git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.
This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history. So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.
This plays havoc with our model. Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks. We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.
This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe. This is an
encroachment of the global system for sure, but is about the only
switch available at the moment. For discussion of other approaches,
see [2].
Also, squashing the below backport which is needed for bionic
- https://review.opendev.org/q/I941ef5ea90970a0901236afe81c551aaf24ac1d8
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636
Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
(cherry picked from commit 676dcaf944)
(cherry picked from commit a9852abfc5)
(cherry picked from commit 16c57c51a0)
(cherry picked from commit c67e7d3bbd)
(cherry picked from commit 7f1025e932)
This patch is needed as tempest-full-py3 zuul job started to fail on
stable/queens branch due to the following:
Horizon's stable/queens transitioned to End of Life and its
stable/queens branch was deleted. This fix uses the queens-eol tag to
be able to check out horizon's latest state from queens.
Change-Id: I845f53de2d29ab7642ebb04e8bd0ce6c09ff12e8
Due to "Deprecation of non-SNI compatible clients" [1], when
devstack-tools is installed in early phase (in neutron-grenade job for
example) and pbr is not yet installed, the pip command fails with the
following error in xenial based environments:
File "/usr/lib/python3/dist-packages/setuptools/command/easy_install.py", line 657, in easy_install
raise DistutilsError(msg)
distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('pbr>=1.8')
This is because setuptools' easy_install is used, which is non-SNI
compatible in xenial base image (and python 3.5). With this patch the
issue can be avoided by preinstalling pbr just before the installation
of devstack-tools.
NOTE(elod.illes): neutron-grenade is still part of the gate for
multiple projects in stable/queens (nova, neutron, cinder, keystone),
so set it back to voting in devstack, too.
Patch I01408f2f2959b0788fe712ac268a526502226ee9 also needed to be
squashed into this patch, to fix the gate:
Pin nodeset as xenial for devstack unit test job
devstack-unit-tests job running on devstack stable/rocky
branch had no nodeset and use default one which is now xenial.
This commit explicitly pin the xenial nodeset on stable/rocky.
(cherry picked from commit 77561e7e17)
[1] https://github.com/pypa/pypi-support/issues/978
Change-Id: I0edd4734df8ac7976d3090b75ca4c033b8ff0f2c
(cherry picked from commit 052d7f2442)
Due to issue on stckviz side, job start
failing with POST_FAILURE. If we fix the
issue still we need to wait for periodic job
periodic-package-stackviz-element to publish
the latest tarball on https://tarballs.openstack.org/stackviz/dist/.
Let's not fail the job for any issue occur during
stackviz processing.
Closes-Bug: 1863161
Change-Id: Ifee04f28ecee52e74803f1623aba5cfe5ee5ec90
(cherry picked from commit 580fec54c3)
(cherry picked from commit 800eb4dd44)
(cherry picked from commit 3b2feba2ef)
(cherry picked from commit 4f9c1e084c)
(cherry picked from commit 2873b5530d)
(cherry picked from commit a464979916)
(cherry picked from commit bfd3d9cd0d)
This has been failing to install with this message, which I think
means we need to change our URL for getting pip:
The URL you are using to fetch this script has changed, and this one
will no longer work. Please use get-pip.py from the following URL
instead:
https://bootstrap.pypa.io/pip/2.7/get-pip.py
Sorry if this change causes any inconvenience for you!
Change-Id: Id62e91b1609db4b1d2fa425010bac1ce77e9fc51
(cherry picked from commit fc7f929597)
(cherry picked from commit 1400e6f1c3)
(cherry picked from commit 302ede617a)
get-pip.py dropped python 2.7 support, so we cannot use the default
get-pip.py for python 2.7 now. get-pip.py for python 2.7 is available
at https://bootstrap.pypa.io/2.7/get-pip.py.
This commit tries to use python 2.7 version of get-pip.py
for python 2.7 environment.
get-pip.py fails with in tempest-full-py3 job, too, as that job uses
python 3.5 which is also not supported by the new get-pip.py. For py35
the supported get-pip.py link is:
https://bootstrap.pypa.io/3.5/get-pip.py (which contains pip 20.3.4).
Also, we have to invalidate the CI cache which serves py36 pip.
This patch simply renames the file to fail the match.
Change-Id: I88ba370de8887a05c473fe7c19a61a319e8812d2
(cherry picked from commit 1382e933c5)
(cherry picked from commit 469b26f742)
(cherry picked from commit 910f00eeeb)
Since the introduction of I8f24b839bf42e2fb9803dc7df3a30ae20cf264
s-proxy is no longer able to launch as keystonemiddleware (listed under
test-requirements.txt) has not been installed.
keystonemiddleware is listed as extras requirements in swift
- https://github.com/openstack/swift/blob/e0d46d77fa740768f1dd5b989a63be85ff1fec20/setup.cfg#L79
Let's install swift keystone extra requirements also.
Closes-Bug: #1909018
Change-Id: I02c692e95d70017eea03d82d75ae6c5e87bde8b1
(cherry picked from commit 04b0b61557)
(cherry picked from commit 90651cb1a9)
(cherry picked from commit 10fdf258ba)
(cherry picked from commit a7c4377c17)
(cherry picked from commit d3016a20ac)
(cherry picked from commit 0b25592182)
This is a test of installing openstack and then seeing if it works.
OpenStack components do not need test-requirements to operate,
that's why they are test-requirements.
Additionally, as we look forward to depsolver pip, this is going
to screw us because we don't apply constraints to linters, which
are expressed in - you guessed it, test-requirements.
Change-Id: I8f24b839bf42e2fb9803dc7df3a30ae20cf264eb
(cherry picked from commit 09b5b05c47)
(cherry picked from commit d3ab04bcb1)
(cherry picked from commit 6a500ad269)
(cherry picked from commit 671fa2b94f)
On Centos the lib/apache script in devstack downloads and compiles
uwsgi package. It uses pip-download to pull uwsgi tar file.
However, it does not return the full name of downloaded file so
right now the script looks for filename that starts with prefix
"uwsgi".
This method is case sensitive so after downloading file with name
uWSGI-2.0.19.tar.gz the script was unable to locate this file.
This change downloads the file to an empty directory and expect
it to be the only file there so there is no name vulnerability.
Change-Id: I57e6219d675c951880808ced4e26c2344ef15cee
Closes-Bug: #1883897
There are errors with the recently released virtualenv 20.0.1 which
comes preinstalled on gate images prepared by infra. As a hotfix
override to some previous version until we can find the real fix.
Change-Id: I3b447557f013934719aa357efeffb093c7f6bd95
Stable branches till stable/rocky is using python
version <py3.6. Tempest test those branch in venv
but Tempest tox use the master upper-constraint[1]
which block installation due to dependencies
require >=py3.6. For exmaple, oslo.concurrency 4.0.0
is not compatible for <py3.6.
As we pin Tempest for EM stable brach, we should be
able to use stable constraint for Tempest installation
as well as while running during run-tempest playbook.
tox.ini is hard coded to use master constraint[1] which force
run-tempest to recreate the tox env and use the master constraint.
Fix for that- https://review.opendev.org/#/c/705870/
Devstack can set stable u-c to use via env var so that
Tempest installation in venv will use stable
branch constraint.
Depends-On: https://review.opendev.org/#/c/706426/
[1] https://opendev.org/openstack/tempest/src/commit/bc9fe8eca801f54915ff3eafa418e6e18ac2df63/tox.ini#L14
Change-Id: I5ab1130582354c33d52afafc9720146e174e40e5
TEMPEST_BRANCH which is mostly set as master so
that Tempest master is run to test the env. With
stable branch going to EM state and Tempest master
might not work due to incompatibility of code or
requirements. In that case we pin the Tempest so that
older Tempest can be used for their testing.
Till now for ocata, pike and, queens we used the gerrit style
ref to pin the Tempest which is not preferred way. We should be
able to use the tag name on TEMPEST_BRANCH.
This commit explicitly checkout the tag set in TEMPEST_BRANCH
as git_clone does not checkout the tag directly until RECLONE
is true or tempest dir does not exist.
After this stable branch or job can set the tag directly with name.
For exmaple: TEMPEST_BRANCH=23.0.0.
Also replace gerrit style Tempest ref to tag to make
this change working.
Change-Id: Ic777e4b56c4932dde135ac909cb5c6f4a7d5cc78
Tempest and master and neutron-tempest-plugin queens tag is not
compatible for stable/queens testing.
More details on https://bugs.launchpad.net/tempest/+bug/1859988
Also py2 drop will start required the python 3.6 version for Tempest
master tests.
Because stable/queens is EM, let's pin the Tempest for its tesing
instead of putting more effort to make Tempest master run-able.
Tempest 21.0.0 is supported Tag for Queens so let's use that for Queens
testing instead of Tempest master.
Closes-Bug: 1859988
[1] https://docs.openstack.org/tempest/latest/stable_branch_support_policy.html
Change-Id: Id4861830c46867b313a5a705fc4722ac13471777
This change removes the .gz extension from the
service and syslog logs exported via journalctl.
This change nolonger gzip compresses the exported
logs so that they can be rendered in the browser
directly when served from swift.
Conflicts:
roles/export-devstack-journal/tasks/main.yaml
Change-Id: I4557a737cb13b9c2406056be08ab8a32ddd45162
(cherry picked from commit d02fa6f856)
Add new job to replace legacy-devstack-unit-tests.
Conflicts:
.zuul.yaml
Change-Id: I4fe59b1954514a7146a4412e3103a0a05a9250f2
(cherry picked from commit 838b833b63)
Currently, devstack has NETWORK_API_EXTENSIONS var to define
the network API extensions. NETWORK_API_EXTENSIONS is defaulted
to 'all' for master and hard coded list of extensions per release.
Zuul jobs of network extensions (for example neutron-fwaas) need
add the some extra extensions in the default list. To do so, they
need to duplicate all the defaults extensions and then add the extra
extensions. Much difficult situation is when defaults extensions list
vary from release to release so they have to keep updating the
NETWORK_API_EXTENSIONS per release.
This commit defines a new var ADDITIONAL_NETWORK_API_EXTENSIONS which
will take extra extensions and append into the default list. This way
Zuul jobs do not need to duplicate the default extensions.
Change-Id: I7270c9b9e047a851970439522c0356c9089a5b74
(cherry picked from commit 52c2886f7e)
With CentOS 7, ansible is expecting to have RedHat as an attribute for
the dict so Discover configurations task fails with an undefined
variable error.
Closes-Bug: #1750573
Change-Id: I5bf9c4057ca9f75d730add9e429d0ef050c6d900
(cherry picked from commit 2e9e90b9a8)
This is a combination of the following commits:
- "Quote devstack_localrc arguments"
https://review.opendev.org/636078
Ia63a53d745dfea7262bcdb5d46425f431c3ccfe5
- "Fix double quoting issue when writing localconf"
https://review.opendev.org/648951
I92146e04731efc6dcc632ae6c3a7c374e783cdba
They have been merged together because the first commit introduces
a bug, and it looks a bit pointless to deliberately introduce
a potentially breaking change on the process of backporting a fix.
Co-Authored-By: Ian Wienand <iwienand@redhat.com>
Co-Authored-By: Jens Harbott <j.harbott@x-ion.de>
Change-Id: Ia703af54a7131843fc2b0ae34efcfe0f5507acbf
(cherry picked from commit 2e1393621a)
TEMPEST_PLUGINS contains the list of the tempest plugins installed
alongside tempest by lib/tempest.
If TEMPEST_PLUGINS is not explicitly set, the new tempest_plugins
variable is used to fill it by combining its items with
the base devstack path.
Change-Id: I9f1fa2755e16871ff9d6ba33fdeaf3023eedf8d4
(cherry picked from commit 70d043dd60)
Plugins must be the last items in the local.conf file
otherwise the configuration set in the rest of the file
is not applied to them (for example a different value of DEST.)
Change-Id: Ia001badca179c3f3436d5ecd26b0755a3f3a3078
(cherry picked from commit 610927f425)
There are already devstack plugins that contain a hyphen in the name,
like `networking-baremetal`. In order to allow ordering for these to
work properly, amend the regexes we are using to match any
non-whitespace characters instead of only alphanumerics.
Amend the test to cover this use case.
Change-Id: I91093a424f8d5e8007f140083e1ea36a81fe849f
Closes-Bug: 1809016
(cherry picked from commit 0b855007f8)
The test_plugin_deps function in the test code for the
write-devstack-local-conf role was missing the import part of actually
executing the code under test and asserting the expected result.
Change-Id: I125870b13d2581cdec0dede11157b19b702565cd
(cherry picked from commit 6d103a7ff8)
Ceph for example uses them. Creation already worked, but not
updates of existing keys.
Closes-Bug: 1774956
Change-Id: I20cb61c08079b9cd9ad56ac875525abf1442bff6
(cherry picked from commit c7c67658c1)
The URL for rdo-release package is version-less and redirects to latest
stable version. This becomes problematic when stacking older stable
versions as dependencies might not be met or newer and incompatibile
ones might get installed.
Closes-Bug: #1833696
Change-Id: Icb07dcb4c9a3950a3c31a3a8dcb8d0b4c713fdb1
(cherry picked from commit 8b31dce38b)
(cherry picked from commit fb3b6e4baa)
(cherry picked from commit ed120e335f)
When running stack.sh locally on stable branches
with tempest enabled and TEMPEST_PLUGINS set,
devstack will try to fetch master branch of requirements
and that fails if branch is not tracked.
Change-Id: Ia1ae6869a8fede2af5cd7c875e0946b6a75eb518
Closes-Bug: #1820051
(cherry picked from commit bcd8a50cc6)
With the new namespaces we have to look around a bit more to find
repos top copy into the DevStack working directory. Add:
* opendev/
* starlingx/
* x/
* zuul/
Change-Id: I8a55522a5fee46f415f0c0ce580ded3476133460
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
Ansible complains:
The task includes an option with an undefined variable. The error
was: 'dict object' has no attribute 'RedHat'
which is just a mismatch on the "Redhat" string
Change-Id: I447038256561740c224c68388fa5b6a068cc8fed
(cherry picked from commit a9e946471e)
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: I64b3a317fdde1f2cabee071c7a26b0f2bf10cc5c
The -C option is not available in git versions older than "1.8.5" which
are still shipped by several distributions including centos 7.
Due to this incompatibility the patch has broken third party CI for
Cisco on Ironic.
Change-Id: I09a6f83f8b2fee870e6e1c50cbfdf2da4d70dfb2
(cherry picked from commit db5a5b3c20)
when tempst venv is build, it use the master upper_contraint[1]
but when we install tempest plugin, it use branch upper_contraint.
This leads to mismatch the dependency version between tempest and required
tempest plugins setup.
Current flow after this change is:
1. install tempest form master (until you explicitly change TEMPEST_BRANCH
which is default to master in all stable branch). It applies the upper_constraint
from the stable branch but that will be overridden in step2
2. configure tempest, here the created venv will install all dependency with
master's upper_constraint.
3. install tempest plugins in same venv created above. Now tempest plugin
will also use the master upper_constraint.
With this tempest venv which has all enabled plugin will be contsraint with
master.
[1] https://github.com/openstack-dev/devstack/blob/72f632222f6d90d3545b5d7ca48297da4218e2ea/lib/tempest#L590
Change-Id: I89314e8391e8f26c622fc090cbe27997b3cf049a
Closes-Bug: #1816022
(cherry picked from commit 0d83e09464)
The local requirements repo can be checked out to a stable branch,
in which case, the requirements might conflict with tempest's master
requirements.
Master branch's upper-constraints should be used when building tempest's
venv.
Closes-Bug: #1706009
Change-Id: Ifd64638cae2886671421149dbbff3a57f9c64257
(cherry picked from commit 34c1679f2e)
The n-novnc service only runs on the controller node, however novnc
settings must be enabled on both nodes for vnc to work, since both
hosts are compute hosts.
Change-Id: Icc29441f507e6e4df9fd900eb7f35b0862f52043
(cherry picked from commit 05da9a9b1e)
For compute migration to work, the stack user needs to be configured
with passwordless ssh between all hosts involved in the migration.
Reuse the build ssh-key for this, which is already distributed for
user root.
Depends-on: https://review.openstack.org/563584
Change-Id: Id07f55fea06509466add35315c135dbfba6aa714
(cherry picked from commit afe1414019)
Change I4820abe57a023050dd8d067c77e26028801ff288 removed access
to the database for the nova-compute process but only in
superconductor mode. Grenade runs in singleconductor mode though
so we are getting tracebacks in nova-compute logs during grenade
runs because nova-compute is running with nova.conf which is
configured with access to the nova API database.
This change handles removing database access for nova-compute
generically to cover both the singleconductor and superconductor
cases.
Conflicts:
lib/nova
NOTE(mriedem): Conflict is due to not having change
I2a98795674183e2c05c29e15a3a3bad1a22c0891 in stable/queens.
Change-Id: I81301eeecc7669a169deeb1e2c5d298a595aab94
Closes-Bug: #1812398
(cherry picked from commit 8253787137)
(cherry picked from commit 1b2408b4f3)
Apparently we're inheriting some database config from the main file,
which should not be set for nova-compute. If we're properly in superconductor
mode where we have a dedicated config for compute, remove those lines
if present.
Closes-Bug: #1797413
Change-Id: I4820abe57a023050dd8d067c77e26028801ff288
(cherry picked from commit 7d0003ef7e)
Nova is gaining the ability to run TLS over the connection between the
novnc proxy service and the QEMU/KVM compute node VNC server.
This adds a new config param - 'NOVA_CONSOLE_PROXY_COMPUTE_TLS=True' -
which instructs devstack to configure libvirt/QEMU to enable TLS for the
VNC server, and to configure the novncproxy to use TLS when connecting.
NB this use of TLS is distinct from use of TLS for the public facing API
controlled by USE_SSL, they can be enabled independently.
This is done in a generic manner so that it is easy to extend to cover
use of TLS with the SPICE and serial console proxy services too.
Change-Id: Ib29d3f5f18533115b9c51e27b373e92fc0a28d1a
Depends-on: I9cc9a380500715e60bd05aa5c29ee46bc6f8d6c2
Implements bp: websocket-proxy-to-host-security
(cherry picked from commit e9870eb18d)
This automatically always adds the project under test to LIBS_FROM_GIT
which effectively makes the normal "tempest full" job the same as the
"forward testing" job when it is applied to a library repo.
Change-Id: Ibbdd8a86e0ff55f67bef73e08e693b34a61b24df
(cherry picked from commit 8e5f8c29b2)
If a project shows up in zuul's required-projects list, add it
to LIBS_FROM_GIT automatically. This way, when a user specifies
that a job requires a zuul-project, it gets used in testing, but
otherwise, it doesn't (pypi is used instead).
Also add information about what happens behind the scenes for both
LIBS_FROM_GIT and plugin dependencies.
This moves the check performed in check_libs_from_git to
a helper function which is installed for most kinds of
installations. This means that if someone sets LIBS_FROM_GIT to
"foobar", devstack won't error anymore, as nothing is going to
try to install foobar, therefore the check won't run on that.
However, as we move to automated generation of the local config,
that error is not likely to happen. This check was originally
added due to an error in the upper-constraints file (where a
constraint name did not match a package name). This location of
the check would still catch that type of error.
Change-Id: Ifcf3ad008cf42d3d4762cfb3b6c31c93cfeb40db
(cherry picked from commit e1edde38ed)
the swift and devstack-plugin-ceph jobs have been renamed, follow rename
and use in-repo jobs.
Depends-On: https://review.openstack.org/543048
Change-Id: Idccc21e47b2cc04e5eeab4db7f7fb7cf156f8049
This is a mechanically generated patch to complete step 1 of moving
the zuul job settings out of project-config and into each project
repository.
Because there will be a separate patch on each branch, the branch
specifiers for branch-specific jobs have been removed.
Because this patch is generated by a script, there may be some
cosmetic changes to the layout of the YAML file(s) as the contents are
normalized.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: Id496c2eea5d761f2f8f42f33a5a6a862bd31c5f0
Story: #2002586
Task: #24327
For folks who are doing functional testing with less than the full set
of normal base services. Should be a no-op/ignorable for most people.
Change-Id: If14ee018c01995e0a5b6bcdaac9ddc8810c6d503
(cherry picked from commit 4d7e337576)
This is needed for the barbican projects, which will now be running
fedora-28 images on stable/queens.
Change-Id: I9c500f7353a668f0ce15de45216ca1ba715b7900
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This has all been around for a *long* time, like when dnf was a weird
new thing. Now it's the opposite and yum is a weird old thing :)
Choose it by default for platforms with it (Fedora, for now).
Change-Id: Id2bd7d145354b996de31944929fd0267ec24a08e
(cherry picked from commit 7f33552d34)
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
cinder does not yet support operations without project_id in the url.
The unversioned endpoint is not a usable endpoint for a user that
requests the block-storage service. Although it would be lovely to have
the block-storage service have the unversioned endpoint in the catalog,
we need to get project-id out of the urls first.
Change-Id: I4246708b6ea31496ba4d565ab422abc76f730ee7
Needed-By: https://review.openstack.org/564494
(cherry picked from commit 69057d4655)
TEMPEST_AUTH_VERSION should be 'v3' or 'v2' not 'v2.0'.
To disable the identity v2 admin tests TEMPEST_AUTH_VERSION is
being compared with 'v2.0' which is incorrect.
Change-Id: I5f7e3bcf733edbbee06016bcad4845dda552815e
This commit cap the api_extensions config options
for cinder, neutron and swift.
api_extensions config option on tempest side is default to 'all' [1]
which means all extensions are enabled on gate. Tempest test are
skipped based on extensions availability in api_extensions config
options.
On master, each project keep updating(adding or removing) their
extensions lists which will not be present on stable branches,
so we need to cap the api_extensions on devstack side
to configure the Tempest for stable branch.
This way we enable Tempest to run on stable branch gate with actual
extensions present on that branch not with 'all'
Currently cinder, swift and neutron have extensions concept.
[1] https://github.com/openstack/tempest/blob/25572c3b5512aa3ecc949b926af1e1fd64fddfd9/tempest/config.py#L646
Change-Id: I0705f551e684a202802cb87104ca186ed7fc1a3f
When setting up a 3pci zuul, there is an edge case where a downstream
zuul may already have openstack/foo projects, eg:
review.rdoproject.org/openstack/foo. In this case, if openstack
projects are not namespaced to include the connection information zuul
gets confused and complains. We can avoid this by using the fqdn for
git.o.o for devstack jobs and both upstream and downstream zuul will
properly use the correct connection.
Change-Id: I01419ea9f51ce7491aa319b6240aec9c0d4f2356
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
(cherry picked from commit ef3571338a)
This commit applies the constraints for the tempest plugin installation
so they won't go over the upper reqs.
Closes-Bug: 1763436
Change-Id: I5cf91157bbdae79dec01d5b3db32efea21f1b2b7
(cherry picked from commit dc5d88bc0b)
It looks pip 10 failed the uninstallation of distutils installed
packages. This patch temporarily cap the version of pip to work-around.
Closes-Bug: #1763966
Change-Id: I8bf80efc04883cd754c19bea0303064080112c6e
(cherry picked from commit f99d1771ba)
Document that orchestrate-devstack requires a linear strategy in the
invoking play. Also enforce the strategy in devstack.yaml.
Change-Id: Ia081225ec2be959fc5a4ddfd491f526296a8ca10
Extend the devstack job so that it can support both single and multinode
cases. Multinode mode require extra settings in devstack configuration,
some of which as subnode specific, some controller specific.
Also keep a simple devstack-multinode job defined for now so we can run
a multinode job in devstack gate, until the full tempest multinode job
is ready to match the old
gate-tempest-dsvm-neutron-multinode-full-ubuntu-xenial-nv.
Fixing multinode also requires sharing the CA configuration between
controller and peers, overlay network configuration for communication
between virtual machines and running discover_hosts for nova after the
subnode has been setup.
The extra orchestration required for multinode is encoded in a
dedicated role to allow for jobs in other repos to re-use it.
This backport is slightly modified from the original, since master does
not use the test-matrix anymore, while on stable branches we still rely
on it.
Change-Id: I2dcbd9bdb401860820e655d97aa3c4775af2827f
The role that sets up the user and its home folder must ensure that
the home folder is owned by stack as well.
Change-Id: I2e72d7b9d68a2a14f8a148ef82cbb3f569bd1cea
Multiarch versions of ETCD only exist for v3.2.x, this means when we
try to cache etcd-v3.1.10-linux-arm64.tar.gz for nodepool-builder, we
are not able to find it. Breaking our image builds.
Change-Id: I61656cbd71173b1904c7fe70af91b3873acc4d50
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This PS adds the project_tags identity feature flag which allows
identity v3 project tags API functionality to be enabled for
releases after Pike. Once Pike is no longer supported in Tempest
this feature flag can be removed.
This feature was implemented in Queens [0].
[0] https://docs.openstack.org/releasenotes/keystone/queens.html
Depends-On: Ibaec1df79c9ac69c65cf5075c3519092bc609546
Change-Id: Iec6b34c10ea1bd7103720c773b48ce130643115d
(cherry picked from commit 1ab9a2d144)
Allow users to auto-create a neutron non-flat providernet public network
and use it for external router interfaces. By default, keep the existing
flat network type behavior.
Change-Id: I64f71b0c9fcac97b9b84b7d30ee61659b2a690f1
(cherry picked from commit bb7d2f233b)
Neutron functional tests want to use ubuntu cloud archive but it's
not possible to source the fixup_stuff.sh from a neutron CI setup
script. Break it up so that only the UCA portion can be executed
from neutron.
Change-Id: Ie18833bfa30f1789e63cbe9c86f5ece3453f43fb
(cherry picked from commit 4d835e33b6)
Somehow this feature was lost in the transition
from q-svc to neutron-api. This patch does not
modify the default behavior but allows specifying
the flag to false to prevent devstack from creating
the public and private networks.
Change-Id: I952672496d007552c0c4d83db0d0df9be50326fc
Signed-off-by: Josh <jhershbe@redhat.com>
(cherry picked from commit 8f7216290a)
Define an abstract job devstack base that does not require any
project apart from devstack. This job defines basic devstack_localrc
settings that are common to any devstack job (mostly to work with
infra) and devstack_services to emit "disable_all_services" so to
cancel any devstack default.
The variables are defined as global ones as well as host-vars for
the controller and group-vars for peer nodes, so that any
descendent job may extend them, thanks for Zuul dict merging.
Change-Id: I2cdb723f6ee209683044fecec59ff7b510a2752b
There is no way to upgrade ironic before nova because of
grenade design. In multinode job we do not restart nova
as we test partial upgrade of ironic there.
On slow nodes upgrading ironic takes time and nova looses
ironic connectivity
This patch increases api_retry_interval and api_max_retries
to make sure we have a time to upgrade ironic before nova
compute stuck.
Change-Id: I3b1429d6561431a82edda04a0e574cac38771837
The function was introduced in [0] using a hardcoded timeout of 60
seconds which turns out to be too small on slow machines. Create a new
global variable NOVA_READY_TIMEOUT instead so that users can
override the timeout if necessary.
[0] I32eb59b9d6c225a3e93992be3a3b9f4b251d7189
Co-Authored-By: Mohammed Naser <mnaser@vexxhost.com>
Change-Id: I0cd7f193589a1a0776ae76dc30cecefe7ba9e5db
One of the steps when we create a new stable branch is to
branch devstack, then update the default branch for most
repos to use the new stable branch for each repo.
This requires making multiple updates throughout stackrc,
and to further complicate things, there are some repo
branch variables for branchless repos that should not be
updated along with the others.
This can be error prone if not fully aware of these
exceptions. To simplify this process a little, this
patch adds two common variables - one that can be set to
the new stable branch name for all of the repos that
should be branched, and one that can be used for all of
the branchless repos to make it explicit that those
values should be left alone. The cycle-trailing repos
have until two weeks after final release to branch, so
also adding another variable for those to make it easy
to update them at a later time, separately from the
other repos.
Change-Id: I82aa19e739eeda3721bac1cb5153ad0bf2d1125a
(cherry picked from commit a492206700)
Move extensions_to_txt to the job defintion so that it may be
extended by descendant jobs.
Depends-on: https://review.openstack.org/540485/
Change-Id: I6e9009faa1451698ed781ce1ffdd9f22c97daa93
Zuul no longer requires the project-name for in-repo configuration.
Omitting it makes forking or renaming projects easier.
Change-Id: I32868cec22149ec1c18fe2737a65e88d32bff531
The zuul_copy_output variable is designed to be able to be used as
a zuul job variable so that zuul dictionary merging will work. However,
it's currently being set in the playbook rather than as a job variable,
so it's not possible to supplement it in a child job.
Move it to be a job variable. Also remove the wrapping {} as they should
not be needed to make zuul_copy_output a dictionary.
Change-Id: I78c7fed47c2ab868384c74dbff7904d33d510dd9
As libpcre3-dev&pcre-devel are now added as general prerequisite,
remove it from horizon prerequisite.
Change-Id: I872aec210028373c39baee0ab846469fd9920de9
This patch add libpcre3-dev and pcre-devel package for python-pcre
installation.
Closes-Bug: #1745606
Change-Id: I59fc688519341c90dc33b79d536f0625a6c4dd17
In function 'get_instance_ip', 'nova' client command is used to get
instance information in order to retrive IP address of the instance.
There is no need to use the nova command, since 'openstack' client
already supports such basic operation.
Moreover, 'openstack' client has an option to get value of specified
column. That brings more accurate way of retriving IP address.
This patch replaces nova command in 'get_instance_ip' by 'openstack'
command. Note, this nova command is the only one in devstack tree.
Change-Id: Iee0b81a994a4da5b3f4572c2e8eb30514cd43f89
Signed-off-by: Ryota MIBU <r-mibu@cq.jp.nec.com>
There is a hack here to set up ubuntu cloud archive, pinning it to
mirror.dfw.rax.openstack.org. The mirror-info role seems to be doing
this correctly now though, so let's remove the hack and let things work
normally.
Change-Id: I283cb3452245b64e9492806f06404b484f21c358
This adds the ENABLE_VOLUME_MULTIATTACH flag and if True
configures Tempest to run volume multiattach tests.
Note that due to https://bugzilla.redhat.com/show_bug.cgi?id=1378242
we can't run multiattach tests with the Pike UCA packages since
those include qemu 2.10 and libvirt 3.6, and the valid versions for
multiattach support with libvirt is qemu<2.10 or libvirt>=3.10.
Depends-On: I80c20914c03d7371e798ca3567c37307a0d54aaa
Depends-On: I158c6f20e3e6a24bd2e5299abbeb3fc5208e5885
Part of nova blueprint multi-attach-volume
Change-Id: I46b7eabf6a28f230666f6933a087f73cb4408348
This follows a change made to devstack-gate in commit 841ebc3 to allow
tempest to succeed even if it happens to run several volume tests in
parallel. Right now it's possible for a tempest-full test (run without
devstack-gate) to fail with an "Insufficient free virtual space" error in
the cinder-scheduler log.
Suggested by: Clark Boylan <clark.boylan@gmail.com>
Closes-Bug: 1743597
Change-Id: I16ccb9976d1bc7c9f56a6a4d73e35042a5867ef9
CentOS tests have reverted to using upstream for EPEL rather than
local mirrors, introducing some unnecessary instability. The root of
the problem is that /etc/nodepool/provider disappeared with zuulv3, so
we now always re-install the EPEL repo and overwrite the local EPEL
.repos files that were made during test setup and point to local
mirrors.
The other change is that we stopped installing the RDO repositories on
the testing nodes too. That we were incorrectly taking this path and
reinstalling EPEL has hidden the removal of these packages from the
base image in the test, since it ends up installing them too.
Split the install into two parts -- epel and RDO. Check for
/etc/ci/mirror_info.sh (the sourcable mirror script provided by base
test setup) and if so, just enable EPEL so we get the CI-mirror
version correctly. Install the RDO repositories (if not already
installed) unconditionally.
Change-Id: Iccb045a6695deb10da4d68a5694e1fa45ccbb810
'deactivate_image' feature flag was added long back during kilo
cycle. Tempest is going to remove this feature flag.
Depends-On: I843d4c64f24407d9d217005d5ea59d50d7ad62e7
Change-Id: I1ae8efc0e62acc5e05c1c00dc8970b74d8b16da0
Removing the (f23,)f24 support they are EOL.
The only non-trivial change is the apache-httpd default worker change,
however might not be bad idea to use `event` instead of `worker`
in the future, but for now keep it AS-IS and continue to use `worker`.
Change-Id: I96d414a30b58bc4b43da45066fdf310a6a830079
Closes-Bug: #1740194
The subnet-range parameter is only sent now if a valid value exists so
the command will not fail
Change-Id: I5296f5b59bc6d3d3db90a685a8678db9a156eece
Closes-Bug: #1718111
It is possibe for the user to override te etcd version, thus download a
different etcd file, but the checksum is constant, so the checksum
verification will fail in that case.
Added the ability to specify a different checksum, so the user would be
able to specify the new version checksum
Change-Id: I85af3af841ae957964f18d4e37a86ab0703882bc
Closes-Bug: #1736718
Worlddumping on a system without net-tools package gets an error showing
"arp: not found". As iproute2 can also show arp tables, we use it
instead.
Change-Id: I0cd83e6d14959dc5a1147c487b11f27fb92aa20a
These files are quite large and disk space is limited so make sure we
compress the log files before copying them to storage. Additionally
os-loganalyze will only operate on gzipped log files so this should fix
os-loganalyze with tempest-full job's logs.
This is mostly a check to confirm everything works as expected but we
probably want to move the gzip step into the log publication roles so
that all log files end up compressed.
Change-Id: Ie87962428e0ca755c211cc5e664a14a9f2a79ac4
In Queens cycle, the code of django_openstack_auth was merged into
the horizon repository. The master branch of django_openstack_auth
will be retired. (horizon blueprint merge-openstack-auth)
This commit drops django_openstack_auth related code from DevStack.
_prepare_message_catalog_compilation in lib/horizon was used only
in install_django_openstack_auth, so it is dropped too.
Change-Id: If9467c520a1e07d1968b29e485df0097330356bc
Do not run devstack and its siblings if only rst files, releasenotes, or
files in doc directory change.
This is the minimal set of irrelevant files shared by most projects
already.
Needed-By: Ie8504ba3d5d46f6338a228ed2d248ba6363e37ae
Change-Id: Id0095763eb91592c2fd1a913526883987df704bd
Nova now calculates alternate hosts in the scheduler and
sends those to the cell for reschedules in case a build on
a given compute node fails.
The cell conductor needs to claim resources against the
alternate hosts in Placement during a reschedule, therefore
it needs to be configured to talk to the placement service.
Part of blueprint return-alternate-hosts
Change-Id: Ie599968d9e7537e551fe6d9deb63a91b256b1e11
This patch creates a new config file glance-image-import.conf
at /etc/glance path. Also, each config option is initialized
with default values.
Need these changes to implement specs [1]:
[1]: https://blueprints.launchpad.net/glance/+spec/inject-automatic-metadata
Related-Change-Id: If14c7dc4f38360006f9cb350fbba54fa2f33be61
Change-Id: I665507db1838a50e344d3be909d7490f1f52040c
fetch-testr-output and fetch-stestr-output are being merged.
Change-Id: I00d448c4e6b98a1f504b048c74eff4e110c0b511
Depends-On: I833320cf9a932d8e119645eb798ce0c93d854321
The file won't be listed as long as it is called .stackenv.txt.gz, with
this it will be called _stackenv.txt.gz instead.
Change-Id: Ib3b44c287ffb2ec0e48fefef1662a1c02d162657
The whole devstack log is written into the console output
(job-output.txt) and into devstacklog.txt.
Remove it from job-output and add a devstack-early log file (same as in
legacy job) that includes all the output of stack.sh.
Make sure the log file is pulled into the stage folder so that it will
end up on logs.o.o.
Change-Id: Ia7c1d8fe5cc03d15f455c6e62ebf4a5f6d62ab1f
Historically we have collected devstack logs under /opt/stack.
Stop doing that and collect them in the stage_dir instead, so that
once the base job logs pull service comes around we are ready for it.
This add the benefit of writing things into a folder which is
already owned by the ansible user (ansible_user_dir), so we don't
run into issue writing there.
A few logs (devstack log, log summary and dstat) use to show up on
logs.o.o. just because they happened to already be in /opt/stack/logs.
With this change they would be lost, so adding them to post.yaml.
Depends-on: I5ad4dfccbc1389da3afc53f3c866d3475e006db6
Change-Id: Ib4be2f5056c0dc2b776de4a0d18b47b12624be92
The sphinx jobs need to find doc requirements in either
test-requiremnts.txt or doc/requirements.txt. Putting them directly in
to tox.ini, not so much.
Change-Id: I98a43b511a6949fa4f00c26eec224d24d6fa6588
I keep copy-pasting these to projects from the shade repo. Let's make
some base jobs people can more easily use.
devstack-tox-functional runs devstack and a tox functional environment.
devstack-tox-functional-consumer is the same, but runs devstack in pre.
It's intended for projects for whom patches to the project won't
actually impact the devstack deployment (shade, nodepool, gophercloud
are all examples of such things)
Change-Id: I84de60181cb88574e341ff83cd4857cce241f2dd
Without installing the targetcli package
tools and configs can be missing.
The code was correct baside a typo,
it is `ISCSI` not `ICSI`
Change-Id: I32e5d84d87560458f0eaaf820dcd00c86e6dec8b
The devstack base job in in use in many projects, but it is not being
gated here in devstack. Let's add it to the list so that we don't
accidentally break it.
Change-Id: Iea13235a8438d4b540f9f27b94aed13e719481dc
Use the test-matrix role from devstack-gate to define a base set of
services to be enabled for the controller and compute nodes.
Extend the local conf module to handle the base set of services.
Since the test-matrix defines services for primary and subnode nodes, we
need a multinode job to test that this works. Add a new host group
called subnode that includes the non-controller hosts. Add a new job
that runs devstack on a two nodes environment.
Using service from the test matrix enables swift in the gate, so we need
to set SWIFT_HASH for devstack to work.
Depends-on: Ie36ba0cd7cfcd450b75000a76a64d856f2a83eba
Depends-on: Id9ad3be4be25e699f77d6b5a252f046ce8234f45
Change-Id: I379abf482c89122533324e64fefbff3d5a618a89
It had been in stop_placement, but we don't want it there: the old
side of grenade needs to call that but should not remove the uwsgi
configuration when doing so. It is configuration, after all.
Change-Id: Iee763adf7895145d97b184924896db3f1f48a015
Partial-Bug: #1736385
Several legacy jobs use the OVERRIDE_ENABLED_SERVICES variable
from d-g so set the list of services that should be enabled and
ignore the default set calculated via the feature matrix.
Add support for a similar functionality in the zuulv3 jobs
using the 'disable_all_services' localconf function.
Change-Id: I690554ec62cef3be600054071efbb3f92a99249e
python-openstacksdk does not match its pip name which is openstacksdk.
So setting python-openstacksdk in LIBS_FROM_GIT leads to devstack
thinking there is a problem.
Put in a workaround for now. It would be better to either:
a) rename python-openstacksdk repo to openstacksdk
b) rename the pip name for openstacksdk back to python-openstacksdk
c) add general support in the various GIT hashes for a pip name
Change-Id: I57cf95763d54ad2060a4ce2af91c3ba18ca04db0
Cinder has now implemented "policy in code" and policy.json is
only needed for overriding default policies. The default policy.json
file has been removed in Cinder so we need to stop trying to copy
it during Cinder setup.
Change-Id: I364e401227fe43e2bacf8a799e10286ee445f835
The 'pip list' command prints the "safe name" which converts _'s to
-'s amongst other things; e.g. glance_store becomes
"glance-store 0.21.1.dev22 /opt/stack/glance_store"
Because people may use these more familiar "file system" names in
LIBS_FROM_GIT automatically convert names when checking if libraries
are installed.
Change-Id: I30524f80a341f38dfa794a8f629d859e85a4a448
In commit f0cd9a8b08 we changed to
use column format, but it checks for zero length string and
check_libs_from_git fails.
Change-Id: I97b52b80efb33749647229a55147a08afa112dd2
Add a no-op function, "plugin_requires" to allow plugins to indicate
their dependencies on each other. This will be used by the Devstack
Ansible module when writing local.conf files.
Also add define_plugin to allow plugins to indicate their canonical
names.
Change-Id: Ibd8c7222ed7dfb08d7ea821d871fc6f3b88de24b
Some old configuration(such as, LOG_COLOR config) will remain
if we don't cleanup.
So, we should cleanup the configuration before we config it.
Change-Id: I7aff609dadf3acba13a36894614b35005f51280d
The kvmibm removal I009ae4779588615633bff81d0c47a1b879ec9279
incorrectly removed this (the check was install if *not* kvmibm).
Since we don't support kvmibm any more, it should be safe to install
everywhere as done here.
For the full history, it started with us installing qemu-kvm-ev with
Ide91b261f35fb19d8bd7155ca016fa3b76a45ea1, then we fixed it to be more
generic and just install qemu-kvm with
I46da627c0da8925064862fdc283db81591979285, then Fedora 26 support in
I5c79ad1ef0b11dba30c931a59786f9eb7e7f8587 made this install everywhere
*but* kvmibm.
Change-Id: If3e9661451ad1055e7c8d670605a53095f0aeda4
With the release of 17.10(artful), support for 16.10(yakkety) has ended.
Update our list of supported distros accordingly.
Change-Id: Id85e00f109cfd43141dec0c0d2bfedb66f14e664
This commit switches TimeoutStopSec in DevStack's systemd unit files
from "infinity" to "300". There are two motivations for that change:
* 5 minutes should be more than enough to stop a service.
* systemd included in CentOS 7 and RHEL 7 doesn't support "infinity" as
a value, "0" should be provided instead. When "infinity" is set,
systemd will kill the service instantly, leaving service children
processes orphaned. Instead of differentiating here, we can just set a
sane, finite number.
Closes-Bug: 1731275
Change-Id: I0a079ea9879fa4fbba23104c2f5ab6e0721a2a2a
Option nova_metadata_ip was deprecated in favor
of nova_metadata_host. lib/neutron was updated
recently but lib/neutron-legacy was missed.
Change-Id: Iadd42458dda705ad0c24aa4ab2afd5b27dd8f0e1
Currently doing a cycle of
./stack.sh; ./unstack.sh; ./stack.sh
fails because the leftover tls-proxy sites will cause apache startup to
fail on the second stack.sh run. So we need to disable these sites on
running stop_tls_proxy.
Change-Id: I03e6879be332289d19ca6a656f5f9f139dffff6f
Closes-Bug: 1718189
The mysql-community-server is a compat provide, openSUSE uses
mariadb for quite some time. Make it futureproof in case
the compat provide goes away in the future. Cleanup
mysql service name to MYSQL_SERVICE_NAME and consistently
use it.
Change-Id: I2df7b8d8b798dfa7ceade90e0c127e0609524a8b
Zuul now supports including the file extension on the playbook path
and omitting the extension is now deprecrated. Update references
to include the extension.
Change-Id: I4bff5f12742364f7cc92e17869a047fd2185dda4
A proposed change[1] to Zuul removes the implied run attribute.
Add an explicit run attribute here to prepare for that.
[1] Ia8f23bce9898cd4f387554e6787b091b63e75519
Change-Id: I1fbc36c3d1b8c4ed70fceef1c587255dad50da04
* Since ENABLE_KSM param will be used in local.conf file
and it's value is received in a variable and while compairing,
the variable needs to be compared. So we need to change the
same.
Change-Id: Id4ed17c0642acd2313e456503cfc375ca6f61409
Closes-Bug: #1724690
The old code was strip()ing the version string instead of split()ing the
version string so we always got the first character of the version
string. This worked fine as long as the pip version was single digit but
as soon as it rolls over to '10.stuff' we will compare:
pip version 1 (instead of 10) > 6
Which fails bceause 1 is less than six. Instaed we really do want to
compare 10 > 6 so use split on '.' instead.
Change-Id: Ic7d0c04d7fa77774ab2d70fb9d11f182becec553
The pip list command supports a --format=columns option which outputs
things in space delimited columns. Switch to using that.
Change-Id: I5140a7d83bf567b1c3c67516112eb4c57074fa53
Reason is to be identical to the upstream KVM CI. Some Tempest
tests rely on vdX virtio-blk device naming. Others simply create
their own with a brand new image. Also, the scsi support on the
CirrOS image is limited, tests booting from volume fail.
Change-Id: I389147a58042aa6098a695e6dd32f3e697fbbbab
This makes the condition that chooses which daemon name libvirt to call
the same as for choosing the livirt package names.
Without this fix the condition checking for a directory is incorrect
when livirt is not yet installed, but is used before installing the
packages.
Change-Id: Ib5eb12769128527a6f4b3b5f7674bd2dad0ed160
The file matcher was from the early versions of this when we were
running both v2 and v3. We should always run the new devstack
job on all changes to devstack now that v3 is in production and we
plan on building jobs off of this one.
Change-Id: I7dd336b0059043f6653bdfdcba0ee5cded3e67b1
This should be managed in the devstack repo, since it's a base job to
run devstack.
Change-Id: Iffe54fbccbccd68db08f79a1b51dd7f76dbff408
Depends-On: Ie2119f24360d56690ffd772b95a9ea6b98dd4a39
As the following commit has renamed the two vnc options; let's
use the new options in devstack:
https://review.openstack.org/#/c/498387/
Change-Id: Id125666814ea9bb8a22b579aee0f6bc1c65ade80
block-storage is the official service type for cinder, according to the
service-types-authority. Add it as a service in devstack, with cinder's
unversioned endpoint, to enable proper discovery.
Change-Id: I75cf7212678f7f270c3c32f0bce227dbbf6b466d
The IBM hypervisor distro "KVM for IBM z Systems" gets discontiued,
like announced in March 2017 [1]. The key dates are:
* 03/2017: announcement
* 08/2017: the last day to order (EOM)
* 03/2018: the End of Service (EOL)
As the CI which tests OpenStack with KVM on IBM Z doesn't rely on this
distro anymore and EOM has reached, we remove the Devstack support for
this distro.
This basically reverts commit a5ea08b of Dec 2015.
NOTE: This doesn't affect other distros which have KVM on Z support.
References:
[1] FAQ for KVM for IBM z Systems Delivery Strategy Change
https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSQ03110USEN&
Change-Id: I009ae4779588615633bff81d0c47a1b879ec9279
Strip the [<extras>] string from a <package_dir>[<extras>] argument
when looking for the package directory. Explain what the heck is
going on.
Change-Id: I79beb5c3e9e7c35c91cdd0d5a1d91532bebc4b6d
Closes-Bug: #1721638
We install the glance api on all nodes in multinode testing. This has
been failing because we don't configure the glance auth cache dirs if
we only install the glance api service. This was done as part of
init_glance which is only run when installing g-reg.
Fix this by moving the auth cache dir creation step into
configure_glance which is run for the glance api.
Change-Id: Ie669827507df0f524e6e53fe4ab3dff848dd4bd7
This reverts commit ef5ebed6c9.
The problem here is a backwards-incompatible change to
configure_auth_token_middleware. Plugins are still passing a
"signing_dir" which is interpreted now as the "section" argument
... this leads to an interesting red-herring issue; because "v" is a
gnu sed command for checking the version, a signing_dir of "/var/..."
(as done in most plugins) gives the weird error:
sed: -e expression #1, char 32: expected newer version of sed
I think we'll either need a new function, or dummy arguments to get
this back in.
Change-Id: I2098d4eb2747282622cf486fa7dbf216f932f58b
As described in the change, "pip freeze" has issues with the way
zuulv3 clones repos without a remote. This is an attempt to use "pip
list" to check for local install
Change-Id: I33d25f86b6afcadb4b190a0f6c53311111c64521
"pip freeze" reports an error when checking because the repos don't
have a remote under zuulv3
---
Error when trying to get requirement for VCS system Command "git
config --get-regexp remote\..*\.url" failed with error code 1 in
/opt/stack/new/keystone, falling back to uneditable format
Could not determine repository location of /opt/stack/new/keystone
Complete output from command git config --get-regexp remote\..*\.url:
---
This means this check fails. I think we can fix this by looking at
"pip list" which I will propose in a follow-on, but this fixes the
immediate breaking issue.
Depends-On: Ib12ddf768ee20fd7614622179f6842f5d57864ff
Change-Id: I21ff749ab3e7911fa074e6d53056768f42f8aa57
Change f119121d21 removed
the default image to download which meant if you were using
the fake virt driver, no image would get downloaded and
tempest setup would fail.
This adds it back in but doesn't use a wildcard.
The default image is the same as before, but uses the
variables that are also used for the default libvirt image
case.
Change-Id: I80eddd0d3a99572ed494b5cd36fed8ceb4d05d77
Closes-Bug: #1720003
Memory_tracker imports psutil, but does not run inside a pip/virtualenv
so the system provided psutil library needs to be provided. This
is matching what is done for other non-SUSE distributions
Change-Id: I96f944730dc8644333d906d71339351b29b03e08
PKI tokens have been actively deprecated from keystone and there are
deprecations being emitted from keystonemiddleware. Because of this we
no longer need an auth cache directory in the services where the PKI
certifcates used to be stored.
Remove the creation and use of all these AUTH_CACHE directories.
Change-Id: I5680376e70e74882e9fdb87ee1b95d5f40570ad7
I had to dig around for awhile to figure this out, so
this adds an example on how to grep journalctl nova logs
for a server instance UUID.
Change-Id: I6a5c47fbcba3af1822e2f9efc2ac20ebe0387f3f
Castellan switched the `api_class` config option to `backend` in commit
8980bf7da55dd084ad84c84534fe937f0d43b9c0. The old setting will still be
recognized for now, but we should switch to using the new, correct config
option.
Change-Id: I5e46c738531d5d56777e91a00f4cee9531356f2e
We want that one to be installed via pip, if we still use it
(by default PyMySQL is used, which is already installed via
pip as well).
Change-Id: I76454aa7f84379aa387b144686bcfaa327b141ed
There have been a couple of new stable releases in the meantime, update
to using v3.1.10 which is the currently latest stable version.
Change-Id: Ifa1421c9f12af9753052f992929deb7ebd45e804
lsb-release is a dependency of "lsb", so it used to work
before just fine as well, but it was installing about 300MB
of "stuff" that we don't actually need..
Change-Id: I25c7c750cbaeb40bf4f2e8695608c4b1003289ea
In a devstack environment you likely need to use sudo
to run the journalctl command, so this adds that to
the examples.
Change-Id: Ibe6b71285a3014e80e06a50130f18bfbdb4ff3ab
The v2.0 identity API is being removed in the Queens release, but in
order to do so we need to stop some v2.0 tempests tests from being
run. This commit switches the default to disable the keystone v2 api.
In a future commit after the removal of the api from keystone the bits
to deploy the v2 api will be removed.
Change-Id: I5afcba6321f496b8170be27789bee7c9ad8eacce
(1) when checksum fails, better delete the broken files and try the second time;
(2) amazon s3 is not good in mainland China, better try one more time with wget
Change-Id: I24ee73f216b78bd80564863cd335e5d5a9b56360
Otherwise neutron will fail to bind external ports because of missing
entries for external physical network in the mapping.
Configure it only when l3 agent is also installed on the node (otherwise
the l2 agent is not exposed to external network and hence doesn't have
the bridge).
Change-Id: I561b74538acb0dc39f1af3e832108ce6a99441b0
The client are told to connect to SERVICE_HOST instead of HOST_IP, so
we need to start etcd3 with matching listening parameters.
Change-Id: I96389090180d21d25d72df8f9e8905b850bcaee9
Partial-Bug: 1656329
This reverts commit a7e9a5d447.
The jobs that run live migration tests are failing at about
a rate of 50% since this merged. There are no recent changes
to nova in the last 24 hours that are related to live
migration, and this is failing on the master branch only,
so I suspect the failures are due to new qemu packages
getting pulled in from this change.
Change-Id: Ic8481539c6a0cc7af08a736a625b672979435908
Closes-Bug: #1718295
By default memcached is bound to 127.0.0.1 and we have no code in place
to change that. So instead of using the $SERVICE_HOST variable, we
hardcode it to localhost, just as we do for the cache settings, see [1].
This also avoids a bug that occurs when $SERVICE_HOST contains an IPv6
address, as in that case it would have to be prefixed by "inet6:" [2].
[1] I95d798d122e2a95e27eb1d2c4e786c3cd844440b
[2] https://bugs.launchpad.net/swift/+bug/1610064
Change-Id: I46bed8a048f4b0d669dfc65b28ddeb36963553e0
Partial-Bug: 1656329
In the "DevStack Component Timing" section, display the unaccounted
time.
Also add the units (seconds) to the output to make it clear to viewers.
Change-Id: Iaca82cc54a355f7077e20e548b771e53387f6628
https://review.openstack.org/504171 prevented Python version detection
from failing when python3 is not installed. However, "which python3"
returns a message in stderr when python3 is not there, and this output
can make diskimage-builder get confused when parsing
source-repository-images.
Change-Id: Idb649dc341ede73c39954b0432ef3cacf379ed37
On platforms without python3 installed devstack fails the python
version check. This does it more gracefully.
Change-Id: I4d79a41eb2d66852ab1a1aa8bd383f8e3e89cdc0
lib/neutron service prefixes are neutron-* not q-*. We should install
those packages either way.
The patch moves files/*/neutron into files/*/neutron-common so that we
can correctly match */neutron against service specific dependency files
(f.e. */neutron-agent) and load the common packages if any neutron-*
service is present.
Change-Id: I57b36f2ed3f33737223a35d9ed734bb414f31e0b
Since [1] devstack is failing on s390x with "Distro not supported".
The reason for this is the missing etcd3 support. It worked before
[1] as we were able to disable etcd3 via local.conf. But as etcd3 is
a base service, we might not be able to rely on this workarond in
the future anymore.
As there is no etcd3 binary hosted on github like it is for other
architectures, the user needs to specify an alternative download
URL via local.conf. Otherwise devstack will exit with an appropriate
error message.
ETCD_DOWNLOAD_URL=<custom-download-url>
[1] https://github.com/openstack-dev/devstack/commit/d8bb220606737719bcdf7c5b4f54906f2974c71c
Change-Id: I1c378a0456dcf2e94d79a02de9d3e16753d946d6
Partial-Bug: #1693192
DVR isn't supported by the Linux Bridge agent, but the
mechanism driver is enabled by default, so Neutron attempts
port-bindings for it, generating ERRORS in the neutron-server
log in the check and gate jobs. Just remove it in the DVR case.
Change-Id: Ic50e12e5fecf366a182c141b5c99649e653254cb
Closes-bug: #1716782
Without this patch, the pmap -XX call fails on openSUSE Leap
distributions as those have a fairly ancient procps version that
does not support the -XX parameter. A pure python implementation
is more portable, faster and even shorter than the subprocess
call.
Closes-Bug: #1716066
Change-Id: I2fdb457e65359a1c9d40452c922cfdca0e6e74dc
uwsgi services:
[1] By default uwsgi is set to exit on reload this breaks config reloading
of the service [1][2]. It needs to be set to 'false'.
[2] Requires to add 'systemctl reload' command support by adding ExecReload
in unit file.
Non uwsgi services:
[1] Non uwsgi services only requires to add ExecReload in unit file.
There was a similar patch submitted by Matthew Treinish [3] but it was
already set to workflow +1(not merged as having dependency on other patch)
and it was having some issues as specified in comment and missing reload
functionality for other services.
[1] https://etherpad.openstack.org/p/uwsgi-issues
[2] http://uwsgi-docs.readthedocs.io/en/latest/Options.html#exit-on-reload
[3] https://review.openstack.org/#/c/490904/2
Change-Id: I78f5e9d4574671c74a52af64724946feb41c2d7a
Add instructions for installing and enabling remote-pdb [1] under
systemd.
[1] https://pypi.python.org/pypi/remote-pdb
Thanks to clarkb for pointing me to this. TIL.
Change-Id: I640ac36cfbcc5b199e911c0e3f6b18705c3fbbc4
This makes sure that the openstack client placement plugin gets
installed when either LIBS_FROM_GIT includes osc-placement or
placement is used, which is always now if you've enabled nova,
which is enabled by default.
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Depends-On: Ica83e29780722dd1555904e46b9ff1d1fdf72516
Change-Id: I7c5a5c10288b356302bb3027837d4ed4f0fbad8c
This was previously set to thin as the default, but at the time
there were failures seen with what appeared to be race conditions
when creating snapshots.
These failures are not seen locally, and we have a lot of installs
using the default auto by this point with no reports from the field
of seeing this failure. This is to be able to more extensively test
this in the gate, and hopefully get this switched over to be able
to thinly provision by default when possible.
Change-Id: I3e99adadd1c37ba8b24b6cb71a8969ffc93f75a1
Related-bug: #1642111
Now that Pike has been released, switch to using the pike version of
UCA instead of ocata, too.
One reason to do so it that it adds python3-ceph packages, allow to have
progress with the python3 compatibility of the Ceph integration.
Change-Id: I7d95e53892b697c72af75ad0ce7ce2dec6d31fde
For devstack master branch we should point to the latest version and not
to some possibly outdated older branch.
Change-Id: I4af3aef90a2c295df3de4a5b49d127e85ab517ac
1] Process using uwsgi:
uwsgi services doesn't support for graceful shutting down [1].
It requires some changes in unit files [2] including adding below
graceful shutdown hook and changing KillSignal:
--hook-master-start "unix_signal:15 gracefully_kill_them_all
All the steps and changes required are specified in etherpad [1].
2] Non uwsgi services needs below changes:
In [service] section:
a. Add KillMode = process
b. Add TimeoutStopSec = infinity
NOTE:
Creating unit file for services other than uwsgi is handled by the
'write_user_unit_file' function [3]. This function is common for all
the services so this patch adds the above mentioned parameters for
services using ServiceLauncher also though they don't require.
Added a new stackrc variable WORKER_TIMEOUT which is required to add
graceful shutdown support to uwsgi services. It will be set as a value
to 'worker-reload-mercy' [4] in uwsgi file of service. The default
value set to this variable is 90.
[1] https://etherpad.openstack.org/p/uwsgi-issues
[2] https://www.freedesktop.org/software/systemd/man/systemd.kill.html
[3] https://github.com/openstack-dev/devstack/blob/2967ca3dfd0d64970dfa5dfa7ac2330ee7aa90ed/functions-common#L1439-L1461
[4] http://uwsgi-docs.readthedocs.io/en/latest/Options.html#worker-reload-mercy
Co-Authored-By: Dinesh Bhor <dinesh.bhor@nttdata.com>
Change-Id: Ia95291325ce4858b47102dd49504250183f339ab
We need this for every devstack run now, so downloading it from github
every time isn't the most awesome thing in the world.
Add an extra variable EXTRA_CACHE_URLS which will be appended to the
output of tools/image_list.sh. This way, these files will be
downloaded during the daily nodepool build, but they will not be in
the IMAGE_LIST and hence be considered as images to upload.
Add a function get_extra_file which echos the path to a file given the
URL. It will first check the cache at $FILES, and if not present
download it.
Update the documentation in image_list.sh to reflect what's happening.
Move the defaults for etcd variables into stackrc, since it is a base
service now.
Change-Id: I86104824a29d973a6288df1f24b7891feb86267c
1) Update doc links according to OpenStack document migration
2) Use https instead of http for docs links
Change-Id: I81b560d1e4c5210dc00a6a6ac06c03bb1e69d595
This is proposed temporary change to avoid
"ValueError: need more than 1 value to unpack" error in stack.
Change-Id: I743febbef3a1f201cea37471356518be31585277
This tears out the alternative path of using screen, so that we only
use systemd enabled paths. This simplifies the number of ways that
devstack can be run, and provides a much more reliable process
launcher than the screen based approach.
Change-Id: I8c27182f60b0f5310b3a8bf5feb02beb7ffbb26a
Leaving the default user enabled is a security issue, as it can be used
without credentials. It also may mask issues like seen in [1].
[1] https://bugs.launchpad.net/bugs/1651576
Change-Id: I75b4e5696c0f8017b869127a10f3c14e2f8bd121
Various services are returning broken links when running behind
tls-proxy. These issues can be fixed by setting the X-Forwarded-Proto
header in the apache config and letting oslo_middleware parse it.
Change-Id: Ibe5dbdc4644ec812f0435f59319666fc336c195a
Partial-Bug: 1713731
The pre-existing configuration for swift on devstack set's the
*-server's devices option (the root of the servers list of devices) to:
devices = /opt/stack/data/swift/1
where "1" is the node_number, and will be 2, 3, ... N if the devstack
machine is built with more than one swift node/device (pretty sure no
one does that on devstack ever).
The device(s) in the rings are named (perhaps confusingly similar to the
swift loopback image) just "sdb1", so all storage servers expect to have
a $STACK_USER writeable file system at:
os.path.join(<devices_root>, "sdb1")
That directory does not exist when you start up a devstack [1].
Currently Swift's object-server's require that directory exist before
they write data into it (even with mount_check = false!).
Unfortunately however, with mount_check=false the account/container
servers are able to create the device directory when it does not exist
[2]. Which can lead to some unfortunate results with permissions on
some deployments using mount_check = false (e.g. testing or
containerized environments). Fixing this issue [3] uncovered the
previously benign [4] mis-configuration in devstack.
Attempting
1. It was lost a long while ago I7c65303791689523f02e5ae44483a6c50b2eed1e
2. Essentially they want to:
mkdir -p /opt/stack/data/swift/1/sdb1/containers/<part#>
... but end up creating the "sdb1" dir too!
3. I3362a6ebff423016bb367b4b6b322bb41ae08764
4. Benign because the object-server share their device with the
account-container devices and they would create the dirs before trying
to write an object. It was incorrect, but worked by happenstance, which
is nearly as good as worked on purpose.
Change-Id: I52c4ecb70b1ae47e613ba243da5a4d94e5adedf2
In [1] the definition of the function was changed, adding the service
name as first parameter. Since this seems to have caused failures in
some plugins, at least update the function template accordingly.
[1] Ifcba410f5969521e8b3d30f02795541c1661f83a
Change-Id: I4d03957f8d3a18625f06379fb21aa7ba55e32797
Dragonflow can operate without L3 agent, and does not advertise L3 agent
scheduler extension when running this way
Change-Id: I23d0e558c8454636fcde0a1903c78965b70bc324
I am a new participant, and when I read the document I found that the command in the OS_AUTH_URL example is v2.0, so I want to update it.
Change-Id: I973adc303a3cb37ce377ca4e31d1d666cd41b358
When run in the default superconductor mode, the screen-n-cond-cell1
logs are not formatting in oslo format or colorized like the other
logs. This is because screen-n-super-cond is running using nova.conf
which is configured for oslo format logging with color.
The oslo format logging is also needed to correctly index the logs
from screen-n-cond-cell1 in logstash.
This change simply configures nova_cell*.conf files for logging
like nova.conf.
Change-Id: I44fc11f09bb7283be0b068f5e02a424f3e5dafe2
Closes-Bug: #1713070
Query the python2/python3 interpreter for it's version to fill in
PYTHON3_VERSION and PYTHON2_VERSION defaults. This means on a
python3.6 platform such as Fedora 26, we don't need to override the
default.
Change-Id: Id826f275b99b9f397b95e817941019fc503daa1d
Add a function which tests if a plugin has been enabled with
enable_plugin. This is helpful if two co-ordinating projects want to run
specific setup in devstack in one only if the other is enabled.
Change-Id: Ibf113755595b19d028374cdc1c86e19b5170be4f
* Check KEYSTONE_DEPLOY flag and cleanup appropriately
* When we stop process, we should not wipe uwsgi config we should
remove files only on cleanup
* We should not call cleanup *BEFORE* configure, we are just wiping
out the uwsgi ini files
* cleanup_placement should be called from clean.sh
Change-Id: I066f5f87ff22d7da2e3814f8c2de75f2af625d2b
Code in grenade and elsewhere rely on the process/service name
when one runs "ps auxw" and they grep for example "grep -e glance-api"
to check if the service is running. with uwsgi, let us make sure
we use process name prefix so it is easier to spot the services
and be compatible with code elsewhere that relies on this.
Change-Id: I4d1cd223ed9904fcb19b26fc9362b676e0b4f9b3
This adds a new feature flag on tempest conf whenever LDAP is enabled.
When this flag is set to True Tempest users and groups identity tests
adapt to fetch users and groups from different domains.
Change-Id: I368ddf34908b906355c422bd1afd6ab9b1a80053
Depends-On: Iedb470c51fa2174ab7651e6b7e22eff1f25f7aac
We want people creating plugins (that add services) to be aware of the
service-types-authority (STA), so this change adds a Prerequisites
section and notes the existince of the STA there, and the need to apply
there to create a service-type.
Change-Id: I1aa48fe231aaa4499f8b4fe336abea668841b9af
stop_nova_conductor dropped the ball when the CELLSV2_SETUP mode is
set to "singleconductor". We should cleanup the older style "n-cond"
in this case.
Change-Id: I9ffd6d09df6f390a842b8a374097f144564d2db4
... to be used with domain_remap. Swift will start functionally testing
domain_remap in I63428132283986bda9e5c082ffe85741449b71ba.
Change-Id: I4c1ab06d040d91fd8c314d0aa2cecbbb00adf8ad
Now that the pike branch exists we don't want to special case grenade +
system on the target side. We should use systemd for both sides of the
pike -> master upgrade. Note this change should not be backported so
that we do not attempt to use systemd on the ocata -> pike upgrade path.
Depends-On: Iedf824a1772115e0dff287a898636f8e58471269
Change-Id: I6198bf1842a44773fce80672c81eee3afc3c6f38
Calling setenv appears to be globally scoped which is breaking the
glance path which relies on chunked uploads. The glance path is
separated by using mod_proxy instead of mod_proxy_uwsgi because
mod_proxy_uwsgi doesn't support chunked encoding.[1] The proxy-sendcl [2]
was set on the mod_proxy_uwsgi path just in case someone tried to send a
chunked request to the api server we would be able to handle it. It
tells apache to locally cache the chunked request and send the
content-length as a normal upload to the upstream server. However, if we
can only set it globally across then small potential benefit is not worth
having all glance uploads cached by apache. This commit just removes
setting the flag. In the future if we can have devstack isolate this
flag it might be worth adding back to the mod_proxy_uwsgi path, but for
right now it's not worth the tradeoff.
[1] https://github.com/unbit/uwsgi/issues/1540
[2] https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#request-bodies
Depends-On: Idf6b4b891ba31cccbeb53d373b40fce5380cea64
Change-Id: Iab2e2848877fa1497008d18c05b0154892941589
Closes-Bug: #1709970
lib/nova does a pip re-install of libvirt-python to rebuild the python
library incase the underlying libvirt version changed during package
installs. In offline mode, the underlying version of libvirt can't
have changed; so we have the situation that we've removed the libvirt
python bindings but can't reinstall them (because we're offline).
This fixes that particular situation, but skipping uninstalls in
offline mode seems generically OK.
Change-Id: I2b75d45d94d82f87d996c7570c125d46f5f99f6a
Closes-Bug: #1708369
Configuration options that toggle support for LDAP read/write
were deprecated and removed as of the Ocata release:
I13eada3d5c3a166223c3e3ce70b7054eaed1003a
This means we no longer need to clutter the domain-specific
configuration with these values since they are no longer used.
Change-Id: I23b5b994862f066c3d48ce524c396faecabf60f8
In Ocata, we replaced the verification logic for CPU, RAM and disk by calling
the Placement API instead of using those legacy scheduler filters, it's time
to remove them from the default list of filters that are run, especially
since Nova now removes them from the conf opt defaults thanks to
Ibe1cee1cb2642f61a8d6bf9c3f6bbee4f2c2f414
Change-Id: I2e81f1bbce7476d63e84e70dcdd59a1163f89f09
Related-Bug: #1709328
i had sync the all repos of devstack for installing in intranet
environment, and found the url of noVNC had changed to
https://github.com/novnc/noVNC. This module upgrade from individual to
an organization. the old url had redirect to the new one.
Change-Id: I19fc1e2ad30dcd97cad232c9ad58f53a523616b4
There are some comment errors, it's modify 'Captial' to 'Capital' in
keystone file, and modify 'possition' to 'position' in openrc file, and
modify 'comming' to 'coming' in stack file, and
modify 'prefered' to 'preferred' in stackrc file.
Change-Id: I0fdd539cbfff842a4ba7fca9100b881443300f9a
In the original change I said "for infra nodes, it shouldn't do
anything anyway ...". Well that was pre-Fedora 26 :)
It seems that dnf > 2.0 now intentionally throws an error when trying
to explicitly install an ignored package. Thus, as described in the
comment, take a simpler approach of skipping this on infra nodes.
pip-and-virtualenv in dib should have installed the latest pip,
virtualenv and setuptools, so we don't want to fiddle with that
anyway.
[1] https://review.openstack.org/#/c/338998/
Change-Id: Ib300b58377a0d0fe1bd7444c71acdb9a87dc033b
After looking at these for I9881f2e7d51fdd9fc0f7fb3e37179aa53171b531 I
found them not as useful as they could be.
Fix the CustomLog command, that wants the logfile then the format
string (or a nickname, which the LogFormat line wasn't setting). Use
standard micro-second timestamps, and trim the access log to have more
relevant info.
Change-Id: I9f4c8ef38ab9e08aeced7b309d4a5276de07af4b
In trying to debug periodic gate instability of CentOS, I noticed that
it is using the prefork mpm, while Ubuntu is defaulting to the
multi-threaded worker mpm.
One of the problems seems related to 502 proxy errors from the TLS
proxy. We see out-of-sync timestamps in the centos TLS proxy access
logs, which might be innocent behaviour based on the prefork model or
indicate something else.
Before going too deep down this rabbit-hole, I think it is better for
consistency to use the same mpm model on all our platforms, and start
debugging from there.
Change-Id: I9881f2e7d51fdd9fc0f7fb3e37179aa53171b531
If a project manually configures the oslo.messaging transport url for
notifications it should use 'get_notification_url', not
'get_transport_url'. get_transport_url should only be used to obtain
the RPC transport address.
Change-Id: I77772dfa9f30a3db2db6d0387260dfe3452a26ef
Closes-Bug: #1708754
This should now be able to be discovered from the service catalog,
there is no reason to set it.
Change-Id: I7383b589fbcef9423beeab735db42c594f7b56fd
get auth from context for glance endpoints:
Depends-On: I4e755b9c66ec8bc3af0393e81cffd91c56064717
When using resource classes to schedule baremetal nodes the baremetal
filters like ExactRam etc should not be used. This patch disables them
in the nova config if devstack is configured to enable ironic resource
classes.
Change-Id: Ic262ccaf8b541308042d61113a953653d2261964
With cell v2, on initial bring up, discover hosts can't run unless all
the compute nodes have checked in. The documentation says that you
should run ``nova service-list --binary nova-compute`` and see all
your hosts before running discover hosts. This isn't really viable in
a multinode devstack because of how things are brought up in parts.
We can however know that stack.sh will not complete before the compute
node is up by waiting for the compute node to check in before
completing. This happens quite late in the stack.sh run, so shouldn't
add any extra time in most runs.
Cells v1 and Xenserver don't use real hostnames in the service table
(they encode complex data that is hostname like to provide more
topology information than just hostnames). They are exempted from this
check.
Related-Bug: #1708039
Change-Id: I32eb59b9d6c225a3e93992be3a3b9f4b251d7189
When configured for superconductor mode, which is the default,
nova-compute can't reach the MQ for nova-scheduler so there is
no point in even enabling the track_instance_changes code since
it's a waste of time as the scheduler will never get the message.
Change-Id: I2662ebd47323428b403d3c2236bec78f1fb1050f
Currently, stack_install_service will accept any service name. This is
problematic because a project plugin can pass an invalid name without
noticing. This has been the case in ironic-inspector[0].
This commit ensures that stack_install_service will not silently fail
when passing an invalid service name.
[0] https://review.openstack.org/#/c/424680/
Change-Id: I1a8105bdbaf4aecb630df08da416808bf7180824
Closes-Bug: #1659042
This patch fixes path to mlock_report.py. Also add python-psutil
to dstat depends as it is required by mlock_report.
Change-Id: Ia2b507a7b923f1e3393a9cb7746c66d39d6abfde
This started to fail due to a missing || : / --force option now
that the dependencies got fixed:
2017-07-30 19:38:37.260 | ++ tools/install_prereqs.sh:source:97 : sudo rpm -e --nodeps python-cffi python-cryptography python-pyOpenSSL
2017-07-30 19:38:37.293 | error: package python-cffi is not installed
2017-07-30 19:38:37.293 | error: package python-cryptography is not installed
2017-07-30 19:38:37.293 | error: package python-pyOpenSSL is not installed
Change-Id: Ia59afb7ee564cf2044ebdb3c5ad3e54ee91d1222
The actual logic of launching a singleconductor didn't get all the way
to the launch of the conductor itself, so we were still launching 2
conductors in the Ironic case. This attempts to fix that.
Change-Id: I7ddb123dbdf3e1ec9a991e474a9990d2ccbc30d3
Some environments, like grenade and ironic, need a way to revert to
the non fleet version of the conductor setup. This really comes down
to a global topology for CELLSV2_SETUP. The prefered is with a
superconductor, but allow a downgrade to singleconductor.
Depends-On: I5390ec14c41da0237c898852935aba3569e7acae
Change-Id: I10fb048ef2175909019461e585d117b4284448c6
With cell v2, on initial bring up, discover hosts can't run unless all
the compute nodes have checked in. The documentation says that you
should run ``nova service-list --binary nova-compute`` and see all
your hosts before running discover hosts. This isn't really viable in
a multinode devstack because of how things are brought up in parts.
We can however know that stack.sh will not complete before the compute
node is up by waiting for the compute node to check in before moving
forward. This puts a few more seconds into the run, but ensures
everything is solid in multinode environments.
Change-Id: I667e6a9be3fee8bb5bfd73426eef567489e3d88d
When doing a multi-node devstack deployment starting in Ocata
the child compute nodes must be discovered and mapped to the
single nova cell (cell1). In the upstream CI we do this discovery
in devstack-gate after the subnodes are stacked, but for anyone
doing this manually we need to provide some notes on what needs
to happen after child compute nodes are stacked for a multinode
environment.
Change-Id: I68418bcf28d86c60fe42537186d89458fa778bda
Closes-Bug: #1688397
This update resolves multiple issues with python-cryptography
causing keystone server and nova deployment to fail.
This is a temporary workaround until I196f025dbf1a9ac297946b8165620676645f7210
has landed and the extraneous dependency on python-cryptography (the
package) has been removed.
Change-Id: Ifb29b9089197c0429a5fc1cd08a25d2095d481f1
The only mentionable diff is the kvm alias
does not exists so we will install
qemu-kvm as with rhel7 which also exists
in the older supported fedoras.
kvm also just an alias in suse so
switching to qemu-kvm in suse as well.
Change-Id: I5c79ad1ef0b11dba30c931a59786f9eb7e7f8587
Some URLs are broken, so fix them.
The others are redirect to new URLs,
so replace them with new ones.
The config options of nova serial console proxy
have been gathered in nova/conf/serial_console.py.
So the description in doc/source/guides/nova.rst
is fixed.
Change-Id: Ifd81cc09969341fbf8f135a913fc6003b94e0acc
Otherwise, we've seen intermittent "Unable to establish connection"
failures, with the main devstack log reporting things like
2017-07-19 13:54:29.973 -> start proxy service
2017-07-19 13:54:30.082 -> start OSC to store temp url key
2017-07-19 13:54:31.908 -> OSC reports failure
Meanwhile, the s-proxy screen session tells us things like
Jul 19 13:54:31.919988 -> start child worker
Jul 19 13:54:32.206598 -> still loading the WSGI app
... and ports aren't actually bound until *after* the app is loaded.
Add a wait_for_service call to wait for the proxy to come up.
Change-Id: I1a722de31b144797230991700e110353a2d937dd
openSUSE 42.3 is a relatively minor update over 42.2 and I'd
like to maintain it and keep it passing.
Experimental gates are being proposed, once those are passing
(which should be the case with this patch included), we could
enable it as a non-voting gate.
Change-Id: Ia421ada0ed3751c65a2a93a208e3f4a43edf8b16
With libguestfs usage for file injection now being enabled by
default as part of I568c56dbcb62ec541661364c142eff2397e3eed7
the opensuse job started to fail due to lack of guestfs images
being available.
The error in question was
NovaException: libguestfs installed but not usable (cannot
find any suitable libguestfs supermin, fixed or old-style
appliance on LIBGUESTFS_PATH (search path: /usr/lib64/guestfs)
This part is being fixed by explicitly adding the missing package
dependencies to the compute node rpm package list while the maintenance
update for Leap 42.2 is in preparation.
Change-Id: Ie76ac0a51c1ee2ad6559917825dee1c7a91a3a76
Now that mysql.qcow2 has been removed, we only have 4 images to worry
about. This fixes cache-devstack element for openstack-infra.
Change-Id: Ia06f0e0679e253a1a6614f7c38abf1f5cd13991b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
This patch adds removing of the volume group
before removing the loopback device and
the backing file when performing LVM cleanup
in unstack.sh
Without this commit:
unstack.sh removes logical volumes, removes the
loopback devices and deletes the backing file
but leaves a dangling volume group
$ ./stack.sh && ./unstack.sh
$ sudo vgs
VG #PV #LV #SN Attr VSize VFree
stack-volumes-default 1 0 0 wz--n- 10.01g 10.01g
$ sudo losetup -a
$ sudo vgremove stack-volumes-default
/dev/loop0: lseek 4096 failed: Invalid argument
vg_remove_mdas stack-volumes-default failed
With this commit:
unstack.sh removes volume groups after removing
all logical volumes but before removing
the loopback device and deleting the backing file
Partial-Bug: 1441236
Change-Id: Id9c06fa50f6cad28764f5a3396f559cac9999649
We no longer host this on tarballs.o.o, additionally it is no longer
used my trove.
Change-Id: I2034e8ebc530704d6e63a231056f92e14a8654e4
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
When the ldap service is enable on local.conf devstack ldap
plugin starts slapd service using its default config on Ubuntu
and installs ldap-utils package.
Enables domain specific drivers on Keystone and creates LDAP
domain 'Users' with a demo user.
Change-Id: I8d7aa260b01f675e4ed201ef93bfd66474f4b228
This makes us start two levels of nova-conductor processes, and one per cell.
Note that this also sets the notification transport_url to the top-level mq
so that we continue to get a unified stream of notifications.
Related-Bug: #1700496
Change-Id: I08d7da843d18b426dda8a8a231039d950a4c0ce5
Depends-On: I64b600b30f6e54db0ec9083c6c176e895c6d0cc2
Depends-On: If59453f1899e99040c554bcb9ad54c8a506adc56
In Pike, Cinder and Nova will support extending the size of
an attached volume, but it's not supported by all volume and
compute backends. Tempest will also test it but uses a config
option that we need to set based on how devstack is configured.
Depends-On: Ibace6c2f91be9753a44e5f79fd013df11654851b
Related to cinder blueprint extend-attached-volume
Related to nova blueprint nova-support-attached-volume-extend
Change-Id: I52cc2952a2938ce44c442aa3e3b69a905b2b55d5
As a follow on to I4c269a7f3d63ee9a976e7c3636fc3e5e8dab9ae3; the
quoting gets tricky when putting arbitrary command-substitution
strings into saved echo-able strings. As they say, "the only winning
move is not to play" :)
An alternative proposal is to not write this into a script but just
dump info into a file. To my mind, this has several advantages --
avoid getting involved in quoting, not dropping a script into the
global environment -- it's just as easy to "cat" -- and the plain-text
file can be collected as an artifact during log collection (also moved
git commit line to separate line for easier parsing during log search,
etc).
Change-Id: Ic7391dd087657c0daf74046e4a052c53f4eb6e1a
This commit increases the socket timeout value from 4 secs to a much
higher 30 secs. This is just for sanity, the load is high when we're
seeing the wsgi.input timeouts, so uwsgi might be just closing the
socket waiting for data over the wire. 30 seconds is overly conservative
just so we can rule this out. This will likely be shrunk to a more
reasonable value in the future.
Change-Id: Iae85d3a084fb33b2a63550d6e353413e98c0b39c
Partial-Bug: #1701088
Previously the local uwsgi server mode was using uwsgi in http mode.
This was unessecary and actually not recommend by the uwsgi docs [1][2]
This is because http mode starts a frontend http process that forwards
requests to the workers running the python code. This is done for the
largely the same reasons we're using apache as a proxy and is
unnecessary. http-socket mode doesn't do this and just exposes the
workers as an http interface to the proxy. (in our case apache)
[1] http://uwsgi-docs.readthedocs.io/en/latest/HTTP.html#http-sockets
[2] http://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
Change-Id: I5671687c8083fa4bdee066c07b083a0f00be532b
Per the Pike goal, switching the Cinder API control plane to
use WSGI in Apache.
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
Depends-On: Ie8a0eeab1bf31887d6f37cf155b2d161ddfb172d
Depends-On: I14b68f36e7fcc5341bbdbcf165274d9d50f7dd04
Change-Id: I8cef6c98f9242cc38d66de0ac499490e2a237887
According to the uwsgi docs [1] for http keepalive there is a separate
option for http keep alive, and just setting connection close isn't
enough. This commit makes sure we disable http keepalive. This will
hopefully fix the random connection issues we get on image uploads to
glance, which uses uwsgi http mode.
[1] http://uwsgi-docs.readthedocs.io/en/latest/HTTP.html#http-keep-alive
Change-Id: Ic5f83c5c93f28b2bd62ca9ac96ca8c87797ea5c9
Closes-Bug: #1701088
Unless NOVA_USE_MOD_WSGI is False, run nova-api and nova-metadata
using uwsgi.
Because the metadata server is always expected to run on a port and
without a prefix, we have it configured to use uwsgi but not to
proxy from apache: uwsgi listens on the configured port itself.
uwsgi process that listen themselve do not need a socket or to
chmod-socket, so those config lines have been moved to the block
that is also writing proxy configuration for apache.
Because this change only uses uwsgi for nova-api and nova-api-meta,
nova-api-meta is set to default to enabled in stackrc because the
nova-api wsgi application used by wsgi only presents the one service
(osapi_compute).
If NOVA_USE_MOD_WSGI is False and tls_proxy service is enabled,
nova-api is run on an internal port reached via the tls_proxy.
Depends-On: I8ff08d61520ccf04e32dcd02f4cecc39dae823cb
Change-Id: If2d7e363a6541854f2e30c03171bef7a41aff745
This reverts commit 15b0a5f1eb.
The change had an assumption that a service
is properly configured even when it isn't enabled.
The assumption is not true.
Change-Id: Ib5a8ffe63eaec15bc29bfdd133db7169507bab82
Closes-Bug: #1698129
In Fedora mariadb, cracklib has been enabled [0] in order to verify the
password strength.
Disable cracklib in Fedora devstack in order to allow simple passwords
in dev environments.
[0] https://src.fedoraproject.org/cgit/rpms/mariadb.git/
commit: 9442da192282aa74f43e86c96202109a173bbaba
Change-Id: I2d5e965f0f19f86992794eec78134e862899c931
We run glance behind uwsgi. This means that the URL glance knows about
itself is wrong, and version discovery fails. Set the public endpoint to
the value of GLANCE_URL which should always be correct.
Change-Id: Ia7c69024a0ef6cc0fdc284ffcd06eee5678a1007
There is confusion about where installation of new libraries should
end up, to prevent lots of little files being added make a
lib/libraries which is the old lib/oslo. Put compat functions and
includes in place to help with transition.
Change-Id: Ieeab605d187ef6aec571211ab235ea67fa95a607
This separates out the install phase early from the start phase to
make this mirror other services in devstack.
Depends-On: I4124dc7e3fd3b4d973979da85209ec991c0f8c4b
Change-Id: I76f8740448b25a48869ee80006e826baa6cafc2b
In Multi host deployments, it is possible to run ETCD in a different
host than the SERVICE_HOST (where all the controllers run). This patch
brings that distinction.
Change-Id: I15fe6f25eedf1efebaab81cce26b080577b856cc
Signed-off-by: Antoni Segura Puimedon <antonisp@celebdor.com>
The OSC number remain high, and it's useful to understand how much
time we spend making OSC calls, especially to surface it relative to
other items. The way we embed this in our code makes it hard to
instrument.
This patch creates a wrapper function for OSC which collects the timings
then aliases `openstack` to that function. This means any invocations of
the openstack utility goes through our function while devstack is
running. Because this is an alias it only affects the stack.sh shell and
any subshells.
This also moves the time tracking infrastructure to count in ms,
instead of s, because some of these operations are close enough to a
second that rounding early is losing way to many significant
digits. We divide by 1000 before reporting to the user.
Change-Id: Ic5f1844ce732d447ee980b3c9fdc417f72482609
In the helper functions to check if roles are set and if not add the
role and return the id we weren't actually checking if the role was set.
The reason for this was we grepped for name values while outputing only
uuid values with OSC. Fix for this is straightforward, we just add the
--role argument to OSC which will filter for us then we don't have to
use a grep on the wrong value type.
Change-Id: I2691b347d2a6273100deb4a1750ab353a8e49673
We are trying to keep better track of what pieces of devstack consume
the most time. Add the db sync commands to the time tracking as they run
the database migrations which can take more time than expected.
Change-Id: Ib92f2b8304ccf703712d45fd7207444de3599e2d
Because C.utf8 is not everywhere and is sometimes called C.UTF-8 (just
to confuse people) use en_US.utf8 which is in most places. This isn't
language/region agnostic but gives a consistent unicode aware locale to
devstack.
Change-Id: I67a8c77a5041e9cee740adf0e02fdc9b183c5bc4
fixes-bug: 1697733
Commit 5edae54 introduced the usage of systemd in Devstack. This allowed
the transition away from 'screen'. Systemd needs "user unit files" to
describe the services. Currently, those unit files get only created when
an openstack service (n-cpu, c-sch, g-api, ...) is in the list of enabled
services (`ENABLED_SERVICES`). This means, when Devstack is fully stacked,
there is no way to start the systemd unit of an openstack service which
is *not* in that list.
This commit changes that behavior, and creates the systemd unit files
independently of the list ENABLED_SERVICES. This means, when Devstack
is fully stacked, I can start a systemd unit of an openstack service which
wasn't in the ENABLED_SERVICES list. This allows more flexible lifecycle
management of openstack services in the gate, which is useful for tests
which test components which are not in the "default configuration" (e.g.
the "nova-serialproxy" service).
The `clean.sh` script purges all traces of systemd user unit files created
by devstack.
Change-Id: I0f7e1ee8723f4de47cbc56b727182f90a2b32bfb
Reduce bcrypt hashing rounds from 12 to 4 (minimal possilbe).
This is going to imporve a lot of perforamcne of OpenStack.
Bcrypt is hashing algorithm that is designed to use a lot of resources and
in that way stops brutforce attacks. It's exponential algorithm that depends
on amount of rounds. By default they use 12 rounds which is quite high value,
good enough for real secure production enviorments.
In case of DevStack it's going to slow down all authentication by many times.
Rally shows about 5 times slownest (adding 2-5 seconds to every authenticate)
DevStack is meant for developemnt & CI so performance is way more important than
security.
Change-Id: Id8c763d63cb91f37a774f9400f35c309f37d6f12
To reduce the total number of invocations necessary for pip which isn't
the quickest thing ever (due to needing to evaluate constraints and deps
lists and what is currently installed) combine the main installation of
software with its test-requirements.txt file which should roughly halve
our pip invocations.
Change-Id: Ibcc3264136e66d34a879ad1c90a62e1bb6a84243
Transient failures were being reported because the current lockout
period for users was too short. While this does increase the
run time IdentityV3UsersTest.test_user_account_lockout, it
allows for more flexibility if there is network latency or some
other factor that cause the lockout to expired before the
next authentication.
Change-Id: I61bc39bbc35ac414b4a72929a90845956c99eb1a
Closes-Bug: 1693917
When installing OpenStack via DevStack on XenServer, we need to
some preparation operations in dom0 which will refer the function
in devstack/tools/xen/functions file, but we are planning to move
the whole folder of tools/xen from devstack to os-xenapi, so it
this patch is to moving the dom0 related operation to os-xenapi
repo first.
Change-Id: Ib59d802a7a4eab4ccce0e29d80f29efa4655bc0b
Depends-On: I712ee74ce945859ba5118e09b7d9436ca2686cb7
The old implementation for is_$service_enabled simply checked if any of
the subservices were enabled and if so the service was considered to be
enabled. This makes disabling services complicated as it means you have
to list every single subservice which can and do change over time.
Instead also check if the generic service name is in the disabled
services list and if so don't treat the service as enabled.
Change-Id: I7fe4dfca2cd9c15069d50a04161a29c5638291cb
The scheduler_driver option has been moved and deprecated. This
change uses the new group and name for the option.
Change-Id: I27aeff5911510c9f47191acaa0c0b5b71f977cd7
We required initially 42.2 test updates to be enabled as the
liberasurecode-devel update wasn't released. It is now released
so we can stop pulling that part in.
Change-Id: I4e514e317da8a95809593a49c6dce619bc4c021f
As part of getting swift's functional testing to work properly through
the tls-proxy we need to increase the allowed request header size in
apache. This was a non issue without tls proxy as requests hit the
eventlet webserver directly which was configured via the swift config
which sets this relatively large limit (by default devstack configures
swift to have a header size limit of 16384).
Now we pass in an optional parameter to start_tls_proxy that includes
the desired header size. lib/swift then passes in the value it also
configures in its swift.conf.
If not explicitly set we default to 8190 which is apache2's default.
Change-Id: Ib2811c8d3cbb49cf94b70294788526b15a798edd
openSUSE 42.2 passes testing on the experimental gate and
in order to add it as continuosly tested target we need to
add it to the positive list of tested distributions.
Change-Id: I46f94cfad828534f324994c3d21bddff40e8f9a2
Because the swift functests (which use test.conf) run out of a
virtualenv they don't get access to the system wide trust of the
devstack CA. Handle this by explicitly configuring the cafile to trust
in the test.conf file.
We also set the web_front_end to apache2 as that is what is terminating
TLS for us. The tests handle different web server behaviors using this
flag.
Swift's functests will need to read these values in and properly
configure things on its end.
Change-Id: I4cdba36ccab6acd76205184882ee29e4f1e12333
Otherwise those services, notably n-cpu, will try to register
resource providers before placement is ready.
Change-Id: I89fd4fa42baf3d19ee209c59cd85b97adb97c58b
Closes-Bug: #1695634
The scheduler_default_filters config option moved out of the
DEFAULT option group into a more specific group, and the old
option is deprecated as a result so we need to update our usage.
Change-Id: I5d6574d19c3f16abadddb19f34cb645dcdcc07f4
Function "_install_etcd" is trying to use "files" directory
to download a file. Instead of this, this directory should be
$FILES, which is defined previously in parent script.
TrivialFix
Change-Id: I643ce3b9aba1f65f03524430c748bf120d071509
volume_clear is currently set in the DEFAULT section,
but this is a backend specific setting, and therefore
needs to be set in the backend config section.
Change-Id: Ifa3a659bb4768b8915a0f23e7f14b0f3348d93d2
Previously we didn't block out the c-api startup code because the
devstack functions to start services check that for us. However, since
the cinder devstack code checks the service is up and runs the tls proxy
if tls is enabled we need to block it all off to avoid doing those
things if c-api is disabled.
Change-Id: I1c4f22f785af96caaf4baa21ff28714b9afd3458
The upstream CI runs exclusively on nodes with x86 architectures, but
OpenStack supports even more platforms. One of them is the KVM
on s390x (IBM z systems), which is supported since the *Kilo* release.
This change describes the additional settings in the ``local.conf`` file
to enable Devstack on that platform. This is useful for PoCs.
Change-Id: I943b552ca2e36210ac57f36c16db930eb5e58623
This adds packages to suse for systemd python linkages as well as
apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with
a2enmod.
We also properly query if apache mods are enabled to avoid running
into systemd service restart limits. Enable mod_version across the board
as we use it and it may not be enabled by default (like in SUSE).
Also in addition to enabling mod_ssl we enable the SSL flag so that TLS
will work...
Finally we tell the system to trust the devstack CA.
Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7
This commit adds support for deploying glance as a wsgi script under
uwsgi. To get around limitations in the uwsgi protocol when using
python3 for chunked encoding we have to setup uwsgi in http mode on a
random port listening on localhost and use mod_proxy to forward the
incoming requests. The alternative approach of having apache buffer the
requests locally with the send_cl option with mod_proxy_uwsgi only
worked on python2 and also has the limitation that apache is buffering
the entire chunked object, which could be several gigabytes in size.
Depends-On: I089a22a4be4227a551c32442dba27c426f54c87d
Change-Id: Ie98fb7da5e8ecfa49cd680b88139cb7034d5f88f
This commit adds a new function get_random_port to return a randomly
available port from the local port range.
Change-Id: Icaed180cc14602a74cdb3fd3456b690d8a4c729c
We have to do silly overrides of cert locations for requests for
reasons. If we are running under python3 then we were previously looking
in the wrong location for the requests certs. Update the cert fixing
function to properly use python3 to find the certs if python3 is
enabled.
Change-Id: Id1369da0d812edcf9b1204e9c567f8bfe77c48b2
The configuration guide link has syntax problem in README.rst,
and the click the link will lead to page 404.
Fix the syntax problem
Change-Id: I47a1641a6898930dca508cdac98b1b43c05dc446
On ubuntu contents of /var/run do not persist between reboots. Devstack
uses /var/run/uwsgi as home for wsgi sockets. This means that after
rebooting the machine services, that rely on uwsgi would fail to start.
Currently it affects keystone.service and placement-api.service.
This patch changes delegates directory creation to systemd-tmpfiles,
which would run on startup.
Change-Id: I27d168cea93698739ef08ac76c828695a49176c7
Closes-Bug: #1692767
With cinder supporting this now, start logging global_request_id in
systemd logs. It will be None for all the services until the work
starts coming together, but it is safe to do.
Change-Id: Ic6ba1a42da88c03e43d89658b453f6a0b353e0db
The trove development environment is typically a linux VM within which
openstack is installed, and trove launches guest vm's within that
environment. To make it possible for these vm's to launch in one human
lifetime, one must set vt/x and enable nested hypervisors to use with
kvm; qemu emulation will take way too long.
The new libvirtd (v2.5.0) in Ubuntu Cloud Archive doesn't handle
nested hypervisors well and if you use it, you end up with a guest
hanging on the GRUB line.
To enable that use-case, we provide ENABLE_UBUNTU_CLOUD_ARCHIVE which
the trove developer can set (to False) before running devstack.
Change-Id: Ia0265c67bb7d2a438575a03c0ddbf2d9c53266ed
Closes-Bug: #1689370
truorfalse function from common-functions accepts default as the first
parameter. The arguments for USE_JOURNAL were mixed up and this commit
restores correct order.
Change-Id: Id3621b0e1910a625d6cfb8e81bd27bea82543ae9
In Ibbb430fb1dbf66942168e0cb52d990ab6a2eb8d7, we are adding
etcd3 as a new base service. We should drop zookeeper
and use etcd3 as the backend.
Since cinder is the first service for this tooz+etcd3 DLM
scenario and cinder uses eventlet we have cannnot use the
grpc based driver in tooz. So new CINDER_COORDINATION_URL
that defaults to the etcd3's grpc HTTP gateway based
tooz backend.
We need to hold this change until the tooz change (see
Depends-On) is available in a tooz release.
Depends-On: I6184ed193482dad9643ccb2b97133d4957485408
Change-Id: Ia187e1a86413edf25b909b6bb57e84fb4930a696
Etcd3 was enabled recently as new service in devstack [1]. But there's
no way to disable etcd3. This is required on architectures where no etcd
binaries are available (e.g. s390x). The long term goal of course should
be to have those binaries available. The short term circumvention is to
allow disabling the service in local.conf:
disable_service etcd3
[1] https://github.com/openstack-dev/devstack/commit/546656fc0543ec2bc5b422fd9eee17f1b8122758
Change-Id: I6184ed193482dad9643ccb2b97133d4957485408
Partial-Bug: #1693192
gpg verification requires network connectivity which is non
mirrorable. We try to avoid that in devstack whenever possible. A
sha256sum is a totally reasonable way of knowing if the downloaded
package is valid.
Closes-Bug: #1693092
Change-Id: Id496ab53f76444f08dc6961f1ecd25f450cc96d7
This change ensures that when uploading vhdx images, we use the
proper format.
At the moment, vhdx images are uploaded as vhd, which can be
troublesome: first because this is misleading, second because the
actual image format may be checked, having the image rejected.
Change-Id: I9578be41ea9dc252404b7553679ac527e08a0ff6
We need to handle this better, for now, just don't install
etcd in the sub nodes. We need to setup the proper clustering
mechanism if we want to have etcd3 running in multiple nodes
Change-Id: I8dd385e3c993942473e67d04367cdf74495dbeef
In master branch of noVNC project file vnc_auto.html was renamed to
vnc_lite.html Because of that nova-novncproxy looks for file that
actually doesn't exist.
We need to change branch of noVNC to latest stable, because other
projects are not ready yet to rename the path. Those projects
depends on noVNC package installed in system, but it is too old
for now for both CentOS (version 0.5) and Ubuntu (version 0.4).
The only way to make noVNC console working on Devstack is to change
the branch to stable one.
Unit test also has to be modified in order to ignore novnc repo
from checking against cloning non-master branch.
Change-Id: Iaf4761aedf93bc6b914a6a0c5cf1cfedcc29583c
Closes-bug: #1692513
ETCD_DOWNLOAD_URL is set to github url, in our CI, we can point
ETCD_DOWNLOAD_URL to a url in tarballs.openstack.org possibly
in devstack-gate
Download the etcd binaries and drop them into /opt/stack/bin and
use it from there. Cache the tgz for subsequent use (local workflow)
daemon-reload is called twice once from inside the write_user_unit_file
and then when we adjust the entries with additional things recommended
by the etcd team. We need a better way to do this in the future.
Added a TODO to verify the downloaded artifact later. The etcd team
posts gpg signature, we could verify that or run sha256sum and hard
code that in lib/etcd3 file. We would have to update it whenever we
bump the etcd3 version.
We use the public key "CoreOS Application Signing Key <security@coreos.com>"
with ID FC8A365E to verify the integrity of the downloaded file
Any jobs that need to be run on architectures where v3.1.7 is not available
should rey the v3.2.0-rcX release candidates. We can switch to v3.2.0
when it gets released.
Initial version of this code was borrowed from the dragonflow
repo:
http://git.openstack.org/cgit/openstack/dragonflow/tree/devstack
Change-Id: Ibbb430fb1dbf66942168e0cb52d990ab6a2eb8d7
As a followup to I2c78a0c6599b92040146cf9f0042cff8fd2509c3, the nova
cert service should be removed from devstack.
Without this fix, stacking will fail is USE_SCREEN=True
Change-Id: I115580352fa380b896bae290f9a4efbfe4ff0dfd
Update sphinx to the version used to build the documentation elsewhere
and turn on the option to treat warnings as errors to ensure that no
poorly constructed rst is introduced. Cap sphinx<1.6.1, since that
version has a conflict with pbr right now.
Change-Id: I19b3332229e2094988cbf8968c42a0323194a209
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
This enables tcp stats (listen, established, syn, time_wait, close) in
dstat to allow us to get a high-level view of performance changes in
the system during gate runs.
Change-Id: Ifbffbed22446e7e6a3b825c18266b63d2f2e7718
DEVSTACK_CINDER_SECURE_DELETE is deprecated from liberty release.
This should have been removed after kilo-eol
Change-Id: I82c15a19f8fe0326d4a5c2a076baa6d3e53fcf32
One of the pending issues with the conversion to systemd was the loss of
log coloring. It turns out that journalctl by default strips out
characters it considers "unprintable" - including the color codes
emitted by the old-style logging. However, journalctl can be made to
print them by adding the `-a` flag.
This change makes devstack's log formatter conf settings include color
codes like the old screen-based setup used to
We also remove stackrc's setting of JOURNALCTL_F, whose usage was
removed via I6af6d1857effaf662a9d72bd394864934eacbe70.
Change-Id: I2401e267913a24d18dae355aa933072dbbdab1d8
'pip uninstall' will hang running stack.sh if it has to
prompt the user for input, use -y.
Change-Id: Ic94639e444b87fd3538463d5a51c01a0208a2ab2
Closes-bug: #1691172
This sets our default ulimit NOFILE to 2048, which is double what we
set things like mysql'd max_connections to.
Change-Id: I5126bed1e6b9f8c64db00eae4151ac61e47b1bf8
Add a table of contents help readers find the information they need
without having to read all of the prose on every page. Remove the
site-map file, which doesn't appear to be linked anywhere.
Change-Id: Ib5761c9cfdd5a083df562413d727cb4ac7547c9e
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
At the Boston 2017 Summit I had mentioned that the pattern of using non
voting/experimental jobs was not working for getting new features into
Devstack. It is slow and leads people to being too conservative when it
comes to pushing new things in. Instead I suggested that since Devstack
changes are self testing we add the features, have change that enables
the feature, and if that changes passes we move forward with merging
(assuming code review is fine and necessary communication is done).
Document this process in the HACKING file so that we have something we
can point to when people want to add a new experimental job for every
new little thing (ipv6, tls, systemd, etc).
Change-Id: I5190cc3d3de4e81d52748347306133b5034d5531
When ironic-inspector is enabled through devstack, these two files
are created which needs to be masked.
Change-Id: I7a3db6fd6197da20cca1e938727d54195957ac18
Closes-Bug: #1690105
libvirt-python compiles against the currently installed libvirt. If
you upgrade that, it needs to rebuild, however it won't change
versions, so pip install just noops. Force an uninstall / reinstall of
it every time to handle potential upgrades of libvirt.
Change-Id: If34541b34aa6d55eedaf6c603fd1fe92eb887308
This option is a duplicate of public_endpoint for Cinder.
Change-Id: I8aee1b9f93a09d2e92bde80c0e413e1540723bac
Depends-On: I2a74af7906d14cbc49b8cf0a88c344ca30fcbd26
Now that we aren't using native journal messages by default, the
syslog identifier of all the uwsgi processes is the same. We should be
more explicit with those.
Change-Id: Id5406d02407b022d4016517c2e18890973876d88
There was detection code in clean.sh to only run it if a screen
session was found, but in systemd world, that's obviously not
true. This was causing me (and others) substantial confusion.
Change-Id: I204e94cd86b8c67012aabfca74796e593151c3a4
systemd-journald has rate limiting built in, but that's not sufficient
for the level of logging of OpenStack services during test
runs. Disable the rate limiting so that no log messages are lost.
Change-Id: I64599aba74c5a39276bb8f946cd236600b9cc81b
There are a couple of issues that have ended up being hit by devstack
plugin authors which we can detect and error in a much nicer way
instead of them having a cryptic systemd failure.
Change-Id: I45e4ac363aeefb4503015f9e1b57c58f79b58f40
Cinder use 'resource_filters.json' to config allowed filters,
copy the new added json file when set config files.
Change-Id: I397cb5859e2b3349af3cb07ee02b6463c6eccc35
Depends-On: 27aeba0b5d3cf64286125937e8336ba1d3b26b16
use_journal uses the systemd native path for logging, however there
are concerns that this might be negatively interacting with
eventlet. To be on the safe side fall back to stdout.
This introduces a USE_JOURNAL option which will let folks turn this
back on for testing.
This also adjusts the debug lines. When using the journal the pid
reported by systemd is correct. When using stdout, it will be the
parent process id, so we need to keep it to see which child each thing
is coming from.
Change-Id: Id7891c532bf99c099252e82d511a37a49506fea9
This removes some remnant heat code and references now that heat is
running in a plugin. Before merging this patch the heat team should
verify they got everything they needed into their heat plugin, as
there were more parts left than I was expecting.
Change-Id: I477e3a6e75591aa8ff836c28f7ef56aa1b5f8727
Everything else in our documentation is RST, we should convert the
Readme to RST as well (as github supports this, so it's fine to read
it there)
Change-Id: If2aabf629affc09b5daa570f4ca3bdf268cb53b0
Both keystone and neutron didn't yet have systemd awareness for
setting up logging (i.e. drop the extra date / time stamps)
Change-Id: Ib442c603c9afb679676976c37c2c6122201ae846
This moves the developer use case over to systemd, and updates all the
relevant docs to discuss the systemd workflow instead of screen. It
does so by defaulting USE_SCREEN=False, so will not impact people that
set it explicitly.
Change-Id: I6d664612bc2b850eb7f56852afbc841867223ab7
When transitioning between different wsgi modes, or service modes, we
should really safely stop and cleanup things that are started in any
service mode, which makes it easier to ensure that we don't leave
things around from past runs.
Change-Id: I33acbee39e1a2da2bfd79a5dd54b84a12a778be1
We should be able to operate without the identity admin endpoint,
given that in v3 it's all the same. This floats that out there to see
if we can or not.
Change-Id: Ic233f6b43dd1e3cfdadff0f18aba4ea78825a996
auth_uri is not a keystonemiddleware option, and it's use in config
files is confusing at best. Remove it for clarity.
Change-Id: Ie3a9ab30d81809363444d5f3b41588b3889dc185
As we move to enabling glance-api to use a wsgi script that might be run
as multiple processes, there are a couple places where external
synchronization is necessary. To use this we need to set the lock_path
config option from oslo.concurrency so external locks will work.
Change-Id: I9a66a8636d12037ff9aa4fb73cc3f9b9343dd7e9
In order to start making the transition in the gate make
USE_SCREEN=False also mean USE_SYSTEMD=True. We'll never actually
declare USE_SYSTEMD=True in the gate (as that doesn't exist for stable
branches), but this will let us roll over the existing transition.
We also have to install systemd-python 234 because we are recording
exception info in the journal, and all versions before that had a bug
in processing that.
Remove the somewhat pointless screen following journalctl commands. We
really don't want or need those, and they tend to build up over time.
Depends-On: I24513f5cbac2c34cf0130bf812ff2df6ad76657c
Change-Id: I6af6d1857effaf662a9d72bd394864934eacbe70
KEYSTONE_SERVICE_API is the keystone endpoint and it is what we should
use. The admin url should DIAF - but until it does, it CERTAINLY should
not be the thing we put into clouds.yaml.
Change-Id: If8196a04f852f633e0b7548793f68c92376aa6da
Switch from sha1 to sha256 and from 1024 bits to 2048 bits. Do this
because things don't like the old inseucre sha1+1024bits combo.
Change-Id: Iae2958969aed0cd880844e19e8055c8bdc7d064d
The os-fping API was deprecated in nova in
I92064cbcb5f6414da0c9d294f912a860428af698. I can't see anything
obviously using it on codesearch.
This is only in EPEL for centos, which I'm trying to remove. But I
think less dependencies is always better than more in general hence
the removal.
This is essentially a revert of
Ibdc7479a9038321e4fc3953774a6f3e1dac90530
Change-Id: I163fc48c860bae2a92c83cfdaed26b2e54630e20
Centos/RHEL 7 doesn't support tgtd. While the packages are still in
EPEL, there's no point in testing because nobody runs like this.
Switch cinder to use lioadm which uses LIO, and update package
installations.
Depends-On: I964917d13d9415223845ac17eb804ee7faceaf6f
Change-Id: Idc5a4e856bfc93e9dc650d565a98a8e9b3df3481
It's not only using our upstream caches that you might get an old
libvirt-python wheel that is incompatible with UCA. Move the ignore
out of the mirror check to apply it globally.
This is an alternative to Iba301a8c80c9ed584f5fb5a816f3d2cf5f5f0e77
Change-Id: I588b1e8e49aa60f3ce976dc1b6c8013ba1d88079
The DEFAULT_IMAGE_NAME variable is used to reference the name of the
default image in glance after it has been uploaded by devstack. It is
used both inside and outside of devstack for that purpose. However, when
configuring tempest there are some tests which also do image uploads and
need a filename for specifying which file they should upload into glance
for testing purposes. Previously we were just using DEFAULT_IMAGE_NAME
for both purposes, but this causes a conflict if the name of the image
we upload into glance does not have a file extension. So instead of
conflating the things this commit differentiates between them and adds a
new DEFAULT_IMAGE_FILE_NAME variable to use for this purpose.
Change-Id: Icf74badcf2093d8c75db538232b10b3ac7b86eb8
If the current interface has a default gateway configured is
determined by the regex
default.+<interface-name>
If for example 'enc1' is used, but also an interface 'enc1800' is
present, the regex will also match the 'enc1800' default gateway.
This patch fixes this by looking for <interface-name><white-space>.
This way 'enc1800' is not matched.
Change-Id: Id1d58f5be6296c3a37aef788359ae8fe0fe11d8b
As described in [1], it seems that mod_wsgi is not "graceful" reload
safe. Upon re-init, it can end up in a segfault loop.
The "reload" (not *restart*) after setting up uwsgi was added with
I1d89be1f1b36f26eaf543b99bde6fdc5701474fe but not causing an issue
until uwsgi was enabled.
We do not notice in the gate, because the TLS setup ends up doing a
restart after this setup. In the period between the
write_uwsgi_config and that restart, Apache is sitting in a segfault
loop, but we never noticed because we don't try talking to it. Other
jobs that don't do any further apache configuration have started
failing, however.
Looking at the original comments around "reload_apache_server" I'm not
sure if it is still necessary. [2] shows it is not used outside these
two calls.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1445540
[2] http://codesearch.openstack.org/?q=reload_apache_server&i=nope&files=&repos=
Closes-Bug: #1686210
Change-Id: I5234bae0595efdcd30305a32bf9c121072a3625e
This defines a new function get_notification_url, which returns the URL
of RabbitMQ when you want connect to it, and uses in
ceilometermiddleware. This fixes an issue when we try to use AMQP for
RPC, but not for notifications.
Change-Id: I14450b2440806a17a90e5ddefc243868fdbe4f2c
On Centos, apache has a private view of /tmp and thus can't see this
socket, causing keystone to fail. This happened after
I46294fb24e3c23fa19fcfd7d6c9ee8a932354702.
Move it to /var/run.
Closes-Bug: #1684360
Change-Id: I47f091656802719c259752454ec88bf50760b967
The -ssh job with ssh validation enabled has been quite stable
for a while now [0] so I think it's time to add ssh validation
to the integration gate to prevent regressions from lurking in.
Doing this in devstack ensures that the change only affects
master as we didn't test ssh validation on on stable branches.
[0] http://status.openstack.org/openstack-health/#/g/build_name/gate-tempest-dsvm-neutron-full-ssh?duration=P3M
Change-Id: I187e560911f5d5d482eb7959e5174068c4c9a801
This makes openrc more robust for the grenade scenarios by having a
sane fallback when stackrc is not found.
Change-Id: I297ba519d581d2b6fb4d80d59434acace054bada
It turns out that we ended up with duplicate versions of this function
merging on top of each other within 3 days, and gerrit didn't catch
it. Boo gerrit. Boo bash.
Change-Id: Ic6aa2f9bafdec906de2bc51d5929beeec48a6a40
Swift proxy logs to syslog during the devstack-gate tempest runs. To
better capture the swift logs increase the rsyslog buffer size to 6k
bytes allowing for longer messages like tracebacks.
This was setup by openstack-infra previous during our diskimage
builds.
I03e42964e14d9f930c07ed047851bdf775639c59
Change-Id: Iaa232335865410600c93f47d4777ed4f1bce08e2
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Until we can test with a version of swiftclient that knows how to eat
auth_uri, swift still needs a working gate.
Change-Id: I09f9ad5c87b542df962a79898e06fbf1e968b1e3
Related-Change: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
Related-Change: Ie427f3b0b9eb834ff940fa5d52444a5a6cdcab15
Things like SERVICE_PROTOCOL and KEYSTONE_AUTH_PROTOCOL shouldn't
really be exported in openrc as they encourage using them directly to
build up keystone urls instead of actually using the OS_AUTH_URL.
Remove them.
Change-Id: I4b7cc680f7f14dae29b706a227be540c9e212cad
a2dissite will return a non-zero error code if the site that is being
disabled is not currently enabled (that is, if the conf file for it does
not exist). This can happen during development if you've been messing
with files by hand. Rather than exploding out of a ./stack.sh, accept
the missing file as meaning "it's disabled" and carry one. The rpm
version of disable, which does not use a2dissite, does this already.
Change-Id: Ie5dfd42efdff4bdba5ffaa765af000dd8e1d596e
The removed TODO was talking about USE_SYSTEMD, not WSGI_MODE.
WSGI_MODE makes sense, so the TODO has been done.
Change-Id: Ib574ef123ea4c82d4d88012c990cd1ad660d7879
This makes keystone use the proxy uwsgi module when running in uwsgi
mode. It also introduces a new stackrc variable which is WSGI_MODE
that we can use to control the conditionals in services that current
work with mod_wsgi.
Also update retry timeouts on proxy pass so that workers don't disable
their connections during polling for initial activity.
Change-Id: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
This converts the placement API to use the new WSGI_MODE variable
(which is not introduced until the next changeset). We do this so that
placement and keystone patches can be reviewed independently, but
there are some hidden coupling of mod_wsgi setup which happens only in
keystone, so if we do keystone first, it breaks placement.
Change-Id: Id5b2c67701bcc7b12c8e3764c7199d10f85df80f
The uwsgi proxy version that comes with Ubuntu xenial is too old, so
we have to build it from source. This is a temporary solution until
the next LTS.
This lays the ground work for using it in keystone.
Change-Id: I00fb1759e6988c7df0ce0f3df5ff1ce9fd7cd381
When an apache worker gets a proxy error, it will not retry talking to
the backend server until the retry timeout expires. We bring up the
proxy server *before* the backend server, and poll it. If we are
running a small number of workers, there is a likely chance that we're
going to hit one that errored before the backend was up, thus failing
for now real reason.
Set this to 0 instead to mean always retry failed connections.
Change-Id: I9e584f087bd375f71ddf0c70f83205c425094a17
Ref: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
tls-proxy is the way we're now doing a standard install using https
between services. There is a lot more work to make services directly
handle https, and having python daemons do that directly is a bit of
an anti pattern. Nothing currently tests this in project-config from
my recent grepping, so in the interest of long term maintenance,
delete it all.
Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
Instead of this code all existing in keystone inline, factor out into
a dedicated set of functions, and make keystone use this. This drops
uwsgi supporting https directly, but that's not going to be a
supported model going forward once we get to proxy only anyway.
Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe
We're now in a systemd world where systemd is managing the restart
effectively, there is no reason to be tricksy with apache now that
we're not working around weird upstartd issues.
Change-Id: Ifadfd504eb10a90db5177ea9180b9cd8331a2948
We're going to want to start using it by default so just start with
always installing it. This should not negatively impact anything else.
Also had to fix the test using cowsay, now that cowsay depends on
cowsay-off.
Part of uwsgi in devstack.
Change-Id: I8306a992d9d006bc0130a255145a6880065aa0df
Allow cursive to be installed from git instead of pip.
The barbican-tempest-plugin, which uses cursive indirectly
through nova and glance, would benefit from the ability to
use cursive from git instead of pip.
Change-Id: Icae7d310f1ee392d080e7c8e421a26d7c0ef4727
Allow castellan to be installed from git instead of pip.
Castellan has recently been moved under the oslo framework,
and the barbican-tempest-plugin tests which use castellan
would benefit from the ability to usd castellan from git
instead of pip.
Change-Id: I96edca90c61aec84637b7b1ce842eff04c521923
The swift functional tests use a config which requires keystone ports,
we're about to make those go away. This exposes the actual auth_uri to
swift for consumption.
Change-Id: I5868dfdb8e5f0972ba04e359d212b04351502436
We recently disabled EPEL in openstack-infra, enable it again.
Change-Id: I213b302b34b740354d63b69e8ac7f4e1b3d3cdd7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
It is possible some CI system are using an http_proxy. Use the helper
function to cover this use case.
Change-Id: Iee685147ca0244fc7de328a765f937602223de20
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Libvirt live migration requires netcat. It appears that newer UCA
packages may not automagically pull this in so explicitly list it as a
dependency of nova compute here. Note that netcat/netcat-traditional do
not appear to work and netcat-openbsd is required.
Change-Id: If2dbc53d082fea779448998ea12b821bd037a14e
Give instructions to add permissions for stack user without touching
main config.
Closes-Bug: #1680459
Closes-Bug: #1681418
Change-Id: Idd27e684e63c616466de28c07551729a1e091bdd
We have had issues with libvirt 1.3.1 which is stock on Xenial. Try
using 2.5.0 from UCA instead.
Related-Bug: 1643911
Related-Bug: 1646779
Related-Bug: 1638982
Change-Id: Ia4434541c71f050fe1ffb54f4c4c1e302391d00b
The change to remove references of XEN_INTEGRATION_BRIDGE
(If5886e3711765a97f40f20e478f958b988b5a620) unfortunately left some
code which should have been removed. This remaining code caused an
error in some situations when deploying from scratch (which the CI
avoids for expediency)
Change-Id: Ia568462c9cca8cff8fcfada8148d185609d61a7d
This is required to install python-openstacksdk from source for testing
other projects against master.
Change-Id: Iee7b043ac7d381dadf89d26098f69e935ed81d6b
These are needed for oslo.log to use journald support. They are
*probably* already installed, but just in case we force install them.
Change-Id: I0dc66bd2628ff4b3e1caa7ab4366d7f36ff7ea94
This is going to be a new option in oslo.log, which we can start
setting early to make it take effect.
Change-Id: If0e5e4717a1810c759058f33608fbac7543f2d85
uwsgi is a different service type under systemd and shouldn't be run as
a standard oneshot type. The uwsgi docs outline a good pattern for
writing systemd unit files:
http://uwsgi-docs.readthedocs.io/en/latest/Systemd.html
This commit takes those suggestions and creates a separate path for
writing uwsgi unit files.
Change-Id: I9b541b86781afdded311dba058cedd783e1a0dfa
It looks libvirt/qemu requires mode 0755 to functioning properly,
but DATA_DIR won't be set to 0755 if it is different from default.
Change-Id: I37ca0b02b6a75b3756860b547e84c37ccfc99d13
Closes-Bug: #1677421
This adds a flag and basic config for enabling coredumps for libvirt.
Partial-Bug: 1643911
Co-Authored-By: Matthew Booth <mbooth@redhat.com>
Change-Id: If7cd54e804a5a389a0d82a325b58f5b41b8ef0db
In an effort to reduce memory consumption enable KSM by default. The
biggest win here is when using libvirt with nova or ironic with its
fake baremetal instances. In theory any process that runs duplicates
with mergeable memory will benefit though.
Change-Id: I4c5addfd3e83b6516023b36cbaabd5169f0d5ceb
Currently Devstack starts all Swift services, including those
in charge of "consistency convergence" (remember Swift is eventually
consistent), data scrubbing, hard-deletion (*-reaper services)
cleanup.
But when running with Replication Factor 1 some of those services
are not needed at all. Besides, the fonctionnalities provided by
some of these services are not tested at all (neither in Tempest
nor in Swift functional tests).
Thus, in light of saving some Mo of RAM, this patch introduces a config
flag to start only a minimal set of Swift services, just what's required
to make all of our current tests pass.
The default value for this new config flag is set to start all services,
that is to maintain Devstack's current behavior.
For sake of completeness, here is the list of services that are not
going to be started is the config flag is toggled, and the associated RSS
according to our peakmem_tracker
40004 swift-object-replicator /etc/swift/object-server/1.conf
34320 swift-container-replicator /etc/swift/container-server/1.conf
33584 swift-object-auditor /etc/swift/object-server/1.conf
33328 swift-object-reconstructor /etc/swift/object-server/1.conf
31936 swift-object-updater /etc/swift/object-server/1.conf
31492 swift-account-reaper /etc/swift/account-server/1.conf
31076 swift-account-replicator /etc/swift/account-server/1.conf
29540 swift-container-updater /etc/swift/container-server/1.conf
29220 swift-account-auditor /etc/swift/account-server/1.conf
29036 swift-container-auditor /etc/swift/container-server/1.conf
So we are looking at saving at most ~350Mo of RAM (could be less
because RSS doesn't account for shared memory).
A follow-up patch will soon be proposed in devstack-gate to not run
those additional services in our Gate jobs.
Change-Id: I8a0d03ac0296a74e38efd185beb8513866eaf0c4
As of Id6e3c0ac54b21d85e68625a5b52fe2559fb70f24 keystone's policy
file is empty and it is no longer required at runtime. This commit
updates devstack to not deploy a policy file for keystone because
devstack doesn't specify any policy overrides. Instead, we can remove
the sample policy file and rely on the defaults that have been
registered in code. This is the same approach nova took with policy
in I85a251376dfe38caa4b100861bf764014a98bc37.
Change-Id: Ib1d9a51a78e2a84a3d7294dc8782605a681fa9e8
During the PTG there was a discussion that the screen developer
workflow wasn't nearly as useful as it once was. There were now too
many services to see them all on one screen, and one of the most
common service restart scenarios was not restarting one service, but a
bunch to get code to take effect.
This implements a 3rd way of running services instead of direct
forking via bash, or running under screen, which is running as systemd
units.
Logging is adjusted because it's redundant to log datetime in oslo.log
when journald has that.
Swift needed to have services launched by absolute path to work.
This is disabled by default, but with instructions on using it. The
long term intent is to make this the way to run devstack, which would
be the same between both the gate and local use.
Some changes were also needed to run_process to pass the run User
in. A hack around the keystone uwsgi launcher was done at the same
time to remove a run_process feature that only keystone uwsgi uses.
Change-Id: I836bf27c4cfdc449628aa7641fb96a5489d5d4e7
psutil is only installed under python3 for the 3.5 gate jobs. Call
mlock_report.py with $PYTHON so we support both environments.
Updates to mlock_report.py for python3 compatability
Change-Id: If7926ce6a2996b766c49b010a7f6640ae624f860
Now that we don't support Ubuntu Trusty anymore, we can remove
the ebtables race workaround.
Closes-Bug: #1675714
Change-Id: I70483f871e35fcaa933d1b7bac7dbb396aa22cef
Since Feb 25th devstack supported operating systems changed
due to Nova increasing its minimum required libvirt version.
Further details see: I6617283afd798af37e64913b7865cea3c8a62aba
This patch is to update versions on devstack documentation.
Change-Id: I12bb59b0903a728376ee9422213c2903b9138249
The package libvirt-bin is a transitional package in Debian and should
not be used anymore.
Ubuntu Xenial is an exception here.
Because of that this change also adds the possibility to use "not:" to
exclude distros in files/debs/* just as "dist:" limits distros.
Depends-On: Icc59ea79f54d4ff8751f2e353ee3530fff3d961e
Closes-Bug: #1673840
Change-Id: I3998a7178d14ec40eae5cb199d66da9546cd6ccf
In order to get memlocked pages this needs to be run as root, just
start it as root so that we don't have issues with the inability to
run sudo later in the run.
Change-Id: I7adab8cbb6d89d4717e427aec22e316d27bea075
This commit change check of 'running_in_container'
method so that other services ironic, nova and neutron
will not break.
Change-Id: I42eb587cfaebf37944cb10e459b8b8f7b4b4e4ba
Previously we use a specific integration bridge for neutron ovs agent
which is running in compute node, but this isn't necessary, this
patch is to remove the specific integration bridge for XenSever and
remove the custom integration bridge definition
Depends-On: I675565e1ea6c887d40d7a53f62968c4aa385ecca
Change-Id: If5886e3711765a97f40f20e478f958b988b5a620
single-machine.rst and index.rst
Before this, one had to create /opt/stack
manually and chown it to the stack user.
Now it is created when the user is created.
This is the same way the multi-node guide
handles it. A stack group is created too.
Change-Id: I5363d81c8fb38796f565cc6ebf6ab2dee2673989
Closes-Bug: #1673787
Closes-Bug: #1671409
With XenServer we have two neutron-openvswitch-agent(q-agt, q-domua)
For the q-domua it is specific for XenServer, this patch is to move
the specific configurations to os-xenapi which we have devstack plugin
in that repo
Depends-On: Ic816404c84f6a8899d01a77cb67fbfb421653e6b
Change-Id: I8a31c81d9475387fe4ed7030b70b26098e588771
When redoing a stack.sh over and over again, tempest venv can get out
of sync and cause issues until deleted. We should rebuild that tempest
venv on every stack.
Change-Id: I2f66bb1a7ccf9f89e11db1326d8553589e52fbf2
Supported Debian distros (codenames) are "sid", "testing",
and "jessie", but it should be "stretch" and "jessie".
"testing" is no codename and therefore should be replaced by
"stretch".
"sid" changes all the time and cannot be guaranteed to run
correctly or is at least not tested.
Change-Id: Id4b80a055452bbff69036d4dc1adeda46ce99664
Closes-Bug: #1673810
Closes-Bug: #1674416
Instead of grepping for 'lxc' in /proc/1/cgroup, use systemd's
features. This now at least also works in LXD containers.
Change-Id: I35e807c26f0b1fbba83ddbe04cfb4901a7a95cbe
We are facing memory pressure in gate testing. Apache is fairly large so
tune its connection limits down to try and squeeze out more useable
memory. THis should be fine for dev envs, also tlsproxy is not enabled
by default so we can check that this tuning works well on a subset of
jobs before making it default everywhere.
Data comparisons done with gate-tempest-dsvm-neutron-full-ubuntu-xenial
jobs.
Old: http://logs.openstack.org/37/447037/2/check/gate-tempest-dsvm-neutron-full-ubuntu-xenial/721fc6f/logs/screen-peakmem_tracker.txt.gz
PID %MEM RSS PPID TIME NLWP WCHAN COMMAND
20504 0.2 16660 19589 00:00:00 34 - /usr/sbin/apache2 -k start
20505 0.2 16600 19589 00:00:00 34 - /usr/sbin/apache2 -k start
20672 0.2 16600 19589 00:00:00 34 - /usr/sbin/apache2 -k start
20503 0.1 14388 19589 00:00:00 34 - /usr/sbin/apache2 -k start
19589 0.1 9964 1 00:00:00 1 - /usr/sbin/apache2 -k start
Total RSS: 74212
New: http://logs.openstack.org/41/446741/1/check/gate-tempest-dsvm-neutron-full-ubuntu-xenial/fa4d2e6/logs/screen-peakmem_tracker.txt.gz
PID %MEM RSS PPID TIME NLWP WCHAN COMMAND
8036 0.1 15316 8018 00:00:01 34 - /usr/sbin/apache2 -k start
8037 0.1 15228 8018 00:00:01 34 - /usr/sbin/apache2 -k start
8018 0.1 8584 1 00:00:00 1 - /usr/sbin/apache2 -k start
Total RSS: 39128
Note RSS here is in KB. Total difference is 35084KB or about
34MB. Not the biggest change, but we seem to be functional and it
almost halves the apache overhead.
Change-Id: If82fa347db140021197a215113df4ce38fb4fd17
Now Apache2 has 5 dedicated processes for Keystone Admin and 5 for
Keystone Public. As each Apache process consumes some memory and
we arbitrarly decided 5 was a good number more than 2 years ago,
maybe now (with the recent memory pressure we feel) is a good time
to reconcider.
With 5 processes our peakmem_tracker.py script reports a max RSS size
for the "wsgi:keystone-ad" and "wsgi:keystone-pu" processes of
2 (public and admin) * 5 (number of processes) * 90 Mo (RSS of each
process) = 900 Mo.
With 3 processes, the overall max RSS for Keystone is
2 * 3 * 90 = 540 Mo.
Note that this is RSS memory, but using the "smem" linux command on
my laptop, I noticed that the USS (Unique set size, i.e RSS excluding
shared memory) is around 80Mo per process. So reducing the number of
processes will actually reduce memory consumption.
Change-Id: Iba72d94aa15ecaa87c0115ad26d6bpeakmem_tracker62d5b3bea0a
The diet seems to be too strict, jobs failing with "out of sort memory". Needs more investigation before resubmitting.
This reverts commit 1e66388c5f.
Change-Id: Ic10effaaf047eb3527082baab889772c5e57fa90
It's 2017, some of our newest OpenStack developers/users may not
even know what stable/kilo is/was.
Change-Id: I00f39cc80af7e1632293bf057d95040b6bfa48e0
Was using the '-ne' integer comparison operator to compare UUID
values. This caused error messages like:
/opt/stack/new/devstack/lib/tempest: line 226: [[: dfae26ac-1780-4677-902d: value too great for base (error token is "902d")
Change it to use '!=' string comparison operator
Change-Id: Ib7c9197dd0fe58addf33b4f82beea6de64f6b10b
glare has been removed from glance already. Now error will be raised
if enable g-glare in local.conf.
Remove the glare support by glance.
Change-Id: I9a389af194dd2b8aed75d3c921293d800f8c591b
Add a missing --subnet-range argument when creating an ipv6 provider
network. Also changed SUBNET_V6_ID to IPV6_SUBNET_ID. And remove the
--ipv6-address-mode arg because it doesn't apply to subnets on routers.
Change-Id: I82796804a06e758e458606dc9eb400bcd08ad6e4
Not all Cinder backends support the 'manage volume' feature. The test that
in tempest for this feature is specific to LVM and will *not* work for
other work backends regardless of them supporting the feature.
Change-Id: I055aa66738deb5ae2fb925429cec565e3901340c
When variables use the 'declare' directive, it is by default a local
variable. While other variables have global scope.
For example:
declare -A AN_ARRAY # local in scope
foo=1 # global in scope
This causes errors to occur as some of the variables will be local only
and others will be global.
Update the code, as appropriate, so that variables using the 'declare'
directive also include the '-g' flag to have them also be global. Not
every instance of a declared variable has been updated.
Closes-Bug: #1669509
Co-Authored-By: John L. Villalovos <john.l.villalovos@intel.com>
Change-Id: I2180b68fe861ad19c6d4ec0df0f9f8a528347862
lib/keystone builds KEYSTONE_SERVICE_URI so that other services
don't need to reconstruct the identity URI. Many services already
use it, but some parts were still building the identity URI from
the different parts.
This will allow changing the identity URI to include a path
(e.g., to http://<host>/identity) in 1 place rather than in
multiple places.
Change-Id: I58cbdbe591d8869807545e0815480fc3375e0479
Before the patch, we were only configuring root_helper_daemon to point
to oslo.rootwrap, but not root_helper. (The former is used for long
running commands only, while the latter is used for short lived
commands.) This made neutron agents to directly call to sudo when a
privileged process was to be executed. This failed because /etc/sudoers
was not configured to allow anything except the rootwrap call itself.
This patch simplifies rootwrap handling in the code; it also sets
root_helper to point to rootwrap; as well as configure daemon in
sudoers. While at it, we also set l2 agent to use rootwrap too.
Hopefully, it will be enough for agents to actually configure backend as
needed.
Change-Id: Ib05a6e0e024f534d7f616d41d70fb67ecf6daeaf
The oslo.messaging docs on the notification messaging driver
says that "messaging" (1.0) is a legacy format and you should
use messagingv2 unless otherwise required for that old format.
By default we should be testing with messagingv2.
Change-Id: I3031afe7551a0c8dde46e1ccfacff445fb68e122
The change makes peakmem_tracker list processes that lock memory pages
from swapping to disk. It may be helpful when debugging oom-killer job
failures in gate in case when dstat shows that swap is not fully used
when oom-killer is triggered.
The peakmem_tracker service was renamed into memory_tracker to reflect
its new broader scope.
Needed-By: I5862d92478397eac2e61b8a61ce3437b698678be
Change-Id: I1dca120448ee87930fe903fd81277b58efaefc92
Keystone v3 API is CURRENT and the v2 API is deprecated now.
So we need to change the default config of auth_version to fit
for current API status.
Depends-On: Id5e5ed9bf4f8b0f9eb376bfc7c5801f0956da1d9
Change-Id: I801e6740258ddea2a1b628a209970e0307d39d12
Nova has been supporting glance v2 since Newton and removed
support for glance v1 in Ocata:
97e7b97210139a7f7888f0d6901e499664de02a3
We should disable glance v1 by default because there are several
test paths in Tempest which don't get run when glance v1 is
available because it uses glance v1 rather than v2.
Depends-On: I54db379f6fbe859fd9f1b0cdd5b74102539ab265
Change-Id: I7f962a07317cdad917ee896d79e49ee18938d074
Change ac5fdb4c40 introduced
a problem for gnocchi CI because the deployments steps
are now:
1. create cell0
2. start nova-api (with multiple workers)
3. install ceilometer via extras
4. ceilometer calls nova-api to list servers; at this point
nova-api getes the list of cells and caches them, which
will just be cell0
5. create cell1 via simple_cell_setup which also discovers
the n-cpu node so we can schedule instances
6. gnocchi tests create and list instances and at this point it hits
an n-api worker that only has cell0 cached so it does not
find some test servers it created and fails.
The cell0 and cell1 cells should be created in the nova_api db
before starting n-api so that when we first list instances, we
store both cells in the cache that's in n-api. This deployment
order is also how the nova docs describe rolling out cells v2
but the way we were doing this devstack wasn't following that,
or accounting for when devstack plugins are loaded via extras.
This change creates the main cell1 cell earlier in the setup
before n-api is started, and then changes to just run
discover_hosts at the end after n-cpu is running (which is what
simple_cell_setup and map_cell_and_hosts would do implicitly).
Change-Id: I38eab6707340253a10159a169ae61d34784c2d28
Related-Bug: #1669473
This simplifies neutron library code and makes it less prone to breakage
in the future. So far there are no specific known issues with existing
code per se, it works, still.
Change-Id: I28f1997d226baae902dae5ca8ee6cd4fd89efe31
We propose several MySQL configuration parameter changes (with
explanations) to reduce the memory footprint of MySQL. A demonstration
of the improvement is provided in
https://etherpad.openstack.org/p/change-438668.
As Clint provided some of the descriptions that I've used, I have
listed him as a co-author (thanks Clint). Let this serve as a warning
to all that commetors may be enlisted :)
Change-Id: Icb2d6ea91d3d45a68ce99c817a746b10039479cc
Co-Authored-By: Clint 'SpamapS' Byrum <clint@fewbar.com>
Since https://review.openstack.org/#/c/438325 landed
it only works for Centos 7, but not for other
RHEL-based distributions: Virtuozzo and, probably, RHEV.
Both of above have own version for qemu-kvm package: qemu-kvm-vz and qemu-kvm-rhev,
accordingly. These packages provide "qemu-kvm", like qemu-kvm-ev,
and, when you call "yum install qemu-kvm", they replace the default OS package.
Change-Id: I46da627c0da8925064862fdc283db81591979285
This patch enabled the "allow_global_implied_dsr_disabled" feature
flag. This is a feature flag toggle for bug 1590578 which is fixed
in Newton and Ocata. This option can be removed after Mitaka is
end of life.
Change-Id: I70e3ce79ee6d9b00cc48bb178bd423d0196f6588
Related-Bug: #1590578
Because things like nova may need to create vhosts in the rpc backend,
we need to have started and created credentials before we configure
the service.
Change-Id: I01c9c5288e197fc50a8a4a032e3a32cd166eb180
openvz is not in the nova tree, and is referencing a crazy old image,
we're going to assume that if anyone is using this they can build a
devstack plugin.
drop doing anything by default because this actually requires that we
special case things like ironic in tree to *not* do anything by
default.
Change-Id: I9d33b98263c3d52a95b9983e90eb0b341fa1d363
Add python-openstackclient to the list of packages installed under
Python 3 by default, so that jobs running with Python 3 exercise the
client that way.
Change-Id: I9778a6810bb3e4850132cfc19e583d50fed23ef5
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
DHCP agent should not load core plugin config file; L3 agent has no
interest in metadata agent configuration file; etc. It's a mistake to
form a single global list of configuration files and pass it into all
processes. Every process should have its own list, that may or may not
have some files in common with other processes.
The only file that is common to all neutron processes is neutron.conf,
and we could in theory keep it into the common list. But I decided at
this point it's better to be explicit about what's loaded into services.
Also the order of arguments is important, and neutron.conf should always
be the first CLI argument, which is hard to achieve by keeping
neutron.conf file in the global list.
Plugins may be interested in loading additional files into neutron
processes. For example, dragonflow needs to load /etc/neutron/dragonflow.ini
into neutron-server. But we should not necessarily load all those files
into all processes, so such extendable lists should be per process.
Besides, neutron_server_config_add_new is already available to use to
append additional configuration files for neutron-server. That's why the
patch completely kills the NEUTRON_CONFIG_ARG variable.
Depends-On: I4bd54a41a45486a5601373f9a9cce74d7686d1aa
Change-Id: Ia3c3862399bba335db5edf9ea70f850fb2638d09
Calling enable_kernel_bridge_firewall inside a
container, devstack will crash because it tries to
load a kernel module by calling 'sudo modprobe' on
net.bridge.
Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4
Closes-Bug: #1662194
For the latest qemu-kvm, you have to use the qemu-kvm-ev package,
which is based off the qemu-kvm-rhev package, which is explained in
[1] but you probably can't read it. The gist is, that qemu-kvm-rhev
is a later build of kvm that is incompatible with the base version
provided. qemu-kvm-rhev is only provided with the RHV (ovirt) and
RHOS (openstack) products. CentOS rebuilds this package as
qemu-kvm-ev as part of it's virtualisation SIG.
I9a972e3fde2e4e552f6fc98350820c07873c3de3 has bumped up the minimum
qemu version to 2.1.0. It seems there is a an issue (bug #1668164)
where having the qemu-system package installed gets picked up if
installed, and reports the incorrect version to nova, causing failure.
This removes the installs from files/rpms/nova as it is all being done
in function-libvirt. We only install the qemu-kvm-ev package on
centos and remove the old work-around.
[1] https://access.redhat.com/solutions/629513
[2] https://wiki.centos.org/SpecialInterestGroup/Virtualization
Change-Id: Ide91b261f35fb19d8bd7155ca016fa3b76a45ea1
Use pip_install_gr so we get the version pinned by requirements. The
depends-on is an example of where we're trying to pin to workaround
issues.
Depends-On: I9c57c08a150571c5bb62235d502839394d53a4c1
Change-Id: I780cca681b12a3e9d228dbf2fd9fa6e8ab1a82e1
This patch creates symlinks between neutron-* files tracking runtime
dependencies for services, and q-* files. Since lib/neutron is the
new recommended way to deploy neutron with devstack, this patch made
neutron-* files real files, while q-* files are just symlinks.
Change-Id: I0f361f31160d0fee40ad3e8de873edd05173e54e
This allows post-config phase to use neutron_service_plugin_class_add
so that devstack plugins can use it in the same way for both of
neutron-legacy and its "modern" counterpart, lib/neutron.
Closes-Bug: #1667037
Change-Id: I9068fd608e82e70db8d725f92269a26920efebcb
Using the same name for two different subnet pools means that one needs
to reference them by their UUID. Choosing unique names will allow us to
use the name to reference the pool later on.
At the same time simplify the command used for pool creation by
instructing OSC to only output the value that we are interested in.
Change-Id: Idedcb6328925d44cdd0f415450ec4ebbc272401d
Devstack configures keystone for auth mechanism but don't tell
keystoneauth1 library that it should use keystone too.
In simple case, this is not an issue because some application
set 'password' by default (like the openstack cli).
But applications can have no default or another default.
Change-Id: Idd1e1d2e7546fce7531175440788a8c7cb27aec1
This patch adds haproxy package to devstack as Neutron will rely on it
for serving metadata instead of the current Python implementation.
haproxy will reduce the memory footprint from ~50MB to ~1.5MB for
serving metadata. It will be spawned for every Neutron router so,
for large deployments, it will be a significant memory reduction.
Change-Id: I36a5531cacc21c0d4bb7f20d4bec6da65d04c262
The old code assumed _neutron_service_plugin_class_add presence, as well
as used a configuration file path that is not standard (under
/etc/neutron/services/ instead of /etc/neutron/metering_agent.ini).
The patch untangles metering configuration in the new library from that
old and bad code, and reimplements it inline.
This should help the effort to switch gate from lib/neutron-legacy to
lib/neutron.
Change-Id: I0d235498af4b6a70bd5dae6ea178d5aa8ba41e80
Since for the new devstack library we still rely on some functions from
ovs_base, we need to initialize them with sane default values so that
setup works as intended and as lib/neutron-legacy behaves by default for
external connectivity setup.
Change-Id: I412ed4f988b8e03a3e3a08066375b55a6e6aa3e6
The creation of the cellsv1 rpc vhost was buried in the restart function,
which makes it hard to extend. This breaks it out into a helper method
and moves the conditional logic into the nova module itself.
Change-Id: Ib0e377aabe45c27bb6ce59ca275ce73085e8b9d2
Currently placement api section will be configured on controller
only if service n-cpu is running. It breaks multi node setup.
Closes-Bug: #1667219
Change-Id: I8b0f60f253859f704bb9831d7dac8f55df353ac7
- Remove extra spaces
- Fix a missing space in the generated option string
- Fix a fatal typo
Change-Id: Ieca1c3e3c7e2ff59089ef45435e126ce7ff4f9b5
Closes-Bug: #1667073
FakeLoggingVolumeDriver will be used for functional Cinder tests to
prevent dependencies on any storage.
FakeGateDriver is based on LVM and will be used to run Tempest tests for
such features like CG's, replication, etc.
Depends-On: I383bcdb531c7d52c0fdbb6875de73f1274a92854
Change-Id: I2dc8ea416f5eb3fcc9d2e959533497e464220ff5
Upgrade xen tool to install Ubuntu Xenial; change the upstart
task to systemd task to finish the OpenStack installation
by using devstack.
Change-Id: I8129923be3c41e7f60e9d32348a5ea8e07d4845b
This ensures we only set the nova catalog when it's not the default,
instead of also putting defaults in devstack.
Change-Id: Ibb0dcb8bae2e9223db302d7b19e8fbee4ebbf0e3
I think now is a good time to stop running Cinder V1 tests. It should
save quite some Infra resources and jobs should run faster too.
Also, remove some useless variables in lib/tempest.
Change-Id: I0edf1d88c136c3b910a5773690a603eeacb50266
Sometimes when doing worlddump would see a command line like this:
sudo ip netns exec (id: ip addr
This would cause an error to be seen in console.log:
2017-02-07 00:03:03.659570 | /bin/sh: 1: Syntax error: "(" unexpected
This is caused by there sometimes being extra data returned from the
'ip netns' command [1]. For example it might look like:
qrouter-0805fd7d-c493-4fa6-82ca-1c6c9b23cd9e (id: 1)
qdhcp-bb2cc6ae-2ae8-474f-adda-a94059b872b5 (id: 0)
[1] https://lwn.net/Articles/629715/
Change-Id: Icece442023125ef55696b8d92a975d37e358b1b4
Closes-Bug: 1653969
This reverts commit e0a37cf21e.
This didn't help fixing bug #1630664. Issue seems to be between
client<--->Apache2, not between Apache2<--->eventlet
Change-Id: I092c1bbf0c5848b50fc9e491d1e9211451208a89
This commit switches devstack to use the published qcow2 cirros image
instead of the AMI version. Using AMI was mostly a historical artifact
dating pretty far back, but in the real world no one really uses AMI
images with openstack clouds. This change reflects that and also
enables tempest ro remove its deprecated config options for using AMI
as a fallback on misconfiguration (which was just there to support
devstack's defaults)
Change-Id: Id65ebae73b28da7185cb349b714b659af51ef77f
Nova is going to increase the minimum required libvirt
in Pike to 1.2.9 in change:
I9a972e3fde2e4e552f6fc98350820c07873c3de3
Based on the libvirt distro support matrix wiki [1] that
drops support for Ubuntu Trusty and Debian 7.0/Wheezy.
Trusty has libvirt 1.2.2 and Wheezy has 0.9.12 (the Wheezy
support should have been removed long ago apparently). The
7.0 removed here is for Wheezy also based on commit
b2ef890db3.
This does not undo the check for "trusty" with the
EBTABLES_RACE_FIX in lib/nova_plugins/function-libvirt
since you can still force devstack to run on Trusty if
you specify the FORCE=yes variable.
Note that RHEL 7.1 has libvirt 1.2.8 so it won't technically
work with devstack and nova + pike + libvirt, but with the
way os_RELEASE is calculated the minor version is dropped
for RHEL distros so we just get "rhel7".
Also note that this doesn't attempt to continue supporting
Trusty or Wheezy if nova is not configured to use libvirt,
simply in order to start moving forward on devstack distro
support in general and to keep some sanity and closeness
to what we test with in the CI system.
While we're in here, we also drop Fedora 23 and add
Ubuntu Zesty.
[1] https://wiki.openstack.org/wiki/LibvirtDistroSupportMatrix
Depends-On: I9a972e3fde2e4e552f6fc98350820c07873c3de3
Depends-On: If69f99bd789e646b0261e27a8a061efde32436f7
Change-Id: I6617283afd798af37e64913b7865cea3c8a62aba
The proliferation of internal/admin endpoints is mostly legacy and
based on some specific deployment patterns. These are not used by
everyone, and for the devstack case aren't really that useful. We
should simplify our service catalog down to the minimum we need for
development.
Change-Id: Ided7a65c81b3a0b56f0184847fc82e17c29a771e
Adding sudo to the example commands in the quick start section.
Also adding '-' as su argument in order to use
the stack user's env (home).
Change-Id: I23ab38104d05c3f4c8d48b55e66cf19dc4e4f90d
This new version of CirrOS is built on top of 0.3 branch, so wrt
version 0.3.4 it includes only two commits:
- Cherry-pick of the fix for https://launchpad.net/bugs/1564948
- One extra fix to make the above working on 0.3
Cherry-picked commit is http://bazaar.launchpad.net/~cirros-dev/cirros/trunk/revision/366
A Tempest test for hard reboot in some cases hits the case where
host key are empty. This triggers bugs/1564948, i.e. the ssh
daemon does not start at all, and the Tempest test fails with
"connection refused", which is misleading.
The new version of CirrOS solves this problem as it ensure host
keys are generated if missing, and the sshd deamon started.
I tested the scenario of missing host keys in Iea74c63925be17a1df894c1a2c23f5ba2793e0c6
using a private build of what then became 0.3.5.
Change-Id: I5c154ec25555e768954538fc22b4f5d5975b2deb
Force mod_proxy to immediately close a connection to the backend
after being used, and thus, disable its persistent connection and
pool for that backend.
Let's see if that helps fixing bug #1630664 (the
Connection aborted/ BadStatusLine thing).
We already have an ER query (in queries/1630664.yaml) that should show
whether this is effective.
Change-Id: I03b09f7df5c6e134ec4091a2f8dfe8ef614d1951
Since the empty value is the default for the option, and when explcitly
set in config file, it triggers a deprecation warning for the option,
avoid setting it unless we actually need to override the new default
value.
Change-Id: If423114d7a52da29b97d1fb473a955d9d69a1a3e
Those are not called by devstack anymore. This cleanup also gets rid of
code that attempts to set external_network_bridge to an empty value,
which triggers a deprecation warning for the option since it's going to
be removed in a next Neutron release.
Change-Id: I5adcbab877b4e8742522de81b1a85acfc33160d7
For the instance which has boot by uefi, we should use
virsh undefine --nvram to undefine it. Check the libvirt
version for whether it supports nvram and use new undefine
parameters since this parameters is compatible with those
instance which don't use uefi.
Closes-bug: #1612613
Change-Id: Ibca1450e965df1481e6cd6b0d597b4323d667e60
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
We currently use a more permisive STRICT_ALL_TABLES mode, but that's
not what modern MySQL versions default to (i.e. TRADITIONAL):
https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html#sql-mode-changes
(non-Devstack deployments will most likely use TRADITIONAL as well)
Due to the fact that we default to TRADITIONAL in oslo.db, this
produces annoying warnings on MySQL 5.7 versions we use in the gate:
Warning: (3090, u"Changing sql mode 'NO_AUTO_CREATE_USER' is
deprecated. It will be removed in a future release.")
https://git.openstack.org/cgit/openstack/oslo.db/tree/oslo_db/options.py#n49
Unlike STRICT_ALL_TABLES, TRADITIONAL mode includes NO_AUTO_CREATE_USER,
and MySQL emits this warning on switching it on:
https://dev.mysql.com/worklog/task/?id=8326
So we have two options here:
1) make oslo.db default to STRICT_ALL_TABLES
2) make Devstack default to TRADITIONAL
The latter seems to be more appropriate as:
1) it's what modern MySQL versions default to
2) it's what people are actually using, if they do not override the
oslo.db default
3) it's more strict
Closes-Bug: #1652452
Change-Id: Ie6d823c9f8465ac9f2ce4825929d1a50438fab45
When cleanup devstack with linuxbridge, PUBLIC_BRIDGE should be
DOWN before trying to delete it.
Change-Id: I2d205cbe4d92a03ee5c376a23282d9880dd9a1df
Closes-Bug: #1662543
Tempest doesn't support the `api_version` config option for networking
anymore. I can't track which Tempest patch removed it, but it's been more
than 2 years.
Change-Id: I4012f470e8c317803203b6fa1e265600dbc49b3d
Commit e7361775c1 changed the code to
use Python 3 style print function, but when doing 'print()' in Python
2.7 it would print '()':
>>> print()
()
Import the __future__ print function so that a blank line will be
printed as expected. This will now work the same in Python 2 & 3.
Change-Id: I61742e107278f2327c18c9ab0de52d1914f16c97
When command failed and component failed to start, original exit code
was overwritten due to original command being executed in background.
This commit adds information about command's exit code to echoed message
about component's start up failure.
Change-Id: I8a3dd485b1b1f2d70d42c5610baac7c0c713f53a
Signed-off-by: Joanna Taryma <joanna.taryma@intel.com>
Now that Liberty is EOLed, the feature flag is not needed anymore.
Change-Id: Ib82cb21edbda383d17f8cf69fedc884f2357fead
Depends-On: I7073106988a79aad19c6b95bb050d2eaf00c36c0
The dedicated RPC worker is overkill in single or multinode
devstack deployments. Also metadata API workers was left
default, which meant they were as many as the CPU cores.
Related-bug: 1656386
Change-Id: Ibbf7787dfa48e13a51f961f3e0ee2b8f49964759
Right now we under pressure because of increasing memory consumption in
dsvm jobs. So it'll be good to see which process is eating the most ram
at a given time. It may not end up being useful, but it doesn't hurt to
at least display just in case.
Change-Id: I096bf4b425db51358240335e41f6238d1ec1bb40
While configuring the external network as the default
router gateway for IPV6 in lib/neutron_plugins/services/l3,
"router" keyword is missing in the command.
Corrected the command.
Change-Id: I055bea5137a841f709d4865ec9a43d6b53f8f4c9
Closes-Bug: 1660712
The map_cell0 command creates a cell mapping record in the
nova_api database, and the nova-manage db sync command
will migrate the db schema for the nova_cell0 database. This
patch takes advantage of that by moving the map_cell0 call
much earlier in the setup process so we get the nova_cell0
db schema migrated at the same time as the main nova db.
This also removes the || true condition around map_cell0
since it's idempotent now due to fix:
aa7b6ebbb254f00fcb548832941ca9dbd3996d9f
Change-Id: Ice4fbb1771270c618b2acbc933d4fbfb6805df81
Nothing uses this variable either in devstack or libraries,
so it's dead code (at least on master), and we can remove it.
Change-Id: I5975c476ae5b26402c209d6e5746e7a5a5a91507
Cells v1 apparently doesn't support the swap volume API which
was recently enabled for testing in change:
92575baa6b
Rather than revert that change, we should just handle the cells
v1 case and not enable that test in that environment.
Change-Id: I80f52e8299641098d90d3c374a80770fc45b8122
Closes-Bug: #1660511
tools/discover_hosts.sh is run by devstack-gate, and breaks all dsvm job
that doesn't use nova.
nova-manage is perhaps not installed if nova services are not enabled.
This change checks the presence of nova-.
Change-Id: Ic555d241f98d0fa027897c69a7115d1be88f6c96
This adds a simple script to run the
'nova-manage cell_v2 discover_hosts'
command which will be used by
devstack-gate to discover the compute
hosts after devstack is fully setup.
This allows us to manage the branches
where this can run from devstack rather
than require branch logic in devstack-gate.
Change-Id: Icc595d60de373471aa7ee8fb9f3a81fc12d80438
Depends-On: I4823737246a8e9cc4eaebf67ff6bdba8bf42ab29
If the NoVNC service is enabled, enable vnc_console in tempest.conf.
This will allow tempest tests that interact with VNC to be executed.
Change-Id: Idb38a3b11e2f61f23adf1ec23c04ddccd72e7539
Depends-On: I09aed8de28f1ba2637382e870134ced38808df29
The daemon mode of root helper for XenAPI has been implemented by
this change which has been merged to neutron:
https://review.openstack.org/#/c/390931/
It will help to import the performance. Let's enable this mode
by default in devstack.
Change-Id: I52246bef3e4434dfc49446535b122580bc475ac3
This provides a single setup_logging function which builds consistent
colorization if the config supports it, otherwise builds the identity
strings that we need to actually keep track of requests.
Change-Id: Iffe30326a5b974ad141aed6288f61e0d6fd18ca9
This makes setup_colorized_logging be a thing which takes a single
parameter and doesn't let projects do things differently. It also
changes the order of values from user / project to project / user to
represent the hierachy more clearly.
Change-Id: I8c0ba7da54be588e3e068734feb4f78ed7c5a14a
An initial install for devstack-tools, this will need to use all the
fun pip extra variables for installation, however the current
pip_install always prefers python2, and we only want to do python3
here.
Change-Id: I3dcdb35130f76fad81cb7b0d4001b7e96efbbd84
The test that is in tempest for this feature is
specific to LVM and will *not* work for other backends
regardless of them supporting the feature. It shouldn't
default to enabled for everyone, only for LVM.
If others want to opt-in they can, but its definitely
the minority that would.
Change-Id: I21347f2a5069059e6413208b254d5acd246faaea
In the incoming XenServer, it failed to install conntrack-tools
in Dom0 due to the bash script which is trying to find the correct
CentOS release version to be used in yum command. This patch is to
fix the problem
Change-Id: If7f169e118ccb7c29fc479c361417a916dc40b40
For some reason we were defaulting the name of the cell0 database
to nova_api_cell0 instead of nova_cell0. Devstack inherited that to
make things work, but we don't really want that. This patch makes us
use the proper name and create the cell0 mapping accordingly. As a
side effect, it also starts the process of unifying the cellsv1 and
cellsv2 paths by creating the cell0 mapping the same for both.
Change-Id: I4e7f6c5eaa068c98e5c4ef3feaee50d8e4f5d484
Findutils added in release 4.2.3 a new --delete action for deleting
matching files. This action performs better than -exec rm {} \;
because it doesn't have to spawn an external process. This change
uses a new action whenever is possible.
Change-Id: Iff16a86b18e924cfe78ac7c6107910940ce51e03
$ipv6_modes should always be passed when creating the
default IPv6 subnet, not just when fixed_range_v6 is
set. Without it the default was DHCPv6, which cirros
doesn't support out of the box. Was broken in
change-over from neutron to openstack cli.
Change-Id: Iadd39b1ce02fe0b3781bd3ae04adfd20d7e12d9f
Closes-bug: #1656098
Since cellsv2 setup is no longer optional, we can't even exclude
cellsv1 from this step. Since cellsv1 users can't use the simple
command, this does the individual steps as needed.
Depends-On: Icfbb17cce8ce8b03dc8b7b4ffb202db01e5218a6
Change-Id: I3c9101a34b2bb0804fc4deda62dbb8637e7b8f94
The only virt driver in nova that supports the swap volume API is
libvirt so enable testing that in Tempest only if using libvirt.
Depends on two changes:
1. The Tempest change that adds the new config option and test.
Depends-On: I2d4779de8d21aa84533f4f92d347e932db2de58e
2. A nova fix for correctly waiting for the block copy job in the guest
to complete.
Depends-On: I0c52917a5555a70c4973f37dea1aebf878dd73b4
Change-Id: Ibb6b309574d2c6a06fcecb0626ea21527fb7f412
Only a few Cinder backends support the 'manage snapshot' feature. So
we need a feature flag here. Luckily the LVM driver does support this
feature so default the feature flag to True in devstack(/Gate) but
introduce a variable to tweak the config.
Change-Id: Ifcb9f91059f08bdf2faf2a8d65229aba5742ee1c
Depends-On: I77be1cf85a946bf72e852f6378f0d7b43af8023a
In Nova, service token will be passed along with user token to communicate
with services when dealing with long running tasks like live migration.
This change addresses adding service user configuration for nova in
devstack.
Part of Nova blueprint use-service-tokens
Depends-On: I51eb0a8937fa39a2e5dafb1ad915e7113ea61f72
Co-Authored-By: Sarafraj Singh <sarafraj.singh@intel.com>
Change-Id: I2d7348c4a72af96c0ed2ef6c0ab75d16e9aec8fc
When installing a library from source and python 3 is enabled, first run
the installation process with python 2 enabled to ensure the library is
also installed under python 2 for any services not yet running under
3. The python 3 version is installed second so that command line tools
installed with libraries are installed under python 3 when python 3 is
enabled.
Change-Id: Ibb0f7a68d21081bf7652a0c1515080c0c54888ca
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
Add variables ENABLED_PYTHON3_PACKAGES and DISABLED_PYTHON3_PACKAGES to
work like ENABLED_SERVICES and DISABLED_SERVICES and to manage which
packages are installed using Python 3. Move the list of whitelisted
packages in pip_install to the default for ENABLED_PYTHON3_PACKAGES,
except swift which is not enabled by default for now.
Add enable_python3_package and disable_python3_package functions to make
editing the variables from local.conf easier.
Add python3_enabled_for and python3_disabled_for functions to check the
settings against packages being installed by pip.
Update pip_install to check if python3 is disabled for a service, then
see if it is explicitly enabled, and only then fall back to looking at
the classifiers in the packaging metadata.
Update pip_install messages to give more detail about why the choice
between python 2 and 3 is being made for a given package.
Change-Id: I69857d4e11f4767928614a3b637c894bcd03491f
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
Hypervisor XenServer will change to use os-xenapi in the future,
this will need DevStack changes, this patch is to remove install
Dom0 plugins part to our own DevStack plugins.
Change-Id: Ic327135b893a77672fd42af919f47f181e932773
The logic to set the default image for Ironic has been moved into the
Ironic tree. This patch is just removing it from DevStack.
Change-Id: Iaeb177f194adc83e40d86696e5553f9f72bbd1f9
Depends-On: Id828b41dc44113ce1cd094ce5fc245989699d4ff
The PCI-DSS feature has been introduced during the Newton
release and its settings are disabled by default. This
patch adds the possibility to enable some of them during
DevStack setup.
Change-Id: If6b5eb3e3cbc43eb241c94d18af80ad50be08772
Depends-On: Id97ca26f93b742cc3d8d49e98afc581f22360504
* iniuncomment followed by iniset for reseller_prefix just adds a
duplicate line in the config file that configparser does not like
so just remove the uncomment
* fall back to http:// url for glance->swift keystone authentication
* insecure flag to talk to swift
Depends-On: I51d56d16a5b175bd45dee09edc0b2748d72a5d06
Change-Id: I02ed01e20f8dce195c51273e8384130af53384ce
Currently if PHYSICAL_NETWORK and PUBLIC_PHYSICAL_NETWORK are
same then duplicate entry is created in ml2_conf.ini like below:
flat_networks = public,public,
With this patch, if PHYSICAL_NETWORK and PUBLIC_PHYSICAL_NETWORK
are same then add only PHYSICAL_NETWORK to flat_networks in
ml2_conf.ini
Change-Id: Iae4d1ee3882f6d96b4e4abd52ecc673a620563b5
Closes-Bug: #1654148
This commit switches how scripts we use to launch the installed version
in the path. Previously the scripts were manually executed in the source
repo, but this has issues if you're trying to run with py3 in a system
where python == py2. Setuptools already does the shebang magic for us
at install time, so we just need to use the installed version of the
script.
Change-Id: Iaa4d80ec607a2aa200400330e16cad3a4ca782ac
According to the feedback in the TC meeting [1], we renamed the Nova
virt driver from "docker" to "zun" [2] to avoid name collision
to nova-docker. This rename also help to clarify the difference
between these two drivers.
[1] http://eavesdrop.openstack.org/meetings/tc/2016/
tc.2016-11-29-20.01.log.html
[2] https://review.openstack.org/#/c/414651/
Change-Id: I747080953ae4d1d35ed334831100413b6e4466c4
The domain_name to be used needs to be $SERVICE_DOMAIN_NAME, as this is
changed in devstack from "Default" to "service".
Change-Id: I6351c1b2ca7ea4448e13eb87455bff4058df4fa7
Previous this was set the zake, but that was revert to missing
dependencies issue and because zake is a test fixture and not somthing
to deploy.
This change configures the Cinder dlm with this one is zookeeper.
And it installs tooz and the extra dependencies needed for the
zookeeper driver.
To do it, this commit have to introduce a new method for package
installation: 'pip_install_gr_extras package extra1,extra2'.
Change-Id: Idca310c08e345db59840eb31434c6cb1f849fa70
nova-network has been deprecated since Netwon and Nova change
I8388c29ad310cd8800084b4d5c026013158bfbed is switching the default
value of use_neutron to True, so we need devstack to explicitly
set use_neutron=False when running and configuring nova-network.
Part of blueprint use-neutron-by-default
Change-Id: I82721b5d10711401b9b0ebc2b0ed07cc8287bbf7
Really close to getting swift and keystone under uwsgi working, so
let's white list them. Won't affect any existing jobs, so we should
be good.
Change-Id: I51d56d16a5b175bd45dee09edc0b2748d72a5d06
Now that Liberty is EOLed, the feature flag is not needed anymore.
Change-Id: I5206535761773d4bcb02ebb8f25d1b0c1b59110c
Depends-On: If0b2168080a0b0ecdc6682ef69856a0879f4f6d3
CLI tests have been removed from Tempest in
I4f8638f1c048bbdb598dd181f4af272ef9923806
Dashboard tests have been removed from Tempest in
I2a69ebed2947a5ab5e5ca79557130bd093e168dd
Change-Id: I6df74a07e209b07fd3feae762c9cdab16e09414f
The snapshot_backup feature flag was introduced in
Ib695e60c2ed7edf30c8baef9e00f0307b1156551 to enable Tempest tests
introduced in I1964ce6e1298041f8238d76fa4b7029d2d23bbfb
But I1964ce6e1298041f8238d76fa4b7029d2d23bbfb was never merged so that
feature flag was never really useful.
Change-Id: I4e0bc786d2320907cb101fc788ad51444628537d
Use trueorfalse to normalize the values for USE_PYTHON3
Install 3.5 instead of 3.4 When USE_PYTHON3 is specified.
Also, since not many packages are classified correctly, fallback
to looking for just "Programming Language :: Python :: 3" and
log a message for the package to highlight the problem.
Also special case some services that are *almost* ready
Depends-On: Id48e1b328230fcdf97ed1cb4b97f4c3f9cf6eb8a
Depends-On: Ib7d9aa0e0b74a936002e0eea0b3af05102b06a62
Change-Id: I243ea4b76f0d5ef57a03b5b0798a05468ee6de9b
In order to test whether live migration is backward compatible
we need to live migrate VM back and forth between two versions
of nova. This configuration option will allow to reuse existing
tests just by adding if condition in a method that invokes live
migration and validates outcome:
* If set to False, it will use existing behaviour
* If set to True, it will live migrate VM, validate whether it
succeded, then live migrate the same VM once again and again
validate the result
Depends-On: Icaeca404ec3e4b8f3cd489789fdac6117740ec43
Change-Id: I8da2b3bd0c08d9a3111d3531c346d06bd52cae7b
The placement API configuration was binding a specific port *and* was supporting
to be called by the default HTTPd ports using a Location directive.
Given that the corresponding service catalog entry for the placement service type
doesn't mention the specific application port but is rather using the default
port 80, we can remove that specific port and just use the default config.
Note that we still need to use a VirtualHost directive for the specific placement
config because ErrorLog is only scoped for either server or virtualhost but can't
be set for a Location (or a Directory) context.
Change-Id: I9a26dcff4b879cf9e82e43a3d1aca2e4fe6aa3e6
This moves setting of RABBIT_HOST from stack.sh to lib/rpc_backend
so it may be used in grenade runs, which don't have the defaulted
value from stack.sh. The RABBIT_HOST is needed in order to call
get_transport_url in lib/rpc_backend.
Change-Id: I504f7fac7bb9a8c158e20046dbd1dd2d507db02b
Closes-Bug: #1649586
Depends-On: I3d4d7b309e50f4e2970cda55aada02d68c4fa705
Services that run inside Apache use tail -f on the corresponding log
file to display output in the screen session. However, they also use sed
to replace some control characters, and this means that the output is
buffered. This results in debugging experiences that range from
"impossible" (the log you want isn't shown) to "Kafkaesque nightmare"
(the log you want isn't shown, except that sometimes it is, and
sometimes it isn't even though you double-checked and you're completely
sure that you must have output a log, but when you check back later you
realise it actually is and you wonder if history is actually not mutable
after all and begin to question what is real and what is not).
This adds the --unbuffered option to ensure streaming output.
Change-Id: I665ff5f047156401d8152f478d834ac40ff31658
Now that the placement service is mandatory for running Nova in Ocata,
we want to enable it by default when running devstack by default.
In the past, we added a placement-client service with
I04a655fbc58913b3d607400a7f677be299499142
Devstack-gate will also be able to run a multinode devstack with the
help of Ibd760c642e3c1ffff2dd61be48e30530b0d24720
Change-Id: I273c3c8299ee329bed425f3e7cd4b583ed1187a4
Neutron doesn't use any arptables based firewall rules. This should
somewhat optimize kernel packet processing performance.
I think the setting came from:
http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
but does not apply to the way we use iptables.
Change-Id: I41796c76172f5243e4f9c4902363abb1f19d0d12
Closes-Bug: #1651765
If 'RECREATE_KEYSTONE_DB=False' database won't be recreated.
It would be useful for multinode Grenade tests for Keystone. This parameter
will help us to deploy multiple services on different machines talking to
the same DB.
Devstack recreates Keystone DB each time during Keystone service installation.
If our controller node is already deployed, Keystone DB already contains
important information about OpenStack services and their endpoints. When
the second Keystone node is being deployed, we don't want to delete
records about controllers' services endpoints.
Partially-Implements: bp rolling-upgrade-testing
Change-Id: Ia8d07b4295ca165be01e44466c95d5275f596e83
When doing multinode devstack we need a way to specify that we've
enabled for the placement service. We use a pseudo service of
placement-client for this.
Change-Id: I04a655fbc58913b3d607400a7f677be299499142
The current code assumes that there exists a public openstack network
and uses that assumption to set the public_network_id variable in
tempest lib. If NEUTRON_CREATE_INITIAL_NETWORKS is set to false this
step will fail as there is no public network to be found. This change
adds a check for NEUTRON_CREATE_INITIAL_NETWORKS before attempting to
set this variable.
Change-Id: I62e74d350d6533fa842d64c15b01b1a3d42c71c2
Closes-Bug: #1645900
Different versions of Ubuntu ship with different versions of Java.
Trusty had 7, Xenial has 8, and so on. This causes problems when we
hardcode a versioned package name into our dep lists as that version may
not exist everywhere. Thankfully Ubuntu provides a default-jre-headless
package that we can use instead that maps properly onto whatever java
version is correct.
Change-Id: I4e5da215c8f7aa426494686d5043995ce5d3c3af
* Set ml2_type_flat setting so that the public flat network is created
correctly
* Set securitygroup driver correctly
It should be set as:
[securitygroup]
firewall_driver = iptables
Change-Id: I7369b45fbc5a47ce958693c67a1902a8cb24f367
When creating a service user we allow the user to be created with a
different role. Currently in auth_token middleware we want to check that
the service token is specified with the service role so we should always
add the service role and optionally add additional roles.
Change-Id: Ie954a679674b4795079b539ebc8d4d2dcbd7dacc
When using local.conf in multinode envs not everything is going to be
defined in all places. Eventually we probably want to make it so we
have a host role for these sections or something. But for now warn
instead of die when we can't find a config var.
Change-Id: I6959099373f035fbfe9e540a44e4c52b8e7c95c0
Closes-Bug: #2000824
Since I21ae13a6c029e8ac89484faa212434911160fd51 nova-manage db sync
may try to make a request to api db in order to get cell mapping and
will fail, as the db is not created yet. While this is non fatal, we
could avoid the error anyway.
Change-Id: I19483e9420071d484f029779bcc8c6d623c210ce
Related-Bug: #1631033
the python-xml is a subpackage from the standard cpython package that
that contains elementtree and other bits that are needed almost
everywhere in OpenStack but isn't installed on a absolutely minimal
openSUSE Leap installation. This package doesn't exist on pip but
is a SUSE only invention, so just treat it similar to a bindep.
Change-Id: I82887c2e6895740d1b16d1269574519450ca783e
Starting with SLE12 SP2 and with openSUSE Leap the distro-shipped
openvswitch is the normal systemd openvswitch.service service file
and no longer the older openvswitch-switch Sysv5 init script. Add
a special case for that.
Change-Id: I5152f2585c3d4d18853988d6290039d6b1713b99
Now all configuration are present in Ironic tempest plugin
and those are going to be removed from tempest in
Id518a6d87d0949737cd1c50cb6a83149b85e5f85
Patch- I73c649625d106fc7f068e12e21eaacba8f43cbbb set
those in ironic devstack plugin.
We can remove all baremetal config setting from devstack.
Along with moved one this patch deletes other unused baremetal
config setting.
Change-Id: If826321ebc0c20ea372d206d49383f3826c9b547
Depends-On: Id518a6d87d0949737cd1c50cb6a83149b85e5f85
Depends-On: I73c649625d106fc7f068e12e21eaacba8f43cbbb
On Ubuntu nodes, devstack tries to predefine the initial mysql root
password by doing some debconf-set-selections, but these will not take
effect if the corresponding package has been installed earlier. So
just try to set it every time, like we do on other distros.
Change-Id: I2c167051fc5e53dd0ccf82a60ab085cd9cdea28d
create_cell requires n-api and at least one n-cpu up and running. If
we have a configuration where it is not guarunteed that there is an
n-cpu at the end of a devstack run we have to skip this step and make
the user run it manually later.
Change-Id: I2287ab29f3c1a7252271dcce81673ef365615296
Role "root" it is hardcode.
In general case role name comes from local.conf: string "DATABASE_USER="
Change-Id: Iedfca48e04d23c313851f48d68ac40ba29340805
The linuxbridge agent for Neutron expects that the public bridge will
already be created by the time it starts. On devstack, this only occurs
as part of the l3 agent configuration. If a compute node doesn't have an
l3 agent and is using a linuxbridge agent, then br-ex won't be created
and the process will not be able to start (causing stack.sh to fail).
This causes the gate-grenade-dsvm-neutron-linuxbridge-multinode-nv gate
to fail. To avoid the issue, skip the bridge mappings setup unless L3 is
configured. This is done in a backward compatible fashion: if localrc
uses the old q-l3 tags, the is_service_enabled neutron-l3 would not be
able to succeed.
Closes-Bug: #1643562
Change-Id: I292ff0dc080fb84b5f879ba2f00f03eff295b55b
libguestfs does not work on ubuntu because the kernel is not
world readable. This breaks file injection with libvirt.
See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725
for more details.
The workaround proposed by Ubuntu is to relax the kernel ACL
if needed, so we need to do that in case file injection is
enabled on an Ubuntu host running libvirt.
Partial-bug: #1646002
Change-Id: I405793b9e145308e51a08710d8e5df720aec6fde
We need a local.conf processing phase after every run phase which lets
us override config options after that point. We didn't explicitly
support this for test-config before, which broke some CI systems when
we moved tempest to use this later phase.
Closes-Bug: #1646391
Change-Id: I7d693afa19acf3e8231e84e45b7a868628ebdbc0
This single global variable is no longer useful as we have multiple
repositories and devstack plugins nowadays.
Also, add a utility function, neutron_server_config_add, for devstack
plugins to add an extra config file.
Related-Bug: #1599936
Change-Id: I90112823ef96ae2fba97d7b09b00bec8cb816d8d
So that it can be used by functions like _determine_config_server,
which is used like RESULT=$(_determine_config_server).
Change-Id: Ia4e641c5529b95ada30ae662221f370bc7fa88a7
To avoid using legacy functions accidentially.
Depends-On: Ida1f83b6b3ef9b76be13c063c7e35a8703214078
Change-Id: I3ff136fc8330c92007cdfe91b77d7f9865eabd8d
XenServer already support OVS native mode and I have a patch for
configuring it https://review.openstack.org/#/c/372952/ which
is fine. But we have another patch which revert the usage of
ml2_confi.ini and ml2_conf.ini.domU
https://review.openstack.org/#/c/396573/. Both patches work well
separately. But the two should have some dependent relationship.
Once one merged, the other should change accordingly. Sorry that
we missed the dependency.
This patch is to fix the ovs config based on reverted ml2_conf.ini
and ml2_conf.ini.domU to make sure we configure the correct IP for
ovs agent
Change-Id: Ib53e37e210cc849f161dd6630f81e5b2331a91d5
Similar to 30ab23cd9b, fix the
plugin name to avoid warnings like:
WARNING stevedore.named [-] Could not load neutron.plugins.ml2.plugin.Ml2Plugin
Change-Id: Ibb45f1305816b255ba2419ba662d9e29eff68f58
Neutron has changed to use ovs native interface by default, but when
the hypervisor is XenServer, we cannot use ovs native interface without
extra configurations in neutron-openvswitch-agent(q-agt) in compute
node.
This patch is to add the needed configurations automatically during
deployment, so user needn't to do it manually and restart q-agt.
Change-Id: Ibc69d3cdb4d75833f2ac16840c62bcacf460dd4f
We are seeing connection errors to the proxy occasionally. These errors
do not result in a logged http request or error to the backends,
resulting in a theory that the proxy itself may just not be able to
handle the number of connections. More than double the total number of
connections that will be accepted by the proxy in an attempt to fix
this.
Change-Id: Iefa6c43451dd1f95927528d2ce0003c84248847f
Related-bug: 1630664
There may be cases when the configuration of the OVS is different
from the default one. This enables one to make use of the neutron
configuration file to contain all of the OVS settings.
Change-Id: I728cf8cdc653667c076b07b39c13c1278281c01b
Closes-bug: #1645691
The order of the steps were a bit confusing for the first timers
in the devstack document. So, changed the order of installation
steps to make it clear.
Change-Id: Ifaa051887dab95719b9ca5d1b2fbe2f5f549d269
Closes-Bug: #1627939
The current coding fails to process local.conf like
the following. Note: This example is taken from a
real use case. [1]
[[post-config|$NEUTRON_CONF]]
[qos]
notification_drivers = midonet
[[post-config|$NEUTRON_CONF]]
[quotas]
# x10 of default quotas (at the time of writing)
quota_network=100
quota_subnet=100
quota_port=500
quota_router=100
quota_floatingip=500
quota_security_group=100
quota_security_group_rule=1000
[1] https://review.openstack.org/#/c/400627/
Closes-Bug: #1583214
Change-Id: Ie571b5fa5a33d9ed09f30ba7c7724b958ce17616
Horizon is removing run_tests in favour of tox during Ocata, as part of
https://blueprints.launchpad.net/horizon/+spec/enhance-tox. To complete
this move, we need to remove any reliance on run_tests.
Change-Id: Ia8ad073aee68d1660d3bb5a68ec07516d8ce0665
In the 'Private Network Addressing' section of the doc,
there are references to FIXED_RANGE when referring to V6
networks. These have been changed to FIXED_RANGE_V6.
Also fixed a few typos and grammatical errors when
giving the doc a quick read-through looking for more
references to FIXED_RANGE.
Change-Id: Iaa530c476ce2b36a3f616945ddd2e24fa599a16c
If devstack is deployed in the VM with defined
public IP address (like 192.168.10.6) it is not possible to
access the Horizon from the browser.
This is because DEBUG=True means that ALLOWED_HOSTS, if not set,
is equal to ['localhost', '127.0.0.1', '[::1]'] according
to Django's documentation.
Change-Id: I0ab2b57e459dbfa3b01b3e9388bbcefac076a142
Co-Authored-By: David Lyle <dklyle0@gmail.com>
Closes-Bug: #1643050
Using devstack on a RHEL based system results in
"Listen 0.0.0.0:80" being added to the
/etc/httpd/conf/httpd.conf.
This configures Apache to only listen to port 80 on an IPv4 interface.
This makes it not possible to access Horizon via IPv6 without
re-configuring and restarting httpd.
Removing this sed leaves the default "Listen 80" from the rpm package,
which binds to all interfaces and will allow connection to Horizon
via IPv6.
Change-Id: I9fe8cbebff0ca6a30ceeaae0f7e035c9bb828d44
No need to explain how to enable Neutron now that it's enabled by
default. Keep but reformat the 'how to enable swift' part though.
Change-Id: I3f9b7796fad10abf1039e4c68eb2cd5ef6cdbc99
Since 4b49e409f8 devstack
started to use reload instead of restart.
Using reload in devstack for a fresh install,
does not makes too much sense unless multiple service
plugin touches the same service configs.
Systemd rejects to reload something,
which was not loaded before.
$ sudo /bin/systemctl reload httpd
httpd.service is not active, cannot reload.
We will switch to `reload-or-restart` action instead of `reload`,
it is more likely the action what the previous patch wanted.
Change-Id: I70d597fbe4a8923d937ba8432e29edefb27d1058
The linuxbridge agent for Neutron expects that the public bridge will
already be created by the time it starts. On devstack, this only occurs
as part of the l3 agent configuration. If a compute node doesn't have an
l3 agent and is using a linuxbridge agent, then br-ex won't be created
and the process will not be able to start (causing stack.sh to fail).
This causes the gate-grenade-dsvm-neutron-linuxbridge-multinode-nv gate
to fail.
Closes-Bug: #1643562
Change-Id: I6f441c6febb5070ad885569d9c798634d0272b6c
Change dddb2c7b5f recently
changed devstack to enable the Cinder image cache by default
and changed to use thinly provisioned LVM volumes by default.
Since then we've had a spike in thin LVM snapshot test failures
in the gate, which is by far our top gate bug at 219 hits in the
last 10 days.
So unless there is a fix on the Cinder side, this changes the
default lvm_type back to 'default' for thick provisioning.
Change-Id: I1c53bbe40177fe104ed0a222124bbc45c553b817
Related-Bug: #1642111
With the key manager refactoring in nova and cinder, the key manager
class will need to be explicitly set.
Nova key manager refactoring: Ib563b0ea4b8b4bc1833bf52bf49a68546c384996
Cinder key manager refactoring: Ief8885bb4ca8d62b03cf1a52c25dd0e62c835bfe
Change-Id: I733279864ee1a4aaffc9c8eed81b5e12f8d8821b
Implements: blueprint use-castellan-key-manager
Without this parameter, when we set GIT_DEPTH,
it may happen that we clone only master and
then cannot checkout branch
Change-Id: I39376914f8bfc286a308c99db6bc92cddab195b5
The intent was to make any ipv6 safe addr range bigger than a /64 a /64
when setting the fixed range. Unfortunately the awk only emited the mask
and not the addr. Fix this by sprinkling the address back in.
Fixes-Bug: 1643055
Change-Id: I526d4c748fd404ecb3c77afcbb056aa95090c409
If devstack is deployed in the VM with defined
public IP address (like 192.168.10.6) it is not possible to
access the Horizon from the browser.
This is because DEBUG=True means that ALLOWED_HOSTS, if not set,
is equal to ['localhost', '127.0.0.1', '[::1]'] according
to Django's documentation.
Change-Id: I74ae99569dafa10eee7066713a05fb49183e3fca
Currently devstack assumes that the network used for ssh
validation is the private network. This patch adds a hook that
sets the network used for ssh validation based on whether or not
provider networking is being used. It also moves the function
'is_provider_network' into functions-common as it will now be
used by both tempest and neutron.
Change-Id: I265c9e26c9bfb18b7e201f27d8912b8bec235872
We should be using $VOLUME_GROUP_NAME instead since Icehouse.
$VOLUME_GROUP_NAME has been introduced in
I93b8ef32832269d730c76a6dc24ddb4f20c6d9df and $VOLUME_GROUP is nowadays
only use as a fallback to $VOLUME_GROUP_NAME.
As a code comment in lib/lvm says it we kept the $VOLUME_GROUP around as
"for compatibility with icehouse-generation Grenade". Icehouse is long
gone so now seems a good time to remove any usage of $VOLUME_GROUP.
Change-Id: Id3051b5a196c45266c39fde4f08401aaacf0f6bd
When using zypper remove, include the -y option to avoid stack.sh from
hanging waiting for user confirmation. Due to output buffering, the
script could hang before giving the user the prompt to enter Y to
continue, making it unclear why the script was hanging.
Change-Id: I5ea761e5ae0829439953c385f8e7d0546acba886
Closes-Bug: 1642736
Swift port base was changed in Ifd95b99004aead5ddc8ae1a8dd3ccd9c4f2abe91
but we forgot to update the rsyncd.conf. This patch update the rsyncd.conf
file.
Change-Id: Id457c047c672a810c4c0c7721b6beeb01b719879
When using the enable_plugin command and grenade jobs it can be
easy to enable the same plugin twice, as the grenade job has a
registration section and the configuration in project-config can also
enable it due to code-reuse in project-config.
If a plugin is enabled twice it will likely fail, though it won't be
obvious that it was due to the plugin being enabled multiple times.
This change makes it so if it sees the same plugin name is enabled
more than once it will die and an error message outputted.
Change-Id: I9f1d7e58b861b04473b6a57c9ad404203fb7277a
The switch to using subnetpools caused quite a bit of confusion
because it didn't respect the value of FIXED_RANGE. This caused
conflicts in the gate with it's default IPv4 value of 10.0.0.0/8.
This patch does a few things to address the issue:
* It introduces the IPV4_ADDRS_SAFE_TO_USE and IPV6_ADDRS_SAFE_TO_USE
values and adjusts all of the FIXED_RANGE and SUBNETPOOL_PREFIX values
to dervive from them by default.
* This addresses the concern that was raised about implying that
SUBNETPOOL_PREFIX and FIXED_RANGE are equivalent when setting
SUBNETPOOL_PREFIX=FIXED_RANGE by default. Now we have a new value
for the operator specify a chunk of addresses that are safe to
use for private networks without implementation implications.
* Backwards compatibility is maintained by alloing users to override
override all of these values.
* The default for IPV4_ADDRS_SAFE_TO_USE uses /22 instead of /24
* Because we want to be able to use subnetpools for auto allocated
topologies and we want to be able to have a large chunk of
instances on each network, we needed a little more breathing room
in the default v4 network size.
* SUBNET_POOL_SIZE_V4 default is changed from 24 to 26
* In conjuction with this change and the one above, the default
subnetpool will support up to 16 64-address allocations.
* This should be enough to cover any regular gate scenarios.
* If someone wants a bigger/smaller subnet, they can ask for that
in the API request, change this value themselves, or use a different
network entirely.
* FIXED_RANGE_V6 defaults to a max prefix of /64 from IPV6_ADDRS_SAFE_TO_USE
* This avoids the private subnet in the non-subnetpool case from being
larger than /64 to avoid issues identified in rfc 7421.
* Users can still explicitly set this value to whatever they want.
This 'max' behavior is only for the default.
* This allows IPV6_ADDRS_SAFE_TO_USE to default to a /56, which leaves
tons of room for v6 subnetpools.
Closes-Bug: #1629133
Change-Id: I7b32804d47bec743c0b13e434e6a7958728896ea
This removes the logic to add a route pointing to the IPv4
tenant private network range since the router is performing
SNAT. If reaching the IPs via the route worked at all, it was
by accident since this behavior is certainly not guaranteed
by Neutron.
Change-Id: If45e3fc15c050cfbac11b57c1eaf137dd7ed816f
XenAPI requires two instances of L2Agent: the standard one manages OVS
bridges in DomU and the service name is called as q-agt in Devstack;
the other new L2Agent manages OVS bridges in Dom0 and the service name
is called as q-domuA. In order to support the new agent q-domuA, it
requires some XenAPI-specific configurations. But unfortunately those
XenAPI-specific configurations were configured in the standard agent
file, meaning other changes made to the standard agent file would not
have the correct effect. So it has caused issues, for example, floating
IP addresses are not reachable.
This fix is to move the XenAPI-specific configurations from the stardard
agent configuration file to the XenAPI-specific agent configuration file
so that it won't impact the standard agent's behavior.
Change-Id: I45944e84a1f81d016aa00da6d782801ee8457ea4
Currently the x509 certificate setup is done after all the
openstack services have been deployed. This is OK because
none of the services require that the x509 certs exist
when they are being deployed. With the integration of TLS
into the nova novnc proxy (and later spice & serial proxy)
service, x509 certs will need to exist before Nova is
deployed.
The CA setup must thus be moved earlier in the devstack
deployment flow, prior to the setup of any services. One
part of the CA setup, however, fixes up the global cert
bundle locations and this can only be done after the
python requests module is install, thus must remain in
its current location.
Change-Id: Idcd264fb73bb88dc2f4280c53c013dfe4364afff
This removes all of the heat code from the devstack tree, in favor of the
devstack plugin in Heat's tree.
Depends-On: I4bed1e5cef5afa7b049b07640086a86a3f881e13
Depends-On: Ic392bcc24bc374ee8511a94f1d8f6ac23131c7e3
Change-Id: I5b60422bf1f5fa78aa8f3383f7a222e0356d9e42
The deprecated AMI image file opts will be removed soon.
See https://review.openstack.org/#/c/338377.
So we can't use the fallback mechanism anymore. This patch is to
specify the correct image parameters for XenServer.
Change-Id: Ic287a3ed1725c42ea29022158bc9720c9a96533f
Previously the usage of neutron debug ports was removed by
5e01c47e4d but there was still call to
teardown_neutron_debug. Recently a change to devstack-gate
1d6cc0771a3399300117f488e9d71e7ea46a4d82 caused that call to be
triggered and breaking the gate-devstack-dsvm-updown job.
This patch deletes the call and comments regarding setup_neutron_debug
and teardown_neutron_debug.
Change-Id: Ifdacb0cec1307db469bd66f551474539184cf2cd
Besides updating to OSC CLI, this patch also fixes an argument name typo
present before in 'nova keypair-add' (--pub_key should be --pub-key).
Specifying $OS_PROJECT_NAME in case user is associated to multiple
projects containing security groups with same name (e.g. 'default').
Change-Id: I776f6edfc4c6c798a39d3260827a18c695f05c87
Nova is going to land a database migration in Ocata
under change I72fb724dc13e1a5f4e97c58915b538ba761c582d
which enforces that at least the simple cells v2 setup
is performed, which creates the cell mappings, cell0 and
host mappings. Before we can land that change in Nova
we have to make cells v2 setup a default in the integrated
gate jobs.
Depends-On: Ie44e615384df464516aa30b9044b5e54b7d995bb
Change-Id: If1af9c478e8ea2420f2523a9bb8b70fafddc86b7
The neutron client is going to be deprecated during the
Ocata timeframe, so it is time to start switching to the
openstack client to invoke networking commands.
use of neutron client in neutron-legacy has been left as is.
The command for setting the router gateway is left as follow up.
Change-Id: I0a63e03d7d4a08ad6c27f2729fc298322baab397
When using neutron network under xenserver, we must enable linux bridge
in Dom0 as neutron will use linux bridge qbr in compute node for
security group. But by default XenServer use openvswitch and disabled
linux bridge. This patch is to remove this restriction.
Change-Id: I0e8124ff2323810fdc46c717a750ce7e8f4aa0c6
The initial start of the neutron OVS agent always prints
a warning:
WARNING stevedore.named [] Could not load
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
There's an alias for that in setup.cfg called
iptables_hybrid that would avoid it.
Change-Id: I3f5bf782f4f27dc123e462e494741a8a941641ec
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.
Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f166
Partially-Implements: bp keystonev3
When using XenServer, it will create two neutron-openvswitch-agent
q-agt and q-domua even it's single box environment, but it didn't
stop the q-domua, this patch is to stop q-domua in unstack.sh
Change-Id: I511ed534bfb7d5fe6136f6a0b33f1d749d30862c
Closes-Bug: #1631721
This commit removes some config values for tempest that no
longer exist in tempest/config.py therefore are no longer needed
in tempest.conf.
Change-Id: I5778973012e57e8d9df9bf864590f8ed7fe05561
Sets the port_security feature flag in tempest.conf
if the port_security extension is enabled, which it's not
by default in neutron but is set by default in devstack.
This adds global variable for setting the port_security
extension in ml2.conf and in tempest.conf so we only have
to set this in one place.
Depends-On: I1efd5c838aa0d73cc6e8864e3041eea25850198d
Change-Id: I6334b200e42edd785f74cfb41520627393039619
Related-Bug: #1624082
this is the first patch in a series to actually make fernet the default
token provider in keystone. the patches for grenade, release notes, and
actually switching the value in keystone all depend on this patch first.
reasons for switching over:
- fernet tokens are the recommended token provider
- the install guide for newton recommends deployers use fernet tokens [0]
- we previously attempted this switch but ran into timing issues [1],
the timing issues have been resolved [2]
[0] http://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html
[1] 153db26970
[2] https://review.openstack.org/#/q/topic:make-fernet-default
Change-Id: I3b819ae8d2924f3bece03902e05d1a8c5e5923f1
The devstack ldap configuration for keystone is still using some
old options that are no longer valid. The write support is
being removed this release. And in previous releases, the ldap
assignment driver support was removed and was not removed here.
Change-Id: I538626b681eaee6a7ac10dfbc29605b73fbe13bf
To avoid it being created multiple times for multinode setup.
Note: This reverts "Enable neutron to work in a multi node setup"
(commit 88f8558d87) partly and fixes
the issue differently.
The configuration in question uses the new lib/neutron. (not neutron-legacy)
In that case, calling create_neutron_initial_network from stack.sh directly
is a wrong way, as create_neutron_initial_network is sourced by
neutron-legacy. The new neutron code should not rely on the legacy one.
Closes-Bug: #1613069
Change-Id: I868afeb065d80d8ccd57630b90658e330ab94251
Q_ variables belong to neutron-legacy.
These are True by default in neutron.
Remove them in favor of post-config meta section.
Change-Id: If691a79b09003f85a07c9f33e0379a2b21e48141
Until the policy changes land for Nova, Glance, etc, this
value is not used. Additionally, by having it set, it actually
makes it hard/impossible for the required changes to land in
the other services. Disable/comment out the changes in the
Keystone specific lib file for now, and we will re-enable once
the Services can make use of them.
Change-Id: Ia1de9083c21107dac2f0abb56bda166bdb37a69d
The ceph cinder backend script was setting the wrong
config option in cinder.conf for the secret uuid. This
was being masked by a bug in nova which is failing on
this bug when trying to fix the nova bug...right. It
makes sense.
See:
http://docs.ceph.com/docs/master/rbd/rbd-openstack/#configuring-cinder
Change-Id: I4655cae3212d589177d2570403b563a83aad529a
Closes-Bug: #1635488
It's not used, and a recent change to trim down projects lists in
devstack-gate broke devstack in the gate that enabled heat.
Change-Id: I405423bdc9ba8dd9b30fce6fdceacccf662d5da3
Ubuntu wily support is EOL so lets make room for yakkety.
Change-Id: Ib13d43f6d89bdf7c684cd34655a077a13e237be3
Signed-off-by: Chuck Short <chuck.short@canonical.com>
This reverts commit 6930ba312f.
By reverting this patch we are no longer using the bandaid fix mentioned
in the code. The latest openstackclient release (3.3.0) fixes the bug.
Related-Bug: 1619274
Change-Id: I20e3c5a92b97bf46c8d2318cd37044f0f36e1745
We should not require any special role for heat
since very long time.
We should use the same roles as with the primary user.
Change-Id: Id9150f94c30505ed0da33b8fbc2a5a7bd4fcf5d0
When tls is enabled, we aren't bringing the logs to the forefront,
which makes it hard to debug when things go wrong. This does that.
Change-Id: I7c6c7e324e16da6b9bfa44f4bad17401ca4ed7e3
The prior art on other options in the same document seemed to be
calling out the default in a pre-formatted block after describing the
possible values.
I believe the default value for the option was first changed [1], then
the docs were fixed [2], then the information was unintentionally
dropped from the docs [3].
1. Related-Change: If0e0b818355e4cb1338f7fa72af5e81e24361574
2. Related-Change: Ib6603b4f6ea0b4079f9a4ea46e723ecbb2ea371d
3. Related-Change: Iddd27cb54f1d9f062b9c47ff9ad6a2bef3650d6b
Change-Id: I662403db3b08a351a680587440ad1f15a6f8ee5d
doing a clean.sh / stack.sh cycle with USE_SSL=True was failing
because we were no longer cleaning up the keystone site fully, so some
of the early mod_ssl queries hit an invalid apache configuration.
Change-Id: Ic6f3f601e532ec50c0234d928c25b378d9e95e32
This fix replaces Q_USE_PROVIDERNET_FOR_PUBLIC with
Q_USE_PROVIDER_NETWORKING in the error messages introduced by
[1].
The error is thrown when provider networking with IPv6 has been
requested via local.conf, but no provider IPv6 range or provider
IPv6 gateway is provided. But if a provider network should be used
over the private network is determined along the variable
Q_USE_PROVIDER_NETWORKING and not Q_USE_PROVIDERNET_FOR_PUBLIC.
The variable Q_USE_PROVIDERNET_FOR_PUBLIC determines if a provider
network should be used as public network. This happens a few lines
later in the code and is not related to those error messages.
[1] https://review.openstack.org/#/c/326638/1/lib/neutron_plugins/
services/l3
Change-Id: I50aa1e9d2027eef598c95404851e51c31a397fbb
This creates log files per proxy vhost and sets the log level to info to
help debug potential issues with tls proxying.
Change-Id: I02a62224662b021b35c293909ba045b4b74e1df8
If DLM is enabled, cinder should be configured to use the correct
backend url for the dlm.
At the moment only zookeeper is supported, as it is the only backend
currently supported in devstack.
Change-Id: I7afc8dc95bc5b3f11b888e10607615c1212c45f4
As long as nova already supports an Identity v3 auth flow when talking
to ironic (Id837d26bb21c158de0504627e488c0692aef1e24), make it use
v3 by default.
This way we don't fail in a keystone v3-only situation, for
example.
Change-Id: I028dfb52108d0630f47a53f8b420b70d4979eb55
Some of the clouds used for CI use the 10.2xx.0.0/16 range
for VMs, and collide with the wider 10.0.0.0/8.
This setting allows for creation of 256 subnets out of the pool.
Change-Id: I48c86f94098f1501f0e7f90a265dda7e81440eb0
Closes-Bug: 1629133
Added an option to make subnetpools to be optional
as it ignores the public network specified in
FIXED_RANGE.
DocImpact
Change-Id: Ic89ceca76afda67da5545111972c3348011f294f
Closes-Bug: #1628267
With the plan [1] to stop enabling it by Neutron iptables firewall
driver itself, deployment tools should catch up and enable the firewall
themselves.
This is needed for distributions that decided to disable the kernel
firewall by default (upstream kernel has it enabled). This is also
needed for distributions that ship newer kernels but don't load the
br_netfilter module before starting nova-network or Neutron iptables
firewall driver. In the latter case, firewall may not work, depending on
the order of operations executed by the driver.
To isolate devstack setups from the difference in distribution
kernel configuration and version, the following steps are done:
- we load bridge kernel module, and br_netfilter if present, to get
access to sysctl knobs controlling the firewall;
- once knobs are available, we unconditionally set them to 1, to make
sure the firewall is in effect.
More details at:
http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
[1] I9137ea017624ac92a05f73863b77f9ee4681bbe7
Change-Id: Id6bfd9595f0772a63d1096ef83ebbb6cd630fafd
Related-Bug: #1622914
Nova ships with an empty policy.json file which it does not need.
oslo.policy previously required the empty file to be there but as of
version 1.14.0 it is possible to run with no policy file at all. Since
there are no policies defined in the sample file let's no install it.
Change-Id: I85a251376dfe38caa4b100861bf764014a98bc37
Depends-On: I09fa842ffbe75bed269cef6edc9c82d18bfe9297
When dots are used with sysctl, they are reinterpreted as slashes.
Route devices can have dots in their names, so when they are used in a
sysctl command that also uses dots, its dot will be replaced with a
slash, causing an error.
Change-Id: Ie32126a3aa8d646568d7d37ec4874419b9658935
Closes-Bug: #1627770
The motivation is to make it more friendly with lib/neutron.
ie. independent from lib/neutron-legacy
Change-Id: I19821b009cbf1bc715a6c7b2854e4c77d2041ec4
urllib3 1.18 was released today and contains new more correct hostname
matching that takes into account the ipAddress portion of a certificate
and disallows matching an IP Address against a DNS hostname.
Change-Id: I37d247b68911dc85f55adec6a7952ed321c1b1d8
The /identity_admin endpoint is the port 80/443 equivalent of the
service that typically runs on port 35357. In v2 some operations must be
performed on the admin endpoint whereas on v3 the services on 5000 and
35357 are exactly the same. This would be why the service was mounted at
/identity_v2_admin however that is misleading because both the v2 and v3
services are present on that endpoint.
This is particularly confusing because we set this as the OS_AUTH_URL
endpoint and it makes it seem like we are doing v2 authentication when
we are not.
Change-Id: If73735026079fb19ca5bd44b3a4dc1f507b5c99d
With [1] glance_store introduced default settings for user_domain_id and
project_domain_id. Sadly since these are always passed to the keystone
client, they override any settings to user_domain_name and
project_domain_name that are made in the config, leading to authentication
failures.
So as a workaround until [2] is fixed, we explicitly place the corresponding
domain_ids into the config.
[1] https://review.openstack.org/297665
[2] https://bugs.launchpad.net/tempest/+bug/1620999
Change-Id: Ica81a1a176614392291f2db4cc6398ed30663aed
To support multinode testing where we just copy the CA to all the
instances don't remake the CA if it already exists.
The end result is that you can trusty a single chain and all your
clients will be happy regardless of which host they are talking to.
Change-Id: I90892e6828a59fa37af717361a2f1eed15a87ae4
TIL:
Similarly, all the END rules are merged, and executed when all the
input is exhausted (or when an exit statement is executed).
i.e. matching YUM_FAILED calls "exit", which falls through to the END
rules which calls "exit result" ... which is zero. i.e. if the return
code is 1 then we actually hide that and return with zero.
This is rather annoying because errors that should halt to alert us of
a package install failure pass through, only for you to have to debug
much later on seemingly unrelated problems.
This always sets "result" and thus should be returning the right
thing. I've updated the documentation to hopefully make it clearer
what's going on.
Change-Id: Ia15b7dc55efb8d3e3e945241b67a468b8a914672
In Debian jessie and later release,there is no packages
called "qemu-kvm" for AArch64. Also modify the libguestfs0
packages for AArch64
Closes-bug: #1612182
Change-Id: I5eb6bd137896eb9abfc4f8dbb41b41105e4820cd
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
Instead of only using the userrc_early when keystone
is an enabled service we will do it on all runs of
stack.sh. This way services can be split up more
across devstack nodes, and you can do configuration
requiring credentials on nodes that don't install
keystone.
Change-Id: I74574ae9f45a74bcbcc8e3149228ecb795ab4fb7
Stud is now abandonware (see https://github.com/bumptech/stud) and is
not packaged in xenial. Lets use Apache for SSL termination since its
there already.
Change-Id: Ifcba410f5969521e8b3d30f02795541c1661f83a
The flag ENABLE_DEBUG_LOG_LEVEL indicates if this should be
set or not.
This will now be supported in Neutron.
Change-Id: I3afe0546b379873247fee1ef9f4cc2708a7b5713
Some systems may have more than one default route.
Set up iptables NAT rules on all v4 default route devices.
Accept RAs on all v6 default route devices.
Closes-Bug: #1624773
Change-Id: If58509297497ea33c6c156f083a4394000bd0561
The use_usb_tablet option is replaced by the pointer_model
option.
Depends-On: Id18b5503799922e4096bde296a9e7bb4f2a994aa
Change-Id: Ic2a49f88df988c6404c1c72e9ee28a487e4f7908
There is a bit of a weird history here, but the net is we're not
installing python-guestfs when ENABLE_FILE_INJECTION is set, which
it is in the gate-tempest-dsvm-neutron-full-ssh job, which makes
file injection (personality) tests fail.
The history:
Commit 0ae942b41c moved installing
python-guestfs to the hypervisor-libvirt file and it was conditional
on a flag to enable file injection and the backing distro.
Commit a3c94468ba removed the ability
to configure nova for file injection, which never made any Tempest
tests fail because we didn't have a job that tested file injection
with ssh, which is what gate-tempest-dsvm-neutron-full-ssh does.
Commit 6d3670a652 added the ability
back to enable file injection and the gate-tempest-dsvm-neutron-full-ssh
job uses it, but missed added the condition back in from 0ae942b41
which installed the python-guestfs package. This change adds that
back in.
Change-Id: I1c1ef093b70007100646c086dc5724cd64751d00
Closes-Bug: #1622649
A couple of hundred of these were added with
Ia02f4e1819ac47b12b4ce4381e04253eb26e9f70 and you can see in some of
the proposals at I21fd2b3866efe66dd1f7173003c2521688aa7fd6 they're
starting to match. Just ignore packaging repos as they're not really
relevant for the purposes of plugin list.
Change-Id: Iaf9e0c0fb672a70c3aee1bbcf587bb0d387e5945
Configure the linux bridge physical interface to use the interface for
the default route on the current host. In the future we should consider
using a dangling interface so that we aren't affecting the host
instances networking but this roughly matches what testing has been
using in the past.
Change-Id: I7859437f97e6cab929e90208fe56f7efd62dfe01
Ubuntu's LVM packaging does not support thin provisioning by
default:
/usr/sbin/thin_check: execvp failed: No such file or directory
This is fixed with install of thin-provisioning-tools.
Change-Id: I31f572934ea94cae6e2aea27a2c731ee5bca68d3
Closes-Bug: #1615134
The default get_pip url regulary times out when starting devstack
from behind company firewalls. Making this a configureable variable,
user can make use of internal git-pip.py mirrors without modifying
any code.
Change-Id: I66a5534d51ab23a4d8586c27d37b4b6b8a6892c9
This patch setup cellsv2 for Nova after plugin initialization phase.
Since this requires compute hosts to be started, we need to do it
after we have initialized all other plugins. Things like ironic
aren't setup when we were running this as part of nova setup, and
thus this command can fail.
When cellsv1 is used (n-cell is enabled) skip calling
cells_v2 simple_cell_setup, which will never have hosts
at the top level and which will always fail.
Change-Id: Ic7d0115da51d6ea17ee49071af259a7789c62ab9
Depends-On: I9bbaa4c92503222c9fd015fe075926b50f3dcc8c
In some initialization conditions (having never ran stack.sh) the
result of unstack.sh is dependent on if the user had previously
installed lvm2 or disabled the cinder service.
This change makes all results the same with a bit of LBYL.
There's also a drive-by to put a comment back where it belongs after
being accidentally moved in the related change.
Related-Change: I09b1a7bee0785e5e1bb7dc96158a654bd3f15c83
Change-Id: I9a7e052677d60cbbbdd582877f3c6c48c387f668
Closes-Bug: #1619195
Catalog caching was disabled due to bug 1537617, but this has been
fixed for some time. Re-enabling to get some performance back.
Change-Id: Ic0edf5c70a5040edf3393dbd1e110ab5fb56c110
Related-Bug: 1537617
Keystone had a problem where there was a memcached socket
opened very early on startup which then got shared between
worker processes when running under uwsgi. This can be
prevented by setting lazy-apps so this is the recommended
setting.
See http://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
"""uWSGI tries to (ab)use the Copy On Write semantics of the
fork() call whenever possible. By default it will fork after
having loaded your applications to share as much of their
memory as possible. If this behavior is undesirable for some
reason, use the lazy-apps option. This will instruct uWSGI to
load the applications after each worker’s fork(). Beware as
there is an older options named lazy that is way more invasive
and highly discouraged (it is still here only for backward
compatibility) """
Change-Id: I6f271dc906528f0c86060452deaf15df81b267d2
Related-Bug: 1600394
This moves setting of RABBIT_USERID from stack.sh to lib/rpc_backend
so it may be used in grenade runs, which don't have the defaulted
value from stack.sh. The RABBIT_USERID is needed in order to call
get_transport_url in lib/rpc_backend.
Change-Id: I6f211e9102f79418f9f94a15784f91c4150ab8a7
As part of Nova cellsv2 there is now a third database that must be setup
for use by Nova. This database is an exact copy of the 'nova' database.
Only do this if NOVA_CONFIGURE_CELLSV2 is overridden.
Change-Id: I8775b8066ba85fbdbcdfb42c28cb567fc7759fe5
If we left the ansi color codes in apache logs, we can run a sed
script to convert the escaped escapes back to ansi escapes which make
the logs colorized again.
There are 8 \ because we need to end up with 2 in the final sed, and
we get interopolated twice. How much fun is escape interpolation? All
the fun.
Change-Id: Id8531cf03ba80f0df62f20add02e757bd63d4f2d
We should use the standard install nova-placement-api script which is
managed by the python package instead of a one off copy procedure.
Depends-On: I00d032554de273d7493cfb467f81687c08fd5389
Change-Id: I74b39d6a0cedea7c18ce8080dcddb43d13df1de8
After I00847bb6733febf105855ae6fc577a7c904ec4b4, we cannot see the
test result (testr_result.html) on gate jobs.
So let's revert the patch for verifying the test result on the gate.
Change-Id: I9db1ff9f43b22d1634a43c7d5e502cc205aa26f2
Closes-Bug: #1617476
Fix the comment to actually be a comment. Regenerate page.
Although we've got a pretty cool system for generating this, I wonder
if anyone actually looks at it? Maybe it's just helpful as a form of
SEO.
Change-Id: I15aaa983716f9ee897293c2954ca7ae561951372
All jobs using ceph as a storage backend have been moved over
to using the devstack-plugin-ceph repo in project-config so we
should be safe to remove the now unused lib/ceph file.
The files are left in place because the devstack plugin does not
install xfsprogs but it's used by the create_disk function.
And the ceph cinder backend file is left in place since the
devstack-plugin-ceph repo uses that by setting
CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-ceph}.
Change-Id: I3fb09fc92bc6ab614e86d701ea46d5741a76b7a8
When the loop device is not present because something
has gone wrong, this will print an error:
"losetup: option requires an argument -- 'd'"
Just skip the losetup -d in this case.
Change-Id: Iedc439b1ae924e9a599f6522eb081b83d43190c7
Uses lib/placement, but relies on some functionality from
lib/nova. This leads to some weirdness since the nova has
special status in stack.sh. If/when placement is extracted
it may be good to follow the devstack plugin structure
instead.
Because the placement code is currently a part of nova, there
are dependencies in lib/placement on a some $NOVA_* variable
and, if virtenv is being used, the virtualenv used by nova.
Because placement currently runs using nova's configuration
settings, not a lot actually happens in lib/placement: apache
is configured and keystone accounts and endpoints are created.
If PLACEMENT_DB_ENABLED is true then a separate placement db
will be configured.
When complete the initial version of the placement service will
provide support for managing resource providers, inventories and
allocations.
The placement api only runs under mod-wsgi.
Change-Id: I53dd3e6b41de17387a0e179fc9ac64c143b6a9eb
Neutron openvswitch agent running in compute node will control the
actual connection of the VMs in Dom0 via conntrack-tools, but Dom0
doesn't install conntrack-tools RPM by default.
This patch is to add such support with XenServer 7.0 and above.
Change-Id: Iec56db761015d4b7baa5a5f54314f4ff3fa67e02
Ensure the virtlogd service is started, to work-around various
platform issues where it isn't started correctly.
Closes-Bug: #1603009
Change-Id: I548b377df6b2f0c287429e4387ee33184a82a64d
With the addition of encrypted credential in keystone, we need to be able to
add setup steps in devstack to configure the credential repository with
encryption keys.
Depends-On: I97e7701bc5b8765d207cc721793643bcefa2d4e2
Depends-On: Id3e8922adc154cfec5f7a36613e22eb0b49eeffe
Change-Id: I433da9a257daa21ec3b5996b2bca571211f1fbba
p-c patches have merged, neutron-lbaas removal is in the merge queue.
This reverts commit b3f26cb66c.
Depends-On: I506949e75bc62681412358ba689cb07b16311b68
Change-Id: I98d62c13ef90b20a9c67ef4f1720efcaa366fb31
Because neutron sets ipv6 forwarding settings, we stop accepting RAs
from IPv6-only host environments. This leads to a loss of external
connectivity, which is bad for zuul running tests and stuff.
Setting accept_ra to 2 will cause the RAs to be accepted.
Change-Id: Ia044fff2a1731ab6c04f82aea47096b425e0c0a0
On the controller node where devstack is being run should create
the neutron network. The compute node should not.
The the case that we want to run a multi-node neutron setup we need
to configure the following (in the case that a plugin does not
have any agents running on the compute node):
ENABLED_SERVICES=n-cpu,neutron
In addition to this the code did not enable decomposed plugins to
configure their nova configurations if necessary.
This patch ensure that the multi-node support works.
Change-Id: I8e80edd453a1106ca666d6c531b2433be631bce4
Closes-bug: #1613069
Removing the explicit enablment of Neutron services, as with [1] they are configured as defaults in stackrc.
[1] https://review.openstack.org/#/c/350750/
Change-Id: Ic8910cd28fe37842f7d824e68bd2ea705e7e52de
By default, FIXED_RANGE and NETWORK_GATEWAY (and the
IPv6 equivalents) are in the same subnet. But if
FIXED_RANGE is over-ridden in local.conf we could
create a subnet with an invalid gateway address.
Since neutron will pick the lowest host IP as the
gateway by default, do not specify them unless the
user has specifically set them.
Do this for both the private and public subnets, as
well as the public IPv4 subnet.
Change-Id: Ifc71400a3af1f131bb8a9722188e13de5bd3c806
We really should be using the metadata server more in our normal
testing, this changes the default to use it.
Change-Id: I8ef14e6110da1160163c0106e32032d27226f929
memcache_pool is there to keep a limited number of thread-associated
connections open rather than a connection for every thread. If you
don't have a huge number of threads it doesn't offer anything.
Keystone is an example of a service where memcache_pool doesn't
improve things -- eventlet isn't supported anymore and more threads
is not useful due to GIL.
As such, keystone cache backend is changed to dogpile.cache.memcached.
See https://review.openstack.org/357407 for the oslo.cache help text
change.
Change-Id: I4452a8c4968073cdea4c0f384453a5a28519fa08
CEPH_CONF does not exist anymore, resulting both cinder-volume and
cinder-backup being configured with an empty rbd_ceph_conf option.
Using CEPH_CONF_FILE to fix this.
Change-Id: I1aa590aba900a4a94698917e45a0ea5c6f497f18
Signed-off-by: Sébastien Han <seb@redhat.com>
The plugin creates subnetpools but does not use them when creating the
default subnets. It uses CIDR values that overlap with the
default pools. Change this to use the subnetpools.
Change-Id: I6171c13507e420f146801d323cb1011be36c1e8c
Closes-bug: 1613717
'quota_injected_file_path_bytes' has been renamed to
'quota_injected_file_path_length' long time ago, this patch fixes this
issue in devstack.
Change-Id: I5d3c52c5ded5321435d2d395b682c4c0725279a7
Since support for sections was added to devstack local.conf parsing
we don't need this, and actually prefer just using the
sections in local.conf.
Change-Id: I5908fdf7ad127997bb1f4a6bbb16d0d8cf073ddd
Change the order of variable declarations in stackrc so that setting
custom DEST in local.conf is also affecting DATA_DIR, SERVICE_DIR and
SUBUNIT_OUTPUT.
Change-Id: I00847bb6733febf105855ae6fc577a7c904ec4b4
Closes-Bug: #1285720
There is no longer a trace of these options anywhere in the
Neutron codebase. These can be safely removed.
Change-Id: Ibf00e158248e2a20248917c8cfc0011d30da6a82
There is currently a hole in our testing that lets os-client-config,
which sits at the bottom of the dependency chain for some key pieces
like neutronclient and python-openstackclient, introduce gate breakages.
Step one in fixing this is allowing os-client-config to be optionally
installed from source so that jobs can be put into its gate to exercise
its master vs devstack installs.
Additionally, osc-lib is a new and lovely library that's going to need
the same things.
We're putting both in install_oslo, even though they're not oslo
libraries, because that'll make grenade work properly.
Co-Authored-By: Monty Taylor <mordred@inaugust.com>
Change-Id: I747480b6063a62e82ca2b030f274d3e87bf28b3b
Run "nova-manage cell_v2 simple_cell_setup --transport_url ..." after
Nova is started. This will add all compute hosts into a new cell, and
setup a db for cell0.
Change-Id: I50a955b97d0e18426406c15397bdfbc9e807d908
Depends-On: I559f9c87e89926414b368cac9442dec4eadcb89b
This explains the current state of networking in devstack, and a
couple of scenarios that people might want to try out for local
testing.
Change-Id: I2be35f4345bf9306c981ef6f0186b48da7d06772
It turns out we never really had a document on how to work with
devstack in the devstack docs. At one point this was just cultural
knowledge passed down, but with the size of our community, we can't
rely on that any more.
Change-Id: I28f896ea507ccbba5164ebfc5415d22207f52e98
This config option is requied in order for nova notificaions to
function, and enabling it doesn't cause any harm (there is another
option for turning notifications on).
Change-Id: I309af6cc43af485f795c368d304ebe71fceb1a03
This value defaults to something not (necessarily) in our fixed range,
which will cause spurious test behavior. We know the value for this, so
just configure it properly.
Change-Id: I0ee3b71f509377dc7174ce97575e60ee2095f893
Before the code in the extra.d plugins was removed from the devstack
tree they could define the order they ran. When this code is decomposed
into a plugin, there is still a need to do some form of ordering. This
caused problems with the Ironic devstack plugin and Tempest because the
code is run in this order:
1. The tempest configuration is run from extra.d, processing
DEFAULT_INSTANCE_TYPE, and writing the flavor_ref to tempest.conf
2. The Ironic devstack plugin is run, creating the flavor needed for
DEFAULT_INSTANCE_TYPE
This leads to build failures as tempest can not find the required
flavor, so it writes which ever flavor it can find at the time into
flavor_ref. Ironic now has code it its devstack plugin duplicated from
the tempest plugin to work around this problem until this is merged.
This patch fixes this by using the test-config phase to move the tempest
plugin as late as possible in the devstack process.
Change-Id: I3d98692e69d94756e0034c83a247e05d85177f02
This enables a new test in Tempest to run on a per-branch
basis since by default it's disabled because it won't pass
on liberty given the bug fix isn't in liberty and won't be
backported there.
Depends-On: I20b8d5d2a300c83a59bdb33374fc20447ce2ede3
Change-Id: I18fd5e0978795fec39a763e1e0f07d758905b9b8
Related-Bug: #1175464
We don't run q-metering in default single host configuration, so we
should make it so that tempest won't attempt to test for it either.
Change-Id: I928be70e3b10fc3753fd1081631e54fa839b671d
===Set bridge_mappings for linux bridge===
The external network physnet needs a bridge_mapping to the public
bridge when the L2 agent is responsible for wiring.
===Add PUBLIC_PHYSICAL_NETWORK to flat_networks===
This network must be present in the ML2 flat_networks config if
flat_networks is specified.
===Set ext_gw_interface to PUBLIC_BRIDGE in provider net case===
ext_gw_interface must be a bridge in a bridge_mapping when
Q_USE_PROVIDERNET_FOR_PUBLIC is used.
Closes-Bug: #1605423
Change-Id: I95d63f8dfd21499c599d425678bf5327b599efcc
The devstack docs have gotten a bit meandering so even the quick start
guide doesn't get you to a working setup without referencing other
pages. This attempts to pull this back in a bit.
Change-Id: I608331cbdae9cbe4f3e8bd3814415af0390a54d0
A change was made to tempest.conf for volume multibackend. Previously,
tempest used the following, with a limit of 2 backends:
backend1_name = BACKEND1
backend2_name = BACKEND2
That was changed to accomodate >2 backends. tempest.conf now uses a comma
separated list:
backend_names=BACKEND1,BACKEND2,BACKEND3
devstack/lib/cinder uses a comma separated list with "type:backend_name":
enabled_backends = lvm:BACKEND1,ceph:BACKEND2
This is in order to use scripts in devstack/lib/cinder_backends to setup
devstack basked on "type".
This patch allows parsing of the CINDER_ENABLED_BACKENDS to pass the proper
backend_name to tempest.
Change-Id: I76973c3fad4998a0f9e534fc9f6a271c1923f7b3
When running a default devstack environment, having guests that
actually can resolve DNS, so that they can do package updates from
well known hosts. This addresses a gap between nova-net and neutron
behavior in devstack.
Change-Id: I42fdc2716affd933e9158f1ef7ecb20bc664ef21
nova-net is deprecated, and it's long time to switch to neutron by
default. This patch does that, and has an auto configuration mode that
mostly just works for the basic case.
It does this by assuming that unless the user specifies an interface
for it to manage, that it will not automatically have access to a
physical interface. The floating range is put on br-ex (per normal),
fixed ranges stay on their OVS interfaces.
Because there is no dedicated interface managed by neutron, we add an
iptables rule which allows guests to route out. While somewhat
synthetic, it does provide a working out of the box developer
experience, and is not hugely more synthetic then all the other
interface / route setup we have to do for the system.
You should be able to run this with a local.conf of just
[[local|localrc]]
ADMIN_PASSWORD=pass
DATABASE_PASSWORD=pass
RABBIT_PASSWORD=pass
SERVICE_PASSWORD=pass
And get a working neutron on a single interface box
Documentation will come in subsequent patches, however getting the
code out there and getting feedback is going to help shape this
direction.
Change-Id: I185325a684372e8a2ff25eae974a9a2a2d6277e0
This reverts commit f327b1e119.
The problem being addressed in the original commit was that
rejoin-stack.sh would run with the user's locale, instead of C that
was set in stack.sh
We overlooked that this gets pulled in by openrc, so it is overriding
the user's locale when using clients, etc.
rejoin-stack.sh was removed in
I2f61bb69cc110468a91dcaa4ee7653ede7048467 so we don't have to worry
about that part. A revert to not touch the user's locale seems
appropriate.
Change-Id: I7c858bb92ce7ba5b5d323bf3ad6776100026c7a2
Closes-Bug: #1608687
This was used solely by bigswitch, and everyone else has moved over to
devstack plugins. Cleaning this out makes the core logic much simpler.
Depends-On: I8fd2ec6e651f858d0ce109fc335189796c3264b8
(grenade removal)
Change-Id: I47769fc7faae22d263ffd923165abd48f0791a2c
The horizon cleanup function wasn't being called at all during
cleanup which left the Apache configuration.
Change-Id: Iff5336d0c5e79cfc82f1c648afaabb869d86020e
Seeing a race condition where lib/neutron code tries to
set the MTU on br-ex before it exists.
Thanks to some good grepping by sdague, it appears that the difference
between lib/neutron and lib/neutron-legacy is that the initial bridge
being created is br-int while in lib/neutron the initial bridge
created is br-ex, which means there must be some kind of warm-up that
occurs between the first bridge that is created by ovs-vswitchd and the
second, and the second one created is much faster.
So instead, let's just wait for the bridge to be created successfully.
Change-Id: I271dc8b6ae5487c80d2a22153b3fc45fb247707f
In case q-fwaas is enabled. It will causes the q-l3 failed to start
because the DevStack gave a redundant --config-file option to start q-l3
This is a follow-up patch of 84409516d5
to remove fwaas from DevStack completely.
Change-Id: I630969b3556bcffba506cab02a09cc83f4430c88
Closes-Bug: #1608401
The privsep helper should have a sane default for all libraries,
pushing this into devstack means we cheat past a part of the upgrade
that we really shouldn't be.
Change-Id: I52259e2023e277e8fd62be5df4fd7f799e9b36d7
The default for GUEST_INTERFACE_DEFAULT now uses the ip command
to find an interface; so it will work on multiple distributions.
XenAPI should not be setting a specific interface here, as it will
almost always be wrong. In most cases, the calculated value for
GUEST_INTERFACE_DEFAULT will be a better default.
PUBLIC_INTERFACE_DEFAULT makes even less sense as it's often an
internal bridge for devstack scenarios.
In both cases, the right way to override these is to set
GUEST_INTERFACE / PUBLIC_INTERFACE in the localrc rather than
changing the _DEFAULT values.
Change-Id: I0cf84438d778bf1a2481328165513c59167490e2
Currentlly, the *.pyc files could not be removed in any scripts or
functions. But the redundant files would lead stack.sh not to find the
correct script for some versions after branch switched from master to
stable/mitaka in migration_helpers.sync_database_to_version.
So this commit adds the process of cleaning all the *.pyc files in
clean.sh.
It is needed to execute clean.sh before re-stack.sh to prevent the
exception.
Change-Id: I9ba0674d6b20b13c0a26b22cd5d1939daa121a94
Closes-Bug: #1599124
In the 25.0.0 release [1] of setuptools during any install
operation the package in not overwritten. If a package is
installed from another requirement via pip and then it is
installed again from git, it is not updated causing
check_libs_from_git to fail.
[1] https://setuptools.readthedocs.io/en/latest/history.html#v25-0-0
Change-Id: Ibaa1d4157816ea649f4452756fbde25951347001
Closes-Bug: #1605998
On RHEL-based systems pip and yum share the same installation
directory for virtualenv. If yum pulls in the python-virtualenv
package (e.g. due to a dependency) it will clobber what pip has
already installed. The file tools/fixup_stuff.sh tries to ensure that
the proper virtualenv package is installed via pip. If virtualenv has
already been installed via pip, then clobbered by yum, pip skips the
install since it appears as if virtualenv is already installed and at
the correct version.
The reinstall of virtualenv must use the --force-reinstall argument to
pip to fix up the damage done by yum.
Change-Id: Ib0edf6c4ee8a510e9d671213de35d787f56acfed
Closes-Bug: #1599863
Add a VirtualHost that defines the necessary options for
enabling SSL. The existing keystone Apache configuration already
does all the location handling.
Change-Id: I836a471a7258f14f051d3dd8bdb428286b5a11aa
Relying on 'external_network_bridge=br-ex' for the L3
agent has been deprecated in Neutron. This patch adjusts
the devstack defaults to setup Neutron in the preferred
manner (empty external_network_bridge value and
correct bridge_mappings for the L2 agent).
This will also help with correct MTU calculations now that
the external network will have the correct segmentation
type on it ('flat' now instead of 'vxlan' by default).
Related-Bug: #1511578
Related-Bug: #1603493
Change-Id: Id20e67aba5dfd2044b82c700f41c6e648b529430
We have new feature in cinder and new test for it.
The test is skipped by default.
Need to add flag to unskip this test on master and
Mitaka.
new test: I1964ce6e1298041f8238d76fa4b7029d2d23bbfb
Change-Id: Ib695e60c2ed7edf30c8baef9e00f0307b1156551
For AArch64, KVM don't recognize the cpu-mode "none",
so change the default cpu-mode as host-passthrough for
generating nova.conf
Change-Id: I94a22e5a15a974b9c11e9f9fd996857453b6e2ca
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
This variable can be used to accommodate for underlying infrastructure
that does not provide full 1500-sized traffic, or maybe instead gives
access to Jumbo frames.
Change-Id: I38a80bac18673a30842a7b997d0669fed5aff976
Related-Bug: #1603268
The change Ibb7423d243d57852dada0b6298463bbdfc6dc63c that introduced the
os-brick plugin introduced a flaw where the xtrace state wasn't restored
after the end of the plugin's execution. The end behavior is that devstack's
logs were with way less information, difficulting the debugging of the build.
This patch fixes the variable that was intended to hold the xtrace state (it
was using cinder's) and restoring the state at the end of the script.
Change-Id: I47c6c794a9704049b089142eca5603d1183f8a10
Replicated Yi Zhao's fix for re-adding ipv6 addresses to neutron-legacy
(review I9ff62023dbc29a88aec3c48af331c0a49a1270bb).
Previously, re-stacking failed with "File exists" for ipv6 addresses
on br-ex. With this change, the existing address is replaced on
br-ex with the appropriate address.
Change-Id: I6e6235132a34469f4e68b5bb3cf51ebdf01c83a2
Fedora 22 reaches its EOL on 19-JUL-2016[1]. Remove it as
officially supported distribution.
The current two supported Fedora distributions are Fedora 23 and Fedora
24. (Change Ia4a58de4973ef228735c48b33453a0562dc65258 already added
support for Fedora 24.)
[1] https://fedoramagazine.org/fedora-22-end-of-life-2016-july/
Change-Id: I5b4e1ddb6165a9065e80e84175246678a7356f18
This removes several config flags for Tempest
now that juno and kilo are end of life. Tempest
has already removed these flags too.
Change-Id: I748429e73073f4202f77dfe1002687f76ee9a451
This option to install os-brick from git was only added
into lib/cinder previously. When testing all-in-one nodes
this worked fine, but if you have multi-node setups with
compute nodes that don't install any c-* services we
only get packaged os-brick. With this change non-cinder
nodes can now test against unreleased os-bricks.
Change-Id: Ibb7423d243d57852dada0b6298463bbdfc6dc63c
The common code for metering calls _neutron_service_plugin_class_add,
which despite the description only just appends a service plugin to
$Q_SERVICE_PLUGIN_CLASSES - it doesn't actually write it into a
configuration file.
So for now, read out the configuration, and append metering to it, then
write it back out.
Change-Id: Ice96cca8b43dcd54f2aa81461000a4597db8260d
This is necessary to make it possible to filter out compute nodes,
which don't support such type of images.
Change-Id: I347953876e2057e6f3dca71c2f5e8b638b85aaf8
Option was deleted from Tempest config file. Also test scenario
was deleted. See commit I93b2fb33e97381f7c1e0cb1ef09ebc5c42c16ecc
Change-Id: I750e50ba7cf8fca1dde391c2620b4a815d6b02a1
Closes-Bug: #1599619
File injection is disabled by default for the libvirt
driver in nova. This adds a variable to enable file
injection for the libvirt driver and is also used
to configure tempest.conf for running personality
tests.
Change-Id: I34790fadeffd6e3fdc65bd9feed3d6e62316896c
Related-Bug: #1598581
Change 9ce99a44cf85e431227536e2251ef05b52e61524 disabled file
injection with the libvirt driver by default back in Icehouse,
so devstack doesn't need to do this explicitly anymore.
Change-Id: Id0c521f6f624367bd497463c8c2d99488548fcff
This adds a set of local.conf modifying functions which make it easier
for consuming projects like devstack-gate to programatically add
elements to local.conf structured files.
Change-Id: I3427968c2bd43aba12b3619acc27f73c74f0dabb
Co-Authored-By: fumihiko kakuma <kakuma@valinux.co.jp>
This will have devstack setup the Cinder internal tenant and generic
image-volume cache by default. If left alone it will use reasonable
defaults.
More information about configuration options and the cache can be found
here: http://docs.openstack.org/admin-guide/blockstorage_image_volume_cache.html
As part of this we switch the default lvm type to thin so it will
work more efficiently with the image cache.
Change-Id: I0b2cc261736f32d38d43c60254f0dc7225b24c01
Implements: blueprint cinder-image-volume-cache
In Aarch64, the default cdrom bus is scsi, and the default scsi
controller is virtio-scsi. The cdrom with virtio bus will not be
recognized by the instance.
Change-Id: Ib8cec79f9e9083239092fa7348793ee3b64a9c94
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
Change I4a10a49db97d413349bcfceeb8c4164936fbcc40 added colorful PS4 via
tput. However, if TERM is not set (as is the case when stacking
noninteractively), tput errors with the following:
tput: No value for $TERM and no -T specified
...twice for every log message, thus flooding the logs.
This change set turns LOG_COLOR off by default for noninteractive
execution. If LOG_COLOR is set to True when noninteractive (TERM is
unset), obviate the above errors by passing tput a simple -T.
Change-Id: I0f8ad82375cde463160bad5bd9918f1e4b19326d
Closes-Bug: 1576405
wait_for_service just checked to see if the remote service
was started, not that it was returning data. This caused
problems when the service was behind a proxy because the
proxy would respond quickly but the service may not have
fully started.
Wait for a non-503 HTTP response code and non-7 exit code
(connection error) from curl
Return an error if a successful connection cannot be made.
Change-Id: I059a12b1b920f703f28aca0e2f352714118dee97
Add support for the "geneve" ML2 plugin type driver. The
networking-ovn ML2 mechanism driver uses geneve for its
project network type. Geneve is part of core neutron but
didn't have any DevStack configuration for it. This patch
set adds the necessary options. It also removes the default
for ML2 type drivers to rely on the neutron default and
consolidates the tunnel ranges default for gre, vxlan and
geneve by using TENANT_TUNNEL_RANGES.
Change-Id: Id75651dfe57a07045a6932a0369668f33c7eef09
Partial-Bug: #1588966
The 'neutron_plugin_configure_l3_agent' function expects a path to a
configuration file as a parameter. This was not done for one call,
resulting in the generation of a 'DEFAULT' file in the DevStack
directory along with an invalid L3 configuration file. Resolve this.
Change-Id: I5781cb1ec4cfc1699e61dbc324d0bdb824b56be1
MacVTap mechanism driver and agent have been added during
Mitaka [1][2]. Now adding the related doc to run a
multinode devstack with MacVTap compute nodes.
[1] https://review.openstack.org/209538
[2] https://review.openstack.org/275306
Depends-On: I0dd4c0d34d5f1c35b397e5e392ce107fb984b0ba
Change-Id: Ie743a207a5faeab2e2a7274fda503699f3072e98
Due to the fix [1] of neutron-refactor, some flat network usages of devstack
installation start fale.
This fix enables ML2_L3_PLUGIN to be set to empty to solve the problem.
By default l3_router_plugin.L3RouterPlugin will be set to ML2_L3_PLUGIN,
and for neutron, in such of configuration, router (ASA some others) will be
set into supported_extension_aliases,
then devstack will create a router that we do not want in a flat network.
Before fix [1], we can disable q-l3 to aviod the issue.
But now we don't, and we need this fix to disable the whole L3 plugin.
[1] https://review.openstack.org/318145
Change-Id: I61a2142d5121e0af4cc6cdf50e6bceafaf791fb0
Config auth_plugin in trustee group is deprecated.
Change to use auth_type in trustee group instead.
Closes-Bug: 1592482
Change-Id: Ib90d9c0299887201b37d26254693dc6b007a41dc
CINDERCLIENT_REPO cannot refer to both python-cinderclient.git
and python-brick-cinderclient-ext.git so make sure
the overrides have different names.
Bug introduced by: I6d0f09950ea1200d3367a53aa4a3eea9be7abc66
Change-Id: I9cbbf71ba08ef5394537d7b294846faa3c5be5bd
Implements Blueprint: configure-tempest-volume-microversion
Related to: I3d9b3fe288333721bf3b2c6c988949f2f253bfcc
Change-Id: I80c6a0c46c667291c6f7fe2a036717504c110314
Tempest introduced a new ability to use domain scoped tokens for
identity v3 admin APIs. Since domain scoped tokens can be used
with the base keystone policy used in the gate, and the
pre-provisioned admin user is assigned a role on the domain, turn
the option alway on.
Change-Id: Ib1bb958eee076364b407fc03e77e6882d92147d2
Depends-on: I91ca907992428a5a14fb8d48a4fad105d2906e27
I352362cf59e492fa9f7725190f0243f2436ac347 switched this to vercmp, but
using single-quote (') will mean that the kernel version isn't
actually expanded for the comparision.
I guess, like the original change, the fact it isn't working is
hidden. Trusty seems to have 3.13 ... I can't imagine we support
anything before this ... so I'd also be happy if someone with some OVS
knowledge wants to just delete it.
(This change was originally an alternative to
I352362cf59e492fa9f7725190f0243f2436ac347 but got the quoting right)
Change-Id: I9fa514885c20b1135fb0680cf61fc04628fbecbe
Closes-Bug: #1580850
privsep will default to invoking privsep-helper directly
via sudo, which won't work for people with a locked down
sudo config. To deal with this we should explicitly
configure the os-vif plugins to use nova-rootwrap for
running privsep-helper. This change makes such a change
for the two official in-tree os-vif plugins.
Change-Id: I3d26251206a57599385f2b9f3e0ef7d91daafe35
keystone was configured to connect to memcached on the host IP
address. Unfortunately, memcached is only listening on localhost,
so this setting actually hurts performance as keystone fails to
connect to the memcached server. There's no indication of this in
the keystone logs since this is just how memcache client works
(ignoring errors).
You can verify this by
1) in /etc/memcached.conf, set -vv
2) restart memcached: service memcached restart
3) watch /var/log/memcached.log
4) There will be no output
with this change, there will be output in /var/log/memcached.log
Also the performance should be a lot better.
Change-Id: I95d798d122e2a95e27eb1d2c4e786c3cd844440b
If you are using provider networking, and have IP_VERSION set to include
IPv6 (which we do by default) - you must set the required variables.
If you do not want this behavior, set IP_VERSION=4
This arose from a third party CI system which was configured[1] to have
provider networking, but would explode when hitting the router IPv6
setup step[2] since there was no IPv6 subnet created, and IPV6_SUBNET_ID
would be empty, causing a python-neutronclient error and causing
stack.sh to exit.
[1]: http://paste.openstack.org/show/508710/
[2]: https://github.com/openstack-dev/devstack/blob/c35110e7c5c35dd1edc310dc3d0bb8693e58d336/lib/neutron_plugins/services/l3#L320
Change-Id: I267799b62284c3086ed7c3e2d8a9cbadb9ddcd60
The local.conf docs talk about phases which don't exist for config
file processing, which makes it more confusing then it needs to be.
Change-Id: If7f9255eab0535c3d57a2fd5f1bc18ba4d0801aa
To properly test the integration between Glance CORS feature and
Horizon Javascript environment uploading image files directly to Glance
(using this feature), we need to enable CORS support for Glance in
integration tests. Adding corresponding Devstack variable to configure
Glance in such a way that it accepts direct requests from Horizon
Javascript is the prerequisite step for the integration testing of this
feature.
By default Horizon and Glance are located on the same host, hence
default value cors.allowed_origin = http://$SERVICE_HOST should work.
If a more complicated setup is desired, where Horizon is located on a
different host, GLANCE_CORS_ALLOWED_ORIGIN environment variable should
be exported to Devstack.
Partially implements blueprint: horizon-glance-large-image-upload
Change-Id: I4881fb6631c2daa2ad8946210eff4bb021957374
When running tempest testcase test_minimum_basic_scenario will always fail
due to lack of configuration [scenario] img_disk_format=vhd in tempest.conf
This patchset is to add this configuration when XenServer is used.
Change-Id: I4b916200e6eefb62f148ec8b644fb23ffc7e00a6
Closes-Bug: #1589787
Currently a hardcoded value is used for the DEPLOYWAIT timeout in
tempest. The patch in review 269249 adds a config option to use
instead of this hardcoded value. This patch allows the value to be
set via the BUILD_TIMEOUT variable.
Change-Id: Id79014fd6e07f93029111f6c28e3537e2e39be9f
Related-Bug: 1526466
XenServer 7.0 has changed some iso files' name, this made devstack script
install_os_domU.sh failed to install VM before installing OpenStack. This
patch is to fix the problem, make install_os_domU.sh support 7.0 and other
prior versions of XenServer
Change-Id: I49459bfff2b101fc6927eb4578c5eb47cc8c3ad6
This change adjusts a few instances of `--config-file=foo` to
`--config-file foo` (no `=`) in order to make neutron command
lines more consistent and easier to match in sudoers/rootwrap
filters.
This is particularly useful for oslo.privsep, which needs to start a
helper command with the same `--config-file` arguments (see
Ia9675dff9232e0e987a836ecaf9e842eb5c3cb18).
Change-Id: I91fe18f66f3c3bc2ccd1ca8be91be2915ed3e3ec
I ran some tests locally that showed that when using the uwsgi
deploy the keystone server wasn't using all the processes
available. When I switched from "threads" to "processes" the
concurrent performance improved considerably. So I'm proposing
that devstack switch to processes to improve performance.
Change-Id: I8cfe9272e098e636441b7cfb51bff08d62c3336e
As part of the process of deprecating Glance's V1, the glance team would
like to start testing V2-only environments. Therefore, this change
provides a way to force other services to use V2.
Change-Id: I87e77d07964eac01e9a796817cbc88bd6e59c721
Cinder uses my_ip config option to provide iscsi_targets. It gets
defaulted to the IP of the first interface in the system, which is fine
for some cases, but for example with Vagrant first interface can be used
only to contact with host machine.
To get over it we should set my_ip to HOST_IP from local.conf and this
commit implements that.
Change-Id: I4d2960d92f388ac689dfa6b436dc8bfc1e129fbf
Closes-Bug: 1588825
Future oslo.messaging is going to deprecate usage of driver-specific
options for hosts/port/user/password options.
This change uses transport_url that exists since a while now and
works with all drivers (even devstack handles only the rabbit one).
Change-Id: I3006b96ff93a3468249177c31c359c2f9ddc5db6
For the tempest plugin install inside the tox venv to hold we need to
ensure that it's the last thing run that touches the tox venv before
devstack ends. Otherwise there is a chance we'll recreate the venv in
a later step of installing and configuring tempest. This commit
moves the plugin installation into it's own function and calls that
function as last phase of the tempest setup to make sure it runs last.
Change-Id: Ie253171537e8c5a9887cc30aba1cad4b31e57663
This plugin was using a deprecated function, vercmp_numbers(),
that wasn't actually working properly because the call to
'deprecated' at the beginning was causing garbage to be
returned to the caller. For example, this was always in
stack.sh.log when using OVS:
.../lib/neutron_plugins/ovs_base: line 57: [: too many arguments
Update to use vercmp() like all other users in devstack, and
remove all the old code.
Change-Id: I352362cf59e492fa9f7725190f0243f2436ac347
Two things:
(a) Add the log filter to capture libvirt CPU manipulation driver
related error messages when things fallout (e.g. CPU model
comparision failures during live migration).
(b) While we're at it, remove the "1:qemu_monitor" log filter, because
the existing filter "1:qemu" should take care of logging the
interactions with QEMU monitor console. This is the case since
the introduction of VIR_LOG_INIT() macro in upstream libvirt,
which performs a substring match on a given file name. (Available
from libvirt version v1.2.10 onwards).
Change-Id: I75befd52d9f892eb5a6236eee9a397fab7602ecc
Looks like f24 does not have any special change compared to the
previous release, we just need to add f24 where f23 present.
Change-Id: Ia4a58de4973ef228735c48b33453a0562dc65258
This didn't break functionality but it would use a global instead
of a local variable so nested calls to time_* might have issues.
Change-Id: If61ef07c4ce15f1a356975a0b0611fdf5e49109a
Added to requirements:
https://review.openstack.org/309084
Functional tests were added
https://review.openstack.org/265811
But they still use the version of python-brick-cinderclient-ext from pip.
This change updates devstack to pull in the changes from
python-brick-cinderclient-ext patch sets instead, when configured to do so.
Change-Id: I6d0f09950ea1200d3367a53aa4a3eea9be7abc66
Needed-by: I34f3b5ceaad7a50b1e9cadcc764f61c0aabe086d
A new tempest test is being added in https://review.openstack.org/#/c/285541/
but it is not supported in the Kilo and Liberty branches. This patch
turns on this feature flag at Devstacks's side.
According to tempest policies, this patch must be merged first so the
test can actually run.
Change-Id: I52458a0b36e1dba233667311b35f6c3931e2e66c
Depends-On: Ie69dae09c2b42e825e9d51abf158fc14788387d1
This commit just adds a sanity check output to lib/tempest. It will
use tempest list-plugins to print a table of installed plugins after
the pip install phase is run for any provided plugins. This will
enable users to check that the plugins they think they're running are
detected by tempest.
Change-Id: Icff286da6c68ec9a57f2288458976341bc095875
If a plugin has the L3 API extension available, issue the L3 API
extension calls that creates routers and networks
Change-Id: I77e269ce0025054bcf2a2f4156124f2921ba2d59
lib/keystone sets KEYSTONE_AUTH_URI and KEYSTONE_SERVICE_URI that
other projects should use rather than building the URL themselves.
This will allow us to more easily drop the port altogether.
Change-Id: I7467aae680215f3045d32a088af2187e1eba8169
When the nova backend is LVM we set some libvirt configs
in nova.conf. Those should happen in the libvirt plugin
file rather than the generic nova file since it's specific
to running nova-compute with libvirt.
Change-Id: I37a63a5fba2e9eea4daafe4ec390b2e7aac236f3
This reverts commit 181588b9ba.
Since this change landed on 4/29 it's been the cause of the
top two gate failures (besides known latent infra issues) and
hasn't had good progress on landing a fix, so until it's a
priority for the keystone team we need to revert this change
to get the integrated gate jobs moving again.
Change-Id: I588a84c5179eab072d21bc1394aea2df00929650
Related-Bug: #1577558
Related-Bug: #1578866
When running a compute node that only runs n-cpu and neutron-agent,
there are still configuration items that are needed by the agent that
reside in $NEUTRON_CONF - such as the rabbit rpc information.
Change-Id: Ib7f5dde3afb0c19dc88f351c99bc669217952a14
If the nodepool info file is around, assume we're on a OpenStack CI
node and skip re-installing EPEL & RDO
Change-Id: Ife80af015b26514098e0633f568e3da35b9eea8c
Neutron L3 may implement a variety of extensions: router, external-net,
dvr, ext-gw-mode, extraroute, l3-ha, etc. The public network uuid is
only going to be made available if and only if the external-net extension
is available, because that's the one that provides Floating IP support.
Rather than making Tempest aware of q-l3 service (when q-* services
are supposed to be legacy), it is better to tune this configuration
based on the extension availability. This decouples Tempest from
Neutron setup internals.
Change-Id: I4889fc3d21bd221785b507995f1b3da0e8f52b46
Related-bug: 1582119
Wrong container name in devstack "All-In-One Single LXC Container" manual.
Link: http://docs.openstack.org/developer/devstack/guides/lxc.html
After creating "devstack" container with below command
sudo lxc-create -n devstack -t ubuntu -f devstack-lxc.conf -- --packages=bsdmainutils,git
The name should be 'devstack' instead of 'p2' in the below command
ssh ubuntu@$(sudo lxc-info -n p2 | awk '/IP/ { print $2 }')).
Change-Id: I7a84b97b03b2dd4338f1d946b7eafb8ec6e3767d
Closes-bug: #1582248
For client debugging that invokes multiple libs it can be useful
to have all libs directly in git and not listing all of them
in LIBS_FROM_GIT.
TrivialFix
Change-Id: Ie631cc4045231ebbe8177d2d113e47e4bf83f61c
This patch enables account management by default in Swift. This will be
leveraged by Tempest test cases validating account management APIs.
Depends-On: Id29f5ca48f92cd139535be7064107b8a61b02856
Change-Id: Ic01432939ed9b4cf0cbf20e3244d4d76847f539f
This patch replaces Q_L3_ENABLED with is_service_enabled q-l3.
Both of them idicates wherever Neutron L3 agent is enabled or not.
Change-Id: I33f0f5a6174d1d170bc2ac1c2e3a096d88d17cc1
This commit adds a deprecation warning for lib/neutron-legacy. Right
now lib/neutron isn't quite in a place where we can use it by default
but we're getting close. As soon as it's passing in the gate we plan
to make a switch over and a hard delete of lib/neutron-legacy. To give
any users which have a hard dependency on it (which is not actually
a supported use case) a heads up this adds the deprecation warning
in front of that change.
Change-Id: Idf1faf2e9dd497f9b97abfcc6e796ca72d60d955
The commit message of 2a242519f7 indicated
that neutron-metadata-agent was the correct name for the metadata
proxy, but parts of the code were not consistent.
Change-Id: I52f08266a169aeb9005c0f84296fc814d05b90d4
When creating service users, the assumption is that the service
project lies within the service domain, so create it there.
Change-Id: I4880e789f5eaf340634ceb792397eef12a5a6b51
Closes-Bug: 1580998
This is a follow up patch of [1].
In [1], source has been moved from lib/neutron-legacy to lib/neutron_plugins/services/l3.
However, one necessary function of is_provider_network is lost.
And this cause devstack install fail.
[1]https://review.openstack.org/168438/
Change-Id: I413b3577ec5b11ee0ee01f2368364117962494bb
I goofed when moving it over, and it looks like the calls
to _move_neutron_addresses_route got clobbered.
Changes like a0d1b0151a ended up getting
dropped on the floor, so let's reintroduce them.
Change-Id: I3bbfbc56e2c663c47a03659a1dff96443c13af47
There are a few CI efforts going on related to jobs that use the lvm
image backend for the libvirt driver in Nova. We don't want to waste
time zero'ing out volumes during CI runs, so we need a way to configure
nova to not clear the volumes in these jobs.
This change adds a variable used to set the CONF.libvirt.volume_clear
value in nova.conf. If the variable isn't set, Nova just uses the default.
This will be set to 'none' in the jobs that are going to use LVM.
Co-Authored-By: Matt Riedemann <mriedem@us.ibm.com>
Change-Id: I1e97ba6ab4772a87192ae2689a25050d432358ab
This helps fix an issue where an IPv4 address is moved from an interface
and you lose your SSH session.
Change-Id: Idf37ccbaa6f615fcc714d49c3f0c00c893f56021
Background for this work can be read on the mailing list:
http://lists.openstack.org/pipermail/openstack-dev/2016-May/094063.html
Usage of the new Neutron is by setting the following in
ENABLED_SERVICES:
* neutron-api
* neutron-l3
* neutron-agent
* neutron-dhcp
* neutron-metadata-agent
For now, the new neutron library supports just the ML2 plugin, with the
Open vSwitch and Linux Bridge agents supported. All other Neutron
plugins should be creating their own DevStack plugin if they wish for
DevStack to support them. Many of them already do.
Other notable changes compared to neutron-legacy:
* Rely on the Neutron defaults, and force Neutron to make
sane defaults instead of all kinds of knobs in DevStack.
* Default to rootwrap daemon support
* Use the security group driver by default
* interface_driver can now use NEUTRON_AGENT (linuxbridge, openvswitch), since
they are entrypoints in neutron's setup.cfg
* Use NEUTRON_AGENT variable to determine which agent to run
Works with NEUTRON_AGENT set to either "linuxbridge" or "openvswitch"
Default is openvswitch for the time being.
* Set ML2 configuration for VXLAN support
* Remove Xen hypervisor stuff - it should be a plugin
* Move L3 crud into separate service file:
There's a lot of L3 configuration that was in the main neutron file, but
a lot of it is self contained and can be moved into its own file.
The new l3 service file will contain all the previous L3 plumbing and
configuration that the OpenStack Gate expects, while also eventually
moving the whole l3 network creation step into a single hook that can be
overridden by plugins.
* Introduce a check for a function "neutron_plugin_create_initial_networks" which
will become the mechanism through which different topologies, and
networking plugins can create and wire the initial networks that are
created during a stack.sh run.
The new lib/neutron is considered experimental, and followup patches
will build upon this one. Existing users of lib/neutron-legacy should
remain unharmed.
Co-Authored-By: Hirofumi Ichihara <ichihara.hirofumi@lab.ntt.co.jp>
Co-Authored-By: Dean Troyer <dtroyer@gmail.com>
Change-Id: I31b6362c6d9992f425f2dedbbeff2568390a93da
This seems to break Ironic gate with n-cpu not starting
any more.
This reverts commit c527ded91b.
Change-Id: Idfb01448e8ecf53fbd2e1df61c8f08f3107981ac
Closes-Bug: #1579683
As can be seen in logs of the periodic generation job, our cgit does a
weird thing where sometimes it returns a 404 page with content, and
sometimes a zero response (see [1] for example, the last number is
response size). This appears to be an openstack CI issue; possibly
due to cgit caching or similar (see [2] for manual test). It will
have to be investigated with the host apache logs.
This is resulting in a lot of projects incorrectly being picked up as
having plugins (I7116571d2a2b1fc3a61e5f1ed46ac2cbc244775a). I'm not
sure if this problem is also releated to the original status-code
issues mentioned in the code, but testing shows that cgit is correctly
returning 404's for missing files (you can see in the logs [1]). Thus
switch the logic to examine the return code which avoids this issue.
[1] http://logs.openstack.org/periodic/propose-devstack-plugins-list/e55790c/console.html.gz#_2016-05-04_06_46_51_660
[2] http://paste.openstack.org/show/496434/
Change-Id: I6a06347d91d091441f6f7b70f99aba6d8e9add4b
Currently, the db sync operation does not specify the config dir or
config file.
If there is a config file in the home path, it will use this one,
but not the right one devstack write.
Set config file to these operations.
Change-Id: Id1fbc3d85280c19596f5ebd301c46bcf018fa2f6
Closes-Bug: #1578098
CoreOS cloud image is compressed with bz2 extension [1]. In such
case, we need to decompress the image before uploading it to glance.
[1] https://coreos.com/os/docs/latest/booting-on-openstack.html
Change-Id: I705d0813d180aefaa2507c00d1ae40af07d12fcf
Export the 'short_source' function so that it will be present in the
environment for child shell scripts. Do this because we are passing PS4
to the child shell scripts and it is using 'short_source'
Don't do an 'env_keep' in the sudoers file for PS4, since it is
difficult to also pass along the 'short_source' function.
Change-Id: I9781010d6eb336d02939c7fd47f18bedeae5ccc6
Closes-Bug: #1563443
Devstack installs elasticsearch version 1.4.2 by default.
This version is really out of date and you can't run kibana
4.x against it. We are working towards 2.x support [0],
but in the meantime would like our example to install a more
recent version of ES.
[0] http://lists.openstack.org/pipermail/openstack-dev/2016-April/092583.html
Change-Id: I9ca244f8b817dd9c5f6d7435e347df28282db0a9
This commit adds a new phase to the devstack plugin interface for
configuring test environments. It runs after everything in devstack
(except for the final output commands) to ensure that tempest or
any other dependency is installed prior to running it.
Change-Id: I52128756f18d3857963a0687de77f7cdfd11fb3e
the referenced file was removed with the following change
Ie7f4b265368f1d10a8908d75e11d625b2cc39e7c
Change-Id: I0e25b1f38e0969037d1c8af367432da56bb12e92
This commit adds a new variable to lib/tempest to provide the plugins
that should be installed into common tox venv that gets created. In
order to make this work the workarounds to handle migrating to a common
tox venv have to be removed otherwise the plugins could be installed in
a venv that isn't used.
Change-Id: I63658b8d8dfa999e0feb79f8f2968f2b32e3ff57
Depends-On: Iab2e6e04b6c5795a4d0c8214564106525b942308
In order to support the effort to unify the tox venvs being created
by tempest this commit temporarily cases the path of the venv being
created. Once tempest is updated to only use .tox/tempest we can
remove the if blocks and just use it unconditionally.
Change-Id: I34a69020eee07156e64026781a3c0bffdb5ab415
As we are creating a domain with id 'default' and name
'Default', we should iniset the correct name.
Change-Id: If67338fbbd255b8aa1b91e18e4cf8213baebab95
When running in httpd, keystone accepts requests on /identity and
/identity_v2_admin.
The path endpoints should be preferred over the ports so keystone
is configured to point applications to the path endpoints by
setting admin_endpoint and public_endpoint.
Change-Id: I34569b9e03c3f36748c92d803349e22a7ee1a633
Tempest-lib, as a standalone project, is deprecated in favor of a
"lib/" directory inside Tempest's repo. So remove the installation
of tempest-lib in DevStack.
Change-Id: I507bfe875777fd25bbe5d67c861f3fca99faa22d
There are two implementation code for similar API in Nova repository.
One is newer: v2.1 API, another is legacy: v2 API. v2.1 API has been
used as the default API since Liberty and legacy v2 API has been marked
as deprecated. We have used and tested v2.1 API so well and now is
nice time to remove legacy API code based on the consensus of the
design summit of Austin.
This patch removes NOVA_V2_LEGACY which set up legacy API code.
NOTE: The gate job which uses this NOVA_V2_LEGACY option has been
removed already since Iac81b7d569b76b99e9d86eaa5001ae7f9b78cdfe.
Partially implements blueprint remove-legacy-v2-api-code
Change-Id: I0e16b7ce608d7eeb3a35fd77e66531dfc8c142ef
I think the objective of the line is to display message, but it was
also echoing entire line before printing the message.
Change-Id: I758759638003deec3205983863f4b7e23ba94e89
Signed-off-by: Sachin Patil <psachin@redhat.com>
In a multiregion installation of devstack, conflicts occur in the
creation of images, networks, or volume types, when the region is not
set.
This patch adjusts commands to include the region, and
also adjusts the region_name in the nova configuration section of
neutron.conf to include the region.
Change-Id: Ifedff6a124fa49d57cc7b2f35916d8d96f5e5f7a
The nova check in is_service_enabled() is loading the nova repo
when ENABLED_SERVICES=ovn-northd. Add a comma before each of the
checks to prevent this error with any of the other services.
Change-Id: I9deee735812cde44ea5140b1ad76848f02576609
Closes-Bug: #1574431
Commit 020586fab4 removed support
for g-search as it was promoted to its own project. The devstack
plugin for Searchlight triggers the installation of elasticsearch,
so it can be removed from upstream devstack.
Change-Id: Iada75fc59c66b776c506431f93deb668ab0a84b9
This minor release of bashate just fixes one small issue with python3
compatability. This is an alternative to
Ic91b5ce8cb85e376573f9bf3659d2a86cc437179.
Change-Id: Ie5ad29003cf80a332b9a9258749757a15de79966
This commit fixes breaking change [0].
Long driver names like 'nova.virt.libvirt.libvirtDriver' are
no longer available and 'libvirt.libvirtDriver' should be used
instead.
Reference:
[0] https://review.openstack.org/309504
Change-Id: I27a1b75b921c7401bc8614caadfd1e09e7dd5d65
Closes-Bug: 1574990
Change I24546f02067ea23d088d383b85e3a78d7b43f165 aimed to use
keystone v3 as default in devstack. The change was later reverted in
Ia792b23119c00089542ba08879dca1c29dc80945 because it broke some
projects.
This patch contains a small portion of the first change to set the
environment variables $OS_USER_DOMAIN_ID and $OS_PROJECT_DOMAIN_ID in
openrc, so that users don't have to set them manually when using
keystone v3.
Change-Id: Ie4c316d60590d55830d417f13817298dac70864f
Partially-Implements: bp keystonev3
Closes-Bug: 1387814
Since I380dd20e5ed716a0bdf92aa02c3730359b8136e4 , tempest options
tempest_username and tempest_tenant_name have been added.
However, they are never used at all.
So this patch removes them for the cleanup.
Change-Id: Ic40047c5903d664e4a2d5eea88ff788e39d1e416
This reverts commit 7d1ec43004.
This broke the sahara and layer4 dsvm jobs. The layer4 job
is voting on tempest changes so tempest is also broken.
Change-Id: Ide69f10cd85bf7ff0d86bc8cba56dedd26850362
Partial-Bug: #1573868
We really should only have code that create endpoints once, making all
osc calls get_or_set adds 3 seconds per call for no really good
reason.
This also stops creating the internal endpoints in the service
catalog. It's a pattern that we're trying not to propogate, so lets
not have it in devstack any more.
Change-Id: Ia8cefe43753900d62117beae330db46deb6a9fc9
When using XenServer as hypervisor, install_os_domU.sh will create
integration bridge for compute node when neutron network is used.
But it should provide a way to allow moving of the VM to another
host (with a different XEN_INTEGRATION_BRIDGE) for easier install.
This patch is to provide the way to let user have the chance to
configure integration bridge themselves
Change-Id: If923a5e978e77fc091d24b6e1fe7a83a3375da09
As Nova hypervisor uses deprecated parameters when trying to
authenticate to Ironic, as well as a hardcoded /v2.0 endpoint, a fatal
error occurs when creating a keystone v3-only devstack.
This patch updates auth parameters (ironic section in nova.conf) that Nova
uses when trying to connect to Ironic to v3 parameters.
Change-Id: I2d7ebf750115613aa917448f20daaece614633ef
The bug #1542282 added Q_PLUGIN_CONF_PATH to the comment on how to use
Q_PLUGIN_EXTRA_CONF_FILES. But the right variable name is
Q_PLUGIN_EXTRA_CONF_PATH; this patch fixes this comment.
Change-Id: I6b6b39068fe54509b1bb8af47ae0b21dd77c444a
Related-Bug: #1469434
Closes-Bug: #1542282
Use the fernet token provider as the default for keystone.
The Keystone token provider of choice is changing from UUID to Fernet.
However, due the the need for multi-site keystone deploys to have keys
kept in sync, we cannot change the default in upstream Keystone
without breaking existing deployments. Fernet requires a deliberate
setup step like what is done in devstack. Making the change in
devstack documents the expected setup.
Change-Id: I8c0db244634b0861b0eb3c48fe6ede153f7f04f2
Currently there is added an obsolote/wrong '/' when passing
Q_PLUGIN_EXTRA_CONF_FILES to the service start arguments.
Thats not a problem when using absolute paths, but wrong for
relative paths. This patch removes that extra '/'.
Change-Id: I2136d39889eaf83ecfcc711c733e95e261f455e0
Closes-Bug: #1572192
Make it possible to construct the service users in their own seperate
domain. Changing this away from Default will not work for everyone yet,
though it does work for basic service interaction however enabling it
will allow us to start testing and hopefully gating that services aren't
relying on v2 only concepts.
Change-Id: I7e73df5dd1caabf355783da2bc0f3007ade92fba
This environment is used by the normal docs job, add it.
Manually add requirements needed for doc building.
Change-Id: I1be193d113683966f6a76e862713f3a550543168
Related bug #1469434 fixed the usage comments for
Q_PLUGIN_EXTRA_CONF_FILES. However that change didn't
make it into neutron-legacy. This patch updates the comments
in neutron-legacy to reflect proper assignment of
Q_PLUGIN_EXTRA_CONF_FILES as well indicate
Q_PLUGIN_CONF_PATH is required when using extra conf files.
Change-Id: I447f1158d333ac4a35c4903a509146a62d93b272
Related-Bug: #1469434
Closes-Bug: #1542282
Those reports may be helpful when debugging neutron gate issues.
pgrep is backwards compatible with old Solaris tools, which means it
does not match with commands that are longer than 15 characters. To
avoid that for neutron agent names which are longer than that, we need
to pass -f argument to match against the full cmdline.
Also killall instead of kill + pgrep in a subshell.
Change-Id: I9b3801e927c0e80443ed76e38cd8e3618e888e49
Create specific heat_stack_owner role to be used by
tempest tests, rather than using _member_ which is not
automatically created in keystone v3.
Change-Id: Iff13a47e360b628bc48a8cb897d9368af49db01b
Partial-Bug: #1539692
devstack failed to install because glance:
Could not determine a suitable URL for the plugin
patch I618ea8e27b49af360c905df85af06d9b1eef8407 tries
to fix this problem, but with a wrong way because path is not
correct, the clouds.yaml is not under /path/to/devstack/~/.config/openstack/
but ~/.config/openstack.
patch I8af6bd465f74099c560dddba6b5221dd79cbc965 tries to
fix this problem, but with a worng way to specify the path,
~$STACK_USER/.config/openstack/clouds.yaml will not expand with
a variable, only const string can.
$ whoami
zqfan
$ touch ~/.config/openstack/clouds.yaml
$ export STACK_USER=zqfan
$ rm -rf ~$STACK_USER/.config/openstack/clouds.yaml
$ ls ~/.config/openstack/
clouds.yaml
Change-Id: I549817d2f4638be615991c1726b39d270ba71357
ref: I618ea8e27b49af360c905df85af06d9b1eef8407
If the variable SWIFT_STORAGE_IPS contains a space-separated list of
IPs, we can use this to create consistent rings across all proxy and
storage nodes.
Change-Id: If9307196dc7e74e4a842c95503958ae2d7f7acc7
This is a follow-on to I6f392d3c16726f6dd734184dcf3014fb4f388207 to
note the variable is kept for backwards compatibility.
Change-Id: I1008b2d4e2baf82e1aa531d9eaf96a084beb69aa
The WIP prefix and the statement
"This can't merge until p-c no longer references lbaas jobs."
Should have been an indication that this patch is not quite ready to
go in as is.
This reverts commit 130c3adb0e.
Change-Id: I57d5f9f2e66b1bdf6fca70074bc1d5678de65f38
This is a fairly opinionated change to do some spring cleaning on the
documentation.
The current output of shocco as rendered at [1] is completely broken.
I can not see that it is worth us maintaining this. Honestly, the
github page does a better job at showing the scripts with a bit of
formatting. The "changes" page is similarly useless today. cgit or
github show allow browsing of changes in the repo better. Both are
removed along with support scripts.
When you currently hit the first page, it gives no clue as to what
DevStack actually is. Add a paragraph explaining that, and link to
the cgit for easy source browsing.
stackrc.rst is not necessary; the stuff about database backends is
already discussed in configuration.rst; move the things about service
repos into a section of configuration.rst.
The discussion in openrc.rst is moved into the configuration.rst file.
localrc.conf.rst was just a paragraph pointing back to
configuration.rst; this is removed.
The variables described in exercise.rst are moved into a separate
section of configuration.rst
[1] http://docs.openstack.org/developer/devstack/#scripts
Change-Id: Ie7f4b265368f1d10a8908d75e11d625b2cc39e7c
When devstack fails, some or all bridges may not exist.
This change allows an only existing bridge to executes ovs-ofctl command.
And fix duplicate ofp version specified in protocol option of ovs-ofctl.
Change-Id: Ied01de727ca9b867ce87db358f72ae44838b63af
This removes Oracle Linux 6 support ("OracleLinux") which, like RHEL6,
is now unsupported. "OracleServer" matches Oracle Linux 7.
Change-Id: I35b1c7d0b103c509283dba0f6551453e7d8ac4cc
Closes-Bug: #1568634
This commit adds an execution bit to generate-devstack-plugins-list.sh.
This should be useful for users.
Change-Id: I12d0a257eb1d487979d044c2e52e824a6ea4c02d
In stack.sh, REGION_NAME is used to set environment variable
OS_REGION_NAME before using OpenStack client to configure accounts
for services. OpenStack client will try to find Keystone endpoint
in REGION_NAME to send the requests.
However, in the case of deploying multiple DevStack instances in
different regions with shared Keystone, Keystone is only running
in one the of region. When installing DevStack for the region that
does not host Keystone, OpenStack client will fail to find the
Keystone endpoint and thus DevStack fails to start.
This patch fixes this bug by introducing KEYSTONE_REGION_NAME for
user to specify which region Keystone is running in. Document of
multi-region setup is also updated.
Change-Id: I3e82c7ff69326d4171623299ffecea103d40c80d
Closes-Bug: #1540802
Most of the tempest utilities need at least a partially setup
configuration file to work properly. This is because most of them
make api requests in order to perform the expected operations.
This causes a bit of a chicken and egg problem when we rely on
these utilities for configuration purposes since we don't know if
we have enough of a configuration file to run things. This previously
wasn't an issue because all we needed to run was verify-tempest config
and it wasn't in a critical path just for api extension discovery and
it wasn't relied on. But, with the addition of tempest preprovisioned
credentials we rely on a tempest util to create the credentials we
use for running things. We need to ensure the util has as complete of
a config file when it's run to ensure that everything is in the
correct state.
This commit moves the running of all tempest utils and the associated
iniset calls to the end of the configure_tempest function to ensure
that the utils have as complete a config file as possible.
Additionally, it makes all tempest util calls are venv isolated. (which
is mostly future proofing for when things are branched on stable)
Change-Id: I5844aed4e134fbc7210aa0eca83500e260915b7b
The test job "gate-tempest-dsvm-cells" uses the Nova cells concept.
This triggered a deprecation warning:
WARNING oslo_config.cfg [...]
Option "rabbit_virtual_host" from group "DEFAULT" is deprecated.
Use option "rabbit_virtual_host" from group "oslo_messaging_rabbit".
This change removes that warning.
Change-Id: Ieaf437ecbf58edb8994f6afcb0ac2afcd5585a1e
Variables PUBLIC_INTERFACE_DEFAULT and GUEST_INTERFACE_DEFAULT
are only use to provide default value, deployment script should
not use such values directly
Closes-Bug: #1566768
Change-Id: Ib543b416df861086fa2edbe7df769b224d0b0add
Make the warning in the auto-generated file stand-out a bit more, so
people don't waste time trying to add entries that appear
automatically.
Change-Id: Icf4290e1fad21ce72af54c178bafcce0b287cdf6
Change 0b9e378cca2be4e034ad401d71fbe4470907f93a moved the
api_paste_config from the DEFAULT group to the wsgi group
and deprecated it's usage in DEFAULT.
Change-Id: I283db638e76b986d3e728c6caf34a0b3f37fc9b6
Ubuntu vivid support is EOL lets make room for xenial.
Change-Id: I21c4966c80e0b5fc2b1a7448020dd1c75e0070ad
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Fix the table with a bottom border. Regenerate the plugin list using
the script to make sure it works this time.
Change-Id: Iab3eb3879fd6017c55259e470477e4a9e34514e2
This makes us depend on n-api being enabled, which should avoid running
this on subnodes, where it fails because of no credentials.
Change-Id: I209bd59cd57be27c3375f5a2074361307abcafe9
Closes-Bug: #1567065
Nova API itself supports both URL modes:
with project-id and without project-id
However, we are changing service catalogs for removing project-id
based on the discussion.
We have agreement on https://review.openstack.org/#/c/181393 like the
following:
- Standard required naming for endpoints (versioned vs. unversioned,
contains project ID vs. no project ID).
* We want unversioned endpoints so that the user can get
information about multiple available versions in a given cloud.
* We do not want project ID, account ID, or tenant ID as part of
the resource URI for an OpenStack API endpoint.
So this patch removes project-id from Nova service catalog for this
direction.
Change-Id: Ifd74152727b5c0c75924419a7a52e024a69ce72c
Make sure the table is separated out from header and footer content so
it actually gets picked up as a table.
Change-Id: I60a24b2476a55cfbf5c864a1c27ce5b98e699886
This sets all the internal variables and service users that are set to
use project instead of tenant for clarity.
Change-Id: I4aa833bac2ee2281c5f2881f7ae1fd8e7c759f74
This makes devstack create default flavors in nova, like cinder, now
that nova no longer hard-codes them into its database.
The flavors created here match the legacy default flavors that nova
kept for so long, and also creates a new devstack-namespaces set of
flavors which are likely more useful for people.
Change-Id: Ic275887e97221d9ce5ce6f12cdcfb5ac94e300b0
Cinder was the only project with a script in driver_certs. That cert is
no longer required for Cinder as we now just require that third party CI
is run for all drivers before acceptance.
This removes the cinder cert test script and the now empty driver_certs
directory.
Change-Id: I8d0867c4720f324b8dbf3c64ddf66ff267996d10
As part of the "reduce confusion on tenant_id" we need to change as
many references as possible over to project_id.
Change-Id: Ia665312f24672b106e12fde93b60f142620c3a45
Currently ovs-ofctl command is executed for only default ofp version
(OpenFlow10).
Some Neutron's plugin uses OpenFlow13 and in that case ovs-ofctl fails.
This chage allows us to get ovs info for all ofp versions supported by ovs.
And adds dump by dump-ports and dump-ports-desc.
Change-Id: I2d3c42835a5ad0f5ebf540e8127762f466347c9c
Neutron had a lot of work done during the Mitaka cycle to fix MTU
issues, so let's see if Neutron can stand on its own.
This commit reverts 06cfce3756
Neutron patches:
I6ffc8973c9b8f46cc19922ff04fdd2d23646b878
I4096a3e7704032fa4aa5c3aa8bcaec4e38d0d06d
I6a10c4dfc1f2198667f3d02528e2ca8020cb5bb8
Ic091fa78dfd133179c71cbc847bf955a06cb248a
Idf6221fee2c7da86123b330ad3c235ecc6868242
I6859ebdde1f7e3a8163b49d705620e522ada606a
Change-Id: Ie88c7ebb29adadde530217c95e2f38aacb119dc8
In I33525e2b83a4497a57ec95f62880e0308c88b34f, we switched
from zookeeper to dlm. Somehow this got left behind.
Change-Id: I41d13d33c9a81271d4a9752cbe98c0028a17ab1e
Since commit 7580a0c3e3, openrc
print a WARNING message to stdout, it will break the zsh script
in faq.rst. This patch redirect openrc output to /dev/null.
Change-Id: Iaba03634d7a234cd4d120477f91ef56d0595cdf6
Closes-Bug: #1563940
Printing the total makes it easier to compare runs at a glance. Clean
up the output a little, and use some consistent, name-spaced globals
while we're there.
Note the total runtime is at the top to avoid giving the impression
that it is the sum of the components below, since you can nest/overlap
timers (I made that mistake in a prior change :). It might be a fun
exercise in tree building to one day track the overlaps and present a
nice nested breakdown.
Change-Id: I878ce03813d21138df493b82bceff3aaa7f83064
Ceilometer uses a devstack plugin for a while now, so there should not
be any need for this file in the main devstack repository.
Change-Id: I3577c52b106c63c465a40ea3740eb5b8384e900e
This is a normal step in the process for upgrade and is now
required for migration of flavors from the main DB to the API DB.
Since we previously made a bad decision to encode those flavors into
the first database migration, that means that even on new installs we
need to run these.
Deployment tools are going to be running this command any time they
do anything to the database post-deployment, which means adding this
to devstack is putting it in line with what normal deployments will
be doing.
Change-Id: I8ab03af9d2f4974f26a7f8487ec978caea957e45
Since change Ie38deadf190db33863c99d4610157349484ac10f ceilometer does
not use spidermonkey which needed libnspr4-dev to be installed. Thus the
requirement can be removed now.
Change-Id: Ib0685181f1cc4c9b58411a1679ac9dec1812f683
OS_CACERT was being added directly to the environment rather
than usercc_early. This caused an untrusted CA error to be
thrown.
Ensure that SERVICE_HOST is in the Subject Alt. Names of the
issued TLS server cert. The gate sets it to 127.0.0.1 which
wasn't being handled. Only the FQDN of the host and actual
IP address of the machine were being added.
Change-Id: I8a91dffe1a5263d2bcc99ea406a8556045b52be2
auch configuration in the nova section in neutron.conf was
still setup manually. Just reuse the function
configure_auth_token_middleware() for configuration to simplify
the code.
Change-Id: Ib5a7e9212e2d1242bdbec75cf3fac13d5c42a2e2
This commit moves the auth setup for tempest config to occur before
we run tempest verify-config. The API requests that command runs
require auth and in the case we run tempest without admin creds set
the config file will not have any credentials to run the query with.
By moving the auth setup to occur before this it will ensure tempest
is always configured with credentials before we run the command.
Change-Id: I6d11b24e4492f1fde3aa3a7a239c40d63111bfa1
Previously the swift blocks only ran if s-proxy is enabled, which
prevents a multinode configuration. We should run these blocks if any
swift services are enabled, and push proxy specific conditionals one
step lower.
Change-Id: I540a97615b3c19f882c8673b1a4a29cd47e36aa8
Lbaas devstack support is now in the neutron-lbaas repo, so we can move
towards removing it here. This will explode hard, but let's start peeling
the onion.
This can't merge until p-c no longer references lbaas jobs.
Change-Id: I1c49877bab53f6b25385302420086b25e3eeeebf
Make our usual admin user to be a real admin,
and open the way for improving the per project
policy.json files.
Change-Id: I133a5953d209bc1edbd03ecfae750f77e3eaa64d
Related-Change: https://review.openstack.org/#/c/242232
PS4 can include functions, so when running in the LOG_COLORS=True mode
provide a grey function line so that it's easier to visually
distinguish the content from the location.
Also make it so the main prompt chunks off all the common path, which
means we can printf to 40 characters and have a pretty reasonable and
readable PS4.
Change-Id: I4a10a49db97d413349bcfceeb8c4164936fbcc40
Check that a public and/or private network exists before calling
probe-create for it, to avoid an error in the case where that
network hasn't been created
Change-Id: If01cec47dc4ab02b5d78074b1354df10dc23b384
Closes-bug: #1560629
It seems pip distinguishes paths with .. or extra / for constraints.
For example, the following directories are considered different.
/path/to/dir
/path/to//dir
/path/to/dir/subdir/..
This commit tries to normalize the given directory name to avoid
"Could not satisfy constraints for 'xxxx': installation from path
or url cannot be constrained to a version" error due to directory
name mismatch.
Reference: https://github.com/pypa/pip/pull/3582
Closes-Bug: #1542545
Change-Id: Iae9d58c27d3b10bca16e4a471507c4d5c16439a0
hexdump is used in common function generate_hex_string which is
used by nova and heat. The current general dependencies do not
have this dependency covered, instead it is usually pulled in by
other implicit dependencies when a full devstack is built. In
cases where only a subset is built (like just Heat and keystone)
hexdump is missing.
Added unit tests for the generate_hex_string function.
Depends-On: Ib47d802a31a0f4c2a49daa7e6698e37c70a2365a
Change-Id: I77c8c2019fb8b8174cdfaed3e56ebf728f0732b7
Closes-Bug: #1558672
In future Nova will use os-vif library for some communication with Neutron.
This patch add ability to install os-vif library that requires for run
tempest-jobs for new patches, that used os-vif.
Change-Id: I28e48afd3c740b1aa50c994d99f660f095e7deda
We've had a couple of cases where plugin names are longer than our
table width.
Take the fixed-with table-header out of the header file, and generate
it dynamically based on first-column width. To simplify, take
advantage that RST allows a variable-length last column and so don't
specify it's width.
Add a link to the cgit URL for each project you can click on to browse
the source (link text remains the git:// URL).
Add some logging so you can see what the python generator is doing,
should you run it.
Change-Id: I5d5e692039bbb30b2508119412472dac1d105c08
Insert the unversioned keystone URLs into the service catalog. Services
should be able to determine the correct URL for their work from this.
Depends-On: I931f0c558aafc8dfaa5519744c6e4e7fcffc3205
Change-Id: I6171f782a1dd397720a9b2a3393b30ae5aca0cc2
This change provides better handling of tgtadm --op show
output as input of tgt-admin --delete command. In situation
where no output of the first command is present no tgt-admin
command is run.
Change-Id: Ief5e1d50dd679f4d47cffef29ff07e54cc37f80a
Closes-bug: 1554997
When os-brick starts using privsep, it will need to know how to invoke
its privileged half. Amazingly the name of the rootwrap executable
isn't anywhere else in the config, so the privsep default uses just
"sudo" (no rootwrap).
We need to either:
1. set the privsep command line to use nova-rootwrap in nova.conf (and
similar in other configs), or
2. add the privsep-helper line to sudoers and bypass rootwrap entirely.
This change implements (1) for devstack (nova only for now, cinder to
follow shortly).
Change-Id: I90dc41bc77993bd83b80c92286e015e14f290b45
When os-brick starts using privsep, it will need to know how to invoke
its privileged half. Amazingly the name of the rootwrap executable
isn't anywhere else in the config, so the privsep default uses just
"sudo" (no rootwrap).
We need to either:
1. set the privsep command line to use cinder-rootwrap in
cinder.conf (and similar in other configs), or
2. add the privsep-helper line to sudoers and bypass rootwrap entirely.
This change implements (1) for devstack/cinder and is similar to the
corresponding nova change in I90dc41bc77993bd83b80c92286e015e14f290b45
Change-Id: I8a0b1728cc66c4861f69623b1b16b1f759b57b25
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.