Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.
RDO didn't publish official release rpms for Xena and Wallaby, install
"rdo-release-yoga" release rpm for Xena. Devstack only uses RDO repository for binary dependencies such as rabbitmq, openvswitch.
Change 0da88c4af0 is squashed in this
commit.
Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
(cherry picked from commit b2ad00cb66)
(cherry picked from commit 4062cc0f85)
Devstack set the env var TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE
which are used to use the constraints during Tempest virtual env installation.
Those env var are set to non-master constraint when we need to use non-master
constraints but when we need to use the master constraints we do not set/reset
them point to master constraints. This create the issue when running the grenade
job where we run Tempest on the old devstack as well as in the new devstack.
When tempest is installed on old devstack then old tempest is used and it sets
these env var to stable/<branch> constraints (this is the case when old devstack
(the stable branch is in EM phase) uses the old tempest not the master tempest),
all good till now. But the problem comes when in the same grenade script run
upgrade-tempest install the master tempest (when new devstack branches are in
the 'supported' phase and use the master tempest means) and are supposed to use
the master constraints. But the TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE env
var set by old tempest is used by the tempest and due to a mismatch in constraints
it fails.
This happened when we tried to pin the stable/wallaby with Tempest 29.0.0
- https://review.opendev.org/c/openstack/devstack/+/871782
and table/xena grenade job failed (stable/xena use master tempest and supposed
to use master constraints)
- https://zuul.opendev.org/t/openstack/build/fb7b2a8b562c42bab4c741819f5e9732/log/controller/logs/grenade.sh_log.txt#16641
We should set/reset those constraint env var to master constraints if configuration
tell devstack to use the master constraints.
Making openstacksdk-functional-devstack job non voting as this is
failing 100% on <=stable/xena, depends-On fix that
Depends-On: https://review.opendev.org/c/openstack/python-openstackclient/+/872341
[1] https://github.com/openstack/devstack/blob/71c3c40c269a50303247855319d1d3a5d30f6773/lib/tempest#L124
Closes-Bug: #2003993
Change-Id: I5e938139b47f443a4c358415d0d4dcf6549cd085
(cherry picked from commit 7fe998109b)
(cherry picked from commit 30a7d790b6)
(cherry picked from commit febdb122e4)
(cherry picked from commit cb891834be)
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.
----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------
We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.
This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/867070
Related-Bug: #1999183
[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.
Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
(cherry picked from commit ba54baa425)
(cherry picked from commit a3227ba0c0)
(cherry picked from commit 395f447085)
(cherry picked from commit 02f286a80a)
Glance started moving to new RBAC and glance-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on glance side and so does on Temepst side to tell
glance is ready with scope checks so that test can be run with
scoped token.
Conflicts:
lib/tempest
Change-Id: I09f513d08212bc80a3a86a750b29b1c6625d2f89
(cherry picked from commit 8c93049220)
Already n-v devstack-platform-centos-9-stream has been failing
last 2 months.
Considering that there isn't a lot of traffic on stable/wallaby
and we have a centos job in newer branches so any backport
patch gets tested there, the commit removes this job no to
waste CI resources.
Change-Id: Id218cf2ad5fbb9cae5828972366fe85911e500b2
The official Ubuntu cloud images have some further python pkgs
preinstalled that conflict with our requirements. Allow to
overwrite them.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1871485
Change-Id: I793c250cae5e7b9bc835b7016d790d1f9ae8a7f3
(cherry picked from commit 61a37bff9a)
In case of online mode, there is a procedure to recreate tempest venv.
For consistency of tempest venv during the entire stack.sh process,
add logic to consider the TEMPEST_VENV_UPPER_CONSTRAINTS option here.
Closes-bug: #1980483
Signed-off-by: June Yi <june.yi@samsung.com>
Change-Id: I0cea282152fd363af8671cab1b5f733ebe2bd4df
(cherry picked from commit 8355e81306)
This patch includes changes required to run devstack on CentOS Stream 9
which has been already published in official repos by CentOS team [1]:
- Add RDO deps repository for CS9.
- remove xinetd package from installation for swift. Note that
rsync-daemon is installed which should work fine.
- Replace genisoimage by xorriso in CS9.
- Use /etc/os-release to identify the distro in CS9 as it doesn't
provide lsb_release command.
- Use pip from rpm package instead of from get-pip.py as done in Fedora.
- Add non-voting job devstack-platform-centos-9-stream to the check
pipeline.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/848365
Change-Id: Ic67cddabd5069211dc0611994b8b8360bcd61bef
(cherry picked from commit 5ea4c3c18c)
Newer versions of openssl (CentOS9Stream for example) do not like using sha1.
Devstack will fail on these systems[1] with the following error:
801B93DCE77F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:333:
This patch updates the tls-proxy code in devstack to use sha256 instead of sha1 which allows devstack to complete when tls-proxy is enabled.
[1] https://zuul.opendev.org/t/openstack/build/1d90b22a39c74e24a8390861b3c5f957/log/job-output.txt#5535
Closes-Bug: #1962600
Change-Id: I71e1371affe32f070167037b0109a489d196bd31
(cherry picked from commit 35bc600da1)
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.
The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.
The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory. As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB. If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.
This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.
Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
(cherry picked from commit d5af514ac9)
(cherry picked from commit eb16f28ab2)
(cherry picked from commit 0d22380971)
... when installed from distribution.
This is mostly to fix Ironic's gate as their ecosystem is too
broad and complex to quickly remove libvirt-python from all
possible requirements.txt
More details inline.
See also: https://review.opendev.org/c/openstack/devstack/+/798514
aka f0bf2bdff1
Change-Id: Ic44daf15e952bbe3c424984ffb2474261e68008f
(cherry picked from commit 8b8a4c75b7)
This reverts commit 7a3a7ce876 and
bcd0acf6c0 and part of
f1ed7c77c5 which all cap our pip
installs.
Given the pip ecosystem can often incorporate major changes, tracking
upstream at least generally gives us one problem at a time to solve
rather than trying to handle version jumps when LTS distros update.
The new dependency resolver included some changes that disallow
setting URL's like "file:///path/to/project#egg=project" in
constraints. Apparently the fact it used to work was an accident of
the requires/constraints mechanism; it does make some sense as the URL
doesn't really have a version-number that the resolver can put in an
ordering graph.
The _setup_package_with_constraints_edit function comment highlights
what this is trying to do
# Updates the constraints from REQUIREMENTS_DIR to reflect the
# future installed state of this package. This ensures when we
# install this package we get the from source version.
In other words; if constraints has "foo==1.2.3" and Zuul has checked
out "foo" for testing, we have to make sure pip doesn't choose version
1.2.3 from pypi.
It seems like removing the entry from upper-requirements.txt is the
important part; adding the URL path to the on-disk version was just
something that seemed to work at the time, but isn't really necessary.
We will install the package in question which will be the latest
version (from Zuul checkout) and without the package in
upper-requirements.txt nothing will try and downgrade it.
Therefore the solution proposed here is to remove the adding of the
URL parts.
This allows us to uncap pip and restore testing with the new
dependency resolver.
Closes-Bug: #1906322
Change-Id: Ib9ba52147199a9d6d0293182d5db50c4a567d677
(cherry picked from commit 6b9a564622)
Without it segment plugin fails to connect with
placement api. Configure the placement section
if service is deployed.
Closes-Bug: #1973783
Change-Id: Ie7f37770a04f622735cf2263c601257669ab5064
(cherry picked from commit 92a34dbe95)
This is necessary for more consistent behavior across multiple
distro versions. Apparently somewhere along the way, git started
looking at the current user's home directory instead of $HOME.
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
Change-Id: I941ef5ea90970a0901236afe81c551aaf24ac1d8
(cherry picked from commit 4baeb3b51f)
(cherry picked from commit 9616d22938)
(cherry picked from commit d86f23b153)
git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.
This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history. So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.
This plays havoc with our model. Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks. We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.
This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe. This is an
encroachment of the global system for sure, but is about the only
switch available at the moment. For discussion of other approaches,
see [2].
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636
Depends-On: https://review.opendev.org/c/openstack/devstack/+/837745
Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
(cherry picked from commit 676dcaf944)
This change enables [workarounds]libvirt_disable_apic when devstack is
deployed using the libvirt virt driver and qemu virt type in an effort
to avoid issues outlined in bug #1939108 caused by the older kernel
currently used in Cirros 0.5.2.
Depends-On: https://review.opendev.org/c/openstack/nova/+/805628
Closes-Bug: #1939108
Change-Id: Ibb6c34133bb1c95ef11cc59d9b12a0f65502c61b
(cherry picked from commit 1e86a25cc2)
The default CHAP algorithm for iscsid is md5, which is disallowed
under fips. We will set the chap algorithm to "SHA3-256,SHA256",
which should work under all configurations.
For some reason, setting the CHAPAlgorithms as in c3b705138
breaks OpenEuler. Making this conditional so that tests continue
to pass.
Change-Id: Iaa740ecfbb9173dd97e90485bad88225caedb523
(cherry picked from commit ac958698d0)
Since pip v22, python3.6 is not supported (the minimum version is
python3.7). This patch adds the reference for the pip3.6 URL to be
used instead of the default one.
Conflicts:
tools/install_pip.sh
Closes-Bug: #1959600
Change-Id: Iab2c391d5388461fe9e9037cee81884ce8032e72
(cherry picked from commit a756f4b968)
(cherry picked from commit 13da39fc2e)
We still are seeing regular job failures because the pcp package fails
to install. Assume that we can still enable it on demand when someone
needs to debug specific job issues, let us just disable it by default.
Related-Bug: 1943184
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I32ef8038e21c818623db9389588b3c6d3f98dcad
(cherry picked from commit 134205c138)
When deploying devstack in a stable branch, the master branch is
available locally only in a CI environment where Zuul prepares all
available branches. For a non-CI deployment we need to stick to using
the remote branch as was the case before [0].
While the situation on the master branch isn't really broken, we apply
the fix here anyway so that future stable branches are created in a
working state.
[0] I5d42ac6b54bf20804d7e5faa39d1289102318b64
Closes-Bug: #1956219
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib7719cb2d48b34db70f885e0afe77d904abba3b5
(cherry picked from commit 2ef4a4c851)
The current initiator name embedded in our CI images is not unique at
present and can often cause failures during live migrations with
attached volumes. This change ensures the name is unique by running
iscsi-iname again and overwriting the existing name.
We could potentially do this during the image build process itself but
given that devstack systems are not supposed to be multi-purpose this
should be safe to do during the devstack run.
NOTE(lyarwood): Conflict due to
If2f74f146a166b9721540aaf3f1f9fce3030525c not being present on
stable/wallaby.
Conflicts:
lib/nova
Closes-Bug: #1945983
Change-Id: I9ed26a17858df96c04be9ae52bf2e33e023869a5
(cherry picked from commit 714826d1a2)
(cherry picked from commit ee629cc775)
The apache mod_proxy documentation[0] says that trailing slashes need to
match for the ProxyPass statement. Since adding a slash to the redirected
url would break things that need to access endpoints like /identity
without anything added, we need to drop the trailing slash for the
target URL. See [1] for the discussion of the CVE fix that changed the
previous behavior.
[0] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass
[1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274
For stable/wallaby the nova-ceph-multistore job is currently broken,
drop it for now, it can be re-added when they got fixed.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/811399
Change-Id: Ia6bae7419e5d9a9585f2316562a6c6bb968dcaa7
Ceph adds the osd pool default size option on ceph.conf via [1];
this means we don't need to specify the size of this pool if
the same value (same variable) is used (CEPH_REPLICAS).
This change is an attempt of removing the size setting, relying
on the implicit declaration of the value provided by ceph.conf.
[1] https://github.com/openstack/devstack-plugin-ceph/blob/master/devstack/lib/ceph#L425
Change-Id: I5fa2105ceb3b97a4e38926d76c1e4028f1108d4a
(cherry picked from commit 448db9ec41)
This table is no longer present on most installations, drop it
from the list to avoid error messages during log collection
that people mistake to be the real error why devstack is failing.
This may lose some debugging information in edge cases, but I
think the improvement of the general user experience is more
important.
Change-Id: Ibb9b247a018a788c8c4b40487762319fe470bf0f
Closes-Bug: 1885198
(cherry picked from commit 5a684eb51b)
This change fixes the empty value set to the gid option in rsyncd.conf,
which was caused by reference to the invalid USER_GROUP variable, and
ensures the option is set to the group which STACK_USER belongs to.
This also fixes duplicate declaration of the local user_group variable.
Closes-Bug: #1940742
Change-Id: Ifd0a5ef0bc5f3647f43b169df1f7176393971853
(cherry picked from commit 25f84277ea)
rdo-release.el8.rpm rpm points to latest RDO release,
so use it for master, for stable releases use corresponding
release rpm.
In addition to backport this commit:
1. Add centos8-stream job to show fix is working fine becasue
there is no centos8 repo for wallaby and centos8 job does not validate
this backport. We can remove the centos8 job later in follow up. I
did not it in this commit to keep this backport as clean as possible.
2. backport below commit to fix centos8-stream job
Set swap size to 4G for c8 jobs
Tempest is failing randomly with different reasons
as mentioned in the bug, updating swap size those
issues are not seen.
Before [1] default swap size used to be 8GB but was dropped
to 1G so need to configure it in required job itself.
Did couple of tests in [2] and with 4GB+ swap jobs are
running green. On investigation found that with qemu-5
both Ubuntu and CentOS jobs have memory crunch, currently
Ubuntu jobs are not impacted as they are running with
qemu-4.
[1] https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/750941
[2] https://review.opendev.org/c/openstack/devstack/+/803144
Closes-Bug: #1938914
Change-Id: I57910b5fde5ddf2bd37d93e06c1aff77c6e231e9
(cherry picked from commit 60b5538c33)
Change-Id: I508eceb00d7501ffcfac73d7bc2272badb241494
(cherry picked from commit 0456baaee5)
The QA/DevStack team does not support testing on Fedora on stable
branches. The fedora-latest nodeset is meant to be used on
master branch only.
This change removes it on this stable branch to allow the nodeset
to progress with Fedora version on master.
In addition, the two Fedora jobs are removed to allow for nodeset
removal.
Change-Id: If952b54bdecf82be811b57f4a17a0c59db54a62a
As set out in bug #1933096 these bindings are dynamically built against
the version of libvirt present in the environment at build time.
As a result using a pre-built wheel can cause AttributeError's when the
bindings have previously been built elsewhere against an older version
of libvirt installed on the host. This is currently the case in CentOS 8
stream based CI jobs where we try to use 7.4.0 bindings that appear to
be built against libvirt <= 6.10 leading to bug #1933096.
This change seeks to avoid this by installing the bindings from packages
that will always be built against the correct corresponding version of
libvirt.
Change-Id: I76184c17a776c4e1ecaab9549d9d36c8c07c60fa
Closes-Bug: #1933096
from Tempest to DevStack as it tests DevStack side of things and
is useful for projects not using Tempest.
Verbatim copy except for the devstack- prefix and the /devstack/
path.
Change-Id: Ie166730843f874b9c99e37244e460d7ad33b7eeb
(cherry picked from commit 2fb8c7a5ee)
devstack unit test job does not set any nodeset
and so does use default nodeset defined in base jobs
in opendev. When opendev switches the default nodeset to
the latest distro version, devstack unit test job can start
failing. Example:
- https://review.opendev.org/q/I01408f2f2959b0788fe712ac268a526502226ee9
- https://review.opendev.org/q/Ib1ea47bc7384e1f579cb08c779a32151fccd6845
To avoid such a situation in future, let's set the working nodeset
for this job also so that when we cut the stable branch we can
run it on the working distro version.
Change-Id: I302140778fedf08bc8ba72c453837fa7b8f8f9ae
As reported in bug #1920136 the tempest-integrated-compute job has
started to see insufficient free virtual space errors being reported by
c-sch and c-vol when creating volumes. This change simply increases the
default size of the underlying LVM PV used to host these volumes within
the default LVM/iSCSI c-vol backend deployed by devstack.
Change-Id: I965d4a485215ac482403f1e83609452550dfd860
Closes-Bug: #1920136
(cherry picked from commit 362641b1b8)
Sphinx 4.0.0 added a new dependency [0] which is causing the job to fail
at the moment.
This patch fix the problem by adding UC to the docs jobs.
[0] https://www.sphinx-doc.org/en/master/changes.html (LaTeX: add
tex-gyre font dependency)
Change-Id: I28019331017405c06577ada88f8e9f6d9a2afc23
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
(cherry picked from commit 69a66fb62b)
The configure_neutron_nova function updates nova configs. While that is
still running we separately update nova configs in stack.sh. This can
result in unexpected configs (that don't work). Fix this by waiting for
configure_neutron_nova to complete its work before we do nova config
updates directly in stack.sh.
For specifics we say that:
[neutron]
project_domain_name = Default
was missing from both nova.conf and nova-cpu.conf and instances could
not be created because keystone complained about not finding domain in
project. The strong suspicion here is that on some systems
configure_neutron_nova would write out project_domain_name while the
stack.sh inisets were running resulting in stack.sh overwriting the
project_domain_name content.
One theory is that disabling swift makes this problem more likely as
there is swift work in the middle of the async period. This is supported
by the fact that our job that hits this problem does indeed disable
swift.
Change-Id: I0961d882d555a21233c6b4fbfc077cfe33b88499
(cherry picked from commit 06b7352478)
Due to issue on stckviz side, job start
failing with POST_FAILURE. If we fix the
issue still we need to wait for periodic job
periodic-package-stackviz-element to publish
the latest tarball on https://tarballs.openstack.org/stackviz/dist/.
Let's not fail the job for any issue occur during
stackviz processing.
Closes-Bug: 1863161
Change-Id: Ifee04f28ecee52e74803f1623aba5cfe5ee5ec90
(cherry picked from commit 580fec54c3)
This patch adds a new environment variable, CINDER_BACKUP_DRIVER for
configuring cinder backup driver used when c-bak service is enabled.
This gets cinder backup driver configurable with a similar pattern to
cinder backends. Although the current configurable backup drivers don't
need cleanup functions, the interface for cleanup is prepared for the
future.
The following backup drivers can be configured:
swift:
This is the default backup driver.
ceph:
This already can be configured if ceph backend driver is enabled. For
backward compatibility, ceph backup driver is used if ceph backend
driver is enabled and no backup driver is specified.
s3_swift:
The s3 backup driver gets configurable with this patch. By specifying
's3_swift', the driver is configured for swift s3api.
In the future, lib/cinder_backups/s3 should be created separatedly for
external S3 compatible storage. This file will just set given parameters
such as a URL and credentials.
Change-Id: I356c224d938e1aa59c8589387a03682b3ec6e23d
(cherry picked from commit 01a84d2d03)
This commit cap the network, volume and swift extensions on
Tempest's config option api_extensions.
Change-Id: I0af39a389539b0183d5b260e1fd34eb03e2b06d8
When OVN is built from source, the value of OVS_PREFIX is set to
"/usr/local". All other paths referring to OVS should be prefixed
with this value.
Closes-Bug: #1920634
Related-Bug: #1918656
Change-Id: I9a45a5379d1c47cdf67b9c6d3d0409a88501e61e
In case when OVN_UUID isn't set by user, and it isn't stored
in /etc/openvswith/system-id.conf file, Devstack will reuse it.
If it's not, it will generate and store it in the
/etc/openvswitch/system-id.conf file so it can be set to same value
after openvswitch will be e.g. restarted.
In case when OVN_UUID is set by user, it will be also saved in
/etc/openvswitch/system-id.conf file to make it persistent when e.g
openvswitch will be restarted.
Closes-Bug: #1918656
Change-Id: I8e3b05f3ab83e204bc1ce895baec0e1ba515895b
Instead of doing a flush/add, use replace like the ML2/OVS
code does. Should have the same behavior of not failing if
the address is already present.
Change-Id: If9d8a848b079ccb8c0c9b8e6fb708107aa0d46c7
This cleans up some of the quote and variable handling that was
pointed out in review of the previous patch. This is non-critical,
so I'm putting it in a subsequent patch to avoid disturbing the
careful alignment of patches across three projects that are mostly
approved.
Change-Id: I9b281efd74ba5cd78f97b84e5704b41fd040e481
In order to be able to test glance's distributed import function,
we need to have multiple workers in an arrangement like they
would be if one was on another host (potentially at another site).
This extra worker must be separate from the default image service
in order to repeatedly hit one and then the other to test cross-
service interactions.
This allows you to enable_service g-api-r, which will clone the main
g-api service, modify it to run on a different port, and start it.
The service will be registered in the catalog as image_remote.
Depends-On: https://review.opendev.org/c/openstack/glance/+/769976
Change-Id: I0e2bb5412701d515153c023873addb9d7abdb8a4
This file is mega out-of-date and no longer helpful. Remove it.
Change-Id: Ic7e215c3e48a9c453d19355ad7d683494811d2af
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The XenAPI driver was removed during the Victoria release [1], while the
libvirt+xen driver has been removed in the Wallaby release [2]. Remove
references to Xen from DevStack since its all a no-op now.
[1] I42b302afbb1cfede7a0f7b16485a596cd70baf17
[2] I73305e82da5d8da548961b801a8e75fb0e8c4cf1
Change-Id: If7055feb88391f496a5e5e4c72008bf0050c5356
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This was removed this service from nova in Ussuri [1]. There's no need
to keep this around.
[1] I2f7f2379d0cd54e4d0a91008ddb44858cfc5a4cf
Change-Id: Idc95c6467a8c6e0c0ed07a6458425ff0a10ff995
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
os-ken is used by neutron ML2/OVS agent.
We need to install os-ken from source to test os-ken changes
against neutron. We already have tempest-integrated-networking job
in os-ken repo but it turns out it consumes os-ken from PyPI :-(
Change-Id: Ibcff212591e9fed25f1316403627269d81455b09
We require the 'tls-proxy' service to set up certificates for us. Hard
fail if 'NOVA_CONSOLE_PROXY_COMPUTE_TLS' is enabled but the 'tls-proxy'
service is not.
Change-Id: I52fec12b78ecd8f76f835551ccb84dfb1d5b3d8a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We use Tempest master for testing the supported stable
branches so using master upper constraints works fine but
when we need to use old Tempest in the below cases then master
upper constraints do not work and devstack will not be
able to install Tempest in vnenv:
- Testing Extended Maintenance branch
- Testing py2.7 jobs until stable/train with in-tree tempest plugins
This commit adds a variable to set the compatible upper constraint
to use for Tempest's old version.
Few of the current failure which can be fixed by this new configurable var:
- networking-generic-switch-tempest-dlm-python2
- https://zuul.opendev.org/t/openstack/build/ebcf3d68d62c4af3a43a222aa9ce5556
- devstack-platform-xenial on stable/steinand stable/train
- https://zuul.opendev.org/t/openstack/build/37ffc1af6f3f4b44b5ca8cbfa27068ac
Change-Id: I5b2217d85e6871ca3f7a3f6f859fdce9a50d3946
CentOS 8.3 changed the name of the PowerTools repository to powertools:
https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.2011#Yum_repo_file_and_repoid_changes
With this repository disabled, DevStack fails to install libyaml-devel,
which causes a failure to install many packages. In my environment
DevStack stopped with an error caused by a missing wget.
Keep the command using the old repository name, for compatibility with
older CentOS releases.
Change-Id: I5541a8aee8467abf10ce8a10d770618bdd693f02
When I reordered the nova database creation for better performance
and cleaner arrangement, I broke the non-standard arrangement where
the super and cell conductors are squashed together. In devstack,
this is implemented by pointing the controllers at cell1 in the
config, which makes it hard to create and sync the databases in the
natural order. This manifested in a failure when running in this
mode (which apparently Trove is).
As a quick fix, this special-cases the setup for cell0 if that mode
is enabled. I will follow this up with a cleaner refactor of all that
stuff so this hack isn't required, but that will take a bit longer.
Change-Id: I5385157c281beb041bf67cba546be20cf9497cbe
Introduced in devstack by I2d7348c4a72af96c0ed2ef6c0ab75d16e9aec8fc and
long tested by nova-next this enabled by most deployment tools by
default now and should be enabled by default in devstack.
Change-Id: Ia76b96fe87d99560db947a59cd0660aab9b05335
This change introduces a basic role to copy the contents of /etc/ceph
between the controller and subnodes during orchestrate-devstack allowing
a multinode ceph job to be introduced by
I9ffdff44a3ad42ebdf26ab72e24dfe3b12b1ef8b.
Note that this role is only used when devstack-plugin-ceph is enabled.
Change-Id: I324c0f35db34f8540ca164bf8c6e3dea67c5b1b4
We have a *ton* of stuff in devstack that is very linear, specifically
the ten-ish minutes we spend loading osc to run a single API command
against something. We also generate configs, sync databases, and other
things that use one core of our worker and make our runtime longer
than it really needs to be.
The idea in this patch is to make it super simple to run some things
in the background and then wait for them to finish before proceeding
to something that will require them to be done. This avoids the
interleaving you would expect by redirecting the async tasks to a log
file, and then cat'ing that log file synchronously during the wait
operation. The per-task log file remains so it's easier to examine
it in isolation.
Multiple people have reported between 22-30% improvement in the
time it takes to stack with this. More can be done, but what is here
already makes a significant difference.
Change-Id: I270a910b531641b023c13f75dfedca057a1f1031
This patchset adds configuration support for network logging
when the OVN driver is enabled.
Depends-On: https://review.opendev.org/768129
Change-Id: I6fc0973bedfd1dcc72b01981cd64f9283662d37c
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
If we are backing glance with cinder, we will use more volumes and
if timing is right, we will clash with other tests and be unable
to create what we need. If we are backing glance with cinder, we
should increase the volumes quota, which this patch does (to 50 from
a default of 10).
Closes-Bug: #1914665
Change-Id: I2ad1c4d21f996ee1a9ce29ba4f1a4b8f5720f8fb
This commit fixes use of die function before it's defined.
die function can be used after sourcing $TOP_DIR/functions chain-
sources $TOP_DIR/functions-common.
Because fixed portion of stack.sh checks existence of $TOP_DIR/inc
and sourcing $TOP_DIR/function chain source $TOP_DIR/inc, this commit
uses echo & exit command instead of die function.
Closes-Bug: #1913021
Change-Id: I5ec174cf7b02269525b1bfd0bfa94ea889d16fce
On master, we should always enable tempest's verification of Glance's
os_glance namespace enforcement.
Change-Id: Ia71878e6c53ee683a868112959876798e946e2ce
Depends-On: https://review.opendev.org/c/openstack/glance/+/771070
I am still unable to stack because of pip 20.3, but this time
because of the tempest venv build. This forces it to the same
capped pip, which further works around the problem.
Change-Id: Icfaaefe1aa576733764b393cba96d276c9b1cf68
Related-Bug: #1906367
I'm not sure if others will find this useful, but I use this
script to run pieces of devstack while trying to write/debug
things. It saves me a lot of time being able to get to some
project-lib function without a full clean/re-stack.
Figured I'd share in case it's worth putting into the tree.
Change-Id: I9a92fa71d34f50c2f5ba7d11c1a45301bd4478bf
It has been broken for over a month. Feel free to revert in combination
with a fix, better with a commitment to keep the job in working shape
permanently.
Change-Id: I2604374c23716d56de29e16a459b7c7f45b84891
The create_disk() helper had some redundant checks and dead code. This
refactors it to put all the stale cleanup at the top, and groups the
new actions together with more relevant comments to make it easier
to understand.
Change-Id: I1f6218a1994e66786ed9a8065e30bcceec7b8956
Bug #1873234 documents a number of CI failures caused by RPC requests
from c-api to c-vol timing out due to `lvchange` taking longer than the
default rpc_response_timeout of 60 seconds to complete.
While the underlying reason for the slowness should be investigated by
the cinder team a trivial workaround to the fallout created by these
timeouts is to simply double the client RPC timeout used by c-api,
allowing c-vol to return and overall the request to succeed.
Change-Id: I53dc0ae10af6aa13f1349b58373932eb6a15ab02
Related-Bug: #1873234
Since the introduction of I8f24b839bf42e2fb9803dc7df3a30ae20cf264
s-proxy is no longer able to launch as keystonemiddleware (listed under
test-requirements.txt) has not been installed.
keystonemiddleware is listed as extras requirements in swift
- https://github.com/openstack/swift/blob/e0d46d77fa740768f1dd5b989a63be85ff1fec20/setup.cfg#L79
Let's install swift keystone extra requirements also.
Closes-Bug: #1909018
Change-Id: I02c692e95d70017eea03d82d75ae6c5e87bde8b1
This patch changes the OVN module from DevStack to allow for using the
OSapackaged version of OVN instead of compiling it from source.
A new variable called OVN_BUILD_FROM_SOURCE has been introduced and when
set to False (the default value) OVN will then use the packaged version
for setting up DevStack.
Note, in the stop_ovn() function, the OVN metadata agent service name
was wrong and the service wasn't being stopped as part of ./unstack.sh.
This patch also fixed it as well.
Change-Id: Ib41e3b486550200572afd6b3ba783d7644d70d44
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Co-Authored-By: Slawek Kaplonski <skaplons@redhat.com>
When deploying on the centos 8 stream variant
the output of "lsb_release -i -s" is
CentOSStream instead of CentOS
This breaks the is_fedora function in devstack
preventing package installation and removal.
Change-Id: I39ccefbd06f46adf5077f8d8001f37d3b190f040
This patch caps pip version during bootstrap to avoid the issue:
"ERROR: Links are not allowed as constraints"
A proper fix would be to adapt to new pip behavior.
Depends-On: https://review.opendev.org/764811
Change-Id: I1feed4573820436f91f8f654cc189fa3a21956fd
As documented in the associated TODO this job can be removed now that it
has been migrated to zuulv3 by Ib342e2d3c395830b4667a60de7e492d3b9de2f0a.
Change-Id: Id7c0fd8eec09386cd638956a46c1f75844194b9d
This change updates bionic installs to use the
ussuri cloud archive to enable the use of libvirt 6.0.0.
This is required to prevent a libvirt bug that causes intermittent
failures for the tempest test_live_block_migration_paused testcase.
Change-Id: I9c395c2b5fdfe6ad9a43477280e88e9a9b34f057
Related-Bug: 1901739
At this moment, only image_ssh_user is present in the config
of Tempest. It's set to cirros by default and used for
SSH connections in tests. However, several tests build
instances with image_ref_alt, but still use image_ssh_user to
connect, which results in failure if image_ref_alt is set to
a non-cirros image. They should use image_alt_ssh_user instead,
which can be set to whichever user the image_ref_alt needs in
either local.conf or during plugin installation.
Change-Id: I899909fb71a9862c891e94ba54c6a8fa137f9769
Partial-Bug: #1844535
Right now a system configured with the ceph plugin will not survive
a reboot because the backing disk we create and mount isn't mounted
at startup, preventing ceph from starting and the rest of nova/glance
from working.
This makes create_disk() idempotently write an fstab rule for the
disk we make, and adds a destroy_disk() handler for cleanup.
Change-Id: I50cd4234f51a335af25be756bd2459dca5aa343c
For change 739139 [1] PS 12, the
neutron-tempest-plugin-scenario-linuxbridge died in devstack with
"/opt/stack/devstack/functions-common:237 Failure retrieving default
route device", which comes from
"/opt/stack/devstack/lib/neutron-legacy:237:die_if_not_set".
Looking at the worlddump.txt for that job [2] I see that there is a
default ipv6 route; the vm was not configured with ipv4 networking.
ip route
--------
ip -6 route
-----------
::1 dev lo proto kernel metric 256 pref medium
2607:ff68:100:54::/64 dev ens3 proto kernel metric 256 expires 86380sec pref medium
fe80::/64 dev ens3 proto kernel metric 256 pref medium
default via fe80::f816:3eff:fe77:b05c dev ens3 proto ra metric 1024 expires 280sec hoplimit 64 pref medium
Looking at the devstack code that throws the error [3] it looks like
it only looks for a default route in the output of `ip route`, which
does not include ipv6 information. This change should look in both
the ipv4 and ipv6 route table. A similar check in the L3 setup code
is also updated.
[1] https://review.opendev.org/#/c/739139/
[2] https://d4eb7e3efe98cba79a4b-f4d168cdb20f40841821e4b213645c0f.ssl.cf2.rackcdn.com/739139/12/gate/neutron-tempest-plugin-scenario-linuxbridge/9a6b4f7/controller/logs/worlddump-latest.txt
[3] https://opendev.org/openstack/devstack/src/branch/master/lib/neutron-legacy#L236
Closes-Bug: #1902002
Change-Id: I839e8c222368df98fec308cf41248a9dd0a8c187
(MTU - 50) only supports VxLAN over IPv4, decrease it
to support IPv6 as well, which is 20 bytes larger.
Change-Id: I0cf258770f628c1b4fb590bd274b5433fbcc1450
Sometimes instances don't have an IPv4 default route, so only check for
it when we actually need it. In a followup patch we could extend the
code to check for an IPv6 default route instead or in addition.
Related-Bug: 1902002
Change-Id: Ie6cd241721f6b1f8e030960921a696939b2dab10
This function has been deprecated for a long time, let's finally
remove it. It is only generating a warning anyway.
Change-Id: I7bd440adf2ce8283e3ad3d5d09e6b2b877e2b42e
This patch set the os-vif "ovsdb_connection" configuration option so it
can connect to the local OVSDB. By default, this option points to
tcp:127.0.0.1:6640 and would fail if SERVICE_IP_VERSION == 6.
Also, if SERVICE_IP_VERSION is an IPv6 address, it should be wraped with
square brackets for it to work.
Change-Id: Ie6eec4e140c7464936cf0b0c6307026a94c9f4ee
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
this change corrects the flag order from 'route -6'
to '-6 route' as the -6 flag is an option when used with
ip is an argument to the the ip command and not the route
subcommand.
-6 is accpeted as an argument to the standalone 'route'
commannd but not 'ip route' subcommand.
Change-Id: Ic2ae472e42b7b455693d0aade48dc5109e1f21ba
The "ip route" command only outputs IPv4 routes, add a command to also
show IPv6 route information.
Drop output from "ip link" as that information is contained within the
"ip addr" output already.
Change-Id: Iae87f43c4b1c57f07de041e823da9d350c670389
The current code always overrides tox_environment when running
functional tests, but the correct behavior is to add
the discovered environment variables to tox_environments,
while keeping the user-specified value for it.
The current behavior breaks the devstack-tox-functional children
jobs, like openstacksdk-functional-devstack-ironic, which set
tox_environment.
Change-Id: I5dc9054a1495ca0ef7745c08316441ab153956f4
The situation around glance under WSGI has changed a lot in a week.
We can now run tasks and imports under WSGI, so let's switch the
default back so that glance is consistent (by default) with the
other projects.
Change-Id: I3ae285b2ac4972c0b8abaccfc7c0ede0e1c49bf1
Nova has newer qemu requirements which needs opensuse 15.2 to meet. The
infra opensuse 15 images are 15.2 now to accomodate that. Update
opensuse's supported version to match.
Change-Id: I6f3c5234920b185b2b0cd9c358371402f7a7b922
This includes a workaround to a known dnsmasq >= 2.81 issue that
results in unanswered DHCP requests from instances as documented in the
following Neutron bug:
dnsmasq >= 2.81 not responding to DHCP requests with current q-dhcp configs
https://bugs.launchpad.net/neutron/+bug/1896945
For the time being we will attempt to downgrade to 2.80 to avoid this.
Related-Bug: #1896945
Change-Id: I3a760c43956221424926bd9dad0ebe9b28ae2b52
Enable the compute feature for shelve_migrate on all but LXC and
Xen virt_types.
Related-Bug: #1732428
Depends-On: https://review.opendev.org/#/c/696084/
Change-Id: I31cd00c9117607682213cfa0399709e560f4ad0d
This patch will enable user to configure single cinder store as well as
multiple cinder stores for glance. Below are the parameters needs to be
added in local.conf.
A. For single store
USE_CINDER_FOR_GLANCE=True
B. For Multiple stores
USE_CINDER_FOR_GLANCE=True
GLANCE_ENABLE_MULTIPLE_STORES=True
CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1,lvm:lvmdriver-2,nfs:nfsdriver-1,ceph:cephdriver-1}
GLANCE_CINDER_DEFAULT_BACKEND=lvmdriver-1
enable_plugin devstack-plugin-nfs https://opendev.org/openstack/devstack-plugin-nfs
enable_plugin devstack-plugin-ceph https://opendev.org/openstack/devstack-plugin-ceph
NOTE:
GLANCE_CINDER_DEFAULT_BACKEND should be one of the value from CINDER_ENABLED_BACKENDS.
If you need to configure nfs and ceph backend for cinder then you need to add respective plugins in
local.conf file.
If GLANCE_ENABLE_MULTIPLE_STORES is True then it will not configure
swift store for glance even if it is enabled in local.conf file.
Needed-by: https://review.opendev.org/#/c/750018
Change-Id: Id0d63c4ea41cce389eee8dc9a96913a7d427f186
nova-ceph-multistore is defined in nova side to test the
glance multistore on ceph and it is voting on nova gate.
There are other multistore testing enhancement going on for
example- https://review.opendev.org/#/c/743800/. so to avoid
any regression, let's run exiting mutistore job on devstack
gate too.
Change-Id: Ie82b4057463df4b6138c53b14a582bd84866aebd
There is flag Q_BUILD_OVS_FROM_GIT which can be used to not compile
ovs from source.
But this wasn't respected in the ovn_agent's module in install_ovn
function which was always installing from source ovn and ovs.
We need to disable that e.g. on grenade jobs when new version is
installed.
Change-Id: I7d3f92365e880191dcfe7c618a6f79d5f741144f
This is will allow the openstack/nova project to facilitate a minimum
required version bump of QEMU and libvirt within the libvirt virt driver
in I8e349849db0b1a540d295c903f1470917b82fd97 ahead of the planned switch
to focal later in Victoria.
Change-Id: I85eb45632ff229676f7c29708f4a7cc64b3d90e3
Previously pyc files were only cleaned if clean.sh was run.
with this change a new clean_pyc_files function was introduced
with the logic that was previously in clean.sh but it is now
invoked from unstack.sh
With the previous behavior you could not stack with horizon
enabled then unstack and stack again due to the presence of pyc
files that were owned by root.
By moving the clean to unstack in stead of clean.sh you can
now stack, unstack and stack again without hitting the pyc issue.
since unstack is invoked by clean the existing clean.sh behavior has
not changed in practice except for the fact the pyc files are
removed sooner in the process.
This change also removes support for findutils < 4.2.3
Ubuntu 12.04 and CentOS 6 both have 4.4.2 since they were
released 8 years ago and are now EOL its fair to assume
that all modern distros have 4.2.3+
https://repology.org/project/findutils/versions
Change-Id: I13c9aad9be7e0930a0d875b7d382090caf0b8982
This reverts the changes made to the zuul config in [0]. Since the
backports to the stable branches have been merged, the jobs can be
voting again.
[0] I5d8aa0e58e0409c54451b51de5eb70ba9a68d849
Change-Id: I3f5972e05faea8f11d7e87f3f8b05e4979e6c328
A new setuptools release has changed the way pip installs are done,
see [0]. With this change we switch back to using the distro
method for global pip installs.
Temporarily make grenade jobs non-voting in order to allow this
patch to be backported.
[0] http://lists.openstack.org/pipermail/openstack-discuss/2020-August/016905.html
Change-Id: I5d8aa0e58e0409c54451b51de5eb70ba9a68d849
This patch is a follow-up of Ib4194329474e8d68a90886d2a04f027eecd741df.
This patch removes the configure_port_forwarding call from the
neutron-legacy module because port forwarding (just like other
extensions such as DNS, QOS, etc...) are already enabled in the
plugin.sh file in the neutron repository [0]. The
configure_port_forwarding method itself is also defined in the neutron
repository so calling it here may result in a failure in case the plugin
is not enabled.
We are also removing the "dns" extensions from the default
Q_ML2_PLUGIN_EXT_DRIVERS variable because this extension conflicts with
the default DNS extensions that is enabled by Neutron when
q-dns/neutron-dns service is enabled (also in [0]). The LP for this
conflict problem is: https://bugs.launchpad.net/neutron/+bug/1887163.
[0]
https://github.com/openstack/neutron/blob/945a244588b81064e4301b6f055a3c90f472bd7e/devstack/plugin.sh#L101-L103
Change-Id: Iafb9e45520798b2a612192cfc6cca28501465862
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This patch fixes an early stack issue where the following error message
would be presented:
ERROR: Cannot uninstall 'PyYAML'. It is a distutils installed project
and thus we cannot accurately determine which files belong to it which
would lead to only a partial uninstall.
We also drop references to removal of Python 2 library egg infos now
that Python 2 is EOL.
Closes-Bug: #1892363
Change-Id: I2876ee58ab6b73682869d6b4e684e10ac5e56ad9
The role reads the OS_* variables set by devstack through openrc
for the specified user and project and exports them as
the os_env_vars fact. It is meant to be used as a porting aid
for the jobs of the non-unified *clients only.
This is useful to run functional tests against the generated
environment. A slightly less generic version of this role
is currently used by python-cinderclient and python-novaclient
(get-os-environment).
In order to make this more useful, call it from
devstack-tox-functional and derived jobs. The role
execution is disabled by default and it can be enabled
by setting openrc_enable_export: true.
Change-Id: I15f5a187dbc54c82e8f4a08b4bb58d56e0d66961
There are a few dependencies which are really os-brick-specific.
They are listed in its bindep.txt file, but os-brick is usually
installed from pip, so its bindep.txt file is not available.
As those dependencies are needed by the various services
which use os-brick, move them to their own dependency file
(with the addition of the new lsscsi, required by the next
os-brick stable release) and make sure that file is parsed
when installing the services which require os-brick.
Side note: there should be a way to avoid this duplication
also for pip-installed libraries (normal services can use
files/ or even bindep, but in this case the source is not always
available), (temporarily?) duplicate them, as it has been
the case for the other os-brick dependencies already listed here.
Change-Id: I9ab6e215dbef9ebdb1946da2f9a40ce020ecc95b
As part of the Victoria PTG the Neutron team entertained the idea of
having the OVN driver as the default backend in DevStack (this hasn't
yet being decided by the community, this will be discussed within this
cycle).
For this to happen, we also would need to move the module that configures
OVN to the DevStack repository. This is what this patch is doing.
Note that we are updating the lib/neutron-legacy module instead of
lib/neutron in this patch, this is because as part of the PTG the
Neutron team has decided to un-deprecate the neutron-legacy module since
the "new" lib/neutron module is broken and nobody is current working on
it (also all services uses neutron-legacy).
Also, the ovsdbapp has been added to the ALL_LIBS list because a gate
job in the ovsdbapp project repository relies on installing the library
from source instead of pip to run.
Depends-On: https://review.opendev.org/#/c/740663/
Change-Id: Ib4194329474e8d68a90886d2a04f027eecd741df
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
We need to use python3, our deps are no longer installed in python.
Includes the current set of updates to the plugin registry.
Change-Id: I4753ddf60ed066cc11fa74dbbd63210dbad733a8
While RHEL 7 is detected as RedHatEnterpriseServer, RHEL 8 is
RedHatEnterprise.
$ lsb_release -i -s
RedHatEnterprise
Change-Id: I3d750d808c6ebea9c230f0508cdbc016415b9922
Most libs maintain their own system packages in a local bindep.txt file.
We don't currently use those when installing packages from source, which
can result in broken package installs.
This adds a flag to always attempt to install bindep packages if the
bindep.txt file exists. If a file cannot be found, it will just emit a
warning and carry on.
Change-Id: Ia0570f837b8af1c3fee0a314b026a4a7ed27e6a9
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
If glance is in standalone mode, image import works
fine so enable the tempest tests. Once we will have image
import or other async tasks working with glance under uwsgi
then we can remove this flag and run import tests by default.
Depends-On: https://review.opendev.org/#/c/741425/
Change-Id: I853e8a3815187f0aa8f05c70488ec948a97e55a6
As of the referenced patch in glance, we can do import in wsgi mode.
Also remove the enforcement that import methods are disabled.
Change-Id: I8da4b4ad6105bb64c4045ca80db9742591d01564
Depends-On: https://review.opendev.org/#/c/742065
We always want to start glance on the internal port now,
regardless of whether or not tls-proxy is in use, because we
write_local_proxy_http_config() for the standalone case.
Change-Id: I47dea645d4a852e02e25af0e1df9c28fec92c42a
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
While removing registry [1] we by mistake removed some code related to
multiple store configuration for glance. This must be happened during
resolving merged conflicts.
Adding it back.
[1] https://review.opendev.org/708062
Change-Id: I2b84f7b7c51b7b20765a06b48c75006fd2e8ab71
Glance should not be exposing import methods that cannot work via its
API, but it does today. In order for tempest (et al) to be able to
properly detect whether import is possible, we must configure the
import methods in standalone mode, or disable them in wsgi mode. The
referenced Glance patch will make this a requirement.
Change-Id: I3bf3498d83607c5e98b70877c061dc54fc3c0a6e
Needed-By: https://review.opendev.org/#/c/741497/
A whole set of Glance functionality is not usable under uwsgi, including any
of the more powerful async import, customization, and copying functions.
In order to facilitate writing and running tempest tests for these features
in all environments covered by the various jobs across all the projects that
include Glance, we should default to this deployment method.
It is still possible to deploy glance in uwsgi mode by setting the flag to
False, and we can do that for some jobs to make sure that it continues to
work. However, the default should be what we expect deployers will use,
which is standalone mode.
Depends-On: https://review.opendev.org/741479
Change-Id: I141acab2a07a4eebd8d850f900058bc8cbf9c7bf
This makes no sense to set on _every_ devstack deployment, only
if we are using libvirt qemu or kvm. Make it conditional.
Change-Id: I860e899274646ff73b8f084a0583325239aee9cc
This abstracts out the conversion of key=value,... property lists to a function
and makes both _upload_image() and the two ami/aki image create calls use it. The
move to bare key=value properties introduced a regression for ami/aki where
the --property flag stopped being passed to osc in that case.
Change-Id: Idf7fdfe3f5800f79f6c48f9d9606a7b53436a730
Full Glance functionality requires Glance being run in a configuration
where it can spawn long-running task threads. The default uwsgi mode
does not allow this, and the current workaround is to set WSGI_MODE
to something other than uwsgi to get the devstack code to deploy
Glance as a standalone service. Since this affects the entire rest of
the deployment, this patch separates out a flag to control this behavior
specifically for Glance. When WSGI_MODE=uwsgi, control of the Glance
deployment mechanism is allowed via GLANCE_STANDALONE=True|False. If
WSGI_MODE!= uwsgi then we deploy standalone Glance anyway.
Change-Id: I79068ce0bd7414bc48ff534ee22f0de5d7b091cb
Added new boolean option 'GLANCE_USE_IMPORT_WORKFLOW' default to False.
If this parameter set in local.conf as True then devstack will use the
new import workflow to create the image.
In order to use new import workflow of glance;
user need to set below options in local.conf
GLANCE_USE_IMPORT_WORKFLOW=True
Note that the import workflow does not work in uwsgi because of
some fundamental restrictions it has. Thus, devstack must be configured
with WSGI_MODE=mod_wsgi, otherwise glance will not be able to process
the imports. The new helper function will abort to avoid in that case
to avoid the image never being moved to "active" state by an import
task that will never be executed.
Co-Authored-By: Abhishek Kekane <akekane@redhat.com>
Co-Authored-By: Dan Smith <dansmith@redhat.com>
Needed-By: https://review.opendev.org/#/c/734184
Change-Id: I1306fe816b7a3eca1e2312c0c454be3d81118eca
Replace legacy-tempest-dsvm-lvm-multibackend with its native version,
cinder-tempest-lvm-multibackend.
Remove legacy-tempest-dsvm-neutron-dvr-multinode-full, which was defined
as an experimental job in neutron and removed during the ussuri lifecycle.
See https://review.opendev.org/#/c/693630/
Change-Id: I76d1efaa3a6c1fe9825e8457438f514114b2ecad
The old peakmem_tracker service has been disabled in [0], now enable
the replacement memory_tracker.
Also fail when the old service is still configured, otherwise
consumers might never notice.
Depends-On: https://review.opendev.org/739995
Change-Id: I583caf3f36a8ff41d7d4106dabc6c5f24243085e
Starting up n-api-metadata service on every compute nodes does
not solve the problem of isolated networks (no route to metadata
service). It all depends on how 'enable_isolated_metadata' and
related options (e.g. force_metadata) are set in dhcp agent and
what is configured for the 'nova_metadata_host' option of q-meta
service. Having a global n-api-metadata service in the control
node is sufficient for a mult-node lab setup.
Besides, the n-api-metadata services on compute nodes are not
really working due to https://bugs.launchpad.net/nova/+bug/1815082
Change-Id: Ib8691c3eeee59758fbd98989d9460f1458ea422f
Related-Bug: 1815082
This reverts commit f6286cb586.
This patch is blocking glance as it needs mod_wsgi to perform new import workflow.
Change-Id: I4475247dfe986114d37678b3d3d552c0c7d02ddc
Recent regression spotted by Dmitry Tantsur.
DevStack dropped Py2 support but the now-unused-in-devstack
python3_enable got its result nastily inversed.
Change-Id: I4b37cc847a24705c4955cec2e6e45f0514705f1b
The non-voting flag was accidentally dropped in [0].
[0] Ib4416dc2f5e003fd770f5240a8f78213c56af8e6
Change-Id: If9519f1ac9afd66553e1c1410fdc16369f166b98
No targetcli package on Ubuntu Focal, it should use targetcli-fb also
when "$CINDER_ISCSI_HELPER" == "lioadm".
Although Xenial only has targetcli, but Xenial is dropped from CI. And
starting from bionic, Ubuntu uses targetcli-fb to replace targetcli. So
here we can use is_ubuntu to make ubuntu use targetcli-fb.
Change-Id: I6d35b6651d486e716980dcd9f4d693bed560463a
This option sets enable_v1_api in glance-api.conf, a setting that
was removed by change Ia086230cc8c92f7b7dfd5b001923110d5bc55d4d
in July 2018, so remove the devstack option from lib/glance.
It occurs in two other places:
This option is used in lib/cinder to set an option that was removed
from Cinder by change Ice379db9ae83420bacf9e96e242c7515930eae86 in
Queens, so remove the related code.
When this option is False, it is used in lib/tempest to set
[image-feature-enabled]/api_v1 to False in the tempest config file.
However, the default value of ths setting has been False since
change Iab3a209c744375bf2618afc00a3f7731b62f557e in Sept 2018,
so remove the related code.
Change-Id: I4b18a0a388ed7e7a392fabeac613778e0d23dee7
Those historic references to port 5000 and 35357 aren't being used
anymore for some time, so let us drop them.
Clean up some python2/3 wording along the way.
No longer mention Identity API v2, which is also a thing of the past.
Change-Id: Iafff097eee082f24ea2ae27ad038ad115aa36c61
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.
Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
This commit adds the focal nodeset for
multinode so that those can be used for
projects side jobs or testing.
We need to define these as first step to avoid
any conflict on nodeset name if project started
defining these.
Example: three node focal nodeset is already
defined in x/tobiko, fixing the same in depends on.
-I30a6bb63269f031a74f9bff6c765d59d91088797
Depends-On: https://review.opendev.org/#/c/738128/
Change-Id: I5ce49f7a7d52d00555c14b08864bc8975956b20c
Story: #2007865
Task: #40212
Some arping versions only accept an integer number for the
"deadline" (-w) parameter.
Change-Id: Ie21c9b5820262d049c0fcd8147d85cc110d88272
Closes-Bug: #1885169
Dragonflow was retired in 2018 and is now being retired. This removes a
documentation reference to it.
Change-Id: I24ab79482306a7c816b5242a981f1b508ff8f6ec
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
We haven't had a working job for stretch or jessie in years, attempts
to get things fixed have been dropped, set let's be honest and drop
those from our support list.
Change-Id: Ia6152be79f8044f7ff039ec0911ad4938d6271f4
- Add a nodeset and a platform job
- Drop uwsgi-py2 pkg that no longer exists
- Blacklist tests that are currently failing
Change-Id: Ib4416dc2f5e003fd770f5240a8f78213c56af8e6
Focal only provides a pip3 binary, no pip3.8. Instead of working around
that with a symlink, use the module instead.
Add version information output for this variant.
Change-Id: I7af194ecc40e4d43c10ce067a661bb6ab4ca37d4
process-stackviz role currently defined in Tempest repo[1] and used
in tempest jobs. Issue with having it in branchless Tempest is that any
fix in that role cannot be backported to older Tempest. Also stackviz is
not Tempest things it is only used by Tempest jobs.
Stackviz can be considered as a service similar to Tempest so inatlling it in
Devstack side make sense. Also that will give us advantage to handle the
branch specific fixes or backpoting the fixes.
This can solve the current issues we are facing on rocky branch
- https://zuul.opendev.org/t/openstack/build/c1e2da80537448bfb24331fb4198a931/console#4/0/29/controller
[1] https://opendev.org/openstack/tempest/src/branch/master/roles/process-stackviz
Change-Id: I0ba1fd05c6391cd8bb978119ecfbb891def2d497
During the Victoria cycle we plan to switch default Neutron backend in
Devstack from OVS to OVN.
As first step before we will start discussion about this change with
whole community, we want to add tempest ovn based neutron job to
the devstack check queue so that we can keep verifying that with
devstack changes.
Change-Id: I8484baa7398b28ed5ef62f86b55022c7d8703f56
Glance has deprecated registry serivce for long and now efforts are placed to
remove the registry code from the glance repo.
To avoid regression on other projects, gate jobs etc. removing
configuring registry service from the devstack.
Change-Id: I6a7be6bdc97acc43c8e985060aeea05d92642e80
Neutron-fwaas is going to be deprecated in master branch with [1].
[1] https://review.opendev.org/#/c/735828/
Change-Id: I513ef36e681fc3f9e5aa9f81c9aedba716366729
Building uwsgi from source was a workaround that was introduced a long
time ago, it doesn't seem like it is needed anymore and will actually
fail for Ubuntu 20.04.
Also it doesn't match what will happen for most real-world
installations, so let's try to get back to using distro packages. We'll
still use the source install for RHEL/Centos, it remains to be tested
whether we can get back to using distro versions there, too.
Change-Id: I82f539bfa533349293dd5a8ce309c9cc0ffb0393
uwsgi broke installation from source with their latest release [0].
Since we want to move away from source installation anyway, make
grenade based jobs non-voting for the moment so that we can backport
[1] properly.
[0] https://bugs.launchpad.net/bugs/1883468
[1] https://review.opendev.org/577955
Related-Bug: 1883468
Change-Id: I8e47bb7c70031a4df7f1af6b811df4c6cc784b2a
Tempest option scenario.img_dir has been deprecated more than 4 years, it's
time to remove it from devstack.
img_file option should contain the full path to the image.
This patch removes setting of img_dir option and makes img_file
one contain the full path of an image.
Change-Id: I71102095f3603915f0bc7d21f2e18c4eac4e95ec
Depends-On: https://review.opendev.org/#/c/710996/
Related-Bug: #1393881
The FLOATING_RANGE variable should specify the network address of the
used prefix for clarity.
Change-Id: I547bd42d8bdc5f0f2001d47f2d5b43729773b1bc
Closes-Bug: 1870204
This is already unconditionally installed via install_apache_uwsgi in
stack.sh; we don't need to install it again in keystone. Since we
need workarounds on some platforms (see
I3bc5260e77cebe852cc8d70d9eddf84ef71d74bb) we only want to do this in
one place.
Change-Id: I40d84cbdf68cf6bb5cba143b6c0c126cdb8a84d4
All these uwsgi invocations assume that the uwsgi binary is in the
same directory as their project binaries are installed into (probably
/usr/bin). That may not be correct -- for example if using a packaged
uwsgi on Fedora the binary will live in /usr/sbin/uwsgi (not /usr/bin
where the project files from pip are).
Switch invocations to just find it in the path.
Change-Id: I298e3374e9c84e209ffcabbaaacda17f8df19f4f
Centos 7 is no longer supported, replace with Centos 8. Also Debian
hasn't been working for some time and progress in fixing it has stalled,
so drop it for now.
Change-Id: Ic1513b20f296978bca095c7aa79f022d7d9ab7ac
Closes-Bug: 1881183
This option was deprecated in Ussuri [1] as nova no longer provided any
schedulers aside from the filter scheduler and the existence of
third-party schedulers was very unlikely. Stop configuring this and
simply use the default.
[1] https://review.opendev.org/#/c/707225/
Change-Id: Iabdd1d00e00ee269334f0fe0db265a97207e2dc6
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We need an appropriate auth_uri for s3token to be able to contact
Keystone.
Since tempauth is always enabled, we want to delay the auth decision
until after tempauth has had a chance to try.
Change-Id: Ie4ff33a617b9dc74d51d037ec8ebd0d9787dd76d
For a long time, swift3 recommended a pipeline like
... swift3 s3token authtoken keystoneauth ...
This led to inefficiencies where the proxy would first contact Keystone
to validate the S3 signature and issue a token, then contact Keystone
*again* to validate the token ID that was just issued.
After s3token moved into the swift3 repo, it was improved to be able
to put all of the headers into the WSGI environment that Swift's
keystoneauth middleware expected and the recommended pipeline was
changed to something like
... authtoken s3api s3token keystoneauth ...
At the time, the old order would still work, it would just be less
efficient. When support was added for Keystone v3, however, the new
order became mandatory.
All of that happened before swift3 moved back into Swift as s3api, but
the pipeline placement problems are the same: Keystone users won't be
able to use the S3 api with the current order.
Change-Id: Id0659f109cc2fc12ddb371df0b26812ba8c442d9
Related-Change: I21e38884a2aefbb94b76c76deccd815f01db7362
Related-Change: Ic9af387b9192f285f0f486e7171eefb23968007e
The bug has been fixed since a while, also in recent distributions,
for example Ubuntu 20.04, the sgabios.bin ROM is provided directly
by qemu-system-data as an actual file under /usr/share/qemu and
it conflicts with the one provided by sgabios, so removing the
workaround is actually needed to prevent failures.
Change-Id: Ib5f23dbd8839a0927418692054f4ed4abd76babc
Switch to openstackdocstheme 2.2.1 version. Using
this version will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
Set openstackdocs_auto_version to not auto-version the documents.
Set openstackdocs_auto_name to use 'project' as name.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I26887b175b9c1ced7347289b7d5d4f57a20ec36a
tmpfs exhaustion has long been suspected as the root issue behind
failures to load ssh keys and other metadata from local config drives as
documented in bug #1808010. This can also lead to failures fetching
metadata from n-metadata-api leaving Tempest unable to SSH into
instances.
This change increases the RAM of the m1.nano and m1.micro flavors by
64MB to hopefully avoid these errors going forward. This is also ahead
of our eventual upgrade to Cirros 0.5.0 where 128MB becomes a
requirement.
Related-Bug: #1808010
Change-Id: I4b597579cf89939955d3c110c0bd58ca05de61f0
Disable insecure option for glance_store with
swift backend when tls is enabled.
Specify swift_store_cacert option.
Change-Id: Ia1e8f596c95dd7b6e63cb21a94c8316dc71bf945
Follow the pattern of the other configuration keys. The new variables
allows tests to enable/disable volume revert tests provided
by cinder-tempest-plugin.
Revert-to-snapshot was introduced in pike, and so the tests.
Change-Id: If137f201c2f646703f5a1ff96e71e48caed63b67
Ubuntu Focal doesn't have python-pip, only python3-pip. Trying to
uninstall a package that apt doesn't know about (installed or
uninstalled) results in a nonzero exit code so devstack fails. This
patch makes the package removal safer for both python2 and python3 cases
by checking first if the package exists.
Change-Id: I3b1118888cb0617ffb99b72c7e9a32308033783e
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove obsolete section from setup.cfg
- Use newer openstackdocstheme and Sphinx version for python 3
- Remove install_command from tox.ini, the default is fine
- Move basepython into testenv
- Update bashate version
Change-Id: I3d78b3787af2efce831d223dbcab6cf84c358028
The integrated gate template (integrated-gate-py3) has been switched
to the new grenade name (grenade-py3 -> grenade). This repo uses the
template but also has for irrelevant files an extra entry.
Rename the job following the template change to avoid duplicate
grenade runs.
Details:
- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014602.html
Depends-On: https://review.opendev.org/725148
Change-Id: I73e67c0e01ca231678903b2460dab672f17251e3
We no longer support platforms with Yum on master. Cleanup old
references and convert to dnf.
We don't need any of the failure wrapper stuff as dnf runs in strict
mode by default.
There seem to be a few callers out there, so we'll leave it called
yum_install for now.
Change-Id: Ie71a48fd85b00a97a14bf260cd013b18af4cce06
This package isn't available on some distributions hasn't been
required in Neutron for several years
If679e79fa3242ee1cd8610b5525deca35b41c87e. Remove it.
Change-Id: I7308a885c1d084efe2f0b9f542443d35966140ed
The paths for the devstack source directories are currently hardcoded,
this patch allows overriding that list.
Change-Id: I2b673b0d110d84658b89bb14663584330deaf3aa
With the removal of CentOS 7, we can re-evaluate the rpm
installations.
We should not need virtualenv after https://review.opendev.org/712609
There should be no need for python-devel as we're python3
pyOpenSSL was added to workaround memory issues in
9e98f9435e (2015) ... I think we've
moved on.
pyxattr is not a package; remove it.
I don't see we need packaged m2crypto, which isn't a package on CentOS
8. nor libxml2-python; these days it has wheels which should work
with the normal installation process.
centos8 has:
* targetcli
* pcp-system-tools (and no dstat)
* iptables-services
* java-1.8.0-openjdk-headless
* kernel-modules
* rsync-daemon
just as all supported fedora's do, so we can remove any matching here.
Change-Id: I542c426a67a98f331d2a29bacd220af81fab8cc4
We have lib/databases/mysql which is installing databases, remove it
from the bulk package lists.
Split is_fedora (fedora & centos8 -- soon) to install mariadb-server
and mariadb-devel to retain status-quo.
On suse this seems to be a meta-package
'mariadb-server' not found in package names. Trying capabilities.
so split that out. It seems it has never been installing the -devel
package, and things work (presumably clients are coming from wheels so
don't need to build against it).
Change-Id: I86433318e8f76c40c5c792b795411a5c9d8351d3
We do not support CentOS 7 on master branch due to no Python 3 or
ongoing eco-system (i.e. RDO) support; see
Id9ef507dd6f4226d65c6ed3043666b0aa6a3bd1c.
Change-Id: If98581708568e7a8d15e6edc588a008df0cac0fb
This includes the addition of the python3-virtualenv package required to
provide the virtualenv binary that is no longer present in the image.
Change-Id: Ie8e66d8b9f93063b97f88f41a626daddf235339b
Using venv, which is part of python3, we avoid an extra dependency on
the virtualenv package. For Debuntu, which splits this out into a
separate package, add this to debs/general.
This is part of the infra efforts to ship "plain" nodes without any
dependencies installed. While devstack can re-install virtualenv, we
don't need any features it provides and it means one less dependency.
Change-Id: I3c323640f288e57581a4eb8adba2a08d0b0cbd8f
There's a bug[1] with the combination of the p11-kit and
ca-certificates-mozilla packages available on the latest built
opensuse-15 node in nodepool (which has not been rebuilt for weeks due
to a separate issue[2]) which causes the standard CA bundle to not be
installed correctly and causes jobs that call to external HTTPS services
to fail. Upgrading both packages in sync fixes the issue.
[1] https://bugzilla.suse.com/show_bug.cgi?id=1154871
[2] http://bugzilla.suse.com/show_bug.cgi?id=1166139
Change-Id: Ia8fdfe12fd9089e178adcb2b5eec997eebada262
Needed-by: https://review.opendev.org/713566
When stacking outside of Zuul CI the wheels have to be built locally and
python3-dev package is required.
Story: 2007491
Task: 39213
Change-Id: I0960269d5cf193c9ececc5490485522c74646382
This first came in with Id749c37ab7fefa96b35f11816b56b9def5ef4b08. It
talks about ancient versions of pip; can't see we need it any more.
Change-Id: I9d4831955070990a81a809d988612d9d5b1aa672
Recent change to devstack dropped installing test-requirements [1]
However, this caused gate failures due to lack of glance-store
deps for cinder and swift support.
This patch makes devstack install relevant extras depending on
enabled features.
Additionally, relevant functions are added/fixed to make this
possible.
glance-store = glance_store (for gerrit search match)
[1] https://review.opendev.org/715469
Change-Id: I0bf5792a6058b52936115b515ea8360f6264a7c9
Swift keeps testing py2 but we should keep both in shape.
To fix stestr on py2:
Depends-on: https://review.opendev.org/715942
Change-Id: I616e39c64e22d467d7186dba98226cc5beef23ea
This is a test of installing openstack and then seeing if it works.
OpenStack components do not need test-requirements to operate,
that's why they are test-requirements.
Additionally, as we look forward to depsolver pip, this is going
to screw us because we don't apply constraints to linters, which
are expressed in - you guessed it, test-requirements.
Change-Id: I8f24b839bf42e2fb9803dc7df3a30ae20cf264eb
This reverts commit 79b8e79488.
This is breaking things in various jobs, most notably because
we do not put constraints on linters - but we install
test-requirements which then can conflict with each other.
Change-Id: Ibc5603c61b38ce44db58fb27a27352f59123ad09
The new pip depsolver is coming this summer. Until it's ready,
run pip check at the end of devstack to make sure we're not
somehow installing conflicting package versions. We shouldn't
be, because of constraints, but if we are, better to know and
start figuring it out.
Change-Id: Id98f0848ff5a252d93e5f8029df2d069924d603f
The function was using a hard coded value of localhost:11211 when
we have an option MEMCACHE_SERVERS that can be defined and used
inside DevStack.
Change-Id: I4947928fe406a9844d5bdaa3c826d273952fa097
DEVSTACK_GATE_FEATURE_MATRIX seems to be an old legacy thing that
is no longer being used. It currently prevents using the jobs in
openstack/devstack without adding openstack/devstack-gate for the
role.
Change-Id: Iab9b4862c01043d2c158398bac4b3b289a0adba0
tempest-multinode-full is py2 job and not needed to
run on ussuri onwards. Chaning this to its py3
version tempest-multinode-full-py3
Change-Id: Iff271eabcf1a39d6bf6c1fcd55ff2749cab2373f
The networking-ovn code is being moved into the neutron repository as
part of the effort [0].
This change is needed so we are able to install OVN from packages
when running the networking-ovn functional tests along with
the Neutron ones (see [1]). In the old networking-ovn repository we did
compile OVN from source instead of installing it from packages but
that took time. We want to do better in the Neutron repository.
[0] https://blueprints.launchpad.net/neutron/+spec/neutron-ovn-merge
[1] https://review.opendev.org/#/c/697440/
Change-Id: I92ab727d9954eb729c41b9a67ecb60b56883097b
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
From Train release Glance has added support [0][1] to configure multiple stores
of same or different types. This patch enables developers to configure
multiple file stores for glance. In order to configure multiple file stores
user need to set below options in local.conf
GLANCE_ENABLE_MULTIPLE_STORES=True/False
To enable multiple stores of glance.
GLANCE_MULTIPLE_FILE_STORES=veryfast,fast,cheap,verycheap,slow,veryslow
Comma separated list of store identifiers.
GLANCE_DEFAULT_BACKEND=fast
Default glance store in which image should be stored if store identifier not
specified explicilty. Should be one of the store identifier from
GLANCE_MULTIPLE_FILE_STORES config option.
NOTE: This support is added so that we can start adding tempest/CI tests for
glance multiple stores.
[0] 515412b59f5b3af07a1787b9f8e85a4d656d3e1c
[1] https://docs.openstack.org/glance/train/admin/multistores.html
Change-Id: I494f77555cfe9115356ce0ee75c7d7f192141447
Building on I5c3e1b7b632fd73310c462530990cdb0e0c0ceea we can now add a
Fedora job using the virt-preview repo that will be used by Nova's
experimental queue.
Change-Id: Iad9d64912bb07f307e4897ece1621f275f1d5211
'str' type in python2 is 'bytes' type in python3,
when use python3, we will get a prefix 'b':
sudo ip netns exec b'qrouter-39cc2b45-a27c-49c5-94a6-26443a49ac63' ip
neigh
--------------------------------------------------------------------------
*** Failed to run 'sudo ip netns exec
b'qrouter-39cc2b45-a27c-49c5-94a6-26443a49ac63' ip neigh': Command 'sudo
ip netns exec b'qrouter-39cc2b45-a27c-49c5-94a6-26443a49ac63' ip neigh'
returned non-zero exit status 1.
The message above is raised by running tools/worlddump.py with python3.
Change-Id: Ic254af86fa27729839f00c0ad4a5bbbc9e545a09
With fedora-latest now using Fedora 30 images and Fedora 29 itself EOL
we can now remove support for it from devstack. This change also cleans
up references to earlier Fedora releases under files/rpms/.
Change-Id: I24332f7016ebb549ea678acf677c477b55ec4d4b
With the open-iscsi rebase we should now be able to move the
fedora-latest job to fedora 30 ahead of the removal of support for 29.
Change-Id: Ia80f03f275e595d3b26b52b3478f303036d59438
I2f16658c5a3e22cac70912a0f3ad65cdd7071a1e worked around an open-iscsi
bug that remains unpatched in Fedora 30 and 31 by using a private copr
repo with the patch applied. Rawhide has finally been rebased to 2.1.0
where this issue and many others have been resolved.
We can now use a new repo that has been built for Fedora 30 and 31 that
provides this rebased package that we can either use until the rebase is
backported to 31 and 30 or 32 is supported.
Change-Id: I5ba5885bd9c784949602aeb4ddff9d75fecc6b3d
With the recent switch to py3 we need to ensure python3-devel is
installed on Fedora >= 29 before pip installing any dependencies.
Change-Id: I21417687db5b3827c5272ed22f6dc95db13f2870
The GRANT command in mysql8 can no longer create a user implicitly.
Split that part into a dedicated CREATE USER command.
Also drop disabling the query_cache, it is off by default for some time
and the option got removed in mysql8.
Change-Id: I31bcc285ff8e373abbacb303c1269857c9cfa9ed
After Python 2 is getting unsupported, new distros
like CentOS 8 and RHEL8 have stopped providing 'python'
package forcing user to decide which alternative to
use by installing 'python2' or 'python3.x' package
and then setting python alternative.
This change is intended to make using python3 command as
much as possible and use it as default 'python' alternative
where needed.
The final goals motivating this change are:
- stop using python2 as much as possible
- help adding support for CentOS 8 and RHEL8
Change-Id: I1e90db987c0bfa6206c211e066be03ea8738ad3f
Set default python3 version as 3 for cases python3
is not installed before running DevStack.
Implements installation of required python3x package
for RedHat family distros with package name depending on
configurable ${PYTHON3_VERSION}. Examples:
3 => python3 python3-devel (default one)
3.6 => python36 python36-devel
3.7 => python37 python37-devel
This should help in situations where there are more
than one python available for given platform and
DevStack is asked to pick one by its full 3.x version
Change-Id: I49d86bc9193165e0a41e8e8720be37d81a4e7ee0
We have dropped the tempest-full from
Tempest gate and made this to run on py2
explicitly which is nothing but for stable gates.
- I75868d5c9b6630fe78958ff89e58a0aced09a6b3
This job is not supposed to run on ussuri onwards master
gate as everything will be python3-only.
Change-Id: I372bde6a1753884efaf15da5fab48f1bddb4dab5
We are hitting this error:
+ tools/fixup_stuff.sh:fixup_ubuntu:82 :
sudo rm -f /usr/lib/python3/dist-packages/httplib2-0.11.3.egg-info
rm: cannot remove
'/usr/lib/python3/dist-packages/httplib2-0.11.3.egg-info': Is a directory
This patch adds the -r option to allow removing folders.
Change-Id: Ib7bb8b0a3dcf747bcc06da1a2fb17fa9d8808484
When starting 'memory_peak' service is using python command instead of
python3, while psutil (required package) is most probably being
installed into the python3 environment (as we are dropping python2.7
support).
Closes-Bug: #1860753
Change-Id: Ia2b7e2e33d784560443131e2965f520b361a54e3
TEMPEST_BRANCH which is mostly set as master so
that Tempest master is run to test the env. With
stable branch going to EM state and Tempest master
might not work due to incompatibility of code or
requirements. In that case we pin the Tempest so that
older Tempest can be used for their testing.
Till now for ocata, pike and, queens we used the gerrit style
ref to pin the Tempest which is not preferred way. We should be
able to use the tag name on TEMPEST_BRANCH.
This commit explicitly checkout the tag set in TEMPEST_BRANCH
as git_clone does not checkout the tag directly until RECLONE
is true or tempest dir does not exist.
After this stable branch or job can set the tag directly with name.
For exmaple: TEMPEST_BRANCH=23.0.0.
Change-Id: Ic777e4b56c4932dde135ac909cb5c6f4a7d5cc78
Work on the new neutron scripts has stalled and they aren't in a useable
state yet. Given the ongoing decline in contributions, let us
acknowledge this and undeprecate the neutron-legacy scripts so that
people can continue to use them without feeling guilty about it.
Change-Id: I4bce19da861abf18ddb89d82fd312c5e49a4ee7c
The virt-preview repo provides the latest rawhide versions of QEMU,
Libvirt and other virt tools for older releases of Fedora. This repo is
extremely useful when testing features in OpenStack that rely on these
latest builds well in advance of them landing in full Fedora, CentOS or
RHEL releases.
This change adds a ``ENABLE_FEDORA_VIRT_PREVIEW_REPO`` configurable
to control when this repo is enabled and used when deploying on Fedora.
Change-Id: I5c3e1b7b632fd73310c462530990cdb0e0c0ceea
'tools/mlock_report.py' script requires 'psutil' package to be
installed. This ensures it is done before memory_peak service is
started.
Partial-Bug: #1860753
Change-Id: I7b2b6eaf9856c6057e1a4a0054d15074150a6cb6
The hack has be around for pip 1.4.1 and older. It should be safe to
remove it by now. In fact it causes problems in my Ubutu Bionic VM when
trying to overwrite httplib2 library installed from the distro package.
Change-Id: I34b826f4e8f10f8d44b888120f19fcc7ba501b3d
[1] stopped installing pip for py2 when py3 is being used.
This patch makes sure we check only for py3 pip then.
Also removed some no-longer-relevant comment and
made uninstall behave the same.
Check for pip>=6 removed too.
See also [2].
[1] 279a7589b0
[2] http://lists.openstack.org/pipermail/openstack-discuss/2020-January/012182.html
Change-Id: I36ee53e57e468d760b80a7e621b90899867a8efd
We dropped the ability to override USE_SYSTEMD to False when we deleted
screen support in [0], so we can also clean up any conditionals based
on it.
Also clean up the logging setup functions, dropping local vars for
parameters that we don't actually support anymore.
[0] I8c27182f60b0f5310b3a8bf5feb02beb7ffbb26a
Change-Id: I5cbce9f2c42e111761e8689447b3f8cbb7ea2eb5
The Sheepdog project has been defunct for awhile now, and the Sheepdog
driver and os-brick connector is now being removed from Cinder. This
cleans up plugin references for the driver.
Change-Id: Ieb2d9cf653b2d3a4af30cab26b8428a7c7edff98
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The proposal job to update the plugin list has been failing for a long
time as it gets a 500 error from gitea on the openstack/openstack
repo. This is an odd "superrepo" with all projects as submodules;
thus openstack/openstack/devstack is actually a project, not the
directory with a plugin in it.
Skip this repo (gitea shouldn't return a 500, but that's another
thing...)
Regenerate the list manually for this run.
Change-Id: I6ed65bcb720d4cb10702cbf66106120e001ec35f
Some distros do not install python3/python3-devel with the minimal
install. F29 doesn't install -devel, and neither Centos 7 or 8
install either. This patch ensures that these packages get installed.
Ideally, PYTHON3_VERSION would be set *after* ensuring that python3
was installed, but it gets a little tricky with all of the includes.
This sets it to 3.6 as nothing uses 3.5 anymore.
Change-Id: I7bdfc408b7c18273639ec26eade475856ac43593
Need to make PyYAML overridable on Ubuntu, it is a dependency for e.g.
cloud-init, so we cannot remove it.
Depends-On: https://review.opendev.org/703792
Change-Id: I4423dfb2c30299903b52a2bb06d846dd487f5b8b
nova-live-migration is legacy job and and rely on
devstack-gate + devstack setting so any change in devstack can
break it. Example bug: 1860021
We can remove this job once it is migrated to zuulv3 native.
Change-Id: Ie34d4dc1ab30ced8161796fe32628db07de86cc9
Related-bug: #1860021
In same cases, the hypervisor presents to the guest OS a named CPU model
is similar to the host CPU and adds extra features to approximate the
host model. However, this does not guarantee all features will be
precisely match.
This patch adds LIBVIRT_CPU_MODE to allow users to define the CPU mode
they want to use, for example "host-passthrough".
Change-Id: I83792c776b50d1d22584be2a37cc6a166f09c72b
This reverts commit d8dec362ba. This has
knock on effects for devstack-gate, which configures g-api on subnodes
node but not mysql, resulting in failures. A longer term fix would be to
either a) stop configuring g-api on subnodes if we can determine it's
not necessary or b) only configure the database if on the main node.
However, both options are subject to debate so for now just unclog the
gate.
Change-Id: I58baa3b6c63c648836ae8152c2d6d7ceff11a388
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Closes-bug: #1860021
This reverts commit d7dfcdb467. A
subsquent change that depends on this,
d8dec362ba, has knock on effects for
devstack-gate and needs to be reverted. Revert this first.
Change-Id: Ic5402f57052648e10eacf3c3de67d2cdd2d42f63
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Partial-bug: #1860021
Everything in OpenStack *must* be Python 3 supporting now, which means
it's time to remove the functionality that allows us to blacklist
packages that didn't support Python 3.
Change-Id: I7c8cf538ec88bd4056b0109f19671e3d65f5da3a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Since [1] Glance init depends on either g-api or g-reg being
enabled.
This broke multinode g-api deployments with singlenode database
backend.
This commit aligns Glance with other services w.r.t when to
apply database init.
[1] d8dec362ba
Change-Id: Idc07764d6ba3a828f19691f56c73cbe9179c2673
Closes-bug: #1860021
This has now been removed and even prior to removal defaulted to True.
Change-Id: I847a873d833a4dbee96afa1d2726fea2b8045eeb
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This option has default to the 'NoopFirewallDriver' for some time and
will soon be removed. Stop configuring it entirely.
Change-Id: I4dbc0015cf26d7edf51d0d5fd978ccd3a1ad1b79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Currently VMs created by a previous DevStack run still exists even
after re-run stack.sh. This leads to a failure in launching a VM after
the second run of stack.sh. We need to check the reason of the failure
by nova compute log and clean up remaining VMs. It is annoying.
IIRC we cleaned up existing VMs. While I failed to identify which commit
changed this behavior, I believe it is worth recovering it.
This commit changes unstack.sh to call cleanup_nova. cleanup_cinder()
already cleans up LVM volumes and some of them may be used by VMs,
so I believe it is reasonable to clean up VMs in unstack.sh.
Change-Id: I9fcbc5105e443037fada1ef6a76a078145964256
This change removes the .gz extension from the
service and syslog logs exported via journalctl.
This change nolonger gzip compresses the exported
logs so that they can be rendered in the browser
directly when served from swift.
Change-Id: I4557a737cb13b9c2406056be08ab8a32ddd45162
This was added in 2012 with I89677fd54635e82b10ab674ddeb9ffb3f1a755f0,
but I can not see it being used anywhere currently.
It's use of virtualenv's has become problematic in a python2
deprecated world, but since it is not used, remove it to avoid further
confusion.
Change-Id: I65d44d24f449436ca6229928eee2c5a021793055
Just calling "virtualenv" makes a Python 2 based environment;
setuptools just dropped Python 2 support (as Python 2 reached EOL in
Jan 2020) so this has now become a breakage.
Although the Python 2 path won't work, use the abstracted command.
This should stop us having to revisit this for any future cleanups (or
switing to venv, etc).
Change-Id: I531e971b78491a9276753c0d86b04c4adbd224aa
In Train, the access rules API was introduced in keystone. This change
enables testing it in tempest.
Depends-on: https://review.opendev.org/699519
Change-Id: I2af21868cbf584a6881c6208bc2afc3bdb323ab9
lib/tempest uses 'tempest-account-generator'
which is deprecated 4 years back.
In addition to above, lib/tempest also uses
'os-tenant-name' which is also deprecated.
Use of 'tempest account-generator' and
'os-project-name' should be done now.
Signed-off by: Soniya Vyas<svyas@redhat.com>
Change-Id: I624e1dc57a3d3533322fb298c01f70241d0400ed
Tempest's service_availability config option includes all the service
availability which is further used by tests to take decision of skip
or run the test.
For example, [service_availability].nova is true then, compute test will run
or if [service_availability].aodh is false then, all aodh related tests either
in aodh tempest plugin or any other plugins will be skipped.
Now question is what is the best way to set the each service availability for
tempest or tempest plugins tests. We have 2 category of service here-
1. Service tested by Tempest (nova, cinder, keystone, glance, swift, neutron)
(let's say type1 service)
2. Services tested by Tempest plugins (all other than above list)
(let's say type2 service)
We need the standard way to set both type of service so that we can maintain
the setting of service_availability config options in consistent way.
As discussed on bug#1743688/ and review https://review.openstack.org/#/c/536723/,
we will use devstack lib/tempest to set the type1 service which is services test
owned by Tempest and type2 service setting will be done by devstack plugins of
those service.
For example - [service_availability].ironic will be set by ironic's devstack plugin.
because that is best place we know ironic is installed and available.
To do that we need:
1. Add setting of [service_availability].* in devstack plugins
2. Remove setting of type2 service from devstack lib/tempest
This commit does the second part and all depends-on patches handle the first part.
Related-Bug: #1743688
Change-Id: If3aec9fd1c61e2bb53233be437b97b811dc82414
This package provides dhcp_release tool but in files/debs/neutron-common
it was listed to be installed only on Ubuntu Precise.
The same file is also in Nova's packages but there is no restriction to
Ubuntu Precise only there.
So on all Neutron jobs it was fine but on Ironic's job where Nova
wasn't enabled, this package was not installed and caused problems
in Neutron DHCP agent.
Change-Id: Idd0711cfe6d43f21754a2f0c230cd094ea33cb27
Closes-Bug: #1855910
We've seen jobs where tests fail due to what appears to be rng
starvation. Enable virtio rng device to try and alleviate this.
Change-Id: I70d800cdc45b6008f775110f22c0000736421529
input() should work on both python versions for what we need. I
understand the concern about eval() on python2 but, in the case it's
used we should be fine, plus, python2 is being removed from OpenStack
projects.
Change-Id: I86a7c31374986f81132bc4f49aee0a76b90e6553
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This variable can be now set in Devstack's config file and in
such case Devstack will not set it automatically to value most
likely correct for the distro.
By default this value is empty string and in such case Devstack
will work in exactly same way as it was before this patch and
will determine automatically what name should be used there.
In addition in case of Ubuntu package $MYSQL_SERVICE_NAME-server
will be now installed instead of mysql-server always.
This will allow to easy configure e.g. CI job which will run using
Mariadb instead of Mysql on Ubuntu.
Change-Id: I25af0b54ad235b08c6c399b4125c737acf57ee2e
This will avoid the creation of an unneeded file in the "tempest"
repository directory.
TrivialFix
Change-Id: Id3f46b3537cd3232cb29c42808bde44c667565f1
With the goals of Ussuri being Python 3.6 [1], the python 3.5
environment on Xenial is too old. Remove testing and the most obvious
bits of support from devstack.
Also drop claimed support for artful, which is long EOL.
[1] https://governance.openstack.org/tc/reference/runtimes/ussuri.html
Change-Id: Iefcca99904dde76b34efbbfc0e04515dfa5a09e5
This reverts commit f99d1771ba.
Added workarounds that might want to get split into their own patch
before merging:
- Don't install python-psutil
- Don't run peakmem_tracker
Change-Id: If4fb16555e15082a4d97cffdf3cfa608a682997d
Since Stein, gate jobs have been using bionic nodes so they
are running with python 3.6, so it makes sense to also default
devstack itself to run with python3 by default.
Depends-On: https://review.opendev.org/688731
Change-Id: I52b03caee0ba700da3a15035201ea6cd91baa06b
We need to source the environment overrides before they get evaluated.
Otherwise e.g. USE_PYTHON3 is factually being ignored for some settings.
Also fix creating python3 venvs by using the "virtualenv" command for
that task.
Change-Id: I16c78a7fef80372d9a1684c3256c5b50b052ecae
This job is still running python 2.7. As we are dropping py2 support in
Ussuri cycle, lets drop this job now.
There is same job called "grenade-py3" which runs on python 3 already
and this will be now used in project's CI.
Depends-On: https://review.opendev.org/#/c/695036/
Change-Id: I5cd8e137a3ae06e49a4351629c5eb207c4e6bf1a
The centos7 job is running with python2, which is no longer supported by
nova, so we can drop it in master.
Change-Id: Id9ef507dd6f4226d65c6ed3043666b0aa6a3bd1c
With Glance defining default policies in code, it's no longer necessary
to install policy.json from the repo.
Change-Id: I9f9160f5a2bf9fd77fb3807e12de219b7a49952d
Depends-On: https://review.opendev.org/693129
In cases where global REQUIREMENTS_DIR is set, use it
instead of overwriting it. This is particularly needed
in cases where users of pip_install wrapper have the
upper-constraints.txt at another location.
Change-Id: I34e9f94548c575e1af5bca9655a3b7d1915375a8
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
Some distros no longer ship brctl, iproute2 should be used
in its place. The linuxbridge agent plugin script was still
using it, as was worlddump, which generates this warning on
a failure:
Running devstack worlddump.py
/bin/sh: 1: brctl: not found
Conditionalizing worlddump based on whether brctl is installed
to make this go away.
Change-Id: Iafbf4038bab08c261d45d117b12d4629ba32d65e
When configuring TLS between the console proxy (where the n-novnc
service runs) and the compute host, some configuration for QEMU needs
to be done on the compute host. The existing code for this requires the
n-novnc service to be running, which it is in a single node all-in-one
deployment. However, when running in a multinode deployment, the
n-novnc service runs only on the controller and not on the subnode.
Yet, we need to configure QEMU on the subnode compute host as well.
This removes the n-novnc service requirement to enable TLS QEMU
configuration to occur on a compute subnode in a multinode deployment.
Closes-Bug: #1849418
Change-Id: I8b6970e91ad7f52ff489cb9f776ca216d8f86aa4
This reverts commit 168ca7f0a4.
Removing postgresql support from devstack was unnecessary
since it's not broken and not causing maintenance issues
as far as I know. The commit being reverted said that pg
support was deprecated in Pike but nothing in the docs or
commit message refer to official deprecation of postgres
support in devstack or openstack in general. Not to mention
that there are still postgres-based jobs that will no
longer work *and* the notification to the mailing list about
doing this happened *after* it was already done [1] leaving
stakeholders with no time to reply.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010196.html
Change-Id: Ie7036d37d79e6aba462b7c97f917e2e7aed108f9
keystone v3 is the default API version in horizon now,
so there is no need to specify it in local_settings.py explicitly.
This commit also makes minor changes in lib/horizon
_horizon_config_set().
* Do not insert a blank line after each setting.
* Use the local variable $file to specify the target file
consistently.
Change-Id: I5faea3e1f357726a256d2b48fc1afeabfead4998
The default permissions for the zuul home directory
are not the same in the various distributions.
As /home/zuul contains the sources, a 700 default may be
problematic when accessing those files, so make sure
that the executable permissions are set.
Closes-Bug: 1846251
Change-Id: Ic9769e56274d7205844b86d3b5200a6415e4acad
Since Queens [1] nova has been able to be configured with
cinder service user credentials for operating on cinder
resources without a user auth token similar to things nova
needs to do without a user auth token for working with neutron
and placement resources.
This change:
- centralizes the nova [cinder] section configuration
- adds the necessary auth configuration
Needed by: https://review.opendev.org/549130/
[1] I3c35bba43fee81baebe8261f546c1424ce3a3383
Change-Id: I5640ee431f6856853f6b00ec7ed1ea21d05117dd
openSUE Leap 15.0 and 15.1 both provide python3-six version 1.11.0.
Since version 1.12.0 was released, pip>=10 recognizes the version
difference and tries to uninstall the distro-provided version and fails.
This change adds another hack to remove the egg-info file for the six
library so that pip can manage it directly. We also have to wait to
install os-testr until after the fixup has happened since trying to
install it triggers the issue.
Change-Id: I4649abe06b5893a5251bfcdd4234abccde6ceda2
The target branch was centralized in change
I82aa19e739eeda3721bac1cb5153ad0bf2d1125a but there
are two issues, pbr and diskimage-builder are using
TARGET_BRANCH which gets changed to stable/* for
each openstack stable branch that gets created for
devstack, e.g. I861068ae1a9902cef61c52c70dda7bb42f4371a0,
but pbr and diskimage-builder don't have stable branches
so they should be using BRANCHLESS_TARGET_BRANCH i.e. master.
Change-Id: I47ac7a7e194ca6d613d0ccaebfd557346644c2df
A 500 error from gitea can occasionally show up as a project dropping
their devstack plugin (I543faced83a685d48706d004ae49800abfb89dc5).
To avoid noise in the proposal jobs, implement a small retry loop for
500 errors.
Change-Id: Ide23e4de819a2c751d887eeaa7f0b9d0437f8e2c
I forgot in I2f16658c5a3e22cac70912a0f3ad65cdd7071a1e that "is_fedora"
matches rhel/centos for historical reasons. Restrict the install to
just the Fedora platforms by checking DISTRO matches
Change-Id: Ica4a690a4f2894a03ceb8557a947ed2ea4a60e53
We need to enable accept_ra before we enable forwarding, otherwise
existing addresses and routes may get dropped until the next RA is
received, possibly causing connection errors in the meantime.
Change-Id: I1fdeede59547de896ed89222ecf121fd9e6b810d
In Fedora 29 dstat was merged with pcp-system-tools (see
https://pagure.io/fesco/issue/1956)
Work around a iscsi bug with external packages until we can get the
package fixed.
Obsolete F27
Change-Id: I2f16658c5a3e22cac70912a0f3ad65cdd7071a1e
All credit for figuring this out goes to frickler (and that was the hard
bit so thank you!). The worlddump files were not being collected because
they weren't in our log collection list. Add worlddump to this list
so that we collect these files.
One thing that makes this slightly complicated is the worlddump files
are named with a timestamp and we can't have globs in our collection
list. To address this we create a copy of the file with a -latest.txt
suffix. This gives us a deterministic file name for log collection
without using globs.
Note we do not use a symlink here because some jobs gzip their log files
(breaking symlinks) and others do not. This makes it painful to always
have a valid link. Not having a valid link can break log collection.
Hardlinks may be another option but simply making a copy is easier to
manage as you don't have to worry about links preexisting and the
dumpfiles are not that large.
Change-Id: I96ae5f5290546ad25ca434c1106c01354d2d053c
All the OpenStack projects should be able to run under Python 3 now so
the fallback installation of the Python 2 libraries should not be
needed any longer. This also avoids the problem of script files
installed by the libraries sometimes being overwritten by the Python 2
version leading to incorrect execution later, as discussed in
http://lists.openstack.org/pipermail/openstack-discuss/2019-September/009226.html
This reverts commit a2eb89417f.
Change-Id: I1cdb7e4a209872f1620be556b7278879a4b86df5
The script currently complains about multiple default security groups. This
obtains the default and uses it when creating security group rules.
Change-Id: I81e59eae5df79889ed1fb02d45af26e3a55aa0e9
This was deprecated for removal in Pike. It's probably time to drop it.
Note that the 'postgresql-devel'/'postgresql-server-dev-all' packages
are retained since some packages still include 'psycopg2' in their
general requirements.
Change-Id: I51e8354e99972757253ce259e6c03c91da24398c
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Currently if user selects the default instance type for Tempest
tests, some of resize-related tests may fail due to resize attempt
into flavor with smaller disk size. It is because there is just
simple check if flavor_ref and flavor_ref_alt (IDs) aren't the same.
To ensure resize is really possible, there shall be additional
verification introduced.
Co-Authored-By: Michał Madarasz <michal.madarasz@corp.ovh.com>
Change-Id: Iaa1bfa9cb76cbe54be658d2d70d97d99e7fb5be9
Per the referenced bug, $NOVA_CPU_CONF was previously being initialized
by copying $NOVA_CONF, thereby trashing any values already configured in
$NOVA_CPU_CONF.
With this commit, we merge the values from $NOVA_CPU_CONF in after the
copy.
Note that this makes use of the merge_config_file function, which is
defined in inc/meta-config, which wasn't being sourced from every code
path that hit start_nova_compute; so this commit also moves that import
from stack.sh to functions (next to the other imports from inc/, which
makes sense anyway).
Change-Id: Id3e2baa2221e13f512f8dcf1248e1e15b6a7597f
Closes-Bug: #1802143
We're trying to get nova to talk to ironic through openstacksdk and need
to be able to specify retry limits/intervals there. We could reuse the
existing conf options, but better to support the standard ones exposed
from keystoneauth1 via [1] and [2].
Note that these will be ignored unless you have keystoneauth1 3.15.0
(for [1]) or 3.16.0 ([1] and [2]) and are building your adapter using
ksa-derived conf options (see the Needed-By).
Needed-By: https://review.opendev.org/642899
[1] https://review.opendev.org/#/c/666287/
[2] https://review.opendev.org/#/c/672930/
Change-Id: I79c416e25d635b0ffa419640b4bd91e36f78b1ab
Use the PUBLIC_NETWORK_NAME variable instead of hardcoding
it when setting the [ml2_type_flat]/flat_networks option.
Change-Id: I8bfc37089ec90eb06ee41d85744dad0f3f734c16
Devstack's lib/cinder set the my_ip on cinder side but it
hard-code it with HOST_IP[1]. It is no issue for IPv4 env
but when you build or run the IPv6 job then this ip is left
to set with IPv6. my_ip should be set to HOST_IP or HOST_IPV6
based on SERVICE_IP_VERSION value.
As part of Train community goal 'Support IPv6-Only Deployments',
we will expand the 'devstack-tempest-ipv6' job to do IPv6-only
deployments verification so we need fix the the my_ip setting.
Closes-Bug: #1838250
Depends-On: https://review.opendev.org/#/c/677524/
[1]https://github.com/openstack/devstack/blob/6aeaceb0c4ef078d028fb6605cac2a37444097d8/lib/cinder#L231
Change-Id: I71c74e46467a5d3c1bf9c7d683f364cba7cf9d80
F28 is EOL as of 5.29.19, so change to use fedora-29
and remove it from stack.sh.
Depends-on: https://review.opendev.org/#/c/662538/
Change-Id: I5ebdb68fcd01a1e63be4b3c0735a274783aad818
Reformat overlong table into a list-table to make it easier to edit.
The change contains no wording changes besides giving titles to the
list-tables.
Fix formatting for setup-devstack-source-dirs so that the variable does
not get displayed with a grey bar at
https://docs.openstack.org/devstack/latest/zuul_roles.html#role-setup-devstack-source-dirs
Change-Id: I7378d46c507b1d86f1d5319655a55f2a8c5a8f60
For some crazy reason, we've forgotten about trying
to use IPv6 addresses directly with the SSL certificates.
So lets add some logic so clients can connect directly
with the v6 IP.
Change-Id: Ie8b8a2d99945f028bebe805b83bfd863b7b72d57
Switch to "modern" way of building docs using sphinx-build directly,
remove now unsed parts from setup.cfg.
Upgrade to openstackdocstheme 1.20 and remove obsolete variables from
conf.py.
Convert external links to internal RST links so that Sphinx can verify
that they are correct.
Replace redirected links with new targets.
Use opendev.org instead of github.com where appropriate.
Change-Id: Iedcc008b170821aa74acefc02ec6a243a0dc307c
Currently, the console server host and listen address on the compute
host is always being set to localhost. This works fine in a single
node all-in-one deployment, but will not work properly when
nova-compute is running on a separate host in a multi-node deployment.
This sets the console server host and listen address on the compute
host to the nova host IP and service listen address instead of the
localhost.
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Closes-Bug: #1669468
Change-Id: Id8b0b4159b98c7ff3c85ec3daa03d556d9897ce9
A huge part of the logs is irrelevant bash aliases captured by the
openstack client timing wrapper from the run of "openstack complete",
which is only helpful on interactive systems where you'll interact
with the command line. Call it directly to avoid capturing the logs.
While we're here, turn off tracing inside the oscwrap function, which
is called frequently. It's not useful for debugging.
Change-Id: I1cb5399fe7ee6f0e547a9cfff70396aa2007632e
This patch adds new options:
* CACHE_BACKEND - with default "dogpile.cache.memcached"
* MEMCACHE_SERVERS - with default "localhost:1121"
to add possibility to configure various backends as cache in
Nova and Keystone.
It also adds options:
* KEYSTONE_ENABLE_CACHE - True by default
* NOVA_ENABLE_CACHE - True by default
To make possibility to enable and disable cache in those projects'
config files.
Default values configured there are the same as before were
hardcoded for Keystone config.
Nova has also enabled this cache by default.
Change-Id: I9082be077b59acd3a39910fa64e29147cb5c2dd7
Closes-Bug: #1836642
We recently added the 'tempest-ipv6-only' job on
tempest side which will use the devstack base job
'devstack-ipv6' job and add more verification and testing
for IPv6 deployment.
Let's add that job on devstack gate also to avoid any
break due to devstack changes.
Change-Id: Ib2c85ec262b027351872e2b5a39b06a4ba1b880a
Story: #2005477
Task: #35923
In lib/neutron-legacy, the Nova metadata host address is
un-quoted if it is IPv6, i.e. 2001:db8::1, not [2001:db8::1].
We should be doing the same in lib/neutron.
Change-Id: I80c96603a41ef9d289712ef15b464859aa9257be
The api documentation is now published on docs.openstack.org instead
of developer.openstack.org. Update all links that are changed to the
new location.
Note that redirects will be set up as well but let's point now to the
new location.
For details, see:
http://lists.openstack.org/pipermail/openstack-discuss/2019-July/007828.html
Change-Id: I8a6c3403192d1416cb66cc9e92ec827b339f1270
* The restart loop for rabbitmq-server can trigger socket activation
of epmd without rabbitmq-server running. This can lead to 'systemctl
status' reporting 'State: degraded' with no simple way to reset to
'State: running'.
* It's important to note that this socket activation failure is benign
and is not an indicator of system failure.
Change-Id: Iede4f5ebeffb59644dee4a17b6331b3cdd04d146
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>
running chown and chmod on files and folders not created by
devstack causes a few issues:
* On nfs mounted directories it can take an extremely
long time to chown -R some of the git repos, especially
if any tox commands have been ran in the host
* chown can cause the host files to get into a weird state
if nfs is set up wrong.
If files and folders are pre-existing we should assume
they are in the correct state, and not modify them.
Fix setup-devstack-log-dir to create the logs directory with
correct permissions in the first place.
Change-Id: I5ebdaded3ffd0a5bc70c5e9ab5b18daefb358f58
Signed-off-by: Graham Hayes <gr@ham.ie>
'devstack' job set the VNC listen addresses 'VNCSERVER_LISTEN' and
'VNCSERVER_PROXYCLIENT_ADDRESS' IPv4 which makes 'devstack-ipv6' job
to either unset those or set for IPv6 values.
Let's remove the setting of those in base job and let lib/nova
set based on configured ip version from job.
'devstack-ipv6' base job will be used to define the IPv6-only jobs
on Tempest and project side gate.
Change-Id: Iea469128b15298aee61245e702d20603c8d376fb
Story: #2005477
Task: #35923
'devstack-ipv6' job set the devstack to deploy
the services on IPv6. As part of community goal
'Support IPv6-Only Deployments'[1], this is going
to be the base job for all project specific or tempest
IPv6 jobs. Running this as voting make sure any devstack
setting or changes would not break the IPv6 jobs.
Story: #2005477
Task: #35923
[1] https://storyboard.openstack.org/#!/story/2005477
Change-Id: Id6580e8b29b6b04e34c2c1eca3125fa08920eb1d
This adds a variable to control the [DEFAULT]/shutdown_timeout
config in nova to control whether or not a guest should have
a graceful shutdown of the OS or if it should just stop
immediately (no timeout). Since devstack uses CirrOS images
by default, the default value for the NOVA_SHUTDOWN_TIMEOUT
variable is 0 which should speed up tempest runs. The default
in nova.conf [1] is 60 seconds.
[1] https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.shutdown_timeout
Change-Id: Ida83f70a1c4e61e5248f2bd42b4c24f7ac6d2310
Related-Bug: #1829896
Trying to deploy OpenStack environment consisting of ironic nova
hypervisor & hardware Ironic node (not VM Ironic node) with devstack
got failed.
Devstack error says error occurred while calling configure_libvirt
in configure_nova_hypervisor. This happens because libvirt related
packages are not installed when specifying "VIRT_DRIVER=ironic"
and "IRONIC_IS_HARDWARE=True".
To fix this problem, this commit add "if" statement to check
Ironic node is hardware or not using "is_ironic_hardware" function
in "function-common" file.
Change-Id: I1113478175fadec79d0f8bf6ae842ed86e5e686b
Closes-Bug: #1834985
opensuse-150 nodeset is referring to openSUSE 15.0, which is still in
maintenance but openSUSE 15.1 has been released already. "opensuse-15"
is going to refer to the "latest openSUSE 15.x" build released and
working for OpenStack going forward, so add this nodeset and use
it by default going forward.
Change-Id: Ic3f4d6998a66da5226bc95088d7e3c83dfe737ce
The package has been renamed in order to avoid the namespace collision
with systemd, update our doc accordingly.
Change-Id: I1b9a434d9bb6a7d9dc38ef965017ed9f8773d595
Closes-Bug: 1825949
In change I8934d0b9392f2976347391c8a650ad260f337762, we began
configuring console proxy ports for multiple cells in the nova
controller config files to avoid "Address already in use" errors from
port collisions when running multiple cells on a single host.
This correspondingly configures the console proxy ports in the nova
compute config file based on what cell we're in, according to the
NOVA_CPU_CELL variable.
The base_url config for serial console is also added where the default
was previously used. The url is taken from the config option default in
the nova code: nova/conf/serial_console.py [1].
[1] https://github.com/openstack/nova/blob/8f00b5d/nova/conf/serial_console.py#L54
Change-Id: Id885fc5a769bce8111f1052a1b55d26be817c890
Closes-Bug: #1830417
The URL for rdo-release package is version-less and redirects to latest
stable version. This becomes problematic when stacking older stable
versions as dependencies might not be met or newer and incompatibile
ones might get installed.
Closes-Bug: #1833696
Change-Id: Icb07dcb4c9a3950a3c31a3a8dcb8d0b4c713fdb1
This is no longer being used due to Keystone PKI tokens no longer
being implemented.
In order to not break backward compatibility we create a new function
that is to be used instead and deprecate the old one. Modify the old
function to ignore the 3rd argument and display a deprecation warning.
Adjust callers to no longer create and set that directory, calling the
new function instead.
Change-Id: Id0dec1ba72467cce5cacfcfdb2bc0af2bd3a3610
Currently, devstack has NETWORK_API_EXTENSIONS var to define
the network API extensions. NETWORK_API_EXTENSIONS is defaulted
to 'all' for master and hard coded list of extensions per release.
Zuul jobs of network extensions (for example neutron-fwaas) need
add the some extra extensions in the default list. To do so, they
need to duplicate all the defaults extensions and then add the extra
extensions. Much difficult situation is when defaults extensions list
vary from release to release so they have to keep updating the
NETWORK_API_EXTENSIONS per release.
This commit defines a new var ADDITIONAL_NETWORK_API_EXTENSIONS which
will take extra extensions and append into the default list. This way
Zuul jobs do not need to duplicate the default extensions.
Change-Id: I7270c9b9e047a851970439522c0356c9089a5b74
This is a follow up for change Ifcfce490edb3d77e4e436e002d35bc909e1a057c
where the GIT_BASE was changed to the opendev URL to avoid redirects.
The pbr namespace in stackrc was old and still getting redirected and
this change fixes that.
Change-Id: Ib444e928fa2ca7650670f97be6927202333a1dd7
This updates links going to git.openstack.org and review.openstack.org
to go to their respective opendev locations to avoid redirects.
Change-Id: I78e3bb5303718962f591117f9c0ee11f2314b128
Closes-Bug: #1833256
Update the server to opendev and update paths for gitea, along with
any other references.
Switch to a blacklist where we just remove stackforge; this leaves all
the new namespaces like x/ and starlingx/ being checked.
Use a common session for checking for the plugin file which makes it a
*lot* faster.
Remove unsed "plugins" array variable
Regenerate the file
Change-Id: Ie3e615ba352a389da22e129c5c67cf6abd8cfdc8
Many of the code blocks in the configuration documentation had extra
leading spaces. This resulted in the blocks being both code block
formatted as well as blockquoted in the output.
This patch removes leading spaces and some minor cleanup to get the
formatted output correct.
Change-Id: Ic4dfb49c547d51e16b673bc88d7b2b1a907e3258
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
Since Ic0a03e89903bf925638fa26cca3dac7db710dca3 RetryFilter has been
deprecated. So we should not enable the RetryFilter on our tests.
Change-Id: I48c2c4d0714f582af8948dc88b48df1c2c62fcd2
Nova change https://review.opendev.org/603079/ changed the
default configuration to send only unversioned notfications rather
than both versioned and unversioned notifications. This could break
unsuspecting downstream projects (like Watcher) whose CI jobs are
not explicitly configuring nova for the types of notifications
they need but are just relying on getting both per the previous
default of the config option.
This adds a variable which defaults to "unversioned" to match the
nova default but allows downstream CI jobs to easily configure
another value.
Needed by https://review.opendev.org/663332/
Change-Id: Ied9d50b07c368d5c2be658c744f340a8d1ee41e0
Ironic's CI makes extensive use of VLAN based networking
and the newer neutron plugin hardcodes the tenant networking
type to vxlan which is naturally problematic. It also lacks the
ability to set the necessary constraints for vlan networking
which are added for vxlan networking.
This patch enables the type of tenant networking to be defined
as vlan, and enables for a physical network vlan range mapping
setting to be configured which is required for a vlan to be
allocated upon network creation.
Change-Id: I55874c1ce82898e9dfb81505d8f3b14abde33579
Nova has had a multi-cell job (nova-multi-cell) since the
Train release but is currently non-voting in the check queue
for nova changes. This change adds the job to the experimental
queue for devstack changes so we can test changes to devstack
and make sure they work for the multi-cell job.
Change-Id: Icf31baf6fd4313aec5ecfb9e8f9cbcef1ff7f61d
Tempest not support placement microversion setting so that
test can call APIs with specific placement microversion.
This commit adds the setting of placement API microversion on
Tempest conf.
Change-Id: Ie04aa993ec7a1495740d9267b076a40f4291e25e
If the sudo-ldap package is providing the sudo command instead of the plain
sudo package, accept that instead of breaking the system and requiring direct
root login intervention to fix things.
Change-Id: I45d7e4617bd59e72b4f0bf2e91750a6830e2a010
right now, there are duplicate titles under contents --> guides
as shown in https://docs.openstack.org/devstack/latest/, although
they will forward to different pages, it is still a little confusing
for users. This change will hide toctree in guides.rst and users could
click links in page to jump to detail page to read more.
Change-Id: I2f3abeca7f56a3aedeabb48630ed2c61635b93cd
There are still some issues with lib/neutron thus neutron-legacy is used
on controller node in multinode jobs and in single node jobs.
But in "group-vars" in devstack job it was configured to use
lib/neutron which can cause some problems in multinode jobs.
So lets switch to neutron-legacy on subnodes also until lib/neutron
will be ready to use everywhere.
Change-Id: I0d7f9f2baaee2836a719f199939156bd4f53f778
Change I188fc2cd1b26fe7a71804f7e7d66b111d6f15e30 in nova stopped us
respecting this when generating the network templates injected into
instances on boot. With the removal of nova-network, there is no longer
any other reason to set this.
Change-Id: I925b7c6c23133cd5a835960f4507c979f615d78e
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
In change I2ce8ff3d7c33a402b8af50182ec01f512859c388, we duplicated the
'default_floating_pool' option, found in the '[DEFAULT]' group, to the
'[neutron]' group. This allowed us to continue with our deprecation
plans for the former option, which should be retired along with
nova-network.
Update the nova lib module so it'll set the new option, we can safely
assume to be the correct one now that we've removed support for cells v1
and nova-network.
Change-Id: If9a02b640e6c2e1300c7b11b7552ba13c1496d79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Remove nova cells v1 support, which also allows/necessitates removing
support for nova networks (which was only supported with cells v1) and
nova-consoleauth (which was required by cells v1 but is unnecessary
otherwise).
The Depends-On isn't really necessary, but it's here to make sure this
doesn't merge until we _really_ have killed cells v1.
I honestly expected this patch would be bigger.
Change-Id: I90316208d1af42c1659d3bee386f95e38aaf2c56
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-On: Ib0e0b708c46e4330e51f8f8fdfbb02d45aaf0f44
We know empirically that some legacy gate jobs pass and appear
to be running with python3 but actually pip was invoked with
PYTHON3_VERSION unset so that they are actually ran with python2
packages.
As a followup to this discussion [1], add a safety check in the
get_pip_command function to ensure that a python version has been
set when it is invoked.
[1] https://review.openstack.org/#/c/622415/4/inc/python@283
Change-Id: I3a08406fb7d68282c6b98abb33a625821510046a
This patch enables ARP Responder with DVR routers along with
l2pop in devstack.
Related-Bug: #1774459
Change-Id: I82f628c32f6e38c2419b6ffe90d9f9adf96777b1
swift3 is no longer actively maintained in the upstream.
That has been moved to Swift repository as s3api so we should
use s3api middleware instead. As well as swift3, s3token is
also maintained in Swift upstream.
Change-Id: I4582d81da066ab53e6f11ad1df7af91425f2b0ca
Once nova is setup and n-cpu on the host is reporting
a service record and discovered (the host is mapping in
the API DB), we should run the nova-status upgrade check
to verify the deployment.
Change-Id: I9683bf94233ebacb3057ce159cb3dc53aa55a2f4
Related-Bug: #1790721
Option "lock_path" from group "DEFAULT" is deprecated. Use option
"lock_path" from group "oslo_concurrency".
Change-Id: I7c7501a4a351155eeba77bb7cd43c8d6f5ea73bc
Support for changing the cinder periodic_interval config option
was added way back in havana as a workaround for bug #1180976
by change I20e52e66fcc94b224476cdd14c88bd6981b4e617. As the fix
for that bug does not require modifying this config value, and
such modification may have unintentional adverse effects, end
the support.
Change-Id: I1ef1fe564123216b19582262726cdb1078b7650e
Partial-bug: #1824837
n-obj hasn't been around for many years and devstack
doesn't use it anymore anyway so this just cleans up
some vestigial use of the old service.
Change-Id: I04b2d2dc2b4e49fab90f5ef94f4e087e969aa24b
Tempest's scheduler_available_filters has a special 'all' value that
is understood to mean 'all filters are enabled' by various tempest
tests. However, what it really means is 'the default nova filters are
enabled.' In an effort to help clean that up, this patch explicitly
sets scheduler_available_filters to nova's $FILTERS. Because $FILTERS
is now used in both lib/nova and lib/tempest, it is renamed
$NOVA_FILTERS.
Change-Id: I6ffc1e9989cd61d666f9c1db9c94fbabd7151918
Related-bug: 1628443
With the new namespaces we have to look around a bit more to find
repos top copy into the DevStack working directory. Add:
* starlingx/
* x/
* zuul/
Depends-On: https://review.opendev.org/653988
Change-Id: I8a55522a5fee46f415f0c0ce580ded3476133460
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
We should always pass on a region when talking to
ironic. This will also help detect and test issues
specific to regions.
Change-Id: Iaab3c1bcedc5aaa2106c0758cbb43bade3de2cf5
This function will now first filter out all "neutron-" strings from
DISABLED_SERVICES list before looking for "neutron" string in it.
Change-Id: I5cab6a3be553713e1257599fb72042c6001f2672
Close-Bug: #1824884
The python3-ply package is indirectly a dependency of dhcp-client, which
is not exactly an optional package. Pip >=10 refuses to install ply from
global-requirements with this distro package is installed, so our only
option is to remove it manually.
Change-Id: I377fdd4a581eb4b6275584d92cafc0b783fe3b84
openstacksdk gates on the new-style devstack functional base jobs. It
serves as a good test case to make sure the functional base jobs don't
break.
Change-Id: I817639ed30cda8ea51d156872a14bbcf10a4e63d
The pkg/elasticsearch.sh is only used by Panko but Panko has
moved the script to its own repository [1].
[1] https://review.openstack.org/#/c/643262/
Change-Id: I0ce40f4299246b68624abd2072c2abce06f1e70b
Signed-off-by: Trinh Nguyen <dangtrinhnt@gmail.com>
stack.sh usually fails when it is started in a shell session
where OpenStack related environment variables OS_* are set.
Most common failure scenarios are failures in keystone operations.
This commits clears OpenStack related environment variables
at the begining of stack.sh.
Change-Id: I3a924a0586dc9bb28f3bf3e151e100c24015efe5
Previously apache was configured and restarted before we configured
the CA and certs. In most cases this is fine because those specific
vhosts didn't use tls. However, if you had previously run devstack
and had leftover vhosts and an unconfigured CA or certs devstack would
fail.
This is a small corner case, but its simple to address by moving CA and
cert setup up in stack.sh to before we do anything related to web
servers.
Change-Id: I31dbaf9471088b9faff26c7b790da6f6feebb2d5
python2.7 will be EOL soon, let's test on python3 instead.
Exclude CentOS 7, as there is no python3 easily available.
Change-Id: I24d8812c0c37b6d376fd5ae38067513bb62a2804
We're able to run multiple cells in devstack by setting the variable
NOVA_NUM_CELLS in the devstack local.conf. Since we run console
proxies per cell, we will start two console proxies if
NOVA_NUM_CELLS=2. However, we've not been configuring the console
proxy ports in the nova_cellN.conf files, so an attempt to start
more than one will result in a port conflict and failure to start
the subsequent console proxy services with error:
ERROR nova error: [Errno 98] Address already in use
This adds configuration of the console proxy ports based on an offset
while looping across NOVA_NUM_CELLS. The base port values are taken
from the config option defaults in the nova code: nova/conf/vnc.py,
nova/conf/spice.py, and nova/conf/serial_console.py.
Closes-Bug: #1822873
Change-Id: I8934d0b9392f2976347391c8a650ad260f337762
When the role is used by grenade, the data directory is shared among
different devstack executions, and the base directory is different,
for example: /opt/stack/data vs /opt/stack/{old,new}.
The new devstack_data_base_dir parameter allows user to specify
a base directory for the data/ directory which is unrelated
to the devstack directory. The default value is devstack_base_dir,
so the default behavior is unchanged.
Change-Id: Ie69b7b51947cbf1a8b31d2701783de2fb56a2d33
If we are running with python3, just assume that any
package that is not blacklisted is available for py3
and just attempt to install it and let pip sort it out
whether it gets installed from a local or remote package.
Change-Id: Ic05d183e489320f6dfc721575d47e7e4d661f87c
Closes-Bug: #1820892
When [0] introduced quoting all arguments, it broke existing consumers
that already quote their value themselves. Fix this by avoiding to add
additional quotes to the value when it already starts with a double
quote.
[0] https://review.openstack.org/636078
Change-Id: I92146e04731efc6dcc632ae6c3a7c374e783cdba
Closes-Bug: 1822453
- Switch from proposing Ubuntu 16.04 to 18.04 as the most tested
platform.
- Make it clearer that creating an additional "stack" user is
optional when running on a cloud image, as this step often leads
to errors for new users.
- Fix some minor nits along the way.
Change-Id: I39aef1a230b668b932b1681fcd0deeb423b411f1
dstat is Python 2, never going to be updated and effectively
abandonded. The replacement is pcp-dstat [1] which is mostly
compatible, with a few differences. As distro start transitioning
(Fedora has), just drop the unsupported args for now.
[1] https://pcp.io/man/man1/pcp-dstat.1.html
Change-Id: Ibec8a37cb18a14656d97e2096c66bc8b21406068
This adds a service to run a tcpdump during the run. This can be
useful to capture various network traffic for post analysis.
There didn't seem to quite be an appropriate place to document it, so
a new debugging file is started, with some terse explaination of our
various system-wide debugging services.
Change-Id: I09aaa57611c5047d09a9bce7932d34e9d50b30e6
Currently we only export the devstack@ services, and then separately
export the kernel & sudo logs to syslog.txt.
This leaves a lot of logs potentially behind in the journal for
various daemons. Just export the whole lot.
Using this output is currently very opaque and makes use of systemd
export tools that are very un-discoverable. Add a README that will
appear alongside the journal explaining how to actually use it. This
is a template as it would be nice to put into things like the list of
services that are in the journal, or maybe other magic.
Also make sure we export the logs since the start timestamp; currently
during a full run we drop the initial logs.
Change-Id: Id2626f9113d82c6d524039acda8a8ec74afb2081
If you have
devstack_localrc:
ARGUMENT: "argument with spaces"
The quotes get lost during YAML processing and the resulting file has
ARGUMENT=argument with spaces
which is a shell error.
Quote all arguments to avoid this sort of thing.
Change-Id: Ia63a53d745dfea7262bcdb5d46425f431c3ccfe5
OpenSSL 1.0.2 generates key files with default permissions: 644 and the
files are copied to the /etc/pki/* directories with sudo.
When the default CI node Ubuntu version was changed from Xenial =>
Bionic we changed from OpenSSL 1.0.2 => 1.1.0. And OpenSSL 1.1.0
generates key files with default permissions: 600. When we copy the key
file to /etc/pki/* using sudo, it becomes owned by root and then the
console-related users are unable to read it.
This sets the ownership of the /etc/pki/<console> files to the
user:group intended to read them.
Closes-Bug: #1819794
Change-Id: I437a46c875cf633272e8cad0811e5557f2ac3641
I7d16194d6ba1391ca31251d5b50cbb8de033fc38 added wrong behavour
on Fedora > 26 and Centos 7 when python3 disabled
pip should install packages in /usr/bin
Closes-Bug: #1820070
Change-Id: I3a8efbc8eb6e311db9c7347577c5d2047ba523a9
This makes the grep match in check_python3_support_for_package_local
the same as check_python3_support_for_package_remote.
Change I0349de2026c49279ba7f262d5e86d37018d66326 in grenade started
setting the PYTHON3_VERSION variable, and then we recently started
using bionic nodes everywhere which means we're running python 3.6.
The etcd3gw package has a python 3 and 3.5 classifier, but not 3.6:
https://pypi.org/project/etcd3gw/
The pip_install function code that is dealing with installing py3
packages is hitting a problem installing etcd3gw if the package is
local because of the more restrictive grep in the
check_python3_support_for_package_local function, and since
PYTHON3_VERSION=3.6 now, we don't install from py3 and install
etcd3gw on python 2.7 which makes services like cinder-volume and
cinder-backup, which use etcd3gw, fail when they are running under
python 3 (they get module import errors).
This simply removes the $ restriction on the grep. Looking at the
change that added those local/remote functions:
I243ea4b76f0d5ef57a03b5b0798a05468ee6de9b
There is no explanation for the difference, it just said:
Also, since not many packages are classified correctly, fallback
to looking for just "Programming Language :: Python :: 3" and
log a message for the package to highlight the problem.
So that's what this change does.
Note that alternatives would be:
1. Update the etcd3gw package to add the 3.6 classifier and do
a release (this should probably happen anyway).
2. Add etcd3gw to ENABLED_PYTHON3_PACKAGES but that would be a
short-term hack workaround.
Change-Id: Icd3768870ba0f1659bb2e6f002043d975047b73e
Closes-Bug: #1820892
When running stack.sh locally on stable branches
with tempest enabled and TEMPEST_PLUGINS set,
devstack will try to fetch master branch of requirements
and that fails if branch is not tracked.
Change-Id: Ia1ae6869a8fede2af5cd7c875e0946b6a75eb518
Closes-Bug: #1820051
TEMPEST_PLUGINS contains the list of the tempest plugins installed
alongside tempest by lib/tempest.
If TEMPEST_PLUGINS is not explicitly set, the new tempest_plugins
variable is used to fill it by combining its items with
the base devstack path.
Change-Id: I9f1fa2755e16871ff9d6ba33fdeaf3023eedf8d4
Plugins must be the last items in the local.conf file
otherwise the configuration set in the rest of the file
is not applied to them (for example a different value of DEST.)
Change-Id: Ia001badca179c3f3436d5ecd26b0755a3f3a3078
The default version is 3.2.17 which seems to be too old.
Some external tools are not compatible with this old version.
For example, kubeadm cannot support external etcd version that is
older than 3.2.18.
This commit update the etcd version to 3.3.12 wich is the current
latest version.
Change-Id: Icfabbe580bb83a3babb98cc9fdbfb8eb388dc108
On CentOS/ Fedora machines, this can be useful when QEMU silently fails
to start up due to SELinux denials. For Debian-based machines, which
use AppAromor, DevStack already captures the output of 'kern.log' (via
`journalctl -t kernel` redirected into 'syslog.txt.gz').
Change-Id: I231b22664f0944b905e00568759785615a1d47c3
Acked-by: Clark Bolyan <clark.boylan@gmail.com>
Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
This updates various parts of documentation to use https, rather than
git, which is not implemented by gitea
Change-Id: I8d2a93128dcdaba0a00b43d18652781733f90cf0
Story: #2004627
Task: #29701
Infra are looking at implementing gitea for serving git, but this does
not have a git protocol handler ATM. Switch GIT_BASE, and some
testing, to https:// to be in a better position to handle this.
Change-Id: I97a7b0de7b1ec2dd15d15c58699a631b09273df1
Story: #2004627
Task: #29701
The bridge-utils package has been deprecated for some time now [1] and
'brctl' does not exist on some more recent distros like Fedora 28.
Replace references to brctl with the proper ip commands.
Calls to "brctl show" are not being replaced with calls to "bridge link"
because the output format is very different and in testing some bridges
were not listed. So the simpler method of consulting /sys/class/net is
used.
In worlddump.py we try running both because failures are handled
gracefully by _dump_cmd(), as well as "ip link show type bridge" for
additional info.
[1] https://lwn.net/Articles/703776/ for example
Change-Id: Ie4c8ad6ce4a09c38023c9e4ec7834c249403145f
Partial-Bug: #1801919
Devstack has some little known variables for running nova
with the fake compute driver and running several nova-compute
services on a single host, which can be useful for testing
move operations and scale testing of controller services like
nova-api and nova-scheduler.
This adds documentation about the fake virt driver and related
variables and scaling considerations when using them.
Change-Id: Ic89d463d0f3f180b323edd6e2c8ff0404638ef07
when installing with python 3.6 on centos7 pip installs
packages to /usr/local/bin as it does on new versions
of fedora.
this change updates the check to include centos
Change-Id: I7d16194d6ba1391ca31251d5b50cbb8de033fc38
This introduces a breaking change in the URLs used to access the console
[1]. This is updated in both the documentation and linked nova change.
[1] https://github.com/novnc/noVNC/commit/83391ffc
Change-Id: I14a0be0034f4a76ab37eb90325967500c3bf1ff9
Depends-On: I9a50a111ff4911f4364a1b24d646095c72af3d2c
Related-bug: #1682020
Keystone is currently working through a bunch of changes to add proper
system, domain, and project scope support for its API. This includes
implementing ``admin``, ``member``, and ``reader`` roles for system,
domain, and project assignments. More informaiton on those specific
changes can be found here:
https://review.openstack.org/#/q/(status:open+OR+status:closed)+project:openstack/keystone+branch:master+topic:implement-default-roles
One thing that was uncovered in implementing that support for the
project API was that setting tempest
``CONF.identity.admin_domain_scope = True`` meant domain admins of one
domain would be able to list projects in other domains, highlighted in
the following patch:
https://review.openstack.org/#/c/624218/2
This commit doesn't set this option and assumes the proper
domain-scoping behavior being built into keystone natively.
Change-Id: I12a57cc43de0b17eababa19b7b94de5277689f82
Related-Bug: 1750660
when tempst venv is build, it use the master upper_contraint[1]
but when we install tempest plugin, it use branch upper_contraint.
This leads to mismatch the dependency version between tempest and required
tempest plugins setup.
Current flow after this change is:
1. install tempest form master (until you explicitly change TEMPEST_BRANCH
which is default to master in all stable branch). It applies the upper_constraint
from the stable branch but that will be overridden in step2
2. configure tempest, here the created venv will install all dependency with
master's upper_constraint.
3. install tempest plugins in same venv created above. Now tempest plugin
will also use the master upper_constraint.
With this tempest venv which has all enabled plugin will be contsraint with
master.
[1] https://github.com/openstack-dev/devstack/blob/72f632222f6d90d3545b5d7ca48297da4218e2ea/lib/tempest#L590
Change-Id: I89314e8391e8f26c622fc090cbe27997b3cf049a
Closes-Bug: #1816022
The read_password function is defined inside stack.sh
and it cannot be used inside the "public library interface"
provided by DevStack.
Move the calls found inside library files to stack.sh,
following the same pattern of the other calls to read_password.
Change-Id: I8adc6723b677dfac2bef735f660e056c498bf773
numpy is a python requirement of the websockify package (it appears
there was some disucssion over *removing* this in [1], but did not
happen). Possibly these packages were installed a long time ago
before wheel support as it was taking a long time to build. But we
have wheels today, and later versions than the distro provides are
being dragged in anyway. Remove all distro installs.
[1] https://github.com/novnc/websockify/pull/163
Change-Id: I322dd9e1a07d8ce03c26cf3fcccebd6e21282fe4
It seems nova has changed defaults on who can create zero-sized disk
instances [1] and now some devstack jobs, like nodepool's, can't
create cirros images using this flavor. It seems the easiest thing to
do is just to bump it up.
[1] https://review.openstack.org/#/c/603910/
Change-Id: I1172d4775d608568ccbeb27e2975d83add892ea9
Cinder v1 was removed over a year ago. Change the cinder template
URLs devstack defines in the glance-api.conf to use cinder v3
instead.
Change-Id: I4a68dc0b53631be0708e7411c37619dd6dfd4fa6
The default for VOLUME_BACKING_FILE_SIZE changes over time
and the docs referencing it are clearly not keeping pace so
rather than hard-code a default in the docs just remove it
since the doc already mentions the variable used to set that
size.
Change-Id: I4242584d13250872250689863d1b70c68594eefe
Cinder and etcd are enabled by default and by default
cinder uses etcd as a distributed lock manager with
tooz as an intermediary. We see a lot of ToozConnectionErrors [1]
in the cinder logs when etcd is backed up [2] which results in
cinder operations timing out causing test failures, like
when a volume is not deleted within a given time.
This changes ETCD_USE_RAMDISK=True by default to try and
alleviate some of the pressure. An alternative is if we know
we're in a single-node job we could just not use a DLM for
Cinder.
[1] http://status.openstack.org/elastic-recheck/#1810526
[2] etcd[26824]: sync duration of 12.076762123s, expected less than 1s
Change-Id: I5f82aa40e9d84114e7b7b5cf19ec4942d6552490
Partial-Bug: #1810526
Uses a less offensive and arguably better understood section
header in the multinode docs.
Change-Id: Ie6fd58e9abd5c1ce88d88ac55419807790f61851
Closes-Bug: #1810317
On SUSE Linux Enterprise distributions, lsb_release -i typically
returns "SUSE" not "SUSE LINUX" as the vendor string.
To avoid duplication of the same regular expressions in multiple
places, add is_opensuse() and is_sle() helper functions, and modify
is_suse to invoke those.
This may also be helpful in the future for distinguishing some corner
cases where things are handled differently between openSUSE and SLE.
Change-Id: I43bf163bc963758ddbb6289928837f5f6512f265
As the user on the node under test may not exist on
the zuul executor node we do not copy the log owner
or group to avoid the rsync task failing when it
tries to chown the files.
Change-Id: I500cf3692a4d27b0c2a0a4f5586580d180a8778e
The glance-api service may use multiple config files, so
tell oslo.config about the config dir instead of a specific
config file when the service is started.
Change-Id: Iad3602d209cbb31e10683c67e1fd6b465d19f560
Partial-bug: #1805765
The version comparison introduced in
I5152f2585c3d4d18853988d6290039d6b1713b99 was broken, because it tried
to use bash's -lt operator for floating point comparison, but bash
only supports integer arithmetic.
So instead use devstack's vercmp() function.
Change-Id: I8aac71c5bb6c2e82479d62831ea0672ba6a9a534
Older mariadb packages on SLES 12 provided mysql.service. The newer
ones on SLES 12 and 15 use mariadb.service; they also provide a
mysql.service symlink for backwards-compatibility, but let's not rely
on that.
Change-Id: Ife6bd007ba30af0b77d44832b19d518034bdb12b
The existing devstack guide for load balancing is out of date.
This patch updates the guide to reflect the current way to install
devstack with the Octavia plugin(s).
Change-Id: Id48b70b50e44ec7b965d969b2d93f77543d7364c
Seems like for etcd-heavy services like Kubernetes, the fsync
performance of gate VM's are too low [1]. This commit implements an
option to put etcd data directory on RAM disk (tmpfs) to work this
around.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-January/001849.html
Change-Id: I5a17099cb9d6941b1a009dc82daefd2c7946d892
Recently iscsid was disabled by default on Ubuntu 18.04 (bionic),
and it may be on Xenial too, see:
https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/1755858
On a local Bionic deployment with Python 3, the lack of iscsid makes
nova-compute fail with an exception when trying to attach a volume:
Invalid input received: Connector doesn't have required information: initiator
Asking for the service to be started even if it is already running should not
hurt, so remove the check for the distribution.
This does not seem to be an issue on CentOS 7 (but Python 2) where
the socket activation of iscsid seems to work, so maybe there is
another way to make this working. Also, the service could be
enabled, not just started.
Change-Id: Ifa995dcf8eb930e959f54e96af6f5fce3eac28ae
Change I4820abe57a023050dd8d067c77e26028801ff288 removed access
to the database for the nova-compute process but only in
superconductor mode. Grenade runs in singleconductor mode though
so we are getting tracebacks in nova-compute logs during grenade
runs because nova-compute is running with nova.conf which is
configured with access to the nova API database.
This change handles removing database access for nova-compute
generically to cover both the singleconductor and superconductor
cases.
Change-Id: I81301eeecc7669a169deeb1e2c5d298a595aab94
Closes-Bug: #1812398
This allows plugins to specify their binary dependencies in bindep
format.
Some thinking on the implementation: this is in contrast to the
files/[deb|rpm] installation, which is called from the external
install_prereqs.sh script. This script being an externally callable
entry-point is really an artifact of the days when we would build
snapshot images for CI and wanted to pre-cache downloads. These days
we use the mirror system to keep packages close to CI nodes. Thus
rather than expand install_prereqs.sh to also be installing
virtualenvs and python dependencies, this seems to fit better as a
separate internal phase of stack.sh.
Documentation is updated
Change-Id: Icbdfbf97c17c906a7ae86f43e80eb2c445816228
This change addresses a few inconsistencies in how nova processes
are configured to speak to the placement service.
The initial inspiration was that region_name was not being set in the
[placement] section, despite $REGION_NAME being used when setting
the endpoint in the catalog. That's fixed.
While fixing that two other issues became clear:
* Configuring nova process to use placement should happen in lib/nova
not lib/placement so the function has been moved.
* auth_strategy is not relevant in the [placement] section of a
nova process
The name of the function is maintained, in case there are plugins which
call it, but a comment is added to indicate that other services besides
nova compute (such as the cell conductor) may use the function.
Change-Id: I4a46b6460596e9a445bd90de2d52dbb71fb963df
This adds a -bindep option to the key development library install
functions. With this option the bindep.txt file will be referenced
and the relevant packages installed.
Change-Id: I856f1f59fca49b6020920d8f859b797f3b904300
Given the file to be configured, if user "stack" even doesn't have
read access, the result of configuration is not expected. iniset with
"-sudo" option will always create the section and the option which we
want to configure for each calling, no matter whether this section and
this option exist in the file or not. The root cause is the calling of
grep and ini_has_option in iniset don't use the "sudo" option.
Change-Id: I9d21322046b7be411c4c7c28fefc24894fa2e131
Signed-off-by: Yi Wang <yi.c.wang@intel.com>
Remove the requirement that services explicitly enable python3 support
in order to be tested under python3 when running with python3
enabled. Keep the enable_python3_package() function for backwards
compatibility, for now, since it is called in some devstack plugins.
Explicitly add swift to the set of packages that should not be installed
using python3 by default until full support is available.
Change-Id: I8ab0a7c242bbf5bf3f091f5a85a98e2f4543f856
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
There are already devstack plugins that contain a hyphen in the name,
like `networking-baremetal`. In order to allow ordering for these to
work properly, amend the regexes we are using to match any
non-whitespace characters instead of only alphanumerics.
Amend the test to cover this use case.
Change-Id: I91093a424f8d5e8007f140083e1ea36a81fe849f
Closes-Bug: 1809016
The test_plugin_deps function in the test code for the
write-devstack-local-conf role was missing the import part of actually
executing the code under test and asserting the expected result.
Change-Id: I125870b13d2581cdec0dede11157b19b702565cd
Keystone is moving more things to require a system scoped token to
work. Getting one of those requires that domain and project information
are not set.
Change-Id: I2e1640e9f9ef6cdf56bef49d1ae8f0591570c3e6
This commit fixes a grammar issue in the LDAP integration guide
and it adds prompts to the command-line examples to be more
explicit about where or how commands are being run.
Change-Id: Ic6a5adfbcf2841656929e6c3875889a31d314089
'integrated-gate-py35' template is going to be
renamed to 'integrated-gate-py3' in https://review.openstack.org/#/c/626078/
Integrated jobs are running on Bionic now where python 3.6 is available.
Which means gate jobs in 'integrated-gate-py35' template are
running on python 3.6 not on 3.5 which makes this template name confusing.
depends on commit rename the 'integrated-gate-py35' to 'integrated-gate-py3'
so that it can convey that template will use available python 3 version
in used distro. For example: 3.5 in xenial and 3.6 in bionic and so on.
This commit starts using the new template name so that old
template name can be removed.
Depends-On: https://review.openstack.org/#/c/626078/
Change-Id: I07048817eb826337dd5bd89a97711bb9d43495cf
gitignore is not parsing regex, only shell globs,
so '^' has no meaning, and local.conf is being thus tracked.
This patch properly ignores only local.conf in root of repo but still
tracks samples/local.conf and others.
Change-Id: I93ef778f1f3ee8101ce21cce377f7b527b7153f3
This enables direct-io on the loop devices that we create for LVM backing
stores. The goal here is to reduce the buffer cache overhead involved with
loop mounting a very large file on a filesystem, as well as potentially
providing a little more block-device-like behavior for things that expect
them. We are hoping this will address some of the very long LVM calls that
cinder does, which randomly take a very long time, causing timeouts.
The loop direct-io support was added in kernel 4.4.0, which was xenial,
but the losetup binary does not have the required flag. Thus, this patch
checks the "losetup -h" output for the flag before deciding to enable it.
Change-Id: Idc69cf3598d6ed6646c0145733c90ad0b1b60883
Volume API v2 has been deprecated for a long time.
There is no reason to use volume v2 in clouds.yaml by default.
This commit also drops "--os-identity-api-version 3" from
write_clouds_yaml in functions -common as "3" is the default value
of tools/update_clouds_yaml.py. They are hardcoded in DevStack
so there is no reason to pass it.
Change-Id: Ie84026a3d19f7711fc781b7012355096c7ff6b5a
This does a few things to the home page and all-in-one single
machine install guide:
* Uses code blocks for formatting
* Adds the customary "$" to the console blocks in the
all-in-one single machine install guide
* Instructs to use "sudo su stack" and adds a note about
"sudo visudo" in the all-in-one single machine doc
* Creates a symbolic link to the sample local.conf and links to
it from the install guide (note that local.conf might be old
by now)
* Fixes the .gitignore file to only ignore local.conf in the root
of the repository, otherwise it would ignore local.conf everywhere
including the samples and doc/source/assets directories.
Change-Id: I50ae7bd32c4c1caa2ac8551fc54b31dd2dfae568
This is the next release in the 0.3.x stable series, containing a fix
for getting out of disk errors when cirros reads metadata from a
config-drive[0].
[0] https://bugs.launchpad.net/cirros/+bug/1808119
Change-Id: Id2f20ebafdd78c2dadf81b8f80f22e7bd6db7755
We've run into what appears to be a race with apache trying to reuse a
pooled connection to a backend when that pool connection is closing.
This leads to errors like:
[Fri Dec 07 21:44:10.752362 2018] [proxy_http:error] [pid 19073:tid 139654393218816] (20014)Internal error (specific information not available): [client 104.130.127.213:45408] AH01102: error reading status line from remote server 127.0.0.1:60999
[Fri Dec 07 21:44:10.752405 2018] [proxy:error] [pid 19073:tid 139654393218816] [client 104.130.127.213:45408] AH00898: Error reading from remote server returned by /image/v2/images/ec31a4fd-e22b-4e97-8c6c-1ef330823fc1/file
According to the internets this can be addressed (at the cost of some
performance) by setting the proxy-initial-not-pooled env var for mod
proxy. From the mod_proxy docs:
If this variable is set, no pooled connection will be reused if the client
request is the initial request on the frontend connection. This avoids the
"proxy: error reading status line from remote server" error message caused
by the race condition that the backend server closed the pooled connection
after the connection check by the proxy and before data sent by the proxy
reached the backend. It has to be kept in mind that setting this variable
downgrades performance, especially with HTTP/1.0 clients.
Closes-Bug: #1807518
Change-Id: I374deddefaa033de858b7bc15f893bf731ad7ff2
Nova is moving nova-cells-v1 to its experimental
queue set of jobs so the comment in devstack should
be updated.
Depends-On: https://review.openstack.org/623538
Change-Id: Iefbaa9b809d1426640cbd47a42213f28c9ec5ff3
Related-Bug: #1807407
Enable the Software Collections (SCL) repository for CentOS. This
repository includes useful software (e.g. the Go Toolset) which is not
present in the main repository.
For example, Octavia uses a Go based testing tool and its CentOS-based
jobs got broken now with the update to CentOS 7.6 which no longer
provides golang.
Change-Id: Ic68a6d6cd7da41510e624b6bea7976d9a960af98
... even when no other subject alt names provided
Previously, a non-voting job in barbican's gate would fail with something like
X509 V3 routines:X509V3_parse_list:invalid null name:v3_utl.c:319:
X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=DNS:pykmip-server,,IP:198.72.124.103
X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=DNS:pykmip-server,,IP:198.72.124.103
because we'd have an invalid empty string.
Change-Id: I5459b8976539924cd6cc6c1e681b6753a76b804c
Current code assumes the variable is being set to either "True" or
"False", which will lead to weird errors if it is being set to something
like "true" instead.
Change-Id: I88983c9150efad882cd867c2d14d86ba6b2522c9
Switch the nodesets that devstack job run on from Xenial to Bionic,
i.e. the latest Ubuntu LTS release. Keep variants running on Xenial
in order to make sure that we stay backwards compatible while we keep
running Xenial jobs on the older stable branches.
Change-Id: I8749ed24d5f451d29f767ebb2761abd743b7d306
Allow other jobs to explicitly require a node running Xenial. This seems
clearer than having a generic openstack-single-node nodeset which
implicitly uses Xenial.
Change-Id: I013fb8abd4e6ab6539bd9410acbc8446e57ec70c
Earlier review [1] suggested some cleanups which have been
done here:
* Removing a redundant call from cleanup_placement
* Fixing a typo in a comment
[1] https://review.openstack.org/#/c/600162/15/lib/placement
Change-Id: I8abd2f02b123c6c1937c026ff13eb4e600de3202
We introduce and set PLACEMENT_REPO, add a placement-manage command
to sync database tables (see one of the commits on which this
depends), use /etc/placement/placement.conf for config, and put the
uwsgi config file (pointing to placement-api instead of
nova-placement-api) in /etc/placement.
openstack/placement is also added to the required-projects in
the devstack zuul job.
Change-Id: I0b217e7a8c68a637b7a3445f6c44b7574117e320
Nova change https://review.openstack.org/603910/ is
going to change the default rule on policy
os_compute_api:servers:create:zero_disk_flavor to
admin-only, which will prevent non-admins from
creating image-backed servers with a flavor that
has disk=0 since it's a potential security exposure.
Therefore we need the test flavors that are created
for tempest to use non-0 disk values. Since the flavor_ref
and flavor_ref_alt can be aligned to the image_ref and
image_ref_alt in tempest.conf, we get the image sizes
from glance (in bytes) and convert those to GiB disk
sizes for each flavor, respectively. Since we're using
Cirros images by default, we need to make sure to round
up otherwise we'd still have a 0-disk flavor.
There are lots of ways the math could be done here
using numfmt, bash, awk, bc, etc, but it's simplest to
write and probably easiest to read by using python for
the size conversion code.
Change-Id: I537c299b0cd400982189f35b31df74755422737e
Related-Bug: #1739646
Neutron is in a process to migrate to policy-in-code.
DevStack needs to be able to handle both cases with and
without policy.json in the neutron repo.
Note that nova assumes neutron API access with admin
so user_name:neutron needs to be included in context_is_admin
to make DevStack work properly. Hopefully this can be cleanup
but this is a separate topic from policy-in-code.
Needed-By: https://review.openstack.org/#/c/585037/
Change-Id: Id1b0600d92e839ade1790a15c372e82e8e16ee9f
The universe repository is not enabled when installing Ubuntu from an
ISO (at least for Bionic). This leads to some errors during the devstack
run that are not seen when running based on a cloud image which has that
repo enabled by default. Enable that repository unconditionally, the
operation is idempotent.
Change-Id: Ifcb7ecd78fb25ca2136f5848c19b74500e520873
Closes-Bug: 1792936
This reverts commit faaf96bfb1.
Ironic jobs were still using this option, it needs to be
switched to an alternative first.
Change-Id: I1683d7cfa81f5fe2497cc7045e87f8b20fed4968
In order to make sure not possible to introduce a change in tempest
which breaks the shared network compatibility.
Depends-On: I6e3e53c4ac26b4fef09fefb9c590dfa91f577565
Change-Id: Ib2e7096175c991acf35de04e840ac188752d3c17
Builds of opensuse-tumbleweed nodes are currently failing, so these jobs
are receiving NODE_FAILURE.
Change-Id: I3c2d73a150df009e7dadc76277be36eb72e0dfa7
Docs say that you require Fedora 24/25 to run Devstack, but Devstack
is working in newer versions. Update document to say that Fedora 28
can be used instead.
Closes-Bug: #1797239
Change-Id: Ie5227db9943e5ddb93cd37440165eabbae22f4fc
Signed-off-by: Laura Sofia Enriquez <lsofia.enriquez@gmail.com>
The legacy job legacy-tempest-dsvm-neutron-pg-full is now named
tempest-pg-full - using the new tempest and Zuul v3 frameworks.
Change experimental job to use new job.
Change-Id: If16397724fb4facd2a0db8148bdf7ba427ca10b6
Depends-On: https://review.openstack.org/609530
Apparently we're inheriting some database config from the main file,
which should not be set for nova-compute. If we're properly in superconductor
mode where we have a dedicated config for compute, remove those lines
if present.
Closes-Bug: #1797413
Change-Id: I4820abe57a023050dd8d067c77e26028801ff288
We can see that there is more demand on using ipv6 as the underlay
infrastructure to deploy new services, and OpenStack should be ready for
that.
These devstack ipv6 jobs are based on the work started by Jens Harbott in
https://review.openstack.org/#/c/608168/
Change-Id: I55bd067487665e5026e82a0737cb0f38a69499fb
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
Tempest have removed the volume-feature-enabled.api_v1
config options[1] and modified the default value of
volume-feature-enabled.api_v3 to True.
These config options not needed to be set from devstack
side.
[1] https://review.openstack.org/#/c/573135/
Change-Id: Ic35cf4482ab4d3c2e69348ec92568e68f6ea74ee
Leap 15.0 has been released May 25th, 2018 (see
https://en.opensuse.org/Portal:15.0 ) and we'd like to
transition devstack against it and remove Leap 42.3 from
the testing matrix. Leap 15.0 is newer than Leap 42.3 as
the numbering schema of openSUSE was changed.
Co-Authored-By: Antonio Ojea <itsuugo@gmail.com>
Change-Id: I078f9a2580160c564c33e575008516f5e92239d6
Dnsmasq and haproxy are used frequently by neutron and nova, apparmor
profiles can block some operations and the deployed cloud can't
work properly so some tests are going to fail.
Some openSUSE distros has apparmor enabled by default so we need to
disable it.
Change-Id: I30fda684effb09810643e58bf0b31a73d7d9b378
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
As a follow-on to I28aebffce6c5561360a9e44c1abc44b709054c30; make sure
we quote the error messages on the way through so they retain their
newlines.
Change-Id: I493317948264941b4788b100a0b0bc13d2698acf
Python2 match routines for x509 fields are broken and have to use
the DNS field for ip addresses.
The problem is that if you use ipv6 addresses in the DNS field,
urllib3 fails when trying to encode it.
Since python3 match routines for x509 fields are correct, this patch
disables the hack for python3, encoding the ip address in the
corresponding field only of the certificate.
Partial-Bug: #1794929
Depends-On: https://review.openstack.org/#/c/608468
Change-Id: I7b9cb15ccfa181648afb12be51ee48bed14f9156
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
Old-style test fails on Ubuntu when python3 enabled, with:
.../devstack/inc/python: line 52: [: 16.04: integer expression expected
Use bash-style test, which doesn't attempt to evaluate the RHS if the
LHS evaluates to false
Change-Id: If18031ab98c9060e5825c3a8d3c647bd3705cd9c
Closes-Bug: #1796174
It turns out that a host can have multiple valid default gateways,
something that's not common in ipv4.
This patches add supports for multiple default gateways in ipv6
environments.
Closes-Bug: #1786259
Change-Id: I30bf655f7160dd19c427ee79acdf145671a3e520
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
Legacy backup service support was recently dropped from cinder in
change I3ada2dee1857074746b1893b82dd5f6641c6e579 and we need to
adjust how we set the config option in devstack accordingly. This
updates the backup_driver option to specify a full class name instead
of only the module name.
Closes-Bug: #1794859
Change-Id: I3a72f38b564b8b83b233fccba7685833b6394d45
I'm switching tempest/dsvm jobs to run on
Ubuntu 18.04 LTS (Bionic Beaver) on openstack/manila,
and I believe this nodeset can be here
so other projects can use it too.
Change-Id: Ib8279cde3e14d5378f27254188ee14dbb0800428
Needed-By: https://review.openstack.org/#/c/604929/
The external_network_bridge option is deprecated/legacy and being
removed from neutron (see I07474713206c218710544ad98c08caaa37dbf53a).
This patch removes the external_network_bridge option iniset from
devstack scripts.
Change-Id: I4d9641cc9bb83719c9af1edabb89a63c4c2b1d96
That change introduces correct way of generating msg
for die in common systemd pitfalls.
Co-Authored-By: Szymon Datko <szymon.datko@corp.ovh.com>
Co-Authored-By: Piotr Bielak <piotr.bielak@corp.ovh.com>
Change-Id: I28aebffce6c5561360a9e44c1abc44b709054c30
This patch switches the CINDER_ISCSI_HELPER from tgtadm
to lioadm in openSUSE distros, as it increase the performance
and reduce the flakiness on some tests.
Change-Id: Ic3ee9c6baabe20f8f4d14246f6e29808796a5db9
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
Allow the setup-devstack-source-dirs role to accept a target role
to be setup - when available - for the repos.
Change-Id: Iebcba0d4be6d9d71b783e10a82c35a406afbd6bf
legacy-periodic-tempest-dsvm-oslo-latest-full-master
runs only on master, remove it. This needs to stay in project-config.
Change-Id: I81e66ddb0976bb4bb7a7cd8efbbae3bda551191d
the swift and devstack-plugin-ceph jobs have been renamed, follow rename
and use in-repo jobs.
Depends-On: https://review.openstack.org/543048
Change-Id: Idccc21e47b2cc04e5eeab4db7f7fb7cf156f8049
Given that Natty and other releases that don't use cgroups have been out
of support in Ubuntu for years now, it's high time we removed the
special case code block that sets up the cgroup mount.
Change-Id: I5403a4b1b64a95236b4dfcb66c35c594a3460cca
This is a mechanically generated patch to switch the documentation
jobs to use the new PTI versions of the jobs as part of the
python3-first goal.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I338fc71919a41ec890bcb5edd0552ec7eb680eb5
Story: #2002586
Task: #24327
This is a mechanically generated patch to complete step 1 of moving
the zuul job settings out of project-config and into each project
repository.
Because there will be a separate patch on each branch, the branch
specifiers for branch-specific jobs have been removed.
Because this patch is generated by a script, there may be some
cosmetic changes to the layout of the YAML file(s) as the contents are
normalized.
See the python3-first goal document for details:
https://governance.openstack.org/tc/goals/stein/python3-first.html
Change-Id: I9169d41d790ae874af29c8ceccf0c55ab0df7727
Story: #2002586
Task: #24327
During Rocky cycle, horizon updates the path of the wsgi wrapper
to the one recommended by Django [1]. The old path will be dropped
in the T release.
[1] https://review.openstack.org/#/c/561802/
Related-Bug: #1763204
Change-Id: Ie942518b587d193a7de55ffcc0a2848406146eb2
In the latest version of Contributing to
DevStack manual.There are a few words to
say that "tools/build_docs.sh is used to
generate the HTML versions of the DevStack
scripts".But build_docs.sh is not there
since Newton version.So I delete it for
good.
Change-Id: I69f7aa23e1efd8f8a63aa79628e67378d524e173
Before this change, only *.log and *.log.[0-9] patterns were
ignored, which was not enough. Examples of file names which were
not ignored:
devstack.log.2018-08-09-100547
wget-log
wget-log.1
Patterns *.log.* and *-log.* work for every log file generated by
devstack.
Change-Id: I6f0de5de74f196ab9df66cf3f2f969e53da01c22
Signed-off-by: Michal Rostecki <mrostecki@suse.de>
Set 'PUBLIC_INTERFACE' in local.conf, so the code will
be entered into _move_neutron_addresses_route of
neutron-legacy.
But if lack of sudo to run command arping, the information
"arping: socket: Operation not permitted" occurs. So add
'sudo' for 'ARP_CMD' of lib/neutron-legacy.
Change-Id: I8ac8a9bc2bbba049c45b28bf9b93d9a10e398fe6
Closes-Bug: #1783046
TEMPEST_AUTH_VERSION should be 'v3' or 'v2' not 'v2.0'.
To disable the identity v2 admin tests TEMPEST_AUTH_VERSION is
being compared with 'v2.0' which is incorrect.
Change-Id: I5f7e3bcf733edbbee06016bcad4845dda552815e
There is no projects using this and allows openstack-infra to delete
fedora-27 images.
Change-Id: I37d482dd2b5e099c370ab693ff430cb9c56360f8
Depends-On: https://review.openstack.org/588369
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The RPC transport_url for keystone was being set in the DEFAULT
section, even though keystone doesn't do anything with it. Instead,
keystone leans on the [oslo_messaging_notification] section from
oslo.messaging to register the transport_url option.
This change sets the transport_url in the proper section instead of
using the DEFAULT section.
Change-Id: I11590d0175da7ea310d5529f2d7c0bf8d7fb25b3
This patch provides a new mechanism to deploy Neutron using
WSGI script. This also starts a Neutron RPC server process
when the Neutron API is loaded via a WSGI entry point to
serve the agents.
Co-Authored-By: Victor Morales <victor.morales@intel.com>
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Change-Id: I16a199b04858bfc03ef50d9883154dba8b0d66ea
Depends-On: https://review.openstack.org/#/c/580049/
Partially-implements: blueprint run-in-wsgi-server
The neutron guide refers to ENABLE_PROJECT_VLANS and
PROJECT_VLAN_RANGE but these are not present/checked in the code,
which uses ENABLE_TENANT_VLANS and TENANT_VLAN_RANGE. This
corrects the documentation to match.
Change-Id: I204356c861157e9fab357bb4dde55185bf18a707
The tempest-multinode-full job is running the c-bak
service on the subnode where swift isn't running, and
because of the "is_enabled_service swift" check, cinder
on the subnode wasn't getting configured to talk to
swift so the c-bak service was down. Since chances are
good that we're running swift, just configure cinder
to always use it.
Change-Id: I86b090967dadeeefc017ff0311beeea9441b6ba6
Closes-Bug: #1783128
Recently, Keystone renamed "Member" role to "member"
(case-sensitive) with https://review.openstack.org/#/c/572243/14
Case-sensitivity role requirement in Keystone was recently
formalized with https://review.openstack.org/#/c/576640/
From the above reference:
"Role names are case-insensitive. for example, when keystone
bootstraps default roles, it creates `admin`, `member`, and
`reader`. If another role `Member` (note the upper case 'M') is
created, keystone will return a `409` Conflict since it considers
the name "Member" == "member". Note that case is preserved in these
cases."
It follows that Tempest should use "member" role by default.
Change-Id: Iebf04fdb4c195b6779c74f66da3f7822cf174494
These seem to be not run for quite some time and they don't
succeed anymore - drop the code to avoid somebody accidentally
running it and wondering. A good example of "if it isn't tested
its broken".
Depends-On: https://review.openstack.org/583146
Depends-On: https://review.openstack.org/583147
Change-Id: I99e8a5ca2925217a5a2401984f3f4f6f032017be
token.provider.drvier.uuid and token.driver
has been removed from keystone[1].
Devstack has reference/setting of those config
options which is confusing for user and it can
lead to import error like[2]
This commit cleanup the devstack bits of removed
config options.
bp removed-as-of-rocky
[1] https://blueprints.launchpad.net/keystone/+spec/removed-as-of-rocky
[2] http://paste.openstack.org/show/725391/
Change-Id: I29b3b356622c485c4c1046679234a38e7b645071
When setting up a 3pci zuul, there is an edge case where a downstream
zuul may already have openstack/foo projects, eg:
review.rdoproject.org/openstack/foo. In this case, if openstack
projects are not namespaced to include the connection information zuul
gets confused and complains. We can avoid this by using the fqdn for
git.o.o for devstack jobs and both upstream and downstream zuul will
properly use the correct connection.
Change-Id: I01419ea9f51ce7491aa319b6240aec9c0d4f2356
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Don't specify hypervisor_type=vz property for hds images as nova
now reports only really connected hypervisors and not all supported
by a compute host
Change-Id: Ibec0856519ffe593d44d123f3b401eae19f7d95a
On some slow system with recent version of
Elasticsearch we saw that the service
becomes ready after more than 1 minute.
Change-Id: Id2b21ab24a96d10fffdcccd652a7d3ec4e8ce39c
With the move to flask, Keystone does not utilize paste-ini. This
patchset removes the paste-ini support from devstack for Keystone.
Change-Id: I8dd629937c9178660992fd648175dbef80ffa3c2
When we change the name of compute host then devstack is breaking
because it is using default host name from host.
How to change compute host name in local.conf
[[post-config|$NOVA_CONF]]
[DEFAULT]
host = foo
Change-Id: I4d4392f1f58f0431b10764610668565af88d392f
Signed-off-by: Prabhat Ranjan <pranjank@in.ibm.com>
The commit e95f2a3664 broke
networking-ovn (and potentially other ml2 drivers) by making the config
parameter mandatory. It doesn't need to be.
Change-Id: I0d5738ac3a6d27ddb7655835d77689409a6ff6f4
Bring along the required rpms for the ride on Fedora 28 (we really
should find a way to maybe do f* or something to avoid this
... consider it a todo :)
Change-Id: I37fd38de9baab478c86d23ea2cebca59dc8a5ed1
I'm not sure what the history of the (capital-D) Django package or
pyxattr; they've been there for a long time and should just be
installed like other dependencies these days.
Change-Id: I423230cc5cbb13d2cfb7b926a9571a8157ce5c46
The nova-conductor service running in the cell
needs to be configured to talk to neutron for
things like deallocating networks during server
build failure. This changes the configure_neutron_nova
flows such that the top-level nova.conf is configured
as before, but we also configure each nova_cell*.conf
cell conductor config files to also be able to talk
to neutron.
Change-Id: Ic5e17298996b5fb085272425bb3b68583247aa34
Closes-Bug: #1777505
Keystone now provides a set of default roles in addition to `admin`
by default [0]. This is done during the `keystone-manage bootstrap`
process.
This change aligns the `Member` role override from devstack with the
`member` role provided from keystone.
[0] https://review.openstack.org/#/c/572243/
Change-Id: I3da3530aa73a8a1500116bcefdcba7b947d5e05e
Closes-Bug: 1777359
This automatically always adds the project under test to LIBS_FROM_GIT
which effectively makes the normal "tempest full" job the same as the
"forward testing" job when it is applied to a library repo.
Change-Id: Ibbdd8a86e0ff55f67bef73e08e693b34a61b24df
This has all been around for a *long* time, like when dnf was a weird
new thing. Now it's the opposite and yum is a weird old thing :)
Choose it by default for platforms with it (Fedora, for now).
Change-Id: Id2bd7d145354b996de31944929fd0267ec24a08e
The function was using an undefined variable to show the version of
python3 being used.
Change-Id: Ibc956975d620ed5174de8823f9c202a680c56aaf
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
We want to default to running all tox environments under python 3, so
set the basepython value in each environment.
We do not want to specify a minor version number, because we do not
want to have to update the file every time we upgrade python.
We do not want to set the override once in testenv, because that
breaks the more specific versions used in default environments like
py35 and py36.
Change-Id: Id83cb3cdd62517045c45388f88cb3de0e3d75da1
Ceph for example uses them. Creation already worked, but not
updates of existing keys.
Closes-Bug: 1774956
Change-Id: I20cb61c08079b9cd9ad56ac875525abf1442bff6
This makes three changes:
1. The quota options set when using the fake
virt driver have been renamed so we're getting
deprecation warnings on using the old names.
Rather than set each quota limit value individually,
we can just use the noop quota driver for the same
effect.
2. The enabled_filters list for the scheduler was last
updated when using the fake virt driver back in Juno
via Ic7ec87e4d497d9db58eec93f2b304fe9770a2bbc - with
the Placement service, we don't need the CoreFilter,
RamFilter or DiskFilter. Also, in general, we just
don't need to hard-code a list of scheduler filters
when using the fake virt driver. If one needs to set
their own scheduler filter list, they can do so using
the $FILTERS variable (or post-config for nova.conf).
3. The largeops job, which ran the Tempest scenario tests,
has been gone for a few years now, as have the Tempest
scenario tests, so the API_WORKERS modification when
using the fake virt driver should be removed. If we had
a CI job like the largeops job today, we would set the
worker config via the job rather than in devstack.
Change-Id: I8d2bb2af40b5db8a555482a0852b1604aec29f15
We use $API_WORKERS to throttle the number of workers
in other services but were not doing it for g-reg for
some reason, which by default will run ncpu workers
up to a limit of 8.
Change-Id: Idc81ce05546e6d625c10e2229256eafbe7c057a5
Closes-Bug: #1774781
Some commands must be run as a separate group to work. Users can use the
'sg' tool to do this.
This may be assumed knowledge for many users but it's helpful to note in
this, the definitive resource for DevStack's systemd integration.
Change-Id: I271c1d21b44fa972c152780c1caa01c21c265159
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The same code is already in place for the new lib/neutron library, allow
this functionality to be used also when the neutron legacy services are
still being deployed. This was mangled in [0].
[0] I868afeb065d80d8ccd57630b90658e330ab94251
Change-Id: I7214c4893943fbfbeb42ad140f433eecd6c3e9f0
dosfstools provides mkfs.vfat which is needed if n-cpu is
configured with 'config_drive_format=vfat'.
Change-Id: If1e1537a079e71847d91ae03ed0c18290a467c4e
Related-Bug: #1770640
openvswitch firewall has been in Neutron tree since Newton and has gone
through lots of improvements since including simple upgrade path from
the iptables hybrid driver.
We have a tempest job running in Neutron tree with openvswitch firewall
that's been voting and stable for a while. For neutron_tempest_plugin,
we have had the openvswitch firewall in use since the beginning.
This patch proposes openvswitch firewall driver to become a default
driver for openvswitch agent deployments.
Change-Id: If26d0180e459210511f25f1faa83dd8ccea25ff4
Change 12579c3db7 moved console-related
settings from the global nova.conf to the per cell nova_cellN.conf
because of a recent change in nova that moved console token
authorizations from the nova-consoleauth service backend to the
database backend and thus changed the deployment layout requirements
from global console proxies to per cell console proxies.
The change erroneously also removed console configuration settings from
the nova-compute config file nova-cpu.conf because the nova-cpu.conf
begins as a copy of the global nova.conf.
This adds configuration of console proxies to the nova-cpu.conf in the
start_nova_compute routine. The settings have also been split up to
clarify which settings are used by the console proxy and which settings
are used by nova-compute.
Closes-Bug: #1770143
Change-Id: I2a98795674183e2c05c29e15a3a3bad1a22c0891
* v3 is a superset of v2 and has been the defacto Cinder version for
several years now.
* Devstack installs Cinder v3 API by default, so the default environment
variables should reflect this.
Change-Id: I86e1ae4e020e2be043cf8e190d7959b65b6c093c
Change 969239029d4a13956747e6e0b850d6c6ab4035f0 completed the
conversion of console token authorization storage from the
nova-consoleauth service to the database backend. With this change,
console proxies need to be configured on a per cell basis instead
of globally.
There was a devstack change 6645cf7a26
following it that re-enabled the novnc tempest tests, but the nova-next
job that runs the console proxies with TLS is *not* part of the normal
set of jobs that run on devstack changes (it's in the experimental
queue), so it was able to merge without the nova-next job passing.
This configures the nova console proxies in the per cell configuration
file if cells v2 is configured for multiple cells in order to pass the
nova-next job.
Closes-Bug: #1769286
Change-Id: Ic4fff4c59eda43dd1bc6e7b645b513b46b57c235
To help avoid the amount zuul.yaml chrun when we bring a new version
of fedora online, switch to using fedora-latest. As of writing,
fedora-28 is the latest release which we update our testing for.
Also add fedora-28 support to stash.sh and remove fedora-25 /
fedora-26 as they are EOL.
Change-Id: I3d716554e8f270f4434cc9cac3408f8e890e0665
Depends-On: https://review.openstack.org/565758/
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Nova has dropped support for non-resource class
baremetal scheduling, so the IRONIC_USE_RESOURCE_CLASSES
flag is no longer useful and has been removed.
Depends-On: https://review.openstack.org/565805/
Change-Id: Ib2e6c96409c98877f6a43b76f176c1420d2d415e
In a multinode setup, the compute node needs to report to the
placement service. If it does not do so, it effectively does not exist
from the scheduler's point of view. This patch adds placement-client
to the compute node's ENABLED_SERVICES so that this can happen.
Change-Id: Ibfcd84e4626301bcdea70f719ade7f8365d03497
cinder does not yet support operations without project_id in the url.
The unversioned endpoint is not a usable endpoint for a user that
requests the block-storage service. Although it would be lovely to have
the block-storage service have the unversioned endpoint in the catalog,
we need to get project-id out of the urls first.
Change-Id: I4246708b6ea31496ba4d565ab422abc76f730ee7
Needed-By: https://review.openstack.org/564494
Once the nova patch series that converts from the nova-consoleauth
backend -> cell database backend lands, we can re-enable the novnc
tests in tempest.
Depends-On: If1b6e5f20d2ea82d94f5f0550f13189fc9bc16c4
Change-Id: I2939191a1c3ce49fa2104b4ffdf795fc416a1c33
Along with converting to the database backend for console token auth,
the console proxies need to run per cell instead of globally. This way,
the instance UUID isn't needed in the access url as users will be
handed an access url local to the cell their instances is in. With
console proxies sharded across cells, a large cloud will no longer have
a bottleneck of one console proxy for the entire deployment.
This also disables the novnc tempest tests with a TODO to re-enable
them once the nova patch series that converts from the nova-consoleauth
backend -> cell database backend lands.
Change-Id: I67894a31b887a93de26f3d2d8a1fa84be5b9ea89
With change I7e1e89cd66397883453935dcf7172d977bf82e84 the placement
service may optionally use its own database. In order for this to
work, however, the ordering of how both nova and placement are
configured and initialized in stack.sh requires careful control.
* nova.conf must be created first
* then placement must make some adjustments to it
* then lib/placement needs to create the placement database
* before nova does a database sync (of both databases)
Otherwise, when the placement_database/connection is defined, the nova
db_sync command will fail because the placement database does not yet
exist. If we try to do a sync before the nova_api database is created
_that_ sync will fail.
This patch adjusts the ordering and also removes a comment that will
no longer be true when I7e1e89cd66397883453935dcf7172d977bf82e84 is
merged.
Change-Id: Id5b5911c04d198fe7b94c7d827afeb5cdf43a076
The n-novnc service only runs on the controller node, however novnc
settings must be enabled on both nodes for vnc to work, since both
hosts are compute hosts.
Change-Id: Icc29441f507e6e4df9fd900eb7f35b0862f52043
For compute migration to work, the stack user needs to be configured
with passwordless ssh between all hosts involved in the migration.
Reuse the build ssh-key for this, which is already distributed for
user root.
Depends-on: https://review.openstack.org/563584
Change-Id: Id07f55fea06509466add35315c135dbfba6aa714
This commit just makes sure that the configuration file for keystone
exists on the system. We use iniset to actually populate the values
we want before we run keystone anyway.
This results in a cleaner configuration file that isn't bloated with
comments and help text.
Change-Id: I7a1f879e9e242a11e2c4663ec116e33da28db7f5
If a project shows up in zuul's required-projects list, add it
to LIBS_FROM_GIT automatically. This way, when a user specifies
that a job requires a zuul-project, it gets used in testing, but
otherwise, it doesn't (pypi is used instead).
Also add information about what happens behind the scenes for both
LIBS_FROM_GIT and plugin dependencies.
This moves the check performed in check_libs_from_git to
a helper function which is installed for most kinds of
installations. This means that if someone sets LIBS_FROM_GIT to
"foobar", devstack won't error anymore, as nothing is going to
try to install foobar, therefore the check won't run on that.
However, as we move to automated generation of the local config,
that error is not likely to happen. This check was originally
added due to an error in the upper-constraints file (where a
constraint name did not match a package name). This location of
the check would still catch that type of error.
Change-Id: Ifcf3ad008cf42d3d4762cfb3b6c31c93cfeb40db
It looks pip 10 failed the uninstallation of distutils installed
packages. This patch temporarily cap the version of pip to work-around.
Closes-Bug: #1763966
Change-Id: I8bf80efc04883cd754c19bea0303064080112c6e
This commit applies the constraints for the tempest plugin installation
so they won't go over the upper reqs.
Closes-Bug: 1763436
Change-Id: I5cf91157bbdae79dec01d5b3db32efea21f1b2b7
In Tumbleweed genisoimage was dropped in favor of cdrtools,
so installing that no longer works. We can however install
mkisofs directly and switch to that as that is also available
in Leap 42.3 and Leap 15.0+ family distros.
Also drop dependency on libmysqlclient-devel which appears
unnecessary (and is no longer available with mariadb 10.2+)
Change-Id: Ie8402204b6cdf94c21865caba116d3fd1298c5ad
There is currently a OVS 2.9.0 update in Tumbleweed that
fails to start as it is having a race with systemd on creating
the home directory. Workaround is to run it as root for now.
Change-Id: Ief610c6473834b02a1d644d8f50d11138a48e6e6
In Queens and later, the application credentials feature is available on
keystone and enabled by default. It should be tested in devstack.
Depends-on: https://review.openstack.org/545627
Change-Id: I4b0dc823487e79df16e1e603012ba4a7dc438389
guides/devstack-with-lbaas-v2 contained an indentation misstake,
that formatted some of the text unintentionally as quotations.
Change-Id: Ibbad4974c45f028d3de461ba69e0cea837d9c871
The [placement]/os_region_name config option is deprecated
and no longer required to be set (the default is fine for
devstack) with the dependent nova change.
Depends-On: I973180d6a384b32838ab61d4e6aaf73c255fd116
Change-Id: I6379acf179ed511f1cdadbd7fb09e2454182a5d3
Devstack supports deploying an LDAP server and configuring keystone
to use it, but we didn't have any documentation for it. This commit
adds some basic documentation that should help developers setup
LDAP-backed development environments.
Change-Id: I8ba07d73f52cb7f575ff2953977e9fdcade92d83
For folks who are doing functional testing with less than the full set
of normal base services. Should be a no-op/ignorable for most people.
Change-Id: If14ee018c01995e0a5b6bcdaac9ddc8810c6d503
This makes sure that it is available to subprocesses like the other
authentication data.
Change-Id: I513b7c2620b171ce20a1ceb5536226f3a69f2b82
Closes-Bug: 1760901
Fix a few path issues where we didn't properly use NOVA_BIN_DIR /
SWIFT_BIN_DIR.
This is part of the effort to start using a virtualenv for openstack
services.
Change-Id: I6eb383db65cc902c67c43e5cb1a16a9716a914b2
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
In I5103b4331a8d7c5660848fc148ebe4139ce6dad9 it was noted that the
comment was wrong. While this has no functional impact let's clean it
up while it's fresh.
Change-Id: Ia6cf8125214c69f8289fa7cff948afc10801ed2f
This updates the default ETCD_VERSION to the latest 3.2 etcd release,
v3.2.17. 3.2 is chosen as it is packaged in bionic and fedora; we
hope to move to packaged versions for distros that support it in due
course.
This version supports arm64 and ppc64le which were not supported by the
previous default, v3.1.10.
We have removed the override to tarballs.o.o, as these files are now
cached as described in [1]
[1] http://lists.openstack.org/pipermail/openstack-infra/2018-March/005871.html
Depends-On: https://review.openstack.org/556688
Change-Id: I5103b4331a8d7c5660848fc148ebe4139ce6dad9
When nova-manage db sync runs on cell1 in superconductor
mode, the [api_database]/connection config option isn't
set in the config file on purpose so the cell can't
reach the API database.
As a result, the db sync on the cell config can't hit
the API DB to sync cell0, which is not something we need
here anyway, but it results in an error message.
This tells the cell config db sync to just run it on the
cell database and not try to sync cell0.
Change-Id: Iac092762decd6de9e90e264f2998d255e8e40d00
This updates the UCA usage from Pike to Queens. As a result,
the various volume multiattach checks can also be removed
because the Queens UCA has libvirt 4.0.0.
Change-Id: Icb971831c8d4fe5f940d9e7993d53f1c3765e30f
This PS adds the project_tags identity feature flag which allows
identity v3 project tags API functionality to be enabled for
releases after Pike. Once Pike is no longer supported in Tempest
this feature flag can be removed.
Depends-On: Ibaec1df79c9ac69c65cf5075c3519092bc609546
Change-Id: Iec6b34c10ea1bd7103720c773b48ce130643115d
I had to dig into the stack.sh code to figure out why
my tempest.conf post-config wasn't work, and it's because
post-config isn't the thing to use to configure tempest,
test-config is.
Change-Id: Ic5bbe36b5d44880d0a3a602f653b4f61fd89e9c8
Related-Bug: #1755947
Add the upcoming release Ubuntu 18.04 Bionic Beaver to the list of
supported distros. Drop the now unsupported 17.04 (zesty) instead.
Change-Id: Iea0b4bfdc510797f7886fac96eff6fdfb730252d
The patch to remove the use of the test-matrix [0] also switched from
using the neutron-legacy based service names (q-*) to the new neutron-*
names. However it turns out that the new implementation is not yet working
properly for most neutron-consuming projects, so we switch back to the
previous situation for now.
[0] https://review.openstack.org/546765
Change-Id: Id6de87211d6c4ea8fd14aa9203d8d5b17e9e2f04
Cinder supports both noauth and keystone auth mode. So now we can
configure this value via local.conf:
[[post-config|$CINDER_CONF]]
[DEFAULT]
auth_strategy = noauth
Change-Id: I1e434362117ab30dae71a8f3a80bc139e78f51bc
The -C option is not available in git versions older than "1.8.5" which
are still shipped by several distributions including centos 7.
Due to this incompatibility the patch has broken third party CI for
Cisco on Ironic.
Change-Id: I09a6f83f8b2fee870e6e1c50cbfdf2da4d70dfb2
This adds the necessary fixes to pass a devstack run
on openSUSE Tumbleweed. Also removes opensuse 42.2 as it
is EOL for some time already and no longer actively tested
in the OpenStack infra.
Depends-On: I1b68c08c07cf6653ea58506f738cbe0054b38f3a
Change-Id: I2894482deef063fd02b0818c695a2ddbf6767039
Document that orchestrate-devstack requires a linear strategy in the
invoking play. Also enforce the strategy in devstack.yaml.
Change-Id: Ia081225ec2be959fc5a4ddfd491f526296a8ca10
- There are some locations where we need the raw IPv6 address instead of the
url-quoted version enclosed in brackets.
- Make nova-api-metadata service listen on IPv6 when we need that.
- Use SERVICE_HOST instead of HOST_IP for TLS_IP.
Change-Id: Id074be38ee95754e88b7219de7d9beb06f796fad
Partial-Bug: 1656329
Document how to map DEVSTACK_GATE flags into the zuul v3 ansible
world. This is just an initial structure, the idea is to document
most of the flags as well as provide example in-line and links to
finished jobs.
Change-Id: I377ebb529bcd8f4971906563c577e8cfc48b98e6
Add inline documentation to jobs and render it in the jobs doc page.
Adjust the roles page to match jobs for title and filename.
Change-Id: I47a2b4b379c8517b0dea59a75943f3f871c29046
Extend the devstack job so that it can support both single and multinode
cases. Multinode mode require extra settings in devstack configuration,
some of which as subnode specific, some controller specific.
Also keep a simple devstack-multinode job defined for now so we can run
a multinode job in devstack gate, until the full tempest multinode job
is ready to match the old
gate-tempest-dsvm-neutron-multinode-full-ubuntu-xenial-nv.
Fixing multinode also requires sharing the CA configuration between
controller and peers, overlay network configuration for communication
between virtual machines and running discover_hosts for nova after the
subnode has been setup.
The extra orchestration required for multinode is encoded in a
dedicated role to allow for jobs in other repos to re-use it.
Change-Id: I2dcbd9bdb401860820e655d97aa3c4775af2827f
The openstack-ansible team found a regression in Queens when setting
the compute RPC upgrade_levels to 'auto' on a fresh install before any
computes had started up. The dependent change fixes the issue in nova
but for future proofing against this sort of issue again, we can set
the compute RPC upgrade levels in devstack to 'auto' for fresh installs
as well. Note that grenade already sets 'auto' for compute upgrade
levels, which is why we didn't catch this in grenade testing with the
compute RPC 5.0 version bump that caused the issue.
Depends-On: https://review.openstack.org/549737/
Change-Id: I07f34dbc09b6108ba8f5b2a83a28c75eb42be495
Related-Bug: #1753443
The legacy-tempest-dsvm-cells job is being moved into the
nova repo and renamed to nova-cells-v1. This change adds
the new job name to the in-tree definition of the experimental
queue jobs that run on devstack changes. A project-config change
will depend on this patch to undefine the legacy job name from
being used on devstack changes.
Depends-On: https://review.openstack.org/549780
Change-Id: I22fa1411809c46ffc423e0dd1cde0d8f40362635
With I4161e1f1c8d47070dd35fad38b00715438d94eb2 and
I37fe007dc6f387d43cbaf55771027718005ac40d we have removed most of the
legacy experimental jobs.
Add a short note so we don't go back to the Hotel California model of
"you can check in but never check out". With zuulv3 it is possible to
have self-testing changes for testing indiviual jobs. Experimental
should be for things with wider application to run against all
changes.
Change-Id: Ibfb902b17a8f7d5355689f2a584c061c001df0d8
The role that sets up the user and its home folder must ensure that
the home folder is owned by stack as well.
Change-Id: I2e72d7b9d68a2a14f8a148ef82cbb3f569bd1cea
Emit a disable_all_services and define which service we run in
the job directly. This drops the dependency from the test matrix,
from devstack default list of services and it makes it easier for
jobs to add/remove services based on the list in the base job.
Change-Id: Ib1debefd541b933dbfc54d484c263cc0ed60423d
/tmp is a world writeable directory, so using hardcoded filenames
in there is just a bad coding style (susceptible to symlink attacks).
Avoid using it to not give a bad precedent.
Change-Id: Ia66763a0e4714f2226e98dbd85600b2035bd5088
Cinder change I5231f8fe3399deb9c57e6efb121d0d008dc9c7f4
replaces iscsi_helper with more general one.
Change-Id: I49fe0365b170e5a5b0449d80003bcf970e4c191d
the shell script used is actually being run thru 'sh', not bash,
which does not understand "[[" test operators.
Explicitly run this script with /bin/bash instead.
Change-Id: I551d2631bcb6aef49550d69b3830ffcb509abfb7
Define an abstract job devstack base that does not require any
project apart from devstack. This job defines basic devstack_localrc
settings that are common to any devstack job (mostly to work with
infra) and devstack_services to emit "disable_all_services" so to
cancel any devstack default.
The variables are defined as global ones as well as host-vars for
the controller and group-vars for peer nodes, so that any
descendent job may extend them, thanks for Zuul dict merging.
Change-Id: I2cdb723f6ee209683044fecec59ff7b510a2752b
If user try to create a server in local script before nova cells is
configured, it will run into the following error:
Host 'x' is not mapped to any cell.
Change-Id: I4fe76865fd6e16d5beb5ed9e5d6a9f3542e990a5
The function was introduced in [0] using a hardcoded timeout of 60
seconds which turns out to be too small on slow machines. Create a new
global variable NOVA_READY_TIMEOUT instead so that users can
override the timeout if necessary.
[0] I32eb59b9d6c225a3e93992be3a3b9f4b251d7189
Co-Authored-By: Mohammed Naser <mnaser@vexxhost.com>
Change-Id: I0cd7f193589a1a0776ae76dc30cecefe7ba9e5db
The xen tools have been moved to the project of *os-xenapi* since
os-xenapi 0.3.0. We also did some refact work on these tools in
os-xenapi. This commit is to remove these tools from devstack. So
that os-xenapi will be the single place for xen tools.
Change-Id: I4fdbe6bce12dfedd0d1e975ab8dd624ee3740c11
We've called the jobs that don't run on our main Ubuntu targets
"platform" jobs; start at moving these jobs to native jobs.
Depends-On: https://review.openstack.org/541010
Change-Id: Ib64d91206a9ac677f4d77873bc54c6a84702d6c3
All the evidence from [1] suggests that on opensuse swift-init is not
detaching the daemon process correctly. It's possible there's a pipe
still in play that somehow holds our ansible-streamer open.
This is a minimal fix to avoid swift-init. Although it's possible in
non-default paths to still use swift-init (and hence possibly hit
another variant of this issue), after discussions with swift
developers it was decided the intersection of tests running under our
current ansible, on suse, that would enable these services is
sufficiently small that this is the best course for now.
[1] https://storyboard.openstack.org/#!/story/2001528
Change-Id: I1b68c08c07cf6653ea58506f738cbe0054b38f3a
As described in the documentation, this flag is intended for the case
where the console output is being captured by a tool that appends its
own timestamps.
In the gate this is the job-output.txt. We want the console output as
people like to watch that scrolling by as part of the live console
log. Although this gets saved to job-output.txt, we still want to
keep logging to the individual log files even though it's technically
a duplicate -- in the multinode case the job-output.txt gets
interleaved by all the running nodes; it's much easier to just look at
the individual log files. Also, people are used to it where it is :)
Change-Id: I3486636f1c76139581f6cd9668426f507b7c621d
I started running this with dib where we have pure python3
environments and it failed.
You can't have unbuffered text i/o in python3 for ... reasons? [1]
Changing the file to binary mode works around this. Python3 opens
sys.stdin in text mode, so we need to manually convert the unicode
strings to bytes before we write them to the binary file.
[1] http://bugs.python.org/issue17404
Change-Id: Iebb26f0d3c2347d262cbc10dfd0912840cd05878
Ansible complains:
The task includes an option with an undefined variable. The error
was: 'dict object' has no attribute 'RedHat'
which is just a mismatch on the "Redhat" string
Change-Id: I447038256561740c224c68388fa5b6a068cc8fed
By default stat is pretty verbose, we can set no_log: true to avoid
adding this info to our logs.
Change-Id: Ia18ebfe179443382cc670ffc4363ab037c43bb85
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Round 2 to add no_log to more things. Specific looping over stats, it
is pretty noise in logs and doesn't seem to add any value.
Change-Id: I580171e0061fa331f3ed510713f1ac7a1a6cb5ea
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
With CentOS 7, ansible is expecting to have RedHat as an attribute for
the dict so Discover configurations task fails with an undefined
variable error.
Closes-Bug: #1750573
Change-Id: I5bf9c4057ca9f75d730add9e429d0ef050c6d900
Since blueprint placement-claims in Pike, the Nova FilterScheduler
uses the placement service to make resource allocation 'claims'
before sending the build request to the chosen compute host to
perform the legacy style resource claim. This allows us to safely
scale out the number of scheduler workers when using the FilterScheduler.
The [scheduler]workers option defaults to ncpu if using the
FilterScheduler (which is the default scheduler driver) so to avoid
out of memory issues, we need to set $API_WORKERS scheduler workers
if using the FilterScheduler in devstack.
Depends-On: Ifdcd363d7bc22e73d76d69777483e5aaff4036e3
Change-Id: Ieae234eb5388560b3f66bf60c156a91a8e831bc4
Somehow this feature was lost in the transition
from q-svc to neutron-api. This patch does not
modify the default behavior but allows specifying
the flag to false to prevent devstack from creating
the public and private networks.
Change-Id: I952672496d007552c0c4d83db0d0df9be50326fc
Signed-off-by: Josh <jhershbe@redhat.com>
Neutron functional tests want to use ubuntu cloud archive but it's
not possible to source the fixup_stuff.sh from a neutron CI setup
script. Break it up so that only the UCA portion can be executed
from neutron.
Change-Id: Ie18833bfa30f1789e63cbe9c86f5ece3453f43fb
The block-storage endpoint was added to the catalog, but in the suburl
case it was not added with the /volume suburl. This leads to find it and
attempting to use it but not being able to because it's mis-formed.
Needed-By: https://review.openstack.org/545117
Change-Id: I84721c8ae637417e4b01be9e546ff77c250fc149
One of the steps when we create a new stable branch is to
branch devstack, then update the default branch for most
repos to use the new stable branch for each repo.
This requires making multiple updates throughout stackrc,
and to further complicate things, there are some repo
branch variables for branchless repos that should not be
updated along with the others.
This can be error prone if not fully aware of these
exceptions. To simplify this process a little, this
patch adds two common variables - one that can be set to
the new stable branch name for all of the repos that
should be branched, and one that can be used for all of
the branchless repos to make it explicit that those
values should be left alone. The cycle-trailing repos
have until two weeks after final release to branch, so
also adding another variable for those to make it easy
to update them at a later time, separately from the
other repos.
Change-Id: I82aa19e739eeda3721bac1cb5153ad0bf2d1125a
The nova-next job is being moved from openstack-zuul-jobs
to the nova repo and so we'll remove it's usage from
project-config, therefore we need to define it's usage for
devstack here.
The related project-config change is:
I36d96f89b3e5323746fcbcef5cc7e4d0384a184d
Depends-On: I24a5f73c29094a23e2fdef8ee8b43601300af593
Change-Id: I28971dc7e5cb0b5cf9698e5251a7bb099e63f3db
In Change-Id Ia3843818014f7c6c7526ef3aa9676bbddb8a85ca the 'host'
setting used for each of the fake compute hosts was accidentally named
'nhost' ('\nhost' was edited poorly), so the setting doesn't actually do
anything: you create multiple nova-compute processes they think they are
all on the same host and only one hypervisor and resource provider is
created.
With the correction in place, the wait_for_compute function needs to be
updated to be aware of the fact that the hostnames on the compute
services will have a numeric prefix when the fake virt driver is used.
Change-Id: I5e8430d170c0b1c4f195ebe510aff8be59e4a3bc
In the run devstack role we specify a path to devstack_early_log then
hand it to stack.sh as a parameter which stack.sh does nothing with.
While looking at a fix for this it was pointed out that these early logs
make it into the job's output log now so we don't need a special file
for them. Rather than handle this as a special case just let the
job-output.txt log file pick up the logs for us which allows us to
remove this unneeded feature.
Change-Id: I9bedbe91c60257d94173b1c70676dd6c2b49dc91
This change mimics how fixed_key would actually be deployed in a real
world environment, with a single key shared across Nova and Cinder
across all hosts.
Change-Id: I50a48e2da57a1cc1ecd250150ea6e9c3745baaca
The role is logging a lot of useless data with all the stat info
from various config and log files. Remove verbosity using no_log.
Change-Id: I72c721573ffc4a14adc3e2b29285c1071b7ec4f7
In some environments it might be useful to resolve the hostname to
an IP address that is reachable by other hosts in the local network.
If some of the configuration scripts have taken care of putting
a proper line in /etc/hosts, do not try to override it by appending
a 127.0.0.1 one.
Change-Id: I7ae20a66c473b0c683803cc44654cd95fcce3639
Closes-Bug: 1746751
Castellan switches the `api_class` config option to `backend`. The change
is still backwards compatible with the old `api_class` setting, but cinder
already updated to use the new option (see I5e46c738531d5d56777e91a00f4cee9531356f2e)
and it is better to use the new setting.
Change-Id: Ib609c82e7076d19676baaf4f08abd79ea11db0e3
There is no way to upgrade ironic before nova because of
grenade design. In multinode job we do not restart nova
as we test partial upgrade of ironic there.
On slow nodes upgrading ironic takes time and nova looses
ironic connectivity
This patch increases api_retry_interval and api_max_retries
to make sure we have a time to upgrade ironic before nova
compute stuck.
Change-Id: I3b1429d6561431a82edda04a0e574cac38771837
Allow users to auto-create a neutron non-flat providernet public network
and use it for external router interfaces. By default, keep the existing
flat network type behavior.
Change-Id: I64f71b0c9fcac97b9b84b7d30ee61659b2a690f1
We have already established the correct version of Python to use during
installation, either automatically or through user-provided information
(USE_PYTHON3, PYTHON3_VERSION). Don't do it again.
Change-Id: I7bdf2be9a885994bf2c437dd104048a1ff2f6666
Closes-Bug: #1744096
Added NEUTRON_DISTRIBUTED_ROUTING to more easily control DVR
configuration. If set to True, DVR will be enabled and the
default agent mode will be set to 'dvr_snat' since that works
with all types of routers by default. Advanced users can
override that by setting NEUTRON_DVR_MODE, for example in
multi-node configurations where different agent modes are
desired.
This should bring lib/neutron inline with lib/neutron-legacy
in supporting all the different DVR modes.
Change-Id: I9f25921eefc5b935aad3bb1edc5e41ee0ce43a84
Tempest is going to test volume v3 APIs as default
in gate and running a separate job to run tests on v2 APIs.
To give this ability, this commit provide a var to tell
which API version need to be tested and accordingly it
configure the catalog_type and microversion setting on tempest.
Change-Id: I531f3b32e81ac5d282461597ca286c09429cb143
Needed-By: I0c9193501eb9eaa25eb5f0786bb72eb7855099fb
The loopback device is created for ceph osd. If the directory
${storage_data_dir} has been mounted when create disk, we should
umount ${storage_data_dir} instead of ${storage_data_dir}/drives/sdb1.
Change-Id: Ie9fe81c820c485dab9f049cf5a81c02424925728
Closes-Bug: #1689089
The current Glance config files are a combination of copied and
generated files. This patch makes all the files generated and
removes now unnecssary ini(un)comment statements. It additionally
removes some ini(un)comment statements that weren't having any
effect on the previously generated files.
Change-Id: I6e4b7694e8bebb7fe6661ead034ee257c768e342
This will enable us to run one etcd for devstack and another
for kubernetes in the same box if necessary
Change-Id: Ib71ded24727b80afd4d98eb68bade0f8c0f72311
The local requirements repo can be checked out to a stable branch,
in which case, the requirements might conflict with tempest's master
requirements.
Master branch's upper-constraints should be used when building tempest's
venv.
Closes-Bug: #1706009
Change-Id: Ifd64638cae2886671421149dbbff3a57f9c64257
Nova is gaining the ability to run TLS over the connection between the
novnc proxy service and the QEMU/KVM compute node VNC server.
This adds a new config param - 'NOVA_CONSOLE_PROXY_COMPUTE_TLS=True' -
which instructs devstack to configure libvirt/QEMU to enable TLS for the
VNC server, and to configure the novncproxy to use TLS when connecting.
NB this use of TLS is distinct from use of TLS for the public facing API
controlled by USE_SSL, they can be enabled independently.
This is done in a generic manner so that it is easy to extend to cover
use of TLS with the SPICE and serial console proxy services too.
Change-Id: Ib29d3f5f18533115b9c51e27b373e92fc0a28d1a
Depends-on: I9cc9a380500715e60bd05aa5c29ee46bc6f8d6c2
Implements bp: websocket-proxy-to-host-security
nova's instances directory may be a shared directory (ie nfs), in
these cases, we do not want to call nova_cleanup at startup since it
deletes everything under $NOVA_INSTANCES_PATH.
The nova_cleanup routine will still be called by the clean.sh script
which is fine since we're presumably cleaning up the whole openstack
cluster at that point.
Change-Id: Ieb4e5d0508d4ed4c5349c497554c5da2993c9cb0
Closes-Bug: #1649389
Since it's pretty common to see blogposts recommending to mount /opt/stack
remotely or editing inline the code, adding some notes about the potential
risk of a reclone that could impact weeks of work.
Change-Id: I733d40b76fb02d8edf3719533fc8202547771871
Co-Authored-By: Stephen Finucane <sfinucan@redhat.com>
2017-03-09 09:39:58 +00:00
219 changed files with 7508 additions and 8134 deletions
# note(trebskit): if HOST_IP points at non-localhost ip address, horizon cannot be accessed
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.