Compare commits

...

69 Commits

Author SHA1 Message Date
Dan Smith 3515ac4280 Try to reduce mysql memory usage
These are a few tweaks I applied to my own memory-constrained cloud
instances that seemed to help. I have lower performance requirements
so this may make things worse and not better, but it's worth seeing
what the impact is. I'll admit to not knowing the full impact of these
as they're mostly collected from various tutorials on lowering memory
usage.

Enable this for now on devstack-multinode

Change-Id: I7b223391d3de01e3e81b02076debd01d9d2f097c
(cherry picked from commit 7567359755)
(cherry picked from commit b12cc4181c)
(cherry picked from commit c4a1f86548)
(cherry picked from commit 275a84f929)
2024-09-05 10:14:08 +02:00
Zuul d2f20a7654 Merge "Update .gitreview for unmaintained/wallaby" into unmaintained/wallaby 2024-07-29 12:30:18 +00:00
OpenStack Release Bot 6794c8e8ae Update .gitreview for unmaintained/wallaby
Also set TARGET_BRANCH=unmaintained/wallaby

Change-Id: I5a3829785a982ea4b4015b92a3390257d7d9fd88
2024-07-23 15:04:16 +12:00
Clark Boylan 1592b95d70 Drop devstack-gate roles from devstack zuul jobs
Devstack-gate has been retired and relying on a retired repo for roles
in zuul produces errors (because the roles are no longer in the HEAD of
the repo). It doesn't look like devstack actually relies on these roles
in d-g (if it does they can be ported into devstack instead) so we just
drop the roles specifier for d-g in the devstack job.

NOTE(elod.illes): nova-ceph-multistore job is broken in this branch, so
it is set as non-voting in check queue and removed from gate queue
until it gets fixed.

NOTE(elod.illes): grenade is also failing on this branch with cinder
related issue, so it is set as non-voting to be able to merge this
patch to unblock other repos gates.

Change-Id: I28a39b31f71153a602d41cefe621a216d09a290f
(cherry picked from commit d487302e60)
(cherry picked from commit 503116557a)
(cherry picked from commit 37f0673893)
2024-05-17 10:22:20 +02:00
Jeremy Stanley ec783f0b04 Drop the devstack-single-node-centos-7 nodeset
OpenDev is preparing to remove centos-7 nodes on March 15[*]. This
change drops one nodeset definition which is the last remaining
reference on DevStack's master branch. Also clean up a lingering
reference to swift-dsvm-functional-py3 which no longer exists.

[*] https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/A2YIY5L7MVYSQMTVZU3L3OM7GLVVZPLK/

Change-Id: Icd487e1012263a9b0bc13b529d31ff2025108adf
(cherry picked from commit de9a15adbc)
2024-03-04 19:50:20 +00:00
Alfredo Moralejo e11905a647 Use RDO official CloudSIG mirrors for C9S deployments
Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.

RDO didn't publish official release rpms for Xena and Wallaby, install
"rdo-release-yoga" release rpm for Xena. Devstack only uses RDO repository for binary dependencies such as rabbitmq, openvswitch.

Change 0da88c4af0 is squashed in this
commit.

Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
(cherry picked from commit b2ad00cb66)
(cherry picked from commit 4062cc0f85)
2023-09-28 11:54:35 +00:00
Zuul 17192ab3ff Merge "Fix setting the tempest virtual env constraints env var" into stable/wallaby 2023-02-01 14:48:28 +00:00
Ghanshyam Mann f5e83ee14a Fix setting the tempest virtual env constraints env var
Devstack set the env var TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE
which are used to use the constraints during Tempest virtual env installation.
Those env var are set to non-master constraint when we need to use non-master
constraints but when we need to use the master constraints we do not set/reset
them point to master constraints. This create the issue when running the grenade
job where we run Tempest on the old devstack as well as in the new devstack.
When tempest is installed on old devstack then old tempest is used and it sets
these env var to stable/<branch> constraints (this is the case when old devstack
(the stable branch is in EM phase) uses the old tempest not the master tempest),
all good till now. But the problem comes when in the same grenade script run
upgrade-tempest install the master tempest (when new devstack branches are in
the 'supported' phase and use the master tempest means) and are supposed to use
the master constraints. But the TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE env
var set by old tempest is used by the tempest and due to a mismatch in constraints
it fails.

This happened when we tried to pin the stable/wallaby with Tempest 29.0.0
- https://review.opendev.org/c/openstack/devstack/+/871782

and table/xena grenade job failed (stable/xena use master tempest and supposed
to use master constraints)
- https://zuul.opendev.org/t/openstack/build/fb7b2a8b562c42bab4c741819f5e9732/log/controller/logs/grenade.sh_log.txt#16641

We should set/reset those constraint env var to master constraints if configuration
tell devstack to use the master constraints.

Making openstacksdk-functional-devstack job non voting as this is
failing 100% on <=stable/xena, depends-On fix that

Depends-On: https://review.opendev.org/c/openstack/python-openstackclient/+/872341

[1] https://github.com/openstack/devstack/blob/71c3c40c269a50303247855319d1d3a5d30f6773/lib/tempest#L124

Closes-Bug: #2003993
Change-Id: I5e938139b47f443a4c358415d0d4dcf6549cd085
(cherry picked from commit 7fe998109b)
(cherry picked from commit 30a7d790b6)
(cherry picked from commit febdb122e4)
(cherry picked from commit cb891834be)
2023-01-31 17:45:02 +00:00
Ghanshyam Mann 788593a910 Pin Tempest to 29.0.0 tag for stable/wallaby testing
Stable/wallaby is in Extended maintenance state[1] and
Tempest master stopped supporting the stable/wallaby[2] so
we need to pin tempest in stable/wallaby testing.

We use Tempest 29.0.0 compatible tag for wallaby testing.
Due to constraints of teststool 2.4.0 in stable/wallaby[3],
Tempest>=30.0.0 (which removed the workaround of testtool
issue[4]) fail on stable/wallaby with SkipTest are treated
with error[5]. That is why we need to use Temepst 29.0.0
which is compatible with testtool 2.4.0.

Making openstacksdk-functional-devstack job non voting as this is
failing 100% on <=stable/xena
- https://zuul.openstack.org/builds?job_name=openstacksdk-functional-devstack&branch=stable%2Fxena&branch=stable%2Fwallaby&skip=0

Depends-On: https://review.opendev.org/c/openstack/tempest/+/871781
Depends-On: https://review.opendev.org/c/openstack/devstack/+/871945

[1] https://releases.openstack.org/
[2] https://review.opendev.org/c/openstack/tempest/+/864371
[3] https://github.com/openstack/requirements/blob/35c167b04cd0d210503de1ebf7be165d0236b905/upper-const>
[4] https://github.com/testing-cabal/testtools/issues/272
[5] https://zuul.opendev.org/t/openstack/build/0a42465205484a72adaab7d8a116d823/log/job-output.txt#2>

Change-Id: I9a8fad5c1f13107dcd6c23c281bae6a42a10294f
2023-01-31 10:10:53 -06:00
Ghanshyam Mann 7fce80880f [stable-only] Pin tox<4 in run-both.yaml playbook also
We pinned tox<4 in ensure-tox pre.yaml playbook
- https://review.opendev.org/q/I9a138af94dedc0d8ce5a0d519d75779415d3c30b

but did not realize that it is used in run-both.yaml playbook
also where we should pin too.

Change-Id: I4407f7036e3fd51ac79f68791151c3f9cd03bd01
(cherry picked from commit 689b399e3a)
(cherry picked from commit ff4cd115cc)
(cherry picked from commit f895418f86)
2023-01-06 17:52:58 -06:00
Zuul dfa05b86e9 Merge "Add enforce_scope setting support for Glance" into stable/wallaby 2022-12-09 22:25:19 +00:00
Ghanshyam Mann d4b040ed33 Pin tox<4.0.0 for <=stable/zed branch testing
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.

----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------

We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.

This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.

Depends-On: https://review.opendev.org/c/openstack/devstack/+/867070

Related-Bug: #1999183

[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.

Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
(cherry picked from commit ba54baa425)
(cherry picked from commit a3227ba0c0)
(cherry picked from commit 395f447085)
(cherry picked from commit 02f286a80a)
2022-12-09 02:53:43 +00:00
Ghanshyam Mann d451168df2 Add enforce_scope setting support for Glance
Glance started moving to new RBAC and glance-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on glance side and so does on Temepst side to tell
glance is ready with scope checks so that test can be run with
scoped token.

Conflicts:
     lib/tempest

Change-Id: I09f513d08212bc80a3a86a750b29b1c6625d2f89
(cherry picked from commit 8c93049220)
2022-12-05 07:52:13 +00:00
Martin Kopec 1ea0d4416a Remove centos-9-stream jobs on stable/wallaby
Already n-v devstack-platform-centos-9-stream has been failing
last 2 months.

Considering that there isn't a lot of traffic on stable/wallaby
and we have a centos job in newer branches so any backport
patch gets tested there, the commit removes this job no to
waste CI resources.

Change-Id: Id218cf2ad5fbb9cae5828972366fe85911e500b2
2022-11-24 01:30:12 +01:00
Zuul 09d5617def Merge "Drop platform jobs for bionic and centos-8-stream" into stable/wallaby 2022-11-04 11:44:27 +00:00
Dr. Jens Harbott bc7431665b Further fixup for Ubuntu cloud images
The official Ubuntu cloud images have some further python pkgs
preinstalled that conflict with our requirements. Allow to
overwrite them.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1871485
Change-Id: I793c250cae5e7b9bc835b7016d790d1f9ae8a7f3
(cherry picked from commit 61a37bff9a)
2022-10-03 13:37:41 +02:00
June Yi 2aa38e1259 Respect constraints on tempest venv consistently
In case of online mode, there is a procedure to recreate tempest venv.
For consistency of tempest venv during the entire stack.sh process,
add logic to consider the TEMPEST_VENV_UPPER_CONSTRAINTS option here.

Closes-bug: #1980483
Signed-off-by: June Yi <june.yi@samsung.com>
Change-Id: I0cea282152fd363af8671cab1b5f733ebe2bd4df
(cherry picked from commit 8355e81306)
2022-08-31 15:17:07 +00:00
Zuul 94a8ac1ebe Merge "Support CentOS Stream 9" into stable/wallaby 2022-08-10 18:06:54 +00:00
Zuul 8aa22699ff Merge "Fix tls-proxy on newer versions of openssl" into stable/wallaby 2022-08-10 13:42:25 +00:00
Alfredo Moralejo e4529cf3bb Support CentOS Stream 9
This patch includes changes required to run devstack on CentOS Stream 9
which has been already published in official repos by CentOS team [1]:

- Add RDO deps repository for CS9.
- remove xinetd package from installation for swift. Note that
  rsync-daemon is installed which should work fine.
- Replace genisoimage by xorriso in CS9.
- Use /etc/os-release to identify the distro in CS9 as it doesn't
  provide lsb_release command.
- Use pip from rpm package instead of from get-pip.py as done in Fedora.
- Add non-voting job devstack-platform-centos-9-stream to the check
  pipeline.

Depends-On: https://review.opendev.org/c/openstack/devstack/+/848365
Change-Id: Ic67cddabd5069211dc0611994b8b8360bcd61bef
(cherry picked from commit 5ea4c3c18c)
2022-07-21 15:03:28 -04:00
Michael Johnson c6604eb6b0 Fix tls-proxy on newer versions of openssl
Newer versions of openssl (CentOS9Stream for example) do not like using sha1.
Devstack will fail on these systems[1] with the following error:
801B93DCE77F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:333:
This patch updates the tls-proxy code in devstack to use sha256 instead of sha1 which allows devstack to complete when tls-proxy is enabled.

[1] https://zuul.opendev.org/t/openstack/build/1d90b22a39c74e24a8390861b3c5f957/log/job-output.txt#5535

Closes-Bug: #1962600

Change-Id: I71e1371affe32f070167037b0109a489d196bd31
(cherry picked from commit 35bc600da1)
2022-07-01 16:00:44 +00:00
Gorka Eguileor 78b00ec8de Reduce memory consumption in Cinder services
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.

The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.

The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory.  As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB.  If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.

This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.

Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
(cherry picked from commit d5af514ac9)
(cherry picked from commit eb16f28ab2)
(cherry picked from commit 0d22380971)
2022-06-30 15:00:50 +02:00
Radosław Piliszek d6382fbece Remove libvirt-python from upper-constraints
... when installed from distribution.

This is mostly to fix Ironic's gate as their ecosystem is too
broad and complex to quickly remove libvirt-python from all
possible requirements.txt

More details inline.

See also: https://review.opendev.org/c/openstack/devstack/+/798514
aka f0bf2bdff1

Change-Id: Ic44daf15e952bbe3c424984ffb2474261e68008f
(cherry picked from commit 8b8a4c75b7)
2022-06-09 15:26:08 +02:00
Ian Wienand e2bed1b72f Revert "Workaround for new pip 20.3 behavior"
This reverts commit 7a3a7ce876 and
bcd0acf6c0 and part of
f1ed7c77c5 which all cap our pip
installs.

Given the pip ecosystem can often incorporate major changes, tracking
upstream at least generally gives us one problem at a time to solve
rather than trying to handle version jumps when LTS distros update.

The new dependency resolver included some changes that disallow
setting URL's like "file:///path/to/project#egg=project" in
constraints.  Apparently the fact it used to work was an accident of
the requires/constraints mechanism; it does make some sense as the URL
doesn't really have a version-number that the resolver can put in an
ordering graph.

The _setup_package_with_constraints_edit function comment highlights
what this is trying to do

 # Updates the constraints from REQUIREMENTS_DIR to reflect the
 # future installed state of this package. This ensures when we
 # install this package we get the from source version.

In other words; if constraints has "foo==1.2.3" and Zuul has checked
out "foo" for testing, we have to make sure pip doesn't choose version
1.2.3 from pypi.

It seems like removing the entry from upper-requirements.txt is the
important part; adding the URL path to the on-disk version was just
something that seemed to work at the time, but isn't really necessary.
We will install the package in question which will be the latest
version (from Zuul checkout) and without the package in
upper-requirements.txt nothing will try and downgrade it.

Therefore the solution proposed here is to remove the adding of the
URL parts.

This allows us to uncap pip and restore testing with the new
dependency resolver.

Closes-Bug: #1906322
Change-Id: Ib9ba52147199a9d6d0293182d5db50c4a567d677
(cherry picked from commit 6b9a564622)
2022-06-02 14:07:37 -05:00
Dr. Jens Harbott 5ba84319b9 Drop platform jobs for bionic and centos-8-stream
These are no longer working, so drop'em.

Change-Id: I4e8311dd4e1eb7c9bc9533cebbd1a90dba801392
2022-05-23 14:47:32 +02:00
yatinkarel ebd72a5e00 Configure placement section in neutron conf
Without it segment plugin fails to connect with
placement api. Configure the placement section
if service is deployed.

Closes-Bug: #1973783
Change-Id: Ie7f37770a04f622735cf2263c601257669ab5064
(cherry picked from commit 92a34dbe95)
2022-05-23 06:50:29 +00:00
Dan Smith ea636e0a92 Write safe.directory items to system git config
This is necessary for more consistent behavior across multiple
distro versions. Apparently somewhere along the way, git started
looking at the current user's home directory instead of $HOME.

Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798

Change-Id: I941ef5ea90970a0901236afe81c551aaf24ac1d8
(cherry picked from commit 4baeb3b51f)
(cherry picked from commit 9616d22938)
(cherry picked from commit d86f23b153)
2022-04-18 21:31:09 -05:00
Ian Wienand 494d0b7d5f Mark our source trees as safe for git to use as other users
git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.

This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history.  So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.

This plays havoc with our model.  Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks.  We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.

This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe.  This is an
encroachment of the global system for sure, but is about the only
switch available at the moment.  For discussion of other approaches,
see [2].

Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798

[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636

Depends-On: https://review.opendev.org/c/openstack/devstack/+/837745
Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
(cherry picked from commit 676dcaf944)
2022-04-13 09:39:24 -07:00
Zuul 5159d15ac3 Merge "nova: Enable apic removal workaround for bug #1939108 when using QEMU" into stable/wallaby 2022-03-02 01:24:05 +00:00
Lee Yarwood 566896e22c nova: Enable apic removal workaround for bug #1939108 when using QEMU
This change enables [workarounds]libvirt_disable_apic when devstack is
deployed using the libvirt virt driver and qemu virt type in an effort
to avoid issues outlined in bug #1939108 caused by the older kernel
currently used in Cirros 0.5.2.

Depends-On: https://review.opendev.org/c/openstack/nova/+/805628
Closes-Bug: #1939108
Change-Id: Ibb6c34133bb1c95ef11cc59d9b12a0f65502c61b
(cherry picked from commit 1e86a25cc2)
2022-02-28 13:38:18 +00:00
Ade Lee 3770875adb Set chap algorithms for FIPS if not openeuler
The default CHAP algorithm for iscsid is md5, which is disallowed
under fips.  We will set the chap algorithm to "SHA3-256,SHA256",
which should work under all configurations.

For some reason, setting the CHAPAlgorithms as in c3b705138
breaks OpenEuler.  Making this conditional so that tests continue
to pass.

Change-Id: Iaa740ecfbb9173dd97e90485bad88225caedb523
(cherry picked from commit ac958698d0)
2022-02-10 16:28:49 +00:00
Rodolfo Alonso Hernandez a4369c8bb7 Add python3.6 pip support
Since pip v22, python3.6 is not supported (the minimum version is
python3.7). This patch adds the reference for the pip3.6 URL to be
used instead of the default one.

Conflicts:
  tools/install_pip.sh

Closes-Bug: #1959600
Change-Id: Iab2c391d5388461fe9e9037cee81884ce8032e72
(cherry picked from commit a756f4b968)
(cherry picked from commit 13da39fc2e)
2022-02-02 07:35:16 +01:00
Ghanshyam Mann e6a4824448 Stop installing Tempest at system wide for stable branch
As added in notes for INSTALL_TEMPEST variable we need to set
this as False for stable branch so that devstack does not
install Tempest at system wide.

- https://github.com/openstack/devstack/blob/stable/xena/lib/tempest#L61

This should be done at the time when we cut the stable branch but
we forgot to do that for wallaby and xena. I have updated the QA
release wiki[1] for this to take care in future.

[1] https://wiki.openstack.org/wiki/QA/releases#Projects_with_only_Branches

Change-Id: I65304f66b3fe9c372fad8d4b521d0219833c1bf1
2022-01-17 16:26:47 +00:00
Dr. Jens Harbott 8b7ef9f448 Don't enable the dstat service in CI jobs
We still are seeing regular job failures because the pcp package fails
to install. Assume that we can still enable it on demand when someone
needs to debug specific job issues, let us just disable it by default.

Related-Bug: 1943184
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I32ef8038e21c818623db9389588b3c6d3f98dcad
(cherry picked from commit 134205c138)
2022-01-07 08:19:20 +00:00
Dr. Jens Harbott 0890e6423e Fix tempest upper-constraints
When deploying devstack in a stable branch, the master branch is
available locally only in a CI environment where Zuul prepares all
available branches. For a non-CI deployment we need to stick to using
the remote branch as was the case before [0].

While the situation on the master branch isn't really broken, we apply
the fix here anyway so that future stable branches are created in a
working state.

[0] I5d42ac6b54bf20804d7e5faa39d1289102318b64

Closes-Bug: #1956219
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib7719cb2d48b34db70f885e0afe77d904abba3b5
(cherry picked from commit 2ef4a4c851)
2022-01-05 13:31:05 +00:00
yatinkarel 93b008875f Use upper-constraints from in review changes
Currently upper-constraints.txt is not getting used
from in-review changes of requirements project and
leading to merge of broken requirements[1].

Use master branch to fetch constraints instead of
the remote branch.

[1] https://review.opendev.org/c/openstack/requirements/+/822575

Depends-On: https://review.opendev.org/c/openstack/requirements/+/823128
Change-Id: I5d42ac6b54bf20804d7e5faa39d1289102318b64
(cherry picked from commit 05e622ead2)
2021-12-30 05:43:27 +00:00
Zuul 620792b187 Merge "nova: Ensure each compute uses a unique iSCSI initiator" into stable/wallaby 2021-10-11 00:51:49 +00:00
Lee Yarwood a41fff99b3 nova: Ensure each compute uses a unique iSCSI initiator
The current initiator name embedded in our CI images is not unique at
present and can often cause failures during live migrations with
attached volumes. This change ensures the name is unique by running
iscsi-iname again and overwriting the existing name.

We could potentially do this during the image build process itself but
given that devstack systems are not supposed to be multi-purpose this
should be safe to do during the devstack run.

NOTE(lyarwood): Conflict due to
If2f74f146a166b9721540aaf3f1f9fce3030525c not being present on
stable/wallaby.

Conflicts:
    lib/nova

Closes-Bug: #1945983
Change-Id: I9ed26a17858df96c04be9ae52bf2e33e023869a5
(cherry picked from commit 714826d1a2)
(cherry picked from commit ee629cc775)
2021-10-07 09:43:09 +01:00
Zuul a1e4ebe15e Merge "Rely on ceph.conf settings when cinder backup pool is created" into stable/wallaby 2021-10-06 17:32:20 +00:00
Ghanshyam Mann 51d8acf12d Re-enable nova-ceph-multistore job
nova-ceph-multistore was failing on stable branch
as it was picking master version of base job instead
of stable one. There is issue in job variant in base
ceph job which is now fixed by depends-on.

Re-enable it in devstack gate.

Depends-On: https://review.opendev.org/c/openstack/devstack-plugin-ceph/+/811348
Depedns-On: https://review.opendev.org/c/openstack/devstack-plugin-ceph/+/811478
Change-Id: Ia7f53b41f2450fb0dd7743f7dc7024cd987feeb7
2021-09-28 22:21:20 +00:00
Jens Harbott b63229ca83 Fix uwsgi config for trailing slashes
The apache mod_proxy documentation[0] says that trailing slashes need to
match for the ProxyPass statement. Since adding a slash to the redirected
url would break things that need to access endpoints like /identity
without anything added, we need to drop the trailing slash for the
target URL. See [1] for the discussion of the CVE fix that changed the
previous behavior.

[0] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass
[1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274

For stable/wallaby the nova-ceph-multistore job is currently broken,
drop it for now, it can be re-added when they got fixed.

Depends-On: https://review.opendev.org/c/openstack/devstack/+/811399
Change-Id: Ia6bae7419e5d9a9585f2316562a6c6bb968dcaa7
2021-09-28 12:39:51 -05:00
Francesco Pantano 16829e4668 Rely on ceph.conf settings when cinder backup pool is created
Ceph adds the osd pool default size option on ceph.conf via [1];
this means we don't need to specify the size of this pool if
the same value (same variable) is used (CEPH_REPLICAS).
This change is an attempt of removing the size setting, relying
on the implicit declaration of the value provided by ceph.conf.

[1] https://github.com/openstack/devstack-plugin-ceph/blob/master/devstack/lib/ceph#L425

Change-Id: I5fa2105ceb3b97a4e38926d76c1e4028f1108d4a
(cherry picked from commit 448db9ec41)
2021-09-21 22:11:57 +00:00
Zuul 1fb0b8398e Merge "Drop broute from ebtables_dump" into stable/wallaby 2021-09-01 10:51:07 +00:00
Zuul 5cf66e70df Merge "[CI] Drop CentOS Linux 8 job and nodeset" into stable/wallaby 2021-09-01 08:56:08 +00:00
Zuul 68b2bf8649 Merge "Fix Usage of rdo-release rpm" into stable/wallaby 2021-09-01 08:56:06 +00:00
Jens Harbott b9b31df76c Drop broute from ebtables_dump
This table is no longer present on most installations, drop it
from the list to avoid error messages during log collection
that people mistake to be the real error why devstack is failing.

This may lose some debugging information in edge cases, but I
think the improvement of the general user experience is more
important.

Change-Id: Ibb9b247a018a788c8c4b40487762319fe470bf0f
Closes-Bug: 1885198
(cherry picked from commit 5a684eb51b)
2021-09-01 07:07:13 +00:00
Takashi Kajinami b995e5aff7 swift: Fix the empty gid option in rsyncd.conf
This change fixes the empty value set to the gid option in rsyncd.conf,
which was caused by reference to the invalid USER_GROUP variable, and
ensures the option is set to the group which STACK_USER belongs to.

This also fixes duplicate declaration of the local user_group variable.

Closes-Bug: #1940742
Change-Id: Ifd0a5ef0bc5f3647f43b169df1f7176393971853
(cherry picked from commit 25f84277ea)
2021-08-28 23:23:13 +00:00
Radosław Piliszek 05c1af45b9 [CI] Drop CentOS Linux 8 job and nodeset
CentOS Stream 8 (aka CentOS 8 Stream) is the currently
supported runtime platform. [0]

DevStack works with CentOS Stream only now. [1]

The only usage of the nodeset being dropped is handled by the
Depends-On.

[0] https://governance.openstack.org/tc/reference/runtimes/xena.html
[1] https://review.opendev.org/c/openstack/devstack/+/759122

Depends-On: https://review.opendev.org/c/openstack/cinder-tempest-plugin/+/795159
Change-Id: Ic0f696b46dce3dba529b53a8f9de8cda6b913c7b
(cherry picked from commit 81937a230a)
2021-08-26 12:05:50 +05:30
Radosław Piliszek 058b2fbb8c Fix Usage of rdo-release rpm
rdo-release.el8.rpm rpm points to latest RDO release,
so use it for master, for stable releases use corresponding
release rpm.

In addition to backport this commit:

1. Add centos8-stream job to show fix is working fine becasue
there is no centos8 repo for wallaby and centos8 job does not validate
this backport. We can remove the centos8 job later in follow up. I
did not it in this commit to keep this backport as clean as possible.

2. backport below commit to fix centos8-stream job

Set swap size to 4G for c8 jobs

Tempest is failing randomly with different reasons
as mentioned in the bug, updating swap size those
issues are not seen.

Before [1] default swap size used to be 8GB but was dropped
to 1G so need to configure it in required job itself.

Did couple of tests in [2] and with 4GB+ swap jobs are
running green. On investigation found that with qemu-5
both Ubuntu and CentOS jobs have memory crunch, currently
Ubuntu jobs are not impacted as they are running with
qemu-4.

[1] https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/750941
[2] https://review.opendev.org/c/openstack/devstack/+/803144

Closes-Bug: #1938914
Change-Id: I57910b5fde5ddf2bd37d93e06c1aff77c6e231e9
(cherry picked from commit 60b5538c33)

Change-Id: I508eceb00d7501ffcfac73d7bc2272badb241494
(cherry picked from commit 0456baaee5)
2021-08-20 23:04:45 +00:00
Zuul 5d69591c69 Merge "Configure Cinder backup driver" into stable/wallaby 2021-08-12 17:18:52 +00:00
Radosław Piliszek c1928d8fb8 [CI] [stable-only] Drop testing on Fedora
The QA/DevStack team does not support testing on Fedora on stable
branches. The fedora-latest nodeset is meant to be used on
master branch only.
This change removes it on this stable branch to allow the nodeset
to progress with Fedora version on master.
In addition, the two Fedora jobs are removed to allow for nodeset
removal.

Change-Id: If952b54bdecf82be811b57f4a17a0c59db54a62a
2021-07-27 16:20:35 +00:00
Lee Yarwood e6a461ff09 libvirt: Stop installing python bindings from pip
As set out in bug #1933096 these bindings are dynamically built against
the version of libvirt present in the environment at build time.

As a result using a pre-built wheel can cause AttributeError's when the
bindings have previously been built elsewhere against an older version
of libvirt installed on the host. This is currently the case in CentOS 8
stream based CI jobs where we try to use 7.4.0 bindings that appear to
be built against libvirt <= 6.10 leading to bug #1933096.

This change seeks to avoid this by installing the bindings from packages
that will always be built against the correct corresponding version of
libvirt.

Change-Id: I76184c17a776c4e1ecaab9549d9d36c8c07c60fa
Closes-Bug: #1933096
2021-07-20 09:43:45 +00:00
Radosław Piliszek eeba227b62 Move verify-ipv6-only-deployments
from Tempest to DevStack as it tests DevStack side of things and
is useful for projects not using Tempest.

Verbatim copy except for the devstack- prefix and the /devstack/
path.

Change-Id: Ie166730843f874b9c99e37244e460d7ad33b7eeb
(cherry picked from commit 2fb8c7a5ee)
2021-06-10 07:36:25 +00:00
Ghanshyam Mann b662159717 Pin nodeset for unit test job
devstack unit test job does not set any nodeset
and so does use default nodeset defined in base jobs
in opendev. When opendev switches the default nodeset to
the latest distro version, devstack unit test job can start
failing. Example:

- https://review.opendev.org/q/I01408f2f2959b0788fe712ac268a526502226ee9
- https://review.opendev.org/q/Ib1ea47bc7384e1f579cb08c779a32151fccd6845

To avoid such a situation in future, let's set the working nodeset
for this job also so that when we cut the stable branch we can
run it on the working distro version. 

Change-Id: I302140778fedf08bc8ba72c453837fa7b8f8f9ae
2021-05-25 18:11:27 +00:00
Zuul e3f7fac619 Merge "gzip, not xz" into stable/wallaby 2021-05-21 14:55:41 +00:00
Zuul 8b6281b1b6 Merge "cinder: Increase VOLUME_BACKING_FILE_SIZE" into stable/wallaby 2021-05-21 11:17:18 +00:00
Ghanshyam Mann 12484c4c9f Fix unit test to use python3 command
unit test jobs staretd to run on ubuntu-focal now
and failing for using 'python' command.

Change-Id: Ie002faf4c96ac7f207207a481c057b8df0289e6c
2021-05-20 14:30:10 +00:00
Lee Yarwood 055d02392c cinder: Increase VOLUME_BACKING_FILE_SIZE
As reported in bug #1920136 the tempest-integrated-compute job has
started to see insufficient free virtual space errors being reported by
c-sch and c-vol when creating volumes. This change simply increases the
default size of the underlying LVM PV used to host these volumes within
the default LVM/iSCSI c-vol backend deployed by devstack.

Change-Id: I965d4a485215ac482403f1e83609452550dfd860
Closes-Bug: #1920136
(cherry picked from commit 362641b1b8)
2021-05-19 11:44:28 +00:00
Lucas Alvares Gomes a90141d061 Fix docs job
Sphinx 4.0.0 added a new dependency [0] which is causing the job to fail
at the moment.

This patch fix the problem by adding UC to the docs jobs.

[0] https://www.sphinx-doc.org/en/master/changes.html (LaTeX: add
tex-gyre font dependency)

Change-Id: I28019331017405c06577ada88f8e9f6d9a2afc23
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
(cherry picked from commit 69a66fb62b)
2021-05-11 15:20:54 +01:00
Radosław Piliszek 32a24bde30 gzip, not xz
xz may cause POST_FAILUREs due to memory pressure [1].

[1] http://lists.openstack.org/pipermail/openstack-discuss/2021-April/021609.html

Change-Id: I2ea3175ecf2508b62640bfffdd798d7072e55550
2021-05-09 08:48:11 +00:00
Clark Boylan 8c922fe336 Fix async race updating nova configs
The configure_neutron_nova function updates nova configs. While that is
still running we separately update nova configs in stack.sh. This can
result in unexpected configs (that don't work). Fix this by waiting for
configure_neutron_nova to complete its work before we do nova config
updates directly in stack.sh.

For specifics we say that:

  [neutron]
  project_domain_name = Default

was missing from both nova.conf and nova-cpu.conf and instances could
not be created because keystone complained about not finding domain in
project. The strong suspicion here is that on some systems
configure_neutron_nova would write out project_domain_name while the
stack.sh inisets were running resulting in stack.sh overwriting the
project_domain_name content.

One theory is that disabling swift makes this problem more likely as
there is swift work in the middle of the async period. This is supported
by the fact that our job that hits this problem does indeed disable
swift.

Change-Id: I0961d882d555a21233c6b4fbfc077cfe33b88499
(cherry picked from commit 06b7352478)
2021-04-30 08:04:37 -07:00
Ghanshyam Mann 800eb4dd44 Make stackviz tasks not to fail jobs
Due to issue on stckviz side, job start
failing with POST_FAILURE. If we fix the
issue still we need to wait for periodic job
periodic-package-stackviz-element to publish
the latest tarball on https://tarballs.openstack.org/stackviz/dist/.

Let's not fail the job for any issue occur during
stackviz processing.

Closes-Bug: 1863161

Change-Id: Ifee04f28ecee52e74803f1623aba5cfe5ee5ec90
(cherry picked from commit 580fec54c3)
2021-04-08 20:16:12 -05:00
Hironori Shiina fc72473906 Configure Cinder backup driver
This patch adds a new environment variable, CINDER_BACKUP_DRIVER for
configuring cinder backup driver used when c-bak service is enabled.
This gets cinder backup driver configurable with a similar pattern to
cinder backends. Although the current configurable backup drivers don't
need cleanup functions, the interface for cleanup is prepared for the
future.

The following backup drivers can be configured:
  swift:
  This is the default backup driver.
  ceph:
  This already can be configured if ceph backend driver is enabled. For
  backward compatibility, ceph backup driver is used if ceph backend
  driver is enabled and no backup driver is specified.
  s3_swift:
  The s3 backup driver gets configurable with this patch. By specifying
  's3_swift', the driver is configured for swift s3api.

In the future, lib/cinder_backups/s3 should be created separatedly for
external S3 compatible storage. This file will just set given parameters
such as a URL and credentials.

Change-Id: I356c224d938e1aa59c8589387a03682b3ec6e23d
(cherry picked from commit 01a84d2d03)
2021-04-08 19:02:53 +02:00
Zuul dd8502802f Merge "Cap stable/wallaby network, swift, volume api_extensions for tempest" into stable/wallaby 2021-04-07 18:40:40 +00:00
Zuul aff1fb7fb9 Merge "Cap max microversions for stable/wallaby" into stable/wallaby 2021-04-07 18:40:23 +00:00
Ghanshyam Mann a10ae7c931 Cap stable/wallaby network, swift, volume api_extensions for tempest
This commit cap the network, volume and swift extensions on
Tempest's config option api_extensions.

Change-Id: I0af39a389539b0183d5b260e1fd34eb03e2b06d8
2021-04-06 11:24:12 -05:00
Ghanshyam Mann ee69e4fd9f Cap max microversions for stable/wallaby
This commit cap the max microversions for compute,
volume, and placement API for stable/wallaby.

Change-Id: Id3fa99493c398bdd588f9fbdc2432d6a07ca6601
2021-04-06 10:39:59 -05:00
Ghanshyam Mann 32379bab32 Update devstack branches for stable/wallaby
Change-Id: I62720c959947f813f51f5c8b73ec727672c414dd
2021-04-06 10:32:49 -05:00
OpenStack Release Bot 6a5be762d4 Update .gitreview for stable/wallaby
Change-Id: Icf097d7fd6691b4b9fd5487e0e0cf72028b80fc7
2021-04-01 10:37:50 +00:00
43 changed files with 699 additions and 292 deletions
+1
View File
@@ -2,3 +2,4 @@
host=review.opendev.org
port=29418
project=openstack/devstack.git
defaultbranch=unmaintained/wallaby
+30 -70
View File
@@ -39,20 +39,20 @@
- controller
- nodeset:
name: devstack-single-node-centos-7
name: devstack-single-node-centos-8-stream
nodes:
- name: controller
label: centos-7
label: centos-8-stream
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: devstack-single-node-centos-8
name: devstack-single-node-centos-9-stream
nodes:
- name: controller
label: centos-8
label: centos-9-stream
groups:
- name: tempest
nodes:
@@ -68,16 +68,6 @@
nodes:
- controller
- nodeset:
name: devstack-single-node-fedora-latest
nodes:
- name: controller
label: fedora-32
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: openstack-two-node
nodes:
@@ -285,7 +275,6 @@
required-projects:
- opendev.org/openstack/devstack
roles:
- zuul: opendev.org/openstack/devstack-gate
- zuul: opendev.org/openstack/openstack-zuul-jobs
vars:
devstack_localrc:
@@ -403,7 +392,7 @@
PUBLIC_BRIDGE_MTU: '{{ external_bridge_mtu }}'
devstack_services:
# Shared services
dstat: true
dstat: false
etcd3: true
memory_tracker: true
mysql: true
@@ -412,7 +401,7 @@
subnode:
devstack_services:
# Shared services
dstat: true
dstat: false
memory_tracker: true
devstack_localrc:
# Multinode specific settings
@@ -477,7 +466,7 @@
# Core services enabled for this branch.
# This list replaces the test-matrix.
# Shared services
dstat: true
dstat: false
etcd3: true
memory_tracker: true
mysql: true
@@ -527,7 +516,7 @@
# Core services enabled for this branch.
# This list replaces the test-matrix.
# Shared services
dstat: true
dstat: false
memory_tracker: true
tls-proxy: true
# Nova services
@@ -571,25 +560,9 @@
description: |
Simple multinode test to verify multinode functionality on devstack side.
This is not meant to be used as a parent job.
# NOTE(ianw) Platform tests have traditionally been non-voting because
# we often have to rush things through devstack to stabilise the gate,
# and these platforms don't have the round-the-clock support to avoid
# becoming blockers in that situation.
- job:
name: devstack-platform-centos-8
parent: tempest-full-py3
description: Centos 8 platform test
nodeset: devstack-single-node-centos-8
voting: false
timeout: 9000
- job:
name: devstack-platform-bionic
parent: tempest-full-py3
description: Ubuntu Bionic platform test
nodeset: openstack-single-node-bionic
voting: false
vars:
devstack_localrc:
MYSQL_REDUCE_MEMORY: true
- job:
name: devstack-async
@@ -602,23 +575,6 @@
zuul_copy_output:
/opt/stack/async: logs
- job:
name: devstack-platform-fedora-latest
parent: tempest-full-py3
description: Fedora latest platform test
nodeset: devstack-single-node-fedora-latest
voting: false
- job:
name: devstack-platform-fedora-latest-virt-preview
parent: tempest-full-py3
description: Fedora latest platform test using the virt-preview repo.
nodeset: devstack-single-node-fedora-latest
voting: false
vars:
devstack_localrc:
ENABLE_FEDORA_VIRT_PREVIEW_REPO: true
- job:
name: devstack-tox-base
parent: devstack
@@ -675,6 +631,7 @@
- job:
name: devstack-unit-tests
nodeset: ubuntu-focal
description: |
Runs unit tests on devstack project.
@@ -690,9 +647,6 @@
jobs:
- devstack
- devstack-ipv6
- devstack-platform-fedora-latest
- devstack-platform-centos-8
- devstack-platform-bionic
- devstack-async
- devstack-multinode
- devstack-unit-tests
@@ -704,10 +658,8 @@
irrelevant-files: &dsvm-irrelevant-files
- ^.*\.rst$
- ^doc/.*$
- swift-dsvm-functional-py3:
voting: false
irrelevant-files: *dsvm-irrelevant-files
- grenade:
voting: false
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
@@ -729,7 +681,10 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
# TODO(gmann): make it voting once it is fixed, currently it is failing
# for <=stable/xena https://zuul.openstack.org/builds?job_name=openstacksdk-functional-devstack&branch=stable%2Fxena&branch=stable%2Fwallaby&skip=0
- openstacksdk-functional-devstack:
voting: false
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
@@ -738,6 +693,7 @@
- ^.*\.rst$
- ^doc/.*$
- nova-ceph-multistore:
voting: false
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
@@ -757,21 +713,26 @@
- ^.*\.rst$
- ^doc/.*$
- grenade:
voting: false
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- openstacksdk-functional-devstack:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
# - openstacksdk-functional-devstack:
# voting: false
# irrelevant-files:
# - ^.*\.rst$
# - ^doc/.*$
- tempest-ipv6-only:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- nova-ceph-multistore:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
# TODO(elod.illes): nova-ceph-multistore is broken in this branch,
# so it is set as non-voting in check queue and commented out here
# in gate queue until the job gets fixed.
# - nova-ceph-multistore:
# irrelevant-files:
# - ^.*\.rst$
# - ^doc/.*$
# Please add a note on each job and conditions for the job not
# being experimental any more, so we can keep this list somewhat
# pruned.
@@ -821,4 +782,3 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- devstack-platform-fedora-latest-virt-preview
+1 -1
View File
@@ -1,3 +1,3 @@
ceph # NOPRIME
redhat-lsb-core
redhat-lsb-core # not:rhel9
xfsprogs
+2 -1
View File
@@ -1,9 +1,10 @@
cryptsetup
dosfstools
genisoimage
genisoimage # not:rhel9
iscsi-initiator-utils
libosinfo
lvm2
sg3_utils
# Stuff for diablo volumes
sysfsutils
xorriso # not:rhel8
+2 -1
View File
@@ -4,7 +4,7 @@ dnsmasq # for q-dhcp
dnsmasq-utils # for dhcp_release
ebtables
gawk
genisoimage # required for config_drive
genisoimage # not:rhel9 required for config_drive
iptables
iputils
kernel-modules
@@ -14,3 +14,4 @@ polkit
rabbitmq-server # NOPRIME
sqlite
sudo
xorriso # not:rhel8
+1 -1
View File
@@ -4,4 +4,4 @@ memcached
rsync-daemon
sqlite
xfsprogs
xinetd
xinetd # not:f34,rhel9
+42 -9
View File
@@ -346,12 +346,19 @@ function _ensure_lsb_release {
# - os_VENDOR
# - os_PACKAGE
function GetOSVersion {
# We only support distros that provide a sane lsb_release
_ensure_lsb_release
# CentOS Stream 9 does not provide lsb_release
source /etc/os-release
if [[ "${ID}${VERSION}" == "centos9" ]]; then
os_RELEASE=${VERSION_ID}
os_CODENAME="n/a"
os_VENDOR=$(echo $NAME | tr -d '[:space:]')
else
_ensure_lsb_release
os_RELEASE=$(lsb_release -r -s)
os_CODENAME=$(lsb_release -c -s)
os_VENDOR=$(lsb_release -i -s)
os_RELEASE=$(lsb_release -r -s)
os_CODENAME=$(lsb_release -c -s)
os_VENDOR=$(lsb_release -i -s)
fi
if [[ $os_VENDOR =~ (Debian|Ubuntu|LinuxMint) ]]; then
os_PACKAGE="deb"
@@ -588,6 +595,18 @@ function git_clone {
fi
fi
# NOTE(ianw) 2022-04-13 : commit [1] has broken many assumptions
# about how we clone and work with repos. Mark them safe globally
# as a work-around.
#
# NOTE(danms): On bionic (and likely others) git-config may write
# ~stackuser/.gitconfig if not run with sudo -H. Using --system
# writes these changes to /etc/gitconfig which is more
# discoverable anyway.
#
# [1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
sudo git config --system --add safe.directory ${git_dest}
# print out the results so we know what change was used in the logs
cd $git_dest
git show --oneline | head -1
@@ -1442,6 +1461,7 @@ function write_user_unit_file {
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local extra=""
if [[ -n "$group" ]]; then
extra="Group=$group"
@@ -1455,6 +1475,9 @@ function write_user_unit_file {
iniset -sudo $unitfile "Service" "KillMode" "process"
iniset -sudo $unitfile "Service" "TimeoutStopSec" "300"
iniset -sudo $unitfile "Service" "ExecReload" "$KILL_PATH -HUP \$MAINPID"
if [[ -n "$env_vars" ]] ; then
iniset -sudo $unitfile "Service" "Environment" "$env_vars"
fi
if [[ -n "$group" ]]; then
iniset -sudo $unitfile "Service" "Group" "$group"
fi
@@ -1469,6 +1492,7 @@ function write_uwsgi_user_unit_file {
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local unitfile="$SYSTEMD_DIR/$service"
mkdir -p $SYSTEMD_DIR
@@ -1483,6 +1507,9 @@ function write_uwsgi_user_unit_file {
iniset -sudo $unitfile "Service" "NotifyAccess" "all"
iniset -sudo $unitfile "Service" "RestartForceExitStatus" "100"
if [[ -n "$env_vars" ]] ; then
iniset -sudo $unitfile "Service" "Environment" "$env_vars"
fi
if [[ -n "$group" ]]; then
iniset -sudo $unitfile "Service" "Group" "$group"
fi
@@ -1530,10 +1557,14 @@ function _run_under_systemd {
local systemd_service="devstack@$service.service"
local group=$3
local user=${4:-$STACK_USER}
if [[ -z "$user" ]]; then
user=$STACK_USER
fi
local env_vars="$5"
if [[ "$command" =~ "uwsgi" ]] ; then
write_uwsgi_user_unit_file $systemd_service "$cmd" "$group" "$user"
write_uwsgi_user_unit_file $systemd_service "$cmd" "$group" "$user" "$env_vars"
else
write_user_unit_file $systemd_service "$cmd" "$group" "$user"
write_user_unit_file $systemd_service "$cmd" "$group" "$user" "$env_vars"
fi
$SYSTEMCTL enable $systemd_service
@@ -1554,18 +1585,20 @@ function is_running {
# If the command includes shell metachatacters (;<>*) it must be run using a shell
# If an optional group is provided sg will be used to run the
# command as that group.
# run_process service "command-line" [group] [user]
# run_process service "command-line" [group] [user] [env_vars]
# env_vars must be a space separated list of variable assigments, ie: "A=1 B=2"
function run_process {
local service=$1
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local name=$service
time_start "run_process"
if is_service_enabled $service; then
_run_under_systemd "$name" "$command" "$group" "$user"
_run_under_systemd "$name" "$command" "$group" "$user" "$env_vars"
fi
time_stop "run_process"
}
+4 -3
View File
@@ -378,12 +378,13 @@ function _setup_package_with_constraints_edit {
project_dir=$(cd $project_dir && pwd)
if [ -n "$REQUIREMENTS_DIR" ]; then
# Constrain this package to this project directory from here on out.
# Remove this package from constraints before we install it.
# That way, later installs won't "downgrade" the install from
# source we are about to do.
local name
name=$(awk '/^name.*=/ {print $3}' $project_dir/setup.cfg)
$REQUIREMENTS_DIR/.venv/bin/edit-constraints \
$REQUIREMENTS_DIR/upper-constraints.txt -- $name \
"$flags file://$project_dir#egg=$name"
$REQUIREMENTS_DIR/upper-constraints.txt -- $name
fi
setup_package $bindep $project_dir "$flags" $extras
+1 -1
View File
@@ -306,7 +306,7 @@ function write_uwsgi_config {
apache_conf=$(apache_site_config_for $name)
iniset "$file" uwsgi socket "$socket"
iniset "$file" uwsgi chmod-socket 666
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}\" retry=0 " | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
fi
+45 -9
View File
@@ -31,6 +31,7 @@ set +o xtrace
CINDER_DRIVER=${CINDER_DRIVER:-default}
CINDER_PLUGINS=$TOP_DIR/lib/cinder_plugins
CINDER_BACKENDS=$TOP_DIR/lib/cinder_backends
CINDER_BACKUPS=$TOP_DIR/lib/cinder_backups
# grab plugin config if specified via cinder_driver
if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
@@ -98,6 +99,16 @@ else
CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-tgtadm}
fi
# For backward compatibility
# Before CINDER_BACKUP_DRIVER was introduced, ceph backup driver was configured
# along with ceph backend driver.
if [[ -z "${CINDER_BACKUP_DRIVER}" && "$CINDER_ENABLED_BACKENDS" =~ "ceph" ]]; then
CINDER_BACKUP_DRIVER=ceph
fi
# Supported backup drivers are in lib/cinder_backups
CINDER_BACKUP_DRIVER=${CINDER_BACKUP_DRIVER:-swift}
# Toggle for deploying Cinder under a wsgi server. Legacy mod_wsgi
# reference should be cleaned up to more accurately refer to uwsgi.
CINDER_USE_MOD_WSGI=${CINDER_USE_MOD_WSGI:-True}
@@ -113,6 +124,15 @@ if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
done
fi
# Source the backup driver
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if [[ -r $CINDER_BACKUPS/$CINDER_BACKUP_DRIVER ]]; then
source $CINDER_BACKUPS/$CINDER_BACKUP_DRIVER
else
die "cinder backup driver $CINDER_BACKUP_DRIVER is not supported"
fi
fi
# Environment variables to configure the image-volume cache
CINDER_IMG_CACHE_ENABLED=${CINDER_IMG_CACHE_ENABLED:-True}
@@ -189,6 +209,12 @@ function cleanup_cinder {
done
fi
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if type cleanup_cinder_backup_$CINDER_BACKUP_DRIVER >/dev/null 2>&1; then
cleanup_cinder_backup_$CINDER_BACKUP_DRIVER
fi
fi
stop_process "c-api"
remove_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI"
}
@@ -266,13 +292,12 @@ function configure_cinder {
configure_cinder_image_volume_cache
fi
if is_service_enabled c-bak; then
# NOTE(mriedem): The default backup driver uses swift and if we're
# on a subnode we might not know if swift is enabled, but chances are
# good that it is on the controller so configure the backup service
# to use it. If we want to configure the backup service to use
# a non-swift driver, we'll likely need environment variables.
iniset $CINDER_CONF DEFAULT backup_swift_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_"
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if type configure_cinder_backup_$CINDER_BACKUP_DRIVER >/dev/null 2>&1; then
configure_cinder_backup_$CINDER_BACKUP_DRIVER
else
die "configure_cinder_backup_$CINDER_BACKUP_DRIVER doesn't exist in $CINDER_BACKUPS/$CINDER_BACKUP_DRIVER"
fi
fi
if is_service_enabled ceilometer; then
@@ -410,6 +435,12 @@ function init_cinder {
done
fi
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if type init_cinder_backup_$CINDER_BACKUP_DRIVER >/dev/null 2>&1; then
init_cinder_backup_$CINDER_BACKUP_DRIVER
fi
fi
mkdir -p $CINDER_STATE_PATH/volumes
}
@@ -504,8 +535,13 @@ function start_cinder {
fi
run_process c-sch "$CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF"
run_process c-bak "$CINDER_BIN_DIR/cinder-backup --config-file $CINDER_CONF"
run_process c-vol "$CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF"
# Tune glibc for Python Services using single malloc arena for all threads
# and disabling dynamic thresholds to reduce memory usage when using native
# threads directly or via eventlet.tpool
# https://www.gnu.org/software/libc/manual/html_node/Memory-Allocation-Tunables.html
malloc_tuning="MALLOC_ARENA_MAX=1 MALLOC_MMAP_THRESHOLD_=131072 MALLOC_TRIM_THRESHOLD_=262144"
run_process c-bak "$CINDER_BIN_DIR/cinder-backup --config-file $CINDER_CONF" "" "" "$malloc_tuning"
run_process c-vol "$CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF" "" "" "$malloc_tuning"
# NOTE(jdg): For cinder, startup order matters. To ensure that repor_capabilities is received
# by the scheduler start the cinder-volume service last (or restart it) after the scheduler
-32
View File
@@ -6,12 +6,6 @@
# Enable with:
#
# CINDER_ENABLED_BACKENDS+=,ceph:ceph
#
# Optional parameters:
# CINDER_BAK_CEPH_POOL=<pool-name>
# CINDER_BAK_CEPH_USER=<user>
# CINDER_BAK_CEPH_POOL_PG=<pg-num>
# CINDER_BAK_CEPH_POOL_PGP=<pgp-num>
# Dependencies:
#
@@ -29,11 +23,6 @@ set +o xtrace
# Defaults
# --------
CINDER_BAK_CEPH_POOL=${CINDER_BAK_CEPH_POOL:-backups}
CINDER_BAK_CEPH_POOL_PG=${CINDER_BAK_CEPH_POOL_PG:-8}
CINDER_BAK_CEPH_POOL_PGP=${CINDER_BAK_CEPH_POOL_PGP:-8}
CINDER_BAK_CEPH_USER=${CINDER_BAK_CEPH_USER:-cinder-bak}
# Entry Points
# ------------
@@ -52,27 +41,6 @@ function configure_cinder_backend_ceph {
iniset $CINDER_CONF $be_name rbd_flatten_volume_from_snapshot False
iniset $CINDER_CONF $be_name rbd_max_clone_depth 5
iniset $CINDER_CONF DEFAULT glance_api_version 2
if is_service_enabled c-bak; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_BAK_CEPH_POOL} ${CINDER_BAK_CEPH_POOL_PG} ${CINDER_BAK_CEPH_POOL_PGP}
if [ "$REMOTE_CEPH" = "False" ]; then
# Configure Cinder backup service options, ceph pool, ceph user and ceph key
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} size ${CEPH_REPLICAS}
if [[ $CEPH_REPLICAS -ne 1 ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID}
fi
fi
sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.ceph.CephBackupDriver"
iniset $CINDER_CONF DEFAULT backup_ceph_conf "$CEPH_CONF_FILE"
iniset $CINDER_CONF DEFAULT backup_ceph_pool "$CINDER_BAK_CEPH_POOL"
iniset $CINDER_CONF DEFAULT backup_ceph_user "$CINDER_BAK_CEPH_USER"
iniset $CINDER_CONF DEFAULT backup_ceph_stripe_unit 0
iniset $CINDER_CONF DEFAULT backup_ceph_stripe_count 0
iniset $CINDER_CONF DEFAULT restore_discard_excess_bytes True
fi
}
# Restore xtrace
+53
View File
@@ -0,0 +1,53 @@
#!/bin/bash
#
# lib/cinder_backups/ceph
# Configure the ceph backup driver
# Enable with:
#
# CINDER_BACKUP_DRIVER=ceph
# Dependencies:
#
# - ``functions`` file
# - ``cinder`` configurations
# Save trace setting
_XTRACE_CINDER_CEPH=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
CINDER_BAK_CEPH_POOL=${CINDER_BAK_CEPH_POOL:-backups}
CINDER_BAK_CEPH_POOL_PG=${CINDER_BAK_CEPH_POOL_PG:-8}
CINDER_BAK_CEPH_POOL_PGP=${CINDER_BAK_CEPH_POOL_PGP:-8}
CINDER_BAK_CEPH_USER=${CINDER_BAK_CEPH_USER:-cinder-bak}
function configure_cinder_backup_ceph {
sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_BAK_CEPH_POOL} ${CINDER_BAK_CEPH_POOL_PG} ${CINDER_BAK_CEPH_POOL_PGP}
if [[ "$REMOTE_CEPH" = "False" && "$CEPH_REPLICAS" -ne 1 ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID}
fi
sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.ceph.CephBackupDriver"
iniset $CINDER_CONF DEFAULT backup_ceph_conf "$CEPH_CONF_FILE"
iniset $CINDER_CONF DEFAULT backup_ceph_pool "$CINDER_BAK_CEPH_POOL"
iniset $CINDER_CONF DEFAULT backup_ceph_user "$CINDER_BAK_CEPH_USER"
iniset $CINDER_CONF DEFAULT backup_ceph_stripe_unit 0
iniset $CINDER_CONF DEFAULT backup_ceph_stripe_count 0
iniset $CINDER_CONF DEFAULT restore_discard_excess_bytes True
}
# init_cinder_backup_ceph: nothing to do
# cleanup_cinder_backup_ceph: nothing to do
# Restore xtrace
$_XTRACE_CINDER_CEPH
# Local variables:
# mode: shell-script
# End:
+45
View File
@@ -0,0 +1,45 @@
#!/bin/bash
#
# lib/cinder_backups/s3_swift
# Configure the s3 backup driver with swift s3api
#
# TODO: create lib/cinder_backup/s3 for external s3 compatible storage
# Enable with:
#
# CINDER_BACKUP_DRIVER=s3_swift
# enable_service s3api s-proxy s-object s-container s-account
# Dependencies:
#
# - ``functions`` file
# - ``cinder`` configurations
# Save trace setting
_XTRACE_CINDER_S3_SWIFT=$(set +o | grep xtrace)
set +o xtrace
function configure_cinder_backup_s3_swift {
# This configuration requires swift and s3api. If we're
# on a subnode we might not know if they are enabled
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.s3.S3BackupDriver"
iniset $CINDER_CONF DEFAULT backup_s3_endpoint_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$S3_SERVICE_PORT"
}
function init_cinder_backup_s3_swift {
openstack ec2 credential create
iniset $CINDER_CONF DEFAULT backup_s3_store_access_key "$(openstack ec2 credential list -c Access -f value)"
iniset $CINDER_CONF DEFAULT backup_s3_store_secret_key "$(openstack ec2 credential list -c Secret -f value)"
if is_service_enabled tls-proxy; then
iniset $CINDER_CONF DEFAULT backup_s3_ca_cert_file "$SSL_BUNDLE_FILE"
fi
}
# cleanup_cinder_backup_s3_swift: nothing to do
# Restore xtrace
$_XTRACE_CINDER_S3_SWIFT
# Local variables:
# mode: shell-script
# End:
+38
View File
@@ -0,0 +1,38 @@
#!/bin/bash
#
# lib/cinder_backups/swift
# Configure the swift backup driver
# Enable with:
#
# CINDER_BACKUP_DRIVER=swift
# Dependencies:
#
# - ``functions`` file
# - ``cinder`` configurations
# Save trace setting
_XTRACE_CINDER_SWIFT=$(set +o | grep xtrace)
set +o xtrace
function configure_cinder_backup_swift {
# NOTE(mriedem): The default backup driver uses swift and if we're
# on a subnode we might not know if swift is enabled, but chances are
# good that it is on the controller so configure the backup service
# to use it.
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.swift.SwiftBackupDriver"
iniset $CINDER_CONF DEFAULT backup_swift_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_"
}
# init_cinder_backup_swift: nothing to do
# cleanup_cinder_backup_swift: nothing to do
# Restore xtrace
$_XTRACE_CINDER_SWIFT
# Local variables:
# mode: shell-script
# End:
+10
View File
@@ -143,6 +143,16 @@ function configure_database_mysql {
iniset -sudo $my_conf mysqld log-queries-not-using-indexes 1
fi
if [[ "$MYSQL_REDUCE_MEMORY" == "True" ]]; then
iniset -sudo $my_conf mysqld read_buffer_size 64K
iniset -sudo $my_conf mysqld innodb_buffer_pool_size 16M
iniset -sudo $my_conf mysqld thread_stack 192K
iniset -sudo $my_conf mysqld thread_cache_size 8
iniset -sudo $my_conf mysqld tmp_table_size 8M
iniset -sudo $my_conf mysqld sort_buffer_size 8M
iniset -sudo $my_conf mysqld max_allowed_packet 8M
fi
restart_service $MYSQL_SERVICE_NAME
}
+12
View File
@@ -85,6 +85,12 @@ GLANCE_TASKS_DIR=${GLANCE_MULTISTORE_FILE_IMAGE_DIR:=$DATA_DIR/os_glance_tasks_s
GLANCE_USE_IMPORT_WORKFLOW=$(trueorfalse False GLANCE_USE_IMPORT_WORKFLOW)
# Flag to set the oslo_policy.enforce_scope. This is used to switch
# the Image API policies to start checking the scope of token. By Default,
# this flag is False.
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
GLANCE_ENFORCE_SCOPE=$(trueorfalse False GLANCE_ENFORCE_SCOPE)
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
GLANCE_API_CONF=$GLANCE_CONF_DIR/glance-api.conf
@@ -373,6 +379,12 @@ function configure_glance {
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
fi
if [[ "$GLANCE_ENFORCE_SCOPE" == True ]] ; then
iniset $GLANCE_API_CONF oslo_policy enforce_scope true
iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults true
iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac true
fi
}
# create_glance_accounts() - Set up common required glance accounts
+3
View File
@@ -875,6 +875,9 @@ function _configure_neutron_service {
configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova
# Configuration for placement client
configure_keystone_authtoken_middleware $NEUTRON_CONF placement placement
# Configure plugin
neutron_plugin_configure_service
}
+18 -1
View File
@@ -304,6 +304,9 @@ function configure_nova {
sudo dnf update -y
fi
# Ensure each compute host uses a unique iSCSI initiator
echo InitiatorName=$(iscsi-iname) | sudo tee /etc/iscsi/initiatorname.iscsi
if [[ ${ISCSID_DEBUG} == "True" ]]; then
# Install an override that starts iscsid with debugging
# enabled.
@@ -317,6 +320,14 @@ EOF
sudo systemctl daemon-reload
fi
# set chap algorithms. The default chap_algorithm is md5 which will
# not work under FIPS.
# FIXME(alee) For some reason, this breaks openeuler. Openeuler devs should weigh in
# and determine the correct solution for openeuler here
if ! is_openeuler; then
iniset -sudo /etc/iscsi/iscsid.conf DEFAULT "node.session.auth.chap_algs" "SHA3-256,SHA256"
fi
# ensure that iscsid is started, even when disabled by default
restart_service iscsid
fi
@@ -481,7 +492,8 @@ function create_nova_conf {
fi
# nova defaults to genisoimage but only mkisofs is available for 15.0+
if is_suse; then
# rhel provides mkisofs symlink to genisoimage or xorriso appropiately
if is_suse || is_fedora; then
iniset $NOVA_CONF DEFAULT mkisofs_cmd /usr/bin/mkisofs
fi
@@ -932,6 +944,11 @@ function start_nova_compute {
iniset $NOVA_CPU_CONF os_vif_ovs ovsdb_connection "tcp:$OVSDB_SERVER_LOCAL_HOST:6640"
fi
# Workaround bug #1939108
if [[ "$VIRT_DRIVER" == "libvirt" && "$LIBVIRT_TYPE" == "qemu" ]]; then
iniset $NOVA_CPU_CONF workarounds libvirt_disable_apic True
fi
if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
# The group **$LIBVIRT_GROUP** is added to the current user in this script.
# ``sg`` is used in run_process to execute nova-compute as a member of the
+13 -8
View File
@@ -56,15 +56,23 @@ EOF
# Installs required distro-specific libvirt packages.
function install_libvirt {
# NOTE(yoctozepto): The common consensus [1] is that libvirt-python should
# be installed from distro packages. However, various projects might be
# trying to ensure it is installed using pip AND use upper-constraints
# with that, causing pip to try to upgrade it and to fail.
# The following line removes libvirt-python from upper-constraints and
# avoids the situation described above. Now only if installed packages
# explicitly depend on a newer (or, in general, incompatible) libvirt-python
# version, will pip try to reinstall it.
# [1] https://review.opendev.org/c/openstack/devstack/+/798514
$REQUIREMENTS_DIR/.venv/bin/edit-constraints \
$REQUIREMENTS_DIR/upper-constraints.txt -- libvirt-python
if is_ubuntu; then
install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev
install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt
if is_arch "aarch64"; then
install_package qemu-efi
fi
# uninstall in case the libvirt version changed
pip_uninstall libvirt-python
pip_install_gr libvirt-python
#pip_install_gr <there-si-no-guestfs-in-pypi>
elif is_fedora || is_suse; then
@@ -79,14 +87,11 @@ function install_libvirt {
# as the base system version is too old. We should have
# pre-installed these
install_package qemu-kvm
install_package libvirt libvirt-devel python3-libvirt
install_package libvirt libvirt-devel
if is_arch "aarch64"; then
install_package edk2.git-aarch64
fi
pip_uninstall libvirt-python
pip_install_gr libvirt-python
fi
if [[ $DEBUG_LIBVIRT_COREDUMPS == True ]]; then
+1 -2
View File
@@ -335,7 +335,6 @@ function configure_swift {
local node_number
local swift_node_config
local swift_log_dir
local user_group
# Make sure to kill all swift processes first
$SWIFT_BIN_DIR/swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
@@ -353,7 +352,7 @@ function configure_swift {
# partitions (which make more sense when you have a multi-node
# setup) we configure it with our version of rsync.
sed -e "
s/%GROUP%/${USER_GROUP}/;
s/%GROUP%/$(id -g -n ${STACK_USER})/;
s/%USER%/${STACK_USER}/;
s,%SWIFT_DATA_DIR%,$SWIFT_DATA_DIR,;
" $FILES/swift/rsyncd.conf | sudo tee /etc/rsyncd.conf
+61 -15
View File
@@ -58,7 +58,7 @@ BUILD_TIMEOUT=${BUILD_TIMEOUT:-196}
# This must be False on stable branches, as master tempest
# deps do not match stable branch deps. Set this to True to
# have tempest installed in DevStack by default.
INSTALL_TEMPEST=${INSTALL_TEMPEST:-"True"}
INSTALL_TEMPEST=${INSTALL_TEMPEST:-"False"}
# This variable is passed directly to pip install inside the common tox venv
# that is created
@@ -115,7 +115,16 @@ function set_tempest_venv_constraints {
local tmp_c
tmp_c=$1
if [[ $TEMPEST_VENV_UPPER_CONSTRAINTS == "master" ]]; then
(cd $REQUIREMENTS_DIR && git show origin/master:upper-constraints.txt) > $tmp_c
(cd $REQUIREMENTS_DIR &&
git show master:upper-constraints.txt 2>/dev/null ||
git show origin/master:upper-constraints.txt) > $tmp_c
# NOTE(gmann): we need to set the below env var pointing to master
# constraints even that is what default in tox.ini. Otherwise it can
# create the issue for grenade run where old and new devstack can have
# different tempest (old and master) to install. For detail problem,
# refer to the https://bugs.launchpad.net/devstack/+bug/2003993
export UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/master
export TOX_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/master
else
echo "Using $TEMPEST_VENV_UPPER_CONSTRAINTS constraints in Tempest virtual env."
cat $TEMPEST_VENV_UPPER_CONSTRAINTS > $tmp_c
@@ -393,7 +402,7 @@ function configure_tempest {
# NOTE- To avoid microversion tests failure on stable branch, we need to change "tempest_compute_max_microversion"
# for stable branch on each release which should be changed from "latest" to max supported version of that release.
local tempest_compute_min_microversion=${TEMPEST_COMPUTE_MIN_MICROVERSION:-None}
local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"latest"}
local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"2.88"}
# Reset microversions to None where v2.0 is running which does not support microversion.
# Both "None" means no microversion testing.
if [[ "$TEMPEST_COMPUTE_TYPE" == "compute_legacy" ]]; then
@@ -488,7 +497,7 @@ function configure_tempest {
fi
iniset $TEMPEST_CONFIG volume-feature-enabled volume_revert $(trueorfalse False TEMPEST_VOLUME_REVERT_TO_SNAPSHOT)
local tempest_volume_min_microversion=${TEMPEST_VOLUME_MIN_MICROVERSION:-None}
local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"latest"}
local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"3.64"}
# Reset microversions to None where v2 is running which does not support microversion.
# Both "None" means no microversion testing.
if [[ "$TEMPEST_VOLUME_TYPE" == "volumev2" ]]; then
@@ -549,7 +558,7 @@ function configure_tempest {
# NOTE- To avoid microversion tests failure on stable branch, we need to change "tempest_placement_max_microversion"
# for stable branch on each release which should be changed from "latest" to max supported version of that release.
local tempest_placement_min_microversion=${TEMPEST_PLACEMENT_MIN_MICROVERSION:-None}
local tempest_placement_max_microversion=${TEMPEST_PLACEMENT_MAX_MICROVERSION:-"latest"}
local tempest_placement_max_microversion=${TEMPEST_PLACEMENT_MAX_MICROVERSION:-"1.36"}
if [ "$tempest_placement_min_microversion" == "None" ]; then
inicomment $TEMPEST_CONFIG placement min_microversion
else
@@ -610,6 +619,8 @@ function configure_tempest {
fi
done
iniset $TEMPEST_CONFIG enforce_scope glance "$GLANCE_ENFORCE_SCOPE"
if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
# libvirt-lxc does not support boot from volume or attaching volumes
# so basically anything with cinder is out of the question.
@@ -623,13 +634,13 @@ function configure_tempest {
local tmp_cfg_file
tmp_cfg_file=$(mktemp)
cd $TEMPEST_DIR
if [[ "$OFFLINE" != "True" ]]; then
tox -revenv-tempest --notest
fi
local tmp_u_c_m
tmp_u_c_m=$(mktemp -t tempest_u_c_m.XXXXXXXXXX)
set_tempest_venv_constraints $tmp_u_c_m
if [[ "$OFFLINE" != "True" ]]; then
tox -revenv-tempest --notest
fi
tox -evenv-tempest -- pip install -c $tmp_u_c_m -r requirements.txt
rm -f $tmp_u_c_m
@@ -666,7 +677,25 @@ function configure_tempest {
DISABLE_NETWORK_API_EXTENSIONS+=", l3_agent_scheduler"
fi
local network_api_extensions=${NETWORK_API_EXTENSIONS:-"all"}
DEFAULT_NET_EXT="address-scope,agent,allowed-address-pairs,auto-allocated-topology"
DEFAULT_NET_EXT+=",availability_zone,binding,default-subnetpools,dhcp_agent_scheduler"
DEFAULT_NET_EXT+=",dvr,ext-gw-mode,external-net,extra_dhcp_opt,extraroute,flavors"
DEFAULT_NET_EXT+=",l3-flavors,l3-ha,l3_agent_scheduler,multi-provider,net-mtu"
DEFAULT_NET_EXT+=",network-ip-availability,network_availability_zone,pagination"
DEFAULT_NET_EXT+=",port-security,project-id,provider,quotas,quota_details,rbac-policies"
DEFAULT_NET_EXT+=",revision-if-match,router,router_availability_zone,security-group,service-type,sorting"
DEFAULT_NET_EXT+=",standard-attr-description,standard-attr-revisions,standard-attr-tag,standard-attr-timestamp"
DEFAULT_NET_EXT+=",subnet-service-types,subnet_allocation,net-mtu-writable,ip-substring-filtering"
DEFAULT_NET_EXT+=",availability_zone_filter,filter-validation,empty-string-filtering,port-mac-address-regenerate"
DEFAULT_NET_EXT+=",port-security-groups-filtering,fip-port-details,binding-extended"
DEFAULT_NET_EXT+=",subnet_onboard,l3-port-ip-change-not-allowed,agent-resources-synced"
DEFAULT_NET_EXT+=",floatingip-pools,rbac-security-groups,subnetpool-prefix-ops,router-admin-state-down-before-update"
DEFAULT_NET_EXT+=",rbac-subnetpool,tag-ports-during-bulk-creation,stateful-security-group,address-group,extraroute-atomic"
DEFAULT_NET_EXT+=",port-numa-affinity-policy,rbac-address-scope,security-groups-remote-address-group"
#New in wallaby
DEFAULT_NET_EXT+=",rbac-address-group,port-device-profile"
local network_api_extensions=${NETWORK_API_EXTENSIONS:-$DEFAULT_NET_EXT}
if [[ ! -z "$DISABLE_NETWORK_API_EXTENSIONS" ]]; then
# Enabled extensions are either the ones explicitly specified or those available on the API endpoint
network_api_extensions=${NETWORK_API_EXTENSIONS:-$(iniget $tmp_cfg_file network-feature-enabled api_extensions | tr -d " ")}
@@ -678,7 +707,10 @@ function configure_tempest {
fi
iniset $TEMPEST_CONFIG network-feature-enabled api_extensions $network_api_extensions
# Swift API Extensions
local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-"all"}
DEFAULT_SWIFT_OPT="account_quotas,bulk_delete,bulk_upload,container_quotas"
DEFAULT_SWIFT_OPT+=",container_sync,crossdomain,formpost,ratelimit,slo"
DEFAULT_SWIFT_OPT+=",staticweb,tempauth,tempurl,versioned_writes"
local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$DEFAULT_SWIFT_OPT}
if [[ ! -z "$DISABLE_OBJECT_STORAGE_API_EXTENSIONS" ]]; then
# Enabled extensions are either the ones explicitly specified or those available on the API endpoint
object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$(iniget $tmp_cfg_file object-storage-feature-enabled discoverable_apis | tr -d " ")}
@@ -687,7 +719,19 @@ function configure_tempest {
fi
iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis $object_storage_api_extensions
# Cinder API Extensions
local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"}
DEFAULT_VOL_EXT="OS-SCH-HNT,backups,capabilities,cgsnapshots,consistencygroups"
DEFAULT_VOL_EXT+=",encryption,os-admin-actions,os-availability-zone"
DEFAULT_VOL_EXT+=",os-extended-services,os-extended-snapshot-attributes"
DEFAULT_VOL_EXT+=",os-hosts,os-quota-class-sets,os-quota-sets"
DEFAULT_VOL_EXT+=",os-services,os-snapshot-actions,os-snapshot-manage"
DEFAULT_VOL_EXT+=",os-snapshot-unmanage,os-types-extra-specs,os-types-manage"
DEFAULT_VOL_EXT+=",os-used-limits,os-vol-host-attr,os-vol-image-meta"
DEFAULT_VOL_EXT+=",os-vol-mig-status-attr,os-vol-tenant-attr,os-volume-actions"
DEFAULT_VOL_EXT+=",os-volume-encryption-metadata,os-volume-manage"
DEFAULT_VOL_EXT+=",os-volume-transfer,os-volume-type-access"
DEFAULT_VOL_EXT+=",os-volume-unmanage,qos-specs,scheduler-stats"
local volume_api_extensions=${VOLUME_API_EXTENSIONS:-$DEFAULT_VOL_EXT}
if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then
# Enabled extensions are either the ones explicitly specified or those available on the API endpoint
volume_api_extensions=${VOLUME_API_EXTENSIONS:-$(iniget $tmp_cfg_file volume-feature-enabled api_extensions | tr -d " ")}
@@ -703,7 +747,12 @@ function configure_tempest {
# install_tempest() - Collect source and prepare
function install_tempest {
git_clone $TEMPEST_REPO $TEMPEST_DIR $TEMPEST_BRANCH
pip_install 'tox!=2.8.0'
# NOTE(gmann): Pinning tox<4.0.0 for stable/zed and lower. Tox 4.0.0
# released after zed was released and has some incompatible changes
# and it is ok not to fix the issues caused by tox 4.0.0 in stable
# beanches jobs. We can continue testing the stable/zed and lower
# branches with tox<4.0.0
pip_install 'tox!=2.8.0,<4.0.0'
pushd $TEMPEST_DIR
# NOTE(gmann): checkout the TEMPEST_BRANCH in case TEMPEST_BRANCH
# is tag name not master. git_clone would not checkout tag because
@@ -715,9 +764,6 @@ function install_tempest {
set_tempest_venv_constraints $tmp_u_c_m
tox -r --notest -efull
# TODO: remove the trailing pip constraint when a proper fix
# arrives for bug https://bugs.launchpad.net/devstack/+bug/1906322
$TEMPEST_DIR/.tox/tempest/bin/pip install -U -r $RC_DIR/tools/cap-pip.txt
# NOTE(mtreinish) Respect constraints in the tempest full venv, things that
# are using a tox job other than full will not be respecting constraints but
# running pip install -U on tempest requirements
+3 -3
View File
@@ -169,7 +169,7 @@ default_md = default
[ req ]
default_bits = 1024
default_md = sha1
default_md = sha256
prompt = no
distinguished_name = req_distinguished_name
@@ -261,7 +261,7 @@ function make_cert {
if [ ! -r "$ca_dir/$cert_name.crt" ]; then
# Generate a signing request
$OPENSSL req \
-sha1 \
-sha256 \
-newkey rsa \
-nodes \
-keyout $ca_dir/private/$cert_name.key \
@@ -301,7 +301,7 @@ function make_int_CA {
if [ ! -r "$ca_dir/cacert.pem" ]; then
# Create a signing certificate request
$OPENSSL req -config $ca_dir/ca.conf \
-sha1 \
-sha256 \
-newkey rsa \
-nodes \
-keyout $ca_dir/private/cacert.key \
+7 -1
View File
@@ -5,4 +5,10 @@
bindep_profile: test
bindep_dir: "{{ zuul_work_dir }}"
- test-setup
- ensure-tox
# NOTE(gmann): Pinning tox<4.0.0 for stable/zed and lower. Tox 4.0.0
# released after zed was released and has some incompatible changes
# and it is ok not to fix the issues caused by tox 4.0.0 in stable
# beanches jobs. We can continue testing the stable/zed and lower
# branches with tox<4.0.0
- role: ensure-tox
ensure_tox_version: "<4"
+7 -1
View File
@@ -6,6 +6,12 @@
bindep_profile: test
bindep_dir: "{{ zuul_work_dir }}"
- test-setup
- ensure-tox
# NOTE(gmann): Pinning tox<4.0.0 for stable/zed and lower. Tox 4.0.0
# released after zed was released and has some incompatible changes
# and it is ok not to fix the issues caused by tox 4.0.0 in stable
# beanches jobs. We can continue testing the stable/zed and lower
# branches with tox<4.0.0
- role: ensure-tox
ensure_tox_version: "<4"
- get-devstack-os-environment
- tox
@@ -0,0 +1,16 @@
Verify the IPv6-only deployments
This role needs to be invoked from a playbook that
run tests. This role verifies the IPv6 setting on
devstack side and devstack deploy services on IPv6.
This role is invoked before tests are run so that
if any missing IPv6 setting or deployments can fail
the job early.
**Role Variables**
.. zuul:rolevar:: devstack_base_dir
:default: /opt/stack
The devstack base directory.
@@ -0,0 +1 @@
devstack_base_dir: /opt/stack
@@ -0,0 +1,4 @@
- name: Verify the ipv6-only deployments
become: true
become_user: stack
shell: "{{ devstack_base_dir }}/devstack/tools/verify-ipv6-only-deployments.sh"
@@ -45,7 +45,7 @@
cmd: |
journalctl -o export \
--since="$(cat {{ devstack_base_dir }}/log-start-timestamp.txt)" \
| xz --threads=0 - > {{ stage_dir }}/logs/devstack.journal.xz
| gzip > {{ stage_dir }}/logs/devstack.journal.gz
- name: Save journal README
become: true
@@ -7,7 +7,7 @@ devstack run.
To use it, you will need to convert it so journalctl can read it
locally. After downloading the file:
$ /lib/systemd/systemd-journal-remote <(xzcat ./devstack.journal.xz) -o output.journal
$ /lib/systemd/systemd-journal-remote <(zcat ./devstack.journal.gz) -o output.journal
Note this binary is not in the regular path. On Debian/Ubuntu
platforms, you will need to have the "systemd-journal-remote" package
+67 -64
View File
@@ -1,70 +1,73 @@
- name: Devstack checks if stackviz archive exists
stat:
path: "/opt/cache/files/stackviz-latest.tar.gz"
register: stackviz_archive
- debug:
msg: "Stackviz archive could not be found in /opt/cache/files/stackviz-latest.tar.gz"
when: not stackviz_archive.stat.exists
- name: Check if subunit data exists
stat:
path: "{{ zuul_work_dir }}/testrepository.subunit"
register: subunit_input
- debug:
msg: "Subunit file could not be found at {{ zuul_work_dir }}/testrepository.subunit"
when: not subunit_input.stat.exists
- name: Install stackviz
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
- name: Process Stackviz
block:
- include_role:
name: ensure-pip
- pip:
name: "file://{{ stackviz_archive.stat.path }}"
virtualenv: /tmp/stackviz
virtualenv_command: '{{ ensure_pip_virtualenv_command }}'
extra_args: -U
- name: Devstack checks if stackviz archive exists
stat:
path: "/opt/cache/files/stackviz-latest.tar.gz"
register: stackviz_archive
- name: Deploy stackviz static html+js
command: cp -pR /tmp/stackviz/share/stackviz-html {{ stage_dir }}/stackviz
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
- debug:
msg: "Stackviz archive could not be found in /opt/cache/files/stackviz-latest.tar.gz"
when: not stackviz_archive.stat.exists
- name: Check if dstat data exists
stat:
path: "{{ devstack_base_dir }}/logs/dstat-csv.log"
register: dstat_input
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
- name: Check if subunit data exists
stat:
path: "{{ zuul_work_dir }}/testrepository.subunit"
register: subunit_input
- name: Run stackviz with dstat
shell: |
cat {{ subunit_input.stat.path }} | \
/tmp/stackviz/bin/stackviz-export \
--dstat "{{ devstack_base_dir }}/logs/dstat-csv.log" \
--env --stdin \
{{ stage_dir }}/stackviz/data
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
- dstat_input.stat.exists
failed_when: False
- debug:
msg: "Subunit file could not be found at {{ zuul_work_dir }}/testrepository.subunit"
when: not subunit_input.stat.exists
- name: Run stackviz without dstat
shell: |
cat {{ subunit_input.stat.path }} | \
/tmp/stackviz/bin/stackviz-export \
--env --stdin \
{{ stage_dir }}/stackviz/data
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
- not dstat_input.stat.exists
failed_when: False
- name: Install stackviz
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
block:
- include_role:
name: ensure-pip
- pip:
name: "file://{{ stackviz_archive.stat.path }}"
virtualenv: /tmp/stackviz
virtualenv_command: '{{ ensure_pip_virtualenv_command }}'
extra_args: -U
- name: Deploy stackviz static html+js
command: cp -pR /tmp/stackviz/share/stackviz-html {{ stage_dir }}/stackviz
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
- name: Check if dstat data exists
stat:
path: "{{ devstack_base_dir }}/logs/dstat-csv.log"
register: dstat_input
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
- name: Run stackviz with dstat
shell: |
cat {{ subunit_input.stat.path }} | \
/tmp/stackviz/bin/stackviz-export \
--dstat "{{ devstack_base_dir }}/logs/dstat-csv.log" \
--env --stdin \
{{ stage_dir }}/stackviz/data
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
- dstat_input.stat.exists
- name: Run stackviz without dstat
shell: |
cat {{ subunit_input.stat.path }} | \
/tmp/stackviz/bin/stackviz-export \
--env --stdin \
{{ stage_dir }}/stackviz/data
when:
- stackviz_archive.stat.exists
- subunit_input.stat.exists
- not dstat_input.stat.exists
ignore_errors: yes
+35 -10
View File
@@ -227,7 +227,7 @@ write_devstack_version
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
SUPPORTED_DISTROS="bionic|focal|f31|f32|opensuse-15.2|opensuse-tumbleweed|rhel8"
SUPPORTED_DISTROS="bionic|focal|f31|f32|opensuse-15.2|opensuse-tumbleweed|rhel8|rhel9"
if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
@@ -300,10 +300,27 @@ function _install_epel {
}
function _install_rdo {
# NOTE(ianw) 2020-04-30 : when we have future branches, we
# probably want to install the relevant branch RDO release as
# well. But for now it's all master.
sudo dnf -y install https://rdoproject.org/repos/rdo-release.el8.rpm
if [[ $DISTRO == "rhel8" ]]; then
if [[ "$TARGET_BRANCH" == "master" ]]; then
# rdo-release.el8.rpm points to latest RDO release, use that for master
sudo dnf -y install https://rdoproject.org/repos/rdo-release.el8.rpm
else
# For stable branches use corresponding release rpm
rdo_release=$(echo $TARGET_BRANCH | sed "s|stable/||g")
sudo dnf -y install https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el8.rpm
fi
elif [[ $DISTRO == "rhel9" ]]; then
if [[ "$TARGET_BRANCH" == "master" ]]; then
# rdo-release.el9.rpm points to latest RDO release, use that for master
sudo dnf -y install https://rdoproject.org/repos/rdo-release.el9.rpm
else
# RDO didn't publish official releases for Xena and Wallaby, only RDO Trunk repos.
# Since the RDO Trunk server does not support EMS, FIPS jobs will fail to use it.
# Use "rdo-release-yoga" release rpm for both xena and wallaby jobs.
rdo_release="yoga"
sudo dnf -y install https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el9.rpm
fi
fi
sudo dnf -y update
}
@@ -381,6 +398,10 @@ if [[ $DISTRO == "rhel8" ]]; then
# RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1154272
# Patch: https://github.com/rpm-software-management/dnf/pull/1448
echo "[]" | sudo tee /var/cache/dnf/expired_repos.json
elif [[ $DISTRO == "rhel9" ]]; then
sudo dnf config-manager --set-enabled crb
# rabbitmq and other packages are provided by RDO repositories.
_install_rdo
fi
# Ensure python is installed
@@ -1238,17 +1259,21 @@ fi
# deployments. This ensures the keys match across nova and cinder across all
# hosts.
FIXED_KEY=${FIXED_KEY:-bae3516cc1c0eb18b05440eba8012a4a880a2ee04d584a9c1579445e675b12defdc716ec}
if is_service_enabled nova; then
iniset $NOVA_CONF key_manager fixed_key "$FIXED_KEY"
iniset $NOVA_CPU_CONF key_manager fixed_key "$FIXED_KEY"
fi
if is_service_enabled cinder; then
iniset $CINDER_CONF key_manager fixed_key "$FIXED_KEY"
fi
async_wait configure_neutron_nova
# NOTE(clarkb): This must come after async_wait configure_neutron_nova because
# configure_neutron_nova modifies $NOVA_CONF and $NOVA_CPU_CONF as well. If
# we don't wait then these two ini updates race either other and can result
# in unexpected configs.
if is_service_enabled nova; then
iniset $NOVA_CONF key_manager fixed_key "$FIXED_KEY"
iniset $NOVA_CPU_CONF key_manager fixed_key "$FIXED_KEY"
fi
# Launch the nova-api and wait for it to answer before continuing
if is_service_enabled n-api; then
echo_summary "Starting Nova API"
+13 -8
View File
@@ -13,15 +13,15 @@ RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
# Source required DevStack functions and globals
source $RC_DIR/functions
# Set the target branch. This is used so that stable branching
# Set the target branch. This is used so that unmaintained branching
# does not need to update each repo below.
TARGET_BRANCH=master
TARGET_BRANCH=unmaintained/wallaby
# Cycle trailing projects need to branch later than the others.
TRAILING_TARGET_BRANCH=master
# And some repos do not create stable branches, so this is used
# to make it explicit and avoid accidentally setting to a stable
# And some repos do not create unmaintained branches, so this is used
# to make it explicit and avoid accidentally setting to a unmaintained
# branch.
BRANCHLESS_TARGET_BRANCH=master
@@ -203,6 +203,11 @@ ADDITIONAL_VENV_PACKAGES=${ADITIONAL_VENV_PACKAGES:-""}
# (currently only implemented for MySQL backend)
DATABASE_QUERY_LOGGING=$(trueorfalse False DATABASE_QUERY_LOGGING)
# This can be used to reduce the amount of memory mysqld uses while running.
# These are unscientifically determined, and could reduce performance or
# cause other issues.
MYSQL_REDUCE_MEMORY=$(trueorfalse False MYSQL_REDUCE_MEMORY)
# Set a timeout for git operations. If git is still running when the
# timeout expires, the command will be retried up to 3 times. This is
# in the format for timeout(1);
@@ -297,8 +302,8 @@ REQUIREMENTS_BRANCH=${REQUIREMENTS_BRANCH:-$TARGET_BRANCH}
# Tempest test suite
TEMPEST_REPO=${TEMPEST_REPO:-${GIT_BASE}/openstack/tempest.git}
TEMPEST_BRANCH=${TEMPEST_BRANCH:-$BRANCHLESS_TARGET_BRANCH}
TEMPEST_VENV_UPPER_CONSTRAINTS=${TEMPEST_VENV_UPPER_CONSTRAINTS:-master}
TEMPEST_BRANCH=${TEMPEST_BRANCH:-29.0.0}
TEMPEST_VENV_UPPER_CONSTRAINTS=${TEMPEST_VENV_UPPER_CONSTRAINTS:-$REQUIREMENTS_DIR/upper-constraints.txt}
##############
@@ -758,8 +763,8 @@ for image_url in ${IMAGE_URLS//,/ }; do
fi
done
# 24Gb default volume backing file size
VOLUME_BACKING_FILE_SIZE=${VOLUME_BACKING_FILE_SIZE:-24G}
# 30Gb default volume backing file size
VOLUME_BACKING_FILE_SIZE=${VOLUME_BACKING_FILE_SIZE:-30G}
# Prefixes for volume and instance names
VOLUME_NAME_PREFIX=${VOLUME_NAME_PREFIX:-volume-}
-12
View File
@@ -95,19 +95,7 @@ function test_libs_exist {
echo "test_libs_exist PASSED"
}
function test_branch_master {
for lib in $ALL_LIBS; do
if [[ ${GITBRANCH[$lib]} != "master" ]]; then
echo "GITBRANCH for $lib not master (${GITBRANCH[$lib]})"
exit 1
fi
done
echo "test_branch_master PASSED"
}
set -o errexit
test_libs_exist
test_branch_master
test_all_libs_upto_date
+1 -1
View File
@@ -15,7 +15,7 @@
echo "Ensuring we don't have crazy refs"
REFS=`grep BRANCH stackrc | grep -v 'TARGET_BRANCH' | grep -v 'NOVNC_BRANCH'`
REFS=`grep BRANCH stackrc | grep -v 'TARGET_BRANCH' | grep -v 'NOVNC_BRANCH' | grep -v 'TEMPEST_BRANCH'`
rc=$?
if [[ $rc -eq 0 ]]; then
echo "Branch defaults must be one of the *TARGET_BRANCH values. Found:"
+1 -1
View File
@@ -6,4 +6,4 @@ TOP=$(cd $(dirname "$0")/.. && pwd)
source $TOP/functions
source $TOP/tests/unittest.sh
python ./roles/write-devstack-local-conf/library/test.py
${PYTHON} $TOP/roles/write-devstack-local-conf/library/test.py
+2
View File
@@ -17,6 +17,8 @@ ERROR=0
PASS=0
FAILED_FUNCS=""
export PYTHON=$(which python3 2>/dev/null)
# pass a test, printing out MSG
# usage: passed message
function passed {
-1
View File
@@ -1 +0,0 @@
pip<20.3
+16
View File
@@ -192,6 +192,22 @@ function fixup_ovn_centos {
yum_install centos-release-openstack-victoria
}
function fixup_ubuntu {
if ! is_ubuntu; then
return
fi
# Since pip10, pip will refuse to uninstall files from packages
# that were created with distutils (rather than more modern
# setuptools). This is because it technically doesn't have a
# manifest of what to remove. However, in most cases, simply
# overwriting works. So this hacks around those packages that
# have been dragged in by some other system dependency
sudo rm -rf /usr/lib/python3/dist-packages/PyYAML-*.egg-info
sudo rm -rf /usr/lib/python3/dist-packages/pyasn1_modules-*.egg-info
sudo rm -rf /usr/lib/python3/dist-packages/simplejson-*.egg-info
}
function fixup_all {
fixup_keystone
fixup_ubuntu
+40 -32
View File
@@ -38,7 +38,7 @@ FILES=$TOP_DIR/files
# [1] https://opendev.org/openstack/project-config/src/branch/master/nodepool/elements/cache-devstack/source-repository-pip
PIP_GET_PIP_URL=${PIP_GET_PIP_URL:-"https://bootstrap.pypa.io/get-pip.py"}
LOCAL_PIP="$FILES/$(basename $PIP_GET_PIP_URL)"
PIP_GET_PIP36_URL=${PIP_GET_PIP36_URL:-"https://bootstrap.pypa.io/pip/3.6/get-pip.py"}
GetDistro
echo "Distro: $DISTRO"
@@ -59,12 +59,21 @@ function get_versions {
function install_get_pip {
if [[ "$PYTHON3_VERSION" = "3.6" ]]; then
_pip_url=$PIP_GET_PIP36_URL
_local_pip="$FILES/$(basename $_pip_url)-py36"
else
_pip_url=$PIP_GET_PIP_URL
_local_pip="$FILES/$(basename $_pip_url)"
fi
# If get-pip.py isn't python, delete it. This was probably an
# outage on the server.
if [[ -r $LOCAL_PIP ]]; then
if ! head -1 $LOCAL_PIP | grep -q '#!/usr/bin/env python'; then
echo "WARNING: Corrupt $LOCAL_PIP found removing"
rm $LOCAL_PIP
if [[ -r $_local_pip ]]; then
if ! head -1 $_local_pip | grep -q '#!/usr/bin/env python'; then
echo "WARNING: Corrupt $_local_pip found removing"
rm $_local_pip
fi
fi
@@ -78,22 +87,20 @@ function install_get_pip {
# Thus we use curl's "-z" feature to always check the modified
# since and only download if a new version is out -- but only if
# it seems we downloaded the file originally.
if [[ ! -r $LOCAL_PIP || -r $LOCAL_PIP.downloaded ]]; then
if [[ ! -r $_local_pip || -r $_local_pip.downloaded ]]; then
# only test freshness if LOCAL_PIP is actually there,
# otherwise we generate a scary warning.
local timecond=""
if [[ -r $LOCAL_PIP ]]; then
timecond="-z $LOCAL_PIP"
if [[ -r $_local_pip ]]; then
timecond="-z $_local_pip"
fi
curl -f --retry 6 --retry-delay 5 \
$timecond -o $LOCAL_PIP $PIP_GET_PIP_URL || \
$timecond -o $_local_pip $_pip_url || \
die $LINENO "Download of get-pip.py failed"
touch $LOCAL_PIP.downloaded
touch $_local_pip.downloaded
fi
# TODO: remove the trailing pip constraint when a proper fix
# arrives for bug https://bugs.launchpad.net/devstack/+bug/1906322
sudo -H -E python${PYTHON3_VERSION} $LOCAL_PIP -c $TOOLS_DIR/cap-pip.txt
sudo -H -E python${PYTHON3_VERSION} $_local_pip
}
@@ -130,28 +137,29 @@ if [[ -n $PYPI_ALTERNATIVE_URL ]]; then
configure_pypi_alternative_url
fi
# Just use system pkgs on Focal
if [[ "$DISTRO" == focal ]]; then
exit 0
fi
# Eradicate any and all system packages
# Python in fedora/suse depends on the python-pip package so removing it
# results in a nonfunctional system. pip on fedora installs to /usr so pip
# can safely override the system pip for all versions of fedora
if ! is_fedora && ! is_suse; then
if is_package_installed python3-pip ; then
uninstall_package python3-pip
if is_fedora && [[ ${DISTRO} == f* || ${DISTRO} == rhel9 ]]; then
# get-pip.py will not install over the python3-pip package in
# Fedora 34 any more.
# https://bugzilla.redhat.com/show_bug.cgi?id=1988935
# https://github.com/pypa/pip/issues/9904
# You can still install using get-pip.py if python3-pip is *not*
# installed; this *should* remain separate under /usr/local and not break
# if python3-pip is later installed.
# For general sanity, we just use the packaged pip. It should be
# recent enough anyway. This is included via rpms/general
: # Simply fall through
else
if ! is_fedora && ! is_suse; then
if is_package_installed python3-pip ; then
uninstall_package python3-pip
fi
fi
install_get_pip
# Note setuptools is part of requirements.txt and we want to make sure
# we obey any versioning as described there.
pip_install_gr setuptools
fi
install_get_pip
set -x
# Note setuptools is part of requirements.txt and we want to make sure
# we obey any versioning as described there.
pip_install_gr setuptools
get_versions
+92
View File
@@ -0,0 +1,92 @@
#!/bin/bash
#
#
# NOTE(gmann): This script is used in 'devstack-tempest-ipv6' zuul job to verify that
# services are deployed on IPv6 properly or not. This will capture if any devstck or devstack
# plugins are missing the required setting to listen on IPv6 address. This is run as part of
# run phase of zuul job and before test run. Child job of 'devstack-tempest-ipv6'
# can expand the IPv6 verification specific to project by defining the new post-run script which
# will run along with this base script.
# If there are more common verification for IPv6 then we can always extent this script.
# Keep track of the DevStack directory
TOP_DIR=$(cd $(dirname "$0")/../../devstack && pwd)
source $TOP_DIR/stackrc
source $TOP_DIR/openrc admin admin
function verify_devstack_ipv6_setting {
local _service_host=''
_service_host=$(echo $SERVICE_HOST | tr -d [])
local _host_ipv6=''
_host_ipv6=$(echo $HOST_IPV6 | tr -d [])
local _service_listen_address=''
_service_listen_address=$(echo $SERVICE_LISTEN_ADDRESS | tr -d [])
local _service_local_host=''
_service_local_host=$(echo $SERVICE_LOCAL_HOST | tr -d [])
if [[ "$SERVICE_IP_VERSION" != 6 ]]; then
echo $SERVICE_IP_VERSION "SERVICE_IP_VERSION is not set to 6 which is must for devstack to deploy services with IPv6 address."
exit 1
fi
is_service_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_host'"))')
if [[ "$is_service_host_ipv6" != "True" ]]; then
echo $SERVICE_HOST "SERVICE_HOST is not ipv6 which means devstack cannot deploy services on IPv6 address."
exit 1
fi
is_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_host_ipv6'"))')
if [[ "$is_host_ipv6" != "True" ]]; then
echo $HOST_IPV6 "HOST_IPV6 is not ipv6 which means devstack cannot deploy services on IPv6 address."
exit 1
fi
is_service_listen_address=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_listen_address'"))')
if [[ "$is_service_listen_address" != "True" ]]; then
echo $SERVICE_LISTEN_ADDRESS "SERVICE_LISTEN_ADDRESS is not ipv6 which means devstack cannot deploy services on IPv6 address."
exit 1
fi
is_service_local_host=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_local_host'"))')
if [[ "$is_service_local_host" != "True" ]]; then
echo $SERVICE_LOCAL_HOST "SERVICE_LOCAL_HOST is not ipv6 which means devstack cannot deploy services on IPv6 address."
exit 1
fi
echo "Devstack is properly configured with IPv6"
echo "SERVICE_IP_VERSION: " $SERVICE_IP_VERSION "HOST_IPV6: " $HOST_IPV6 "SERVICE_HOST: " $SERVICE_HOST "SERVICE_LISTEN_ADDRESS: " $SERVICE_LISTEN_ADDRESS "SERVICE_LOCAL_HOST: " $SERVICE_LOCAL_HOST
}
function sanity_check_system_ipv6_enabled {
system_ipv6_enabled=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_ipv6_enabled())')
if [[ $system_ipv6_enabled != "True" ]]; then
echo "IPv6 is disabled in system"
exit 1
fi
echo "IPv6 is enabled in system"
}
function verify_service_listen_address_is_ipv6 {
local endpoints_verified=False
local all_ipv6=True
endpoints=$(openstack endpoint list -f value -c URL)
for endpoint in ${endpoints}; do
local endpoint_address=''
endpoint_address=$(echo "$endpoint" | awk -F/ '{print $3}' | awk -F] '{print $1}')
endpoint_address=$(echo $endpoint_address | tr -d [])
local is_endpoint_ipv6=''
is_endpoint_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$endpoint_address'"))')
if [[ "$is_endpoint_ipv6" != "True" ]]; then
all_ipv6=False
echo $endpoint ": This is not ipv6 endpoint which means corresponding service is not listening on IPv6 address."
continue
fi
endpoints_verified=True
done
if [[ "$all_ipv6" == "False" ]] || [[ "$endpoints_verified" == "False" ]]; then
exit 1
fi
echo "All services deployed by devstack is on IPv6 endpoints"
echo $endpoints
}
#First thing to verify if system has IPv6 enabled or not
sanity_check_system_ipv6_enabled
#Verify whether devstack is configured properly with IPv6 setting
verify_devstack_ipv6_setting
#Get all registrfed endpoints by devstack in keystone and verify that each endpoints address is IPv6.
verify_service_listen_address_is_ipv6
+1 -1
View File
@@ -134,7 +134,7 @@ def disk_space():
def ebtables_dump():
tables = ['filter', 'nat', 'broute']
tables = ['filter', 'nat']
_header("EB Tables Dump")
if not _find_cmd('ebtables'):
return
+3 -1
View File
@@ -34,7 +34,9 @@ commands = bash -c "find {toxinidir} \
-print0 | xargs -0 bashate -v -iE006 -eE005,E042"
[testenv:docs]
deps = -r{toxinidir}/doc/requirements.txt
deps =
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/wallaby}
-r{toxinidir}/doc/requirements.txt
whitelist_externals = bash
setenv =
TOP_DIR={toxinidir}
+5
View File
@@ -185,3 +185,8 @@ fi
clean_pyc_files
rm -Rf $DEST/async
# Clean any safe.directory items we wrote into the global
# gitconfig. We can identify the relevant ones by checking that they
# point to somewhere in our $DEST directory.
sudo sed -i "/directory=${DEST}/ d" /etc/gitconfig