In Fedora/CentOS9, the PostgreSQL initialization fails with the
following message:
initdb: invalid locale settings; check LANG and LC_* environment
variables
This patch installs the required packages and configure the system
locale before calling the initialization process.
Closes-Bug: #2083482
Change-Id: I2c83e896819b20cd7a1ee8d8ee33354fb047a6d9
(cherry picked from commit e42e6f31a6)
This patch unsets the default value of MYSQL_GATHER_PERFORMANCE.
That will avoid the installation of ``dbcounter``. In older releases,
this installation is triggering an issue with the version of
"setuptools", that requires a newer version of "packaging" that is
being installed.
Depends-On: https://review.opendev.org/c/zuul/zuul-jobs/+/924815
Change-Id: I765d87c9c6899b19c2df84796bf92c0656a72d7a
Closes-Bug: #2073585
(cherry picked from commit 123ac1b8e8)
Only branches with stable/ as prefix were considered
but now we have branches even with different
prefix like unmaintained/, fix it to consider
such cases by using a generic filter instead of
assuming branch name starts with stable.
Change-Id: I967de13094ff6df46737a22d4e1758f9900dfbc9
(cherry picked from commit 4d69238383)
Conflicts:
stack.sh
Devstack-gate has been retired and relying on a retired repo for roles
in zuul produces errors (because the roles are no longer in the HEAD of
the repo). It doesn't look like devstack actually relies on these roles
in d-g (if it does they can be ported into devstack instead) so we just
drop the roles specifier for d-g in the devstack job.
NOTE(elod.illes): nova-ceph-multistore job is broken in this branch, so
it is set as non-voting in check queue and removed from gate queue
until it gets fixed.
Change-Id: I28a39b31f71153a602d41cefe621a216d09a290f
To facilitate that this change removes it form the default filter
list. By default nova has used placement for AZs so this filter
has not been requried since xena.
Change-Id: Ie5e216dd8c2a7ecf43cc6954ec4f73d4d67b5b3b
(cherry picked from commit ad029c0e8b)
(cherry picked from commit 0726a4f919)
This patch: https://review.opendev.org/c/openstack/devstack/+/882299
provides functionality, that commit hash can be passed as last arugment,
however when GIT_DEPTH is set, it fails, as in:
timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git ./ovn
--depth 1 --branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
fatal: Remote branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
not found in upstream origin
Closes-Bug: #2023020
Change-Id: I748354964a133e028e12458cc9014d6d014cbdb9
Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.
In order to install the rdo-release rpm from repo.fedoraproject.org,
which does not support EMS, I'm using a workaround to wget, which works
with non-EMS servers because it uses gnutls instead of openssl, and
install it locally with rpm.
This is also consistent to CentOS 8 implementatioin.
Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
(cherry picked from commit b2ad00cb66)
This increases the timeout we use to wait for cinder to perform a
volume reimage. Since devstack is often running on a single machine
with non-production IO performance, we should bump this limit to avoid
hitting it before the rebuild completes.
Change-Id: Ie2663b951acb0c1a65597a39e032948764e6ae6a
(cherry picked from commit 58c80b2424)
(cherry picked from commit 6767465bc5)
git_clone assumes a branch or a tag is passed as the last argument, and
it fails when a commit hash is passed, as in:
timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git
/opt/stack/ovn --branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0
Cloning into '/opt/stack/ovn'...
fatal: Remote branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0 not found
in upstream origin
Change-Id: Id1328d7cba418fa7c227ae9db4fe83c09fd06035
(cherry picked from commit e8915786e1)
Irrespective of build_modules is True
or False reload ovs modules always.
If ovs is installed from package before(like
with multi-node-bridge role), then installing
ovs from source requires openvswitch kernel
module to be reloaded.
The issue was not seen before jammy as there
module was reloaded when build_modules was set
to True.
Closes-Bug: #2015364
Change-Id: I1785b49b2ef72ca1f817f504d5ea56021410c052
(cherry picked from commit 42517968ff)
(cherry picked from commit f1d555d1e7)
These are a few tweaks I applied to my own memory-constrained cloud
instances that seemed to help. I have lower performance requirements
so this may make things worse and not better, but it's worth seeing
what the impact is. I'll admit to not knowing the full impact of these
as they're mostly collected from various tutorials on lowering memory
usage.
Enable this for now on devstack-multinode
Change-Id: I7b223391d3de01e3e81b02076debd01d9d2f097c
(cherry picked from commit 7567359755)
Creating multiattach volume is a non-admin operation but creating
multiattach volume type is an admin operation.
Previously cinder allowed creating multiattach volumes without a
volume type but that support is being removed with[1].
The change requires updating tempest tests[2] but some tempest
tests are non-admin, which require admin priviledges to create the
multiattach volume type.
Based on the last discussion with tempest team[3], the proposed
solution is to create a multiattach volume type in devstack,
if ENABLE_VOLUME_MULTIATTACH is True, and use it in tempest
tests. Similar to how admins create multiattach volume types
for non-admin users.
This patch creates a multiattach volume type if
ENABLE_VOLUME_MULTIATTACH is True. Also we set the multiattach
type name as a tempest config option 'volume_type_multiattach'.
[1] https://review.opendev.org/c/openstack/cinder/+/874865
[2] https://review.opendev.org/c/openstack/tempest/+/875372
[3] https://meetings.opendev.org/irclogs/%23openstack-cinder/%23openstack-cinder.2023-03-13.log.html#t2023-03-13T18:47:56
Change-Id: Icd3690565bf7b27898cd206641e612da3993703d
(cherry picked from commit 1898a683be)
(cherry picked from commit 16594b7b2a)
Conflicts: lib/cinder
conflicts due to nvme support being added in 2023.1
https://review.opendev.org/c/openstack/devstack/+/814193
Devstack set the env var TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE
which are used to use the constraints during Tempest virtual env installation.
Those env var are set to non-master constraint when we need to use non-master
constraints but when we need to use the master constraints we do not set/reset
them point to master constraints. This create the issue when running the grenade
job where we run Tempest on the old devstack as well as in the new devstack.
When tempest is installed on old devstack then old tempest is used and it sets
these env var to stable/<branch> constraints (this is the case when old devstack
(the stable branch is in EM phase) uses the old tempest not the master tempest),
all good till now. But the problem comes when in the same grenade script run
upgrade-tempest install the master tempest (when new devstack branches are in
the 'supported' phase and use the master tempest means) and are supposed to use
the master constraints. But the TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE env
var set by old tempest is used by the tempest and due to a mismatch in constraints
it fails.
This happened when we tried to pin the stable/wallaby with Tempest 29.0.0
- https://review.opendev.org/c/openstack/devstack/+/871782
and table/xena grenade job failed (stable/xena use master tempest and supposed
to use master constraints)
- https://zuul.opendev.org/t/openstack/build/fb7b2a8b562c42bab4c741819f5e9732/log/controller/logs/grenade.sh_log.txt#16641
We should set/reset those constraint env var to master constraints if configuration
tell devstack to use the master constraints.
[1] https://github.com/openstack/devstack/blob/71c3c40c269a50303247855319d1d3a5d30f6773/lib/tempest#L124
Closes-Bug: #2003993
Change-Id: I5e938139b47f443a4c358415d0d4dcf6549cd085
(cherry picked from commit 7fe998109b)
Just like we remove db files let's also remove
socket files when initializing ovn. Those will
reappear once service fully restarts along with
db files. Without it we see random issue as
described in the below bug.
Closes-Bug: #2002629
Change-Id: I726a9cac9c805d017273aa79e844724f0d00cdf0
(cherry picked from commit 7fecba2f13)
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.
----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------
We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.
This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/867067
Related-Bug: #1999183
[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.
Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
(cherry picked from commit ba54baa425)
These jobs are not intended to run on stable branches; remove them
to avoid issues with updating the nodeset on the master branch:
- devstack-platform-fedora-latest
- devstack-platform-fedora-latest-virt-preview
Change-Id: I4044c20765ad96fb5304d145b2c18be9736de7f3
As added in notes for INSTALL_TEMPEST variable, we need to set
this to False for a stable branch so that devstack does not
install Tempest system wide.
Change-Id: I8a79feedb676514dfe9c3125c9d8e66417547d52
This commit caps the network, volume and swift extensions on
Tempest's config option api_extensions.
Change-Id: I33d17c81a40861284087de337bc33b3d9e60f076
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.
Until the requirements repository has as stable/zed branch, tests will
continue to use the upper-constraints list on master.
Change-Id: I7089a04cff68145388f12dab18c6cdd1a5a96336
This patch changes user who runs ovsdb-server and ovn-nortd services
to root.
It also adds installation of the libssl dev package before compilation
of the openvswitch if TLS service is enabled.
Co-Authored-By: Fernando Royo <froyo@redhat.com>
Closes-Bug: #1987832
Change-Id: I83fc9250ae5b7c1686938a0dd25d66b40fc6c6aa
In case of online mode, there is a procedure to recreate tempest venv.
For consistency of tempest venv during the entire stack.sh process,
add logic to consider the TEMPEST_VENV_UPPER_CONSTRAINTS option here.
Closes-bug: #1980483
Signed-off-by: June Yi <june.yi@samsung.com>
Change-Id: I0cea282152fd363af8671cab1b5f733ebe2bd4df
neutron-ns-metadata-proxy was dropped from Neutron 5 years ago, no need
to keep trying to kill it.
Change-Id: I20b6d68dd8dde36057a2418bca0841bdea377b07
When barbican is enabled, add the "creator" role to cinder's service
user so that cinder can create secrets. Cinder needs to create
barbican secrets when migrating encryption keys from the legacy
ConfKeyManager to barbican. Cinder also needs to create barbican
secrets in order to support transferring encrypted volumes.
Implements: bp/transfer-encrypted-volume
Depends-On: I216f78e8a300ab3f79bbcbb38110adf2bbec2196
Change-Id: Ia3f414c4b9b0829f60841a6dd63c97a893fdde4d
In I90316208d1af42c1659d3bee386f95e38aaf2c56 support for nova-network
was removed, but some bits remained, fix this up.
Change-Id: Iba7e1785fd0bdf0a6e94e5e03438fc7634621e49
Openstack client can return the id field for create/show commands using
`-f value -c id`. Cleaned up the use of grep 'id' with get_field
Change-Id: I2f4338f30c11e5139cda51c92524782b86f0aacc
Right now we don't officialy support LinuxMint as our
documentation says [1], it seems LinuxMint is a relict
and got forgotten over time.
This patch removes LinuxMint from the code in order not to
confuse users.
[1] https://docs.openstack.org/devstack/latest/
Closes-Bug: #1983427
Change-Id: Ie1ced25f89389494b28a7b2e9bb1c4273e002dd5
Attempting to set a value containing the ampersand
character (&) by iniset would corrupt the value.
So, add an escaping process.
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Closes-Bug: #1983816
Change-Id: Ie2633bacd2d761d110e6cb12f95382325c329415
Writing NOPASSWD directive into /etc/sudoers was throwing
permission denied errors. This commit writes the directive
to the /etc/sudoers.d/stack file instead.
Closes-Bug: #1981541
Change-Id: If30f01aa5f3a33dda79ff4a6892116511c8e1542
Recently the experimental mechanism has been added to Neutron and now
it requires the [experimental] linuxbridge option when the linuxbridge
mechanism driver is used.
Depends-on: https://review.opendev.org/c/openstack/neutron/+/845181
Change-Id: Ice82a391cda9eb0193f23e6794be7ab3df12c40b
We see some cases where OVN startup takes much longer than 5 seconds, up
to 28 seconds have been observed, so increase the limit to 40 to be on
the safe side.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1980421
Change-Id: I6da4a537e6a8d527ff71a821f07164fc7d342882
Because of the missing "$" before ENFORCE_SCOPE in the lib/neutron
module, it was treated as an ENFORCE_SCOPE string instead of variable
and Neutron was deployed always with old defaults and disabled scope
enforcement.
Change-Id: Ibe67fea634c5f7abb521c0369ff30dd5db84db8c
Some of the API services are not properly mounted under /$service/
in the apache proxy. This patch tries to avoid recording data
for "services" like "v2.0" (in the case of neutron) by only adding
names if they're all letters. A single warning is emitted for any
services excluded by this check.
For the moment this will mean we don't collect data for those services,
but when their devstack API config is fixed, they'll start to show
up.
Change-Id: I41cc300e89a4f97a008a8ba97c91f0980f9b9c3f
Currently Devstack uses short hostname for configuration of OVN.
This leads to inability to start instances (failing port binding)
on hosts with full hostnames (including dots). Open vSwitch expects
hostname in external_ids that corresponds to one returned by
``hostname`` command.
Closes-Bug: #1943631
Change-Id: I15b71a49c482be0c8f15ad834e29ea1b33307c86
Due to the below bug the job has been constantly failing.
Let's make it n-v until the bug is resolved:
- https://bugs.launchpad.net/neutron/+bug/1979047
Change-Id: Ifc8cc96843a8eac5c98cd1e1f9e4b6287a7f2e7c
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.
The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.
The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory. As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB. If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.
This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.
Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
We are seeing failures when using an updated setuptools version
installed together with distro pip on Ubuntu 22.04. Install the version
from u-c only when we are also installing pip from upstream.
Change-Id: Ibb6e9424e5794ccbf9a937d2eecfa3bf60ed312e
Currently, neutron tunnel endpoints must be IPv4 addresses,
i.e. $HOST_IP, although IPv6 endpoints are supported by most
drivers.
Create a TUNNEL_IP_VERSION variable to choose which host IP
to use, either HOST_IP or HOST_IPV6, and configure it in the
OVS and Linuxbridge agent driver files. The default is still
IPv4, but it can be over-ridden by specifying TUNNEL_ENDPOINT_IP
accordingly.
This behaves similar to the SERVICE_IP_VERSION option, which
can either be set to 4 or 6, but not 4+6 - the tunnel overhead
should be consistent on all systems in order not to have MTU
issues.
Must set the ML2 overlay_ip_version config option to match
else agent tunnel sync RPC will not work.
Must set the OVN external_ids:ovn-encap-ip config option to
the correct address.
Updated 'devstack-ipv6-only' job definition and verification role
that will set all services and tunnels to use IPv6 addresses.
Closes-bug: #1619476
Change-Id: I6034278dfc17b55d7863bc4db541bbdaa983a686
When cephadm is used, if ENABLE_CEPH_C_BAK is True both pool and
key are created by devstack-plugin-ceph. This piece of code can
still stay here to make sure the cinder config is properly built.
Change-Id: I799521f008123b8e42b2021c1c11d374b834bec3
Some of the hardest-to-debug issues are qemu crashes deep in a nova
workflow that can't be reproduced locally. This adds a post task to
the playbook so that we capture the most recent qemu core dump, if
there is one.
Change-Id: I48a2ea883325ca920b7e7909edad53a9832fb319
Swift removed sha1 from supported digests with [1] and
that broked ironic tinyipa job. Temorary add sha1 to
allowed_digests until it's fixed in ironic.
[1] https://review.opendev.org/c/openstack/swift/+/525771
Story: 2010068
Task: 45539
Change-Id: I68dfc472ce901058b6a7d691c98ed1641d431e54
Grenade jobs stop services, check fip connectivity
for a nova server and then upgrade to next release.
But since ovn data plane and db services are stopped along
with other services, fip connectivity fails as a result.
We shouldn't stop these services along with other
neutron services. This patch adds a new variable
"SKIP_STOP_OVN" which can be used by grenade jobs
to skip stop of ovn services.
This will also fix the ovn grenade jobs.
Also source fixup_stuff.sh so function fixup_ovn_centos
is available. It's already sourced in stack.sh but
that's not used in grenade run.
Change-Id: I94818a19f19973779cb2e11753d2881d54dfa3bc
Packages for OVN are now available in bullseye, so we can drop the
special handling.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5e5c78aa19c5208c207ddcf14e208bae8fbc3c55
RHEL based distros set homedir permissions to 700,
and Ubuntu 21.04+ to 750[1], i.e missing executable
permission for group or others, this results into failures
as defined in the below bug.
Since in doc we add useradd command, it's good to
add instructions to fix the permissions there itself
instead of getting failures during installation and then
fixing it.
Also update user create script to fix permissions
by adding executable bit to DEST directory if missing.
[1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533
Closes-Bug: #1966858
Change-Id: Id2787886433281238eb95ee11a75eddeef514293
This can happen if devstack fails to run, but we still run the post
tasks. Also could happen if some sort of hybrid job configuration
does not run all of devstack but we still end up running post jobs.
Just warn to stderr and assume no DB info.
Change-Id: I211a331ab668dbb0ad7882908cca4363f865d924
The previous change, I237f5663b0f8b060f6df130de04e17e2b1695f8a, removed
a SETUPTOOLS flag, but not the comment explaining why that flag was
previously set. Clean up that comment.
Change-Id: I32b0240fd56310d7f10596aaa8ef432679bfd66a
There are two problems with dbcounter installation on Jammy. The first
is straightforward. We have to use `py_modules` instead of `modules` to
specify the source file. I don't know how this works on other distros
but the docs [0] seem to clearly indicate py_modules does this.
The second issue is quite an issue and requires story time. When
pip/setuptools insteall editable installs (as is done for many of the
openstack projects) it creates an easy-install.pth file that tells the
python interpreter to add the source dirs of those repos to the python
path. Normally these paths are appended to your sys.path. Pip's isolated
build env relies on the assumption that these paths are appeneded to the
path when it santizes sys.path to create the isolated environemnt.
However, when SETUPTOOLS_SYS_PATH_TECHNIQUE is set to rewrite the paths
are not appended and are inserted in the middle. This breaks pip's
isolated build env which broke dbcounter installations. We fix this by
not setting SETUPTOOLS_SYS_PATH_TECHNIQUE to rewrite. Upstream indicates
the reason we set this half a decade ago has since been fixed properly.
The reason Jammy and nothing else breaks is that python3.10 is the first
python version to use pip's isolated build envs by default.
I've locally fiddled with a patch to pip [1] to try and fix this
behavior even when rewrite is set. I don't plan to push this upstream
but it helps to illustrate where the problem lies. If someone else would
like to upstream this feel free.
Finally this change makes the jammy platform job voting again and adds
it to the gate to ensure we don't regress again.
[0] https://docs.python.org/3/distutils/sourcedist.html#specifying-the-files-to-distribute
[1] https://paste.opendev.org/show/bqVAuhgMtVtfYupZK5J6/
Change-Id: I237f5663b0f8b060f6df130de04e17e2b1695f8a
The job is broken since it is running with python3.7 and most services
now require at least python3.8.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie21f71acffabd78c79e2b141951ccf30a5c06445
We missed to add the jobs to the gate queue and so they have already
regressed before they were actually in place. Make them non-voting for
now until the issues are fixed.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5d1f83dfe23747096163076dcf80750585c0260e
Glance image import is asynchronous and may be configured to do image
conversion. If image import is being used, it's possible that the
tempest configuration code is executed before the import has
completed and there may be no active images yet. In that case,
we will poll glance every TEMPEST_GLANCE_IMPORT_POLL_INTERVAL seconds
(default: 1) to see if there are TEMPEST_GLANCE_IMAGE_COUNT active
images (default: 1) up to TEMPEST_GLANCE_IMPORT_POLL_LIMIT times
(default: 12).
You can see an example of the issue this patch addresses in real
life:
https://review.opendev.org/c/openstack/glance/+/841278/1#message-456096e48b28e5b866deb8bf53e9258ee08219a0
Change-Id: Ie99f12691d9062611a8930accfa14d9540970cc5
Without it segment plugin fails to connect with
placement api. Configure the placement section
if service is deployed.
Closes-Bug: #1973783
Change-Id: Ie7f37770a04f622735cf2263c601257669ab5064
Two runs of the same job on the same patch can yield quite different
numbers for API calls if we just count the raw calls. Many of these
are tempest polling for resources, which on a slow worker can require
many more calls than a fast one.
Tempest seems to not change its User-Agent string, but the client
libraries do. So, if we ignore the regular "python-urllib" agent
calls, we get a much more stable count of service-to-service API
calls in the performance report.
Note that we were also logging in a different (less-rich) format for
the tls-proxy.log file, which hampers our ability to parse that
data in the same format. This switches it to "combined" which is used
by the access.log and contains more useful information, like the
user-agent, among other things.
Change-Id: I8889c2e53f85c41150e1245dcbe2a79bac702aad
The mysql performance_schema method for counting per-database queries
is very heavyweight in that it requires full logging (in a table) of
every query. We do hundreds of thousands in the course of a tempest
run, which ends up creating its own performance problem.
This changes the approach we take, which is to bundle a very tiny
sqlalchemy plugin module which counts just what we care about in
a special database.
It is more complex than just enabling the features in mysql, but it
is a massively smaller runtime overhead. It also provides us the
opportunity to easily zero the counters just before a tempest run.
Change-Id: I361bc30bb970cdaf18b966951f217862d302f0b9
The new Ubuntu LTS release has been made last week, start running
devstack on it as a platform job.
Horizon has issues with py310, so gets disabled for now.
Run variants with OVS and OVN(default).
Co-Authored-By: yatinkarel <ykarel@redhat.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I47696273d6b009f754335b44ef3356b4f5115cd8
When OVN is setup from distro packages, the
main service is ovn-central which when restarted,
restarts ovn-northd, ovn nb and db services.
And during the restart ovn dbs(ovnnb_db.db and ovnsb_db.db)
are created, which may sometime takes time as seen with
ubuntu jammy tests[1].
We already checking for socket's file to be available,
let's also check for db files as without it ovn-*ctl
operations succeed but changes are not persisted until
db files are available and changes are lost with the restart.
[1] https://review.opendev.org/c/openstack/devstack/+/839389
Change-Id: I178da7af8cba8bcc8a67174e439df7c0f2c7d4d5
Would be helpful in troubleshooting services
which either fails to start or takes time to
start.
Related-Bug: #1970679
Change-Id: Iba2fce5f8b1cd00708f092e6eb5a1fbd96e97da0
In order to run on systems where not all requirements are present,
we should be tolerant of missing external dependencies, such as
psutil and pymysql. Print a warning (to stderr) and just leave out
those stats in that case.
Also make running the stats collector use ignore_errors:yes to avoid
failures in the future. I think the stats is not critical enough to
fail a job for bugs like this.
Related-Bug: #1970195
Change-Id: I132b0e1f5033c4f109a8b8cc776c0877574c4a49
In some cases the value is [not set], in this case
the conversion to integer does not work.
Closes-Bug: #1970431
Change-Id: I74df7d8bc9f5cbe0709a6471cf7639caea0b58e8
A long time ago, Ironic's IPv6 only job started to fail working with
errors indicated the host was unreacable. Turns out, this was because
the $ext_gw_interface was not being set to up, and thus could
be found in a Down state, and thus the kernel would not accept routes
for it.
Adds an explicit step to turn up the public bridge, much as done in
the IPv4 router plugin code which would also be executed in 4+6.
That being said, Ironic's CI jobs are very intentionally IPv6 only
to ensure that we have no chances of v4 addressing getting used
at any point in time.
This should allow Ironic to return it's IPv6 only CI job back
to the normal check queue, once a ironic plugin issue has been
resolved which was introduced while it was removed.
Change-Id: I121ec8a2e9640b21a7126f2eeb23da36b4aa95bf
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.
Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
I941ef5ea90970a0901236afe81c551aaf24ac1d8 added a sed command that
should match and delete path values but used '/' as sed separator. This
leads to error in unstack.sh runs when the path also contains '/':
+./unstack.sh:main:188 sudo sed -i '/directory=/opt/stack/ d' /etc/gitconfig
sed: -e expression #1, char 13: unknown command: `o'
So this patch replace '/' separator with '+'.
Change-Id: I06811c0d9ee7ecddf84ef1c6dd6cff5129dbf4b1
This change adds mod_ssl to the default set of rpms installed
on rpm based distros.
this is required if the tls-proxy service is enabled
for multi node centos based jobs.
Change-Id: I52652de88352094c824da68e5baf7db4c17cb027
the value of LOGDAYS in samples/local.conf is 2, so change the
value in the comment and the sample value in the document to
be consistent with it.
Change-Id: I5822bbf1d6ad347c67c886be1e3325113d079114
This makes us gather a bunch of consistent statistics after we run
tempest that can be use to measure the impact of a given change. These
are stable metrics such as "number of DB queries made" and "how much
memory is each service using after a tempest run."
Note that this will always run after devstack to generate the JSON
file, but there are two things that control its completeness:
- MYSQL_GATHER_PERFORMANCE must be enabled to get per-db stats
- Unless tls-proxy is enabled, we will only get API stats for keystone
Change-Id: Ie3b1504256dc1c9c6b59634e86fa98494bcb07b1
This is necessary for more consistent behavior across multiple
distro versions. Apparently somewhere along the way, git started
looking at the current user's home directory instead of $HOME.
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
Change-Id: I941ef5ea90970a0901236afe81c551aaf24ac1d8
git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.
This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history. So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.
This plays havoc with our model. Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks. We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.
This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe. This is an
encroachment of the global system for sure, but is about the only
switch available at the moment. For discussion of other approaches,
see [2].
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636
Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
osc is typicaly installed in /usr/local/bin
to avoid command not found errors when invoking osc
in devstack ensure that /usr/local/bin is included
in the PATH.
Change-Id: I605fbc4b131149bf5d1b6307b360fe365c680b1a
OpenEuler job fails 100% of the time. As discussed in QA meeting,
we agreed to move OpenEuler job to experimental pipeline.
- https://meetings.opendev.org/meetings/qa/2022/qa.2022-03-22-15.00.log.html#l-76
Once it is fixed, we can think of adding back to regular pipeline.
Change-Id: I831889a09fabe5bed5522d17e352ec8009eac321
devstack isn't a python project, these were introduced only for docs
building and made redundant with [0]. We can remove them now.
[0] Iedcc008b170821aa74acefc02ec6a243a0dc307c
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I90ca1c6918c016d10c579fbae49d13fff1ed59af
After patch [1] project_id in that module is no longer needed as to make
it working with new secure RBAC policies we had to hardcode "demo"
project to be used always.
This is small follow-up patch with cleaning after [1].
[1] https://review.opendev.org/c/openstack/devstack/+/826851/
Change-Id: Iddf9692817c91807fc3269547910e4f83585f07f
There are a couple of places that still use a hardcoded
127.0.0.1 value, even if devstack is run with
SERVICE_IP_VERSION=6 in local.conf. While things still
work, SERVICE_LOCAL_HOST should be used instead since
everything else could be using IPv6.
Change-Id: I2dd9247a4ac19f565d4d5ecb2e1490501fda8bca
Newer versions of openssl (CentOS9Stream for example) do not like using sha1.
Devstack will fail on these systems[1] with the following error:
801B93DCE77F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:333:
This patch updates the tls-proxy code in devstack to use sha256 instead of sha1 which allows devstack to complete when tls-proxy is enabled.
[1] https://zuul.opendev.org/t/openstack/build/1d90b22a39c74e24a8390861b3c5f957/log/job-output.txt#5535
Closes-Bug: #1962600
Change-Id: I71e1371affe32f070167037b0109a489d196bd31
If the ci images do not have any cached data
we should ignore any error when trying to copying it.
This is requried when using unmodified cloud images.
Change-Id: Ia6e94fc01343d0c292b1477905f8a96a6b43bcf8
This is a followup for change Ifdef3510bc7da3098a71739814e35dbaf612ae34
which added configuration of unified limits for nova. This removes an
unnecessary wrapper unsetting of OS_ env variables, unnecessary quoting
on an iniset config value, and a hardcoding of user domain. The glance
code from which the nova code was originally copied is also cleaned up.
Change-Id: I4921af5cc0f624dd5aa848533f7049ee816be593
Previously, Swift's backing disk were not be mounted after reboots,
causing swift-proxy-server service to fail with cryptic error
messages such as 'proxy-server: ERROR Insufficient Storage'. Now,
we use Dan Smith' create_disk function from functions to create
the backing disk for us and add it to /etc/fstab.
Change-Id: I9cbccc87bc94a55b58e9badf3fdb127d6f1cf599
The rsync debian package is required for swift service. This
requirement has been covered by rpms but not for deb packages.
Change-Id: Iefd1302be9c7fd80e037bbae3638602d6d823580
This change use uname -m to get the portable host arch and uses that
as a new default. on x86_64 hosts this should result in no visable change
in behavior however on a non x86 host it will cause devstack to attempt
to download a cirros image that matches the host.
Change-Id: I6d1495a23400ef4cf496302028324fa5794dd45f
This patch fixes several issues related to the installation with
OVN backend with the OVS/OVN compilation enabled.
The OVS/OVN local directories prefix, when both services are compiled,
is now "/usr/local".
The "ovn_agent._run_process" function is calling "ovs-appctl" to
configure the logging settings of several services. Instead of
using the service name, the ctl socket file is used instead. That
is more robust and does not fail in systems with previous
installations.
Closes-Bug: #1960514
Change-Id: I69de5333393957593db6e05495f0c3c758efefdf
Previously, loop devices for LVM volume groups backing files were not
created after reboots, causing e.g. Cinder to fail with messages such
as
ERROR cinder.service [-] Manager for service cinder-volume
devstack@lvmdriver-1 is reporting problems, not sending
heartbeat. Service will appear "down".
Now, we use systemd services to manage loop devices for backing files.
Change-Id: I27ec027834966e44aa9a99999358f5b4debc43e0
This change reverts the execute permissions from
stackrc which is not meant to be run as a script but sourced
as part of stack.sh
Change-Id: I9a05051e5a297cfaf78d097fa5f90a7c5fd254a6
Since pip v22, python3.6 is not supported (the minimum version is
python3.7). This patch adds the reference for the pip3.6 URL to be
used instead of the default one.
Closes-Bug: #1959600
Change-Id: Iab2c391d5388461fe9e9037cee81884ce8032e72
This enables the configuration of nova to use unified limits in
keystone and enforcement in oslo.limit.
Related to blueprint unified-limits-nova
Depends-On: https://review.opendev.org/c/openstack/nova/+/715271
Change-Id: Ifdef3510bc7da3098a71739814e35dbaf612ae34
This reverts commit be7b5bf671.
As related bug is fixed, lets enabled scope enforcement in Neutron
again.
Related-bug: #1959196
Change-Id: I72db7ef533e78a10734d105e6a0debef288e41a1
After patch [1] new RBAC policies changed in the way that SYSTEM_ADMIN
user isn't anymore allowed to e.g. create resources in behalf of some
projects. Now PROJECT_ADMIN needs to create such resources instead.
So this patch basically reverts most of the changes which were done
in [2] some time ago.
It also introduces new entry in the clouds.yaml file -
"devstack-admin-demo" which is "admin" user in the "demo" project as
it's needed to create some resouces in the demo project now.
Additionally, because of bug [3] this patch changes way how IPv6
external gateway IP is found using Neutron API. This change may be
reverted in the future when bug [3] will be fixed.
[1] https://review.opendev.org/c/openstack/neutron/+/821208
[2] https://review.opendev.org/c/openstack/devstack/+/797450
[3] https://bugs.launchpad.net/neutron/+bug/1959332
Depends-On: https://review.opendev.org/c/openstack/neutron/+/826828
Closes-Bug: #1959196
Change-Id: I32a6e8b9b59269a8699644b563657363425f7174
After patch [1] was merged in Neutron, enforcing scopes there
is broken.
So lets disable it temporary to unblock Devstack's gate for now.
[1] https://review.opendev.org/c/openstack/neutron/+/821208
Related-Bug: #1959196
Change-Id: I24da6f3897a638749d16f738329a873a5f9a291d
This reverts commit 26bd94b45e.
Reason for revert: Devstack keystone creation/setup are moved to
scope tokens, so we can reintroduce the scope check enable.
Change-Id: I6e1c261196dbcaf632748fb6f04e0867648b76c7
This is needed so we can set keystone into enforcing secure RBAC.
This also adjusts lib/glance, which already partially used
devstack-system-admin.
Change-Id: I6df8ad23a3077a8420340167a748ae23ad094962
Running get-pip.py fails on Ubuntu when running twice, e.g. after a
unstack/stack cycle. Just use distro pip instead.
Closes-Bug: #1957048
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I87a8d53ed8860dd017a6c826dee6b6f4baef3c96
The default Neutron configuration is now using OVN, but the multinode
lab was using an incompatible configuration:
The q-agt/neutron-agt service must be disabled with OVN.
Change-Id: I518a739a3daac941880463cde6b47951331d0911
Recent iputils release in CentOS 8-stream causing
ping failures with non root user. This needs a fix
in systemd package as mentioned in the Related Bugs,
until it's fixed and is in 8-stream mirrors let's
workaround it by setting net.ipv4.ping_group_range
setting manually.
Related-Bug: #1957941
Related-Bug: rhbz#2037807
Change-Id: I0d8dac910647968b625020c2a94e626ba5255058
This patch allows to skip the installation
of the database backend packages (MySQL or Postgres)
with the introduction of the INSTALL_DATABASE_SERVER_PACKAGES
variable (defaulted to True).
This is useful in such environments that do not require
to install the MySQL/Postgres server packages directly but using
a container serving that purpose, for those cases all the
remaining steps should be executed just skipping the
packages install.
Change-Id: I26628a31fdda3ce95ed04a2b7ae7b132c288581f
We always need the master branch of requirements in order to be able to
install tempest with it, so override GIT_DEPTH when cloning that repo.
Closes-Bug: 1956616
Change-Id: Id0b409bfadd73f2c30314724178d6e199121050b
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
For some reason, setting the CHAPAlgorithms as in c3b705138
breaks OpenEuler. Making this conditional so that tests continue
to pass.
Change-Id: Iaa740ecfbb9173dd97e90485bad88225caedb523
There was no space after the --project option in the command that
creates the public subnet, thus if any option follows, the option itself
will be parsed as part of the value passed to the --project option. This
change just adds the missing space.
Change-Id: I1e7375578342a82717222e902fcd65a4a62e33a7
When deploying devstack in a stable branch, the master branch is
available locally only in a CI environment where Zuul prepares all
available branches. For a non-CI deployment we need to stick to using
the remote branch as was the case before [0].
While the situation on the master branch isn't really broken, we apply
the fix here anyway so that future stable branches are created in a
working state.
[0] I5d42ac6b54bf20804d7e5faa39d1289102318b64
Closes-Bug: #1956219
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib7719cb2d48b34db70f885e0afe77d904abba3b5
mysqladmin is incorrectly installed in Fedora 34 with mariadb. This
causes the failure of Zuul Fedora based jobs. The issue is a conflict
between mariadb and community mysql that is described in [1] and [2].
The workaround is to explicitly install package "mariadb"
Also configure an increased swap size like for the other platform jobs
in order to avoid OOM issues.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2026933
[2] https://lists.launchpad.net/maria-discuss/msg06179.html
Closes-Bug: #1956116
Change-Id: Icf6d7e1af5130689ea10b29d37cc9b188b2c9754
We still are seeing regular job failures because the pcp package fails
to install. Assume that we can still enable it on demand when someone
needs to debug specific job issues, let us just disable it by default.
Related-Bug: 1943184
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I32ef8038e21c818623db9389588b3c6d3f98dcad
When we need to read a DATABASE_PASSWORD from the user, make sure we
actually use it in our database URLs.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5ebf6b0280e82f2c87a63cbee7a9957c6bd26898
That function was accepting 3 positional arguments and first
of them was boolean value "build_modules" which isn't used anywhere in
that function.
So this patch cleans it a bit by removing that not used parameter.
Change-Id: I5c57b9116338a63b7bfb170c02e33bb4eae725da
openEuler is an open-source Linux based operating system. The current
openEuler kernel is based on Linux and supports multi arch, such as X86_64
and aarch64. It fully unleashes the potential of computing chips. As an
efficient, stable, and secure open-source OS built by global open-source
contributors, openEuler applies to database, big data, cloud computing,
and AI scenarios. openEuler is using RPM for package management.
Note:
Currently there is no available package for uwsgi-plugin-python3 and ovn, so that
openEuler needs manually install them from source.
Website: https://www.openeuler.org/en/
Change-Id: I169a0017998054604a63ac6c177d0f43f8a32ba6
Co-Authored-By: wangxiyuan <wangxiyuan1007@gmail.com>
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
This patch adds new config option NEUTRON_ENFORCE_NEW_DEFAULTS which
if set to True will deploy Neutron with enforce new rbac defaults and
scopes.
It will also use SYSTEM_ADMIN user to interact with Neutron where it is
needed.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/798821
Change-Id: I14d934f0deced34d74003b92824cad3c44ec4f5e
The default CHAP algorithm for iscsid is md5, which is disallowed
under fips. We will set the chap algorithm to "SHA3-256,SHA256",
which should work under all configurations.
Change-Id: Ide186fb53b3f9826ff602cb7fb797f245a15033a
Function _neutron_ovs_base_install_agent_packages always tried to
install openvswitch from packages and start it using systemd units.
That was failing when ovs was expected to be installed from source.
This patch fixes that.
Change-Id: Iae8625dd800d30061ea3dbed9eb0dfbe16f21572
Previously this would always happen for Nova and Cinder even if n-api
and c-api were not enabled on the host respectively.
This change stops this by placing both calls write_uwsgi_config behind
is_service_enabled checks.
Change-Id: I997685da771736dbad79bcfe4b00dbc63bd6d6b6
Additionally make the repo name lowercase to match the project name in
our zuul config so that jobs can check the repo out.
Change-Id: Ic2d9c4fa837461bbc29e067a81912b5f72efd3ca
This patch includes changes required to run devstack on CentOS Stream 9
which has been already published in official repos by CentOS team [1]:
- Add RDO deps repository for CS9.
- remove xinetd package from installation for swift. Note that
rsync-daemon is installed which should work fine.
- Replace genisoimage by xorriso in CS9.
- Use /etc/os-release to identify the distro in CS9 as it doesn't
provide lsb_release command.
- Use pip from rpm package instead of from get-pip.py as done in Fedora.
- Add non-voting job devstack-platform-centos-9-stream to the check
pipeline.
Change-Id: Ic67cddabd5069211dc0611994b8b8360bcd61bef
Jobs with OVN_BUILD_FROMS_SOURCE=True are broken
since [1] as ovn nortd not starting due to permission
issues. Fix it by not using sudo for creating OVN_DATADIR
when building from source.
[1] https://review.opendev.org/c/openstack/devstack/+/806858
Closes-Bug: #1952393
Change-Id: I00f0c8c8173b4d8270fbb3e6079d0d8b332e9de5
Before, we needed to unset a couple of parameters that would make the
client return a project-scoped token instead of a system-scoped token,
which we need when interacting with registered limits in keystone.
This commit removes those unsets since we no longer source those
variables by default. This commit also cleans up some of the redundant
parameters in the registered limit calls, like region.
Change-Id: I1af8a168a29e895d57504d41e30efea271ea232d
When initializing OVN, clean up the correct database directory when
using OVN from packages (/var/lib/ovn/ instead of /opt/stack/data/ovn/).
The /opt/stack/data/ovn location is used only when building OVN from
sources, so a fresh devstack deployment with OVN packages may already
have hundreds of existing routers and ports, creating ARP collisions.
Closes-Bug: #1942201
Change-Id: Ic90d4f2f9d8aaef825ea3325c0ad8fef2a1c5e39
The admin_endpoint parameter has been removed from keystone[1], and
setting the parameter is no longer effective.
[1] 192cde56e57a06750641b319da8a72cdcaa554d0
Change-Id: I6ae6a3122668551acc018972624e914fcbb79a22
This user already has the admin role assignment on a project, which
implies the member role, making explicit calls to add the member role
redundant.
Change-Id: I398c5e2f098aeeb896de83872085cbce529a778a
OS_CLOUD is used to communiate to CLI tools what cloud
credentials to utilize.
The change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
unfortunately set an explicit OS_CLOUD account which breaks
any jobs which are expecting a previosuly set OS_CLOUD which
may be different to work. For example, OS_CLOUD being set
as devstack-system-admin to facilitate Secure RBAC testing.
Change-Id: Iee900e552584dda622f57eea3508df48dff2e071
Previously those functions were defined in the neutron's devstack plugin
but with [1] we moved qos related code into devstack and we missed about
moving them too.
This is follow up patch to fix that issue.
[1] https://review.opendev.org/c/openstack/devstack/+/815686
Change-Id: Icf459a2f8c6ae3c3cb29b16ba0b92766af41af30
We can use the devstack-admin cloud configuration everywhere now
and don't need to set environment variables with cloud credentials
any longer.
Fix the swift setup, where some more options need to be explicitly
specified now and the default OS_CLOUD setting overridden.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
QoS service is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: I48f65d530db53fe2c94cad57a8072e1158d738b0
This commit formalizes some additional users to act as different project
users and updates clouds.yaml file so they're easy to use.
It creates:
- a reader on the demo project
- a reader on the alt_demo project
- a member on the alt_demo project
With the adoption of secure RBAC personas, these are useful for using
OpenStack APIs as that work continues.
Change-Id: I3237a771275311377313b7d7d80ac059ac69d031
IDENTITY_API_VERSION is hardcoded to 3 in most locations already, drop
the remaining occurrences, but keep the variable definition since some
plugins still depend on it. Drop ENABLE_IDENTITY_V2 which no longer
has any effect.
Amend variable list for bootstrap_keystone().
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I06f476d2105bc6ec2b511fc5effcfcc3973eaf97
Keystone has supported system-scope since Queens and we already make
sure we create a cloud profile for system-admin in
/etc/openstack/clouds.yaml.
This commit ensures keystone creates a couple of new users to model
system-member and system-reader personas. Doing this by default in
devstack makes it easier for people to use.
We've already taken a similar approach in tempest by setting up the
various system personas for tempest clients to use.
Change-Id: Iceb7c5f517db20072e121dc7538abaa888423c67
Since Bullseye like Centos 8 Stream needs more memory due to changed
default settings in newer qemu versions, set the swap size to 4G, which
is the same setting already being used for the CS8 jobs successfully.
Change-Id: I83ea34d6aa647d2ab9d4d78ed354904fce836e68
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
If ERROR_ON_CLONE is set to True which is case for
all the devstack based job, devstack does not clone the
repo instead raise error. From current error message, it
is difficult to know that ERROR_ON_CLONE is True until we
traceback the code or check devstack-base job set ERROR_ON_CLONE
to True.
Current error message is like:
-------
+ functions-common:git_clone:560 : echo
'The /opt/stack/oslo.limit project was not found; if this is a gate job, add'
The /opt/stack/oslo.limit project was not found; if this is a gate job, add
+ functions-common:git_clone:561 : echo 'the project to the
$PROJECTS variable in the job definition.'
the project to the $PROJECTS variable in the job definition.
+ functions-common:git_clone:562 : die 562 'Cloning not
allowed in this configuration'
--------
Adding ERROR_ON_CLONE info in error message will help to
know the reason of devstack not cloning the repo.
Change-Id: I9e9852f046fefb299b4ef4446323e9c86437212f
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: Ib86071881f16de1b69c0f9b1b19b6df8b7e66a07
CentOS/RHEL 9 are being compiled for the x86_64-v2 architecture which is
newer than the qemu default of qemu64. This means that for devstack to
boot these instances we need a newer CPU model. Nehalem is apparently
the oldest model that works for x86_64-v2 and is expected to work on
Intel and AMD cpus with kvm or qemu. Switch devstack to this model by
default.
Note that we cannot use host-passthrough or host-model because we want
to support live migration between devstack deployed nova-compute
instances and even within the CI instances that we get the host CPUs can
differ.
Also, we should run this change against as many clouds as possible to
ensure that the newer model works across all of our clouds. There is
some fear that the virtual CPUs presented to us in some clouds may not
be able to run these newer CPU models.
Change-Id: Ibd6e11b59f3c8655bc60ace7383a08458b2177f2
With the depending patch, the endpoint will still be created for
heat tests, so we can turn it off for everyone else.
Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/777343
Change-Id: I0dc7d6cedd07e942b9f23b26a785b386aff41fbc
The keystone admin endpoint technically isn't different any longer from
the other keystone endpoints in v3 of the API. However, some
applications like heat are still relying on it to exist.
So we make the creation of the admin endpoint during bootstrap optional
here, with the intention to change the default to False once all jobs
that still need this are modified to explicitly require it.
Change-Id: I7ab12141c558186e397c174c248a613d1810011b
Keystone no longer has any special functionality hidden behind the admin
site. KEYSTONE_AUTH_URI which used to point to the admin site has long
ago been changed to be a copy of KEYSTONE_SERVICE_URI, which points to
the public site.
Drop all KEYSTONE_AUTH_* variables except KEYSTONE_AUTH_URI which may
still be in use in some plugins.
This also allows to finally drop the fixup_keystone() function.
Change-Id: I549f3cadc27d137e014241cdd47e90267859c848
The use of this function has been deprecated for a long time[0]. With
PyYAML==6.0 the call is now failing, so replace it with the safe
version.
[0] https://msg.pyyaml.org/load
Signed-off-by: Jens Harbott <frickler@offenerstapel.de>
Change-Id: I7a170262b50a5c80a516095b872d52e1bea5479d
When using glance limits, the create_glance_accounts call needs access
to the devstack-system-admin cloud definition, so we need to create
the clouds.yaml file before that step.
Change-Id: Ie6d807c46b88b16b316aa166870a6a13f2bb346d
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
It may be that it is already compiled in the kernel so there is no
need to load kernel module in such case.
Change-Id: Ie1d32e3fd529e13958857cb3ced6710eebde1e4d
The official Ubuntu cloud images have some further python pkgs
preinstalled that conflict with our requirements. Allow to
overwrite them.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1871485
Change-Id: I793c250cae5e7b9bc835b7016d790d1f9ae8a7f3
continue is not used in a proper context here (outside of loop). Use
null cmd instead to simply fall through the pip installation.
Signed-off-by: Michal Berger <michallinuxstuff@gmail.com>
Change-Id: Iaea2e5c0177b475edf19d08d71933a74debbb5d9
The current initiator name embedded in our CI images is not unique at
present and can often cause failures during live migrations with
attached volumes. This change ensures the name is unique by running
iscsi-iname again and overwriting the existing name.
We could potentially do this during the image build process itself but
given that devstack systems are not supposed to be multi-purpose this
should be safe to do during the devstack run.
Closes-Bug: #1945983
Change-Id: I9ed26a17858df96c04be9ae52bf2e33e023869a5
Some adaption in database handling is all that is missing. Also add a
platform job that tests this.
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I6dd3e48444dd415d84df5e7f5c74540847cdd6db
oslo.limit isn't currently in the list of libraries that can be
installed from a git repo via LIBS_FROM_GIT.
This adds oslo.limit to enable integrated testing against unmerged
oslo.limit changes.
Change-Id: I26cc567fdf4c84014040ae586bbb029b8de7a236
I83d56c9363d481bb6d5921f5e1f9b024f136044b switched the default of
DEVSTACK_PARALLEL over to True so this dedicated job is no longer
required as *all* jobs should now be using it.
Change-Id: I0f475ab177c2cd49eeb6be861cdd11581e8e0b97
In devstack job, cinder is not a valid service name and logs error
in gate[1] so remove it.
2021-09-28 05:44:47.791807 | controller | + functions-common:service_check:1603 : for service in ${ENABLED_SERVICES//,/ }
2021-09-28 05:44:47.795506 | controller | + functions-common:service_check:1605 : sudo systemctl is-enabled devstack@cinder.service
2021-09-28 05:44:47.809647 | controller | Failed to get unit file state for devstack@cinder.service: No such file or directory
[1] https://e978bdcfc0235dcd9417-6560bc3b6382c1d289b358872777ca09.ssl.cf1.rackcdn.com/801989/7/check/tempest-integrated-storage/779d1e7/job-output.txt
Change-Id: I7ca105201d82b72c7e56778425d3bce7c76047db
Attempting to use LIBS_FROM_GIT="ALL" results in a failure
due to a typo in stackrc for os-resource-classes repo.
Cloning into '/opt/stack/os-resource-classes'...
fatal: protocol ':-https' is not supported
<snip>
[ERROR] /opt/stack/devstack/functions-common:629 git call failed: [git clone :-https://opendev.org/openstack/os-resource-classes.git /opt/stack/os-resource-classes --branch master]
Remove the extraneous '='.
Change-Id: I21f86324dc15fe808b38e366f7af18c96fd3890c
It was required to build MySQL-python bindings but, for some time,
we test and rely solely on PyMySQL which is pure Python and hence
does not require this dep.
This package is going away as distros move towards MariaDB.
Change-Id: I6004ccf28a23009a0fc07bfc9458b59a927b969a
Neutron L3 module in Devstack has way to conigure access to physical
network on the node. It can put physical interface to the physical
bridge or, in case when such physical device isn't set, it creates
NAT rule in iptables.
There was missing the same operation for ML2/OVN backend as L3 agent is
not used there at all.
This patch adds the same to be done in both L3 agent and ovn_agent
modules.
Closes-Bug: #1939627
Change-Id: I9e558d1d5d3edbce9e7a025ba3c11267f1579820
This change fixes the empty value set to the gid option in rsyncd.conf,
which was caused by reference to the invalid USER_GROUP variable, and
ensures the option is set to the group which STACK_USER belongs to.
This also fixes duplicate declaration of the local user_group variable.
Closes-Bug: #1940742
Change-Id: Ifd0a5ef0bc5f3647f43b169df1f7176393971853
This change enables [workarounds]libvirt_disable_apic when devstack is
deployed using the libvirt virt driver and qemu virt type in an effort
to avoid issues outlined in bug #1939108 caused by the older kernel
currently used in Cirros 0.5.2.
Depends-On: https://review.opendev.org/c/openstack/nova/+/766043
Closes-Bug: #1939108
Change-Id: Ibb6c34133bb1c95ef11cc59d9b12a0f65502c61b
... when installed from distribution.
This is mostly to fix Ironic's gate as their ecosystem is too
broad and complex to quickly remove libvirt-python from all
possible requirements.txt
More details inline.
See also: https://review.opendev.org/c/openstack/devstack/+/798514
aka f0bf2bdff1
Change-Id: Ic44daf15e952bbe3c424984ffb2474261e68008f
ironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa
job is voting on Ironic and neutron gate which mean it is
stable enough and make sense to make it voting on devstack gate too.
ironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa is alias
job of ironic-tempest-bios-ipmi-direct-tinyipa so using the original
job instead of alias
- https://opendev.org/openstack/ironic/src/branch/master/zuul.d/ironic-jobs.yaml#L784
Change-Id: I95c67ad69e6eae6a72d25a851a71b7de85e56fd2
swift-dsvm-functional job test swift under python3 and
voting on swift gate whihc means this is a stable job now,
let's make this voting to devstack gate too.
Removing swift-dsvm-functional-py3 job as it does not exist anymore
after- https://review.opendev.org/c/openstack/swift/+/731318
swift-dsvm-functional itself is py3 job now.
Change-Id: I58847f74306194eaad132680815101a134fb4022
The MDB backend is the default in Ubuntu and specifying
HDB in debconf doesn't change it to HDB.
Closes-Bug: #1939700
Change-Id: If98f7fc8395678365fb73f0c5cd926cef083e470
Tempest is failing randomly with different reasons
as mentioned in the bug, updating swap size those
issues are not seen.
Before [1] default swap size used to be 8GB but was dropped
to 1G so need to configure it in required job itself.
Did couple of tests in [2] and with 4GB+ swap jobs are
running green. On investigation found that with qemu-5
both Ubuntu and CentOS jobs have memory crunch, currently
Ubuntu jobs are not impacted as they are running with
qemu-4.
[1] https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/750941
[2] https://review.opendev.org/c/openstack/devstack/+/803144
Closes-Bug: #1938914
Change-Id: I57910b5fde5ddf2bd37d93e06c1aff77c6e231e9
keystone has system scope feature implemented since
queens release. Now Devstack also started moving towards the new RBAC.
This commit adds a new job 'devstack-enforce-scope' which enable the
scope checks on service side and see if devstack setting are fine or not.
This job will be expanded to enable the scope checks for the other service
also once they start supporting the system scope.
This will help us to test the scope check setting.
Change-Id: Ie9cd9c7e7cd8fdf8c8930e59ae9d297f86eb9a95
The uninstall here has been around since
Ibb4b42119dc2e51577c77bbbbffb110863e5324d. At the time, there might
have been conflicts between packaged and installed pip. We don't need
it today; get-pip.py keeps itself separate enough in /usr/local on all
platforms. Thus we can also remove the suse/centos special-casing.
python3-pip is in the RPM list so we don't need to
re-install for Fedora.
Add a note on why we are over-installing pip.
Remove some old setuptools workarounds that are commented out.
Change-Id: Ie3cb81a8ff71cf4b81e23831c380f83b0381de71
* update the support distro filter
* don't install xinetd which doesn't exist in F34 any more. I think
there is probably a bit more to do with swift ring-server but that
can be a problem for another time.
* remove old F31 workaround
Change-Id:If2f74f146a166b9721540aaf3f1f9fce3030525c
This uses the python3-pip package for Fedora but maintains the status
quo for existing distributions (i.e. for Suse we run get-pip.py but
don't uninstall, and for everything else we uninstall python3-pip and
run get-pip.py to be running the latest pip).
As noted inline, installing get-pip.py over Fedora 34's package no
longer works, and likely won't ever work again. Unlike the LTS
distributions, the Fedora pip should be more up-to-date, so I think
it's best we just avoid any package overwrites.
Change-Id: I84129aadfcf585bb150a3daa39616246d3d84bbd
Earlier glance remote worker was using same cache directory used by
glance worker. Ideally both should use their own cache directory.
This patch makes provision for the same by setting different path
for image_cache_dir config option.
Change-Id: If2627e9c212fd765b96d925046c04e9cb1001c3d
This reverts commit 9dc2b88eb4.
Reason for revert: Devstack creation/setup the things are not yet moved to scope tokens so we need to wait for that first and then do the scope check enable globally.
Change-Id: If0368aca39c1325bf90abd23831118b89e746222
On some platforms, "python -m pip" isn't available. Currently this is
run undconditionally from the "get_versions" function; remove the call.
Change-Id: I91d6c66d055f02fa7b4368593b629933f82d8117
This reverts commit 7a3a7ce876 and
bcd0acf6c0 and part of
f1ed7c77c5 which all cap our pip
installs.
Given the pip ecosystem can often incorporate major changes, tracking
upstream at least generally gives us one problem at a time to solve
rather than trying to handle version jumps when LTS distros update.
The new dependency resolver included some changes that disallow
setting URL's like "file:///path/to/project#egg=project" in
constraints. Apparently the fact it used to work was an accident of
the requires/constraints mechanism; it does make some sense as the URL
doesn't really have a version-number that the resolver can put in an
ordering graph.
The _setup_package_with_constraints_edit function comment highlights
what this is trying to do
# Updates the constraints from REQUIREMENTS_DIR to reflect the
# future installed state of this package. This ensures when we
# install this package we get the from source version.
In other words; if constraints has "foo==1.2.3" and Zuul has checked
out "foo" for testing, we have to make sure pip doesn't choose version
1.2.3 from pypi.
It seems like removing the entry from upper-requirements.txt is the
important part; adding the URL path to the on-disk version was just
something that seemed to work at the time, but isn't really necessary.
We will install the package in question which will be the latest
version (from Zuul checkout) and without the package in
upper-requirements.txt nothing will try and downgrade it.
Therefore the solution proposed here is to remove the adding of the
URL parts.
This allows us to uncap pip and restore testing with the new
dependency resolver.
Closes-Bug: #1906322
Change-Id: Ib9ba52147199a9d6d0293182d5db50c4a567d677
Now, if no arguments are passed to make_cert.sh script, it will fail on:
tools/make_cert.sh: line 30: [: missing `]'
and might go on with generating certs depending on the bash settings.
It is fixed within this patch.
Change-Id: I62bf9c972ebd1644da622439e05114f245f20809
The default cinder quotas for volumes, backups, or snapshots may
be too low for highly concurrent testing, so make these configurable
in devstack.
Change-Id: Ie3cf3239b48f9905f5760ad0166eea954ecf5eed
rdo-release.el8.rpm rpm points to latest RDO release,
so use it for master, for stable releases use corresponding
release rpm.
Change-Id: I508eceb00d7501ffcfac73d7bc2272badb241494
The usage of sudo with su is not recommended. It results in incosnistent
environment variables. Instead use just sudo with appropriate arguments.
The argument '-u stack' specifies that the sudo will execute as user 'stack'.
The last argument '-i' will launch an interactive shell.
Closes-Bug: #1938148
Change-Id: I42387660480377cdf9a0b04f190e7e1f21fb354f
Starting Wallaby release, nova sanitizes instance hostnames having
freeform characters with dashes. It should be tested in Devstack.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/795699
Change-Id: I54794e58b67620c36e8f2966ec3b62dd24da745b
The glance image size limitation was added and unfortuantely
does prevent larger images from being uploaded to glance. In the
case of all baremetal testing, this value is realistically smaller
than stock "cloud" images which support booting to baremetal with
often requisite firmware blobs, which forces some images over 1GB
in size.
Adds GLANCE_LIMIT_IMAGE_SIZE_TOTAL which allows users who need
larger images to be able to override the default while still
enabling limits enforcement in their deployment. The default
value is 1000.
Change-Id: Id425aa546f1a5973bae8be9c017782d18f0b4a47
As set out in bug #1933096 these bindings are dynamically built against
the version of libvirt present in the environment at build time.
As a result using a pre-built wheel can cause AttributeError's when the
bindings have previously been built elsewhere against an older version
of libvirt installed on the host. This is currently the case in CentOS 8
stream based CI jobs where we try to use 7.4.0 bindings that appear to
be built against libvirt <= 6.10 leading to bug #1933096.
This change seeks to avoid this by installing the bindings from packages
that will always be built against the correct corresponding version of
libvirt.
Change-Id: I76184c17a776c4e1ecaab9549d9d36c8c07c60fa
Closes-Bug: #1933096
The tempest plugin expects the classic environment variables
to be present for credentials to access the cloud, but this is
wrong in cases where we're trying to setup system
scoped services and need to remove the environment variables
that was being used.
Instead, change the plugin to use the os-cloud entry definitions,
and specifically in this case devstack-admin which makes sense
until we begin to start to make tempest itself scope aware.
We likely will want to change the environment variables from being
registered in devstack at some point and completely shift towards
passing an-os-cloud parameter, but that is outside the scope of
this change as doing so will likely break all plugins.
Change-Id: I8d4ec68f116eea07bc7346f939e134fa2e655eac
In RHEL-based distributions, updating setuptools using pip removes the
files from the python3-setuptools RPM. It breaks some tools such as
semanage (which is used by diskimage-builder) that use the -s flag of
the python interpreter (don't import modules from /usr/local).
This commit reinstalls python3-setuptools to fix those applications.
Change-Id: Ib44857e83f75acf37823fae912960a801c83cf7f
Move the 'Starting Horizon' task after the end of the wait for
create_flavors.
The start_horizon function restarts the httpd server, the openstack
services are unavailable during a short period of time, so the
"openstack flavor create" calls might fail randomly.
Closes-Bug: #1932580
Change-Id: I32ee7457586e3de8ba4dfce3b1a12025f9776542
This change add an os-vif lib that declares two new variables
OS_VIF_OVS_OVSDB_INTERFACE and OS_VIF_OVS_ISOLATE_VIF
The former is introduced to workaround bug #1929446 which cause the nova
and neutron agents to periodically block waiting for ovs to respond.
OS_VIF_OVS_ISOLATE_VIF is added to address bug #1734320 when using
ml2/ovs vif isolation should always be used to prevent cross tenant
traffic during a live migration. This makes devstack more closely
mirror reality by enabling it when ml2/ovs is used and disabling it
otherwise.
Related-Bug: #1734320
Related-Bug: #1929446
Related-Bug: #1912310
Change-Id: I88254c6e22b52585506ee4907c1c03b8d4f2dac7
The Secure RBAC effort has updated Ironic such that it
can support a mode where it is scope enforcing for all
interactions with the API. Due to the design, and operating
nature of Ironic's API, services speaking with it must
authenticate with a system scope to have a full picture
of the universe.
In this case, we need to update the nova configuration
accordingly such that the compute service understands
how to talk to ironic so that it can see the nodes under
management.
Ironic will likely update this again at a later point in
time to enable a "hybrid" mixed-mode as the operating model
and related permissions *should* allow nova to use a project
scoped "owner" account with Ironic, in order to access
and command nodes to deploy. But at this time, we're
focusing on the exclusive operating mode.
Change-Id: I1946725ce08c495178c419eaf38829f921c91bbe
Needed-By: https://review.opendev.org/c/openstack/ironic/+/778957
OpenStackSDK has a feature branch "feature/r1" as a preparation for the
R1.0 release. Due to different branch naming functional tests with
devstack are not running. Add temporarily (for the duration of the
feature branch) pragma to the zuul.yaml to allow Zuul run functional
tests. It will be dropped once SDK gets next major release.
Previous attemp didn't work well for other projects, therefore
explicitly include master as well.
Change-Id: I3a5722873f395bc52cc55a0fd6bcea0ebe3b74fc
This table is no longer present on most installations, drop it
from the list to avoid error messages during log collection
that people mistake to be the real error why devstack is failing.
This may lose some debugging information in edge cases, but I
think the improvement of the general user experience is more
important.
Change-Id: Ibb9b247a018a788c8c4b40487762319fe470bf0f
Closes-Bug: 1885198
This fixes various reported and unreported issues with the new
behaviour.
Removes code repetition as well to pay off some technical debt.
Closes-Bug: #1930360
Change-Id: I726c532e96ca434520838ae8a35d5b88b6dd337b
from Tempest to DevStack as it tests DevStack side of things and
is useful for projects not using Tempest.
Verbatim copy except for the devstack- prefix and the /devstack/
path.
Change-Id: Ie166730843f874b9c99e37244e460d7ad33b7eeb
CentOS Stream 8 (aka CentOS 8 Stream) is the currently
supported runtime platform. [0]
Some background history:
The Manila team has asked QA to test centos-8-stream
in the common gate.
A bit later it turned out the point releases of CentOS 8 (aka
CentOS Linux 8) will stop happening entirely by the end of 2021.
[1]
Includes a workaround to the edk2-ovmf issue on CentOS Stream 8
x86_64.
[0] https://governance.openstack.org/tc/reference/runtimes/xena.html
[1] https://lists.centos.org/pipermail/centos-devel/2020-December/075451.html
Change-Id: Iee5a262af757f27f79ba1d6f790e949427dca190
This reverts commit 6843bc798c.
Reason for revert: not sure why but this end up disabling the integration job on check pipeline,
Change-Id: Icfaf8ea17b3ce2e405414c23f8075b18d297bf8b
example: latest recheck on PS12 check pipeline job for neutron - https://review.opendev.org/c/openstack/neutron/+/790060
OpenStackSDK has a feature branch "feature/r1" as a preparation for the
R1.0 release. Due to different branch naming functional tests with
devstack are not running. Add temporarily (for the duration of the
feature branch) pragma to the zuul.yaml to allow Zuul run functional
tests. It will be dropped once SDK gets next major release.
Change-Id: I671b589150fe731125e16316a994a5942219920b
Enable IPv6 private subnet routing in ML2/OVN, it uses the behavior that
already exists in ML2/OVS: add a route from the devstack node to the
CIDRs of the default IPv6 subnet pool. Any IPv6 subnet created using the
default subnet pool and plugged into the default router is reachable
from the host (ex: ipv6-private-subnet).
Change-Id: I02ca1d94e9f4d5ad4a06182f5ac9a2434941cf08
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: I6b8e791c06319fa5fa0935337520c36800b1abd6
This patch moves the OVS compilation module from Neutron into DevStack.
It also renamed it to "ovs_source" to highlight its function, and the
include has been moved to where the rest of the includes are located.
Although this module is not required since by default DevStack installs
OVS/OVN from the host OS packages instead of compiling from source,
this is a nice to have as it avoids having bits and pieces of the code
scattered around multiple repositories.
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: I39ec9ce0a91bea05cf8c446a9767ab879ac8e8f3
This patch makes the OVN_L3_CREATE_PUBLIC_NETWORK configuration True by
default. This option makes the OVN lib in DevStack create & configure
the external bridge, matching the same behavior from the OVS driver
in DevStack.
Change-Id: Icda53b95fdc3c169ac48a6ec4343c87ba404baa4
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
devstack unit test job does not set any nodeset
and so does use default nodeset defined in base jobs
in opendev. When opendev switches the default nodeset to
the latest distro version, devstack unit test job can start
failing. Example:
- https://review.opendev.org/q/I01408f2f2959b0788fe712ac268a526502226ee9
- https://review.opendev.org/q/Ib1ea47bc7384e1f579cb08c779a32151fccd6845
To avoid such a situation in future, let's set the working nodeset
for this job also so that when we cut the stable branch we can
run it on the working distro version.
Change-Id: I302140778fedf08bc8ba72c453837fa7b8f8f9ae
When Glance is configured with a cinder glance_store, Cinder can be
configured to allow cloning of image data directly in the backend
instead of transferring data through Glance. Expose these
configuration options in devstack to facilitate testing this feature.
Adds:
- CINDER_ALLOWED_DIRECT_URL_SCHEMES
- GLANCE_SHOW_DIRECT_URL
- GLANCE_SHOW_MULTIPLE_LOCATIONS
Change-Id: Iee619b443088fd77cf7b1a48563203bdf4a93a39
The dstat project is no longer maintained.
The pcp-dstat package installs a dstat command so no further updates to
the scripts should be needed.
Change-Id: Ied8c9d29bed4f887c364db7080a0f2a0c02328af
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This reverts commit 5c304d8176.
Reason for revert: There are more things to fix/move like done in 791085 and 791282 Also let's change all required default in devstack scripts instead of devstack's zuul job side. Basically do this change without any change in .zuul.yaml
Change-Id: Ie0f59d1b9a4b97ad9fd8131819054dfb616f31fd
Sphinx 4.0.0 added a new dependency [0] which is causing the job to fail
at the moment.
This patch fix the problem by adding UC to the docs jobs.
[0] https://www.sphinx-doc.org/en/master/changes.html (LaTeX: add
tex-gyre font dependency)
Change-Id: I28019331017405c06577ada88f8e9f6d9a2afc23
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
As part of the Victoria PTG the Neutron community [0] agreed on changing
the default backend driver from ML2/OVS to ML2/OVN in DevStack. A lot of
changes have been submitted towards this goal including but not limted
to:
* Moving the OVN module to DevStack:
https://review.opendev.org/c/openstack/devstack/+/734621
* Updating the OVN module to use distro packages instead of compiling
OVN from source: https://review.opendev.org/c/openstack/devstack/+/763402o
And now this patch is changing the the actual Q_AGENT,
Q_ML2_TENANT_NETWORK_TYPE and Q_ML2_PLUGIN_MECHANISM_DRIVERS values in
devstack to what is expected by OVN as well as updating the Zuul
templates to enable the OVN services.
[0] https://etherpad.opendev.org/p/neutron-victoria-ptg
Change-Id: I92054ce9d2ab7a42746ed5dececef583b0f8a833
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
The configure_neutron_nova function updates nova configs. While that is
still running we separately update nova configs in stack.sh. This can
result in unexpected configs (that don't work). Fix this by waiting for
configure_neutron_nova to complete its work before we do nova config
updates directly in stack.sh.
For specifics we say that:
[neutron]
project_domain_name = Default
was missing from both nova.conf and nova-cpu.conf and instances could
not be created because keystone complained about not finding domain in
project. The strong suspicion here is that on some systems
configure_neutron_nova would write out project_domain_name while the
stack.sh inisets were running resulting in stack.sh overwriting the
project_domain_name content.
One theory is that disabling swift makes this problem more likely as
there is swift work in the middle of the async period. This is supported
by the fact that our job that hits this problem does indeed disable
swift.
Change-Id: I0961d882d555a21233c6b4fbfc077cfe33b88499
Since victoria cycle, we have moved upstream testing to
Ubuntu Focal (20.04) and so does no Bionic distro in
Xena cycle testing runtime[1]. Grenade jobs also started
running on Focal since victoria was released.
Only thing left was legacy jobs which were not migrated to
Ubuntu Focal in Victoria and as per another community-wide
goal[2], all the lgeacy jobs were suppsoed to be migrated
to zuulv3 native jobs in victoria cycle itself. One of the
pending job was in nova (nova-grenade-multinode) which is also
migrated to zuulv3 native now
- https://review.opendev.org/c/openstack/nova/+/778885
If there is any job running on bionic, we strongly recommend
to migrate it to Ubuntu Focal.
[1] https://governance.openstack.org/tc/reference/runtimes/xena.html
[2] https://governance.openstack.org/tc/goals/selected/victoria/native-zuulv3-jobs.html
Change-Id: I39e38e4a6c2e52dd3822c9fdea354258359a9f53
If a pid disappears on us while we're reading, we should just continue
on.
EnvironmentError is just an alias for OSError since Python 3.3, so use
the latter name. [0]
[0] https://docs.python.org/3/library/exceptions.html#OSError
Change-Id: I3a25cca328e1469f72c84a118a9691c1c0258bc4
Closes-Bug: #1926434
If5c860d1e69aaef9a9236303c370479a7714ad43 attempted to move this default
to lioadm while pinning certain Bionic based jobs to tgtadm.
Unfortunately it missed the legacy dsvm based jobs within various
projects that do not inherit from the devstack-platform-bionic base job
and that are also not covered by devstack's gate.
This change simply forces CINDER_ISCSI_HELPER to tgtadm on Bionic based
hosts to ensure it is always used.
Closes-Bug: #1926411
Change-Id: Ib4b38b45f25575c92fb09b8e97fa1b24af0cc06a
As outlined in bug #1917750 the use of tgtadm in multinode environments
with multiple c-vol services can cause volumes to use duplicate WWNs.
This has been shown to cause some encrypted volume test failures as
os-brick returns a /dev/disk/by-id path to n-cpu that can point to the
wrong underlying volume when multiple volumes with the same WWN are
connected to a host.
There is also some speculation that the duplicate WWNs are also causing
libvirt to fail to detach volumes from instances but as yet this has not
been proven.
This change aims to avoid all of the above by switching the default of
CINDER_ISCSI_HELPER to lioadm for all deployments instead of just EL and
SUSE based deployments.
The Bionic platform job however is pinned to tgtadm as there issues
installing python3-rtslib-fb.
Closes-Bug: #1917750
Change-Id: If5c860d1e69aaef9a9236303c370479a7714ad43
This dumps some data in the case where we fail to wait for a child
pid to help debug what is going on. This also cleans up a few review
comments from the actual fix.
Change-Id: I7b58ce0cf2b41bdffa448973edb4c992fe5f730c
Related-Bug: #1923728
Apparently bash (via POSIX) only guarantees a small (32ish) number of
children can be started and their statuses retrieved at any given
point. On larger jobs with lots of plugins and additional work, we
may go over that limit, especially for long-lived children, such
as the install_tempest task.
This works around that issue by creating a fifo for each child at
spawn time. When the child is complete, it will block on a read
against that fifo (and thus not exit). When the parent goes to wait
on the child, it first writes to that fifo, unblocking the child so
that it can exit near the time we go to wait.
Closes-Bug: #1923728
Change-Id: Id755bdb1e7f1664ec08742d034c174e87a3d2902
Due to issue on stckviz side, job start
failing with POST_FAILURE. If we fix the
issue still we need to wait for periodic job
periodic-package-stackviz-element to publish
the latest tarball on https://tarballs.openstack.org/stackviz/dist/.
Let's not fail the job for any issue occur during
stackviz processing.
Closes-Bug: 1863161
Change-Id: Ifee04f28ecee52e74803f1623aba5cfe5ee5ec90
Ceph adds the osd pool default size option on ceph.conf via [1];
this means we don't need to specify the size of this pool if
the same value (same variable) is used (CEPH_REPLICAS).
This change is an attempt of removing the size setting, relying
on the implicit declaration of the value provided by ceph.conf.
[1] https://github.com/openstack/devstack-plugin-ceph/blob/master/devstack/lib/ceph#L425
Change-Id: I5fa2105ceb3b97a4e38926d76c1e4028f1108d4a
As reported in bug #1920136 the tempest-integrated-compute job has
started to see insufficient free virtual space errors being reported by
c-sch and c-vol when creating volumes. This change simply increases the
default size of the underlying LVM PV used to host these volumes within
the default LVM/iSCSI c-vol backend deployed by devstack.
Change-Id: I965d4a485215ac482403f1e83609452550dfd860
Closes-Bug: #1920136
This patch adds a new environment variable, CINDER_BACKUP_DRIVER for
configuring cinder backup driver used when c-bak service is enabled.
This gets cinder backup driver configurable with a similar pattern to
cinder backends. Although the current configurable backup drivers don't
need cleanup functions, the interface for cleanup is prepared for the
future.
The following backup drivers can be configured:
swift:
This is the default backup driver.
ceph:
This already can be configured if ceph backend driver is enabled. For
backward compatibility, ceph backup driver is used if ceph backend
driver is enabled and no backup driver is specified.
s3_swift:
The s3 backup driver gets configurable with this patch. By specifying
's3_swift', the driver is configured for swift s3api.
In the future, lib/cinder_backups/s3 should be created separatedly for
external S3 compatible storage. This file will just set given parameters
such as a URL and credentials.
Change-Id: I356c224d938e1aa59c8589387a03682b3ec6e23d
Devstack script for setting post-config needs gawk.
So this patch moves gawk from files/*/nova into files/*/general.
Closes-Bug: #1909041
Change-Id: I06a1a5524f146a8d7337963e846b5a6b7561be13
Several jobs have been running in parallel since the late Wallaby
cycle, and other developers have had it enabled locally. I have heard
no async-related stability or debug-ability complaints thus far.
I think that we should convert the default to parallel early in the
Xena cycle in an attempt to spread the speed improvements across the
board, while also collecting data on a wider set of configurations.
Change-Id: I83d56c9363d481bb6d5921f5e1f9b024f136044b
When OVN is built from source, the value of OVS_PREFIX is set to
"/usr/local". All other paths referring to OVS should be prefixed
with this value.
Closes-Bug: #1920634
Related-Bug: #1918656
Change-Id: I9a45a5379d1c47cdf67b9c6d3d0409a88501e61e
In case when OVN_UUID isn't set by user, and it isn't stored
in /etc/openvswith/system-id.conf file, Devstack will reuse it.
If it's not, it will generate and store it in the
/etc/openvswitch/system-id.conf file so it can be set to same value
after openvswitch will be e.g. restarted.
In case when OVN_UUID is set by user, it will be also saved in
/etc/openvswitch/system-id.conf file to make it persistent when e.g
openvswitch will be restarted.
Closes-Bug: #1918656
Change-Id: I8e3b05f3ab83e204bc1ce895baec0e1ba515895b
Instead of doing a flush/add, use replace like the ML2/OVS
code does. Should have the same behavior of not failing if
the address is already present.
Change-Id: If9d8a848b079ccb8c0c9b8e6fb708107aa0d46c7
This cleans up some of the quote and variable handling that was
pointed out in review of the previous patch. This is non-critical,
so I'm putting it in a subsequent patch to avoid disturbing the
careful alignment of patches across three projects that are mostly
approved.
Change-Id: I9b281efd74ba5cd78f97b84e5704b41fd040e481
In order to be able to test glance's distributed import function,
we need to have multiple workers in an arrangement like they
would be if one was on another host (potentially at another site).
This extra worker must be separate from the default image service
in order to repeatedly hit one and then the other to test cross-
service interactions.
This allows you to enable_service g-api-r, which will clone the main
g-api service, modify it to run on a different port, and start it.
The service will be registered in the catalog as image_remote.
Depends-On: https://review.opendev.org/c/openstack/glance/+/769976
Change-Id: I0e2bb5412701d515153c023873addb9d7abdb8a4
Conder started moving to new RBAC and cinder-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on cinder side and on Temepst side to tell
cinder is all configured with scope checks and test can be run with
scoped token.
Change-Id: Ic7cd919c000c4e7b9a3a06638a5bd87b1617e749
Glance started moving to new RBAC and glance-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on glance side and so does on Temepst side to tell
glance is ready with scope checks so that test can be run with
scoped token.
Change-Id: I09f513d08212bc80a3a86a750b29b1c6625d2f89
Keystone-tempest-plugin has implemented the secure RBAC
tests and enabling the enforce_scope via keystone devstack
plugin. Doing those setting in devstack will help to manage
easily and in central place also avoid restarting the api
service.
Change-Id: I30da189474476d3397152a0a15c2e30a62d712ad
This file is mega out-of-date and no longer helpful. Remove it.
Change-Id: Ic7e215c3e48a9c453d19355ad7d683494811d2af
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The XenAPI driver was removed during the Victoria release [1], while the
libvirt+xen driver has been removed in the Wallaby release [2]. Remove
references to Xen from DevStack since its all a no-op now.
[1] I42b302afbb1cfede7a0f7b16485a596cd70baf17
[2] I73305e82da5d8da548961b801a8e75fb0e8c4cf1
Change-Id: If7055feb88391f496a5e5e4c72008bf0050c5356
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This was removed this service from nova in Ussuri [1]. There's no need
to keep this around.
[1] I2f7f2379d0cd54e4d0a91008ddb44858cfc5a4cf
Change-Id: Idc95c6467a8c6e0c0ed07a6458425ff0a10ff995
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
os-ken is used by neutron ML2/OVS agent.
We need to install os-ken from source to test os-ken changes
against neutron. We already have tempest-integrated-networking job
in os-ken repo but it turns out it consumes os-ken from PyPI :-(
Change-Id: Ibcff212591e9fed25f1316403627269d81455b09
We require the 'tls-proxy' service to set up certificates for us. Hard
fail if 'NOVA_CONSOLE_PROXY_COMPUTE_TLS' is enabled but the 'tls-proxy'
service is not.
Change-Id: I52fec12b78ecd8f76f835551ccb84dfb1d5b3d8a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
When installing OVN from packages, the rpm for Fedora / CentOS pre set
some configurations that conflicts with the post configuration done by
DevStack.
This patch fixes this problem by erasing the pre-set configuration from
the packages and leaving it to DevStack to configure OVN for its use
(just like we would do when compiling it from source).
Change-Id: I9c18023c9aa79c0633748a6169f4f283e9d74ef0
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
We use Tempest master for testing the supported stable
branches so using master upper constraints works fine but
when we need to use old Tempest in the below cases then master
upper constraints do not work and devstack will not be
able to install Tempest in vnenv:
- Testing Extended Maintenance branch
- Testing py2.7 jobs until stable/train with in-tree tempest plugins
This commit adds a variable to set the compatible upper constraint
to use for Tempest's old version.
Few of the current failure which can be fixed by this new configurable var:
- networking-generic-switch-tempest-dlm-python2
- https://zuul.opendev.org/t/openstack/build/ebcf3d68d62c4af3a43a222aa9ce5556
- devstack-platform-xenial on stable/steinand stable/train
- https://zuul.opendev.org/t/openstack/build/37ffc1af6f3f4b44b5ca8cbfa27068ac
Change-Id: I5b2217d85e6871ca3f7a3f6f859fdce9a50d3946
CentOS 8.3 changed the name of the PowerTools repository to powertools:
https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.2011#Yum_repo_file_and_repoid_changes
With this repository disabled, DevStack fails to install libyaml-devel,
which causes a failure to install many packages. In my environment
DevStack stopped with an error caused by a missing wget.
Keep the command using the old repository name, for compatibility with
older CentOS releases.
Change-Id: I5541a8aee8467abf10ce8a10d770618bdd693f02
When I reordered the nova database creation for better performance
and cleaner arrangement, I broke the non-standard arrangement where
the super and cell conductors are squashed together. In devstack,
this is implemented by pointing the controllers at cell1 in the
config, which makes it hard to create and sync the databases in the
natural order. This manifested in a failure when running in this
mode (which apparently Trove is).
As a quick fix, this special-cases the setup for cell0 if that mode
is enabled. I will follow this up with a cleaner refactor of all that
stuff so this hack isn't required, but that will take a bit longer.
Change-Id: I5385157c281beb041bf67cba546be20cf9497cbe
Introduced in devstack by I2d7348c4a72af96c0ed2ef6c0ab75d16e9aec8fc and
long tested by nova-next this enabled by most deployment tools by
default now and should be enabled by default in devstack.
Change-Id: Ia76b96fe87d99560db947a59cd0660aab9b05335
This change introduces a basic role to copy the contents of /etc/ceph
between the controller and subnodes during orchestrate-devstack allowing
a multinode ceph job to be introduced by
I9ffdff44a3ad42ebdf26ab72e24dfe3b12b1ef8b.
Note that this role is only used when devstack-plugin-ceph is enabled.
Change-Id: I324c0f35db34f8540ca164bf8c6e3dea67c5b1b4
We have a *ton* of stuff in devstack that is very linear, specifically
the ten-ish minutes we spend loading osc to run a single API command
against something. We also generate configs, sync databases, and other
things that use one core of our worker and make our runtime longer
than it really needs to be.
The idea in this patch is to make it super simple to run some things
in the background and then wait for them to finish before proceeding
to something that will require them to be done. This avoids the
interleaving you would expect by redirecting the async tasks to a log
file, and then cat'ing that log file synchronously during the wait
operation. The per-task log file remains so it's easier to examine
it in isolation.
Multiple people have reported between 22-30% improvement in the
time it takes to stack with this. More can be done, but what is here
already makes a significant difference.
Change-Id: I270a910b531641b023c13f75dfedca057a1f1031
This patchset adds configuration support for network logging
when the OVN driver is enabled.
Depends-On: https://review.opendev.org/768129
Change-Id: I6fc0973bedfd1dcc72b01981cd64f9283662d37c
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
If we are backing glance with cinder, we will use more volumes and
if timing is right, we will clash with other tests and be unable
to create what we need. If we are backing glance with cinder, we
should increase the volumes quota, which this patch does (to 50 from
a default of 10).
Closes-Bug: #1914665
Change-Id: I2ad1c4d21f996ee1a9ce29ba4f1a4b8f5720f8fb
This commit fixes use of die function before it's defined.
die function can be used after sourcing $TOP_DIR/functions chain-
sources $TOP_DIR/functions-common.
Because fixed portion of stack.sh checks existence of $TOP_DIR/inc
and sourcing $TOP_DIR/function chain source $TOP_DIR/inc, this commit
uses echo & exit command instead of die function.
Closes-Bug: #1913021
Change-Id: I5ec174cf7b02269525b1bfd0bfa94ea889d16fce
On master, we should always enable tempest's verification of Glance's
os_glance namespace enforcement.
Change-Id: Ia71878e6c53ee683a868112959876798e946e2ce
Depends-On: https://review.opendev.org/c/openstack/glance/+/771070
I am still unable to stack because of pip 20.3, but this time
because of the tempest venv build. This forces it to the same
capped pip, which further works around the problem.
Change-Id: Icfaaefe1aa576733764b393cba96d276c9b1cf68
Related-Bug: #1906367
I'm not sure if others will find this useful, but I use this
script to run pieces of devstack while trying to write/debug
things. It saves me a lot of time being able to get to some
project-lib function without a full clean/re-stack.
Figured I'd share in case it's worth putting into the tree.
Change-Id: I9a92fa71d34f50c2f5ba7d11c1a45301bd4478bf
It has been broken for over a month. Feel free to revert in combination
with a fix, better with a commitment to keep the job in working shape
permanently.
Change-Id: I2604374c23716d56de29e16a459b7c7f45b84891
The create_disk() helper had some redundant checks and dead code. This
refactors it to put all the stale cleanup at the top, and groups the
new actions together with more relevant comments to make it easier
to understand.
Change-Id: I1f6218a1994e66786ed9a8065e30bcceec7b8956
Bug #1873234 documents a number of CI failures caused by RPC requests
from c-api to c-vol timing out due to `lvchange` taking longer than the
default rpc_response_timeout of 60 seconds to complete.
While the underlying reason for the slowness should be investigated by
the cinder team a trivial workaround to the fallout created by these
timeouts is to simply double the client RPC timeout used by c-api,
allowing c-vol to return and overall the request to succeed.
Change-Id: I53dc0ae10af6aa13f1349b58373932eb6a15ab02
Related-Bug: #1873234
Since the introduction of I8f24b839bf42e2fb9803dc7df3a30ae20cf264
s-proxy is no longer able to launch as keystonemiddleware (listed under
test-requirements.txt) has not been installed.
keystonemiddleware is listed as extras requirements in swift
- https://github.com/openstack/swift/blob/e0d46d77fa740768f1dd5b989a63be85ff1fec20/setup.cfg#L79
Let's install swift keystone extra requirements also.
Closes-Bug: #1909018
Change-Id: I02c692e95d70017eea03d82d75ae6c5e87bde8b1
This patch changes the OVN module from DevStack to allow for using the
OSapackaged version of OVN instead of compiling it from source.
A new variable called OVN_BUILD_FROM_SOURCE has been introduced and when
set to False (the default value) OVN will then use the packaged version
for setting up DevStack.
Note, in the stop_ovn() function, the OVN metadata agent service name
was wrong and the service wasn't being stopped as part of ./unstack.sh.
This patch also fixed it as well.
Change-Id: Ib41e3b486550200572afd6b3ba783d7644d70d44
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Co-Authored-By: Slawek Kaplonski <skaplons@redhat.com>
When deploying on the centos 8 stream variant
the output of "lsb_release -i -s" is
CentOSStream instead of CentOS
This breaks the is_fedora function in devstack
preventing package installation and removal.
Change-Id: I39ccefbd06f46adf5077f8d8001f37d3b190f040
This patch caps pip version during bootstrap to avoid the issue:
"ERROR: Links are not allowed as constraints"
A proper fix would be to adapt to new pip behavior.
Depends-On: https://review.opendev.org/764811
Change-Id: I1feed4573820436f91f8f654cc189fa3a21956fd
As documented in the associated TODO this job can be removed now that it
has been migrated to zuulv3 by Ib342e2d3c395830b4667a60de7e492d3b9de2f0a.
Change-Id: Id7c0fd8eec09386cd638956a46c1f75844194b9d
This change updates bionic installs to use the
ussuri cloud archive to enable the use of libvirt 6.0.0.
This is required to prevent a libvirt bug that causes intermittent
failures for the tempest test_live_block_migration_paused testcase.
Change-Id: I9c395c2b5fdfe6ad9a43477280e88e9a9b34f057
Related-Bug: 1901739
At this moment, only image_ssh_user is present in the config
of Tempest. It's set to cirros by default and used for
SSH connections in tests. However, several tests build
instances with image_ref_alt, but still use image_ssh_user to
connect, which results in failure if image_ref_alt is set to
a non-cirros image. They should use image_alt_ssh_user instead,
which can be set to whichever user the image_ref_alt needs in
either local.conf or during plugin installation.
Change-Id: I899909fb71a9862c891e94ba54c6a8fa137f9769
Partial-Bug: #1844535
Right now a system configured with the ceph plugin will not survive
a reboot because the backing disk we create and mount isn't mounted
at startup, preventing ceph from starting and the rest of nova/glance
from working.
This makes create_disk() idempotently write an fstab rule for the
disk we make, and adds a destroy_disk() handler for cleanup.
Change-Id: I50cd4234f51a335af25be756bd2459dca5aa343c
For change 739139 [1] PS 12, the
neutron-tempest-plugin-scenario-linuxbridge died in devstack with
"/opt/stack/devstack/functions-common:237 Failure retrieving default
route device", which comes from
"/opt/stack/devstack/lib/neutron-legacy:237:die_if_not_set".
Looking at the worlddump.txt for that job [2] I see that there is a
default ipv6 route; the vm was not configured with ipv4 networking.
ip route
--------
ip -6 route
-----------
::1 dev lo proto kernel metric 256 pref medium
2607:ff68:100:54::/64 dev ens3 proto kernel metric 256 expires 86380sec pref medium
fe80::/64 dev ens3 proto kernel metric 256 pref medium
default via fe80::f816:3eff:fe77:b05c dev ens3 proto ra metric 1024 expires 280sec hoplimit 64 pref medium
Looking at the devstack code that throws the error [3] it looks like
it only looks for a default route in the output of `ip route`, which
does not include ipv6 information. This change should look in both
the ipv4 and ipv6 route table. A similar check in the L3 setup code
is also updated.
[1] https://review.opendev.org/#/c/739139/
[2] https://d4eb7e3efe98cba79a4b-f4d168cdb20f40841821e4b213645c0f.ssl.cf2.rackcdn.com/739139/12/gate/neutron-tempest-plugin-scenario-linuxbridge/9a6b4f7/controller/logs/worlddump-latest.txt
[3] https://opendev.org/openstack/devstack/src/branch/master/lib/neutron-legacy#L236
Closes-Bug: #1902002
Change-Id: I839e8c222368df98fec308cf41248a9dd0a8c187
(MTU - 50) only supports VxLAN over IPv4, decrease it
to support IPv6 as well, which is 20 bytes larger.
Change-Id: I0cf258770f628c1b4fb590bd274b5433fbcc1450
Sometimes instances don't have an IPv4 default route, so only check for
it when we actually need it. In a followup patch we could extend the
code to check for an IPv6 default route instead or in addition.
Related-Bug: 1902002
Change-Id: Ie6cd241721f6b1f8e030960921a696939b2dab10
This function has been deprecated for a long time, let's finally
remove it. It is only generating a warning anyway.
Change-Id: I7bd440adf2ce8283e3ad3d5d09e6b2b877e2b42e
This patch set the os-vif "ovsdb_connection" configuration option so it
can connect to the local OVSDB. By default, this option points to
tcp:127.0.0.1:6640 and would fail if SERVICE_IP_VERSION == 6.
Also, if SERVICE_IP_VERSION is an IPv6 address, it should be wraped with
square brackets for it to work.
Change-Id: Ie6eec4e140c7464936cf0b0c6307026a94c9f4ee
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
this change corrects the flag order from 'route -6'
to '-6 route' as the -6 flag is an option when used with
ip is an argument to the the ip command and not the route
subcommand.
-6 is accpeted as an argument to the standalone 'route'
commannd but not 'ip route' subcommand.
Change-Id: Ic2ae472e42b7b455693d0aade48dc5109e1f21ba
The "ip route" command only outputs IPv4 routes, add a command to also
show IPv6 route information.
Drop output from "ip link" as that information is contained within the
"ip addr" output already.
Change-Id: Iae87f43c4b1c57f07de041e823da9d350c670389
The current code always overrides tox_environment when running
functional tests, but the correct behavior is to add
the discovered environment variables to tox_environments,
while keeping the user-specified value for it.
The current behavior breaks the devstack-tox-functional children
jobs, like openstacksdk-functional-devstack-ironic, which set
tox_environment.
Change-Id: I5dc9054a1495ca0ef7745c08316441ab153956f4
The situation around glance under WSGI has changed a lot in a week.
We can now run tasks and imports under WSGI, so let's switch the
default back so that glance is consistent (by default) with the
other projects.
Change-Id: I3ae285b2ac4972c0b8abaccfc7c0ede0e1c49bf1
Nova has newer qemu requirements which needs opensuse 15.2 to meet. The
infra opensuse 15 images are 15.2 now to accomodate that. Update
opensuse's supported version to match.
Change-Id: I6f3c5234920b185b2b0cd9c358371402f7a7b922
This includes a workaround to a known dnsmasq >= 2.81 issue that
results in unanswered DHCP requests from instances as documented in the
following Neutron bug:
dnsmasq >= 2.81 not responding to DHCP requests with current q-dhcp configs
https://bugs.launchpad.net/neutron/+bug/1896945
For the time being we will attempt to downgrade to 2.80 to avoid this.
Related-Bug: #1896945
Change-Id: I3a760c43956221424926bd9dad0ebe9b28ae2b52
Enable the compute feature for shelve_migrate on all but LXC and
Xen virt_types.
Related-Bug: #1732428
Depends-On: https://review.opendev.org/#/c/696084/
Change-Id: I31cd00c9117607682213cfa0399709e560f4ad0d
This patch will enable user to configure single cinder store as well as
multiple cinder stores for glance. Below are the parameters needs to be
added in local.conf.
A. For single store
USE_CINDER_FOR_GLANCE=True
B. For Multiple stores
USE_CINDER_FOR_GLANCE=True
GLANCE_ENABLE_MULTIPLE_STORES=True
CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1,lvm:lvmdriver-2,nfs:nfsdriver-1,ceph:cephdriver-1}
GLANCE_CINDER_DEFAULT_BACKEND=lvmdriver-1
enable_plugin devstack-plugin-nfs https://opendev.org/openstack/devstack-plugin-nfs
enable_plugin devstack-plugin-ceph https://opendev.org/openstack/devstack-plugin-ceph
NOTE:
GLANCE_CINDER_DEFAULT_BACKEND should be one of the value from CINDER_ENABLED_BACKENDS.
If you need to configure nfs and ceph backend for cinder then you need to add respective plugins in
local.conf file.
If GLANCE_ENABLE_MULTIPLE_STORES is True then it will not configure
swift store for glance even if it is enabled in local.conf file.
Needed-by: https://review.opendev.org/#/c/750018
Change-Id: Id0d63c4ea41cce389eee8dc9a96913a7d427f186
nova-ceph-multistore is defined in nova side to test the
glance multistore on ceph and it is voting on nova gate.
There are other multistore testing enhancement going on for
example- https://review.opendev.org/#/c/743800/. so to avoid
any regression, let's run exiting mutistore job on devstack
gate too.
Change-Id: Ie82b4057463df4b6138c53b14a582bd84866aebd
There is flag Q_BUILD_OVS_FROM_GIT which can be used to not compile
ovs from source.
But this wasn't respected in the ovn_agent's module in install_ovn
function which was always installing from source ovn and ovs.
We need to disable that e.g. on grenade jobs when new version is
installed.
Change-Id: I7d3f92365e880191dcfe7c618a6f79d5f741144f
This is will allow the openstack/nova project to facilitate a minimum
required version bump of QEMU and libvirt within the libvirt virt driver
in I8e349849db0b1a540d295c903f1470917b82fd97 ahead of the planned switch
to focal later in Victoria.
Change-Id: I85eb45632ff229676f7c29708f4a7cc64b3d90e3
Previously pyc files were only cleaned if clean.sh was run.
with this change a new clean_pyc_files function was introduced
with the logic that was previously in clean.sh but it is now
invoked from unstack.sh
With the previous behavior you could not stack with horizon
enabled then unstack and stack again due to the presence of pyc
files that were owned by root.
By moving the clean to unstack in stead of clean.sh you can
now stack, unstack and stack again without hitting the pyc issue.
since unstack is invoked by clean the existing clean.sh behavior has
not changed in practice except for the fact the pyc files are
removed sooner in the process.
This change also removes support for findutils < 4.2.3
Ubuntu 12.04 and CentOS 6 both have 4.4.2 since they were
released 8 years ago and are now EOL its fair to assume
that all modern distros have 4.2.3+
https://repology.org/project/findutils/versions
Change-Id: I13c9aad9be7e0930a0d875b7d382090caf0b8982
This reverts the changes made to the zuul config in [0]. Since the
backports to the stable branches have been merged, the jobs can be
voting again.
[0] I5d8aa0e58e0409c54451b51de5eb70ba9a68d849
Change-Id: I3f5972e05faea8f11d7e87f3f8b05e4979e6c328
A new setuptools release has changed the way pip installs are done,
see [0]. With this change we switch back to using the distro
method for global pip installs.
Temporarily make grenade jobs non-voting in order to allow this
patch to be backported.
[0] http://lists.openstack.org/pipermail/openstack-discuss/2020-August/016905.html
Change-Id: I5d8aa0e58e0409c54451b51de5eb70ba9a68d849
This patch is a follow-up of Ib4194329474e8d68a90886d2a04f027eecd741df.
This patch removes the configure_port_forwarding call from the
neutron-legacy module because port forwarding (just like other
extensions such as DNS, QOS, etc...) are already enabled in the
plugin.sh file in the neutron repository [0]. The
configure_port_forwarding method itself is also defined in the neutron
repository so calling it here may result in a failure in case the plugin
is not enabled.
We are also removing the "dns" extensions from the default
Q_ML2_PLUGIN_EXT_DRIVERS variable because this extension conflicts with
the default DNS extensions that is enabled by Neutron when
q-dns/neutron-dns service is enabled (also in [0]). The LP for this
conflict problem is: https://bugs.launchpad.net/neutron/+bug/1887163.
[0]
https://github.com/openstack/neutron/blob/945a244588b81064e4301b6f055a3c90f472bd7e/devstack/plugin.sh#L101-L103
Change-Id: Iafb9e45520798b2a612192cfc6cca28501465862
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This patch fixes an early stack issue where the following error message
would be presented:
ERROR: Cannot uninstall 'PyYAML'. It is a distutils installed project
and thus we cannot accurately determine which files belong to it which
would lead to only a partial uninstall.
We also drop references to removal of Python 2 library egg infos now
that Python 2 is EOL.
Closes-Bug: #1892363
Change-Id: I2876ee58ab6b73682869d6b4e684e10ac5e56ad9
The role reads the OS_* variables set by devstack through openrc
for the specified user and project and exports them as
the os_env_vars fact. It is meant to be used as a porting aid
for the jobs of the non-unified *clients only.
This is useful to run functional tests against the generated
environment. A slightly less generic version of this role
is currently used by python-cinderclient and python-novaclient
(get-os-environment).
In order to make this more useful, call it from
devstack-tox-functional and derived jobs. The role
execution is disabled by default and it can be enabled
by setting openrc_enable_export: true.
Change-Id: I15f5a187dbc54c82e8f4a08b4bb58d56e0d66961
There are a few dependencies which are really os-brick-specific.
They are listed in its bindep.txt file, but os-brick is usually
installed from pip, so its bindep.txt file is not available.
As those dependencies are needed by the various services
which use os-brick, move them to their own dependency file
(with the addition of the new lsscsi, required by the next
os-brick stable release) and make sure that file is parsed
when installing the services which require os-brick.
Side note: there should be a way to avoid this duplication
also for pip-installed libraries (normal services can use
files/ or even bindep, but in this case the source is not always
available), (temporarily?) duplicate them, as it has been
the case for the other os-brick dependencies already listed here.
Change-Id: I9ab6e215dbef9ebdb1946da2f9a40ce020ecc95b
As part of the Victoria PTG the Neutron team entertained the idea of
having the OVN driver as the default backend in DevStack (this hasn't
yet being decided by the community, this will be discussed within this
cycle).
For this to happen, we also would need to move the module that configures
OVN to the DevStack repository. This is what this patch is doing.
Note that we are updating the lib/neutron-legacy module instead of
lib/neutron in this patch, this is because as part of the PTG the
Neutron team has decided to un-deprecate the neutron-legacy module since
the "new" lib/neutron module is broken and nobody is current working on
it (also all services uses neutron-legacy).
Also, the ovsdbapp has been added to the ALL_LIBS list because a gate
job in the ovsdbapp project repository relies on installing the library
from source instead of pip to run.
Depends-On: https://review.opendev.org/#/c/740663/
Change-Id: Ib4194329474e8d68a90886d2a04f027eecd741df
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
We need to use python3, our deps are no longer installed in python.
Includes the current set of updates to the plugin registry.
Change-Id: I4753ddf60ed066cc11fa74dbbd63210dbad733a8
While RHEL 7 is detected as RedHatEnterpriseServer, RHEL 8 is
RedHatEnterprise.
$ lsb_release -i -s
RedHatEnterprise
Change-Id: I3d750d808c6ebea9c230f0508cdbc016415b9922
Most libs maintain their own system packages in a local bindep.txt file.
We don't currently use those when installing packages from source, which
can result in broken package installs.
This adds a flag to always attempt to install bindep packages if the
bindep.txt file exists. If a file cannot be found, it will just emit a
warning and carry on.
Change-Id: Ia0570f837b8af1c3fee0a314b026a4a7ed27e6a9
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
If glance is in standalone mode, image import works
fine so enable the tempest tests. Once we will have image
import or other async tasks working with glance under uwsgi
then we can remove this flag and run import tests by default.
Depends-On: https://review.opendev.org/#/c/741425/
Change-Id: I853e8a3815187f0aa8f05c70488ec948a97e55a6
As of the referenced patch in glance, we can do import in wsgi mode.
Also remove the enforcement that import methods are disabled.
Change-Id: I8da4b4ad6105bb64c4045ca80db9742591d01564
Depends-On: https://review.opendev.org/#/c/742065
We always want to start glance on the internal port now,
regardless of whether or not tls-proxy is in use, because we
write_local_proxy_http_config() for the standalone case.
Change-Id: I47dea645d4a852e02e25af0e1df9c28fec92c42a
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
While removing registry [1] we by mistake removed some code related to
multiple store configuration for glance. This must be happened during
resolving merged conflicts.
Adding it back.
[1] https://review.opendev.org/708062
Change-Id: I2b84f7b7c51b7b20765a06b48c75006fd2e8ab71
Glance should not be exposing import methods that cannot work via its
API, but it does today. In order for tempest (et al) to be able to
properly detect whether import is possible, we must configure the
import methods in standalone mode, or disable them in wsgi mode. The
referenced Glance patch will make this a requirement.
Change-Id: I3bf3498d83607c5e98b70877c061dc54fc3c0a6e
Needed-By: https://review.opendev.org/#/c/741497/
A whole set of Glance functionality is not usable under uwsgi, including any
of the more powerful async import, customization, and copying functions.
In order to facilitate writing and running tempest tests for these features
in all environments covered by the various jobs across all the projects that
include Glance, we should default to this deployment method.
It is still possible to deploy glance in uwsgi mode by setting the flag to
False, and we can do that for some jobs to make sure that it continues to
work. However, the default should be what we expect deployers will use,
which is standalone mode.
Depends-On: https://review.opendev.org/741479
Change-Id: I141acab2a07a4eebd8d850f900058bc8cbf9c7bf
This makes no sense to set on _every_ devstack deployment, only
if we are using libvirt qemu or kvm. Make it conditional.
Change-Id: I860e899274646ff73b8f084a0583325239aee9cc
This abstracts out the conversion of key=value,... property lists to a function
and makes both _upload_image() and the two ami/aki image create calls use it. The
move to bare key=value properties introduced a regression for ami/aki where
the --property flag stopped being passed to osc in that case.
Change-Id: Idf7fdfe3f5800f79f6c48f9d9606a7b53436a730
Full Glance functionality requires Glance being run in a configuration
where it can spawn long-running task threads. The default uwsgi mode
does not allow this, and the current workaround is to set WSGI_MODE
to something other than uwsgi to get the devstack code to deploy
Glance as a standalone service. Since this affects the entire rest of
the deployment, this patch separates out a flag to control this behavior
specifically for Glance. When WSGI_MODE=uwsgi, control of the Glance
deployment mechanism is allowed via GLANCE_STANDALONE=True|False. If
WSGI_MODE!= uwsgi then we deploy standalone Glance anyway.
Change-Id: I79068ce0bd7414bc48ff534ee22f0de5d7b091cb
Added new boolean option 'GLANCE_USE_IMPORT_WORKFLOW' default to False.
If this parameter set in local.conf as True then devstack will use the
new import workflow to create the image.
In order to use new import workflow of glance;
user need to set below options in local.conf
GLANCE_USE_IMPORT_WORKFLOW=True
Note that the import workflow does not work in uwsgi because of
some fundamental restrictions it has. Thus, devstack must be configured
with WSGI_MODE=mod_wsgi, otherwise glance will not be able to process
the imports. The new helper function will abort to avoid in that case
to avoid the image never being moved to "active" state by an import
task that will never be executed.
Co-Authored-By: Abhishek Kekane <akekane@redhat.com>
Co-Authored-By: Dan Smith <dansmith@redhat.com>
Needed-By: https://review.opendev.org/#/c/734184
Change-Id: I1306fe816b7a3eca1e2312c0c454be3d81118eca
Replace legacy-tempest-dsvm-lvm-multibackend with its native version,
cinder-tempest-lvm-multibackend.
Remove legacy-tempest-dsvm-neutron-dvr-multinode-full, which was defined
as an experimental job in neutron and removed during the ussuri lifecycle.
See https://review.opendev.org/#/c/693630/
Change-Id: I76d1efaa3a6c1fe9825e8457438f514114b2ecad
The old peakmem_tracker service has been disabled in [0], now enable
the replacement memory_tracker.
Also fail when the old service is still configured, otherwise
consumers might never notice.
Depends-On: https://review.opendev.org/739995
Change-Id: I583caf3f36a8ff41d7d4106dabc6c5f24243085e
Starting up n-api-metadata service on every compute nodes does
not solve the problem of isolated networks (no route to metadata
service). It all depends on how 'enable_isolated_metadata' and
related options (e.g. force_metadata) are set in dhcp agent and
what is configured for the 'nova_metadata_host' option of q-meta
service. Having a global n-api-metadata service in the control
node is sufficient for a mult-node lab setup.
Besides, the n-api-metadata services on compute nodes are not
really working due to https://bugs.launchpad.net/nova/+bug/1815082
Change-Id: Ib8691c3eeee59758fbd98989d9460f1458ea422f
Related-Bug: 1815082
This reverts commit f6286cb586.
This patch is blocking glance as it needs mod_wsgi to perform new import workflow.
Change-Id: I4475247dfe986114d37678b3d3d552c0c7d02ddc
Recent regression spotted by Dmitry Tantsur.
DevStack dropped Py2 support but the now-unused-in-devstack
python3_enable got its result nastily inversed.
Change-Id: I4b37cc847a24705c4955cec2e6e45f0514705f1b
The non-voting flag was accidentally dropped in [0].
[0] Ib4416dc2f5e003fd770f5240a8f78213c56af8e6
Change-Id: If9519f1ac9afd66553e1c1410fdc16369f166b98
No targetcli package on Ubuntu Focal, it should use targetcli-fb also
when "$CINDER_ISCSI_HELPER" == "lioadm".
Although Xenial only has targetcli, but Xenial is dropped from CI. And
starting from bionic, Ubuntu uses targetcli-fb to replace targetcli. So
here we can use is_ubuntu to make ubuntu use targetcli-fb.
Change-Id: I6d35b6651d486e716980dcd9f4d693bed560463a
This option sets enable_v1_api in glance-api.conf, a setting that
was removed by change Ia086230cc8c92f7b7dfd5b001923110d5bc55d4d
in July 2018, so remove the devstack option from lib/glance.
It occurs in two other places:
This option is used in lib/cinder to set an option that was removed
from Cinder by change Ice379db9ae83420bacf9e96e242c7515930eae86 in
Queens, so remove the related code.
When this option is False, it is used in lib/tempest to set
[image-feature-enabled]/api_v1 to False in the tempest config file.
However, the default value of ths setting has been False since
change Iab3a209c744375bf2618afc00a3f7731b62f557e in Sept 2018,
so remove the related code.
Change-Id: I4b18a0a388ed7e7a392fabeac613778e0d23dee7
Those historic references to port 5000 and 35357 aren't being used
anymore for some time, so let us drop them.
Clean up some python2/3 wording along the way.
No longer mention Identity API v2, which is also a thing of the past.
Change-Id: Iafff097eee082f24ea2ae27ad038ad115aa36c61
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.
Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
This commit adds the focal nodeset for
multinode so that those can be used for
projects side jobs or testing.
We need to define these as first step to avoid
any conflict on nodeset name if project started
defining these.
Example: three node focal nodeset is already
defined in x/tobiko, fixing the same in depends on.
-I30a6bb63269f031a74f9bff6c765d59d91088797
Depends-On: https://review.opendev.org/#/c/738128/
Change-Id: I5ce49f7a7d52d00555c14b08864bc8975956b20c
Story: #2007865
Task: #40212
Some arping versions only accept an integer number for the
"deadline" (-w) parameter.
Change-Id: Ie21c9b5820262d049c0fcd8147d85cc110d88272
Closes-Bug: #1885169
Dragonflow was retired in 2018 and is now being retired. This removes a
documentation reference to it.
Change-Id: I24ab79482306a7c816b5242a981f1b508ff8f6ec
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
We haven't had a working job for stretch or jessie in years, attempts
to get things fixed have been dropped, set let's be honest and drop
those from our support list.
Change-Id: Ia6152be79f8044f7ff039ec0911ad4938d6271f4
- Add a nodeset and a platform job
- Drop uwsgi-py2 pkg that no longer exists
- Blacklist tests that are currently failing
Change-Id: Ib4416dc2f5e003fd770f5240a8f78213c56af8e6
Focal only provides a pip3 binary, no pip3.8. Instead of working around
that with a symlink, use the module instead.
Add version information output for this variant.
Change-Id: I7af194ecc40e4d43c10ce067a661bb6ab4ca37d4
process-stackviz role currently defined in Tempest repo[1] and used
in tempest jobs. Issue with having it in branchless Tempest is that any
fix in that role cannot be backported to older Tempest. Also stackviz is
not Tempest things it is only used by Tempest jobs.
Stackviz can be considered as a service similar to Tempest so inatlling it in
Devstack side make sense. Also that will give us advantage to handle the
branch specific fixes or backpoting the fixes.
This can solve the current issues we are facing on rocky branch
- https://zuul.opendev.org/t/openstack/build/c1e2da80537448bfb24331fb4198a931/console#4/0/29/controller
[1] https://opendev.org/openstack/tempest/src/branch/master/roles/process-stackviz
Change-Id: I0ba1fd05c6391cd8bb978119ecfbb891def2d497
During the Victoria cycle we plan to switch default Neutron backend in
Devstack from OVS to OVN.
As first step before we will start discussion about this change with
whole community, we want to add tempest ovn based neutron job to
the devstack check queue so that we can keep verifying that with
devstack changes.
Change-Id: I8484baa7398b28ed5ef62f86b55022c7d8703f56
Glance has deprecated registry serivce for long and now efforts are placed to
remove the registry code from the glance repo.
To avoid regression on other projects, gate jobs etc. removing
configuring registry service from the devstack.
Change-Id: I6a7be6bdc97acc43c8e985060aeea05d92642e80
Neutron-fwaas is going to be deprecated in master branch with [1].
[1] https://review.opendev.org/#/c/735828/
Change-Id: I513ef36e681fc3f9e5aa9f81c9aedba716366729
Building uwsgi from source was a workaround that was introduced a long
time ago, it doesn't seem like it is needed anymore and will actually
fail for Ubuntu 20.04.
Also it doesn't match what will happen for most real-world
installations, so let's try to get back to using distro packages. We'll
still use the source install for RHEL/Centos, it remains to be tested
whether we can get back to using distro versions there, too.
Change-Id: I82f539bfa533349293dd5a8ce309c9cc0ffb0393
uwsgi broke installation from source with their latest release [0].
Since we want to move away from source installation anyway, make
grenade based jobs non-voting for the moment so that we can backport
[1] properly.
[0] https://bugs.launchpad.net/bugs/1883468
[1] https://review.opendev.org/577955
Related-Bug: 1883468
Change-Id: I8e47bb7c70031a4df7f1af6b811df4c6cc784b2a
Tempest option scenario.img_dir has been deprecated more than 4 years, it's
time to remove it from devstack.
img_file option should contain the full path to the image.
This patch removes setting of img_dir option and makes img_file
one contain the full path of an image.
Change-Id: I71102095f3603915f0bc7d21f2e18c4eac4e95ec
Depends-On: https://review.opendev.org/#/c/710996/
Related-Bug: #1393881
The FLOATING_RANGE variable should specify the network address of the
used prefix for clarity.
Change-Id: I547bd42d8bdc5f0f2001d47f2d5b43729773b1bc
Closes-Bug: 1870204
This is already unconditionally installed via install_apache_uwsgi in
stack.sh; we don't need to install it again in keystone. Since we
need workarounds on some platforms (see
I3bc5260e77cebe852cc8d70d9eddf84ef71d74bb) we only want to do this in
one place.
Change-Id: I40d84cbdf68cf6bb5cba143b6c0c126cdb8a84d4
All these uwsgi invocations assume that the uwsgi binary is in the
same directory as their project binaries are installed into (probably
/usr/bin). That may not be correct -- for example if using a packaged
uwsgi on Fedora the binary will live in /usr/sbin/uwsgi (not /usr/bin
where the project files from pip are).
Switch invocations to just find it in the path.
Change-Id: I298e3374e9c84e209ffcabbaaacda17f8df19f4f
Centos 7 is no longer supported, replace with Centos 8. Also Debian
hasn't been working for some time and progress in fixing it has stalled,
so drop it for now.
Change-Id: Ic1513b20f296978bca095c7aa79f022d7d9ab7ac
Closes-Bug: 1881183
This option was deprecated in Ussuri [1] as nova no longer provided any
schedulers aside from the filter scheduler and the existence of
third-party schedulers was very unlikely. Stop configuring this and
simply use the default.
[1] https://review.opendev.org/#/c/707225/
Change-Id: Iabdd1d00e00ee269334f0fe0db265a97207e2dc6
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We need an appropriate auth_uri for s3token to be able to contact
Keystone.
Since tempauth is always enabled, we want to delay the auth decision
until after tempauth has had a chance to try.
Change-Id: Ie4ff33a617b9dc74d51d037ec8ebd0d9787dd76d
For a long time, swift3 recommended a pipeline like
... swift3 s3token authtoken keystoneauth ...
This led to inefficiencies where the proxy would first contact Keystone
to validate the S3 signature and issue a token, then contact Keystone
*again* to validate the token ID that was just issued.
After s3token moved into the swift3 repo, it was improved to be able
to put all of the headers into the WSGI environment that Swift's
keystoneauth middleware expected and the recommended pipeline was
changed to something like
... authtoken s3api s3token keystoneauth ...
At the time, the old order would still work, it would just be less
efficient. When support was added for Keystone v3, however, the new
order became mandatory.
All of that happened before swift3 moved back into Swift as s3api, but
the pipeline placement problems are the same: Keystone users won't be
able to use the S3 api with the current order.
Change-Id: Id0659f109cc2fc12ddb371df0b26812ba8c442d9
Related-Change: I21e38884a2aefbb94b76c76deccd815f01db7362
Related-Change: Ic9af387b9192f285f0f486e7171eefb23968007e
The bug has been fixed since a while, also in recent distributions,
for example Ubuntu 20.04, the sgabios.bin ROM is provided directly
by qemu-system-data as an actual file under /usr/share/qemu and
it conflicts with the one provided by sgabios, so removing the
workaround is actually needed to prevent failures.
Change-Id: Ib5f23dbd8839a0927418692054f4ed4abd76babc
Switch to openstackdocstheme 2.2.1 version. Using
this version will allow especially:
* Linking from HTML to PDF document
* Allow parallel building of documents
* Fix some rendering problems
Update Sphinx version as well.
Set openstackdocs_pdf_link to link to PDF file. Note that
the link to the published document only works on docs.openstack.org
where the PDF file is placed in the top-level html directory. The
site-preview places the PDF in a pdf directory.
Set openstackdocs_auto_version to not auto-version the documents.
Set openstackdocs_auto_name to use 'project' as name.
openstackdocstheme renames some variables, so follow the renames
before the next release removes them. A couple of variables are also
not needed anymore, remove them.
Change pygments_style to 'native' since old theme version always used
'native' and the theme now respects the setting and using 'sphinx' can
lead to some strange rendering.
See also
http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014971.html
Change-Id: I26887b175b9c1ced7347289b7d5d4f57a20ec36a
tmpfs exhaustion has long been suspected as the root issue behind
failures to load ssh keys and other metadata from local config drives as
documented in bug #1808010. This can also lead to failures fetching
metadata from n-metadata-api leaving Tempest unable to SSH into
instances.
This change increases the RAM of the m1.nano and m1.micro flavors by
64MB to hopefully avoid these errors going forward. This is also ahead
of our eventual upgrade to Cirros 0.5.0 where 128MB becomes a
requirement.
Related-Bug: #1808010
Change-Id: I4b597579cf89939955d3c110c0bd58ca05de61f0
Disable insecure option for glance_store with
swift backend when tls is enabled.
Specify swift_store_cacert option.
Change-Id: Ia1e8f596c95dd7b6e63cb21a94c8316dc71bf945
Follow the pattern of the other configuration keys. The new variables
allows tests to enable/disable volume revert tests provided
by cinder-tempest-plugin.
Revert-to-snapshot was introduced in pike, and so the tests.
Change-Id: If137f201c2f646703f5a1ff96e71e48caed63b67
Ubuntu Focal doesn't have python-pip, only python3-pip. Trying to
uninstall a package that apt doesn't know about (installed or
uninstalled) results in a nonzero exit code so devstack fails. This
patch makes the package removal safer for both python2 and python3 cases
by checking first if the package exists.
Change-Id: I3b1118888cb0617ffb99b72c7e9a32308033783e
This repo is now testing only with Python 3, so let's make
a few cleanups:
- Remove obsolete section from setup.cfg
- Use newer openstackdocstheme and Sphinx version for python 3
- Remove install_command from tox.ini, the default is fine
- Move basepython into testenv
- Update bashate version
Change-Id: I3d78b3787af2efce831d223dbcab6cf84c358028
The integrated gate template (integrated-gate-py3) has been switched
to the new grenade name (grenade-py3 -> grenade). This repo uses the
template but also has for irrelevant files an extra entry.
Rename the job following the template change to avoid duplicate
grenade runs.
Details:
- http://lists.openstack.org/pipermail/openstack-discuss/2020-May/014602.html
Depends-On: https://review.opendev.org/725148
Change-Id: I73e67c0e01ca231678903b2460dab672f17251e3
We no longer support platforms with Yum on master. Cleanup old
references and convert to dnf.
We don't need any of the failure wrapper stuff as dnf runs in strict
mode by default.
There seem to be a few callers out there, so we'll leave it called
yum_install for now.
Change-Id: Ie71a48fd85b00a97a14bf260cd013b18af4cce06
This package isn't available on some distributions hasn't been
required in Neutron for several years
If679e79fa3242ee1cd8610b5525deca35b41c87e. Remove it.
Change-Id: I7308a885c1d084efe2f0b9f542443d35966140ed
The paths for the devstack source directories are currently hardcoded,
this patch allows overriding that list.
Change-Id: I2b673b0d110d84658b89bb14663584330deaf3aa
With the removal of CentOS 7, we can re-evaluate the rpm
installations.
We should not need virtualenv after https://review.opendev.org/712609
There should be no need for python-devel as we're python3
pyOpenSSL was added to workaround memory issues in
9e98f9435e (2015) ... I think we've
moved on.
pyxattr is not a package; remove it.
I don't see we need packaged m2crypto, which isn't a package on CentOS
8. nor libxml2-python; these days it has wheels which should work
with the normal installation process.
centos8 has:
* targetcli
* pcp-system-tools (and no dstat)
* iptables-services
* java-1.8.0-openjdk-headless
* kernel-modules
* rsync-daemon
just as all supported fedora's do, so we can remove any matching here.
Change-Id: I542c426a67a98f331d2a29bacd220af81fab8cc4
We have lib/databases/mysql which is installing databases, remove it
from the bulk package lists.
Split is_fedora (fedora & centos8 -- soon) to install mariadb-server
and mariadb-devel to retain status-quo.
On suse this seems to be a meta-package
'mariadb-server' not found in package names. Trying capabilities.
so split that out. It seems it has never been installing the -devel
package, and things work (presumably clients are coming from wheels so
don't need to build against it).
Change-Id: I86433318e8f76c40c5c792b795411a5c9d8351d3
We do not support CentOS 7 on master branch due to no Python 3 or
ongoing eco-system (i.e. RDO) support; see
Id9ef507dd6f4226d65c6ed3043666b0aa6a3bd1c.
Change-Id: If98581708568e7a8d15e6edc588a008df0cac0fb
This includes the addition of the python3-virtualenv package required to
provide the virtualenv binary that is no longer present in the image.
Change-Id: Ie8e66d8b9f93063b97f88f41a626daddf235339b
Using venv, which is part of python3, we avoid an extra dependency on
the virtualenv package. For Debuntu, which splits this out into a
separate package, add this to debs/general.
This is part of the infra efforts to ship "plain" nodes without any
dependencies installed. While devstack can re-install virtualenv, we
don't need any features it provides and it means one less dependency.
Change-Id: I3c323640f288e57581a4eb8adba2a08d0b0cbd8f
There's a bug[1] with the combination of the p11-kit and
ca-certificates-mozilla packages available on the latest built
opensuse-15 node in nodepool (which has not been rebuilt for weeks due
to a separate issue[2]) which causes the standard CA bundle to not be
installed correctly and causes jobs that call to external HTTPS services
to fail. Upgrading both packages in sync fixes the issue.
[1] https://bugzilla.suse.com/show_bug.cgi?id=1154871
[2] http://bugzilla.suse.com/show_bug.cgi?id=1166139
Change-Id: Ia8fdfe12fd9089e178adcb2b5eec997eebada262
Needed-by: https://review.opendev.org/713566
When stacking outside of Zuul CI the wheels have to be built locally and
python3-dev package is required.
Story: 2007491
Task: 39213
Change-Id: I0960269d5cf193c9ececc5490485522c74646382
This first came in with Id749c37ab7fefa96b35f11816b56b9def5ef4b08. It
talks about ancient versions of pip; can't see we need it any more.
Change-Id: I9d4831955070990a81a809d988612d9d5b1aa672
Recent change to devstack dropped installing test-requirements [1]
However, this caused gate failures due to lack of glance-store
deps for cinder and swift support.
This patch makes devstack install relevant extras depending on
enabled features.
Additionally, relevant functions are added/fixed to make this
possible.
glance-store = glance_store (for gerrit search match)
[1] https://review.opendev.org/715469
Change-Id: I0bf5792a6058b52936115b515ea8360f6264a7c9
Swift keeps testing py2 but we should keep both in shape.
To fix stestr on py2:
Depends-on: https://review.opendev.org/715942
Change-Id: I616e39c64e22d467d7186dba98226cc5beef23ea
This is a test of installing openstack and then seeing if it works.
OpenStack components do not need test-requirements to operate,
that's why they are test-requirements.
Additionally, as we look forward to depsolver pip, this is going
to screw us because we don't apply constraints to linters, which
are expressed in - you guessed it, test-requirements.
Change-Id: I8f24b839bf42e2fb9803dc7df3a30ae20cf264eb
This reverts commit 79b8e79488.
This is breaking things in various jobs, most notably because
we do not put constraints on linters - but we install
test-requirements which then can conflict with each other.
Change-Id: Ibc5603c61b38ce44db58fb27a27352f59123ad09
The new pip depsolver is coming this summer. Until it's ready,
run pip check at the end of devstack to make sure we're not
somehow installing conflicting package versions. We shouldn't
be, because of constraints, but if we are, better to know and
start figuring it out.
Change-Id: Id98f0848ff5a252d93e5f8029df2d069924d603f
The function was using a hard coded value of localhost:11211 when
we have an option MEMCACHE_SERVERS that can be defined and used
inside DevStack.
Change-Id: I4947928fe406a9844d5bdaa3c826d273952fa097
DEVSTACK_GATE_FEATURE_MATRIX seems to be an old legacy thing that
is no longer being used. It currently prevents using the jobs in
openstack/devstack without adding openstack/devstack-gate for the
role.
Change-Id: Iab9b4862c01043d2c158398bac4b3b289a0adba0
tempest-multinode-full is py2 job and not needed to
run on ussuri onwards. Chaning this to its py3
version tempest-multinode-full-py3
Change-Id: Iff271eabcf1a39d6bf6c1fcd55ff2749cab2373f
The networking-ovn code is being moved into the neutron repository as
part of the effort [0].
This change is needed so we are able to install OVN from packages
when running the networking-ovn functional tests along with
the Neutron ones (see [1]). In the old networking-ovn repository we did
compile OVN from source instead of installing it from packages but
that took time. We want to do better in the Neutron repository.
[0] https://blueprints.launchpad.net/neutron/+spec/neutron-ovn-merge
[1] https://review.opendev.org/#/c/697440/
Change-Id: I92ab727d9954eb729c41b9a67ecb60b56883097b
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
From Train release Glance has added support [0][1] to configure multiple stores
of same or different types. This patch enables developers to configure
multiple file stores for glance. In order to configure multiple file stores
user need to set below options in local.conf
GLANCE_ENABLE_MULTIPLE_STORES=True/False
To enable multiple stores of glance.
GLANCE_MULTIPLE_FILE_STORES=veryfast,fast,cheap,verycheap,slow,veryslow
Comma separated list of store identifiers.
GLANCE_DEFAULT_BACKEND=fast
Default glance store in which image should be stored if store identifier not
specified explicilty. Should be one of the store identifier from
GLANCE_MULTIPLE_FILE_STORES config option.
NOTE: This support is added so that we can start adding tempest/CI tests for
glance multiple stores.
[0] 515412b59f5b3af07a1787b9f8e85a4d656d3e1c
[1] https://docs.openstack.org/glance/train/admin/multistores.html
Change-Id: I494f77555cfe9115356ce0ee75c7d7f192141447
Building on I5c3e1b7b632fd73310c462530990cdb0e0c0ceea we can now add a
Fedora job using the virt-preview repo that will be used by Nova's
experimental queue.
Change-Id: Iad9d64912bb07f307e4897ece1621f275f1d5211
'str' type in python2 is 'bytes' type in python3,
when use python3, we will get a prefix 'b':
sudo ip netns exec b'qrouter-39cc2b45-a27c-49c5-94a6-26443a49ac63' ip
neigh
--------------------------------------------------------------------------
*** Failed to run 'sudo ip netns exec
b'qrouter-39cc2b45-a27c-49c5-94a6-26443a49ac63' ip neigh': Command 'sudo
ip netns exec b'qrouter-39cc2b45-a27c-49c5-94a6-26443a49ac63' ip neigh'
returned non-zero exit status 1.
The message above is raised by running tools/worlddump.py with python3.
Change-Id: Ic254af86fa27729839f00c0ad4a5bbbc9e545a09
With fedora-latest now using Fedora 30 images and Fedora 29 itself EOL
we can now remove support for it from devstack. This change also cleans
up references to earlier Fedora releases under files/rpms/.
Change-Id: I24332f7016ebb549ea678acf677c477b55ec4d4b
With the open-iscsi rebase we should now be able to move the
fedora-latest job to fedora 30 ahead of the removal of support for 29.
Change-Id: Ia80f03f275e595d3b26b52b3478f303036d59438
I2f16658c5a3e22cac70912a0f3ad65cdd7071a1e worked around an open-iscsi
bug that remains unpatched in Fedora 30 and 31 by using a private copr
repo with the patch applied. Rawhide has finally been rebased to 2.1.0
where this issue and many others have been resolved.
We can now use a new repo that has been built for Fedora 30 and 31 that
provides this rebased package that we can either use until the rebase is
backported to 31 and 30 or 32 is supported.
Change-Id: I5ba5885bd9c784949602aeb4ddff9d75fecc6b3d
With the recent switch to py3 we need to ensure python3-devel is
installed on Fedora >= 29 before pip installing any dependencies.
Change-Id: I21417687db5b3827c5272ed22f6dc95db13f2870
The GRANT command in mysql8 can no longer create a user implicitly.
Split that part into a dedicated CREATE USER command.
Also drop disabling the query_cache, it is off by default for some time
and the option got removed in mysql8.
Change-Id: I31bcc285ff8e373abbacb303c1269857c9cfa9ed
After Python 2 is getting unsupported, new distros
like CentOS 8 and RHEL8 have stopped providing 'python'
package forcing user to decide which alternative to
use by installing 'python2' or 'python3.x' package
and then setting python alternative.
This change is intended to make using python3 command as
much as possible and use it as default 'python' alternative
where needed.
The final goals motivating this change are:
- stop using python2 as much as possible
- help adding support for CentOS 8 and RHEL8
Change-Id: I1e90db987c0bfa6206c211e066be03ea8738ad3f
Set default python3 version as 3 for cases python3
is not installed before running DevStack.
Implements installation of required python3x package
for RedHat family distros with package name depending on
configurable ${PYTHON3_VERSION}. Examples:
3 => python3 python3-devel (default one)
3.6 => python36 python36-devel
3.7 => python37 python37-devel
This should help in situations where there are more
than one python available for given platform and
DevStack is asked to pick one by its full 3.x version
Change-Id: I49d86bc9193165e0a41e8e8720be37d81a4e7ee0
We have dropped the tempest-full from
Tempest gate and made this to run on py2
explicitly which is nothing but for stable gates.
- I75868d5c9b6630fe78958ff89e58a0aced09a6b3
This job is not supposed to run on ussuri onwards master
gate as everything will be python3-only.
Change-Id: I372bde6a1753884efaf15da5fab48f1bddb4dab5
We are hitting this error:
+ tools/fixup_stuff.sh:fixup_ubuntu:82 :
sudo rm -f /usr/lib/python3/dist-packages/httplib2-0.11.3.egg-info
rm: cannot remove
'/usr/lib/python3/dist-packages/httplib2-0.11.3.egg-info': Is a directory
This patch adds the -r option to allow removing folders.
Change-Id: Ib7bb8b0a3dcf747bcc06da1a2fb17fa9d8808484
When starting 'memory_peak' service is using python command instead of
python3, while psutil (required package) is most probably being
installed into the python3 environment (as we are dropping python2.7
support).
Closes-Bug: #1860753
Change-Id: Ia2b7e2e33d784560443131e2965f520b361a54e3
TEMPEST_BRANCH which is mostly set as master so
that Tempest master is run to test the env. With
stable branch going to EM state and Tempest master
might not work due to incompatibility of code or
requirements. In that case we pin the Tempest so that
older Tempest can be used for their testing.
Till now for ocata, pike and, queens we used the gerrit style
ref to pin the Tempest which is not preferred way. We should be
able to use the tag name on TEMPEST_BRANCH.
This commit explicitly checkout the tag set in TEMPEST_BRANCH
as git_clone does not checkout the tag directly until RECLONE
is true or tempest dir does not exist.
After this stable branch or job can set the tag directly with name.
For exmaple: TEMPEST_BRANCH=23.0.0.
Change-Id: Ic777e4b56c4932dde135ac909cb5c6f4a7d5cc78
Work on the new neutron scripts has stalled and they aren't in a useable
state yet. Given the ongoing decline in contributions, let us
acknowledge this and undeprecate the neutron-legacy scripts so that
people can continue to use them without feeling guilty about it.
Change-Id: I4bce19da861abf18ddb89d82fd312c5e49a4ee7c
The virt-preview repo provides the latest rawhide versions of QEMU,
Libvirt and other virt tools for older releases of Fedora. This repo is
extremely useful when testing features in OpenStack that rely on these
latest builds well in advance of them landing in full Fedora, CentOS or
RHEL releases.
This change adds a ``ENABLE_FEDORA_VIRT_PREVIEW_REPO`` configurable
to control when this repo is enabled and used when deploying on Fedora.
Change-Id: I5c3e1b7b632fd73310c462530990cdb0e0c0ceea
'tools/mlock_report.py' script requires 'psutil' package to be
installed. This ensures it is done before memory_peak service is
started.
Partial-Bug: #1860753
Change-Id: I7b2b6eaf9856c6057e1a4a0054d15074150a6cb6
The hack has be around for pip 1.4.1 and older. It should be safe to
remove it by now. In fact it causes problems in my Ubutu Bionic VM when
trying to overwrite httplib2 library installed from the distro package.
Change-Id: I34b826f4e8f10f8d44b888120f19fcc7ba501b3d
[1] stopped installing pip for py2 when py3 is being used.
This patch makes sure we check only for py3 pip then.
Also removed some no-longer-relevant comment and
made uninstall behave the same.
Check for pip>=6 removed too.
See also [2].
[1] 279a7589b0
[2] http://lists.openstack.org/pipermail/openstack-discuss/2020-January/012182.html
Change-Id: I36ee53e57e468d760b80a7e621b90899867a8efd
We dropped the ability to override USE_SYSTEMD to False when we deleted
screen support in [0], so we can also clean up any conditionals based
on it.
Also clean up the logging setup functions, dropping local vars for
parameters that we don't actually support anymore.
[0] I8c27182f60b0f5310b3a8bf5feb02beb7ffbb26a
Change-Id: I5cbce9f2c42e111761e8689447b3f8cbb7ea2eb5
The Sheepdog project has been defunct for awhile now, and the Sheepdog
driver and os-brick connector is now being removed from Cinder. This
cleans up plugin references for the driver.
Change-Id: Ieb2d9cf653b2d3a4af30cab26b8428a7c7edff98
Signed-off-by: Sean McGinnis <sean.mcginnis@gmail.com>
The proposal job to update the plugin list has been failing for a long
time as it gets a 500 error from gitea on the openstack/openstack
repo. This is an odd "superrepo" with all projects as submodules;
thus openstack/openstack/devstack is actually a project, not the
directory with a plugin in it.
Skip this repo (gitea shouldn't return a 500, but that's another
thing...)
Regenerate the list manually for this run.
Change-Id: I6ed65bcb720d4cb10702cbf66106120e001ec35f
Some distros do not install python3/python3-devel with the minimal
install. F29 doesn't install -devel, and neither Centos 7 or 8
install either. This patch ensures that these packages get installed.
Ideally, PYTHON3_VERSION would be set *after* ensuring that python3
was installed, but it gets a little tricky with all of the includes.
This sets it to 3.6 as nothing uses 3.5 anymore.
Change-Id: I7bdfc408b7c18273639ec26eade475856ac43593
Need to make PyYAML overridable on Ubuntu, it is a dependency for e.g.
cloud-init, so we cannot remove it.
Depends-On: https://review.opendev.org/703792
Change-Id: I4423dfb2c30299903b52a2bb06d846dd487f5b8b
nova-live-migration is legacy job and and rely on
devstack-gate + devstack setting so any change in devstack can
break it. Example bug: 1860021
We can remove this job once it is migrated to zuulv3 native.
Change-Id: Ie34d4dc1ab30ced8161796fe32628db07de86cc9
Related-bug: #1860021
In same cases, the hypervisor presents to the guest OS a named CPU model
is similar to the host CPU and adds extra features to approximate the
host model. However, this does not guarantee all features will be
precisely match.
This patch adds LIBVIRT_CPU_MODE to allow users to define the CPU mode
they want to use, for example "host-passthrough".
Change-Id: I83792c776b50d1d22584be2a37cc6a166f09c72b
This reverts commit d8dec362ba. This has
knock on effects for devstack-gate, which configures g-api on subnodes
node but not mysql, resulting in failures. A longer term fix would be to
either a) stop configuring g-api on subnodes if we can determine it's
not necessary or b) only configure the database if on the main node.
However, both options are subject to debate so for now just unclog the
gate.
Change-Id: I58baa3b6c63c648836ae8152c2d6d7ceff11a388
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Closes-bug: #1860021
This reverts commit d7dfcdb467. A
subsquent change that depends on this,
d8dec362ba, has knock on effects for
devstack-gate and needs to be reverted. Revert this first.
Change-Id: Ic5402f57052648e10eacf3c3de67d2cdd2d42f63
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Partial-bug: #1860021
Everything in OpenStack *must* be Python 3 supporting now, which means
it's time to remove the functionality that allows us to blacklist
packages that didn't support Python 3.
Change-Id: I7c8cf538ec88bd4056b0109f19671e3d65f5da3a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Since [1] Glance init depends on either g-api or g-reg being
enabled.
This broke multinode g-api deployments with singlenode database
backend.
This commit aligns Glance with other services w.r.t when to
apply database init.
[1] d8dec362ba
Change-Id: Idc07764d6ba3a828f19691f56c73cbe9179c2673
Closes-bug: #1860021
This has now been removed and even prior to removal defaulted to True.
Change-Id: I847a873d833a4dbee96afa1d2726fea2b8045eeb
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
This option has default to the 'NoopFirewallDriver' for some time and
will soon be removed. Stop configuring it entirely.
Change-Id: I4dbc0015cf26d7edf51d0d5fd978ccd3a1ad1b79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Currently VMs created by a previous DevStack run still exists even
after re-run stack.sh. This leads to a failure in launching a VM after
the second run of stack.sh. We need to check the reason of the failure
by nova compute log and clean up remaining VMs. It is annoying.
IIRC we cleaned up existing VMs. While I failed to identify which commit
changed this behavior, I believe it is worth recovering it.
This commit changes unstack.sh to call cleanup_nova. cleanup_cinder()
already cleans up LVM volumes and some of them may be used by VMs,
so I believe it is reasonable to clean up VMs in unstack.sh.
Change-Id: I9fcbc5105e443037fada1ef6a76a078145964256
This change removes the .gz extension from the
service and syslog logs exported via journalctl.
This change nolonger gzip compresses the exported
logs so that they can be rendered in the browser
directly when served from swift.
Change-Id: I4557a737cb13b9c2406056be08ab8a32ddd45162
This was added in 2012 with I89677fd54635e82b10ab674ddeb9ffb3f1a755f0,
but I can not see it being used anywhere currently.
It's use of virtualenv's has become problematic in a python2
deprecated world, but since it is not used, remove it to avoid further
confusion.
Change-Id: I65d44d24f449436ca6229928eee2c5a021793055
Just calling "virtualenv" makes a Python 2 based environment;
setuptools just dropped Python 2 support (as Python 2 reached EOL in
Jan 2020) so this has now become a breakage.
Although the Python 2 path won't work, use the abstracted command.
This should stop us having to revisit this for any future cleanups (or
switing to venv, etc).
Change-Id: I531e971b78491a9276753c0d86b04c4adbd224aa
In Train, the access rules API was introduced in keystone. This change
enables testing it in tempest.
Depends-on: https://review.opendev.org/699519
Change-Id: I2af21868cbf584a6881c6208bc2afc3bdb323ab9
lib/tempest uses 'tempest-account-generator'
which is deprecated 4 years back.
In addition to above, lib/tempest also uses
'os-tenant-name' which is also deprecated.
Use of 'tempest account-generator' and
'os-project-name' should be done now.
Signed-off by: Soniya Vyas<svyas@redhat.com>
Change-Id: I624e1dc57a3d3533322fb298c01f70241d0400ed
Tempest's service_availability config option includes all the service
availability which is further used by tests to take decision of skip
or run the test.
For example, [service_availability].nova is true then, compute test will run
or if [service_availability].aodh is false then, all aodh related tests either
in aodh tempest plugin or any other plugins will be skipped.
Now question is what is the best way to set the each service availability for
tempest or tempest plugins tests. We have 2 category of service here-
1. Service tested by Tempest (nova, cinder, keystone, glance, swift, neutron)
(let's say type1 service)
2. Services tested by Tempest plugins (all other than above list)
(let's say type2 service)
We need the standard way to set both type of service so that we can maintain
the setting of service_availability config options in consistent way.
As discussed on bug#1743688/ and review https://review.openstack.org/#/c/536723/,
we will use devstack lib/tempest to set the type1 service which is services test
owned by Tempest and type2 service setting will be done by devstack plugins of
those service.
For example - [service_availability].ironic will be set by ironic's devstack plugin.
because that is best place we know ironic is installed and available.
To do that we need:
1. Add setting of [service_availability].* in devstack plugins
2. Remove setting of type2 service from devstack lib/tempest
This commit does the second part and all depends-on patches handle the first part.
Related-Bug: #1743688
Change-Id: If3aec9fd1c61e2bb53233be437b97b811dc82414
This package provides dhcp_release tool but in files/debs/neutron-common
it was listed to be installed only on Ubuntu Precise.
The same file is also in Nova's packages but there is no restriction to
Ubuntu Precise only there.
So on all Neutron jobs it was fine but on Ironic's job where Nova
wasn't enabled, this package was not installed and caused problems
in Neutron DHCP agent.
Change-Id: Idd0711cfe6d43f21754a2f0c230cd094ea33cb27
Closes-Bug: #1855910
We've seen jobs where tests fail due to what appears to be rng
starvation. Enable virtio rng device to try and alleviate this.
Change-Id: I70d800cdc45b6008f775110f22c0000736421529
input() should work on both python versions for what we need. I
understand the concern about eval() on python2 but, in the case it's
used we should be fine, plus, python2 is being removed from OpenStack
projects.
Change-Id: I86a7c31374986f81132bc4f49aee0a76b90e6553
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This variable can be now set in Devstack's config file and in
such case Devstack will not set it automatically to value most
likely correct for the distro.
By default this value is empty string and in such case Devstack
will work in exactly same way as it was before this patch and
will determine automatically what name should be used there.
In addition in case of Ubuntu package $MYSQL_SERVICE_NAME-server
will be now installed instead of mysql-server always.
This will allow to easy configure e.g. CI job which will run using
Mariadb instead of Mysql on Ubuntu.
Change-Id: I25af0b54ad235b08c6c399b4125c737acf57ee2e
This will avoid the creation of an unneeded file in the "tempest"
repository directory.
TrivialFix
Change-Id: Id3f46b3537cd3232cb29c42808bde44c667565f1
With the goals of Ussuri being Python 3.6 [1], the python 3.5
environment on Xenial is too old. Remove testing and the most obvious
bits of support from devstack.
Also drop claimed support for artful, which is long EOL.
[1] https://governance.openstack.org/tc/reference/runtimes/ussuri.html
Change-Id: Iefcca99904dde76b34efbbfc0e04515dfa5a09e5
This reverts commit f99d1771ba.
Added workarounds that might want to get split into their own patch
before merging:
- Don't install python-psutil
- Don't run peakmem_tracker
Change-Id: If4fb16555e15082a4d97cffdf3cfa608a682997d
Since Stein, gate jobs have been using bionic nodes so they
are running with python 3.6, so it makes sense to also default
devstack itself to run with python3 by default.
Depends-On: https://review.opendev.org/688731
Change-Id: I52b03caee0ba700da3a15035201ea6cd91baa06b
We need to source the environment overrides before they get evaluated.
Otherwise e.g. USE_PYTHON3 is factually being ignored for some settings.
Also fix creating python3 venvs by using the "virtualenv" command for
that task.
Change-Id: I16c78a7fef80372d9a1684c3256c5b50b052ecae
This job is still running python 2.7. As we are dropping py2 support in
Ussuri cycle, lets drop this job now.
There is same job called "grenade-py3" which runs on python 3 already
and this will be now used in project's CI.
Depends-On: https://review.opendev.org/#/c/695036/
Change-Id: I5cd8e137a3ae06e49a4351629c5eb207c4e6bf1a
The centos7 job is running with python2, which is no longer supported by
nova, so we can drop it in master.
Change-Id: Id9ef507dd6f4226d65c6ed3043666b0aa6a3bd1c
With Glance defining default policies in code, it's no longer necessary
to install policy.json from the repo.
Change-Id: I9f9160f5a2bf9fd77fb3807e12de219b7a49952d
Depends-On: https://review.opendev.org/693129
In cases where global REQUIREMENTS_DIR is set, use it
instead of overwriting it. This is particularly needed
in cases where users of pip_install wrapper have the
upper-constraints.txt at another location.
Change-Id: I34e9f94548c575e1af5bca9655a3b7d1915375a8
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
Some distros no longer ship brctl, iproute2 should be used
in its place. The linuxbridge agent plugin script was still
using it, as was worlddump, which generates this warning on
a failure:
Running devstack worlddump.py
/bin/sh: 1: brctl: not found
Conditionalizing worlddump based on whether brctl is installed
to make this go away.
Change-Id: Iafbf4038bab08c261d45d117b12d4629ba32d65e
When configuring TLS between the console proxy (where the n-novnc
service runs) and the compute host, some configuration for QEMU needs
to be done on the compute host. The existing code for this requires the
n-novnc service to be running, which it is in a single node all-in-one
deployment. However, when running in a multinode deployment, the
n-novnc service runs only on the controller and not on the subnode.
Yet, we need to configure QEMU on the subnode compute host as well.
This removes the n-novnc service requirement to enable TLS QEMU
configuration to occur on a compute subnode in a multinode deployment.
Closes-Bug: #1849418
Change-Id: I8b6970e91ad7f52ff489cb9f776ca216d8f86aa4
Based on resolution [1], there's no clear indication that next
steps involve the removal of the DB from Devstack or from the gate.
[1] I332cef8ec4539520adcf37c6d2ea11488289fcfd
This reverts commit d9aaae95f2.
Change-Id: I8410d65c0e0b24035aa035fac7560a686d53ec50
This reverts commit 168ca7f0a4.
Removing postgresql support from devstack was unnecessary
since it's not broken and not causing maintenance issues
as far as I know. The commit being reverted said that pg
support was deprecated in Pike but nothing in the docs or
commit message refer to official deprecation of postgres
support in devstack or openstack in general. Not to mention
that there are still postgres-based jobs that will no
longer work *and* the notification to the mailing list about
doing this happened *after* it was already done [1] leaving
stakeholders with no time to reply.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-October/010196.html
Change-Id: Ie7036d37d79e6aba462b7c97f917e2e7aed108f9
This only applies to the LVM driver (when using
thick provisioning), and doesn't have any effect on
other backends like NFS, so only write the conf entry
for LVM.
Change-Id: I722ba2fa0010d9887ed9b7fdd9e050cd4694768e
The default permissions for the zuul home directory
are not the same in the various distributions.
As /home/zuul contains the sources, a 700 default may be
problematic when accessing those files, so make sure
that the executable permissions are set.
Closes-Bug: 1846251
Change-Id: Ic9769e56274d7205844b86d3b5200a6415e4acad
Since Queens [1] nova has been able to be configured with
cinder service user credentials for operating on cinder
resources without a user auth token similar to things nova
needs to do without a user auth token for working with neutron
and placement resources.
This change:
- centralizes the nova [cinder] section configuration
- adds the necessary auth configuration
Needed by: https://review.opendev.org/549130/
[1] I3c35bba43fee81baebe8261f546c1424ce3a3383
Change-Id: I5640ee431f6856853f6b00ec7ed1ea21d05117dd
The target branch was centralized in change
I82aa19e739eeda3721bac1cb5153ad0bf2d1125a but there
are two issues, pbr and diskimage-builder are using
TARGET_BRANCH which gets changed to stable/* for
each openstack stable branch that gets created for
devstack, e.g. I861068ae1a9902cef61c52c70dda7bb42f4371a0,
but pbr and diskimage-builder don't have stable branches
so they should be using BRANCHLESS_TARGET_BRANCH i.e. master.
Change-Id: I47ac7a7e194ca6d613d0ccaebfd557346644c2df
A 500 error from gitea can occasionally show up as a project dropping
their devstack plugin (I543faced83a685d48706d004ae49800abfb89dc5).
To avoid noise in the proposal jobs, implement a small retry loop for
500 errors.
Change-Id: Ide23e4de819a2c751d887eeaa7f0b9d0437f8e2c
All the OpenStack projects should be able to run under Python 3 now so
the fallback installation of the Python 2 libraries should not be
needed any longer. This also avoids the problem of script files
installed by the libraries sometimes being overwritten by the Python 2
version leading to incorrect execution later, as discussed in
http://lists.openstack.org/pipermail/openstack-discuss/2019-September/009226.html
This reverts commit a2eb89417f.
Change-Id: I1cdb7e4a209872f1620be556b7278879a4b86df5
This was deprecated for removal in Pike. It's probably time to drop it.
Note that the 'postgresql-devel'/'postgresql-server-dev-all' packages
are retained since some packages still include 'psycopg2' in their
general requirements.
Change-Id: I51e8354e99972757253ce259e6c03c91da24398c
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
* The restart loop for rabbitmq-server can trigger socket activation
of epmd without rabbitmq-server running. This can lead to 'systemctl
status' reporting 'State: degraded' with no simple way to reset to
'State: running'.
* It's important to note that this socket activation failure is benign
and is not an indicator of system failure.
Change-Id: Iede4f5ebeffb59644dee4a17b6331b3cdd04d146
Signed-off-by: Jan Gutter <jan.gutter@netronome.com>
The package has been renamed in order to avoid the namespace collision
with systemd, update our doc accordingly.
Change-Id: I1b9a434d9bb6a7d9dc38ef965017ed9f8773d595
Closes-Bug: 1825949
right now, there are duplicate titles under contents --> guides
as shown in https://docs.openstack.org/devstack/latest/, although
they will forward to different pages, it is still a little confusing
for users. This change will hide toctree in guides.rst and users could
click links in page to jump to detail page to read more.
Change-Id: I2f3abeca7f56a3aedeabb48630ed2c61635b93cd
... even when no other subject alt names provided
Previously, a non-voting job in barbican's gate would fail with something like
X509 V3 routines:X509V3_parse_list:invalid null name:v3_utl.c:319:
X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=DNS:pykmip-server,,IP:198.72.124.103
X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=DNS:pykmip-server,,IP:198.72.124.103
because we'd have an invalid empty string.
Change-Id: I5459b8976539924cd6cc6c1e681b6753a76b804c
The same code is already in place for the new lib/neutron library, allow
this functionality to be used also when the neutron legacy services are
still being deployed. This was mangled in [0].
[0] I868afeb065d80d8ccd57630b90658e330ab94251
Change-Id: I7214c4893943fbfbeb42ad140f433eecd6c3e9f0
DEFAULT_VOLUME_GROUP_NAME volume group is LVM ephemeral storage used by
Nova. It is created by init_nova() if user sets NOVA_BACKEND to "LVM".
However, init_cinder() is also hardcoded to create it, based on the
asumption that CINDER_ENABLED_BACKENDS includes it. That assumption
doesn't hold for the current code. What's more important, even if user
wants to use DEFAULT_VOLUME_GROUP_NAME as one of cinder backends and
adds it to CINDER_ENABLED_BACKENDS, the current code in init_cinder()
are general enough and should work fine. This change removes relevant
code in init_cinder(). It also moves DEFAULT_VOLUME_GROUP_NAME clean-up
code from unstack.sh to cleanup_nova().
Change-Id: I53762f8eda6256f962cc4e1f1098406879bbcf5c
VPNaaS agent is going to be an L3 agent extention.
Related-Bug: #1692128
Depends-On: I0b86c432e4b2210e5f2a73a7e3ba16d10467f0f2
Change-Id: Id827274b7c74cdf71db6d1f2ab3eadb5fef099f5
2017-10-17 12:59:27 +09:00
165 changed files with 5504 additions and 2450 deletions
# Ensure that the OVS commands are accessible in the PATH
export PATH=$OVS_BINDIR:$PATH
# Archive log files and create new
local log_archive_dir=$LOGDIR/archive
mkdir -p $log_archive_dir
for logfile in ovs-vswitchd.log ovn-northd.log ovn-controller.log ovn-controller-vtep.log ovs-vtep.log ovsdb-server.log ovsdb-server-nb.log ovsdb-server-sb.log; do
# create all of the directories needed to emulate a few different servers
@@ -738,7 +721,9 @@ function init_swift {
function install_swift {
git_clone $SWIFT_REPO $SWIFT_DIR $SWIFT_BRANCH
setup_develop $SWIFT_DIR
# keystonemiddleware needs to be installed via keystone extras as defined
# in setup.cfg, see bug #1909018 for more details.
setup_develop $SWIFT_DIR keystone
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
install_apache_wsgi
fi
@@ -862,12 +847,15 @@ function stop_swift {
function swift_configure_tempurls {
# note we are using swift credentials!
OS_USERNAME=swift \
OS_PASSWORD=$SERVICE_PASSWORD \
OS_USER_DOMAIN_NAME=$SERVICE_DOMAIN_NAME \
OS_PROJECT_NAME=$SERVICE_PROJECT_NAME \
OS_PROJECT_DOMAIN_NAME=$SERVICE_DOMAIN_NAME \
openstack object store account \
openstack --os-cloud "" \
--os-region-name $REGION_NAME \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username=swift \
--os-password=$SERVICE_PASSWORD \
--os-user-domain-name=$SERVICE_DOMAIN_NAME \
--os-project-name=$SERVICE_PROJECT_NAME \
--os-project-domain-name=$SERVICE_DOMAIN_NAME \
object store account \
set --property "Temp-URL-Key=$SWIFT_TEMPURL_KEY"
}
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.