pre-commit has been introduced to number of projects like oslo to run
lint checks such as hacking. The pre-commit config file does not affect
functionality, so devstack job is not needed when only the file is
updated.
Change-Id: I4294fe0c4df2c36c8575613b05a1f9c2eb745d18
The datetime.utcnow() is deprecated in Python 3.12.
Replace datetime.utcnow() with
datetime.now(datetime.timezone.utc).replace(tzinfo=None).
Change-Id: I9bf6f69d9e174d490bb4f3eaef3b364ddf97a954
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
smooney noted that using your DevStack host as a jump host is yet
another reasonable option. Add this option also.
Change-Id: I24887c254e131a8979653a7d17e64a708acf294a
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Detail how one can SSH into guests running on a remote DevStack host.
Change-Id: I9f988b1193d67859b129f05d08b32a23e50aee49
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is really easy win for people using DevStack for the first time.
Change-Id: I8de2d4d115d34e9d87dd461016b5b894d3f000e7
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
sphinxcontrib-nwdiag does not appear to be maintained anymore [1] and
there have been no releases in nearly 5 years. Statically generate the
images and include them this way. We can revert this change if the
maintainership issue resolves itself.
sphinxcontrib-blockdiag has had activity more recently [2], but it's
still been nearly 3 years. More importantly, we don't actually use it so
there's no reason to keep it around.
[1] https://pypi.org/project/sphinxcontrib-nwdiag/#history
[1] https://pypi.org/project/sphinxcontrib-blockdiag/#history
Change-Id: Ic5244c792acd01f8aec5ff626e53303c1738aa69
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is the latest cirros release, featuring an updated kernel and some
fixes and added features, let's use it.
[0] https://github.com/cirros-dev/cirros/releases/tag/0.6.3
Change-Id: I2506fa713e0426789fa40a5f4f7fd4e963a158f0
Do this the same way we do it for Nova, to make for easier review.
Change-Id: I31877705894a21570f130723e0a27ff38f945eea
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is optional. There's no need to include it.
Change-Id: I2e745865696dbb317f819ecb74f5b5df88a9ed76
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This was needed when 'block-storage' pointed to the v2 API. This is no
longer the case (and hasn't been for some time). This is unnecessary
duplication now.
Change-Id: I00cfb56d3e54d0162b1609f4bf58814e9000c103
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/tempest/+/930296
devstack-platform-ubuntu-noble was added in
Ie1f8ebc5db75d6913239c529ee923395a764e19c
and has been runnning for a little over 2 months
in that time
https://zuul.openstack.org/builds?job_name=devstack-platform-ubuntu-noble
the job has been pretty stable so its time to make
this voting in advance of it becoming required in the
2025.1 release.
Change-Id: Iffd6ccf9603117d6720931e260afa2da13c26ec4
... to resolve the following warning.
[WARNING] Deprecated '--debug' flag is set to true (use
'--log-level=debug' instead
Change-Id: Idb412cea64dfc42e3d1223b77f134804eeb7bd60
Glance is implementing new location APIs, for which, cinder needs
to pass service token to register a location in glance.
This is required in the case when glance is using cinder as a backend
and cinder tries to upload a volume in the optimized path.
We are adding a new option, ``CINDER_USE_SERVICE_TOKEN`` that will
configure the service user section in cinder.conf. By default, it
is set to False.
Change-Id: I0045539f1e31a6d26c4f31935c5ddfaaa7607a48
When glance is using cinder as a backend, we can use optimized
path for upload volume to image operation.
The config options image_upload_use_cinder_backend and
image_upload_use_internal_tenant are used to configure optimization
in the upload volume to image workflow where we create a cinder
volume in the internal service project and register the location
in glance.
Recently it was found that the glance location API workflow was
broken[1] for the upload volume case and it wasn't detected because we
are not testing it in our glance cinder job "cinder-for-glance-optimized".
This patch adds the config option to test the optimized path.
Note that the optimized upload functionality is only possible when glance
uses cinder as it's backend since it uses clone volume functionality to
clone the Image-Volume from the source volume.
[1] https://bugs.launchpad.net/glance/+bug/2054575
Change-Id: I521ed04696a5a545b2a2923cf8008bd64add7782
This is another occurrence of the issue fixed in bug
1786259 with change I30bf655f which occurs when there
are multiple IPv6 gateways present.
Before this change:
$ source openrc
+++++functions-common:get_default_host_ip:776 ip -f inet6 addr show 100
Device "100" does not exist.
This is because the ip route command returns:
default proto ra metric 100 expires 1497sec pref medium
nexthop via fe80::4e16:fc01:298c:98ed dev ens3 weight 1
nexthop via fe80::4e16:fc01:2983:88aa dev ens3 weight 1
Related-Bug: #1786259
Change-Id: I7729730df66a4dc7ee11df1d23b19b9c0794b575
This generates the test images in os-test-images and also configures
tempest to know where it is (and if image conversion is enabled in
glance).
Change-Id: Ib74002828a77838ab95d2322e92bdab68caac37c
The configuration variable can be checked in the Neutron configuration
during the post-config phase when the configuration files and sections
are merged together.
Closes-Bug: #2075342
Change-Id: Ic42463e2f72488a1b14ce49e4e435cb4a2c0c855
Relatively recently oslo.log 6.1.0 was released and contains change
I7966d4f4977b267f620946de4a5509f53b043652 which added an option to
enable color in logs which defaults to False. This caused a change in
behavior for DevStack such that viewing logs with journalctl no longer
showed different colors for different log levels, which can make
debugging more difficult when developing with DevStack.
This adds olso.log color configuration based on the existing $LOG_COLOR
DevStack variable for log color which defaults to True for interactive
invocations.
Change-Id: If10aada573eb4360e81585d4fb7e5d97f15bc52b
This can be fleshed out more in the future, including with information
about managing plugins, but this is a start.
Change-Id: I1094d093b704e37370e3e434ebf3697954e99da3
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The "neutron-rpc-server" is not a configurable service that can be
enabled or disabled. This service is a dependant process of the
"neutron-api-server" service that is spawned when the Neutron API
uses the WSGI module. The execution of this child service will depend
on:
* The Neutron API service when running with the WSGI module. If
the Neutron API uses the eventlet module, this service won't run
(the RPC workers will be spawned by the eventlet server).
* The "rpc_workers" configuration variable. If this variable is
explicitly set to "0", the server must not run.
Closes-Bug: #2073844
Related-Bug: #2073572
Change-Id: Ic019423ca033ded8609d82bb11841b975862ac14
When the Neutron WSGI module is used, an independent service called
"neutron-rpc-server" is configured and executed. However it will fail
if the number of RPC workers is configured to zero. In that case,
the configuration and execution of this service should be skipped.
If the service is explicitly disabled in the devstack configuration,
it won't be executed neither.
Closes-Bug: #2073572
Change-Id: Idd023a2a8f588152221f20a13ae24fbb7d1618a4
one observation we had in down stream ci is
sometimes the cirros 0.6.2 image appared to
crash when using 128MB of ram.
upstream we have been dealing with semi random
kernel panics which are losely corralated with
cinder volume usage.
Recently we optimisted the devstack jobs by using zswap
this has reduced memory pressure in the jobs.
This patch increase the ram allocated to a flavor
to see if we can afford that with the current conncurnace
level in an attempt to reduce kernel panics.
Two new parmaters are added to allow jobs or users
to set the desired ram size.
TEMPEST_FLAVOR_RAM=${TEMPEST_FLAVOR_RAM:-192}
TEMPEST_FLAVOR_ALT_RAM=${TEMPEST_FLAVOR_ALT_RAM:-256}
Change-Id: Ib6a2d5ab61a771d4f85bd2c2412052efadc77ac5
Each service should only be using that service's user account within its
configuration, in order to reduce the possible impact of credential
leaks. Start with nova, other services will follow.
Change-Id: I6b3fef5de05d5e0cc032b83a2ed834f1c997a048
This new service is spawned when using Neutron WSGI module. This new
service executes the OVN maintenance task that syncs the Neutron
database and the OVN database.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/922074
Related-Bug: #1912359
Change-Id: I495459cd9e35e2e76ba7fc9611a589e1685814f5
A config option is being added in nova with [1]
in order to allow configuring lower tb-cache size
for qemu guest VMs.
This patch adds a flag in devstack so jobs can
utilize it to set required tb-cache size.
[1] https://review.opendev.org/c/openstack/nova/+/868419
Co-Authored-By: Sean Mooney <work@seanmooney.info>
Related: blueprint libvirt-tb-cache-size
Change-Id: Ifde737eb5d87dfe860445097d1f2b0ce16b0de05
This commit enabeles a number of performance optimizations
to tune the host vms memory and io by leveraging zswap
and other kernel parmaters to minimize the effect of io
latency and memory pressure.
The openstack-cli-server has been enabled in the nova ci
for several months now and has proven to speed up devstack
signifcantly, while this change does not enable it by
default in devstack it does enable it by default in the ci
jobs.
simiarly the zswap and other tuning remain disabled by default
in devstack but are enabled by default in the devstack job.
This change limits the qemu tb_cache_size to 128MB form 1G,
this requires libvirt 8.0.0 or newer. as bullseye and
openeuler-22.03 do not meet that requirement they have been
removed. libvirt 8.0.0 will be the new min version supported
in nova in the 2025.1 release so the decions was made
to drop supprot for older release now instead of doing it
at the start of the 2025.1 cycle. debain coverage is still
provided by the newer bookworm relase. openeuler-22.03 has
been superseded by the openeuler-24.03 lts release.
openeuler-24.03 is not currnetly aviable in ci but supprot
could be readded if desired however that is out os scope of
this change.
Change-Id: Ib45ca08c7e3e833b14f7e6ec496ad2d2f7073f99
This change installs setuptools in the requirements
and global venv to ensure that distutils is present
This change also adds new single and two node
nodeset for noble and a devstack platform job as nonvoting.
Change-Id: Ie1f8ebc5db75d6913239c529ee923395a764e19c
This new service is spawned when using Neutron WSGI module. This new
service executes the plugin workers inside a wrapper executor class
called ``AllServicesNeutronWorker``. The workers are executed as
threads inside the process.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/922110
Related-Bug: #2069581
Change-Id: I6b76b7bcee1365c80f76231e0311406831f8ce41
Only branches with stable/ as prefix were considered
but now we have branches even with different
prefix like unmaintained/, fix it to consider
such cases by using a generic filter instead of
assuming branch name starts with stable.
Change-Id: I967de13094ff6df46737a22d4e1758f9900dfbc9
After patch [1] deploying neutron with uwsgi was not working correctly
due to the fact that there was different paths for the applications
set in the api-paste.ini file. Instead of default ones like:
/: neutronversions_composite
/healthcheck: healthcheck
/v2.0: neutronapi_v2_0
it was changing it to something like:
/networking/: neutronversions_composite
/networking/healthcheck: healthcheck
/networking/v2.0: neutronapi_v2_0
where 'networking' can be configured to something else.
This patch fixes deployment of neutron with uwsgi by not changing its
api-paste.ini file when NEUTRON_DEPLOY_MOD_WSGI=True.
[1] https://review.opendev.org/c/openstack/devstack/+/849145
Closes-bug: #2069418
Change-Id: I12b860d4d98442e2b5ac0c9fd854f1226633b518
This is no longer necessary and any users of this should be updated to
remove references.
Change-Id: Ice5083d8897376fd2ed6bd509419526e15baaf12
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
All clients - OSC included - use keystoneauth under the hood which
hasn't required this in a very long time. Stop setting it and remove the
warning.
We also remove references to 'NOVA_*' variables that haven't been a
thing since well before *I* started working on OpenStack 😅
Change-Id: I882081040215d8e32932ec5d03be34e467e4fbc2
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Currently, when enabling c-bak service, the backup tab will not
be shown on Horizon by default. This patch tells Horizon to
display backup dashboard when c-bak is enabled.
Closes-Bug: 2064496
Change-Id: I06295706e985bac58de2878c6d24c51f3267c205
Signed-off-by: MinhNLH2 <minh.nlh.work@gmail.com>
OpenStackClient has a significant amount of startup overhead, which
adds a non-trivial amount of time to each devstack run because it makes
a lot of OSC calls. This change uses the OSC service from [0] to run
a persistent process that handles openstack calls. This removes most
of the startup overhead and in my local testing removes about three
minutes per devstack run.
Currently this is implemented as an opt-in feature. There are likely a
lot of edge cases in projects that use a devstack plugin so turning it
on universally is going to require boiling the ocean. I think getting
this in and enabled for some of the major projects should give us a lot
of the benefit without the enormous effort of making it 100% compatible
across all of OpenStack.
Depends-On: https://review.opendev.org/c/openstack/nova/+/918689
Depends-On: https://review.opendev.org/c/openstack/ironic/+/918690
Change-Id: I28e6159944746abe2d320369249b87f1c4b9e24e
0: http://lists.openstack.org/pipermail/openstack-dev/2016-April/092546.html
Make it a little more obvious what the difference between the two helper
functions is.
Change-Id: I07ec34ecfcd2b7925485145c4b4bf68eda385a32
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We'd like to move from configuring uWSGI with '.wsgi' files to
configuring with module paths. Do this for all in-tree services and log
a deprecation warning for anyone still passing a path.
Note that since 'basepath foo' returns 'foo', this is effectively a
no-op for the services being converted here.
Change-Id: Ia1ad5ff160a9821ceab97ff1c24bc48cd4bf1d6f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
devstack doesn't do releases, so there should be no release notes,
either. Drop the one that was accidentally created to avoid confusion.
Change-Id: I75a295e50c36925a0137a5458444fb48bd5d9f8a
This is more likely how people will actually upload their images, but
it also prevents the "osc as a service" feature from working because
stdin isn't proxied (of course). So just convert our uses of "image
create" to use --file instead of stdin.
Change-Id: I7205eb0100ba7406650ed609cf517cba2c8d30aa
Running stack.sh on a python 3.12 system generates this
warning from worlddump.py:
DeprecationWarning: datetime.datetime.utcnow() is deprecated
Use datetime.now(timezone.utc) instead, which should be
backwards-compatible with older python versions.
TrivialFix
Change-Id: I11fe60f6b04842412045c6cb97f493f7fef66e1a
pbr's 'wsgi_scripts' entrypoint functionality is not long for this world
so we need to start working towards an alternative. We could start
packaging our own WSGI scripts in DevStack but using module paths seems
like a better option, particularly when it's supported by other WSGI
servers like gunicorn.
Currently only nova is migrated. We should switch additional projects as
they migrate and eventually remove the support for WSGI scripts
entirely.
Change-Id: I057dc635c01e54740ee04dfe7b39ef83db5dc180
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/nova/+/902687/
The variable should be in quotes for the check to work
Testing the behavior in bash:
current behavior:
$ config_file=""
$ if [ -n ${config_file} ]; then echo a; fi
a
$ config_file="abc"
$ if [ -n ${config_file} ]; then echo a; fi
a
behavior with quotes:
$ config_file=""
$ if [ -n "$config_file" ]; then echo a; fi
$ config_file="abc"
$ if [ -n "$config_file" ]; then echo a; fi
a
Change-Id: Iba956d9d4f43b925848174a632aabe58999be74b
This patch removes a couple of tempest.conf settings that are being
overwrriten when Keystone is set to enforce scope.
These settings are already being set by the keystone devstack plugin [1]
and do not need to be overwritten here.
Keystone is changing the default admin credentials to be project-admin
instead of system-admin to address some failing tests in services that
require project-scoped admin for their admin APIs. [2] These overrides
are preventing that change from taking effect.
[1] https://opendev.org/openstack/keystone/src/branch/stable/2024.1/devstack/lib/scope.sh#L24-L25
[2] https://review.opendev.org/c/openstack/keystone/+/913999
Change-Id: I48edbcbaa993f2d1f35160c415986d21a15a4999
Updated clean.sh to remove Glance's Apache uWSGI config files in
APACHE_CONF_DIR, including /etc/apache2/sites-enabled/ on Ubuntu.
Test Plan:
- Run clean.sh.
- Confirm Glance uWSGI configs are removed from APACHE_CONF_DIR.
Closes-Bug: #2057999
Change-Id: I44475b8e084c4b20d7b7cb7f28574f797dbda7a2
The ubuntu-xenial labels are going to disappear from opendev as that
image is EOL and will we deleted. Clean up our zuul config.
Update some example reference as well.
Change-Id: Id04110f7c871caa1739ff2b62e9796be4fb9aa00
In the _setup_package_with_constraints_edit name of the package was
always discovered from the setup.cfg file. But as some projects
implements PEP-621 (see [1] for the SQLAlchemy for example) it is not
enough now.
This patch adds parsing pyproject.toml file also if name is not found in
the setup.cfg file.
[1] https://github.com/sqlalchemy/sqlalchemy/commit/a8dbf8763a8fa2ca53cc01033f06681a421bf60b
Closes-Bug: #2052509
Change-Id: Iee9262079d09a8bd22cd05a8f17950a41a0d1f9d
Making newly introduced `centralized_db` driver as default cache
driver for glance so that it can be tested in available CI jobs.
New cache driver `centralized_db` needs `worker_self_reference_url`
in glance-api.conf file otherwise glance api service will fail to
start.
Related blueprint centralized-cache-db
Depends-On: https://review.opendev.org/c/openstack/glance/+/899871
Change-Id: I75267988b1c80ac9daa5843ce8462bbac49ffe27
The bashate tool has been very stable for a while and we rarely expect
changes which may break existing scripts.
This removes the current capping to avoid updating the upper limit when
when a new release is created in bashate.
Change-Id: Iae94811aebf58b491d6b2b2773db88ac50fdd737
zswap should only be enabled if ENABLE_ZSWAP is true.
The if condition was checking ENABLE_KSMTUNED.
That is now fixed.
Change-Id: I76ba139de69fb1710bcb96cc9f638260463e2032
This change add a new lib/host-mem file and moves the existing
ksm support to a new configure_ksm function.
Additional support for ksmtuned is added with a new flag
"ENABLE_KSMTUNED" which defaults to true.
This change also adds support for zswap. zswap is disabled
by default. When enabled on ubuntu lz4 will
be used as the default compressor and z3fold as the zpool.
On non debian distros the compressor and zpool are not set.
The default values should result in very low overhead although
the zstd compressor may provide better overall performance in ci
or with slow io due to the higher compression ratio.
Additionally memory and network sysctl tunings are optionally applied
to defer writes, prefer swapping and optimise tcp connection
startup and keepalive. The sysctl tunings are disabled by default
The base devstack job has been modifed to enable zram and sysctl
tuning.
Both ksm and zswap are wrapped by a tune_host function
which is now called very early in devstack to ensure
they are configured before any memory/network intensive
operations are executed.
The ci jobs do not enable this functionality by default.
To use this functionaltiy define
ENABLE_SYSCTL_MEM_TUNING: true
ENABLE_SYSCTL_NET_TUNING: true
ENABLE_ZSWAP: true
in the devstack_localrc section of the job vars.
Change-Id: Ia5202d5a9903492a4c18b50ea8d12bd91cc9f135
The Neutron OVN agent is a service that could run in any node. The
functionality will depend on the extensions configured. This new
agent is meant to be the replacement for the Neutron OVN metadata
agent once the "metadata" extension is implemented in this service
[1].
[1]https://review.opendev.org/c/openstack/neutron/+/898238
Related-Bug: #2017871
Change-Id: I8f82f0047e89aac122a67f59db84f03e1a6bf519
This preserved `ADITIONAL_VENV_PACKAGES` as an input for backwards
compatiblity, but takes `ADDITIONAL_VENV_PACKAGES` with priority.
Fixes spelling in comment.
Related-Bug: #2046936
Change-Id: I84151d8f71b12da134e8fb9dbf3ae30f2a171fe2
Looking at the recent failures in the tempest-integrated-compute
job, the reimage operation seems to be taking longer than our
expected time of 60 seconds (which was increased because of a similar
failure in the past, default is 20 seconds).
The main culprit for this failure is the image conversion from qcow2
to raw which is taking ~159 seconds.
Dec 05 13:29:59.709129 np0035951188 cinder-volume[77000]: DEBUG oslo_concurrency.processutils [req-5113eccb-05ba-486a-8130-a58898c8ad35 req-0edf972a-109a-465f-a771-ceb87ecbda3e tempest-ServerActionsV293TestJSON-1780705112 None] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf qemu-img convert -O raw -t none -f qcow2 /opt/stack/data/cinder/conversion/image_download_dbe01f18-1c90-4536-a09a-b49f0811c7a0_copod3cm /dev/mapper/stack--volumes--lvmdriver--1-volume--073a98e8--3c89--4734--9ae5--59af25f8914a" returned: 0 in 159.272s {{(pid=77000) execute /opt/stack/data/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422}}
The recent run took ~165 seconds on the cinder side but it failed
early since the nova operation timed out in 60 seconds hence
deleting the volume.
To be on the safer side, 180 seconds seems to be a sane time for
the operation to complete which this patch configures.
Closes-Bug: 2046252
Change-Id: I8a9628216038f6d363cab5dd8177274c9cfc17c2
Downloading an image can fail due to network issues, so let's
retry 5 times before giving up. We have seen issues in CI due
to network issues as described below and in the Related-Bug:-
Often times fetching Fedora image in FIPS jobs fails due to
"GnuTLS: One of the involved algorithms has insufficient security level."
This occurs when request to pull image is redirected to a mirror that's
incompatible with FIPS enabled system.
Making multiple attempts to download images could provide better chance of
pulling images from different mirrors and avoid failure of the job.
This will also save a few rechecks.
Related-Bug: #2045725
Change-Id: I7163aea4d121cb27620e4f2a083a543abfc286bf
Added new devstack variable `GLANCE_CACHE_DRIVER` default
to `sqlite` to set the cache driver for glance service.
Related blueprint centralized-cache-db
Change-Id: I76d064590356e2d65bfc6a3f57d1bdaeeb83a74a
This reverts commit 67630d4c52.
Reason for revert: Seeing random failures across jobs as sometimes
'keyring_pass.cfg' gets duplicated keys and that makes executions
of any openstackclient command to fail until the file is removed.
This should be handled before re enabling the token caching again.
Change-Id: I3d2fe53a2e7552ac6304c30aa2fe5be33d77df53
Related-Bug: #2042943
Originally we only had the openeuler jobs there, but the other platforms
could also do with some regular testing.
Change-Id: I93526a4c592d85acd4debf72eb59e306ab8e6382
openEuler 22.03 LTS support was removed from devstack in last
few months due to its libvirt version is too old and the CI job
always fail.
This Patch add a yum repository for libvirt7.2.0, and add the
related CI job to make sure its works well.
Change-Id: Ic507f165cfa117451283360854c4776a968bbb10
currently id you run devstack with the dbcounter service enabled
the created subdirs show up in git status
this change justs add them to .gitgnore
Change-Id: Iee48eb4e12ac22734c8a2c1dcbe0b92a0a387eaa
SDK uses python keyring library to enable token caching. Normally this
is requiring a proper desktop (interactive) session, but there are some
backend plugins working in non-interactive mode. Store cache in an
unencrypted file on FS (this is not worse than storing passwords in
plaintext).
Change-Id: I42d698f15db5918443073fff8f27b926126d1d0f
Neutron bobcat release has enabled the RBAC new defaults
by default. With the latest release of Neutron have new
defaults enable, we should configure the same by default in
devstack. This change make NEUTRON_ENFORCE_SCOPE flag to
True by default so that every job will run with Neutron
new defaults.
As old defaults are still supported (in deprecated way),
we will keep this flag so that we can have one job disable
it and test the old defaults.
Change-Id: I3361d33885b2e3af7cad0141f9b799b2723ee8a1
... so that we can use PyMemcacheCache backend. The MemcachedCache
backend, which has been used previously, has been removed in recent
Django, and we are switching the default backend in [1].
[1] https://review.opendev.org/c/openstack/horizon/+/891828
Change-Id: Ie1da8970628e34c41721198cdada8c7bb3b26ec0
Developers that need to stack and re-stack non-AIO compute-only
environments will want to be able to keep the compute node uuid the
same across runs. This mimics the behavior of a deployment tool that
pre-creates the uuids, so it matches pretty well. Default to the
current behavior of create-on-start, but allow forcing it ahead of
time to something specific.
Change-Id: Icab0b783e2233cad9a93c04758a5bccac0832203
Neutron has deprecated linuxbridge support and is only doing reduced
testing for the neutron-linuxbridge-tempest job, so we need no longer
run it in devstack, even less gate on it.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie1a8f978efe7fc9b037cf6a6b70b67d539d76fd6
The depends-on patch adds a new backup_driver option to tempest.
The goal of this change is to be able to do a proper cleanup of
containers when swift is used as a backup driver.
Thich change makes sure that the new option is properly set to
"swift" when Swift is used as the driver.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/896011/13
Change-Id: I76e7fd712ee352051f8aa2f2912a29abad9ad017
This makes the glance-api-remote setup honor the GLOBAL_VENV flag,
and not pass the --venv stuff to uwsgi if it is disabled. This should
fix the glance-multistore-cinder-import-fips job.
Change-Id: I2005da5ced027d273e1f25f47b644fecafffc6c1
local.sh, if present, will be executed at the end of stack.sh. The
sample file here is meant to be copied to devstack root if desired.
Unfortunately, due to Change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
changing to use OS_CLOUD in stack.sh, sourcing openrc here will cause
both OS_CLOUD and traditional OS_* env vars to be set, which causes a
conflict.
Change-Id: Id80b46acab7d600ad7394ab5bc1984304825a672
It has been very stable for some time and it is going to be a major
platform for the next cycle.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Id2df9514b41eda0798179157282a8486b1e9ae23
The openeuler job running version 22.03 fails due to old libvirt.
Nova requires version 7.0.0 or greater.
Related-Bug: #2035224
Change-Id: I4ad6151c3d8555de059c9228253d287aecf9f953
In order for Ironic perform full testing with devstack, it uses
virtual machines attached to a ovs bridge network to simulate
bare metal machines. This worked great for OVS because often
OVS was already running on the nodes due to the package, and
we could just apply configuration and be done with it when
Ironic's devstack plugin was applying initial configuration and
setting up the test environment.
With OVN, and the requirement of a specific co-installed OVS
version, Ironic has discovered that we cannot perform this same
configuration without having already started OVN during the
initial system setup. Which is fine, but we can't initialize
and start OVN twice. It just doesn't work.
The original form of this patch was proposed by lucasgnomes
in order to validate that we, did, indeed, need to do this
to enable Ironic to successfully test an OVN based
configuration, and is now being revised to handle that case
automatically when Ironic is the selected virt plugin.
Co-Authored-By: Julia Kreger <juliaashleykreger@gmail.com>
Change-Id: Ifbfdaaa97fdbe75ede49dc47235e92a8035d1de6
Add's the OVN_BRIDGE_MAPPINGS variable to ovn_agent.
Uses the same format as OVS_BRIDGE_MAPPINGS, it defaults
to "$PYSICAL_NETWORK:$PUBLIC_BRIDGE".
This enables use of providernet for public network and
setting up additional bridges, for example a for baremetal.
Example:
Q_USE_PROVIDER_NETWORKING="True"
OVS_PHYSICAL_BRIDGE="brbm"
PHYSICAL_NETWORK="mynetwork"
PUBLIC_PHYSICAL_NETWORK="public"
PUBLIC_BRIDGE="br-ex"
OVN_BRIDGE_MAPPINGS="public:br-ex,mynetwork:brbm"
Change-Id: I37317251bbe95d64de06d6232c2d472a98c0ee4d
This was dropped in tempest, too[0], and we want to focus on getting and
keeping the jammy job stable.
Still retaining the nodeset definitions until we are sure they are not
needed in other projects.
[0] https://review.opendev.org/c/openstack/tempest/+/884952
Change-Id: Iafb5a939a650b763935d8b7ce7069ac4c6d9a95b
This was missed as part of [1], neutron sets
exec_dirs in rootwrap.conf differently so that
also needs to be fixed.
Without it neutron openvswitch jobs relying on
neutron-keepalived-state-change scripts were
failing when deployed with GLOBAL_VENV=True as
binaries no longer found at /usr/local/bin.
[1] https://review.opendev.org/c/openstack/devstack/+/558930
Closes-Bug: #2031415
Change-Id: I9aa56bff02594f253381ffe47a70949079f4c240
As far as I could tell, the global_filter config added in change
I5d5c48e188cbb9b4208096736807f082bce524e8 wasn't actually making it
into the lvm.conf. Given the volume (or rather LVM volume) related
issues we've been seeing in the gate recently, we can give this a try
to see if the global_filter setting has any positive effect.
This also adds the contents of /etc/lvm/* to the logs collected by the
jobs, so that we can see the LVM config.
Change-Id: I2b39acd352669231d16b5cb2e151f290648355c0
The base systemd unit file setup now writes an Environment= line to
the file for the venv. The glance-remote code was setting that to
point at the alternate config location, using iniset which was
clobbering the venv one. Switch to iniadd to fix.
Also, we need to explicitly put the --venv flag into the command since
we write our unit file ourselves. This probably needs a cleanup at
this point, but since the glance gate is blocked, do this for now.
Change-Id: I2bd33de45c41b18ed7d4270a7301b1e322134987
As a temporary workaround, let's set the GLOBAL_VENV to false
specifically for centos 9 stream and rocky distros where we
encountered issues after changing the default value
of GLOBAL_VENV to True in Devstack:
https://review.opendev.org/c/openstack/devstack/+/558930
Related-Bug: #2031639
Change-Id: I708b5a81c32b0bd650dcd63a51e16346863a6fc0
* etcd 3.3 is no longer maintained.
* etcd 3.4 removes deprecated interfaces, and clients may
need updated configs.
* The cinder backend coordination URL needs to explicitly
specify the version, until tooz can be updated
https://review.opendev.org/c/openstack/tooz/+/891355
* etcd only supports in-place upgrades between minor
versions, so any jobs testing upgrades could fail if
they skip from 3.2 directly to 3.4
Change-Id: Ifcecdffa17a3a2b1075aa503978c44545c4a2a3c
This reverts commit 113689ee46.
Reason for revert: systemd-252-17.el9 which includes the fix is now available in CentOS 9-stream repos.
Change-Id: I6fe19838a75a30fd5d2434c03b7f403f1c7e4b50
While the patch where this was first introduced and set to 120 [1] is
sensible for the vast majority of jobs, it's conceivable that some
jobs might want a different value.
Specifically, the whitebox-tempest-plugin changes configurations and
restarts Nova services, and to do so it waits for the service status
to update in the API before continuing with the tests. With the report
interval set to 120 and the down time threshold set to 720, the
service would continue showing 'up' in the API long after it was
actually down, causing the wait to time out.
Whitebox is a low-traffic project with only a couple of devstack jobs
that run tempest tests sequentially (concurrency=1). Its CI is also
pretty stable. It seems legitimate for it to keep the old default
values of report_interval and service_down_time.
This patch keeps the 120 default for NOVA_SERVICE_REPORT_INTERVAL, but
makes it configurable by individual jobs. Since the original patch
also introduced CINDER_SERVICE_REPORT_INTERVAL as a constant, make
that configurable as well.
[1] https://review.opendev.org/c/openstack/devstack/+/890439
Needed-by: https://review.opendev.org/c/openstack/whitebox-tempest-plugin/+/891612
Change-Id: I64fa2059537ea072a38fb4900d3c7d2d8f0ce429
glance and rally binaries are also needed.
Also make sure the cinder-rtstool is only called when cinder is actually
enabled.
Change-Id: I18113eabf2fa83e36bace276883775303f6a1e9a
This is being used in some nova jobs, so we need to add it. Also order
the list of linked binaries to allow easier maintenance.
Change-Id: Ief012f7842d6e14380c9575740d1856bc1f2355e
I have seen this failure in the gate a few times:
[ERROR] /opt/stack/devstack/functions-common:2334 Neutron did not start
/opt/stack/devstack/functions-common: line 310:
/opt/stack/logs/error.log: Permission denied
So whatever was trying to be written to error.log never
happened. Change to be like other directories in this
file and make the $LOGDIR owner stack.stack.
Change-Id: I673011aba10c8d03234100503ccc5876e75baff2
RDO has moved rdo-release packages to a new infra which supports EMS so
we do not need to wget it and install it using local rpm install.
This partially reverts [1].
[1] https://review.opendev.org/c/openstack/devstack/+/884277/
Change-Id: I189d0c3da0e7b017e2568022c14e6c8fb28251f1
This will cause apache to no longer wait forever for a connection
pool member to become available before returning 503 to the client.
This may help us determine if some of the timeouts we see when
talking to the services come from an overloaded apache.
Change-Id: Ibc19fc9a53e2330f9aca45f5a10a59c576cb22e6
Heavily-loaded workers in CI consistently fail to complete the
service checkin task, which is configured for every ten seconds in
nova and cinder. This generates additional load on the database server
as well as consumes a threadpool worker. If we're not making the
deadline, there's really no point in having it be so high. Further,
since the workers must remain up for all the tempest tests we're
running against them, there's really no benefit to a fast-fail
detection.
This sets the report_interval to 120s for nova and cinder, and sets
service_down_time to 6x that value, which is consistent with the
default scale.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/890448
Change-Id: Idd7aa1daf354256b143a3778f161cfc72b318ea5
systemd-252-16.el9 introduced a regression
where libvirtd process exits after 120s of
inactivity.
Add a workaround to unset 120s timeout for
libvirtd, the workaround can be removed once
the fix is available in systemd rpm.
Related-Bug: #2029335
Change-Id: Id6db6c17518b54d5fef7c381c509066a569aff6d
Since we are python3 only for openstack we create a single python3
virtualenv to install all the packages into. This gives us the benefits
of installing into a virtualenv while still ensuring coinstallability.
This is a major change and will likely break many things.
There are several reasons for this. The change that started this effort
was pip stopped uninstalling packages which used distutils to generate
their package installation. Many distro packages do this which meant
that pip installed packages and distro packages could not coexist in the
global install space. More recently git has made pip installing repos as
root more difficult due to file ownership concerns.
Currently the switch to the global venv is optional, but if we go down
this path we should very quickly remove the old global installation
method as it has only caused us problems.
Major hurdles we have to get over are convincing rootwrap to trust
binaries in the virtualenvs (so you'll notice we update rootwrap
configs).
Some distros still have issues, keep them using the old setup for now.
Depends-On: https://review.opendev.org/c/openstack/grenade/+/880266
Co-Authored-By: Dr. Jens Harbott <frickler@offenerstapel.de>
Change-Id: If9bc7ba45522189d03f19b86cb681bb150ee2f25
It was made voting some time ago, but we missed also running it in gate.
With that RHEL platform test in place, we can keep c9s permanently
non-voting, which is better suited to match its instability.
Change-Id: I6712ac6dc64e4fe2203b2a5f6a381f6d2150ba0f
This relaxes the limits for dbcounter to make it flush stats to the
database less often. Currently every thirty seconds or 100 hits, we
write a stats line to the database. In some services (like keystone)
this can trigger more than one write per second because of the
massive number of SELECT calls that service makes.
This removes the hit limit and decreases the mandatory flush interval
to once a minute. Hopefully this will manifest as lower load on the
database triggered by what would be readonly operations.
Change-Id: I43a58532c0541075a2d36408abc50a41f7994bda
This patch: https://review.opendev.org/c/openstack/devstack/+/882299
provides functionality, that commit hash can be passed as last arugment,
however when GIT_DEPTH is set, it fails, as in:
timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git ./ovn
--depth 1 --branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
fatal: Remote branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
not found in upstream origin
Closes-Bug: #2023020
Change-Id: I748354964a133e028e12458cc9014d6d014cbdb9
When there is only a single image, configure_tempest()
needs to always set image_uuid_alt the same as image_uuid,
else it will fail trying to determine the size of the
flavor to use for it later in the function.
Introduced by [0], and subsequent change did not fix it.
[0] https://review.opendev.org/c/openstack/devstack/+/886795
Change-Id: Ibfe99ff732570dbd415772c5625f43e35b68c871
Related-bug: #2028123
[1] caused a regression causing failures when
more than 1 images are setup. Fixing it by correctly
using the array variable. Also add a break in the
for loop once if condition is met.
[1] https://review.opendev.org/c/openstack/devstack/+/886795
Closes-Bug: #2028123
Change-Id: I4f13c1239312bbcca8c65e875d65d03702161c18
This increases the timeout we use to wait for cinder to perform a
volume reimage. Since devstack is often running on a single machine
with non-production IO performance, we should bump this limit to avoid
hitting it before the rebuild completes.
Change-Id: Ie2663b951acb0c1a65597a39e032948764e6ae6a
In current logic to set two different image in Tempest in config
option image_ref and image_ref_alt, we consider if DEFAULT_IMAGE_NAME
is found in glance then set the same image in tempest for those
two config option. This means even we have two different image available
in glance, still we set same image in image_ref as well as image_ref_alt
and all the rebuild tests are rebuilt on the same image.
I could not find any reason why we set same image if DEFAULT_IMAGE_NAME
exist, below are the original change added this logic
- https://review.opendev.org/c/openstack/devstack/+/17553
We had a requirement of test to run on two different images
- https://review.opendev.org/c/openstack/tempest/+/831018
and for that we need to set DEFAULT_IMAGE_NAME to non exist image
name but that broke the Ironic which was reply on the valid name
in DEFAULT_IMAGE_NAME
- https://review.opendev.org/c/openstack/ironic/+/886790
As we do not have any reason not to set two different image
if DEFAULT_IMAGE_NAME is set, I am removing the condition of
DEFAULT_IMAGE_NAME from lib/tempest logic and always set two
different images if they are available.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/886796
Change-Id: I9d215f48d4440f2fa6dcc0d222a10896caf01215
To facilitate that this change removes it form the default filter
list. By default nova has used placement for AZs so this filter
has not been requried since xena.
Change-Id: Ie5e216dd8c2a7ecf43cc6954ec4f73d4d67b5b3b
Default for systemd TimeoutStopSec is 90 seconds
and that is same for default graceful shutdown of
uwsgi service(WORKER_TIMEOUT).
Due to the Related-Bug graceful stop attempt
fails and there is no room for force shutdown.
This patch reduces default for WORKER_TIMEOUT by
10 seconds so there is a buffer to force stop the
service.
Closes-Bug: #2020643
Related-Bug: #2015065
Change-Id: I6aacac94f9697088338b3d2f99d8eaa22c2be67b
Cirros has made a new release, including a newer kernel that should fix
some issues when using nested virtualization.
Related-Bug: 2023559
Change-Id: I63469371b13801094a3ee1baae6e343999fbefa5
Fedora 36 is EOL, also opendev is dropping support for Fedora images
completely since interest in running jobs on that platform is no longer
existing. CentOS 9 Stream has evolved as replacement platform for new
features.
Only drop the Zuul configuration and the tag in stack.sh for now plus
update some docs. Cleanup of the deployment code will be done in a
second step.
Change-Id: Ica483fde27346e3939b5fc0d7e0a6dfeae0e8d1e
On Debian-based distros, the 'coredumpctl' command is
provided by the systemd-coredump package, which is not
installed by default. On failure, when "post" commands
are executed this error is seen:
controller | /bin/bash: line 1: coredumpctl: command not found
Install it along with other libvirt packages to avoid
the error.
On Fedora distros it is in the systemd package, so the
problem is not seen since it is always installed.
Change-Id: I6012bd3240d68736a5db8ae49dc32098a086f320
Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.
In order to install the rdo-release rpm from repo.fedoraproject.org,
which does not support EMS, I'm using a workaround to wget, which works
with non-EMS servers because it uses gnutls instead of openssl, and
install it locally with rpm.
This is also consistent to CentOS 8 implementatioin.
Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
The distutils package is deprecated and slated for removal in
Python 3.12. Let's use shutil.which which is also recomended
by PEP 632: https://peps.python.org/pep-0632/#migration-advice
Closes-Bug: #2009229
Change-Id: Ibb2a9731449e765c4a56952a9f02679e9618778b
We have lots of evidence that this is a net benefit, so enable it
by default instead of everyone having to opt-in.
Change-Id: I66fa1799ff5177c3667630a89e15c072a8bf975a
This reverts commit 37d11d00e5.
Reason for revert: reverting this revert as the issue caused by the original patch (before the first revert) is fixed by:
https://review.opendev.org/c/openstack/devstack/+/881504
Therefore we can proceed with the cirros version bump.
Change-Id: I43e2b04a0142c19fb1a79da5a33cc444149e18f1
This change allows us to bump the default cirros version
in devstack. Since cirros version 0.6.0 dhcpcd is the default
dhcp client. The older cirros images used udhcpc client (the only
available client at that time) which is also the default client
in Tempest.
This patch makes devstack configure dhcpcd client in tempest.conf
if cirros >= 0.6.0 is going to be used in scenario tests.
The commit also introduces a new SCENARIO_IMAGE_TYPE option.
It is now a trigger for cirros specific settings, later it might
be used for any other image's settings.
Closes-Bug: #2007973
Change-Id: I2738c3b1d302c6656ce2c209671ea954fbc1b05b
Glance antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/glance/+/872522
With the latest release of Glance have new defaults enable,
we should test the same by default in devstack. This change
make GLANCE_ENFORCE_SCOPE flag to True by default so that every
job will run with Glance new defaults.
As old defaults are still supported (in deprecated way), we will keep
GLANCE_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/883701
Change-Id: Idde6f3cb766597575ca822f21b4bb3a465e5e753
Nova antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/nova/+/866218
With the latest release of Nova have new defaults enable,
we should test the same by default in devstack. This change
make NOVA_ENFORCE_SCOPE flag to True by default so that every
job will run with Nova new defaults.
As old defaults are still supported (in deprecated way), we will keep
NOVA_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.
Change-Id: Id56819f03c19a5b7fe30adf799ecd3b8aeb67695
The neutron-debug command was deprecated and finally removed,
so tools/ping_neutron.sh can no longer rely on it to create
a probe namespace. Instead, just try and use any namespace
with the network ID in it, since it's either the DHCP (ML2/OVS)
or Metadata (OVN) namespace, which should work just as well.
As this code is rarely (never?) used, this best-effort attempt
is good enough.
Change-Id: I98c992a2a774ef1fb22cee2e90ee342ab2d537ac
Depends-on: https://review.opendev.org/c/openstack/neutron/+/883081
git_clone assumes a branch or a tag is passed as the last argument, and
it fails when a commit hash is passed, as in:
timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git
/opt/stack/ovn --branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0
Cloning into '/opt/stack/ovn'...
fatal: Remote branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0 not found
in upstream origin
Change-Id: Id1328d7cba418fa7c227ae9db4fe83c09fd06035
devstack-base is changed to descend from
openstack-multinode-fips which is defined in
project-config.
This allows jobs to execute the enable_fips playbook
to enable FIPS mode on the node, but only if they
opt-in by setting enable_fips to True. Otherwise,
this is a no-op.
Change-Id: I5631281662dbd18056ffba291290ed0978ab937e
Irrespective of build_modules is True
or False reload ovs modules always.
If ovs is installed from package before(like
with multi-node-bridge role), then installing
ovs from source requires openvswitch kernel
module to be reloaded.
The issue was not seen before jammy as there
module was reloaded when build_modules was set
to True.
Closes-Bug: #2015364
Change-Id: I1785b49b2ef72ca1f817f504d5ea56021410c052
This change enables httpd in systemd so that it
starts after a reboot and updates how selinux is
disabled to use /etc/selinux/config in addtion
to setenforce.
Change-Id: I5ea8693c0b967937483bd921b1d9984ea14bc723
Creating multiattach volume is a non-admin operation but creating
multiattach volume type is an admin operation.
Previously cinder allowed creating multiattach volumes without a
volume type but that support is being removed with[1].
The change requires updating tempest tests[2] but some tempest
tests are non-admin, which require admin priviledges to create the
multiattach volume type.
Based on the last discussion with tempest team[3], the proposed
solution is to create a multiattach volume type in devstack,
if ENABLE_VOLUME_MULTIATTACH is True, and use it in tempest
tests. Similar to how admins create multiattach volume types
for non-admin users.
This patch creates a multiattach volume type if
ENABLE_VOLUME_MULTIATTACH is True. Also we set the multiattach
type name as a tempest config option 'volume_type_multiattach'.
[1] https://review.opendev.org/c/openstack/cinder/+/874865
[2] https://review.opendev.org/c/openstack/tempest/+/875372
[3] https://meetings.opendev.org/irclogs/%23openstack-cinder/%23openstack-cinder.2023-03-13.log.html#t2023-03-13T18:47:56
Change-Id: Icd3690565bf7b27898cd206641e612da3993703d
This patch includes changes required to run devstack on RHEL 9.
- en_US.utf8 is provided by glibc-langpack-en
- iptables command is provided by iptables-nft
- Use /etc/os-release to identify the distro in RHEL 9 as it doesn't
provide lsb_release command.
- CRB repository name is different from CentOS 9
Change-Id: I8f6d9263b24f9c2cf82e09258e2d14d7766ad337
stop_dstat() calls stop_process() for dstat, memory_tracker and
file_tracker respectively. Inside stop_process(), a check for the
existence of the service is performed by is_service_enabled().
So even if we apply this seemingly dangerous commit,
is_service_enabled() is respected, so it's safe.
Closes-Bug: #1998990
Change-Id: Ica58cdb1d60c4c796f582d82ed2cde0be94b1a7e
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
These are a few tweaks I applied to my own memory-constrained cloud
instances that seemed to help. I have lower performance requirements
so this may make things worse and not better, but it's worth seeing
what the impact is. I'll admit to not knowing the full impact of these
as they're mostly collected from various tutorials on lowering memory
usage.
Enable this for now on devstack-multinode
Change-Id: I7b223391d3de01e3e81b02076debd01d9d2f097c
We haven't been testing the distro for a while in CI, e.g. in
Tempest, the jobs on opensuse15 haven't been executed for a year
now.
Therefore the patch removes opensuse support from devstack.
Closes-Bug: #2002900
Change-Id: I0f5e4c644e2d14d1b8bb5bc0096d1469febe5fcc
Some rockylinux deployments have the curl-minimal package installed by
default (the latest GenericCloud image still has the curl package), it
triggers an error when devstack wants to install the curl package.
Fix this issue by swaping curl-minimal with curl before installing base
packages.
Change-Id: I969e8dc22e7d11c9917a843d9245f33a04fe197d
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: I2c26063896ab2679cffd01227a40a3283caa3b17
Devstack set the env var TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE
which are used to use the constraints during Tempest virtual env installation.
Those env var are set to non-master constraint when we need to use non-master
constraints but when we need to use the master constraints we do not set/reset
them point to master constraints. This create the issue when running the grenade
job where we run Tempest on the old devstack as well as in the new devstack.
When tempest is installed on old devstack then old tempest is used and it sets
these env var to stable/<branch> constraints (this is the case when old devstack
(the stable branch is in EM phase) uses the old tempest not the master tempest),
all good till now. But the problem comes when in the same grenade script run
upgrade-tempest install the master tempest (when new devstack branches are in
the 'supported' phase and use the master tempest means) and are supposed to use
the master constraints. But the TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE env
var set by old tempest is used by the tempest and due to a mismatch in constraints
it fails.
This happened when we tried to pin the stable/wallaby with Tempest 29.0.0
- https://review.opendev.org/c/openstack/devstack/+/871782
and table/xena grenade job failed (stable/xena use master tempest and supposed
to use master constraints)
- https://zuul.opendev.org/t/openstack/build/fb7b2a8b562c42bab4c741819f5e9732/log/controller/logs/grenade.sh_log.txt#16641
We should set/reset those constraint env var to master constraints if configuration
tell devstack to use the master constraints.
[1] https://github.com/openstack/devstack/blob/71c3c40c269a50303247855319d1d3a5d30f6773/lib/tempest#L124
Closes-Bug: #2003993
Change-Id: I5e938139b47f443a4c358415d0d4dcf6549cd085
pkill already takes care that it does not kill itself, however the
same problem may happen with 'sudo pkill -f' killing sudo. Use one
of the usual regex tricks to avoid that.
Change-Id: Ic6a94f516cbc509a2d77699494aa7bcaecf96ebc
Closes-Bug: #1999395
Cirros has made a fresh release, let us use it. Switch the download URLs
to https and drop an old example that no longer is available.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/871271
Change-Id: I1d391b871fc9bfa825db30db9434922226b94d8a
The python-neutronclient CLI code is going to be removed from this
repository.
Change-Id: I39b3a43a7742481ec6d9501d5459bf0837ba0122
Related-Bug: #2003861
Just like we remove db files let's also remove
socket files when initializing ovn. Those will
reappear once service fully restarts along with
db files. Without it we see random issue as
described in the below bug.
Closes-Bug: #2002629
Change-Id: I726a9cac9c805d017273aa79e844724f0d00cdf0
In this release cycle, a few services are enabling the
enforce scope and new defaults by default. Example Nova:
- https://review.opendev.org/c/openstack/nova/+/866218)
Until the new defaults enalbing by default is not released we
should keep testing the old defaults in existing jobs and we can
add new jobs testing new defautls. To do that we can provide the
way in devstack to keep scope/new defaults disable by default which
can be enabled by setting enforce_scope variable to true.
Once any service release the new defaults enabled by default then
we can switch the bhavior, enable the scope/new defaults by default
and a single job can disbale them to keep testing the old defaults
until service does not remove those.
Change-Id: I5c2ec3e1667172a75e06458f16cf3d57947b2c53
Module lib/neutron was introduced long time ago as new module to deploy
neutron. It was intended to replace old lib/neutron-legacy module. But
since very long time it wasn't really finished and used by anyone and
lib/neutron-legacy is defacto standard module used by everyone to deploy
neutron with devstack.
In [1] unfinished lib/neutron was deprecated and now it's time to remove
it from the devstack code.
This patch also renames old "lib/neutron-legacy" module to be
"lib/neutron" now.
Previously "old" lib/neutron-legacy module was accepting neutron
services names wit "q-" prefix and "new" lib/neutron module was accepting
services with "neutron-" prefix. Now, as there is only one module it
accepts both prefixes.
For historical reasons and to be consistent with old lib/neutron-legacy
which was widely used everywhere, services will be named with "q-"
prefix but both prefixes will be accepted to enable or disable services.
This patch also moves _configure_neutron_service function to be called
at the end of the "configure_neutron" after all agents and service
plugins are already configured.
[1] https://review.opendev.org/c/openstack/devstack/+/823653
Related-bug: #1996748
Change-Id: Ibf1c8b2ee6b6618f77cd8486e9c687993d7cb4a0
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.
----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------
We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.
This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/867066
Related-Bug: #1999183
[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.
Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
In the past firewall_driver setting was configured for ML2 plugin
because it was used in the
neutron.agent.securitygroups_rpc.is_firewall_enabled() function but
currently it's not needed anymore as there is other config option
"enable_security_group" for that.
Related-bug: #1996748
Change-Id: I9b09c6afb3f1f1c33d1bdfea52ba6f4c0d0cf2dc
openEuler 20.03 LTS SP2 support was removed from devstack in last
few months due to its python version is too old and the CI job
always fail. And openEuler 20.03 LTS SP2 was out of maintainer in May
2022 by openEuler community.
The newest LTS version was released in March 2022 called 22.03 LTS.
This release will be maintained for at least 2 years. And the python
version is 3.9 which works well for devstack.
This Patch add the openEuler distro support back. And add the related
CI job to make sure its works well.
Change-Id: I99c99d08b4a44d3dc644bd2e56b5ae7f7ee44210
The option was already deprecated in os-vif 2.2.0[1]. The override is
no longer required since bug 1929446 was already resolved.
[1] https://review.opendev.org/c/openstack/os-vif/+/744816
Related-Bug: #1929446
Change-Id: I5bc55723a178b32d947da2ac91d2f62aa8124990
Nova is ready with the scope and new defaults as per the new
RBAC design. Adding devstack flag to enable the scope checks
and new defaults enforcement in nova side.
Change-Id: I305ea626a4b622c5534d523f4b619832f9d35f8d
The dbcounter install on Debian Bullseye is broken in a really fun way.
The problem is that we end up mixing pypi openssl and distro
cryptography under pip and those two versions of libraries are not
compatible.
The reason this happens is that debian's pip package debundles the pip
deps. This splits them out into /usr/share/python-wheels and it will
prefer distro versions of libraries over pypi installed versions of
libraries. But if a pypi version is installed and a distro version is
not then the pypi version is used. If the pypi version of library A does
not work with distro version of library B then debundled pip breaks.
This has happened with crypytography and pyOpenSSL.
This happens because urllib3 (a debundled pip dep) appears to use
pyopenssl conditionally. Novnc depends on python3-cryptography, and
openstack depends on cryptogrpahy from pypi ensuring we get both a
distro and a pypi version installed. However, pyOpenSSL is only pulled
in from pypi via openstack deps. This leaves debundled urllib3
attempting to use pypi pyOpenSSL with distro cryptography and that combo
isn't valid due to an interface change.
To fix this we install python3-openssl ensuring that debundled pip will
use distro pyOpenSSL with distro cryptography making everything happy
again. But we only do this when we install novnc as novnc is what pulls
in distro cryptography in the first place. We can't simply install
python3-openssl on all debuntu platforms because this breaks Ubuntu
Focal in the other direction. On Ubuntu focal distro pip uses distro
pyOpenSSL when no pypi pyOpenSSl is installed (prior to keystone
install) and is not compatible with pypi cryptography.
Honestly, this whole intersection between distro and pypi installs of
cryptography and pyOpenSSL could probably be made cleaner. One option
would be for us to always install the constraints version of both
packages from pypi and the distro pacakges very early in the devstack
run. But that seems far more complicated so I'm not attempting that
here.
Change-Id: I0fc6a8e66e365ac49c6c7ceb4c71c68714b9f541
Adding a second exception for single-core-review in Devstack
repository - changes which do not affect core functionality, like
f.e. job cleanups, can be reviewed by a single core.
Change-Id: Idb6cefa510fdbfed41379eb410f4884852d1177f
It seems that setting "sysctl kernel.dmesg_restrict" was changed
in Ubuntu 22.04 (Jammy) to "1" and because of that running "dmesg"
command requires now root privileges.
Closes-bug: #1994023
Change-Id: I2adc76e3025fadf994bab2e2e1fd608e688874fc
If stack.sh is run on a system that already has OVN packages
installed, it could fail to find its DB sockets. This is because
the 'ln -s' will place the symlink inside of /var/run/ovn
instead of using a single directory as intended.
Change the code in neutron_plugins/ovn_agent to not make the
symlink and instead use separate directories for OVS and OVN.
Closes-bug: #1980421
Change-Id: Ic28a93bdc3dfe4a6159234baeabd0064db452b07
Some services fail when using special characters in passwords, add some
warnings to our docs.
Closes-Bug: 1744985
Change-Id: I601149e2e7362507b38f01719f7197385a27e0a8
This commit fixes the tox command option to run the smoke tests. The
original arguments fail with the error[1], and `-efull` and
`tempest.scenario.test_network_basic_ops` are not for the smoke tests.
[1]
$ tox -efull tempest.scenario.test_network_basic_ops
...
tempest run: error: unrecognized arguments: tempest.scenario.test_network_basic_ops
Change-Id: I9c3dd9fb4f64bf856c5cab88a2aeaae355c84a65
The issue that Horizon had with python3.10 has been fixed some time ago,
so we can stop disabling it for those jobs.
Also stop including roles from devstack-gate which we no longer need.
Change-Id: Ia5d0b31561adc5051acd96fcaab183e60c3c2f99
Because adding the role is idempotent, we can save doing the initial
check for role assignment. Also simplify the output matching by using
osc's filters where appropriate.
Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: If2a661cc565a43a7821b8f0a10edd97de08eb911
Similar to other functions, this uses "--or-show" to avoid double
calls.
Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: I548f9acd812687838e04b705f86f3b70d2b10caf
This patch adds NVMe LVM support to the existing iSCSI LVM configuration
support.
We deprecate the CINDER_ISCSI_HELPER configuration option since we are
no longer limited to iSCSI, and replace it with the CINDER_TARGET_HELPER
option.
The patch also adds another 3 target configuration options:
- CINDER_TARGET_PROTOCOL
- CINDER_TARGET_PREFIX
- CINDER_TARGET_PORT
These options will have different defaults based on the selected target
helper. For tgtadm and lioadm they'll be iSCSI,
iqn.2010-10.org.openstack:, and 3260 respectively, and for nvmet they'll
be nvmet_rdma, nvme-subsystem-1, and 4420.
Besides nvmet_rdma the CINDER_TARGET_PROTOCOL option can also be set to
nvmet_tcp, and nvmet_fc.
For the RDMA transport protocol devstack will be using Soft-RoCE and
creating a device on top of the network interface.
LVM NVMe-TCP support is added in the dependency mentioned in the footer
and LVM NVMe-FC will be added in later patches (need os-brick and cinder
patches) but the code here should still be valid.
Change-Id: I6578cdc27489b34916cdeb72ba3fdf06ea9d4ad8
This patch changes user who runs ovsdb-server and ovn-nortd services
to root.
It also adds installation of the libssl dev package before compilation
of the openvswitch if TLS service is enabled.
Co-Authored-By: Fernando Royo <froyo@redhat.com>
Closes-Bug: #1987832
Change-Id: I83fc9250ae5b7c1686938a0dd25d66b40fc6c6aa
In case of online mode, there is a procedure to recreate tempest venv.
For consistency of tempest venv during the entire stack.sh process,
add logic to consider the TEMPEST_VENV_UPPER_CONSTRAINTS option here.
Closes-bug: #1980483
Signed-off-by: June Yi <june.yi@samsung.com>
Change-Id: I0cea282152fd363af8671cab1b5f733ebe2bd4df
neutron-ns-metadata-proxy was dropped from Neutron 5 years ago, no need
to keep trying to kill it.
Change-Id: I20b6d68dd8dde36057a2418bca0841bdea377b07
When barbican is enabled, add the "creator" role to cinder's service
user so that cinder can create secrets. Cinder needs to create
barbican secrets when migrating encryption keys from the legacy
ConfKeyManager to barbican. Cinder also needs to create barbican
secrets in order to support transferring encrypted volumes.
Implements: bp/transfer-encrypted-volume
Depends-On: I216f78e8a300ab3f79bbcbb38110adf2bbec2196
Change-Id: Ia3f414c4b9b0829f60841a6dd63c97a893fdde4d
In I90316208d1af42c1659d3bee386f95e38aaf2c56 support for nova-network
was removed, but some bits remained, fix this up.
Change-Id: Iba7e1785fd0bdf0a6e94e5e03438fc7634621e49
Openstack client can return the id field for create/show commands using
`-f value -c id`. Cleaned up the use of grep 'id' with get_field
Change-Id: I2f4338f30c11e5139cda51c92524782b86f0aacc
Right now we don't officialy support LinuxMint as our
documentation says [1], it seems LinuxMint is a relict
and got forgotten over time.
This patch removes LinuxMint from the code in order not to
confuse users.
[1] https://docs.openstack.org/devstack/latest/
Closes-Bug: #1983427
Change-Id: Ie1ced25f89389494b28a7b2e9bb1c4273e002dd5
Attempting to set a value containing the ampersand
character (&) by iniset would corrupt the value.
So, add an escaping process.
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Closes-Bug: #1983816
Change-Id: Ie2633bacd2d761d110e6cb12f95382325c329415
Writing NOPASSWD directive into /etc/sudoers was throwing
permission denied errors. This commit writes the directive
to the /etc/sudoers.d/stack file instead.
Closes-Bug: #1981541
Change-Id: If30f01aa5f3a33dda79ff4a6892116511c8e1542
Recently the experimental mechanism has been added to Neutron and now
it requires the [experimental] linuxbridge option when the linuxbridge
mechanism driver is used.
Depends-on: https://review.opendev.org/c/openstack/neutron/+/845181
Change-Id: Ice82a391cda9eb0193f23e6794be7ab3df12c40b
We see some cases where OVN startup takes much longer than 5 seconds, up
to 28 seconds have been observed, so increase the limit to 40 to be on
the safe side.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1980421
Change-Id: I6da4a537e6a8d527ff71a821f07164fc7d342882
Because of the missing "$" before ENFORCE_SCOPE in the lib/neutron
module, it was treated as an ENFORCE_SCOPE string instead of variable
and Neutron was deployed always with old defaults and disabled scope
enforcement.
Change-Id: Ibe67fea634c5f7abb521c0369ff30dd5db84db8c
Some of the API services are not properly mounted under /$service/
in the apache proxy. This patch tries to avoid recording data
for "services" like "v2.0" (in the case of neutron) by only adding
names if they're all letters. A single warning is emitted for any
services excluded by this check.
For the moment this will mean we don't collect data for those services,
but when their devstack API config is fixed, they'll start to show
up.
Change-Id: I41cc300e89a4f97a008a8ba97c91f0980f9b9c3f
Currently Devstack uses short hostname for configuration of OVN.
This leads to inability to start instances (failing port binding)
on hosts with full hostnames (including dots). Open vSwitch expects
hostname in external_ids that corresponds to one returned by
``hostname`` command.
Closes-Bug: #1943631
Change-Id: I15b71a49c482be0c8f15ad834e29ea1b33307c86
Due to the below bug the job has been constantly failing.
Let's make it n-v until the bug is resolved:
- https://bugs.launchpad.net/neutron/+bug/1979047
Change-Id: Ifc8cc96843a8eac5c98cd1e1f9e4b6287a7f2e7c
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.
The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.
The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory. As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB. If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.
This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.
Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
We are seeing failures when using an updated setuptools version
installed together with distro pip on Ubuntu 22.04. Install the version
from u-c only when we are also installing pip from upstream.
Change-Id: Ibb6e9424e5794ccbf9a937d2eecfa3bf60ed312e
Currently, neutron tunnel endpoints must be IPv4 addresses,
i.e. $HOST_IP, although IPv6 endpoints are supported by most
drivers.
Create a TUNNEL_IP_VERSION variable to choose which host IP
to use, either HOST_IP or HOST_IPV6, and configure it in the
OVS and Linuxbridge agent driver files. The default is still
IPv4, but it can be over-ridden by specifying TUNNEL_ENDPOINT_IP
accordingly.
This behaves similar to the SERVICE_IP_VERSION option, which
can either be set to 4 or 6, but not 4+6 - the tunnel overhead
should be consistent on all systems in order not to have MTU
issues.
Must set the ML2 overlay_ip_version config option to match
else agent tunnel sync RPC will not work.
Must set the OVN external_ids:ovn-encap-ip config option to
the correct address.
Updated 'devstack-ipv6-only' job definition and verification role
that will set all services and tunnels to use IPv6 addresses.
Closes-bug: #1619476
Change-Id: I6034278dfc17b55d7863bc4db541bbdaa983a686
When cephadm is used, if ENABLE_CEPH_C_BAK is True both pool and
key are created by devstack-plugin-ceph. This piece of code can
still stay here to make sure the cinder config is properly built.
Change-Id: I799521f008123b8e42b2021c1c11d374b834bec3
Some of the hardest-to-debug issues are qemu crashes deep in a nova
workflow that can't be reproduced locally. This adds a post task to
the playbook so that we capture the most recent qemu core dump, if
there is one.
Change-Id: I48a2ea883325ca920b7e7909edad53a9832fb319
Swift removed sha1 from supported digests with [1] and
that broked ironic tinyipa job. Temorary add sha1 to
allowed_digests until it's fixed in ironic.
[1] https://review.opendev.org/c/openstack/swift/+/525771
Story: 2010068
Task: 45539
Change-Id: I68dfc472ce901058b6a7d691c98ed1641d431e54
Grenade jobs stop services, check fip connectivity
for a nova server and then upgrade to next release.
But since ovn data plane and db services are stopped along
with other services, fip connectivity fails as a result.
We shouldn't stop these services along with other
neutron services. This patch adds a new variable
"SKIP_STOP_OVN" which can be used by grenade jobs
to skip stop of ovn services.
This will also fix the ovn grenade jobs.
Also source fixup_stuff.sh so function fixup_ovn_centos
is available. It's already sourced in stack.sh but
that's not used in grenade run.
Change-Id: I94818a19f19973779cb2e11753d2881d54dfa3bc
Packages for OVN are now available in bullseye, so we can drop the
special handling.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5e5c78aa19c5208c207ddcf14e208bae8fbc3c55
RHEL based distros set homedir permissions to 700,
and Ubuntu 21.04+ to 750[1], i.e missing executable
permission for group or others, this results into failures
as defined in the below bug.
Since in doc we add useradd command, it's good to
add instructions to fix the permissions there itself
instead of getting failures during installation and then
fixing it.
Also update user create script to fix permissions
by adding executable bit to DEST directory if missing.
[1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533
Closes-Bug: #1966858
Change-Id: Id2787886433281238eb95ee11a75eddeef514293
This can happen if devstack fails to run, but we still run the post
tasks. Also could happen if some sort of hybrid job configuration
does not run all of devstack but we still end up running post jobs.
Just warn to stderr and assume no DB info.
Change-Id: I211a331ab668dbb0ad7882908cca4363f865d924
The previous change, I237f5663b0f8b060f6df130de04e17e2b1695f8a, removed
a SETUPTOOLS flag, but not the comment explaining why that flag was
previously set. Clean up that comment.
Change-Id: I32b0240fd56310d7f10596aaa8ef432679bfd66a
There are two problems with dbcounter installation on Jammy. The first
is straightforward. We have to use `py_modules` instead of `modules` to
specify the source file. I don't know how this works on other distros
but the docs [0] seem to clearly indicate py_modules does this.
The second issue is quite an issue and requires story time. When
pip/setuptools insteall editable installs (as is done for many of the
openstack projects) it creates an easy-install.pth file that tells the
python interpreter to add the source dirs of those repos to the python
path. Normally these paths are appended to your sys.path. Pip's isolated
build env relies on the assumption that these paths are appeneded to the
path when it santizes sys.path to create the isolated environemnt.
However, when SETUPTOOLS_SYS_PATH_TECHNIQUE is set to rewrite the paths
are not appended and are inserted in the middle. This breaks pip's
isolated build env which broke dbcounter installations. We fix this by
not setting SETUPTOOLS_SYS_PATH_TECHNIQUE to rewrite. Upstream indicates
the reason we set this half a decade ago has since been fixed properly.
The reason Jammy and nothing else breaks is that python3.10 is the first
python version to use pip's isolated build envs by default.
I've locally fiddled with a patch to pip [1] to try and fix this
behavior even when rewrite is set. I don't plan to push this upstream
but it helps to illustrate where the problem lies. If someone else would
like to upstream this feel free.
Finally this change makes the jammy platform job voting again and adds
it to the gate to ensure we don't regress again.
[0] https://docs.python.org/3/distutils/sourcedist.html#specifying-the-files-to-distribute
[1] https://paste.opendev.org/show/bqVAuhgMtVtfYupZK5J6/
Change-Id: I237f5663b0f8b060f6df130de04e17e2b1695f8a
The job is broken since it is running with python3.7 and most services
now require at least python3.8.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie21f71acffabd78c79e2b141951ccf30a5c06445
We missed to add the jobs to the gate queue and so they have already
regressed before they were actually in place. Make them non-voting for
now until the issues are fixed.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5d1f83dfe23747096163076dcf80750585c0260e
Glance image import is asynchronous and may be configured to do image
conversion. If image import is being used, it's possible that the
tempest configuration code is executed before the import has
completed and there may be no active images yet. In that case,
we will poll glance every TEMPEST_GLANCE_IMPORT_POLL_INTERVAL seconds
(default: 1) to see if there are TEMPEST_GLANCE_IMAGE_COUNT active
images (default: 1) up to TEMPEST_GLANCE_IMPORT_POLL_LIMIT times
(default: 12).
You can see an example of the issue this patch addresses in real
life:
https://review.opendev.org/c/openstack/glance/+/841278/1#message-456096e48b28e5b866deb8bf53e9258ee08219a0
Change-Id: Ie99f12691d9062611a8930accfa14d9540970cc5
Without it segment plugin fails to connect with
placement api. Configure the placement section
if service is deployed.
Closes-Bug: #1973783
Change-Id: Ie7f37770a04f622735cf2263c601257669ab5064
Two runs of the same job on the same patch can yield quite different
numbers for API calls if we just count the raw calls. Many of these
are tempest polling for resources, which on a slow worker can require
many more calls than a fast one.
Tempest seems to not change its User-Agent string, but the client
libraries do. So, if we ignore the regular "python-urllib" agent
calls, we get a much more stable count of service-to-service API
calls in the performance report.
Note that we were also logging in a different (less-rich) format for
the tls-proxy.log file, which hampers our ability to parse that
data in the same format. This switches it to "combined" which is used
by the access.log and contains more useful information, like the
user-agent, among other things.
Change-Id: I8889c2e53f85c41150e1245dcbe2a79bac702aad
The mysql performance_schema method for counting per-database queries
is very heavyweight in that it requires full logging (in a table) of
every query. We do hundreds of thousands in the course of a tempest
run, which ends up creating its own performance problem.
This changes the approach we take, which is to bundle a very tiny
sqlalchemy plugin module which counts just what we care about in
a special database.
It is more complex than just enabling the features in mysql, but it
is a massively smaller runtime overhead. It also provides us the
opportunity to easily zero the counters just before a tempest run.
Change-Id: I361bc30bb970cdaf18b966951f217862d302f0b9
The new Ubuntu LTS release has been made last week, start running
devstack on it as a platform job.
Horizon has issues with py310, so gets disabled for now.
Run variants with OVS and OVN(default).
Co-Authored-By: yatinkarel <ykarel@redhat.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I47696273d6b009f754335b44ef3356b4f5115cd8
When OVN is setup from distro packages, the
main service is ovn-central which when restarted,
restarts ovn-northd, ovn nb and db services.
And during the restart ovn dbs(ovnnb_db.db and ovnsb_db.db)
are created, which may sometime takes time as seen with
ubuntu jammy tests[1].
We already checking for socket's file to be available,
let's also check for db files as without it ovn-*ctl
operations succeed but changes are not persisted until
db files are available and changes are lost with the restart.
[1] https://review.opendev.org/c/openstack/devstack/+/839389
Change-Id: I178da7af8cba8bcc8a67174e439df7c0f2c7d4d5
Would be helpful in troubleshooting services
which either fails to start or takes time to
start.
Related-Bug: #1970679
Change-Id: Iba2fce5f8b1cd00708f092e6eb5a1fbd96e97da0
In order to run on systems where not all requirements are present,
we should be tolerant of missing external dependencies, such as
psutil and pymysql. Print a warning (to stderr) and just leave out
those stats in that case.
Also make running the stats collector use ignore_errors:yes to avoid
failures in the future. I think the stats is not critical enough to
fail a job for bugs like this.
Related-Bug: #1970195
Change-Id: I132b0e1f5033c4f109a8b8cc776c0877574c4a49
In some cases the value is [not set], in this case
the conversion to integer does not work.
Closes-Bug: #1970431
Change-Id: I74df7d8bc9f5cbe0709a6471cf7639caea0b58e8
A long time ago, Ironic's IPv6 only job started to fail working with
errors indicated the host was unreacable. Turns out, this was because
the $ext_gw_interface was not being set to up, and thus could
be found in a Down state, and thus the kernel would not accept routes
for it.
Adds an explicit step to turn up the public bridge, much as done in
the IPv4 router plugin code which would also be executed in 4+6.
That being said, Ironic's CI jobs are very intentionally IPv6 only
to ensure that we have no chances of v4 addressing getting used
at any point in time.
This should allow Ironic to return it's IPv6 only CI job back
to the normal check queue, once a ironic plugin issue has been
resolved which was introduced while it was removed.
Change-Id: I121ec8a2e9640b21a7126f2eeb23da36b4aa95bf
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.
Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
I941ef5ea90970a0901236afe81c551aaf24ac1d8 added a sed command that
should match and delete path values but used '/' as sed separator. This
leads to error in unstack.sh runs when the path also contains '/':
+./unstack.sh:main:188 sudo sed -i '/directory=/opt/stack/ d' /etc/gitconfig
sed: -e expression #1, char 13: unknown command: `o'
So this patch replace '/' separator with '+'.
Change-Id: I06811c0d9ee7ecddf84ef1c6dd6cff5129dbf4b1
This change adds mod_ssl to the default set of rpms installed
on rpm based distros.
this is required if the tls-proxy service is enabled
for multi node centos based jobs.
Change-Id: I52652de88352094c824da68e5baf7db4c17cb027
the value of LOGDAYS in samples/local.conf is 2, so change the
value in the comment and the sample value in the document to
be consistent with it.
Change-Id: I5822bbf1d6ad347c67c886be1e3325113d079114
This makes us gather a bunch of consistent statistics after we run
tempest that can be use to measure the impact of a given change. These
are stable metrics such as "number of DB queries made" and "how much
memory is each service using after a tempest run."
Note that this will always run after devstack to generate the JSON
file, but there are two things that control its completeness:
- MYSQL_GATHER_PERFORMANCE must be enabled to get per-db stats
- Unless tls-proxy is enabled, we will only get API stats for keystone
Change-Id: Ie3b1504256dc1c9c6b59634e86fa98494bcb07b1
We are using the latest OVS, however, OVN needs to build using the
OVS submodule since some of the signatures don't work[1].
[1]: https://github.com/ovn-org/ovn/issues/128
Change-Id: I3ad7e5e80f1141c3d94f7ce7c8b8f8fdb9fb7c3c
Without this, running DevStack on an `aarch64` environment will end
up in cpu_model set to "Nehalem" and cpu_mode set to "host-passthrough"
which does not work.
This patch drops that value under aarch64 environments.
Change-Id: I30be5a388dda5ccf08718670dbb14a28a4a8a8eb
This is necessary for more consistent behavior across multiple
distro versions. Apparently somewhere along the way, git started
looking at the current user's home directory instead of $HOME.
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
Change-Id: I941ef5ea90970a0901236afe81c551aaf24ac1d8
git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.
This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history. So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.
This plays havoc with our model. Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks. We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.
This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe. This is an
encroachment of the global system for sure, but is about the only
switch available at the moment. For discussion of other approaches,
see [2].
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636
Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
After ./unstack.sh trying to 'enable_plugin venus https://opendev.org/openstack/venus' gived following error:
+lib/neutron_plugins/ovn_agent:install_ovn:363 sudo ln -s /var/run/openvswitch /var/run/ovn
ln: failed to create symbolic link '/var/run/ovn/openvswitch': File exists
which led to:
+lib/neutron_plugins/ovn_agent:cleanup_ovn:801 sudo rm -f /var/run/ovn
rm: cannot remove '/var/run/ovn': Is a directory
Change-Id: I1cafdc0c71093ed7249bb9748b57d51110986686
osc is typicaly installed in /usr/local/bin
to avoid command not found errors when invoking osc
in devstack ensure that /usr/local/bin is included
in the PATH.
Change-Id: I605fbc4b131149bf5d1b6307b360fe365c680b1a
OpenEuler job fails 100% of the time. As discussed in QA meeting,
we agreed to move OpenEuler job to experimental pipeline.
- https://meetings.opendev.org/meetings/qa/2022/qa.2022-03-22-15.00.log.html#l-76
Once it is fixed, we can think of adding back to regular pipeline.
Change-Id: I831889a09fabe5bed5522d17e352ec8009eac321
devstack isn't a python project, these were introduced only for docs
building and made redundant with [0]. We can remove them now.
[0] Iedcc008b170821aa74acefc02ec6a243a0dc307c
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I90ca1c6918c016d10c579fbae49d13fff1ed59af
After patch [1] project_id in that module is no longer needed as to make
it working with new secure RBAC policies we had to hardcode "demo"
project to be used always.
This is small follow-up patch with cleaning after [1].
[1] https://review.opendev.org/c/openstack/devstack/+/826851/
Change-Id: Iddf9692817c91807fc3269547910e4f83585f07f
There are a couple of places that still use a hardcoded
127.0.0.1 value, even if devstack is run with
SERVICE_IP_VERSION=6 in local.conf. While things still
work, SERVICE_LOCAL_HOST should be used instead since
everything else could be using IPv6.
Change-Id: I2dd9247a4ac19f565d4d5ecb2e1490501fda8bca
Newer versions of openssl (CentOS9Stream for example) do not like using sha1.
Devstack will fail on these systems[1] with the following error:
801B93DCE77F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:333:
This patch updates the tls-proxy code in devstack to use sha256 instead of sha1 which allows devstack to complete when tls-proxy is enabled.
[1] https://zuul.opendev.org/t/openstack/build/1d90b22a39c74e24a8390861b3c5f957/log/job-output.txt#5535
Closes-Bug: #1962600
Change-Id: I71e1371affe32f070167037b0109a489d196bd31
If the ci images do not have any cached data
we should ignore any error when trying to copying it.
This is requried when using unmodified cloud images.
Change-Id: Ia6e94fc01343d0c292b1477905f8a96a6b43bcf8
This is a followup for change Ifdef3510bc7da3098a71739814e35dbaf612ae34
which added configuration of unified limits for nova. This removes an
unnecessary wrapper unsetting of OS_ env variables, unnecessary quoting
on an iniset config value, and a hardcoding of user domain. The glance
code from which the nova code was originally copied is also cleaned up.
Change-Id: I4921af5cc0f624dd5aa848533f7049ee816be593
Previously, Swift's backing disk were not be mounted after reboots,
causing swift-proxy-server service to fail with cryptic error
messages such as 'proxy-server: ERROR Insufficient Storage'. Now,
we use Dan Smith' create_disk function from functions to create
the backing disk for us and add it to /etc/fstab.
Change-Id: I9cbccc87bc94a55b58e9badf3fdb127d6f1cf599
The rsync debian package is required for swift service. This
requirement has been covered by rpms but not for deb packages.
Change-Id: Iefd1302be9c7fd80e037bbae3638602d6d823580
This change use uname -m to get the portable host arch and uses that
as a new default. on x86_64 hosts this should result in no visable change
in behavior however on a non x86 host it will cause devstack to attempt
to download a cirros image that matches the host.
Change-Id: I6d1495a23400ef4cf496302028324fa5794dd45f
This patch fixes several issues related to the installation with
OVN backend with the OVS/OVN compilation enabled.
The OVS/OVN local directories prefix, when both services are compiled,
is now "/usr/local".
The "ovn_agent._run_process" function is calling "ovs-appctl" to
configure the logging settings of several services. Instead of
using the service name, the ctl socket file is used instead. That
is more robust and does not fail in systems with previous
installations.
Closes-Bug: #1960514
Change-Id: I69de5333393957593db6e05495f0c3c758efefdf
Previously, loop devices for LVM volume groups backing files were not
created after reboots, causing e.g. Cinder to fail with messages such
as
ERROR cinder.service [-] Manager for service cinder-volume
devstack@lvmdriver-1 is reporting problems, not sending
heartbeat. Service will appear "down".
Now, we use systemd services to manage loop devices for backing files.
Change-Id: I27ec027834966e44aa9a99999358f5b4debc43e0
This change reverts the execute permissions from
stackrc which is not meant to be run as a script but sourced
as part of stack.sh
Change-Id: I9a05051e5a297cfaf78d097fa5f90a7c5fd254a6
Since pip v22, python3.6 is not supported (the minimum version is
python3.7). This patch adds the reference for the pip3.6 URL to be
used instead of the default one.
Closes-Bug: #1959600
Change-Id: Iab2c391d5388461fe9e9037cee81884ce8032e72
This enables the configuration of nova to use unified limits in
keystone and enforcement in oslo.limit.
Related to blueprint unified-limits-nova
Depends-On: https://review.opendev.org/c/openstack/nova/+/715271
Change-Id: Ifdef3510bc7da3098a71739814e35dbaf612ae34
This reverts commit be7b5bf671.
As related bug is fixed, lets enabled scope enforcement in Neutron
again.
Related-bug: #1959196
Change-Id: I72db7ef533e78a10734d105e6a0debef288e41a1
After patch [1] new RBAC policies changed in the way that SYSTEM_ADMIN
user isn't anymore allowed to e.g. create resources in behalf of some
projects. Now PROJECT_ADMIN needs to create such resources instead.
So this patch basically reverts most of the changes which were done
in [2] some time ago.
It also introduces new entry in the clouds.yaml file -
"devstack-admin-demo" which is "admin" user in the "demo" project as
it's needed to create some resouces in the demo project now.
Additionally, because of bug [3] this patch changes way how IPv6
external gateway IP is found using Neutron API. This change may be
reverted in the future when bug [3] will be fixed.
[1] https://review.opendev.org/c/openstack/neutron/+/821208
[2] https://review.opendev.org/c/openstack/devstack/+/797450
[3] https://bugs.launchpad.net/neutron/+bug/1959332
Depends-On: https://review.opendev.org/c/openstack/neutron/+/826828
Closes-Bug: #1959196
Change-Id: I32a6e8b9b59269a8699644b563657363425f7174
After patch [1] was merged in Neutron, enforcing scopes there
is broken.
So lets disable it temporary to unblock Devstack's gate for now.
[1] https://review.opendev.org/c/openstack/neutron/+/821208
Related-Bug: #1959196
Change-Id: I24da6f3897a638749d16f738329a873a5f9a291d
This reverts commit 26bd94b45e.
Reason for revert: Devstack keystone creation/setup are moved to
scope tokens, so we can reintroduce the scope check enable.
Change-Id: I6e1c261196dbcaf632748fb6f04e0867648b76c7
This is needed so we can set keystone into enforcing secure RBAC.
This also adjusts lib/glance, which already partially used
devstack-system-admin.
Change-Id: I6df8ad23a3077a8420340167a748ae23ad094962
Running get-pip.py fails on Ubuntu when running twice, e.g. after a
unstack/stack cycle. Just use distro pip instead.
Closes-Bug: #1957048
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I87a8d53ed8860dd017a6c826dee6b6f4baef3c96
The default Neutron configuration is now using OVN, but the multinode
lab was using an incompatible configuration:
The q-agt/neutron-agt service must be disabled with OVN.
Change-Id: I518a739a3daac941880463cde6b47951331d0911
Recent iputils release in CentOS 8-stream causing
ping failures with non root user. This needs a fix
in systemd package as mentioned in the Related Bugs,
until it's fixed and is in 8-stream mirrors let's
workaround it by setting net.ipv4.ping_group_range
setting manually.
Related-Bug: #1957941
Related-Bug: rhbz#2037807
Change-Id: I0d8dac910647968b625020c2a94e626ba5255058
This patch allows to skip the installation
of the database backend packages (MySQL or Postgres)
with the introduction of the INSTALL_DATABASE_SERVER_PACKAGES
variable (defaulted to True).
This is useful in such environments that do not require
to install the MySQL/Postgres server packages directly but using
a container serving that purpose, for those cases all the
remaining steps should be executed just skipping the
packages install.
Change-Id: I26628a31fdda3ce95ed04a2b7ae7b132c288581f
We always need the master branch of requirements in order to be able to
install tempest with it, so override GIT_DEPTH when cloning that repo.
Closes-Bug: 1956616
Change-Id: Id0b409bfadd73f2c30314724178d6e199121050b
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
For some reason, setting the CHAPAlgorithms as in c3b705138
breaks OpenEuler. Making this conditional so that tests continue
to pass.
Change-Id: Iaa740ecfbb9173dd97e90485bad88225caedb523
There was no space after the --project option in the command that
creates the public subnet, thus if any option follows, the option itself
will be parsed as part of the value passed to the --project option. This
change just adds the missing space.
Change-Id: I1e7375578342a82717222e902fcd65a4a62e33a7
When deploying devstack in a stable branch, the master branch is
available locally only in a CI environment where Zuul prepares all
available branches. For a non-CI deployment we need to stick to using
the remote branch as was the case before [0].
While the situation on the master branch isn't really broken, we apply
the fix here anyway so that future stable branches are created in a
working state.
[0] I5d42ac6b54bf20804d7e5faa39d1289102318b64
Closes-Bug: #1956219
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib7719cb2d48b34db70f885e0afe77d904abba3b5
mysqladmin is incorrectly installed in Fedora 34 with mariadb. This
causes the failure of Zuul Fedora based jobs. The issue is a conflict
between mariadb and community mysql that is described in [1] and [2].
The workaround is to explicitly install package "mariadb"
Also configure an increased swap size like for the other platform jobs
in order to avoid OOM issues.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2026933
[2] https://lists.launchpad.net/maria-discuss/msg06179.html
Closes-Bug: #1956116
Change-Id: Icf6d7e1af5130689ea10b29d37cc9b188b2c9754
We still are seeing regular job failures because the pcp package fails
to install. Assume that we can still enable it on demand when someone
needs to debug specific job issues, let us just disable it by default.
Related-Bug: 1943184
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I32ef8038e21c818623db9389588b3c6d3f98dcad
When we need to read a DATABASE_PASSWORD from the user, make sure we
actually use it in our database URLs.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5ebf6b0280e82f2c87a63cbee7a9957c6bd26898
That function was accepting 3 positional arguments and first
of them was boolean value "build_modules" which isn't used anywhere in
that function.
So this patch cleans it a bit by removing that not used parameter.
Change-Id: I5c57b9116338a63b7bfb170c02e33bb4eae725da
openEuler is an open-source Linux based operating system. The current
openEuler kernel is based on Linux and supports multi arch, such as X86_64
and aarch64. It fully unleashes the potential of computing chips. As an
efficient, stable, and secure open-source OS built by global open-source
contributors, openEuler applies to database, big data, cloud computing,
and AI scenarios. openEuler is using RPM for package management.
Note:
Currently there is no available package for uwsgi-plugin-python3 and ovn, so that
openEuler needs manually install them from source.
Website: https://www.openeuler.org/en/
Change-Id: I169a0017998054604a63ac6c177d0f43f8a32ba6
Co-Authored-By: wangxiyuan <wangxiyuan1007@gmail.com>
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
This patch adds new config option NEUTRON_ENFORCE_NEW_DEFAULTS which
if set to True will deploy Neutron with enforce new rbac defaults and
scopes.
It will also use SYSTEM_ADMIN user to interact with Neutron where it is
needed.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/798821
Change-Id: I14d934f0deced34d74003b92824cad3c44ec4f5e
The default CHAP algorithm for iscsid is md5, which is disallowed
under fips. We will set the chap algorithm to "SHA3-256,SHA256",
which should work under all configurations.
Change-Id: Ide186fb53b3f9826ff602cb7fb797f245a15033a
Function _neutron_ovs_base_install_agent_packages always tried to
install openvswitch from packages and start it using systemd units.
That was failing when ovs was expected to be installed from source.
This patch fixes that.
Change-Id: Iae8625dd800d30061ea3dbed9eb0dfbe16f21572
Previously this would always happen for Nova and Cinder even if n-api
and c-api were not enabled on the host respectively.
This change stops this by placing both calls write_uwsgi_config behind
is_service_enabled checks.
Change-Id: I997685da771736dbad79bcfe4b00dbc63bd6d6b6
Additionally make the repo name lowercase to match the project name in
our zuul config so that jobs can check the repo out.
Change-Id: Ic2d9c4fa837461bbc29e067a81912b5f72efd3ca
This patch includes changes required to run devstack on CentOS Stream 9
which has been already published in official repos by CentOS team [1]:
- Add RDO deps repository for CS9.
- remove xinetd package from installation for swift. Note that
rsync-daemon is installed which should work fine.
- Replace genisoimage by xorriso in CS9.
- Use /etc/os-release to identify the distro in CS9 as it doesn't
provide lsb_release command.
- Use pip from rpm package instead of from get-pip.py as done in Fedora.
- Add non-voting job devstack-platform-centos-9-stream to the check
pipeline.
Change-Id: Ic67cddabd5069211dc0611994b8b8360bcd61bef
Jobs with OVN_BUILD_FROMS_SOURCE=True are broken
since [1] as ovn nortd not starting due to permission
issues. Fix it by not using sudo for creating OVN_DATADIR
when building from source.
[1] https://review.opendev.org/c/openstack/devstack/+/806858
Closes-Bug: #1952393
Change-Id: I00f0c8c8173b4d8270fbb3e6079d0d8b332e9de5
Before, we needed to unset a couple of parameters that would make the
client return a project-scoped token instead of a system-scoped token,
which we need when interacting with registered limits in keystone.
This commit removes those unsets since we no longer source those
variables by default. This commit also cleans up some of the redundant
parameters in the registered limit calls, like region.
Change-Id: I1af8a168a29e895d57504d41e30efea271ea232d
When initializing OVN, clean up the correct database directory when
using OVN from packages (/var/lib/ovn/ instead of /opt/stack/data/ovn/).
The /opt/stack/data/ovn location is used only when building OVN from
sources, so a fresh devstack deployment with OVN packages may already
have hundreds of existing routers and ports, creating ARP collisions.
Closes-Bug: #1942201
Change-Id: Ic90d4f2f9d8aaef825ea3325c0ad8fef2a1c5e39
The admin_endpoint parameter has been removed from keystone[1], and
setting the parameter is no longer effective.
[1] 192cde56e57a06750641b319da8a72cdcaa554d0
Change-Id: I6ae6a3122668551acc018972624e914fcbb79a22
This user already has the admin role assignment on a project, which
implies the member role, making explicit calls to add the member role
redundant.
Change-Id: I398c5e2f098aeeb896de83872085cbce529a778a
OS_CLOUD is used to communiate to CLI tools what cloud
credentials to utilize.
The change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
unfortunately set an explicit OS_CLOUD account which breaks
any jobs which are expecting a previosuly set OS_CLOUD which
may be different to work. For example, OS_CLOUD being set
as devstack-system-admin to facilitate Secure RBAC testing.
Change-Id: Iee900e552584dda622f57eea3508df48dff2e071
Previously those functions were defined in the neutron's devstack plugin
but with [1] we moved qos related code into devstack and we missed about
moving them too.
This is follow up patch to fix that issue.
[1] https://review.opendev.org/c/openstack/devstack/+/815686
Change-Id: Icf459a2f8c6ae3c3cb29b16ba0b92766af41af30
We can use the devstack-admin cloud configuration everywhere now
and don't need to set environment variables with cloud credentials
any longer.
Fix the swift setup, where some more options need to be explicitly
specified now and the default OS_CLOUD setting overridden.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
QoS service is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: I48f65d530db53fe2c94cad57a8072e1158d738b0
This commit formalizes some additional users to act as different project
users and updates clouds.yaml file so they're easy to use.
It creates:
- a reader on the demo project
- a reader on the alt_demo project
- a member on the alt_demo project
With the adoption of secure RBAC personas, these are useful for using
OpenStack APIs as that work continues.
Change-Id: I3237a771275311377313b7d7d80ac059ac69d031
IDENTITY_API_VERSION is hardcoded to 3 in most locations already, drop
the remaining occurrences, but keep the variable definition since some
plugins still depend on it. Drop ENABLE_IDENTITY_V2 which no longer
has any effect.
Amend variable list for bootstrap_keystone().
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I06f476d2105bc6ec2b511fc5effcfcc3973eaf97
Keystone has supported system-scope since Queens and we already make
sure we create a cloud profile for system-admin in
/etc/openstack/clouds.yaml.
This commit ensures keystone creates a couple of new users to model
system-member and system-reader personas. Doing this by default in
devstack makes it easier for people to use.
We've already taken a similar approach in tempest by setting up the
various system personas for tempest clients to use.
Change-Id: Iceb7c5f517db20072e121dc7538abaa888423c67
Since Bullseye like Centos 8 Stream needs more memory due to changed
default settings in newer qemu versions, set the swap size to 4G, which
is the same setting already being used for the CS8 jobs successfully.
Change-Id: I83ea34d6aa647d2ab9d4d78ed354904fce836e68
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
If ERROR_ON_CLONE is set to True which is case for
all the devstack based job, devstack does not clone the
repo instead raise error. From current error message, it
is difficult to know that ERROR_ON_CLONE is True until we
traceback the code or check devstack-base job set ERROR_ON_CLONE
to True.
Current error message is like:
-------
+ functions-common:git_clone:560 : echo
'The /opt/stack/oslo.limit project was not found; if this is a gate job, add'
The /opt/stack/oslo.limit project was not found; if this is a gate job, add
+ functions-common:git_clone:561 : echo 'the project to the
$PROJECTS variable in the job definition.'
the project to the $PROJECTS variable in the job definition.
+ functions-common:git_clone:562 : die 562 'Cloning not
allowed in this configuration'
--------
Adding ERROR_ON_CLONE info in error message will help to
know the reason of devstack not cloning the repo.
Change-Id: I9e9852f046fefb299b4ef4446323e9c86437212f
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: Ib86071881f16de1b69c0f9b1b19b6df8b7e66a07
CentOS/RHEL 9 are being compiled for the x86_64-v2 architecture which is
newer than the qemu default of qemu64. This means that for devstack to
boot these instances we need a newer CPU model. Nehalem is apparently
the oldest model that works for x86_64-v2 and is expected to work on
Intel and AMD cpus with kvm or qemu. Switch devstack to this model by
default.
Note that we cannot use host-passthrough or host-model because we want
to support live migration between devstack deployed nova-compute
instances and even within the CI instances that we get the host CPUs can
differ.
Also, we should run this change against as many clouds as possible to
ensure that the newer model works across all of our clouds. There is
some fear that the virtual CPUs presented to us in some clouds may not
be able to run these newer CPU models.
Change-Id: Ibd6e11b59f3c8655bc60ace7383a08458b2177f2
With the depending patch, the endpoint will still be created for
heat tests, so we can turn it off for everyone else.
Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/777343
Change-Id: I0dc7d6cedd07e942b9f23b26a785b386aff41fbc
The keystone admin endpoint technically isn't different any longer from
the other keystone endpoints in v3 of the API. However, some
applications like heat are still relying on it to exist.
So we make the creation of the admin endpoint during bootstrap optional
here, with the intention to change the default to False once all jobs
that still need this are modified to explicitly require it.
Change-Id: I7ab12141c558186e397c174c248a613d1810011b
Keystone no longer has any special functionality hidden behind the admin
site. KEYSTONE_AUTH_URI which used to point to the admin site has long
ago been changed to be a copy of KEYSTONE_SERVICE_URI, which points to
the public site.
Drop all KEYSTONE_AUTH_* variables except KEYSTONE_AUTH_URI which may
still be in use in some plugins.
This also allows to finally drop the fixup_keystone() function.
Change-Id: I549f3cadc27d137e014241cdd47e90267859c848
The use of this function has been deprecated for a long time[0]. With
PyYAML==6.0 the call is now failing, so replace it with the safe
version.
[0] https://msg.pyyaml.org/load
Signed-off-by: Jens Harbott <frickler@offenerstapel.de>
Change-Id: I7a170262b50a5c80a516095b872d52e1bea5479d
When using glance limits, the create_glance_accounts call needs access
to the devstack-system-admin cloud definition, so we need to create
the clouds.yaml file before that step.
Change-Id: Ie6d807c46b88b16b316aa166870a6a13f2bb346d
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
It may be that it is already compiled in the kernel so there is no
need to load kernel module in such case.
Change-Id: Ie1d32e3fd529e13958857cb3ced6710eebde1e4d
The official Ubuntu cloud images have some further python pkgs
preinstalled that conflict with our requirements. Allow to
overwrite them.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1871485
Change-Id: I793c250cae5e7b9bc835b7016d790d1f9ae8a7f3
continue is not used in a proper context here (outside of loop). Use
null cmd instead to simply fall through the pip installation.
Signed-off-by: Michal Berger <michallinuxstuff@gmail.com>
Change-Id: Iaea2e5c0177b475edf19d08d71933a74debbb5d9
The current initiator name embedded in our CI images is not unique at
present and can often cause failures during live migrations with
attached volumes. This change ensures the name is unique by running
iscsi-iname again and overwriting the existing name.
We could potentially do this during the image build process itself but
given that devstack systems are not supposed to be multi-purpose this
should be safe to do during the devstack run.
Closes-Bug: #1945983
Change-Id: I9ed26a17858df96c04be9ae52bf2e33e023869a5
Some adaption in database handling is all that is missing. Also add a
platform job that tests this.
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I6dd3e48444dd415d84df5e7f5c74540847cdd6db
oslo.limit isn't currently in the list of libraries that can be
installed from a git repo via LIBS_FROM_GIT.
This adds oslo.limit to enable integrated testing against unmerged
oslo.limit changes.
Change-Id: I26cc567fdf4c84014040ae586bbb029b8de7a236
I83d56c9363d481bb6d5921f5e1f9b024f136044b switched the default of
DEVSTACK_PARALLEL over to True so this dedicated job is no longer
required as *all* jobs should now be using it.
Change-Id: I0f475ab177c2cd49eeb6be861cdd11581e8e0b97
In devstack job, cinder is not a valid service name and logs error
in gate[1] so remove it.
2021-09-28 05:44:47.791807 | controller | + functions-common:service_check:1603 : for service in ${ENABLED_SERVICES//,/ }
2021-09-28 05:44:47.795506 | controller | + functions-common:service_check:1605 : sudo systemctl is-enabled devstack@cinder.service
2021-09-28 05:44:47.809647 | controller | Failed to get unit file state for devstack@cinder.service: No such file or directory
[1] https://e978bdcfc0235dcd9417-6560bc3b6382c1d289b358872777ca09.ssl.cf1.rackcdn.com/801989/7/check/tempest-integrated-storage/779d1e7/job-output.txt
Change-Id: I7ca105201d82b72c7e56778425d3bce7c76047db
Attempting to use LIBS_FROM_GIT="ALL" results in a failure
due to a typo in stackrc for os-resource-classes repo.
Cloning into '/opt/stack/os-resource-classes'...
fatal: protocol ':-https' is not supported
<snip>
[ERROR] /opt/stack/devstack/functions-common:629 git call failed: [git clone :-https://opendev.org/openstack/os-resource-classes.git /opt/stack/os-resource-classes --branch master]
Remove the extraneous '='.
Change-Id: I21f86324dc15fe808b38e366f7af18c96fd3890c
It was required to build MySQL-python bindings but, for some time,
we test and rely solely on PyMySQL which is pure Python and hence
does not require this dep.
This package is going away as distros move towards MariaDB.
Change-Id: I6004ccf28a23009a0fc07bfc9458b59a927b969a
Neutron L3 module in Devstack has way to conigure access to physical
network on the node. It can put physical interface to the physical
bridge or, in case when such physical device isn't set, it creates
NAT rule in iptables.
There was missing the same operation for ML2/OVN backend as L3 agent is
not used there at all.
This patch adds the same to be done in both L3 agent and ovn_agent
modules.
Closes-Bug: #1939627
Change-Id: I9e558d1d5d3edbce9e7a025ba3c11267f1579820
This change fixes the empty value set to the gid option in rsyncd.conf,
which was caused by reference to the invalid USER_GROUP variable, and
ensures the option is set to the group which STACK_USER belongs to.
This also fixes duplicate declaration of the local user_group variable.
Closes-Bug: #1940742
Change-Id: Ifd0a5ef0bc5f3647f43b169df1f7176393971853
This change enables [workarounds]libvirt_disable_apic when devstack is
deployed using the libvirt virt driver and qemu virt type in an effort
to avoid issues outlined in bug #1939108 caused by the older kernel
currently used in Cirros 0.5.2.
Depends-On: https://review.opendev.org/c/openstack/nova/+/766043
Closes-Bug: #1939108
Change-Id: Ibb6c34133bb1c95ef11cc59d9b12a0f65502c61b
... when installed from distribution.
This is mostly to fix Ironic's gate as their ecosystem is too
broad and complex to quickly remove libvirt-python from all
possible requirements.txt
More details inline.
See also: https://review.opendev.org/c/openstack/devstack/+/798514
aka f0bf2bdff1
Change-Id: Ic44daf15e952bbe3c424984ffb2474261e68008f
ironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa
job is voting on Ironic and neutron gate which mean it is
stable enough and make sense to make it voting on devstack gate too.
ironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa is alias
job of ironic-tempest-bios-ipmi-direct-tinyipa so using the original
job instead of alias
- https://opendev.org/openstack/ironic/src/branch/master/zuul.d/ironic-jobs.yaml#L784
Change-Id: I95c67ad69e6eae6a72d25a851a71b7de85e56fd2
swift-dsvm-functional job test swift under python3 and
voting on swift gate whihc means this is a stable job now,
let's make this voting to devstack gate too.
Removing swift-dsvm-functional-py3 job as it does not exist anymore
after- https://review.opendev.org/c/openstack/swift/+/731318
swift-dsvm-functional itself is py3 job now.
Change-Id: I58847f74306194eaad132680815101a134fb4022
The MDB backend is the default in Ubuntu and specifying
HDB in debconf doesn't change it to HDB.
Closes-Bug: #1939700
Change-Id: If98f7fc8395678365fb73f0c5cd926cef083e470
Tempest is failing randomly with different reasons
as mentioned in the bug, updating swap size those
issues are not seen.
Before [1] default swap size used to be 8GB but was dropped
to 1G so need to configure it in required job itself.
Did couple of tests in [2] and with 4GB+ swap jobs are
running green. On investigation found that with qemu-5
both Ubuntu and CentOS jobs have memory crunch, currently
Ubuntu jobs are not impacted as they are running with
qemu-4.
[1] https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/750941
[2] https://review.opendev.org/c/openstack/devstack/+/803144
Closes-Bug: #1938914
Change-Id: I57910b5fde5ddf2bd37d93e06c1aff77c6e231e9
keystone has system scope feature implemented since
queens release. Now Devstack also started moving towards the new RBAC.
This commit adds a new job 'devstack-enforce-scope' which enable the
scope checks on service side and see if devstack setting are fine or not.
This job will be expanded to enable the scope checks for the other service
also once they start supporting the system scope.
This will help us to test the scope check setting.
Change-Id: Ie9cd9c7e7cd8fdf8c8930e59ae9d297f86eb9a95
The uninstall here has been around since
Ibb4b42119dc2e51577c77bbbbffb110863e5324d. At the time, there might
have been conflicts between packaged and installed pip. We don't need
it today; get-pip.py keeps itself separate enough in /usr/local on all
platforms. Thus we can also remove the suse/centos special-casing.
python3-pip is in the RPM list so we don't need to
re-install for Fedora.
Add a note on why we are over-installing pip.
Remove some old setuptools workarounds that are commented out.
Change-Id: Ie3cb81a8ff71cf4b81e23831c380f83b0381de71
* update the support distro filter
* don't install xinetd which doesn't exist in F34 any more. I think
there is probably a bit more to do with swift ring-server but that
can be a problem for another time.
* remove old F31 workaround
Change-Id:If2f74f146a166b9721540aaf3f1f9fce3030525c
This uses the python3-pip package for Fedora but maintains the status
quo for existing distributions (i.e. for Suse we run get-pip.py but
don't uninstall, and for everything else we uninstall python3-pip and
run get-pip.py to be running the latest pip).
As noted inline, installing get-pip.py over Fedora 34's package no
longer works, and likely won't ever work again. Unlike the LTS
distributions, the Fedora pip should be more up-to-date, so I think
it's best we just avoid any package overwrites.
Change-Id: I84129aadfcf585bb150a3daa39616246d3d84bbd
Earlier glance remote worker was using same cache directory used by
glance worker. Ideally both should use their own cache directory.
This patch makes provision for the same by setting different path
for image_cache_dir config option.
Change-Id: If2627e9c212fd765b96d925046c04e9cb1001c3d
This reverts commit 9dc2b88eb4.
Reason for revert: Devstack creation/setup the things are not yet moved to scope tokens so we need to wait for that first and then do the scope check enable globally.
Change-Id: If0368aca39c1325bf90abd23831118b89e746222
On some platforms, "python -m pip" isn't available. Currently this is
run undconditionally from the "get_versions" function; remove the call.
Change-Id: I91d6c66d055f02fa7b4368593b629933f82d8117
This reverts commit 7a3a7ce876 and
bcd0acf6c0 and part of
f1ed7c77c5 which all cap our pip
installs.
Given the pip ecosystem can often incorporate major changes, tracking
upstream at least generally gives us one problem at a time to solve
rather than trying to handle version jumps when LTS distros update.
The new dependency resolver included some changes that disallow
setting URL's like "file:///path/to/project#egg=project" in
constraints. Apparently the fact it used to work was an accident of
the requires/constraints mechanism; it does make some sense as the URL
doesn't really have a version-number that the resolver can put in an
ordering graph.
The _setup_package_with_constraints_edit function comment highlights
what this is trying to do
# Updates the constraints from REQUIREMENTS_DIR to reflect the
# future installed state of this package. This ensures when we
# install this package we get the from source version.
In other words; if constraints has "foo==1.2.3" and Zuul has checked
out "foo" for testing, we have to make sure pip doesn't choose version
1.2.3 from pypi.
It seems like removing the entry from upper-requirements.txt is the
important part; adding the URL path to the on-disk version was just
something that seemed to work at the time, but isn't really necessary.
We will install the package in question which will be the latest
version (from Zuul checkout) and without the package in
upper-requirements.txt nothing will try and downgrade it.
Therefore the solution proposed here is to remove the adding of the
URL parts.
This allows us to uncap pip and restore testing with the new
dependency resolver.
Closes-Bug: #1906322
Change-Id: Ib9ba52147199a9d6d0293182d5db50c4a567d677
Now, if no arguments are passed to make_cert.sh script, it will fail on:
tools/make_cert.sh: line 30: [: missing `]'
and might go on with generating certs depending on the bash settings.
It is fixed within this patch.
Change-Id: I62bf9c972ebd1644da622439e05114f245f20809
The default cinder quotas for volumes, backups, or snapshots may
be too low for highly concurrent testing, so make these configurable
in devstack.
Change-Id: Ie3cf3239b48f9905f5760ad0166eea954ecf5eed
rdo-release.el8.rpm rpm points to latest RDO release,
so use it for master, for stable releases use corresponding
release rpm.
Change-Id: I508eceb00d7501ffcfac73d7bc2272badb241494
The usage of sudo with su is not recommended. It results in incosnistent
environment variables. Instead use just sudo with appropriate arguments.
The argument '-u stack' specifies that the sudo will execute as user 'stack'.
The last argument '-i' will launch an interactive shell.
Closes-Bug: #1938148
Change-Id: I42387660480377cdf9a0b04f190e7e1f21fb354f
Starting Wallaby release, nova sanitizes instance hostnames having
freeform characters with dashes. It should be tested in Devstack.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/795699
Change-Id: I54794e58b67620c36e8f2966ec3b62dd24da745b
The glance image size limitation was added and unfortuantely
does prevent larger images from being uploaded to glance. In the
case of all baremetal testing, this value is realistically smaller
than stock "cloud" images which support booting to baremetal with
often requisite firmware blobs, which forces some images over 1GB
in size.
Adds GLANCE_LIMIT_IMAGE_SIZE_TOTAL which allows users who need
larger images to be able to override the default while still
enabling limits enforcement in their deployment. The default
value is 1000.
Change-Id: Id425aa546f1a5973bae8be9c017782d18f0b4a47
As set out in bug #1933096 these bindings are dynamically built against
the version of libvirt present in the environment at build time.
As a result using a pre-built wheel can cause AttributeError's when the
bindings have previously been built elsewhere against an older version
of libvirt installed on the host. This is currently the case in CentOS 8
stream based CI jobs where we try to use 7.4.0 bindings that appear to
be built against libvirt <= 6.10 leading to bug #1933096.
This change seeks to avoid this by installing the bindings from packages
that will always be built against the correct corresponding version of
libvirt.
Change-Id: I76184c17a776c4e1ecaab9549d9d36c8c07c60fa
Closes-Bug: #1933096
The tempest plugin expects the classic environment variables
to be present for credentials to access the cloud, but this is
wrong in cases where we're trying to setup system
scoped services and need to remove the environment variables
that was being used.
Instead, change the plugin to use the os-cloud entry definitions,
and specifically in this case devstack-admin which makes sense
until we begin to start to make tempest itself scope aware.
We likely will want to change the environment variables from being
registered in devstack at some point and completely shift towards
passing an-os-cloud parameter, but that is outside the scope of
this change as doing so will likely break all plugins.
Change-Id: I8d4ec68f116eea07bc7346f939e134fa2e655eac
In RHEL-based distributions, updating setuptools using pip removes the
files from the python3-setuptools RPM. It breaks some tools such as
semanage (which is used by diskimage-builder) that use the -s flag of
the python interpreter (don't import modules from /usr/local).
This commit reinstalls python3-setuptools to fix those applications.
Change-Id: Ib44857e83f75acf37823fae912960a801c83cf7f
Move the 'Starting Horizon' task after the end of the wait for
create_flavors.
The start_horizon function restarts the httpd server, the openstack
services are unavailable during a short period of time, so the
"openstack flavor create" calls might fail randomly.
Closes-Bug: #1932580
Change-Id: I32ee7457586e3de8ba4dfce3b1a12025f9776542
This change add an os-vif lib that declares two new variables
OS_VIF_OVS_OVSDB_INTERFACE and OS_VIF_OVS_ISOLATE_VIF
The former is introduced to workaround bug #1929446 which cause the nova
and neutron agents to periodically block waiting for ovs to respond.
OS_VIF_OVS_ISOLATE_VIF is added to address bug #1734320 when using
ml2/ovs vif isolation should always be used to prevent cross tenant
traffic during a live migration. This makes devstack more closely
mirror reality by enabling it when ml2/ovs is used and disabling it
otherwise.
Related-Bug: #1734320
Related-Bug: #1929446
Related-Bug: #1912310
Change-Id: I88254c6e22b52585506ee4907c1c03b8d4f2dac7
The Secure RBAC effort has updated Ironic such that it
can support a mode where it is scope enforcing for all
interactions with the API. Due to the design, and operating
nature of Ironic's API, services speaking with it must
authenticate with a system scope to have a full picture
of the universe.
In this case, we need to update the nova configuration
accordingly such that the compute service understands
how to talk to ironic so that it can see the nodes under
management.
Ironic will likely update this again at a later point in
time to enable a "hybrid" mixed-mode as the operating model
and related permissions *should* allow nova to use a project
scoped "owner" account with Ironic, in order to access
and command nodes to deploy. But at this time, we're
focusing on the exclusive operating mode.
Change-Id: I1946725ce08c495178c419eaf38829f921c91bbe
Needed-By: https://review.opendev.org/c/openstack/ironic/+/778957
OpenStackSDK has a feature branch "feature/r1" as a preparation for the
R1.0 release. Due to different branch naming functional tests with
devstack are not running. Add temporarily (for the duration of the
feature branch) pragma to the zuul.yaml to allow Zuul run functional
tests. It will be dropped once SDK gets next major release.
Previous attemp didn't work well for other projects, therefore
explicitly include master as well.
Change-Id: I3a5722873f395bc52cc55a0fd6bcea0ebe3b74fc
This table is no longer present on most installations, drop it
from the list to avoid error messages during log collection
that people mistake to be the real error why devstack is failing.
This may lose some debugging information in edge cases, but I
think the improvement of the general user experience is more
important.
Change-Id: Ibb9b247a018a788c8c4b40487762319fe470bf0f
Closes-Bug: 1885198
This fixes various reported and unreported issues with the new
behaviour.
Removes code repetition as well to pay off some technical debt.
Closes-Bug: #1930360
Change-Id: I726c532e96ca434520838ae8a35d5b88b6dd337b
from Tempest to DevStack as it tests DevStack side of things and
is useful for projects not using Tempest.
Verbatim copy except for the devstack- prefix and the /devstack/
path.
Change-Id: Ie166730843f874b9c99e37244e460d7ad33b7eeb
CentOS Stream 8 (aka CentOS 8 Stream) is the currently
supported runtime platform. [0]
Some background history:
The Manila team has asked QA to test centos-8-stream
in the common gate.
A bit later it turned out the point releases of CentOS 8 (aka
CentOS Linux 8) will stop happening entirely by the end of 2021.
[1]
Includes a workaround to the edk2-ovmf issue on CentOS Stream 8
x86_64.
[0] https://governance.openstack.org/tc/reference/runtimes/xena.html
[1] https://lists.centos.org/pipermail/centos-devel/2020-December/075451.html
Change-Id: Iee5a262af757f27f79ba1d6f790e949427dca190
This reverts commit 6843bc798c.
Reason for revert: not sure why but this end up disabling the integration job on check pipeline,
Change-Id: Icfaf8ea17b3ce2e405414c23f8075b18d297bf8b
example: latest recheck on PS12 check pipeline job for neutron - https://review.opendev.org/c/openstack/neutron/+/790060
OpenStackSDK has a feature branch "feature/r1" as a preparation for the
R1.0 release. Due to different branch naming functional tests with
devstack are not running. Add temporarily (for the duration of the
feature branch) pragma to the zuul.yaml to allow Zuul run functional
tests. It will be dropped once SDK gets next major release.
Change-Id: I671b589150fe731125e16316a994a5942219920b
Enable IPv6 private subnet routing in ML2/OVN, it uses the behavior that
already exists in ML2/OVS: add a route from the devstack node to the
CIDRs of the default IPv6 subnet pool. Any IPv6 subnet created using the
default subnet pool and plugged into the default router is reachable
from the host (ex: ipv6-private-subnet).
Change-Id: I02ca1d94e9f4d5ad4a06182f5ac9a2434941cf08
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:
UserWarning: Usage of dash-separated 'description-file' will not be
supported in future versions. Please use the underscore name
'description_file' instead
[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb
Change-Id: I6b8e791c06319fa5fa0935337520c36800b1abd6
This patch moves the OVS compilation module from Neutron into DevStack.
It also renamed it to "ovs_source" to highlight its function, and the
include has been moved to where the rest of the includes are located.
Although this module is not required since by default DevStack installs
OVS/OVN from the host OS packages instead of compiling from source,
this is a nice to have as it avoids having bits and pieces of the code
scattered around multiple repositories.
Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: I39ec9ce0a91bea05cf8c446a9767ab879ac8e8f3
This patch makes the OVN_L3_CREATE_PUBLIC_NETWORK configuration True by
default. This option makes the OVN lib in DevStack create & configure
the external bridge, matching the same behavior from the OVS driver
in DevStack.
Change-Id: Icda53b95fdc3c169ac48a6ec4343c87ba404baa4
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
devstack unit test job does not set any nodeset
and so does use default nodeset defined in base jobs
in opendev. When opendev switches the default nodeset to
the latest distro version, devstack unit test job can start
failing. Example:
- https://review.opendev.org/q/I01408f2f2959b0788fe712ac268a526502226ee9
- https://review.opendev.org/q/Ib1ea47bc7384e1f579cb08c779a32151fccd6845
To avoid such a situation in future, let's set the working nodeset
for this job also so that when we cut the stable branch we can
run it on the working distro version.
Change-Id: I302140778fedf08bc8ba72c453837fa7b8f8f9ae
When Glance is configured with a cinder glance_store, Cinder can be
configured to allow cloning of image data directly in the backend
instead of transferring data through Glance. Expose these
configuration options in devstack to facilitate testing this feature.
Adds:
- CINDER_ALLOWED_DIRECT_URL_SCHEMES
- GLANCE_SHOW_DIRECT_URL
- GLANCE_SHOW_MULTIPLE_LOCATIONS
Change-Id: Iee619b443088fd77cf7b1a48563203bdf4a93a39
The dstat project is no longer maintained.
The pcp-dstat package installs a dstat command so no further updates to
the scripts should be needed.
Change-Id: Ied8c9d29bed4f887c364db7080a0f2a0c02328af
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
This reverts commit 5c304d8176.
Reason for revert: There are more things to fix/move like done in 791085 and 791282 Also let's change all required default in devstack scripts instead of devstack's zuul job side. Basically do this change without any change in .zuul.yaml
Change-Id: Ie0f59d1b9a4b97ad9fd8131819054dfb616f31fd
Sphinx 4.0.0 added a new dependency [0] which is causing the job to fail
at the moment.
This patch fix the problem by adding UC to the docs jobs.
[0] https://www.sphinx-doc.org/en/master/changes.html (LaTeX: add
tex-gyre font dependency)
Change-Id: I28019331017405c06577ada88f8e9f6d9a2afc23
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
As part of the Victoria PTG the Neutron community [0] agreed on changing
the default backend driver from ML2/OVS to ML2/OVN in DevStack. A lot of
changes have been submitted towards this goal including but not limted
to:
* Moving the OVN module to DevStack:
https://review.opendev.org/c/openstack/devstack/+/734621
* Updating the OVN module to use distro packages instead of compiling
OVN from source: https://review.opendev.org/c/openstack/devstack/+/763402o
And now this patch is changing the the actual Q_AGENT,
Q_ML2_TENANT_NETWORK_TYPE and Q_ML2_PLUGIN_MECHANISM_DRIVERS values in
devstack to what is expected by OVN as well as updating the Zuul
templates to enable the OVN services.
[0] https://etherpad.opendev.org/p/neutron-victoria-ptg
Change-Id: I92054ce9d2ab7a42746ed5dececef583b0f8a833
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
The configure_neutron_nova function updates nova configs. While that is
still running we separately update nova configs in stack.sh. This can
result in unexpected configs (that don't work). Fix this by waiting for
configure_neutron_nova to complete its work before we do nova config
updates directly in stack.sh.
For specifics we say that:
[neutron]
project_domain_name = Default
was missing from both nova.conf and nova-cpu.conf and instances could
not be created because keystone complained about not finding domain in
project. The strong suspicion here is that on some systems
configure_neutron_nova would write out project_domain_name while the
stack.sh inisets were running resulting in stack.sh overwriting the
project_domain_name content.
One theory is that disabling swift makes this problem more likely as
there is swift work in the middle of the async period. This is supported
by the fact that our job that hits this problem does indeed disable
swift.
Change-Id: I0961d882d555a21233c6b4fbfc077cfe33b88499
Since victoria cycle, we have moved upstream testing to
Ubuntu Focal (20.04) and so does no Bionic distro in
Xena cycle testing runtime[1]. Grenade jobs also started
running on Focal since victoria was released.
Only thing left was legacy jobs which were not migrated to
Ubuntu Focal in Victoria and as per another community-wide
goal[2], all the lgeacy jobs were suppsoed to be migrated
to zuulv3 native jobs in victoria cycle itself. One of the
pending job was in nova (nova-grenade-multinode) which is also
migrated to zuulv3 native now
- https://review.opendev.org/c/openstack/nova/+/778885
If there is any job running on bionic, we strongly recommend
to migrate it to Ubuntu Focal.
[1] https://governance.openstack.org/tc/reference/runtimes/xena.html
[2] https://governance.openstack.org/tc/goals/selected/victoria/native-zuulv3-jobs.html
Change-Id: I39e38e4a6c2e52dd3822c9fdea354258359a9f53
If a pid disappears on us while we're reading, we should just continue
on.
EnvironmentError is just an alias for OSError since Python 3.3, so use
the latter name. [0]
[0] https://docs.python.org/3/library/exceptions.html#OSError
Change-Id: I3a25cca328e1469f72c84a118a9691c1c0258bc4
Closes-Bug: #1926434
If5c860d1e69aaef9a9236303c370479a7714ad43 attempted to move this default
to lioadm while pinning certain Bionic based jobs to tgtadm.
Unfortunately it missed the legacy dsvm based jobs within various
projects that do not inherit from the devstack-platform-bionic base job
and that are also not covered by devstack's gate.
This change simply forces CINDER_ISCSI_HELPER to tgtadm on Bionic based
hosts to ensure it is always used.
Closes-Bug: #1926411
Change-Id: Ib4b38b45f25575c92fb09b8e97fa1b24af0cc06a
As outlined in bug #1917750 the use of tgtadm in multinode environments
with multiple c-vol services can cause volumes to use duplicate WWNs.
This has been shown to cause some encrypted volume test failures as
os-brick returns a /dev/disk/by-id path to n-cpu that can point to the
wrong underlying volume when multiple volumes with the same WWN are
connected to a host.
There is also some speculation that the duplicate WWNs are also causing
libvirt to fail to detach volumes from instances but as yet this has not
been proven.
This change aims to avoid all of the above by switching the default of
CINDER_ISCSI_HELPER to lioadm for all deployments instead of just EL and
SUSE based deployments.
The Bionic platform job however is pinned to tgtadm as there issues
installing python3-rtslib-fb.
Closes-Bug: #1917750
Change-Id: If5c860d1e69aaef9a9236303c370479a7714ad43
This dumps some data in the case where we fail to wait for a child
pid to help debug what is going on. This also cleans up a few review
comments from the actual fix.
Change-Id: I7b58ce0cf2b41bdffa448973edb4c992fe5f730c
Related-Bug: #1923728
Apparently bash (via POSIX) only guarantees a small (32ish) number of
children can be started and their statuses retrieved at any given
point. On larger jobs with lots of plugins and additional work, we
may go over that limit, especially for long-lived children, such
as the install_tempest task.
This works around that issue by creating a fifo for each child at
spawn time. When the child is complete, it will block on a read
against that fifo (and thus not exit). When the parent goes to wait
on the child, it first writes to that fifo, unblocking the child so
that it can exit near the time we go to wait.
Closes-Bug: #1923728
Change-Id: Id755bdb1e7f1664ec08742d034c174e87a3d2902
Due to issue on stckviz side, job start
failing with POST_FAILURE. If we fix the
issue still we need to wait for periodic job
periodic-package-stackviz-element to publish
the latest tarball on https://tarballs.openstack.org/stackviz/dist/.
Let's not fail the job for any issue occur during
stackviz processing.
Closes-Bug: 1863161
Change-Id: Ifee04f28ecee52e74803f1623aba5cfe5ee5ec90
Ceph adds the osd pool default size option on ceph.conf via [1];
this means we don't need to specify the size of this pool if
the same value (same variable) is used (CEPH_REPLICAS).
This change is an attempt of removing the size setting, relying
on the implicit declaration of the value provided by ceph.conf.
[1] https://github.com/openstack/devstack-plugin-ceph/blob/master/devstack/lib/ceph#L425
Change-Id: I5fa2105ceb3b97a4e38926d76c1e4028f1108d4a
As reported in bug #1920136 the tempest-integrated-compute job has
started to see insufficient free virtual space errors being reported by
c-sch and c-vol when creating volumes. This change simply increases the
default size of the underlying LVM PV used to host these volumes within
the default LVM/iSCSI c-vol backend deployed by devstack.
Change-Id: I965d4a485215ac482403f1e83609452550dfd860
Closes-Bug: #1920136
This patch adds a new environment variable, CINDER_BACKUP_DRIVER for
configuring cinder backup driver used when c-bak service is enabled.
This gets cinder backup driver configurable with a similar pattern to
cinder backends. Although the current configurable backup drivers don't
need cleanup functions, the interface for cleanup is prepared for the
future.
The following backup drivers can be configured:
swift:
This is the default backup driver.
ceph:
This already can be configured if ceph backend driver is enabled. For
backward compatibility, ceph backup driver is used if ceph backend
driver is enabled and no backup driver is specified.
s3_swift:
The s3 backup driver gets configurable with this patch. By specifying
's3_swift', the driver is configured for swift s3api.
In the future, lib/cinder_backups/s3 should be created separatedly for
external S3 compatible storage. This file will just set given parameters
such as a URL and credentials.
Change-Id: I356c224d938e1aa59c8589387a03682b3ec6e23d
Devstack script for setting post-config needs gawk.
So this patch moves gawk from files/*/nova into files/*/general.
Closes-Bug: #1909041
Change-Id: I06a1a5524f146a8d7337963e846b5a6b7561be13
Several jobs have been running in parallel since the late Wallaby
cycle, and other developers have had it enabled locally. I have heard
no async-related stability or debug-ability complaints thus far.
I think that we should convert the default to parallel early in the
Xena cycle in an attempt to spread the speed improvements across the
board, while also collecting data on a wider set of configurations.
Change-Id: I83d56c9363d481bb6d5921f5e1f9b024f136044b
Conder started moving to new RBAC and cinder-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on cinder side and on Temepst side to tell
cinder is all configured with scope checks and test can be run with
scoped token.
Change-Id: Ic7cd919c000c4e7b9a3a06638a5bd87b1617e749
Glance started moving to new RBAC and glance-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on glance side and so does on Temepst side to tell
glance is ready with scope checks so that test can be run with
scoped token.
Change-Id: I09f513d08212bc80a3a86a750b29b1c6625d2f89
Keystone-tempest-plugin has implemented the secure RBAC
tests and enabling the enforce_scope via keystone devstack
plugin. Doing those setting in devstack will help to manage
easily and in central place also avoid restarting the api
service.
Change-Id: I30da189474476d3397152a0a15c2e30a62d712ad
When installing OVN from packages, the rpm for Fedora / CentOS pre set
some configurations that conflicts with the post configuration done by
DevStack.
This patch fixes this problem by erasing the pre-set configuration from
the packages and leaving it to DevStack to configure OVN for its use
(just like we would do when compiling it from source).
Change-Id: I9c18023c9aa79c0633748a6169f4f283e9d74ef0
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Based on resolution [1], there's no clear indication that next
steps involve the removal of the DB from Devstack or from the gate.
[1] I332cef8ec4539520adcf37c6d2ea11488289fcfd
This reverts commit d9aaae95f2.
Change-Id: I8410d65c0e0b24035aa035fac7560a686d53ec50
This only applies to the LVM driver (when using
thick provisioning), and doesn't have any effect on
other backends like NFS, so only write the conf entry
for LVM.
Change-Id: I722ba2fa0010d9887ed9b7fdd9e050cd4694768e
DEFAULT_VOLUME_GROUP_NAME volume group is LVM ephemeral storage used by
Nova. It is created by init_nova() if user sets NOVA_BACKEND to "LVM".
However, init_cinder() is also hardcoded to create it, based on the
asumption that CINDER_ENABLED_BACKENDS includes it. That assumption
doesn't hold for the current code. What's more important, even if user
wants to use DEFAULT_VOLUME_GROUP_NAME as one of cinder backends and
adds it to CINDER_ENABLED_BACKENDS, the current code in init_cinder()
are general enough and should work fine. This change removes relevant
code in init_cinder(). It also moves DEFAULT_VOLUME_GROUP_NAME clean-up
code from unstack.sh to cleanup_nova().
Change-Id: I53762f8eda6256f962cc4e1f1098406879bbcf5c
VPNaaS agent is going to be an L3 agent extention.
Related-Bug: #1692128
Depends-On: I0b86c432e4b2210e5f2a73a7e3ba16d10467f0f2
Change-Id: Id827274b7c74cdf71db6d1f2ab3eadb5fef099f5
2017-10-17 12:59:27 +09:00
169 changed files with 5563 additions and 3522 deletions
@@ -155,5 +149,9 @@ function has_neutron_plugin_security_group {
return 0
}
function configure_qos_ml2 {
neutron_ml2_extension_driver_add "qos"
}
# Restore xtrace
$_XTRACE_NEUTRON_ML2
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.