pre-commit has been introduced to number of projects like oslo to run
lint checks such as hacking. The pre-commit config file does not affect
functionality, so devstack job is not needed when only the file is
updated.
Change-Id: I4294fe0c4df2c36c8575613b05a1f9c2eb745d18
The datetime.utcnow() is deprecated in Python 3.12.
Replace datetime.utcnow() with
datetime.now(datetime.timezone.utc).replace(tzinfo=None).
Change-Id: I9bf6f69d9e174d490bb4f3eaef3b364ddf97a954
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
smooney noted that using your DevStack host as a jump host is yet
another reasonable option. Add this option also.
Change-Id: I24887c254e131a8979653a7d17e64a708acf294a
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Detail how one can SSH into guests running on a remote DevStack host.
Change-Id: I9f988b1193d67859b129f05d08b32a23e50aee49
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is really easy win for people using DevStack for the first time.
Change-Id: I8de2d4d115d34e9d87dd461016b5b894d3f000e7
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
sphinxcontrib-nwdiag does not appear to be maintained anymore [1] and
there have been no releases in nearly 5 years. Statically generate the
images and include them this way. We can revert this change if the
maintainership issue resolves itself.
sphinxcontrib-blockdiag has had activity more recently [2], but it's
still been nearly 3 years. More importantly, we don't actually use it so
there's no reason to keep it around.
[1] https://pypi.org/project/sphinxcontrib-nwdiag/#history
[1] https://pypi.org/project/sphinxcontrib-blockdiag/#history
Change-Id: Ic5244c792acd01f8aec5ff626e53303c1738aa69
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is the latest cirros release, featuring an updated kernel and some
fixes and added features, let's use it.
[0] https://github.com/cirros-dev/cirros/releases/tag/0.6.3
Change-Id: I2506fa713e0426789fa40a5f4f7fd4e963a158f0
Do this the same way we do it for Nova, to make for easier review.
Change-Id: I31877705894a21570f130723e0a27ff38f945eea
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is optional. There's no need to include it.
Change-Id: I2e745865696dbb317f819ecb74f5b5df88a9ed76
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This was needed when 'block-storage' pointed to the v2 API. This is no
longer the case (and hasn't been for some time). This is unnecessary
duplication now.
Change-Id: I00cfb56d3e54d0162b1609f4bf58814e9000c103
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/tempest/+/930296
devstack-platform-ubuntu-noble was added in
Ie1f8ebc5db75d6913239c529ee923395a764e19c
and has been runnning for a little over 2 months
in that time
https://zuul.openstack.org/builds?job_name=devstack-platform-ubuntu-noble
the job has been pretty stable so its time to make
this voting in advance of it becoming required in the
2025.1 release.
Change-Id: Iffd6ccf9603117d6720931e260afa2da13c26ec4
... to resolve the following warning.
[WARNING] Deprecated '--debug' flag is set to true (use
'--log-level=debug' instead
Change-Id: Idb412cea64dfc42e3d1223b77f134804eeb7bd60
Glance is implementing new location APIs, for which, cinder needs
to pass service token to register a location in glance.
This is required in the case when glance is using cinder as a backend
and cinder tries to upload a volume in the optimized path.
We are adding a new option, ``CINDER_USE_SERVICE_TOKEN`` that will
configure the service user section in cinder.conf. By default, it
is set to False.
Change-Id: I0045539f1e31a6d26c4f31935c5ddfaaa7607a48
When glance is using cinder as a backend, we can use optimized
path for upload volume to image operation.
The config options image_upload_use_cinder_backend and
image_upload_use_internal_tenant are used to configure optimization
in the upload volume to image workflow where we create a cinder
volume in the internal service project and register the location
in glance.
Recently it was found that the glance location API workflow was
broken[1] for the upload volume case and it wasn't detected because we
are not testing it in our glance cinder job "cinder-for-glance-optimized".
This patch adds the config option to test the optimized path.
Note that the optimized upload functionality is only possible when glance
uses cinder as it's backend since it uses clone volume functionality to
clone the Image-Volume from the source volume.
[1] https://bugs.launchpad.net/glance/+bug/2054575
Change-Id: I521ed04696a5a545b2a2923cf8008bd64add7782
This is another occurrence of the issue fixed in bug
1786259 with change I30bf655f which occurs when there
are multiple IPv6 gateways present.
Before this change:
$ source openrc
+++++functions-common:get_default_host_ip:776 ip -f inet6 addr show 100
Device "100" does not exist.
This is because the ip route command returns:
default proto ra metric 100 expires 1497sec pref medium
nexthop via fe80::4e16:fc01:298c:98ed dev ens3 weight 1
nexthop via fe80::4e16:fc01:2983:88aa dev ens3 weight 1
Related-Bug: #1786259
Change-Id: I7729730df66a4dc7ee11df1d23b19b9c0794b575
This generates the test images in os-test-images and also configures
tempest to know where it is (and if image conversion is enabled in
glance).
Change-Id: Ib74002828a77838ab95d2322e92bdab68caac37c
The configuration variable can be checked in the Neutron configuration
during the post-config phase when the configuration files and sections
are merged together.
Closes-Bug: #2075342
Change-Id: Ic42463e2f72488a1b14ce49e4e435cb4a2c0c855
Relatively recently oslo.log 6.1.0 was released and contains change
I7966d4f4977b267f620946de4a5509f53b043652 which added an option to
enable color in logs which defaults to False. This caused a change in
behavior for DevStack such that viewing logs with journalctl no longer
showed different colors for different log levels, which can make
debugging more difficult when developing with DevStack.
This adds olso.log color configuration based on the existing $LOG_COLOR
DevStack variable for log color which defaults to True for interactive
invocations.
Change-Id: If10aada573eb4360e81585d4fb7e5d97f15bc52b
This can be fleshed out more in the future, including with information
about managing plugins, but this is a start.
Change-Id: I1094d093b704e37370e3e434ebf3697954e99da3
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The "neutron-rpc-server" is not a configurable service that can be
enabled or disabled. This service is a dependant process of the
"neutron-api-server" service that is spawned when the Neutron API
uses the WSGI module. The execution of this child service will depend
on:
* The Neutron API service when running with the WSGI module. If
the Neutron API uses the eventlet module, this service won't run
(the RPC workers will be spawned by the eventlet server).
* The "rpc_workers" configuration variable. If this variable is
explicitly set to "0", the server must not run.
Closes-Bug: #2073844
Related-Bug: #2073572
Change-Id: Ic019423ca033ded8609d82bb11841b975862ac14
When the Neutron WSGI module is used, an independent service called
"neutron-rpc-server" is configured and executed. However it will fail
if the number of RPC workers is configured to zero. In that case,
the configuration and execution of this service should be skipped.
If the service is explicitly disabled in the devstack configuration,
it won't be executed neither.
Closes-Bug: #2073572
Change-Id: Idd023a2a8f588152221f20a13ae24fbb7d1618a4
one observation we had in down stream ci is
sometimes the cirros 0.6.2 image appared to
crash when using 128MB of ram.
upstream we have been dealing with semi random
kernel panics which are losely corralated with
cinder volume usage.
Recently we optimisted the devstack jobs by using zswap
this has reduced memory pressure in the jobs.
This patch increase the ram allocated to a flavor
to see if we can afford that with the current conncurnace
level in an attempt to reduce kernel panics.
Two new parmaters are added to allow jobs or users
to set the desired ram size.
TEMPEST_FLAVOR_RAM=${TEMPEST_FLAVOR_RAM:-192}
TEMPEST_FLAVOR_ALT_RAM=${TEMPEST_FLAVOR_ALT_RAM:-256}
Change-Id: Ib6a2d5ab61a771d4f85bd2c2412052efadc77ac5
Each service should only be using that service's user account within its
configuration, in order to reduce the possible impact of credential
leaks. Start with nova, other services will follow.
Change-Id: I6b3fef5de05d5e0cc032b83a2ed834f1c997a048
This new service is spawned when using Neutron WSGI module. This new
service executes the OVN maintenance task that syncs the Neutron
database and the OVN database.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/922074
Related-Bug: #1912359
Change-Id: I495459cd9e35e2e76ba7fc9611a589e1685814f5
A config option is being added in nova with [1]
in order to allow configuring lower tb-cache size
for qemu guest VMs.
This patch adds a flag in devstack so jobs can
utilize it to set required tb-cache size.
[1] https://review.opendev.org/c/openstack/nova/+/868419
Co-Authored-By: Sean Mooney <work@seanmooney.info>
Related: blueprint libvirt-tb-cache-size
Change-Id: Ifde737eb5d87dfe860445097d1f2b0ce16b0de05
This commit enabeles a number of performance optimizations
to tune the host vms memory and io by leveraging zswap
and other kernel parmaters to minimize the effect of io
latency and memory pressure.
The openstack-cli-server has been enabled in the nova ci
for several months now and has proven to speed up devstack
signifcantly, while this change does not enable it by
default in devstack it does enable it by default in the ci
jobs.
simiarly the zswap and other tuning remain disabled by default
in devstack but are enabled by default in the devstack job.
This change limits the qemu tb_cache_size to 128MB form 1G,
this requires libvirt 8.0.0 or newer. as bullseye and
openeuler-22.03 do not meet that requirement they have been
removed. libvirt 8.0.0 will be the new min version supported
in nova in the 2025.1 release so the decions was made
to drop supprot for older release now instead of doing it
at the start of the 2025.1 cycle. debain coverage is still
provided by the newer bookworm relase. openeuler-22.03 has
been superseded by the openeuler-24.03 lts release.
openeuler-24.03 is not currnetly aviable in ci but supprot
could be readded if desired however that is out os scope of
this change.
Change-Id: Ib45ca08c7e3e833b14f7e6ec496ad2d2f7073f99
This change installs setuptools in the requirements
and global venv to ensure that distutils is present
This change also adds new single and two node
nodeset for noble and a devstack platform job as nonvoting.
Change-Id: Ie1f8ebc5db75d6913239c529ee923395a764e19c
This new service is spawned when using Neutron WSGI module. This new
service executes the plugin workers inside a wrapper executor class
called ``AllServicesNeutronWorker``. The workers are executed as
threads inside the process.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/922110
Related-Bug: #2069581
Change-Id: I6b76b7bcee1365c80f76231e0311406831f8ce41
Only branches with stable/ as prefix were considered
but now we have branches even with different
prefix like unmaintained/, fix it to consider
such cases by using a generic filter instead of
assuming branch name starts with stable.
Change-Id: I967de13094ff6df46737a22d4e1758f9900dfbc9
After patch [1] deploying neutron with uwsgi was not working correctly
due to the fact that there was different paths for the applications
set in the api-paste.ini file. Instead of default ones like:
/: neutronversions_composite
/healthcheck: healthcheck
/v2.0: neutronapi_v2_0
it was changing it to something like:
/networking/: neutronversions_composite
/networking/healthcheck: healthcheck
/networking/v2.0: neutronapi_v2_0
where 'networking' can be configured to something else.
This patch fixes deployment of neutron with uwsgi by not changing its
api-paste.ini file when NEUTRON_DEPLOY_MOD_WSGI=True.
[1] https://review.opendev.org/c/openstack/devstack/+/849145
Closes-bug: #2069418
Change-Id: I12b860d4d98442e2b5ac0c9fd854f1226633b518
This is no longer necessary and any users of this should be updated to
remove references.
Change-Id: Ice5083d8897376fd2ed6bd509419526e15baaf12
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
All clients - OSC included - use keystoneauth under the hood which
hasn't required this in a very long time. Stop setting it and remove the
warning.
We also remove references to 'NOVA_*' variables that haven't been a
thing since well before *I* started working on OpenStack 😅
Change-Id: I882081040215d8e32932ec5d03be34e467e4fbc2
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Currently, when enabling c-bak service, the backup tab will not
be shown on Horizon by default. This patch tells Horizon to
display backup dashboard when c-bak is enabled.
Closes-Bug: 2064496
Change-Id: I06295706e985bac58de2878c6d24c51f3267c205
Signed-off-by: MinhNLH2 <minh.nlh.work@gmail.com>
OpenStackClient has a significant amount of startup overhead, which
adds a non-trivial amount of time to each devstack run because it makes
a lot of OSC calls. This change uses the OSC service from [0] to run
a persistent process that handles openstack calls. This removes most
of the startup overhead and in my local testing removes about three
minutes per devstack run.
Currently this is implemented as an opt-in feature. There are likely a
lot of edge cases in projects that use a devstack plugin so turning it
on universally is going to require boiling the ocean. I think getting
this in and enabled for some of the major projects should give us a lot
of the benefit without the enormous effort of making it 100% compatible
across all of OpenStack.
Depends-On: https://review.opendev.org/c/openstack/nova/+/918689
Depends-On: https://review.opendev.org/c/openstack/ironic/+/918690
Change-Id: I28e6159944746abe2d320369249b87f1c4b9e24e
0: http://lists.openstack.org/pipermail/openstack-dev/2016-April/092546.html
Make it a little more obvious what the difference between the two helper
functions is.
Change-Id: I07ec34ecfcd2b7925485145c4b4bf68eda385a32
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
We'd like to move from configuring uWSGI with '.wsgi' files to
configuring with module paths. Do this for all in-tree services and log
a deprecation warning for anyone still passing a path.
Note that since 'basepath foo' returns 'foo', this is effectively a
no-op for the services being converted here.
Change-Id: Ia1ad5ff160a9821ceab97ff1c24bc48cd4bf1d6f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
devstack doesn't do releases, so there should be no release notes,
either. Drop the one that was accidentally created to avoid confusion.
Change-Id: I75a295e50c36925a0137a5458444fb48bd5d9f8a
This is more likely how people will actually upload their images, but
it also prevents the "osc as a service" feature from working because
stdin isn't proxied (of course). So just convert our uses of "image
create" to use --file instead of stdin.
Change-Id: I7205eb0100ba7406650ed609cf517cba2c8d30aa
Running stack.sh on a python 3.12 system generates this
warning from worlddump.py:
DeprecationWarning: datetime.datetime.utcnow() is deprecated
Use datetime.now(timezone.utc) instead, which should be
backwards-compatible with older python versions.
TrivialFix
Change-Id: I11fe60f6b04842412045c6cb97f493f7fef66e1a
pbr's 'wsgi_scripts' entrypoint functionality is not long for this world
so we need to start working towards an alternative. We could start
packaging our own WSGI scripts in DevStack but using module paths seems
like a better option, particularly when it's supported by other WSGI
servers like gunicorn.
Currently only nova is migrated. We should switch additional projects as
they migrate and eventually remove the support for WSGI scripts
entirely.
Change-Id: I057dc635c01e54740ee04dfe7b39ef83db5dc180
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/nova/+/902687/
The variable should be in quotes for the check to work
Testing the behavior in bash:
current behavior:
$ config_file=""
$ if [ -n ${config_file} ]; then echo a; fi
a
$ config_file="abc"
$ if [ -n ${config_file} ]; then echo a; fi
a
behavior with quotes:
$ config_file=""
$ if [ -n "$config_file" ]; then echo a; fi
$ config_file="abc"
$ if [ -n "$config_file" ]; then echo a; fi
a
Change-Id: Iba956d9d4f43b925848174a632aabe58999be74b
This patch removes a couple of tempest.conf settings that are being
overwrriten when Keystone is set to enforce scope.
These settings are already being set by the keystone devstack plugin [1]
and do not need to be overwritten here.
Keystone is changing the default admin credentials to be project-admin
instead of system-admin to address some failing tests in services that
require project-scoped admin for their admin APIs. [2] These overrides
are preventing that change from taking effect.
[1] https://opendev.org/openstack/keystone/src/branch/stable/2024.1/devstack/lib/scope.sh#L24-L25
[2] https://review.opendev.org/c/openstack/keystone/+/913999
Change-Id: I48edbcbaa993f2d1f35160c415986d21a15a4999
Updated clean.sh to remove Glance's Apache uWSGI config files in
APACHE_CONF_DIR, including /etc/apache2/sites-enabled/ on Ubuntu.
Test Plan:
- Run clean.sh.
- Confirm Glance uWSGI configs are removed from APACHE_CONF_DIR.
Closes-Bug: #2057999
Change-Id: I44475b8e084c4b20d7b7cb7f28574f797dbda7a2
The ubuntu-xenial labels are going to disappear from opendev as that
image is EOL and will we deleted. Clean up our zuul config.
Update some example reference as well.
Change-Id: Id04110f7c871caa1739ff2b62e9796be4fb9aa00
In the _setup_package_with_constraints_edit name of the package was
always discovered from the setup.cfg file. But as some projects
implements PEP-621 (see [1] for the SQLAlchemy for example) it is not
enough now.
This patch adds parsing pyproject.toml file also if name is not found in
the setup.cfg file.
[1] https://github.com/sqlalchemy/sqlalchemy/commit/a8dbf8763a8fa2ca53cc01033f06681a421bf60b
Closes-Bug: #2052509
Change-Id: Iee9262079d09a8bd22cd05a8f17950a41a0d1f9d
Making newly introduced `centralized_db` driver as default cache
driver for glance so that it can be tested in available CI jobs.
New cache driver `centralized_db` needs `worker_self_reference_url`
in glance-api.conf file otherwise glance api service will fail to
start.
Related blueprint centralized-cache-db
Depends-On: https://review.opendev.org/c/openstack/glance/+/899871
Change-Id: I75267988b1c80ac9daa5843ce8462bbac49ffe27
The bashate tool has been very stable for a while and we rarely expect
changes which may break existing scripts.
This removes the current capping to avoid updating the upper limit when
when a new release is created in bashate.
Change-Id: Iae94811aebf58b491d6b2b2773db88ac50fdd737
zswap should only be enabled if ENABLE_ZSWAP is true.
The if condition was checking ENABLE_KSMTUNED.
That is now fixed.
Change-Id: I76ba139de69fb1710bcb96cc9f638260463e2032
This change add a new lib/host-mem file and moves the existing
ksm support to a new configure_ksm function.
Additional support for ksmtuned is added with a new flag
"ENABLE_KSMTUNED" which defaults to true.
This change also adds support for zswap. zswap is disabled
by default. When enabled on ubuntu lz4 will
be used as the default compressor and z3fold as the zpool.
On non debian distros the compressor and zpool are not set.
The default values should result in very low overhead although
the zstd compressor may provide better overall performance in ci
or with slow io due to the higher compression ratio.
Additionally memory and network sysctl tunings are optionally applied
to defer writes, prefer swapping and optimise tcp connection
startup and keepalive. The sysctl tunings are disabled by default
The base devstack job has been modifed to enable zram and sysctl
tuning.
Both ksm and zswap are wrapped by a tune_host function
which is now called very early in devstack to ensure
they are configured before any memory/network intensive
operations are executed.
The ci jobs do not enable this functionality by default.
To use this functionaltiy define
ENABLE_SYSCTL_MEM_TUNING: true
ENABLE_SYSCTL_NET_TUNING: true
ENABLE_ZSWAP: true
in the devstack_localrc section of the job vars.
Change-Id: Ia5202d5a9903492a4c18b50ea8d12bd91cc9f135
The Neutron OVN agent is a service that could run in any node. The
functionality will depend on the extensions configured. This new
agent is meant to be the replacement for the Neutron OVN metadata
agent once the "metadata" extension is implemented in this service
[1].
[1]https://review.opendev.org/c/openstack/neutron/+/898238
Related-Bug: #2017871
Change-Id: I8f82f0047e89aac122a67f59db84f03e1a6bf519
This preserved `ADITIONAL_VENV_PACKAGES` as an input for backwards
compatiblity, but takes `ADDITIONAL_VENV_PACKAGES` with priority.
Fixes spelling in comment.
Related-Bug: #2046936
Change-Id: I84151d8f71b12da134e8fb9dbf3ae30f2a171fe2
Looking at the recent failures in the tempest-integrated-compute
job, the reimage operation seems to be taking longer than our
expected time of 60 seconds (which was increased because of a similar
failure in the past, default is 20 seconds).
The main culprit for this failure is the image conversion from qcow2
to raw which is taking ~159 seconds.
Dec 05 13:29:59.709129 np0035951188 cinder-volume[77000]: DEBUG oslo_concurrency.processutils [req-5113eccb-05ba-486a-8130-a58898c8ad35 req-0edf972a-109a-465f-a771-ceb87ecbda3e tempest-ServerActionsV293TestJSON-1780705112 None] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf qemu-img convert -O raw -t none -f qcow2 /opt/stack/data/cinder/conversion/image_download_dbe01f18-1c90-4536-a09a-b49f0811c7a0_copod3cm /dev/mapper/stack--volumes--lvmdriver--1-volume--073a98e8--3c89--4734--9ae5--59af25f8914a" returned: 0 in 159.272s {{(pid=77000) execute /opt/stack/data/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422}}
The recent run took ~165 seconds on the cinder side but it failed
early since the nova operation timed out in 60 seconds hence
deleting the volume.
To be on the safer side, 180 seconds seems to be a sane time for
the operation to complete which this patch configures.
Closes-Bug: 2046252
Change-Id: I8a9628216038f6d363cab5dd8177274c9cfc17c2
Downloading an image can fail due to network issues, so let's
retry 5 times before giving up. We have seen issues in CI due
to network issues as described below and in the Related-Bug:-
Often times fetching Fedora image in FIPS jobs fails due to
"GnuTLS: One of the involved algorithms has insufficient security level."
This occurs when request to pull image is redirected to a mirror that's
incompatible with FIPS enabled system.
Making multiple attempts to download images could provide better chance of
pulling images from different mirrors and avoid failure of the job.
This will also save a few rechecks.
Related-Bug: #2045725
Change-Id: I7163aea4d121cb27620e4f2a083a543abfc286bf
Added new devstack variable `GLANCE_CACHE_DRIVER` default
to `sqlite` to set the cache driver for glance service.
Related blueprint centralized-cache-db
Change-Id: I76d064590356e2d65bfc6a3f57d1bdaeeb83a74a
This reverts commit 67630d4c52.
Reason for revert: Seeing random failures across jobs as sometimes
'keyring_pass.cfg' gets duplicated keys and that makes executions
of any openstackclient command to fail until the file is removed.
This should be handled before re enabling the token caching again.
Change-Id: I3d2fe53a2e7552ac6304c30aa2fe5be33d77df53
Related-Bug: #2042943
Originally we only had the openeuler jobs there, but the other platforms
could also do with some regular testing.
Change-Id: I93526a4c592d85acd4debf72eb59e306ab8e6382
openEuler 22.03 LTS support was removed from devstack in last
few months due to its libvirt version is too old and the CI job
always fail.
This Patch add a yum repository for libvirt7.2.0, and add the
related CI job to make sure its works well.
Change-Id: Ic507f165cfa117451283360854c4776a968bbb10
currently id you run devstack with the dbcounter service enabled
the created subdirs show up in git status
this change justs add them to .gitgnore
Change-Id: Iee48eb4e12ac22734c8a2c1dcbe0b92a0a387eaa
SDK uses python keyring library to enable token caching. Normally this
is requiring a proper desktop (interactive) session, but there are some
backend plugins working in non-interactive mode. Store cache in an
unencrypted file on FS (this is not worse than storing passwords in
plaintext).
Change-Id: I42d698f15db5918443073fff8f27b926126d1d0f
Neutron bobcat release has enabled the RBAC new defaults
by default. With the latest release of Neutron have new
defaults enable, we should configure the same by default in
devstack. This change make NEUTRON_ENFORCE_SCOPE flag to
True by default so that every job will run with Neutron
new defaults.
As old defaults are still supported (in deprecated way),
we will keep this flag so that we can have one job disable
it and test the old defaults.
Change-Id: I3361d33885b2e3af7cad0141f9b799b2723ee8a1
... so that we can use PyMemcacheCache backend. The MemcachedCache
backend, which has been used previously, has been removed in recent
Django, and we are switching the default backend in [1].
[1] https://review.opendev.org/c/openstack/horizon/+/891828
Change-Id: Ie1da8970628e34c41721198cdada8c7bb3b26ec0
Developers that need to stack and re-stack non-AIO compute-only
environments will want to be able to keep the compute node uuid the
same across runs. This mimics the behavior of a deployment tool that
pre-creates the uuids, so it matches pretty well. Default to the
current behavior of create-on-start, but allow forcing it ahead of
time to something specific.
Change-Id: Icab0b783e2233cad9a93c04758a5bccac0832203
Neutron has deprecated linuxbridge support and is only doing reduced
testing for the neutron-linuxbridge-tempest job, so we need no longer
run it in devstack, even less gate on it.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie1a8f978efe7fc9b037cf6a6b70b67d539d76fd6
The depends-on patch adds a new backup_driver option to tempest.
The goal of this change is to be able to do a proper cleanup of
containers when swift is used as a backup driver.
Thich change makes sure that the new option is properly set to
"swift" when Swift is used as the driver.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/896011/13
Change-Id: I76e7fd712ee352051f8aa2f2912a29abad9ad017
This makes the glance-api-remote setup honor the GLOBAL_VENV flag,
and not pass the --venv stuff to uwsgi if it is disabled. This should
fix the glance-multistore-cinder-import-fips job.
Change-Id: I2005da5ced027d273e1f25f47b644fecafffc6c1
local.sh, if present, will be executed at the end of stack.sh. The
sample file here is meant to be copied to devstack root if desired.
Unfortunately, due to Change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
changing to use OS_CLOUD in stack.sh, sourcing openrc here will cause
both OS_CLOUD and traditional OS_* env vars to be set, which causes a
conflict.
Change-Id: Id80b46acab7d600ad7394ab5bc1984304825a672
It has been very stable for some time and it is going to be a major
platform for the next cycle.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Id2df9514b41eda0798179157282a8486b1e9ae23
The openeuler job running version 22.03 fails due to old libvirt.
Nova requires version 7.0.0 or greater.
Related-Bug: #2035224
Change-Id: I4ad6151c3d8555de059c9228253d287aecf9f953
In order for Ironic perform full testing with devstack, it uses
virtual machines attached to a ovs bridge network to simulate
bare metal machines. This worked great for OVS because often
OVS was already running on the nodes due to the package, and
we could just apply configuration and be done with it when
Ironic's devstack plugin was applying initial configuration and
setting up the test environment.
With OVN, and the requirement of a specific co-installed OVS
version, Ironic has discovered that we cannot perform this same
configuration without having already started OVN during the
initial system setup. Which is fine, but we can't initialize
and start OVN twice. It just doesn't work.
The original form of this patch was proposed by lucasgnomes
in order to validate that we, did, indeed, need to do this
to enable Ironic to successfully test an OVN based
configuration, and is now being revised to handle that case
automatically when Ironic is the selected virt plugin.
Co-Authored-By: Julia Kreger <juliaashleykreger@gmail.com>
Change-Id: Ifbfdaaa97fdbe75ede49dc47235e92a8035d1de6
Add's the OVN_BRIDGE_MAPPINGS variable to ovn_agent.
Uses the same format as OVS_BRIDGE_MAPPINGS, it defaults
to "$PYSICAL_NETWORK:$PUBLIC_BRIDGE".
This enables use of providernet for public network and
setting up additional bridges, for example a for baremetal.
Example:
Q_USE_PROVIDER_NETWORKING="True"
OVS_PHYSICAL_BRIDGE="brbm"
PHYSICAL_NETWORK="mynetwork"
PUBLIC_PHYSICAL_NETWORK="public"
PUBLIC_BRIDGE="br-ex"
OVN_BRIDGE_MAPPINGS="public:br-ex,mynetwork:brbm"
Change-Id: I37317251bbe95d64de06d6232c2d472a98c0ee4d
This was dropped in tempest, too[0], and we want to focus on getting and
keeping the jammy job stable.
Still retaining the nodeset definitions until we are sure they are not
needed in other projects.
[0] https://review.opendev.org/c/openstack/tempest/+/884952
Change-Id: Iafb5a939a650b763935d8b7ce7069ac4c6d9a95b
This was missed as part of [1], neutron sets
exec_dirs in rootwrap.conf differently so that
also needs to be fixed.
Without it neutron openvswitch jobs relying on
neutron-keepalived-state-change scripts were
failing when deployed with GLOBAL_VENV=True as
binaries no longer found at /usr/local/bin.
[1] https://review.opendev.org/c/openstack/devstack/+/558930
Closes-Bug: #2031415
Change-Id: I9aa56bff02594f253381ffe47a70949079f4c240
As far as I could tell, the global_filter config added in change
I5d5c48e188cbb9b4208096736807f082bce524e8 wasn't actually making it
into the lvm.conf. Given the volume (or rather LVM volume) related
issues we've been seeing in the gate recently, we can give this a try
to see if the global_filter setting has any positive effect.
This also adds the contents of /etc/lvm/* to the logs collected by the
jobs, so that we can see the LVM config.
Change-Id: I2b39acd352669231d16b5cb2e151f290648355c0
The base systemd unit file setup now writes an Environment= line to
the file for the venv. The glance-remote code was setting that to
point at the alternate config location, using iniset which was
clobbering the venv one. Switch to iniadd to fix.
Also, we need to explicitly put the --venv flag into the command since
we write our unit file ourselves. This probably needs a cleanup at
this point, but since the glance gate is blocked, do this for now.
Change-Id: I2bd33de45c41b18ed7d4270a7301b1e322134987
As a temporary workaround, let's set the GLOBAL_VENV to false
specifically for centos 9 stream and rocky distros where we
encountered issues after changing the default value
of GLOBAL_VENV to True in Devstack:
https://review.opendev.org/c/openstack/devstack/+/558930
Related-Bug: #2031639
Change-Id: I708b5a81c32b0bd650dcd63a51e16346863a6fc0
* etcd 3.3 is no longer maintained.
* etcd 3.4 removes deprecated interfaces, and clients may
need updated configs.
* The cinder backend coordination URL needs to explicitly
specify the version, until tooz can be updated
https://review.opendev.org/c/openstack/tooz/+/891355
* etcd only supports in-place upgrades between minor
versions, so any jobs testing upgrades could fail if
they skip from 3.2 directly to 3.4
Change-Id: Ifcecdffa17a3a2b1075aa503978c44545c4a2a3c
This reverts commit 113689ee46.
Reason for revert: systemd-252-17.el9 which includes the fix is now available in CentOS 9-stream repos.
Change-Id: I6fe19838a75a30fd5d2434c03b7f403f1c7e4b50
While the patch where this was first introduced and set to 120 [1] is
sensible for the vast majority of jobs, it's conceivable that some
jobs might want a different value.
Specifically, the whitebox-tempest-plugin changes configurations and
restarts Nova services, and to do so it waits for the service status
to update in the API before continuing with the tests. With the report
interval set to 120 and the down time threshold set to 720, the
service would continue showing 'up' in the API long after it was
actually down, causing the wait to time out.
Whitebox is a low-traffic project with only a couple of devstack jobs
that run tempest tests sequentially (concurrency=1). Its CI is also
pretty stable. It seems legitimate for it to keep the old default
values of report_interval and service_down_time.
This patch keeps the 120 default for NOVA_SERVICE_REPORT_INTERVAL, but
makes it configurable by individual jobs. Since the original patch
also introduced CINDER_SERVICE_REPORT_INTERVAL as a constant, make
that configurable as well.
[1] https://review.opendev.org/c/openstack/devstack/+/890439
Needed-by: https://review.opendev.org/c/openstack/whitebox-tempest-plugin/+/891612
Change-Id: I64fa2059537ea072a38fb4900d3c7d2d8f0ce429
glance and rally binaries are also needed.
Also make sure the cinder-rtstool is only called when cinder is actually
enabled.
Change-Id: I18113eabf2fa83e36bace276883775303f6a1e9a
This is being used in some nova jobs, so we need to add it. Also order
the list of linked binaries to allow easier maintenance.
Change-Id: Ief012f7842d6e14380c9575740d1856bc1f2355e
I have seen this failure in the gate a few times:
[ERROR] /opt/stack/devstack/functions-common:2334 Neutron did not start
/opt/stack/devstack/functions-common: line 310:
/opt/stack/logs/error.log: Permission denied
So whatever was trying to be written to error.log never
happened. Change to be like other directories in this
file and make the $LOGDIR owner stack.stack.
Change-Id: I673011aba10c8d03234100503ccc5876e75baff2
RDO has moved rdo-release packages to a new infra which supports EMS so
we do not need to wget it and install it using local rpm install.
This partially reverts [1].
[1] https://review.opendev.org/c/openstack/devstack/+/884277/
Change-Id: I189d0c3da0e7b017e2568022c14e6c8fb28251f1
This will cause apache to no longer wait forever for a connection
pool member to become available before returning 503 to the client.
This may help us determine if some of the timeouts we see when
talking to the services come from an overloaded apache.
Change-Id: Ibc19fc9a53e2330f9aca45f5a10a59c576cb22e6
Heavily-loaded workers in CI consistently fail to complete the
service checkin task, which is configured for every ten seconds in
nova and cinder. This generates additional load on the database server
as well as consumes a threadpool worker. If we're not making the
deadline, there's really no point in having it be so high. Further,
since the workers must remain up for all the tempest tests we're
running against them, there's really no benefit to a fast-fail
detection.
This sets the report_interval to 120s for nova and cinder, and sets
service_down_time to 6x that value, which is consistent with the
default scale.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/890448
Change-Id: Idd7aa1daf354256b143a3778f161cfc72b318ea5
systemd-252-16.el9 introduced a regression
where libvirtd process exits after 120s of
inactivity.
Add a workaround to unset 120s timeout for
libvirtd, the workaround can be removed once
the fix is available in systemd rpm.
Related-Bug: #2029335
Change-Id: Id6db6c17518b54d5fef7c381c509066a569aff6d
Since we are python3 only for openstack we create a single python3
virtualenv to install all the packages into. This gives us the benefits
of installing into a virtualenv while still ensuring coinstallability.
This is a major change and will likely break many things.
There are several reasons for this. The change that started this effort
was pip stopped uninstalling packages which used distutils to generate
their package installation. Many distro packages do this which meant
that pip installed packages and distro packages could not coexist in the
global install space. More recently git has made pip installing repos as
root more difficult due to file ownership concerns.
Currently the switch to the global venv is optional, but if we go down
this path we should very quickly remove the old global installation
method as it has only caused us problems.
Major hurdles we have to get over are convincing rootwrap to trust
binaries in the virtualenvs (so you'll notice we update rootwrap
configs).
Some distros still have issues, keep them using the old setup for now.
Depends-On: https://review.opendev.org/c/openstack/grenade/+/880266
Co-Authored-By: Dr. Jens Harbott <frickler@offenerstapel.de>
Change-Id: If9bc7ba45522189d03f19b86cb681bb150ee2f25
It was made voting some time ago, but we missed also running it in gate.
With that RHEL platform test in place, we can keep c9s permanently
non-voting, which is better suited to match its instability.
Change-Id: I6712ac6dc64e4fe2203b2a5f6a381f6d2150ba0f
This relaxes the limits for dbcounter to make it flush stats to the
database less often. Currently every thirty seconds or 100 hits, we
write a stats line to the database. In some services (like keystone)
this can trigger more than one write per second because of the
massive number of SELECT calls that service makes.
This removes the hit limit and decreases the mandatory flush interval
to once a minute. Hopefully this will manifest as lower load on the
database triggered by what would be readonly operations.
Change-Id: I43a58532c0541075a2d36408abc50a41f7994bda
This patch: https://review.opendev.org/c/openstack/devstack/+/882299
provides functionality, that commit hash can be passed as last arugment,
however when GIT_DEPTH is set, it fails, as in:
timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git ./ovn
--depth 1 --branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
fatal: Remote branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
not found in upstream origin
Closes-Bug: #2023020
Change-Id: I748354964a133e028e12458cc9014d6d014cbdb9
When there is only a single image, configure_tempest()
needs to always set image_uuid_alt the same as image_uuid,
else it will fail trying to determine the size of the
flavor to use for it later in the function.
Introduced by [0], and subsequent change did not fix it.
[0] https://review.opendev.org/c/openstack/devstack/+/886795
Change-Id: Ibfe99ff732570dbd415772c5625f43e35b68c871
Related-bug: #2028123
[1] caused a regression causing failures when
more than 1 images are setup. Fixing it by correctly
using the array variable. Also add a break in the
for loop once if condition is met.
[1] https://review.opendev.org/c/openstack/devstack/+/886795
Closes-Bug: #2028123
Change-Id: I4f13c1239312bbcca8c65e875d65d03702161c18
This increases the timeout we use to wait for cinder to perform a
volume reimage. Since devstack is often running on a single machine
with non-production IO performance, we should bump this limit to avoid
hitting it before the rebuild completes.
Change-Id: Ie2663b951acb0c1a65597a39e032948764e6ae6a
In current logic to set two different image in Tempest in config
option image_ref and image_ref_alt, we consider if DEFAULT_IMAGE_NAME
is found in glance then set the same image in tempest for those
two config option. This means even we have two different image available
in glance, still we set same image in image_ref as well as image_ref_alt
and all the rebuild tests are rebuilt on the same image.
I could not find any reason why we set same image if DEFAULT_IMAGE_NAME
exist, below are the original change added this logic
- https://review.opendev.org/c/openstack/devstack/+/17553
We had a requirement of test to run on two different images
- https://review.opendev.org/c/openstack/tempest/+/831018
and for that we need to set DEFAULT_IMAGE_NAME to non exist image
name but that broke the Ironic which was reply on the valid name
in DEFAULT_IMAGE_NAME
- https://review.opendev.org/c/openstack/ironic/+/886790
As we do not have any reason not to set two different image
if DEFAULT_IMAGE_NAME is set, I am removing the condition of
DEFAULT_IMAGE_NAME from lib/tempest logic and always set two
different images if they are available.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/886796
Change-Id: I9d215f48d4440f2fa6dcc0d222a10896caf01215
To facilitate that this change removes it form the default filter
list. By default nova has used placement for AZs so this filter
has not been requried since xena.
Change-Id: Ie5e216dd8c2a7ecf43cc6954ec4f73d4d67b5b3b
Default for systemd TimeoutStopSec is 90 seconds
and that is same for default graceful shutdown of
uwsgi service(WORKER_TIMEOUT).
Due to the Related-Bug graceful stop attempt
fails and there is no room for force shutdown.
This patch reduces default for WORKER_TIMEOUT by
10 seconds so there is a buffer to force stop the
service.
Closes-Bug: #2020643
Related-Bug: #2015065
Change-Id: I6aacac94f9697088338b3d2f99d8eaa22c2be67b
Cirros has made a new release, including a newer kernel that should fix
some issues when using nested virtualization.
Related-Bug: 2023559
Change-Id: I63469371b13801094a3ee1baae6e343999fbefa5
Fedora 36 is EOL, also opendev is dropping support for Fedora images
completely since interest in running jobs on that platform is no longer
existing. CentOS 9 Stream has evolved as replacement platform for new
features.
Only drop the Zuul configuration and the tag in stack.sh for now plus
update some docs. Cleanup of the deployment code will be done in a
second step.
Change-Id: Ica483fde27346e3939b5fc0d7e0a6dfeae0e8d1e
On Debian-based distros, the 'coredumpctl' command is
provided by the systemd-coredump package, which is not
installed by default. On failure, when "post" commands
are executed this error is seen:
controller | /bin/bash: line 1: coredumpctl: command not found
Install it along with other libvirt packages to avoid
the error.
On Fedora distros it is in the systemd package, so the
problem is not seen since it is always installed.
Change-Id: I6012bd3240d68736a5db8ae49dc32098a086f320
Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.
In order to install the rdo-release rpm from repo.fedoraproject.org,
which does not support EMS, I'm using a workaround to wget, which works
with non-EMS servers because it uses gnutls instead of openssl, and
install it locally with rpm.
This is also consistent to CentOS 8 implementatioin.
Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
The distutils package is deprecated and slated for removal in
Python 3.12. Let's use shutil.which which is also recomended
by PEP 632: https://peps.python.org/pep-0632/#migration-advice
Closes-Bug: #2009229
Change-Id: Ibb2a9731449e765c4a56952a9f02679e9618778b
We have lots of evidence that this is a net benefit, so enable it
by default instead of everyone having to opt-in.
Change-Id: I66fa1799ff5177c3667630a89e15c072a8bf975a
This reverts commit 37d11d00e5.
Reason for revert: reverting this revert as the issue caused by the original patch (before the first revert) is fixed by:
https://review.opendev.org/c/openstack/devstack/+/881504
Therefore we can proceed with the cirros version bump.
Change-Id: I43e2b04a0142c19fb1a79da5a33cc444149e18f1
This change allows us to bump the default cirros version
in devstack. Since cirros version 0.6.0 dhcpcd is the default
dhcp client. The older cirros images used udhcpc client (the only
available client at that time) which is also the default client
in Tempest.
This patch makes devstack configure dhcpcd client in tempest.conf
if cirros >= 0.6.0 is going to be used in scenario tests.
The commit also introduces a new SCENARIO_IMAGE_TYPE option.
It is now a trigger for cirros specific settings, later it might
be used for any other image's settings.
Closes-Bug: #2007973
Change-Id: I2738c3b1d302c6656ce2c209671ea954fbc1b05b
Glance antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/glance/+/872522
With the latest release of Glance have new defaults enable,
we should test the same by default in devstack. This change
make GLANCE_ENFORCE_SCOPE flag to True by default so that every
job will run with Glance new defaults.
As old defaults are still supported (in deprecated way), we will keep
GLANCE_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/883701
Change-Id: Idde6f3cb766597575ca822f21b4bb3a465e5e753
Nova antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/nova/+/866218
With the latest release of Nova have new defaults enable,
we should test the same by default in devstack. This change
make NOVA_ENFORCE_SCOPE flag to True by default so that every
job will run with Nova new defaults.
As old defaults are still supported (in deprecated way), we will keep
NOVA_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.
Change-Id: Id56819f03c19a5b7fe30adf799ecd3b8aeb67695
The neutron-debug command was deprecated and finally removed,
so tools/ping_neutron.sh can no longer rely on it to create
a probe namespace. Instead, just try and use any namespace
with the network ID in it, since it's either the DHCP (ML2/OVS)
or Metadata (OVN) namespace, which should work just as well.
As this code is rarely (never?) used, this best-effort attempt
is good enough.
Change-Id: I98c992a2a774ef1fb22cee2e90ee342ab2d537ac
Depends-on: https://review.opendev.org/c/openstack/neutron/+/883081
git_clone assumes a branch or a tag is passed as the last argument, and
it fails when a commit hash is passed, as in:
timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git
/opt/stack/ovn --branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0
Cloning into '/opt/stack/ovn'...
fatal: Remote branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0 not found
in upstream origin
Change-Id: Id1328d7cba418fa7c227ae9db4fe83c09fd06035
devstack-base is changed to descend from
openstack-multinode-fips which is defined in
project-config.
This allows jobs to execute the enable_fips playbook
to enable FIPS mode on the node, but only if they
opt-in by setting enable_fips to True. Otherwise,
this is a no-op.
Change-Id: I5631281662dbd18056ffba291290ed0978ab937e
Irrespective of build_modules is True
or False reload ovs modules always.
If ovs is installed from package before(like
with multi-node-bridge role), then installing
ovs from source requires openvswitch kernel
module to be reloaded.
The issue was not seen before jammy as there
module was reloaded when build_modules was set
to True.
Closes-Bug: #2015364
Change-Id: I1785b49b2ef72ca1f817f504d5ea56021410c052
This change enables httpd in systemd so that it
starts after a reboot and updates how selinux is
disabled to use /etc/selinux/config in addtion
to setenforce.
Change-Id: I5ea8693c0b967937483bd921b1d9984ea14bc723
Creating multiattach volume is a non-admin operation but creating
multiattach volume type is an admin operation.
Previously cinder allowed creating multiattach volumes without a
volume type but that support is being removed with[1].
The change requires updating tempest tests[2] but some tempest
tests are non-admin, which require admin priviledges to create the
multiattach volume type.
Based on the last discussion with tempest team[3], the proposed
solution is to create a multiattach volume type in devstack,
if ENABLE_VOLUME_MULTIATTACH is True, and use it in tempest
tests. Similar to how admins create multiattach volume types
for non-admin users.
This patch creates a multiattach volume type if
ENABLE_VOLUME_MULTIATTACH is True. Also we set the multiattach
type name as a tempest config option 'volume_type_multiattach'.
[1] https://review.opendev.org/c/openstack/cinder/+/874865
[2] https://review.opendev.org/c/openstack/tempest/+/875372
[3] https://meetings.opendev.org/irclogs/%23openstack-cinder/%23openstack-cinder.2023-03-13.log.html#t2023-03-13T18:47:56
Change-Id: Icd3690565bf7b27898cd206641e612da3993703d
This patch includes changes required to run devstack on RHEL 9.
- en_US.utf8 is provided by glibc-langpack-en
- iptables command is provided by iptables-nft
- Use /etc/os-release to identify the distro in RHEL 9 as it doesn't
provide lsb_release command.
- CRB repository name is different from CentOS 9
Change-Id: I8f6d9263b24f9c2cf82e09258e2d14d7766ad337
stop_dstat() calls stop_process() for dstat, memory_tracker and
file_tracker respectively. Inside stop_process(), a check for the
existence of the service is performed by is_service_enabled().
So even if we apply this seemingly dangerous commit,
is_service_enabled() is respected, so it's safe.
Closes-Bug: #1998990
Change-Id: Ica58cdb1d60c4c796f582d82ed2cde0be94b1a7e
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
These are a few tweaks I applied to my own memory-constrained cloud
instances that seemed to help. I have lower performance requirements
so this may make things worse and not better, but it's worth seeing
what the impact is. I'll admit to not knowing the full impact of these
as they're mostly collected from various tutorials on lowering memory
usage.
Enable this for now on devstack-multinode
Change-Id: I7b223391d3de01e3e81b02076debd01d9d2f097c
We haven't been testing the distro for a while in CI, e.g. in
Tempest, the jobs on opensuse15 haven't been executed for a year
now.
Therefore the patch removes opensuse support from devstack.
Closes-Bug: #2002900
Change-Id: I0f5e4c644e2d14d1b8bb5bc0096d1469febe5fcc
Some rockylinux deployments have the curl-minimal package installed by
default (the latest GenericCloud image still has the curl package), it
triggers an error when devstack wants to install the curl package.
Fix this issue by swaping curl-minimal with curl before installing base
packages.
Change-Id: I969e8dc22e7d11c9917a843d9245f33a04fe197d
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: I2c26063896ab2679cffd01227a40a3283caa3b17
Devstack set the env var TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE
which are used to use the constraints during Tempest virtual env installation.
Those env var are set to non-master constraint when we need to use non-master
constraints but when we need to use the master constraints we do not set/reset
them point to master constraints. This create the issue when running the grenade
job where we run Tempest on the old devstack as well as in the new devstack.
When tempest is installed on old devstack then old tempest is used and it sets
these env var to stable/<branch> constraints (this is the case when old devstack
(the stable branch is in EM phase) uses the old tempest not the master tempest),
all good till now. But the problem comes when in the same grenade script run
upgrade-tempest install the master tempest (when new devstack branches are in
the 'supported' phase and use the master tempest means) and are supposed to use
the master constraints. But the TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE env
var set by old tempest is used by the tempest and due to a mismatch in constraints
it fails.
This happened when we tried to pin the stable/wallaby with Tempest 29.0.0
- https://review.opendev.org/c/openstack/devstack/+/871782
and table/xena grenade job failed (stable/xena use master tempest and supposed
to use master constraints)
- https://zuul.opendev.org/t/openstack/build/fb7b2a8b562c42bab4c741819f5e9732/log/controller/logs/grenade.sh_log.txt#16641
We should set/reset those constraint env var to master constraints if configuration
tell devstack to use the master constraints.
[1] https://github.com/openstack/devstack/blob/71c3c40c269a50303247855319d1d3a5d30f6773/lib/tempest#L124
Closes-Bug: #2003993
Change-Id: I5e938139b47f443a4c358415d0d4dcf6549cd085
pkill already takes care that it does not kill itself, however the
same problem may happen with 'sudo pkill -f' killing sudo. Use one
of the usual regex tricks to avoid that.
Change-Id: Ic6a94f516cbc509a2d77699494aa7bcaecf96ebc
Closes-Bug: #1999395
Cirros has made a fresh release, let us use it. Switch the download URLs
to https and drop an old example that no longer is available.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/871271
Change-Id: I1d391b871fc9bfa825db30db9434922226b94d8a
The python-neutronclient CLI code is going to be removed from this
repository.
Change-Id: I39b3a43a7742481ec6d9501d5459bf0837ba0122
Related-Bug: #2003861
Just like we remove db files let's also remove
socket files when initializing ovn. Those will
reappear once service fully restarts along with
db files. Without it we see random issue as
described in the below bug.
Closes-Bug: #2002629
Change-Id: I726a9cac9c805d017273aa79e844724f0d00cdf0
In this release cycle, a few services are enabling the
enforce scope and new defaults by default. Example Nova:
- https://review.opendev.org/c/openstack/nova/+/866218)
Until the new defaults enalbing by default is not released we
should keep testing the old defaults in existing jobs and we can
add new jobs testing new defautls. To do that we can provide the
way in devstack to keep scope/new defaults disable by default which
can be enabled by setting enforce_scope variable to true.
Once any service release the new defaults enabled by default then
we can switch the bhavior, enable the scope/new defaults by default
and a single job can disbale them to keep testing the old defaults
until service does not remove those.
Change-Id: I5c2ec3e1667172a75e06458f16cf3d57947b2c53
Module lib/neutron was introduced long time ago as new module to deploy
neutron. It was intended to replace old lib/neutron-legacy module. But
since very long time it wasn't really finished and used by anyone and
lib/neutron-legacy is defacto standard module used by everyone to deploy
neutron with devstack.
In [1] unfinished lib/neutron was deprecated and now it's time to remove
it from the devstack code.
This patch also renames old "lib/neutron-legacy" module to be
"lib/neutron" now.
Previously "old" lib/neutron-legacy module was accepting neutron
services names wit "q-" prefix and "new" lib/neutron module was accepting
services with "neutron-" prefix. Now, as there is only one module it
accepts both prefixes.
For historical reasons and to be consistent with old lib/neutron-legacy
which was widely used everywhere, services will be named with "q-"
prefix but both prefixes will be accepted to enable or disable services.
This patch also moves _configure_neutron_service function to be called
at the end of the "configure_neutron" after all agents and service
plugins are already configured.
[1] https://review.opendev.org/c/openstack/devstack/+/823653
Related-bug: #1996748
Change-Id: Ibf1c8b2ee6b6618f77cd8486e9c687993d7cb4a0
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.
----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------
We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.
This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/867066
Related-Bug: #1999183
[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.
Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
In the past firewall_driver setting was configured for ML2 plugin
because it was used in the
neutron.agent.securitygroups_rpc.is_firewall_enabled() function but
currently it's not needed anymore as there is other config option
"enable_security_group" for that.
Related-bug: #1996748
Change-Id: I9b09c6afb3f1f1c33d1bdfea52ba6f4c0d0cf2dc
openEuler 20.03 LTS SP2 support was removed from devstack in last
few months due to its python version is too old and the CI job
always fail. And openEuler 20.03 LTS SP2 was out of maintainer in May
2022 by openEuler community.
The newest LTS version was released in March 2022 called 22.03 LTS.
This release will be maintained for at least 2 years. And the python
version is 3.9 which works well for devstack.
This Patch add the openEuler distro support back. And add the related
CI job to make sure its works well.
Change-Id: I99c99d08b4a44d3dc644bd2e56b5ae7f7ee44210
The option was already deprecated in os-vif 2.2.0[1]. The override is
no longer required since bug 1929446 was already resolved.
[1] https://review.opendev.org/c/openstack/os-vif/+/744816
Related-Bug: #1929446
Change-Id: I5bc55723a178b32d947da2ac91d2f62aa8124990
Nova is ready with the scope and new defaults as per the new
RBAC design. Adding devstack flag to enable the scope checks
and new defaults enforcement in nova side.
Change-Id: I305ea626a4b622c5534d523f4b619832f9d35f8d
The dbcounter install on Debian Bullseye is broken in a really fun way.
The problem is that we end up mixing pypi openssl and distro
cryptography under pip and those two versions of libraries are not
compatible.
The reason this happens is that debian's pip package debundles the pip
deps. This splits them out into /usr/share/python-wheels and it will
prefer distro versions of libraries over pypi installed versions of
libraries. But if a pypi version is installed and a distro version is
not then the pypi version is used. If the pypi version of library A does
not work with distro version of library B then debundled pip breaks.
This has happened with crypytography and pyOpenSSL.
This happens because urllib3 (a debundled pip dep) appears to use
pyopenssl conditionally. Novnc depends on python3-cryptography, and
openstack depends on cryptogrpahy from pypi ensuring we get both a
distro and a pypi version installed. However, pyOpenSSL is only pulled
in from pypi via openstack deps. This leaves debundled urllib3
attempting to use pypi pyOpenSSL with distro cryptography and that combo
isn't valid due to an interface change.
To fix this we install python3-openssl ensuring that debundled pip will
use distro pyOpenSSL with distro cryptography making everything happy
again. But we only do this when we install novnc as novnc is what pulls
in distro cryptography in the first place. We can't simply install
python3-openssl on all debuntu platforms because this breaks Ubuntu
Focal in the other direction. On Ubuntu focal distro pip uses distro
pyOpenSSL when no pypi pyOpenSSl is installed (prior to keystone
install) and is not compatible with pypi cryptography.
Honestly, this whole intersection between distro and pypi installs of
cryptography and pyOpenSSL could probably be made cleaner. One option
would be for us to always install the constraints version of both
packages from pypi and the distro pacakges very early in the devstack
run. But that seems far more complicated so I'm not attempting that
here.
Change-Id: I0fc6a8e66e365ac49c6c7ceb4c71c68714b9f541
Adding a second exception for single-core-review in Devstack
repository - changes which do not affect core functionality, like
f.e. job cleanups, can be reviewed by a single core.
Change-Id: Idb6cefa510fdbfed41379eb410f4884852d1177f
It seems that setting "sysctl kernel.dmesg_restrict" was changed
in Ubuntu 22.04 (Jammy) to "1" and because of that running "dmesg"
command requires now root privileges.
Closes-bug: #1994023
Change-Id: I2adc76e3025fadf994bab2e2e1fd608e688874fc
If stack.sh is run on a system that already has OVN packages
installed, it could fail to find its DB sockets. This is because
the 'ln -s' will place the symlink inside of /var/run/ovn
instead of using a single directory as intended.
Change the code in neutron_plugins/ovn_agent to not make the
symlink and instead use separate directories for OVS and OVN.
Closes-bug: #1980421
Change-Id: Ic28a93bdc3dfe4a6159234baeabd0064db452b07
Some services fail when using special characters in passwords, add some
warnings to our docs.
Closes-Bug: 1744985
Change-Id: I601149e2e7362507b38f01719f7197385a27e0a8
This commit fixes the tox command option to run the smoke tests. The
original arguments fail with the error[1], and `-efull` and
`tempest.scenario.test_network_basic_ops` are not for the smoke tests.
[1]
$ tox -efull tempest.scenario.test_network_basic_ops
...
tempest run: error: unrecognized arguments: tempest.scenario.test_network_basic_ops
Change-Id: I9c3dd9fb4f64bf856c5cab88a2aeaae355c84a65
The issue that Horizon had with python3.10 has been fixed some time ago,
so we can stop disabling it for those jobs.
Also stop including roles from devstack-gate which we no longer need.
Change-Id: Ia5d0b31561adc5051acd96fcaab183e60c3c2f99
Because adding the role is idempotent, we can save doing the initial
check for role assignment. Also simplify the output matching by using
osc's filters where appropriate.
Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: If2a661cc565a43a7821b8f0a10edd97de08eb911
Similar to other functions, this uses "--or-show" to avoid double
calls.
Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: I548f9acd812687838e04b705f86f3b70d2b10caf
This patch adds NVMe LVM support to the existing iSCSI LVM configuration
support.
We deprecate the CINDER_ISCSI_HELPER configuration option since we are
no longer limited to iSCSI, and replace it with the CINDER_TARGET_HELPER
option.
The patch also adds another 3 target configuration options:
- CINDER_TARGET_PROTOCOL
- CINDER_TARGET_PREFIX
- CINDER_TARGET_PORT
These options will have different defaults based on the selected target
helper. For tgtadm and lioadm they'll be iSCSI,
iqn.2010-10.org.openstack:, and 3260 respectively, and for nvmet they'll
be nvmet_rdma, nvme-subsystem-1, and 4420.
Besides nvmet_rdma the CINDER_TARGET_PROTOCOL option can also be set to
nvmet_tcp, and nvmet_fc.
For the RDMA transport protocol devstack will be using Soft-RoCE and
creating a device on top of the network interface.
LVM NVMe-TCP support is added in the dependency mentioned in the footer
and LVM NVMe-FC will be added in later patches (need os-brick and cinder
patches) but the code here should still be valid.
Change-Id: I6578cdc27489b34916cdeb72ba3fdf06ea9d4ad8
This patch changes user who runs ovsdb-server and ovn-nortd services
to root.
It also adds installation of the libssl dev package before compilation
of the openvswitch if TLS service is enabled.
Co-Authored-By: Fernando Royo <froyo@redhat.com>
Closes-Bug: #1987832
Change-Id: I83fc9250ae5b7c1686938a0dd25d66b40fc6c6aa
In case of online mode, there is a procedure to recreate tempest venv.
For consistency of tempest venv during the entire stack.sh process,
add logic to consider the TEMPEST_VENV_UPPER_CONSTRAINTS option here.
Closes-bug: #1980483
Signed-off-by: June Yi <june.yi@samsung.com>
Change-Id: I0cea282152fd363af8671cab1b5f733ebe2bd4df
neutron-ns-metadata-proxy was dropped from Neutron 5 years ago, no need
to keep trying to kill it.
Change-Id: I20b6d68dd8dde36057a2418bca0841bdea377b07
When barbican is enabled, add the "creator" role to cinder's service
user so that cinder can create secrets. Cinder needs to create
barbican secrets when migrating encryption keys from the legacy
ConfKeyManager to barbican. Cinder also needs to create barbican
secrets in order to support transferring encrypted volumes.
Implements: bp/transfer-encrypted-volume
Depends-On: I216f78e8a300ab3f79bbcbb38110adf2bbec2196
Change-Id: Ia3f414c4b9b0829f60841a6dd63c97a893fdde4d
In I90316208d1af42c1659d3bee386f95e38aaf2c56 support for nova-network
was removed, but some bits remained, fix this up.
Change-Id: Iba7e1785fd0bdf0a6e94e5e03438fc7634621e49
Openstack client can return the id field for create/show commands using
`-f value -c id`. Cleaned up the use of grep 'id' with get_field
Change-Id: I2f4338f30c11e5139cda51c92524782b86f0aacc
Right now we don't officialy support LinuxMint as our
documentation says [1], it seems LinuxMint is a relict
and got forgotten over time.
This patch removes LinuxMint from the code in order not to
confuse users.
[1] https://docs.openstack.org/devstack/latest/
Closes-Bug: #1983427
Change-Id: Ie1ced25f89389494b28a7b2e9bb1c4273e002dd5
Attempting to set a value containing the ampersand
character (&) by iniset would corrupt the value.
So, add an escaping process.
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Closes-Bug: #1983816
Change-Id: Ie2633bacd2d761d110e6cb12f95382325c329415
Writing NOPASSWD directive into /etc/sudoers was throwing
permission denied errors. This commit writes the directive
to the /etc/sudoers.d/stack file instead.
Closes-Bug: #1981541
Change-Id: If30f01aa5f3a33dda79ff4a6892116511c8e1542
Recently the experimental mechanism has been added to Neutron and now
it requires the [experimental] linuxbridge option when the linuxbridge
mechanism driver is used.
Depends-on: https://review.opendev.org/c/openstack/neutron/+/845181
Change-Id: Ice82a391cda9eb0193f23e6794be7ab3df12c40b
We see some cases where OVN startup takes much longer than 5 seconds, up
to 28 seconds have been observed, so increase the limit to 40 to be on
the safe side.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1980421
Change-Id: I6da4a537e6a8d527ff71a821f07164fc7d342882
Because of the missing "$" before ENFORCE_SCOPE in the lib/neutron
module, it was treated as an ENFORCE_SCOPE string instead of variable
and Neutron was deployed always with old defaults and disabled scope
enforcement.
Change-Id: Ibe67fea634c5f7abb521c0369ff30dd5db84db8c
Some of the API services are not properly mounted under /$service/
in the apache proxy. This patch tries to avoid recording data
for "services" like "v2.0" (in the case of neutron) by only adding
names if they're all letters. A single warning is emitted for any
services excluded by this check.
For the moment this will mean we don't collect data for those services,
but when their devstack API config is fixed, they'll start to show
up.
Change-Id: I41cc300e89a4f97a008a8ba97c91f0980f9b9c3f
Currently Devstack uses short hostname for configuration of OVN.
This leads to inability to start instances (failing port binding)
on hosts with full hostnames (including dots). Open vSwitch expects
hostname in external_ids that corresponds to one returned by
``hostname`` command.
Closes-Bug: #1943631
Change-Id: I15b71a49c482be0c8f15ad834e29ea1b33307c86
Due to the below bug the job has been constantly failing.
Let's make it n-v until the bug is resolved:
- https://bugs.launchpad.net/neutron/+bug/1979047
Change-Id: Ifc8cc96843a8eac5c98cd1e1f9e4b6287a7f2e7c
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.
The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.
The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory. As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB. If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.
This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.
Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
We are seeing failures when using an updated setuptools version
installed together with distro pip on Ubuntu 22.04. Install the version
from u-c only when we are also installing pip from upstream.
Change-Id: Ibb6e9424e5794ccbf9a937d2eecfa3bf60ed312e
Currently, neutron tunnel endpoints must be IPv4 addresses,
i.e. $HOST_IP, although IPv6 endpoints are supported by most
drivers.
Create a TUNNEL_IP_VERSION variable to choose which host IP
to use, either HOST_IP or HOST_IPV6, and configure it in the
OVS and Linuxbridge agent driver files. The default is still
IPv4, but it can be over-ridden by specifying TUNNEL_ENDPOINT_IP
accordingly.
This behaves similar to the SERVICE_IP_VERSION option, which
can either be set to 4 or 6, but not 4+6 - the tunnel overhead
should be consistent on all systems in order not to have MTU
issues.
Must set the ML2 overlay_ip_version config option to match
else agent tunnel sync RPC will not work.
Must set the OVN external_ids:ovn-encap-ip config option to
the correct address.
Updated 'devstack-ipv6-only' job definition and verification role
that will set all services and tunnels to use IPv6 addresses.
Closes-bug: #1619476
Change-Id: I6034278dfc17b55d7863bc4db541bbdaa983a686
When cephadm is used, if ENABLE_CEPH_C_BAK is True both pool and
key are created by devstack-plugin-ceph. This piece of code can
still stay here to make sure the cinder config is properly built.
Change-Id: I799521f008123b8e42b2021c1c11d374b834bec3
Some of the hardest-to-debug issues are qemu crashes deep in a nova
workflow that can't be reproduced locally. This adds a post task to
the playbook so that we capture the most recent qemu core dump, if
there is one.
Change-Id: I48a2ea883325ca920b7e7909edad53a9832fb319
Swift removed sha1 from supported digests with [1] and
that broked ironic tinyipa job. Temorary add sha1 to
allowed_digests until it's fixed in ironic.
[1] https://review.opendev.org/c/openstack/swift/+/525771
Story: 2010068
Task: 45539
Change-Id: I68dfc472ce901058b6a7d691c98ed1641d431e54
Grenade jobs stop services, check fip connectivity
for a nova server and then upgrade to next release.
But since ovn data plane and db services are stopped along
with other services, fip connectivity fails as a result.
We shouldn't stop these services along with other
neutron services. This patch adds a new variable
"SKIP_STOP_OVN" which can be used by grenade jobs
to skip stop of ovn services.
This will also fix the ovn grenade jobs.
Also source fixup_stuff.sh so function fixup_ovn_centos
is available. It's already sourced in stack.sh but
that's not used in grenade run.
Change-Id: I94818a19f19973779cb2e11753d2881d54dfa3bc
Packages for OVN are now available in bullseye, so we can drop the
special handling.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5e5c78aa19c5208c207ddcf14e208bae8fbc3c55
RHEL based distros set homedir permissions to 700,
and Ubuntu 21.04+ to 750[1], i.e missing executable
permission for group or others, this results into failures
as defined in the below bug.
Since in doc we add useradd command, it's good to
add instructions to fix the permissions there itself
instead of getting failures during installation and then
fixing it.
Also update user create script to fix permissions
by adding executable bit to DEST directory if missing.
[1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533
Closes-Bug: #1966858
Change-Id: Id2787886433281238eb95ee11a75eddeef514293
This can happen if devstack fails to run, but we still run the post
tasks. Also could happen if some sort of hybrid job configuration
does not run all of devstack but we still end up running post jobs.
Just warn to stderr and assume no DB info.
Change-Id: I211a331ab668dbb0ad7882908cca4363f865d924
The previous change, I237f5663b0f8b060f6df130de04e17e2b1695f8a, removed
a SETUPTOOLS flag, but not the comment explaining why that flag was
previously set. Clean up that comment.
Change-Id: I32b0240fd56310d7f10596aaa8ef432679bfd66a
There are two problems with dbcounter installation on Jammy. The first
is straightforward. We have to use `py_modules` instead of `modules` to
specify the source file. I don't know how this works on other distros
but the docs [0] seem to clearly indicate py_modules does this.
The second issue is quite an issue and requires story time. When
pip/setuptools insteall editable installs (as is done for many of the
openstack projects) it creates an easy-install.pth file that tells the
python interpreter to add the source dirs of those repos to the python
path. Normally these paths are appended to your sys.path. Pip's isolated
build env relies on the assumption that these paths are appeneded to the
path when it santizes sys.path to create the isolated environemnt.
However, when SETUPTOOLS_SYS_PATH_TECHNIQUE is set to rewrite the paths
are not appended and are inserted in the middle. This breaks pip's
isolated build env which broke dbcounter installations. We fix this by
not setting SETUPTOOLS_SYS_PATH_TECHNIQUE to rewrite. Upstream indicates
the reason we set this half a decade ago has since been fixed properly.
The reason Jammy and nothing else breaks is that python3.10 is the first
python version to use pip's isolated build envs by default.
I've locally fiddled with a patch to pip [1] to try and fix this
behavior even when rewrite is set. I don't plan to push this upstream
but it helps to illustrate where the problem lies. If someone else would
like to upstream this feel free.
Finally this change makes the jammy platform job voting again and adds
it to the gate to ensure we don't regress again.
[0] https://docs.python.org/3/distutils/sourcedist.html#specifying-the-files-to-distribute
[1] https://paste.opendev.org/show/bqVAuhgMtVtfYupZK5J6/
Change-Id: I237f5663b0f8b060f6df130de04e17e2b1695f8a
The job is broken since it is running with python3.7 and most services
now require at least python3.8.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie21f71acffabd78c79e2b141951ccf30a5c06445
We missed to add the jobs to the gate queue and so they have already
regressed before they were actually in place. Make them non-voting for
now until the issues are fixed.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5d1f83dfe23747096163076dcf80750585c0260e
Glance image import is asynchronous and may be configured to do image
conversion. If image import is being used, it's possible that the
tempest configuration code is executed before the import has
completed and there may be no active images yet. In that case,
we will poll glance every TEMPEST_GLANCE_IMPORT_POLL_INTERVAL seconds
(default: 1) to see if there are TEMPEST_GLANCE_IMAGE_COUNT active
images (default: 1) up to TEMPEST_GLANCE_IMPORT_POLL_LIMIT times
(default: 12).
You can see an example of the issue this patch addresses in real
life:
https://review.opendev.org/c/openstack/glance/+/841278/1#message-456096e48b28e5b866deb8bf53e9258ee08219a0
Change-Id: Ie99f12691d9062611a8930accfa14d9540970cc5
Without it segment plugin fails to connect with
placement api. Configure the placement section
if service is deployed.
Closes-Bug: #1973783
Change-Id: Ie7f37770a04f622735cf2263c601257669ab5064
Two runs of the same job on the same patch can yield quite different
numbers for API calls if we just count the raw calls. Many of these
are tempest polling for resources, which on a slow worker can require
many more calls than a fast one.
Tempest seems to not change its User-Agent string, but the client
libraries do. So, if we ignore the regular "python-urllib" agent
calls, we get a much more stable count of service-to-service API
calls in the performance report.
Note that we were also logging in a different (less-rich) format for
the tls-proxy.log file, which hampers our ability to parse that
data in the same format. This switches it to "combined" which is used
by the access.log and contains more useful information, like the
user-agent, among other things.
Change-Id: I8889c2e53f85c41150e1245dcbe2a79bac702aad
The mysql performance_schema method for counting per-database queries
is very heavyweight in that it requires full logging (in a table) of
every query. We do hundreds of thousands in the course of a tempest
run, which ends up creating its own performance problem.
This changes the approach we take, which is to bundle a very tiny
sqlalchemy plugin module which counts just what we care about in
a special database.
It is more complex than just enabling the features in mysql, but it
is a massively smaller runtime overhead. It also provides us the
opportunity to easily zero the counters just before a tempest run.
Change-Id: I361bc30bb970cdaf18b966951f217862d302f0b9
The new Ubuntu LTS release has been made last week, start running
devstack on it as a platform job.
Horizon has issues with py310, so gets disabled for now.
Run variants with OVS and OVN(default).
Co-Authored-By: yatinkarel <ykarel@redhat.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I47696273d6b009f754335b44ef3356b4f5115cd8
When OVN is setup from distro packages, the
main service is ovn-central which when restarted,
restarts ovn-northd, ovn nb and db services.
And during the restart ovn dbs(ovnnb_db.db and ovnsb_db.db)
are created, which may sometime takes time as seen with
ubuntu jammy tests[1].
We already checking for socket's file to be available,
let's also check for db files as without it ovn-*ctl
operations succeed but changes are not persisted until
db files are available and changes are lost with the restart.
[1] https://review.opendev.org/c/openstack/devstack/+/839389
Change-Id: I178da7af8cba8bcc8a67174e439df7c0f2c7d4d5
Would be helpful in troubleshooting services
which either fails to start or takes time to
start.
Related-Bug: #1970679
Change-Id: Iba2fce5f8b1cd00708f092e6eb5a1fbd96e97da0
In order to run on systems where not all requirements are present,
we should be tolerant of missing external dependencies, such as
psutil and pymysql. Print a warning (to stderr) and just leave out
those stats in that case.
Also make running the stats collector use ignore_errors:yes to avoid
failures in the future. I think the stats is not critical enough to
fail a job for bugs like this.
Related-Bug: #1970195
Change-Id: I132b0e1f5033c4f109a8b8cc776c0877574c4a49
In some cases the value is [not set], in this case
the conversion to integer does not work.
Closes-Bug: #1970431
Change-Id: I74df7d8bc9f5cbe0709a6471cf7639caea0b58e8
A long time ago, Ironic's IPv6 only job started to fail working with
errors indicated the host was unreacable. Turns out, this was because
the $ext_gw_interface was not being set to up, and thus could
be found in a Down state, and thus the kernel would not accept routes
for it.
Adds an explicit step to turn up the public bridge, much as done in
the IPv4 router plugin code which would also be executed in 4+6.
That being said, Ironic's CI jobs are very intentionally IPv6 only
to ensure that we have no chances of v4 addressing getting used
at any point in time.
This should allow Ironic to return it's IPv6 only CI job back
to the normal check queue, once a ironic plugin issue has been
resolved which was introduced while it was removed.
Change-Id: I121ec8a2e9640b21a7126f2eeb23da36b4aa95bf
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.
Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
I941ef5ea90970a0901236afe81c551aaf24ac1d8 added a sed command that
should match and delete path values but used '/' as sed separator. This
leads to error in unstack.sh runs when the path also contains '/':
+./unstack.sh:main:188 sudo sed -i '/directory=/opt/stack/ d' /etc/gitconfig
sed: -e expression #1, char 13: unknown command: `o'
So this patch replace '/' separator with '+'.
Change-Id: I06811c0d9ee7ecddf84ef1c6dd6cff5129dbf4b1
This change adds mod_ssl to the default set of rpms installed
on rpm based distros.
this is required if the tls-proxy service is enabled
for multi node centos based jobs.
Change-Id: I52652de88352094c824da68e5baf7db4c17cb027
the value of LOGDAYS in samples/local.conf is 2, so change the
value in the comment and the sample value in the document to
be consistent with it.
Change-Id: I5822bbf1d6ad347c67c886be1e3325113d079114
This makes us gather a bunch of consistent statistics after we run
tempest that can be use to measure the impact of a given change. These
are stable metrics such as "number of DB queries made" and "how much
memory is each service using after a tempest run."
Note that this will always run after devstack to generate the JSON
file, but there are two things that control its completeness:
- MYSQL_GATHER_PERFORMANCE must be enabled to get per-db stats
- Unless tls-proxy is enabled, we will only get API stats for keystone
Change-Id: Ie3b1504256dc1c9c6b59634e86fa98494bcb07b1
We are using the latest OVS, however, OVN needs to build using the
OVS submodule since some of the signatures don't work[1].
[1]: https://github.com/ovn-org/ovn/issues/128
Change-Id: I3ad7e5e80f1141c3d94f7ce7c8b8f8fdb9fb7c3c
Without this, running DevStack on an `aarch64` environment will end
up in cpu_model set to "Nehalem" and cpu_mode set to "host-passthrough"
which does not work.
This patch drops that value under aarch64 environments.
Change-Id: I30be5a388dda5ccf08718670dbb14a28a4a8a8eb
This is necessary for more consistent behavior across multiple
distro versions. Apparently somewhere along the way, git started
looking at the current user's home directory instead of $HOME.
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
Change-Id: I941ef5ea90970a0901236afe81c551aaf24ac1d8
git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.
This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history. So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.
This plays havoc with our model. Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks. We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.
This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe. This is an
encroachment of the global system for sure, but is about the only
switch available at the moment. For discussion of other approaches,
see [2].
Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798
[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636
Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
After ./unstack.sh trying to 'enable_plugin venus https://opendev.org/openstack/venus' gived following error:
+lib/neutron_plugins/ovn_agent:install_ovn:363 sudo ln -s /var/run/openvswitch /var/run/ovn
ln: failed to create symbolic link '/var/run/ovn/openvswitch': File exists
which led to:
+lib/neutron_plugins/ovn_agent:cleanup_ovn:801 sudo rm -f /var/run/ovn
rm: cannot remove '/var/run/ovn': Is a directory
Change-Id: I1cafdc0c71093ed7249bb9748b57d51110986686
osc is typicaly installed in /usr/local/bin
to avoid command not found errors when invoking osc
in devstack ensure that /usr/local/bin is included
in the PATH.
Change-Id: I605fbc4b131149bf5d1b6307b360fe365c680b1a
OpenEuler job fails 100% of the time. As discussed in QA meeting,
we agreed to move OpenEuler job to experimental pipeline.
- https://meetings.opendev.org/meetings/qa/2022/qa.2022-03-22-15.00.log.html#l-76
Once it is fixed, we can think of adding back to regular pipeline.
Change-Id: I831889a09fabe5bed5522d17e352ec8009eac321
devstack isn't a python project, these were introduced only for docs
building and made redundant with [0]. We can remove them now.
[0] Iedcc008b170821aa74acefc02ec6a243a0dc307c
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I90ca1c6918c016d10c579fbae49d13fff1ed59af
After patch [1] project_id in that module is no longer needed as to make
it working with new secure RBAC policies we had to hardcode "demo"
project to be used always.
This is small follow-up patch with cleaning after [1].
[1] https://review.opendev.org/c/openstack/devstack/+/826851/
Change-Id: Iddf9692817c91807fc3269547910e4f83585f07f
There are a couple of places that still use a hardcoded
127.0.0.1 value, even if devstack is run with
SERVICE_IP_VERSION=6 in local.conf. While things still
work, SERVICE_LOCAL_HOST should be used instead since
everything else could be using IPv6.
Change-Id: I2dd9247a4ac19f565d4d5ecb2e1490501fda8bca
Newer versions of openssl (CentOS9Stream for example) do not like using sha1.
Devstack will fail on these systems[1] with the following error:
801B93DCE77F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:333:
This patch updates the tls-proxy code in devstack to use sha256 instead of sha1 which allows devstack to complete when tls-proxy is enabled.
[1] https://zuul.opendev.org/t/openstack/build/1d90b22a39c74e24a8390861b3c5f957/log/job-output.txt#5535
Closes-Bug: #1962600
Change-Id: I71e1371affe32f070167037b0109a489d196bd31
If the ci images do not have any cached data
we should ignore any error when trying to copying it.
This is requried when using unmodified cloud images.
Change-Id: Ia6e94fc01343d0c292b1477905f8a96a6b43bcf8
This is a followup for change Ifdef3510bc7da3098a71739814e35dbaf612ae34
which added configuration of unified limits for nova. This removes an
unnecessary wrapper unsetting of OS_ env variables, unnecessary quoting
on an iniset config value, and a hardcoding of user domain. The glance
code from which the nova code was originally copied is also cleaned up.
Change-Id: I4921af5cc0f624dd5aa848533f7049ee816be593
Previously, Swift's backing disk were not be mounted after reboots,
causing swift-proxy-server service to fail with cryptic error
messages such as 'proxy-server: ERROR Insufficient Storage'. Now,
we use Dan Smith' create_disk function from functions to create
the backing disk for us and add it to /etc/fstab.
Change-Id: I9cbccc87bc94a55b58e9badf3fdb127d6f1cf599
The rsync debian package is required for swift service. This
requirement has been covered by rpms but not for deb packages.
Change-Id: Iefd1302be9c7fd80e037bbae3638602d6d823580
This change use uname -m to get the portable host arch and uses that
as a new default. on x86_64 hosts this should result in no visable change
in behavior however on a non x86 host it will cause devstack to attempt
to download a cirros image that matches the host.
Change-Id: I6d1495a23400ef4cf496302028324fa5794dd45f
This patch fixes several issues related to the installation with
OVN backend with the OVS/OVN compilation enabled.
The OVS/OVN local directories prefix, when both services are compiled,
is now "/usr/local".
The "ovn_agent._run_process" function is calling "ovs-appctl" to
configure the logging settings of several services. Instead of
using the service name, the ctl socket file is used instead. That
is more robust and does not fail in systems with previous
installations.
Closes-Bug: #1960514
Change-Id: I69de5333393957593db6e05495f0c3c758efefdf
Previously, loop devices for LVM volume groups backing files were not
created after reboots, causing e.g. Cinder to fail with messages such
as
ERROR cinder.service [-] Manager for service cinder-volume
devstack@lvmdriver-1 is reporting problems, not sending
heartbeat. Service will appear "down".
Now, we use systemd services to manage loop devices for backing files.
Change-Id: I27ec027834966e44aa9a99999358f5b4debc43e0
This change reverts the execute permissions from
stackrc which is not meant to be run as a script but sourced
as part of stack.sh
Change-Id: I9a05051e5a297cfaf78d097fa5f90a7c5fd254a6
Since pip v22, python3.6 is not supported (the minimum version is
python3.7). This patch adds the reference for the pip3.6 URL to be
used instead of the default one.
Closes-Bug: #1959600
Change-Id: Iab2c391d5388461fe9e9037cee81884ce8032e72
This enables the configuration of nova to use unified limits in
keystone and enforcement in oslo.limit.
Related to blueprint unified-limits-nova
Depends-On: https://review.opendev.org/c/openstack/nova/+/715271
Change-Id: Ifdef3510bc7da3098a71739814e35dbaf612ae34
This reverts commit be7b5bf671.
As related bug is fixed, lets enabled scope enforcement in Neutron
again.
Related-bug: #1959196
Change-Id: I72db7ef533e78a10734d105e6a0debef288e41a1
After patch [1] new RBAC policies changed in the way that SYSTEM_ADMIN
user isn't anymore allowed to e.g. create resources in behalf of some
projects. Now PROJECT_ADMIN needs to create such resources instead.
So this patch basically reverts most of the changes which were done
in [2] some time ago.
It also introduces new entry in the clouds.yaml file -
"devstack-admin-demo" which is "admin" user in the "demo" project as
it's needed to create some resouces in the demo project now.
Additionally, because of bug [3] this patch changes way how IPv6
external gateway IP is found using Neutron API. This change may be
reverted in the future when bug [3] will be fixed.
[1] https://review.opendev.org/c/openstack/neutron/+/821208
[2] https://review.opendev.org/c/openstack/devstack/+/797450
[3] https://bugs.launchpad.net/neutron/+bug/1959332
Depends-On: https://review.opendev.org/c/openstack/neutron/+/826828
Closes-Bug: #1959196
Change-Id: I32a6e8b9b59269a8699644b563657363425f7174
After patch [1] was merged in Neutron, enforcing scopes there
is broken.
So lets disable it temporary to unblock Devstack's gate for now.
[1] https://review.opendev.org/c/openstack/neutron/+/821208
Related-Bug: #1959196
Change-Id: I24da6f3897a638749d16f738329a873a5f9a291d
This reverts commit 26bd94b45e.
Reason for revert: Devstack keystone creation/setup are moved to
scope tokens, so we can reintroduce the scope check enable.
Change-Id: I6e1c261196dbcaf632748fb6f04e0867648b76c7
This is needed so we can set keystone into enforcing secure RBAC.
This also adjusts lib/glance, which already partially used
devstack-system-admin.
Change-Id: I6df8ad23a3077a8420340167a748ae23ad094962
Running get-pip.py fails on Ubuntu when running twice, e.g. after a
unstack/stack cycle. Just use distro pip instead.
Closes-Bug: #1957048
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I87a8d53ed8860dd017a6c826dee6b6f4baef3c96
The default Neutron configuration is now using OVN, but the multinode
lab was using an incompatible configuration:
The q-agt/neutron-agt service must be disabled with OVN.
Change-Id: I518a739a3daac941880463cde6b47951331d0911
Recent iputils release in CentOS 8-stream causing
ping failures with non root user. This needs a fix
in systemd package as mentioned in the Related Bugs,
until it's fixed and is in 8-stream mirrors let's
workaround it by setting net.ipv4.ping_group_range
setting manually.
Related-Bug: #1957941
Related-Bug: rhbz#2037807
Change-Id: I0d8dac910647968b625020c2a94e626ba5255058
This patch allows to skip the installation
of the database backend packages (MySQL or Postgres)
with the introduction of the INSTALL_DATABASE_SERVER_PACKAGES
variable (defaulted to True).
This is useful in such environments that do not require
to install the MySQL/Postgres server packages directly but using
a container serving that purpose, for those cases all the
remaining steps should be executed just skipping the
packages install.
Change-Id: I26628a31fdda3ce95ed04a2b7ae7b132c288581f
We always need the master branch of requirements in order to be able to
install tempest with it, so override GIT_DEPTH when cloning that repo.
Closes-Bug: 1956616
Change-Id: Id0b409bfadd73f2c30314724178d6e199121050b
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
For some reason, setting the CHAPAlgorithms as in c3b705138
breaks OpenEuler. Making this conditional so that tests continue
to pass.
Change-Id: Iaa740ecfbb9173dd97e90485bad88225caedb523
There was no space after the --project option in the command that
creates the public subnet, thus if any option follows, the option itself
will be parsed as part of the value passed to the --project option. This
change just adds the missing space.
Change-Id: I1e7375578342a82717222e902fcd65a4a62e33a7
When deploying devstack in a stable branch, the master branch is
available locally only in a CI environment where Zuul prepares all
available branches. For a non-CI deployment we need to stick to using
the remote branch as was the case before [0].
While the situation on the master branch isn't really broken, we apply
the fix here anyway so that future stable branches are created in a
working state.
[0] I5d42ac6b54bf20804d7e5faa39d1289102318b64
Closes-Bug: #1956219
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib7719cb2d48b34db70f885e0afe77d904abba3b5
mysqladmin is incorrectly installed in Fedora 34 with mariadb. This
causes the failure of Zuul Fedora based jobs. The issue is a conflict
between mariadb and community mysql that is described in [1] and [2].
The workaround is to explicitly install package "mariadb"
Also configure an increased swap size like for the other platform jobs
in order to avoid OOM issues.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2026933
[2] https://lists.launchpad.net/maria-discuss/msg06179.html
Closes-Bug: #1956116
Change-Id: Icf6d7e1af5130689ea10b29d37cc9b188b2c9754
We still are seeing regular job failures because the pcp package fails
to install. Assume that we can still enable it on demand when someone
needs to debug specific job issues, let us just disable it by default.
Related-Bug: 1943184
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I32ef8038e21c818623db9389588b3c6d3f98dcad
When we need to read a DATABASE_PASSWORD from the user, make sure we
actually use it in our database URLs.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5ebf6b0280e82f2c87a63cbee7a9957c6bd26898
That function was accepting 3 positional arguments and first
of them was boolean value "build_modules" which isn't used anywhere in
that function.
So this patch cleans it a bit by removing that not used parameter.
Change-Id: I5c57b9116338a63b7bfb170c02e33bb4eae725da
openEuler is an open-source Linux based operating system. The current
openEuler kernel is based on Linux and supports multi arch, such as X86_64
and aarch64. It fully unleashes the potential of computing chips. As an
efficient, stable, and secure open-source OS built by global open-source
contributors, openEuler applies to database, big data, cloud computing,
and AI scenarios. openEuler is using RPM for package management.
Note:
Currently there is no available package for uwsgi-plugin-python3 and ovn, so that
openEuler needs manually install them from source.
Website: https://www.openeuler.org/en/
Change-Id: I169a0017998054604a63ac6c177d0f43f8a32ba6
Co-Authored-By: wangxiyuan <wangxiyuan1007@gmail.com>
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
This patch adds new config option NEUTRON_ENFORCE_NEW_DEFAULTS which
if set to True will deploy Neutron with enforce new rbac defaults and
scopes.
It will also use SYSTEM_ADMIN user to interact with Neutron where it is
needed.
Depends-On: https://review.opendev.org/c/openstack/neutron/+/798821
Change-Id: I14d934f0deced34d74003b92824cad3c44ec4f5e
The default CHAP algorithm for iscsid is md5, which is disallowed
under fips. We will set the chap algorithm to "SHA3-256,SHA256",
which should work under all configurations.
Change-Id: Ide186fb53b3f9826ff602cb7fb797f245a15033a
Function _neutron_ovs_base_install_agent_packages always tried to
install openvswitch from packages and start it using systemd units.
That was failing when ovs was expected to be installed from source.
This patch fixes that.
Change-Id: Iae8625dd800d30061ea3dbed9eb0dfbe16f21572
Previously this would always happen for Nova and Cinder even if n-api
and c-api were not enabled on the host respectively.
This change stops this by placing both calls write_uwsgi_config behind
is_service_enabled checks.
Change-Id: I997685da771736dbad79bcfe4b00dbc63bd6d6b6
Additionally make the repo name lowercase to match the project name in
our zuul config so that jobs can check the repo out.
Change-Id: Ic2d9c4fa837461bbc29e067a81912b5f72efd3ca
This patch includes changes required to run devstack on CentOS Stream 9
which has been already published in official repos by CentOS team [1]:
- Add RDO deps repository for CS9.
- remove xinetd package from installation for swift. Note that
rsync-daemon is installed which should work fine.
- Replace genisoimage by xorriso in CS9.
- Use /etc/os-release to identify the distro in CS9 as it doesn't
provide lsb_release command.
- Use pip from rpm package instead of from get-pip.py as done in Fedora.
- Add non-voting job devstack-platform-centos-9-stream to the check
pipeline.
Change-Id: Ic67cddabd5069211dc0611994b8b8360bcd61bef
Jobs with OVN_BUILD_FROMS_SOURCE=True are broken
since [1] as ovn nortd not starting due to permission
issues. Fix it by not using sudo for creating OVN_DATADIR
when building from source.
[1] https://review.opendev.org/c/openstack/devstack/+/806858
Closes-Bug: #1952393
Change-Id: I00f0c8c8173b4d8270fbb3e6079d0d8b332e9de5
Before, we needed to unset a couple of parameters that would make the
client return a project-scoped token instead of a system-scoped token,
which we need when interacting with registered limits in keystone.
This commit removes those unsets since we no longer source those
variables by default. This commit also cleans up some of the redundant
parameters in the registered limit calls, like region.
Change-Id: I1af8a168a29e895d57504d41e30efea271ea232d
When initializing OVN, clean up the correct database directory when
using OVN from packages (/var/lib/ovn/ instead of /opt/stack/data/ovn/).
The /opt/stack/data/ovn location is used only when building OVN from
sources, so a fresh devstack deployment with OVN packages may already
have hundreds of existing routers and ports, creating ARP collisions.
Closes-Bug: #1942201
Change-Id: Ic90d4f2f9d8aaef825ea3325c0ad8fef2a1c5e39
The admin_endpoint parameter has been removed from keystone[1], and
setting the parameter is no longer effective.
[1] 192cde56e57a06750641b319da8a72cdcaa554d0
Change-Id: I6ae6a3122668551acc018972624e914fcbb79a22
This user already has the admin role assignment on a project, which
implies the member role, making explicit calls to add the member role
redundant.
Change-Id: I398c5e2f098aeeb896de83872085cbce529a778a
OS_CLOUD is used to communiate to CLI tools what cloud
credentials to utilize.
The change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
unfortunately set an explicit OS_CLOUD account which breaks
any jobs which are expecting a previosuly set OS_CLOUD which
may be different to work. For example, OS_CLOUD being set
as devstack-system-admin to facilitate Secure RBAC testing.
Change-Id: Iee900e552584dda622f57eea3508df48dff2e071
Previously those functions were defined in the neutron's devstack plugin
but with [1] we moved qos related code into devstack and we missed about
moving them too.
This is follow up patch to fix that issue.
[1] https://review.opendev.org/c/openstack/devstack/+/815686
Change-Id: Icf459a2f8c6ae3c3cb29b16ba0b92766af41af30
We can use the devstack-admin cloud configuration everywhere now
and don't need to set environment variables with cloud credentials
any longer.
Fix the swift setup, where some more options need to be explicitly
specified now and the default OS_CLOUD setting overridden.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
QoS service is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: I48f65d530db53fe2c94cad57a8072e1158d738b0
This commit formalizes some additional users to act as different project
users and updates clouds.yaml file so they're easy to use.
It creates:
- a reader on the demo project
- a reader on the alt_demo project
- a member on the alt_demo project
With the adoption of secure RBAC personas, these are useful for using
OpenStack APIs as that work continues.
Change-Id: I3237a771275311377313b7d7d80ac059ac69d031
IDENTITY_API_VERSION is hardcoded to 3 in most locations already, drop
the remaining occurrences, but keep the variable definition since some
plugins still depend on it. Drop ENABLE_IDENTITY_V2 which no longer
has any effect.
Amend variable list for bootstrap_keystone().
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I06f476d2105bc6ec2b511fc5effcfcc3973eaf97
Keystone has supported system-scope since Queens and we already make
sure we create a cloud profile for system-admin in
/etc/openstack/clouds.yaml.
This commit ensures keystone creates a couple of new users to model
system-member and system-reader personas. Doing this by default in
devstack makes it easier for people to use.
We've already taken a similar approach in tempest by setting up the
various system personas for tempest clients to use.
Change-Id: Iceb7c5f517db20072e121dc7538abaa888423c67
Since Bullseye like Centos 8 Stream needs more memory due to changed
default settings in newer qemu versions, set the swap size to 4G, which
is the same setting already being used for the CS8 jobs successfully.
Change-Id: I83ea34d6aa647d2ab9d4d78ed354904fce836e68
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
If ERROR_ON_CLONE is set to True which is case for
all the devstack based job, devstack does not clone the
repo instead raise error. From current error message, it
is difficult to know that ERROR_ON_CLONE is True until we
traceback the code or check devstack-base job set ERROR_ON_CLONE
to True.
Current error message is like:
-------
+ functions-common:git_clone:560 : echo
'The /opt/stack/oslo.limit project was not found; if this is a gate job, add'
The /opt/stack/oslo.limit project was not found; if this is a gate job, add
+ functions-common:git_clone:561 : echo 'the project to the
$PROJECTS variable in the job definition.'
the project to the $PROJECTS variable in the job definition.
+ functions-common:git_clone:562 : die 562 'Cloning not
allowed in this configuration'
--------
Adding ERROR_ON_CLONE info in error message will help to
know the reason of devstack not cloning the repo.
Change-Id: I9e9852f046fefb299b4ef4446323e9c86437212f
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.
[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142
Change-Id: Ib86071881f16de1b69c0f9b1b19b6df8b7e66a07
CentOS/RHEL 9 are being compiled for the x86_64-v2 architecture which is
newer than the qemu default of qemu64. This means that for devstack to
boot these instances we need a newer CPU model. Nehalem is apparently
the oldest model that works for x86_64-v2 and is expected to work on
Intel and AMD cpus with kvm or qemu. Switch devstack to this model by
default.
Note that we cannot use host-passthrough or host-model because we want
to support live migration between devstack deployed nova-compute
instances and even within the CI instances that we get the host CPUs can
differ.
Also, we should run this change against as many clouds as possible to
ensure that the newer model works across all of our clouds. There is
some fear that the virtual CPUs presented to us in some clouds may not
be able to run these newer CPU models.
Change-Id: Ibd6e11b59f3c8655bc60ace7383a08458b2177f2
With the depending patch, the endpoint will still be created for
heat tests, so we can turn it off for everyone else.
Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/777343
Change-Id: I0dc7d6cedd07e942b9f23b26a785b386aff41fbc
The keystone admin endpoint technically isn't different any longer from
the other keystone endpoints in v3 of the API. However, some
applications like heat are still relying on it to exist.
So we make the creation of the admin endpoint during bootstrap optional
here, with the intention to change the default to False once all jobs
that still need this are modified to explicitly require it.
Change-Id: I7ab12141c558186e397c174c248a613d1810011b
Keystone no longer has any special functionality hidden behind the admin
site. KEYSTONE_AUTH_URI which used to point to the admin site has long
ago been changed to be a copy of KEYSTONE_SERVICE_URI, which points to
the public site.
Drop all KEYSTONE_AUTH_* variables except KEYSTONE_AUTH_URI which may
still be in use in some plugins.
This also allows to finally drop the fixup_keystone() function.
Change-Id: I549f3cadc27d137e014241cdd47e90267859c848
The use of this function has been deprecated for a long time[0]. With
PyYAML==6.0 the call is now failing, so replace it with the safe
version.
[0] https://msg.pyyaml.org/load
Signed-off-by: Jens Harbott <frickler@offenerstapel.de>
Change-Id: I7a170262b50a5c80a516095b872d52e1bea5479d
When using glance limits, the create_glance_accounts call needs access
to the devstack-system-admin cloud definition, so we need to create
the clouds.yaml file before that step.
Change-Id: Ie6d807c46b88b16b316aa166870a6a13f2bb346d
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
It may be that it is already compiled in the kernel so there is no
need to load kernel module in such case.
Change-Id: Ie1d32e3fd529e13958857cb3ced6710eebde1e4d
The official Ubuntu cloud images have some further python pkgs
preinstalled that conflict with our requirements. Allow to
overwrite them.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1871485
Change-Id: I793c250cae5e7b9bc835b7016d790d1f9ae8a7f3
continue is not used in a proper context here (outside of loop). Use
null cmd instead to simply fall through the pip installation.
Signed-off-by: Michal Berger <michallinuxstuff@gmail.com>
Change-Id: Iaea2e5c0177b475edf19d08d71933a74debbb5d9
The current initiator name embedded in our CI images is not unique at
present and can often cause failures during live migrations with
attached volumes. This change ensures the name is unique by running
iscsi-iname again and overwriting the existing name.
We could potentially do this during the image build process itself but
given that devstack systems are not supposed to be multi-purpose this
should be safe to do during the devstack run.
Closes-Bug: #1945983
Change-Id: I9ed26a17858df96c04be9ae52bf2e33e023869a5
Some adaption in database handling is all that is missing. Also add a
platform job that tests this.
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I6dd3e48444dd415d84df5e7f5c74540847cdd6db
oslo.limit isn't currently in the list of libraries that can be
installed from a git repo via LIBS_FROM_GIT.
This adds oslo.limit to enable integrated testing against unmerged
oslo.limit changes.
Change-Id: I26cc567fdf4c84014040ae586bbb029b8de7a236
I83d56c9363d481bb6d5921f5e1f9b024f136044b switched the default of
DEVSTACK_PARALLEL over to True so this dedicated job is no longer
required as *all* jobs should now be using it.
Change-Id: I0f475ab177c2cd49eeb6be861cdd11581e8e0b97
In devstack job, cinder is not a valid service name and logs error
in gate[1] so remove it.
2021-09-28 05:44:47.791807 | controller | + functions-common:service_check:1603 : for service in ${ENABLED_SERVICES//,/ }
2021-09-28 05:44:47.795506 | controller | + functions-common:service_check:1605 : sudo systemctl is-enabled devstack@cinder.service
2021-09-28 05:44:47.809647 | controller | Failed to get unit file state for devstack@cinder.service: No such file or directory
[1] https://e978bdcfc0235dcd9417-6560bc3b6382c1d289b358872777ca09.ssl.cf1.rackcdn.com/801989/7/check/tempest-integrated-storage/779d1e7/job-output.txt
Change-Id: I7ca105201d82b72c7e56778425d3bce7c76047db
The MDB backend is the default in Ubuntu and specifying
HDB in debconf doesn't change it to HDB.
Closes-Bug: #1939700
Change-Id: If98f7fc8395678365fb73f0c5cd926cef083e470
Now, if no arguments are passed to make_cert.sh script, it will fail on:
tools/make_cert.sh: line 30: [: missing `]'
and might go on with generating certs depending on the bash settings.
It is fixed within this patch.
Change-Id: I62bf9c972ebd1644da622439e05114f245f20809
The default cinder quotas for volumes, backups, or snapshots may
be too low for highly concurrent testing, so make these configurable
in devstack.
Change-Id: Ie3cf3239b48f9905f5760ad0166eea954ecf5eed
In RHEL-based distributions, updating setuptools using pip removes the
files from the python3-setuptools RPM. It breaks some tools such as
semanage (which is used by diskimage-builder) that use the -s flag of
the python interpreter (don't import modules from /usr/local).
This commit reinstalls python3-setuptools to fix those applications.
Change-Id: Ib44857e83f75acf37823fae912960a801c83cf7f
Based on resolution [1], there's no clear indication that next
steps involve the removal of the DB from Devstack or from the gate.
[1] I332cef8ec4539520adcf37c6d2ea11488289fcfd
This reverts commit d9aaae95f2.
Change-Id: I8410d65c0e0b24035aa035fac7560a686d53ec50
DEFAULT_VOLUME_GROUP_NAME volume group is LVM ephemeral storage used by
Nova. It is created by init_nova() if user sets NOVA_BACKEND to "LVM".
However, init_cinder() is also hardcoded to create it, based on the
asumption that CINDER_ENABLED_BACKENDS includes it. That assumption
doesn't hold for the current code. What's more important, even if user
wants to use DEFAULT_VOLUME_GROUP_NAME as one of cinder backends and
adds it to CINDER_ENABLED_BACKENDS, the current code in init_cinder()
are general enough and should work fine. This change removes relevant
code in init_cinder(). It also moves DEFAULT_VOLUME_GROUP_NAME clean-up
code from unstack.sh to cleanup_nova().
Change-Id: I53762f8eda6256f962cc4e1f1098406879bbcf5c
VPNaaS agent is going to be an L3 agent extention.
Related-Bug: #1692128
Depends-On: I0b86c432e4b2210e5f2a73a7e3ba16d10467f0f2
Change-Id: Id827274b7c74cdf71db6d1f2ab3eadb5fef099f5
2017-10-17 12:59:27 +09:00
152 changed files with 4586 additions and 3251 deletions
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.