f6856853f6b00ec7ed1ea21d05117dd
openSUE Leap 15.0 and 15.1 both provide python3-six version 1.11.0.
Since version 1.12.0 was released, pip>=10 recognizes the version
difference and tries to uninstall the distro-provided version and fails.
This change adds another hack to remove the egg-info file for the six
library so that pip can manage it directly. We also have to wait to
install os-testr until after the fixup has happened since trying to
install it triggers the issue.
Change-Id: I4649abe06b5893a5251bfcdd4234abccde6ceda2
The target branch was centralized in change
I82aa19e739eeda3721bac1cb5153ad0bf2d1125a but there
are two issues, pbr and diskimage-builder are using
TARGET_BRANCH which gets changed to stable/* for
each openstack stable branch that gets created for
devstack, e.g. I861068ae1a9902cef61c52c70dda7bb42f4371a0,
but pbr and diskimage-builder don't have stable branches
so they should be using BRANCHLESS_TARGET_BRANCH i.e. master.
Change-Id: I47ac7a7e194ca6d613d0ccaebfd557346644c2df
A 500 error from gitea can occasionally show up as a project dropping
their devstack plugin (I543faced83a685d48706d004ae49800abfb89dc5).
To avoid noise in the proposal jobs, implement a small retry loop for
500 errors.
Change-Id: Ide23e4de819a2c751d887eeaa7f0b9d0437f8e2c
I forgot in I2f16658c5a3e22cac70912a0f3ad65cdd7071a1e that "is_fedora"
matches rhel/centos for historical reasons. Restrict the install to
just the Fedora platforms by checking DISTRO matches
Change-Id: Ica4a690a4f2894a03ceb8557a947ed2ea4a60e53
We need to enable accept_ra before we enable forwarding, otherwise
existing addresses and routes may get dropped until the next RA is
received, possibly causing connection errors in the meantime.
Change-Id: I1fdeede59547de896ed89222ecf121fd9e6b810d
In Fedora 29 dstat was merged with pcp-system-tools (see
https://pagure.io/fesco/issue/1956)
Work around a iscsi bug with external packages until we can get the
package fixed.
Obsolete F27
Change-Id: I2f16658c5a3e22cac70912a0f3ad65cdd7071a1e
All credit for figuring this out goes to frickler (and that was the hard
bit so thank you!). The worlddump files were not being collected because
they weren't in our log collection list. Add worlddump to this list
so that we collect these files.
One thing that makes this slightly complicated is the worlddump files
are named with a timestamp and we can't have globs in our collection
list. To address this we create a copy of the file with a -latest.txt
suffix. This gives us a deterministic file name for log collection
without using globs.
Note we do not use a symlink here because some jobs gzip their log files
(breaking symlinks) and others do not. This makes it painful to always
have a valid link. Not having a valid link can break log collection.
Hardlinks may be another option but simply making a copy is easier to
manage as you don't have to worry about links preexisting and the
dumpfiles are not that large.
Change-Id: I96ae5f5290546ad25ca434c1106c01354d2d053c
All the OpenStack projects should be able to run under Python 3 now so
the fallback installation of the Python 2 libraries should not be
needed any longer. This also avoids the problem of script files
installed by the libraries sometimes being overwritten by the Python 2
version leading to incorrect execution later, as discussed in
http://lists.openstack.org/pipermail/openstack-discuss/2019-September/009226.html
This reverts commit a2eb89417f.
Change-Id: I1cdb7e4a209872f1620be556b7278879a4b86df5
The script currently complains about multiple default security groups. This
obtains the default and uses it when creating security group rules.
Change-Id: I81e59eae5df79889ed1fb02d45af26e3a55aa0e9
This was deprecated for removal in Pike. It's probably time to drop it.
Note that the 'postgresql-devel'/'postgresql-server-dev-all' packages
are retained since some packages still include 'psycopg2' in their
general requirements.
Change-Id: I51e8354e99972757253ce259e6c03c91da24398c
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Currently if user selects the default instance type for Tempest
tests, some of resize-related tests may fail due to resize attempt
into flavor with smaller disk size. It is because there is just
simple check if flavor_ref and flavor_ref_alt (IDs) aren't the same.
To ensure resize is really possible, there shall be additional
verification introduced.
Co-Authored-By: Michał Madarasz <michal.madarasz@corp.ovh.com>
Change-Id: Iaa1bfa9cb76cbe54be658d2d70d97d99e7fb5be9
Per the referenced bug, $NOVA_CPU_CONF was previously being initialized
by copying $NOVA_CONF, thereby trashing any values already configured in
$NOVA_CPU_CONF.
With this commit, we merge the values from $NOVA_CPU_CONF in after the
copy.
Note that this makes use of the merge_config_file function, which is
defined in inc/meta-config, which wasn't being sourced from every code
path that hit start_nova_compute; so this commit also moves that import
from stack.sh to functions (next to the other imports from inc/, which
makes sense anyway).
Change-Id: Id3e2baa2221e13f512f8dcf1248e1e15b6a7597f
Closes-Bug: #1802143
We're trying to get nova to talk to ironic through openstacksdk and need
to be able to specify retry limits/intervals there. We could reuse the
existing conf options, but better to support the standard ones exposed
from keystoneauth1 via [1] and [2].
Note that these will be ignored unless you have keystoneauth1 3.15.0
(for [1]) or 3.16.0 ([1] and [2]) and are building your adapter using
ksa-derived conf options (see the Needed-By).
Needed-By: https://review.opendev.org/642899
[1] https://review.opendev.org/#/c/666287/
[2] https://review.opendev.org/#/c/672930/
Change-Id: I79c416e25d635b0ffa419640b4bd91e36f78b1ab
Use the PUBLIC_NETWORK_NAME variable instead of hardcoding
it when setting the [ml2_type_flat]/flat_networks option.
Change-Id: I8bfc37089ec90eb06ee41d85744dad0f3f734c16
Devstack's lib/cinder set the my_ip on cinder side but it
hard-code it with HOST_IP[1]. It is no issue for IPv4 env
but when you build or run the IPv6 job then this ip is left
to set with IPv6. my_ip should be set to HOST_IP or HOST_IPV6
based on SERVICE_IP_VERSION value.
As part of Train community goal 'Support IPv6-Only Deployments',
we will expand the 'devstack-tempest-ipv6' job to do IPv6-only
deployments verification so we need fix the the my_ip setting.
Closes-Bug: #1838250
Depends-On: https://review.opendev.org/#/c/677524/
[1]https://github.com/openstack/devstack/blob/6aeaceb0c4ef078d028fb6605cac2a37444097d8/lib/cinder#L231
Change-Id: I71c74e46467a5d3c1bf9c7d683f364cba7cf9d80
F28 is EOL as of 5.29.19, so change to use fedora-29
and remove it from stack.sh.
Depends-on: https://review.opendev.org/#/c/662538/
Change-Id: I5ebdb68fcd01a1e63be4b3c0735a274783aad818
Reformat overlong table into a list-table to make it easier to edit.
The change contains no wording changes besides giving titles to the
list-tables.
Fix formatting for setup-devstack-source-dirs so that the variable does
not get displayed with a grey bar at
https://docs.openstack.org/devstack/latest/zuul_roles.html#role-setup-devstack-source-dirs
Change-Id: I7378d46c507b1d86f1d5319655a55f2a8c5a8f60
For some crazy reason, we've forgotten about trying
to use IPv6 addresses directly with the SSL certificates.
So lets add some logic so clients can connect directly
with the v6 IP.
Change-Id: Ie8b8a2d99945f028bebe805b83bfd863b7b72d57
Switch to "modern" way of building docs using sphinx-build directly,
remove now unsed parts from setup.cfg.
Upgrade to openstackdocstheme 1.20 and remove obsolete variables from
conf.py.
Convert external links to internal RST links so that Sphinx can verify
that they are correct.
Replace redirected links with new targets.
Use opendev.org instead of github.com where appropriate.
Change-Id: Iedcc008b170821aa74acefc02ec6a243a0dc307c
Currently, the console server host and listen address on the compute
host is always being set to localhost. This works fine in a single
node all-in-one deployment, but will not work properly when
nova-compute is running on a separate host in a multi-node deployment.
This sets the console server host and listen address on the compute
host to the nova host IP and service listen address instead of the
localhost.
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Closes-Bug: #1669468
Change-Id: Id8b0b4159b98c7ff3c85ec3daa03d556d9897ce9
A huge part of the logs is irrelevant bash aliases captured by the
openstack client timing wrapper from the run of "openstack complete",
which is only helpful on interactive systems where you'll interact
with the command line. Call it directly to avoid capturing the logs.
While we're here, turn off tracing inside the oscwrap function, which
is called frequently. It's not useful for debugging.
Change-Id: I1cb5399fe7ee6f0e547a9cfff70396aa2007632e
This patch adds new options:
* CACHE_BACKEND - with default "dogpile.cache.memcached"
* MEMCACHE_SERVERS - with default "localhost:1121"
to add possibility to configure various backends as cache in
Nova and Keystone.
It also adds options:
* KEYSTONE_ENABLE_CACHE - True by default
* NOVA_ENABLE_CACHE - True by default
To make possibility to enable and disable cache in those projects'
config files.
Default values configured there are the same as before were
hardcoded for Keystone config.
Nova has also enabled this cache by default.
Change-Id: I9082be077b59acd3a39910fa64e29147cb5c2dd7
Closes-Bug: #1836642
We recently added the 'tempest-ipv6-only' job on
tempest side which will use the devstack base job
'devstack-ipv6' job and add more verification and testing
for IPv6 deployment.
Let's add that job on devstack gate also to avoid any
break due to devstack changes.
Change-Id: Ib2c85ec262b027351872e2b5a39b06a4ba1b880a
Story: #2005477
Task: #35923
In lib/neutron-legacy, the Nova metadata host address is
un-quoted if it is IPv6, i.e. 2001:db8::1, not [2001:db8::1].
We should be doing the same in lib/neutron.
Change-Id: I80c96603a41ef9d289712ef15b464859aa9257be
The api documentation is now published on docs.openstack.org instead
of developer.openstack.org. Update all links that are changed to the
new location.
Note that redirects will be set up as well but let's point now to the
new location.
For details, see:
http://lists.openstack.org/pipermail/openstack-discuss/2019-July/007828.html
Change-Id: I8a6c3403192d1416cb66cc9e92ec827b339f1270
* The restart loop for rabbitmq-server can trigger socket activation
of epmd without rabbitmq-server running. This can lead to 'systemctl
status' reporting 'State: degraded' with no simple way to reset to
'State: running'.
* It's important to note that this socket activation failure is benign
and is not an indicator of system failure.
Change-Id: Iede4f5ebeffb59644dee4a17b6331b3cdd04d146
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>
running chown and chmod on files and folders not created by
devstack causes a few issues:
* On nfs mounted directories it can take an extremely
long time to chown -R some of the git repos, especially
if any tox commands have been ran in the host
* chown can cause the host files to get into a weird state
if nfs is set up wrong.
If files and folders are pre-existing we should assume
they are in the correct state, and not modify them.
Fix setup-devstack-log-dir to create the logs directory with
correct permissions in the first place.
Change-Id: I5ebdaded3ffd0a5bc70c5e9ab5b18daefb358f58
Signed-off-by: Graham Hayes <gr@ham.ie>
'devstack' job set the VNC listen addresses 'VNCSERVER_LISTEN' and
'VNCSERVER_PROXYCLIENT_ADDRESS' IPv4 which makes 'devstack-ipv6' job
to either unset those or set for IPv6 values.
Let's remove the setting of those in base job and let lib/nova
set based on configured ip version from job.
'devstack-ipv6' base job will be used to define the IPv6-only jobs
on Tempest and project side gate.
Change-Id: Iea469128b15298aee61245e702d20603c8d376fb
Story: #2005477
Task: #35923
'devstack-ipv6' job set the devstack to deploy
the services on IPv6. As part of community goal
'Support IPv6-Only Deployments'[1], this is going
to be the base job for all project specific or tempest
IPv6 jobs. Running this as voting make sure any devstack
setting or changes would not break the IPv6 jobs.
Story: #2005477
Task: #35923
[1] https://storyboard.openstack.org/#!/story/2005477
Change-Id: Id6580e8b29b6b04e34c2c1eca3125fa08920eb1d
This adds a variable to control the [DEFAULT]/shutdown_timeout
config in nova to control whether or not a guest should have
a graceful shutdown of the OS or if it should just stop
immediately (no timeout). Since devstack uses CirrOS images
by default, the default value for the NOVA_SHUTDOWN_TIMEOUT
variable is 0 which should speed up tempest runs. The default
in nova.conf [1] is 60 seconds.
[1] https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.shutdown_timeout
Change-Id: Ida83f70a1c4e61e5248f2bd42b4c24f7ac6d2310
Related-Bug: #1829896
Trying to deploy OpenStack environment consisting of ironic nova
hypervisor & hardware Ironic node (not VM Ironic node) with devstack
got failed.
Devstack error says error occurred while calling configure_libvirt
in configure_nova_hypervisor. This happens because libvirt related
packages are not installed when specifying "VIRT_DRIVER=ironic"
and "IRONIC_IS_HARDWARE=True".
To fix this problem, this commit add "if" statement to check
Ironic node is hardware or not using "is_ironic_hardware" function
in "function-common" file.
Change-Id: I1113478175fadec79d0f8bf6ae842ed86e5e686b
Closes-Bug: #1834985
opensuse-150 nodeset is referring to openSUSE 15.0, which is still in
maintenance but openSUSE 15.1 has been released already. "opensuse-15"
is going to refer to the "latest openSUSE 15.x" build released and
working for OpenStack going forward, so add this nodeset and use
it by default going forward.
Change-Id: Ic3f4d6998a66da5226bc95088d7e3c83dfe737ce
The package has been renamed in order to avoid the namespace collision
with systemd, update our doc accordingly.
Change-Id: I1b9a434d9bb6a7d9dc38ef965017ed9f8773d595
Closes-Bug: 1825949
In change I8934d0b9392f2976347391c8a650ad260f337762, we began
configuring console proxy ports for multiple cells in the nova
controller config files to avoid "Address already in use" errors from
port collisions when running multiple cells on a single host.
This correspondingly configures the console proxy ports in the nova
compute config file based on what cell we're in, according to the
NOVA_CPU_CELL variable.
The base_url config for serial console is also added where the default
was previously used. The url is taken from the config option default in
the nova code: nova/conf/serial_console.py [1].
[1] https://github.com/openstack/nova/blob/8f00b5d/nova/conf/serial_console.py#L54
Change-Id: Id885fc5a769bce8111f1052a1b55d26be817c890
Closes-Bug: #1830417
The URL for rdo-release package is version-less and redirects to latest
stable version. This becomes problematic when stacking older stable
versions as dependencies might not be met or newer and incompatibile
ones might get installed.
Closes-Bug: #1833696
Change-Id: Icb07dcb4c9a3950a3c31a3a8dcb8d0b4c713fdb1
This is no longer being used due to Keystone PKI tokens no longer
being implemented.
In order to not break backward compatibility we create a new function
that is to be used instead and deprecate the old one. Modify the old
function to ignore the 3rd argument and display a deprecation warning.
Adjust callers to no longer create and set that directory, calling the
new function instead.
Change-Id: Id0dec1ba72467cce5cacfcfdb2bc0af2bd3a3610
Currently, devstack has NETWORK_API_EXTENSIONS var to define
the network API extensions. NETWORK_API_EXTENSIONS is defaulted
to 'all' for master and hard coded list of extensions per release.
Zuul jobs of network extensions (for example neutron-fwaas) need
add the some extra extensions in the default list. To do so, they
need to duplicate all the defaults extensions and then add the extra
extensions. Much difficult situation is when defaults extensions list
vary from release to release so they have to keep updating the
NETWORK_API_EXTENSIONS per release.
This commit defines a new var ADDITIONAL_NETWORK_API_EXTENSIONS which
will take extra extensions and append into the default list. This way
Zuul jobs do not need to duplicate the default extensions.
Change-Id: I7270c9b9e047a851970439522c0356c9089a5b74
This is a follow up for change Ifcfce490edb3d77e4e436e002d35bc909e1a057c
where the GIT_BASE was changed to the opendev URL to avoid redirects.
The pbr namespace in stackrc was old and still getting redirected and
this change fixes that.
Change-Id: Ib444e928fa2ca7650670f97be6927202333a1dd7
This updates links going to git.openstack.org and review.openstack.org
to go to their respective opendev locations to avoid redirects.
Change-Id: I78e3bb5303718962f591117f9c0ee11f2314b128
Closes-Bug: #1833256
Update the server to opendev and update paths for gitea, along with
any other references.
Switch to a blacklist where we just remove stackforge; this leaves all
the new namespaces like x/ and starlingx/ being checked.
Use a common session for checking for the plugin file which makes it a
*lot* faster.
Remove unsed "plugins" array variable
Regenerate the file
Change-Id: Ie3e615ba352a389da22e129c5c67cf6abd8cfdc8
Many of the code blocks in the configuration documentation had extra
leading spaces. This resulted in the blocks being both code block
formatted as well as blockquoted in the output.
This patch removes leading spaces and some minor cleanup to get the
formatted output correct.
Change-Id: Ic4dfb49c547d51e16b673bc88d7b2b1a907e3258
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Since Ic0a03e89903bf925638fa26cca3dac7db710dca3 RetryFilter has been
deprecated. So we should not enable the RetryFilter on our tests.
Change-Id: I48c2c4d0714f582af8948dc88b48df1c2c62fcd2
Nova change https://review.opendev.org/603079/ changed the
default configuration to send only unversioned notfications rather
than both versioned and unversioned notifications. This could break
unsuspecting downstream projects (like Watcher) whose CI jobs are
not explicitly configuring nova for the types of notifications
they need but are just relying on getting both per the previous
default of the config option.
This adds a variable which defaults to "unversioned" to match the
nova default but allows downstream CI jobs to easily configure
another value.
Needed by https://review.opendev.org/663332/
Change-Id: Ied9d50b07c368d5c2be658c744f340a8d1ee41e0
Ironic's CI makes extensive use of VLAN based networking
and the newer neutron plugin hardcodes the tenant networking
type to vxlan which is naturally problematic. It also lacks the
ability to set the necessary constraints for vlan networking
which are added for vxlan networking.
This patch enables the type of tenant networking to be defined
as vlan, and enables for a physical network vlan range mapping
setting to be configured which is required for a vlan to be
allocated upon network creation.
Change-Id: I55874c1ce82898e9dfb81505d8f3b14abde33579
Nova has had a multi-cell job (nova-multi-cell) since the
Train release but is currently non-voting in the check queue
for nova changes. This change adds the job to the experimental
queue for devstack changes so we can test changes to devstack
and make sure they work for the multi-cell job.
Change-Id: Icf31baf6fd4313aec5ecfb9e8f9cbcef1ff7f61d
Tempest not support placement microversion setting so that
test can call APIs with specific placement microversion.
This commit adds the setting of placement API microversion on
Tempest conf.
Change-Id: Ie04aa993ec7a1495740d9267b076a40f4291e25e
If the sudo-ldap package is providing the sudo command instead of the plain
sudo package, accept that instead of breaking the system and requiring direct
root login intervention to fix things.
Change-Id: I45d7e4617bd59e72b4f0bf2e91750a6830e2a010
right now, there are duplicate titles under contents --> guides
as shown in https://docs.openstack.org/devstack/latest/, although
they will forward to different pages, it is still a little confusing
for users. This change will hide toctree in guides.rst and users could
click links in page to jump to detail page to read more.
Change-Id: I2f3abeca7f56a3aedeabb48630ed2c61635b93cd
There are still some issues with lib/neutron thus neutron-legacy is used
on controller node in multinode jobs and in single node jobs.
But in "group-vars" in devstack job it was configured to use
lib/neutron which can cause some problems in multinode jobs.
So lets switch to neutron-legacy on subnodes also until lib/neutron
will be ready to use everywhere.
Change-Id: I0d7f9f2baaee2836a719f199939156bd4f53f778
Change I188fc2cd1b26fe7a71804f7e7d66b111d6f15e30 in nova stopped us
respecting this when generating the network templates injected into
instances on boot. With the removal of nova-network, there is no longer
any other reason to set this.
Change-Id: I925b7c6c23133cd5a835960f4507c979f615d78e
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
In change I2ce8ff3d7c33a402b8af50182ec01f512859c388, we duplicated the
'default_floating_pool' option, found in the '[DEFAULT]' group, to the
'[neutron]' group. This allowed us to continue with our deprecation
plans for the former option, which should be retired along with
nova-network.
Update the nova lib module so it'll set the new option, we can safely
assume to be the correct one now that we've removed support for cells v1
and nova-network.
Change-Id: If9a02b640e6c2e1300c7b11b7552ba13c1496d79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Remove nova cells v1 support, which also allows/necessitates removing
support for nova networks (which was only supported with cells v1) and
nova-consoleauth (which was required by cells v1 but is unnecessary
otherwise).
The Depends-On isn't really necessary, but it's here to make sure this
doesn't merge until we _really_ have killed cells v1.
I honestly expected this patch would be bigger.
Change-Id: I90316208d1af42c1659d3bee386f95e38aaf2c56
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-On: Ib0e0b708c46e4330e51f8f8fdfbb02d45aaf0f44
We know empirically that some legacy gate jobs pass and appear
to be running with python3 but actually pip was invoked with
PYTHON3_VERSION unset so that they are actually ran with python2
packages.
As a followup to this discussion [1], add a safety check in the
get_pip_command function to ensure that a python version has been
set when it is invoked.
[1] https://review.openstack.org/#/c/622415/4/inc/python@283
Change-Id: I3a08406fb7d68282c6b98abb33a625821510046a
This patch enables ARP Responder with DVR routers along with
l2pop in devstack.
Related-Bug: #1774459
Change-Id: I82f628c32f6e38c2419b6ffe90d9f9adf96777b1
swift3 is no longer actively maintained in the upstream.
That has been moved to Swift repository as s3api so we should
use s3api middleware instead. As well as swift3, s3token is
also maintained in Swift upstream.
Change-Id: I4582d81da066ab53e6f11ad1df7af91425f2b0ca
Once nova is setup and n-cpu on the host is reporting
a service record and discovered (the host is mapping in
the API DB), we should run the nova-status upgrade check
to verify the deployment.
Change-Id: I9683bf94233ebacb3057ce159cb3dc53aa55a2f4
Related-Bug: #1790721
Option "lock_path" from group "DEFAULT" is deprecated. Use option
"lock_path" from group "oslo_concurrency".
Change-Id: I7c7501a4a351155eeba77bb7cd43c8d6f5ea73bc
Support for changing the cinder periodic_interval config option
was added way back in havana as a workaround for bug #1180976
by change I20e52e66fcc94b224476cdd14c88bd6981b4e617. As the fix
for that bug does not require modifying this config value, and
such modification may have unintentional adverse effects, end
the support.
Change-Id: I1ef1fe564123216b19582262726cdb1078b7650e
Partial-bug: #1824837
n-obj hasn't been around for many years and devstack
doesn't use it anymore anyway so this just cleans up
some vestigial use of the old service.
Change-Id: I04b2d2dc2b4e49fab90f5ef94f4e087e969aa24b
Tempest's scheduler_available_filters has a special 'all' value that
is understood to mean 'all filters are enabled' by various tempest
tests. However, what it really means is 'the default nova filters are
enabled.' In an effort to help clean that up, this patch explicitly
sets scheduler_available_filters to nova's $FILTERS. Because $FILTERS
is now used in both lib/nova and lib/tempest, it is renamed
$NOVA_FILTERS.
Change-Id: I6ffc1e9989cd61d666f9c1db9c94fbabd7151918
Related-bug: 1628443
With the new namespaces we have to look around a bit more to find
repos top copy into the DevStack working directory. Add:
* starlingx/
* x/
* zuul/
Depends-On: https://review.opendev.org/653988
Change-Id: I8a55522a5fee46f415f0c0ce580ded3476133460
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
We should always pass on a region when talking to
ironic. This will also help detect and test issues
specific to regions.
Change-Id: Iaab3c1bcedc5aaa2106c0758cbb43bade3de2cf5
This function will now first filter out all "neutron-" strings from
DISABLED_SERVICES list before looking for "neutron" string in it.
Change-Id: I5cab6a3be553713e1257599fb72042c6001f2672
Close-Bug: #1824884
The python3-ply package is indirectly a dependency of dhcp-client, which
is not exactly an optional package. Pip >=10 refuses to install ply from
global-requirements with this distro package is installed, so our only
option is to remove it manually.
Change-Id: I377fdd4a581eb4b6275584d92cafc0b783fe3b84
openstacksdk gates on the new-style devstack functional base jobs. It
serves as a good test case to make sure the functional base jobs don't
break.
Change-Id: I817639ed30cda8ea51d156872a14bbcf10a4e63d
The pkg/elasticsearch.sh is only used by Panko but Panko has
moved the script to its own repository [1].
[1] https://review.openstack.org/#/c/643262/
Change-Id: I0ce40f4299246b68624abd2072c2abce06f1e70b
Signed-off-by: Trinh Nguyen <dangtrinhnt@gmail.com>
stack.sh usually fails when it is started in a shell session
where OpenStack related environment variables OS_* are set.
Most common failure scenarios are failures in keystone operations.
This commits clears OpenStack related environment variables
at the begining of stack.sh.
Change-Id: I3a924a0586dc9bb28f3bf3e151e100c24015efe5
Previously apache was configured and restarted before we configured
the CA and certs. In most cases this is fine because those specific
vhosts didn't use tls. However, if you had previously run devstack
and had leftover vhosts and an unconfigured CA or certs devstack would
fail.
This is a small corner case, but its simple to address by moving CA and
cert setup up in stack.sh to before we do anything related to web
servers.
Change-Id: I31dbaf9471088b9faff26c7b790da6f6feebb2d5
python2.7 will be EOL soon, let's test on python3 instead.
Exclude CentOS 7, as there is no python3 easily available.
Change-Id: I24d8812c0c37b6d376fd5ae38067513bb62a2804
We're able to run multiple cells in devstack by setting the variable
NOVA_NUM_CELLS in the devstack local.conf. Since we run console
proxies per cell, we will start two console proxies if
NOVA_NUM_CELLS=2. However, we've not been configuring the console
proxy ports in the nova_cellN.conf files, so an attempt to start
more than one will result in a port conflict and failure to start
the subsequent console proxy services with error:
ERROR nova error: [Errno 98] Address already in use
This adds configuration of the console proxy ports based on an offset
while looping across NOVA_NUM_CELLS. The base port values are taken
from the config option defaults in the nova code: nova/conf/vnc.py,
nova/conf/spice.py, and nova/conf/serial_console.py.
Closes-Bug: #1822873
Change-Id: I8934d0b9392f2976347391c8a650ad260f337762
When the role is used by grenade, the data directory is shared among
different devstack executions, and the base directory is different,
for example: /opt/stack/data vs /opt/stack/{old,new}.
The new devstack_data_base_dir parameter allows user to specify
a base directory for the data/ directory which is unrelated
to the devstack directory. The default value is devstack_base_dir,
so the default behavior is unchanged.
Change-Id: Ie69b7b51947cbf1a8b31d2701783de2fb56a2d33
If we are running with python3, just assume that any
package that is not blacklisted is available for py3
and just attempt to install it and let pip sort it out
whether it gets installed from a local or remote package.
Change-Id: Ic05d183e489320f6dfc721575d47e7e4d661f87c
Closes-Bug: #1820892
When [0] introduced quoting all arguments, it broke existing consumers
that already quote their value themselves. Fix this by avoiding to add
additional quotes to the value when it already starts with a double
quote.
[0] https://review.openstack.org/636078
Change-Id: I92146e04731efc6dcc632ae6c3a7c374e783cdba
Closes-Bug: 1822453
- Switch from proposing Ubuntu 16.04 to 18.04 as the most tested
platform.
- Make it clearer that creating an additional "stack" user is
optional when running on a cloud image, as this step often leads
to errors for new users.
- Fix some minor nits along the way.
Change-Id: I39aef1a230b668b932b1681fcd0deeb423b411f1
dstat is Python 2, never going to be updated and effectively
abandonded. The replacement is pcp-dstat [1] which is mostly
compatible, with a few differences. As distro start transitioning
(Fedora has), just drop the unsupported args for now.
[1] https://pcp.io/man/man1/pcp-dstat.1.html
Change-Id: Ibec8a37cb18a14656d97e2096c66bc8b21406068
This adds a service to run a tcpdump during the run. This can be
useful to capture various network traffic for post analysis.
There didn't seem to quite be an appropriate place to document it, so
a new debugging file is started, with some terse explaination of our
various system-wide debugging services.
Change-Id: I09aaa57611c5047d09a9bce7932d34e9d50b30e6
Currently we only export the devstack@ services, and then separately
export the kernel & sudo logs to syslog.txt.
This leaves a lot of logs potentially behind in the journal for
various daemons. Just export the whole lot.
Using this output is currently very opaque and makes use of systemd
export tools that are very un-discoverable. Add a README that will
appear alongside the journal explaining how to actually use it. This
is a template as it would be nice to put into things like the list of
services that are in the journal, or maybe other magic.
Also make sure we export the logs since the start timestamp; currently
during a full run we drop the initial logs.
Change-Id: Id2626f9113d82c6d524039acda8a8ec74afb2081
If you have
devstack_localrc:
ARGUMENT: "argument with spaces"
The quotes get lost during YAML processing and the resulting file has
ARGUMENT=argument with spaces
which is a shell error.
Quote all arguments to avoid this sort of thing.
Change-Id: Ia63a53d745dfea7262bcdb5d46425f431c3ccfe5
OpenSSL 1.0.2 generates key files with default permissions: 644 and the
files are copied to the /etc/pki/* directories with sudo.
When the default CI node Ubuntu version was changed from Xenial =>
Bionic we changed from OpenSSL 1.0.2 => 1.1.0. And OpenSSL 1.1.0
generates key files with default permissions: 600. When we copy the key
file to /etc/pki/* using sudo, it becomes owned by root and then the
console-related users are unable to read it.
This sets the ownership of the /etc/pki/<console> files to the
user:group intended to read them.
Closes-Bug: #1819794
Change-Id: I437a46c875cf633272e8cad0811e5557f2ac3641
I7d16194d6ba1391ca31251d5b50cbb8de033fc38 added wrong behavour
on Fedora > 26 and Centos 7 when python3 disabled
pip should install packages in /usr/bin
Closes-Bug: #1820070
Change-Id: I3a8efbc8eb6e311db9c7347577c5d2047ba523a9
This makes the grep match in check_python3_support_for_package_local
the same as check_python3_support_for_package_remote.
Change I0349de2026c49279ba7f262d5e86d37018d66326 in grenade started
setting the PYTHON3_VERSION variable, and then we recently started
using bionic nodes everywhere which means we're running python 3.6.
The etcd3gw package has a python 3 and 3.5 classifier, but not 3.6:
https://pypi.org/project/etcd3gw/
The pip_install function code that is dealing with installing py3
packages is hitting a problem installing etcd3gw if the package is
local because of the more restrictive grep in the
check_python3_support_for_package_local function, and since
PYTHON3_VERSION=3.6 now, we don't install from py3 and install
etcd3gw on python 2.7 which makes services like cinder-volume and
cinder-backup, which use etcd3gw, fail when they are running under
python 3 (they get module import errors).
This simply removes the $ restriction on the grep. Looking at the
change that added those local/remote functions:
I243ea4b76f0d5ef57a03b5b0798a05468ee6de9b
There is no explanation for the difference, it just said:
Also, since not many packages are classified correctly, fallback
to looking for just "Programming Language :: Python :: 3" and
log a message for the package to highlight the problem.
So that's what this change does.
Note that alternatives would be:
1. Update the etcd3gw package to add the 3.6 classifier and do
a release (this should probably happen anyway).
2. Add etcd3gw to ENABLED_PYTHON3_PACKAGES but that would be a
short-term hack workaround.
Change-Id: Icd3768870ba0f1659bb2e6f002043d975047b73e
Closes-Bug: #1820892
When running stack.sh locally on stable branches
with tempest enabled and TEMPEST_PLUGINS set,
devstack will try to fetch master branch of requirements
and that fails if branch is not tracked.
Change-Id: Ia1ae6869a8fede2af5cd7c875e0946b6a75eb518
Closes-Bug: #1820051
TEMPEST_PLUGINS contains the list of the tempest plugins installed
alongside tempest by lib/tempest.
If TEMPEST_PLUGINS is not explicitly set, the new tempest_plugins
variable is used to fill it by combining its items with
the base devstack path.
Change-Id: I9f1fa2755e16871ff9d6ba33fdeaf3023eedf8d4
Plugins must be the last items in the local.conf file
otherwise the configuration set in the rest of the file
is not applied to them (for example a different value of DEST.)
Change-Id: Ia001badca179c3f3436d5ecd26b0755a3f3a3078
The default version is 3.2.17 which seems to be too old.
Some external tools are not compatible with this old version.
For example, kubeadm cannot support external etcd version that is
older than 3.2.18.
This commit update the etcd version to 3.3.12 wich is the current
latest version.
Change-Id: Icfabbe580bb83a3babb98cc9fdbfb8eb388dc108
On CentOS/ Fedora machines, this can be useful when QEMU silently fails
to start up due to SELinux denials. For Debian-based machines, which
use AppAromor, DevStack already captures the output of 'kern.log' (via
`journalctl -t kernel` redirected into 'syslog.txt.gz').
Change-Id: I231b22664f0944b905e00568759785615a1d47c3
Acked-by: Clark Bolyan <clark.boylan@gmail.com>
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
This updates various parts of documentation to use https, rather than
git, which is not implemented by gitea
Change-Id: I8d2a93128dcdaba0a00b43d18652781733f90cf0
Story: #2004627
Task: #29701
Infra are looking at implementing gitea for serving git, but this does
not have a git protocol handler ATM. Switch GIT_BASE, and some
testing, to https:// to be in a better position to handle this.
Change-Id: I97a7b0de7b1ec2dd15d15c58699a631b09273df1
Story: #2004627
Task: #29701
The bridge-utils package has been deprecated for some time now [1] and
'brctl' does not exist on some more recent distros like Fedora 28.
Replace references to brctl with the proper ip commands.
Calls to "brctl show" are not being replaced with calls to "bridge link"
because the output format is very different and in testing some bridges
were not listed. So the simpler method of consulting /sys/class/net is
used.
In worlddump.py we try running both because failures are handled
gracefully by _dump_cmd(), as well as "ip link show type bridge" for
additional info.
[1] https://lwn.net/Articles/703776/ for example
Change-Id: Ie4c8ad6ce4a09c38023c9e4ec7834c249403145f
Partial-Bug: #1801919
Devstack has some little known variables for running nova
with the fake compute driver and running several nova-compute
services on a single host, which can be useful for testing
move operations and scale testing of controller services like
nova-api and nova-scheduler.
This adds documentation about the fake virt driver and related
variables and scaling considerations when using them.
Change-Id: Ic89d463d0f3f180b323edd6e2c8ff0404638ef07
when installing with python 3.6 on centos7 pip installs
packages to /usr/local/bin as it does on new versions
of fedora.
this change updates the check to include centos
Change-Id: I7d16194d6ba1391ca31251d5b50cbb8de033fc38
This introduces a breaking change in the URLs used to access the console
[1]. This is updated in both the documentation and linked nova change.
[1] https://github.com/novnc/noVNC/commit/83391ffc
Change-Id: I14a0be0034f4a76ab37eb90325967500c3bf1ff9
Depends-On: I9a50a111ff4911f4364a1b24d646095c72af3d2c
Related-bug: #1682020
Keystone is currently working through a bunch of changes to add proper
system, domain, and project scope support for its API. This includes
implementing ``admin``, ``member``, and ``reader`` roles for system,
domain, and project assignments. More informaiton on those specific
changes can be found here:
https://review.openstack.org/#/q/(status:open+OR+status:closed)+project:openstack/keystone+branch:master+topic:implement-default-roles
One thing that was uncovered in implementing that support for the
project API was that setting tempest
``CONF.identity.admin_domain_scope = True`` meant domain admins of one
domain would be able to list projects in other domains, highlighted in
the following patch:
https://review.openstack.org/#/c/624218/2
This commit doesn't set this option and assumes the proper
domain-scoping behavior being built into keystone natively.
Change-Id: I12a57cc43de0b17eababa19b7b94de5277689f82
Related-Bug: 1750660
when tempst venv is build, it use the master upper_contraint[1]
but when we install tempest plugin, it use branch upper_contraint.
This leads to mismatch the dependency version between tempest and required
tempest plugins setup.
Current flow after this change is:
1. install tempest form master (until you explicitly change TEMPEST_BRANCH
which is default to master in all stable branch). It applies the upper_constraint
from the stable branch but that will be overridden in step2
2. configure tempest, here the created venv will install all dependency with
master's upper_constraint.
3. install tempest plugins in same venv created above. Now tempest plugin
will also use the master upper_constraint.
With this tempest venv which has all enabled plugin will be contsraint with
master.
[1] https://github.com/openstack-dev/devstack/blob/72f632222f6d90d3545b5d7ca48297da4218e2ea/lib/tempest#L590
Change-Id: I89314e8391e8f26c622fc090cbe27997b3cf049a
Closes-Bug: #1816022
The read_password function is defined inside stack.sh
and it cannot be used inside the "public library interface"
provided by DevStack.
Move the calls found inside library files to stack.sh,
following the same pattern of the other calls to read_password.
Change-Id: I8adc6723b677dfac2bef735f660e056c498bf773
numpy is a python requirement of the websockify package (it appears
there was some disucssion over *removing* this in [1], but did not
happen). Possibly these packages were installed a long time ago
before wheel support as it was taking a long time to build. But we
have wheels today, and later versions than the distro provides are
being dragged in anyway. Remove all distro installs.
[1] https://github.com/novnc/websockify/pull/163
Change-Id: I322dd9e1a07d8ce03c26cf3fcccebd6e21282fe4
It seems nova has changed defaults on who can create zero-sized disk
instances [1] and now some devstack jobs, like nodepool's, can't
create cirros images using this flavor. It seems the easiest thing to
do is just to bump it up.
[1] https://review.openstack.org/#/c/603910/
Change-Id: I1172d4775d608568ccbeb27e2975d83add892ea9
Cinder v1 was removed over a year ago. Change the cinder template
URLs devstack defines in the glance-api.conf to use cinder v3
instead.
Change-Id: I4a68dc0b53631be0708e7411c37619dd6dfd4fa6
The default for VOLUME_BACKING_FILE_SIZE changes over time
and the docs referencing it are clearly not keeping pace so
rather than hard-code a default in the docs just remove it
since the doc already mentions the variable used to set that
size.
Change-Id: I4242584d13250872250689863d1b70c68594eefe
Cinder and etcd are enabled by default and by default
cinder uses etcd as a distributed lock manager with
tooz as an intermediary. We see a lot of ToozConnectionErrors [1]
in the cinder logs when etcd is backed up [2] which results in
cinder operations timing out causing test failures, like
when a volume is not deleted within a given time.
This changes ETCD_USE_RAMDISK=True by default to try and
alleviate some of the pressure. An alternative is if we know
we're in a single-node job we could just not use a DLM for
Cinder.
[1] http://status.openstack.org/elastic-recheck/#1810526
[2] etcd[26824]: sync duration of 12.076762123s, expected less than 1s
Change-Id: I5f82aa40e9d84114e7b7b5cf19ec4942d6552490
Partial-Bug: #1810526
Uses a less offensive and arguably better understood section
header in the multinode docs.
Change-Id: Ie6fd58e9abd5c1ce88d88ac55419807790f61851
Closes-Bug: #1810317
On SUSE Linux Enterprise distributions, lsb_release -i typically
returns "SUSE" not "SUSE LINUX" as the vendor string.
To avoid duplication of the same regular expressions in multiple
places, add is_opensuse() and is_sle() helper functions, and modify
is_suse to invoke those.
This may also be helpful in the future for distinguishing some corner
cases where things are handled differently between openSUSE and SLE.
Change-Id: I43bf163bc963758ddbb6289928837f5f6512f265
As the user on the node under test may not exist on
the zuul executor node we do not copy the log owner
or group to avoid the rsync task failing when it
tries to chown the files.
Change-Id: I500cf3692a4d27b0c2a0a4f5586580d180a8778e
The glance-api service may use multiple config files, so
tell oslo.config about the config dir instead of a specific
config file when the service is started.
Change-Id: Iad3602d209cbb31e10683c67e1fd6b465d19f560
Partial-bug: #1805765
The version comparison introduced in
I5152f2585c3d4d18853988d6290039d6b1713b99 was broken, because it tried
to use bash's -lt operator for floating point comparison, but bash
only supports integer arithmetic.
So instead use devstack's vercmp() function.
Change-Id: I8aac71c5bb6c2e82479d62831ea0672ba6a9a534
Older mariadb packages on SLES 12 provided mysql.service. The newer
ones on SLES 12 and 15 use mariadb.service; they also provide a
mysql.service symlink for backwards-compatibility, but let's not rely
on that.
Change-Id: Ife6bd007ba30af0b77d44832b19d518034bdb12b
The existing devstack guide for load balancing is out of date.
This patch updates the guide to reflect the current way to install
devstack with the Octavia plugin(s).
Change-Id: Id48b70b50e44ec7b965d969b2d93f77543d7364c
Seems like for etcd-heavy services like Kubernetes, the fsync
performance of gate VM's are too low [1]. This commit implements an
option to put etcd data directory on RAM disk (tmpfs) to work this
around.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-January/001849.html
Change-Id: I5a17099cb9d6941b1a009dc82daefd2c7946d892
Recently iscsid was disabled by default on Ubuntu 18.04 (bionic),
and it may be on Xenial too, see:
https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/1755858
On a local Bionic deployment with Python 3, the lack of iscsid makes
nova-compute fail with an exception when trying to attach a volume:
Invalid input received: Connector doesn't have required information: initiator
Asking for the service to be started even if it is already running should not
hurt, so remove the check for the distribution.
This does not seem to be an issue on CentOS 7 (but Python 2) where
the socket activation of iscsid seems to work, so maybe there is
another way to make this working. Also, the service could be
enabled, not just started.
Change-Id: Ifa995dcf8eb930e959f54e96af6f5fce3eac28ae
Change I4820abe57a023050dd8d067c77e26028801ff288 removed access
to the database for the nova-compute process but only in
superconductor mode. Grenade runs in singleconductor mode though
so we are getting tracebacks in nova-compute logs during grenade
runs because nova-compute is running with nova.conf which is
configured with access to the nova API database.
This change handles removing database access for nova-compute
generically to cover both the singleconductor and superconductor
cases.
Change-Id: I81301eeecc7669a169deeb1e2c5d298a595aab94
Closes-Bug: #1812398
This allows plugins to specify their binary dependencies in bindep
format.
Some thinking on the implementation: this is in contrast to the
files/[deb|rpm] installation, which is called from the external
install_prereqs.sh script. This script being an externally callable
entry-point is really an artifact of the days when we would build
snapshot images for CI and wanted to pre-cache downloads. These days
we use the mirror system to keep packages close to CI nodes. Thus
rather than expand install_prereqs.sh to also be installing
virtualenvs and python dependencies, this seems to fit better as a
separate internal phase of stack.sh.
Documentation is updated
Change-Id: Icbdfbf97c17c906a7ae86f43e80eb2c445816228
This change addresses a few inconsistencies in how nova processes
are configured to speak to the placement service.
The initial inspiration was that region_name was not being set in the
[placement] section, despite $REGION_NAME being used when setting
the endpoint in the catalog. That's fixed.
While fixing that two other issues became clear:
* Configuring nova process to use placement should happen in lib/nova
not lib/placement so the function has been moved.
* auth_strategy is not relevant in the [placement] section of a
nova process
The name of the function is maintained, in case there are plugins which
call it, but a comment is added to indicate that other services besides
nova compute (such as the cell conductor) may use the function.
Change-Id: I4a46b6460596e9a445bd90de2d52dbb71fb963df
This adds a -bindep option to the key development library install
functions. With this option the bindep.txt file will be referenced
and the relevant packages installed.
Change-Id: I856f1f59fca49b6020920d8f859b797f3b904300
Given the file to be configured, if user "stack" even doesn't have
read access, the result of configuration is not expected. iniset with
"-sudo" option will always create the section and the option which we
want to configure for each calling, no matter whether this section and
this option exist in the file or not. The root cause is the calling of
grep and ini_has_option in iniset don't use the "sudo" option.
Change-Id: I9d21322046b7be411c4c7c28fefc24894fa2e131
Signed-off-by: Yi Wang <yi.c.wang@intel.com>
Remove the requirement that services explicitly enable python3 support
in order to be tested under python3 when running with python3
enabled. Keep the enable_python3_package() function for backwards
compatibility, for now, since it is called in some devstack plugins.
Explicitly add swift to the set of packages that should not be installed
using python3 by default until full support is available.
Change-Id: I8ab0a7c242bbf5bf3f091f5a85a98e2f4543f856
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
There are already devstack plugins that contain a hyphen in the name,
like `networking-baremetal`. In order to allow ordering for these to
work properly, amend the regexes we are using to match any
non-whitespace characters instead of only alphanumerics.
Amend the test to cover this use case.
Change-Id: I91093a424f8d5e8007f140083e1ea36a81fe849f
Closes-Bug: 1809016
The test_plugin_deps function in the test code for the
write-devstack-local-conf role was missing the import part of actually
executing the code under test and asserting the expected result.
Change-Id: I125870b13d2581cdec0dede11157b19b702565cd
Keystone is moving more things to require a system scoped token to
work. Getting one of those requires that domain and project information
are not set.
Change-Id: I2e1640e9f9ef6cdf56bef49d1ae8f0591570c3e6
This commit fixes a grammar issue in the LDAP integration guide
and it adds prompts to the command-line examples to be more
explicit about where or how commands are being run.
Change-Id: Ic6a5adfbcf2841656929e6c3875889a31d314089
'integrated-gate-py35' template is going to be
renamed to 'integrated-gate-py3' in https://review.openstack.org/#/c/626078/
Integrated jobs are running on Bionic now where python 3.6 is available.
Which means gate jobs in 'integrated-gate-py35' template are
running on python 3.6 not on 3.5 which makes this template name confusing.
depends on commit rename the 'integrated-gate-py35' to 'integrated-gate-py3'
so that it can convey that template will use available python 3 version
in used distro. For example: 3.5 in xenial and 3.6 in bionic and so on.
This commit starts using the new template name so that old
template name can be removed.
Depends-On: https://review.openstack.org/#/c/626078/
Change-Id: I07048817eb826337dd5bd89a97711bb9d43495cf
gitignore is not parsing regex, only shell globs,
so '^' has no meaning, and local.conf is being thus tracked.
This patch properly ignores only local.conf in root of repo but still
tracks samples/local.conf and others.
Change-Id: I93ef778f1f3ee8101ce21cce377f7b527b7153f3
This enables direct-io on the loop devices that we create for LVM backing
stores. The goal here is to reduce the buffer cache overhead involved with
loop mounting a very large file on a filesystem, as well as potentially
providing a little more block-device-like behavior for things that expect
them. We are hoping this will address some of the very long LVM calls that
cinder does, which randomly take a very long time, causing timeouts.
The loop direct-io support was added in kernel 4.4.0, which was xenial,
but the losetup binary does not have the required flag. Thus, this patch
checks the "losetup -h" output for the flag before deciding to enable it.
Change-Id: Idc69cf3598d6ed6646c0145733c90ad0b1b60883
Volume API v2 has been deprecated for a long time.
There is no reason to use volume v2 in clouds.yaml by default.
This commit also drops "--os-identity-api-version 3" from
write_clouds_yaml in functions -common as "3" is the default value
of tools/update_clouds_yaml.py. They are hardcoded in DevStack
so there is no reason to pass it.
Change-Id: Ie84026a3d19f7711fc781b7012355096c7ff6b5a
This does a few things to the home page and all-in-one single
machine install guide:
* Uses code blocks for formatting
* Adds the customary "$" to the console blocks in the
all-in-one single machine install guide
* Instructs to use "sudo su stack" and adds a note about
"sudo visudo" in the all-in-one single machine doc
* Creates a symbolic link to the sample local.conf and links to
it from the install guide (note that local.conf might be old
by now)
* Fixes the .gitignore file to only ignore local.conf in the root
of the repository, otherwise it would ignore local.conf everywhere
including the samples and doc/source/assets directories.
Change-Id: I50ae7bd32c4c1caa2ac8551fc54b31dd2dfae568
This is the next release in the 0.3.x stable series, containing a fix
for getting out of disk errors when cirros reads metadata from a
config-drive[0].
[0] https://bugs.launchpad.net/cirros/+bug/1808119
Change-Id: Id2f20ebafdd78c2dadf81b8f80f22e7bd6db7755
We've run into what appears to be a race with apache trying to reuse a
pooled connection to a backend when that pool connection is closing.
This leads to errors like:
[Fri Dec 07 21:44:10.752362 2018] [proxy_http:error] [pid 19073:tid 139654393218816] (20014)Internal error (specific information not available): [client 104.130.127.213:45408] AH01102: error reading status line from remote server 127.0.0.1:60999
[Fri Dec 07 21:44:10.752405 2018] [proxy:error] [pid 19073:tid 139654393218816] [client 104.130.127.213:45408] AH00898: Error reading from remote server returned by /image/v2/images/ec31a4fd-e22b-4e97-8c6c-1ef330823fc1/file
According to the internets this can be addressed (at the cost of some
performance) by setting the proxy-initial-not-pooled env var for mod
proxy. From the mod_proxy docs:
If this variable is set, no pooled connection will be reused if the client
request is the initial request on the frontend connection. This avoids the
"proxy: error reading status line from remote server" error message caused
by the race condition that the backend server closed the pooled connection
after the connection check by the proxy and before data sent by the proxy
reached the backend. It has to be kept in mind that setting this variable
downgrades performance, especially with HTTP/1.0 clients.
Closes-Bug: #1807518
Change-Id: I374deddefaa033de858b7bc15f893bf731ad7ff2
Nova is moving nova-cells-v1 to its experimental
queue set of jobs so the comment in devstack should
be updated.
Depends-On: https://review.openstack.org/623538
Change-Id: Iefbaa9b809d1426640cbd47a42213f28c9ec5ff3
Related-Bug: #1807407
Enable the Software Collections (SCL) repository for CentOS. This
repository includes useful software (e.g. the Go Toolset) which is not
present in the main repository.
For example, Octavia uses a Go based testing tool and its CentOS-based
jobs got broken now with the update to CentOS 7.6 which no longer
provides golang.
Change-Id: Ic68a6d6cd7da41510e624b6bea7976d9a960af98
... even when no other subject alt names provided
Previously, a non-voting job in barbican's gate would fail with something like
X509 V3 routines:X509V3_parse_list:invalid null name:v3_utl.c:319:
X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=DNS:pykmip-server,,IP:198.72.124.103
X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=DNS:pykmip-server,,IP:198.72.124.103
because we'd have an invalid empty string.
Change-Id: I5459b8976539924cd6cc6c1e681b6753a76b804c
Current code assumes the variable is being set to either "True" or
"False", which will lead to weird errors if it is being set to something
like "true" instead.
Change-Id: I88983c9150efad882cd867c2d14d86ba6b2522c9
Switch the nodesets that devstack job run on from Xenial to Bionic,
i.e. the latest Ubuntu LTS release. Keep variants running on Xenial
in order to make sure that we stay backwards compatible while we keep
running Xenial jobs on the older stable branches.
Change-Id: I8749ed24d5f451d29f767ebb2761abd743b7d306
Allow other jobs to explicitly require a node running Xenial. This seems
clearer than having a generic openstack-single-node nodeset which
implicitly uses Xenial.
Change-Id: I013fb8abd4e6ab6539bd9410acbc8446e57ec70c
Earlier review [1] suggested some cleanups which have been
done here:
* Removing a redundant call from cleanup_placement
* Fixing a typo in a comment
[1] https://review.openstack.org/#/c/600162/15/lib/placement
Change-Id: I8abd2f02b123c6c1937c026ff13eb4e600de3202
We introduce and set PLACEMENT_REPO, add a placement-manage command
to sync database tables (see one of the commits on which this
depends), use /etc/placement/placement.conf for config, and put the
uwsgi config file (pointing to placement-api instead of
nova-placement-api) in /etc/placement.
openstack/placement is also added to the required-projects in
the devstack zuul job.
Change-Id: I0b217e7a8c68a637b7a3445f6c44b7574117e320
Nova change https://review.openstack.org/603910/ is
going to change the default rule on policy
os_compute_api:servers:create:zero_disk_flavor to
admin-only, which will prevent non-admins from
creating image-backed servers with a flavor that
has disk=0 since it's a potential security exposure.
Therefore we need the test flavors that are created
for tempest to use non-0 disk values. Since the flavor_ref
and flavor_ref_alt can be aligned to the image_ref and
image_ref_alt in tempest.conf, we get the image sizes
from glance (in bytes) and convert those to GiB disk
sizes for each flavor, respectively. Since we're using
Cirros images by default, we need to make sure to round
up otherwise we'd still have a 0-disk flavor.
There are lots of ways the math could be done here
using numfmt, bash, awk, bc, etc, but it's simplest to
write and probably easiest to read by using python for
the size conversion code.
Change-Id: I537c299b0cd400982189f35b31df74755422737e
Related-Bug: #1739646
Neutron is in a process to migrate to policy-in-code.
DevStack needs to be able to handle both cases with and
without policy.json in the neutron repo.
Note that nova assumes neutron API access with admin
so user_name:neutron needs to be included in context_is_admin
to make DevStack work properly. Hopefully this can be cleanup
but this is a separate topic from policy-in-code.
Needed-By: https://review.openstack.org/#/c/585037/
Change-Id: Id1b0600d92e839ade1790a15c372e82e8e16ee9f
The universe repository is not enabled when installing Ubuntu from an
ISO (at least for Bionic). This leads to some errors during the devstack
run that are not seen when running based on a cloud image which has that
repo enabled by default. Enable that repository unconditionally, the
operation is idempotent.
Change-Id: Ifcb7ecd78fb25ca2136f5848c19b74500e520873
Closes-Bug: 1792936
This reverts commit faaf96bfb1.
Ironic jobs were still using this option, it needs to be
switched to an alternative first.
Change-Id: I1683d7cfa81f5fe2497cc7045e87f8b20fed4968
In order to make sure not possible to introduce a change in tempest
which breaks the shared network compatibility.
Depends-On: I6e3e53c4ac26b4fef09fefb9c590dfa91f577565
Change-Id: Ib2e7096175c991acf35de04e840ac188752d3c17
Builds of opensuse-tumbleweed nodes are currently failing, so these jobs
are receiving NODE_FAILURE.
Change-Id: I3c2d73a150df009e7dadc76277be36eb72e0dfa7
Docs say that you require Fedora 24/25 to run Devstack, but Devstack
is working in newer versions. Update document to say that Fedora 28
can be used instead.
Closes-Bug: #1797239
Change-Id: Ie5227db9943e5ddb93cd37440165eabbae22f4fc
Signed-off-by: Laura Sofia Enriquez <lsofia.enriquez@gmail.com>
The legacy job legacy-tempest-dsvm-neutron-pg-full is now named
tempest-pg-full - using the new tempest and Zuul v3 frameworks.
Change experimental job to use new job.
Change-Id: If16397724fb4facd2a0db8148bdf7ba427ca10b6
Depends-On: https://review.openstack.org/609530
Apparently we're inheriting some database config from the main file,
which should not be set for nova-compute. If we're properly in superconductor
mode where we have a dedicated config for compute, remove those lines
if present.
Closes-Bug: #1797413
Change-Id: I4820abe57a023050dd8d067c77e26028801ff288
We can see that there is more demand on using ipv6 as the underlay
infrastructure to deploy new services, and OpenStack should be ready for
that.
These devstack ipv6 jobs are based on the work started by Jens Harbott in
https://review.openstack.org/#/c/608168/
Change-Id: I55bd067487665e5026e82a0737cb0f38a69499fb
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
Tempest have removed the volume-feature-enabled.api_v1
config options[1] and modified the default value of
volume-feature-enabled.api_v3 to True.
These config options not needed to be set from devstack
side.
[1] https://review.openstack.org/#/c/573135/
Change-Id: Ic35cf4482ab4d3c2e69348ec92568e68f6ea74ee
Leap 15.0 has been released May 25th, 2018 (see
https://en.opensuse.org/Portal:15.0 ) and we'd like to
transition devstack against it and remove Leap 42.3 from
the testing matrix. Leap 15.0 is newer than Leap 42.3 as
the numbering schema of openSUSE was changed.
Co-Authored-By: Antonio Ojea <itsuugo@gmail.com>
Change-Id: I078f9a2580160c564c33e575008516f5e92239d6
Dnsmasq and haproxy are used frequently by neutron and nova, apparmor
profiles can block some operations and the deployed cloud can't
work properly so some tests are going to fail.
Some openSUSE distros has apparmor enabled by default so we need to
disable it.
Change-Id: I30fda684effb09810643e58bf0b31a73d7d9b378
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
As a follow-on to I28aebffce6c5561360a9e44c1abc44b709054c30; make sure
we quote the error messages on the way through so they retain their
newlines.
Change-Id: I493317948264941b4788b100a0b0bc13d2698acf
Python2 match routines for x509 fields are broken and have to use
the DNS field for ip addresses.
The problem is that if you use ipv6 addresses in the DNS field,
urllib3 fails when trying to encode it.
Since python3 match routines for x509 fields are correct, this patch
disables the hack for python3, encoding the ip address in the
corresponding field only of the certificate.
Partial-Bug: #1794929
Depends-On: https://review.openstack.org/#/c/608468
Change-Id: I7b9cb15ccfa181648afb12be51ee48bed14f9156
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
Old-style test fails on Ubuntu when python3 enabled, with:
.../devstack/inc/python: line 52: [: 16.04: integer expression expected
Use bash-style test, which doesn't attempt to evaluate the RHS if the
LHS evaluates to false
Change-Id: If18031ab98c9060e5825c3a8d3c647bd3705cd9c
Closes-Bug: #1796174
It turns out that a host can have multiple valid default gateways,
something that's not common in ipv4.
This patches add supports for multiple default gateways in ipv6
environments.
Closes-Bug: #1786259
Change-Id: I30bf655f7160dd19c427ee79acdf145671a3e520
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
Legacy backup service support was recently dropped from cinder in
change I3ada2dee1857074746b1893b82dd5f6641c6e579 and we need to
adjust how we set the config option in devstack accordingly. This
updates the backup_driver option to specify a full class name instead
of only the module name.
Closes-Bug: #1794859
Change-Id: I3a72f38b564b8b83b233fccba7685833b6394d45
I'm switching tempest/dsvm jobs to run on
Ubuntu 18.04 LTS (Bionic Beaver) on openstack/manila,
and I believe this nodeset can be here
so other projects can use it too.
Change-Id: Ib8279cde3e14d5378f27254188ee14dbb0800428
Needed-By: https://review.openstack.org/#/c/604929/
The external_network_bridge option is deprecated/legacy and being
removed from neutron (see I07474713206c218710544ad98c08caaa37dbf53a).
This patch removes the external_network_bridge option iniset from
devstack scripts.
Change-Id: I4d9641cc9bb83719c9af1edabb89a63c4c2b1d96
That change introduces correct way of generating msg
for die in common systemd pitfalls.
Co-Authored-By: Szymon Datko <szymon.datko@corp.ovh.com>
Co-Authored-By: Piotr Bielak <piotr.bielak@corp.ovh.com>
Change-Id: I28aebffce6c5561360a9e44c1abc44b709054c30
This patch switches the CINDER_ISCSI_HELPER from tgtadm
to lioadm in openSUSE distros, as it increase the performance
and reduce the flakiness on some tests.
Change-Id: Ic3ee9c6baabe20f8f4d14246f6e29808796a5db9
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
Allow the setup-devstack-source-dirs role to accept a target role
to be setup - when available - for the repos.
Change-Id: Iebcba0d4be6d9d71b783e10a82c35a406afbd6bf
legacy-periodic-tempest-dsvm-oslo-latest-full-master
runs only on master, remove it. This needs to stay in project-config.
Change-Id: I81e66ddb0976bb4bb7a7cd8efbbae3bda551191d
the swift and devstack-plugin-ceph jobs have been renamed, follow rename
and use in-repo jobs.
Depends-On: https://review.openstack.org/543048
Change-Id: Idccc21e47b2cc04e5eeab4db7f7fb7cf156f8049
Given that Natty and other releases that don't use cgroups have been out
of support in Ubuntu for years now, it's high time we removed the
special case code block that sets up the cgroup mount.
Change-Id: I5403a4b1b64a95236b4dfcb66c35c594a3460cca
This is a mechanically generated patch to switch the documentation
jobs to use the new PTI versions of the jobs as part of the
python3-first goal.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I338fc71919a41ec890bcb5edd0552ec7eb680eb5
Story: #2002586
Task: #24327
This is a mechanically generated patch to complete step 1 of moving
the zuul job settings out of project-config and into each project
repository.
Because there will be a separate patch on each branch, the branch
specifiers for branch-specific jobs have been removed.
Because this patch is generated by a script, there may be some
cosmetic changes to the layout of the YAML file(s) as the contents are
normalized.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I9169d41d790ae874af29c8ceccf0c55ab0df7727
Story: #2002586
Task: #24327
During Rocky cycle, horizon updates the path of the wsgi wrapper
to the one recommended by Django [1]. The old path will be dropped
in the T release.
[1] https://review.openstack.org/#/c/561802/
Related-Bug: #1763204
Change-Id: Ie942518b587d193a7de55ffcc0a2848406146eb2
In the latest version of Contributing to
DevStack manual.There are a few words to
say that "tools/build_docs.sh is used to
generate the HTML versions of the DevStack
scripts".But build_docs.sh is not there
since Newton version.So I delete it for
good.
Change-Id: I69f7aa23e1efd8f8a63aa79628e67378d524e173
Before this change, only *.log and *.log.[0-9] patterns were
ignored, which was not enough. Examples of file names which were
not ignored:
devstack.log.2018-08-09-100547
wget-log
wget-log.1
Patterns *.log.* and *-log.* work for every log file generated by
devstack.
Change-Id: I6f0de5de74f196ab9df66cf3f2f969e53da01c22
Signed-off-by: Michal Rostecki <mrostecki@suse.de>
Set 'PUBLIC_INTERFACE' in local.conf, so the code will
be entered into _move_neutron_addresses_route of
neutron-legacy.
But if lack of sudo to run command arping, the information
"arping: socket: Operation not permitted" occurs. So add
'sudo' for 'ARP_CMD' of lib/neutron-legacy.
Change-Id: I8ac8a9bc2bbba049c45b28bf9b93d9a10e398fe6
Closes-Bug: #1783046
TEMPEST_AUTH_VERSION should be 'v3' or 'v2' not 'v2.0'.
To disable the identity v2 admin tests TEMPEST_AUTH_VERSION is
being compared with 'v2.0' which is incorrect.
Change-Id: I5f7e3bcf733edbbee06016bcad4845dda552815e
There is no projects using this and allows openstack-infra to delete
fedora-27 images.
Change-Id: I37d482dd2b5e099c370ab693ff430cb9c56360f8
Depends-On: https://review.openstack.org/588369
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The RPC transport_url for keystone was being set in the DEFAULT
section, even though keystone doesn't do anything with it. Instead,
keystone leans on the [oslo_messaging_notification] section from
oslo.messaging to register the transport_url option.
This change sets the transport_url in the proper section instead of
using the DEFAULT section.
Change-Id: I11590d0175da7ea310d5529f2d7c0bf8d7fb25b3
This patch provides a new mechanism to deploy Neutron using
WSGI script. This also starts a Neutron RPC server process
when the Neutron API is loaded via a WSGI entry point to
serve the agents.
Co-Authored-By: Victor Morales <victor.morales@intel.com>
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Change-Id: I16a199b04858bfc03ef50d9883154dba8b0d66ea
Depends-On: https://review.openstack.org/#/c/580049/
Partially-implements: blueprint run-in-wsgi-server
The neutron guide refers to ENABLE_PROJECT_VLANS and
PROJECT_VLAN_RANGE but these are not present/checked in the code,
which uses ENABLE_TENANT_VLANS and TENANT_VLAN_RANGE. This
corrects the documentation to match.
Change-Id: I204356c861157e9fab357bb4dde55185bf18a707
The tempest-multinode-full job is running the c-bak
service on the subnode where swift isn't running, and
because of the "is_enabled_service swift" check, cinder
on the subnode wasn't getting configured to talk to
swift so the c-bak service was down. Since chances are
good that we're running swift, just configure cinder
to always use it.
Change-Id: I86b090967dadeeefc017ff0311beeea9441b6ba6
Closes-Bug: #1783128
Recently, Keystone renamed "Member" role to "member"
(case-sensitive) with https://review.openstack.org/#/c/572243/14
Case-sensitivity role requirement in Keystone was recently
formalized with https://review.openstack.org/#/c/576640/
From the above reference:
"Role names are case-insensitive. for example, when keystone
bootstraps default roles, it creates `admin`, `member`, and
`reader`. If another role `Member` (note the upper case 'M') is
created, keystone will return a `409` Conflict since it considers
the name "Member" == "member". Note that case is preserved in these
cases."
It follows that Tempest should use "member" role by default.
Change-Id: Iebf04fdb4c195b6779c74f66da3f7822cf174494
These seem to be not run for quite some time and they don't
succeed anymore - drop the code to avoid somebody accidentally
running it and wondering. A good example of "if it isn't tested
its broken".
Depends-On: https://review.openstack.org/583146
Depends-On: https://review.openstack.org/583147
Change-Id: I99e8a5ca2925217a5a2401984f3f4f6f032017be
token.provider.drvier.uuid and token.driver
has been removed from keystone[1].
Devstack has reference/setting of those config
options which is confusing for user and it can
lead to import error like[2]
This commit cleanup the devstack bits of removed
config options.
bp removed-as-of-rocky
[1] https://blueprints.launchpad.net/keystone/+spec/removed-as-of-rocky
[2] http://paste.openstack.org/show/725391/
Change-Id: I29b3b356622c485c4c1046679234a38e7b645071
When setting up a 3pci zuul, there is an edge case where a downstream
zuul may already have openstack/foo projects, eg:
review.rdoproject.org/openstack/foo. In this case, if openstack
projects are not namespaced to include the connection information zuul
gets confused and complains. We can avoid this by using the fqdn for
git.o.o for devstack jobs and both upstream and downstream zuul will
properly use the correct connection.
Change-Id: I01419ea9f51ce7491aa319b6240aec9c0d4f2356
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Don't specify hypervisor_type=vz property for hds images as nova
now reports only really connected hypervisors and not all supported
by a compute host
Change-Id: Ibec0856519ffe593d44d123f3b401eae19f7d95a
On some slow system with recent version of
Elasticsearch we saw that the service
becomes ready after more than 1 minute.
Change-Id: Id2b21ab24a96d10fffdcccd652a7d3ec4e8ce39c
With the move to flask, Keystone does not utilize paste-ini. This
patchset removes the paste-ini support from devstack for Keystone.
Change-Id: I8dd629937c9178660992fd648175dbef80ffa3c2
When we change the name of compute host then devstack is breaking
because it is using default host name from host.
How to change compute host name in local.conf
[[post-config|$NOVA_CONF]]
[DEFAULT]
host = foo
Change-Id: I4d4392f1f58f0431b10764610668565af88d392f
Signed-off-by: Prabhat Ranjan <pranjank@in.ibm.com>
The commit e95f2a3664 broke
networking-ovn (and potentially other ml2 drivers) by making the config
parameter mandatory. It doesn't need to be.
Change-Id: I0d5738ac3a6d27ddb7655835d77689409a6ff6f4
Bring along the required rpms for the ride on Fedora 28 (we really
should find a way to maybe do f* or something to avoid this
... consider it a todo :)
Change-Id: I37fd38de9baab478c86d23ea2cebca59dc8a5ed1
I'm not sure what the history of the (capital-D) Django package or
pyxattr; they've been there for a long time and should just be
installed like other dependencies these days.
Change-Id: I423230cc5cbb13d2cfb7b926a9571a8157ce5c46
The nova-conductor service running in the cell
needs to be configured to talk to neutron for
things like deallocating networks during server
build failure. This changes the configure_neutron_nova
flows such that the top-level nova.conf is configured
as before, but we also configure each nova_cell*.conf
cell conductor config files to also be able to talk
to neutron.
Change-Id: Ic5e17298996b5fb085272425bb3b68583247aa34
Closes-Bug: #1777505
Keystone now provides a set of default roles in addition to `admin`
by default [0]. This is done during the `keystone-manage bootstrap`
process.
This change aligns the `Member` role override from devstack with the
`member` role provided from keystone.
[0] https://review.openstack.org/#/c/572243/
Change-Id: I3da3530aa73a8a1500116bcefdcba7b947d5e05e
Closes-Bug: 1777359
This automatically always adds the project under test to LIBS_FROM_GIT
which effectively makes the normal "tempest full" job the same as the
"forward testing" job when it is applied to a library repo.
Change-Id: Ibbdd8a86e0ff55f67bef73e08e693b34a61b24df
This has all been around for a *long* time, like when dnf was a weird
new thing. Now it's the opposite and yum is a weird old thing :)
Choose it by default for platforms with it (Fedora, for now).
Change-Id: Id2bd7d145354b996de31944929fd0267ec24a08e
The function was using an undefined variable to show the version of
python3 being used.
Change-Id: Ibc956975d620ed5174de8823f9c202a680c56aaf
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
We want to default to running all tox environments under python 3, so
set the basepython value in each environment.
We do not want to specify a minor version number, because we do not
want to have to update the file every time we upgrade python.
We do not want to set the override once in testenv, because that
breaks the more specific versions used in default environments like
py35 and py36.
Change-Id: Id83cb3cdd62517045c45388f88cb3de0e3d75da1
Ceph for example uses them. Creation already worked, but not
updates of existing keys.
Closes-Bug: 1774956
Change-Id: I20cb61c08079b9cd9ad56ac875525abf1442bff6
This makes three changes:
1. The quota options set when using the fake
virt driver have been renamed so we're getting
deprecation warnings on using the old names.
Rather than set each quota limit value individually,
we can just use the noop quota driver for the same
effect.
2. The enabled_filters list for the scheduler was last
updated when using the fake virt driver back in Juno
via Ic7ec87e4d497d9db58eec93f2b304fe9770a2bbc - with
the Placement service, we don't need the CoreFilter,
RamFilter or DiskFilter. Also, in general, we just
don't need to hard-code a list of scheduler filters
when using the fake virt driver. If one needs to set
their own scheduler filter list, they can do so using
the $FILTERS variable (or post-config for nova.conf).
3. The largeops job, which ran the Tempest scenario tests,
has been gone for a few years now, as have the Tempest
scenario tests, so the API_WORKERS modification when
using the fake virt driver should be removed. If we had
a CI job like the largeops job today, we would set the
worker config via the job rather than in devstack.
Change-Id: I8d2bb2af40b5db8a555482a0852b1604aec29f15
We use $API_WORKERS to throttle the number of workers
in other services but were not doing it for g-reg for
some reason, which by default will run ncpu workers
up to a limit of 8.
Change-Id: Idc81ce05546e6d625c10e2229256eafbe7c057a5
Closes-Bug: #1774781
Some commands must be run as a separate group to work. Users can use the
'sg' tool to do this.
This may be assumed knowledge for many users but it's helpful to note in
this, the definitive resource for DevStack's systemd integration.
Change-Id: I271c1d21b44fa972c152780c1caa01c21c265159
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The same code is already in place for the new lib/neutron library, allow
this functionality to be used also when the neutron legacy services are
still being deployed. This was mangled in [0].
[0] I868afeb065d80d8ccd57630b90658e330ab94251
Change-Id: I7214c4893943fbfbeb42ad140f433eecd6c3e9f0
dosfstools provides mkfs.vfat which is needed if n-cpu is
configured with 'config_drive_format=vfat'.
Change-Id: If1e1537a079e71847d91ae03ed0c18290a467c4e
Related-Bug: #1770640
openvswitch firewall has been in Neutron tree since Newton and has gone
through lots of improvements since including simple upgrade path from
the iptables hybrid driver.
We have a tempest job running in Neutron tree with openvswitch firewall
that's been voting and stable for a while. For neutron_tempest_plugin,
we have had the openvswitch firewall in use since the beginning.
This patch proposes openvswitch firewall driver to become a default
driver for openvswitch agent deployments.
Change-Id: If26d0180e459210511f25f1faa83dd8ccea25ff4
Change 12579c3db7 moved console-related
settings from the global nova.conf to the per cell nova_cellN.conf
because of a recent change in nova that moved console token
authorizations from the nova-consoleauth service backend to the
database backend and thus changed the deployment layout requirements
from global console proxies to per cell console proxies.
The change erroneously also removed console configuration settings from
the nova-compute config file nova-cpu.conf because the nova-cpu.conf
begins as a copy of the global nova.conf.
This adds configuration of console proxies to the nova-cpu.conf in the
start_nova_compute routine. The settings have also been split up to
clarify which settings are used by the console proxy and which settings
are used by nova-compute.
Closes-Bug: #1770143
Change-Id: I2a98795674183e2c05c29e15a3a3bad1a22c0891
* v3 is a superset of v2 and has been the defacto Cinder version for
several years now.
* Devstack installs Cinder v3 API by default, so the default environment
variables should reflect this.
Change-Id: I86e1ae4e020e2be043cf8e190d7959b65b6c093c
Change 969239029d4a13956747e6e0b850d6c6ab4035f0 completed the
conversion of console token authorization storage from the
nova-consoleauth service to the database backend. With this change,
console proxies need to be configured on a per cell basis instead
of globally.
There was a devstack change 6645cf7a26
following it that re-enabled the novnc tempest tests, but the nova-next
job that runs the console proxies with TLS is *not* part of the normal
set of jobs that run on devstack changes (it's in the experimental
queue), so it was able to merge without the nova-next job passing.
This configures the nova console proxies in the per cell configuration
file if cells v2 is configured for multiple cells in order to pass the
nova-next job.
Closes-Bug: #1769286
Change-Id: Ic4fff4c59eda43dd1bc6e7b645b513b46b57c235
To help avoid the amount zuul.yaml chrun when we bring a new version
of fedora online, switch to using fedora-latest. As of writing,
fedora-28 is the latest release which we update our testing for.
Also add fedora-28 support to stash.sh and remove fedora-25 /
fedora-26 as they are EOL.
Change-Id: I3d716554e8f270f4434cc9cac3408f8e890e0665
Depends-On: https://review.openstack.org/565758/
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Nova has dropped support for non-resource class
baremetal scheduling, so the IRONIC_USE_RESOURCE_CLASSES
flag is no longer useful and has been removed.
Depends-On: https://review.openstack.org/565805/
Change-Id: Ib2e6c96409c98877f6a43b76f176c1420d2d415e
In a multinode setup, the compute node needs to report to the
placement service. If it does not do so, it effectively does not exist
from the scheduler's point of view. This patch adds placement-client
to the compute node's ENABLED_SERVICES so that this can happen.
Change-Id: Ibfcd84e4626301bcdea70f719ade7f8365d03497
cinder does not yet support operations without project_id in the url.
The unversioned endpoint is not a usable endpoint for a user that
requests the block-storage service. Although it would be lovely to have
the block-storage service have the unversioned endpoint in the catalog,
we need to get project-id out of the urls first.
Change-Id: I4246708b6ea31496ba4d565ab422abc76f730ee7
Needed-By: https://review.openstack.org/564494
Once the nova patch series that converts from the nova-consoleauth
backend -> cell database backend lands, we can re-enable the novnc
tests in tempest.
Depends-On: If1b6e5f20d2ea82d94f5f0550f13189fc9bc16c4
Change-Id: I2939191a1c3ce49fa2104b4ffdf795fc416a1c33
Along with converting to the database backend for console token auth,
the console proxies need to run per cell instead of globally. This way,
the instance UUID isn't needed in the access url as users will be
handed an access url local to the cell their instances is in. With
console proxies sharded across cells, a large cloud will no longer have
a bottleneck of one console proxy for the entire deployment.
This also disables the novnc tempest tests with a TODO to re-enable
them once the nova patch series that converts from the nova-consoleauth
backend -> cell database backend lands.
Change-Id: I67894a31b887a93de26f3d2d8a1fa84be5b9ea89
With change I7e1e89cd66397883453935dcf7172d977bf82e84 the placement
service may optionally use its own database. In order for this to
work, however, the ordering of how both nova and placement are
configured and initialized in stack.sh requires careful control.
* nova.conf must be created first
* then placement must make some adjustments to it
* then lib/placement needs to create the placement database
* before nova does a database sync (of both databases)
Otherwise, when the placement_database/connection is defined, the nova
db_sync command will fail because the placement database does not yet
exist. If we try to do a sync before the nova_api database is created
_that_ sync will fail.
This patch adjusts the ordering and also removes a comment that will
no longer be true when I7e1e89cd66397883453935dcf7172d977bf82e84 is
merged.
Change-Id: Id5b5911c04d198fe7b94c7d827afeb5cdf43a076
The n-novnc service only runs on the controller node, however novnc
settings must be enabled on both nodes for vnc to work, since both
hosts are compute hosts.
Change-Id: Icc29441f507e6e4df9fd900eb7f35b0862f52043
For compute migration to work, the stack user needs to be configured
with passwordless ssh between all hosts involved in the migration.
Reuse the build ssh-key for this, which is already distributed for
user root.
Depends-on: https://review.openstack.org/563584
Change-Id: Id07f55fea06509466add35315c135dbfba6aa714
This commit just makes sure that the configuration file for keystone
exists on the system. We use iniset to actually populate the values
we want before we run keystone anyway.
This results in a cleaner configuration file that isn't bloated with
comments and help text.
Change-Id: I7a1f879e9e242a11e2c4663ec116e33da28db7f5
If a project shows up in zuul's required-projects list, add it
to LIBS_FROM_GIT automatically. This way, when a user specifies
that a job requires a zuul-project, it gets used in testing, but
otherwise, it doesn't (pypi is used instead).
Also add information about what happens behind the scenes for both
LIBS_FROM_GIT and plugin dependencies.
This moves the check performed in check_libs_from_git to
a helper function which is installed for most kinds of
installations. This means that if someone sets LIBS_FROM_GIT to
"foobar", devstack won't error anymore, as nothing is going to
try to install foobar, therefore the check won't run on that.
However, as we move to automated generation of the local config,
that error is not likely to happen. This check was originally
added due to an error in the upper-constraints file (where a
constraint name did not match a package name). This location of
the check would still catch that type of error.
Change-Id: Ifcf3ad008cf42d3d4762cfb3b6c31c93cfeb40db
It looks pip 10 failed the uninstallation of distutils installed
packages. This patch temporarily cap the version of pip to work-around.
Closes-Bug: #1763966
Change-Id: I8bf80efc04883cd754c19bea0303064080112c6e
This commit applies the constraints for the tempest plugin installation
so they won't go over the upper reqs.
Closes-Bug: 1763436
Change-Id: I5cf91157bbdae79dec01d5b3db32efea21f1b2b7
In Tumbleweed genisoimage was dropped in favor of cdrtools,
so installing that no longer works. We can however install
mkisofs directly and switch to that as that is also available
in Leap 42.3 and Leap 15.0+ family distros.
Also drop dependency on libmysqlclient-devel which appears
unnecessary (and is no longer available with mariadb 10.2+)
Change-Id: Ie8402204b6cdf94c21865caba116d3fd1298c5ad
There is currently a OVS 2.9.0 update in Tumbleweed that
fails to start as it is having a race with systemd on creating
the home directory. Workaround is to run it as root for now.
Change-Id: Ief610c6473834b02a1d644d8f50d11138a48e6e6
In Queens and later, the application credentials feature is available on
keystone and enabled by default. It should be tested in devstack.
Depends-on: https://review.openstack.org/545627
Change-Id: I4b0dc823487e79df16e1e603012ba4a7dc438389
guides/devstack-with-lbaas-v2 contained an indentation misstake,
that formatted some of the text unintentionally as quotations.
Change-Id: Ibbad4974c45f028d3de461ba69e0cea837d9c871
The [placement]/os_region_name config option is deprecated
and no longer required to be set (the default is fine for
devstack) with the dependent nova change.
Depends-On: I973180d6a384b32838ab61d4e6aaf73c255fd116
Change-Id: I6379acf179ed511f1cdadbd7fb09e2454182a5d3
Devstack supports deploying an LDAP server and configuring keystone
to use it, but we didn't have any documentation for it. This commit
adds some basic documentation that should help developers setup
LDAP-backed development environments.
Change-Id: I8ba07d73f52cb7f575ff2953977e9fdcade92d83
For folks who are doing functional testing with less than the full set
of normal base services. Should be a no-op/ignorable for most people.
Change-Id: If14ee018c01995e0a5b6bcdaac9ddc8810c6d503
This makes sure that it is available to subprocesses like the other
authentication data.
Change-Id: I513b7c2620b171ce20a1ceb5536226f3a69f2b82
Closes-Bug: 1760901
Fix a few path issues where we didn't properly use NOVA_BIN_DIR /
SWIFT_BIN_DIR.
This is part of the effort to start using a virtualenv for openstack
services.
Change-Id: I6eb383db65cc902c67c43e5cb1a16a9716a914b2
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
In I5103b4331a8d7c5660848fc148ebe4139ce6dad9 it was noted that the
comment was wrong. While this has no functional impact let's clean it
up while it's fresh.
Change-Id: Ia6cf8125214c69f8289fa7cff948afc10801ed2f
This updates the default ETCD_VERSION to the latest 3.2 etcd release,
v3.2.17. 3.2 is chosen as it is packaged in bionic and fedora; we
hope to move to packaged versions for distros that support it in due
course.
This version supports arm64 and ppc64le which were not supported by the
previous default, v3.1.10.
We have removed the override to tarballs.o.o, as these files are now
cached as described in [1]
[1] http://lists.openstack.org/pipermail/openstack-infra/2018-March/005871.html
Depends-On: https://review.openstack.org/556688
Change-Id: I5103b4331a8d7c5660848fc148ebe4139ce6dad9
When nova-manage db sync runs on cell1 in superconductor
mode, the [api_database]/connection config option isn't
set in the config file on purpose so the cell can't
reach the API database.
As a result, the db sync on the cell config can't hit
the API DB to sync cell0, which is not something we need
here anyway, but it results in an error message.
This tells the cell config db sync to just run it on the
cell database and not try to sync cell0.
Change-Id: Iac092762decd6de9e90e264f2998d255e8e40d00
DEFAULT_VOLUME_GROUP_NAME volume group is LVM ephemeral storage used by
Nova. It is created by init_nova() if user sets NOVA_BACKEND to "LVM".
However, init_cinder() is also hardcoded to create it, based on the
asumption that CINDER_ENABLED_BACKENDS includes it. That assumption
doesn't hold for the current code. What's more important, even if user
wants to use DEFAULT_VOLUME_GROUP_NAME as one of cinder backends and
adds it to CINDER_ENABLED_BACKENDS, the current code in init_cinder()
are general enough and should work fine. This change removes relevant
code in init_cinder(). It also moves DEFAULT_VOLUME_GROUP_NAME clean-up
code from unstack.sh to cleanup_nova().
Change-Id: I53762f8eda6256f962cc4e1f1098406879bbcf5c
This updates the UCA usage from Pike to Queens. As a result,
the various volume multiattach checks can also be removed
because the Queens UCA has libvirt 4.0.0.
Change-Id: Icb971831c8d4fe5f940d9e7993d53f1c3765e30f
This PS adds the project_tags identity feature flag which allows
identity v3 project tags API functionality to be enabled for
releases after Pike. Once Pike is no longer supported in Tempest
this feature flag can be removed.
Depends-On: Ibaec1df79c9ac69c65cf5075c3519092bc609546
Change-Id: Iec6b34c10ea1bd7103720c773b48ce130643115d
I had to dig into the stack.sh code to figure out why
my tempest.conf post-config wasn't work, and it's because
post-config isn't the thing to use to configure tempest,
test-config is.
Change-Id: Ic5bbe36b5d44880d0a3a602f653b4f61fd89e9c8
Related-Bug: #1755947
Add the upcoming release Ubuntu 18.04 Bionic Beaver to the list of
supported distros. Drop the now unsupported 17.04 (zesty) instead.
Change-Id: Iea0b4bfdc510797f7886fac96eff6fdfb730252d
The patch to remove the use of the test-matrix [0] also switched from
using the neutron-legacy based service names (q-*) to the new neutron-*
names. However it turns out that the new implementation is not yet working
properly for most neutron-consuming projects, so we switch back to the
previous situation for now.
[0] https://review.openstack.org/546765
Change-Id: Id6de87211d6c4ea8fd14aa9203d8d5b17e9e2f04
Cinder supports both noauth and keystone auth mode. So now we can
configure this value via local.conf:
[[post-config|$CINDER_CONF]]
[DEFAULT]
auth_strategy = noauth
Change-Id: I1e434362117ab30dae71a8f3a80bc139e78f51bc
The -C option is not available in git versions older than "1.8.5" which
are still shipped by several distributions including centos 7.
Due to this incompatibility the patch has broken third party CI for
Cisco on Ironic.
Change-Id: I09a6f83f8b2fee870e6e1c50cbfdf2da4d70dfb2
This adds the necessary fixes to pass a devstack run
on openSUSE Tumbleweed. Also removes opensuse 42.2 as it
is EOL for some time already and no longer actively tested
in the OpenStack infra.
Depends-On: I1b68c08c07cf6653ea58506f738cbe0054b38f3a
Change-Id: I2894482deef063fd02b0818c695a2ddbf6767039
Document that orchestrate-devstack requires a linear strategy in the
invoking play. Also enforce the strategy in devstack.yaml.
Change-Id: Ia081225ec2be959fc5a4ddfd491f526296a8ca10
- There are some locations where we need the raw IPv6 address instead of the
url-quoted version enclosed in brackets.
- Make nova-api-metadata service listen on IPv6 when we need that.
- Use SERVICE_HOST instead of HOST_IP for TLS_IP.
Change-Id: Id074be38ee95754e88b7219de7d9beb06f796fad
Partial-Bug: 1656329
Document how to map DEVSTACK_GATE flags into the zuul v3 ansible
world. This is just an initial structure, the idea is to document
most of the flags as well as provide example in-line and links to
finished jobs.
Change-Id: I377ebb529bcd8f4971906563c577e8cfc48b98e6
Add inline documentation to jobs and render it in the jobs doc page.
Adjust the roles page to match jobs for title and filename.
Change-Id: I47a2b4b379c8517b0dea59a75943f3f871c29046
Extend the devstack job so that it can support both single and multinode
cases. Multinode mode require extra settings in devstack configuration,
some of which as subnode specific, some controller specific.
Also keep a simple devstack-multinode job defined for now so we can run
a multinode job in devstack gate, until the full tempest multinode job
is ready to match the old
gate-tempest-dsvm-neutron-multinode-full-ubuntu-xenial-nv.
Fixing multinode also requires sharing the CA configuration between
controller and peers, overlay network configuration for communication
between virtual machines and running discover_hosts for nova after the
subnode has been setup.
The extra orchestration required for multinode is encoded in a
dedicated role to allow for jobs in other repos to re-use it.
Change-Id: I2dcbd9bdb401860820e655d97aa3c4775af2827f
The openstack-ansible team found a regression in Queens when setting
the compute RPC upgrade_levels to 'auto' on a fresh install before any
computes had started up. The dependent change fixes the issue in nova
but for future proofing against this sort of issue again, we can set
the compute RPC upgrade levels in devstack to 'auto' for fresh installs
as well. Note that grenade already sets 'auto' for compute upgrade
levels, which is why we didn't catch this in grenade testing with the
compute RPC 5.0 version bump that caused the issue.
Depends-On: https://review.openstack.org/549737/
Change-Id: I07f34dbc09b6108ba8f5b2a83a28c75eb42be495
Related-Bug: #1753443
The legacy-tempest-dsvm-cells job is being moved into the
nova repo and renamed to nova-cells-v1. This change adds
the new job name to the in-tree definition of the experimental
queue jobs that run on devstack changes. A project-config change
will depend on this patch to undefine the legacy job name from
being used on devstack changes.
Depends-On: https://review.openstack.org/549780
Change-Id: I22fa1411809c46ffc423e0dd1cde0d8f40362635
With I4161e1f1c8d47070dd35fad38b00715438d94eb2 and
I37fe007dc6f387d43cbaf55771027718005ac40d we have removed most of the
legacy experimental jobs.
Add a short note so we don't go back to the Hotel California model of
"you can check in but never check out". With zuulv3 it is possible to
have self-testing changes for testing indiviual jobs. Experimental
should be for things with wider application to run against all
changes.
Change-Id: Ibfb902b17a8f7d5355689f2a584c061c001df0d8
The role that sets up the user and its home folder must ensure that
the home folder is owned by stack as well.
Change-Id: I2e72d7b9d68a2a14f8a148ef82cbb3f569bd1cea
Emit a disable_all_services and define which service we run in
the job directly. This drops the dependency from the test matrix,
from devstack default list of services and it makes it easier for
jobs to add/remove services based on the list in the base job.
Change-Id: Ib1debefd541b933dbfc54d484c263cc0ed60423d
/tmp is a world writeable directory, so using hardcoded filenames
in there is just a bad coding style (susceptible to symlink attacks).
Avoid using it to not give a bad precedent.
Change-Id: Ia66763a0e4714f2226e98dbd85600b2035bd5088
Cinder change I5231f8fe3399deb9c57e6efb121d0d008dc9c7f4
replaces iscsi_helper with more general one.
Change-Id: I49fe0365b170e5a5b0449d80003bcf970e4c191d
the shell script used is actually being run thru 'sh', not bash,
which does not understand "[[" test operators.
Explicitly run this script with /bin/bash instead.
Change-Id: I551d2631bcb6aef49550d69b3830ffcb509abfb7
Define an abstract job devstack base that does not require any
project apart from devstack. This job defines basic devstack_localrc
settings that are common to any devstack job (mostly to work with
infra) and devstack_services to emit "disable_all_services" so to
cancel any devstack default.
The variables are defined as global ones as well as host-vars for
the controller and group-vars for peer nodes, so that any
descendent job may extend them, thanks for Zuul dict merging.
Change-Id: I2cdb723f6ee209683044fecec59ff7b510a2752b
If user try to create a server in local script before nova cells is
configured, it will run into the following error:
Host 'x' is not mapped to any cell.
Change-Id: I4fe76865fd6e16d5beb5ed9e5d6a9f3542e990a5
The function was introduced in [0] using a hardcoded timeout of 60
seconds which turns out to be too small on slow machines. Create a new
global variable NOVA_READY_TIMEOUT instead so that users can
override the timeout if necessary.
[0] I32eb59b9d6c225a3e93992be3a3b9f4b251d7189
Co-Authored-By: Mohammed Naser <mnaser@vexxhost.com>
Change-Id: I0cd7f193589a1a0776ae76dc30cecefe7ba9e5db
The xen tools have been moved to the project of *os-xenapi* since
os-xenapi 0.3.0. We also did some refact work on these tools in
os-xenapi. This commit is to remove these tools from devstack. So
that os-xenapi will be the single place for xen tools.
Change-Id: I4fdbe6bce12dfedd0d1e975ab8dd624ee3740c11
We've called the jobs that don't run on our main Ubuntu targets
"platform" jobs; start at moving these jobs to native jobs.
Depends-On: https://review.openstack.org/541010
Change-Id: Ib64d91206a9ac677f4d77873bc54c6a84702d6c3
All the evidence from [1] suggests that on opensuse swift-init is not
detaching the daemon process correctly. It's possible there's a pipe
still in play that somehow holds our ansible-streamer open.
This is a minimal fix to avoid swift-init. Although it's possible in
non-default paths to still use swift-init (and hence possibly hit
another variant of this issue), after discussions with swift
developers it was decided the intersection of tests running under our
current ansible, on suse, that would enable these services is
sufficiently small that this is the best course for now.
[1] https://storyboard.openstack.org/#!/story/2001528
Change-Id: I1b68c08c07cf6653ea58506f738cbe0054b38f3a
As described in the documentation, this flag is intended for the case
where the console output is being captured by a tool that appends its
own timestamps.
In the gate this is the job-output.txt. We want the console output as
people like to watch that scrolling by as part of the live console
log. Although this gets saved to job-output.txt, we still want to
keep logging to the individual log files even though it's technically
a duplicate -- in the multinode case the job-output.txt gets
interleaved by all the running nodes; it's much easier to just look at
the individual log files. Also, people are used to it where it is :)
Change-Id: I3486636f1c76139581f6cd9668426f507b7c621d
I started running this with dib where we have pure python3
environments and it failed.
You can't have unbuffered text i/o in python3 for ... reasons? [1]
Changing the file to binary mode works around this. Python3 opens
sys.stdin in text mode, so we need to manually convert the unicode
strings to bytes before we write them to the binary file.
[1] http://bugs.python.org/issue17404
Change-Id: Iebb26f0d3c2347d262cbc10dfd0912840cd05878
Ansible complains:
The task includes an option with an undefined variable. The error
was: 'dict object' has no attribute 'RedHat'
which is just a mismatch on the "Redhat" string
Change-Id: I447038256561740c224c68388fa5b6a068cc8fed
By default stat is pretty verbose, we can set no_log: true to avoid
adding this info to our logs.
Change-Id: Ia18ebfe179443382cc670ffc4363ab037c43bb85
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Round 2 to add no_log to more things. Specific looping over stats, it
is pretty noise in logs and doesn't seem to add any value.
Change-Id: I580171e0061fa331f3ed510713f1ac7a1a6cb5ea
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
With CentOS 7, ansible is expecting to have RedHat as an attribute for
the dict so Discover configurations task fails with an undefined
variable error.
Closes-Bug: #1750573
Change-Id: I5bf9c4057ca9f75d730add9e429d0ef050c6d900
Since blueprint placement-claims in Pike, the Nova FilterScheduler
uses the placement service to make resource allocation 'claims'
before sending the build request to the chosen compute host to
perform the legacy style resource claim. This allows us to safely
scale out the number of scheduler workers when using the FilterScheduler.
The [scheduler]workers option defaults to ncpu if using the
FilterScheduler (which is the default scheduler driver) so to avoid
out of memory issues, we need to set $API_WORKERS scheduler workers
if using the FilterScheduler in devstack.
Depends-On: Ifdcd363d7bc22e73d76d69777483e5aaff4036e3
Change-Id: Ieae234eb5388560b3f66bf60c156a91a8e831bc4
Somehow this feature was lost in the transition
from q-svc to neutron-api. This patch does not
modify the default behavior but allows specifying
the flag to false to prevent devstack from creating
the public and private networks.
Change-Id: I952672496d007552c0c4d83db0d0df9be50326fc
Signed-off-by: Josh <jhershbe@redhat.com>
Neutron functional tests want to use ubuntu cloud archive but it's
not possible to source the fixup_stuff.sh from a neutron CI setup
script. Break it up so that only the UCA portion can be executed
from neutron.
Change-Id: Ie18833bfa30f1789e63cbe9c86f5ece3453f43fb
The block-storage endpoint was added to the catalog, but in the suburl
case it was not added with the /volume suburl. This leads to find it and
attempting to use it but not being able to because it's mis-formed.
Needed-By: https://review.openstack.org/545117
Change-Id: I84721c8ae637417e4b01be9e546ff77c250fc149
One of the steps when we create a new stable branch is to
branch devstack, then update the default branch for most
repos to use the new stable branch for each repo.
This requires making multiple updates throughout stackrc,
and to further complicate things, there are some repo
branch variables for branchless repos that should not be
updated along with the others.
This can be error prone if not fully aware of these
exceptions. To simplify this process a little, this
patch adds two common variables - one that can be set to
the new stable branch name for all of the repos that
should be branched, and one that can be used for all of
the branchless repos to make it explicit that those
values should be left alone. The cycle-trailing repos
have until two weeks after final release to branch, so
also adding another variable for those to make it easy
to update them at a later time, separately from the
other repos.
Change-Id: I82aa19e739eeda3721bac1cb5153ad0bf2d1125a
The nova-next job is being moved from openstack-zuul-jobs
to the nova repo and so we'll remove it's usage from
project-config, therefore we need to define it's usage for
devstack here.
The related project-config change is:
I36d96f89b3e5323746fcbcef5cc7e4d0384a184d
Depends-On: I24a5f73c29094a23e2fdef8ee8b43601300af593
Change-Id: I28971dc7e5cb0b5cf9698e5251a7bb099e63f3db
In Change-Id Ia3843818014f7c6c7526ef3aa9676bbddb8a85ca the 'host'
setting used for each of the fake compute hosts was accidentally named
'nhost' ('\nhost' was edited poorly), so the setting doesn't actually do
anything: you create multiple nova-compute processes they think they are
all on the same host and only one hypervisor and resource provider is
created.
With the correction in place, the wait_for_compute function needs to be
updated to be aware of the fact that the hostnames on the compute
services will have a numeric prefix when the fake virt driver is used.
Change-Id: I5e8430d170c0b1c4f195ebe510aff8be59e4a3bc
In the run devstack role we specify a path to devstack_early_log then
hand it to stack.sh as a parameter which stack.sh does nothing with.
While looking at a fix for this it was pointed out that these early logs
make it into the job's output log now so we don't need a special file
for them. Rather than handle this as a special case just let the
job-output.txt log file pick up the logs for us which allows us to
remove this unneeded feature.
Change-Id: I9bedbe91c60257d94173b1c70676dd6c2b49dc91
This change mimics how fixed_key would actually be deployed in a real
world environment, with a single key shared across Nova and Cinder
across all hosts.
Change-Id: I50a48e2da57a1cc1ecd250150ea6e9c3745baaca
Move extensions_to_txt to the job defintion so that it may be
extended by descendant jobs.
Depends-on: https://review.openstack.org/540485/
Change-Id: I6e9009faa1451698ed781ce1ffdd9f22c97daa93
The role is logging a lot of useless data with all the stat info
from various config and log files. Remove verbosity using no_log.
Change-Id: I72c721573ffc4a14adc3e2b29285c1071b7ec4f7
Zuul no longer requires the project-name for in-repo configuration.
Omitting it makes forking or renaming projects easier.
Change-Id: I32868cec22149ec1c18fe2737a65e88d32bff531
In some environments it might be useful to resolve the hostname to
an IP address that is reachable by other hosts in the local network.
If some of the configuration scripts have taken care of putting
a proper line in /etc/hosts, do not try to override it by appending
a 127.0.0.1 one.
Change-Id: I7ae20a66c473b0c683803cc44654cd95fcce3639
Closes-Bug: 1746751
The zuul_copy_output variable is designed to be able to be used as
a zuul job variable so that zuul dictionary merging will work. However,
it's currently being set in the playbook rather than as a job variable,
so it's not possible to supplement it in a child job.
Move it to be a job variable. Also remove the wrapping {} as they should
not be needed to make zuul_copy_output a dictionary.
Change-Id: I78c7fed47c2ab868384c74dbff7904d33d510dd9
As libpcre3-dev&pcre-devel are now added as general prerequisite,
remove it from horizon prerequisite.
Change-Id: I872aec210028373c39baee0ab846469fd9920de9
This patch add libpcre3-dev and pcre-devel package for python-pcre
installation.
Closes-Bug: #1745606
Change-Id: I59fc688519341c90dc33b79d536f0625a6c4dd17
In function 'get_instance_ip', 'nova' client command is used to get
instance information in order to retrive IP address of the instance.
There is no need to use the nova command, since 'openstack' client
already supports such basic operation.
Moreover, 'openstack' client has an option to get value of specified
column. That brings more accurate way of retriving IP address.
This patch replaces nova command in 'get_instance_ip' by 'openstack'
command. Note, this nova command is the only one in devstack tree.
Change-Id: Iee0b81a994a4da5b3f4572c2e8eb30514cd43f89
Signed-off-by: Ryota MIBU <r-mibu@cq.jp.nec.com>
Castellan switches the `api_class` config option to `backend`. The change
is still backwards compatible with the old `api_class` setting, but cinder
already updated to use the new option (see I5e46c738531d5d56777e91a00f4cee9531356f2e)
and it is better to use the new setting.
Change-Id: Ib609c82e7076d19676baaf4f08abd79ea11db0e3
There is no way to upgrade ironic before nova because of
grenade design. In multinode job we do not restart nova
as we test partial upgrade of ironic there.
On slow nodes upgrading ironic takes time and nova looses
ironic connectivity
This patch increases api_retry_interval and api_max_retries
to make sure we have a time to upgrade ironic before nova
compute stuck.
Change-Id: I3b1429d6561431a82edda04a0e574cac38771837
There is a hack here to set up ubuntu cloud archive, pinning it to
mirror.dfw.rax.openstack.org. The mirror-info role seems to be doing
this correctly now though, so let's remove the hack and let things work
normally.
Change-Id: I283cb3452245b64e9492806f06404b484f21c358
This adds the ENABLE_VOLUME_MULTIATTACH flag and if True
configures Tempest to run volume multiattach tests.
Note that due to https://bugzilla.redhat.com/show_bug.cgi?id=1378242
we can't run multiattach tests with the Pike UCA packages since
those include qemu 2.10 and libvirt 3.6, and the valid versions for
multiattach support with libvirt is qemu<2.10 or libvirt>=3.10.
Depends-On: I80c20914c03d7371e798ca3567c37307a0d54aaa
Depends-On: I158c6f20e3e6a24bd2e5299abbeb3fc5208e5885
Part of nova blueprint multi-attach-volume
Change-Id: I46b7eabf6a28f230666f6933a087f73cb4408348
Allow users to auto-create a neutron non-flat providernet public network
and use it for external router interfaces. By default, keep the existing
flat network type behavior.
Change-Id: I64f71b0c9fcac97b9b84b7d30ee61659b2a690f1
We have already established the correct version of Python to use during
installation, either automatically or through user-provided information
(USE_PYTHON3, PYTHON3_VERSION). Don't do it again.
Change-Id: I7bdf2be9a885994bf2c437dd104048a1ff2f6666
Closes-Bug: #1744096
This follows a change made to devstack-gate in commit 841ebc3 to allow
tempest to succeed even if it happens to run several volume tests in
parallel. Right now it's possible for a tempest-full test (run without
devstack-gate) to fail with an "Insufficient free virtual space" error in
the cinder-scheduler log.
Suggested by: Clark Boylan <clark.boylan@gmail.com>
Closes-Bug: 1743597
Change-Id: I16ccb9976d1bc7c9f56a6a4d73e35042a5867ef9
CentOS tests have reverted to using upstream for EPEL rather than
local mirrors, introducing some unnecessary instability. The root of
the problem is that /etc/nodepool/provider disappeared with zuulv3, so
we now always re-install the EPEL repo and overwrite the local EPEL
.repos files that were made during test setup and point to local
mirrors.
The other change is that we stopped installing the RDO repositories on
the testing nodes too. That we were incorrectly taking this path and
reinstalling EPEL has hidden the removal of these packages from the
base image in the test, since it ends up installing them too.
Split the install into two parts -- epel and RDO. Check for
/etc/ci/mirror_info.sh (the sourcable mirror script provided by base
test setup) and if so, just enable EPEL so we get the CI-mirror
version correctly. Install the RDO repositories (if not already
installed) unconditionally.
Change-Id: Iccb045a6695deb10da4d68a5694e1fa45ccbb810
'deactivate_image' feature flag was added long back during kilo
cycle. Tempest is going to remove this feature flag.
Depends-On: I843d4c64f24407d9d217005d5ea59d50d7ad62e7
Change-Id: I1ae8efc0e62acc5e05c1c00dc8970b74d8b16da0
Removing the (f23,)f24 support they are EOL.
The only non-trivial change is the apache-httpd default worker change,
however might not be bad idea to use `event` instead of `worker`
in the future, but for now keep it AS-IS and continue to use `worker`.
Change-Id: I96d414a30b58bc4b43da45066fdf310a6a830079
Closes-Bug: #1740194
Added NEUTRON_DISTRIBUTED_ROUTING to more easily control DVR
configuration. If set to True, DVR will be enabled and the
default agent mode will be set to 'dvr_snat' since that works
with all types of routers by default. Advanced users can
override that by setting NEUTRON_DVR_MODE, for example in
multi-node configurations where different agent modes are
desired.
This should bring lib/neutron inline with lib/neutron-legacy
in supporting all the different DVR modes.
Change-Id: I9f25921eefc5b935aad3bb1edc5e41ee0ce43a84
The subnet-range parameter is only sent now if a valid value exists so
the command will not fail
Change-Id: I5296f5b59bc6d3d3db90a685a8678db9a156eece
Closes-Bug: #1718111
It is possibe for the user to override te etcd version, thus download a
different etcd file, but the checksum is constant, so the checksum
verification will fail in that case.
Added the ability to specify a different checksum, so the user would be
able to specify the new version checksum
Change-Id: I85af3af841ae957964f18d4e37a86ab0703882bc
Closes-Bug: #1736718
Worlddumping on a system without net-tools package gets an error showing
"arp: not found". As iproute2 can also show arp tables, we use it
instead.
Change-Id: I0cd83e6d14959dc5a1147c487b11f27fb92aa20a
These files are quite large and disk space is limited so make sure we
compress the log files before copying them to storage. Additionally
os-loganalyze will only operate on gzipped log files so this should fix
os-loganalyze with tempest-full job's logs.
This is mostly a check to confirm everything works as expected but we
probably want to move the gzip step into the log publication roles so
that all log files end up compressed.
Change-Id: Ie87962428e0ca755c211cc5e664a14a9f2a79ac4
In Queens cycle, the code of django_openstack_auth was merged into
the horizon repository. The master branch of django_openstack_auth
will be retired. (horizon blueprint merge-openstack-auth)
This commit drops django_openstack_auth related code from DevStack.
_prepare_message_catalog_compilation in lib/horizon was used only
in install_django_openstack_auth, so it is dropped too.
Change-Id: If9467c520a1e07d1968b29e485df0097330356bc
Do not run devstack and its siblings if only rst files, releasenotes, or
files in doc directory change.
This is the minimal set of irrelevant files shared by most projects
already.
Needed-By: Ie8504ba3d5d46f6338a228ed2d248ba6363e37ae
Change-Id: Id0095763eb91592c2fd1a913526883987df704bd
Nova now calculates alternate hosts in the scheduler and
sends those to the cell for reschedules in case a build on
a given compute node fails.
The cell conductor needs to claim resources against the
alternate hosts in Placement during a reschedule, therefore
it needs to be configured to talk to the placement service.
Part of blueprint return-alternate-hosts
Change-Id: Ie599968d9e7537e551fe6d9deb63a91b256b1e11
This patch creates a new config file glance-image-import.conf
at /etc/glance path. Also, each config option is initialized
with default values.
Need these changes to implement specs [1]:
[1]: https://blueprints.launchpad.net/glance/+spec/inject-automatic-metadata
Related-Change-Id: If14c7dc4f38360006f9cb350fbba54fa2f33be61
Change-Id: I665507db1838a50e344d3be909d7490f1f52040c
fetch-testr-output and fetch-stestr-output are being merged.
Change-Id: I00d448c4e6b98a1f504b048c74eff4e110c0b511
Depends-On: I833320cf9a932d8e119645eb798ce0c93d854321
The file won't be listed as long as it is called .stackenv.txt.gz, with
this it will be called _stackenv.txt.gz instead.
Change-Id: Ib3b44c287ffb2ec0e48fefef1662a1c02d162657
The whole devstack log is written into the console output
(job-output.txt) and into devstacklog.txt.
Remove it from job-output and add a devstack-early log file (same as in
legacy job) that includes all the output of stack.sh.
Make sure the log file is pulled into the stage folder so that it will
end up on logs.o.o.
Change-Id: Ia7c1d8fe5cc03d15f455c6e62ebf4a5f6d62ab1f
Historically we have collected devstack logs under /opt/stack.
Stop doing that and collect them in the stage_dir instead, so that
once the base job logs pull service comes around we are ready for it.
This add the benefit of writing things into a folder which is
already owned by the ansible user (ansible_user_dir), so we don't
run into issue writing there.
A few logs (devstack log, log summary and dstat) use to show up on
logs.o.o. just because they happened to already be in /opt/stack/logs.
With this change they would be lost, so adding them to post.yaml.
Depends-on: I5ad4dfccbc1389da3afc53f3c866d3475e006db6
Change-Id: Ib4be2f5056c0dc2b776de4a0d18b47b12624be92
The sphinx jobs need to find doc requirements in either
test-requiremnts.txt or doc/requirements.txt. Putting them directly in
to tox.ini, not so much.
Change-Id: I98a43b511a6949fa4f00c26eec224d24d6fa6588
Tempest is going to test volume v3 APIs as default
in gate and running a separate job to run tests on v2 APIs.
To give this ability, this commit provide a var to tell
which API version need to be tested and accordingly it
configure the catalog_type and microversion setting on tempest.
Change-Id: I531f3b32e81ac5d282461597ca286c09429cb143
Needed-By: I0c9193501eb9eaa25eb5f0786bb72eb7855099fb
The loopback device is created for ceph osd. If the directory
${storage_data_dir} has been mounted when create disk, we should
umount ${storage_data_dir} instead of ${storage_data_dir}/drives/sdb1.
Change-Id: Ie9fe81c820c485dab9f049cf5a81c02424925728
Closes-Bug: #1689089
The current Glance config files are a combination of copied and
generated files. This patch makes all the files generated and
removes now unnecssary ini(un)comment statements. It additionally
removes some ini(un)comment statements that weren't having any
effect on the previously generated files.
Change-Id: I6e4b7694e8bebb7fe6661ead034ee257c768e342
I keep copy-pasting these to projects from the shade repo. Let's make
some base jobs people can more easily use.
devstack-tox-functional runs devstack and a tox functional environment.
devstack-tox-functional-consumer is the same, but runs devstack in pre.
It's intended for projects for whom patches to the project won't
actually impact the devstack deployment (shade, nodepool, gophercloud
are all examples of such things)
Change-Id: I84de60181cb88574e341ff83cd4857cce241f2dd
Without installing the targetcli package
tools and configs can be missing.
The code was correct baside a typo,
it is `ISCSI` not `ICSI`
Change-Id: I32e5d84d87560458f0eaaf820dcd00c86e6dec8b
The devstack base job in in use in many projects, but it is not being
gated here in devstack. Let's add it to the list so that we don't
accidentally break it.
Change-Id: Iea13235a8438d4b540f9f27b94aed13e719481dc
Use the test-matrix role from devstack-gate to define a base set of
services to be enabled for the controller and compute nodes.
Extend the local conf module to handle the base set of services.
Since the test-matrix defines services for primary and subnode nodes, we
need a multinode job to test that this works. Add a new host group
called subnode that includes the non-controller hosts. Add a new job
that runs devstack on a two nodes environment.
Using service from the test matrix enables swift in the gate, so we need
to set SWIFT_HASH for devstack to work.
Depends-on: Ie36ba0cd7cfcd450b75000a76a64d856f2a83eba
Depends-on: Id9ad3be4be25e699f77d6b5a252f046ce8234f45
Change-Id: I379abf482c89122533324e64fefbff3d5a618a89
It had been in stop_placement, but we don't want it there: the old
side of grenade needs to call that but should not remove the uwsgi
configuration when doing so. It is configuration, after all.
Change-Id: Iee763adf7895145d97b184924896db3f1f48a015
Partial-Bug: #1736385
Several legacy jobs use the OVERRIDE_ENABLED_SERVICES variable
from d-g so set the list of services that should be enabled and
ignore the default set calculated via the feature matrix.
Add support for a similar functionality in the zuulv3 jobs
using the 'disable_all_services' localconf function.
Change-Id: I690554ec62cef3be600054071efbb3f92a99249e
python-openstacksdk does not match its pip name which is openstacksdk.
So setting python-openstacksdk in LIBS_FROM_GIT leads to devstack
thinking there is a problem.
Put in a workaround for now. It would be better to either:
a) rename python-openstacksdk repo to openstacksdk
b) rename the pip name for openstacksdk back to python-openstacksdk
c) add general support in the various GIT hashes for a pip name
Change-Id: I57cf95763d54ad2060a4ce2af91c3ba18ca04db0
Cinder has now implemented "policy in code" and policy.json is
only needed for overriding default policies. The default policy.json
file has been removed in Cinder so we need to stop trying to copy
it during Cinder setup.
Change-Id: I364e401227fe43e2bacf8a799e10286ee445f835
This will enable us to run one etcd for devstack and another
for kubernetes in the same box if necessary
Change-Id: Ib71ded24727b80afd4d98eb68bade0f8c0f72311
The local requirements repo can be checked out to a stable branch,
in which case, the requirements might conflict with tempest's master
requirements.
Master branch's upper-constraints should be used when building tempest's
venv.
Closes-Bug: #1706009
Change-Id: Ifd64638cae2886671421149dbbff3a57f9c64257
The 'pip list' command prints the "safe name" which converts _'s to
-'s amongst other things; e.g. glance_store becomes
"glance-store 0.21.1.dev22 /opt/stack/glance_store"
Because people may use these more familiar "file system" names in
LIBS_FROM_GIT automatically convert names when checking if libraries
are installed.
Change-Id: I30524f80a341f38dfa794a8f629d859e85a4a448
In commit f0cd9a8b08 we changed to
use column format, but it checks for zero length string and
check_libs_from_git fails.
Change-Id: I97b52b80efb33749647229a55147a08afa112dd2
Add a no-op function, "plugin_requires" to allow plugins to indicate
their dependencies on each other. This will be used by the Devstack
Ansible module when writing local.conf files.
Also add define_plugin to allow plugins to indicate their canonical
names.
Change-Id: Ibd8c7222ed7dfb08d7ea821d871fc6f3b88de24b
Some old configuration(such as, LOG_COLOR config) will remain
if we don't cleanup.
So, we should cleanup the configuration before we config it.
Change-Id: I7aff609dadf3acba13a36894614b35005f51280d
The kvmibm removal I009ae4779588615633bff81d0c47a1b879ec9279
incorrectly removed this (the check was install if *not* kvmibm).
Since we don't support kvmibm any more, it should be safe to install
everywhere as done here.
For the full history, it started with us installing qemu-kvm-ev with
Ide91b261f35fb19d8bd7155ca016fa3b76a45ea1, then we fixed it to be more
generic and just install qemu-kvm with
I46da627c0da8925064862fdc283db81591979285, then Fedora 26 support in
I5c79ad1ef0b11dba30c931a59786f9eb7e7f8587 made this install everywhere
*but* kvmibm.
Change-Id: If3e9661451ad1055e7c8d670605a53095f0aeda4
With the release of 17.10(artful), support for 16.10(yakkety) has ended.
Update our list of supported distros accordingly.
Change-Id: Id85e00f109cfd43141dec0c0d2bfedb66f14e664
This commit switches TimeoutStopSec in DevStack's systemd unit files
from "infinity" to "300". There are two motivations for that change:
* 5 minutes should be more than enough to stop a service.
* systemd included in CentOS 7 and RHEL 7 doesn't support "infinity" as
a value, "0" should be provided instead. When "infinity" is set,
systemd will kill the service instantly, leaving service children
processes orphaned. Instead of differentiating here, we can just set a
sane, finite number.
Closes-Bug: 1731275
Change-Id: I0a079ea9879fa4fbba23104c2f5ab6e0721a2a2a
Option nova_metadata_ip was deprecated in favor
of nova_metadata_host. lib/neutron was updated
recently but lib/neutron-legacy was missed.
Change-Id: Iadd42458dda705ad0c24aa4ab2afd5b27dd8f0e1
Currently doing a cycle of
./stack.sh; ./unstack.sh; ./stack.sh
fails because the leftover tls-proxy sites will cause apache startup to
fail on the second stack.sh run. So we need to disable these sites on
running stop_tls_proxy.
Change-Id: I03e6879be332289d19ca6a656f5f9f139dffff6f
Closes-Bug: 1718189
The mysql-community-server is a compat provide, openSUSE uses
mariadb for quite some time. Make it futureproof in case
the compat provide goes away in the future. Cleanup
mysql service name to MYSQL_SERVICE_NAME and consistently
use it.
Change-Id: I2df7b8d8b798dfa7ceade90e0c127e0609524a8b
Zuul now supports including the file extension on the playbook path
and omitting the extension is now deprecrated. Update references
to include the extension.
Change-Id: I4bff5f12742364f7cc92e17869a047fd2185dda4
A proposed change[1] to Zuul removes the implied run attribute.
Add an explicit run attribute here to prepare for that.
[1] Ia8f23bce9898cd4f387554e6787b091b63e75519
Change-Id: I1fbc36c3d1b8c4ed70fceef1c587255dad50da04
* Since ENABLE_KSM param will be used in local.conf file
and it's value is received in a variable and while compairing,
the variable needs to be compared. So we need to change the
same.
Change-Id: Id4ed17c0642acd2313e456503cfc375ca6f61409
Closes-Bug: #1724690
The old code was strip()ing the version string instead of split()ing the
version string so we always got the first character of the version
string. This worked fine as long as the pip version was single digit but
as soon as it rolls over to '10.stuff' we will compare:
pip version 1 (instead of 10) > 6
Which fails bceause 1 is less than six. Instaed we really do want to
compare 10 > 6 so use split on '.' instead.
Change-Id: Ic7d0c04d7fa77774ab2d70fb9d11f182becec553
Nova is gaining the ability to run TLS over the connection between the
novnc proxy service and the QEMU/KVM compute node VNC server.
This adds a new config param - 'NOVA_CONSOLE_PROXY_COMPUTE_TLS=True' -
which instructs devstack to configure libvirt/QEMU to enable TLS for the
VNC server, and to configure the novncproxy to use TLS when connecting.
NB this use of TLS is distinct from use of TLS for the public facing API
controlled by USE_SSL, they can be enabled independently.
This is done in a generic manner so that it is easy to extend to cover
use of TLS with the SPICE and serial console proxy services too.
Change-Id: Ib29d3f5f18533115b9c51e27b373e92fc0a28d1a
Depends-on: I9cc9a380500715e60bd05aa5c29ee46bc6f8d6c2
Implements bp: websocket-proxy-to-host-security
The pip list command supports a --format=columns option which outputs
things in space delimited columns. Switch to using that.
Change-Id: I5140a7d83bf567b1c3c67516112eb4c57074fa53
Reason is to be identical to the upstream KVM CI. Some Tempest
tests rely on vdX virtio-blk device naming. Others simply create
their own with a brand new image. Also, the scsi support on the
CirrOS image is limited, tests booting from volume fail.
Change-Id: I389147a58042aa6098a695e6dd32f3e697fbbbab
This makes the condition that chooses which daemon name libvirt to call
the same as for choosing the livirt package names.
Without this fix the condition checking for a directory is incorrect
when livirt is not yet installed, but is used before installing the
packages.
Change-Id: Ib5eb12769128527a6f4b3b5f7674bd2dad0ed160
VPNaaS agent is going to be an L3 agent extention.
Related-Bug: #1692128
Depends-On: I0b86c432e4b2210e5f2a73a7e3ba16d10467f0f2
Change-Id: Id827274b7c74cdf71db6d1f2ab3eadb5fef099f5
The file matcher was from the early versions of this when we were
running both v2 and v3. We should always run the new devstack
job on all changes to devstack now that v3 is in production and we
plan on building jobs off of this one.
Change-Id: I7dd336b0059043f6653bdfdcba0ee5cded3e67b1
This should be managed in the devstack repo, since it's a base job to
run devstack.
Change-Id: Iffe54fbccbccd68db08f79a1b51dd7f76dbff408
Depends-On: Ie2119f24360d56690ffd772b95a9ea6b98dd4a39
As the following commit has renamed the two vnc options; let's
use the new options in devstack:
https://review.openstack.org/#/c/498387/
Change-Id: Id125666814ea9bb8a22b579aee0f6bc1c65ade80
block-storage is the official service type for cinder, according to the
service-types-authority. Add it as a service in devstack, with cinder's
unversioned endpoint, to enable proper discovery.
Change-Id: I75cf7212678f7f270c3c32f0bce227dbbf6b466d
The IBM hypervisor distro "KVM for IBM z Systems" gets discontiued,
like announced in March 2017 [1]. The key dates are:
* 03/2017: announcement
* 08/2017: the last day to order (EOM)
* 03/2018: the End of Service (EOL)
As the CI which tests OpenStack with KVM on IBM Z doesn't rely on this
distro anymore and EOM has reached, we remove the Devstack support for
this distro.
This basically reverts commit a5ea08b of Dec 2015.
NOTE: This doesn't affect other distros which have KVM on Z support.
References:
[1] FAQ for KVM for IBM z Systems Delivery Strategy Change
https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSQ03110USEN&
Change-Id: I009ae4779588615633bff81d0c47a1b879ec9279
Strip the [<extras>] string from a <package_dir>[<extras>] argument
when looking for the package directory. Explain what the heck is
going on.
Change-Id: I79beb5c3e9e7c35c91cdd0d5a1d91532bebc4b6d
Closes-Bug: #1721638
We install the glance api on all nodes in multinode testing. This has
been failing because we don't configure the glance auth cache dirs if
we only install the glance api service. This was done as part of
init_glance which is only run when installing g-reg.
Fix this by moving the auth cache dir creation step into
configure_glance which is run for the glance api.
Change-Id: Ie669827507df0f524e6e53fe4ab3dff848dd4bd7
This reverts commit ef5ebed6c9.
The problem here is a backwards-incompatible change to
configure_auth_token_middleware. Plugins are still passing a
"signing_dir" which is interpreted now as the "section" argument
... this leads to an interesting red-herring issue; because "v" is a
gnu sed command for checking the version, a signing_dir of "/var/..."
(as done in most plugins) gives the weird error:
sed: -e expression #1, char 32: expected newer version of sed
I think we'll either need a new function, or dummy arguments to get
this back in.
Change-Id: I2098d4eb2747282622cf486fa7dbf216f932f58b
As described in the change, "pip freeze" has issues with the way
zuulv3 clones repos without a remote. This is an attempt to use "pip
list" to check for local install
Change-Id: I33d25f86b6afcadb4b190a0f6c53311111c64521
"pip freeze" reports an error when checking because the repos don't
have a remote under zuulv3
---
Error when trying to get requirement for VCS system Command "git
config --get-regexp remote\..*\.url" failed with error code 1 in
/opt/stack/new/keystone, falling back to uneditable format
Could not determine repository location of /opt/stack/new/keystone
Complete output from command git config --get-regexp remote\..*\.url:
---
This means this check fails. I think we can fix this by looking at
"pip list" which I will propose in a follow-on, but this fixes the
immediate breaking issue.
Depends-On: Ib12ddf768ee20fd7614622179f6842f5d57864ff
Change-Id: I21ff749ab3e7911fa074e6d53056768f42f8aa57
Change f119121d21 removed
the default image to download which meant if you were using
the fake virt driver, no image would get downloaded and
tempest setup would fail.
This adds it back in but doesn't use a wildcard.
The default image is the same as before, but uses the
variables that are also used for the default libvirt image
case.
Change-Id: I80eddd0d3a99572ed494b5cd36fed8ceb4d05d77
Closes-Bug: #1720003
Memory_tracker imports psutil, but does not run inside a pip/virtualenv
so the system provided psutil library needs to be provided. This
is matching what is done for other non-SUSE distributions
Change-Id: I96f944730dc8644333d906d71339351b29b03e08
PKI tokens have been actively deprecated from keystone and there are
deprecations being emitted from keystonemiddleware. Because of this we
no longer need an auth cache directory in the services where the PKI
certifcates used to be stored.
Remove the creation and use of all these AUTH_CACHE directories.
Change-Id: I5680376e70e74882e9fdb87ee1b95d5f40570ad7
I had to dig around for awhile to figure this out, so
this adds an example on how to grep journalctl nova logs
for a server instance UUID.
Change-Id: I6a5c47fbcba3af1822e2f9efc2ac20ebe0387f3f
Castellan switched the `api_class` config option to `backend` in commit
8980bf7da55dd084ad84c84534fe937f0d43b9c0. The old setting will still be
recognized for now, but we should switch to using the new, correct config
option.
Change-Id: I5e46c738531d5d56777e91a00f4cee9531356f2e
We want that one to be installed via pip, if we still use it
(by default PyMySQL is used, which is already installed via
pip as well).
Change-Id: I76454aa7f84379aa387b144686bcfaa327b141ed
There have been a couple of new stable releases in the meantime, update
to using v3.1.10 which is the currently latest stable version.
Change-Id: Ifa1421c9f12af9753052f992929deb7ebd45e804
lsb-release is a dependency of "lsb", so it used to work
before just fine as well, but it was installing about 300MB
of "stuff" that we don't actually need..
Change-Id: I25c7c750cbaeb40bf4f2e8695608c4b1003289ea
In a devstack environment you likely need to use sudo
to run the journalctl command, so this adds that to
the examples.
Change-Id: Ibe6b71285a3014e80e06a50130f18bfbdb4ff3ab
The v2.0 identity API is being removed in the Queens release, but in
order to do so we need to stop some v2.0 tempests tests from being
run. This commit switches the default to disable the keystone v2 api.
In a future commit after the removal of the api from keystone the bits
to deploy the v2 api will be removed.
Change-Id: I5afcba6321f496b8170be27789bee7c9ad8eacce
(1) when checksum fails, better delete the broken files and try the second time;
(2) amazon s3 is not good in mainland China, better try one more time with wget
Change-Id: I24ee73f216b78bd80564863cd335e5d5a9b56360
Otherwise neutron will fail to bind external ports because of missing
entries for external physical network in the mapping.
Configure it only when l3 agent is also installed on the node (otherwise
the l2 agent is not exposed to external network and hence doesn't have
the bridge).
Change-Id: I561b74538acb0dc39f1af3e832108ce6a99441b0
The client are told to connect to SERVICE_HOST instead of HOST_IP, so
we need to start etcd3 with matching listening parameters.
Change-Id: I96389090180d21d25d72df8f9e8905b850bcaee9
Partial-Bug: 1656329
This reverts commit a7e9a5d447.
The jobs that run live migration tests are failing at about
a rate of 50% since this merged. There are no recent changes
to nova in the last 24 hours that are related to live
migration, and this is failing on the master branch only,
so I suspect the failures are due to new qemu packages
getting pulled in from this change.
Change-Id: Ic8481539c6a0cc7af08a736a625b672979435908
Closes-Bug: #1718295
By default memcached is bound to 127.0.0.1 and we have no code in place
to change that. So instead of using the $SERVICE_HOST variable, we
hardcode it to localhost, just as we do for the cache settings, see [1].
This also avoids a bug that occurs when $SERVICE_HOST contains an IPv6
address, as in that case it would have to be prefixed by "inet6:" [2].
[1] I95d798d122e2a95e27eb1d2c4e786c3cd844440b
[2] https://bugs.launchpad.net/swift/+bug/1610064
Change-Id: I46bed8a048f4b0d669dfc65b28ddeb36963553e0
Partial-Bug: 1656329
In the "DevStack Component Timing" section, display the unaccounted
time.
Also add the units (seconds) to the output to make it clear to viewers.
Change-Id: Iaca82cc54a355f7077e20e548b771e53387f6628
https://review.openstack.org/504171 prevented Python version detection
from failing when python3 is not installed. However, "which python3"
returns a message in stderr when python3 is not there, and this output
can make diskimage-builder get confused when parsing
source-repository-images.
Change-Id: Idb649dc341ede73c39954b0432ef3cacf379ed37
On platforms without python3 installed devstack fails the python
version check. This does it more gracefully.
Change-Id: I4d79a41eb2d66852ab1a1aa8bd383f8e3e89cdc0
lib/neutron service prefixes are neutron-* not q-*. We should install
those packages either way.
The patch moves files/*/neutron into files/*/neutron-common so that we
can correctly match */neutron against service specific dependency files
(f.e. */neutron-agent) and load the common packages if any neutron-*
service is present.
Change-Id: I57b36f2ed3f33737223a35d9ed734bb414f31e0b
Since [1] devstack is failing on s390x with "Distro not supported".
The reason for this is the missing etcd3 support. It worked before
[1] as we were able to disable etcd3 via local.conf. But as etcd3 is
a base service, we might not be able to rely on this workarond in
the future anymore.
As there is no etcd3 binary hosted on github like it is for other
architectures, the user needs to specify an alternative download
URL via local.conf. Otherwise devstack will exit with an appropriate
error message.
ETCD_DOWNLOAD_URL=<custom-download-url>
[1] https://github.com/openstack-dev/devstack/commit/d8bb220606737719bcdf7c5b4f54906f2974c71c
Change-Id: I1c378a0456dcf2e94d79a02de9d3e16753d946d6
Partial-Bug: #1693192
DVR isn't supported by the Linux Bridge agent, but the
mechanism driver is enabled by default, so Neutron attempts
port-bindings for it, generating ERRORS in the neutron-server
log in the check and gate jobs. Just remove it in the DVR case.
Change-Id: Ic50e12e5fecf366a182c141b5c99649e653254cb
Closes-bug: #1716782
Without this patch, the pmap -XX call fails on openSUSE Leap
distributions as those have a fairly ancient procps version that
does not support the -XX parameter. A pure python implementation
is more portable, faster and even shorter than the subprocess
call.
Closes-Bug: #1716066
Change-Id: I2fdb457e65359a1c9d40452c922cfdca0e6e74dc
uwsgi services:
[1] By default uwsgi is set to exit on reload this breaks config reloading
of the service [1][2]. It needs to be set to 'false'.
[2] Requires to add 'systemctl reload' command support by adding ExecReload
in unit file.
Non uwsgi services:
[1] Non uwsgi services only requires to add ExecReload in unit file.
There was a similar patch submitted by Matthew Treinish [3] but it was
already set to workflow +1(not merged as having dependency on other patch)
and it was having some issues as specified in comment and missing reload
functionality for other services.
[1] https://etherpad.openstack.org/p/uwsgi-issues
[2] http://uwsgi-docs.readthedocs.io/en/latest/Options.html#exit-on-reload
[3] https://review.openstack.org/#/c/490904/2
Change-Id: I78f5e9d4574671c74a52af64724946feb41c2d7a
Add instructions for installing and enabling remote-pdb [1] under
systemd.
[1] https://pypi.python.org/pypi/remote-pdb
Thanks to clarkb for pointing me to this. TIL.
Change-Id: I640ac36cfbcc5b199e911c0e3f6b18705c3fbbc4
This makes sure that the openstack client placement plugin gets
installed when either LIBS_FROM_GIT includes osc-placement or
placement is used, which is always now if you've enabled nova,
which is enabled by default.
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Depends-On: Ica83e29780722dd1555904e46b9ff1d1fdf72516
Change-Id: I7c5a5c10288b356302bb3027837d4ed4f0fbad8c
This was previously set to thin as the default, but at the time
there were failures seen with what appeared to be race conditions
when creating snapshots.
These failures are not seen locally, and we have a lot of installs
using the default auto by this point with no reports from the field
of seeing this failure. This is to be able to more extensively test
this in the gate, and hopefully get this switched over to be able
to thinly provision by default when possible.
Change-Id: I3e99adadd1c37ba8b24b6cb71a8969ffc93f75a1
Related-bug: #1642111
Now that Pike has been released, switch to using the pike version of
UCA instead of ocata, too.
One reason to do so it that it adds python3-ceph packages, allow to have
progress with the python3 compatibility of the Ceph integration.
Change-Id: I7d95e53892b697c72af75ad0ce7ce2dec6d31fde
For devstack master branch we should point to the latest version and not
to some possibly outdated older branch.
Change-Id: I4af3aef90a2c295df3de4a5b49d127e85ab517ac
1] Process using uwsgi:
uwsgi services doesn't support for graceful shutting down [1].
It requires some changes in unit files [2] including adding below
graceful shutdown hook and changing KillSignal:
--hook-master-start "unix_signal:15 gracefully_kill_them_all
All the steps and changes required are specified in etherpad [1].
2] Non uwsgi services needs below changes:
In [service] section:
a. Add KillMode = process
b. Add TimeoutStopSec = infinity
NOTE:
Creating unit file for services other than uwsgi is handled by the
'write_user_unit_file' function [3]. This function is common for all
the services so this patch adds the above mentioned parameters for
services using ServiceLauncher also though they don't require.
Added a new stackrc variable WORKER_TIMEOUT which is required to add
graceful shutdown support to uwsgi services. It will be set as a value
to 'worker-reload-mercy' [4] in uwsgi file of service. The default
value set to this variable is 90.
[1] https://etherpad.openstack.org/p/uwsgi-issues
[2] https://www.freedesktop.org/software/systemd/man/systemd.kill.html
[3] https://github.com/openstack-dev/devstack/blob/2967ca3dfd0d64970dfa5dfa7ac2330ee7aa90ed/functions-common#L1439-L1461
[4] http://uwsgi-docs.readthedocs.io/en/latest/Options.html#worker-reload-mercy
Co-Authored-By: Dinesh Bhor <dinesh.bhor@nttdata.com>
Change-Id: Ia95291325ce4858b47102dd49504250183f339ab
We need this for every devstack run now, so downloading it from github
every time isn't the most awesome thing in the world.
Add an extra variable EXTRA_CACHE_URLS which will be appended to the
output of tools/image_list.sh. This way, these files will be
downloaded during the daily nodepool build, but they will not be in
the IMAGE_LIST and hence be considered as images to upload.
Add a function get_extra_file which echos the path to a file given the
URL. It will first check the cache at $FILES, and if not present
download it.
Update the documentation in image_list.sh to reflect what's happening.
Move the defaults for etcd variables into stackrc, since it is a base
service now.
Change-Id: I86104824a29d973a6288df1f24b7891feb86267c
1) Update doc links according to OpenStack document migration
2) Use https instead of http for docs links
Change-Id: I81b560d1e4c5210dc00a6a6ac06c03bb1e69d595
This is proposed temporary change to avoid
"ValueError: need more than 1 value to unpack" error in stack.
Change-Id: I743febbef3a1f201cea37471356518be31585277
This tears out the alternative path of using screen, so that we only
use systemd enabled paths. This simplifies the number of ways that
devstack can be run, and provides a much more reliable process
launcher than the screen based approach.
Change-Id: I8c27182f60b0f5310b3a8bf5feb02beb7ffbb26a
Leaving the default user enabled is a security issue, as it can be used
without credentials. It also may mask issues like seen in [1].
[1] https://bugs.launchpad.net/bugs/1651576
Change-Id: I75b4e5696c0f8017b869127a10f3c14e2f8bd121
Various services are returning broken links when running behind
tls-proxy. These issues can be fixed by setting the X-Forwarded-Proto
header in the apache config and letting oslo_middleware parse it.
Change-Id: Ibe5dbdc4644ec812f0435f59319666fc336c195a
Partial-Bug: 1713731
The pre-existing configuration for swift on devstack set's the
*-server's devices option (the root of the servers list of devices) to:
devices = /opt/stack/data/swift/1
where "1" is the node_number, and will be 2, 3, ... N if the devstack
machine is built with more than one swift node/device (pretty sure no
one does that on devstack ever).
The device(s) in the rings are named (perhaps confusingly similar to the
swift loopback image) just "sdb1", so all storage servers expect to have
a $STACK_USER writeable file system at:
os.path.join(<devices_root>, "sdb1")
That directory does not exist when you start up a devstack [1].
Currently Swift's object-server's require that directory exist before
they write data into it (even with mount_check = false!).
Unfortunately however, with mount_check=false the account/container
servers are able to create the device directory when it does not exist
[2]. Which can lead to some unfortunate results with permissions on
some deployments using mount_check = false (e.g. testing or
containerized environments). Fixing this issue [3] uncovered the
previously benign [4] mis-configuration in devstack.
Attempting
1. It was lost a long while ago I7c65303791689523f02e5ae44483a6c50b2eed1e
2. Essentially they want to:
mkdir -p /opt/stack/data/swift/1/sdb1/containers/<part#>
... but end up creating the "sdb1" dir too!
3. I3362a6ebff423016bb367b4b6b322bb41ae08764
4. Benign because the object-server share their device with the
account-container devices and they would create the dirs before trying
to write an object. It was incorrect, but worked by happenstance, which
is nearly as good as worked on purpose.
Change-Id: I52c4ecb70b1ae47e613ba243da5a4d94e5adedf2
In [1] the definition of the function was changed, adding the service
name as first parameter. Since this seems to have caused failures in
some plugins, at least update the function template accordingly.
[1] Ifcba410f5969521e8b3d30f02795541c1661f83a
Change-Id: I4d03957f8d3a18625f06379fb21aa7ba55e32797
Dragonflow can operate without L3 agent, and does not advertise L3 agent
scheduler extension when running this way
Change-Id: I23d0e558c8454636fcde0a1903c78965b70bc324
I am a new participant, and when I read the document I found that the command in the OS_AUTH_URL example is v2.0, so I want to update it.
Change-Id: I973adc303a3cb37ce377ca4e31d1d666cd41b358
When run in the default superconductor mode, the screen-n-cond-cell1
logs are not formatting in oslo format or colorized like the other
logs. This is because screen-n-super-cond is running using nova.conf
which is configured for oslo format logging with color.
The oslo format logging is also needed to correctly index the logs
from screen-n-cond-cell1 in logstash.
This change simply configures nova_cell*.conf files for logging
like nova.conf.
Change-Id: I44fc11f09bb7283be0b068f5e02a424f3e5dafe2
Closes-Bug: #1713070
Query the python2/python3 interpreter for it's version to fill in
PYTHON3_VERSION and PYTHON2_VERSION defaults. This means on a
python3.6 platform such as Fedora 26, we don't need to override the
default.
Change-Id: Id826f275b99b9f397b95e817941019fc503daa1d
Add a function which tests if a plugin has been enabled with
enable_plugin. This is helpful if two co-ordinating projects want to run
specific setup in devstack in one only if the other is enabled.
Change-Id: Ibf113755595b19d028374cdc1c86e19b5170be4f
* Check KEYSTONE_DEPLOY flag and cleanup appropriately
* When we stop process, we should not wipe uwsgi config we should
remove files only on cleanup
* We should not call cleanup *BEFORE* configure, we are just wiping
out the uwsgi ini files
* cleanup_placement should be called from clean.sh
Change-Id: I066f5f87ff22d7da2e3814f8c2de75f2af625d2b
Code in grenade and elsewhere rely on the process/service name
when one runs "ps auxw" and they grep for example "grep -e glance-api"
to check if the service is running. with uwsgi, let us make sure
we use process name prefix so it is easier to spot the services
and be compatible with code elsewhere that relies on this.
Change-Id: I4d1cd223ed9904fcb19b26fc9362b676e0b4f9b3
This adds a new feature flag on tempest conf whenever LDAP is enabled.
When this flag is set to True Tempest users and groups identity tests
adapt to fetch users and groups from different domains.
Change-Id: I368ddf34908b906355c422bd1afd6ab9b1a80053
Depends-On: Iedb470c51fa2174ab7651e6b7e22eff1f25f7aac
We want people creating plugins (that add services) to be aware of the
service-types-authority (STA), so this change adds a Prerequisites
section and notes the existince of the STA there, and the need to apply
there to create a service-type.
Change-Id: I1aa48fe231aaa4499f8b4fe336abea668841b9af
stop_nova_conductor dropped the ball when the CELLSV2_SETUP mode is
set to "singleconductor". We should cleanup the older style "n-cond"
in this case.
Change-Id: I9ffd6d09df6f390a842b8a374097f144564d2db4
... to be used with domain_remap. Swift will start functionally testing
domain_remap in I63428132283986bda9e5c082ffe85741449b71ba.
Change-Id: I4c1ab06d040d91fd8c314d0aa2cecbbb00adf8ad
Now that the pike branch exists we don't want to special case grenade +
system on the target side. We should use systemd for both sides of the
pike -> master upgrade. Note this change should not be backported so
that we do not attempt to use systemd on the ocata -> pike upgrade path.
Depends-On: Iedf824a1772115e0dff287a898636f8e58471269
Change-Id: I6198bf1842a44773fce80672c81eee3afc3c6f38
Calling setenv appears to be globally scoped which is breaking the
glance path which relies on chunked uploads. The glance path is
separated by using mod_proxy instead of mod_proxy_uwsgi because
mod_proxy_uwsgi doesn't support chunked encoding.[1] The proxy-sendcl [2]
was set on the mod_proxy_uwsgi path just in case someone tried to send a
chunked request to the api server we would be able to handle it. It
tells apache to locally cache the chunked request and send the
content-length as a normal upload to the upstream server. However, if we
can only set it globally across then small potential benefit is not worth
having all glance uploads cached by apache. This commit just removes
setting the flag. In the future if we can have devstack isolate this
flag it might be worth adding back to the mod_proxy_uwsgi path, but for
right now it's not worth the tradeoff.
[1] https://github.com/unbit/uwsgi/issues/1540
[2] https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#request-bodies
Depends-On: Idf6b4b891ba31cccbeb53d373b40fce5380cea64
Change-Id: Iab2e2848877fa1497008d18c05b0154892941589
Closes-Bug: #1709970
lib/nova does a pip re-install of libvirt-python to rebuild the python
library incase the underlying libvirt version changed during package
installs. In offline mode, the underlying version of libvirt can't
have changed; so we have the situation that we've removed the libvirt
python bindings but can't reinstall them (because we're offline).
This fixes that particular situation, but skipping uninstalls in
offline mode seems generically OK.
Change-Id: I2b75d45d94d82f87d996c7570c125d46f5f99f6a
Closes-Bug: #1708369
Configuration options that toggle support for LDAP read/write
were deprecated and removed as of the Ocata release:
I13eada3d5c3a166223c3e3ce70b7054eaed1003a
This means we no longer need to clutter the domain-specific
configuration with these values since they are no longer used.
Change-Id: I23b5b994862f066c3d48ce524c396faecabf60f8
In Ocata, we replaced the verification logic for CPU, RAM and disk by calling
the Placement API instead of using those legacy scheduler filters, it's time
to remove them from the default list of filters that are run, especially
since Nova now removes them from the conf opt defaults thanks to
Ibe1cee1cb2642f61a8d6bf9c3f6bbee4f2c2f414
Change-Id: I2e81f1bbce7476d63e84e70dcdd59a1163f89f09
Related-Bug: #1709328
i had sync the all repos of devstack for installing in intranet
environment, and found the url of noVNC had changed to
https://github.com/novnc/noVNC. This module upgrade from individual to
an organization. the old url had redirect to the new one.
Change-Id: I19fc1e2ad30dcd97cad232c9ad58f53a523616b4
There are some comment errors, it's modify 'Captial' to 'Capital' in
keystone file, and modify 'possition' to 'position' in openrc file, and
modify 'comming' to 'coming' in stack file, and
modify 'prefered' to 'preferred' in stackrc file.
Change-Id: I0fdd539cbfff842a4ba7fca9100b881443300f9a
In the original change I said "for infra nodes, it shouldn't do
anything anyway ...". Well that was pre-Fedora 26 :)
It seems that dnf > 2.0 now intentionally throws an error when trying
to explicitly install an ignored package. Thus, as described in the
comment, take a simpler approach of skipping this on infra nodes.
pip-and-virtualenv in dib should have installed the latest pip,
virtualenv and setuptools, so we don't want to fiddle with that
anyway.
[1] https://review.openstack.org/#/c/338998/
Change-Id: Ib300b58377a0d0fe1bd7444c71acdb9a87dc033b
After looking at these for I9881f2e7d51fdd9fc0f7fb3e37179aa53171b531 I
found them not as useful as they could be.
Fix the CustomLog command, that wants the logfile then the format
string (or a nickname, which the LogFormat line wasn't setting). Use
standard micro-second timestamps, and trim the access log to have more
relevant info.
Change-Id: I9f4c8ef38ab9e08aeced7b309d4a5276de07af4b
In trying to debug periodic gate instability of CentOS, I noticed that
it is using the prefork mpm, while Ubuntu is defaulting to the
multi-threaded worker mpm.
One of the problems seems related to 502 proxy errors from the TLS
proxy. We see out-of-sync timestamps in the centos TLS proxy access
logs, which might be innocent behaviour based on the prefork model or
indicate something else.
Before going too deep down this rabbit-hole, I think it is better for
consistency to use the same mpm model on all our platforms, and start
debugging from there.
Change-Id: I9881f2e7d51fdd9fc0f7fb3e37179aa53171b531
If a project manually configures the oslo.messaging transport url for
notifications it should use 'get_notification_url', not
'get_transport_url'. get_transport_url should only be used to obtain
the RPC transport address.
Change-Id: I77772dfa9f30a3db2db6d0387260dfe3452a26ef
Closes-Bug: #1708754
This should now be able to be discovered from the service catalog,
there is no reason to set it.
Change-Id: I7383b589fbcef9423beeab735db42c594f7b56fd
get auth from context for glance endpoints:
Depends-On: I4e755b9c66ec8bc3af0393e81cffd91c56064717
When using resource classes to schedule baremetal nodes the baremetal
filters like ExactRam etc should not be used. This patch disables them
in the nova config if devstack is configured to enable ironic resource
classes.
Change-Id: Ic262ccaf8b541308042d61113a953653d2261964
With cell v2, on initial bring up, discover hosts can't run unless all
the compute nodes have checked in. The documentation says that you
should run ``nova service-list --binary nova-compute`` and see all
your hosts before running discover hosts. This isn't really viable in
a multinode devstack because of how things are brought up in parts.
We can however know that stack.sh will not complete before the compute
node is up by waiting for the compute node to check in before
completing. This happens quite late in the stack.sh run, so shouldn't
add any extra time in most runs.
Cells v1 and Xenserver don't use real hostnames in the service table
(they encode complex data that is hostname like to provide more
topology information than just hostnames). They are exempted from this
check.
Related-Bug: #1708039
Change-Id: I32eb59b9d6c225a3e93992be3a3b9f4b251d7189
When configured for superconductor mode, which is the default,
nova-compute can't reach the MQ for nova-scheduler so there is
no point in even enabling the track_instance_changes code since
it's a waste of time as the scheduler will never get the message.
Change-Id: I2662ebd47323428b403d3c2236bec78f1fb1050f
Currently, stack_install_service will accept any service name. This is
problematic because a project plugin can pass an invalid name without
noticing. This has been the case in ironic-inspector[0].
This commit ensures that stack_install_service will not silently fail
when passing an invalid service name.
[0] https://review.openstack.org/#/c/424680/
Change-Id: I1a8105bdbaf4aecb630df08da416808bf7180824
Closes-Bug: #1659042
This patch fixes path to mlock_report.py. Also add python-psutil
to dstat depends as it is required by mlock_report.
Change-Id: Ia2b507a7b923f1e3393a9cb7746c66d39d6abfde
This started to fail due to a missing || : / --force option now
that the dependencies got fixed:
2017-07-30 19:38:37.260 | ++ tools/install_prereqs.sh:source:97 : sudo rpm -e --nodeps python-cffi python-cryptography python-pyOpenSSL
2017-07-30 19:38:37.293 | error: package python-cffi is not installed
2017-07-30 19:38:37.293 | error: package python-cryptography is not installed
2017-07-30 19:38:37.293 | error: package python-pyOpenSSL is not installed
Change-Id: Ia59afb7ee564cf2044ebdb3c5ad3e54ee91d1222
The actual logic of launching a singleconductor didn't get all the way
to the launch of the conductor itself, so we were still launching 2
conductors in the Ironic case. This attempts to fix that.
Change-Id: I7ddb123dbdf3e1ec9a991e474a9990d2ccbc30d3
Some environments, like grenade and ironic, need a way to revert to
the non fleet version of the conductor setup. This really comes down
to a global topology for CELLSV2_SETUP. The prefered is with a
superconductor, but allow a downgrade to singleconductor.
Depends-On: I5390ec14c41da0237c898852935aba3569e7acae
Change-Id: I10fb048ef2175909019461e585d117b4284448c6
With cell v2, on initial bring up, discover hosts can't run unless all
the compute nodes have checked in. The documentation says that you
should run ``nova service-list --binary nova-compute`` and see all
your hosts before running discover hosts. This isn't really viable in
a multinode devstack because of how things are brought up in parts.
We can however know that stack.sh will not complete before the compute
node is up by waiting for the compute node to check in before moving
forward. This puts a few more seconds into the run, but ensures
everything is solid in multinode environments.
Change-Id: I667e6a9be3fee8bb5bfd73426eef567489e3d88d
When doing a multi-node devstack deployment starting in Ocata
the child compute nodes must be discovered and mapped to the
single nova cell (cell1). In the upstream CI we do this discovery
in devstack-gate after the subnodes are stacked, but for anyone
doing this manually we need to provide some notes on what needs
to happen after child compute nodes are stacked for a multinode
environment.
Change-Id: I68418bcf28d86c60fe42537186d89458fa778bda
Closes-Bug: #1688397
This update resolves multiple issues with python-cryptography
causing keystone server and nova deployment to fail.
This is a temporary workaround until I196f025dbf1a9ac297946b8165620676645f7210
has landed and the extraneous dependency on python-cryptography (the
package) has been removed.
Change-Id: Ifb29b9089197c0429a5fc1cd08a25d2095d481f1
The only mentionable diff is the kvm alias
does not exists so we will install
qemu-kvm as with rhel7 which also exists
in the older supported fedoras.
kvm also just an alias in suse so
switching to qemu-kvm in suse as well.
Change-Id: I5c79ad1ef0b11dba30c931a59786f9eb7e7f8587
Some URLs are broken, so fix them.
The others are redirect to new URLs,
so replace them with new ones.
The config options of nova serial console proxy
have been gathered in nova/conf/serial_console.py.
So the description in doc/source/guides/nova.rst
is fixed.
Change-Id: Ifd81cc09969341fbf8f135a913fc6003b94e0acc
Otherwise, we've seen intermittent "Unable to establish connection"
failures, with the main devstack log reporting things like
2017-07-19 13:54:29.973 -> start proxy service
2017-07-19 13:54:30.082 -> start OSC to store temp url key
2017-07-19 13:54:31.908 -> OSC reports failure
Meanwhile, the s-proxy screen session tells us things like
Jul 19 13:54:31.919988 -> start child worker
Jul 19 13:54:32.206598 -> still loading the WSGI app
... and ports aren't actually bound until *after* the app is loaded.
Add a wait_for_service call to wait for the proxy to come up.
Change-Id: I1a722de31b144797230991700e110353a2d937dd
openSUSE 42.3 is a relatively minor update over 42.2 and I'd
like to maintain it and keep it passing.
Experimental gates are being proposed, once those are passing
(which should be the case with this patch included), we could
enable it as a non-voting gate.
Change-Id: Ia421ada0ed3751c65a2a93a208e3f4a43edf8b16
With libguestfs usage for file injection now being enabled by
default as part of I568c56dbcb62ec541661364c142eff2397e3eed7
the opensuse job started to fail due to lack of guestfs images
being available.
The error in question was
NovaException: libguestfs installed but not usable (cannot
find any suitable libguestfs supermin, fixed or old-style
appliance on LIBGUESTFS_PATH (search path: /usr/lib64/guestfs)
This part is being fixed by explicitly adding the missing package
dependencies to the compute node rpm package list while the maintenance
update for Leap 42.2 is in preparation.
Change-Id: Ie76ac0a51c1ee2ad6559917825dee1c7a91a3a76
Now that mysql.qcow2 has been removed, we only have 4 images to worry
about. This fixes cache-devstack element for openstack-infra.
Change-Id: Ia06f0e0679e253a1a6614f7c38abf1f5cd13991b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This patch adds removing of the volume group
before removing the loopback device and
the backing file when performing LVM cleanup
in unstack.sh
Without this commit:
unstack.sh removes logical volumes, removes the
loopback devices and deletes the backing file
but leaves a dangling volume group
$ ./stack.sh && ./unstack.sh
$ sudo vgs
VG #PV #LV #SN Attr VSize VFree
stack-volumes-default 1 0 0 wz--n- 10.01g 10.01g
$ sudo losetup -a
$ sudo vgremove stack-volumes-default
/dev/loop0: lseek 4096 failed: Invalid argument
vg_remove_mdas stack-volumes-default failed
With this commit:
unstack.sh removes volume groups after removing
all logical volumes but before removing
the loopback device and deleting the backing file
Partial-Bug: 1441236
Change-Id: Id9c06fa50f6cad28764f5a3396f559cac9999649
We no longer host this on tarballs.o.o, additionally it is no longer
used my trove.
Change-Id: I2034e8ebc530704d6e63a231056f92e14a8654e4
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
When the ldap service is enable on local.conf devstack ldap
plugin starts slapd service using its default config on Ubuntu
and installs ldap-utils package.
Enables domain specific drivers on Keystone and creates LDAP
domain 'Users' with a demo user.
Change-Id: I8d7aa260b01f675e4ed201ef93bfd66474f4b228
This makes us start two levels of nova-conductor processes, and one per cell.
Note that this also sets the notification transport_url to the top-level mq
so that we continue to get a unified stream of notifications.
Related-Bug: #1700496
Change-Id: I08d7da843d18b426dda8a8a231039d950a4c0ce5
Depends-On: I64b600b30f6e54db0ec9083c6c176e895c6d0cc2
Depends-On: If59453f1899e99040c554bcb9ad54c8a506adc56
In Pike, Cinder and Nova will support extending the size of
an attached volume, but it's not supported by all volume and
compute backends. Tempest will also test it but uses a config
option that we need to set based on how devstack is configured.
Depends-On: Ibace6c2f91be9753a44e5f79fd013df11654851b
Related to cinder blueprint extend-attached-volume
Related to nova blueprint nova-support-attached-volume-extend
Change-Id: I52cc2952a2938ce44c442aa3e3b69a905b2b55d5
As a follow on to I4c269a7f3d63ee9a976e7c3636fc3e5e8dab9ae3; the
quoting gets tricky when putting arbitrary command-substitution
strings into saved echo-able strings. As they say, "the only winning
move is not to play" :)
An alternative proposal is to not write this into a script but just
dump info into a file. To my mind, this has several advantages --
avoid getting involved in quoting, not dropping a script into the
global environment -- it's just as easy to "cat" -- and the plain-text
file can be collected as an artifact during log collection (also moved
git commit line to separate line for easier parsing during log search,
etc).
Change-Id: Ic7391dd087657c0daf74046e4a052c53f4eb6e1a
This commit increases the socket timeout value from 4 secs to a much
higher 30 secs. This is just for sanity, the load is high when we're
seeing the wsgi.input timeouts, so uwsgi might be just closing the
socket waiting for data over the wire. 30 seconds is overly conservative
just so we can rule this out. This will likely be shrunk to a more
reasonable value in the future.
Change-Id: Iae85d3a084fb33b2a63550d6e353413e98c0b39c
Partial-Bug: #1701088
Previously the local uwsgi server mode was using uwsgi in http mode.
This was unessecary and actually not recommend by the uwsgi docs [1][2]
This is because http mode starts a frontend http process that forwards
requests to the workers running the python code. This is done for the
largely the same reasons we're using apache as a proxy and is
unnecessary. http-socket mode doesn't do this and just exposes the
workers as an http interface to the proxy. (in our case apache)
[1] http://uwsgi-docs.readthedocs.io/en/latest/HTTP.html#http-sockets
[2] http://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
Change-Id: I5671687c8083fa4bdee066c07b083a0f00be532b
Per the Pike goal, switching the Cinder API control plane to
use WSGI in Apache.
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Depends-On: Ie8a0eeab1bf31887d6f37cf155b2d161ddfb172d
Depends-On: I14b68f36e7fcc5341bbdbcf165274d9d50f7dd04
Change-Id: I8cef6c98f9242cc38d66de0ac499490e2a237887
According to the uwsgi docs [1] for http keepalive there is a separate
option for http keep alive, and just setting connection close isn't
enough. This commit makes sure we disable http keepalive. This will
hopefully fix the random connection issues we get on image uploads to
glance, which uses uwsgi http mode.
[1] http://uwsgi-docs.readthedocs.io/en/latest/HTTP.html#http-keep-alive
Change-Id: Ic5f83c5c93f28b2bd62ca9ac96ca8c87797ea5c9
Closes-Bug: #1701088
Unless NOVA_USE_MOD_WSGI is False, run nova-api and nova-metadata
using uwsgi.
Because the metadata server is always expected to run on a port and
without a prefix, we have it configured to use uwsgi but not to
proxy from apache: uwsgi listens on the configured port itself.
uwsgi process that listen themselve do not need a socket or to
chmod-socket, so those config lines have been moved to the block
that is also writing proxy configuration for apache.
Because this change only uses uwsgi for nova-api and nova-api-meta,
nova-api-meta is set to default to enabled in stackrc because the
nova-api wsgi application used by wsgi only presents the one service
(osapi_compute).
If NOVA_USE_MOD_WSGI is False and tls_proxy service is enabled,
nova-api is run on an internal port reached via the tls_proxy.
Depends-On: I8ff08d61520ccf04e32dcd02f4cecc39dae823cb
Change-Id: If2d7e363a6541854f2e30c03171bef7a41aff745
nova's instances directory may be a shared directory (ie nfs), in
these cases, we do not want to call nova_cleanup at startup since it
deletes everything under $NOVA_INSTANCES_PATH.
The nova_cleanup routine will still be called by the clean.sh script
which is fine since we're presumably cleaning up the whole openstack
cluster at that point.
Change-Id: Ieb4e5d0508d4ed4c5349c497554c5da2993c9cb0
Closes-Bug: #1649389
This reverts commit 15b0a5f1eb.
The change had an assumption that a service
is properly configured even when it isn't enabled.
The assumption is not true.
Change-Id: Ib5a8ffe63eaec15bc29bfdd133db7169507bab82
Closes-Bug: #1698129
In Fedora mariadb, cracklib has been enabled [0] in order to verify the
password strength.
Disable cracklib in Fedora devstack in order to allow simple passwords
in dev environments.
[0] https://src.fedoraproject.org/cgit/rpms/mariadb.git/
commit: 9442da192282aa74f43e86c96202109a173bbaba
Change-Id: I2d5e965f0f19f86992794eec78134e862899c931
We run glance behind uwsgi. This means that the URL glance knows about
itself is wrong, and version discovery fails. Set the public endpoint to
the value of GLANCE_URL which should always be correct.
Change-Id: Ia7c69024a0ef6cc0fdc284ffcd06eee5678a1007
There is confusion about where installation of new libraries should
end up, to prevent lots of little files being added make a
lib/libraries which is the old lib/oslo. Put compat functions and
includes in place to help with transition.
Change-Id: Ieeab605d187ef6aec571211ab235ea67fa95a607
This separates out the install phase early from the start phase to
make this mirror other services in devstack.
Depends-On: I4124dc7e3fd3b4d973979da85209ec991c0f8c4b
Change-Id: I76f8740448b25a48869ee80006e826baa6cafc2b
In Multi host deployments, it is possible to run ETCD in a different
host than the SERVICE_HOST (where all the controllers run). This patch
brings that distinction.
Change-Id: I15fe6f25eedf1efebaab81cce26b080577b856cc
Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
The OSC number remain high, and it's useful to understand how much
time we spend making OSC calls, especially to surface it relative to
other items. The way we embed this in our code makes it hard to
instrument.
This patch creates a wrapper function for OSC which collects the timings
then aliases `openstack` to that function. This means any invocations of
the openstack utility goes through our function while devstack is
running. Because this is an alias it only affects the stack.sh shell and
any subshells.
This also moves the time tracking infrastructure to count in ms,
instead of s, because some of these operations are close enough to a
second that rounding early is losing way to many significant
digits. We divide by 1000 before reporting to the user.
Change-Id: Ic5f1844ce732d447ee980b3c9fdc417f72482609
In the helper functions to check if roles are set and if not add the
role and return the id we weren't actually checking if the role was set.
The reason for this was we grepped for name values while outputing only
uuid values with OSC. Fix for this is straightforward, we just add the
--role argument to OSC which will filter for us then we don't have to
use a grep on the wrong value type.
Change-Id: I2691b347d2a6273100deb4a1750ab353a8e49673
We are trying to keep better track of what pieces of devstack consume
the most time. Add the db sync commands to the time tracking as they run
the database migrations which can take more time than expected.
Change-Id: Ib92f2b8304ccf703712d45fd7207444de3599e2d
Because C.utf8 is not everywhere and is sometimes called C.UTF-8 (just
to confuse people) use en_US.utf8 which is in most places. This isn't
language/region agnostic but gives a consistent unicode aware locale to
devstack.
Change-Id: I67a8c77a5041e9cee740adf0e02fdc9b183c5bc4
fixes-bug: 1697733
Commit 5edae54 introduced the usage of systemd in Devstack. This allowed
the transition away from 'screen'. Systemd needs "user unit files" to
describe the services. Currently, those unit files get only created when
an openstack service (n-cpu, c-sch, g-api, ...) is in the list of enabled
services (`ENABLED_SERVICES`). This means, when Devstack is fully stacked,
there is no way to start the systemd unit of an openstack service which
is *not* in that list.
This commit changes that behavior, and creates the systemd unit files
independently of the list ENABLED_SERVICES. This means, when Devstack
is fully stacked, I can start a systemd unit of an openstack service which
wasn't in the ENABLED_SERVICES list. This allows more flexible lifecycle
management of openstack services in the gate, which is useful for tests
which test components which are not in the "default configuration" (e.g.
the "nova-serialproxy" service).
The `clean.sh` script purges all traces of systemd user unit files created
by devstack.
Change-Id: I0f7e1ee8723f4de47cbc56b727182f90a2b32bfb
Reduce bcrypt hashing rounds from 12 to 4 (minimal possilbe).
This is going to imporve a lot of perforamcne of OpenStack.
Bcrypt is hashing algorithm that is designed to use a lot of resources and
in that way stops brutforce attacks. It's exponential algorithm that depends
on amount of rounds. By default they use 12 rounds which is quite high value,
good enough for real secure production enviorments.
In case of DevStack it's going to slow down all authentication by many times.
Rally shows about 5 times slownest (adding 2-5 seconds to every authenticate)
DevStack is meant for developemnt & CI so performance is way more important than
security.
Change-Id: Id8c763d63cb91f37a774f9400f35c309f37d6f12
To reduce the total number of invocations necessary for pip which isn't
the quickest thing ever (due to needing to evaluate constraints and deps
lists and what is currently installed) combine the main installation of
software with its test-requirements.txt file which should roughly halve
our pip invocations.
Change-Id: Ibcc3264136e66d34a879ad1c90a62e1bb6a84243
Transient failures were being reported because the current lockout
period for users was too short. While this does increase the
run time IdentityV3UsersTest.test_user_account_lockout, it
allows for more flexibility if there is network latency or some
other factor that cause the lockout to expired before the
next authentication.
Change-Id: I61bc39bbc35ac414b4a72929a90845956c99eb1a
Closes-Bug: 1693917
When installing OpenStack via DevStack on XenServer, we need to
some preparation operations in dom0 which will refer the function
in devstack/tools/xen/functions file, but we are planning to move
the whole folder of tools/xen from devstack to os-xenapi, so it
this patch is to moving the dom0 related operation to os-xenapi
repo first.
Change-Id: Ib59d802a7a4eab4ccce0e29d80f29efa4655bc0b
Depends-On: I712ee74ce945859ba5118e09b7d9436ca2686cb7
The old implementation for is_$service_enabled simply checked if any of
the subservices were enabled and if so the service was considered to be
enabled. This makes disabling services complicated as it means you have
to list every single subservice which can and do change over time.
Instead also check if the generic service name is in the disabled
services list and if so don't treat the service as enabled.
Change-Id: I7fe4dfca2cd9c15069d50a04161a29c5638291cb
The scheduler_driver option has been moved and deprecated. This
change uses the new group and name for the option.
Change-Id: I27aeff5911510c9f47191acaa0c0b5b71f977cd7
We required initially 42.2 test updates to be enabled as the
liberasurecode-devel update wasn't released. It is now released
so we can stop pulling that part in.
Change-Id: I4e514e317da8a95809593a49c6dce619bc4c021f
As part of getting swift's functional testing to work properly through
the tls-proxy we need to increase the allowed request header size in
apache. This was a non issue without tls proxy as requests hit the
eventlet webserver directly which was configured via the swift config
which sets this relatively large limit (by default devstack configures
swift to have a header size limit of 16384).
Now we pass in an optional parameter to start_tls_proxy that includes
the desired header size. lib/swift then passes in the value it also
configures in its swift.conf.
If not explicitly set we default to 8190 which is apache2's default.
Change-Id: Ib2811c8d3cbb49cf94b70294788526b15a798edd
openSUSE 42.2 passes testing on the experimental gate and
in order to add it as continuosly tested target we need to
add it to the positive list of tested distributions.
Change-Id: I46f94cfad828534f324994c3d21bddff40e8f9a2
Because the swift functests (which use test.conf) run out of a
virtualenv they don't get access to the system wide trust of the
devstack CA. Handle this by explicitly configuring the cafile to trust
in the test.conf file.
We also set the web_front_end to apache2 as that is what is terminating
TLS for us. The tests handle different web server behaviors using this
flag.
Swift's functests will need to read these values in and properly
configure things on its end.
Change-Id: I4cdba36ccab6acd76205184882ee29e4f1e12333
Otherwise those services, notably n-cpu, will try to register
resource providers before placement is ready.
Change-Id: I89fd4fa42baf3d19ee209c59cd85b97adb97c58b
Closes-Bug: #1695634
The scheduler_default_filters config option moved out of the
DEFAULT option group into a more specific group, and the old
option is deprecated as a result so we need to update our usage.
Change-Id: I5d6574d19c3f16abadddb19f34cb645dcdcc07f4
Function "_install_etcd" is trying to use "files" directory
to download a file. Instead of this, this directory should be
$FILES, which is defined previously in parent script.
TrivialFix
Change-Id: I643ce3b9aba1f65f03524430c748bf120d071509
volume_clear is currently set in the DEFAULT section,
but this is a backend specific setting, and therefore
needs to be set in the backend config section.
Change-Id: Ifa3a659bb4768b8915a0f23e7f14b0f3348d93d2
Previously we didn't block out the c-api startup code because the
devstack functions to start services check that for us. However, since
the cinder devstack code checks the service is up and runs the tls proxy
if tls is enabled we need to block it all off to avoid doing those
things if c-api is disabled.
Change-Id: I1c4f22f785af96caaf4baa21ff28714b9afd3458
The upstream CI runs exclusively on nodes with x86 architectures, but
OpenStack supports even more platforms. One of them is the KVM
on s390x (IBM z systems), which is supported since the *Kilo* release.
This change describes the additional settings in the ``local.conf`` file
to enable Devstack on that platform. This is useful for PoCs.
Change-Id: I943b552ca2e36210ac57f36c16db930eb5e58623
This adds packages to suse for systemd python linkages as well as
apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with
a2enmod.
We also properly query if apache mods are enabled to avoid running
into systemd service restart limits. Enable mod_version across the board
as we use it and it may not be enabled by default (like in SUSE).
Also in addition to enabling mod_ssl we enable the SSL flag so that TLS
will work...
Finally we tell the system to trust the devstack CA.
Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7
This commit adds support for deploying glance as a wsgi script under
uwsgi. To get around limitations in the uwsgi protocol when using
python3 for chunked encoding we have to setup uwsgi in http mode on a
random port listening on localhost and use mod_proxy to forward the
incoming requests. The alternative approach of having apache buffer the
requests locally with the send_cl option with mod_proxy_uwsgi only
worked on python2 and also has the limitation that apache is buffering
the entire chunked object, which could be several gigabytes in size.
Depends-On: I089a22a4be4227a551c32442dba27c426f54c87d
Change-Id: Ie98fb7da5e8ecfa49cd680b88139cb7034d5f88f
This commit adds a new function get_random_port to return a randomly
available port from the local port range.
Change-Id: Icaed180cc14602a74cdb3fd3456b690d8a4c729c
We have to do silly overrides of cert locations for requests for
reasons. If we are running under python3 then we were previously looking
in the wrong location for the requests certs. Update the cert fixing
function to properly use python3 to find the certs if python3 is
enabled.
Change-Id: Id1369da0d812edcf9b1204e9c567f8bfe77c48b2
The configuration guide link has syntax problem in README.rst,
and the click the link will lead to page 404.
Fix the syntax problem
Change-Id: I47a1641a6898930dca508cdac98b1b43c05dc446
On ubuntu contents of /var/run do not persist between reboots. Devstack
uses /var/run/uwsgi as home for wsgi sockets. This means that after
rebooting the machine services, that rely on uwsgi would fail to start.
Currently it affects keystone.service and placement-api.service.
This patch changes delegates directory creation to systemd-tmpfiles,
which would run on startup.
Change-Id: I27d168cea93698739ef08ac76c828695a49176c7
Closes-Bug: #1692767
With cinder supporting this now, start logging global_request_id in
systemd logs. It will be None for all the services until the work
starts coming together, but it is safe to do.
Change-Id: Ic6ba1a42da88c03e43d89658b453f6a0b353e0db
The trove development environment is typically a linux VM within which
openstack is installed, and trove launches guest vm's within that
environment. To make it possible for these vm's to launch in one human
lifetime, one must set vt/x and enable nested hypervisors to use with
kvm; qemu emulation will take way too long.
The new libvirtd (v2.5.0) in Ubuntu Cloud Archive doesn't handle
nested hypervisors well and if you use it, you end up with a guest
hanging on the GRUB line.
To enable that use-case, we provide ENABLE_UBUNTU_CLOUD_ARCHIVE which
the trove developer can set (to False) before running devstack.
Change-Id: Ia0265c67bb7d2a438575a03c0ddbf2d9c53266ed
Closes-Bug: #1689370
truorfalse function from common-functions accepts default as the first
parameter. The arguments for USE_JOURNAL were mixed up and this commit
restores correct order.
Change-Id: Id3621b0e1910a625d6cfb8e81bd27bea82543ae9
In Ibbb430fb1dbf66942168e0cb52d990ab6a2eb8d7, we are adding
etcd3 as a new base service. We should drop zookeeper
and use etcd3 as the backend.
Since cinder is the first service for this tooz+etcd3 DLM
scenario and cinder uses eventlet we have cannnot use the
grpc based driver in tooz. So new CINDER_COORDINATION_URL
that defaults to the etcd3's grpc HTTP gateway based
tooz backend.
We need to hold this change until the tooz change (see
Depends-On) is available in a tooz release.
Depends-On: I6184ed193482dad9643ccb2b97133d4957485408
Change-Id: Ia187e1a86413edf25b909b6bb57e84fb4930a696
Etcd3 was enabled recently as new service in devstack [1]. But there's
no way to disable etcd3. This is required on architectures where no etcd
binaries are available (e.g. s390x). The long term goal of course should
be to have those binaries available. The short term circumvention is to
allow disabling the service in local.conf:
disable_service etcd3
[1] https://github.com/openstack-dev/devstack/commit/546656fc0543ec2bc5b422fd9eee17f1b8122758
Change-Id: I6184ed193482dad9643ccb2b97133d4957485408
Partial-Bug: #1693192
gpg verification requires network connectivity which is non
mirrorable. We try to avoid that in devstack whenever possible. A
sha256sum is a totally reasonable way of knowing if the downloaded
package is valid.
Closes-Bug: #1693092
Change-Id: Id496ab53f76444f08dc6961f1ecd25f450cc96d7
This change ensures that when uploading vhdx images, we use the
proper format.
At the moment, vhdx images are uploaded as vhd, which can be
troublesome: first because this is misleading, second because the
actual image format may be checked, having the image rejected.
Change-Id: I9578be41ea9dc252404b7553679ac527e08a0ff6
We need to handle this better, for now, just don't install
etcd in the sub nodes. We need to setup the proper clustering
mechanism if we want to have etcd3 running in multiple nodes
Change-Id: I8dd385e3c993942473e67d04367cdf74495dbeef
In master branch of noVNC project file vnc_auto.html was renamed to
vnc_lite.html Because of that nova-novncproxy looks for file that
actually doesn't exist.
We need to change branch of noVNC to latest stable, because other
projects are not ready yet to rename the path. Those projects
depends on noVNC package installed in system, but it is too old
for now for both CentOS (version 0.5) and Ubuntu (version 0.4).
The only way to make noVNC console working on Devstack is to change
the branch to stable one.
Unit test also has to be modified in order to ignore novnc repo
from checking against cloning non-master branch.
Change-Id: Iaf4761aedf93bc6b914a6a0c5cf1cfedcc29583c
Closes-bug: #1692513
ETCD_DOWNLOAD_URL is set to github url, in our CI, we can point
ETCD_DOWNLOAD_URL to a url in tarballs.openstack.org possibly
in devstack-gate
Download the etcd binaries and drop them into /opt/stack/bin and
use it from there. Cache the tgz for subsequent use (local workflow)
daemon-reload is called twice once from inside the write_user_unit_file
and then when we adjust the entries with additional things recommended
by the etcd team. We need a better way to do this in the future.
Added a TODO to verify the downloaded artifact later. The etcd team
posts gpg signature, we could verify that or run sha256sum and hard
code that in lib/etcd3 file. We would have to update it whenever we
bump the etcd3 version.
We use the public key "CoreOS Application Signing Key <security@coreos.com>"
with ID FC8A365E to verify the integrity of the downloaded file
Any jobs that need to be run on architectures where v3.1.7 is not available
should rey the v3.2.0-rcX release candidates. We can switch to v3.2.0
when it gets released.
Initial version of this code was borrowed from the dragonflow
repo:
http://git.openstack.org/cgit/openstack/dragonflow/tree/devstack
Change-Id: Ibbb430fb1dbf66942168e0cb52d990ab6a2eb8d7
As a followup to I2c78a0c6599b92040146cf9f0042cff8fd2509c3, the nova
cert service should be removed from devstack.
Without this fix, stacking will fail is USE_SCREEN=True
Change-Id: I115580352fa380b896bae290f9a4efbfe4ff0dfd
Update sphinx to the version used to build the documentation elsewhere
and turn on the option to treat warnings as errors to ensure that no
poorly constructed rst is introduced. Cap sphinx<1.6.1, since that
version has a conflict with pbr right now.
Change-Id: I19b3332229e2094988cbf8968c42a0323194a209
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This enables tcp stats (listen, established, syn, time_wait, close) in
dstat to allow us to get a high-level view of performance changes in
the system during gate runs.
Change-Id: Ifbffbed22446e7e6a3b825c18266b63d2f2e7718
DEVSTACK_CINDER_SECURE_DELETE is deprecated from liberty release.
This should have been removed after kilo-eol
Change-Id: I82c15a19f8fe0326d4a5c2a076baa6d3e53fcf32
One of the pending issues with the conversion to systemd was the loss of
log coloring. It turns out that journalctl by default strips out
characters it considers "unprintable" - including the color codes
emitted by the old-style logging. However, journalctl can be made to
print them by adding the `-a` flag.
This change makes devstack's log formatter conf settings include color
codes like the old screen-based setup used to
We also remove stackrc's setting of JOURNALCTL_F, whose usage was
removed via I6af6d1857effaf662a9d72bd394864934eacbe70.
Change-Id: I2401e267913a24d18dae355aa933072dbbdab1d8
'pip uninstall' will hang running stack.sh if it has to
prompt the user for input, use -y.
Change-Id: Ic94639e444b87fd3538463d5a51c01a0208a2ab2
Closes-bug: #1691172
This sets our default ulimit NOFILE to 2048, which is double what we
set things like mysql'd max_connections to.
Change-Id: I5126bed1e6b9f8c64db00eae4151ac61e47b1bf8
Add a table of contents help readers find the information they need
without having to read all of the prose on every page. Remove the
site-map file, which doesn't appear to be linked anywhere.
Change-Id: Ib5761c9cfdd5a083df562413d727cb4ac7547c9e
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
At the Boston 2017 Summit I had mentioned that the pattern of using non
voting/experimental jobs was not working for getting new features into
Devstack. It is slow and leads people to being too conservative when it
comes to pushing new things in. Instead I suggested that since Devstack
changes are self testing we add the features, have change that enables
the feature, and if that changes passes we move forward with merging
(assuming code review is fine and necessary communication is done).
Document this process in the HACKING file so that we have something we
can point to when people want to add a new experimental job for every
new little thing (ipv6, tls, systemd, etc).
Change-Id: I5190cc3d3de4e81d52748347306133b5034d5531
When ironic-inspector is enabled through devstack, these two files
are created which needs to be masked.
Change-Id: I7a3db6fd6197da20cca1e938727d54195957ac18
Closes-Bug: #1690105
libvirt-python compiles against the currently installed libvirt. If
you upgrade that, it needs to rebuild, however it won't change
versions, so pip install just noops. Force an uninstall / reinstall of
it every time to handle potential upgrades of libvirt.
Change-Id: If34541b34aa6d55eedaf6c603fd1fe92eb887308
This option is a duplicate of public_endpoint for Cinder.
Change-Id: I8aee1b9f93a09d2e92bde80c0e413e1540723bac
Depends-On: I2a74af7906d14cbc49b8cf0a88c344ca30fcbd26
Now that we aren't using native journal messages by default, the
syslog identifier of all the uwsgi processes is the same. We should be
more explicit with those.
Change-Id: Id5406d02407b022d4016517c2e18890973876d88
There was detection code in clean.sh to only run it if a screen
session was found, but in systemd world, that's obviously not
true. This was causing me (and others) substantial confusion.
Change-Id: I204e94cd86b8c67012aabfca74796e593151c3a4
systemd-journald has rate limiting built in, but that's not sufficient
for the level of logging of OpenStack services during test
runs. Disable the rate limiting so that no log messages are lost.
Change-Id: I64599aba74c5a39276bb8f946cd236600b9cc81b
There are a couple of issues that have ended up being hit by devstack
plugin authors which we can detect and error in a much nicer way
instead of them having a cryptic systemd failure.
Change-Id: I45e4ac363aeefb4503015f9e1b57c58f79b58f40
Cinder use 'resource_filters.json' to config allowed filters,
copy the new added json file when set config files.
Change-Id: I397cb5859e2b3349af3cb07ee02b6463c6eccc35
Depends-On: 27aeba0b5d3cf64286125937e8336ba1d3b26b16
use_journal uses the systemd native path for logging, however there
are concerns that this might be negatively interacting with
eventlet. To be on the safe side fall back to stdout.
This introduces a USE_JOURNAL option which will let folks turn this
back on for testing.
This also adjusts the debug lines. When using the journal the pid
reported by systemd is correct. When using stdout, it will be the
parent process id, so we need to keep it to see which child each thing
is coming from.
Change-Id: Id7891c532bf99c099252e82d511a37a49506fea9
This removes some remnant heat code and references now that heat is
running in a plugin. Before merging this patch the heat team should
verify they got everything they needed into their heat plugin, as
there were more parts left than I was expecting.
Change-Id: I477e3a6e75591aa8ff836c28f7ef56aa1b5f8727
Everything else in our documentation is RST, we should convert the
Readme to RST as well (as github supports this, so it's fine to read
it there)
Change-Id: If2aabf629affc09b5daa570f4ca3bdf268cb53b0
Both keystone and neutron didn't yet have systemd awareness for
setting up logging (i.e. drop the extra date / time stamps)
Change-Id: Ib442c603c9afb679676976c37c2c6122201ae846
This moves the developer use case over to systemd, and updates all the
relevant docs to discuss the systemd workflow instead of screen. It
does so by defaulting USE_SCREEN=False, so will not impact people that
set it explicitly.
Change-Id: I6d664612bc2b850eb7f56852afbc841867223ab7
When transitioning between different wsgi modes, or service modes, we
should really safely stop and cleanup things that are started in any
service mode, which makes it easier to ensure that we don't leave
things around from past runs.
Change-Id: I33acbee39e1a2da2bfd79a5dd54b84a12a778be1
We should be able to operate without the identity admin endpoint,
given that in v3 it's all the same. This floats that out there to see
if we can or not.
Change-Id: Ic233f6b43dd1e3cfdadff0f18aba4ea78825a996
auth_uri is not a keystonemiddleware option, and it's use in config
files is confusing at best. Remove it for clarity.
Change-Id: Ie3a9ab30d81809363444d5f3b41588b3889dc185
As we move to enabling glance-api to use a wsgi script that might be run
as multiple processes, there are a couple places where external
synchronization is necessary. To use this we need to set the lock_path
config option from oslo.concurrency so external locks will work.
Change-Id: I9a66a8636d12037ff9aa4fb73cc3f9b9343dd7e9
In order to start making the transition in the gate make
USE_SCREEN=False also mean USE_SYSTEMD=True. We'll never actually
declare USE_SYSTEMD=True in the gate (as that doesn't exist for stable
branches), but this will let us roll over the existing transition.
We also have to install systemd-python 234 because we are recording
exception info in the journal, and all versions before that had a bug
in processing that.
Remove the somewhat pointless screen following journalctl commands. We
really don't want or need those, and they tend to build up over time.
Depends-On: I24513f5cbac2c34cf0130bf812ff2df6ad76657c
Change-Id: I6af6d1857effaf662a9d72bd394864934eacbe70
KEYSTONE_SERVICE_API is the keystone endpoint and it is what we should
use. The admin url should DIAF - but until it does, it CERTAINLY should
not be the thing we put into clouds.yaml.
Change-Id: If8196a04f852f633e0b7548793f68c92376aa6da
Switch from sha1 to sha256 and from 1024 bits to 2048 bits. Do this
because things don't like the old inseucre sha1+1024bits combo.
Change-Id: Iae2958969aed0cd880844e19e8055c8bdc7d064d
The os-fping API was deprecated in nova in
I92064cbcb5f6414da0c9d294f912a860428af698. I can't see anything
obviously using it on codesearch.
This is only in EPEL for centos, which I'm trying to remove. But I
think less dependencies is always better than more in general hence
the removal.
This is essentially a revert of
Ibdc7479a9038321e4fc3953774a6f3e1dac90530
Change-Id: I163fc48c860bae2a92c83cfdaed26b2e54630e20
Centos/RHEL 7 doesn't support tgtd. While the packages are still in
EPEL, there's no point in testing because nobody runs like this.
Switch cinder to use lioadm which uses LIO, and update package
installations.
Depends-On: I964917d13d9415223845ac17eb804ee7faceaf6f
Change-Id: Idc5a4e856bfc93e9dc650d565a98a8e9b3df3481
It's not only using our upstream caches that you might get an old
libvirt-python wheel that is incompatible with UCA. Move the ignore
out of the mirror check to apply it globally.
This is an alternative to Iba301a8c80c9ed584f5fb5a816f3d2cf5f5f0e77
Change-Id: I588b1e8e49aa60f3ce976dc1b6c8013ba1d88079
The DEFAULT_IMAGE_NAME variable is used to reference the name of the
default image in glance after it has been uploaded by devstack. It is
used both inside and outside of devstack for that purpose. However, when
configuring tempest there are some tests which also do image uploads and
need a filename for specifying which file they should upload into glance
for testing purposes. Previously we were just using DEFAULT_IMAGE_NAME
for both purposes, but this causes a conflict if the name of the image
we upload into glance does not have a file extension. So instead of
conflating the things this commit differentiates between them and adds a
new DEFAULT_IMAGE_FILE_NAME variable to use for this purpose.
Change-Id: Icf74badcf2093d8c75db538232b10b3ac7b86eb8
If the current interface has a default gateway configured is
determined by the regex
default.+<interface-name>
If for example 'enc1' is used, but also an interface 'enc1800' is
present, the regex will also match the 'enc1800' default gateway.
This patch fixes this by looking for <interface-name><white-space>.
This way 'enc1800' is not matched.
Change-Id: Id1d58f5be6296c3a37aef788359ae8fe0fe11d8b
As described in [1], it seems that mod_wsgi is not "graceful" reload
safe. Upon re-init, it can end up in a segfault loop.
The "reload" (not *restart*) after setting up uwsgi was added with
I1d89be1f1b36f26eaf543b99bde6fdc5701474fe but not causing an issue
until uwsgi was enabled.
We do not notice in the gate, because the TLS setup ends up doing a
restart after this setup. In the period between the
write_uwsgi_config and that restart, Apache is sitting in a segfault
loop, but we never noticed because we don't try talking to it. Other
jobs that don't do any further apache configuration have started
failing, however.
Looking at the original comments around "reload_apache_server" I'm not
sure if it is still necessary. [2] shows it is not used outside these
two calls.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1445540
[2] http://codesearch.openstack.org/?q=reload_apache_server&i=nope&files=&repos=
Closes-Bug: #1686210
Change-Id: I5234bae0595efdcd30305a32bf9c121072a3625e
This defines a new function get_notification_url, which returns the URL
of RabbitMQ when you want connect to it, and uses in
ceilometermiddleware. This fixes an issue when we try to use AMQP for
RPC, but not for notifications.
Change-Id: I14450b2440806a17a90e5ddefc243868fdbe4f2c
On Centos, apache has a private view of /tmp and thus can't see this
socket, causing keystone to fail. This happened after
I46294fb24e3c23fa19fcfd7d6c9ee8a932354702.
Move it to /var/run.
Closes-Bug: #1684360
Change-Id: I47f091656802719c259752454ec88bf50760b967
The -ssh job with ssh validation enabled has been quite stable
for a while now [0] so I think it's time to add ssh validation
to the integration gate to prevent regressions from lurking in.
Doing this in devstack ensures that the change only affects
master as we didn't test ssh validation on on stable branches.
[0] http://status.openstack.org/openstack-health/#/g/build_name/gate-tempest-dsvm-neutron-full-ssh?duration=P3M
Change-Id: I187e560911f5d5d482eb7959e5174068c4c9a801
This makes openrc more robust for the grenade scenarios by having a
sane fallback when stackrc is not found.
Change-Id: I297ba519d581d2b6fb4d80d59434acace054bada
It turns out that we ended up with duplicate versions of this function
merging on top of each other within 3 days, and gerrit didn't catch
it. Boo gerrit. Boo bash.
Change-Id: Ic6aa2f9bafdec906de2bc51d5929beeec48a6a40
Swift proxy logs to syslog during the devstack-gate tempest runs. To
better capture the swift logs increase the rsyslog buffer size to 6k
bytes allowing for longer messages like tracebacks.
This was setup by openstack-infra previous during our diskimage
builds.
I03e42964e14d9f930c07ed047851bdf775639c59
Change-Id: Iaa232335865410600c93f47d4777ed4f1bce08e2
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Until we can test with a version of swiftclient that knows how to eat
auth_uri, swift still needs a working gate.
Change-Id: I09f9ad5c87b542df962a79898e06fbf1e968b1e3
Related-Change: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
Related-Change: Ie427f3b0b9eb834ff940fa5d52444a5a6cdcab15
Things like SERVICE_PROTOCOL and KEYSTONE_AUTH_PROTOCOL shouldn't
really be exported in openrc as they encourage using them directly to
build up keystone urls instead of actually using the OS_AUTH_URL.
Remove them.
Change-Id: I4b7cc680f7f14dae29b706a227be540c9e212cad
a2dissite will return a non-zero error code if the site that is being
disabled is not currently enabled (that is, if the conf file for it does
not exist). This can happen during development if you've been messing
with files by hand. Rather than exploding out of a ./stack.sh, accept
the missing file as meaning "it's disabled" and carry one. The rpm
version of disable, which does not use a2dissite, does this already.
Change-Id: Ie5dfd42efdff4bdba5ffaa765af000dd8e1d596e
The removed TODO was talking about USE_SYSTEMD, not WSGI_MODE.
WSGI_MODE makes sense, so the TODO has been done.
Change-Id: Ib574ef123ea4c82d4d88012c990cd1ad660d7879
This makes keystone use the proxy uwsgi module when running in uwsgi
mode. It also introduces a new stackrc variable which is WSGI_MODE
that we can use to control the conditionals in services that current
work with mod_wsgi.
Also update retry timeouts on proxy pass so that workers don't disable
their connections during polling for initial activity.
Change-Id: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
This converts the placement API to use the new WSGI_MODE variable
(which is not introduced until the next changeset). We do this so that
placement and keystone patches can be reviewed independently, but
there are some hidden coupling of mod_wsgi setup which happens only in
keystone, so if we do keystone first, it breaks placement.
Change-Id: Id5b2c67701bcc7b12c8e3764c7199d10f85df80f
The uwsgi proxy version that comes with Ubuntu xenial is too old, so
we have to build it from source. This is a temporary solution until
the next LTS.
This lays the ground work for using it in keystone.
Change-Id: I00fb1759e6988c7df0ce0f3df5ff1ce9fd7cd381
When an apache worker gets a proxy error, it will not retry talking to
the backend server until the retry timeout expires. We bring up the
proxy server *before* the backend server, and poll it. If we are
running a small number of workers, there is a likely chance that we're
going to hit one that errored before the backend was up, thus failing
for now real reason.
Set this to 0 instead to mean always retry failed connections.
Change-Id: I9e584f087bd375f71ddf0c70f83205c425094a17
Ref: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
tls-proxy is the way we're now doing a standard install using https
between services. There is a lot more work to make services directly
handle https, and having python daemons do that directly is a bit of
an anti pattern. Nothing currently tests this in project-config from
my recent grepping, so in the interest of long term maintenance,
delete it all.
Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
Instead of this code all existing in keystone inline, factor out into
a dedicated set of functions, and make keystone use this. This drops
uwsgi supporting https directly, but that's not going to be a
supported model going forward once we get to proxy only anyway.
Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe
We're now in a systemd world where systemd is managing the restart
effectively, there is no reason to be tricksy with apache now that
we're not working around weird upstartd issues.
Change-Id: Ifadfd504eb10a90db5177ea9180b9cd8331a2948
We're going to want to start using it by default so just start with
always installing it. This should not negatively impact anything else.
Also had to fix the test using cowsay, now that cowsay depends on
cowsay-off.
Part of uwsgi in devstack.
Change-Id: I8306a992d9d006bc0130a255145a6880065aa0df
Allow cursive to be installed from git instead of pip.
The barbican-tempest-plugin, which uses cursive indirectly
through nova and glance, would benefit from the ability to
use cursive from git instead of pip.
Change-Id: Icae7d310f1ee392d080e7c8e421a26d7c0ef4727
Allow castellan to be installed from git instead of pip.
Castellan has recently been moved under the oslo framework,
and the barbican-tempest-plugin tests which use castellan
would benefit from the ability to usd castellan from git
instead of pip.
Change-Id: I96edca90c61aec84637b7b1ce842eff04c521923
The swift functional tests use a config which requires keystone ports,
we're about to make those go away. This exposes the actual auth_uri to
swift for consumption.
Change-Id: I5868dfdb8e5f0972ba04e359d212b04351502436
We recently disabled EPEL in openstack-infra, enable it again.
Change-Id: I213b302b34b740354d63b69e8ac7f4e1b3d3cdd7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
It is possible some CI system are using an http_proxy. Use the helper
function to cover this use case.
Change-Id: Iee685147ca0244fc7de328a765f937602223de20
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Libvirt live migration requires netcat. It appears that newer UCA
packages may not automagically pull this in so explicitly list it as a
dependency of nova compute here. Note that netcat/netcat-traditional do
not appear to work and netcat-openbsd is required.
Change-Id: If2dbc53d082fea779448998ea12b821bd037a14e
Give instructions to add permissions for stack user without touching
main config.
Closes-Bug: #1680459
Closes-Bug: #1681418
Change-Id: Idd27e684e63c616466de28c07551729a1e091bdd
We have had issues with libvirt 1.3.1 which is stock on Xenial. Try
using 2.5.0 from UCA instead.
Related-Bug: 1643911
Related-Bug: 1646779
Related-Bug: 1638982
Change-Id: Ia4434541c71f050fe1ffb54f4c4c1e302391d00b
The change to remove references of XEN_INTEGRATION_BRIDGE
(If5886e3711765a97f40f20e478f958b988b5a620) unfortunately left some
code which should have been removed. This remaining code caused an
error in some situations when deploying from scratch (which the CI
avoids for expediency)
Change-Id: Ia568462c9cca8cff8fcfada8148d185609d61a7d
This is required to install python-openstacksdk from source for testing
other projects against master.
Change-Id: Iee7b043ac7d381dadf89d26098f69e935ed81d6b
These are needed for oslo.log to use journald support. They are
*probably* already installed, but just in case we force install them.
Change-Id: I0dc66bd2628ff4b3e1caa7ab4366d7f36ff7ea94
This is going to be a new option in oslo.log, which we can start
setting early to make it take effect.
Change-Id: If0e5e4717a1810c759058f33608fbac7543f2d85
uwsgi is a different service type under systemd and shouldn't be run as
a standard oneshot type. The uwsgi docs outline a good pattern for
writing systemd unit files:
http://uwsgi-docs.readthedocs.io/en/latest/Systemd.html
This commit takes those suggestions and creates a separate path for
writing uwsgi unit files.
Change-Id: I9b541b86781afdded311dba058cedd783e1a0dfa
It looks libvirt/qemu requires mode 0755 to functioning properly,
but DATA_DIR won't be set to 0755 if it is different from default.
Change-Id: I37ca0b02b6a75b3756860b547e84c37ccfc99d13
Closes-Bug: #1677421
This adds a flag and basic config for enabling coredumps for libvirt.
Partial-Bug: 1643911
Co-Authored-By: Matthew Booth <mbooth@redhat.com>
Change-Id: If7cd54e804a5a389a0d82a325b58f5b41b8ef0db
In an effort to reduce memory consumption enable KSM by default. The
biggest win here is when using libvirt with nova or ironic with its
fake baremetal instances. In theory any process that runs duplicates
with mergeable memory will benefit though.
Change-Id: I4c5addfd3e83b6516023b36cbaabd5169f0d5ceb
Currently Devstack starts all Swift services, including those
in charge of "consistency convergence" (remember Swift is eventually
consistent), data scrubbing, hard-deletion (*-reaper services)
cleanup.
But when running with Replication Factor 1 some of those services
are not needed at all. Besides, the fonctionnalities provided by
some of these services are not tested at all (neither in Tempest
nor in Swift functional tests).
Thus, in light of saving some Mo of RAM, this patch introduces a config
flag to start only a minimal set of Swift services, just what's required
to make all of our current tests pass.
The default value for this new config flag is set to start all services,
that is to maintain Devstack's current behavior.
For sake of completeness, here is the list of services that are not
going to be started is the config flag is toggled, and the associated RSS
according to our peakmem_tracker
40004 swift-object-replicator /etc/swift/object-server/1.conf
34320 swift-container-replicator /etc/swift/container-server/1.conf
33584 swift-object-auditor /etc/swift/object-server/1.conf
33328 swift-object-reconstructor /etc/swift/object-server/1.conf
31936 swift-object-updater /etc/swift/object-server/1.conf
31492 swift-account-reaper /etc/swift/account-server/1.conf
31076 swift-account-replicator /etc/swift/account-server/1.conf
29540 swift-container-updater /etc/swift/container-server/1.conf
29220 swift-account-auditor /etc/swift/account-server/1.conf
29036 swift-container-auditor /etc/swift/container-server/1.conf
So we are looking at saving at most ~350Mo of RAM (could be less
because RSS doesn't account for shared memory).
A follow-up patch will soon be proposed in devstack-gate to not run
those additional services in our Gate jobs.
Change-Id: I8a0d03ac0296a74e38efd185beb8513866eaf0c4
As of Id6e3c0ac54b21d85e68625a5b52fe2559fb70f24 keystone's policy
file is empty and it is no longer required at runtime. This commit
updates devstack to not deploy a policy file for keystone because
devstack doesn't specify any policy overrides. Instead, we can remove
the sample policy file and rely on the defaults that have been
registered in code. This is the same approach nova took with policy
in I85a251376dfe38caa4b100861bf764014a98bc37.
Change-Id: Ib1d9a51a78e2a84a3d7294dc8782605a681fa9e8
During the PTG there was a discussion that the screen developer
workflow wasn't nearly as useful as it once was. There were now too
many services to see them all on one screen, and one of the most
common service restart scenarios was not restarting one service, but a
bunch to get code to take effect.
This implements a 3rd way of running services instead of direct
forking via bash, or running under screen, which is running as systemd
units.
Logging is adjusted because it's redundant to log datetime in oslo.log
when journald has that.
Swift needed to have services launched by absolute path to work.
This is disabled by default, but with instructions on using it. The
long term intent is to make this the way to run devstack, which would
be the same between both the gate and local use.
Some changes were also needed to run_process to pass the run User
in. A hack around the keystone uwsgi launcher was done at the same
time to remove a run_process feature that only keystone uwsgi uses.
Change-Id: I836bf27c4cfdc449628aa7641fb96a5489d5d4e7
psutil is only installed under python3 for the 3.5 gate jobs. Call
mlock_report.py with $PYTHON so we support both environments.
Updates to mlock_report.py for python3 compatability
Change-Id: If7926ce6a2996b766c49b010a7f6640ae624f860
Now that we don't support Ubuntu Trusty anymore, we can remove
the ebtables race workaround.
Closes-Bug: #1675714
Change-Id: I70483f871e35fcaa933d1b7bac7dbb396aa22cef
Since Feb 25th devstack supported operating systems changed
due to Nova increasing its minimum required libvirt version.
Further details see: I6617283afd798af37e64913b7865cea3c8a62aba
This patch is to update versions on devstack documentation.
Change-Id: I12bb59b0903a728376ee9422213c2903b9138249
The package libvirt-bin is a transitional package in Debian and should
not be used anymore.
Ubuntu Xenial is an exception here.
Because of that this change also adds the possibility to use "not:" to
exclude distros in files/debs/* just as "dist:" limits distros.
Depends-On: Icc59ea79f54d4ff8751f2e353ee3530fff3d961e
Closes-Bug: #1673840
Change-Id: I3998a7178d14ec40eae5cb199d66da9546cd6ccf
In order to get memlocked pages this needs to be run as root, just
start it as root so that we don't have issues with the inability to
run sudo later in the run.
Change-Id: I7adab8cbb6d89d4717e427aec22e316d27bea075
This commit change check of 'running_in_container'
method so that other services ironic, nova and neutron
will not break.
Change-Id: I42eb587cfaebf37944cb10e459b8b8f7b4b4e4ba
Previously we use a specific integration bridge for neutron ovs agent
which is running in compute node, but this isn't necessary, this
patch is to remove the specific integration bridge for XenSever and
remove the custom integration bridge definition
Depends-On: I675565e1ea6c887d40d7a53f62968c4aa385ecca
Change-Id: If5886e3711765a97f40f20e478f958b988b5a620
single-machine.rst and index.rst
Before this, one had to create /opt/stack
manually and chown it to the stack user.
Now it is created when the user is created.
This is the same way the multi-node guide
handles it. A stack group is created too.
Change-Id: I5363d81c8fb38796f565cc6ebf6ab2dee2673989
Closes-Bug: #1673787
Closes-Bug: #1671409
With XenServer we have two neutron-openvswitch-agent(q-agt, q-domua)
For the q-domua it is specific for XenServer, this patch is to move
the specific configurations to os-xenapi which we have devstack plugin
in that repo
Depends-On: Ic816404c84f6a8899d01a77cb67fbfb421653e6b
Change-Id: I8a31c81d9475387fe4ed7030b70b26098e588771
When redoing a stack.sh over and over again, tempest venv can get out
of sync and cause issues until deleted. We should rebuild that tempest
venv on every stack.
Change-Id: I2f66bb1a7ccf9f89e11db1326d8553589e52fbf2
Supported Debian distros (codenames) are "sid", "testing",
and "jessie", but it should be "stretch" and "jessie".
"testing" is no codename and therefore should be replaced by
"stretch".
"sid" changes all the time and cannot be guaranteed to run
correctly or is at least not tested.
Change-Id: Id4b80a055452bbff69036d4dc1adeda46ce99664
Closes-Bug: #1673810
Closes-Bug: #1674416
Instead of grepping for 'lxc' in /proc/1/cgroup, use systemd's
features. This now at least also works in LXD containers.
Change-Id: I35e807c26f0b1fbba83ddbe04cfb4901a7a95cbe
We are facing memory pressure in gate testing. Apache is fairly large so
tune its connection limits down to try and squeeze out more useable
memory. THis should be fine for dev envs, also tlsproxy is not enabled
by default so we can check that this tuning works well on a subset of
jobs before making it default everywhere.
Data comparisons done with gate-tempest-dsvm-neutron-full-ubuntu-xenial
jobs.
Old: http://logs.openstack.org/37/447037/2/check/gate-tempest-dsvm-neutron-full-ubuntu-xenial/721fc6f/logs/screen-peakmem_tracker.txt.gz
PID %MEM RSS PPID TIME NLWP WCHAN COMMAND
20504 0.2 16660 19589 00:00:00 34 - /usr/sbin/apache2 -k start
20505 0.2 16600 19589 00:00:00 34 - /usr/sbin/apache2 -k start
20672 0.2 16600 19589 00:00:00 34 - /usr/sbin/apache2 -k start
20503 0.1 14388 19589 00:00:00 34 - /usr/sbin/apache2 -k start
19589 0.1 9964 1 00:00:00 1 - /usr/sbin/apache2 -k start
Total RSS: 74212
New: http://logs.openstack.org/41/446741/1/check/gate-tempest-dsvm-neutron-full-ubuntu-xenial/fa4d2e6/logs/screen-peakmem_tracker.txt.gz
PID %MEM RSS PPID TIME NLWP WCHAN COMMAND
8036 0.1 15316 8018 00:00:01 34 - /usr/sbin/apache2 -k start
8037 0.1 15228 8018 00:00:01 34 - /usr/sbin/apache2 -k start
8018 0.1 8584 1 00:00:00 1 - /usr/sbin/apache2 -k start
Total RSS: 39128
Note RSS here is in KB. Total difference is 35084KB or about
34MB. Not the biggest change, but we seem to be functional and it
almost halves the apache overhead.
Change-Id: If82fa347db140021197a215113df4ce38fb4fd17
Now Apache2 has 5 dedicated processes for Keystone Admin and 5 for
Keystone Public. As each Apache process consumes some memory and
we arbitrarly decided 5 was a good number more than 2 years ago,
maybe now (with the recent memory pressure we feel) is a good time
to reconcider.
With 5 processes our peakmem_tracker.py script reports a max RSS size
for the "wsgi:keystone-ad" and "wsgi:keystone-pu" processes of
2 (public and admin) * 5 (number of processes) * 90 Mo (RSS of each
process) = 900 Mo.
With 3 processes, the overall max RSS for Keystone is
2 * 3 * 90 = 540 Mo.
Note that this is RSS memory, but using the "smem" linux command on
my laptop, I noticed that the USS (Unique set size, i.e RSS excluding
shared memory) is around 80Mo per process. So reducing the number of
processes will actually reduce memory consumption.
Change-Id: Iba72d94aa15ecaa87c0115ad26d6bpeakmem_tracker62d5b3bea0a
The diet seems to be too strict, jobs failing with "out of sort memory". Needs more investigation before resubmitting.
This reverts commit 1e66388c5f.
Change-Id: Ic10effaaf047eb3527082baab889772c5e57fa90
It's 2017, some of our newest OpenStack developers/users may not
even know what stable/kilo is/was.
Change-Id: I00f39cc80af7e1632293bf057d95040b6bfa48e0
Was using the '-ne' integer comparison operator to compare UUID
values. This caused error messages like:
/opt/stack/new/devstack/lib/tempest: line 226: [[: dfae26ac-1780-4677-902d: value too great for base (error token is "902d")
Change it to use '!=' string comparison operator
Change-Id: Ib7c9197dd0fe58addf33b4f82beea6de64f6b10b
glare has been removed from glance already. Now error will be raised
if enable g-glare in local.conf.
Remove the glare support by glance.
Change-Id: I9a389af194dd2b8aed75d3c921293d800f8c591b
Add a missing --subnet-range argument when creating an ipv6 provider
network. Also changed SUBNET_V6_ID to IPV6_SUBNET_ID. And remove the
--ipv6-address-mode arg because it doesn't apply to subnets on routers.
Change-Id: I82796804a06e758e458606dc9eb400bcd08ad6e4
Since it's pretty common to see blogposts recommending to mount /opt/stack
remotely or editing inline the code, adding some notes about the potential
risk of a reclone that could impact weeks of work.
Change-Id: I733d40b76fb02d8edf3719533fc8202547771871
Co-Authored-By: Stephen Finucane <sfinucan@redhat.com>
Not all Cinder backends support the 'manage volume' feature. The test that
in tempest for this feature is specific to LVM and will *not* work for
other work backends regardless of them supporting the feature.
Change-Id: I055aa66738deb5ae2fb925429cec565e3901340c
When variables use the 'declare' directive, it is by default a local
variable. While other variables have global scope.
For example:
declare -A AN_ARRAY # local in scope
foo=1 # global in scope
This causes errors to occur as some of the variables will be local only
and others will be global.
Update the code, as appropriate, so that variables using the 'declare'
directive also include the '-g' flag to have them also be global. Not
every instance of a declared variable has been updated.
Closes-Bug: #1669509
Co-Authored-By: John L. Villalovos <john.l.villalovos@intel.com>
Change-Id: I2180b68fe861ad19c6d4ec0df0f9f8a528347862
lib/keystone builds KEYSTONE_SERVICE_URI so that other services
don't need to reconstruct the identity URI. Many services already
use it, but some parts were still building the identity URI from
the different parts.
This will allow changing the identity URI to include a path
(e.g., to http://<host>/identity) in 1 place rather than in
multiple places.
Change-Id: I58cbdbe591d8869807545e0815480fc3375e0479
Before the patch, we were only configuring root_helper_daemon to point
to oslo.rootwrap, but not root_helper. (The former is used for long
running commands only, while the latter is used for short lived
commands.) This made neutron agents to directly call to sudo when a
privileged process was to be executed. This failed because /etc/sudoers
was not configured to allow anything except the rootwrap call itself.
This patch simplifies rootwrap handling in the code; it also sets
root_helper to point to rootwrap; as well as configure daemon in
sudoers. While at it, we also set l2 agent to use rootwrap too.
Hopefully, it will be enough for agents to actually configure backend as
needed.
Change-Id: Ib05a6e0e024f534d7f616d41d70fb67ecf6daeaf
The oslo.messaging docs on the notification messaging driver
says that "messaging" (1.0) is a legacy format and you should
use messagingv2 unless otherwise required for that old format.
By default we should be testing with messagingv2.
Change-Id: I3031afe7551a0c8dde46e1ccfacff445fb68e122
The change makes peakmem_tracker list processes that lock memory pages
from swapping to disk. It may be helpful when debugging oom-killer job
failures in gate in case when dstat shows that swap is not fully used
when oom-killer is triggered.
The peakmem_tracker service was renamed into memory_tracker to reflect
its new broader scope.
Needed-By: I5862d92478397eac2e61b8a61ce3437b698678be
Change-Id: I1dca120448ee87930fe903fd81277b58efaefc92
Keystone v3 API is CURRENT and the v2 API is deprecated now.
So we need to change the default config of auth_version to fit
for current API status.
Depends-On: Id5e5ed9bf4f8b0f9eb376bfc7c5801f0956da1d9
Change-Id: I801e6740258ddea2a1b628a209970e0307d39d12
Nova has been supporting glance v2 since Newton and removed
support for glance v1 in Ocata:
97e7b97210139a7f7888f0d6901e499664de02a3
We should disable glance v1 by default because there are several
test paths in Tempest which don't get run when glance v1 is
available because it uses glance v1 rather than v2.
Depends-On: I54db379f6fbe859fd9f1b0cdd5b74102539ab265
Change-Id: I7f962a07317cdad917ee896d79e49ee18938d074
Change ac5fdb4c40 introduced
a problem for gnocchi CI because the deployments steps
are now:
1. create cell0
2. start nova-api (with multiple workers)
3. install ceilometer via extras
4. ceilometer calls nova-api to list servers; at this point
nova-api getes the list of cells and caches them, which
will just be cell0
5. create cell1 via simple_cell_setup which also discovers
the n-cpu node so we can schedule instances
6. gnocchi tests create and list instances and at this point it hits
an n-api worker that only has cell0 cached so it does not
find some test servers it created and fails.
The cell0 and cell1 cells should be created in the nova_api db
before starting n-api so that when we first list instances, we
store both cells in the cache that's in n-api. This deployment
order is also how the nova docs describe rolling out cells v2
but the way we were doing this devstack wasn't following that,
or accounting for when devstack plugins are loaded via extras.
This change creates the main cell1 cell earlier in the setup
before n-api is started, and then changes to just run
discover_hosts at the end after n-cpu is running (which is what
simple_cell_setup and map_cell_and_hosts would do implicitly).
Change-Id: I38eab6707340253a10159a169ae61d34784c2d28
Related-Bug: #1669473
This simplifies neutron library code and makes it less prone to breakage
in the future. So far there are no specific known issues with existing
code per se, it works, still.
Change-Id: I28f1997d226baae902dae5ca8ee6cd4fd89efe31
We propose several MySQL configuration parameter changes (with
explanations) to reduce the memory footprint of MySQL. A demonstration
of the improvement is provided in
https://etherpad.openstack.org/p/change-438668.
As Clint provided some of the descriptions that I've used, I have
listed him as a co-author (thanks Clint). Let this serve as a warning
to all that commetors may be enlisted :)
Change-Id: Icb2d6ea91d3d45a68ce99c817a746b10039479cc
Co-Authored-By: Clint 'SpamapS' Byrum <clint@fewbar.com>
Since https://review.openstack.org/#/c/438325 landed
it only works for Centos 7, but not for other
RHEL-based distributions: Virtuozzo and, probably, RHEV.
Both of above have own version for qemu-kvm package: qemu-kvm-vz and qemu-kvm-rhev,
accordingly. These packages provide "qemu-kvm", like qemu-kvm-ev,
and, when you call "yum install qemu-kvm", they replace the default OS package.
Change-Id: I46da627c0da8925064862fdc283db81591979285
This patch enabled the "allow_global_implied_dsr_disabled" feature
flag. This is a feature flag toggle for bug 1590578 which is fixed
in Newton and Ocata. This option can be removed after Mitaka is
end of life.
Change-Id: I70e3ce79ee6d9b00cc48bb178bd423d0196f6588
Related-Bug: #1590578
Because things like nova may need to create vhosts in the rpc backend,
we need to have started and created credentials before we configure
the service.
Change-Id: I01c9c5288e197fc50a8a4a032e3a32cd166eb180
openvz is not in the nova tree, and is referencing a crazy old image,
we're going to assume that if anyone is using this they can build a
devstack plugin.
drop doing anything by default because this actually requires that we
special case things like ironic in tree to *not* do anything by
default.
Change-Id: I9d33b98263c3d52a95b9983e90eb0b341fa1d363
Add python-openstackclient to the list of packages installed under
Python 3 by default, so that jobs running with Python 3 exercise the
client that way.
Change-Id: I9778a6810bb3e4850132cfc19e583d50fed23ef5
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
DHCP agent should not load core plugin config file; L3 agent has no
interest in metadata agent configuration file; etc. It's a mistake to
form a single global list of configuration files and pass it into all
processes. Every process should have its own list, that may or may not
have some files in common with other processes.
The only file that is common to all neutron processes is neutron.conf,
and we could in theory keep it into the common list. But I decided at
this point it's better to be explicit about what's loaded into services.
Also the order of arguments is important, and neutron.conf should always
be the first CLI argument, which is hard to achieve by keeping
neutron.conf file in the global list.
Plugins may be interested in loading additional files into neutron
processes. For example, dragonflow needs to load /etc/neutron/dragonflow.ini
into neutron-server. But we should not necessarily load all those files
into all processes, so such extendable lists should be per process.
Besides, neutron_server_config_add_new is already available to use to
append additional configuration files for neutron-server. That's why the
patch completely kills the NEUTRON_CONFIG_ARG variable.
Depends-On: I4bd54a41a45486a5601373f9a9cce74d7686d1aa
Change-Id: Ia3c3862399bba335db5edf9ea70f850fb2638d09
Calling enable_kernel_bridge_firewall inside a
container, devstack will crash because it tries to
load a kernel module by calling 'sudo modprobe' on
net.bridge.
Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4
Closes-Bug: #1662194
For the latest qemu-kvm, you have to use the qemu-kvm-ev package,
which is based off the qemu-kvm-rhev package, which is explained in
[1] but you probably can't read it. The gist is, that qemu-kvm-rhev
is a later build of kvm that is incompatible with the base version
provided. qemu-kvm-rhev is only provided with the RHV (ovirt) and
RHOS (openstack) products. CentOS rebuilds this package as
qemu-kvm-ev as part of it's virtualisation SIG.
I9a972e3fde2e4e552f6fc98350820c07873c3de3 has bumped up the minimum
qemu version to 2.1.0. It seems there is a an issue (bug #1668164)
where having the qemu-system package installed gets picked up if
installed, and reports the incorrect version to nova, causing failure.
This removes the installs from files/rpms/nova as it is all being done
in function-libvirt. We only install the qemu-kvm-ev package on
centos and remove the old work-around.
[1] https://access.redhat.com/solutions/629513
[2] https://wiki.centos.org/SpecialInterestGroup/Virtualization
Change-Id: Ide91b261f35fb19d8bd7155ca016fa3b76a45ea1
Use pip_install_gr so we get the version pinned by requirements. The
depends-on is an example of where we're trying to pin to workaround
issues.
Depends-On: I9c57c08a150571c5bb62235d502839394d53a4c1
Change-Id: I780cca681b12a3e9d228dbf2fd9fa6e8ab1a82e1
This patch creates symlinks between neutron-* files tracking runtime
dependencies for services, and q-* files. Since lib/neutron is the
new recommended way to deploy neutron with devstack, this patch made
neutron-* files real files, while q-* files are just symlinks.
Change-Id: I0f361f31160d0fee40ad3e8de873edd05173e54e
This allows post-config phase to use neutron_service_plugin_class_add
so that devstack plugins can use it in the same way for both of
neutron-legacy and its "modern" counterpart, lib/neutron.
Closes-Bug: #1667037
Change-Id: I9068fd608e82e70db8d725f92269a26920efebcb
Using the same name for two different subnet pools means that one needs
to reference them by their UUID. Choosing unique names will allow us to
use the name to reference the pool later on.
At the same time simplify the command used for pool creation by
instructing OSC to only output the value that we are interested in.
Change-Id: Idedcb6328925d44cdd0f415450ec4ebbc272401d
Devstack configures keystone for auth mechanism but don't tell
keystoneauth1 library that it should use keystone too.
In simple case, this is not an issue because some application
set 'password' by default (like the openstack cli).
But applications can have no default or another default.
Change-Id: Idd1e1d2e7546fce7531175440788a8c7cb27aec1
This patch adds haproxy package to devstack as Neutron will rely on it
for serving metadata instead of the current Python implementation.
haproxy will reduce the memory footprint from ~50MB to ~1.5MB for
serving metadata. It will be spawned for every Neutron router so,
for large deployments, it will be a significant memory reduction.
Change-Id: I36a5531cacc21c0d4bb7f20d4bec6da65d04c262
The old code assumed _neutron_service_plugin_class_add presence, as well
as used a configuration file path that is not standard (under
/etc/neutron/services/ instead of /etc/neutron/metering_agent.ini).
The patch untangles metering configuration in the new library from that
old and bad code, and reimplements it inline.
This should help the effort to switch gate from lib/neutron-legacy to
lib/neutron.
Change-Id: I0d235498af4b6a70bd5dae6ea178d5aa8ba41e80
Since for the new devstack library we still rely on some functions from
ovs_base, we need to initialize them with sane default values so that
setup works as intended and as lib/neutron-legacy behaves by default for
external connectivity setup.
Change-Id: I412ed4f988b8e03a3e3a08066375b55a6e6aa3e6
The creation of the cellsv1 rpc vhost was buried in the restart function,
which makes it hard to extend. This breaks it out into a helper method
and moves the conditional logic into the nova module itself.
Change-Id: Ib0e377aabe45c27bb6ce59ca275ce73085e8b9d2
Currently placement api section will be configured on controller
only if service n-cpu is running. It breaks multi node setup.
Closes-Bug: #1667219
Change-Id: I8b0f60f253859f704bb9831d7dac8f55df353ac7
- Remove extra spaces
- Fix a missing space in the generated option string
- Fix a fatal typo
Change-Id: Ieca1c3e3c7e2ff59089ef45435e126ce7ff4f9b5
Closes-Bug: #1667073
FakeLoggingVolumeDriver will be used for functional Cinder tests to
prevent dependencies on any storage.
FakeGateDriver is based on LVM and will be used to run Tempest tests for
such features like CG's, replication, etc.
Depends-On: I383bcdb531c7d52c0fdbb6875de73f1274a92854
Change-Id: I2dc8ea416f5eb3fcc9d2e959533497e464220ff5
Upgrade xen tool to install Ubuntu Xenial; change the upstart
task to systemd task to finish the OpenStack installation
by using devstack.
Change-Id: I8129923be3c41e7f60e9d32348a5ea8e07d4845b
This ensures we only set the nova catalog when it's not the default,
instead of also putting defaults in devstack.
Change-Id: Ibb0dcb8bae2e9223db302d7b19e8fbee4ebbf0e3
I think now is a good time to stop running Cinder V1 tests. It should
save quite some Infra resources and jobs should run faster too.
Also, remove some useless variables in lib/tempest.
Change-Id: I0edf1d88c136c3b910a5773690a603eeacb50266
Sometimes when doing worlddump would see a command line like this:
sudo ip netns exec (id: ip addr
This would cause an error to be seen in console.log:
2017-02-07 00:03:03.659570 | /bin/sh: 1: Syntax error: "(" unexpected
This is caused by there sometimes being extra data returned from the
'ip netns' command [1]. For example it might look like:
qrouter-0805fd7d-c493-4fa6-82ca-1c6c9b23cd9e (id: 1)
qdhcp-bb2cc6ae-2ae8-474f-adda-a94059b872b5 (id: 0)
[1] https://lwn.net/Articles/629715/
Change-Id: Icece442023125ef55696b8d92a975d37e358b1b4
Closes-Bug: 1653969
This reverts commit e0a37cf21e.
This didn't help fixing bug #1630664. Issue seems to be between
client<--->Apache2, not between Apache2<--->eventlet
Change-Id: I092c1bbf0c5848b50fc9e491d1e9211451208a89
This commit switches devstack to use the published qcow2 cirros image
instead of the AMI version. Using AMI was mostly a historical artifact
dating pretty far back, but in the real world no one really uses AMI
images with openstack clouds. This change reflects that and also
enables tempest ro remove its deprecated config options for using AMI
as a fallback on misconfiguration (which was just there to support
devstack's defaults)
Change-Id: Id65ebae73b28da7185cb349b714b659af51ef77f
Nova is going to increase the minimum required libvirt
in Pike to 1.2.9 in change:
I9a972e3fde2e4e552f6fc98350820c07873c3de3
Based on the libvirt distro support matrix wiki [1] that
drops support for Ubuntu Trusty and Debian 7.0/Wheezy.
Trusty has libvirt 1.2.2 and Wheezy has 0.9.12 (the Wheezy
support should have been removed long ago apparently). The
7.0 removed here is for Wheezy also based on commit
b2ef890db3.
This does not undo the check for "trusty" with the
EBTABLES_RACE_FIX in lib/nova_plugins/function-libvirt
since you can still force devstack to run on Trusty if
you specify the FORCE=yes variable.
Note that RHEL 7.1 has libvirt 1.2.8 so it won't technically
work with devstack and nova + pike + libvirt, but with the
way os_RELEASE is calculated the minor version is dropped
for RHEL distros so we just get "rhel7".
Also note that this doesn't attempt to continue supporting
Trusty or Wheezy if nova is not configured to use libvirt,
simply in order to start moving forward on devstack distro
support in general and to keep some sanity and closeness
to what we test with in the CI system.
While we're in here, we also drop Fedora 23 and add
Ubuntu Zesty.
[1] https://wiki.openstack.org/wiki/LibvirtDistroSupportMatrix
Depends-On: I9a972e3fde2e4e552f6fc98350820c07873c3de3
Depends-On: If69f99bd789e646b0261e27a8a061efde32436f7
Change-Id: I6617283afd798af37e64913b7865cea3c8a62aba
The proliferation of internal/admin endpoints is mostly legacy and
based on some specific deployment patterns. These are not used by
everyone, and for the devstack case aren't really that useful. We
should simplify our service catalog down to the minimum we need for
development.
Change-Id: Ided7a65c81b3a0b56f0184847fc82e17c29a771e
Adding sudo to the example commands in the quick start section.
Also adding '-' as su argument in order to use
the stack user's env (home).
Change-Id: I23ab38104d05c3f4c8d48b55e66cf19dc4e4f90d
This new version of CirrOS is built on top of 0.3 branch, so wrt
version 0.3.4 it includes only two commits:
- Cherry-pick of the fix for https://launchpad.net/bugs/1564948
- One extra fix to make the above working on 0.3
Cherry-picked commit is http://bazaar.launchpad.net/~cirros-dev/cirros/trunk/revision/366
A Tempest test for hard reboot in some cases hits the case where
host key are empty. This triggers bugs/1564948, i.e. the ssh
daemon does not start at all, and the Tempest test fails with
"connection refused", which is misleading.
The new version of CirrOS solves this problem as it ensure host
keys are generated if missing, and the sshd deamon started.
I tested the scenario of missing host keys in Iea74c63925be17a1df894c1a2c23f5ba2793e0c6
using a private build of what then became 0.3.5.
Change-Id: I5c154ec25555e768954538fc22b4f5d5975b2deb
Force mod_proxy to immediately close a connection to the backend
after being used, and thus, disable its persistent connection and
pool for that backend.
Let's see if that helps fixing bug #1630664 (the
Connection aborted/ BadStatusLine thing).
We already have an ER query (in queries/1630664.yaml) that should show
whether this is effective.
Change-Id: I03b09f7df5c6e134ec4091a2f8dfe8ef614d1951
Since the empty value is the default for the option, and when explcitly
set in config file, it triggers a deprecation warning for the option,
avoid setting it unless we actually need to override the new default
value.
Change-Id: If423114d7a52da29b97d1fb473a955d9d69a1a3e
Those are not called by devstack anymore. This cleanup also gets rid of
code that attempts to set external_network_bridge to an empty value,
which triggers a deprecation warning for the option since it's going to
be removed in a next Neutron release.
Change-Id: I5adcbab877b4e8742522de81b1a85acfc33160d7
For the instance which has boot by uefi, we should use
virsh undefine --nvram to undefine it. Check the libvirt
version for whether it supports nvram and use new undefine
parameters since this parameters is compatible with those
instance which don't use uefi.
Closes-bug: #1612613
Change-Id: Ibca1450e965df1481e6cd6b0d597b4323d667e60
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
We currently use a more permisive STRICT_ALL_TABLES mode, but that's
not what modern MySQL versions default to (i.e. TRADITIONAL):
https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sql-mode-changes
(non-Devstack deployments will most likely use TRADITIONAL as well)
Due to the fact that we default to TRADITIONAL in oslo.db, this
produces annoying warnings on MySQL 5.7 versions we use in the gate:
Warning: (3090, u"Changing sql mode 'NO_AUTO_CREATE_USER' is
deprecated. It will be removed in a future release.")
https://git.openstack.org/cgit/openstack/oslo.db/tree/oslo_db/options.py#n49
Unlike STRICT_ALL_TABLES, TRADITIONAL mode includes NO_AUTO_CREATE_USER,
and MySQL emits this warning on switching it on:
https://dev.mysql.com/worklog/task/?id=8326
So we have two options here:
1) make oslo.db default to STRICT_ALL_TABLES
2) make Devstack default to TRADITIONAL
The latter seems to be more appropriate as:
1) it's what modern MySQL versions default to
2) it's what people are actually using, if they do not override the
oslo.db default
3) it's more strict
Closes-Bug: #1652452
Change-Id: Ie6d823c9f8465ac9f2ce4825929d1a50438fab45
When cleanup devstack with linuxbridge, PUBLIC_BRIDGE should be
DOWN before trying to delete it.
Change-Id: I2d205cbe4d92a03ee5c376a23282d9880dd9a1df
Closes-Bug: #1662543
Tempest doesn't support the `api_version` config option for networking
anymore. I can't track which Tempest patch removed it, but it's been more
than 2 years.
Change-Id: I4012f470e8c317803203b6fa1e265600dbc49b3d
Commit e7361775c1 changed the code to
use Python 3 style print function, but when doing 'print()' in Python
2.7 it would print '()':
>>> print()
()
Import the __future__ print function so that a blank line will be
printed as expected. This will now work the same in Python 2 & 3.
Change-Id: I61742e107278f2327c18c9ab0de52d1914f16c97
When command failed and component failed to start, original exit code
was overwritten due to original command being executed in background.
This commit adds information about command's exit code to echoed message
about component's start up failure.
Change-Id: I8a3dd485b1b1f2d70d42c5610baac7c0c713f53a
Signed-off-by: Joanna Taryma <joanna.taryma@intel.com>
Now that Liberty is EOLed, the feature flag is not needed anymore.
Change-Id: Ib82cb21edbda383d17f8cf69fedc884f2357fead
Depends-On: I7073106988a79aad19c6b95bb050d2eaf00c36c0
The dedicated RPC worker is overkill in single or multinode
devstack deployments. Also metadata API workers was left
default, which meant they were as many as the CPU cores.
Related-bug: 1656386
Change-Id: Ibbf7787dfa48e13a51f961f3e0ee2b8f49964759
Right now we under pressure because of increasing memory consumption in
dsvm jobs. So it'll be good to see which process is eating the most ram
at a given time. It may not end up being useful, but it doesn't hurt to
at least display just in case.
Change-Id: I096bf4b425db51358240335e41f6238d1ec1bb40
While configuring the external network as the default
router gateway for IPV6 in lib/neutron_plugins/services/l3,
"router" keyword is missing in the command.
Corrected the command.
Change-Id: I055bea5137a841f709d4865ec9a43d6b53f8f4c9
Closes-Bug: 1660712
The map_cell0 command creates a cell mapping record in the
nova_api database, and the nova-manage db sync command
will migrate the db schema for the nova_cell0 database. This
patch takes advantage of that by moving the map_cell0 call
much earlier in the setup process so we get the nova_cell0
db schema migrated at the same time as the main nova db.
This also removes the || true condition around map_cell0
since it's idempotent now due to fix:
aa7b6ebbb254f00fcb548832941ca9dbd3996d9f
Change-Id: Ice4fbb1771270c618b2acbc933d4fbfb6805df81
Nothing uses this variable either in devstack or libraries,
so it's dead code (at least on master), and we can remove it.
Change-Id: I5975c476ae5b26402c209d6e5746e7a5a5a91507
Cells v1 apparently doesn't support the swap volume API which
was recently enabled for testing in change:
92575baa6b
Rather than revert that change, we should just handle the cells
v1 case and not enable that test in that environment.
Change-Id: I80f52e8299641098d90d3c374a80770fc45b8122
Closes-Bug: #1660511
tools/discover_hosts.sh is run by devstack-gate, and breaks all dsvm job
that doesn't use nova.
nova-manage is perhaps not installed if nova services are not enabled.
This change checks the presence of nova-.
Change-Id: Ic555d241f98d0fa027897c69a7115d1be88f6c96
This adds a simple script to run the
'nova-manage cell_v2 discover_hosts'
command which will be used by
devstack-gate to discover the compute
hosts after devstack is fully setup.
This allows us to manage the branches
where this can run from devstack rather
than require branch logic in devstack-gate.
Change-Id: Icc595d60de373471aa7ee8fb9f3a81fc12d80438
Depends-On: I4823737246a8e9cc4eaebf67ff6bdba8bf42ab29
If the NoVNC service is enabled, enable vnc_console in tempest.conf.
This will allow tempest tests that interact with VNC to be executed.
Change-Id: Idb38a3b11e2f61f23adf1ec23c04ddccd72e7539
Depends-On: I09aed8de28f1ba2637382e870134ced38808df29
The daemon mode of root helper for XenAPI has been implemented by
this change which has been merged to neutron:
https://review.openstack.org/#/c/390931/
It will help to import the performance. Let's enable this mode
by default in devstack.
Change-Id: I52246bef3e4434dfc49446535b122580bc475ac3
This provides a single setup_logging function which builds consistent
colorization if the config supports it, otherwise builds the identity
strings that we need to actually keep track of requests.
Change-Id: Iffe30326a5b974ad141aed6288f61e0d6fd18ca9
This makes setup_colorized_logging be a thing which takes a single
parameter and doesn't let projects do things differently. It also
changes the order of values from user / project to project / user to
represent the hierachy more clearly.
Change-Id: I8c0ba7da54be588e3e068734feb4f78ed7c5a14a
An initial install for devstack-tools, this will need to use all the
fun pip extra variables for installation, however the current
pip_install always prefers python2, and we only want to do python3
here.
Change-Id: I3dcdb35130f76fad81cb7b0d4001b7e96efbbd84
The test that is in tempest for this feature is
specific to LVM and will *not* work for other backends
regardless of them supporting the feature. It shouldn't
default to enabled for everyone, only for LVM.
If others want to opt-in they can, but its definitely
the minority that would.
Change-Id: I21347f2a5069059e6413208b254d5acd246faaea
In the incoming XenServer, it failed to install conntrack-tools
in Dom0 due to the bash script which is trying to find the correct
CentOS release version to be used in yum command. This patch is to
fix the problem
Change-Id: If7f169e118ccb7c29fc479c361417a916dc40b40
For some reason we were defaulting the name of the cell0 database
to nova_api_cell0 instead of nova_cell0. Devstack inherited that to
make things work, but we don't really want that. This patch makes us
use the proper name and create the cell0 mapping accordingly. As a
side effect, it also starts the process of unifying the cellsv1 and
cellsv2 paths by creating the cell0 mapping the same for both.
Change-Id: I4e7f6c5eaa068c98e5c4ef3feaee50d8e4f5d484
Findutils added in release 4.2.3 a new --delete action for deleting
matching files. This action performs better than -exec rm {} \;
because it doesn't have to spawn an external process. This change
uses a new action whenever is possible.
Change-Id: Iff16a86b18e924cfe78ac7c6107910940ce51e03
$ipv6_modes should always be passed when creating the
default IPv6 subnet, not just when fixed_range_v6 is
set. Without it the default was DHCPv6, which cirros
doesn't support out of the box. Was broken in
change-over from neutron to openstack cli.
Change-Id: Iadd39b1ce02fe0b3781bd3ae04adfd20d7e12d9f
Closes-bug: #1656098
Since cellsv2 setup is no longer optional, we can't even exclude
cellsv1 from this step. Since cellsv1 users can't use the simple
command, this does the individual steps as needed.
Depends-On: Icfbb17cce8ce8b03dc8b7b4ffb202db01e5218a6
Change-Id: I3c9101a34b2bb0804fc4deda62dbb8637e7b8f94
The only virt driver in nova that supports the swap volume API is
libvirt so enable testing that in Tempest only if using libvirt.
Depends on two changes:
1. The Tempest change that adds the new config option and test.
Depends-On: I2d4779de8d21aa84533f4f92d347e932db2de58e
2. A nova fix for correctly waiting for the block copy job in the guest
to complete.
Depends-On: I0c52917a5555a70c4973f37dea1aebf878dd73b4
Change-Id: Ibb6b309574d2c6a06fcecb0626ea21527fb7f412
Only a few Cinder backends support the 'manage snapshot' feature. So
we need a feature flag here. Luckily the LVM driver does support this
feature so default the feature flag to True in devstack(/Gate) but
introduce a variable to tweak the config.
Change-Id: Ifcb9f91059f08bdf2faf2a8d65229aba5742ee1c
Depends-On: I77be1cf85a946bf72e852f6378f0d7b43af8023a
In Nova, service token will be passed along with user token to communicate
with services when dealing with long running tasks like live migration.
This change addresses adding service user configuration for nova in
devstack.
Part of Nova blueprint use-service-tokens
Depends-On: I51eb0a8937fa39a2e5dafb1ad915e7113ea61f72
Co-Authored-By: Sarafraj Singh <sarafraj.singh@intel.com>
Change-Id: I2d7348c4a72af96c0ed2ef6c0ab75d16e9aec8fc
When installing a library from source and python 3 is enabled, first run
the installation process with python 2 enabled to ensure the library is
also installed under python 2 for any services not yet running under
3. The python 3 version is installed second so that command line tools
installed with libraries are installed under python 3 when python 3 is
enabled.
Change-Id: Ibb0f7a68d21081bf7652a0c1515080c0c54888ca
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
Add variables ENABLED_PYTHON3_PACKAGES and DISABLED_PYTHON3_PACKAGES to
work like ENABLED_SERVICES and DISABLED_SERVICES and to manage which
packages are installed using Python 3. Move the list of whitelisted
packages in pip_install to the default for ENABLED_PYTHON3_PACKAGES,
except swift which is not enabled by default for now.
Add enable_python3_package and disable_python3_package functions to make
editing the variables from local.conf easier.
Add python3_enabled_for and python3_disabled_for functions to check the
settings against packages being installed by pip.
Update pip_install to check if python3 is disabled for a service, then
see if it is explicitly enabled, and only then fall back to looking at
the classifiers in the packaging metadata.
Update pip_install messages to give more detail about why the choice
between python 2 and 3 is being made for a given package.
Change-Id: I69857d4e11f4767928614a3b637c894bcd03491f
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
Hypervisor XenServer will change to use os-xenapi in the future,
this will need DevStack changes, this patch is to remove install
Dom0 plugins part to our own DevStack plugins.
Change-Id: Ic327135b893a77672fd42af919f47f181e932773
The logic to set the default image for Ironic has been moved into the
Ironic tree. This patch is just removing it from DevStack.
Change-Id: Iaeb177f194adc83e40d86696e5553f9f72bbd1f9
Depends-On: Id828b41dc44113ce1cd094ce5fc245989699d4ff
The PCI-DSS feature has been introduced during the Newton
release and its settings are disabled by default. This
patch adds the possibility to enable some of them during
DevStack setup.
Change-Id: If6b5eb3e3cbc43eb241c94d18af80ad50be08772
Depends-On: Id97ca26f93b742cc3d8d49e98afc581f22360504
* iniuncomment followed by iniset for reseller_prefix just adds a
duplicate line in the config file that configparser does not like
so just remove the uncomment
* fall back to http:// url for glance->swift keystone authentication
* insecure flag to talk to swift
Depends-On: I51d56d16a5b175bd45dee09edc0b2748d72a5d06
Change-Id: I02ed01e20f8dce195c51273e8384130af53384ce
Currently if PHYSICAL_NETWORK and PUBLIC_PHYSICAL_NETWORK are
same then duplicate entry is created in ml2_conf.ini like below:
flat_networks = public,public,
With this patch, if PHYSICAL_NETWORK and PUBLIC_PHYSICAL_NETWORK
are same then add only PHYSICAL_NETWORK to flat_networks in
ml2_conf.ini
Change-Id: Iae4d1ee3882f6d96b4e4abd52ecc673a620563b5
Closes-Bug: #1654148
This commit switches how scripts we use to launch the installed version
in the path. Previously the scripts were manually executed in the source
repo, but this has issues if you're trying to run with py3 in a system
where python == py2. Setuptools already does the shebang magic for us
at install time, so we just need to use the installed version of the
script.
Change-Id: Iaa4d80ec607a2aa200400330e16cad3a4ca782ac
According to the feedback in the TC meeting [1], we renamed the Nova
virt driver from "docker" to "zun" [2] to avoid name collision
to nova-docker. This rename also help to clarify the difference
between these two drivers.
[1] http://eavesdrop.openstack.org/meetings/tc/2016/
tc.2016-11-29-20.01.log.html
[2] https://review.openstack.org/#/c/414651/
Change-Id: I747080953ae4d1d35ed334831100413b6e4466c4
The domain_name to be used needs to be $SERVICE_DOMAIN_NAME, as this is
changed in devstack from "Default" to "service".
Change-Id: I6351c1b2ca7ea4448e13eb87455bff4058df4fa7
Previous this was set the zake, but that was revert to missing
dependencies issue and because zake is a test fixture and not somthing
to deploy.
This change configures the Cinder dlm with this one is zookeeper.
And it installs tooz and the extra dependencies needed for the
zookeeper driver.
To do it, this commit have to introduce a new method for package
installation: 'pip_install_gr_extras package extra1,extra2'.
Change-Id: Idca310c08e345db59840eb31434c6cb1f849fa70
nova-network has been deprecated since Netwon and Nova change
I8388c29ad310cd8800084b4d5c026013158bfbed is switching the default
value of use_neutron to True, so we need devstack to explicitly
set use_neutron=False when running and configuring nova-network.
Part of blueprint use-neutron-by-default
Change-Id: I82721b5d10711401b9b0ebc2b0ed07cc8287bbf7
Really close to getting swift and keystone under uwsgi working, so
let's white list them. Won't affect any existing jobs, so we should
be good.
Change-Id: I51d56d16a5b175bd45dee09edc0b2748d72a5d06
Now that Liberty is EOLed, the feature flag is not needed anymore.
Change-Id: I5206535761773d4bcb02ebb8f25d1b0c1b59110c
Depends-On: If0b2168080a0b0ecdc6682ef69856a0879f4f6d3
CLI tests have been removed from Tempest in
I4f8638f1c048bbdb598dd181f4af272ef9923806
Dashboard tests have been removed from Tempest in
I2a69ebed2947a5ab5e5ca79557130bd093e168dd
Change-Id: I6df74a07e209b07fd3feae762c9cdab16e09414f
The snapshot_backup feature flag was introduced in
Ib695e60c2ed7edf30c8baef9e00f0307b1156551 to enable Tempest tests
introduced in I1964ce6e1298041f8238d76fa4b7029d2d23bbfb
But I1964ce6e1298041f8238d76fa4b7029d2d23bbfb was never merged so that
feature flag was never really useful.
Change-Id: I4e0bc786d2320907cb101fc788ad51444628537d
Use trueorfalse to normalize the values for USE_PYTHON3
Install 3.5 instead of 3.4 When USE_PYTHON3 is specified.
Also, since not many packages are classified correctly, fallback
to looking for just "Programming Language :: Python :: 3" and
log a message for the package to highlight the problem.
Also special case some services that are *almost* ready
Depends-On: Id48e1b328230fcdf97ed1cb4b97f4c3f9cf6eb8a
Depends-On: Ib7d9aa0e0b74a936002e0eea0b3af05102b06a62
Change-Id: I243ea4b76f0d5ef57a03b5b0798a05468ee6de9b
In order to test whether live migration is backward compatible
we need to live migrate VM back and forth between two versions
of nova. This configuration option will allow to reuse existing
tests just by adding if condition in a method that invokes live
migration and validates outcome:
* If set to False, it will use existing behaviour
* If set to True, it will live migrate VM, validate whether it
succeded, then live migrate the same VM once again and again
validate the result
Depends-On: Icaeca404ec3e4b8f3cd489789fdac6117740ec43
Change-Id: I8da2b3bd0c08d9a3111d3531c346d06bd52cae7b
The placement API configuration was binding a specific port *and* was supporting
to be called by the default HTTPd ports using a Location directive.
Given that the corresponding service catalog entry for the placement service type
doesn't mention the specific application port but is rather using the default
port 80, we can remove that specific port and just use the default config.
Note that we still need to use a VirtualHost directive for the specific placement
config because ErrorLog is only scoped for either server or virtualhost but can't
be set for a Location (or a Directory) context.
Change-Id: I9a26dcff4b879cf9e82e43a3d1aca2e4fe6aa3e6
This moves setting of RABBIT_HOST from stack.sh to lib/rpc_backend
so it may be used in grenade runs, which don't have the defaulted
value from stack.sh. The RABBIT_HOST is needed in order to call
get_transport_url in lib/rpc_backend.
Change-Id: I504f7fac7bb9a8c158e20046dbd1dd2d507db02b
Closes-Bug: #1649586
Depends-On: I3d4d7b309e50f4e2970cda55aada02d68c4fa705
Services that run inside Apache use tail -f on the corresponding log
file to display output in the screen session. However, they also use sed
to replace some control characters, and this means that the output is
buffered. This results in debugging experiences that range from
"impossible" (the log you want isn't shown) to "Kafkaesque nightmare"
(the log you want isn't shown, except that sometimes it is, and
sometimes it isn't even though you double-checked and you're completely
sure that you must have output a log, but when you check back later you
realise it actually is and you wonder if history is actually not mutable
after all and begin to question what is real and what is not).
This adds the --unbuffered option to ensure streaming output.
Change-Id: I665ff5f047156401d8152f478d834ac40ff31658
Now that the placement service is mandatory for running Nova in Ocata,
we want to enable it by default when running devstack by default.
In the past, we added a placement-client service with
I04a655fbc58913b3d607400a7f677be299499142
Devstack-gate will also be able to run a multinode devstack with the
help of Ibd760c642e3c1ffff2dd61be48e30530b0d24720
Change-Id: I273c3c8299ee329bed425f3e7cd4b583ed1187a4
Neutron doesn't use any arptables based firewall rules. This should
somewhat optimize kernel packet processing performance.
I think the setting came from:
http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
but does not apply to the way we use iptables.
Change-Id: I41796c76172f5243e4f9c4902363abb1f19d0d12
Closes-Bug: #1651765
If 'RECREATE_KEYSTONE_DB=False' database won't be recreated.
It would be useful for multinode Grenade tests for Keystone. This parameter
will help us to deploy multiple services on different machines talking to
the same DB.
Devstack recreates Keystone DB each time during Keystone service installation.
If our controller node is already deployed, Keystone DB already contains
important information about OpenStack services and their endpoints. When
the second Keystone node is being deployed, we don't want to delete
records about controllers' services endpoints.
Partially-Implements: bp rolling-upgrade-testing
Change-Id: Ia8d07b4295ca165be01e44466c95d5275f596e83
When doing multinode devstack we need a way to specify that we've
enabled for the placement service. We use a pseudo service of
placement-client for this.
Change-Id: I04a655fbc58913b3d607400a7f677be299499142
The current code assumes that there exists a public openstack network
and uses that assumption to set the public_network_id variable in
tempest lib. If NEUTRON_CREATE_INITIAL_NETWORKS is set to false this
step will fail as there is no public network to be found. This change
adds a check for NEUTRON_CREATE_INITIAL_NETWORKS before attempting to
set this variable.
Change-Id: I62e74d350d6533fa842d64c15b01b1a3d42c71c2
Closes-Bug: #1645900
Different versions of Ubuntu ship with different versions of Java.
Trusty had 7, Xenial has 8, and so on. This causes problems when we
hardcode a versioned package name into our dep lists as that version may
not exist everywhere. Thankfully Ubuntu provides a default-jre-headless
package that we can use instead that maps properly onto whatever java
version is correct.
Change-Id: I4e5da215c8f7aa426494686d5043995ce5d3c3af
* Set ml2_type_flat setting so that the public flat network is created
correctly
* Set securitygroup driver correctly
It should be set as:
[securitygroup]
firewall_driver = iptables
Change-Id: I7369b45fbc5a47ce958693c67a1902a8cb24f367
When creating a service user we allow the user to be created with a
different role. Currently in auth_token middleware we want to check that
the service token is specified with the service role so we should always
add the service role and optionally add additional roles.
Change-Id: Ie954a679674b4795079b539ebc8d4d2dcbd7dacc
When using local.conf in multinode envs not everything is going to be
defined in all places. Eventually we probably want to make it so we
have a host role for these sections or something. But for now warn
instead of die when we can't find a config var.
Change-Id: I6959099373f035fbfe9e540a44e4c52b8e7c95c0
Closes-Bug: #2000824
Since I21ae13a6c029e8ac89484faa212434911160fd51 nova-manage db sync
may try to make a request to api db in order to get cell mapping and
will fail, as the db is not created yet. While this is non fatal, we
could avoid the error anyway.
Change-Id: I19483e9420071d484f029779bcc8c6d623c210ce
Related-Bug: #1631033
the python-xml is a subpackage from the standard cpython package that
that contains elementtree and other bits that are needed almost
everywhere in OpenStack but isn't installed on a absolutely minimal
openSUSE Leap installation. This package doesn't exist on pip but
is a SUSE only invention, so just treat it similar to a bindep.
Change-Id: I82887c2e6895740d1b16d1269574519450ca783e
Starting with SLE12 SP2 and with openSUSE Leap the distro-shipped
openvswitch is the normal systemd openvswitch.service service file
and no longer the older openvswitch-switch Sysv5 init script. Add
a special case for that.
Change-Id: I5152f2585c3d4d18853988d6290039d6b1713b99
Now all configuration are present in Ironic tempest plugin
and those are going to be removed from tempest in
Id518a6d87d0949737cd1c50cb6a83149b85e5f85
Patch- I73c649625d106fc7f068e12e21eaacba8f43cbbb set
those in ironic devstack plugin.
We can remove all baremetal config setting from devstack.
Along with moved one this patch deletes other unused baremetal
config setting.
Change-Id: If826321ebc0c20ea372d206d49383f3826c9b547
Depends-On: Id518a6d87d0949737cd1c50cb6a83149b85e5f85
Depends-On: I73c649625d106fc7f068e12e21eaacba8f43cbbb
On Ubuntu nodes, devstack tries to predefine the initial mysql root
password by doing some debconf-set-selections, but these will not take
effect if the corresponding package has been installed earlier. So
just try to set it every time, like we do on other distros.
Change-Id: I2c167051fc5e53dd0ccf82a60ab085cd9cdea28d
create_cell requires n-api and at least one n-cpu up and running. If
we have a configuration where it is not guarunteed that there is an
n-cpu at the end of a devstack run we have to skip this step and make
the user run it manually later.
Change-Id: I2287ab29f3c1a7252271dcce81673ef365615296
Role "root" it is hardcode.
In general case role name comes from local.conf: string "DATABASE_USER="
Change-Id: Iedfca48e04d23c313851f48d68ac40ba29340805
The linuxbridge agent for Neutron expects that the public bridge will
already be created by the time it starts. On devstack, this only occurs
as part of the l3 agent configuration. If a compute node doesn't have an
l3 agent and is using a linuxbridge agent, then br-ex won't be created
and the process will not be able to start (causing stack.sh to fail).
This causes the gate-grenade-dsvm-neutron-linuxbridge-multinode-nv gate
to fail. To avoid the issue, skip the bridge mappings setup unless L3 is
configured. This is done in a backward compatible fashion: if localrc
uses the old q-l3 tags, the is_service_enabled neutron-l3 would not be
able to succeed.
Closes-Bug: #1643562
Change-Id: I292ff0dc080fb84b5f879ba2f00f03eff295b55b
libguestfs does not work on ubuntu because the kernel is not
world readable. This breaks file injection with libvirt.
See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725
for more details.
The workaround proposed by Ubuntu is to relax the kernel ACL
if needed, so we need to do that in case file injection is
enabled on an Ubuntu host running libvirt.
Partial-bug: #1646002
Change-Id: I405793b9e145308e51a08710d8e5df720aec6fde
We need a local.conf processing phase after every run phase which lets
us override config options after that point. We didn't explicitly
support this for test-config before, which broke some CI systems when
we moved tempest to use this later phase.
Closes-Bug: #1646391
Change-Id: I7d693afa19acf3e8231e84e45b7a868628ebdbc0
This single global variable is no longer useful as we have multiple
repositories and devstack plugins nowadays.
Also, add a utility function, neutron_server_config_add, for devstack
plugins to add an extra config file.
Related-Bug: #1599936
Change-Id: I90112823ef96ae2fba97d7b09b00bec8cb816d8d
So that it can be used by functions like _determine_config_server,
which is used like RESULT=$(_determine_config_server).
Change-Id: Ia4e641c5529b95ada30ae662221f370bc7fa88a7
To avoid using legacy functions accidentially.
Depends-On: Ida1f83b6b3ef9b76be13c063c7e35a8703214078
Change-Id: I3ff136fc8330c92007cdfe91b77d7f9865eabd8d
XenServer already support OVS native mode and I have a patch for
configuring it https://review.openstack.org/#/c/372952/ which
is fine. But we have another patch which revert the usage of
ml2_confi.ini and ml2_conf.ini.domU
https://review.openstack.org/#/c/396573/. Both patches work well
separately. But the two should have some dependent relationship.
Once one merged, the other should change accordingly. Sorry that
we missed the dependency.
This patch is to fix the ovs config based on reverted ml2_conf.ini
and ml2_conf.ini.domU to make sure we configure the correct IP for
ovs agent
Change-Id: Ib53e37e210cc849f161dd6630f81e5b2331a91d5
Similar to 30ab23cd9b, fix the
plugin name to avoid warnings like:
WARNING stevedore.named [-] Could not load neutron.plugins.ml2.plugin.Ml2Plugin
Change-Id: Ibb45f1305816b255ba2419ba662d9e29eff68f58
Neutron has changed to use ovs native interface by default, but when
the hypervisor is XenServer, we cannot use ovs native interface without
extra configurations in neutron-openvswitch-agent(q-agt) in compute
node.
This patch is to add the needed configurations automatically during
deployment, so user needn't to do it manually and restart q-agt.
Change-Id: Ibc69d3cdb4d75833f2ac16840c62bcacf460dd4f
We are seeing connection errors to the proxy occasionally. These errors
do not result in a logged http request or error to the backends,
resulting in a theory that the proxy itself may just not be able to
handle the number of connections. More than double the total number of
connections that will be accepted by the proxy in an attempt to fix
this.
Change-Id: Iefa6c43451dd1f95927528d2ce0003c84248847f
Related-bug: 1630664
There may be cases when the configuration of the OVS is different
from the default one. This enables one to make use of the neutron
configuration file to contain all of the OVS settings.
Change-Id: I728cf8cdc653667c076b07b39c13c1278281c01b
Closes-bug: #1645691
The order of the steps were a bit confusing for the first timers
in the devstack document. So, changed the order of installation
steps to make it clear.
Change-Id: Ifaa051887dab95719b9ca5d1b2fbe2f5f549d269
Closes-Bug: #1627939
The current coding fails to process local.conf like
the following. Note: This example is taken from a
real use case. [1]
[[post-config|$NEUTRON_CONF]]
[qos]
notification_drivers = midonet
[[post-config|$NEUTRON_CONF]]
[quotas]
# x10 of default quotas (at the time of writing)
quota_network=100
quota_subnet=100
quota_port=500
quota_router=100
quota_floatingip=500
quota_security_group=100
quota_security_group_rule=1000
[1] https://review.openstack.org/#/c/400627/
Closes-Bug: #1583214
Change-Id: Ie571b5fa5a33d9ed09f30ba7c7724b958ce17616
Horizon is removing run_tests in favour of tox during Ocata, as part of
https://blueprints.launchpad.net/horizon/+spec/enhance-tox. To complete
this move, we need to remove any reliance on run_tests.
Change-Id: Ia8ad073aee68d1660d3bb5a68ec07516d8ce0665
In the 'Private Network Addressing' section of the doc,
there are references to FIXED_RANGE when referring to V6
networks. These have been changed to FIXED_RANGE_V6.
Also fixed a few typos and grammatical errors when
giving the doc a quick read-through looking for more
references to FIXED_RANGE.
Change-Id: Iaa530c476ce2b36a3f616945ddd2e24fa599a16c
If devstack is deployed in the VM with defined
public IP address (like 192.168.10.6) it is not possible to
access the Horizon from the browser.
This is because DEBUG=True means that ALLOWED_HOSTS, if not set,
is equal to ['localhost', '127.0.0.1', '[::1]'] according
to Django's documentation.
Change-Id: I0ab2b57e459dbfa3b01b3e9388bbcefac076a142
Co-Authored-By: David Lyle <dklyle0@gmail.com>
Closes-Bug: #1643050
Using devstack on a RHEL based system results in
"Listen 0.0.0.0:80" being added to the
/etc/httpd/conf/httpd.conf.
This configures Apache to only listen to port 80 on an IPv4 interface.
This makes it not possible to access Horizon via IPv6 without
re-configuring and restarting httpd.
Removing this sed leaves the default "Listen 80" from the rpm package,
which binds to all interfaces and will allow connection to Horizon
via IPv6.
Change-Id: I9fe8cbebff0ca6a30ceeaae0f7e035c9bb828d44
No need to explain how to enable Neutron now that it's enabled by
default. Keep but reformat the 'how to enable swift' part though.
Change-Id: I3f9b7796fad10abf1039e4c68eb2cd5ef6cdbc99
Since 4b49e409f8 devstack
started to use reload instead of restart.
Using reload in devstack for a fresh install,
does not makes too much sense unless multiple service
plugin touches the same service configs.
Systemd rejects to reload something,
which was not loaded before.
$ sudo /bin/systemctl reload httpd
httpd.service is not active, cannot reload.
We will switch to `reload-or-restart` action instead of `reload`,
it is more likely the action what the previous patch wanted.
Change-Id: I70d597fbe4a8923d937ba8432e29edefb27d1058
The linuxbridge agent for Neutron expects that the public bridge will
already be created by the time it starts. On devstack, this only occurs
as part of the l3 agent configuration. If a compute node doesn't have an
l3 agent and is using a linuxbridge agent, then br-ex won't be created
and the process will not be able to start (causing stack.sh to fail).
This causes the gate-grenade-dsvm-neutron-linuxbridge-multinode-nv gate
to fail.
Closes-Bug: #1643562
Change-Id: I6f441c6febb5070ad885569d9c798634d0272b6c
Change dddb2c7b5f recently
changed devstack to enable the Cinder image cache by default
and changed to use thinly provisioned LVM volumes by default.
Since then we've had a spike in thin LVM snapshot test failures
in the gate, which is by far our top gate bug at 219 hits in the
last 10 days.
So unless there is a fix on the Cinder side, this changes the
default lvm_type back to 'default' for thick provisioning.
Change-Id: I1c53bbe40177fe104ed0a222124bbc45c553b817
Related-Bug: #1642111
With the key manager refactoring in nova and cinder, the key manager
class will need to be explicitly set.
Nova key manager refactoring: Ib563b0ea4b8b4bc1833bf52bf49a68546c384996
Cinder key manager refactoring: Ief8885bb4ca8d62b03cf1a52c25dd0e62c835bfe
Change-Id: I733279864ee1a4aaffc9c8eed81b5e12f8d8821b
Implements: blueprint use-castellan-key-manager
Without this parameter, when we set GIT_DEPTH,
it may happen that we clone only master and
then cannot checkout branch
Change-Id: I39376914f8bfc286a308c99db6bc92cddab195b5
The intent was to make any ipv6 safe addr range bigger than a /64 a /64
when setting the fixed range. Unfortunately the awk only emited the mask
and not the addr. Fix this by sprinkling the address back in.
Fixes-Bug: 1643055
Change-Id: I526d4c748fd404ecb3c77afcbb056aa95090c409
If devstack is deployed in the VM with defined
public IP address (like 192.168.10.6) it is not possible to
access the Horizon from the browser.
This is because DEBUG=True means that ALLOWED_HOSTS, if not set,
is equal to ['localhost', '127.0.0.1', '[::1]'] according
to Django's documentation.
Change-Id: I74ae99569dafa10eee7066713a05fb49183e3fca
Currently devstack assumes that the network used for ssh
validation is the private network. This patch adds a hook that
sets the network used for ssh validation based on whether or not
provider networking is being used. It also moves the function
'is_provider_network' into functions-common as it will now be
used by both tempest and neutron.
Change-Id: I265c9e26c9bfb18b7e201f27d8912b8bec235872
We should be using $VOLUME_GROUP_NAME instead since Icehouse.
$VOLUME_GROUP_NAME has been introduced in
I93b8ef32832269d730c76a6dc24ddb4f20c6d9df and $VOLUME_GROUP is nowadays
only use as a fallback to $VOLUME_GROUP_NAME.
As a code comment in lib/lvm says it we kept the $VOLUME_GROUP around as
"for compatibility with icehouse-generation Grenade". Icehouse is long
gone so now seems a good time to remove any usage of $VOLUME_GROUP.
Change-Id: Id3051b5a196c45266c39fde4f08401aaacf0f6bd
When using zypper remove, include the -y option to avoid stack.sh from
hanging waiting for user confirmation. Due to output buffering, the
script could hang before giving the user the prompt to enter Y to
continue, making it unclear why the script was hanging.
Change-Id: I5ea761e5ae0829439953c385f8e7d0546acba886
Closes-Bug: 1642736
Swift port base was changed in Ifd95b99004aead5ddc8ae1a8dd3ccd9c4f2abe91
but we forgot to update the rsyncd.conf. This patch update the rsyncd.conf
file.
Change-Id: Id457c047c672a810c4c0c7721b6beeb01b719879
When using the enable_plugin command and grenade jobs it can be
easy to enable the same plugin twice, as the grenade job has a
registration section and the configuration in project-config can also
enable it due to code-reuse in project-config.
If a plugin is enabled twice it will likely fail, though it won't be
obvious that it was due to the plugin being enabled multiple times.
This change makes it so if it sees the same plugin name is enabled
more than once it will die and an error message outputted.
Change-Id: I9f1d7e58b861b04473b6a57c9ad404203fb7277a
The switch to using subnetpools caused quite a bit of confusion
because it didn't respect the value of FIXED_RANGE. This caused
conflicts in the gate with it's default IPv4 value of 10.0.0.0/8.
This patch does a few things to address the issue:
* It introduces the IPV4_ADDRS_SAFE_TO_USE and IPV6_ADDRS_SAFE_TO_USE
values and adjusts all of the FIXED_RANGE and SUBNETPOOL_PREFIX values
to dervive from them by default.
* This addresses the concern that was raised about implying that
SUBNETPOOL_PREFIX and FIXED_RANGE are equivalent when setting
SUBNETPOOL_PREFIX=FIXED_RANGE by default. Now we have a new value
for the operator specify a chunk of addresses that are safe to
use for private networks without implementation implications.
* Backwards compatibility is maintained by alloing users to override
override all of these values.
* The default for IPV4_ADDRS_SAFE_TO_USE uses /22 instead of /24
* Because we want to be able to use subnetpools for auto allocated
topologies and we want to be able to have a large chunk of
instances on each network, we needed a little more breathing room
in the default v4 network size.
* SUBNET_POOL_SIZE_V4 default is changed from 24 to 26
* In conjuction with this change and the one above, the default
subnetpool will support up to 16 64-address allocations.
* This should be enough to cover any regular gate scenarios.
* If someone wants a bigger/smaller subnet, they can ask for that
in the API request, change this value themselves, or use a different
network entirely.
* FIXED_RANGE_V6 defaults to a max prefix of /64 from IPV6_ADDRS_SAFE_TO_USE
* This avoids the private subnet in the non-subnetpool case from being
larger than /64 to avoid issues identified in rfc 7421.
* Users can still explicitly set this value to whatever they want.
This 'max' behavior is only for the default.
* This allows IPV6_ADDRS_SAFE_TO_USE to default to a /56, which leaves
tons of room for v6 subnetpools.
Closes-Bug: #1629133
Change-Id: I7b32804d47bec743c0b13e434e6a7958728896ea
This removes the logic to add a route pointing to the IPv4
tenant private network range since the router is performing
SNAT. If reaching the IPs via the route worked at all, it was
by accident since this behavior is certainly not guaranteed
by Neutron.
Change-Id: If45e3fc15c050cfbac11b57c1eaf137dd7ed816f
XenAPI requires two instances of L2Agent: the standard one manages OVS
bridges in DomU and the service name is called as q-agt in Devstack;
the other new L2Agent manages OVS bridges in Dom0 and the service name
is called as q-domuA. In order to support the new agent q-domuA, it
requires some XenAPI-specific configurations. But unfortunately those
XenAPI-specific configurations were configured in the standard agent
file, meaning other changes made to the standard agent file would not
have the correct effect. So it has caused issues, for example, floating
IP addresses are not reachable.
This fix is to move the XenAPI-specific configurations from the stardard
agent configuration file to the XenAPI-specific agent configuration file
so that it won't impact the standard agent's behavior.
Change-Id: I45944e84a1f81d016aa00da6d782801ee8457ea4
Currently the x509 certificate setup is done after all the
openstack services have been deployed. This is OK because
none of the services require that the x509 certs exist
when they are being deployed. With the integration of TLS
into the nova novnc proxy (and later spice & serial proxy)
service, x509 certs will need to exist before Nova is
deployed.
The CA setup must thus be moved earlier in the devstack
deployment flow, prior to the setup of any services. One
part of the CA setup, however, fixes up the global cert
bundle locations and this can only be done after the
python requests module is install, thus must remain in
its current location.
Change-Id: Idcd264fb73bb88dc2f4280c53c013dfe4364afff
This removes all of the heat code from the devstack tree, in favor of the
devstack plugin in Heat's tree.
Depends-On: I4bed1e5cef5afa7b049b07640086a86a3f881e13
Depends-On: Ic392bcc24bc374ee8511a94f1d8f6ac23131c7e3
Change-Id: I5b60422bf1f5fa78aa8f3383f7a222e0356d9e42
The deprecated AMI image file opts will be removed soon.
See https://review.openstack.org/#/c/338377.
So we can't use the fallback mechanism anymore. This patch is to
specify the correct image parameters for XenServer.
Change-Id: Ic287a3ed1725c42ea29022158bc9720c9a96533f
Previously the usage of neutron debug ports was removed by
5e01c47e4d but there was still call to
teardown_neutron_debug. Recently a change to devstack-gate
1d6cc0771a3399300117f488e9d71e7ea46a4d82 caused that call to be
triggered and breaking the gate-devstack-dsvm-updown job.
This patch deletes the call and comments regarding setup_neutron_debug
and teardown_neutron_debug.
Change-Id: Ifdacb0cec1307db469bd66f551474539184cf2cd
Besides updating to OSC CLI, this patch also fixes an argument name typo
present before in 'nova keypair-add' (--pub_key should be --pub-key).
Specifying $OS_PROJECT_NAME in case user is associated to multiple
projects containing security groups with same name (e.g. 'default').
Change-Id: I776f6edfc4c6c798a39d3260827a18c695f05c87
Nova is going to land a database migration in Ocata
under change I72fb724dc13e1a5f4e97c58915b538ba761c582d
which enforces that at least the simple cells v2 setup
is performed, which creates the cell mappings, cell0 and
host mappings. Before we can land that change in Nova
we have to make cells v2 setup a default in the integrated
gate jobs.
Depends-On: Ie44e615384df464516aa30b9044b5e54b7d995bb
Change-Id: If1af9c478e8ea2420f2523a9bb8b70fafddc86b7
The neutron client is going to be deprecated during the
Ocata timeframe, so it is time to start switching to the
openstack client to invoke networking commands.
use of neutron client in neutron-legacy has been left as is.
The command for setting the router gateway is left as follow up.
Change-Id: I0a63e03d7d4a08ad6c27f2729fc298322baab397
When using neutron network under xenserver, we must enable linux bridge
in Dom0 as neutron will use linux bridge qbr in compute node for
security group. But by default XenServer use openvswitch and disabled
linux bridge. This patch is to remove this restriction.
Change-Id: I0e8124ff2323810fdc46c717a750ce7e8f4aa0c6
The initial start of the neutron OVS agent always prints
a warning:
WARNING stevedore.named [] Could not load
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
There's an alias for that in setup.cfg called
iptables_hybrid that would avoid it.
Change-Id: I3f5bf782f4f27dc123e462e494741a8a941641ec
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.
Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f166
Partially-Implements: bp keystonev3
When using XenServer, it will create two neutron-openvswitch-agent
q-agt and q-domua even it's single box environment, but it didn't
stop the q-domua, this patch is to stop q-domua in unstack.sh
Change-Id: I511ed534bfb7d5fe6136f6a0b33f1d749d30862c
Closes-Bug: #1631721
This commit removes some config values for tempest that no
longer exist in tempest/config.py therefore are no longer needed
in tempest.conf.
Change-Id: I5778973012e57e8d9df9bf864590f8ed7fe05561
Sets the port_security feature flag in tempest.conf
if the port_security extension is enabled, which it's not
by default in neutron but is set by default in devstack.
This adds global variable for setting the port_security
extension in ml2.conf and in tempest.conf so we only have
to set this in one place.
Depends-On: I1efd5c838aa0d73cc6e8864e3041eea25850198d
Change-Id: I6334b200e42edd785f74cfb41520627393039619
Related-Bug: #1624082
this is the first patch in a series to actually make fernet the default
token provider in keystone. the patches for grenade, release notes, and
actually switching the value in keystone all depend on this patch first.
reasons for switching over:
- fernet tokens are the recommended token provider
- the install guide for newton recommends deployers use fernet tokens [0]
- we previously attempted this switch but ran into timing issues [1],
the timing issues have been resolved [2]
[0] http://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html
[1] 153db26970
[2] https://review.openstack.org/#/q/topic:make-fernet-default
Change-Id: I3b819ae8d2924f3bece03902e05d1a8c5e5923f1
The devstack ldap configuration for keystone is still using some
old options that are no longer valid. The write support is
being removed this release. And in previous releases, the ldap
assignment driver support was removed and was not removed here.
Change-Id: I538626b681eaee6a7ac10dfbc29605b73fbe13bf
To avoid it being created multiple times for multinode setup.
Note: This reverts "Enable neutron to work in a multi node setup"
(commit 88f8558d87) partly and fixes
the issue differently.
The configuration in question uses the new lib/neutron. (not neutron-legacy)
In that case, calling create_neutron_initial_network from stack.sh directly
is a wrong way, as create_neutron_initial_network is sourced by
neutron-legacy. The new neutron code should not rely on the legacy one.
Closes-Bug: #1613069
Change-Id: I868afeb065d80d8ccd57630b90658e330ab94251
Q_ variables belong to neutron-legacy.
These are True by default in neutron.
Remove them in favor of post-config meta section.
Change-Id: If691a79b09003f85a07c9f33e0379a2b21e48141
Until the policy changes land for Nova, Glance, etc, this
value is not used. Additionally, by having it set, it actually
makes it hard/impossible for the required changes to land in
the other services. Disable/comment out the changes in the
Keystone specific lib file for now, and we will re-enable once
the Services can make use of them.
Change-Id: Ia1de9083c21107dac2f0abb56bda166bdb37a69d
The ceph cinder backend script was setting the wrong
config option in cinder.conf for the secret uuid. This
was being masked by a bug in nova which is failing on
this bug when trying to fix the nova bug...right. It
makes sense.
See:
http://docs.ceph.com/docs/master/rbd/rbd-openstack/#configuring-cinder
Change-Id: I4655cae3212d589177d2570403b563a83aad529a
Closes-Bug: #1635488
It's not used, and a recent change to trim down projects lists in
devstack-gate broke devstack in the gate that enabled heat.
Change-Id: I405423bdc9ba8dd9b30fce6fdceacccf662d5da3
Ubuntu wily support is EOL so lets make room for yakkety.
Change-Id: Ib13d43f6d89bdf7c684cd34655a077a13e237be3
Signed-off-by: Chuck Short <chuck.short@canonical.com>
This reverts commit 6930ba312f.
By reverting this patch we are no longer using the bandaid fix mentioned
in the code. The latest openstackclient release (3.3.0) fixes the bug.
Related-Bug: 1619274
Change-Id: I20e3c5a92b97bf46c8d2318cd37044f0f36e1745
We should not require any special role for heat
since very long time.
We should use the same roles as with the primary user.
Change-Id: Id9150f94c30505ed0da33b8fbc2a5a7bd4fcf5d0
When tls is enabled, we aren't bringing the logs to the forefront,
which makes it hard to debug when things go wrong. This does that.
Change-Id: I7c6c7e324e16da6b9bfa44f4bad17401ca4ed7e3
The prior art on other options in the same document seemed to be
calling out the default in a pre-formatted block after describing the
possible values.
I believe the default value for the option was first changed [1], then
the docs were fixed [2], then the information was unintentionally
dropped from the docs [3].
1. Related-Change: If0e0b818355e4cb1338f7fa72af5e81e24361574
2. Related-Change: Ib6603b4f6ea0b4079f9a4ea46e723ecbb2ea371d
3. Related-Change: Iddd27cb54f1d9f062b9c47ff9ad6a2bef3650d6b
Change-Id: I662403db3b08a351a680587440ad1f15a6f8ee5d
doing a clean.sh / stack.sh cycle with USE_SSL=True was failing
because we were no longer cleaning up the keystone site fully, so some
of the early mod_ssl queries hit an invalid apache configuration.
Change-Id: Ic6f3f601e532ec50c0234d928c25b378d9e95e32
This fix replaces Q_USE_PROVIDERNET_FOR_PUBLIC with
Q_USE_PROVIDER_NETWORKING in the error messages introduced by
[1].
The error is thrown when provider networking with IPv6 has been
requested via local.conf, but no provider IPv6 range or provider
IPv6 gateway is provided. But if a provider network should be used
over the private network is determined along the variable
Q_USE_PROVIDER_NETWORKING and not Q_USE_PROVIDERNET_FOR_PUBLIC.
The variable Q_USE_PROVIDERNET_FOR_PUBLIC determines if a provider
network should be used as public network. This happens a few lines
later in the code and is not related to those error messages.
[1] https://review.openstack.org/#/c/326638/1/lib/neutron_plugins/
services/l3
Change-Id: I50aa1e9d2027eef598c95404851e51c31a397fbb
This creates log files per proxy vhost and sets the log level to info to
help debug potential issues with tls proxying.
Change-Id: I02a62224662b021b35c293909ba045b4b74e1df8
If DLM is enabled, cinder should be configured to use the correct
backend url for the dlm.
At the moment only zookeeper is supported, as it is the only backend
currently supported in devstack.
Change-Id: I7afc8dc95bc5b3f11b888e10607615c1212c45f4
As long as nova already supports an Identity v3 auth flow when talking
to ironic (Id837d26bb21c158de0504627e488c0692aef1e24), make it use
v3 by default.
This way we don't fail in a keystone v3-only situation, for
example.
Change-Id: I028dfb52108d0630f47a53f8b420b70d4979eb55
Some of the clouds used for CI use the 10.2xx.0.0/16 range
for VMs, and collide with the wider 10.0.0.0/8.
This setting allows for creation of 256 subnets out of the pool.
Change-Id: I48c86f94098f1501f0e7f90a265dda7e81440eb0
Closes-Bug: 1629133
Added an option to make subnetpools to be optional
as it ignores the public network specified in
FIXED_RANGE.
DocImpact
Change-Id: Ic89ceca76afda67da5545111972c3348011f294f
Closes-Bug: #1628267
With the plan [1] to stop enabling it by Neutron iptables firewall
driver itself, deployment tools should catch up and enable the firewall
themselves.
This is needed for distributions that decided to disable the kernel
firewall by default (upstream kernel has it enabled). This is also
needed for distributions that ship newer kernels but don't load the
br_netfilter module before starting nova-network or Neutron iptables
firewall driver. In the latter case, firewall may not work, depending on
the order of operations executed by the driver.
To isolate devstack setups from the difference in distribution
kernel configuration and version, the following steps are done:
- we load bridge kernel module, and br_netfilter if present, to get
access to sysctl knobs controlling the firewall;
- once knobs are available, we unconditionally set them to 1, to make
sure the firewall is in effect.
More details at:
http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
[1] I9137ea017624ac92a05f73863b77f9ee4681bbe7
Change-Id: Id6bfd9595f0772a63d1096ef83ebbb6cd630fafd
Related-Bug: #1622914
Nova ships with an empty policy.json file which it does not need.
oslo.policy previously required the empty file to be there but as of
version 1.14.0 it is possible to run with no policy file at all. Since
there are no policies defined in the sample file let's no install it.
Change-Id: I85a251376dfe38caa4b100861bf764014a98bc37
Depends-On: I09fa842ffbe75bed269cef6edc9c82d18bfe9297
When dots are used with sysctl, they are reinterpreted as slashes.
Route devices can have dots in their names, so when they are used in a
sysctl command that also uses dots, its dot will be replaced with a
slash, causing an error.
Change-Id: Ie32126a3aa8d646568d7d37ec4874419b9658935
Closes-Bug: #1627770
The motivation is to make it more friendly with lib/neutron.
ie. independent from lib/neutron-legacy
Change-Id: I19821b009cbf1bc715a6c7b2854e4c77d2041ec4
urllib3 1.18 was released today and contains new more correct hostname
matching that takes into account the ipAddress portion of a certificate
and disallows matching an IP Address against a DNS hostname.
Change-Id: I37d247b68911dc85f55adec6a7952ed321c1b1d8
The /identity_admin endpoint is the port 80/443 equivalent of the
service that typically runs on port 35357. In v2 some operations must be
performed on the admin endpoint whereas on v3 the services on 5000 and
35357 are exactly the same. This would be why the service was mounted at
/identity_v2_admin however that is misleading because both the v2 and v3
services are present on that endpoint.
This is particularly confusing because we set this as the OS_AUTH_URL
endpoint and it makes it seem like we are doing v2 authentication when
we are not.
Change-Id: If73735026079fb19ca5bd44b3a4dc1f507b5c99d
With [1] glance_store introduced default settings for user_domain_id and
project_domain_id. Sadly since these are always passed to the keystone
client, they override any settings to user_domain_name and
project_domain_name that are made in the config, leading to authentication
failures.
So as a workaround until [2] is fixed, we explicitly place the corresponding
domain_ids into the config.
[1] https://review.openstack.org/297665
[2] https://bugs.launchpad.net/tempest/+bug/1620999
Change-Id: Ica81a1a176614392291f2db4cc6398ed30663aed
To support multinode testing where we just copy the CA to all the
instances don't remake the CA if it already exists.
The end result is that you can trusty a single chain and all your
clients will be happy regardless of which host they are talking to.
Change-Id: I90892e6828a59fa37af717361a2f1eed15a87ae4
TIL:
Similarly, all the END rules are merged, and executed when all the
input is exhausted (or when an exit statement is executed).
i.e. matching YUM_FAILED calls "exit", which falls through to the END
rules which calls "exit result" ... which is zero. i.e. if the return
code is 1 then we actually hide that and return with zero.
This is rather annoying because errors that should halt to alert us of
a package install failure pass through, only for you to have to debug
much later on seemingly unrelated problems.
This always sets "result" and thus should be returning the right
thing. I've updated the documentation to hopefully make it clearer
what's going on.
Change-Id: Ia15b7dc55efb8d3e3e945241b67a468b8a914672
In Debian jessie and later release,there is no packages
called "qemu-kvm" for AArch64. Also modify the libguestfs0
packages for AArch64
Closes-bug: #1612182
Change-Id: I5eb6bd137896eb9abfc4f8dbb41b41105e4820cd
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
Instead of only using the userrc_early when keystone
is an enabled service we will do it on all runs of
stack.sh. This way services can be split up more
across devstack nodes, and you can do configuration
requiring credentials on nodes that don't install
keystone.
Change-Id: I74574ae9f45a74bcbcc8e3149228ecb795ab4fb7
Stud is now abandonware (see https://github.com/bumptech/stud) and is
not packaged in xenial. Lets use Apache for SSL termination since its
there already.
Change-Id: Ifcba410f5969521e8b3d30f02795541c1661f83a
The flag ENABLE_DEBUG_LOG_LEVEL indicates if this should be
set or not.
This will now be supported in Neutron.
Change-Id: I3afe0546b379873247fee1ef9f4cc2708a7b5713
Some systems may have more than one default route.
Set up iptables NAT rules on all v4 default route devices.
Accept RAs on all v6 default route devices.
Closes-Bug: #1624773
Change-Id: If58509297497ea33c6c156f083a4394000bd0561
The use_usb_tablet option is replaced by the pointer_model
option.
Depends-On: Id18b5503799922e4096bde296a9e7bb4f2a994aa
Change-Id: Ic2a49f88df988c6404c1c72e9ee28a487e4f7908
There is a bit of a weird history here, but the net is we're not
installing python-guestfs when ENABLE_FILE_INJECTION is set, which
it is in the gate-tempest-dsvm-neutron-full-ssh job, which makes
file injection (personality) tests fail.
The history:
Commit 0ae942b41c moved installing
python-guestfs to the hypervisor-libvirt file and it was conditional
on a flag to enable file injection and the backing distro.
Commit a3c94468ba removed the ability
to configure nova for file injection, which never made any Tempest
tests fail because we didn't have a job that tested file injection
with ssh, which is what gate-tempest-dsvm-neutron-full-ssh does.
Commit 6d3670a652 added the ability
back to enable file injection and the gate-tempest-dsvm-neutron-full-ssh
job uses it, but missed added the condition back in from 0ae942b41
which installed the python-guestfs package. This change adds that
back in.
Change-Id: I1c1ef093b70007100646c086dc5724cd64751d00
Closes-Bug: #1622649
A couple of hundred of these were added with
Ia02f4e1819ac47b12b4ce4381e04253eb26e9f70 and you can see in some of
the proposals at I21fd2b3866efe66dd1f7173003c2521688aa7fd6 they're
starting to match. Just ignore packaging repos as they're not really
relevant for the purposes of plugin list.
Change-Id: Iaf9e0c0fb672a70c3aee1bbcf587bb0d387e5945
Configure the linux bridge physical interface to use the interface for
the default route on the current host. In the future we should consider
using a dangling interface so that we aren't affecting the host
instances networking but this roughly matches what testing has been
using in the past.
Change-Id: I7859437f97e6cab929e90208fe56f7efd62dfe01
Ubuntu's LVM packaging does not support thin provisioning by
default:
/usr/sbin/thin_check: execvp failed: No such file or directory
This is fixed with install of thin-provisioning-tools.
Change-Id: I31f572934ea94cae6e2aea27a2c731ee5bca68d3
Closes-Bug: #1615134
The default get_pip url regulary times out when starting devstack
from behind company firewalls. Making this a configureable variable,
user can make use of internal git-pip.py mirrors without modifying
any code.
Change-Id: I66a5534d51ab23a4d8586c27d37b4b6b8a6892c9
This patch setup cellsv2 for Nova after plugin initialization phase.
Since this requires compute hosts to be started, we need to do it
after we have initialized all other plugins. Things like ironic
aren't setup when we were running this as part of nova setup, and
thus this command can fail.
When cellsv1 is used (n-cell is enabled) skip calling
cells_v2 simple_cell_setup, which will never have hosts
at the top level and which will always fail.
Change-Id: Ic7d0115da51d6ea17ee49071af259a7789c62ab9
Depends-On: I9bbaa4c92503222c9fd015fe075926b50f3dcc8c
In some initialization conditions (having never ran stack.sh) the
result of unstack.sh is dependent on if the user had previously
installed lvm2 or disabled the cinder service.
This change makes all results the same with a bit of LBYL.
There's also a drive-by to put a comment back where it belongs after
being accidentally moved in the related change.
Related-Change: I09b1a7bee0785e5e1bb7dc96158a654bd3f15c83
Change-Id: I9a7e052677d60cbbbdd582877f3c6c48c387f668
Closes-Bug: #1619195
Catalog caching was disabled due to bug 1537617, but this has been
fixed for some time. Re-enabling to get some performance back.
Change-Id: Ic0edf5c70a5040edf3393dbd1e110ab5fb56c110
Related-Bug: 1537617
Keystone had a problem where there was a memcached socket
opened very early on startup which then got shared between
worker processes when running under uwsgi. This can be
prevented by setting lazy-apps so this is the recommended
setting.
See http://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
"""uWSGI tries to (ab)use the Copy On Write semantics of the
fork() call whenever possible. By default it will fork after
having loaded your applications to share as much of their
memory as possible. If this behavior is undesirable for some
reason, use the lazy-apps option. This will instruct uWSGI to
load the applications after each worker’s fork(). Beware as
there is an older options named lazy that is way more invasive
and highly discouraged (it is still here only for backward
compatibility) """
Change-Id: I6f271dc906528f0c86060452deaf15df81b267d2
Related-Bug: 1600394
This moves setting of RABBIT_USERID from stack.sh to lib/rpc_backend
so it may be used in grenade runs, which don't have the defaulted
value from stack.sh. The RABBIT_USERID is needed in order to call
get_transport_url in lib/rpc_backend.
Change-Id: I6f211e9102f79418f9f94a15784f91c4150ab8a7
As part of Nova cellsv2 there is now a third database that must be setup
for use by Nova. This database is an exact copy of the 'nova' database.
Only do this if NOVA_CONFIGURE_CELLSV2 is overridden.
Change-Id: I8775b8066ba85fbdbcdfb42c28cb567fc7759fe5
If we left the ansi color codes in apache logs, we can run a sed
script to convert the escaped escapes back to ansi escapes which make
the logs colorized again.
There are 8 \ because we need to end up with 2 in the final sed, and
we get interopolated twice. How much fun is escape interpolation? All
the fun.
Change-Id: Id8531cf03ba80f0df62f20add02e757bd63d4f2d
We should use the standard install nova-placement-api script which is
managed by the python package instead of a one off copy procedure.
Depends-On: I00d032554de273d7493cfb467f81687c08fd5389
Change-Id: I74b39d6a0cedea7c18ce8080dcddb43d13df1de8
After I00847bb6733febf105855ae6fc577a7c904ec4b4, we cannot see the
test result (testr_result.html) on gate jobs.
So let's revert the patch for verifying the test result on the gate.
Change-Id: I9db1ff9f43b22d1634a43c7d5e502cc205aa26f2
Closes-Bug: #1617476
Fix the comment to actually be a comment. Regenerate page.
Although we've got a pretty cool system for generating this, I wonder
if anyone actually looks at it? Maybe it's just helpful as a form of
SEO.
Change-Id: I15aaa983716f9ee897293c2954ca7ae561951372
All jobs using ceph as a storage backend have been moved over
to using the devstack-plugin-ceph repo in project-config so we
should be safe to remove the now unused lib/ceph file.
The files are left in place because the devstack plugin does not
install xfsprogs but it's used by the create_disk function.
And the ceph cinder backend file is left in place since the
devstack-plugin-ceph repo uses that by setting
CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-ceph}.
Change-Id: I3fb09fc92bc6ab614e86d701ea46d5741a76b7a8
When the loop device is not present because something
has gone wrong, this will print an error:
"losetup: option requires an argument -- 'd'"
Just skip the losetup -d in this case.
Change-Id: Iedc439b1ae924e9a599f6522eb081b83d43190c7
Uses lib/placement, but relies on some functionality from
lib/nova. This leads to some weirdness since the nova has
special status in stack.sh. If/when placement is extracted
it may be good to follow the devstack plugin structure
instead.
Because the placement code is currently a part of nova, there
are dependencies in lib/placement on a some $NOVA_* variable
and, if virtenv is being used, the virtualenv used by nova.
Because placement currently runs using nova's configuration
settings, not a lot actually happens in lib/placement: apache
is configured and keystone accounts and endpoints are created.
If PLACEMENT_DB_ENABLED is true then a separate placement db
will be configured.
When complete the initial version of the placement service will
provide support for managing resource providers, inventories and
allocations.
The placement api only runs under mod-wsgi.
Change-Id: I53dd3e6b41de17387a0e179fc9ac64c143b6a9eb
Neutron openvswitch agent running in compute node will control the
actual connection of the VMs in Dom0 via conntrack-tools, but Dom0
doesn't install conntrack-tools RPM by default.
This patch is to add such support with XenServer 7.0 and above.
Change-Id: Iec56db761015d4b7baa5a5f54314f4ff3fa67e02
Ensure the virtlogd service is started, to work-around various
platform issues where it isn't started correctly.
Closes-Bug: #1603009
Change-Id: I548b377df6b2f0c287429e4387ee33184a82a64d
With the addition of encrypted credential in keystone, we need to be able to
add setup steps in devstack to configure the credential repository with
encryption keys.
Depends-On: I97e7701bc5b8765d207cc721793643bcefa2d4e2
Depends-On: Id3e8922adc154cfec5f7a36613e22eb0b49eeffe
Change-Id: I433da9a257daa21ec3b5996b2bca571211f1fbba
p-c patches have merged, neutron-lbaas removal is in the merge queue.
This reverts commit b3f26cb66c.
Depends-On: I506949e75bc62681412358ba689cb07b16311b68
Change-Id: I98d62c13ef90b20a9c67ef4f1720efcaa366fb31
Because neutron sets ipv6 forwarding settings, we stop accepting RAs
from IPv6-only host environments. This leads to a loss of external
connectivity, which is bad for zuul running tests and stuff.
Setting accept_ra to 2 will cause the RAs to be accepted.
Change-Id: Ia044fff2a1731ab6c04f82aea47096b425e0c0a0
On the controller node where devstack is being run should create
the neutron network. The compute node should not.
The the case that we want to run a multi-node neutron setup we need
to configure the following (in the case that a plugin does not
have any agents running on the compute node):
ENABLED_SERVICES=n-cpu,neutron
In addition to this the code did not enable decomposed plugins to
configure their nova configurations if necessary.
This patch ensure that the multi-node support works.
Change-Id: I8e80edd453a1106ca666d6c531b2433be631bce4
Closes-bug: #1613069
Removing the explicit enablment of Neutron services, as with [1] they are configured as defaults in stackrc.
[1] https://review.openstack.org/#/c/350750/
Change-Id: Ic8910cd28fe37842f7d824e68bd2ea705e7e52de
By default, FIXED_RANGE and NETWORK_GATEWAY (and the
IPv6 equivalents) are in the same subnet. But if
FIXED_RANGE is over-ridden in local.conf we could
create a subnet with an invalid gateway address.
Since neutron will pick the lowest host IP as the
gateway by default, do not specify them unless the
user has specifically set them.
Do this for both the private and public subnets, as
well as the public IPv4 subnet.
Change-Id: Ifc71400a3af1f131bb8a9722188e13de5bd3c806
We really should be using the metadata server more in our normal
testing, this changes the default to use it.
Change-Id: I8ef14e6110da1160163c0106e32032d27226f929
memcache_pool is there to keep a limited number of thread-associated
connections open rather than a connection for every thread. If you
don't have a huge number of threads it doesn't offer anything.
Keystone is an example of a service where memcache_pool doesn't
improve things -- eventlet isn't supported anymore and more threads
is not useful due to GIL.
As such, keystone cache backend is changed to dogpile.cache.memcached.
See https://review.openstack.org/357407 for the oslo.cache help text
change.
Change-Id: I4452a8c4968073cdea4c0f384453a5a28519fa08
CEPH_CONF does not exist anymore, resulting both cinder-volume and
cinder-backup being configured with an empty rbd_ceph_conf option.
Using CEPH_CONF_FILE to fix this.
Change-Id: I1aa590aba900a4a94698917e45a0ea5c6f497f18
Signed-off-by: Sébastien Han <seb@redhat.com>
The plugin creates subnetpools but does not use them when creating the
default subnets. It uses CIDR values that overlap with the
default pools. Change this to use the subnetpools.
Change-Id: I6171c13507e420f146801d323cb1011be36c1e8c
Closes-bug: 1613717
'quota_injected_file_path_bytes' has been renamed to
'quota_injected_file_path_length' long time ago, this patch fixes this
issue in devstack.
Change-Id: I5d3c52c5ded5321435d2d395b682c4c0725279a7
Since support for sections was added to devstack local.conf parsing
we don't need this, and actually prefer just using the
sections in local.conf.
Change-Id: I5908fdf7ad127997bb1f4a6bbb16d0d8cf073ddd
Change the order of variable declarations in stackrc so that setting
custom DEST in local.conf is also affecting DATA_DIR, SERVICE_DIR and
SUBUNIT_OUTPUT.
Change-Id: I00847bb6733febf105855ae6fc577a7c904ec4b4
Closes-Bug: #1285720
There is no longer a trace of these options anywhere in the
Neutron codebase. These can be safely removed.
Change-Id: Ibf00e158248e2a20248917c8cfc0011d30da6a82
There is currently a hole in our testing that lets os-client-config,
which sits at the bottom of the dependency chain for some key pieces
like neutronclient and python-openstackclient, introduce gate breakages.
Step one in fixing this is allowing os-client-config to be optionally
installed from source so that jobs can be put into its gate to exercise
its master vs devstack installs.
Additionally, osc-lib is a new and lovely library that's going to need
the same things.
We're putting both in install_oslo, even though they're not oslo
libraries, because that'll make grenade work properly.
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Change-Id: I747480b6063a62e82ca2b030f274d3e87bf28b3b
Run "nova-manage cell_v2 simple_cell_setup --transport_url ..." after
Nova is started. This will add all compute hosts into a new cell, and
setup a db for cell0.
Change-Id: I50a955b97d0e18426406c15397bdfbc9e807d908
Depends-On: I559f9c87e89926414b368cac9442dec4eadcb89b
This explains the current state of networking in devstack, and a
couple of scenarios that people might want to try out for local
testing.
Change-Id: I2be35f4345bf9306c981ef6f0186b48da7d06772
It turns out we never really had a document on how to work with
devstack in the devstack docs. At one point this was just cultural
knowledge passed down, but with the size of our community, we can't
rely on that any more.
Change-Id: I28f896ea507ccbba5164ebfc5415d22207f52e98
This config option is requied in order for nova notificaions to
function, and enabling it doesn't cause any harm (there is another
option for turning notifications on).
Change-Id: I309af6cc43af485f795c368d304ebe71fceb1a03
This value defaults to something not (necessarily) in our fixed range,
which will cause spurious test behavior. We know the value for this, so
just configure it properly.
Change-Id: I0ee3b71f509377dc7174ce97575e60ee2095f893
Before the code in the extra.d plugins was removed from the devstack
tree they could define the order they ran. When this code is decomposed
into a plugin, there is still a need to do some form of ordering. This
caused problems with the Ironic devstack plugin and Tempest because the
code is run in this order:
1. The tempest configuration is run from extra.d, processing
DEFAULT_INSTANCE_TYPE, and writing the flavor_ref to tempest.conf
2. The Ironic devstack plugin is run, creating the flavor needed for
DEFAULT_INSTANCE_TYPE
This leads to build failures as tempest can not find the required
flavor, so it writes which ever flavor it can find at the time into
flavor_ref. Ironic now has code it its devstack plugin duplicated from
the tempest plugin to work around this problem until this is merged.
This patch fixes this by using the test-config phase to move the tempest
plugin as late as possible in the devstack process.
Change-Id: I3d98692e69d94756e0034c83a247e05d85177f02
This enables a new test in Tempest to run on a per-branch
basis since by default it's disabled because it won't pass
on liberty given the bug fix isn't in liberty and won't be
backported there.
Depends-On: I20b8d5d2a300c83a59bdb33374fc20447ce2ede3
Change-Id: I18fd5e0978795fec39a763e1e0f07d758905b9b8
Related-Bug: #1175464
We don't run q-metering in default single host configuration, so we
should make it so that tempest won't attempt to test for it either.
Change-Id: I928be70e3b10fc3753fd1081631e54fa839b671d
===Set bridge_mappings for linux bridge===
The external network physnet needs a bridge_mapping to the public
bridge when the L2 agent is responsible for wiring.
===Add PUBLIC_PHYSICAL_NETWORK to flat_networks===
This network must be present in the ML2 flat_networks config if
flat_networks is specified.
===Set ext_gw_interface to PUBLIC_BRIDGE in provider net case===
ext_gw_interface must be a bridge in a bridge_mapping when
Q_USE_PROVIDERNET_FOR_PUBLIC is used.
Closes-Bug: #1605423
Change-Id: I95d63f8dfd21499c599d425678bf5327b599efcc
The devstack docs have gotten a bit meandering so even the quick start
guide doesn't get you to a working setup without referencing other
pages. This attempts to pull this back in a bit.
Change-Id: I608331cbdae9cbe4f3e8bd3814415af0390a54d0
A change was made to tempest.conf for volume multibackend. Previously,
tempest used the following, with a limit of 2 backends:
backend1_name = BACKEND1
backend2_name = BACKEND2
That was changed to accomodate >2 backends. tempest.conf now uses a comma
separated list:
backend_names=BACKEND1,BACKEND2,BACKEND3
devstack/lib/cinder uses a comma separated list with "type:backend_name":
enabled_backends = lvm:BACKEND1,ceph:BACKEND2
This is in order to use scripts in devstack/lib/cinder_backends to setup
devstack basked on "type".
This patch allows parsing of the CINDER_ENABLED_BACKENDS to pass the proper
backend_name to tempest.
Change-Id: I76973c3fad4998a0f9e534fc9f6a271c1923f7b3
When running a default devstack environment, having guests that
actually can resolve DNS, so that they can do package updates from
well known hosts. This addresses a gap between nova-net and neutron
behavior in devstack.
Change-Id: I42fdc2716affd933e9158f1ef7ecb20bc664ef21
nova-net is deprecated, and it's long time to switch to neutron by
default. This patch does that, and has an auto configuration mode that
mostly just works for the basic case.
It does this by assuming that unless the user specifies an interface
for it to manage, that it will not automatically have access to a
physical interface. The floating range is put on br-ex (per normal),
fixed ranges stay on their OVS interfaces.
Because there is no dedicated interface managed by neutron, we add an
iptables rule which allows guests to route out. While somewhat
synthetic, it does provide a working out of the box developer
experience, and is not hugely more synthetic then all the other
interface / route setup we have to do for the system.
You should be able to run this with a local.conf of just
[[local|localrc]]
ADMIN_PASSWORD=pass
DATABASE_PASSWORD=pass
RABBIT_PASSWORD=pass
SERVICE_PASSWORD=pass
And get a working neutron on a single interface box
Documentation will come in subsequent patches, however getting the
code out there and getting feedback is going to help shape this
direction.
Change-Id: I185325a684372e8a2ff25eae974a9a2a2d6277e0
This reverts commit f327b1e119.
The problem being addressed in the original commit was that
rejoin-stack.sh would run with the user's locale, instead of C that
was set in stack.sh
We overlooked that this gets pulled in by openrc, so it is overriding
the user's locale when using clients, etc.
rejoin-stack.sh was removed in
I2f61bb69cc110468a91dcaa4ee7653ede7048467 so we don't have to worry
about that part. A revert to not touch the user's locale seems
appropriate.
Change-Id: I7c858bb92ce7ba5b5d323bf3ad6776100026c7a2
Closes-Bug: #1608687
This was used solely by bigswitch, and everyone else has moved over to
devstack plugins. Cleaning this out makes the core logic much simpler.
Depends-On: I8fd2ec6e651f858d0ce109fc335189796c3264b8
(grenade removal)
Change-Id: I47769fc7faae22d263ffd923165abd48f0791a2c
The horizon cleanup function wasn't being called at all during
cleanup which left the Apache configuration.
Change-Id: Iff5336d0c5e79cfc82f1c648afaabb869d86020e
Seeing a race condition where lib/neutron code tries to
set the MTU on br-ex before it exists.
Thanks to some good grepping by sdague, it appears that the difference
between lib/neutron and lib/neutron-legacy is that the initial bridge
being created is br-int while in lib/neutron the initial bridge
created is br-ex, which means there must be some kind of warm-up that
occurs between the first bridge that is created by ovs-vswitchd and the
second, and the second one created is much faster.
So instead, let's just wait for the bridge to be created successfully.
Change-Id: I271dc8b6ae5487c80d2a22153b3fc45fb247707f
In case q-fwaas is enabled. It will causes the q-l3 failed to start
because the DevStack gave a redundant --config-file option to start q-l3
This is a follow-up patch of 84409516d5
to remove fwaas from DevStack completely.
Change-Id: I630969b3556bcffba506cab02a09cc83f4430c88
Closes-Bug: #1608401
The privsep helper should have a sane default for all libraries,
pushing this into devstack means we cheat past a part of the upgrade
that we really shouldn't be.
Change-Id: I52259e2023e277e8fd62be5df4fd7f799e9b36d7
The default for GUEST_INTERFACE_DEFAULT now uses the ip command
to find an interface; so it will work on multiple distributions.
XenAPI should not be setting a specific interface here, as it will
almost always be wrong. In most cases, the calculated value for
GUEST_INTERFACE_DEFAULT will be a better default.
PUBLIC_INTERFACE_DEFAULT makes even less sense as it's often an
internal bridge for devstack scenarios.
In both cases, the right way to override these is to set
GUEST_INTERFACE / PUBLIC_INTERFACE in the localrc rather than
changing the _DEFAULT values.
Change-Id: I0cf84438d778bf1a2481328165513c59167490e2
Currentlly, the *.pyc files could not be removed in any scripts or
functions. But the redundant files would lead stack.sh not to find the
correct script for some versions after branch switched from master to
stable/mitaka in migration_helpers.sync_database_to_version.
So this commit adds the process of cleaning all the *.pyc files in
clean.sh.
It is needed to execute clean.sh before re-stack.sh to prevent the
exception.
Change-Id: I9ba0674d6b20b13c0a26b22cd5d1939daa121a94
Closes-Bug: #1599124
In the 25.0.0 release [1] of setuptools during any install
operation the package in not overwritten. If a package is
installed from another requirement via pip and then it is
installed again from git, it is not updated causing
check_libs_from_git to fail.
[1] https://setuptools.readthedocs.io/en/latest/history.html#v25-0-0
Change-Id: Ibaa1d4157816ea649f4452756fbde25951347001
Closes-Bug: #1605998
On RHEL-based systems pip and yum share the same installation
directory for virtualenv. If yum pulls in the python-virtualenv
package (e.g. due to a dependency) it will clobber what pip has
already installed. The file tools/fixup_stuff.sh tries to ensure that
the proper virtualenv package is installed via pip. If virtualenv has
already been installed via pip, then clobbered by yum, pip skips the
install since it appears as if virtualenv is already installed and at
the correct version.
The reinstall of virtualenv must use the --force-reinstall argument to
pip to fix up the damage done by yum.
Change-Id: Ib0edf6c4ee8a510e9d671213de35d787f56acfed
Closes-Bug: #1599863
Add a VirtualHost that defines the necessary options for
enabling SSL. The existing keystone Apache configuration already
does all the location handling.
Change-Id: I836a471a7258f14f051d3dd8bdb428286b5a11aa
Relying on 'external_network_bridge=br-ex' for the L3
agent has been deprecated in Neutron. This patch adjusts
the devstack defaults to setup Neutron in the preferred
manner (empty external_network_bridge value and
correct bridge_mappings for the L2 agent).
This will also help with correct MTU calculations now that
the external network will have the correct segmentation
type on it ('flat' now instead of 'vxlan' by default).
Related-Bug: #1511578
Related-Bug: #1603493
Change-Id: Id20e67aba5dfd2044b82c700f41c6e648b529430
We have new feature in cinder and new test for it.
The test is skipped by default.
Need to add flag to unskip this test on master and
Mitaka.
new test: I1964ce6e1298041f8238d76fa4b7029d2d23bbfb
Change-Id: Ib695e60c2ed7edf30c8baef9e00f0307b1156551
For AArch64, KVM don't recognize the cpu-mode "none",
so change the default cpu-mode as host-passthrough for
generating nova.conf
Change-Id: I94a22e5a15a974b9c11e9f9fd996857453b6e2ca
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
This variable can be used to accommodate for underlying infrastructure
that does not provide full 1500-sized traffic, or maybe instead gives
access to Jumbo frames.
Change-Id: I38a80bac18673a30842a7b997d0669fed5aff976
Related-Bug: #1603268
The change Ibb7423d243d57852dada0b6298463bbdfc6dc63c that introduced the
os-brick plugin introduced a flaw where the xtrace state wasn't restored
after the end of the plugin's execution. The end behavior is that devstack's
logs were with way less information, difficulting the debugging of the build.
This patch fixes the variable that was intended to hold the xtrace state (it
was using cinder's) and restoring the state at the end of the script.
Change-Id: I47c6c794a9704049b089142eca5603d1183f8a10
Replicated Yi Zhao's fix for re-adding ipv6 addresses to neutron-legacy
(review I9ff62023dbc29a88aec3c48af331c0a49a1270bb).
Previously, re-stacking failed with "File exists" for ipv6 addresses
on br-ex. With this change, the existing address is replaced on
br-ex with the appropriate address.
Change-Id: I6e6235132a34469f4e68b5bb3cf51ebdf01c83a2
Fedora 22 reaches its EOL on 19-JUL-2016[1]. Remove it as
officially supported distribution.
The current two supported Fedora distributions are Fedora 23 and Fedora
24. (Change Ia4a58de4973ef228735c48b33453a0562dc65258 already added
support for Fedora 24.)
[1] https://fedoramagazine.org/fedora-22-end-of-life-2016-july/
Change-Id: I5b4e1ddb6165a9065e80e84175246678a7356f18
This removes several config flags for Tempest
now that juno and kilo are end of life. Tempest
has already removed these flags too.
Change-Id: I748429e73073f4202f77dfe1002687f76ee9a451
This option to install os-brick from git was only added
into lib/cinder previously. When testing all-in-one nodes
this worked fine, but if you have multi-node setups with
compute nodes that don't install any c-* services we
only get packaged os-brick. With this change non-cinder
nodes can now test against unreleased os-bricks.
Change-Id: Ibb7423d243d57852dada0b6298463bbdfc6dc63c
The common code for metering calls _neutron_service_plugin_class_add,
which despite the description only just appends a service plugin to
$Q_SERVICE_PLUGIN_CLASSES - it doesn't actually write it into a
configuration file.
So for now, read out the configuration, and append metering to it, then
write it back out.
Change-Id: Ice96cca8b43dcd54f2aa81461000a4597db8260d
This is necessary to make it possible to filter out compute nodes,
which don't support such type of images.
Change-Id: I347953876e2057e6f3dca71c2f5e8b638b85aaf8
Option was deleted from Tempest config file. Also test scenario
was deleted. See commit I93b2fb33e97381f7c1e0cb1ef09ebc5c42c16ecc
Change-Id: I750e50ba7cf8fca1dde391c2620b4a815d6b02a1
Closes-Bug: #1599619
File injection is disabled by default for the libvirt
driver in nova. This adds a variable to enable file
injection for the libvirt driver and is also used
to configure tempest.conf for running personality
tests.
Change-Id: I34790fadeffd6e3fdc65bd9feed3d6e62316896c
Related-Bug: #1598581
Change 9ce99a44cf85e431227536e2251ef05b52e61524 disabled file
injection with the libvirt driver by default back in Icehouse,
so devstack doesn't need to do this explicitly anymore.
Change-Id: Id0c521f6f624367bd497463c8c2d99488548fcff
This adds a set of local.conf modifying functions which make it easier
for consuming projects like devstack-gate to programatically add
elements to local.conf structured files.
Change-Id: I3427968c2bd43aba12b3619acc27f73c74f0dabb
Co-Authored-By: fumihiko kakuma <kakuma@valinux.co.jp>
This will have devstack setup the Cinder internal tenant and generic
image-volume cache by default. If left alone it will use reasonable
defaults.
More information about configuration options and the cache can be found
here: http://docs.openstack.org/admin-guide/blockstorage_image_volume_cache.html
As part of this we switch the default lvm type to thin so it will
work more efficiently with the image cache.
Change-Id: I0b2cc261736f32d38d43c60254f0dc7225b24c01
Implements: blueprint cinder-image-volume-cache
In Aarch64, the default cdrom bus is scsi, and the default scsi
controller is virtio-scsi. The cdrom with virtio bus will not be
recognized by the instance.
Change-Id: Ib8cec79f9e9083239092fa7348793ee3b64a9c94
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
Change I4a10a49db97d413349bcfceeb8c4164936fbcc40 added colorful PS4 via
tput. However, if TERM is not set (as is the case when stacking
noninteractively), tput errors with the following:
tput: No value for $TERM and no -T specified
...twice for every log message, thus flooding the logs.
This change set turns LOG_COLOR off by default for noninteractive
execution. If LOG_COLOR is set to True when noninteractive (TERM is
unset), obviate the above errors by passing tput a simple -T.
Change-Id: I0f8ad82375cde463160bad5bd9918f1e4b19326d
Closes-Bug: 1576405
wait_for_service just checked to see if the remote service
was started, not that it was returning data. This caused
problems when the service was behind a proxy because the
proxy would respond quickly but the service may not have
fully started.
Wait for a non-503 HTTP response code and non-7 exit code
(connection error) from curl
Return an error if a successful connection cannot be made.
Change-Id: I059a12b1b920f703f28aca0e2f352714118dee97
Add support for the "geneve" ML2 plugin type driver. The
networking-ovn ML2 mechanism driver uses geneve for its
project network type. Geneve is part of core neutron but
didn't have any DevStack configuration for it. This patch
set adds the necessary options. It also removes the default
for ML2 type drivers to rely on the neutron default and
consolidates the tunnel ranges default for gre, vxlan and
geneve by using TENANT_TUNNEL_RANGES.
Change-Id: Id75651dfe57a07045a6932a0369668f33c7eef09
Partial-Bug: #1588966
The 'neutron_plugin_configure_l3_agent' function expects a path to a
configuration file as a parameter. This was not done for one call,
resulting in the generation of a 'DEFAULT' file in the DevStack
directory along with an invalid L3 configuration file. Resolve this.
Change-Id: I5781cb1ec4cfc1699e61dbc324d0bdb824b56be1
MacVTap mechanism driver and agent have been added during
Mitaka [1][2]. Now adding the related doc to run a
multinode devstack with MacVTap compute nodes.
[1] https://review.openstack.org/209538
[2] https://review.openstack.org/275306
Depends-On: I0dd4c0d34d5f1c35b397e5e392ce107fb984b0ba
Change-Id: Ie743a207a5faeab2e2a7274fda503699f3072e98
Due to the fix [1] of neutron-refactor, some flat network usages of devstack
installation start fale.
This fix enables ML2_L3_PLUGIN to be set to empty to solve the problem.
By default l3_router_plugin.L3RouterPlugin will be set to ML2_L3_PLUGIN,
and for neutron, in such of configuration, router (ASA some others) will be
set into supported_extension_aliases,
then devstack will create a router that we do not want in a flat network.
Before fix [1], we can disable q-l3 to aviod the issue.
But now we don't, and we need this fix to disable the whole L3 plugin.
[1] https://review.openstack.org/318145
Change-Id: I61a2142d5121e0af4cc6cdf50e6bceafaf791fb0
Config auth_plugin in trustee group is deprecated.
Change to use auth_type in trustee group instead.
Closes-Bug: 1592482
Change-Id: Ib90d9c0299887201b37d26254693dc6b007a41dc
CINDERCLIENT_REPO cannot refer to both python-cinderclient.git
and python-brick-cinderclient-ext.git so make sure
the overrides have different names.
Bug introduced by: I6d0f09950ea1200d3367a53aa4a3eea9be7abc66
Change-Id: I9cbbf71ba08ef5394537d7b294846faa3c5be5bd
Implements Blueprint: configure-tempest-volume-microversion
Related to: I3d9b3fe288333721bf3b2c6c988949f2f253bfcc
Change-Id: I80c6a0c46c667291c6f7fe2a036717504c110314
Tempest introduced a new ability to use domain scoped tokens for
identity v3 admin APIs. Since domain scoped tokens can be used
with the base keystone policy used in the gate, and the
pre-provisioned admin user is assigned a role on the domain, turn
the option alway on.
Change-Id: Ib1bb958eee076364b407fc03e77e6882d92147d2
Depends-on: I91ca907992428a5a14fb8d48a4fad105d2906e27
I352362cf59e492fa9f7725190f0243f2436ac347 switched this to vercmp, but
using single-quote (') will mean that the kernel version isn't
actually expanded for the comparision.
I guess, like the original change, the fact it isn't working is
hidden. Trusty seems to have 3.13 ... I can't imagine we support
anything before this ... so I'd also be happy if someone with some OVS
knowledge wants to just delete it.
(This change was originally an alternative to
I352362cf59e492fa9f7725190f0243f2436ac347 but got the quoting right)
Change-Id: I9fa514885c20b1135fb0680cf61fc04628fbecbe
Closes-Bug: #1580850
privsep will default to invoking privsep-helper directly
via sudo, which won't work for people with a locked down
sudo config. To deal with this we should explicitly
configure the os-vif plugins to use nova-rootwrap for
running privsep-helper. This change makes such a change
for the two official in-tree os-vif plugins.
Change-Id: I3d26251206a57599385f2b9f3e0ef7d91daafe35
keystone was configured to connect to memcached on the host IP
address. Unfortunately, memcached is only listening on localhost,
so this setting actually hurts performance as keystone fails to
connect to the memcached server. There's no indication of this in
the keystone logs since this is just how memcache client works
(ignoring errors).
You can verify this by
1) in /etc/memcached.conf, set -vv
2) restart memcached: service memcached restart
3) watch /var/log/memcached.log
4) There will be no output
with this change, there will be output in /var/log/memcached.log
Also the performance should be a lot better.
Change-Id: I95d798d122e2a95e27eb1d2c4e786c3cd844440b
If you are using provider networking, and have IP_VERSION set to include
IPv6 (which we do by default) - you must set the required variables.
If you do not want this behavior, set IP_VERSION=4
This arose from a third party CI system which was configured[1] to have
provider networking, but would explode when hitting the router IPv6
setup step[2] since there was no IPv6 subnet created, and IPV6_SUBNET_ID
would be empty, causing a python-neutronclient error and causing
stack.sh to exit.
[1]: http://paste.openstack.org/show/508710/
[2]: https://github.com/openstack-dev/devstack/blob/c35110e7c5c35dd1edc310dc3d0bb8693e58d336/lib/neutron_plugins/services/l3#L320
Change-Id: I267799b62284c3086ed7c3e2d8a9cbadb9ddcd60
The local.conf docs talk about phases which don't exist for config
file processing, which makes it more confusing then it needs to be.
Change-Id: If7f9255eab0535c3d57a2fd5f1bc18ba4d0801aa
To properly test the integration between Glance CORS feature and
Horizon Javascript environment uploading image files directly to Glance
(using this feature), we need to enable CORS support for Glance in
integration tests. Adding corresponding Devstack variable to configure
Glance in such a way that it accepts direct requests from Horizon
Javascript is the prerequisite step for the integration testing of this
feature.
By default Horizon and Glance are located on the same host, hence
default value cors.allowed_origin = http://$SERVICE_HOST should work.
If a more complicated setup is desired, where Horizon is located on a
different host, GLANCE_CORS_ALLOWED_ORIGIN environment variable should
be exported to Devstack.
Partially implements blueprint: horizon-glance-large-image-upload
Change-Id: I4881fb6631c2daa2ad8946210eff4bb021957374
When running tempest testcase test_minimum_basic_scenario will always fail
due to lack of configuration [scenario] img_disk_format=vhd in tempest.conf
This patchset is to add this configuration when XenServer is used.
Change-Id: I4b916200e6eefb62f148ec8b644fb23ffc7e00a6
Closes-Bug: #1589787
Currently a hardcoded value is used for the DEPLOYWAIT timeout in
tempest. The patch in review 269249 adds a config option to use
instead of this hardcoded value. This patch allows the value to be
set via the BUILD_TIMEOUT variable.
Change-Id: Id79014fd6e07f93029111f6c28e3537e2e39be9f
Related-Bug: 1526466
XenServer 7.0 has changed some iso files' name, this made devstack script
install_os_domU.sh failed to install VM before installing OpenStack. This
patch is to fix the problem, make install_os_domU.sh support 7.0 and other
prior versions of XenServer
Change-Id: I49459bfff2b101fc6927eb4578c5eb47cc8c3ad6
This change adjusts a few instances of `--config-file=foo` to
`--config-file foo` (no `=`) in order to make neutron command
lines more consistent and easier to match in sudoers/rootwrap
filters.
This is particularly useful for oslo.privsep, which needs to start a
helper command with the same `--config-file` arguments (see
Ia9675dff9232e0e987a836ecaf9e842eb5c3cb18).
Change-Id: I91fe18f66f3c3bc2ccd1ca8be91be2915ed3e3ec
I ran some tests locally that showed that when using the uwsgi
deploy the keystone server wasn't using all the processes
available. When I switched from "threads" to "processes" the
concurrent performance improved considerably. So I'm proposing
that devstack switch to processes to improve performance.
Change-Id: I8cfe9272e098e636441b7cfb51bff08d62c3336e
As part of the process of deprecating Glance's V1, the glance team would
like to start testing V2-only environments. Therefore, this change
provides a way to force other services to use V2.
Change-Id: I87e77d07964eac01e9a796817cbc88bd6e59c721
Cinder uses my_ip config option to provide iscsi_targets. It gets
defaulted to the IP of the first interface in the system, which is fine
for some cases, but for example with Vagrant first interface can be used
only to contact with host machine.
To get over it we should set my_ip to HOST_IP from local.conf and this
commit implements that.
Change-Id: I4d2960d92f388ac689dfa6b436dc8bfc1e129fbf
Closes-Bug: 1588825
Future oslo.messaging is going to deprecate usage of driver-specific
options for hosts/port/user/password options.
This change uses transport_url that exists since a while now and
works with all drivers (even devstack handles only the rabbit one).
Change-Id: I3006b96ff93a3468249177c31c359c2f9ddc5db6
For the tempest plugin install inside the tox venv to hold we need to
ensure that it's the last thing run that touches the tox venv before
devstack ends. Otherwise there is a chance we'll recreate the venv in
a later step of installing and configuring tempest. This commit
moves the plugin installation into it's own function and calls that
function as last phase of the tempest setup to make sure it runs last.
Change-Id: Ie253171537e8c5a9887cc30aba1cad4b31e57663
This plugin was using a deprecated function, vercmp_numbers(),
that wasn't actually working properly because the call to
'deprecated' at the beginning was causing garbage to be
returned to the caller. For example, this was always in
stack.sh.log when using OVS:
.../lib/neutron_plugins/ovs_base: line 57: [: too many arguments
Update to use vercmp() like all other users in devstack, and
remove all the old code.
Change-Id: I352362cf59e492fa9f7725190f0243f2436ac347
Two things:
(a) Add the log filter to capture libvirt CPU manipulation driver
related error messages when things fallout (e.g. CPU model
comparision failures during live migration).
(b) While we're at it, remove the "1:qemu_monitor" log filter, because
the existing filter "1:qemu" should take care of logging the
interactions with QEMU monitor console. This is the case since
the introduction of VIR_LOG_INIT() macro in upstream libvirt,
which performs a substring match on a given file name. (Available
from libvirt version v1.2.10 onwards).
Change-Id: I75befd52d9f892eb5a6236eee9a397fab7602ecc
Looks like f24 does not have any special change compared to the
previous release, we just need to add f24 where f23 present.
Change-Id: Ia4a58de4973ef228735c48b33453a0562dc65258
This didn't break functionality but it would use a global instead
of a local variable so nested calls to time_* might have issues.
Change-Id: If61ef07c4ce15f1a356975a0b0611fdf5e49109a
Added to requirements:
https://review.openstack.org/309084
Functional tests were added
https://review.openstack.org/265811
But they still use the version of python-brick-cinderclient-ext from pip.
This change updates devstack to pull in the changes from
python-brick-cinderclient-ext patch sets instead, when configured to do so.
Change-Id: I6d0f09950ea1200d3367a53aa4a3eea9be7abc66
Needed-by: I34f3b5ceaad7a50b1e9cadcc764f61c0aabe086d
A new tempest test is being added in https://review.openstack.org/#/c/285541/
but it is not supported in the Kilo and Liberty branches. This patch
turns on this feature flag at Devstacks's side.
According to tempest policies, this patch must be merged first so the
test can actually run.
Change-Id: I52458a0b36e1dba233667311b35f6c3931e2e66c
Depends-On: Ie69dae09c2b42e825e9d51abf158fc14788387d1
This commit just adds a sanity check output to lib/tempest. It will
use tempest list-plugins to print a table of installed plugins after
the pip install phase is run for any provided plugins. This will
enable users to check that the plugins they think they're running are
detected by tempest.
Change-Id: Icff286da6c68ec9a57f2288458976341bc095875
If a plugin has the L3 API extension available, issue the L3 API
extension calls that creates routers and networks
Change-Id: I77e269ce0025054bcf2a2f4156124f2921ba2d59
lib/keystone sets KEYSTONE_AUTH_URI and KEYSTONE_SERVICE_URI that
other projects should use rather than building the URL themselves.
This will allow us to more easily drop the port altogether.
Change-Id: I7467aae680215f3045d32a088af2187e1eba8169
When the nova backend is LVM we set some libvirt configs
in nova.conf. Those should happen in the libvirt plugin
file rather than the generic nova file since it's specific
to running nova-compute with libvirt.
Change-Id: I37a63a5fba2e9eea4daafe4ec390b2e7aac236f3
This reverts commit 181588b9ba.
Since this change landed on 4/29 it's been the cause of the
top two gate failures (besides known latent infra issues) and
hasn't had good progress on landing a fix, so until it's a
priority for the keystone team we need to revert this change
to get the integrated gate jobs moving again.
Change-Id: I588a84c5179eab072d21bc1394aea2df00929650
Related-Bug: #1577558
Related-Bug: #1578866
When running a compute node that only runs n-cpu and neutron-agent,
there are still configuration items that are needed by the agent that
reside in $NEUTRON_CONF - such as the rabbit rpc information.
Change-Id: Ib7f5dde3afb0c19dc88f351c99bc669217952a14
If the nodepool info file is around, assume we're on a OpenStack CI
node and skip re-installing EPEL & RDO
Change-Id: Ife80af015b26514098e0633f568e3da35b9eea8c
Neutron L3 may implement a variety of extensions: router, external-net,
dvr, ext-gw-mode, extraroute, l3-ha, etc. The public network uuid is
only going to be made available if and only if the external-net extension
is available, because that's the one that provides Floating IP support.
Rather than making Tempest aware of q-l3 service (when q-* services
are supposed to be legacy), it is better to tune this configuration
based on the extension availability. This decouples Tempest from
Neutron setup internals.
Change-Id: I4889fc3d21bd221785b507995f1b3da0e8f52b46
Related-bug: 1582119
Wrong container name in devstack "All-In-One Single LXC Container" manual.
Link: http://docs.openstack.org/developer/devstack/guides/lxc.html
After creating "devstack" container with below command
sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git
The name should be 'devstack' instead of 'p2' in the below command
ssh ubuntu@$(sudo lxc-info -n p2 | awk '/IP/ { print $2 }')).
Change-Id: I7a84b97b03b2dd4338f1d946b7eafb8ec6e3767d
Closes-bug: #1582248
For client debugging that invokes multiple libs it can be useful
to have all libs directly in git and not listing all of them
in LIBS_FROM_GIT.
TrivialFix
Change-Id: Ie631cc4045231ebbe8177d2d113e47e4bf83f61c
This patch enables account management by default in Swift. This will be
leveraged by Tempest test cases validating account management APIs.
Depends-On: Id29f5ca48f92cd139535be7064107b8a61b02856
Change-Id: Ic01432939ed9b4cf0cbf20e3244d4d76847f539f
This patch replaces Q_L3_ENABLED with is_service_enabled q-l3.
Both of them idicates wherever Neutron L3 agent is enabled or not.
Change-Id: I33f0f5a6174d1d170bc2ac1c2e3a096d88d17cc1
This commit adds a deprecation warning for lib/neutron-legacy. Right
now lib/neutron isn't quite in a place where we can use it by default
but we're getting close. As soon as it's passing in the gate we plan
to make a switch over and a hard delete of lib/neutron-legacy. To give
any users which have a hard dependency on it (which is not actually
a supported use case) a heads up this adds the deprecation warning
in front of that change.
Change-Id: Idf1faf2e9dd497f9b97abfcc6e796ca72d60d955
The commit message of 2a242519f7 indicated
that neutron-metadata-agent was the correct name for the metadata
proxy, but parts of the code were not consistent.
Change-Id: I52f08266a169aeb9005c0f84296fc814d05b90d4
When creating service users, the assumption is that the service
project lies within the service domain, so create it there.
Change-Id: I4880e789f5eaf340634ceb792397eef12a5a6b51
Closes-Bug: 1580998
This is a follow up patch of [1].
In [1], source has been moved from lib/neutron-legacy to lib/neutron_plugins/services/l3.
However, one necessary function of is_provider_network is lost.
And this cause devstack install fail.
[1]https://review.openstack.org/168438/
Change-Id: I413b3577ec5b11ee0ee01f2368364117962494bb
I goofed when moving it over, and it looks like the calls
to _move_neutron_addresses_route got clobbered.
Changes like a0d1b0151a ended up getting
dropped on the floor, so let's reintroduce them.
Change-Id: I3bbfbc56e2c663c47a03659a1dff96443c13af47
There are a few CI efforts going on related to jobs that use the lvm
image backend for the libvirt driver in Nova. We don't want to waste
time zero'ing out volumes during CI runs, so we need a way to configure
nova to not clear the volumes in these jobs.
This change adds a variable used to set the CONF.libvirt.volume_clear
value in nova.conf. If the variable isn't set, Nova just uses the default.
This will be set to 'none' in the jobs that are going to use LVM.
Co-Authored-By: Matt Riedemann <mriedem@us.ibm.com>
Change-Id: I1e97ba6ab4772a87192ae2689a25050d432358ab
This helps fix an issue where an IPv4 address is moved from an interface
and you lose your SSH session.
Change-Id: Idf37ccbaa6f615fcc714d49c3f0c00c893f56021
Background for this work can be read on the mailing list:
http://lists.openstack.org/pipermail/openstack-dev/2016-May/094063.html
Usage of the new Neutron is by setting the following in
ENABLED_SERVICES:
* neutron-api
* neutron-l3
* neutron-agent
* neutron-dhcp
* neutron-metadata-agent
For now, the new neutron library supports just the ML2 plugin, with the
Open vSwitch and Linux Bridge agents supported. All other Neutron
plugins should be creating their own DevStack plugin if they wish for
DevStack to support them. Many of them already do.
Other notable changes compared to neutron-legacy:
* Rely on the Neutron defaults, and force Neutron to make
sane defaults instead of all kinds of knobs in DevStack.
* Default to rootwrap daemon support
* Use the security group driver by default
* interface_driver can now use NEUTRON_AGENT (linuxbridge, openvswitch), since
they are entrypoints in neutron's setup.cfg
* Use NEUTRON_AGENT variable to determine which agent to run
Works with NEUTRON_AGENT set to either "linuxbridge" or "openvswitch"
Default is openvswitch for the time being.
* Set ML2 configuration for VXLAN support
* Remove Xen hypervisor stuff - it should be a plugin
* Move L3 crud into separate service file:
There's a lot of L3 configuration that was in the main neutron file, but
a lot of it is self contained and can be moved into its own file.
The new l3 service file will contain all the previous L3 plumbing and
configuration that the OpenStack Gate expects, while also eventually
moving the whole l3 network creation step into a single hook that can be
overridden by plugins.
* Introduce a check for a function "neutron_plugin_create_initial_networks" which
will become the mechanism through which different topologies, and
networking plugins can create and wire the initial networks that are
created during a stack.sh run.
The new lib/neutron is considered experimental, and followup patches
will build upon this one. Existing users of lib/neutron-legacy should
remain unharmed.
Co-Authored-By: Hirofumi Ichihara <ichihara.hirofumi@lab.ntt.co.jp>
Co-Authored-By: Dean Troyer <dtroyer@gmail.com>
Change-Id: I31b6362c6d9992f425f2dedbbeff2568390a93da
This seems to break Ironic gate with n-cpu not starting
any more.
This reverts commit c527ded91b.
Change-Id: Idfb01448e8ecf53fbd2e1df61c8f08f3107981ac
Closes-Bug: #1579683
As can be seen in logs of the periodic generation job, our cgit does a
weird thing where sometimes it returns a 404 page with content, and
sometimes a zero response (see [1] for example, the last number is
response size). This appears to be an openstack CI issue; possibly
due to cgit caching or similar (see [2] for manual test). It will
have to be investigated with the host apache logs.
This is resulting in a lot of projects incorrectly being picked up as
having plugins (I7116571d2a2b1fc3a61e5f1ed46ac2cbc244775a). I'm not
sure if this problem is also releated to the original status-code
issues mentioned in the code, but testing shows that cgit is correctly
returning 404's for missing files (you can see in the logs [1]). Thus
switch the logic to examine the return code which avoids this issue.
[1] http://logs.openstack.org/periodic/propose-devstack-plugins-list/e55790c/console.html.gz#_2016-05-04_06_46_51_660
[2] http://paste.openstack.org/show/496434/
Change-Id: I6a06347d91d091441f6f7b70f99aba6d8e9add4b
Currently, the db sync operation does not specify the config dir or
config file.
If there is a config file in the home path, it will use this one,
but not the right one devstack write.
Set config file to these operations.
Change-Id: Id1fbc3d85280c19596f5ebd301c46bcf018fa2f6
Closes-Bug: #1578098
CoreOS cloud image is compressed with bz2 extension [1]. In such
case, we need to decompress the image before uploading it to glance.
[1] https://coreos.com/os/docs/latest/booting-on-openstack.html
Change-Id: I705d0813d180aefaa2507c00d1ae40af07d12fcf
Export the 'short_source' function so that it will be present in the
environment for child shell scripts. Do this because we are passing PS4
to the child shell scripts and it is using 'short_source'
Don't do an 'env_keep' in the sudoers file for PS4, since it is
difficult to also pass along the 'short_source' function.
Change-Id: I9781010d6eb336d02939c7fd47f18bedeae5ccc6
Closes-Bug: #1563443
Devstack installs elasticsearch version 1.4.2 by default.
This version is really out of date and you can't run kibana
4.x against it. We are working towards 2.x support [0],
but in the meantime would like our example to install a more
recent version of ES.
[0] http://lists.openstack.org/pipermail/openstack-dev/2016-April/092583.html
Change-Id: I9ca244f8b817dd9c5f6d7435e347df28282db0a9
This commit adds a new phase to the devstack plugin interface for
configuring test environments. It runs after everything in devstack
(except for the final output commands) to ensure that tempest or
any other dependency is installed prior to running it.
Change-Id: I52128756f18d3857963a0687de77f7cdfd11fb3e
the referenced file was removed with the following change
Ie7f4b265368f1d10a8908d75e11d625b2cc39e7c
Change-Id: I0e25b1f38e0969037d1c8af367432da56bb12e92
This commit adds a new variable to lib/tempest to provide the plugins
that should be installed into common tox venv that gets created. In
order to make this work the workarounds to handle migrating to a common
tox venv have to be removed otherwise the plugins could be installed in
a venv that isn't used.
Change-Id: I63658b8d8dfa999e0feb79f8f2968f2b32e3ff57
Depends-On: Iab2e6e04b6c5795a4d0c8214564106525b942308
In order to support the effort to unify the tox venvs being created
by tempest this commit temporarily cases the path of the venv being
created. Once tempest is updated to only use .tox/tempest we can
remove the if blocks and just use it unconditionally.
Change-Id: I34a69020eee07156e64026781a3c0bffdb5ab415
As we are creating a domain with id 'default' and name
'Default', we should iniset the correct name.
Change-Id: If67338fbbd255b8aa1b91e18e4cf8213baebab95
When running in httpd, keystone accepts requests on /identity and
/identity_v2_admin.
The path endpoints should be preferred over the ports so keystone
is configured to point applications to the path endpoints by
setting admin_endpoint and public_endpoint.
Change-Id: I34569b9e03c3f36748c92d803349e22a7ee1a633
Tempest-lib, as a standalone project, is deprecated in favor of a
"lib/" directory inside Tempest's repo. So remove the installation
of tempest-lib in DevStack.
Change-Id: I507bfe875777fd25bbe5d67c861f3fca99faa22d
There are two implementation code for similar API in Nova repository.
One is newer: v2.1 API, another is legacy: v2 API. v2.1 API has been
used as the default API since Liberty and legacy v2 API has been marked
as deprecated. We have used and tested v2.1 API so well and now is
nice time to remove legacy API code based on the consensus of the
design summit of Austin.
This patch removes NOVA_V2_LEGACY which set up legacy API code.
NOTE: The gate job which uses this NOVA_V2_LEGACY option has been
removed already since Iac81b7d569b76b99e9d86eaa5001ae7f9b78cdfe.
Partially implements blueprint remove-legacy-v2-api-code
Change-Id: I0e16b7ce608d7eeb3a35fd77e66531dfc8c142ef
I think the objective of the line is to display message, but it was
also echoing entire line before printing the message.
Change-Id: I758759638003deec3205983863f4b7e23ba94e89
Signed-off-by: Sachin Patil <psachin@redhat.com>
In a multiregion installation of devstack, conflicts occur in the
creation of images, networks, or volume types, when the region is not
set.
This patch adjusts commands to include the region, and
also adjusts the region_name in the nova configuration section of
neutron.conf to include the region.
Change-Id: Ifedff6a124fa49d57cc7b2f35916d8d96f5e5f7a
The nova check in is_service_enabled() is loading the nova repo
when ENABLED_SERVICES=ovn-northd. Add a comma before each of the
checks to prevent this error with any of the other services.
Change-Id: I9deee735812cde44ea5140b1ad76848f02576609
Closes-Bug: #1574431
Commit 020586fab4 removed support
for g-search as it was promoted to its own project. The devstack
plugin for Searchlight triggers the installation of elasticsearch,
so it can be removed from upstream devstack.
Change-Id: Iada75fc59c66b776c506431f93deb668ab0a84b9
This minor release of bashate just fixes one small issue with python3
compatability. This is an alternative to
Ic91b5ce8cb85e376573f9bf3659d2a86cc437179.
Change-Id: Ie5ad29003cf80a332b9a9258749757a15de79966
This commit fixes breaking change [0].
Long driver names like 'nova.virt.libvirt.libvirtDriver' are
no longer available and 'libvirt.libvirtDriver' should be used
instead.
Reference:
[0] https://review.openstack.org/309504
Change-Id: I27a1b75b921c7401bc8614caadfd1e09e7dd5d65
Closes-Bug: 1574990
Change I24546f02067ea23d088d383b85e3a78d7b43f165 aimed to use
keystone v3 as default in devstack. The change was later reverted in
Ia792b23119c00089542ba08879dca1c29dc80945 because it broke some
projects.
This patch contains a small portion of the first change to set the
environment variables $OS_USER_DOMAIN_ID and $OS_PROJECT_DOMAIN_ID in
openrc, so that users don't have to set them manually when using
keystone v3.
Change-Id: Ie4c316d60590d55830d417f13817298dac70864f
Partially-Implements: bp keystonev3
Closes-Bug: 1387814
Since I380dd20e5ed716a0bdf92aa02c3730359b8136e4 , tempest options
tempest_username and tempest_tenant_name have been added.
However, they are never used at all.
So this patch removes them for the cleanup.
Change-Id: Ic40047c5903d664e4a2d5eea88ff788e39d1e416
This reverts commit 7d1ec43004.
This broke the sahara and layer4 dsvm jobs. The layer4 job
is voting on tempest changes so tempest is also broken.
Change-Id: Ide69f10cd85bf7ff0d86bc8cba56dedd26850362
Partial-Bug: #1573868
We really should only have code that create endpoints once, making all
osc calls get_or_set adds 3 seconds per call for no really good
reason.
This also stops creating the internal endpoints in the service
catalog. It's a pattern that we're trying not to propogate, so lets
not have it in devstack any more.
Change-Id: Ia8cefe43753900d62117beae330db46deb6a9fc9
When using XenServer as hypervisor, install_os_domU.sh will create
integration bridge for compute node when neutron network is used.
But it should provide a way to allow moving of the VM to another
host (with a different XEN_INTEGRATION_BRIDGE) for easier install.
This patch is to provide the way to let user have the chance to
configure integration bridge themselves
Change-Id: If923a5e978e77fc091d24b6e1fe7a83a3375da09
As Nova hypervisor uses deprecated parameters when trying to
authenticate to Ironic, as well as a hardcoded /v2.0 endpoint, a fatal
error occurs when creating a keystone v3-only devstack.
This patch updates auth parameters (ironic section in nova.conf) that Nova
uses when trying to connect to Ironic to v3 parameters.
Change-Id: I2d7ebf750115613aa917448f20daaece614633ef
The bug #1542282 added Q_PLUGIN_CONF_PATH to the comment on how to use
Q_PLUGIN_EXTRA_CONF_FILES. But the right variable name is
Q_PLUGIN_EXTRA_CONF_PATH; this patch fixes this comment.
Change-Id: I6b6b39068fe54509b1bb8af47ae0b21dd77c444a
Related-Bug: #1469434
Closes-Bug: #1542282
Use the fernet token provider as the default for keystone.
The Keystone token provider of choice is changing from UUID to Fernet.
However, due the the need for multi-site keystone deploys to have keys
kept in sync, we cannot change the default in upstream Keystone
without breaking existing deployments. Fernet requires a deliberate
setup step like what is done in devstack. Making the change in
devstack documents the expected setup.
Change-Id: I8c0db244634b0861b0eb3c48fe6ede153f7f04f2
Currently there is added an obsolote/wrong '/' when passing
Q_PLUGIN_EXTRA_CONF_FILES to the service start arguments.
Thats not a problem when using absolute paths, but wrong for
relative paths. This patch removes that extra '/'.
Change-Id: I2136d39889eaf83ecfcc711c733e95e261f455e0
Closes-Bug: #1572192
Make it possible to construct the service users in their own seperate
domain. Changing this away from Default will not work for everyone yet,
though it does work for basic service interaction however enabling it
will allow us to start testing and hopefully gating that services aren't
relying on v2 only concepts.
Change-Id: I7e73df5dd1caabf355783da2bc0f3007ade92fba
This environment is used by the normal docs job, add it.
Manually add requirements needed for doc building.
Change-Id: I1be193d113683966f6a76e862713f3a550543168
Related bug #1469434 fixed the usage comments for
Q_PLUGIN_EXTRA_CONF_FILES. However that change didn't
make it into neutron-legacy. This patch updates the comments
in neutron-legacy to reflect proper assignment of
Q_PLUGIN_EXTRA_CONF_FILES as well indicate
Q_PLUGIN_CONF_PATH is required when using extra conf files.
Change-Id: I447f1158d333ac4a35c4903a509146a62d93b272
Related-Bug: #1469434
Closes-Bug: #1542282
Those reports may be helpful when debugging neutron gate issues.
pgrep is backwards compatible with old Solaris tools, which means it
does not match with commands that are longer than 15 characters. To
avoid that for neutron agent names which are longer than that, we need
to pass -f argument to match against the full cmdline.
Also killall instead of kill + pgrep in a subshell.
Change-Id: I9b3801e927c0e80443ed76e38cd8e3618e888e49
Create specific heat_stack_owner role to be used by
tempest tests, rather than using _member_ which is not
automatically created in keystone v3.
Change-Id: Iff13a47e360b628bc48a8cb897d9368af49db01b
Partial-Bug: #1539692
devstack failed to install because glance:
Could not determine a suitable URL for the plugin
patch I618ea8e27b49af360c905df85af06d9b1eef8407 tries
to fix this problem, but with a wrong way because path is not
correct, the clouds.yaml is not under /path/to/devstack/~/.config/openstack/
but ~/.config/openstack.
patch I8af6bd465f74099c560dddba6b5221dd79cbc965 tries to
fix this problem, but with a worng way to specify the path,
~$STACK_USER/.config/openstack/clouds.yaml will not expand with
a variable, only const string can.
$ whoami
zqfan
$ touch ~/.config/openstack/clouds.yaml
$ export STACK_USER=zqfan
$ rm -rf ~$STACK_USER/.config/openstack/clouds.yaml
$ ls ~/.config/openstack/
clouds.yaml
Change-Id: I549817d2f4638be615991c1726b39d270ba71357
ref: I618ea8e27b49af360c905df85af06d9b1eef8407
If the variable SWIFT_STORAGE_IPS contains a space-separated list of
IPs, we can use this to create consistent rings across all proxy and
storage nodes.
Change-Id: If9307196dc7e74e4a842c95503958ae2d7f7acc7
This is a follow-on to I6f392d3c16726f6dd734184dcf3014fb4f388207 to
note the variable is kept for backwards compatibility.
Change-Id: I1008b2d4e2baf82e1aa531d9eaf96a084beb69aa
The WIP prefix and the statement
"This can't merge until p-c no longer references lbaas jobs."
Should have been an indication that this patch is not quite ready to
go in as is.
This reverts commit 130c3adb0e.
Change-Id: I57d5f9f2e66b1bdf6fca70074bc1d5678de65f38
This is a fairly opinionated change to do some spring cleaning on the
documentation.
The current output of shocco as rendered at [1] is completely broken.
I can not see that it is worth us maintaining this. Honestly, the
github page does a better job at showing the scripts with a bit of
formatting. The "changes" page is similarly useless today. cgit or
github show allow browsing of changes in the repo better. Both are
removed along with support scripts.
When you currently hit the first page, it gives no clue as to what
DevStack actually is. Add a paragraph explaining that, and link to
the cgit for easy source browsing.
stackrc.rst is not necessary; the stuff about database backends is
already discussed in configuration.rst; move the things about service
repos into a section of configuration.rst.
The discussion in openrc.rst is moved into the configuration.rst file.
localrc.conf.rst was just a paragraph pointing back to
configuration.rst; this is removed.
The variables described in exercise.rst are moved into a separate
section of configuration.rst
[1] http://docs.openstack.org/developer/devstack/#scripts
Change-Id: Ie7f4b265368f1d10a8908d75e11d625b2cc39e7c
When devstack fails, some or all bridges may not exist.
This change allows an only existing bridge to executes ovs-ofctl command.
And fix duplicate ofp version specified in protocol option of ovs-ofctl.
Change-Id: Ied01de727ca9b867ce87db358f72ae44838b63af
This removes Oracle Linux 6 support ("OracleLinux") which, like RHEL6,
is now unsupported. "OracleServer" matches Oracle Linux 7.
Change-Id: I35b1c7d0b103c509283dba0f6551453e7d8ac4cc
Closes-Bug: #1568634
This commit adds an execution bit to generate-devstack-plugins-list.sh.
This should be useful for users.
Change-Id: I12d0a257eb1d487979d044c2e52e824a6ea4c02d
In stack.sh, REGION_NAME is used to set environment variable
OS_REGION_NAME before using OpenStack client to configure accounts
for services. OpenStack client will try to find Keystone endpoint
in REGION_NAME to send the requests.
However, in the case of deploying multiple DevStack instances in
different regions with shared Keystone, Keystone is only running
in one the of region. When installing DevStack for the region that
does not host Keystone, OpenStack client will fail to find the
Keystone endpoint and thus DevStack fails to start.
This patch fixes this bug by introducing KEYSTONE_REGION_NAME for
user to specify which region Keystone is running in. Document of
multi-region setup is also updated.
Change-Id: I3e82c7ff69326d4171623299ffecea103d40c80d
Closes-Bug: #1540802
Most of the tempest utilities need at least a partially setup
configuration file to work properly. This is because most of them
make api requests in order to perform the expected operations.
This causes a bit of a chicken and egg problem when we rely on
these utilities for configuration purposes since we don't know if
we have enough of a configuration file to run things. This previously
wasn't an issue because all we needed to run was verify-tempest config
and it wasn't in a critical path just for api extension discovery and
it wasn't relied on. But, with the addition of tempest preprovisioned
credentials we rely on a tempest util to create the credentials we
use for running things. We need to ensure the util has as complete of
a config file when it's run to ensure that everything is in the
correct state.
This commit moves the running of all tempest utils and the associated
iniset calls to the end of the configure_tempest function to ensure
that the utils have as complete a config file as possible.
Additionally, it makes all tempest util calls are venv isolated. (which
is mostly future proofing for when things are branched on stable)
Change-Id: I5844aed4e134fbc7210aa0eca83500e260915b7b
The test job "gate-tempest-dsvm-cells" uses the Nova cells concept.
This triggered a deprecation warning:
WARNING oslo_config.cfg [...]
Option "rabbit_virtual_host" from group "DEFAULT" is deprecated.
Use option "rabbit_virtual_host" from group "oslo_messaging_rabbit".
This change removes that warning.
Change-Id: Ieaf437ecbf58edb8994f6afcb0ac2afcd5585a1e
Variables PUBLIC_INTERFACE_DEFAULT and GUEST_INTERFACE_DEFAULT
are only use to provide default value, deployment script should
not use such values directly
Closes-Bug: #1566768
Change-Id: Ib543b416df861086fa2edbe7df769b224d0b0add
Make the warning in the auto-generated file stand-out a bit more, so
people don't waste time trying to add entries that appear
automatically.
Change-Id: Icf4290e1fad21ce72af54c178bafcce0b287cdf6
Change 0b9e378cca2be4e034ad401d71fbe4470907f93a moved the
api_paste_config from the DEFAULT group to the wsgi group
and deprecated it's usage in DEFAULT.
Change-Id: I283db638e76b986d3e728c6caf34a0b3f37fc9b6
Ubuntu vivid support is EOL lets make room for xenial.
Change-Id: I21c4966c80e0b5fc2b1a7448020dd1c75e0070ad
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Fix the table with a bottom border. Regenerate the plugin list using
the script to make sure it works this time.
Change-Id: Iab3eb3879fd6017c55259e470477e4a9e34514e2
This makes us depend on n-api being enabled, which should avoid running
this on subnodes, where it fails because of no credentials.
Change-Id: I209bd59cd57be27c3375f5a2074361307abcafe9
Closes-Bug: #1567065
Nova API itself supports both URL modes:
with project-id and without project-id
However, we are changing service catalogs for removing project-id
based on the discussion.
We have agreement on https://review.openstack.org/#/c/181393 like the
following:
- Standard required naming for endpoints (versioned vs. unversioned,
contains project ID vs. no project ID).
* We want unversioned endpoints so that the user can get
information about multiple available versions in a given cloud.
* We do not want project ID, account ID, or tenant ID as part of
the resource URI for an OpenStack API endpoint.
So this patch removes project-id from Nova service catalog for this
direction.
Change-Id: Ifd74152727b5c0c75924419a7a52e024a69ce72c
Make sure the table is separated out from header and footer content so
it actually gets picked up as a table.
Change-Id: I60a24b2476a55cfbf5c864a1c27ce5b98e699886
This sets all the internal variables and service users that are set to
use project instead of tenant for clarity.
Change-Id: I4aa833bac2ee2281c5f2881f7ae1fd8e7c759f74
This makes devstack create default flavors in nova, like cinder, now
that nova no longer hard-codes them into its database.
The flavors created here match the legacy default flavors that nova
kept for so long, and also creates a new devstack-namespaces set of
flavors which are likely more useful for people.
Change-Id: Ic275887e97221d9ce5ce6f12cdcfb5ac94e300b0
Cinder was the only project with a script in driver_certs. That cert is
no longer required for Cinder as we now just require that third party CI
is run for all drivers before acceptance.
This removes the cinder cert test script and the now empty driver_certs
directory.
Change-Id: I8d0867c4720f324b8dbf3c64ddf66ff267996d10
As part of the "reduce confusion on tenant_id" we need to change as
many references as possible over to project_id.
Change-Id: Ia665312f24672b106e12fde93b60f142620c3a45
Currently ovs-ofctl command is executed for only default ofp version
(OpenFlow10).
Some Neutron's plugin uses OpenFlow13 and in that case ovs-ofctl fails.
This chage allows us to get ovs info for all ofp versions supported by ovs.
And adds dump by dump-ports and dump-ports-desc.
Change-Id: I2d3c42835a5ad0f5ebf540e8127762f466347c9c
Neutron had a lot of work done during the Mitaka cycle to fix MTU
issues, so let's see if Neutron can stand on its own.
This commit reverts 06cfce3756
Neutron patches:
I6ffc8973c9b8f46cc19922ff04fdd2d23646b878
I4096a3e7704032fa4aa5c3aa8bcaec4e38d0d06d
I6a10c4dfc1f2198667f3d02528e2ca8020cb5bb8
Ic091fa78dfd133179c71cbc847bf955a06cb248a
Idf6221fee2c7da86123b330ad3c235ecc6868242
I6859ebdde1f7e3a8163b49d705620e522ada606a
Change-Id: Ie88c7ebb29adadde530217c95e2f38aacb119dc8
In I33525e2b83a4497a57ec95f62880e0308c88b34f, we switched
from zookeeper to dlm. Somehow this got left behind.
Change-Id: I41d13d33c9a81271d4a9752cbe98c0028a17ab1e
Since commit 7580a0c3e3, openrc
print a WARNING message to stdout, it will break the zsh script
in faq.rst. This patch redirect openrc output to /dev/null.
Change-Id: Iaba03634d7a234cd4d120477f91ef56d0595cdf6
Closes-Bug: #1563940
Printing the total makes it easier to compare runs at a glance. Clean
up the output a little, and use some consistent, name-spaced globals
while we're there.
Note the total runtime is at the top to avoid giving the impression
that it is the sum of the components below, since you can nest/overlap
timers (I made that mistake in a prior change :). It might be a fun
exercise in tree building to one day track the overlaps and present a
nice nested breakdown.
Change-Id: I878ce03813d21138df493b82bceff3aaa7f83064
Ceilometer uses a devstack plugin for a while now, so there should not
be any need for this file in the main devstack repository.
Change-Id: I3577c52b106c63c465a40ea3740eb5b8384e900e
This is a normal step in the process for upgrade and is now
required for migration of flavors from the main DB to the API DB.
Since we previously made a bad decision to encode those flavors into
the first database migration, that means that even on new installs we
need to run these.
Deployment tools are going to be running this command any time they
do anything to the database post-deployment, which means adding this
to devstack is putting it in line with what normal deployments will
be doing.
Change-Id: I8ab03af9d2f4974f26a7f8487ec978caea957e45
Since change Ie38deadf190db33863c99d4610157349484ac10f ceilometer does
not use spidermonkey which needed libnspr4-dev to be installed. Thus the
requirement can be removed now.
Change-Id: Ib0685181f1cc4c9b58411a1679ac9dec1812f683
OS_CACERT was being added directly to the environment rather
than usercc_early. This caused an untrusted CA error to be
thrown.
Ensure that SERVICE_HOST is in the Subject Alt. Names of the
issued TLS server cert. The gate sets it to 127.0.0.1 which
wasn't being handled. Only the FQDN of the host and actual
IP address of the machine were being added.
Change-Id: I8a91dffe1a5263d2bcc99ea406a8556045b52be2
auch configuration in the nova section in neutron.conf was
still setup manually. Just reuse the function
configure_auth_token_middleware() for configuration to simplify
the code.
Change-Id: Ib5a7e9212e2d1242bdbec75cf3fac13d5c42a2e2
This commit moves the auth setup for tempest config to occur before
we run tempest verify-config. The API requests that command runs
require auth and in the case we run tempest without admin creds set
the config file will not have any credentials to run the query with.
By moving the auth setup to occur before this it will ensure tempest
is always configured with credentials before we run the command.
Change-Id: I6d11b24e4492f1fde3aa3a7a239c40d63111bfa1
Previously the swift blocks only ran if s-proxy is enabled, which
prevents a multinode configuration. We should run these blocks if any
swift services are enabled, and push proxy specific conditionals one
step lower.
Change-Id: I540a97615b3c19f882c8673b1a4a29cd47e36aa8
Lbaas devstack support is now in the neutron-lbaas repo, so we can move
towards removing it here. This will explode hard, but let's start peeling
the onion.
This can't merge until p-c no longer references lbaas jobs.
Change-Id: I1c49877bab53f6b25385302420086b25e3eeeebf
Make our usual admin user to be a real admin,
and open the way for improving the per project
policy.json files.
Change-Id: I133a5953d209bc1edbd03ecfae750f77e3eaa64d
Related-Change: https://review.openstack.org/#/c/242232
PS4 can include functions, so when running in the LOG_COLORS=True mode
provide a grey function line so that it's easier to visually
distinguish the content from the location.
Also make it so the main prompt chunks off all the common path, which
means we can printf to 40 characters and have a pretty reasonable and
readable PS4.
Change-Id: I4a10a49db97d413349bcfceeb8c4164936fbcc40
Check that a public and/or private network exists before calling
probe-create for it, to avoid an error in the case where that
network hasn't been created
Change-Id: If01cec47dc4ab02b5d78074b1354df10dc23b384
Closes-bug: #1560629
It seems pip distinguishes paths with .. or extra / for constraints.
For example, the following directories are considered different.
/path/to/dir
/path/to//dir
/path/to/dir/subdir/..
This commit tries to normalize the given directory name to avoid
"Could not satisfy constraints for 'xxxx': installation from path
or url cannot be constrained to a version" error due to directory
name mismatch.
Reference: https://github.com/pypa/pip/pull/3582
Closes-Bug: #1542545
Change-Id: Iae9d58c27d3b10bca16e4a471507c4d5c16439a0
hexdump is used in common function generate_hex_string which is
used by nova and heat. The current general dependencies do not
have this dependency covered, instead it is usually pulled in by
other implicit dependencies when a full devstack is built. In
cases where only a subset is built (like just Heat and keystone)
hexdump is missing.
Added unit tests for the generate_hex_string function.
Depends-On: Ib47d802a31a0f4c2a49daa7e6698e37c70a2365a
Change-Id: I77c8c2019fb8b8174cdfaed3e56ebf728f0732b7
Closes-Bug: #1558672
In future Nova will use os-vif library for some communication with Neutron.
This patch add ability to install os-vif library that requires for run
tempest-jobs for new patches, that used os-vif.
Change-Id: I28e48afd3c740b1aa50c994d99f660f095e7deda
We've had a couple of cases where plugin names are longer than our
table width.
Take the fixed-with table-header out of the header file, and generate
it dynamically based on first-column width. To simplify, take
advantage that RST allows a variable-length last column and so don't
specify it's width.
Add a link to the cgit URL for each project you can click on to browse
the source (link text remains the git:// URL).
Add some logging so you can see what the python generator is doing,
should you run it.
Change-Id: I5d5e692039bbb30b2508119412472dac1d105c08
Apparently this is intentional as a joke on devstack leaking
passwords, but the dual meaning of the word confuses people. Let's
change it before we get yet another review fixing it.
Change-Id: I3bee03612f6ea197362aab04a37f81043f77f235
Insert the unversioned keystone URLs into the service catalog. Services
should be able to determine the correct URL for their work from this.
Depends-On: I931f0c558aafc8dfaa5519744c6e4e7fcffc3205
Change-Id: I6171f782a1dd397720a9b2a3393b30ae5aca0cc2
When detecting os_VENDOR, the lsb_release output may be different
from what is expected today. This patch fixes the detection.
Change-Id: I850ad1acbc2397c73e7cc85c1765cba6ba2f98d4
After reviewing I5b1d49be8d9e3e331826e30182fba70f099b5e7f and
I161a157895b4ed0c9ea5a7a00302e30f4ad75ed3 - I have come to the
determination that this really should be in a DevStack plugin.
If both of the patches under review were to merge, we would be blessed
with at least the following variables:
OVS_NICS_FROM_BRIDGES
OVS_NIC_MAPPINGS
OVS_BRIDGE_MAPPINGS
OVS_PHYSICAL_BRIDGE
PHYSICAL_NETWORK
PUBLIC_PHYSICAL_NETWORK
Which really is not good. Let's just push this into a plugin, I don't
want to deal with it.
This reverts commit 3095ff5132.
Change-Id: I746022f5db93d3333101a014692fbdcd790a0004
This all started with an investigation into Fedora's use of ecua2ools
package. This package is a bit of a nightmare because it pulls in a
lot of other system-python packages.
For Ubuntu, this package was removed in
I47b7e787771683c2fc4404e586f11c1a19aac15c. However, it is not
actually a "pure python" package as described in that change, in that
it is not installable from pypi. I can't see how you could actually
run exercises/euca.sh on Ubuntu unless you installed euca2ools by hand
-- ergo I suggest it is totally unused, because nobody seems to have
reported problems.
In the mean time, ec2 api has moved to a plugin [1] anyway where the
recommendation in their README is to use the aws cli from amazon.
Thus remove all the parts related to EC2 and ecua2ools from base
devstack.
[1] https://git.openstack.org/cgit/openstack/ec2-api
Change-Id: I8a07320b59ea6cd7d1fe8bce61af84b5a28fb39e
Normally a standalone uwsgi server would run in "master" mode -- it
handles signals to reload the processes. I tried this originally
with keystone but found that the server didn't shut down when
unstacking. The reason it didn't shut down is because (by default)
uwsgi does a reload on SIGTERM & SIGHUP rather than shutting down by
default, see [1].
Setting "die-on-term = true" & "exit-on-reload = true" changes the
uwsgi server to shut down when unstacking.
[1] http://uwsgi-docs.readthedocs.org/en/latest/Management.html#reloading-the-server
Change-Id: I145fef185d4a31078295941779e175b7452a5760
There was a lot of duplication in the uwsgi options between the
admin and public config files. The options common to both are
moved into their own section.
Change-Id: I5519c7d4d8b8446a7a5fdb8033852655d8a2c67b
keytone has removed it's CLI and will release a new version
when Newton begins. As part of the removal process we also
need to remove the bash completion script, which is currently
failing devstack gates.
Change-Id: I132b862bde5b4173bf34beae12a7a882f5a96314
This command has never completely worked to restart DevStack.
It periodically prompts attempts to work around this brokenness
in ways that harm other functions. Let's finally remove it.
Requiring a complete re-run of DevStack after a reboot has always
been intentional.
TODO: follow-up cleaning all of the screen hackage if this merges.
Change-Id: I2f61bb69cc110468a91dcaa4ee7653ede7048467
This change provides better handling of tgtadm --op show
output as input of tgt-admin --delete command. In situation
where no output of the first command is present no tgt-admin
command is run.
Change-Id: Ief5e1d50dd679f4d47cffef29ff07e54cc37f80a
Closes-bug: 1554997
1.4 was released in 2012. I think we can assume everyone is running
something newer.
http://openvswitch.org/releases/NEWS-1.4.0
Change-Id: I3cfe99d2647800ae3ffb32c9e6749d03224c2967
* memcache_servers is a deprecated name for memcached_servers.
See: keystonemiddleware/auth_token/__init__.py#n287
NOTE: memcache_serves in the cache section is valid option for
oslo.cache. See oslo_cache/_opts.py#n65
Depends-on: Id65f1bff8e38c777fa406d88ac6a2355d6033d94
Change-Id: I3e1230b139e710a0433e71ce118ca246d7c6a0e6
We made assumptions on the platform for sorting purposes, which turned
out to break with new images being deployed. Explicitly setting LC_ALL
should make this work.
Change-Id: Id65f1bff8e38c777fa406d88ac6a2355d6033d94
Not having a header or footer should not be a fatal error
especially now that we have removed the footer entirely.
Change-Id: Ibbf3e513b8faa016dc2dac8d11ab4f499b3fc51c
Use the additional keystone-manage parameters to setup the identity
endpoint in the service catalog rather than manually fetching a token
for this.
Change-Id: I6f5be1df205dee8f3251b4eb413e00ae64f00f07
Currently Devstack (and devstack gate) uses the default
max_file_size of for Swift (5GB). However the loopback file
is only 1 or 2 GB is size.
We are looking at setting a default FALLOCATE_RESERVE in swift
https://review.openstack.org/#/c/288011.
Because of this our max file size test fails due to the max_file_size
and devstacks loopback size being too small.
This patch sets this to a more sane size by default inside DevStack.
See the gerrit link above for more details.
Tempest uses a loopback of 6GB, so in this case the swift default of 5GB
should be fine.
Change-Id: If09eab7d16ae67bd252020e00e8812ff252f065b
Update bashate to 0.5.0 release. We got things ready for this with
I3fd5d55236e90c2f2c25243af87adaf0c1b763e2.
I'm not sure what I was thinking in
I9e4b1c0dc9e0f709d8e76f9c9bf1c9478b2605ed when I added ".orig" files
to the list of files to check. Ignore diff/merge files.
Change-Id: I8bb0c8b39972abb775b4e5556e79d2e17005bc8c
The trove image is one of the larger ones we cache, and after
double-checking it is still used as part of the
gate-tempest-dsvm-trove tests (although integration tests seem use
their own dib-built version)
Add some notes to clarify the situation with this image.
Change-Id: I2319dd5811d6bd215d1e8778eca5b4c9399f0efb
Aside from notes, the content of the footer is entirely redundant
with the detected plugins list, so let's remove it.
Change-Id: I346b59705c5b0716a18087f6800f568fb1f4c9a8
This uses the new use_neutron variable instead of the crazy class
path. This helps us test the use of this in our jobs.
Change-Id: Ic6d0cc4b7a0df6b3f5336ee58886f7edff26e846
Depends-On: I1c2eb51d10ba6370492a911f59370b9870646a38
Change I380dd20e5ed716a0bdf92aa02c3730359b8136e4 updated the tempest
configuration to stop creating a bunch of globals. But as part of
that refactor it started using $admin_password as the password
argument for tempest-account generator, which is never defined.
This commit rectifies the situation by using the correct variable
$password.
Change-Id: Ieeed58751e5784020e04bcc2911ac74791662110
If /usr/bin/which is not available, the current code
doesn't detect i.e. /usr/bin/zypper . Using "command -v" solved
the problem.
Change-Id: I1c281c3184d69cd9dc2418295b6a392d8e5693e0
Virtuozzo is a RHEL-based distribution serving as a platform OS
to host proprietary container virtualization
(formerly, Parallels Cloud Server).
We moved away from CloudLinux distribution, which has actually
no support in Devstack (no such clause in is_fedora).
As it was us who introduced CloudLinux, by this patch
we replace it with Virtuozzo distribution.
More info on Virtuozzo company here: http://virtuozzo.com
Change-Id: Ib8a77e4611ebc05bc0aa50bb83ab79c412e21c74
If a command we trigger fails for some reason, it's worth logging
details about the failure (like return code).
Change-Id: Ib19aa474eccdd11e138a4f55e125935b621bca05
The agent_* drivers in Ironic are not yet capable of deploying partition
images. The code in DevStack was aware of that but it was looking at the
agent_ssh driver specifically.
This patch is fixing this assumption and extending that conditional for
all agent drivers.
Change-Id: I416faa9ef6fba9621cd664d5a0747b1e80e281d1
postgresql 9.3 don't create /etc/postgresql and related conf file by
default. So we need start the pg_createcluster in devstack if has not
started after package installed.
Change-Id: I2b348658d79b23b5f21871b33d8023499b2fb956
Close-bug: #1552051
We need to do a substring match on the vendor here. As most releases return
"openSUSE project" for the vendor.
Change-Id: Ia05db8d93b5e3f42cb6a9c8d77616ca9f7c32039
Now that the devstack pluging periodic proposal job is in place,
add a note to the header to try to head off confusion.
Change-Id: I1c740ff768f831548970142a8bd024abe1763fdf
This patch ensures that lib/tempest doesn't call nova when heat is
enabled and nova is disabled.
Change-Id: I2debbae1bb82ecace1058e99ab172272393fb5ea
Closes-bug: #1549708
Since I93e9f312a94aeb086925e069a83ec1d3d3419423 yum_install isn't safe
under errexit. This means it really only works when called by
tools/install_prereqs.sh because for some reason, we don't set that
there.
However, there is a problem with the retry logic when detecting failed
installs. A failed package install should stop further progress, but
with the current retry logic it just goes ahead and retries the
installation, which then incorrectly passes. You can see this
happening in a test like [1].
In our detection scripts, make a failed package or missing packages
exit with error-code 2, and "die" when we see this to correctly stop.
[1] http://logs.openstack.org/81/285881/1/check/gate-tempest-dsvm-platform-fedora23-nv/a83be30/logs/devstacklog.txt.gz
Change-Id: I4ea5515fa8e82a66aefa3ec3a48b823b645274f7
Setting OFFLINE=True in local.conf should enable stack.sh to run multiple
times without an internet connection. This was broken for some cases
when recreation of tox venv for tempest was forced in lib/tempest.
This change makes recreation of tox venv enabled only when OFFLINE mode is
disabled.
Change-Id: I2bf6caf60038a3690378eead905b35e9175ac356
Closes-Bug: #1550537
Since EXPERIMENTAL Glance v3 API has been removed in favor of
standalone API implementation was added we need to add some
changes in devstack to support it.
Implements blueprint: move-v3-to-glare
Depends-On: I5b7bd4cdcc5f2a40fc4a5f74bcc422fd700c4fb0
Change-Id: Iced3c68010eb6bcd2a6a1ec8f1c6883f84cbe77f
If tools/generate-devstack-plugins-list.sh is invoked with a parameter,
as is the case with the proposal job, copy the generated list thither
so that git will actually generate a diff.
Change-Id: I874a521bba7f402f5c07e28d6ebb086e77873795
This removes the fs-based git code path for detecting devstack plugins
as requested in I2c5c9282a8ad80014cad171a4dfbdc8f26044cd1
Change-Id: I6d1567c2545b866c433381d19587beb08c281c53
When os-brick starts using privsep, it will need to know how to invoke
its privileged half. Amazingly the name of the rootwrap executable
isn't anywhere else in the config, so the privsep default uses just
"sudo" (no rootwrap).
We need to either:
1. set the privsep command line to use nova-rootwrap in nova.conf (and
similar in other configs), or
2. add the privsep-helper line to sudoers and bypass rootwrap entirely.
This change implements (1) for devstack (nova only for now, cinder to
follow shortly).
Change-Id: I90dc41bc77993bd83b80c92286e015e14f290b45
When os-brick starts using privsep, it will need to know how to invoke
its privileged half. Amazingly the name of the rootwrap executable
isn't anywhere else in the config, so the privsep default uses just
"sudo" (no rootwrap).
We need to either:
1. set the privsep command line to use cinder-rootwrap in
cinder.conf (and similar in other configs), or
2. add the privsep-helper line to sudoers and bypass rootwrap entirely.
This change implements (1) for devstack/cinder and is similar to the
corresponding nova change in I90dc41bc77993bd83b80c92286e015e14f290b45
Change-Id: I8a0b1728cc66c4861f69623b1b16b1f759b57b25
Skip with a notification that a command was not found when trying
to run a dump that relies on optional external command.
Otherwise we produce noise in the error output that is misleading.
Change-Id: I0e3d99da8c54d2912463ecba7c1783864a7c7fc7
Closes-Bug: #1548833
Closes-Bug: #1506873
When running pkg/elasticsearch.sh the following files are created:
.localrc.password
files/elasticsearch-1.4.2.noarch.rpm
files/elasticsearch-1.4.2.noarch.rpm.sha1.gen
files/elasticsearch-1.4.2.noarch.rpm.sha1.txt
Change-Id: Ie2ab8b7fe72f51cb350e1f46ca97570b84047ac4
Closes-Bug: #1548201
Since https://review.openstack.org/#/c/281779/2 have been
merged the telemetry integration job is broken.
Unfortunatly, it can't be fixed on our side, because we have to
rename SERVICE_TENANT_NAME in many devstack plugin, we can't merge thing
until all plugins have been fixed.
So this change restores SERVICE_TENANT_NAME, to be able to switch to SERVICE_PROJECT_NAME.
Related-bug: #1548634
Change-Id: I14ebf23aa63f0f153b934ad213a6209d22e73e9d
Commit 7dbcfae introduced a subnetpool needed for the
auto-configured-topology Neutron extension. However, it allows
only up to 4 tenants, then you'd hit an error about no more
available IPs. This patch changes the size of the subnetpool
and the subnets it creates.
Change-Id: I4f43bebc52fb20e39853a1632fe31506958f5071
The uwsgi keystone jobs are failing with an error like
+ devstack/functions-common:_run_process:L1391: setsid uwsgi /etc/keystone/keystone-uwsgi-admin.ini
+ devstack/functions-common:_run_process:L1395: exit 0
execvp: No such file or directory
I think this is because uwsgi isn't installed on the images. The fix
is to pip install it.
Also, use the full path to the uwsgi executable (even though execvp
is used) because eventlet (calling keystone-all) does.
Also, the uwsgi process wasn't shutting down on ./unstack.sh. This
is worked around by not running master process.
Change-Id: Id02e16c5149ba3dfa13051e87cfccd8e505b7362
lib/tempest is using / setting a ton of globals, a lot which don't
look used. As a first step to converting over to s/tenant/project/
make all of these local which means they can not be impacting anything
outside of this function. That will make them safe to change names
later.
Change-Id: I380dd20e5ed716a0bdf92aa02c3730359b8136e4
This replaces the use of TENANT variables with PROJECT ones during the
initial setup. The openrc will still export a OS_TENANT_NAME because
many tools (cinderclient, glanceclient amoung them) will not function
without it. We warn when we do that.
Change-Id: I824b1121842eb5821034071874bf1bb2d7c3631e
override-defaults mechanism allows us to define
s_neutron_plugin_security_group before loading lib/neutron,
and we no longer need to have a plugin-specific file in
the master DevStack repository.
Change-Id: Ib0f6e3d9463357d2dd66a2d61b8c722fa1f0bfba
Depends-On: I8b19b8f1b0694a96132f158146848aee7d14e8ff
Neutron implemented an extension to allow users to automatically
provision a basic network topology to connect their instances.
One of the requirements for this feature is to be able to mark
an external network to be the one to be used for external
connectivity. Another requirement is subnetpools, which are
used to determine the IP space to allocate for private tenant
networks.
This patch codifies these requirements. The provisioning
needs to be made conditional based on the extensions
needed for this to work correctly.
Partially-implements: blueprint get-me-a-network
Change-Id: I43ce5d65e754f131f7ca1ce2088a397d266cf821
In the "I can't believe I missed this" category -- the existing strip
method removes shortest match (%); which fails when you put another #
in the comment (like "refer to bug#1234"). Change to the longest
match which should strip everything from the first "#" to the end
(since that's going to be the longest).
Change-Id: I47f5e710ebd87b0f54549732e7d64cf42c7a6b65
The devstack plugins list can be generated through web requests in
environments (such as the proposal slave) that lack copies of all
the relevant git repositories.
One downside to this is that there is no way of getting the last
modification time of the plugin.
Change-Id: I2c5c9282a8ad80014cad171a4dfbdc8f26044cd1
in fedora postgresql is the service name and postgresql-server is
the package.[1]
os: Fedora release 23 (Twenty Three)
psql: psql (PostgreSQL) 9.4.5
i'm not entirely sure when this changed, but it's devstack is broken
in above environment.
[1]https://fedoraproject.org/wiki/PostgreSQL
Change-Id: Id940fed2a777ca469ce77402e1136251ba572359
The DevStack module of Ironic added a new configuration variable called
IRONIC_IS_HARDWARE that can be set to True/False to indicate that we are
setting up devstack to deploy physical or virtual machines (see the
depends flag). Prior to that, the devstack code assumed that if the
driver name loaded is != *_ssh then it's a physical hardware but now we
need to kill this assumption because we have means (see the virtualbmc
utility) to test drivers such as pxe_ipmitool and agent_ipmitool using
virtual machines.
Depends-On: I5edc51c7fc8b6f0bb7fe4ca129596709a32eb93e
Related-Bug: #1544642
Change-Id: I8b6363bbe280ddd2720c570851bc40e2804a40e2
These flags were not functioning as described. Check if UNSTACK_ALL is
set in env or -a flag is set when calling script.
Change-Id: I128d32b1e74ee46e24a9eb2e81560e58137b1553
Closes-Bug: #1546687
This reverts commit 8a3b7d424d.
This change masked a non-backward compatible change made to the
Neutron core API. This is being cleaned up and thus this workaround
is no longer required.
Depends-on: Idf516ed9db24d779742cdff0584b48182a8502d6
Change-Id: I6695a6e17df1a395ada4ecf2b063b2c20870d99d
There's no need to change these Tempest's default anymore.
The feature flags are left in Tempest so that downstream distros can
continue to use Tempest to test Juno.
Change-Id: I99f286d0febb1675b8feb91b6801ad0b159da332
We don't have a new bashate release yet, but this fixes some minor
issues when used with bashate trunk.
The only two things triggered are stricter checking of assignment in
local declartions (catches quotes) and one instance of evaluating
arithmetic result in tools/xen/functions.
Therefore, hopefully, this change has no effect!
Change-Id: I3fd5d55236e90c2f2c25243af87adaf0c1b763e2
Update to bashate 0.4.0. The biggest change in this is that bashate
does a syntax check with "bash -n" which can be useful
Change-Id: Iff625ef2181dfaba28349dc17de0749faddec539
Adds LinuxMint to the distro checking. This allows linux mint with
the FORCE option to run. This will not fix for other distros that
do not pass the checks.
Change-Id: I42599c1bd851d2b61a56a3960f42ad051aab1727
Closes-Bug: #1545864
It was pointed out in I42599c1bd851d2b61a56a3960f42ad051aab1727 that
after I46a2c36d95327087085df07cb797eb91249a893c we now die if we can't
determine DISTRO, rather than take a guess.
After some consideration, I don't consider this a regression. This
default matching was basically only working for LinuxMint, because we
already have some matching there for setting os_PACKAGE that makes us
know the platform is Ubuntu-ish.
However, I would certainly agree it is not particularly clear as to
why. This just adds some comments explaining why we can not just add
a default DISTRO fall-through and directs implementors on how to add
support for their platform.
Change-Id: I4b07259be1427d86a7154906646073d08dd07294
Keystone is going to remove support for eventlet. Rather than only
have one way to run keystone (in Apache Httpd with mod_wsgi), we
should continue to gate on multiple wsgi containers to ensure that
keystone remains container-agnostic. The suggested alternative
container is uwsgi.
To run keystone in uwsgi rather than httpd or eventlet, set the
following env var in local.conf:
KEYSTONE_DEPLOY=uwsgi
There's a lot of options to uwsgi. Here's some protips:
http://uwsgi-docs.readthedocs.org/en/latest/ThingsToKnow.html
Change-Id: If3b49879ce5181c16f0f0ab0db12fa55fe810a41
Currently there's a boolean KEYSTONE_USE_MOD_WSGI to switch between
running keystone in mod_wsgi and eventlet. We've got a need to
support more/different deployment options (e.g., uwsgi), so a
boolean is inadequate.
A new input variable KEYSTONE_DEPLOY is introduced that can be
set to mod_wsgi or eventlet (and other values in future) to
control how keystone is deployed. KEYSTONE_USE_MOD_WSGI is
deprecated.
Change-Id: I9b2815e6f007309f088346df9ac48e6a24ae3656
Enable use of memory cache by default for Heat. It will provide a boost
for various test builds and will help test this configuration.
Change-Id: I06183138d54c1cb971a58a158a15f3f5b25cba4d
It makes it a bit easier to read the output since each new command is
now visually separated from the output of the previous one.
Change-Id: If441c61bb6f13f85f771dd31609b10d3dd1ee93c
Neutron hugely relies on namespaces, so we should try to dump
internal IP stack state for non-root network namespaces.
Change-Id: Ib980d22fbf3c6b680473754fa2b1684c2ef91b72
This patch enables the virtual console for Power systems /dev/hvc0
and sets scsi bus and virtio-scsi model as default.
The virtual console hvc0 enables full console including dmesg.
High performance virtio-scsi driver keeps the efficient design of
virtio-blk with effective SCSI passthrough.
Change-Id: I0b5cd4a15d30f06fc7993555d91d6907bd1acbd7
We have a fix in Nova which should make this unessessary,
revert to see if that's true.
This reverts commit 61aa0e9f19.
Change-Id: If109af452ad583417e3a3a3ef1c9b545f1ec9b89
Running OpenStack in a container can be a useful workflow for developers.
The primary benefits are faster performance and lower memory overhead
while still providing a suitable level of isolation.
The guide walks the user through procedure for configuring an LXC container
and deploying OpenStack in it using devstack. It also discusses the limitations
of this setup - particularly related to cinder.
Change-Id: I2e0921fd118cfe98cef86ba110a94b3edccf9a29
Horizon now uses the WEBROOT to populate the value of $webroot in
the CSS code. The CUSTOM_THEME_PATH pointing to the webroot theme
to explicitly set the same value is no longer necessary.
Closes-Bug: 1540801
Change-Id: Ic212796ee0905751ac3fd619bbbc902d25ea10d5
This was removed in commit 19363fc1e7 as
an unneeded F21 dependency, but due to missing dependencies as
described in the bug, /usr/lib/rpm/redhat/redhat-hardened-cc1 is
required and is provided by this package.
Change-Id: I2c0c3b0198d795d947fd77005fd7528de561dfcb
This is just another code path for little benefit in devstack which is
going to rot out. We should be opinionated here and only support the
dynamic catalog.
Change-Id: I4e5c7e86aefe72fc21c77d423033e9b169318fec
The keystoneauth1 library replaces the auth_plugin option
with auth_type. In neutron.conf, change [nova] auth_plugin
to auth_type. In nova.conf, change [neutron] auth_plugin to
auth_type.
Change-Id: Ifbd26b8999e453f4cd875e1be3ae1211bdd8fb2a
As of 9de8f7230d069e4da9736f09ad5d17773315b476 nova is now attempting
to import libosinfo packages, so install them for goodness sake.
Change-Id: Ib481dda475dd2975a513052478be0007aa1cf4a8
Related-Bug: #1543288
This commit is a workaround for respecting upper-constraints. Since
we're using tox to handle setting up a venv and running tempest
commands we need to manually install the constrained packages inside
the tox venvs. This patch does that for all the venvs being created by
devstack via tox. However, since tempest has additional tox jobs
defined if those are run via devstack those will default to the
default pip install -U -r requirements.txt defined in tempest's
tox.ini.
Change-Id: I7f84dfb67a3c97003947aefd8a7e3c6454106db4
Closes-Bug: #1543841
This commit will unblock the world breakage caused by the recent
cliff release. This exposes a hole in our constraints usage in
devstack. We need to fix this bug for real in devstack and cliff,
but that will take a few minutes to an hour or so. So let's just
change the usage in the meantime, we can revert this when things
are fixed for real.
Related-Bug: #1543841
Depends-On: Ic63612dc50e064a3a69b88618e394ba17e083c22
Change-Id: I19e477fa5068474bc3471307732f89adaafb2952
If FUNCNAME[0] is undefined and 'set -u' has been used it will cause the
devstack run to fail.
Handle undefined values in PS4.
Closes-Bug: #1543749
Change-Id: I06a013a5e7683e3a3461ff06361d867f61d48e6a
There are some parts of devstack we should really delete, but we have
no idea who is using them. Push out some deprecations so we can look
at this through logstash.
Change-Id: Id5c8748606cce16f64e978ad7ac9309bebac0eb7
Remove the microseconds from the apache logs and move back to using
milliseconds. There is no longer any 2.2 workarounds in the keystone
setup process.
Change-Id: I8787eee41fbde1f9794aeffe1e862af0d5117bc3
Having multiple clouds with the same name in clouds.yaml confuses
openstack client config and it may not choose the intended cloud.
Unfortunately the new alt_demo user's clouds.yaml config used a
duplicate name creating confusion for clouds.yaml consumers.
Correct this by using a unique cloud name, devstack-alt, for use by the
alt_demo user.
Change-Id: I2cb8f10ab5abfedf76ead309f237730ce8ce2ad4
After staring at a bunch of logs, try to crisp up the ps4 output for
maximum readability.
This also adds PS4 to all calling scripts by having a common PS4 in
stackrc. It should make understanding when clean fails a bit more
straight forward.
Change-Id: Ia1f8dff5c1102c32c146a020a9f033c65d2c50de
Tweak a code comment based on a review comment from Steve Martinelli in
https://review.openstack.org/#/c/275121/ where the alt_demo user is now
always created.
Change-Id: I9e9a769f601e52c030e9f6953f1746788c24a185
Allows the definition of the global variable OVS_BRIDGE_MAPPINGS (e.g.
in local.conf) to automatically trigger the creation of multiple OVS
bridges. For example:
OVS_BRIDGE_MAPPINGS=physnet1:br-br-enp0s20f1,physnet2:br-enp0s20f2
should automatically yield the creation of two bridges, respectively
associated to the two physical networks declared,
by simply running DevStack with the OVS agent enabled.
Documentation has also been added to doc/source/guides/neutron.rst.
Change-Id: I79dc0213c9d70ba628621c4c0f65481783590085
Closes-Bug: #1535835
The g-search service was promoted to its own project and it's now called
Searchlight. This patch removes that code from devstack.
Change-Id: I9dd7ce62f0339911e025329b8a841792219ea02b
For testing reasons it's typically very useful to have a second non
admin user to cross check that it can't do a thing to the first
user. It was useful enough we always created it with tempest (though
we didn't always use it).
This makes devstack always create an alt_demo user, which is available
in occ as devstack-alt. This will help us unwind some of the keystone
v3 breaks with functional tests using keystone cli to build this
second user.
Change-Id: Iaaf02469180563e2d8c413fee0ee66ada2296cfa
It seems like the fallout from this was not well sorted.
A lot of things aren't working, and there is still vestigial
v2 bits left behind.
This should have come with a much greater warning and some
spot checking of additional services working with this.
This reverts commit b162a1d58c.
Change-Id: Ia792b23119c00089542ba08879dca1c29dc80945
This generates the plugin-registry document from a static header,
a scan of openstack/ git repositories, and a static footer. It
is intended to be run by a periodic job proposal bot to keep the
list of plugins current.
Change-Id: Ia04ab72900c8efd5d5289fbd7632201dcaa3e5d9
Full class path style configuration of options scheduler_host_manager
and scheduler_driver are deprecated because of dependent changes. This
commit changes the related configurations to use entrypoints in setting
up nova scheduler in devstack.
Related to blueprint scheduler-driver-use-stevedore
Depends-On: I8c169e12d9bfacdbdb1dadf68b8a1fa98c5ea5bc
Depends-On: I3fd42ead44487a21eb5cfaf5a91209277ce30ad0
Change-Id: Iad96c270073b63719237cf9a9aa1c2dc4daa213a
Add:
export PS4='+(${BASH_SOURCE}:${LINENO}): ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
To stack.sh to provide additional debug info. This will show the
filename, line number, function name, and the content of the line.
An example output line:
+++(/opt/stack/old/devstack/functions-common:675): get_field(): local data field
Info on this PS4 variable found at:
http://wiki.bash-hackers.org/scripting/debuggingtips
Change-Id: I272df6c79f6ff7afa8f102da24706558d9169eda
This was something we used a while back, but since support
for sections was added to devstack local.conf parsing we
don't need this, and actually prefer just using the
sections in local.conf.
Here's an example of how to achieve the same thing via
local.conf sections:
CINDER_ENABLED_BACKENDS=solidfire
TEMPEST_VOLUME_DRIVER=SolidFireDriver
TEMPEST_VOLUME_VENDOR="SolidFire Inc"
TEMPEST_STORAGE_PROTOCOL=iSCSI
[[post-config|$CINDER_CONF]]
[DEFAULT]
CINDER_ENABLED_BACKENDS=solidfire
[solidfire]
volume_driver=cinder.volume.drivers.solidfire.SolidFireDriver
san_ip=192.168.160.3
san_login=admin
san_password=admin
volume_backend_name=solidfire
Change-Id: I8068fd4fb14510b15c31edf490283454f167f6c6
Enable keystone caching since there is now a memcache server available
for the middlewares to cache validation. Offload queries to the
keystone backend to memcache as well.
Change-Id: I6d1d28f5b974e79d44d1e86ea53c666e3f5771df
Live migration will not currently work with a multi-node DevStack
environment due to the libvirtd process running as root and the compute
process trying to use the stack user's SSH keys with the default live
migration URI.
The multi-node documentation is updated to outline how to configure the
SSH keys between the source and destination stack and root users so that
live migration will work as expected.
Co-Authored-By: Taylor Peoples <tpeoples@us.ibm.com>
Change-Id: Ifed7e95cd5ba43a05a4099a3664cbefde3e0a749
Closes-Bug: #1487262
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.
Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f165
Partially-Implements: bp keystonev3
Use the preferred logging_user_identity_format option to specify an alternative context format
in log files. The removal of defining logging_context_format_string brings this more inline
with optimal production configuration of using the defined default. logging_user_identity_format
is set in devstack to maintain current compatibility of names instead of ids.
Change-Id: I3807d76b91b6cc1614b4a9a203509f8e1ad7146d
The pip issue pypa/pip#3384 has already been fixed after pip 8.0.1
released. But leave the facility to easy flip this on in the future.
TrivialFix
Change-Id: I49658ce4056c773943321270defd461bbf3e9fb9
fixed ips are not cross host accessible in our current config. So
always configure tempest to use floating ips.
Change-Id: I1cf605229070024c9d5d29c7a08967aa505fda7b
Option "verbose" from group "DEFAULT" is deprecated for removal.
Its value may be silently ignored in the future.
If this option is not set explicitly, there is no such warning.
Furthermore, the default value of verbose is true, so there is
no need to set this value in config files.
TrivialFix
Change-Id: I581238e661c2eb0c29dd915d1b1e4773dcdeb4c8
Commit d5004a3802 introduced the package
"redhat-rpm-config" to make the Fedora 21 gate job running again.
As we dropped the F21 support in December 2015 with
commit 90bc586772 we don't need
this package anymore.
Change-Id: I71b969b7fd6651082451f6c4fd1e01d205771a11
Devstack used in development is about things coming and going
quickly. The long dhcp leases mean that we might miss a release, and
keep a stale lease around for way too long. See if this helps.
Change-Id: I9a58a4e64777f56ad7ec66242a319f985469469e
Instead of using in-process caching for tokens per service per
worker (disabled by default now), use a shared memcache to cache
token validation(s). This should both offload/speedup validations
and avoid the issues surrounding inconsistent validation responses
when using in-process caching [since each worker caches separately].
Change-Id: Ifc17c27744dac5ad55e84752ca6f68169c2f5a86
In RHEL under proxy, installation by stack.sh failed
because of rdo-release.rpm install failure.
This patch fixes install command for rdo-release.rpm
because it is caused by lack of http(s)_proxy.
Change-Id: I176d1e140f52e1bb0343170ba4d90c06b98d5a99
Closes-Bug: #1536478
We don't write files here anymore, but it's higher in the precedence
order than the /etc/openstack/clouds.yaml file we do write. Some
developers who have long-lived devstacks who update infrequently have
been bitten by the leftover file.
Change-Id: I8af6bd465f74099c560dddba6b5221dd79cbc965
Setting path_mtu to reflect mtu for physical devices that handle traffic
issued from br-tun makes ml2 plugin to calculate mtu for tenant networks
properly, considering encapsulation headers. After that, calculated mtu
values can be propagated into instances (currently, only DHCP approach
is implemented; RA support for IPv6 subnets is under review).
This change allows to run tunnelled tenant networks in multinode when
underlying physical devices don't support jumbo frames.
Note: changing the default value in neutron would not be backwards
compatible, since it could slow down east-west tunnelled traffic in
clouds that run on jumbo-aware networks.
Change-Id: I8287677c7ad0f13fa9f5cb194f9372d04b78cb61
Related-Bug: #1527675
Not all yum failures has to be considered
catastrofic failures also because install_package
function should implement the same behavior in Fedora,
CentOS and Ubuntu. Let return the error to be solved at higher
level.
Change-Id: I93e9f312a94aeb086925e069a83ec1d3d3419423
Closes-Bug: #1522590
Pip 8 just release which made uninstalling distutils installed packages
fatal. This was previously a deprecation warning and is now causing all
dsvm jobs to fail.
Depends-On: I511d216d9d8619c7cf919c482aaead4e833cdaac
Change-Id: I22f5c3af1adf96cfbd5747122f915a82e947843a
This commit adds a success output for the entire devstack run to the
subunit output. Ideally we wouldn't need this, but because we don't
have timing data for every single operation performed by devstack we
need to do this to track the total duration of the devstack run.
To capture failures this commit adds saving a devstack event when we
trip the exit_trap. This will save a similar result to the stream in
the successful case, but instead mark it as a failure.
Depends-On: Icc7df33e4d73ba6322af38fbdf3aea230f2fcf4d
Change-Id: I07112dde996c3e2c73f5aafc9b73d33d26374633
It turns out that we need to be even more restrictive on the cpu flags
we expose as some clouds don't expose vme or ssse3.
Fixes-Bug: 1535799
Change-Id: I6c8c1101771d1c5496884be7a405285472ae803a
the /etc/openstack directory needs to be removed with sudo privs,
the loop at the end will not suffice.
Change-Id: Icc0ac45f9216d538ca214176d90241f973a4687b
It was probably finally removed by one of recent refactoring changes.
Now ironic gate fails due to Swift trying to access it to override OS_AUTH_URL.
This change drops this override and just uses OS_AUTH_URL.
Closes-Bug: #1535245
Change-Id: I145bec110c4299e61f2bce49df41dcd82e5d462d
lib/glance restricts the disk_formats to those supported by XenAPI, so
tempest needs a similar restriction for the disk_formats tested.
Confirmed as passing internal Citrix CI (affected tempest jobs are
currently disabled in voting XenServer CI until this change lands)
Change-Id: Iefa5b16a3fa1789ed583426ea47ebb22e6cb571e
OSprofiler is now under Oslo:
https://review.openstack.org/#/c/103825/
And we really need this patch to make proper dsvm job for
OSprofiler
Change-Id: I20f59c52c147303de01544dc975a82b4a741a1b9
We are seeing a lot of gate failures as vm(s) are unable to acquire
DHCP leases:
https://bugs.launchpad.net/nova/+bug/1532809
we need to set log_file for nova-dhcpbridge configuration, so clone
the nova.conf and set the log_file properly to a path where the
CI can pick up from for analysis.
Change-Id: Iec4fe3f2235da9d1f5bd399d4ffc45af516c58ce
override-defaults mechanism allows us to define
s_neutron_plugin_security_group before loading lib/neutron,
and we no longer need to have a plugin-specific file in
the master DevStack repository.
Change-Id: I37d5012e89cb3650e4f325b6d77d70f28f87d3e7
Depends-On: I5e02acd288e53dd06a369d348ec77ead57d476fd
override-defaults mechanism allows us to define
s_neutron_plugin_security_group before loading lib/neutron,
and we no longer need to have a plugin-specific file in
the master DevStack repository.
Change-Id: I78a4e05fa72b1dd545b8d9e97a8fd8fdbf23739c
Depends-On: Id6765245459c1aff3aab27dbc60d320ce2951b38
As of I8bf7cbaa7015bb61656ab90ccc8f944aaeebb095, Nova
removed the n-obj service, so we should cleanup
Change-Id: I7db3796a6448decb4ac5e66d980f487c7d1f394e
The existing GetOSVersion has a lot of unused code which is wrong in
several ways
- the only path tested in upstream CI is with lsb_release, because
it's pre-installed on all nodes
- the /etc/redhat-release checking probably still works, but is
unnecessary
- If using lsb_release, os_UPDATE has never actually been set.
- the /etc/SuSE-release branch checking is broken if the lsb package
is actually installed. lsb checking does not set os_UPDATE but yet
the SuSE DISTRO setting relies on this to set a patch level (and so
does some of the rpm tags). SuSE 11 is up to update 3, but the rpm
matching is stuck hard-coded to update 2. I'm guessing
installation is actually broken there.
- the debian checking branch is broken. The VERSION tags have been
removed and were not supposed to be relied on anyway (see notes in
[1])
This simplifies things:
- remove OSX checking (moved here after discussions in
I31d0fdd30928ecc8d959a95838b1d3affd28ac6f)
- only use the output of lsb_release.
- A small best-effort check to pre-install lsb packages if not
detected (that avoids chicken-egg-problem of package-install
wrappers relying on os_* flags).
- The unset os_UPDATE is removed. It's only previous use was for
setting separate suse versions in the DISTRO element for matching
during package installs (since removed)
- DISTRO setting is modified to use the parts of os_RELEASE it wants.
Per-above, this is the correct place to parse out specifics.
- Call out the is_* functions, which are a better way to detect
platforms
- Export the variables as read-only, since they shouldn't be reset
[1] http://sources.debian.net/src/base-files/7.5/debian/changelog/
Change-Id: I46a2c36d95327087085df07cb797eb91249a893c
Add diskimage-builder to the list of libraries so it can be installed
from source to be tested in gate.
Change-Id: I6cefac1eb4ebf0196a6b4d4bfc038c00921f0d70
This reverts commit 00b5f4af92.
This patch was merged before the timeout was merged to
tempest. This means that devstack is currently referencing
a non-existent config option. As such I think it needs to be reverted.
Change-Id: I947261dc330ef35efce1ecd805ba6e649e81a6aa
there are a few lingering instances of SERVICE_TOKEN in the docs
and some of the scripts in tools.
Change-Id: I9d2147eea6639db1f4ea15a259c147eecfc339ff
Be gone ADMIN_TOKEN, long live keystone-manage bootstrap.
This patch reworks the initial setup for keystone by using
the new bootstrap command. After a minimal service catalog
has been created, using this process, we simply authenticate
as usual.
implements bp: bootstrap
Depends-On: I113c6934b6b83ceff23a94101967a6df1126873f
Change-Id: Ia1475d461eab60b68c6a0356714b21c7f92e0194
test_volume_services works incorrect with host info if it includes
backend name (host@backend). The test is skipped by default for
Liberty and Kilo gates. Need to add flag to unskip this test in new release.
This fix related with bug #1530144 in service-list filter.
Change-Id: Ifdc0bab819c05a00cd0c20316bd81961cf6aeb88
Fix an issue where apt-get consistently hangs due to a SIGTTIN being
received. This occurs on a 'vanilla' devstack-gate VM, when running an
ironic-grenade job.
Upstream has a bug related to this:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555632http://www.gnu.org/software/libc/manual/html_node/Job-Control-Signals.html
Macro: int SIGTTIN
A process cannot read from the user's terminal while it is running
as a background job. When any process in a background job tries to
read from the terminal, all of the processes in the job are sent a
SIGTTIN signal. The default action for this signal is to stop the
process. For more information about how this interacts with the
terminal driver, see Access to the Terminal.
Change-Id: I8b1f3dccf329bb88e017eff7492da5e701b4892c
Closes-Bug: #1532080
Not all yum failures has to be considered
catastrofic failures also because install_package
function should implement the same behavior in Fedora,
CentOS and Ubuntu. Let return the error to be solved at higher
level.
Change-Id: Ia33bb98f47017f6ec00eb3b7261ed42d72efc573
Closes-Bug: #1522590
Boolean logic used in install_package was wrong:
on nominal flow packages were actually installed twice.
This should fix it.
Change-Id: Ia465414936b272d04523a11f83d6ded378fe1daf
Closes-Bug: #1518544
Change 4d8c03a3 added logic to enable rabbit on Fedora/CentOS systems
whether or not rabbit is enabled. This corrects that to only enable
rabbit when it is configured as such.
Change-Id: I270e79ff989176770d65df1ac0ac4e2c4382bb9a
Signed-off-by: Kyle Mestery <mestery@mestery.com>
On Ubuntu, after a successful ./stack.sh and ./unstack.sh, if one
"apt-get purge tgt", then the directory /etc/tgt/stack.d/ still
exist (i.e it is not purged) but /etc/tgt/targets.conf is removed.
Thus any subsequent ./stack.sh would fail to configure
/etc/tgt/targets.conf properly.
Change-Id: I252789f3f39bd64b5a1e7d9abb923386d2a158dd
Add "KVM for IBM z Systems" to the list of Fedora-like distros.
As the distribution does not have a dedicated kvm package,
prevent the installation of the kvm package during the libvirt
setup.
Change-Id: Ibb5c60797d6867264f9dea7fea85cdf1d7c72ded
Solve the devstack ./rejoin-stack.sh when is reboot-safe in RHEL 7.
Enable mysql, postgresql, rabbitmq-server, openvswitch service when on boot.
Change-Id: I3ce9fc58ccc76092ad08314de1c3c9339ebfb3b5
Related-Bug: #1486833
Keystone further broken apart the assignment backend into: role,
resource, and assignment. We should define the backends in the
config file and allow users to override the default by passing in
their own value.
Change-Id: Ieb22c428609d3db852814c7eceb77efa6bbde633
The default filters of nova don't contain SameHostFilter and
DifferentHostFilter, so we cannot test them on the gate.
This patch makes these filters available for the development.
Change-Id: Ia6b4847e9bb21048d254d0a460ae4c5be896b17b
Closes-Bug: #1526620
If you configure devstack with the following three values,
for example:
PHYSICAL_NETWORK=eth0
PUBLIC_INTERFACE=eth0
OVS_PHYSICAL_BRIDGE=br-eth0
This will cause devstack to create an OVS bridge, create a port for
eth0, and add it to the bridge (along with it's IP address).
The problem is that on unstack the port is never deleted from OVS,
so eth0 gets "trapped", not showing up in any of the OVS commands,
but not usable by the system. The only workaround is to unload the
OVS kernel module.
There needs to be an 'ovs-vsctl del-port ...' call at the end of
_move_neutron_addresses_route() on unstack - the antidote to the
'ovs-vsctl add-port ...', that happened on stack.
Closes-Bug: #1516801
Change-Id: Id2ff60f1f8e8fffff1eaffd68d9de4f6aa772943
Keystone now provides an "ldap" in extras to install its ldap
dependencies so devstack doesn't have to track the python
dependencies itself.
Installation of the extras is done in an extra install line. This is
slightly redundant, however this pattern works much better from an
install stand point as it supports an arbitrarily large number of
extras.
Partial-Bug: 1479962
Change-Id: If0f0ff48f3d6b3c414f2d6fcd747ecf45a397658
Recent pip supports using [extras] to install extra dependencies
from the project setup.cfg. Add support so that projects can take
advantage of it.
For example, if devstack is configured to use ldap, install the
extra ldap dependencies using:
setup_develop $KEYSTONE_DIR ldap
Partial-Bug: 1479962
Change-Id: Ic13d95b99aaa4d3854b2723343e90f5de6b98aa2
Fedora 21 reached its End Of Life (EOL) on 1-DEC-2015[1]; remove it as
supported distribution.
- stack.sh: Remove Fedora 21 from list of supported distributions.
- tools/fixup_stuff.sh: Make the minimum Fedora version to be F22 in
from a conditional check in 'Python packages' section
- files/rpms/general: Remove 'f21' from NOPRIME.
- lib/ceph: Remove 'f21' from the check_os_support_ceph() function.
- doc/source/index.rst: s/Fedora 21/Fedora 22/
- pkg/elasticsearch.sh: Remove the 'if' conditional in the
install_elasticsearch() function.
[1] https://fedoramagazine.org/fedora-21-end-life-december-1st/
Change-Id: Ifbcc3dd783ff2f362a464fbf4ca22f20cc2c658e
Change I855ffe9c7a75e9943106af0f70cf715c34ae25c5 and
I368fec44858bd97fc6a314fb20eed2b10932cbb1 added timing
infrastructure which hides the return value of
the main commands. Restore the prior behaviour.
Change-Id: I4a536abefa7824ac6d42e7bbbf1079d9cc055984
Closes-Bug: #1518545
Those were originally used to bootstrap with admin-token from keystone,
but the openstack client is fully configured now, leaving no reason to
not just use the actual users that are there.
Change-Id: I80bdee33a78a97f5d3910aa36dc331f19780d2f1
We're trying to get things to use volume v2 by default. devstack already
deploys a v2 endpoint. Tell clouds.yaml that this devstack cloud is a v2
enabled cloud.
Change-Id: I6f792ce65153389aa1ee133e9bd363c394b28534
Closes-Bug: 1467589
This function returns list of sections from specified INI file.
It is needed for I7938f26015d953efdf720774b5ad2cee4068ac90.
'iniget_sections' is needed for automatic node enrollment to
Ironic from INI syntax file.
Change-Id: I52a69ad3bc8fc528e7f20e6b03a98f327acaaa74
Implements: blueprint ironic-ml2-integration
XenServer install with devstack doesn't support local.conf, this fix
is to add support for using local.conf and backward-compatibility of
localrc
Change-Id: Ie494e01f8f1ecb8720e14392ef3f12d5a5a01dcd
Closes-Bug: #1528520
We cannot restore a backup to a larger volume on ceph because it
fails with status "error_restoring". This patch adds read/write
permissions to volumes pool for backup user. We need such permissions
to change volume size during restoring backup when the backup is
smaller than a volume.
Change-Id: I794c1126bcee4e07baf5a9dcfee779fd61da5636
Closes-Bug: 1519749
Option "auth_plugin" from group "keystone_authtoken" is deprecated.
Use option "auth_type" from group "keystone_authtoken".
Change-Id: I01371bd924114d6470e960a91a3045fe7dc22339
Closes-Bug: #1528746
Neutron-rootwrap-daemon cannot be killed when you stop
neutron services, so here we add the right command in
the neutron stop-service scripts.
Change-Id: I91fefb277427e0e16ff59760b7255e4c7eee1792
Closes-Bug: #1525601
Latest tox causes failures:
File "/usr/local/lib/python2.7/dist-packages/tox/config.py", line 1140, in processcommand
argv = list(shlexer)
File "/usr/lib/python2.7/shlex.py", line 269, in next
token = self.get_token()
File "/usr/lib/python2.7/shlex.py", line 96, in get_token
raw = self.read_token()
File "/usr/lib/python2.7/shlex.py", line 172, in read_token
raise ValueError, "No closing quotation"
ValueError: No closing quotation
This is caused by a backwards incompatible change in tox:
https://bitbucket.org/hpk42/tox/issues/181
Change-Id: Ic28c634cf806394cfa82b61cb45be60b8f40a61a
Currently, the function create_heat_accounts uses the OS_URL and
OS_TOKEN environment variables. This is a bad choice for several
reasons, most importantly we are sending the "ADMIN_TOKEN" value
as a header. There is also no reason to not use a standard admin
user to create these resources.
Change-Id: I70b41d69917b9e53ad09c2c61e022ef09a50acfd
This commit updates lib/tempest to stop using deprecated config
options when tempest is configured.
Change-Id: I65b56ff681d6c27094380693c953fbc3664eceb0
The creation of the IPv6 subnet with provider networks does not
specifiy the correct parameters:
. V6_NETWORK_GATEWAY is specified but never set
- created new IPV6_PROVIDER_NETWORK_GATEWAY
. PROVIDER_SUBNET_NAME_V6 is specified but never set
- created new IPV6_PROVIDER_SUBNET_NAME
. FIXED_RANGE_V6 is being used
- created new IPV6_PROVIDER_FIXED_RANGE
. subnetpool_id is incorrect
- changed to subnetpool
Related-Bug: #1507870
Closes-Bug: #1417410
Change-Id: I9a1ad11bc54529080ec84d4677fa5633708890c7
This removes all of the ironic code from the devstack tree, in favor of
the devstack plugin in Ironic's tree.
Depends-On: I659e3de5c64df798441798ff48ba5c9c0506585a
Depends-On: I2c52bc014f1b0dbc6b0ae22a4deb4132b4c28621
Change-Id: I5125fce295c79600781469c2f48bea80e7600081
Default value needs to be set for service_provider config item in
neutron_vpnaas.conf. This is to support backward compatability
for using the enable_service q-vpn. It should be noted that the
recommended way to use VPN is the devstack plugin.
Change-Id: I0d5960c81c47a138087d480527eff2a8eef59445
Closes-bug: #1527483
Tempest does not test EC2 by default anymore:
Ib5e24e19bcba9808a9f49fe7f328668df77fe4f9
So we don't need to run nova ec2 API service by default.
Change-Id: Ieec0ca1361baf0978d96e69e1134f699c1af3bb9
See review 258670 for more information. The preceeding patch
consolidates Ironic timeouts into one blanket timeout. This
patch sets the new timeout via the BUILD_TIMEOUT variable and
removes the deprecated timeouts.
Change-Id: I320461b2b40aa2b68afc38a901a5933e39aac1b6
Related-Bug: #1526863
See if using fixed IPs for connectivity to hosts is more reliable than
floating ips, which really were not intended for these purposes (at
least in nova-net).
Change-Id: I251710ee9186a68bb3ddc58ca803c33b81c8ac49
Previously horizon configuration and start are done too early
and as a result horizon init and start need to be run twice
after horizon plugins are enabled.
- horizon config was done before "run_phase stack install"
- horizon init and start were done before "run_phase stack post-config"
This commit rearrange horizon setup to the appropriate phases
defined in the devstack plugin interface.
- Configuration of horizon settings is moved to configure_horizon.
- horizon config is now called between run_phase stack install
and post-config.
- horizon init and start are now called between run_phase stack
post-config and extra.
Change-Id: I8bf2ceaf7734c4f7cec68bc05d7cdbae81ef311e
All keystone extensions have been moved into cores and are
enabled by default, there is no need to configure the extension
in devstack but configure it in devstack will block the
install process.
Change-Id: I7d21b122c641f601295ee7ece3583404b3874dbd
Closes-Bug: #1526033
Generate the Neutron VPNaaS sample config files by using the oslo
generator. The files are generated with a .sample extension and
replace the static example configuration files.
Once the generation code is delivered, the static config files
will be removed.
Change-Id: Icef8f7e8f0e8e78bfffa7a5af3f9f2300376b115
Related-blueprint: autogen-neutron-conf-file
Partial-bug: #1199963
Depends-On: I4a6094b8218dfd320d05bfb1e3bc121e8930c551
SQLALCHEMY_DATABASE_DRIVER is no longer used
after If6d8d08e5b7b7c48ca012677b536d71058def6fd .
Also, remove mysql connector packages from the install list.
Closes-Bug: #1523377
Related-Bug: #1493304
Change-Id: I5ecbc3b0bac989faa5c46d3c2866558a505414d8
/etc/libvirt is not world-readable (at least on Fedora and RHEL) so
use sudo with the grep that checks whether we have already configured
libvirtd logging. Also, change the regex so we don't count commented
out logging config.
Change-Id: I67484b28aafd0fa828385321fa96d9141cb4cb59
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
n-api log output WARNINGs that vnc config options group 'DEFAULT'
is deprecated. New vnc config options group is 'vnc'.
This is change of Nova.[1]
This patch changes the vnc config options group 'DEFAULT' to 'vnc'.
[1] https://bugs.launchpad.net/nova/+bug/1447528
Change-Id: If54f750bac83298e90bdca27b5992fe2e5fbb712
Closes-Bug: 1483583
Cinder API was pinned to v1 due to openstackclient missing some of the
v2 commands, as reported in osc bug 1475060. That bug has since been
marked invalid, but its intent was covered by the blueprint:
https://blueprints.launchpad.net/python-openstackclient/+spec/volume-v2
This removes the pinning to the v1 API now that osc supports v2. Also
removing the enablement of v1 as it was deprecated three releases ago
and we would like to get more coverage on v2.
Change-Id: Ia4d97734738d026c8721791669110778ff5eb6e5
Generate the Neutron LBaaS sample config files by using the oslo
generator. The files are generated with a .sample extension and
replace the static example configuration files.
Once the generation code is delivered, the static config files
will be removed.
Change-Id: Iae1e581ec2bea9c0ced700229effcc716d53fe4e
Related-blueprint: autogen-neutron-conf-file
Partial-bug: #1199963
Depends-On: I25507f3bc6e995580aa91a912c2cf4110757df15
This adds a flag to skip ironic code if the ironic devstack plugin is in
use. This flag will be set to true in ironic's devstack plugin to
indicate that the plugin should be in control, rather than devstack.
This is for the transition period only, and will be removed with the
rest of the ironic code in the devstack tree, once the gate
is configured to use the ironic plugin.
Change-Id: Id01d97fd13fa9f866d645ec5077834ddb78b2b89
Docs specify that this file should be override_defaults, when really
devstack looks for override-defaults.
Change-Id: I3900ec4d16ffb48c6969dac5081ea2817536c246
Using absolute names for the symlink breaks in quite a few ways;
* when creating a tar file of the logs,
* when serving via NFS,
or any other case where the directory gets transferred to
a different machine.
So just create the symlink with relative names, then they'll work
in any location.
Change-Id: I432a69754985fc71feb0068b7adca01066d7bc1b
Many projects like Nova, Ironic etc have implemented the
microversions for versioning their APIs.
Tempest is going to tests those microversions -
I57b78b4c0543b6fb0533b556886a19a03297555e.
For testing microversion in Tempest on gate, we need to set
a valid range of microversion in Tempest config and based on that
Tempest will run appropriate tests.
This commit adds the below range options for compute microversion testing-
- [None, 'latest'] - for master branch as default
- [None, None] - for tests running on v2.0
- option to set the range.
Depends-On: I81e86faca6f8c0ffb7da22154a62236ac25cf0c0
Partially implements blueprint api-microversions-testing-support
Change-Id: I171b862d1bba1af467f5b9a76288216c39e2adda
There are some inter-related changes required to avoid using legacy
fallback/deprecated paths in heat, which result in warnings in the
log, e.g because we fall-back to reusing keystone auth_token
configuration instead of heat specific sections.
To fix this:
- Don't explicitly set deferred_auth_method=trusts, as this is now
the default (since kilo)
- Create a new "trustee" section containing configuration used for
the password auth-plugin associated with deferred authentication
via trusts (support for this was added during liberty to enable
us to stop incorrectly using the keystone auth_token config)
- Create a "clients_keystone" section to avoid falling back to the
legacy behavior of stealing the uri from auth_token.
This also means we can remove the FIXME and auth_token auth_uri
mentioned by jamielennox.
Change-Id: Ie34332a7aec3b9b271df0759dd6ab66b45302832
Related-Bug: #1300246
Generate the Neutron FWaaS sample config files by using the oslo
generator. The files are generated with a .sample extension and
replace the static example configuration files.
Once the generation code is delivered, the static config files
will be removed.
Change-Id: Ic8208850a27408c8fbeed80ecdb43345aa7dfaa4
Related-blueprint: autogen-neutron-conf-file
Partial-bug: #1199963
Depends-On: I8e9113dfb88e5290f6eedd012d1a52fc35c3c88c
Previously, devstack would disable ironic's cleaning phase if a driver
with "agent" in the name was used. However, we have begun using the IPA
ramdisk for all tests in the gate, which caused cleaning to be run for
the "pxe_ssh" job which therefore fails due to timeouts.
As a result, for now, we need to always disable cleaning.
As a point of record, we should actually be testing cleaning in the
gate. However, running 'shred' on the disks of a nested VM is too slow
and causes the gate to timeout // take too long. Some options have been
discussed for ways to test the callback mechanism but avoid actually
running 'shred' on the disks.
This needs to be revisited.
Change-Id: Id15cf6cc49122b08e557e44871b31a8c0d20b55d
Related-to-Bug: #1517277
This removes the generic extras.d support, which we said we'd do at
Mitaka-1. In tree extras.d continues to function as before, though we
need stories to get ceph and ironic into plugins, and a better
solution for Tempest.
Change-Id: I8b134446dc08a2c3852423ca71af2f469f85496e
Ubuntu's apt mirroring mechanism produces inconsistent mirrors pretty
regularly. The devstack-gate apt-get update model seems to have been
more effective getting past this than what we did in devstack. Adopt
that method for our updates.
Change-Id: I97c7896ef38b275aacb4f933fc849acee1bab858
Add USE_PYTHON3 and PYTHON3_VERSION variables to allow services to use
python 3 if they indicate support in their python package metadata.
Tested in Heat here -> I837c2fba682ab430d50e9f43913f2fed20325a7a.
Project config change to add a dedicated job to Heat is here -> I0837e62d6ccc66397a5e409f0961edd4be31f467
Change-Id: I079e18b58b214bf8362945c253d6d894ca8b1a6b
When outputting these error strings, turn off the tracing so the user
can actually read it. Also reword the "not root" user message so it
fits into a standard terminal window length.
Change-Id: I466c60865bc1128f4edd219f831a9c6cffa67829
Parital-Bug: #1517199
There are two bugs in add_sudo_secure_path.
Firstly we don't properly check if the file exists, so always append
the new line. This will overwrite any existing changes.
Secondly the logic for checking if the path exists is inverted, so we
miss adding paths when we should. This particularly causes failures
when installing with virtualenv's since the paths are inside the
virtualenv, rather than the standard system locations.
Change-Id: I646fe0c68958470d464fe4f3d81d5c17dd6f2ab6
Closes-bug: #1521241
Generate the neutron core sample config files by using the oslo
generator. The files are generated with a .sample extension and
replace the static example configuration files.
Once the generation code is delivered, the static config files
will be removed.
Change-Id: Ic37a16b6cf8eb92030649f1fc8b198738a8cc104
Related-blueprint: autogen-neutron-conf-file
Partial-bug: #1199963
Depends-On: I1c6dc4e7d479f1b7c755597caded24a0f018c712
Co-Authored-By: Louis Taylor <louis@kragniz.eu>
Heat does not support Keystone Trusts when deployed in standalone
mode. This change forces an error when HEAT_DEFERRED_AUTH is set
to anything other than "password" if HEAT_STANDALONE is True and
advises of the acceptable setting.
Change-Id: Ib4ee9d9af396093137a2a0f99f1b18ae153ccdb3
Closes-Bug: #1463837
- To add, initialize and set up a valiable named IP_UP
- To bring up interface after moving IP to OVS bridge
Change-Id: I70f5974c115be6f7e7422a9a325f36cf3b71455a
Closes-Bug: #1469596
I noticed this when debugging some grenade issues failures.
An include of grenade/functions stores the current value of XTRACE
(on) and disables xtrace for the rest of the import.
We then include devstack's "functions" library, which now overwrites
the stored value of XTRACE the current state; i.e. disabled.
When it finishes it restores the prior state (disabled), and then
grenade restores the same value of XTRACE (disabled).
The result is that xtrace is incorrectly disabled until the next time
it just happens to be turned on.
The solution is to name-space the store of the current-value of xtrace
so when we finish sourcing a file, we always restore the tracing value
to what it was when we entered.
Some files had already discovered this. In general there is
inconsistency around the setting of the variable, and a lot of obvious
copy-paste. This brings consistency across all files by using
_XTRACE_* prefixes for the sotre/restore of tracing values.
Change-Id: Iba7739eada5711d9c269cb4127fa712e9f961695
Add a pointer to installing clients via LIBS_FROM_GIT to local.conf
sample. Mention in the git tree setup that the projects within are
usually installed via released pip versions.
Change-Id: I245094e51ea4a8ce983f6a1e48b6ab7ca5d309d0
The build_timeout for the ironic baremetal build is at
340s. Modify the unprovision_timeout and active_timeout
to match BUILD_TIMEOUT to avoid frequent failures during
IPA gate jobs.
Change-Id: Idfdc54210e33c71719c7fd0c905d0b802809e173
Related-Bug: #1393099
The root cause is that when provider network is used, devstack
is trying to build ovs related interface.
We need to make a condition such that if linux bridge is used, don't
build any ovs related interface.
Change-Id: I7f26ce7893a0ecce55b3467cd5621abf25745b8e
Closes-bug: #1509705
Add instructions on creating a user to the documentation, and call out
that the standard cloud-users are probably ok too
Change-Id: I1119a43f1d5ae7c0c208bf0cc16e2f7bee29a69d
Forced creation of incremental backup is not
implemented in old release (Juno and Kilo).
The test is skipped by default for Juno and Kilo gates.
Need to add flag to unskip this test in new release.
New test: Idde2c14aba78382b1063ce20269f4832f9fdd583
Change-Id: I565b5941d6067644fc9ca6cb0891d97f4946e031
Partial-Bug: #1506394
Fix to trove has been merged, and autogenerated flavor ID
is available since Kilo.
Related-Bug: #1333852
Change-Id: Ie4b3dd11a23fa5f91cf9ff22dd05f1afd0532cb4
We haven't been testing master on precise for a long time, and changes
are coming that won't work on precise. If people want to keep running
on precise they should realize they are on their own with it. And that
we won't block any changes that use it.
Change-Id: I3697f1c2409ad08f49793dabb37011606188e6f6
This change allows to use f23 without the FORCE=yes option.
Make sure you have latest kernel, or you have kernel-modules
installed for the running kernel.
f21 support will be removed when the gate jobs are upgraded
to use newer fedora version.
Change-Id: I6e3e64088187a7f6da745e3cfb07524fd31782ab
The existing vercmp_numbers function only handles, as the name says,
numbers. I noticed that "sort" has had a version sort for a long time
[1] and, rather than re-implement it badly, use this as a version of
vercmp that works a bit more naturally.
This is intended to be used in an "if" statement as in
prog_ver=$(prog_ver --version | grep ...)
if vercmp $prog_ver "<" 2.0; then
...
fi
A test-case is added to test the basic features and some edge-cases.
[1] http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=4c9fae4e97d95a9f89d1399a8aeb03051f0fec96
Change-Id: Ie55283acdc40a095b80b2631a55310072883ad0d
ebtables is racing with itself when nova and libvirt attempt to create
rules at the same time in the nat table. ebtables now has an explicit
--concurrent flag, that all tools must opt into to prevent ebtables
from inherently being unsafe to run.
libvirt gained this support in 1.2.11, which is too new for our ubuntu
primary testing environment. Nova still hasn't added this support,
though even if it did, we'd run into the issue with libvirt.
We can do the most ghetto thing possible and create a wrapper for
ebtables that does explicit locking on it's own. It's pretty terrible,
but it should work. And it is the kind of work around that people
unable to upgrade libvirt will probably need to do.
This is an opt in value which we should set in the gate to True.
Related-Bug: #1501558
Change-Id: Ic6fa847eba34c21593b9df86a1c2c179534d0ba5
Swift requirement PyECLib won't bundle liberasurecode
going forward given the package is available in common
distros now. This patch adds liberasurecode-dev(el)
package to the devstack debs/rpms list for Swift as a
PyECLib build/install dependency.
Change-Id: Idbc2ca3f677f1b8153ebf3a5912f4354525a55c7
When determining the primary IP/IPv6 addresses on a system,
we can use the /sbin/ip command to filter them for us. The
resulting address is parsed the same way for both address
families, so we can use just a single command.
Change-Id: I0471ff5a258a16a23061941ac38063dbf3d7c233
Python in f23 and f22 depends on the python-pip package so removing it
results in a nonfunctional system. pip on fedora installs to /usr so pip
can safely override the system pip for all versions of Fedora.
Change-Id: I336c7ffdf00784ca8deba7d6612a08b96a0ad098
Closes-Bug: #1467569
A number of new settings are required for glance, cinder
and keystone to be installable when the tls-proxy
service is enabled.
For cinder a new public_endpoint option was added and this
needs to be set to the secure port.
Keystone needs the admin_endpoint and public_endpoints
defined otherwise during discovery the default,
non-secure versions, will be returned.
The keystone authtoken identity_uri was set at its default value
in the glance registry and API configuration files.
Change-Id: Ibb944ad7eb000edc6bccfcded765d1976d4d46d0
Closes-Bug: #1460807
Add an option to skip the EPEL & other repo installs for rhel7 based
platforms.
This option can serve two purposes; firstly as described in
I834f20e9ceae151788cec3649385da1274d7ba46 during platform bringup, a
publically available EPEL might not be available. This will allow you
to pre-configure a hand-built repo, etc. so you can continue testing.
The other thing is that in a CI system you might be frequently
building images and pre-installing EPEL/RDO etc. In that case this is
just extra work.
Change-Id: I9809449f4a43fa9b547c6e3ca92722c7f6e66d6a
stack.sh creates a user-specific configuration file ~/.my.cnf for mysql.
If devstack is installed with SERVICE_IP_VERSION=6 option in local.conf,
the IPv6 host address was stored in the ~/.my.cnf file with square
brackets. However mysql does not use bracketing for IPv6 addresses,
resulting in 'Unknown MySQL server host' error when 'mysql' command is
run. With this patch IPv6 host address is written to ~/.my.cnf without
brackets.
Closes-Bug: #1516776
Change-Id: I27a7be8c75cf6b09b4a75dc4c9d09cd36bc5ac81
Add a simple test to ensure package install files remain sorted
alphabetically (follow-on from the sorting of the files done in
I01e42defbf778626afd8dd457f93f0b02dd1a19d)
Change-Id: I75568871e92afcd81dac2c3ce18b84aa34cdd289
We wish to fail if we have >0 zero errors, not >1 errors (i.e. exactly
one error did not trigger a failure!)
This change also brings consistency to the pass & failure paths by
ensuring report_results exits in both cases, since report_results is
supposed to be the last thing run in a test file.
Change-Id: Id4721dffe13721e6c3cd71bca40c3395627e98bf
With the release of osc 1.8.0, swift support has been expanded and
we can now remove references to the swift CLI from this exercise
file. Also made minor improvements to comments.
Change-Id: I04069eb6251f8cbf8266183441b2cfdb64defd7d
Controller node wouldn't install libvirt package. The package will only
been installed at nodes which had enable nova-compute.
We only need to configure libvirt secret if it had enable nova-compute.
Change-Id: I9cd6baf1820ce9f71c276d7e8b670307833578a5
Closes-Bug: 1515960
So that it does not end up being the IP address that is picked to move
back to $PUBLIC_INTERFACE when we call _move_neutron_address_route
Change-Id: I3d29d4f11feff308f6ad5d950ef004b48ec11b67
Closes-Bug: 1514984
devstack can call python before parsing the
package requirements, so the python installation
needs to be done eralier.
Closes-Bug: #1488625
Change-Id: I85cca899aeedd741cf7dc695435d61390e260f22
Commit title says it all. I don't know how you feel about these kind
of commits, I feel like it's a waste of resources but I also feel bad
when I see big/obvious typo.
Change-Id: If048bb2dbad1a0b5a13e56b5fa1e6ea7c01eb05e
The lack of a CI for XenAPI + Neutron has meant this support has been
broken over time. This is set of one-off fixes that are needed to
reintroduce support while we work towards getting a CI functional
Related-Bug: #1495423
Change-Id: Id41fdc77c155756bda9e2e9ac0446a49f06f0603
Currently we set USE_SCREEN to SCREEN_DEV if it's set. There is a
comment to remove it once it's eracticated from CI.
AFAICT this pre-condition has been met.
Change-Id: I1423c8b9c18d1b3e34dbfe1c03be735c646a12b4
This attempts to make the zookeeper installation a bit more modular
(assuming that other folks will want to add other dlms as plugins),
and addresses the service start issues with zookeeper under
ubuntu/upstart.
Zookeeper is not going to be installed by default. Services need to
ask for it with use_dlm.
Change-Id: I33525e2b83a4497a57ec95f62880e0308c88b34f
Change I8da7dd95ae24cf06dc7bdc300fcf39947a6df093 added Pillow build deps
to nodepool thick slaves. This means that Pillow 3 will work in unit
tests.
Make the matching change to allow Pillow 3.0.0 to work under devstack.
The longer term aim is to remove temporary upper cap.
Change-Id: I2bec8cf1bfeaaa6ae329704229fdeb86d26e55c7
- Updated LBaaS v2 setup to use Octavia.
- Removed the old cirros image URL, the default should be sufficient.
- Fixed nova boot commands based on Liberty DevStack.
- Added sleeps to LBaaS v2 commands since most commands
can take a few seconds to complete.
- Added wait to load balancer creation since it can take
a few minutes to complete.
- Wrapped long lines in the descriptions.
Change-Id: Ib4a3f02ebc2606e3e16591ae3a23676cb0a6cd64
This has come up on the mailing list recently, we should just fail
early and explicitly so that people don't get way down this path and
not realize it's never going to work.
Change-Id: I8a7f001adf3a5244b8655858ebd5fc7014a4af55
Add complete localrcs, and also add a section for additional compute
nodes, to help demonstrate the OVS layout and how traffic flows over
VXLAN tunnels from compute nodes, to the L3 node, and out onto the
wire.
Closes-Bug: #1506733
Change-Id: Ibb5fd454bdcb8c13400c1e11f640c2aafc0f73ca
Taking a temporary IPv6 address created through the OS' support for
Privacy Extensions (RFC 4941) is not very useful. It would occur because
it happened to be the first in the list returned from ip(8). Instead,
grab the first IPv6 address that is not a temporary address.
Related-Bug: #1488691
Change-Id: I7f455572241e7d0c7406f173239a2270a4d8926a
When taking the IPv6 addresses from an interface, also update any routing
table entries.
Change-Id: I0424de6c5c1b0fcb7a9bc3fc1475036668cab09d
Closes-Bug: 1514494
Since f21 the kernel modules are split to multiple packages
and by default just the core modules gets installed.
nova requires iscsi_tcp module for attaching a volume
from any iscsi source (default cinder lvm setup).
On el7 it is not required.
Change-Id: I31705720ade5defd1b6d4b95bc51c2a11a5f0364
Related-Bug: #1429504
In some niche setups it is desirable to run OpenStack services under
screen, but undesirable to automatically keep a persistent log from
each service.
Add a new variable SCREEN_IS_LOGGING that controls if screen logs each
window to disk automatically.
Ideally screen itself would be configured to log but just not activate.
This isn't possible with the screerc syntax. Temporary logging can still
be used by a developer with:
C-a : logfile foo
C-a : log on
Change-Id: I2a3abf15dea95ae99ddbdfe1309382df601b7d93
On Ubuntu, if the Zookeeper service is already running, attempting
to start it again fails with non-zero exit code. This patch detects
whether ZK is already started before trying to start it.
Change-Id: If1257152de01fe5fe0351fdbb538bce083edbec0
Closes-Bug: #1513741
Currently stack.sh will fail if a value is set for
default_ipv4_subnet_pool and/or default_ipv6_subnet_pool in
neutron.conf. This is because setting either of these values
overrides the default behaviour of using the implicit (none)
subnetpool for subnet creation, and the subnetpools
specified in neutron.conf have not been created at the time
of the devstack calls to subnet-create.
This patch fixes the failure by specifying subnetpool = None
in calls to subnet-create, so that neutron will behave as
devstack expects. This parameter will no longer be required
once these configuration options are removed in the OpenStack
N release, but will be required for compatibility with Kilo,
Liberty, and Mitaka.
Change-Id: I29b2d62a022b43f6623b127af2ca303f9de847b0
Closes-Bug: #1472200
A value is never assigned, and it ends up in the nova.conf file as:
linuxnet_interface_driver =
So, let's delete it.
Change-Id: Ibc270ce6ee622eee871df1f8c11f21e8be8280ee
python-devel and the mysql/postgresql client dev-libs should all be
installed globally via the "general" installs; no need to installs
them separately
Change-Id: I91a9ace2e62a891634dbb4635ab2ad8c8dc59f91
Add a quick check so we don't reintroduce bad arguments as in
Ie1b8d09369281059d21da61b2725a457f708ae9e
Change-Id: Ibebc71791f2743eef64d6f7c2596d54a73ea92aa
neutron port-list returns a dictionary that's of random order in python 3.
This expression sometimes returns a NULL value thus failing devstack.
Add an expression that always returns a consistent ROUTER_GW_IP.
Change-Id: Id23d9afda275051ca68bcba2dfd1b6e30f02c628
I think these duplicate dependencies came in because we were not
correctly always installing "general" packages (see
Ie1b8d09369281059d21da61b2725a457f708ae9e)
Most of these are just extras for the lxml dependencies; I added zlib
devel to general for glance (seems pretty generic), and then that can
go too, as all other packages are specified.
Change-Id: I44b14ca15c64fad9daf1ac8d851704b02ea2eae0
The removal of the wheel caching code
(Ia140dc34638d893b92f66d1ba20efd9522c5923b) removed the install of the
"devlib" packages, which was being done with a call in
tools/build_wheels.sh
The idea of "devlibs" and "general" seems to be pretty much the same
thing -- global build requirements. I have removed the unused devlibs
files, and moved any missing packages into the "general" package
install file.
Change-Id: I8f34a164d6785a122394b42387d4221a7b447ae1
We are specifying the argument to get_packages incorrectly, so we are
not actually adding the packages in "general" to the list of packages.
In most cases, this is hidden as other more specific plugins/services
request their packages. However, as
I2dafd32f211fcbc9fff53030d736d97a5f1bb2df shows, not always. I think
this was uncovered by 5f8133caac
Change-Id: Ie1b8d09369281059d21da61b2725a457f708ae9e
This adds an iptables rule to allow ports 67 and 68. We see
occassionally dropped DHCP packets, which may be causing PXE failures in
ironic jobs.
I'm not 100% confident this fixes the issue, however I don't think it
can break anything and it rules out one theory.
Change-Id: I4630afb6f010a4c2cb146a79264c480c64c6e4b7
Related-Bug: #1393099
By default, devstack creates it's own test flavors for Tempest runs.
These are not in the cells API database since they are non-default
for nova so any resize tests in Tempest with cells and these custom
flavors fail.
Configure Tempest to not run resize tests if using cells and custom
flavors.
This allows us to also clean up a bunch of the resize skips found
in nova/devstack/tempest-dsvm-cells-rc.
Change-Id: I20f46024e45e32c60275703a193a56ae8cfe7eca
Closes-Bug: #1513925
With pip + upper-constraints we're nearly always over installing all
python packages because we no longer support a range, we support
*exactly* one version.
This removes a bunch of the gratuitous package installs which we're
going to install over, lxml, numpy, libvirt. All of these we had
coming from packages in the past for speed concerns, but upper
constraints removes that.
It also ensures that all the headers to build all those are in
general, so they are guarunteed available at all times.
Change-Id: Ia76de730d65c84d81c4fb2c980ae1b4d595f9f5b
tempest is already defined in stackrc as default.
Without this definition in local.conf,
tempest is installed successfully.
If it still needs "enable_service tempest" definition
on local.conf,
devstack itself has some problem.
In my environment, tempest installation works
without this definition on local.conf.
Change-Id: I25cda0142538d21bb9656b471e65ca5b018e8378
Thanks to lifeless, pip now implicitly has a wheel cache so that it
builds a wheel before every install, and uses that cache. All our
clever attempts at manually doing wheelhouse things is actually
bypassing the existing cache and making things take longer.
We should remove all of this code and just let pip do this thing,
which is does very well, and get out of the way.
Change-Id: Ia140dc34638d893b92f66d1ba20efd9522c5923b
In Tokyo, there was a cross project session on distributed
key locking:
https://etherpad.openstack.org/p/mitaka-cross-project-dlm
In support of the discussion there, we'll need support for
a zookeeper service in Devstack and ability to use libraries
like Tooz for DLM functionality.
In this review, we pick up some configuration files from
monasca-api and copy the lib/template to implement the
zookeeper lifecycle. Those services that need zookeeper
need to add "zookeeper" in ENABLED_SERVICES.
Change-Id: Icef26e5cdaa930a581e27d330e47706776a7f98f
with the release of osc 1.8.0, modifying object store account
properties is now available. use this mechanism and avoid setting
environment variable that are only helpful for swift CLI.
Change-Id: Ie51e3e2bb86162763f23d0a6bed36208811f89fc
interface_driver configuration was updated to use stevedore aliases.
This patch is to change devstack scripts to now use the aliases
instead of the previous class imports.
Closes-Bug: #1504536
Change-Id: Ic56bfcc1f9da05a999e6fd328e4dd6617e9470ff
If local.conf specifies a config file addition in the following way...
[[post-config|$MY_CONF_FILE]]
[xyz]
foo=bar
...and $MY_CONF_FILE points to a file whose directory is not writable by
the user running the script, then stack.sh aborts with the following
obscure message:
2015-09-01 08:20:08.113 | touch: setting times of '/': Permission denied
This patch modifies inc/meta-config to provide a useful error message,
such as:
2015-09-01 08:20:08.114 | could not create config file / ($MY_CONF_FILE)
This patch also modifies inc/meta-config so that it provides an error
message if $MY_CONF_FILE is empty (instead of silently ignoring this local.conf
statement):
2015-09-01 09:38:53.406 | bogus config file specification: $MY_CONF_FILE
is undefined
Change-Id: I9b78407420318548561012a8672762bc7fdd6db6
Closes-Bug: 1490881
* ReST doesn't allow monospace in italic sections.
bash$ grep -R \`\` doc/build/html/ --include "*.html"
* The code-block section "::" needed an empty line before the code,
otherwise it gets shown in the HTML output.
bash$ egrep -R "<dt>::" doc/build/html/ --include "*.html"
* Monospaced font incorrectly marked with a single back tick
bash$ egrep -nR '\w`(\s|[\.,;:])' doc/source/ --include "*.rst"
Change-Id: I66c3f685f33851c3f3f0f859996037fc24930246
Looks like this was just a typo in the original
d1498d74db816b3edbb8376ca5acb7cc5792ea5c ; replace with
environment variable
Change-Id: I877c1a570a68e926c91fc8a393217e6b18245f82
As files/keystone_data.sh has been removed in the commit
https://review.openstack.org/#/c/79366/, we should remove some
related documations and comments.
Change-Id: I7802d0052fa28d8debb7f361d36a4f108869554c
Since:
- novaclient doesn't require specify the *compute api* version
(default is 2.latest now)
- novaclient doesn't use COMPUTE_API_VERSION, since it's wrong name(
OS_COMPUTE_API_VERSION is a correct name)
we can remove COMPUTE_API_VERSION and NOVA_VERSION vars
Change-Id: I47856863e9403870b8d60c778b97d3de1a212ae1
When keystone API v3 was introduced, filtering regions when listing
endpoints was not supported (see [1]). This caused multi-region devstack
deployments to fail (see [2]). A workaround was introduced to devstack
to enable for multi-region deployments until region filtering would work
in keystone API v3.
Now that the bug related to region filtering in keystone is resolved,
the workaround should be removed.
[1]: https://bugs.launchpad.net/keystone/+bug/1482772
[2]: https://bugs.launchpad.net/devstack/+bug/1483784
Closes-Bug: #1511745
Related-Bug: #1483784
Related-Bug: #1482772
Change-Id: I52d13c3f5e7b77a7f8fb1be4dcea437988ebddfe
The 'verbose' option has been deprecated by oslo_log. Using it
results in a warning for the 'nova-manage' command and likely
many other OpenStack commands.
Change-Id: Icc11b25f56ebc62443c6afa90b9572d5c63b3882
Partial-bug: #1511505
132fbcd38ebae52bdd20da54905131b75581520f in cinder changed the
volume_clear StrOpt to use the choices kwarg which enforces the value
specified and raises a ValueError if an invalid value is set for the
option in cinder.conf.
This lets us remove the validation that devstack was doing.
Change-Id: Ia7eead6297ed0f3a972de2021170fe9c7225e856
To avoid hanging services during gracefull shutdown option
graceful_shutdown_timeout should be configured.
Closes-Bug: #1446583
Change-Id: I2b7f0df831d65c55ae8cae241478f49c9641d99f
The protocol for connections with Cinder is wrong for the Ironic script. This
patch changes the script to use $GLANCE_SERVICE_PROTOCOL, which is https when
USE_SSL=true or tls-proxy is on ENABLED_SERVICES.
Change-Id: I4d4c6f9dc6f6ee53166db109848dca64334b8748
Adds the $ENABLE_HEAT_PLUGINS variable, which should be a list of
the names of the plugins the user wishes to install.
Change-Id: I2ba90002a8fad1cdce6543c89dc37c5912fe133e
Bashate 0.3.2 has a few new checks -- firstly make sure some of the
plugins have #!/bin/bash, and fix up a couple of "local" changes that
were missed by I9c8912a8fd596535589b207d7fc553b9d951d3fe
Change-Id: I9e4b1c0dc9e0f709d8e76f9c9bf1c9478b2605ed
The libvirt+lxc backend in nova does not support shelve, image snapshot
or any volume-related actions (so pretty much anything to do with
cinder), so we need to configure tempest to not run tests that hit those
operations/service when using libvirt/lxc.
This is part of an overall effort to get a CI job running for nova with
the libvirt+lxc configuration per:
Ic07c39e219121ba6b8b20de2b83a193bb735133d
Change-Id: I4decfcc5a5dfbabdecb3eb9fc93f1d1d6c2af805
Add templates for running Heat API services via
apache mod_wsgi. Also add appropriate functions to
lib/heat for configuring Heat.
Change-Id: I1bdd678c44ddfa616a9db7db85ff6f490ff08947
After having migrated the copies of clouds.yaml to just consume from
/etc, remove the duplicate copy.
Change-Id: I036704734785958c95d2234917d7b40bd797a375
This fails in the environment where sudo does not have permissions to
write in /home/$USER folder, e.g. [1]
Also clean-up the comment/variable usage a bit; the location isn't
actually variable at all (and that's fine, but we don't need a global
here)
[1] http://144.76.193.39/ci-artifacts/228979/10/Nova-ML2-Sriov/console.html.gz
Change-Id: I6807eae9d1c27219aa7c19de29f24fa851aa787c
When nova-api and nova-ec2-api services are started by Apache
(it can be done with devstack config option NOVA_USE_MOD_WSGI=True)
log files contained duplication of timestamp value.
Change-Id: I5439ea8f89ca3073600456f67220e9d3f5257d97
Closes-Bug: #1510517
The neutron use_namespaces option is deprecated since Kilo, it's time
remove it from neutron and devstack.
Related-bug: #1508188
Change-Id: I4feb2a15c7e1e4bfdbed2531b18b8e7d798ab3cc
A new project olos.privsep has been created but failes sdvm testing as
even though the library is added ro PROJECTS and LIBS_FROM_GIT it isn't
installed by devstack.
Add oslo.privsep to the install_oslo function
Change-Id: Ia4d56747d56dcfe50889ebbdf9d553df13e1b950
This patch alows specifiying a deviation of the swift default port 8080 with
variable SWIFT_DEFAULT_BIND_PORT. The created endpoints in keystone for
object-store and the backup_swift_url in cinder.conf will use variable
SWIFT_DEFAULT_BIND_PORT instead of the fixed port 8080.
Change-Id: I47bbcf77368c430718fb8f29b7de1ff305e64422
Closes-Bug: #1489767
This commit fixes an issue with the tempest configuration when
TEMPEST_HAS_ADMIN is disabled. Without admin credentials tempest
is unable to create credentials at all so enabling tenant isolation
is not going to work. Previously devstack wasn't setting it one way
or the other when TEMPEST_HAS_ADMIN was set, which results in the
default of being enabled. So jobs that try to run tempest without
admin were failing.
Change-Id: Iff496cb5cbf29f17c130cfad746b48d8547ca965
Since nova-ec2-api service was removed from nova it is not
needed in devstack.
Change-Id: I91d4be02a1a9c2ca4d18256d9a37a5c2559f53b7
Closes-Bug: #1530798
There are more than one user that need to access clouds.yaml values
in tests. Rather than copying the file everywhere, simply output
it to /etc/openstack.
However, we have things copying it at the moment, so output to
both places. A follow up patch will remove the homedir version.
Change-Id: I21d3c2ad7a020a5ab02dc1ab532feae70b718892
beacuse of the stackforge project move to openstack project,
so change the document url to git://git.openstack.org/openstack/.
Change-Id: I1628c0aeb62ee519867fdaee56386e22978c4271
The path is tools/build_wheels.sh, but in the Makefile which is
tools/build-wheels.sh. Modify it to the correct one.
Change-Id: If297b65b539403af10a73adbbadfcd8281d40009
Closes-Bug: #1507699
After devstack runs ./stack.sh, there is a file named userrc_early
which contains sensitive information is created, we should add it
to ignore list, because it is only for end user debugging.
Change-Id: Ic99c279ec6a3606dc6f6ba9a7612b5ca7a2b6b10
I want to release a new bashate, but I also don't want to risk
consuming it before fully testing it. By pinning here, we can run all
our usual CI on new versions before accepting them.
Additionally, allow substitution of the bashate dependency via an
environment variable. We can use this in a bashate test to substitute
a path to a checkout with any changes applied.
Change-Id: I165c4d66db8b7bdcff235ef7d8c99029637bb76a
Cells doesn't support the os-attach-interfaces API so disable those
tests in Tempest if running with Cells.
Change-Id: I5c7884407868eae70ea125f3f893c73214c04c75
After I9c8912a8fd596535589b207d7fc553b9d951d3fe this approach leads
to a failure and breaks (at least) ironic-inspector gate.
Change-Id: I19bb8ada9a6f42d375838cc88a376715918c2a3e
There is no need to test here whether v2 is disabled or not. V3
Authentication will always be available and we should just use that.
Change-Id: I0d2d76ebdf261917f1a2b23c65f0f843ae50f49a
The interactive password prompt currently saves to .localrc.auto
However, this is removed when you re-run stack; that is required as it
is how we source the localrc bits of local.conf, and we want the
users' changes to be picked up.
The passwords, however, should remain constant, because everything has
already been setup with them. So write them to a separate file. Note
we source before localrc so it can still overwrite them.
Some minor flow-changes too
Change-Id: I9871c8b8c7569626faf552628de69b811ba4dac0
Closes-Bug: #1505872
The os_RELEASE for RHEL is 7.1 (for example). Which does not work for comparisons
to an integer. And, while I am at it, change base_path to not use a hard-coded
directory.
Change-Id: I64a04810cc7ba4668c2cb7a8df79c206301e9e16
OVS_PHYSICAL_BRIDGE is not always set, like when you don't need specify the
bridge mapping, and also it has no default value. So we need to add
verification of OVS_PHYSICAL_BRIDGE in cleanup_neutron function where we refer
to it.
Change-Id: I69d113a7f3f7e67b09cb72fa0b0d3bba188e783a
Close-Bug: #1474634
These functions commonly externally called (as part of stackrc
inclusion, even) and do a fair bit of iteration over long
service-lists, which really fills up the logs of devstack and grenade
with unnecessary details.
The functions are well tested by unit-tests, so we are very unlikely
to need to debug internal issues with them in a hurry. Thus turn
logging down for them.
Change-Id: I63b9a05a0678c7e0c7012f6d768c29fd67f090d2
In Tempest config, `image-feature-enabled deactivate_image` is
enabled twice. This patch removes one of the redundant call to iniset.
Change-Id: Idbfcd6d6ee171c2c83736e17bbaf3d7a32c738b1
In neutron-legacy function _move_neutron_addresses_route, there are
few lines trying to figure out the bridge IP by assuming that the
bridge IP will be always same as the HOST_IP, this is not always true.
When the nic bears the HOST_IP and the nic which will be used as the
public network are different nics, the code in that method fails.
Eventually the function fails with network unreachable error.
This patch set fixes the problem, so that when HOST_IP and the IP for
the bridge are different, devstack will still be setup correctly.
Change-Id: I4d67f61c2ffd93f1e8ea2f8fe3b551044fab294e
Closes-bug: #1498538
this adds a timing infrastructure to devstack to account for time
taken up by set of operations. The first instance of this is
accounting the time taken up by doing apt_get calls.
Change-Id: I855ffe9c7a75e9943106af0f70cf715c34ae25c5
In this guide, multiple interfaces in DevStack is only used when doing
provider networking, so let's go ahead and just put the information
inside the provider network section. That way it won't be confusing.
Change-Id: I66f58ffb936230e72ac4cf8c04668e25dac5b17a
This prevents bleed out of the i variable to other functions that
might call this inside their own iteration loop.
Change-Id: I42d0c287a6f4bb24ae3871de9abb7e0de98a8462
Also remove variable definitions from compute node localrc that is only
applicable on the control node.
Change-Id: I37b00611ff08d8973f21af7db340d287b1deb4af
With the advent of plugins and their settings files it has become
possible to disable_service in local.conf only to have the service
re-enabled in a plugin settings file. This happens because of
processing order.
To get around this the disable_service function now aggregates
service names into a DISABLED_SERVICES variable which is then checked
during enable_service. If something tries to enable something that
was previously disabled, a warning is produced in the log and the
service is not enabled.
Then after all configuration has been sourced a final check is to
done by verify_disabled_services to confirm that something has not
manually adjusted ENABLED_SERVICES to overcome a previously called
disable_service. If something has, the stack dies with an error.
Change-Id: I0f9403f44ed2fe693a46cd02486bd94043ce6b1a
Closes-Bug: #1504304
As a follow-on to I8cefb58f49dcd2cb2def8a5071d0892af520e7f7, put in
some detection around missing variable-to-test arguments in
trueorfalse.
Correct a couple of places where we were passing in blank strings,
resulting in the default always being applied.
Add test-cases and enhance the documentation a little.
Depends-On: I8cefb58f49dcd2cb2def8a5071d0892af520e7f7
Change-Id: Icc0eb3808a2b6583828d8c47f0af4181e7e2c75a
This lets you specify that devstack should not be run by the user on
the box that you are on. Helps with running commands in the wrong
window.
Change-Id: I7aa26df1a2e02331d596bbfefb0697937787252f
This will make curl fail on pypi errors, and should prevent corrupt
images from pypi going offline for a few hours randomly, which it does
from time to time.
Closes-Bug: #1503909
Change-Id: Ib4a740b7d1772e1e36aa701e42d3ac0f0ee12883
If get-pip servers fall over and return 503 for a few hours (which
they do medium regularly) we'll cache crud html, and everything will
suck. We know this script should be python, so if it isn't, delete it.
Change-Id: Ia9f6f7c7217939bc1ab5745f4a9d568acfbf04c8
Setup the log output before calling functions like
check_path_perm_sanity that want to write out to
the error log.
Change-Id: I9815965257c399a48f8cf0f344814d954137aecb
Closes-Bug: #1500834
one cron job attempts to print debug text into stderr; so the file
of /root/dead.letter gets created and its size grows continuously.
It could eventually threaten dom0 disk space. Maybe there are two
solutions: one is to redirect the output to a specific log file;
and rotate log files in the script. And the other one is simply
to redirect the output /dev/null. By considering the function of
this cron job and the printed contents are straight and simple,
this patch set goes with the later solution.
Change-Id: I4875e5e3837e6f0249e314c6c5f408c79145c6c1
Closes-Bug: 1503966
As a follow-on to the issues raised by
I069f46f95656655ae7ba8f3dd929f47eae594b68, rather than a re-write of
create_userrc.sh logic, create a temporary userrc that can be helpful
for debugging until we have the whole system bootstrapped
Change-Id: I3325acffd259cf7f6f4a153c88037cfe8405ca50
we were unconditionally adding -z to the curl command even if the file
doesn't exist that we are referencing. That produces a scary warning
for users. Lets not do that.
Change-Id: Id2860c1c702510b0f8fd496abce579d0fa3ff867
This adds a warning for extras.d usage. This will give us something to
keep an eye on in logstash to build up the list of projects that will
break at Mitaka-1.
This also makes the deprecated handling done through a function, which
will hopefully make it more consistent in the future.
Change-Id: Icd393bc3e7095fe58be0fd13ef74fece3aa5c5f1
At the moment the following md and conf files are handled with shocco.
This should not be the case.
* samples/local.conf
* lib/neutron_thirdparty/README.md
* lib/neutron_plugins/README.md
Change-Id: I11ea5ebda111e6cdab71d3cffaeb4f16443bfd3c
Ia0957b47187c3dcadd46154b17022c4213781112 proposes to have bashate
find instances of setting a local value. The issue is that "local"
always returns 0, thus hiding any failure in the commands running to
set the variable.
This is an automated replacement of such instances
Depends-On: I676c805e8f0401f75cc5367eee83b3d880cdef81
Change-Id: I9c8912a8fd596535589b207d7fc553b9d951d3fe
Ia0957b47187c3dcadd46154b17022c4213781112 detects setting local
variables with subshell commands.
Although this is a particuarly benign case, it trips the test. Rather
than putting in an ignore for this, we can easily change it to make
the test pass. This seems better than putting in special work-arounds
to bashate, etc.
Change-Id: I37c3967c0f2d780a636a7d26cda83755085c5c69
Metadata agent now talks to neutron-server thru AMQP, so there is no use
for API access configuration.
Change-Id: I8f81eea91fe3448d5098e77312f64f2eaba68a68
Depends-On: I254c575c66214f50fb93a94c46c4c9caebfc2937
Closes-Bug: #1502947
Guests with large memory requirements can use default flavors, so
removing the special flavor for ppc64 since new qemu requires more
memory - http://wiki.qemu.org/ChangeLog/2.4 - PowerPC.
Users should set DEFAULT_INSTANCE_TYPE to one of the default
flavors available in local.conf, as m1.tiny.
DocImpact
Change-Id: I0fd275dc7342cc2daa83e9a2bd79d30e7defa3e4
Since Ic2532676e46e93f129d590d1fa7a044ef65f50fb bashate warns on
long-lines. Traditionally, for whatever reason, devstack hasn't cared
too much about long lines unless it really damages readability.
So ignore this to avoid thousands of warnings on the long lines. Note
even though released bashate doesn't have this, ignoring a missing
test doesn't matter.
Change-Id: I16aeaa3b334fac1eec5085f2cfe26c81c53023a8
This is being removed from the Neutron tree, so there is
no need to keep it here anymore.
Change-Id: Ice869bc445cb9dab6f227c30d38fb9b7ba04442b
Depends-on: I949a51873ee5af654b577952d423dd29a6ced8e7
The default bind_port (6011-6013) in the sample config files for swift
use port numbers that are in the range registered by X11 (6000-6063) and
can prevent swift from starting if the ports are in use.
We should use an unregistered range (6611-6613).
Change-Id: Ifd95b99004aead5ddc8ae1a8dd3ccd9c4f2abe91
Closes-Bug: #1254328
Kill them twice to make sure they're good'n'dead. There is a supposed
fix to oslo-incubator code, but we're working around that here in the
meantime with this change.
This returned in Liberty.
Change-Id: I02a7af995dc7de857c4efcf2cef2f95d357c007a
Related-Bug: #1446583
(cherry picked from commit 953baa7998f253681ed31013fd18bd8aa8098b34)
These files have acquired execute permissions that
are not strictly necessary because they are being
sourced, and not intended to be run separately.
Restore to 644
Change-Id: I0b8654123416a07521502b61610ca45c94494a07
There has been a ton of fall out from this change, and I
think it's been premature. We should revert and try again
when more of the client space supports this.
This reverts commit a29434460e.
Change-Id: I1658dc48a024627be0fdb39c46137aaa3d9b911a
When moving to Python 3, we also need to install test-requriements
to allow projects to install any python 3 test dependencies they
might be missing otherwise.
Change-Id: I2d19aa2f7ec8de869a82aa7764ab72cc8693101f
When I deploy linuxbridge-agent and enable tunneling,
the configuration of neutron isn't right. It lacks
the whole section [vxlan] to be properly configured.
Change-Id: Ib3bfe0f3445f466f4dbb36f7f0cb0d940114e7f6
Closes-Bug: #1481126
This reverts commit f768787bdd.
And sets OS_AUTH_VERSION so swift CLI doesn't fall flat when
not using v2 keystone
Change-Id: If44a7e0d85e48020a3c90d8c5c027513129f0f3b
If `DATABASE_TYPE` is configured in `local.conf`, the database backend
is currently configured with `initialize_database_backends` even if no
database backend is enabled.
On a multi-nodes Devstack environment, such as devstack-vagrant, the
compute node currently fails because it does not have PyMysql. This
compute node has no database backend enabled, but has to connect to
the database on another node.
We should install the python client if DATABASE_TYPE is set, even
if no database backend is enabled.
Closes-Bug: 1501001
Change-Id: Iffd5f7243a0dfdbe56cf6b9a87b96ed7678c81dd
Commit 1ce19ab76d dropped API_WORKERS from
nproc/2 to nproc/4 and also started using API_WORKERS for the number of
conductor workers, so in gate runs that dropped conductor workers from 8
to 2. We're now seeing instance build timeouts in the large ops job.
This change goes back to nproc/2 for the large ops job (VIRT_DRIVER=='fake').
Closes-Bug: #1500615
Change-Id: Ie6ef855fce0a99c930d479b7459c15b69e8de499
Ceilometer is now removed from devstack and only exists as a plugin
so it should be in the registry.
Unfortunately the length of the URL changed the table formatting so
the diff is much larger than the semantic change.
Change-Id: Ibe8e27e97294c2d13be8f22f41eea27775811eec
This change adds apache templates for Cinder API services.
Also add possibility to switch between the old and new ways
to setup Cinder API.
Related Cinder blueprint:
https://blueprints.launchpad.net/cinder/+spec/non-eventlet-wsgi-app
Change-Id: Icfad40ee6998296727a95613199e5c2d87bd0a45
Depends-On: Ifbab059001d1567b1f7b394c0411a9ca4629f846
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
It will report 'unknown locale: UTF-8', when the env is UTF-8.
Default set the LC_ALL to C in the stackrc, instead. And delete
the duplicate option in stack.sh.
Closes-Bug: 1499296
Change-Id: I14121b25ac314a1a93e6dd6811e196ce2a7c0eb5
We can just directly install the latest RDO repo rather than having to
keep this up-to-date. I don't think there is actually much there we
need any more; there was a lot more coming from RDO in the centos6
days. openvswitch is one big one, however.
Change-Id: I42b8bc1aea8ff61770987eecd5fc3b8309c1e210
If OVS_DATAPATH_TYPE is configured it should be visible in ML2 config
Changing OVS_DATAPATH_TYPE default value to 'system' from ''
Closes-Bug: 1499029
Change-Id: I88e7d2554e8a1d6dcfea71fc1fb8e9fb2491d8b7
The function guru_meditation_report() currently uses the User-defined
signal SIGUSR1 to kill a Nova Compute process so that a Guru Meditation
Report is generated.
Testing locally, in a DevStack instance, manually attempting to kill a
Nova compute process [kill -s USR1 `pgrep nova-compute`] does not result
in process being terminated, and no error report generated.
It turns out[1] that SIGUSR1 is used by Apache 'mod_wsgi'.
Using the signal SIGUSR2 resolves this issue (i.e. 'nova-compute'
process is terminated, and the Guru Meditation Report is generated).
So, use USR2, instead of USR1.
Corresponding oslo.reports related commit[2].
[1] https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIRestrictSignal
[2] 45b1c02d113051d147e54ef921ce8e94135542d8 -- guru_meditation_report:
Use SIGUSR2 instead of SIGUSR1
[3] Original DevStack commit that brought in this change --
2ebe993b25
Change-Id: I8a7eaf71b83edca3c80074d6bf2d471e3db6142b
In case ERROR_ON_CLONE is true and triggers a failure for a missing
project, suggest a remedial action. On their own, people have
come up with remedies that include altering the value of ERROR_ON_CLONE
which rather defeats the purpose.
Change-Id: I28d7f2c184f8440b774fefaa8ec7002d6708db95
One of the key reasons for the large number of API_WORKERS was that
mysql would block API workers, so would start rejecting work. Now with
the python mysql driver we should be eventlet aware, and life should
be good.
Let's see if this works.
Change-Id: Iaf8730a4dcdc30ef390795bfb5fb73ec3cd665fe
First noted in change id by fumihiko and kyle:
I079e18b58b214bf8362945c253d6d894ca8b1a6b
Neutron and few others seem to use an extra "python" along
with run_process which is quite unnecessary and complicates
adding python3 support in devstack. So let's clean this up.
Change-Id: I2d478f2b04c04d05c18420563e2ad77eba73be3f
Current install_os_domU.sh depends on some keywords which are changed in the
next version XenServer which is upgraded to CentOS 7. So with the existing
script to install domU in the new version XenServer, it will always fail.
This patch is to make it to be compatible with all XenServer versions:
1. the output format of "ifconfig" is changed; the fix is to use the ip
command to retrieve IP address.
2. In XS 6.5 and the previous XS, the "xe-guest-utilities" package file name
is as "xe-guest-utilities_<version>_<arch>.deb" but now it delivers a
single file for all Arch's and the file name is
"xe-guest-utilities_<version>_all.deb". In order to make it to be
compatible, the fix will try to search the old file name pattern by
default. If it does't exist, then try to search the new file name pattern.
Change-Id: I893e89e42a5ef7dd079b571ea308f318c9befc9e
Closes-Bug: #1494241
The commit breaks creation of user rc file.
Now devstack doesn't create certificate for user
(because it's too early to do it) and doesn't react
to changes of EC2/S3 urls if they is recreated by devstack plugins.
So the commit totally broke ec2-api gating for example.
Change-Id: I069f46f95656655ae7ba8f3dd929f47eae594b68
Changeset https://review.openstack.org/#/c/225426/ changed how images
were uploaded into Glance, however the (now) unused TOKEN variable
and function argument to upload_image remained.
These have been removed.
Change-Id: I9910c469f72d52e56111048cc24ea3c992c1d480
get_or_add_user_project_role function was always returning an
empty user_role_id because the role assignment command does not
return any output. Added a command to get the user_role_id after
the assignment happens.
Closes-Bug: #1498599
Change-Id: If1b77eef0d4f0ebdcdf761ecb5e2011484f73871
This patch adds an admin role assignment for the admin user on
the default domain as part of the Keystone configuration stage.
Closes-Bug: #1494081
Change-Id: I91c88917bd51be4572e4970c94e65d866798df26
Commit 2ad1a42ca6 broke entirely the
Apache configuration for Keystone when used without a port on the
/identity URL. This patch fixes that.
Change-Id: I47805138c66456c9c5fa9af1f4ac33b03d0ce5b9
There is no reason to use keystone token bootstrapping for image
uploads. Glance is a service, and images can be uploaded to it normally
without special shenanigans.
Depends-On: If7b81c4a6746c8a1eb0302c96e045fb0f457d67b
Change-Id: I7092fb10cbe243e091789134263fab081af0c7f4
If something goes wrong after keystone is running with services
registered, but before credentials are written, it's hard to poke at the
existing half-running state because none of the auth information is
recorded.
Write the files right after we're done bootstrapping keystone.
Change-Id: I2f8ae86e17d26ec4defa16e843faa8987d27fac9
It should redirect stdout to /dev/null firstly,
then redirect stderr to whatever stdout currently points at.
Change-Id: I4666fa90a96301f0b504a8501f0ffc3fe17616b0
Zaqar's devstack code has been moved into a plugin in the Zaqar repo.
This patch removes the remaining code from devstack.
Depends-On: Iceefabb6cd528b23075a91e8039b8264eb3f33f5
Change-Id: Ifcf54fa2d4a5bf49b6757b593bb70cdeda8edb2a
Cinder API v1 will be removed Mitaka so we don't need to setup it be
default.
To enable Cinder API v1 you need to set CINDER_ENABLE_V1_API=True in
your Devstack config.
Related-Bug: #1467589
Depends-On: I6916eb3e4b7c85f37be8b365b11ca8b48f88177c
Change-Id: I0754e357433cfcd9fde7e937a4a1b440580b6289
after the glance_store vs. upper-constraints bug, it's probably worth
actually enforcing and sanity checking that devstack is doing what
it's being asked of with LIBS_FROM_GIT. This will hopefully reduce
user generated error.
This *might* not work with the current oslo naming, we'll have to test
and normalize that.
Change-Id: Iffef2007f99a0e932b68c4c897ebbfb748cac2b4
Now that we don't have namespace packages any more, editable installs
should be fine. This also means that we apply constraints to these
libraries during installation, which is important for future testing.
This is needed in order to be able to easily sanity check
LIBS_FROM_GIT, as then all libs installed from git will have pip urls
with git in them.
Change-Id: I46c3b8f943b97f912eccc7278e3e033ae67e7e31
is_service_enabled might actually fail to return the expected result if
there is a is_${service}_enabled function available and multiple
services are checked.
For example, if one defines swift as a service but disables glance, the
following check fails:
if is_service_enabled swift glance horizon; then
install_swiftclient
fi
This is because the second for-iteration resets the local "enabled" var
again to 1 and finally exits with 1 as a return code.
This patch fixes this.
Change-Id: Ic76b72897efe9597d1412470353895001a1a4c66
The ceilometer project is moving to using a devstack plugin rather
than having ceilometer in the base devstack. This is to allow
greater control and flexibility.
Change-Id: I413ab159474b7d7231ad66d3a482201f74efe8a8
A new tempest test is being added in https://review.openstack.org/#/c/200108/
but it doesn't run by default because the test fails on Juno. So a
feature flag in Tempest is added. This patch turns on this feature
flag at Devstack's side.
Change-Id: If1cf90dac3edc81a483fc51da74495042c96d543
Without this change some services for ceilometer will not start
breaking CI.
This change I7447ba4f408c95b0acf1b809504ce16fff1c6e21 was validated
against the ceilometer devstack plugin but apparently not against
devstack itself. Until I413ab159474b7d7231ad66d3a482201f74efe8a8
merges devstack still has ceilometer support and is used in the
gate.
Change-Id: Ib1ea8b6ef7019570f82b0ba87e03fc627c8f6801
This removes a restriction for neutron vendor plugin.
Some neutron vendor plugins were already decomposed and
there is no config file in Neutron tree. They should prepare
the file in each plugin.
Change-Id: I4997b8eae1f433b1c23f20c06ba254568ac4982b
There are a number of different neutron plugins that work with the
VMware nova driver. If necessary this flag can be set by each plugin
if necessary.
Change-Id: I47ac2a5c71ff573f474d45b85a523fc243ec3ade
If all databases drivers are loaded, MySQL SQLAlchemy driver
overrides all the other one that might not have set one.
This patches fixes that.
Change-Id: If6d8d08e5b7b7c48ca012677b536d71058def6fd
Closes-Bug: #1493304
The python-keystoneclient requires a trailing /v<IDENTITY_API_VERSION> to
successfully authenticate, otherwise it fails with a 404 error due to a not
found resource.
This error showed up only when generating Swift tempurls, because the error was
raised when using python-swiftclient.
This change fixes this for python-swiftclient within devstack.
Change-Id: Ibe222d65162898db69acba076b5fe1cb3621fbc3
Closes-Bug: 1492216
A previous change in this code had a typo, reversing the
definitions of IP_ADD and IP_DEL, noticed while debugging
another issue.
Change-Id: Ifb87de1138eeb72081a2e52a5c81bfe9fe91ecd6
Remove setting of ssh_user param to boto section.
Because boto uses user name to ssh from compute.ssh_user
Change-Id: Ifd5b99ef35eaf126a3c6e0055837c4741353345e
This change have broke the Ironic tests. Reverting to unblock the Ironic
gate.
This reverts commit 4b115ad526.
Closes-Bug: #1492216
Change-Id: I03acfdf47caf435cede1df08fd79b288a6662435
This reverts commit 2e1a91c50b
It looks like this introduced race bug 1491949 in the
gate-tempest-dsvm-large-ops job causing rpc timeouts when
deallocating network information for an instance,
specifically around the dnsmasq callback to release the
fixed IP that the instance was using which triggers the
disassociation between the fixed IP and the instance in the
nova database.
Change-Id: I163cdeea75e92485f241647c69aea0d7456c3258
Closes-Bug: #1491949
The upstream version of requests contains a copy
of urllib3 and cardet library, common practice in many distros
to create symbolic links for these libraries instead of creating
a huge package which contains the same library as the distro provides
as separate package as well.
Now devstack upgrades the urllib3 to incompatible version,
but it leaves the requests unchanged because Fedora already has the
latest version.
The issue does not happens with Ubuntu because it has older requests
and devstack updates it as well.
The pip installed version contains a bundled urllib3 and the actually
installed urllib3 version does not matters.
This is not the `usual` distro package overrides pip installed package
case.
Change-Id: Icfa71368384b0c2e3ff39265b2fa9190b5566b9b
Related-Bug: #1476770
This commit fixes error caused by adding default image path to IMAGE_URLS without ','
If user sets IMAGE_URLS in localrc like
IMAGE_URLS="path1, path2" (with a space after the comma)
the we get an error "binary operator expected" in
if [ -n $IMAGE_URLS ] condition and a comma will not be added to the end of IMAGE_URLS
In the code below we add default image path(path3) to IMAGE_URLS and we get
IMAGE_URLS="path1, path2path3"
Change-Id: I6543f7178c49a42c71ad9df4cdb4c6e78cbf7758
Change from using a blacklist to disable the shelve tests for
nova-cells to using the tempest config option to disable the shelve
feature tests. This is the intended method of disabling feature tests.
This first commit is to add code to lib/tempest to disable the shelve
feature test if the nova-cells service is enabled. The next
st will remove the shelve blacklist from
http://git.openstack.org/cgit/openstack/nova/tree/devstack/tempest-dsvm-cells-rc
Change-Id: Ibf1f9aaa63e5f17b7d8774b511940ba8421e0887
Partial-bug: 1491152
Neutron plugin always needs plugin file even if the plugin
is out of tree. This patch remove the restraint.
Change-Id: Iedd52db6430def47505a127986170d7279966141
Closes-Bug: #1477452
Now gate will tests Nova v2.1 as default and separate jobs
for v2 legacy and v2 compatible APIs -
I86a627b8ec7b1246452a16c10dcfb1ad5f83bdef
This commit cleanup the options used for old v2.1 jobs.
Separate options are provided for Nova APIs testing-
Ie6b7e4290d9a1d9789d04099b3b31c9a557bc22b
Depends-On: Ie0430cedb7a8136c04b9fb7d08746293aab79f42
To remove old V2.1 jobs.
Change-Id: Ibbed44e1c41ec1e6b3675317f08061810762796c
I had to poke around for awhile to find /var/log/cloud-init-output.log
so I figured I'd add a sentence in the docs about using that.
Change-Id: I8bb6cb730032e41661ee443da816cbea2b28f76d
This adds 2 devstack options:
NOVA_V2_LEGACY={True/False} which is whether we'd like to force the
/v2 endpoint to use the legacy v2.0 code base.
it also provides TEMPEST_COMPUTE_TYPE as an way to pass in which
service catalog entry we'd like to use for compute testing.
We also make v2.1 the default compute endpoint, as that's what we'd
like everyone to be testing and using. The other options will let us
build jobs that nova can run to ensure those APIs don't regress.
Change-Id: Ie6b7e4290d9a1d9789d04099b3b31c9a557bc22b
With multi host set to true devstack's dnsmasq server no longer
listens on the network to other systems. In the gate we can see we're
getting a ton of spurious dhcp requests from other systems on the
network, and it's better that we never even see it.
Change-Id: Ie600de91e4a7da734eae722e78101c2401a7b1f5
The existing mysql code is wrong and not detected as failing [1], and
boto config requires work-arounds [2,3] that are all fairly ugly. Use
-sudo argument to iniset to handle this.
[1] I24388b5de777995f92d73076524122cf599d6371
[2] I5f4c43bbbe477c570936e2e40ac05cc38febbb3f
[3] Ib7556dac9aaaf2f3c96237e0ca28ed6ae1b1b7ac
Change-Id: Iaceb8d42ce37be728adae6fd0a30a1f9d33d4029
this flag was added to deal with inefficiencies of Icehouse. this
patch removes flag as it's not used in post-Icehouse
Change-Id: Ib715e68dc61f3c3ea0a40fae0ea57028e36285bd
Depends-On: I842dfe04725b2482399c0e95b54403fb82001645
IMAGE_URLS could be set both in localrc with customization or stackrc by
default. By setting DOWNLOAD_DEFAULT_IMAGES, user could choose to add
default images to IMAGE_URLS or overwrite them.
As uploading duplicate images will cause a "409 Conflict" error, a
duplicate detection will expose it earlier.
Care needs to be taken that you don't end up with a duplicate image, so
clean up Xen's README.
Depends-On: I6fbae12f950a03afab39f341132746d3db9f788c
Change-Id: I3ca4e576aa3fb8992c08ca44900a8c53dd4b4163
Closes-Bug: #1473432
We bury the lead with all the historical notes about localrc; just
talk about what is important to somebody setting up a current
devstack, which is local.conf.
There are already inline examples of config-variables, etc. Remove
them, but add a small overview example for logging in its place.
Change-Id: I466252ffba66ef4ea180c9355f715a19eb4f8017
We have configuration information split between the README.md and
configuration documentation. A lot of it is duplicated and it shows
little organisation.
This clears the README.md of detailed configuration options and
consolidates it into the existing configuration guide. When someone
first hits the README they don't need details on changing the RPC
back-end; but more importantly this indicates clearly where we should
be adding or clarifying details.
Firstly, the detailed overview of local.conf is removed; it was
duplicated in the configuration guide. This is left as a first-level
section of that guide.
The configuration notes are divided into generic devstack things
(logging, database-backend, etc) and then the rest of the notes on
various projects' configuration options have been moved into a
dedicated sub-section "Projects".
Each project gets its own sub-sub-section. Duplicated swift guides is
consolidated into the single "Swift section". The neutron and
multi-node nodes, which were all duplicated in their more specific
dedicated guides are removed and replaced with links to those. Other
sections are moved directly.
Change-Id: Ib0bac56d82be870fe99c47c53fda674d8668b968
The previous approach assumed that devstack in tree service support
would always be a super set of tempest. That's not necessarily
true. Instead when configuring tempest we should look at all the
possible services that tempest could know about, which will let us
disable services we don't have support for.
Change-Id: I9c24705e494689f09a885eb0a640efd50db33fcf
Some IPv6 addresses are temporary and are generated by IPv6 privacy
extensions. They eventually expire and are regenerated, so we should
filter them out.
Change-Id: I916d6a335bab096f765ae8c7e0e540a4349dd15f
Closes-Bug: #1488691
Commit 7561c8ded211d53e8745d1420a73b82bd0fc35cf removed the
libvirt.vif_driver option from Nova in Juno so we should remove the
variable from devstack since it's useless / confusing.
Change-Id: I70a8cb4a3606eb5eabd3c0ef331945e72c80543a
Neutron and its sub-projects have been made more intelligent about the
alembic migrations of installed sub-projects. Neutron will now
discover the installed migrations and run them automatically.
Partial-Bug: #1470625
Change-Id: Iec8993b02400ae306abf520e6e70d86bba042c8d
Devstack was setting up a separate directory and copying
http/keystone.py into it for the admin and public endpoints.
Keystone now defines wsgi_scripts entrypoints so that
keystone-wsgi-admin and keystone-wsgi-public are created on
install so devstack can reference these files instead.
See http://httpd.apache.org/docs/2.4/upgrading.html#access for
the apache docs with examples for the Allow|Deny/Require
directives.
Depends-On: Ic9c03e6c00408f3698c10012ca98cfc6ea9b6ace
Change-Id: Ided688be62b64066d90776313c963ec5016363f2
This commit fixes an simple syntax error on an else statement causing
it to crash instead of eval. Clearly someone has been writing too much
python and not enough bash.
Change-Id: I81d2324abd17790dc4790147f210ad7d9f0db74b
The lib/tempest variable definition for TEMPEST_USE_TEST_ACCOUNTS was
incorrectly calling the trueorfalse function by passing the variable's
value to the function instead of the variable's name. This was causing
trueorfalse the default value of false to always be returned even when
specifying the option as true in the localrc. (well assuming True or
it's variants wasn't an actual defined variable with a value that
would return true) This commit fixes this issue by properly using the
trueorfalse function.
Change-Id: I8cefb58f49dcd2cb2def8a5071d0892af520e7f7
Patchset fixes calculating EC2_URL/S3_URL for user rc files in 'accrc' directory.
Currently calculation of these url's uses 'openstack endpoint show' command
without specifying os-identity-v3 flag. But output is empty without such flag.
So this patchset uses same construction as exists in functions-common.
Change-Id: Ia4f2510750fa0f46e2f1d58cf0a7a16782f022b3
If nbd isn't enabled you can't boot instances with libvirt using lxc
(unless you're using an lvm backend).
Closes-Bug: #1487195
Co-Authored-By: Andrew Melton <andrew.melton@rackspace.com>
Change-Id: I08c4d498ed35166f566291d9530ca1ecfae05625
Swift3 should be in the same region as all other cloud.
By default it has regaion name 'US'. It's ok for requests
that signed by version 1 of signature because they haven't
region information in request.
But S3 signature of version 4 protocol sends region name to server
and swift3 plugin checks that input region equals to internal.
And because all cloud lives with 'RegionOne' then swift3 fails
request because it has 'US' region name by default.
Change-Id: Icd817183b1a040110372a8ae5d73fd2f0ec5559c
Related-Bug: #1411078
in I0272d56bc2e50e8174db78bd449f65f60f7f4000, we reset DEST value
when installing elasticsearch. it gets set to /opt/stack/ which is
not always correct in gate causing the path to be wrong and
elasticseach cannot be installed. we should reuse DEST from stackrc
Change-Id: Ia3a2383ada30c4e92c37386aedd6164c69cac60a
Closes-Bug: #1484182
As part of moving components to use keystone v3, this review
allows nova.conf's [neutron] section to switch to using the
auth_plugin in keystoneclient for talking to keystone /v3 API
Change-Id: I42502bff147534199096fb581630b8559f311963
When clean.sh is executed, it shows "command not found" messages.
Commands are defined in lib/lvm, however lib/lvm doesn't include clean.sh.
This pache add lib/lvm to clean.sh.
Change-Id: I56672e949d25f7cdcda879badd992f849d06c749
Closes-Bug: 1486392
The commit 05aa3846a0 into devstack exposed a bug
where pip_install is called before the requirements repository is cloned. This
change ensures that the requirements repository exists before pip_install is
called.
Change-Id: I60b157fc98691764a69cf022852e7a95fc50cdd7
Closes-Bug: #1486304
On Linux kernel 4.1, `ip link` reports peer interface name for
each Open vSwitch interface, like:
$ ip link
...
71: ovs-tap1@brbm-tap1: <BROADCAST,MULTICAST,UP,LOWER_UP> ...
~~~~~~~~~~
Currently it is regarded as a part of interface name, so
causes failure in tap id detection from ovs-vsctl output,
that results into ironic deployment failure.
This patch removes the peer name from the interface name.
Change-Id: Id3b181fa821e9bff1afabef4d63964f61fa49a65
Closes-Bug: #1486273
Although l3_agent.ini, dhcp_agent.ini and metadata_agent.ini have
"AGENT" section as default, devstack added "agent" section.
Change-Id: Ie4034257d8aed00d67e3f28e7dd3b05cc5d89fc4
Having behavior on your laptop diverge from behavior in the gate is
confusing. Just use constraints on every devstack run to be consistent.
Users of devstack can edit the requirements repo in order to change
these constraints locally if necessary.
Change-Id: I843208e2e982eb04931b76f5cb4bd219fbcd70de
This has been incorrect since the initial commit
(I632df4149e9d7f78cb5a7091dfe4ea8f8ca3ddfa)
Closes-Bug: #1483499
Change-Id: Ife4defce989c4f3c7eb5381376c0f93de50a9668
Currently horizon configures keystone using v3 only if v2 is not
available. Really we should just always be using v3.
Change-Id: Icac4d90b617209da75abf33f8e25ffc021c45fdb
At this point all our function calls should be using the V3 APIs anyway
so switch the authentication credentials to v3 compatible ones and
remove all the hacks we added to force v3 API calls.
Implements: bp keystonev3
Change-Id: If92d3e11b9a363454f77527783b6d25f4da9c249
The change fix multi-node doc to use SERVICE_HOST.
It resolves duplicate IP address.
Closes-Bug: #1485159
Change-Id: If86393e9a37bcb911a9aa125829cd8ce684edd9f
This patch is setting a name for each node created in Ironic, when
testing stuff it's easier to refer to a nome by its name then uuid.
The format of the name is: node-0, node-1, ...
Change-Id: I60fcddbcb36d1b1da8b3846b6edf14c59401f102
Future work toward visualization of DevStack and devstack-gate performance
would benefit greatly from the availability of machine-parsable DStat output.
This patch outputs an additional logfile to $LOGDIR, `dstat-csv.log`, using
DStat's built-in CSV logging functionality.
An additional instance of DStat is started during start_dstat that outputs
to CSV-formatted text without `--top-cpu-adv` and `-top-io-adv` enabled, as
these plugins are currently incompatible with CSV output. To facilitate this,
a new `dstat.sh` script is added to $TOP_DIR/tools/ to act as a daemon to
manage the two processes.
Change-Id: I826c94c35b6a109308b4f132c181ff7a1f63bc7b
Depends-On: I534fb1f9356a7948d2fec0aecc7f275e47362a11
Currently, if the VPN devstack plugin is enabled (which is
the method used for VPN in all test jobs), there will be
two VPN agent processes started. This doesn't seem to
affect the tests, but is incorrect.
To resolve this, the proposal is to do this in two steps.
With this commit, the script is modified to start the q-vpn
process, if q-vpn is enabled (legacy), and to only start
q-l3 process, if neither q-vpn nor neutron-vpnaas is enabled.
Once committed, the opertion will be the same - if no VPN
service is enabled, we get q-l3 (correct); if legacy q-vpn is
enabled (only), we get q-vpn (correct); if the plugin is used
(the default), we get two q-vpn processes started (wrong).
With a separate plugin commit (to be pushed next), the plugin
will be renamed to neutron-vpnaas, and then we'll get only
one agent process (q-vpn or neutron-vpnaas) runing. We can't
commit the plugin first, because both the VPN agent and the
q-l3 agent will be started at once (just as bad, if not worse).
Change-Id: I2bb7ac01e619c8a9b22bd517a4ff60d67035dfed
Partial-Bug: 1484141
The openstack role list command doesn't include any identity API version
information and so will fail when running purely with v3. We could add
this information to the command however we already have a function that
does what swift requires so we should use it.
Change-Id: I5d5417eaed432760bfb97cf35bd76a0919c6004d
Added functionallity to allow _move_neutron_addresses_route to support
interfaces without a configured IP address. If PUBLIC_INTERFACE is set
to an interface without a configured IP, only the port will be
added to the OVS_PHYSICAL_BRIDGE.
Change-Id: I511ea5229ab871298086af5c96761390529bd85e
It was shown that the local.conf is at root devstack directory, but
it is at devstack/samples directory. So the path is updated.
1.) Copy the file into root Devstack directory.
Change-Id: I6ff8a404a3664c892bb458023c57ccc5d0926fdf
Closes-Bug: #1464491
With keystone's move to /identity, a conflict in for resources was
created as both keystone and horizon used /identity. The keystone
config took precedence and rendered API output in the horizon UI.
This patch sets the root for horizon to /dashboard and serves all
horizon content from there. Additionally, a RedirectMatch has been added
to the apache config for horizon to redirect '/' to '/dashboard' this
will allow the implementation to change without being immediately
painful to users.
Also made the path '/dashboard/' configurable in stackrc.
Closes-Bug: #1478306
Depends-On: I9a04f936ed6d8c14775a332dc28e903992806c42
for devstack-gate changes to remove hard coded horizon url structure
assumptions.
Change-Id: I6fbca5cea9e44df160afbccc71bd045437657320
To disable tempest running the v2 tests when the identity v2 api is
disabled you need to set api_v2=False not v2_api=False.
Change-Id: Ied8a0593619dccb5985f9a1e51feb370754336c7
Keystone API v3 does currently not support filtering for region names.
As a consequence an additional check is needed in get_or_create_endpoint
to check if an endpoint must be created for a given region or if it
already exists.
See related bug for more information regarding the missing region
filtering in keystone.
Closes-Bug: #1483784
Related-Bug: #1482772
Change-Id: Ia6a497b9fb58f7474636ab52dc01b99857bed3a2
With the aim of moving everything fully over to v3 authentication we
need to configure glance_store to use v3 when calling swift.
Requires glance_store 0.8.0
Change-Id: I61e8c5a4136404077f5505ebc2edfe49841c244f
Implements: bp keystonev3
This commit adds support to lib/tempest for configuring tempest to use
the test accounts mechanism. It adds a new variable
TEMPEST_USE_TEST_ACCOUNTS which will be used to trigger using test
accounts. The generate tempest-account-generator utility packaged with
tempest is used to generate the users and projects and write an
accounts.yaml. Another option TEMPEST_CONCURRENCY is added to specify
the the number of accounts to create, the value defaults to the number
of processors on the system.
The auth configuration section is moved to the bottom of the
configure_tempest function to ensure the proper auth endpoint and
catalog entries are all set in the tempest.conf file because the
tempest-account-generator tool depends on tempest knowing how to talk
to keystone to create the accounts.
Change-Id: I8682f72ffe26fd133874f5c575df6389f787ffcc
This has only ever appeared in
I3a5d1e511c5dca1e6d01a1adca8fda0a43d4f632 and has never been exported,
referenced, etc.
Remove it to avoid confusion
(e.g. Icfad40ee6998296727a95613199e5c2d87bd0a45)
Change-Id: Ic71e841f6f751ff43083e12ad734b9c84be7b645
To allow separating neutron l3, metadata, or dhcp agent from neutron
server or controller, there is supposed to be policy.json on the nodes
with l3, dhcp, metadata agent enabled, so it would be more appropriate
to create policy.json in _configure_neutron_common.
Change-Id: I890d647ffca05482f36ebaaf9c2c6e9e6cb23e2b
Only source openrc once, and remove the unnecessary re-sourcing of
"functions" which is done by openrc.
Change-Id: I61c87a0742de274d47753a0b216c56d96344d161
I'm still at a loss about why guests stop being pingable in grenade,
so lets get ourselves some ebtables output as well.
Change-Id: I4e40eff6d0b1ef194e43b151a83206fbd50deb66
test_encrypted_cinder_volumes.* tempest test failes,
when cryptsetup package is not installed.
The following error can be seen in the n-cpu log:
Stderr: u'/usr/bin/nova-rootwrap: Executable not found: cryptsetup
(filter match = cryptsetup)\n'
Change-Id: I86603f1301fa946c8bb22de3e69a2ec1ab7f1ef3
The current format is just copy-paste after auto-conversion and very
inconsistent. Move discussion of each option into a section and
reword some slightly so they read more clearly. Group some together
into a section+sub-sections, such as the logging and ip-version option
discussions.
Add a top table-of-contents for the major sections, and then a
separate toc for each of the configuration options that are discussed
in detail.
Change-Id: Iddd27cb54f1d9f062b9c47ff9ad6a2bef3650d6b
The multinode guide erroneously said to enable n-api on the worker
nodes, which is a typo. n-api-meta is the thing that's needed.
Change-Id: I733896681f7f6fe3bea0fdeeb8ffc9033d7fc761
We pull the pip constraints from the requirements repo so need to clone
that repo prior to using the constraints. In fixup_stuff.sh devstack
attempts to install packages like prettytable using the constraints. It
is also possible to need constraints before fixup_stuff.sh if tracking
depends. To deal with this clone requirements repo before any possible
use of constraints in pip_install.
Change-Id: I42e981c8c5ce1b8a57b9f6cce213065c72d6af11
Preparing the field for this patch:
https://review.openstack.org/205282
The client.cinder key needs to have write permission to the glance pool
in order to complete the snapshot process.
Change-Id: I98f16167db864ffd14e8c3dd5dec81fc16245448
This will let us defauilt to the path within the code,
we can add the right path in once we have the file in
the codebase.
Change-Id: I9de94c5ac6349c3b46adbacb77fc877b5201285c
This commit stops using the sample config file as the base for tempest
configuration. The sample config isn't actually needed as a based for
configuration because all the options are commented out so from the
perspective of the config parser it's a blank file.
There are 2 reasons for making this change, first using the sample
like this creates a hard dependency on tempest having a sample config
file in tree. This is something that the project wants to change since
keeping the file in sync causes headaches because of new oslo
releases. The second aspect is that it makes the generated output
difficult to read. It includes *every* option and it's description in
the generated output which makes finding where devstack is actually
setting something more difficult to find.
Change-Id: I4064a041a965ed2419b68efc8dc31fce37b24cfd
Some of the ceph commands had gotten quite long, so reviewing them in
gerrit is a bit problematic. Do some line wrapping just to bring these
back to a bit more managable state.
Change-Id: Ice5122702f2466d059dd275b038d5ff983bcda44
We're worlddumping at success points in grenade, and it would be much
handier to explain when that happens via a symbolic name in the
filename. Add a --name option to worlddump to allow it.
Change-Id: I644200fe08e404dc7ca2006478ae4e11ca020672
This parameter is needed in order to test the copy on write cloning
functionnality.
Change-Id: Ie8179a68827acba2dd8614ea9c6cecf2ddb20e29
Signed-off-by: Sébastien Han <seb@redhat.com>
Preparing the field for this patch:
https://review.openstack.org/#/c/205282/2
The client.cinder key needs to have write permission to the glance pool
in order to complete the snapshot process.
Change-Id: I90c6aa056b99944aa558783f3f81d06f918f3e26
Signed-off-by: Sébastien Han <seb@redhat.com>
Due to errors in tools/ping_neutron.sh, exercise neutron-adv-test.sh
fails. Faults were: 'neutron net-list' took too much arguments and
variable REMAINING_ARGS was mistyped.
Change-Id: I681328bfb1e4445543ef9d94e3b3824dbc9c8346
Closes-Bug: #1478021
Ceilometer introduces two new configuration files
This change adds them.
Change-Id: I4da44f09eb0a839f36fef513aec41d9b1564155d
Depends-On: I5a202c30614d06821063e243d4e2330736aba5fd
Ml2 plugin always needs agent file even if the agent is out of tree.
This patch removes the restraint and ofagent_agent.
Change-Id: I12de58e13da1fd162ad8b632d895779ae7560c3c
Closes-Bug: #1477459
We do not need the HOST_IP to be detected in order to be able to list
our images. So just set that to some dummy value before sourcing
functions.
This will allow tools like disk-image-builder to work regardless of
whether get_default_host_ip succeeds or not.
Change-Id: I9c22d2066e34309e70e56076e3d17c5db6ecee06
Add a -sudo option to allow these functions to operate on root-owned
files. Test-case is updated, but not enabled by default as we can't
expect test-runner to have sudo access.
Change-Id: I134c3397314c7d9395996eb6c825ecb7e7fdfc69
Various cleanup to this file.
Firstly create a temporary space to test, rather than working in the
source directory.
We have "assert_equal" which simplifies a lot. Add "assert_empty"
that is used in a couple of tests too. Remove a couple of duplicate
tests.
Change-Id: I7fd476ed63026e67d66a8ac2891b2e4a6687d09c
These return paths doesn't renable xtrace, so output mysteriously goes
missing until the next time it is enabled.
Change-Id: I3a8018dfa9397c07534970c39fba8dc10afcbe41
devstack attempts to set bind-address, sql_mode, default-storage-engine,
max_connections, query_cache_type and query_cache_size.
However the bash command is missing some '&&'s and was omiting
max_connections, query_cache_type and query_cache_size.
Change-Id: I24388b5de777995f92d73076524122cf599d6371
Currently, the Swift proxy, object, account, and container servers bind
to IPv4 address 0.0.0.0 by default. In the case of a user setting
SERVICE_IP_VERSION=6 in their local.conf file, these Swift servers still
listen on 0.0.0.0 instead of ::, which causes a ./stack.sh run to fail.
This change explicitly sets the bind_ip variable in the Swift server
config files so that the servers bind to either 0.0.0.0 (when
SERVICE_IP_VERSION != 6) or :: (when SERVICE_IP_VERSION == 6).
This patch is related to the following patch for devstack IPv6 support:
https://review.openstack.org/#/c/192329
Change-Id: Ie268c6daf5374e67ef8710a731c3af50ffdb821e
Nova option osapi_v3 is used for Nova v2.1 API and the default value
was False(disabled). However Nova v2.1 API is CURRENT status and the
API should be enabled as the default as we discussed on
http://lists.openstack.org/pipermail/openstack-dev/2015-July/069624.html
We could not find it before because devstack makes it True, so this
patch removes it for avoiding confusion any more.
Change-Id: I4efd2036605a1a41ea297b44a5f31b2da7412593
Related-Bug: #1462901
Depends-on: I43f0352f9fa89401f79389a6dc1035d901f52ed2
In another "things from the man page"
The return status is 0 unless local is used outside a function, an
invalid name is supplied, or name is a readonly variable.
Thus if anything fails in "cmd" of "local foo=$( cmd )" we don't
notice.
Change-Id: I22b10d5d39f014b6c92d2e101b167cbacf81afca
OpenStackClient doesn't currently support volume type create on the V2
API. Make sure that all requests use the V1 api until this has been
fixed in OpenStackClient.
Change-Id: I2fa133d30753e188d383d3de78c0022a3625cb34
Closes-Bug: #1475062
In test_functions.sh, There aren't export_proxy_variables() tests.
This patch add test of export_proxy_variables to test_funstions.sh.
Change-Id: I76f2bab84f4019961e612b0bff0ab66646b6e160
As soon as Parallels Cloud Server/Virtuozzo is based on CloudLinux distribution
this new rpm kind of distribution is introduced.
Also we setup vnc and set vnc_encoding parameter to None as soon it isn't
supported by parallels.
Change-Id: Ib97a09f397f950227498cfc2ce162d19b700f6f4
Add support of ploop images (*.hds extension) for both exe and hvm types.
In devstack we assume that images have '-exe' and '-hvm' suffixes in
their names correspondently.
Change-Id: I1c074876c530be0535a6e02e764d67a4ebcbbbe5
File injection is disabled in nova meanwhile, and devstack core
reviewers think it shouldn't be configureable in devstack anymore.
This basically reverts https://review.openstack.org/#/c/70560/
Change-Id: Ia7dd407da00c0b1c9641865aea1f7b74533d7357
Nova commit 322cc9336fe6f6fe9b3f0da33c6b26a3e5ea9b0c added the
neutron.allow_duplicate_networks config option in Juno and it defaults
to False. The option was deprecated in Kilo with commit
4306d9190f49e7fadf88669d18effedabc880d3b and removed in Liberty with
commit b06867c581541ed325ddc5e5b5a2d53b1b0261ac so it's the default
behavior in Liberty.
To test it in the gate with Tempest, we need to be able to set it to
True in devstack-gate and update tempest.conf (since tempest is branchless
and we don't want to try to test duplicate networks against kilo/juno code).
We can remove the change to lib/tempest when it's removed from Tempest
after kilo-eol.
Depends-On: I05f81d86cde249c23be06d5804fadbf40fc4a7f3
Change-Id: Ifd075420f57c9b60746f4a6af6520c0ef04800db
I dug back through the history to see why xtrace is enabled where it
is. Originally (like first commit originally), it was somewhat sanely
placed to turn on tracing after it had done the interactive
"read_password" prompt stuff. Over time, it has just shuffled it's
way down as stuff got added around it.
This was noticed this because I was looking for tracing of earlier
commands when looking at the repo setup (see
Iec2ad7b5598fdaefbc2338ade702bc7b08963b96) and couldn't find it.
Putting this at the start means we both capture all output
unconditionally, and avoid needlessly getting this interleaved at some
odd place again.
Change-Id: I441d7eecbab9d204258c18a071ccc1cbf4f7512a
The encrypted Cinder volume tests in Tempest don't actually work
properly for a Ceph backend in cinder since the volume encryption
support is not in Nova for RBD volume types.
This is needed for Cinder change
I03f8cae05cc117e14f7482115de685fc9f3fa54a which tells Nova that the rbd
volume connection is on an encrypted volume type.
Related-Bug: #1463525
Change-Id: I8548d41095513b9e669f773e3f35353e9228ead9
Most of unused files were used with build_domU_multi.sh which has been
replaced by build_xva.sh. Besides tools/xen/scripts/templatedelete.sh
was created for convenience purposes and now not in use.
Change-Id: I4282c779629e3413ee3cd3ff134c3b7b19eee487
Closes-Bug: #1470535
Include the user and project domain parameters in the generated user rc files.
This is fairly simplistic, if we were to follow the existing attitudes we
should iterate over the domains and add a new level of folders however this
would change the output location for files that may be depended upon.
Change-Id: I5e9e78406b11382751a591d91f711161bb98f47a
The create_userrc file is littered with references to a tenant. The tenant
concept has been deprecated long enough that we should use project instead.
I have not attempted to maintain compatibility with the --os-tenant-X flags
because I have not found reference to anyone using this script outside of
devstack.
Change-Id: I613f1bdc6673f0c4bfe29aaab7b514348a617a8c
This command was commented out so assumedly there used to be a bug. Switch to
OpenStackClient as the cinder CLI doesn't handle v3 auth correctly.
Implements: bp keystonev3
Change-Id: I1acdc04cf04b7056701bdded31ef2a015de5bce3
Always use the V3 API for role creation.
Groups only exist in the v3 identity API and so we must specify
--os-identity-api-version in these commands.
Implements: bp keystonev3
Closes-Bug: #1470668
Change-Id: I5e01d23ebcb5a0c7de56233071a4eb9b16d3b813
Always use the keystone V3 API when creating services and endpoints. The syntax
here is slightly different but we maintain the function interface.
Change-Id: Ib3a375918a45fd6e37d873a1a5c0c4b26bdbb5d8
Implements: bp keystonev3
Added functionallity to allow IPv6 addresses to be moved to the
OVS_PHYSICAL_BRIDGE from PUBLIC_INTERFACE automatically using
_move_neutron_addresses_route. Only PUBLIC_INTERFACE and
OVS_PHYSICAL_BRIDGE need to be set in localrc.
HOST_IP must be set in localrc. HOST_IPV6 must be set in localrc if a
global IPv6 address is configured on PUBLIC_INTERFACE.
Change-Id: I8d2c055702e1c7cf08499a77f6843393762fd4c1
We stop the services, which should be sufficient.
Uninstalling the packages means that doing repeated
runs with devstack takes longer than necessary.
Change-Id: I5626e42ce83710690a3523439bb2c9c9af560cd9
Keystoneauth is not marked as stable yet however to ensure that the
integration between it, keystoneclient and other services don't break
compatibility we want to test it with tempest.
Unfortunately you can't put -e links in requirements.txt files so add
it to devstack so we can set the test environment. This will also make
it available when keystoneauth is released.
Change-Id: I43ca1df9c6ae2f0ac1a687c9ce1e2ccb97e81652
Configuration of local_ip is duplication in ml2 because there is
the configuration in both ml2 and openvswitch_agent.
It also should be set in each driver using openvswitch.
Change-Id: Ib0b874aed8db883d778426ed1ae01679fc0cc075
Libraries were resulting in two edit-constraints runs:
- one for the library, which adds a non-editable file path
- then one for the editable servers, but that fails becuse
pkg-resources couldn't parse the prior entry.
This is fixed in two parts: the dependent patch which supports parsing
file urls that have egg names, and this patch which changes from a
file path to a file url with an egg name.
Change-Id: I0f07858e96ea3baf46f8a453e253b9ed29c7f7e2
With config option NOVA_USE_MOD_WSGI=True nova-api handles
requests on /compute URL.
Depends on I83bc4731507fa028377ae6701ed4d32adefa9251
Change-Id: Ic84b5c0dc0726662470ef9c076a0cadca55a3917
When you get or create service it first checks to see if an existing
service matching these parameters exists. The definition of existing is
having a service with the same name, however name is not a unique field.
Sahara for example creates two services, one with data-processing, one
with data_processing with the same sahara name.
Search for existing services by service type, not by service name.
Change-Id: I6148e2254aa3968039b0e7c178e7cabc53b6be68
Assumes devstack was configured with SERVICE_IP_VERSION in
local.conf
SERVICE_IP_VERSION is stored in .stackenv and checked in
openrc. If SERVICE_IP_VERSION is set to 6, openrc will use
IPv6.
NOTE: At first, I added a '-6' option to the openrc call
which would set the HOSTS accordingly. I then simplified
the code by saving SERVICE_IP_VERSION to the .stackenv file
which is sourced by openrc. After that, I simplified the
code even more by removing an extra, unnecessary, variable.
Change-Id: I5d46d5438d3e56fea788720ca17f0010caef3df1
By default, most Openstack services are bound to 0.0.0.0
and service endpoints are registered as IPv4 addresses.
With this change we introduce two new variables to control
this behavior:
SERVICE_IP_VERSION - can either be "4" or "6".
When set to "4" (default if not set) devstack will operate
as today - most services will open listen sockets on 0.0.0.0
and service endpoints will be registered using HOST_IP as the
address.
When set to "6" devstack services will open listen sockets on ::
and service endpoints will be registered using HOST_IPV6 as the
address.
There is no support for "4+6", more work is required for that.
HOST_IPV6 - if SERVICE_IP_VERSION=6 this must be an IPv6
address configured on the system.
Some existing services, like the Openvswitch agent, will continue
to use IPv4 addresses for things like tunnel endpoints. This is
a current restriction in the code and can be updated at a later
time. This change is just a first step to supporting IPv6-only
control and data planes in devstack.
This change is also partly based on two previous patches,
https://review.openstack.org/#/c/140519/ and
https://review.openstack.org/#/c/176898/
Change-Id: I5c0b775490ce54ab104fd5e89b20fb700212ae74
Co-Authored-By: Sean Collins <sean@coreitpro.com>
Co-Authored-By: Baodong Li <baoli@cisco.com>
Co-Authored-By: Sridhar Gaddam <sridhar.gaddam@enovance.com>
Co-Authored-By: Adam Kacmarsky <adam.kacmarsky@hp.com>
Co-Authored-By: Jeremy Alvis <jeremy.alvis@hp.com>
stackrc needs to do all of the initialization for situations (Grenade,
unstack.sh, etc) that do not run stack.sh
Change-Id: Ib8c7b923dde817b37f852515dd049fcf970b999a
Constraints files allow a global view of dependencies for devstack
without the side effect that requirements files have of installing
everything everytime. This is part of the cross project
requirements-management spec.
Change-Id: If089d30146629e6cf817edd634e5c2b80f1366dd
This allows setting the new option in Tempest for toggling whether
or not the Cinder encrypted volume tests should run.
Depends-On: I48eba7c645cc1c979fd766ae9c05efb00957f787
Related-Bug: #1463525
Change-Id: I9e12f8dc9e3e6b68dc031351cb081ee2bc6e6cbb
Review https://review.openstack.org/#/c/192154/ removed support for RPC backends
other than RabbitMQ, but we should still document how to disable rabbit.
Change-Id: I1fd64b5f02573c58d7b0d1005c39a22c459a09a5
Once the Sahara related code moved to Sahara repo and used, we can
remove Sahara specific code from Devstack.
Partial-Implements: bp sahara-devstack-intree
Change-Id: I34412b5cb2e86944b8555b8fd04b43556eb2bbe6
Depends-on: I2e00b2ebc59dd3be6a0539dea2985f2e801a1bd7
Depends-on: I07c3fede473030e8a110cbf5a08309f890905abf
Before the fix, requirements soft-update was used for projects that are
in the file.
Change-Id: I095d42521f54b45a6b13837e2f8375fa04532faa
Closes-Bug: #1469067
The gate/updown.sh calls the unstack.sh with
-ex option. Normally we do not use -e with unstack.sh.
The unstack.sh can fail if the service already stopped,
and it also can have flaky failures on the gate.
For example the stop_swift function tries to kill swift in two
different ways, and if the first one succeeds before the 2th attempt
the pkill fails the whole unstack.sh.
This change accepts kill failure.
Normally the kill can fail if the process does not exits,
or when you do not have permission to the kill operation.
Since the permission issue is very unlikely in our case,
this change does not tries to distinguish the two operation.
The behavior of the unstack.sh wen you are not using -ex should
not be changed by this change.
Change-Id: I64bf3cbe1b60c96f5b271dcfb620c3d4b50de26b
Unconditionally running this can lead to confusing failure output from
kill as the pgrep matches nothing when nova-compute isn't yet running.
Change-Id: I37cb84fe8e0b393f49b8907af16a3e44f82c46a6
Full list for liberty is as follows:
* oslo.service
* oslo.reports
* automaton
* futurist
oslo.cache was already added in the earlier review
Some of the entries are already there, though automaton was
missing in one spot. Made sure all references have all five
libraries.
Change-Id: Iffb720d46058424924469695a3ae1e4f20655f99
To avoid sourcing this twice and getting globals mixed up,
particularly when using multiple plugins, add a "header guard" that
ensures we only source it once.
In general I don't think functions/functions-common have been written
or considered to be idempotent. I don't think going down that path is
going to be a long-term solution as it's easy to break.
Change-Id: Idca49eb996d2b7ff3779ec27ed672a2da7852590
Closes-Bug: #1469178
Move the failure trap after the functions it uses, so that
"delete_all" is defined when it is triggered.
Change-Id: Icb2465d0f834b8cb2d46dca3c7df4ae06e49d9b5
In documentation like this (which is a huge boon) we should strive to be
as explicit and helpful as possible, so this change tries to be more
clear about what a project.yaml is and where one might go to create it
or change it.
Change-Id: Ia66a361fc7d79e511afa3ad903fffb122b86998b
When using IDENTITY_API_VERSION=3, the clouds.yaml must also set
auth/user_domain_id and project_domain_id.
Change-Id: If028f2935ea729276f40039a4003c07c08e91672
There is properly working is_cinder_enabled now, and this check
actualy matches ironic-inspector, breaking its devstack plugin.
Change-Id: I659ec9b9b2b49690fd075f9766ae8cbf19e81848
Closes-Bug: #1469160
Change I79a8d8ac7ad2fbd7d2fce696821d130218e43e03 removed the install
of python-libguestfs, which was actually hiding a dependency issue on
Centos. The "kvm" package is ultimately missing some bios files from
"seabios-bin" -- however with python-libguestfs installed this was
coming in via a dependency chain that pulled in qemu-kvm, which has
the dependency.
qemu-kvm is not strictly required as all the functionality is within
qemu-system-x86. But while we get [1] sorted out this restores the
job functionality.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1235890
Change-Id: I3379bc497978befac48c5af0f1035b96d030b7eb
Prior to this patch, the logic for configuring the interface used for
the L3 agent was OVS specific. This patch introduces code to correctly
identify the brq device that is used for the L3 agent when using the
Linux Bridge mechanism driver.
Change-Id: I1a36cad0fb790aaa37417a1176576293e4f2c87f
Co-Authored-By: Jens Rosenboom <j.rosenboom@x-ion.de>
This should make it easier to understand possible interactions between
rootwrap processes calling commands that might be the cause of race
bugs.
Closes-Bug: 1081524
Change-Id: Ic1f1fa42e4478a9d30f0f582a68f648935d0097d
When configured to run under Apache Httpd, keystone will also
handle requests on /identity (public) and /identity_admin (admin).
Change-Id: I4e6eb0cad1603aa0e612d0adc5431565da93870e
We have this pattern of timeout with while tests for a non infinite
while loop condition. It's enough of a pattern that we should probably
extract it into a function to make it more widely used.
Change-Id: I11afcda9fac9709acf2f52d256d6e97644d4727c
We're adding the ability to have devstack plugins, which should be
much more free to require new things not in global requirements. Our
old thinking of locking down all the requirements doesn't really work
in a plugin model.
Instead, if the project is in projects.txt, continue with the old
behavior. If it is not, do a soft update (update all the requirements
we know about, leave the ones we don't). This was previously the SOFT
requirements update mode, but now it will just be the default.
Change-Id: Ic0c6e01a6d7613d712ac9e7e4a378cc3a8ce75e6
We should use "tenant" and "user" instead of "project_name" and
"user_name" by calling setup_colorized_logging with these parameters.
Closes-Bug: #1467942
Change-Id: I484ef431ac422e25545391ed41fab45060a7b821
This patch fixes the problem of iPXE connection timing out when it's
trying to fetch the configuration files and images from the HTTP server
by accepting requests to HTTP server port on iptables.
Closes-Bug: #1467894
Change-Id: I43d66335a97c376ab64d604ff807540d0decc401
Because PIP_VIRTUAL_ENV was set for the installation of requirements,
and left around in scope, the installation of pbr no longer happened
in a global context, it instead landed inside the virtual
env. Unsetting the variable after requirements install gets us back to
where we expect.
This was an unintended side effect of the requirements-venv patch.
Change-Id: I2c4cb4305fec81a5fd237edabee78874ccd0da22
Currently those bindings are missing from SLES12, and since
they're not actually used unless file injection is enabled
(which is not by default), only conditionally depend on it.
Change-Id: I79a8d8ac7ad2fbd7d2fce696821d130218e43e03
libxml2-devel is a dependency of libxslt-devel, so we don't need
to explicitly include it. Also, since it is only really needed
by python-lxml, consolidate it into devlibs and remove the copies.
Also remove a non-existing package reference along the way
Change-Id: If9afaaa93f2c485baa1efff74d7ae58c59713de6
yum-utils provides yum-config-manager but the check for yum-utils is
currently being done after the first usage of yum-config-manager, which
fails if you don't have yum-utils already installed, so move it up
before the first usage of yum-config-manager.
Putting yum-utils in files/rpms/general doesn't help since
yum-config-manager is used in stack.sh before tools/install_prereqs.sh
is called.
Closes-Bug: #1467270
Change-Id: I74996c76838b7dc50d847e3bedb2d04dc55b4431
A lot of commands developers use require admin by default, so add a
"devstack-admin" cloud to clouds.yaml that has admin authority.
$ openstack --os-cloud devstack-admin user list
Change-Id: Ie0f1979c50901004418f8622d4ca79dc4bdadd8d
Since this patch https://review.openstack.org/#/c/171685 has been
merged in global requirements, better to switch to pip_install_gr.
Change-Id: Ibe708d4f523c32ade3c6a273f80b9c38bb03e382
On some system Cinder is not enabled so we can't assume LVM is installed. So
do not try to `sed` /etc/lvm/lvm.conf or clean LVM VG if cinder is not enabled
Change-Id: I09b1a7bee0785e5e1bb7dc96158a654bd3f15c83
The devstack plugin docs mostly referred to in tree plugins, which is
honestly something we don't want people doing. Instead restructure the
whole document to talk about external plugins as the only kinds of
plugins, and focus on a workflow to make that easy for people to work
through.
This also adds a plugin-registry page to start listing known plugins
somewhere centrally. Some sample content was added, hopefully people
will submit patches to include their plugins.
This does drop the section on hypervisor plugins. That's not currently
something that we expect a ton of people to work on, so diving into
the code for this should be fine.
Change-Id: Ifc0b831c90a1a45daa507a009d1dcffcd6e2deca
Using the swift_store_auth_address, swift_store_user and swift_store_key are
marked as deprecated in glance in favour of using a standalone config file that
provides multiple auth options.
Create and use a standalone authentication file for communicating with swift.
Change-Id: I9b5361ce6e1771781d7ae7226974604a7f9e5d00
That'll make things more clear that with the provider networking
feature in DevStack, FIXED_RANGE will be a routed IPv4 subnet that gives
routed IPv4 addresses to instances without using floating IPs.
Change-Id: Ie26d75ac5ff285a25762c4f61fd9800b0382886b
With PyMySQL in the projects we can expect things to happen more
concurrently now. The query cache is a hinderance to concurrency, and
more connections will be required.
Change-Id: Icfb8cdbb9ed39cfd7732ad05fe740e01c767af7b
The requirements repo has had a setup.cfg etc for a long time but only
recently started using it. As it now has dependencies, we need to pip
install it. To preserve compat with older requirements repos I haven't
changed the call to invoke update-requirements yet, as we still have
the update.py symlink.
The pbr install is moved before requirements to ensure we don't
trigger easy-install.
Change-Id: I7d7e91694c9145fac0ddab8a9de5f789d723c641
Nova is responsible for installing the libvirt package (if it is being
used). It is required by python-libvirt but python-libvirt only required
in ceilometer if nova compute is being used. There are some usage
scenarios where nova compute is not being used so in that case don't
install python-libvirt.
Change-Id: I0db66f1c0526e24ade98de85989a5ed8d37f0c4f
The change in 027e2ea741 included some
debugging code that should have been removed before being added. This
removes it.
Change-Id: Ia56e1eb7305683b6c00b27a727fc8e094c65a963
If the version of python-requests required is higher than
that provided by the operating system, pip will install
it from upstream.
The upstream version provides its own CA certificate bundle
based on the Mozilla bundle, and defaults to that in case
a CA certificate file is not specified for a request.
The distribution-specific packages point to the system-wide
CA bundle that can be managed by tools such as
update-ca-trust (Fedora/RHEL) and update-ca-certificates
(Debian/Ubuntu).
When installing in SSL/TLS mode, either with SSL=True or by
adding tls-proxy to ENABLED_SERVICES, if a non-systemwide
CA bundle is used, then the CA generated by devstack will
not be used causing the installation to fail.
Replace the upstream-provided bundle with a link to the
system bundle when possible.
Change-Id: I651aec93398d583dcdc8323503792df7ca05a7e7
Closes-Bug: #1459789
Part of what was decided at summit is devstack needs to return to a
more opinionated stance, the following removes support for non
RabbitMQ messaging. RabbitMQ is used by over 95% of our community
(statistically all of it), so it's a pretty clear line to draw that
this shouldn't be in tree.
iniset_rpc_backend will be our stable hook for other projects that
want to implement this out of tree. The burden on creating those out
of tree plugins will be on those that wish to support those
alternative stacks.
Change-Id: I8073a895c03ec927a2598eff6c2f01e5c82606fc
This includes requiring a domain when creating a user. This will allow us to
control where users are created in a later patch.
Adding the token to the user creation call is required because of a bad
interaction between OpenStackClient, os-client-config and keystoneclient
when dealing with v2 authentication but v3 API calls. It will be cleaned
up when we switch to v3 credentials.
Change-Id: I6ef50fd384d423bc0f13ee1016a8bdbb0650ecd9
Implements: bp keystonev3
Always use the keystone v3 API for project creation. Make domain a
required argument. Whilst we could simply default this value within the
function I think it's better to make this explicit as these are things
deployers and services need to consider.
In future we will want to figure out how we want devstack to organize domains
however I don't believe that it belongs in this patch.
Change-Id: Ib9587193c5c8419dc4b5a608246709baaddd2a52
Implements: bp keystonev3
There is a known bug that restart tgtd fails, so go the
workaround way and stopping/starting it instead.
In addition, remove the else case since unstack also
uses cleanup_cinder, which already unconditionally supports
all distros.
Change-Id: Ib70917a95f001ef36a51815f08416fa30084aad6
Following fixed were done:
1. Cleanup fixed.
2. API_WORKERS config option was added to nova config templates.
3. Nova API screen tabs were named as nova-api and nova-ec2-api.
Change-Id: I68dc6fd6c8aeffcec7f9039afd63bd1599c65682
Change [1] brings back this feature in Neutron, so we want to have
the ability to set the number of API workers the same way other
projects do.
However, this cause some instability, so we need to be careful on
how we bring it back.
[1] https://review.openstack.org/#/c/191127/
Closes-Bug: #1432189
Related-bug: #1432065
Change-Id: Id4986a49d33fa4b8a7291150488665e200525dac
Co-authored-by: Russell Bryant <rbryant@redhat.com>
Some projects (Neutron) seem to be affected more than others, so we should revert this
to allow for a more selective choice of the DB driver on a per project basis.
We can re-enable the use MySQL-python just for Neutron.
This reverts commit de8d29ed8c.
Related-Bug: #1464612
Change-Id: I889f4f8b116c413b300ab9eecc7b428a9a4afb1a
The failure rate with neutron is too high to keep this
as the default.
Related-Bug: #1464612
This reverts commit b3798af474.
Change-Id: Ie9550aeb25d472a38e3d3ef6f3711622c9221c46
Going forward, nova will have another database at the API level (similar to how
current cells has an api-level cell, with its own database). This patch creates
and initializes it so that we can start testing the migrations with grenade.
Change-Id: I0dfae32102aeda9c5d17e134527b6a18f4b88014
glance_store has now been fully migrated, so we can stop setting these
options in the config files.
Change-Id: I3c6c2eea0171227b1ed362e74bcc5b10770721be
This patch just simplifies the start function a bit by removing some
unnecessary is_service_enabled checks that just wrap run_process
calls. run_process does this exact check internally so it's not
needed here.
Change-Id: Id12a23f77ea0342854337c7d65821dd4e574dec2
Signed-off-by: Russell Bryant <rbryant@redhat.com>
This does not gracefully handle the situation where requests
is not there at the beginning. Needs to be rethought.
This reverts commit 7d350720fe.
Change-Id: I101fac0dc6fdc97b7fb0b2955cffc6b4905152e5
Sadly this is needed. We should refactor this out from all of the
plugins so we don't need to have all of these files. Adding this one
for now though.
Change-Id: Id382443fa7bef6b45237688c7e88d9e9a80a6ba1
The iptables service files are no longer included by default on
Fedora. This causes the systemctl calls in fixup_stuff.sh to fail
when disabling firewalld in favor of iptables.
Change-Id: If37691d03e3d07ca8b53c541717081beeb184c16
Closes-Bug: #1462347
Add a note about running openrc through bash for import into zsh, as
shown by Chmouel Boudjnah in I5b6c8cfedcdd36efb4cbc91831501ee5c9c3b1d1
Change-Id: I5f1c9fc3fdc045cf6fb69af13f6264a81bf5f763
Closes-Bug: #1460656
The script hardcoded http://$SERVICE_HOST/... which failed
when SSL or tls-proxy was enabled. Calculate the protocol
based on enabled services instead.
Change-Id: I192eeeafe7bf4dc5cbd382c505ffb9307651d78a
This patch separates out control of the Neutron L2 agent from
starting/stopping the rest of Neutron. This is needed for the same
reason that control of nova-compute was separated out for Nova. When
doing rolling upgrade testing with Grenade, we need to be able to stop
and upgrade everything except the L2 agent, as that is what would be
running on a compute node.
After this is in place, we can update grenade to support a partial
upgrade scenario with Neutron and run it in jenkins to ensure we don't
break live upgrade support of Neutron.
Change-Id: I7eb87fba778aff3e4514813c6232dafa99ee2912
Signed-off-by: Russell Bryant <rbryant@redhat.com>
os-brick code was pulled out of cinder and made into its own library
https://review.openstack.org/#/c/155552/
added to requirements:
https://review.openstack.org/#/c/177372/
Integration tests were added
https://review.openstack.org/#/c/188156/
But they still use the version of os-brick from pip.
This change updates devstack to pull in the changes from
os-brick patch sets instead, when configured to do so.
Needed-by: Id2bc10782847861fe4bb5e9e46245654450e38fd
Change-Id: I5359dd37dfe94bd469d5ca35f9fbaeda61b5fac4
Nova-compute is hanging in the multinode test, and its difficult to
figure out why. So trigger a guru meditation report for nova-compute in
worlddump so we can see what nova-compute is doing when it is hung.
Having a hung nova-compute causes tempest to fail and
I035fe8e3333034e44b403ed0f986220ab5b0e57a runs worlddump whenever
tempest fails.
Bug 1462305 is one of the last issues left before the multinode job is
stable enough to gate on, and this patch should make it much easier to
debug.
Change-Id: I87d7536b5992c47b8082684cc662f953113fd1a8
Related-Bug: #1462305
This requires three main changes:
* setting CEILOMETER_BIN_DIR appropriately
* running the various services with a full path
* explicitly installing optional python modules (for mongo and
virt drivers, if configured) during the install phase
In the process of making this work it was discovered that setting
CEILOMETER_BACKEND to something like 'foo' would cause the backend
to be configured to use mongodb but for the mongodb system packages
and related python modules to not be installed. Fixing this was used
to validate the install process under USE_VENV.
Change-Id: I35fbfa76bdd60a22ba90b13666b06eeb961dddb3
Retrieving the root page in the nova and glance APIs include
URLs for the various versions supported. These are by default
reported using unsecure URLs. Configure the services to report
a SSL-based URL instead.
Change-Id: I220757e53b94a5f6d19291371407220fdf54c645
Fedora 20 will reach end of life on 23-JUN-2015[1]; remove it as
supported distribution. Add Fedora 22 where applicable.
- stack.sh: Remove Fedora 20 from list of supported distributions.
- files/rpms/general: Remove 'f20' from NOPRIME.
- lib/ceph: Remove 'f20' from the check_os_support_ceph()
function.
- doc/source/index.rst: s/Fedora 20/Fedora 21/
[1] https://lists.fedoraproject.org/pipermail/devel-announce/2015-May/001586.html
Change-Id: I8f2e1ddc24c071754b1cceb5bed5bdafdc9d9f79
Deactivate image is new feature, so it cannot be default
enabled in tempest.
Change-Id: Ic33b3e2f7a9f62543680647312603bdd19b90198
Depends-On: I7880f0e2646ce8660e035ebaa19a60f5bf271b64
While the most part of MidoNet code is now externally maintained
using the external plugin mechanism, it can be still useful to
have a contact list.
Change-Id: I3e0a0586c07875ca37ce101dd169eaf78f34f7a5
If the version of python-requests required is higher than
that provided by the operating system, pip will install
it from upstream.
The upstream version provides its own CA certificate bundle
based on the Mozilla bundle, and defaults to that in case
a CA certificate file is not specified for a request.
The distribution-specific packages point to the system-wide
CA bundle that can be managed by tools such as
update-ca-trust (Fedora/RHEL) and update-ca-certificates
(Debian/Ubuntu).
When installing in SSL/TLS mode, either with SSL=True or by
adding tls-proxy to ENABLED_SERVICES, if a non-systemwide
CA bundle is used, then the CA generated by devstack will
not be used causing the installation to fail.
Replace the upstream-provided bundle with a link to the
system bundle when possible.
Change-Id: I349662ff8f851b4a7f879f89b8975a068f2d73dc
Closes-Bug: #1459789
Currently devstack unconditionally installs MySQL-python, so
we need to have its dependencies available. Since this is
transitional until the switch to PyMysql happened, lets just
add the dependency for now to have devstack working again.
Change-Id: I638b5999d35a06eee962679b1cd95950bbf2b1d7
Some distros have converted to systemd for starting RabbitMQ. This has
resulted in:
---
[Call Trace]
./stack.sh:904:restart_rpc_backend
/home/stack/projects/openstack/openstack-dev/devstack/lib/rpc_backend:201:die
[ERROR] /home/stack/projects/openstack/openstack-dev/devstack/lib/rpc_backend:201 Failed to set rabbitmq password
Error on exit
World dumping... see /opt/stack/logs/worlddump-2015-05-29-031618.txt for details
---
Because 'restart_service rabbitmq-server' returns before the server is ready to
accept connections.
Alter the retry loop to only restart the rabbitmq-server every second time
through the loop. Allowing time for the slow rabbit to start.
Closes-Bug: 1449056
Change-Id: Ibb291c1ecfd109f9ed10b5f194933364985cc1ce
Current SLE12 and openSUSE13.X versions can handle usermod's '-a' and '-G'
switches so remove the special case.
Change-Id: If0f1390a0eb8f41ffffca74525a4648cfe8ea61d
python-CherryPy and python-beautifulsoup are not needed so remove them
from the list of packages for horizon.
Change-Id: I45ddf98b5891a1f1f1da82bb4afa79ea43d156cc
libmysqld-devel is needed for installing MySQL-python. Otherwise the
following error occurs:
EnvironmentError: mysql_config not found
Change-Id: Id84d3116d5987976169d8e2f9aca754ded205880
The setting for overriding Horizon's OPENSTACK_API_VERSIONS is not
the correct format. The version should be a number, not a string.
so should be 3, not "v3".
Change-Id: I193d21514b196336796eac067417dc2aaec56433
Closes-Bug: #1460190
When running tools/build_docs.sh in a devstack dir that has also run tox
build_docs needlessly runs shocco on the .tox files.
Just skip them.
Change-Id: Ia561e49ea2214ac75bd55964f1b86872118b2031
when running tox in a devstack directory where you have previously run tox
-edocs the bashate testenv will fail as the shocco code doesn't match the
devstack style.
eg:
---
E003: Indent not multiple of 4: ' 2>/dev/null ||'
- /home/stack/projects/openstack/openstack-dev/devstack/shocco/shocco.sh : L352
<snip>
27 bashate error(s) found
---
Take the easy path and avoid running bashate in the shocco dir.
Change-Id: I5b0155332ec994afaffc5c5961902281864cff61
F22 has a stable release and working with devstack.
The change also removes the version flags regarding to the
mariadb-devel.
NOTE: You may see yum deprecation warnings, unless
you set the YUM variable to dnf.
Change-Id: I05140765bffc16faef5a29dfaba291c290bfae02
As unstack.sh does destroy all bridges, we don't have to refresh bridge
interface any more, as what is done in commit
c2dc95add6. So in this commit we will continue to
remove the related statements in lib/neutron-legacy. These statements will also
cause undefined PUBLIC_BRIDGE error.
Change-Id: I4c7617f6a245ea4e2e08f518d873b1b8adc2b807
Closes-Bug: #1454475
Devstack has continued to grow in memory requirements and now we cannot
reliably fit in 4GB, with several services being unable to start. Increase
the minimum for DomU to 6GB to leave room for virtual machines
Change-Id: Idbdfa1f36015b6af347d1ce27eb28baa360af5ef
When the property ENABLE_IDENTITY_V2 is set to
False in the local.conf file, devstack will:
* Disable the v2 API in Keystone paste config;
* Set Tempest to skip Identity v2 tests and use
v3 auth tokens to run all the other tests;
* Set Horizon to use v3 API and v3 auth tokens;
* Register the Identity endpoint as v3.
Change-Id: I2575a516244b848e5ed461e7f488c59edc41068d
Ironic have updated some parameters to have a consistent name
across drivers. This patch is updating devstack to stop using the
pxe_deploy_{kernel, ramdisk} parameters which have been deprecated since
early Kilo eliminating the deprecation warnings in the logs.
WARNING ironic.drivers.modules.pxe [-] The "pxe_deploy_kernel" parameter
is deprecated. Please update the node 267e42c8-df07-49f5-bc7f-48b566acb109
to use "deploy_kernel" instead.
WARNING ironic.drivers.modules.pxe [-] The "pxe_deploy_ramdisk" parameter
is deprecated. Please update the node 267e42c8-df07-49f5-bc7f-48b566acb109
to use "deploy_ramdisk" instead.
Change-Id: I3dcf8df130efc0c2ea35695018bedba31bf0570c
When the tls-proxy service is enabled then a separate
set of ports is used internally vs externally. The
services listen on the internal port and a proxy (stud)
listen on the "standard" port and forward requests to
the internal port.
An incorrect environment variable was being used to set
the internal port in the sahara configuration so it wasn't
listening on the correct port, causing stack.sh to fail
because it thought the service wasn't up (at least not
on the right port).
Change-Id: I3384039392be786d3c189f3e4f84e069ddaf4339
Closes-Bug: #1458984
As discussed in the Liberty Design Summit "Moving apps to Python 3"
cross-project workshop, the way forward in the near future is to
switch to the pure-python PyMySQL library as a default.
https://etherpad.openstack.org/p/liberty-cross-project-python3
Change-Id: Ic609ce136061b753ca692b37509a0b29c60bb8b5
'cidr2netmask' of function doesn't have enough test case
and test code isn't smart.
This patch adds test case and refactors test code.
Change-Id: Iab20ef06fe78316a78198ab75c0afe738a577dd6
Closes-bug: #1457989
remove_disabled_extensions do matching by '$ext_to_remove","'. So it doesn't
match an extension at the last position in extensions_list.
This patch fixes that.
Closes-Bug: #1443254
Change-Id: I194b483de797697ba06b320cf33f1bac67fc0cc7
Add the file vmware_dvs that will enable the external CI to be
run.
The patch in the VMware repo for the DVS support is:
https://review.openstack.org/#/c/177597/
Change-Id: I6dee978fd2be3818c5ce57b1dcb2917234ab61e2
I noticed this was taking an argument but not dealing with it. In
general the functions were undocumented, so I added some terse usage.
Also, the intent of the test-case was to expand the values before
using them as the message; make sure this happens by using a temp
variable.
Change-Id: Ib317ad1e9dd2a5d2232b9c64541fe4a601a2b8da
Neutron ML2 plugin introduces the first extension driver port_security, this
patch add it to be a default extension driver as a example. And also, if not
set it by default, networks like public/private which are created after the
neutron-db-manage's update, will not include the port-sec value.
Change-Id: I3035317c83d22804855517434bd8578719ce0436
Partially Implements: blueprint ml2-ovs-portsecurity
If neutron is enabled then there isn't a shared private network
between all tenants which is what is required for the
fixed_network_name config option. This commit adds a conditional
to not set that option when neutron is enabled. While not necessarily
fatal to tempest it does emit a warning on almost every server create
call if it is set with a non-existent network name.
Change-Id: I1a42fa6b0b5a93b411c08ec35df043d6ea69d453
We've bike-sheded over this before
(I5252a12223a35f7fb7a4ac3c58aa4a3cd1bc4799) but I have just traced
down further issues to firewalld with neutron+ipv6 (see the bug).
In fact, as mentioned in the comments, RDO disables firewalld and the
neutron guide says to disable it [1]. The force flag is left if
anyone really wants this; but nobody is testing (or, as far as I can
tell, working on) this so bring devstack back into line and disable it
always. Note we do not remove the package; as has been found in the
puppet scripts this can lead to dependency issues.
[1] http://docs.openstack.org/developer/devstack/guides/neutron.html
Change-Id: Ief7cb33d926a9538f4eb39c74d906ee0c879de35
Partial-Bug: 1455303
Nova is being enhanced to use rootwrap as a daemon. For this effort,
we need an additional entry for nova-rootwrap-daemon in the
sudoers.d/ directory.
Needed by:
I57dc2efa39b86fa1fa20730ad70d056e87617c96
Change-Id: I80c7b9dd8e9e0f940aa4e54a95b241dfc40d3574
We can infer the binary and configuration paths just from the project
name and expanding this to the known *_DIR & *_BIN_DIR variables. A
similar thing is done for policyd settings
Change-Id: I7c6a9fa106948ae5cbcf52555ade6154623798f1
os-client-config consumes clouds.yaml files, which is now supported in
python-openstackclient and shade. It also makes for a non-envvar way of
getting config info into functional tests.
Change-Id: I1150b943f52f10d19f8434b27e8dde73a14d7843
Once the trove code is copied into the trove repo and it is used
as a devstack-plugin, we can remove trove-specific code from
devstack.
Change-Id: I8f9f1a015edb7ec1033e2eaf0b29ab15d89384ce
Depends-On: I3506dec0e6097f9c2e9267110fdfb768faa23c85
When calling os-assisted-snapshots APIs, Cinder often (by default) needs
to pass an admin token to Nova. Currently it uses the credentials of
the current user.
This will cause calls to Nova APIs for assisted volume snapshots to fail.
Configuration options should be added to specify different credentials
for talking to Nova.
Change-Id: I9e3ed53f4e1349d57a0c33518445f54ac63e36ec
Related-Bug: #1308736
configure_tempest uses python-openstackclient (OSC) and we call
configure_tempest in grenade on the new side. So we need to make sure
the version of OSC is installed matches global-requirements on new.
Change-Id: I6fae9b8b081355b45e7c8d622d8db2482d41b464
Closes-Bug: #1454467
Cinder has had an lvm_type option for quite a while
that allows the LVM driver to be configured to use
thin provisioning.
This required an additional PPA in Precise, but is
available in the default Trusty packages.
This patch adds the lvm_type option, and we'll use
it to do gate testing against the lvm_thin configuration.
Change-Id: I99c7fea131f3d79747ec75052adf8b24f41ba483
This makes it possible to list virtual site-package directories
without statically stating the python version, which is a bit ugly.
Change-Id: I3e7ac39eb43cdc4f656e0c90f3bfb23545722aef
This adds potentially helpful networking info to the world dump.
It also refactors some of the output mechanisms into reusable
functions for cleanliness in the code.
Change-Id: I39f95bd487c152925f8fadd1799149db35cffd52
With bp stevedore, keystone will load backend drivers using
stevedore entrypoints. Using the qualified class name is
deprecated.
Since stevedore is going to validate that the entrypoint is
found, there's no need to list the valid backends, so backend
validation was removed. This change will cause the server to fail
to start if the backends are misconfigured rather than using the
default one.
The names of the stevedore endpoints are "sql", "ldap", etc.,
rather than the qualified class name, so the way that these
are specified in KEYSTONE_IDENTITY_BACKEND, etc., is the same as
the stevedore entrypoint and there's no need to translate.
Change-Id: I81e4e3a6c97b0057610e6b256aff5df4da884e33
The function's comment is written as follow, however the function accepts
other values (ex. "e", "t", "T", "f", "F", etc...).
---
Accepts as False: 0 no No NO false False FALSE
Accepts as True: 1 yes Yes YES true True TRUE
---
Moreover if testval mach True or False, the function exits without resetting
xtrace.
This patch fixes the issue and add test patterns.
Change-Id: Ie48a859476faff22a4dfef466516e2d7d62ef0c0
Closes-bug: #1453687
The distro packages of nose and pylint depend on python-setuptools
on some platforms, and on some of those platforms (at least CentOS
6.x) you can't resolve dependencies on python-setuptools properly if
you've forcibly removed it already (as we do on our CI workers). It
appears that any current upstream use of these tools in relation to
DevStack-based testing is now relying on tox and pip to obtain them
instead.
Change-Id: Ibd16ac550c90364115caf57fae4f5f4cb5d5f238
The `sudo -c ${CEPH_CONF_FILE} ceph ...` in lib/ceph misplaced
`ceph`. The correct syntax is `sudo ceph -c ${CEPH_CONF_FILE} ...`,
see lib/ceph:308.
While installing ./stack.sh with ceph enabled, the above malformed
command raises a `usage: sudo -h | -K | -k | -V ...` error and stops
the installation.
This patch fixes `sudo -c ${CEPH_CONF_FILE} ceph ...` by moving
`ceph` to the right place.
Change-Id: I3da943d5a353d99b09787f804b79c1d006a09d96
Closes-bug: #1453055
The Multi-Node Setup guide in README.md
https://github.com/openstack-dev/devstack/tree/master#multi-node-setup
guides users to use
SCHEDULER=nova.scheduler.simple.SimpleScheduler
where the SimpleScheduler doesn't actually exist in nova. Even
though this is just an example, it is misleading enough for a
beginner to put SimpleScheduler into local.conf. The resulting
error message where n-sch fails to start
ImportError: No module named simple
Isn't intuitive enough and may takes the beginner long time to
locate what's wrong.
This patch replaces SimpleScheduler with a real existing
FilterScheduler in nova.
Change-Id: I14a2a5c0604ce08a498accfc3a795c1c9aa3e642
Closes-bug: #1453186
Nova commit 9b224641295af3763d011816d6399565ac7b98de removed the option
in Liberty so we can remove it's usage in devstack.
Related-Bug: #1364851
Change-Id: If051f43fb75d57c118db4e8e97895ff06fbb54e2
This change adds setting of deploy_img_dir and node_uuid baremetal
config options during tempest configuration to enable ironic w/o
glance scenario testing.
Needed for change I171e85cb8a21fae4da45028f1f798988a36f6c95
Change-Id: I6fd393390389c4c643b93198fa461fc2adc415ae
The pip_install_gr function in build_wheels.sh use requirements project.
So requirements project must exist before execute build_wheels.sh.
Then we moved install_infra function which install requirements project.
Change-Id: I8f80ecafff0f7e1942731379b70bccac338ea3b3
Closes-Bug: 1453012
Live migration of paused instances is a new Nova feature in Kilo, and will not
be backported. The compute_feature_enabled.live_migrate_paused_instances flag
defaults to False for this reason, but can be set to True here. The tempest
config option and this change can both be removed at Juno-EOL.
The related Tempest change: I5c6fd3de7ea45d1851bb40037c64ad7fb5e6dc48
Change-Id: I3a83e43d252b88c234438a224e2fbebc0a81eaff
Related-Bug: #1305062
This change extends devstack to configure the br-ex,
br-<phy> and Xenserver's br-$GUEST_INTERFACE_DEFAULT
datapaths when OVS_DATAPATH_TYPE is set.
Change-Id: I71e590de86e7526e8423140463752d6b3ad14214
Closes-Bug: #1416444
Update the default CIRROS_VERSION to 0.3.4, which has better support
for IPv6 and some other bugfixes.
Co-Authored-By: Scott Moser <smoser@ubuntu.com>
Change-Id: I03ee6e1403680fb6c421225a7cadaf8a82edf702
Depends-On: Iac9f108d947ff4a51f99c6e8ad9d1ac5b32c000a
If we fail during devstack / grenade runs, it would be nice to have
the map of iptables that are currently active as well. This makes it
handy to start figuring out what's going on when test servers don't
ping.
Change-Id: Ia31736ef2cb0221586d30c089473dfdc1db90e23
In openrc, if we set OS_CACERT, some things will expect it to be there
in pre-flight checks. But it may very well be missing. This "fails
closed" because if we find the file, we try to use it, but if we don't
find the file, and the user thought we should be using it, we'll just
not be able to verify the server's name, and the libs will fail on that.
Change-Id: Ia5d06afa74bc645c2f19711cfa37e57a377c329b
Closes-Bug: #1452036
This is an attempt to fix the cffi vs. wheels bug in a more generic
way by just ensuring that pip has installed cffi with a pip understood
version into the venv before we try to do any builds.
Related-Bug: #1451992
Change-Id: Ibc58668c53933033405b40f79b0e9ffc73a01a6f
Recently, keystoneclient.middleware has been moved from keystoneclient to
keystonemiddleware. The latter should be used.
Change-Id: Ib9489a21b988b32fc17399c08eeb60862efae034
Closes-Bug: #1452315
xattr fails to import due to being unable to build cffi bindings unless
it is imported as root beforehand.
Depends-On: I6a9d64277974933ae9b7bbe2a40b8a0eb0fa8c6a
Change-Id: I835e55bbafc7e0640987e6f3c8ee0c873f875ee0
Closes-Bug: #1451992
Inspired by keystone and rcbops-cookbooks's nova scripts,
this review adds apache2 templates for two of the Nova
services. Also add code in lib/nova to switch between
the old and new ways to these two services. The patch
depends on the Nova review mentioned below as the two
scripts that are needed will be in Nova's repository.
TODO for later would be to switch on NOVA_USE_MOD_WSGI
when ENABLE_HTTPD_MOD_WSGI_SERVICES is switched on.
Related Nova blueprint:
https://blueprints.launchpad.net/nova/+spec/run-nova-services-under-apache2
Depends-On: Idd7d3d1b3cc5770cdecea7afe6db3c89d5b2c0d0
Change-Id: I9fc0c601db2776d3e9084be84065e728e3f5d414
CINDER_SECURE_DELETE previously iniset volume_clear to none as a
side effect, however secure_delete is not documented in cinder.
Now using CINDER_VOLUME_CLEAR outright. CINDER_SECURE_DELETE is
supported but now deprecated.
Change-Id: Ic8694cf16654c23b27d23853a9f06ddf1050fa93
Closes-Bug: #1450159
In an installation with VLAN tenant networks, devstack should
not configure the local_ip (which is applicable only when
tenant_tunnels are used). This is causing failures in Neutron
for an IPv6 only setup. This patch addresses this issue, but
configuring the local_ip only when TENANT_TUNNELS are enabled.
Related-Bug: #1447693
Change-Id: I0e2a2d8b6ce0ad87f6c0d318ac522dbab50d44ee
We do a bunch of exec magic unwind in run_process that leads to a lot
of confusing lines in the logs under xtrace. Instead, disable xtrace
through these parts to ensure that the flow at the end of the day
makes more sense.
Change-Id: I91e02465240e704a1a0c0036f5073c0295be018e
There is actually no reason why we need openrc for these tests, don't
source it as it prevents some ip math errors from randomly killing
tests.
Change-Id: Iface7c21898d92e14e840379938b25844cd85565
The warn function was putting content into a side log file which made
it kind of hard to keep an eye on when warnings were actually being
issued. Let's just get this into the main output stream.
The calling of the warn function in git_timed was also incorrect, so
the output would not have been what we expected. This solves that as
well.
This will hopefully give us trackable data about how often we need to
recover from git clone errors.
Change-Id: Iee0d2df7fb788a4d34044d29ab10afdcafb9bb5a
This avoids us leaving the filter in the global lvm config. Without cleaning
this up, we can hit some failures to run stack.sh because devices are excluded
that we need to be able to see. This resets it to what it was before when
we do a cleanup.
Also, do this before we add the line, so we don't add multiple lines on
successive runs.
Closes-bug: #1437998
Change-Id: Idbf8a06b723f79ef16a7c175ee77a8c25f813244
devstack installs neutron utilities into /usr/local/bin such as
neutron-keepalived-state-change and neutron-ns-metadata-proxy.
In stead of adding individual filters to allow them to run from that
directory, this patch adds /usr/local/bin into exec_dirs.
Please also refer to I3abd1c173121dc8abb5738d1879db8ac9a98b690 for
discussion on the approach to fix the bug.
Change-Id: Iade8b5b09bb53018485c85f8372fb94dbc2ad2da
Closes-Bug: 1435971
The current sed matching mixes up common-prefix matching;
e.g. "-q-lbaas,q-lbaasv2" is changed into just "v2"
This is more verbose, but I think more reliable. See also
Ib50f782824f89ae4eb9787f11d42416704babd90.
Change-Id: I3faad0841834e24acc811c05015625cf7f848b19
Debian/Ubuntu have *helpfully* removed gdbm from the base python
package and put it into another package, which is not dragged in by
installing python. Testr doesn't function without this.
We should ensure this always gets installed.
Depends-On: If48a8444b02ee1e105bc1d9ce78a0489ea0c405b
Change-Id: I85a0ffe5ee384e055e78fd3164c27d42a86bc39d
“Speed not required” is not a sentence
Gb should be GB
added a , after floating IPs
fixed sentence around “To implement a true multi-node test of Swift
since it did not make sense
removed extra underline line after Machines
removed capitalization of service names to comply with docs conventions
https://wiki.openstack.org/wiki/Documentation/Conventions
changed to DevStack for consistency throughout
Change-Id: I531bf6b2bad62fbf9d1417b2b1ce06de3715e0f0
This commit fixes the issue that ml2 plugin
sets 'flat_networks' in ml2 configuration file as
empty. The value of 'flat_networks' need to be set
as the name of the physical network that was specified
in the localrc file (or it's default value).
Change-Id: Ib4c31f6576da57534b36aefebd1ca8cd397c6c1a
Add the response time to keystone's access log for each request. This
will be the last element in the log-line and will be represented in
microseconds.
Change-Id: I19204369af5cdf06df2237550c350dfb3ffc995d
We can see at-a-glance memory usage during the run with dstat but we
have no way to break that down into an overview of where memory is
going.
This adds a peer-service to dstat that records snapshots of the system
during peak memory usage. It checks periodically if there is less
memory available than before and, if so, records the running processes
and vm overview.
The intent is to add logic into the verify-pipeline jobs to use this
report and send statistics on peak memory usage to statsd [1]. We can
then build a picture of memory-usage growth over time. This type of
report would have allowed better insight into issues such as
introduced by Idf3a3a914b54779172776822710b3e52e751b1d1 where
memory-usage jumped dramatically after switching to pip versions of
libraries. Tracking details of memory usage is going to be an
important part of future development.
[1] http://graphite.openstack.org/
Change-Id: I4b0a8f382dcaa09331987ab84a68546ec29cbc18
event support in Ceilometer was implemented in Kilo. to enable
tests in tempest, we add an option to run tests only on Kilo+
branch.
Change-Id: Ia4a73b7df343e31e6301f8314490fd42a01b7cd0
Part of the effort to clean up the Cinder logs is to use
the resource tag in the log format. We also want to have
some consistency with other projects in how we do logging.
This change adds the logging format to cinder.conf similar to
what Nova and others use, and most importantly turns on the use
of the resource tag that's in olso_log.
We're slowly cleaning up the logging in Cinder by doing things
like replacing "Delete volume %(volume_id)s compoleted" with
("Delete volume completed successfully.", resource=volume)
It woudl be good to have these picked up as we transition so we're
not missing info. Also, there's sure to be cases where "volume"
isn't a valid dbref and we find issues that need fixed.
Change-Id: I193637fea14d97183f6a9782f37d8edcf929e0c4
This patch sets DevStack to run in dual stack networking, with both IPv4
and IPv6 networking configured. This change is required for dual stack
testing at the gate.
A different patch was created against devstack-gate to make this the
default, but the Juno branch of Neutron is missing required fixes to the
L3 agent that are present in Kilo. This was the suggested alternative.
Related-change: I3d416275f77913769b98e77f7e47bed17fc4d1cc
Co-Authored-By: Henry Gessau <gessau@cisco.com>
Co-Authored-By: Andrew Boik <dboik@cisco.com>
Depends-On: Ib66a9109cc1c7999474daca5970d0af1f70886e4
Depends-On: I0f9ea98cb84aa72cb1505fb9ff8ac61561cc1376
Depends-On: I85fe68782bc54f28f3e14aa4a1d042cb15959dac
Depends-On: I9395834f673038dc23b25eaeefe14895fe154e0e
Change-Id: If0e0b818355e4cb1338f7fa72af5e81e24361574
Encapsulate all the neutron specific things you have to do ping a
neutron guest into a separate script. Refactor the main ping_check so
all logic is contained within it.
Change-Id: Ic79d8e3a2473b978551a5635a11dba07e1020bb2
Change If132a94e53545d9134859aa508da7b9819ede2f8 introduced a small
regression; it added an "inidelete" which looks in the config file to
delete rows.
However, at least for the test-case, the config file isn't created
yet. The end result is that the test fails but we don't notice.
2015-04-17 00:55:03.169 | merge_config_file test-multiline: sed: can't read test-multiline.conf: No such file or directory
2015-04-17 00:55:03.195 | OK
So fix this up by creating the config-file if it isn't there.
Also, add "-e" to the test file so we catch things like this in the
future.
Change-Id: I43a4ecc247f19cccf51d5931dfb687adbd23d6b1
This currently does not exit with any failure code when tests are
failing. Convert it to use the helper functions from unittest.sh so
it correctly reports failures.
Change-Id: I2062d9c00ebffcc98ba75a12f480e4dd728ee080
The "die_if_not_set" test has the LINENO as a positional argument.
The existing tests are not passing this in, so they are failing.
Along with this, remove the "-x" from the invocation and hide the
output of the tests that are expected to fail to avoid confusion.
Change-Id: Ibf6b9d7bb72b9f92831e1a90292ff8b0bec7faea
run_tests.sh runs tests starting with test_*
The existing test_functions.sh is really testing true/false. Move
that to test_truefalse.sh
Then move functions.sh to test_functions.sh. This will ensure it is
run during unit testing from run-tests.sh
Change-Id: I959ac38c946da1fb47458b8c4f09157f74f0e644
Convert test_ini_config to use the "passed / failed" functions in
unittest.sh. test_meta_config wraps everything into a function; it's
not work unrolling this so just make sure it exits with non-zero if a
test fails.
Change-Id: I9e9883fdad42358255383eede9121b1d361799c8
Use the unittest helper to track test runs and correctly exit with a
failure code if there is a problem
Change-Id: Ie62f354a8cd3b8fd5986e6943a073f7955fb55ba
Add two generic "passed" and "failed" functions to the unittest
helper. Also keep a count of passed and failed tests. Later changes
will use these functions to ensure they exit with a correct return
code.
Change-Id: I8574dcb1447b04fcda3d72df0bf8605cf7488d3c
Implements: blueprint catalog-index-service
The changes to lib/glance incorporate the new g-search service.
The g-search service is optional.
To enable it add the following line to devstack/local.conf:
enable_service g-search
In addition to deploying g-search, the changes will also populate a
search type of keystone service and adds in appropriate endpoints.
Change-Id: I0272d56bc2e50e8174db78bd449f65f60f7f4000
changed to comply with doc conventions
When referring to services, use "Compute," "Image service"
and "Identity" instead of "nova," "glance," and "keystone."
Use the project names like "nova" and "keystone"
glance is officially Image service not storage
removed extra .
Change-Id: I39457c20dc2ede775fe3f3c63077133fbb6c917b
If a group is specified we modify the command to run under "sg". This
currently isn't reflected in screenrc so rejoining fails
Change-Id: I5c18ba664a6ae9ba9aaa4439a9086bc85085cd75
Closes-Bug: #1444267
The commit 279cfe7519 removed the n-crt
service from the default devstack setup. As such, the stack.sh script
begun to thrown the following error when trying to "nova x509-create-cert":
ERROR (ClientException): The server has either erred or is incapable of
performing the requested operation. (HTTP 500)
This patches reintroduces the n-crt as a default service.
Change-Id: Id9695a37e1c6df567f2c86baa4475225adcfb0ee
Closes-bug: #1441007
Now devstack will configure tls-proxy for sahara as well as for
other openstack services.
Change-Id: I7b0f2f0773cd3619a33cac66d40f3d0ce0f5432c
Closes-Bug: #1419163
Sahara will work over https in case if USE_SSL is set.
Note, this patch requires https://review.openstack.org/#/c/145383/
which is not merged yet.
Change-Id: I9e0069cfe72323a069a4205ca2f882c7a3ad17e0
Closes-Bug: #1419162
It is not clear to me why this can't use run_process? Currently we
end up with two log-files both with the same thing
- dstat.txt.gz which comes from the "tee" and is symlinked into
SCREEN_LOGDIR, so gets picked-up by the gate scripts
- screen-dstat.txt.gz which comes from screen_it
Change-Id: I00b9e09b8d44f72ff14e69dc6e4a4bd5e2a0439e
When running './stack.sh' messages are output stating that
the keystone CLI has been deprecated. These calls should be
replaced to ones utilizing the openstack CLI program instead.
Documentation examples were also updated to reflect the new syntax.
Change-Id: Ib20b8940e317d150e5f6febb618e20bd85d13f8b
Closes-Bug: #1441340
The readme currently states that a compute node in a multi-node setup
requires the glance-api service to be enabled. But actually
the glance-api service is only required on the controller node where
glance-registry is running.
Running the glance-api service on a node without glance-registry will
even lead to a failure of glance-api, as the glance cache directory
will not be created without enabling glance-registry.
Change-Id: Ie92533f3333f3fe3e2d747762e60f2f42a233e79
Closes-bug: #1441198
Some (qcow) images have .img file name extension (e.g. Cirros).
Ignore such files in files/ folder too (as we already do
with .qcow2 and .gz images).
Change-Id: Iac8593b65205e25fd3f94244a136c584d9af8eab
clean.sh picks the parent of LOGFILE and wipes it clean! So if you
set it to a log file in the users root directory, you lose everything
We should delete just the LOGFILE and cleanup LOGDIR and SCREEN_LOGDIR if
they are explicitly set.
Change-Id: I45745427dcaed3dcf0b78cc9ed680833d9d555e8
Instead of creating a network in both the API cell and child cell,
let tempest use the old behavior of not querying networks from the
API for testing server create.
Change-Id: I9809d2b2e796ff1a5ea7e4f25bbeb21bd4817a72
This operation seems vestigial, as it was added to the code when stack.sh
did not have a robust cleanup procedure. These days, unstack.sh does destroy
all bridges, therefore during subsequent stack.sh runs (or even initially, from
a clean environment), the flush operation has become superfluous.
Its removal has also been deemeded necessary to enable certain multi-node
cloud deployments, like the one available in OpenStack infra [1].
[1] https://review.openstack.org/#/c/158525/
Change-Id: I6b4e5b82958e6d29dd450f1c4c9513f6a9e5053a
When the n-cell service is enabled, we create networks in both the
API cell and the child cell. Recent changes to tempest have tests
querying networks from the API and passing them for a server create.
In order for this to work in cells, the UUIDs for the network in
the API cell and the child cell must match, else the network won't
be found in the child.
This change adds the --uuid option to the nova-manage network create
command for cells only.
Related-Bug: #1441931
Depends-On: Ib29e632b09905f557a7a6910d58207ed91cdc047
Change-Id: Ib5933b1405c0761ff727e04cda0c502a826c8eaf
For testing we can need to disable or change the rate of the heartbeat
Currently we have to set the value manually in each componments or
to write multiple [[post-config|$<APP>_CONF]] section in local.conf.
This change will allow to configure all componments at once with only two
lines.
Also, we don't set default values to continue to use oslo.messaging
defaults.
Change-Id: Ieaca60ca1cd6d7455b66ce490a9b023df431e9c3
the sleep 3 in screen_it was added to make devstack pass in the gate
with exceptionally slow test cloud nodes. In the gate we now bypass
the screen path entirely. However the sleep 3 remains and can add a
couple minutes delay into local development runs.
We're not sure yet how low this can safely be tuned, so step 1 is to
make it configurable, then get devstack team members to try various
options to see what works.
Change-Id: I0e6476176fc8589efc4e40e78c2231f704d14e45
This patch enables proper support for arm64 images by disabling VNC support
and adding several properties to the image in glance that are necessary to
boot correctly:
hw_cdrom_bus=virtio
hw_machine_type=virt
os_command_line='console=ttyAMA0'
Change-Id: I68c9a5e0e083af2f92875c3bdf70df750f6e4d8f
The install_infra() call needs to be done earlier since
pip_install_gr() depends on it. Also the fact that python module names
are supposed to be lower case but some use camel case is a problem
(for example with XenAPI).
Change-Id: I7012d77134fa0d9c746d87e837934e7dcb337e5c
Closes-Bug: #1441820
This creates a new pip_install_gr that installs from global
requirements allowed versions. Now that stable branches are getting
capped all of devstack needs to be fixed to do things like this.
Change-Id: I8fd0ef2bfc544ca2576fab09d3018f760b8848fe
I changed it so that rabbitmq always restart.
Current devstack don't restart rabbitmq in case of ubuntu. Because
rabbitmq is running at default.
But this approach have the following bug.
If rabbitmq is already installed and not running , stack.sh will
fail.
So I change it so that rabbitmq always restart.
Closes-bug: #1030798
Change-Id: Ie45446d3817b2f15631f03b2af84749fe936c67b
This reverts commit 71e82f52bd.
aioppcu now uses x86_64 so no need to list the i386 images for caching.
Change-Id: If500367c8bf3fdb4590c866e007ecd7de1ab5781
Depends-On: I839e1c724821ba2624beddb5233eda24b50c149f
The qemu-system package, and not qemu-kvm, should be installed on either
trusty- or utopic-based ARMv8 (aarch64) Ubuntu releases. Additionally,
libguestfs is not available so that is not installed.
No changes are required for vivid.
Change-Id: Id9dc1fc465bd7acab17c991c292fb531016758ad
Signed-off-by: Andrew McDermott <andrew.mcdermott@linaro.org>
With the implementation of dual-stack gateway support
as part of the Neutron multiple-ipv6-prefixes
blueprint, some of the code in the IPv6 setup in the
DevStack neutron legacy script must be removed. This
code had been added temporarily, with a TODO note
indicating that this code should be removed when
the Neutron L3 agent is modified to support
dual-stack.
Without this change, DevStack will fail to configure
the Neutron router gateway interface (there will be
no external connectivity) whenever IP_VERSION is set
to '4+6' in localrc/local.conf, since
first DevStack and later the Neutron L3 agent will be
trying to ADD the IPv6 address to the router gateway
interface.
This change also includes a modification of the
default prefix to be used for the public IPv6
subnet. The new value (2001:df8::/64) is a special
reserved prefix that will be treated as non-routable
external to the OpenStack instance.
Change-Id: I85fe68782bc54f28f3e14aa4a1d042cb15959dac
Partially-implements: blueprint multiple-ipv6-prefixes
there was a missing -or which meant we weren't running this on most of
the files in the repository.
Change-Id: If926afc8f12f6beb80d7a9af7c787b3dcc360a89
One of the earlier patchset while updating stackrc
missed on adding "+=" while adding multiple services.
Closes-Bug: #1439983
Change-Id: I74f788e15b7da05a93fc8d99c562e51386b65053
Setup of OVS may fail, if ports that are added,
are already exist. Add "--may-exist" directive to OVS
add-port command to prevent this behaviour.
Change-Id: I2280be9a63a4a6fbc747b5e32b602697b555ffa8
Closes-Bug: #1394162
Now that tempest is querying for a network before making server create
calls the fixed network needs to be known by the API cell. Server
creates should work for networks defined in both databases, but defining
a new network via the API will continue to not work.
Change-Id: I32461add0d20940a55385c8b34cd493e2561615e
In current implemetation these two urls are defined from Nova
definitions. And urls point to nova. But standalone EC2API
project has another urls that are defined in keystone catalog
in plugin setup.
I suggest to use urls from catalog to be able to test
stackforge/ec2-api by current tempest.
Change-Id: Ibec8c36a8c2fc7ea3d8fab57819adae5f7378045
euca-bundle-image can be run only if euca2ools is installed.
but now it doesn't installed and several tests for EC2 doesn't run.
Change-Id: Ib3824052d5f4155d3cb5c0ef6fe334d44de5153c
This commit ensures we also set the qcow image location in the
tempest config when we update qcow version. The tempest config has
a default value for img_file (which is incorrect) but before we can
remove the defaults in tempest we need to ensure devstack is using
it properly first. The only reason the tests weren't failing here is
because tempest falls back to using uec images (which devstack was
correctly setting config for) if qcow isn't found. The img_dir was
also hardcoded assuming a uec image, however if qcow is intended to be
used you'll need to be able to override that, which is added as
part of this commit.
Change-Id: I05af346b3c9be9560dc8846dd1f437cfbb2d5005
This patch changes the two config options required for Ironic to
successfully test cleaning in devstack.
First, we disable erase_devices clean step. Erase devices in VMs
ends up running shred on the drives for the agent driver, which is
incredibly slow and completely unneeded in devstack.
Additionally, we allow Ironic more time to complete the unprovision
after the nova instance is deleted. This time is spend in the CLEANING
state to clean up the node.
This is related to the Ironic blueprint "implement-cleaning-states".
Change-Id: I77081165a80491da3e66d8a4554b6d71fc3d9353
2 files had execute bits set on them, fix as a cleanup. These files
should not be directly executed.
Change-Id: Ic0fdb85d77a3b47ef777524faf4fcdb0d8cedece
This changes the default service list in devstack to minimize what is
running out of the box, so that it's likelihood of working in a 4G vm
is much higher.
This removes heat from the default enabled service list.
It drops the ec2 only needed n-obj and n-crt services.
It drops all the alternative consoles (xvnc, consoleauth). novnc is
fine for libvirt which is the default.
It adds dstat, because that's turned out to be so useful in debugging
things.
Change-Id: I84457260dff6f42a5c6ebcc2c60fb6e01aec9567
Enabling it by default because:
- This allows you to get the relevant logs right away when something
in the libvirt code path fails, without having to submit another
change and keep doing a 'recheck' to re-run the CI check/gate jobs
until you hit the bug.
- The libvirt log filters specified in the function
'configure_libvirt' are much more _selective_ and not a catch-all
debug option where you end up with the unhelpful situation of having
to find a "specific piece of hay in a haystack"[1].
FWIW, I always have it enabled in local test environments, and I don't
see the resulting libvirtd.log growing beyond a couple of MB for
three-four days of usage.
[1] http://lists.openstack.org/pipermail/openstack-dev/2014-January/024414.html
Change-Id: I5e0b35446075b419fe473e1db8d0bfedd7009741
We are trying to get a working 64bit qemu cpu model in the gate for nova
live migration testing. It appears that we need to make this change
prior to nova starting.
Make the change in configure_libvirt() to handle this along with the
other libvirt config updates. This allows us to restart the libvirt
service once. This function calls a python tool which parses and updates
the XML if necessary.
Change-Id: I00667713bfba67ab8cedbcb1660ff94d4f4bcc07
A lot of libvirt interactions with QEMU are via the QEMU monitor
console, which allows you to either query or modify the state of a
virtual machine. Spefici examples include: querying the status of live
block operations, live snapshot operations, live migration, etc.
Enabling the 'qemu_monitor' log filter allows us to capture precisely
what commands libvirt is sending to QEMU.
Note that the log level was intentionally set to '1' (i.e. debug) for
this specific filter, because (a) it's not extremely verbose, (b) when
something breaks, it's helpful to have the exact sequence of
interactions between libvirt and QEMU.
Change-Id: Iba95b6bd7c9f197c8d48c7d978f538e50d4e31fa
There are a couple of targets in here that some might find useful in
doing DevStack testing in multiple remote VMs.
There are some of the usual boring targets too, like stack and unstack,
that do exactly what you would expect.
Change-Id: I7974cac4cc527bacf6f183ac1f344428b05f2fdc
This previously defatuled to 'private' and aligned with devstack's
defaults but it has since been updated to 'None'. This sets the config
value according to devstack's.
Change-Id: I3f480d5480521a93992bedfe602eb20a4999263d
Closes-bug: #1438415
This is needed otherwise we fall back to the nbd code path which is
super hacky. This shouldn't have been deleted for the venv path.
Change-Id: If5cb6cb4944bd0ed3548d53c98443b76725d1c0c
PyEClib was introduced recently to swift-master. It tries
to build liberasurecode which requires the `make` binary.
Change-Id: I8acfed4f7b46a29eac36f6acbe1d66e7fff800db
Reading through the docs for the first time, the reader encounters an
instruction to provide a minimal configuration, with a link that they'd
expect to tell them how to do this.
At present the link actually takes them to the top of
configuration.html, where they read some history about how devstack's
configuration has changed over time.
This is interesting and important and should be in the docs - but in my
opinion a link about setting up a minimal configuration would be more
useful if it takes me to a place that tells them about a minimal
configuration.
To get this, I've had to an an explicit link target into
configuration.rst. I'm not hugely keen on this approach, as I don't
think it scales well. I'd be open to suggestions about other
approaches. The only idea I've had so far though is to simply move the
minimal configuration section right to the top of the page, so that a
link to the doc is a link to the minimal config - the historical
information could be moved to its own topic somewhere further down the doc.
Change-Id: I231ca1b7f17b55f09a4e058dab8ee433893f737e
The public_endpoint and admin_endpoint options are used to set the base
hostname when listing versions. If they are not provided then the
response will use the same hostname as the request was made with - which
is almost always what you actually want.
This means devstack will respond correctly to a version list when behind
a floating IP for example.
Change-Id: Idc48b9d7bee9751deb24d730fdc560b163f39dfe
Rootwrap shouldn't be a unique snowflake. Plus the binaries tend
to be called assuming PATH will find them. Not so with venvs
so we need to work around that brokenness.
Configure Cinder and Nova to use configure_rootwrap().
Change-Id: I8ee1f66014875caf20a2d14ff6ef3672673ba85a
pyOpenSSL has done a rewrite of itself in Python. This may be good
for many reasons, but memory usage is not one of them. It just about
doubles the size of at least swift, which usually consumes about 6% of
a CI testing vm's 8gb RAM. This is enough to push centos hosts into
OOM conditions and then everything falls apart.
The distro packages of pyOpenSSL are the older C-based versions, which
doesn't bring in the kitchen sink of cffi & pycparser.
Change-Id: Icd4100da1d5cbdb82017da046b00b9397813c2f2
A recently merged change Ie35cb537bb670c4773598b8db29877fb8a12ff50
and I71e2594288bae1a71dc2c8c3fb350b913dbd5e2c broke Q_USE_PUBLIC_VETH.
This commit fixes the regression.
Closes-Bug: #1436637
Change-Id: I1447bf98607143ba4954ce5ec3ed94010320baa5
Install a couple of optional feature prereqs in hypervisor plugins.
rootwrap is horribly called indirectly via PATH. The choice, other than fixing
such nonsense, is to force the path in sudo.
TODO:
* python guestfs isn't in pypi, need to specifically install it to not
use the distro package
Change-Id: Iad9a66d8a937fd0b0d1874005588c702e3d75e04
The Linux-IO is a modern way of handling targets.
Per the IRC discussions lioadm as default
seams like a better default for everyone, for now it will be
optional, but the tgtadm admin support expected to be removed when
lioadm works well with all CI (including third party).
Change-Id: Ia54c59914c1d3ff2ef5f00ecf819426bc448d0a9
during the glusterfs integration it was seen that plugins might need
to set new defaults on projects before the project files load. Create
a new override-defaults phase for that.
Intentionally not adding to the documentation yet until we're sure
this works right in the glusterfs case.
Reported-By: Deepak C Shetty <deepakcs@redhat.com>
Change-Id: I13c961b19bdcc1a99e9a7068fe91bbaac787e948
Make it possible for someone to config
PIP_UPGRADE=True
in local.conf and thus force pip_install calls to upgrade. In
automated testing this is probably a bad idea, but in manual testing
or situations where devstack is being used to spin up proof of
concepts having the option to use the latest and greatest Python
modules is a useful way of exploring the health of the ecosystem.
To help with visibility of the setting, and section has been added
in configuration.rst near other similar settings.
Change-Id: I484c954f1e1f05ed02c0b08e8e4a9c18558c05ef
When running Neutron on a single node that only has a single interface,
the following operations are required:
* Remove the IP address from the physical interface
* Add the interface to the OVS physical bridge
* Add the IP address from the physical interface to the OVS bridge
* Update the routing table
The reverse is done on cleanup.
In order run Neutron on a single interface, the $PUBLIC_INTERFACE and
$OVS_PHYSICAL_BRIDGE variables must be set.
Co-Authored-By: Brian Haley <brian.haley@hp.com>
Change-Id: I71e2594288bae1a71dc2c8c3fb350b913dbd5e2c
This commit removes the compute-admin section from the tempest config
file that devstack generates. These options have been removed from
the tempest config and aren't being used, so there is no reason to
keep them around.
Change-Id: I7500fe3b329b913c60fa505a5230db4a5d35d7f1
isset function was moved to config file related functions by accident,
this change also simplfies the isset in a bash >=4.2 way.
All supported distro has at least bash 4.2. (RHEL6 used 4.1)
Change-Id: Id644b46ff9cdbe18cde46e96aa72764e1c8653ac
This commit adds a new flag, TEMPEST_HAS_ADMIN, to enable or disable
setting admin credentials in the tempest config file. This allows for
devstack / tempest configurations where tempest doesn't have admin to
ensure it would work in public cloud scenarios.
Change-Id: Id983417801e4b276334fb9e700f2c8e6ab78f9ba
Adding `uname -a` to stack.sh to make easy to see from the devstack logs
what was the actually running kernel version.
Change-Id: I0068504bf055a588b155b0a60215440d365bf53e
Otherwise in standalone mode we use the new default of "trusts"
which won't work.
Change-Id: If18db711faf7810217af0a89d1e38590a94d8e5b
Closes-bug: 1436631
Preparing to refactor lib/neutron to support Neutron as the default
network config. lib/neutron will be renamed internally and refined
to support a couple of specific configurations.
Change-Id: I0d3773d14c4c636a4b915734784e7241f4d15474
This patch is causing blocking failures in some 3rd party CIs.
The issue can be tracked to the fact that the PUBLIC_INTERFACE
interface might have no address assigned.
This reverts commit 93b2100c98.
Partial-Bug: #1436607
Change-Id: I0943aa542b911fbcebb100543e0adbb38159b233
Because tests might force the auth version to v3, we always need
to have Member in the list of roles.
Change-Id: I06fd043e1b31ae0e5e33f4dcf898fb58f2907267
devstack is a development and test environment, but by default we were
only installing the runtime dependencies. We should install all the
testing required packages as well.
Change-Id: I7c95927b9daad15766aac9d1276b10ca62efb24c
When running Neutron on a single node that only has a single interface,
the following operations are required:
* Remove the IP address from the physical interface
* Add the interface to the OVS physical bridge
* Add the IP address from the physical interface to the OVS bridge
* Update the routing table
The reverse is done on cleanup.
In order run Neutron on a single interface, the $PUBLIC_INTERFACE and
$OVS_PHYSICAL_BRIDGE variables must be set.
Co-Authored-By: Brian Haley <brian.haley@hp.com>
Change-Id: Ie35cb537bb670c4773598b8db29877fb8a12ff50
Tempest can now do all heat tests with cirros, and heat functional
tests now load a custom test image from tarballs.o.o, so devstack
no longer needs to register the fedora cloud image.
Depends-On: I6041b8d6e7e9422f6e220d7aef0ca38857085e4b
Change-Id: I9b3ea2c157b96dee139a24f0fa6f68f6764a7d67
In order to keep redstack in synch with devstack, the conf files
referenced within devstack need to be able to be declared externally.
This change allows *_CONF values to be specified, and uses the
original values as defaults.
Change-Id: Ic67f6347b92b05619103a77e9f7ea80a299a6869
Until we have the ability to prebuild wheels so we don't spend time
compiling them during devstack runs, stop building wheels for libraries
that we still install from deb packages.
Long term we want to move away from using deb packages to install python
packages and use wheels. But until the wheel building logic is in place
so we don't have to compile wheels on each devstack run, don't waste
time compiling python libraries that we just use the packaged version of
anyway.
Change-Id: I962e2cfff223f7ab8efd5766ee0ef22229ab27bf
Stop services from throwing the following warning:
Option "rabbit_password" from group "DEFAULT" is deprecated. Use option
"rabbit_password" from group "oslo_messaging_rabbit".
Same for rabbit_hosts and rabbit_userid
Change-Id: I7da503ef50b3653b888cb243caa74b4253a495e2
This document explains the steps to configure Load-Balancer in
kilo.
Change-Id: Ic8c2f3cca80e331b7275f689051c07d863d918ea
Depends-On: I64a94aeeabe6357b5ea7796e34c9306c55c9ae67
Sahara supports running in distributed mode. Need to add this ability in
devstack.
Changes:
* configure rpc backend for sahara by default
* added sahara-api service for running api side
* added sahara-eng service for running engine side
Change-Id: I4fb9d5746b08c9b1fee0d283bcf448e47a87089b
Commit c12a78b35dc910fa97df888960ef2b9a64557254 has set the
"always" flag to be deprecated in liberty. This moves to using
"True" instead.
Change-Id: Idecf7966968369d2f372abffcab85fbf9aa097c7
unstack.sh always stop dstat process, however unstack.sh show 'dstat: no process
found' when dstat is disabled.
This patch stop function of stop_dstat, when dstat is disabled.
Change-Id: If9054826bed8a7fedd4f77ef4efef2c0ccd7f16e
Closes-Bug: #1435148
Most of the changes revolves around using MySQL rather than MariaDB,
plus enabling the addon repos on public-yum.oracle.com.
The patch just touch the areas where there is a divergence between the
Fedora and Oracle distributions and in all other cases the is_fedora
will result in the correct decision to be made and left as is.
Collapsed the is_suse and is_oraclelinux into a single check in
configure_database_mysql and cleanup_database_mysql
Added Oracle Linux to MAINTAINERS.rst
Rather than duplicating most of the Redhat version check code, added
a check in the block to do the determination if it is Oracle Linux
Change-Id: I5f1f15106329eec67aa008b17847fa44863f243f
If SWIFT_DATA_DIR is set on local.conf we need to make sure to create
the directory with proper permissions
Change-Id: If29fa53f01b4c0c8a881ec3734383ecffac334ce
Closes-Bug: 1302893
rootwrap is horribly called indirectly via PATH. The choice, other than fixing
such nonsense, is to force the path in sudo.
Change-Id: Idac07455359b347e1c617736a515c2261b56d871
Configuration options that are only relevant when running keystone
under eventlet (rather than Apache httpd) were moved to the
[eventlet_server] and [eventlet_server_ssl] groups in the
keystone.conf file to avoid confusion. This change updates devstack
to use the new non-deprecated group for these options.
Change-Id: I651a278d09f6a3a32b2e96fac87f1e5ea0f18c39
Adds USE_VENV to globally enable/disable use of virtual environments.
ADDITIONAL_VENV_PACKAGES is used to manually add packages that do not
appear in requirements.txt or test-requirements.txt to be installed
into each venv. Database Python bindings are handled this way when
a dataabse service is enabled.
Change-Id: I9cf298b936fd10c95e2ce5f51aab0d49d4b7f37f
contributing.rst doesn't add very much over the extant HACKING.rst, so
move some of the unique bits into HACKING.rst and then link that into
the documentation.
Change-Id: I0530f38eda92f8dd374c0ec224556ace6e679f54
Currently, if devstack base path includes the name of a given
service (e.g. nova), then the service's prereq packages will
not be installed. This fix changes the checking the match
against the full path of the package list file rather than the
name of a given service.
Closes-Bug: #1434314
Change-Id: Ie81352ebd5691afc6d0019f71d5b62370e8bb95f
Minimum Cinder volume size is 1GB so if Swift backend for Glance is only
1GB we can not upload volume to image.
Change-Id: Ifd4cb42bf96367ff3ada0c065fa258fa5ba635d9
Recent versions of oslo policy allow the use of a policy.d to break up
policy in a more user understandable way. Nova is going to use this in
Kilo to break out v2 and v2.1 API policy definitions.
This provides a unified helper for installing sample policies. It
makes some assumptions on project directory structure. Porting other
projects to use this can happen in the future.
Change-Id: Iec23b095176332414faf76a9c329f8bb5f3aa6c3
We should prime the groups that were created with some roles on
projects. Eventually we can add users directly to the groups
and not have to resort to individual user assignments.
Change-Id: Icebafc06859f8879c584cfd67aa51cb0c9ce48af
In kilo heat started to use keystone delegations to perform the needed
operations, as part of this the need to set the explicit role in
devstack for stack management disappeared. However, in tempest as part
of the effort to make credentials configuration more explicit an option
was added to ensure that the users created by tempest have the proper
role set for stack management in the heat tests. This commit sets the
value of this config option in tempest to be the default role _member_
to reflect that there is no separate heat_stack_owner role created
anymore. (which is the tempest default value)
Change-Id: Id98a83f0a716de0fdb5f36d03407364830e8fa5f
This change adds the dib-utils repo, and adds git_clone calls for the
required os-*-config projects.
Change-Id: I2641feb0c462d2940f2698515ff62a2ff06c0e70
A while back I added an lvm.conf file with a device filter setting
to try and clean up the LVM hangs in the gate:
(commit 0b9e76f280)
It turns out this wasn't the real problem, the real problem
is that on an LVS/VGS command LVM will attempt to open and read
all potential block devices in /dev to see if they have LVM data
on them. I initially thought the local filter would keep that
from happening, as it turns out the local filter only limits what's
returned AFTER the actual scan process. In order to keep the scan
from happening at all, either a global_filter needs to be used or
lvmetad needs to be running and enabled.
There are situations in gate tests where /dev/sdX devices are created and
deleted and the result is that we hit situations where LVM tries
to open up devices to check them even if they've been removed. The
result is we have a blocking open call from LVM that takes approx
60 seconds to time out and fail.
Ubuntu won't have a version of lvmetad until Vivid, so for now
that just leaves the global_filter as an option.
This patch adds the filter routine to the end of stack.sh. We don't
want to put the routine in lib/cinder_backend/lvm like we had it because
now we have to set the global filter for all LVM commands on the system.
So we put this as one of the last steps in stack.sh and run it if Cinder
is enabled. This way we can query PV's on the system regardless of what
other services may be running and using LVM and make sure that all of
their devices are added to the filter as well.
Also, make sure we only set this for Ubuntu as Fedora/RHEL variants
utilize lvmetad.
This patch also removes the old change that set the local filter.
DocImpact
Should add this to recommended config for Cinder on systems
that don't have lvmetad, and recommend lvmetad for those that do.
Change-Id: I5d5c48e188cbb9b4208096736807f082bce524e8
Closes-Bug: #1373513
Sometimes when certain dependencies are changed, recreating an existing
DevStack fails, as tempest is using an old existing venv for tox run,
where dependencies are not met.
This change should help developers who are reusing
their existing DevStack.
The gate should not be affected as there the vev is freshly created
anyway.
Change-Id: Ic42ba1cb0aa829c5120151d3d8cdafa4efc3ffaa
This eliminated a number of sudo calls by doing the copy/chown/chmod in
a single step and sets a common pattern.
Change-Id: I9c8f48854d5bc443cc187df0948c28b82c4d2838
The cleaning network is where ramdisks will be booted during
the cleaning process. We want to ensure nodes are being properly
cleaned on tear down.
Change-Id: Ic38de10668c97648d073fdf9a3afc59712057849
Implements: bp/implement-cleaning-states
Without these defaults, sourcing functions-common with -u turned on
(as say ./tools/build_wheels.sh does) will bail out with unset
variable errors. Also fix up quoting, and add no_proxy for zypper run
Change-Id: Ideb441634243c1c5ce7db3a375c2d98617e9d1dc
Heat can now run in standalone mode with the default v3 keystone
backend.
This change removes the installation of the v2 contrib backend.
It also configures saner defaults when HEAT_STANDALONE is True.
Using trusts and a stack-domain will never work in standalone mode
since they both require a service user which doesn't exist in
standalone mode.
Finally, this change prevents heat.conf being populated with service user options
not required by standalone mode.
Configuring the v2 backend may be reintroduced later with a dedicated
flag variable.
Change-Id: I88403e359e5e59e776b25ba1b65fae6fa8a3548e
The horizon team keeps changing how the UI is exposed. This exercise
keeps lagging and doesn't really test anything useful any more. Just
delete it.
Change-Id: Id62904868f1d4b39e33d2ad63340b5ee2177fb56
Sahara is going to remove sahara.conf.sample because it
is not gated anymore and therefore it gets out of date.
So, we need to remove copying sahara.conf from base config file
sahara.conf.sample
Change-Id: I0ddf36cfc15694dfe41fe695d577199da75ce7f1
If we set mutiple proxy (ip or url), pip install will
treat the second proxy as a command.
Add quotation marks around proxy.
expecially for no_proxy
Change-Id: I38ad3f083ba5155cda0e5e2b8f5df64492b7fecd
- Rather than using config refs, deployments should be using a tool
such as chef or puppet to set the options correctly.
- Config refs have a bug where you can only reference an option in
the DEFAULT group, which limits the usefulness, and with this
feature it's impossible to move any config options out of the
DEFAULT group, luckily this has been ignored anyways since I think
everyone realizes how broken it is.
Change-Id: I74cae09f9d75177f8efea69e7ae981ed8f14039f
The Replication V2 change to Trove moves the test
datastore from Mysql 5.5 to Mysql 5.6. This change
reflects that in devstack.
Change-Id: Ibdf32b46c200d3061975d390c872be77d19bc361
Implements: blueprint bp/replication-v2
Closes-bug: #1432686
Depends-On: I8eec708f41e791e3db04a2c7b7c12855118b64ac
The current regex only matches host interface names that consits
of "word characters" (regex \w). Intefaces having other special
chars like "-" or "." are not parsed. Examples that are not yet
matched are br-ex (ovs bridge) or enccw0.0.1234 (s390 eth device
name).
In addition it's hard to understand the the regex.
This fix is replacing the regex by a simple awk statement also
matching those names.
In addition the determination of the host_ip_iface was moved
down into the if clause, as it is only used inside.
Change-Id: I3d1b1afa32956e4e8c55c7e68cbafaf8e03e7da2
Closes-Bug: #1429903
This commit switches the default value for INSTALL_TEMPEST on master
devstack to be true. Not installing tempest by default on devstack is
confusing for devs and people working with tempest in devstack. The
venv isolation is only really required on stable branches because of
conflicting requirements, however it is not really necessary on master.
Change-Id: I368cb56fd9e0cbf59cefe24a46507d3f58b9a8e3
Currently if you `cat` the file, the bash prompt will be at a weird
position. And if you programmaticaly add a new line to this file,
the line will be, in fact, appended to the previous line.
Change-Id: I19ba018d9a934f8fdc07cc9bec50a0105f2710f9
On some environments, the current 10s timeout waiting for server
ssh-able is not enough. SSH session was killed before the command
executed by server and then break the whole stack.sh.
Change-Id: I4d842744793455d44a633dee8920a60552e8075e
The log_context format specified in glance-api and glance-reistry
are causing tracebacks. This fix changes the
project_id and user_id to tenant and user which are supported
in oslo-context. This is the format used by other projects
Change-Id: Ifbf268e9765039a0085c9af930dabf8a5cc681b8
Closes-Bug: #1431784
iniset_rpc_backend should know what section it needs to set the
config options in better than the callers. The config options
have actually been moved to different sections and the options
in the DEFAULT section are deprecated.
Change-Id: I0e07fe03c7812ef8df49e126bf71c57588635639
lib/keystone was setting up rabbit config directly rather than
using the iniset_rpc_backend function that other projects use.
Change-Id: Ic368f102c808cdbd2e4cbc1ff457cdf17a681332
Because of branchless Tempest we have to set a compute-feature-enabled
flag to test preserving preexisting ports from Neutron since the code
only works starting in Kilo and won't be backported to stable/juno or
stable/icehouse.
We can remove this flag once juno-eol happens.
Depends-On: I95469e4c2f4aa2bc4e6342860a9c222fb4fa7e16
Related-Bug: #1431724
Change-Id: I214baa3b861e29bedf6bb7b50534ac2286676dd1
With identity v3 the _member_ role is not added on the projects
automatically for the user when it's created.
Setting _member_ to tempest_roles so that tempest adds the role.
Change-Id: Iaae9286ecc6f019d36261a5c450068a650e24a28
swift middleware contained in ceilometer is now deprecated. the
middleware is available in ceilometermiddleware.
Change-Id: I6e41986245f4d95a9385dc7829479ed1199f10ac
The keystonemiddleware 1.5.0 released 2015-03-11 supports configuring
auth plugins from the paste config file. This means that swift can now
use authentication plugins for auth_token middleware.
Change-Id: Icb9f008a57b6f75e0506cbecd0a1e0f28b7dadda
elasticsearch client must be explicitly installed as it's an
optional backend requirement. this patch installs the client when
installing elasticsearch
Change-Id: I534cf0c78ab1fe7d309ef5f808bbe7b5422b403e
As per the logs:
Option "lock_path" from group "DEFAULT" is deprecated. Use option "lock_path" from group
"oslo_concurrency".
Option "sql_connection" from group "DEFAULT" is deprecated. Use option
"connection" from group "database".
Change-Id: I2109cec07ebee916c9ce0ccd24bd9a47d8d3c688
swift requires to have rsyncd running as service or behind xinetd.
/etc/xinetd.d/rsync is not shipped with f22 and the daemon mode
requires an additional package.
Adding rsync-daemon as swift dependency for f22 and f23(rawhide).
Change-Id: I33222719cabed59a261ce1b8ddedc457aa03800e
Instead of killing the screen, use stop_process which will
shut the processes when USE_SCREEN is False.
Change-Id: If0f714cb112dbf5fe9e4fdd7291cb4fb1df87f42
The current issue is that if we deploy c-vol service on a separate
machine, my_ip and SERVICE_HOST will be different, because my_ip is
the machine where c-vol service is running and SERVICE_HOST points
to the machine where the cinder api service is running. If my_ip of
c-vol in cinder.conf is set to the IP of c-api, it will cause the
issue that the volume is unable to attach. The issue can be resolved
by removing my_ip from cinder.conf.
Change-Id: I699c0b5297c60e9f9934f74684abf563f4b0e977
closes-bug: #1428013
We currently assume we are deploying ironic with the rest of
a cloud and assert that glance/neutron/nova are enabled. This
makes it a bit more flexible and allows deploying with only
the minimum required services if desired, and asserts the others
are enabled when we intend on testing nova+ironic integration.
This is required for in-tree python-ironicclient functional tests,
which we aim to run against a minimal devstack deployment.
Change-Id: I99001d151161fa225b97c3ba6b167a61aa9b59fe
We offer main devstack components the ability to install their own
system package preqreqs via files/{debs, rpms}/$service. This adds
similar functionality for plugins, who can now do the same in their
own tree at ./devstack/files/{debs, rpms}/$plugin.
Change-Id: I63af8dc54c75a6e80ca4b2a96c76233a0795aabb
The command mongo, used in lib/zaqar, is part of the package mongodb.
At the moment only mongodb-server is listed in files/rpms/zaqar-server,
mongodb has to be added there.
Change-Id: I60edeae6760addad62b9b61c3dcdecc2ff01cba7
Closes-bug: #1430939
This is mostly to detect if someone is running the script with "sh
./stack.sh" where sh is the bash-symlink that puts it in POSIX mode
(this can be invoked in other ways, but much less common).
In this case POSIXLY_CORRECT is set; so if we see that, bail out early
before we start hitting syntax errors.
Closes-Bug: #1430535
Change-Id: I7bbc4b0f656df9f6d9da2243c8caeb42d30ace95
Let pip install unittest2; pip installation can conflict with the
packaged version.
Change-Id: Iec9b35174ac68ebf713cd7462d7b5a82583d6e22
Partial-Bug: #1430592
People can leave their devstack installs around for a long time, and
in the mean time new versions of pip can be released.
The current check does not download a new version if an old one
exists. We want to check for new versions, but we also don't want the
gate jobs trying this sometimes unreliable fetch.
So add a flag-file that tells devstack if it downloaded get-pip.py
originally. If so, on each run check for a new version using curl's
"-z" flag to request only files modified since the file's timestamp.
Change-Id: I91734528f02deafabf3d18d968c3abd749751199
Closes-Bug: #1429943
We remove the code to set use_floating_ips. In old code it was set
false if we do not use neutron. However, we cannot deploy clusters
with floating ips by that. So we just use the default value, which
is set True in Sahara.
Closes-Bug: #1426226
Change-Id: Idfcdc5ab776681ddc740dc12035e04da349ea089
Region name should be set to nova.conf and cinder.conf so that
cinder volume can work in multiregion env.
Closes-Bug: #1429738
Change-Id: Ib20911c24d8daabc07e6515f4a23a745d77593ff
* config/INI functions from functions-common to to inc/ini-config
* local.conf meta-config functions from lib/config to inc/meta-config
Change-Id: I00fab724075a693529273878875cfd292d00b18a
The keystone admin token supposed to be used only
for setting up keystone and it should not be used
in any other service config.
Change-Id: Iaa9be1878e89a6bc3a84a0c57fc6f5cecc371d2f
Use authentication plugins for neutron -> nova communications and
default to using the password plugin, which defaults to using the
v3 Identity API.
Neutron config change: 13427a40768f1a4646520c6b7e3e8c988ce6e18c
Change-Id: If152b97f940286ed08767225b13dedf6ef8c2342
Neutron NEC plugin support is configured using DevStack external
plugin mechanism. The following needs to be added in local.conf:
Q_PLUGIN=nec
enable_plugin networking-nec https://git.openstack.org/stackforge/networking-nec
Also removes lib/neutron_thirdparty/trema and files/debs/trema.
DevStack external plugin for Trema Sliceable Switch is available
and the following is needed to enable it in DevStack.
enable_plugin trema-devstack-plugin https://github.com/nec-openstack/trema-devstack-plugin
Change-Id: If983b986355fcc0118b6e0446b3b295f23b3c40e
It turns out we aren't actually using this wheel since we are still
installing the deb python-numpy, and building numpy takes several
minutes which is a lot considering we do it on every single dsvm job.
So until we have wheel caching in place, and are actually using the
version we build ourselves, stop wasting time.
Change-Id: I7643c55598e5ecc29ea708c537818b37a8047d4b
While Devstack needs 4GB RAM (or more!) the JEOS
used as the base for the Devstack VM for XenServer
needs much less. Allowing the initial install to
use 1GB means we have lower requirements overall
Change-Id: Iecaeeb4db0dffcc43c5532b5d57cb041d47047a6
We weren't actually using the wheels since PIP_FIND_LINKS environmental
variable was getting lost during the sudo
Change-Id: I4a89a70df63772a16ee5a8c3f1cd86e9c7bb5242
diskimage-builder is a utility rather than a service, and is already
installed in devstack via pip when required.
lib/dib was created to allow an image to be created during a devstack
run for the heat functional tests, however this approach is no longer
being taken and there are no other known uses for lib/dib.
This change removes lib/dib and moves the pip mirror building to
lib/heat so that snapshot pip packages of the heat agent projects can
be made available to servers which the heat functional tests boot.
This also removes tripleo-image-elements, which has never
been utilised, and since images won't be created
during heat functional test runs it is no longer required.
Change-Id: Ic77f841437ea23c0645d3a34d9dd6bfd1ee28714
When running with low memory (<1024), we need to switch from the default
rootfstype from tmpfs to ramfs to ensure nodes can decompress deployment
ramdisks.
Change-Id: I1b9dd614e592d99b2f59dea899b1ed3859ae0811
A recent ironicclient commit If05d51b09d787ccfbf6f6d35d8e752d42f673601
deprecated --node_uuid, now it should use --node.
Change-Id: Ia97074bd2ce92645ac4b4151824098cb99434117
The files/rpms/general:python-virtualenv explicitly
installed this package on Fedoras.
This package is not installed on other distros by devstack
by default.
If you stack/unstack the package gets reinstalled,
and confuses the system about the installed virtual-env version.
The uninstall works in CI, but it can be problematic when you do
reinstalls on the same machine.
The uninstall introduced by
834b804d3e, this commit deos not
has any reference to the external bug what it supposed to solve.
Related RDO thread started here:
https://www.redhat.com/archives/rdo-list/2015-March/msg00015.html
Change-Id: I4a723f179bdc28d39a4910fb9e3787e9e67c354b
A typo in lib/ceph was causing REMOTE_CEPH to be defaulted whenever
lib/ceph was sourced, regardless of its existing value. The
`trueorfalse` function takes a variable name as its second argument,
not a value.
Change-Id: Iec846e0b892eaa63a0a2a59aa045bc56d5606af1
When the Trove configuration files were defined in variables, the
guestagent wasn't included. In order for profiling to continue on the
guestagent, its configuration file must be defined as well.
(See https://bugs.launchpad.net/devstack/+bug/1421403)
TROVE_GUESTAGENT_CONF is now defined.
Change-Id: Ie7cb531e2a1eca74100e2466a430e85eaf936263
Closes-Bug: #1427506
Devstack support is added using Devstack's external plugins:
https://review.openstack.org/#/c/156526
Asside to the environment variables, the following should be added to
local.conf file:
enable_plugin vmware-nsx https://git.openstack.org/stackforge/vmware-nsx
for the nsx plugin:
Q_PLUGIN=vmware_nsx
enable_service vmware_nsx
for the nsx_v plugin:
Q_PLUGIN=vmware_nsx_v
Partially-Implements: blueprint vmware-nsx-v
Change-Id: I4e03d4953bf9b5112ff75a252b61c27fadd04bf1
Signed-off-by: Roey Chen <roeyc@vmware.com>
Horizon by default using the _member_ role,
which is considered as a legacy role.
The tools/create_userrc.sh already creates the regular users,
with Member role.
Change-Id: Ibc07a0f28d0729f8a717a54e94fe014853363592
Closes-Bug: #1421616
When SERVICE_HOST is defined to literal IPv6 address
(i.e., [fdf8:f53b:82e4::179]) we will have to include
--globoff option for curl to be able to reach the various
openstack services. Using globoff works for both IPv6 and
IPv4 urls, so its safe to include this option for all curl
statements in devstack.
Closes-Bug: #1424943
Change-Id: I2afc16f2f94d7d7069b0ba61bc8348c03413e4e7
When registering endpoint with data_processing keystone transforms it
into data-processing. This problem causes sahara to not find the
endpoint afterwards
We need to have two endpoints for correct working tempest and horizon
with devstack. After resolving bug in tempest and horizon need to remove
old data_processing endpoint
Change-Id: I97827d23ffe8a1218abd61e76804b918b1b7cbe0
Partial-bug: #1356053
Use yum_install() to support proxy environment variables when
epel-release package is installed from epel-bootstrap repo.
Change-Id: I45f7a38c6c71bbce07bd0d21c1ac8a75c04113cb
Closes-Bug: 1426221
MatchMakerRedis is the only tested routing method
for ZeroMQ driver. For others, like MatchMakerLocalhost
and MatchMakerRing, it still takes some time to work
on and completely test.
MatchMakerRedis is enough to run under real-world
deployment.
Change-Id: I3b2e8e68ceebd377479d75bbb8b862ae60cfc826
Partially-Implements: blueprint zeromq
In trove-integration, a patch was submitted to change the value
of the log_dir variable in the trove-guestagent.conf.sample file.
This should be changed here as well so that devstack uses the same
location.
The devstack trove-guestagent.conf file is created by devstack, not
from the sample file, so it needs to be changed here.
(For reference, an actual trove-guestagent.conf file is created by
the cloud provider implementing Trove, who may or may not use the
sample file provided.)
See: https://review.openstack.org/#/c/157973
Change-Id: I41b8e6fe443a2eff376ffc1f92c2ed90c94530b0
Diablo is long gone. Remove debs for diablo nova volumes
Original commit that added this: I3e7c412ff125dbadd18b59af55fb7dea9ea17b07
Move open-iscsi requirement over to ironic, (ironic conductor calls
iscsiadm)
libvirt driver uses iscsiadm for iscsi based volume attaches as well.
lvm backend is supported for libvirt driver
Change-Id: I536ba0ebdb6e3fa68f0a82b3027e70d8e2f35085
This patch is adding a new boolean that can be toggled to indicate
that we should use the IPA ramdisk instead of the normal ramdisk when
deploying a node with the iSCSI methodology. Defaults to False.
Depends-On: Iaabc6ada729461f18d69ee12d01b9f1465944454
Change-Id: If4004078866d833eb946be40b6dfb204aa4a6840
The StrongSwan driver under development for kilo-3 will replace the
default reference OpenSwan driver.
In the interim though, we need to be able to run functional tests
for both drivers. This change is intending to do the additional
steps that are needed to set up for Strongswan, so that when a
functional test has IPSEC_PACKAGE=strongswan, everything will be
correct.
The intent here is to explicitly set the device driver class in
vpn_agent.ini, so that this will work for when OpenSwan is the
default (currently), when no drivers are specified, and will work
for when StrongSwan is made the default in the code.
For Ubuntu, AppArmor is disabled for charon and stroke.
Note: Both OpenSwan and StrongSwan cannot be installed on the
host at the same time.
Change-Id: Ib8467e24633230d6643d812068e4ed6ffb33f104
Partial-Bug: 1424757
Devstack support for LBaaS is being migrated to an external
plugin in the neutron-lbaas repository. The only LBaaS-
specific code that remains in devstack is a hook to support
existing configs that enable q-lbaas. In that case, load
the external plugin if necessary.
Change-Id: I592f64407ccf1e722b8d9788917879d0236acf0b
Depends-On: I64a94aeeabe6357b5ea7796e34c9306c55c9ae67
As suggested by dtroyer to resolve wheels not buildings
behind a proxy. Issue introduced in I0283b0dff9146b1b63bd821358505a93566270c6
Change-Id: Ib376469aff73a22ac2bc9d7d5a7f90081004aa8d
Closes-bug: 1426146
Syslinux >= 5.00 pxelinux.0 binary is not "stand-alone"
anymore, it depends on some c32 modules to work correctly.
See: http://www.syslinux.org/wiki/index.php/Library_modules
Closes-Bug: #1419867
Change-Id: Ia62e980052ece3d5e2abf090b5609dea31f0d6b8
image_list.sh is used to make a list of all possible images. Loop over
both x86_64 and i386 instead of just using the default arch of x86_64
For live migration we are starting to use the i386 arch based images and
don't want to cache them like all other images.
Change-Id: I47da72a0e9da3689cb085bb43ac6536094445112
Fedora-21 does not have openjdk-1.7.0 it has only 1.8.0.
This change also fixing the no op statement in the configure.
Change-Id: I6012aeb17b8e8fafa37d48aa29482702fa3491fd
Since midonet has become open source, we can build it from
external plugin scripts. The way to enable it is using the devstack
plugin approach:
disable_service n-net
enable_service q-svc
enable_service q-dhcp
enable_service q-meta
enable_plugin networking-midonet \
http://github.com/stackforge/networking-midonet
Q_PLUGIN=midonet
and should download and build the last master branch of midonet.
Change-Id: I795f92f9d3c97b2c35bac712c6edfc032eff345a
The version of pip supported by python-virtualenv has issues in
environment under proxy, hence uninstalling python-virtualenv package
and installing the latest version using pip.
Change-Id: Id749c37ab7fefa96b35f11816b56b9def5ef4b08
Closes-Bug: 1421541
Ensure that the debtcollector library is pulled in
like the other oslo libraries so that devstack can
use it where appropriate.
Also fixes 'test_libs_from_pypi.sh' to not have a huge
single line of libraries; and splits it into multiple
lines so the diffs and code can be easily looked at.
Change-Id: I35ab0ed0e20b6092a41ecb3b6f1aaf0a05f5180e
stackrc defines the isset function, but this function is already
declared in functions-common.
The stackrc sources the `functions` which sources the `functions-common`.
Change-Id: I0772c42d049833334107c2e6da3700e544ce094f
Nova has the ability to do remote interactive consoles but there is no
easy way to enable this in devstack. This change defines a service
called n-serial to enable the service. Documentation is added to a
new guide on nova, describing how to set further options in local.conf
Change-Id: I401d94b2413c62bfae9b90d2214d77bd4cfc15d5
The default apache log format is noisy. Added a custom log format
that matches the other apache log format of projects like keystone
Closes-Bug: #1222900
Change-Id: Id9a8c3a4413c778e009c56ffde6b646b8a120c8b
msgpack-python when installed from source requires a C++ compiler
installed on the system, otherwise it falls back to the python
implementation.
Change-Id: Iffe1f90f3a70780be22459c3f7a3cddfe47f01ca
As you can see in the f21 job, the python-MYSQL compilation
fails without this library.
At the first look it seams like packaging issue, so
I created bug related to this. [1]
Until the issue is addressed, the redhat-rpm-config will be
considered as build time dev dependency for f21.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1195207
Change-Id: I731828cac912d1b11eaf2269364411c77a57d76c
Following the leads of I47b7e787771683c2fc4404e586f11c1a19aac15c and as
an attempt to fix a bug blocking Zaqar's gate, this patch installs
python-redis from pypi instead of using the distro package.
Change-Id: Idfef2fe1b41b44c4cba6b6948b621bc44e77659b
In I78d51f04ed01da4ce8aa0e127be028f969d3b4f8 we turned off installing
tempest because we install it on stable branches where the stable reqs
do not equal the tempest master (branchless) reqs.
Leave this off by default since that is the behaviour we have in the
gate, and make default devstack as similar to the gate as possible. But
add an option to install tempest by default so developers can opt and
reproduce the previous behaviour.
Update the tempest section of the README with how to run tempest tests
and how to install tempest if desired.
Change-Id: Ie4ea7335a57917244873ec54658ca269ab765ce1
Let's see whether openstackclient will trigger unneeded version bump for
clients if its installation is put below all other services that are
expected to intall client libraries on proper versions on their own.
Change-Id: Ifa774219b7057112fc794a5e3d93bc963c55ba90
This is a follow-on to comments in https://review.openstack.org/156356
and https://review.openstack.org/#/c/151513/
* Remove work-around for /var/cache/pip
* Remove WHEELHOUSE setting in tools/build_wheels.sh and use the pip
default directory '<cwd>/wheelhouse'
* Remove bogus MySQL-python install
* Removed unused bits and clean up pip commands in from tools/build_venvs.sh
Closes-Bug: #1423720
Change-Id: I0283b0dff9146b1b63bd821358505a93566270c6
This commit adds installing tempest-lib from git to the tempest full
job's tox venv. Since by default tempest isn't being installed
globally anymore and when we do run tempest it is normally within a
tox venv that means previously the install from git flag isn't being
taken into account.
Change-Id: I98b0754c4a91690c9402fa2ae2c3e9ba9195d444
There were a couple of places where TOP_DIR is missing when we do a
source of content in tools. Given that working directory can change
quite often during devstack, we need to always be explicit here.
Change-Id: I14b5699637d7f5db745bccf116f440cdcbaa8d91
When the lvm package gets installed the meta service does
not gets started automatically, but it becomes enabled so it would be
running on the next reboot.
The lvm commands are configured to use this service.
In the past this issue just causes warnings in the cinder log,
but now it can lead to a real issue.
It is better to ensure it is really running,
because it speeds up the lvm related commands.
Change-Id: I17fe2c3bcf77a6505ed2b6c824c5b20807beb725
As per the graduation work items, any new libraries should be
added to lib/oslo and stackrc
partially implements bp graduate-policy
Change-Id: Ief8f28715ecff5a602d6d840d736ea07b5e7ff39
Introduce the tooling to build virtual environments.
* tools/build_venv.sh: build a venv
* introduce lib/stack to house functionality extracted from stack.sh that
is needed in other places, such as Grenade; start with stack_install_service
to wrap the venv install mechanics
* declare PROJECT_VENV array to track where project venvs should be installed
* create a venv for each project defined in PROJECT_VENV in stack_install_service()
Change-Id: I508588c0e2541b976dd94569d44b61dd2c35c01c
Qemu-utils is needed by nova-cpu, we are hitting issues with this in
multi node testing where fewer services are installed on the second
node.
Change-Id: I4b0a217a252c7862014443230dda2bcced355c93
Having DATABASE_QUERY_LOGGING enabled results in devstack turning
on verbose mysql query logging. This results in a log file
/var/log/mariadb/mariadb-slow.log that grows to 10's of GB in
size in very little time (few weeks if that). Developers never
seem to notice this exists until their host OS runs out of disk
space due to this logfile that is never truncated.
Very few people will ever look at this logged data, so a more
sensible default is False, to make the out of the box setup be
suitable for the majority. Those few people who want to debug
mysql query performance can enable it in local.conf, as will
the devstack gate setup scripts.
Depends-On: I6970d61474528f554134d0aa333cd52b7b20f309
Change-Id: Ia4a366c839ac51623bc1fbee3560dc4d848cce14
Building a bunch of virtual envs later is going to be tedious if we do not
pre-cache certain annoying-to-build packages.
* tools/build_wheels.sh: pre-build some wheels for annoying package installs
* list distro package dependencies in files/*/venv
* list packages to pre-build as wheels in files/venv-requirements.txt
* install database Python modules when setting up the database
Change-Id: Idff1ea69a5ca12ba56098e664dbf6924fe6a2e47
This commit is temporary work-around until Ironic is fixed(bug#1422632)
The reason of creating temporary work-around is following
Ironic re-uses specific values from the keystone_authtoken middleware.
So we should specify admin_user, admin_password and so on instead of username, password.
Change-Id: If8869e16a167eea0af87afda0eabcbb803627db6
Closes-Bug: #1418341 at devstack
Instead of specifying the version of a library in devstack, use the version from
global-requirements
Add new function get_from_global_requirements and use it
where it makes sense.
Change-Id: I6b2f062761ac05ef72fc6cc9993bc204faf06fa5
python libraries should be installed from upstream, not from the
distro, as much as possible. The following is a first attempt at
purging all the python libraries and making it so that they instead
should fall back to the pypi versions.
Libraries which are known to include native code are left behind.
Change-Id: I47b7e787771683c2fc4404e586f11c1a19aac15c
Some vncviewers do not support the -via option, so default to suggesting
xl console. XenCenter continues to be an option for those running
Windows.
Change-Id: I1e53fd33d309e30a60031965e589167dcbacfbbe
The $PHYSICAL_NETWORK in the error message should be
$PRIVATE_NETWORK_NAME, because the command just before this error
message refers to $PRIVATE_NETWORK_NAME.
Change-Id: I9a648f8bd0e61abde8e93bc08282c14b35ec06bd
This defines a number of variables for Trove configuration files
and options
In addition to general cleanup within devstack, this also enables
consumers to enable features such as Openstack profiling, without
the need to repeat the hardcoding of these parameters in their
local.conf
Change-Id: Ieaa999ea3ca5c4f7d320416a8d2375c9a1d03d39
closes-bug: #1421403
is_keystone_enabled() was calling is_service_enabled(), which is what called
is_keystone_enabled() in the first place. Make it work as designed and
also change calls to use the full service name. Note that this is all
still comptible with the prior usage of 'is_service_enabled key'.
Change-Id: I9c28377ecf074b7996461d2a4ca12d88dfc4d47e
Install networking-ofagent from StackForge, using DevStack's
external plugins mechanism.
The following line needs to be added to the existing local.conf settings:
enable_plugin networking-ofagent https://git.openstack.org/stackforge/networking-ofagent
Remove neutron_thirdparty/ryu, as Ryu is installed via
networking-ofagent's requirements.
Change-Id: I12287a47eac4689414f70b517ee37fb98b260e60
Partially-implements: blueprint core-vendor-decomposition
Partial-Bug: #1412653
Reverting this is probably appropriate because until we can
get Debian/Ubuntu to fix their underlying dependencies.
It's confusing a lot of people that this is no longer
available
This reverts commit 2bfb9af0c9.
Change-Id: Id352db9dcd40bfb5eb771dad42cdf04e0ce72313
Set PIP_VIRTUAL_ENV to install the package(s) into an existing virtual
environment. This works by simply using the pip command already
in the venv, and not using sudo.
Change-Id: I910e1752e58a666174f83b4f97e547851e66e655
This breaks Ironic's use of temp URLs, which the key for the service
account is configured via the Swift user.
Change-Id: I69f6f6eef4ad573f406d64d579a9811c70ac5d28
Closes-Bug: #1421006
os-vpx is only true after we know it's not a JEOS we're creating
Move the location we set the os-vpx flag to as we're starting to
prepare the VM for devstack
Change-Id: If736f3a7de171b8090b0bb905e04accb70470a90
We added an lvm filter for use when using Cinder's
LVM driver that would only scan devices that we have
actually deployed Cinder Volume Groups on.
This patch adds a simple output message to the setup
routine so we can more easily inspect what was found
and what has been set during devstack setup.
Change-Id: Iba5012caffd45dfb5143b6df954eed277445a60e
Change Id7a9366d2c6a36139240f64371002362dc2d8d3b broke the Ironic gate
by removing admin level privileges. This restores the privilege and adds
a comment to prevent the removal again (hopefully).
Change-Id: Ida1c05d9e429e24d060aef2548fc2a0c225350b8
Closes-Bug: #1421006
This reverts commit 2d7c346f0c.
Not setting DATABASE_TYPE is not a fatal error since it is
valid to create nodes which only run a subset of services,
and so a database may not be needed.
Change-Id: I7d957e628141ba333b6f38940b39845b18fba4df
In section "Configure Nested KVM for Intel-based Machines", this
sentence:
Procedure to enable nested KVM virtualization on AMD-based machines.
should (obviously) read as:
Procedure to enable nested KVM virtualization on Intel-based machines.
Change-Id: I9872a5d20a23f1cce7bf2a79bf29e1b11511b418
These have been emitting deprecated warnings for over a full release cycle:
Q_AGENT_EXTRA_AGENT_OPTS, Q_AGENT_EXTRA_SRV_OPTS, CINDER_MULTI_LVM_BACKEND
Change-Id: I3aa5cabd6ce3a0072cba08bbca1ad23d4a831219
On fedora 21, qpidd cannot authenticate user, because
cyrus-sasl-plain is no more automatically installed.
This change fixes that.
Change-Id: I74452f40723881291b8c7577e5509da1c0e4e6e5
The boot-time script (prepare_guest.sh) is one of the less reliable parts
of the install process. This change enables SSH into the host as well as
reporting of the IP address. This significantly helps debugging issues
now and enables moving of all other setup code to being executed over SSH.
Change-Id: I1555f1d91353ba8b75e2de4607df33ee20307a6e
This adds the test infrastructure for testing that unstack.sh and
clean.sh do the right thing, and actually stop what's expected. This
is designed to be used in upstream testing to make unstack and clean a
bit more certain.
It includes numerous fixes to make these pass in an errexit
environment with the gate config. The scripts still don't run under
errexit because we don't assume we've handled all possible cleanup safely.
Change-Id: I774dfb2cc934367eef2bb7ea5123197f6da7565b
get_or_add_user_role is specific to adding a role on a project.
Rename it to get_or_add_user_project_role to allow room for adding a
domain specific role function.
Change-Id: I999308098d22be9800578ae67144a3b687fbc3be
Most of the services create the service user with the admin permission.
This is unnecessary for token validation and they should be restricted
to only having the service role.
Change-Id: Id7a9366d2c6a36139240f64371002362dc2d8d3b
Now that we have a working external plugin mechanism stackforge
projects definitely don't need to be directly in devstack. These were
largely unused previously anyway.
Change-Id: I300686b2ac976d9b454404842b3f210fd7c239d9
Configure tempest with the location of the devstack CA bundle.
Fix a conditional that was looking for the "keystone" service
when it should be "key". This affected users who set
USE_SSL=True
Change-Id: I7171d7bd539443dce9f3b1a80274b7861abdcfdb
After doing a couple of external plugins I found that basically things
don't work unless you enable_service in the settings file. Document
that as a requirement, and clean up the rest of the docs around the
external plugins to be consistent with that.
Change-Id: I13aee7dbf112ce9663e8338b555a208327f89b61
Add elastic search pkg installation and start into the glance install
and start paths.
Change-Id: I53fc37225dd606f627c9f967083007613eb1f1bb
Implements: blueprint catalog-index-service
We run tempest inside of tox so no nee to install it. By not installing
it we decouple one more thing from the requirements sync.
Without this patch, due to branchless tempest, tempest must work with
master and all stable branch global requirements.
Although installing tempest should work on master, don't install it
anyway to make the user experience more uniform across master and
stable branches.
Note: Long term we can install this inside of a virtualenv
(I92648fffc1ad6af53006a0970722fd15f4e79dc2) but that logic hasn't landed
yet and installing tempest is breaking us. So leave moving this to a
virtualenv for a later patch.
Change-Id: I78d51f04ed01da4ce8aa0e127be028f969d3b4f8
Tuskar server support is proposed as an external plugin here
I67dc8420582a40e18de7d5e00094bccc1184a7f9, we should remove Tuskar
from the main devstack tree.
Change-Id: I93e97e7ae8fd03cabc1245a10588c4474d7e3728
ANL has discontinued their Ubuntu mirror. Update the target
to be the official round-robin mirror which should be more stable long-term
Change-Id: I1271301d96a44888f45664537435e31dd38ff30d
The code for creating service users is almost exactly the same. Abstract
this into a function that can be reused and standardized.
Change-Id: I3a4edbff0a928da7ef9b0097a5a8d508fdfab7ff
Change keystone so that the debug setting is always in the config
file. This way the debug setting is done consistently whether it's
run as keystone-all or in Apache httpd.
Change-Id: I10f091e32b8b12ac71f0e7f613c5d1d3f4a8cbec
Now that we have a patch to make this pluggable [1], lets remove this
from the devstack repository.
[1] https://review.openstack.org/#/c/153700/
Change-Id: Ia23f99476ec16df9cc12f63864189835a09eb644
The HOST_IP check in stackrc is useful for real users, but some cloud
nodes that infra runs don't detect it correctly, and it's not actually
required for unit tests to work right.
Change-Id: Id2aaa713aea91825021e9d8d49d19f3e40a8e6c9
Nova listens for EC2 calls now at the URL without path -
http://some.server.com:8773/
I was made in review -
https://review.openstack.org/#/c/152496/
So I suggest to change EC2 urls in keystone catalog.
Change-Id: Ia2975ce0f6a30eed6016733e12c98b5f97648307
Closes-Bug: 1417555
Add a document with procedure to configure KVM-based nested
virtualization on the physical host and to configure DevStack (in a VM)
to take advantage of it.
Current topics:
- Configure nested virt on Intel hosts
- Configure nested virt on AMD hosts
- Expose virt extensions to DevStack VM
- Ensure DevStack VM is using KVM
Change-Id: Ibe6fa482cc0d51183438d99680a0e10d0da652cb
Somewhat opinionated document on where we want to be going, should be
an accurate first approximation of what Dean and I have chatted about
over the last few weeks. Hopefully helpful in framing where we are
going.
Change-Id: Ia153af27a08203ffc44e37c7db73e04573d3be9f
After an unstack.sh several neutron services are left running. This
change tries to do a better (but not always successful) job of
stopping neutron agents.
stop_process does its own checking to see if a service is enabled
so we don't need to check before calling.
Change-Id: I8becbe9db56121cbc619a6d156b18f6c6d31a6e7
The simple case of a single interface doesn't work
out of the box, and this is now failing for lots of
people. We need to back up and get that working.
This reverts commit c906bb3885.
Change-Id: If20df670e06cda2d65028bceb46d257d011cf917
The boto.cfg in the TEMPEST_DIR is not read by any tool at the momement,
including tempest and euca2ools.
Adding the ssl setings to the site-wide config file.
Change-Id: Ibeab5671ac81e5092da0ee7ec1ecf867f8555082
This allows tools/* to use install_packages, etc, without having to
pull in stackrc for the $YUM definition. Alternative to
Ief944af1ab177638bf818624a216751821e6330b
Change-Id: I7fe37079240e8cabbdffdcae5ad9d21e122e43c2
Ceilometer as added support for an event pipeline to enable
transformations and publishing of events. this patch adds the new
event_pipeline.yaml file
Change-Id: I7018a57e7db3690d72fd7c7d5090e6e61cf73e18
Move Python-related functions into inc/python
Should be transparent to all callers as it is sourced from functions-common
Change-Id: I88043830cef9211b4e0baa91bfcc7a92125afa9f
skip-redirect was intruduced with the first commit related
to cinder support, nobody remembers why was this undocumented option
there those times.
Change-Id: If579a93090392327bce96ddd1b562977edf762de
The default project means that a user gains token scoping information
for a project if they don't specify another. This is something we want
to discourage for user creation. User's should specify there own
authentication scope when they authenticate.
Change-Id: I42c3060d59edfcd44d04cd166bad500419dd99bc
It can take ceph-osd and ceph-mon a few seconds to complete when
they are killed. This races against the umount command in cleaup
and can often result in $CEPH_DATA_DIR failing to unmount since
it is still in use.
Wait for these processes to stop to ensure the mount point is
umounted successfully.
Change-Id: I1a635e75a68be6b14fbee52ff981b5f5a3a8eb0e
A: OpenStack milestones have tags set in the git repo. Set the appropriate tag in the ``*_BRANCH`` variables in ``local.conf``. Swift is on its own release schedule so pick a tag in the Swift repo that is just before the milestone release. For example:
How do I run a specific OpenStack release?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
::
DevStack master tracks the upstream master of all the projects. If you
would like to run a stable branch of OpenStack, you should use the
corresponding stable branch of DevStack as well. For instance the
``stable/ocata`` version of DevStack will already default to all the
projects running at ``stable/ocata`` levels.
Note: it's also possible to manually adjust the ``*_BRANCH`` variables
further if you would like to test specific milestones, or even custom
out of tree branches. This is done with entries like the following in
your ``local.conf``
::
[[local|localrc]]
GLANCE_BRANCH=stable/grizzly
HORIZON_BRANCH=stable/grizzly
KEYSTONE_BRANCH=stable/grizzly
NOVA_BRANCH=stable/grizzly
GLANCE_BRANCH=stable/grizzly
NEUTRON_BRANCH=stable/grizzly
SWIFT_BRANCH=1.10.0
GLANCE_BRANCH=11.0.0.0rc1
NOVA_BRANCH=12.0.0.0.rc1
Q: Why not use [STRIKEOUT:``tools/pip-requires``]\ ``requirements.txt`` to grab project dependencies?
[STRIKEOUT:The majority of deployments will use packages to install
OpenStack that will have distro-based packages as dependencies.
DevStack installs as many of these Python packages as possible to
mimic the expected production environment.] Certain Linux
distributions have a 'lack of workaround' in their Python
configurations that installs vendor packaged Python modules and
pip-installed modules to the SAME DIRECTORY TREE. This is causing
heartache and moving us in the direction of installing more modules
from PyPI than vendor packages. However, that is only being done as
necessary as the packaging needs to catch up to the development
cycle anyway so this is kept to a minimum.
Q: What can I do about RabbitMQ not wanting to start on my fresh new VM?
A: This is often caused by ``erlang`` not being happy with the
hostname resolving to a reachable IP address. Make sure your
hostname resolves to a working IP address; setting it to 127.0.0.1
in ``/etc/hosts`` is often good enough for a single-node
installation. And in an extreme case, use ``clean.sh`` to eradicate
it and try again.
Q: How can I set up Heat in stand-alone configuration?
A: Configure ``local.conf`` thusly:
::
Upstream DevStack is only tested with master and stable
branches. Setting custom BRANCH definitions is not guaranteed to
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.