Compare commits

...

585 Commits

Author SHA1 Message Date
Zuul 2f3440dcfe Merge "Replace deprecated datetime.utcnow()" 2024-10-25 08:38:40 +00:00
Zuul 4ca490fd56 Merge "Globally skip devstack job for pre-commit config update" 2024-10-25 07:56:22 +00:00
Zuul 1d74620626 Merge "Add image format enforcement toggle" 2024-10-25 07:56:19 +00:00
Takashi Kajinami 2e04d0fa20 Globally skip devstack job for pre-commit config update
pre-commit has been introduced to number of projects like oslo to run
lint checks such as hacking. The pre-commit config file does not affect
functionality, so devstack job is not needed when only the file is
updated.

Change-Id: I4294fe0c4df2c36c8575613b05a1f9c2eb745d18
2024-10-24 00:54:28 +09:00
Zuul a1376e6f8c Merge "Bump cirros version to 0.6.3" 2024-10-21 14:22:36 +00:00
Takashi Natsume 50b0b60227 Replace deprecated datetime.utcnow()
The datetime.utcnow() is deprecated in Python 3.12.
Replace datetime.utcnow() with
datetime.now(datetime.timezone.utc).replace(tzinfo=None).

Change-Id: I9bf6f69d9e174d490bb4f3eaef3b364ddf97a954
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
2024-10-19 12:55:43 +00:00
OpenStack Proposal Bot 29545a5109 Updated from generate-devstack-plugins-list
Change-Id: I374de22c7c916f9497c55bf404141776fd17f6c8
2024-10-16 02:50:33 +00:00
Zuul 224938d313 Merge "lib/cinder: Align endpoint creation code" 2024-10-10 08:20:11 +00:00
Zuul 9a05aa85ff Merge "lib/cinder: Strip project_id from URL" 2024-10-10 07:53:21 +00:00
Zuul 482e027a96 Merge "Catch and print the postgresql initdb error" 2024-10-09 17:48:31 +00:00
Zuul 3b23fbc77e Merge "lib/swift: Consistently quota variables" 2024-10-09 13:48:59 +00:00
Zuul a72e0f4bec Merge "lib/cinder: Remove 'volume3' endpoint" 2024-10-09 10:02:15 +00:00
Dan Smith 803a7d44c4 Add image format enforcement toggle
Related to blueprint glance-as-defender

Needed-By: https://review.opendev.org/c/openstack/tempest/+/931028
Change-Id: I8b22ed85eefde399f2e472780106dd39e51a5700
2024-10-02 07:03:15 -07:00
Rodolfo Alonso Hernandez f49d475bf2 Catch and print the postgresql initdb error
The logs are stored, by default, in
/var/lib/pgsql/initdb_postgresql.log.

Related-Bug: #2083482
Change-Id: I2c83e896819b20cd7a1ee8d8ee33354fb047a6d9
2024-10-02 13:24:03 +00:00
Stephen Finucane 6a8f65b476 lib/swift: Consistently quota variables
Change-Id: I6c3245a77cdc2849067568cfda5a838afda687e3
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:57 +01:00
Stephen Finucane 49933804c9 docs: Expand SSH guide further
smooney noted that using your DevStack host as a jump host is yet
another reasonable option. Add this option also.

Change-Id: I24887c254e131a8979653a7d17e64a708acf294a
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:35 +01:00
Stephen Finucane 14f60b951a docs: Expand SSH guide
Detail how one can SSH into guests running on a remote DevStack host.

Change-Id: I9f988b1193d67859b129f05d08b32a23e50aee49
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:35 +01:00
Stephen Finucane 3362be9eda docs: Add SSH guide
This is really easy win for people using DevStack for the first time.

Change-Id: I8de2d4d115d34e9d87dd461016b5b894d3f000e7
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:35 +01:00
Stephen Finucane 6512f0140c doc: drop sphinxcontrib-nwdiag, sphinxcontrib-blockdiag usage
sphinxcontrib-nwdiag does not appear to be maintained anymore [1] and
there have been no releases in nearly 5 years. Statically generate the
images and include them this way. We can revert this change if the
maintainership issue resolves itself.

sphinxcontrib-blockdiag has had activity more recently [2], but it's
still been nearly 3 years. More importantly, we don't actually use it so
there's no reason to keep it around.

[1] https://pypi.org/project/sphinxcontrib-nwdiag/#history
[1] https://pypi.org/project/sphinxcontrib-blockdiag/#history

Change-Id: Ic5244c792acd01f8aec5ff626e53303c1738aa69
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:21 +01:00
Dr. Jens Harbott fec589a1ce Bump cirros version to 0.6.3
This is the latest cirros release, featuring an updated kernel and some
fixes and added features, let's use it.

[0] https://github.com/cirros-dev/cirros/releases/tag/0.6.3

Change-Id: I2506fa713e0426789fa40a5f4f7fd4e963a158f0
2024-09-26 21:23:17 +02:00
Ghanshyam Mann 03bc214525 Update DEVSTACK_SERIES to 2025.1
stable/2024.2 branch has been created now and
current master is for 2025.1.

Change-Id: If5c9de9ddfab1bff313c70cf2c40ce7fbe60473f
2024-09-25 12:03:40 -07:00
Stephen Finucane 9b44390381 lib/cinder: Align endpoint creation code
Do this the same way we do it for Nova, to make for easier review.

Change-Id: I31877705894a21570f130723e0a27ff38f945eea
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-09-24 12:14:45 +00:00
Stephen Finucane 2d487d8c7b lib/cinder: Strip project_id from URL
This is optional. There's no need to include it.

Change-Id: I2e745865696dbb317f819ecb74f5b5df88a9ed76
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-09-24 12:14:37 +00:00
Stephen Finucane d7c3c0accc lib/cinder: Remove 'volume3' endpoint
This was needed when 'block-storage' pointed to the v2 API. This is no
longer the case (and hasn't been for some time). This is unnecessary
duplication now.

Change-Id: I00cfb56d3e54d0162b1609f4bf58814e9000c103
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/tempest/+/930296
2024-09-24 12:14:20 +00:00
yatinkarel 0ff6272862 Run chown for egg-info only if the directory exists
9-stream jobs failing since [1] merged as these still use
GLOBAL_VENV=False.
egg-info directory is not created in project source
directory when pyproject.toml is used in the project.
pyproject.toml being added across projects[2] to support pip 23.1.

[1] https://review.opendev.org/c/openstack/nova/+/899753
[2] https://review.opendev.org/q/topic:%22pip-23.1-support%22

Change-Id: I53954a37461aee5dd7f487d6bd205caef4408392
2024-09-03 08:14:00 +00:00
Sean Mooney 5ed2b7c6b2 make devstack-platform-ubuntu-noble voting
devstack-platform-ubuntu-noble was added in
Ie1f8ebc5db75d6913239c529ee923395a764e19c
and has been runnning for a little over 2 months

in that time

https://zuul.openstack.org/builds?job_name=devstack-platform-ubuntu-noble

the job has been pretty stable so its time to make
this voting in advance of it becoming required in the
2025.1 release.

Change-Id: Iffd6ccf9603117d6720931e260afa2da13c26ec4
2024-08-31 02:09:15 +01:00
Zuul ab83f37d33 Merge "ovn: use bundled ovs" 2024-08-29 11:37:57 +00:00
Zuul a90a776bce Merge "Fix get_default_host_ip ipv6 address parsing" 2024-08-27 12:05:55 +00:00
Zuul 129ac797e2 Merge "Handle_tags and branches for unmaintained also" 2024-08-20 17:21:53 +00:00
Zuul e8e25c1a6a Merge "Move the check of "rpc_workers" after the post-config phase" 2024-08-20 17:21:51 +00:00
Zuul 611b626d9c Merge "etcd: Replace deprecated --debug option" 2024-08-20 17:21:49 +00:00
Takashi Kajinami 9e1348f81b etcd: Replace deprecated --debug option
... to resolve the following warning.

[WARNING] Deprecated '--debug' flag is set to true (use
'--log-level=debug' instead

Change-Id: Idb412cea64dfc42e3d1223b77f134804eeb7bd60
2024-08-20 17:23:02 +09:00
Zuul d00bd6d41a Merge "Configure cinder service token" 2024-08-16 19:17:32 +00:00
Zuul 56e6b238cb Merge "Add config options for optimized upload volume" 2024-08-16 19:06:17 +00:00
Dan Smith 1a336ef4ae Trivial fixes from review of os-test-images
This fixes some trivial things from the review where this support was
added:

https://review.opendev.org/c/openstack/devstack/+/925425

Change-Id: I990a3816f425a1b4c8680ec43d698e32eea2238b
2024-08-15 06:05:58 +00:00
Rajat Dhasmana 80c1605a1d Configure cinder service token
Glance is implementing new location APIs, for which, cinder needs
to pass service token to register a location in glance.
This is required in the case when glance is using cinder as a backend
and cinder tries to upload a volume in the optimized path.

We are adding a new option, ``CINDER_USE_SERVICE_TOKEN`` that will
configure the service user section in cinder.conf. By default, it
is set to False.

Change-Id: I0045539f1e31a6d26c4f31935c5ddfaaa7607a48
2024-08-14 01:07:13 +05:30
Rajat Dhasmana d6e3d06001 Add config options for optimized upload volume
When glance is using cinder as a backend, we can use optimized
path for upload volume to image operation.
The config options image_upload_use_cinder_backend and
image_upload_use_internal_tenant are used to configure optimization
in the upload volume to image workflow where we create a cinder
volume in the internal service project and register the location
in glance.

Recently it was found that the glance location API workflow was
broken[1] for the upload volume case and it wasn't detected because we
are not testing it in our glance cinder job "cinder-for-glance-optimized".

This patch adds the config option to test the optimized path.

Note that the optimized upload functionality is only possible when glance
uses cinder as it's backend since it uses clone volume functionality to
clone the Image-Volume from the source volume.

[1] https://bugs.launchpad.net/glance/+bug/2054575

Change-Id: I521ed04696a5a545b2a2923cf8008bd64add7782
2024-08-14 00:56:30 +05:30
Eric Harney 3b0d76c30b Fix get_default_host_ip ipv6 address parsing
This is another occurrence of the issue fixed in bug
1786259 with change I30bf655f which occurs when there
are multiple IPv6 gateways present.

Before this change:
$ source openrc
+++++functions-common:get_default_host_ip:776  ip -f inet6 addr show 100
Device "100" does not exist.

This is because the ip route command returns:
default proto ra metric 100 expires 1497sec pref medium
	nexthop via fe80::4e16:fc01:298c:98ed dev ens3 weight 1
	nexthop via fe80::4e16:fc01:2983:88aa dev ens3 weight 1

Related-Bug: #1786259
Change-Id: I7729730df66a4dc7ee11df1d23b19b9c0794b575
2024-08-12 17:15:55 +00:00
Dan Smith 84ce1984b1 Add os-test-images support in lib/tempest
This generates the test images in os-test-images and also configures
tempest to know where it is (and if image conversion is enabled in
glance).

Change-Id: Ib74002828a77838ab95d2322e92bdab68caac37c
2024-08-09 07:17:28 -07:00
Zuul b2c406f497 Merge "oslo.log: Configure log color by $LOG_COLOR" 2024-08-08 06:34:11 +00:00
Rodolfo Alonso Hernandez 79a812a69e Move the check of "rpc_workers" after the post-config phase
The configuration variable can be checked in the Neutron configuration
during the post-config phase when the configuration files and sections
are merged together.

Closes-Bug: #2075342
Change-Id: Ic42463e2f72488a1b14ce49e4e435cb4a2c0c855
2024-08-07 15:35:26 -04:00
melanie witt 38dea33fe9 oslo.log: Configure log color by $LOG_COLOR
Relatively recently oslo.log 6.1.0 was released and contains change
I7966d4f4977b267f620946de4a5509f53b043652 which added an option to
enable color in logs which defaults to False. This caused a change in
behavior for DevStack such that viewing logs with journalctl no longer
showed different colors for different log levels, which can make
debugging more difficult when developing with DevStack.

This adds olso.log color configuration based on the existing $LOG_COLOR
DevStack variable for log color which defaults to True for interactive
invocations.

Change-Id: If10aada573eb4360e81585d4fb7e5d97f15bc52b
2024-08-05 18:03:49 +00:00
elajkat 92b65a84cc Handle_tags and branches for unmaintained also
Related-Bug: #2056276
Change-Id: Iaa34624d1d85cadf1b45bec780ef8d97dd054041
2024-08-05 11:39:06 +02:00
karolinku 8784a3027f Replacing usage of rdo-release rpm
with centos-release-openstack rpms follwing [1].

[1] https://issues.redhat.com/browse/RDO-311

Change-Id: I50951e077e73297d10b075677a440992d1e2fa91
2024-07-31 12:36:43 +02:00
Riccardo Pittau 6990b06cd3 Install simplejson in devstack venv
Workaround to avoid failure due to missing osc dependency
removed in [1]

[1] https://review.opendev.org/c/openstack/python-openstackclient/+/920001

Change-Id: I3f7541e691717186b7c73f10ffabae6fc0c5c9f9
2024-07-25 14:37:41 +02:00
Zuul d84b874ef6 Merge "Make nova only use the nova account" 2024-07-23 16:50:12 +00:00
Zuul 640899124f Merge "docs: Add a minimal Tempest guide" 2024-07-23 15:25:53 +00:00
Zuul 2694cc9d44 Merge "lib/neutron: Migrate neutron to WSGI module path" 2024-07-23 12:57:58 +00:00
Stephen Finucane 95697d84cb docs: Add a minimal Tempest guide
This can be fleshed out more in the future, including with information
about managing plugins, but this is a start.

Change-Id: I1094d093b704e37370e3e434ebf3697954e99da3
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-07-23 11:37:05 +01:00
Stephen Finucane 0cd876384a lib/neutron: Migrate neutron to WSGI module path
Change-Id: Ie99ec3bf4198fa7cd7583d2dca648e1474f94aea
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/neutron/+/916407
2024-07-22 11:10:18 +00:00
Rodolfo Alonso Hernandez 13888a31d2 [Neutron] neutron-rpc-server is not a configurable service
The "neutron-rpc-server" is not a configurable service that can be
enabled or disabled. This service is a dependant process of the
"neutron-api-server" service that is spawned when the Neutron API
uses the WSGI module. The execution of this child service will depend
on:
* The Neutron API service when running with the WSGI module. If
  the Neutron API uses the eventlet module, this service won't run
  (the RPC workers will be spawned by the eventlet server).
* The "rpc_workers" configuration variable. If this variable is
  explicitly set to "0", the server must not run.

Closes-Bug: #2073844
Related-Bug: #2073572
Change-Id: Ic019423ca033ded8609d82bb11841b975862ac14
2024-07-20 15:55:07 +00:00
Rodolfo Alonso Hernandez aaaa03718b [Neutron] Do not execute RPC workers if "rpc_workers=0"
When the Neutron WSGI module is used, an independent service called
"neutron-rpc-server" is configured and executed. However it will fail
if the number of RPC workers is configured to zero. In that case,
the configuration and execution of this service should be skipped.

If the service is explicitly disabled in the devstack configuration,
it won't be executed neither.

Closes-Bug: #2073572
Change-Id: Idd023a2a8f588152221f20a13ae24fbb7d1618a4
2024-07-19 13:43:40 +00:00
Sean Mooney 6df5371918 bump guest ram to prevent kernel panics
one observation we had in down stream ci is
sometimes the cirros 0.6.2 image appared to
crash when using 128MB of ram.

upstream we have been dealing with semi random
kernel panics  which are losely corralated with
cinder volume usage.

Recently we optimisted the devstack jobs by using zswap
this has reduced memory pressure in the jobs.

This patch increase the ram allocated to a flavor
to see if we can afford that with the current conncurnace
level in an attempt to reduce kernel panics.

Two new parmaters are added to allow jobs or users
to set the desired ram size.
TEMPEST_FLAVOR_RAM=${TEMPEST_FLAVOR_RAM:-192}
TEMPEST_FLAVOR_ALT_RAM=${TEMPEST_FLAVOR_ALT_RAM:-256}

Change-Id: Ib6a2d5ab61a771d4f85bd2c2412052efadc77ac5
2024-07-12 20:16:06 +01:00
Zuul 1d48d2fa51 Merge "Drop remainders of identity API v2.0 references" 2024-07-11 22:55:29 +00:00
Zuul ea2ca7ea88 Merge "Add devstack-platform-ubuntu-noble to periodic" 2024-07-11 10:09:33 +00:00
Dr. Jens Harbott 696dbdf045 Make nova only use the nova account
Each service should only be using that service's user account within its
configuration, in order to reduce the possible impact of credential
leaks. Start with nova, other services will follow.

Change-Id: I6b3fef5de05d5e0cc032b83a2ed834f1c997a048
2024-07-11 09:52:44 +02:00
Zuul b67c20eca5 Merge "[Neutron] Add a new Neutron service: neutron-ovn-maintenance-worker" 2024-07-10 10:42:34 +00:00
Dr. Jens Harbott d714f7deaa Add devstack-platform-ubuntu-noble to periodic
Seems the platform is stable, let's add it to the periodic-weekly tests
that we run.

Change-Id: I185443c0fdb9e1248542a16fd877dc6b8ffd7683
2024-07-09 17:14:54 +02:00
Dr. Jens Harbott eb0ac1d217 Drop remainders of identity API v2.0 references
keystone has dropped the v2.0 API in queens, time to drop all special
casing for it.

Change-Id: If628c4627f7c8b8c2ee9bca16ea6db693cf8526a
2024-07-08 18:02:25 +02:00
Zuul 49729ab2c5 Merge "[Neutron] Add a new Neutron service: neutron-periodic-workers" 2024-07-08 15:14:10 +00:00
Rodolfo Alonso Hernandez 3a0c0b9ff4 [Neutron] Add a new Neutron service: neutron-ovn-maintenance-worker
This new service is spawned when using Neutron WSGI module. This new
service executes the OVN maintenance task that syncs the Neutron
database and the OVN database.

Depends-On: https://review.opendev.org/c/openstack/neutron/+/922074
Related-Bug: #1912359

Change-Id: I495459cd9e35e2e76ba7fc9611a589e1685814f5
2024-07-03 09:06:13 +00:00
yatinkarel c707dd3fc2 [nova] Add flag to set libvirt tb_cache_size
A config option is being added in nova with [1]
in order to allow configuring lower tb-cache size
for qemu guest VMs.

This patch adds a flag in devstack so jobs can
utilize it to set required tb-cache size.

[1] https://review.opendev.org/c/openstack/nova/+/868419

Co-Authored-By: Sean Mooney <work@seanmooney.info>
Related: blueprint libvirt-tb-cache-size
Change-Id: Ifde737eb5d87dfe860445097d1f2b0ce16b0de05
2024-06-26 17:40:16 +01:00
Sean Mooney db305d2a4b enable openstack-cli-server and other perfromace tunings
This commit enabeles a number of performance optimizations
to tune the host vms memory and io by leveraging zswap
and other kernel parmaters to minimize the effect of io
latency and memory pressure.

The openstack-cli-server has been enabled in the nova ci
for several months now and has proven to speed up devstack
signifcantly, while this change does not enable it by
default in devstack it does enable it by default in the ci
jobs.

simiarly the zswap and other tuning remain disabled by default
in devstack but are enabled by default in the devstack job.

This change limits the qemu tb_cache_size to 128MB form 1G,
this requires libvirt 8.0.0 or newer. as bullseye and
openeuler-22.03 do not meet that requirement they have been
removed. libvirt 8.0.0 will be the new min version supported
in nova in the 2025.1 release so the decions was made
to drop supprot for older release now instead of doing it
at the start of the 2025.1 cycle. debain coverage is still
provided by the newer bookworm relase. openeuler-22.03 has
been superseded by the openeuler-24.03 lts release.
openeuler-24.03 is not currnetly aviable in ci but supprot
could be readded if desired however that is out os scope of
this change.

Change-Id: Ib45ca08c7e3e833b14f7e6ec496ad2d2f7073f99
2024-06-25 11:01:54 +01:00
Zuul b425e822f6 Merge "stackrc: Remove USE_PYTHON3" 2024-06-24 10:52:04 +00:00
Zuul d0284d8c7b Merge "add ubuntu noble (24.04) support" 2024-06-24 00:19:12 +00:00
Sean Mooney 41d253a6f9 add ubuntu noble (24.04) support
This change installs setuptools in the requirements
and global venv to ensure that distutils is present

This change also adds new single and two node
nodeset for noble and a devstack platform job as nonvoting.

Change-Id: Ie1f8ebc5db75d6913239c529ee923395a764e19c
2024-06-21 16:35:32 +01:00
Rodolfo Alonso Hernandez 56368c271d [Neutron] Add a new Neutron service: neutron-periodic-workers
This new service is spawned when using Neutron WSGI module. This new
service executes the plugin workers inside a wrapper executor class
called ``AllServicesNeutronWorker``. The workers are executed as
threads inside the process.

Depends-On: https://review.opendev.org/c/openstack/neutron/+/922110
Related-Bug: #2069581

Change-Id: I6b76b7bcee1365c80f76231e0311406831f8ce41
2024-06-21 13:13:16 +00:00
yatinkarel 4d69238383 Fix rdo_release for unmaintained branches
Only branches with stable/ as prefix were considered
but now we have branches even with different
prefix like unmaintained/, fix it to consider
such cases by using a generic filter instead of
assuming branch name starts with stable.

Change-Id: I967de13094ff6df46737a22d4e1758f9900dfbc9
2024-06-21 18:30:30 +05:30
Zuul 9bcd7c240d Merge "openrc: Group auth-related options together" 2024-06-20 20:10:19 +00:00
Zuul 5f35bfd2a7 Merge "openrc: Stop setting OS_TENANT_NAME" 2024-06-20 09:59:22 +00:00
Zuul f6adb245bb Merge "Fix deployment of the neutron with uwsgi" 2024-06-14 22:53:04 +00:00
Slawek Kaplonski b500d80c76 Fix deployment of the neutron with uwsgi
After patch [1] deploying neutron with uwsgi was not working correctly
due to the fact that there was different paths for the applications
set in the api-paste.ini file. Instead of default ones like:

/: neutronversions_composite
/healthcheck: healthcheck
/v2.0: neutronapi_v2_0

it was changing it to something like:

/networking/: neutronversions_composite
/networking/healthcheck: healthcheck
/networking/v2.0: neutronapi_v2_0

where 'networking' can be configured to something else.
This patch fixes deployment of neutron with uwsgi by not changing its
api-paste.ini file when NEUTRON_DEPLOY_MOD_WSGI=True.

[1] https://review.opendev.org/c/openstack/devstack/+/849145

Closes-bug: #2069418
Change-Id: I12b860d4d98442e2b5ac0c9fd854f1226633b518
2024-06-14 14:08:00 +02:00
Stephen Finucane 5412dbfe7b stackrc: Remove USE_PYTHON3
This is no longer necessary and any users of this should be updated to
remove references.

Change-Id: Ice5083d8897376fd2ed6bd509419526e15baaf12
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-28 13:35:28 +01:00
Stephen Finucane 9fff87fbc7 openrc: Group auth-related options together
Change-Id: I98f283b33c2350cc4388463571013896086b31fa
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-28 13:33:32 +01:00
Stephen Finucane 608489cd59 openrc: Stop setting OS_TENANT_NAME
All clients - OSC included - use keystoneauth under the hood which
hasn't required this in a very long time. Stop setting it and remove the
warning.

We also remove references to 'NOVA_*' variables that haven't been a
thing since well before *I* started working on OpenStack 😅

Change-Id: I882081040215d8e32932ec5d03be34e467e4fbc2
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-28 13:30:45 +01:00
Zuul 92d70a8543 Merge "Display backup dashboard on Horizon when c-bak is enabled" 2024-05-22 12:50:03 +00:00
Zuul 85b8d2ccab Merge "lib/apache: Reshuffle lines" 2024-05-16 14:26:12 +00:00
Zuul 0eab4f97e4 Merge "lib/apache: Pass name, not path, to remove_uwsgi_config" 2024-05-16 14:26:10 +00:00
OpenStack Proposal Bot fadf63e4a9 Updated from generate-devstack-plugins-list
Change-Id: Ifa6db2e765f5f15a1d7421eef061377e55b58ec7
2024-05-16 02:37:02 +00:00
MinhNLH2 6971ccc49a Display backup dashboard on Horizon when c-bak is enabled
Currently, when enabling c-bak service, the backup tab will not
be shown on Horizon by default. This patch tells Horizon to
display backup dashboard when c-bak is enabled.

Closes-Bug: 2064496
Change-Id: I06295706e985bac58de2878c6d24c51f3267c205
Signed-off-by: MinhNLH2 <minh.nlh.work@gmail.com>
2024-05-16 00:37:07 +07:00
Ben Nemec 9a97326c3f Use OSCaaS to speed up devstack runs
OpenStackClient has a significant amount of startup overhead, which
adds a non-trivial amount of time to each devstack run because it makes
a lot of OSC calls. This change uses the OSC service from [0] to run
a persistent process that handles openstack calls. This removes most
of the startup overhead and in my local testing removes about three
minutes per devstack run.

Currently this is implemented as an opt-in feature. There are likely a
lot of edge cases in projects that use a devstack plugin so turning it
on universally is going to require boiling the ocean. I think getting
this in and enabled for some of the major projects should give us a lot
of the benefit without the enormous effort of making it 100% compatible
across all of OpenStack.

Depends-On: https://review.opendev.org/c/openstack/nova/+/918689
Depends-On: https://review.opendev.org/c/openstack/ironic/+/918690
Change-Id: I28e6159944746abe2d320369249b87f1c4b9e24e
0: http://lists.openstack.org/pipermail/openstack-dev/2016-April/092546.html
2024-05-14 07:30:55 -07:00
Stephen Finucane a6f3901a4b lib/apache: Reshuffle lines
Make it a little more obvious what the difference between the two helper
functions is.

Change-Id: I07ec34ecfcd2b7925485145c4b4bf68eda385a32
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-14 14:14:26 +01:00
Stephen Finucane d5182ce3fc lib/apache: Pass name, not path, to remove_uwsgi_config
We'd like to move from configuring uWSGI with '.wsgi' files to
configuring with module paths. Do this for all in-tree services and log
a deprecation warning for anyone still passing a path.

Note that since 'basepath foo' returns 'foo', this is effectively a
no-op for the services being converted here.

Change-Id: Ia1ad5ff160a9821ceab97ff1c24bc48cd4bf1d6f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-14 14:12:02 +01:00
Zuul 951e53bfcc Merge "Upload images with --file instead of stdin" 2024-05-14 10:25:13 +00:00
Dr. Jens Harbott c80b9f4fc1 Drop reno
devstack doesn't do releases, so there should be no release notes,
either. Drop the one that was accidentally created to avoid confusion.

Change-Id: I75a295e50c36925a0137a5458444fb48bd5d9f8a
2024-05-13 11:04:45 +02:00
Dan Smith 769adbd69d Upload images with --file instead of stdin
This is more likely how people will actually upload their images, but
it also prevents the "osc as a service" feature from working because
stdin isn't proxied (of course). So just convert our uses of "image
create" to use --file instead of stdin.

Change-Id: I7205eb0100ba7406650ed609cf517cba2c8d30aa
2024-05-09 10:47:50 -07:00
Dan Smith aee9b0ff9e Make rocky 9 job non-voting
This job is currently failing with mirror or repo issues.

Change-Id: Ie0f862f933cd99cc9fe698d5a178b952e6e93ac4
2024-05-09 10:47:49 -07:00
Brian Haley 9be4ceeaa1 Fix datetime.utcnow() deprecation warning
Running stack.sh on a python 3.12 system generates this
warning from worlddump.py:

  DeprecationWarning: datetime.datetime.utcnow() is deprecated

Use datetime.now(timezone.utc) instead, which should be
backwards-compatible with older python versions.

TrivialFix

Change-Id: I11fe60f6b04842412045c6cb97f493f7fef66e1a
2024-04-23 15:37:37 -04:00
Stephen Finucane b6613b1e71 lib/apache: Use module paths instead of WSGI scripts
pbr's 'wsgi_scripts' entrypoint functionality is not long for this world
so we need to start working towards an alternative. We could start
packaging our own WSGI scripts in DevStack but using module paths seems
like a better option, particularly when it's supported by other WSGI
servers like gunicorn.

Currently only nova is migrated. We should switch additional projects as
they migrate and eventually remove the support for WSGI scripts
entirely.

Change-Id: I057dc635c01e54740ee04dfe7b39ef83db5dc180
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/nova/+/902687/
2024-04-19 11:42:07 +01:00
Zuul e2aeab1bc1 Merge "Fix neutron empty string check" 2024-04-16 21:47:40 +00:00
Zuul 1abf3598fa Merge "lib/apache: Rename variable" 2024-04-16 17:15:25 +00:00
Jaromir Wysoglad c336b87342 Fix neutron empty string check
The variable should be in quotes for the check to work

Testing the behavior in bash:
current behavior:
$ config_file=""
$ if [ -n ${config_file} ]; then echo a; fi
a

$ config_file="abc"
$ if [ -n ${config_file} ]; then echo a; fi
a

behavior with quotes:
$ config_file=""
$ if [ -n "$config_file" ]; then echo a; fi

$ config_file="abc"
$ if [ -n "$config_file" ]; then echo a; fi
a

Change-Id: Iba956d9d4f43b925848174a632aabe58999be74b
2024-04-12 08:37:49 +02:00
Zuul fca44cc375 Merge "Do not configure system-scope admin for keystone" 2024-04-03 19:57:45 +00:00
Martin Kopec 99a96288eb Update DEVSTACK_SERIES to 2024.2
stable/2024.1 branch has been created now and
current master is for 2024.2.

Change-Id: I4af9e87318ef9cbfede7df7c23872a1a7e38c820
2024-03-28 23:38:19 +01:00
Douglas Mendizábal e1b7cc0ef8 Do not configure system-scope admin for keystone
This patch removes a couple of tempest.conf settings that are being
overwrriten when Keystone is set to enforce scope.

These settings are already being set by the keystone devstack plugin [1]
and do not need to be overwritten here.

Keystone is changing the default admin credentials to be project-admin
instead of system-admin to address some failing tests in services that
require project-scoped admin for their admin APIs. [2]  These overrides
are preventing that change from taking effect.

[1] https://opendev.org/openstack/keystone/src/branch/stable/2024.1/devstack/lib/scope.sh#L24-L25
[2] https://review.opendev.org/c/openstack/keystone/+/913999

Change-Id: I48edbcbaa993f2d1f35160c415986d21a15a4999
2024-03-25 12:15:59 -04:00
Zuul f4f09416ca Merge "Drop unused environments for TripleO and heat agents" 2024-03-19 18:55:14 +00:00
huicoffee 5f5255bc01 Remove Glance uWSGI config in clean.sh
Updated clean.sh to remove Glance's Apache uWSGI config files in
APACHE_CONF_DIR, including /etc/apache2/sites-enabled/ on Ubuntu.

Test Plan:
- Run clean.sh.
- Confirm Glance uWSGI configs are removed from APACHE_CONF_DIR.

Closes-Bug: #2057999

Change-Id: I44475b8e084c4b20d7b7cb7f28574f797dbda7a2
2024-03-15 20:15:09 +08:00
OpenStack Proposal Bot 5e837d1f0d Updated from generate-devstack-plugins-list
Change-Id: Ic99b518ddf1045893991accaa089f44d0d4f4b0d
2024-03-06 03:13:36 +00:00
Zuul c7fdfbaed2 Merge "Ignore 500 status code in generate plugin script" 2024-03-05 22:29:21 +00:00
Zuul ee178dcdb5 Merge "Drop the devstack-single-node-centos-7 nodeset" 2024-03-05 17:57:23 +00:00
Zuul 94562b4003 Merge "Make centralized_db driver as default cache driver" 2024-03-05 17:26:24 +00:00
Ghanshyam Mann 1fe7707cf0 Ignore 500 status code in generate plugin script
Due to various reasons, this script may encounter the
500 status code from some repo (x/fuel-plugin-onos in current case[1])
If that happen then it return failure status code to the
propose-updates job and fail that job

- https://zuul.openstack.org/builds?job_name=propose-updates&project=openstack%2Fdevstack&skip=0

It is better not to raise the 500 error in this script and just ignore those
repo to process further to detect the plugin.

[1] https://zuul.openstack.org/build/dba0aa41d145472397916dfcd13948de/log/job-output.txt#2442

Change-Id: Ibca0a2aac404161340e8fc00170018eecf5c8326
2024-03-05 08:37:03 -08:00
Jeremy Stanley af57c0b778 Drop the devstack-single-node-centos-7 nodeset
OpenDev is preparing to remove centos-7 nodes on March 15[*]. This
change drops one nodeset definition which is the last remaining
reference on DevStack's master branch.

[*] https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/A2YIY5L7MVYSQMTVZU3L3OM7GLVVZPLK/

Change-Id: Icd487e1012263a9b0bc13b529d31ff2025108adf
2024-03-04 18:27:51 +00:00
Takashi Kajinami 50c791c0ae Drop unused environments for TripleO and heat agents
TripleO was already retired. These environments are not actually used
by heat jobs.

Change-Id: I63b7413a1575a620f9d2cbd56e93be78816639e0
2024-02-29 17:02:55 +09:00
Zuul 57c685496f Merge "Drop nodesets with ubuntu-xenial" 2024-02-26 21:04:24 +00:00
Zuul 8bc99f3ef1 Merge "nova: unset cpu_model on aarch64" 2024-02-23 18:27:39 +00:00
Dr. Jens Harbott 402b7e89b6 Drop nodesets with ubuntu-xenial
The ubuntu-xenial labels are going to disappear from opendev as that
image is EOL and will we deleted. Clean up our zuul config.

Update some example reference as well.

Change-Id: Id04110f7c871caa1739ff2b62e9796be4fb9aa00
2024-02-23 11:46:03 +01:00
Zuul ed41f85d72 Merge "Add cinder-manage to /usr/local/bin/" 2024-02-13 17:14:03 +00:00
Slawek Kaplonski 4ddd456dd3 Add support for the pyproject.toml file in setup with constraints
In the _setup_package_with_constraints_edit name of the package was
always discovered from the setup.cfg file. But as some projects
implements PEP-621 (see [1] for the SQLAlchemy for example) it is not
enough now.
This patch adds parsing pyproject.toml file also if name is not found in
the setup.cfg file.

[1] https://github.com/sqlalchemy/sqlalchemy/commit/a8dbf8763a8fa2ca53cc01033f06681a421bf60b

Closes-Bug: #2052509
Change-Id: Iee9262079d09a8bd22cd05a8f17950a41a0d1f9d
2024-02-09 15:50:16 +01:00
Zuul 1ba76adccb Merge "Increase timeout for reimage operation" 2024-02-08 14:15:10 +00:00
Zuul 15a6f3e410 Merge "Uncap bashate" 2024-02-07 19:16:32 +00:00
Abhishek Kekane d251d12d71 Make centralized_db driver as default cache driver
Making newly introduced `centralized_db` driver as default cache
driver for glance so that it can be tested in available CI jobs.

New cache driver `centralized_db` needs `worker_self_reference_url`
in glance-api.conf file otherwise glance api service will fail to
start.

Related blueprint centralized-cache-db
Depends-On: https://review.opendev.org/c/openstack/glance/+/899871

Change-Id: I75267988b1c80ac9daa5843ce8462bbac49ffe27
2024-01-31 21:37:20 +00:00
Takashi Kajinami b485549efc Uncap bashate
The bashate tool has been very stable for a while and we rarely expect
changes which may break existing scripts.

This removes the current capping to avoid updating the upper limit when
when a new release is created in bashate.

Change-Id: Iae94811aebf58b491d6b2b2773db88ac50fdd737
2024-01-29 11:42:32 +09:00
Sean Mooney 5c1736b782 fix zswap enable flag
zswap should only be enabled if ENABLE_ZSWAP is true.
The if condition was checking ENABLE_KSMTUNED.
That is now fixed.

Change-Id: I76ba139de69fb1710bcb96cc9f638260463e2032
2024-01-24 10:53:12 +00:00
Zuul 031732998a Merge "add support for zswap and ksmtuned" 2024-01-24 00:21:17 +00:00
Sean Mooney 224fe1b09a add support for zswap and ksmtuned
This change add a new lib/host-mem file and moves the existing
ksm support to a new configure_ksm function.
Additional support for ksmtuned is added with a new flag
"ENABLE_KSMTUNED" which defaults to true.

This change also adds support for zswap. zswap is disabled
by default. When enabled on ubuntu lz4 will
be used as the default compressor and z3fold as the zpool.
On non debian distros the compressor and zpool are not set.
The default values should result in very low overhead although
the zstd compressor may provide better overall performance in ci
or with slow io due to the higher compression ratio.

Additionally memory and network sysctl tunings are optionally applied
to defer writes, prefer swapping and optimise tcp connection
startup and keepalive. The sysctl tunings are disabled by default
The base devstack job has been modifed to enable zram and sysctl
tuning.

Both ksm and zswap are wrapped by a tune_host function
which is now called very early in devstack to ensure
they are configured before any memory/network intensive
operations are executed.

The ci jobs do not enable this functionality by default.
To use this functionaltiy define

        ENABLE_SYSCTL_MEM_TUNING: true
        ENABLE_SYSCTL_NET_TUNING: true
        ENABLE_ZSWAP: true

in the devstack_localrc section of the job vars.

Change-Id: Ia5202d5a9903492a4c18b50ea8d12bd91cc9f135
2024-01-16 19:51:00 +00:00
Rodolfo Alonso Hernandez 6091df25a3 [OVN] Add support for the Neutron OVN agent service
The Neutron OVN agent is a service that could run in any node. The
functionality will depend on the extensions configured. This new
agent is meant to be the replacement for the Neutron OVN metadata
agent once the "metadata" extension is implemented in this service
[1].

[1]https://review.opendev.org/c/openstack/neutron/+/898238

Related-Bug: #2017871
Change-Id: I8f82f0047e89aac122a67f59db84f03e1a6bf519
2024-01-15 09:23:58 +00:00
Fabian Wiesel a2da805f81 Fixup of 'Fix spelling of ADITIONAL_VENV_PACKAGES'
Introduced a dangling } in the environment variable.
This removes it.

Change-Id: If9413dc1751399e5b9c9a0094772394252e5a81c
2024-01-08 10:18:35 +01:00
Zuul a88b17177d Merge "Fix spelling of ADITIONAL_VENV_PACKAGES" 2024-01-03 19:03:37 +00:00
OpenStack Proposal Bot 7699ce2d5c Updated from generate-devstack-plugins-list
Change-Id: Ie5cbd87269a10d6abdf1d24f7e6224d9aac3bf5d
2023-12-25 03:14:20 +00:00
Fabian Wiesel 6fc0e74aa7 Fix spelling of ADITIONAL_VENV_PACKAGES
This preserved `ADITIONAL_VENV_PACKAGES` as an input for backwards
compatiblity, but takes `ADDITIONAL_VENV_PACKAGES` with priority.

Fixes spelling in comment.

Related-Bug: #2046936
Change-Id: I84151d8f71b12da134e8fb9dbf3ae30f2a171fe2
2023-12-19 13:48:57 +01:00
Rajat Dhasmana 5e98509eaa Increase timeout for reimage operation
Looking at the recent failures in the tempest-integrated-compute
job, the reimage operation seems to be taking longer than our
expected time of 60 seconds (which was increased because of a similar
failure in the past, default is 20 seconds).
The main culprit for this failure is the image conversion from qcow2
to raw which is taking ~159 seconds.

Dec 05 13:29:59.709129 np0035951188 cinder-volume[77000]: DEBUG oslo_concurrency.processutils [req-5113eccb-05ba-486a-8130-a58898c8ad35 req-0edf972a-109a-465f-a771-ceb87ecbda3e tempest-ServerActionsV293TestJSON-1780705112 None] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf qemu-img convert -O raw -t none -f qcow2 /opt/stack/data/cinder/conversion/image_download_dbe01f18-1c90-4536-a09a-b49f0811c7a0_copod3cm /dev/mapper/stack--volumes--lvmdriver--1-volume--073a98e8--3c89--4734--9ae5--59af25f8914a" returned: 0 in 159.272s {{(pid=77000) execute /opt/stack/data/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422}}

The recent run took ~165 seconds on the cinder side but it failed
early since the nova operation timed out in 60 seconds hence
deleting the volume.
To be on the safer side, 180 seconds seems to be a sane time for
the operation to complete which this patch configures.

Closes-Bug: 2046252
Change-Id: I8a9628216038f6d363cab5dd8177274c9cfc17c2
2023-12-12 12:55:30 +00:00
Yadnesh Kulkarni 6b0f055b4e Make multiple attempts to download image
Downloading an image can fail due to network issues, so let's
retry 5 times before giving up. We have seen issues in CI due
to network issues as described below and in the Related-Bug:-

Often times fetching Fedora image in FIPS jobs fails due to
"GnuTLS: One of the involved algorithms has insufficient security level."

This occurs when request to pull image is redirected to a mirror that's
incompatible with FIPS enabled system.

Making multiple attempts to download images could provide better chance of
pulling images from different mirrors and avoid failure of the job.
This will also save a few rechecks.

Related-Bug: #2045725
Change-Id: I7163aea4d121cb27620e4f2a083a543abfc286bf
2023-12-08 17:32:34 +05:30
Stephen Finucane d126330efe lib/apache: Rename variable
This is a little more meaningful, IMO.

Change-Id: Ib9d3fdc54b1cdbd822c2a4eca0a3310ca3f6324c
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-12-06 09:58:18 +00:00
Eric Harney 2e14add0fd Add cinder-manage to /usr/local/bin/
This is useful in a dev environment.

Change-Id: I247eb4aea23a906d0e667ec6c5ac79f932bdca24
2023-11-29 09:22:10 -05:00
Abhishek Kekane 2211c778db Allow devstack to set cache driver for glance
Added new devstack variable `GLANCE_CACHE_DRIVER` default
to `sqlite` to set the cache driver for glance service.

Related blueprint centralized-cache-db

Change-Id: I76d064590356e2d65bfc6a3f57d1bdaeeb83a74a
2023-11-22 06:25:48 +00:00
elajkat bb0c273697 Option for SQLAlchemy and alembic git source
Change-Id: If7ff0075834a1e9cee01713676166e56b797debd
Closes-Bug: #2042941
2023-11-16 19:49:29 +05:30
Zuul 9a55a925c4 Merge "Revert "Enable keystone token caching by OSC"" 2023-11-15 19:41:16 +00:00
yatin 82c30cd82e Revert "Enable keystone token caching by OSC"
This reverts commit 67630d4c52.

Reason for revert: Seeing random failures across jobs as sometimes
'keyring_pass.cfg' gets duplicated keys and that makes executions
of any openstackclient command to fail until the file is removed.
This should be handled before re enabling the token caching again.

Change-Id: I3d2fe53a2e7552ac6304c30aa2fe5be33d77df53
Related-Bug: #2042943
2023-11-15 12:44:50 +00:00
Dr. Jens Harbott e7c12616e2 Add periodic-weekly pipeline with platform jobs
Originally we only had the openeuler jobs there, but the other platforms
could also do with some regular testing.

Change-Id: I93526a4c592d85acd4debf72eb59e306ab8e6382
2023-11-14 16:32:17 +01:00
Zuul 57d3b21dd9 Merge "ignore dbcounter sub dirs" 2023-11-12 19:49:24 +00:00
tzing 0f402b8327 Fix openEuler support
openEuler 22.03 LTS support was removed from devstack in last
few months due to its libvirt version is too old and the CI job
always fail.

This Patch add a yum repository for libvirt7.2.0, and add the
related CI job to make sure its works well.

Change-Id: Ic507f165cfa117451283360854c4776a968bbb10
2023-11-07 06:14:58 +00:00
Zuul 3ffcc89d5d Merge "Enable keystone token caching by OSC" 2023-10-30 20:28:18 +00:00
Sean Mooney 5123700ea6 ignore dbcounter sub dirs
currently id you run devstack with the dbcounter service enabled
the created subdirs show up in git status

this change justs add them to .gitgnore

Change-Id: Iee48eb4e12ac22734c8a2c1dcbe0b92a0a387eaa
2023-10-27 02:38:19 +01:00
Artem Goncharov 67630d4c52 Enable keystone token caching by OSC
SDK uses python keyring library to enable token caching. Normally this
is requiring a proper desktop (interactive) session, but there are some
backend plugins working in non-interactive mode. Store cache in an
unencrypted file on FS (this is not worse than storing passwords in
plaintext).

Change-Id: I42d698f15db5918443073fff8f27b926126d1d0f
2023-10-26 11:07:30 +02:00
Ghanshyam Mann bacb840094 Enable NEUTRON_ENFORCE_SCOPE to True by default
Neutron bobcat release has enabled the RBAC new defaults
by default. With the latest release of Neutron have new
defaults enable, we should configure the same by default in
devstack. This change make NEUTRON_ENFORCE_SCOPE flag to
True by default so that every job will run with Neutron
new defaults.

As old defaults are still supported (in deprecated way),
we will keep this flag so that we can have one job disable
it and test the old defaults.

Change-Id: I3361d33885b2e3af7cad0141f9b799b2723ee8a1
2023-10-25 12:52:28 -07:00
Dr. Jens Harbott 29e73a2155 Enable performance collection on Debian
Change-Id: I84f1432262138cc9ff0942e1a2b2abe7447afe34
2023-10-24 06:18:22 +02:00
Dan Smith cace404431 Fix performance stats gathering for global VENV
Change-Id: I113c571ffddb241b29b1394e181ed0145b3c1e04
2023-10-23 11:21:24 -07:00
Zuul 5613db3caa Merge "Add support volume backup_driver config option" 2023-10-19 13:35:48 +00:00
Zuul 99919cbbd8 Merge "Horizon: Install pymemcached" 2023-10-18 06:26:49 +00:00
Zuul 4975fad23e Merge "Allow forcing nova compute_id" 2023-10-17 13:43:45 +00:00
Takashi Kajinami d2acd60870 Horizon: Install pymemcached
... so that we can use PyMemcacheCache backend. The MemcachedCache
backend, which has been used previously, has been removed in recent
Django, and we are switching the default backend in [1].

[1] https://review.opendev.org/c/openstack/horizon/+/891828

Change-Id: Ie1da8970628e34c41721198cdada8c7bb3b26ec0
2023-10-16 15:04:13 +09:00
OpenStack Proposal Bot eb9b08a883 Updated from generate-devstack-plugins-list
Change-Id: Ieecc17159ac36b65124598c36fc92b77c2a75399
2023-10-14 02:26:11 +00:00
Dan Smith 72cf4e6006 Allow forcing nova compute_id
Developers that need to stack and re-stack non-AIO compute-only
environments will want to be able to keep the compute node uuid the
same across runs. This mimics the behavior of a deployment tool that
pre-creates the uuids, so it matches pretty well. Default to the
current behavior of create-on-start, but allow forcing it ahead of
time to something specific.

Change-Id: Icab0b783e2233cad9a93c04758a5bccac0832203
2023-10-12 11:08:30 -07:00
Dr. Jens Harbott ca4d5132e6 zuul: Drop neutron-linuxbridge-tempest job
Neutron has deprecated linuxbridge support and is only doing reduced
testing for the neutron-linuxbridge-tempest job, so we need no longer
run it in devstack, even less gate on it.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie1a8f978efe7fc9b037cf6a6b70b67d539d76fd6
2023-10-10 09:22:16 +02:00
Lukas Piwowarski 8c25a85861 Add support volume backup_driver config option
The depends-on patch adds a new backup_driver option to tempest.
The goal of this change is to be able to do a proper cleanup of
containers when swift is used as a backup driver.

Thich change makes sure that the new option is properly set to
"swift" when Swift is used as the driver.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/896011/13
Change-Id: I76e7fd712ee352051f8aa2f2912a29abad9ad017
2023-10-05 15:28:12 +00:00
Zuul 68ca13311d Merge "Update DEVSTACK_SERIES to 2024.1" 2023-10-04 11:58:11 +00:00
Zuul 9e41895dea Merge "CI: Make bookworm platform job voting" 2023-10-03 10:43:20 +00:00
Ghanshyam Mann 3d37d13ee7 Update DEVSTACK_SERIES to 2024.1
stable/2023.2 branch has been created now and
current master is for 2024.1

Change-Id: I67eee1ba721a1ad99b3503312acc2f94a52c5552
2023-09-28 11:36:07 -07:00
Zuul f871476c22 Merge "Use OS_CLOUD in sample local.sh" 2023-09-25 13:31:33 +00:00
Dan Smith 25cd7eb672 Fix g-api-r for non-global venv
This makes the glance-api-remote setup honor the GLOBAL_VENV flag,
and not pass the --venv stuff to uwsgi if it is disabled. This should
fix the glance-multistore-cinder-import-fips job.

Change-Id: I2005da5ced027d273e1f25f47b644fecafffc6c1
2023-09-21 09:54:49 -07:00
Jake Yip 5441b3df6e Use OS_CLOUD in sample local.sh
local.sh, if present, will be executed at the end of stack.sh. The
sample file here is meant to be copied to devstack root if desired.

Unfortunately, due to Change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
changing to use OS_CLOUD in stack.sh, sourcing openrc here will cause
both OS_CLOUD and traditional OS_* env vars to be set, which causes a
conflict.

Change-Id: Id80b46acab7d600ad7394ab5bc1984304825a672
2023-09-20 11:32:33 +00:00
Dr. Jens Harbott f73d312783 CI: Make bookworm platform job voting
It has been very stable for some time and it is going to be a major
platform for the next cycle.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Id2df9514b41eda0798179157282a8486b1e9ae23
2023-09-20 07:04:37 +02:00
OpenStack Proposal Bot d3953db766 Updated from generate-devstack-plugins-list
Change-Id: I18a47f5d604bbb83173151fb0b129deee2fcbe62
2023-09-19 02:15:19 +00:00
Zuul 129d0964a8 Merge "Remove openeuler job from periodic and check queue" 2023-09-12 21:45:50 +00:00
Zuul 0c9dbbbe11 Merge "Allow others to override NOVA_SERVICE_REPORT_INTERVAL" 2023-09-12 17:07:55 +00:00
Martin Kopec 290a02d1f8 Remove openeuler job from periodic and check queue
The openeuler job running version 22.03 fails due to old libvirt.
Nova requires version 7.0.0 or greater.

Related-Bug: #2035224
Change-Id: I4ad6151c3d8555de059c9228253d287aecf9f953
2023-09-12 17:32:03 +02:00
Zuul 428cb8a0a9 Merge "[nova][ironic] Support configuring 1 shard on n-cpu" 2023-09-12 11:37:19 +00:00
Zuul af8750c82a Merge "Remove wget + rpm workaround to manage repos install in CentOS" 2023-09-12 09:38:36 +00:00
Zuul e6ac2b6983 Merge "Add OVN_BRIDGE_MAPPINGS - support extra bridge" 2023-09-12 09:38:33 +00:00
Jay Faulkner e1297193dc [nova][ironic] Support configuring 1 shard on n-cpu
Allows for testing of basic sharding configuration.

Change-Id: Idfb2bd1822898d95af8643d69d97d9a76b4d64cc
Needed-By: https://review.opendev.org/c/openstack/ironic/+/894460
2023-09-11 17:44:09 +00:00
Zuul d51a6b9a11 Merge "Fix $LOGDIR owner to be stack.stack" 2023-09-05 16:50:32 +00:00
Lucas Alvares Gomes a389128dba OVN: Let ironic manage the OVN startup in it's case.
In order for Ironic perform full testing with devstack, it uses
virtual machines attached to a ovs bridge network to simulate
bare metal machines. This worked great for OVS because often
OVS was already running on the nodes due to the package, and
we could just apply configuration and be done with it when
Ironic's devstack plugin was applying initial configuration and
setting up the test environment.

With OVN, and the requirement of a specific co-installed OVS
version, Ironic has discovered that we cannot perform this same
configuration without having already started OVN during the
initial system setup. Which is fine, but we can't initialize
and start OVN twice. It just doesn't work.

The original form of this patch was proposed by lucasgnomes
in order to validate that we, did, indeed, need to do this
to enable Ironic to successfully test an OVN based
configuration, and is now being revised to handle that case
automatically when Ironic is the selected virt plugin.

Co-Authored-By: Julia Kreger <juliaashleykreger@gmail.com>
Change-Id: Ifbfdaaa97fdbe75ede49dc47235e92a8035d1de6
2023-09-04 13:38:23 +00:00
Harald Jensås 16ac21f0da Add OVN_BRIDGE_MAPPINGS - support extra bridge
Add's the OVN_BRIDGE_MAPPINGS variable to ovn_agent.
Uses the same format as OVS_BRIDGE_MAPPINGS, it defaults
to "$PYSICAL_NETWORK:$PUBLIC_BRIDGE".

This enables use of providernet for public network and
setting up additional bridges, for example a for baremetal.

Example:
  Q_USE_PROVIDER_NETWORKING="True"
  OVS_PHYSICAL_BRIDGE="brbm"
  PHYSICAL_NETWORK="mynetwork"
  PUBLIC_PHYSICAL_NETWORK="public"
  PUBLIC_BRIDGE="br-ex"
  OVN_BRIDGE_MAPPINGS="public:br-ex,mynetwork:brbm"

Change-Id: I37317251bbe95d64de06d6232c2d472a98c0ee4d
2023-09-04 13:45:23 +02:00
Dr. Jens Harbott 427a4e1a9b Drop focal platform job and support
This was dropped in tempest, too[0], and we want to focus on getting and
keeping the jammy job stable.

Still retaining the nodeset definitions until we are sure they are not
needed in other projects.

[0] https://review.opendev.org/c/openstack/tempest/+/884952

Change-Id: Iafb5a939a650b763935d8b7ce7069ac4c6d9a95b
2023-09-03 12:07:41 -07:00
yatinkarel ffc1b76f64 [neutron] Rely on PATH env set by devstack
This was missed as part of [1], neutron sets
exec_dirs in rootwrap.conf differently so that
also needs to be fixed.

Without it neutron openvswitch jobs relying on
neutron-keepalived-state-change scripts were
failing when deployed with GLOBAL_VENV=True as
binaries no longer found at /usr/local/bin.

[1] https://review.opendev.org/c/openstack/devstack/+/558930

Closes-Bug: #2031415
Change-Id: I9aa56bff02594f253381ffe47a70949079f4c240
2023-08-28 11:01:07 +05:30
Zuul e2bd271790 Merge "Fix configuration of LVM global_filter" 2023-08-24 19:57:23 +00:00
Zuul 2342fcabd7 Merge "Fix glance-remote with global venv" 2023-08-24 03:41:31 +00:00
melanie witt ef53db76d0 Fix configuration of LVM global_filter
As far as I could tell, the global_filter config added in change
I5d5c48e188cbb9b4208096736807f082bce524e8 wasn't actually making it
into the lvm.conf. Given the volume (or rather LVM volume) related
issues we've been seeing in the gate recently, we can give this a try
to see if the global_filter setting has any positive effect.

This also adds the contents of /etc/lvm/* to the logs collected by the
jobs, so that we can see the LVM config.

Change-Id: I2b39acd352669231d16b5cb2e151f290648355c0
2023-08-24 03:28:31 +00:00
Dan Smith 5a51aa524c Fix glance-remote with global venv
The base systemd unit file setup now writes an Environment= line to
the file for the venv. The glance-remote code was setting that to
point at the alternate config location, using iniset which was
clobbering the venv one. Switch to iniadd to fix.

Also, we need to explicitly put the --venv flag into the command since
we write our unit file ourselves. This probably needs a cleanup at
this point, but since the glance gate is blocked, do this for now.

Change-Id: I2bd33de45c41b18ed7d4270a7301b1e322134987
2023-08-23 14:41:39 -07:00
Zuul 640c318f38 Merge "Set GLOBAL_VENV to false for centos and rocky" 2023-08-23 19:42:43 +00:00
Martin Kopec 7cd3a8eebe Set GLOBAL_VENV to false for centos and rocky
As a temporary workaround, let's set the GLOBAL_VENV to false
specifically for centos 9 stream and rocky distros where we
encountered issues after changing the default value
of GLOBAL_VENV to True in Devstack:
https://review.opendev.org/c/openstack/devstack/+/558930

Related-Bug: #2031639
Change-Id: I708b5a81c32b0bd650dcd63a51e16346863a6fc0
2023-08-23 17:39:34 +02:00
Zuul 21eac99e4e Merge "Update etcd version to 3.4.27" 2023-08-23 00:42:11 +00:00
Jan Gutter 3a7a3cd8c5 Update etcd version to 3.4.27
* etcd 3.3 is no longer maintained.
* etcd 3.4 removes deprecated interfaces, and clients may
  need updated configs.
* The cinder backend coordination URL needs to explicitly
  specify the version, until tooz can be updated
  https://review.opendev.org/c/openstack/tooz/+/891355
* etcd only supports in-place upgrades between minor
  versions, so any jobs testing upgrades could fail if
  they skip from 3.2 directly to 3.4

Change-Id: Ifcecdffa17a3a2b1075aa503978c44545c4a2a3c
2023-08-22 16:34:03 +01:00
Zuul bd472fd53d Merge "Revert "Woraround systemd issue on CentOS 9-stream"" 2023-08-22 07:00:11 +00:00
yatin 7c4a955c52 Revert "Woraround systemd issue on CentOS 9-stream"
This reverts commit 113689ee46.

Reason for revert: systemd-252-17.el9 which includes the fix is now available in CentOS 9-stream repos.

Change-Id: I6fe19838a75a30fd5d2434c03b7f403f1c7e4b50
2023-08-21 06:28:30 +00:00
Artom Lifshitz 220004fb5c Allow others to override NOVA_SERVICE_REPORT_INTERVAL
While the patch where this was first introduced and set to 120 [1] is
sensible for the vast majority of jobs, it's conceivable that some
jobs might want a different value.

Specifically, the whitebox-tempest-plugin changes configurations and
restarts Nova services, and to do so it waits for the service status
to update in the API before continuing with the tests. With the report
interval set to 120 and the down time threshold set to 720, the
service would continue showing 'up' in the API long after it was
actually down, causing the wait to time out.

Whitebox is a low-traffic project with only a couple of devstack jobs
that run tempest tests sequentially (concurrency=1). Its CI is also
pretty stable. It seems legitimate for it to keep the old default
values of report_interval and service_down_time.

This patch keeps the 120 default for NOVA_SERVICE_REPORT_INTERVAL, but
makes it configurable by individual jobs. Since the original patch
also introduced CINDER_SERVICE_REPORT_INTERVAL as a constant, make
that configurable as well.

[1] https://review.opendev.org/c/openstack/devstack/+/890439

Needed-by: https://review.opendev.org/c/openstack/whitebox-tempest-plugin/+/891612
Change-Id: I64fa2059537ea072a38fb4900d3c7d2d8f0ce429
2023-08-16 14:32:12 -04:00
Ghanshyam 08b434e5b0 Revert "GLOBAL_VENV: add nova to linked binaries"
This reverts commit 26b5eddeaa.

Reason for revert: nova changed to use osc

- https://review.opendev.org/c/openstack/nova/+/891247/2

Resolving conflict due to
- https://review.opendev.org/c/openstack/devstack/+/891248

Change-Id: I69e179a90a241946b3f426a41c38ae72a66ba6dc
2023-08-14 12:42:49 -07:00
Dr. Jens Harbott 4c45bec6eb GLOBAL_VENV: add more binaries
glance and rally binaries are also needed.

Also make sure the cinder-rtstool is only called when cinder is actually
enabled.

Change-Id: I18113eabf2fa83e36bace276883775303f6a1e9a
2023-08-12 11:35:08 +02:00
Zuul af9e67c050 Merge "GLOBAL_VENV: add nova to linked binaries" 2023-08-12 05:32:31 +00:00
Zuul cd486f13aa Merge "Add debian-bookworm job" 2023-08-11 21:46:42 +00:00
Dr. Jens Harbott 26b5eddeaa GLOBAL_VENV: add nova to linked binaries
This is being used in some nova jobs, so we need to add it. Also order
the list of linked binaries to allow easier maintenance.

Change-Id: Ief012f7842d6e14380c9575740d1856bc1f2355e
2023-08-11 21:51:05 +02:00
Zuul c1d1954e91 Merge "Add option to install everything in global venvs" 2023-08-11 18:04:15 +00:00
Zuul d7ab61747a Merge "Disable waiting forever for connpool workers" 2023-08-09 03:06:35 +00:00
Brian Haley 4363b0bd84 Fix $LOGDIR owner to be stack.stack
I have seen this failure in the gate a few times:

[ERROR] /opt/stack/devstack/functions-common:2334 Neutron did not start
/opt/stack/devstack/functions-common: line 310:
  /opt/stack/logs/error.log: Permission denied

So whatever was trying to be written to error.log never
happened. Change to be like other directories in this
file and make the $LOGDIR owner stack.stack.

Change-Id: I673011aba10c8d03234100503ccc5876e75baff2
2023-08-08 08:38:00 -04:00
Zuul 3e0a118d17 Merge "Add SERVICE_REPORT_INTERVAL knob" 2023-08-08 05:05:39 +00:00
Alfredo Moralejo 0da88c4af0 Remove wget + rpm workaround to manage repos install in CentOS
RDO has moved rdo-release packages to a new infra which supports EMS so
we do not need to wget it and install it using local rpm install.

This partially reverts [1].

[1] https://review.opendev.org/c/openstack/devstack/+/884277/

Change-Id: I189d0c3da0e7b017e2568022c14e6c8fb28251f1
2023-08-07 14:16:12 +02:00
Zuul b4e934c9fa Merge "Woraround systemd issue on CentOS 9-stream" 2023-08-05 11:37:11 +00:00
Dan Smith c3b0b9034e Disable waiting forever for connpool workers
This will cause apache to no longer wait forever for a connection
pool member to become available before returning 503 to the client.
This may help us determine if some of the timeouts we see when
talking to the services come from an overloaded apache.

Change-Id: Ibc19fc9a53e2330f9aca45f5a10a59c576cb22e6
2023-08-04 07:16:27 -07:00
Dan Smith 3832ff52b4 Add SERVICE_REPORT_INTERVAL knob
Heavily-loaded workers in CI consistently fail to complete the
service checkin task, which is configured for every ten seconds in
nova and cinder. This generates additional load on the database server
as well as consumes a threadpool worker. If we're not making the
deadline, there's really no point in having it be so high. Further,
since the workers must remain up for all the tempest tests we're
running against them, there's really no benefit to a fast-fail
detection.

This sets the report_interval to 120s for nova and cinder, and sets
service_down_time to 6x that value, which is consistent with the
default scale.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/890448
Change-Id: Idd7aa1daf354256b143a3778f161cfc72b318ea5
2023-08-03 12:20:05 -07:00
yatinkarel 113689ee46 Woraround systemd issue on CentOS 9-stream
systemd-252-16.el9 introduced a regression
where libvirtd process exits after 120s of
inactivity.
Add a workaround to unset 120s timeout for
libvirtd, the workaround can be removed once
the fix is available in systemd rpm.

Related-Bug: #2029335
Change-Id: Id6db6c17518b54d5fef7c381c509066a569aff6d
2023-08-02 13:13:07 +05:30
Dr. Jens Harbott 0b79f6f769 Add debian-bookworm job
Change-Id: Id5e54775e2be38a75db0bd1f55d1d3b5ae7ef71f
2023-08-02 05:11:03 +00:00
Clark Boylan a40f9cb91f Add option to install everything in global venvs
Since we are python3 only for openstack we create a single python3
virtualenv to install all the packages into. This gives us the benefits
of installing into a virtualenv while still ensuring coinstallability.
This is a major change and will likely break many things.

There are several reasons for this. The change that started this effort
was pip stopped uninstalling packages which used distutils to generate
their package installation. Many distro packages do this which meant
that pip installed packages and distro packages could not coexist in the
global install space. More recently git has made pip installing repos as
root more difficult due to file ownership concerns.

Currently the switch to the global venv is optional, but if we go down
this path we should very quickly remove the old global installation
method as it has only caused us problems.

Major hurdles we have to get over are convincing rootwrap to trust
binaries in the virtualenvs (so you'll notice we update rootwrap
configs).

Some distros still have issues, keep them using the old setup for now.

Depends-On: https://review.opendev.org/c/openstack/grenade/+/880266
Co-Authored-By: Dr. Jens Harbott <frickler@offenerstapel.de>
Change-Id: If9bc7ba45522189d03f19b86cb681bb150ee2f25
2023-08-02 07:07:25 +02:00
Dr. Jens Harbott 7a2021dfa0 Add rocky job to gate
It was made voting some time ago, but we missed also running it in gate.

With that RHEL platform test in place, we can keep c9s permanently
non-voting, which is better suited to match its instability.

Change-Id: I6712ac6dc64e4fe2203b2a5f6a381f6d2150ba0f
2023-08-02 07:01:49 +02:00
Zuul 9dba09975d Merge "Drop Fedora support" 2023-08-01 17:49:48 +00:00
Dan Smith d115bfd72a Reduce the flush frequency of dbcounter plugin
This relaxes the limits for dbcounter to make it flush stats to the
database less often. Currently every thirty seconds or 100 hits, we
write a stats line to the database. In some services (like keystone)
this can trigger more than one write per second because of the
massive number of SELECT calls that service makes.

This removes the hit limit and decreases the mandatory flush interval
to once a minute. Hopefully this will manifest as lower load on the
database triggered by what would be readonly operations.

Change-Id: I43a58532c0541075a2d36408abc50a41f7994bda
2023-07-31 07:20:12 -07:00
Zuul 280feb0861 Merge "git: git checkout for a commit hash combinated with depth argument" 2023-07-31 11:29:32 +00:00
Zuul b314d07e34 Merge "Fix reboot on fedora like nodes" 2023-07-25 16:18:54 +00:00
Zuul 61cd302439 Merge "Remove unused file" 2023-07-25 14:45:38 +00:00
Zuul b52dceee7b Merge "Switch TLS tests to TLSv1.2+ only" 2023-07-21 16:37:18 +00:00
Zuul 9845128969 Merge "Support RHEL 9" 2023-07-21 12:35:17 +00:00
jskunda 770352beb0 git: git checkout for a commit hash combinated with depth argument
This patch: https://review.opendev.org/c/openstack/devstack/+/882299
provides functionality, that commit hash can be passed as last arugment,
however when GIT_DEPTH is set, it fails, as in:

timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git ./ovn
--depth 1 --branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
fatal: Remote branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
not found in upstream origin

Closes-Bug: #2023020
Change-Id: I748354964a133e028e12458cc9014d6d014cbdb9
2023-07-20 10:21:41 +02:00
Brian Haley e261bd809e Always set image_uuid_alt in configure_tempest()
When there is only a single image, configure_tempest()
needs to always set image_uuid_alt the same as image_uuid,
else it will fail trying to determine the size of the
flavor to use for it later in the function.

Introduced by [0], and subsequent change did not fix it.

[0] https://review.opendev.org/c/openstack/devstack/+/886795

Change-Id: Ibfe99ff732570dbd415772c5625f43e35b68c871
Related-bug: #2028123
2023-07-19 16:04:12 -04:00
yatinkarel 931b45defd Handle more than 1 image while configuring tempest
[1] caused a regression causing failures when
more than 1 images are setup. Fixing it by correctly
using the array variable. Also add a break in the
for loop once if condition is met.

[1] https://review.opendev.org/c/openstack/devstack/+/886795

Closes-Bug: #2028123
Change-Id: I4f13c1239312bbcca8c65e875d65d03702161c18
2023-07-19 12:28:39 +05:30
Zuul 16b34a92ae Merge "Set two different image in tempest irespective of DEFAULT_IMAGE_NAME" 2023-07-18 18:25:27 +00:00
Zuul b368c9fb5e Merge "The AZ filter is deprecated and planned for removal this cycle" 2023-07-17 15:16:38 +00:00
Zuul 92f62fe184 Merge "Add 10 second buffer for uwsgi service stop" 2023-07-06 11:14:43 +00:00
Dan Smith 58c80b2424 nova: Bump timeout-per-gb for BFV rebuild ops
This increases the timeout we use to wait for cinder to perform a
volume reimage. Since devstack is often running on a single machine
with non-production IO performance, we should bump this limit to avoid
hitting it before the rebuild completes.

Change-Id: Ie2663b951acb0c1a65597a39e032948764e6ae6a
2023-06-28 14:13:22 -07:00
Ghanshyam Mann e32715b251 Set two different image in tempest irespective of DEFAULT_IMAGE_NAME
In current logic to set two different image in Tempest in config
option image_ref and image_ref_alt, we consider if DEFAULT_IMAGE_NAME
is found in glance then set the same image in tempest for those
two config option. This means even we have two different image available
in glance, still we set same image in image_ref as well as image_ref_alt
and all the rebuild tests are rebuilt on the same image.

I could not find any reason why we set same image if DEFAULT_IMAGE_NAME
exist, below are the original change added this logic
- https://review.opendev.org/c/openstack/devstack/+/17553

We had a requirement of test to run on two different images
- https://review.opendev.org/c/openstack/tempest/+/831018

and for that we need to set DEFAULT_IMAGE_NAME to non exist image
name but that broke the Ironic which was reply on the valid name
in DEFAULT_IMAGE_NAME
- https://review.opendev.org/c/openstack/ironic/+/886790

As we do not have any reason not to set two different image
if DEFAULT_IMAGE_NAME is set, I am removing the condition of
DEFAULT_IMAGE_NAME from lib/tempest logic and always set two
different images if they are available.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/886796

Change-Id: I9d215f48d4440f2fa6dcc0d222a10896caf01215
2023-06-27 13:43:47 -05:00
OpenStack Proposal Bot 27568ea334 Updated from generate-devstack-plugins-list
Change-Id: I6fd6a718ce39d849342b30970ca39477ce285374
2023-06-27 02:19:53 +00:00
Dr. Jens Harbott 4a1b2808af Remove unused file
This was forgotten in [0]

[0] I20501fec140998b91c9ddfd84b7b10168624430a

Change-Id: Iacd86e3953f573a0fc38dc4898aafefccb3a9a79
2023-06-26 12:23:58 +02:00
Sean Mooney ad029c0e8b The AZ filter is deprecated and planned for removal this cycle
To facilitate that this change removes it form the default filter
list. By default nova has used placement for AZs so this filter
has not been requried since xena.

Change-Id: Ie5e216dd8c2a7ecf43cc6954ec4f73d4d67b5b3b
2023-06-26 11:00:24 +01:00
yatinkarel 7288df34f8 Add 10 second buffer for uwsgi service stop
Default for systemd TimeoutStopSec is 90 seconds
and that is same for default graceful shutdown of
uwsgi service(WORKER_TIMEOUT).

Due to the Related-Bug graceful stop attempt
fails and there is no room for force shutdown.
This patch reduces default for WORKER_TIMEOUT by
10 seconds so there is a buffer to force stop the
service.

Closes-Bug: #2020643
Related-Bug: #2015065
Change-Id: I6aacac94f9697088338b3d2f99d8eaa22c2be67b
2023-06-21 18:14:27 +05:30
Dr. Jens Harbott 39228451b6 Bump default cirros version to 0.6.2
Cirros has made a new release, including a newer kernel that should fix
some issues when using nested virtualization.

Related-Bug: 2023559
Change-Id: I63469371b13801094a3ee1baae6e343999fbefa5
2023-06-15 10:46:51 +02:00
Zuul c152a409dd Merge "Remove usage of neutron-debug since it has been removed" 2023-06-12 17:20:11 +00:00
Zuul 9d9f15725f Merge "Install systemd-coredump on Debian-based distros" 2023-06-12 16:52:00 +00:00
OpenStack Proposal Bot f1c5442bec Updated from generate-devstack-plugins-list
Change-Id: Icc3aa69d7bbfa217676402682454cd4b37fb6c29
2023-06-10 03:07:59 +00:00
Dr. Jens Harbott fbc1865dc4 Drop Fedora support
Fedora 36 is EOL, also opendev is dropping support for Fedora images
completely since interest in running jobs on that platform is no longer
existing. CentOS 9 Stream has evolved as replacement platform for new
features.

Only drop the Zuul configuration and the tag in stack.sh for now plus
update some docs. Cleanup of the deployment code will be done in a
second step.

Change-Id: Ica483fde27346e3939b5fc0d7e0a6dfeae0e8d1e
2023-06-07 15:19:37 +02:00
Brian Haley a13201646d Install systemd-coredump on Debian-based distros
On Debian-based distros, the 'coredumpctl' command is
provided by the systemd-coredump package, which is not
installed by default. On failure, when "post" commands
are executed this error is seen:

  controller | /bin/bash: line 1: coredumpctl: command not found

Install it along with other libvirt packages to avoid
the error.

On Fedora distros it is in the systemd package, so the
problem is not seen since it is always installed.

Change-Id: I6012bd3240d68736a5db8ae49dc32098a086f320
2023-05-30 13:31:05 -04:00
Zuul c424a7a299 Merge "Use RDO official CloudSIG mirrors for C9S deployments" 2023-05-29 13:14:36 +00:00
Alfredo Moralejo b2ad00cb66 Use RDO official CloudSIG mirrors for C9S deployments
Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.

In order to install the rdo-release rpm from repo.fedoraproject.org,
which does not support EMS, I'm using a workaround to wget, which works
with non-EMS servers because it uses gnutls instead of openssl, and
install it locally with rpm.

This is also consistent to CentOS 8 implementatioin.

Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
2023-05-26 14:22:20 +02:00
Martin Kopec a37b6abc8e Resolve distutils deprecation warning
The distutils package is deprecated and slated for removal in
Python 3.12. Let's use shutil.which which is also recomended
by PEP 632: https://peps.python.org/pep-0632/#migration-advice

Closes-Bug: #2009229
Change-Id: Ibb2a9731449e765c4a56952a9f02679e9618778b
2023-05-26 13:46:42 +02:00
Zuul cc49f4debb Merge "Enable GLANCE_ENFORCE_SCOPE to True by default" 2023-05-25 01:29:42 +00:00
Zuul dfd7aeaf6c Merge "Enable NOVA_ENFORCE_SCOPE to True by default" 2023-05-24 02:23:03 +00:00
Zuul 14152d27b0 Merge "Revert "Revert "Bump cirros version to 0.6.1""" 2023-05-23 16:08:54 +00:00
Zuul d0e0900ed9 Merge "Default MYSQL_REDUCE_MEMORY=True" 2023-05-22 22:28:40 +00:00
Zuul 5d77dcc7ff Merge "Set dhcp_client based on cirros version" 2023-05-22 19:49:25 +00:00
Dan Smith 814e659e32 Default MYSQL_REDUCE_MEMORY=True
We have lots of evidence that this is a net benefit, so enable it
by default instead of everyone having to opt-in.

Change-Id: I66fa1799ff5177c3667630a89e15c072a8bf975a
2023-05-22 10:25:38 -07:00
Martin Kopec b5f4b1148a Revert "Revert "Bump cirros version to 0.6.1""
This reverts commit 37d11d00e5.

Reason for revert: reverting this revert as the issue caused by the original patch (before the first revert) is fixed by:
https://review.opendev.org/c/openstack/devstack/+/881504

Therefore we can proceed with the cirros version bump.

Change-Id: I43e2b04a0142c19fb1a79da5a33cc444149e18f1
2023-05-22 12:56:34 +00:00
Martin Kopec a294389403 Set dhcp_client based on cirros version
This change allows us to bump the default cirros version
in devstack. Since cirros version 0.6.0 dhcpcd is the default
dhcp client. The older cirros images used udhcpc client (the only
available client at that time) which is also the default client
in Tempest.
This patch makes devstack configure dhcpcd client in tempest.conf
if cirros >= 0.6.0 is going to be used in scenario tests.

The commit also introduces a new SCENARIO_IMAGE_TYPE option.
It is now a trigger for cirros specific settings, later it might
be used for any other image's settings.

Closes-Bug: #2007973
Change-Id: I2738c3b1d302c6656ce2c209671ea954fbc1b05b
2023-05-22 12:22:30 +02:00
Ghanshyam Mann cb1ec1834d Enable GLANCE_ENFORCE_SCOPE to True by default
Glance antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/glance/+/872522

With the latest release of Glance have new defaults enable,
we should test the same by default in devstack. This change
make GLANCE_ENFORCE_SCOPE flag to True by default so that every
job will run with Glance new defaults.

As old defaults are still supported (in deprecated way), we will keep
GLANCE_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/883701

Change-Id: Idde6f3cb766597575ca822f21b4bb3a465e5e753
2023-05-19 19:24:25 +00:00
Ghanshyam Mann bfa43975bc Enable NOVA_ENFORCE_SCOPE to True by default
Nova antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/nova/+/866218

With the latest release of Nova have new defaults enable,
we should test the same by default in devstack. This change
make NOVA_ENFORCE_SCOPE flag to True by default so that every
job will run with Nova new defaults.

As old defaults are still supported (in deprecated way), we will keep
NOVA_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.

Change-Id: Id56819f03c19a5b7fe30adf799ecd3b8aeb67695
2023-05-18 12:54:19 -05:00
Brian Haley 6764eab264 Remove usage of neutron-debug since it has been removed
The neutron-debug command was deprecated and finally removed,
so tools/ping_neutron.sh can no longer rely on it to create
a probe namespace. Instead, just try and use any namespace
with the network ID in it, since it's either the DHCP (ML2/OVS)
or Metadata (OVN) namespace, which should work just as well.

As this code is rarely (never?) used, this best-effort attempt
is good enough.

Change-Id: I98c992a2a774ef1fb22cee2e90ee342ab2d537ac
Depends-on: https://review.opendev.org/c/openstack/neutron/+/883081
2023-05-12 16:34:08 -04:00
Zuul 34afa91fc9 Merge "git: support git checkout for a commit hash" 2023-05-04 18:46:35 +00:00
Zuul d2e95a1126 Merge "Fix name for neutron tempest uwsgi job" 2023-04-26 19:23:16 +00:00
Zuul 2e607b0cbd Merge "Modify devstack-base to allow for fips" 2023-04-20 23:55:40 +00:00
Ihar Hrachyshka e8915786e1 git: support git checkout for a commit hash
git_clone assumes a branch or a tag is passed as the last argument, and
it fails when a commit hash is passed, as in:

timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git
/opt/stack/ovn --branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0
Cloning into '/opt/stack/ovn'...
fatal: Remote branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0 not found
in upstream origin

Change-Id: Id1328d7cba418fa7c227ae9db4fe83c09fd06035
2023-04-20 11:06:37 -04:00
Zuul b33ec4bf1b Merge "Remove support for opensuse" 2023-04-18 17:15:32 +00:00
yatinkarel 991a2794a3 Fix name for neutron tempest uwsgi job
This was renamed long back in [1].

[1] https://review.opendev.org/c/openstack/neutron/+/797051

Change-Id: If11e975fd890f55f99efc2c7d8122256ff831ad8
2023-04-17 11:17:37 +00:00
Ade Lee 15b2e42968 Modify devstack-base to allow for fips
devstack-base is changed to descend from
openstack-multinode-fips which is defined in
project-config.

This allows jobs to execute the enable_fips playbook
to enable FIPS mode on the node, but only if they
opt-in by setting enable_fips to True.  Otherwise,
this is a no-op.

Change-Id: I5631281662dbd18056ffba291290ed0978ab937e
2023-04-17 08:43:22 +00:00
yatinkarel 42517968ff [ovs] Reload ovs kernel module always
Irrespective of build_modules is True
or False reload ovs modules always.

If ovs is installed from package before(like
with multi-node-bridge role), then installing
ovs from source requires openvswitch kernel
module to be reloaded.

The issue was not seen before jammy as there
module was reloaded when build_modules was set
to True.

Closes-Bug: #2015364
Change-Id: I1785b49b2ef72ca1f817f504d5ea56021410c052
2023-04-14 20:01:36 +05:30
OpenStack Proposal Bot fa42b3ca7b Updated from generate-devstack-plugins-list
Change-Id: I84015f860155e5c8ec3bcf54353d91405a13e549
2023-04-14 02:16:59 +00:00
Sean Mooney 80c3ffe154 Fix reboot on fedora like nodes
This change enables httpd in systemd so that it
starts after a reboot and updates how selinux is
disabled to use /etc/selinux/config in addtion
to setenforce.

Change-Id: I5ea8693c0b967937483bd921b1d9984ea14bc723
2023-03-27 20:58:37 +00:00
Zuul b10c060272 Merge "Add config options for cinder nfs backend" 2023-03-27 14:20:04 +00:00
Zuul 4dfb67a831 Merge "Update DEVSTACK_SERIES to 2023.2" 2023-03-17 01:59:49 +00:00
Rajat Dhasmana 1898a683be Create multiattach volume type for tempest
Creating multiattach volume is a non-admin operation but creating
multiattach volume type is an admin operation.
Previously cinder allowed creating multiattach volumes without a
volume type but that support is being removed with[1].
The change requires updating tempest tests[2] but some tempest
tests are non-admin, which require admin priviledges to create the
multiattach volume type.
Based on the last discussion with tempest team[3], the proposed
solution is to create a multiattach volume type in devstack,
if ENABLE_VOLUME_MULTIATTACH is True, and use it in tempest
tests. Similar to how admins create multiattach volume types
for non-admin users.

This patch creates a multiattach volume type if
ENABLE_VOLUME_MULTIATTACH is True. Also we set the multiattach
type name as a tempest config option 'volume_type_multiattach'.

[1] https://review.opendev.org/c/openstack/cinder/+/874865
[2] https://review.opendev.org/c/openstack/tempest/+/875372
[3] https://meetings.opendev.org/irclogs/%23openstack-cinder/%23openstack-cinder.2023-03-13.log.html#t2023-03-13T18:47:56

Change-Id: Icd3690565bf7b27898cd206641e612da3993703d
2023-03-15 07:21:54 +00:00
Zuul 35c9afffa5 Merge "Fix NotImplementedError in dbcounter on SQLA 2.x" 2023-03-13 18:52:52 +00:00
Zuul 3894077e6c Merge "Rehome functions to enable Neutron's segments integration" 2023-03-13 12:57:35 +00:00
Ghanshyam Mann 07a7293721 Update DEVSTACK_SERIES to 2023.2
stable/2023.1 branch has been created now and
current master is for 2023.2.

Change-Id: Ibd499ac35a38a5c1818c1df6009c5273ef3e90f7
2023-03-10 20:30:53 -06:00
Michael Johnson f834f9adaf Fix NotImplementedError in dbcounter on SQLA 2.x
This patch fixes a NotImplementedError raised in the dbcounter plugin when using SQLAlchemy 2.x. The plugin signature has changed and now requires an "update_url" method as part of the plugin[1].
This patch also updates the do_incr() explicit SQL string to use a TextClause and the new requirement for named bound parameters[2].

Closes-Bug: #2009521

[1] https://docs.sqlalchemy.org/en/20/changelog/migration_14.html#changes-to-createengineplugin
[2] https://docs.sqlalchemy.org/en/20/changelog/migration_20.html#execute-method-more-strict-execution-options-are-more-prominent

Change-Id: Ie5484597057a3306757cc46b657446ad61ac2098
2023-03-06 20:09:10 +00:00
Yamato Tanaka 03c3fd763e Support RHEL 9
This patch includes changes required to run devstack on RHEL 9.

- en_US.utf8 is provided by glibc-langpack-en
- iptables command is provided by iptables-nft
- Use /etc/os-release to identify the distro in RHEL 9 as it doesn't
  provide lsb_release command.
- CRB repository name is different from CentOS 9

Change-Id: I8f6d9263b24f9c2cf82e09258e2d14d7766ad337
2023-03-03 14:47:10 +09:00
Zuul ab8e51eb49 Merge "Disable memory_tracker and file_tracker in unstask.sh properly" 2023-02-28 06:13:08 +00:00
Zuul f7d15274f6 Merge "Revert "Bump cirros version to 0.6.1"" 2023-02-22 09:52:58 +00:00
Nobuhiro MIKI 0572d73f85 Disable memory_tracker and file_tracker in unstask.sh properly
stop_dstat() calls stop_process() for dstat, memory_tracker and
file_tracker respectively. Inside stop_process(), a check for the
existence of the service is performed by is_service_enabled().

So even if we apply this seemingly dangerous commit,
is_service_enabled() is respected, so it's safe.

Closes-Bug: #1998990
Change-Id: Ica58cdb1d60c4c796f582d82ed2cde0be94b1a7e
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
2023-02-22 10:38:49 +09:00
Ghanshyam 37d11d00e5 Revert "Bump cirros version to 0.6.1"
This reverts commit 91efe177b1.

Reason for revert: it broke tempest-slow job https://9afe3d390e4175b60a80-89b1085289883615a17bd93ef47f6ca9.ssl.cf5.rackcdn.com/871018/13/gate/tempest-slow-py3/d139ae1/testr_results.html

Change-Id: Ib74e51a780d3e8101f4147db9d24eebea4980fb1
2023-02-21 21:41:40 +00:00
Zuul e5c8e2951f Merge "Bump cirros version to 0.6.1" 2023-02-20 21:47:05 +00:00
Zuul 37322e4e67 Merge "Try to reduce mysql memory usage" 2023-02-20 21:47:01 +00:00
Zuul 8adb83a9bb Merge "Fix rockylinux and make it voting" 2023-02-20 17:16:42 +00:00
Zuul 45ef5741f2 Merge "Added recursive for deletion of $OVN_RUNDIR" 2023-02-17 16:30:07 +00:00
Dan Smith 7567359755 Try to reduce mysql memory usage
These are a few tweaks I applied to my own memory-constrained cloud
instances that seemed to help. I have lower performance requirements
so this may make things worse and not better, but it's worth seeing
what the impact is. I'll admit to not knowing the full impact of these
as they're mostly collected from various tutorials on lowering memory
usage.

Enable this for now on devstack-multinode

Change-Id: I7b223391d3de01e3e81b02076debd01d9d2f097c
2023-02-16 12:52:50 -08:00
Martin Kopec ec07b343d2 Remove support for opensuse
We haven't been testing the distro for a while in CI, e.g. in
Tempest, the jobs on opensuse15 haven't been executed for a year
now.
Therefore the patch removes opensuse support from devstack.

Closes-Bug: #2002900
Change-Id: I0f5e4c644e2d14d1b8bb5bc0096d1469febe5fcc
2023-02-16 12:01:39 +01:00
Gregory Thiemonge fcc525f4fc Fix rockylinux and make it voting
Some rockylinux deployments have the curl-minimal package installed by
default (the latest GenericCloud image still has the curl package), it
triggers an error when devstack wants to install the curl package.
Fix this issue by swaping curl-minimal with curl before installing base
packages.

Change-Id: I969e8dc22e7d11c9917a843d9245f33a04fe197d
2023-02-16 10:33:38 +01:00
Dr. Jens Harbott 48af5d4b1b Make rockylinux job non-voting
It is currently failing, let's unblock the CI until we have a fix.

Change-Id: I7f072ceef57c302eb6ce20e108043d2390e9f481
2023-02-14 17:11:24 +01:00
elajkat a84b2091cf Rehome functions to enable Neutron's segments integration
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.

[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142

Change-Id: I2c26063896ab2679cffd01227a40a3283caa3b17
2023-02-13 13:36:24 +00:00
Zuul 7533276c0a Merge "Remove the neutron bash completion installation" 2023-02-02 00:50:10 +00:00
Ghanshyam Mann 7fe998109b Fix setting the tempest virtual env constraints env var
Devstack set the env var TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE
which are used to use the constraints during Tempest virtual env installation.
Those env var are set to non-master constraint when we need to use non-master
constraints but when we need to use the master constraints we do not set/reset
them point to master constraints. This create the issue when running the grenade
job where we run Tempest on the old devstack as well as in the new devstack.
When tempest is installed on old devstack then old tempest is used and it sets
these env var to stable/<branch> constraints (this is the case when old devstack
(the stable branch is in EM phase) uses the old tempest not the master tempest),
all good till now. But the problem comes when in the same grenade script run
upgrade-tempest install the master tempest (when new devstack branches are in
the 'supported' phase and use the master tempest means) and are supposed to use
the master constraints. But the TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE env
var set by old tempest is used by the tempest and due to a mismatch in constraints
it fails.

This happened when we tried to pin the stable/wallaby with Tempest 29.0.0
- https://review.opendev.org/c/openstack/devstack/+/871782

and table/xena grenade job failed (stable/xena use master tempest and supposed
to use master constraints)
- https://zuul.opendev.org/t/openstack/build/fb7b2a8b562c42bab4c741819f5e9732/log/controller/logs/grenade.sh_log.txt#16641

We should set/reset those constraint env var to master constraints if configuration
tell devstack to use the master constraints.

[1] https://github.com/openstack/devstack/blob/71c3c40c269a50303247855319d1d3a5d30f6773/lib/tempest#L124

Closes-Bug: #2003993
Change-Id: I5e938139b47f443a4c358415d0d4dcf6549cd085
2023-01-27 04:37:07 +00:00
Bence Romsics 71c3c40c26 'sudo pkill -f' should not match the sudo process
pkill already takes care that it does not kill itself, however the
same problem may happen with 'sudo pkill -f' killing sudo. Use one
of the usual regex tricks to avoid that.

Change-Id: Ic6a94f516cbc509a2d77699494aa7bcaecf96ebc
Closes-Bug: #1999395
2023-01-25 11:38:11 +01:00
Dr. Jens Harbott 91efe177b1 Bump cirros version to 0.6.1
Cirros has made a fresh release, let us use it. Switch the download URLs
to https and drop an old example that no longer is available.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/871271
Change-Id: I1d391b871fc9bfa825db30db9434922226b94d8a
2023-01-24 15:51:26 +00:00
Rodolfo Alonso Hernandez 5a6f0bbd4c Remove the neutron bash completion installation
The python-neutronclient CLI code is going to be removed from this
repository.

Change-Id: I39b3a43a7742481ec6d9501d5459bf0837ba0122
Related-Bug: #2003861
2023-01-21 20:21:26 +01:00
Zuul 864f4d1ef0 Merge "[OVN] Ensure socket files are absent in init_ovn" 2023-01-16 22:24:28 +00:00
yatinkarel 7fecba2f13 [OVN] Ensure socket files are absent in init_ovn
Just like we remove db files let's also remove
socket files when initializing ovn. Those will
reappear once service fully restarts along with
db files. Without it we see random issue as
described in the below bug.

Closes-Bug: #2002629
Change-Id: I726a9cac9c805d017273aa79e844724f0d00cdf0
2023-01-12 17:35:43 +05:30
Ghanshyam Mann 69d71cfdf9 Option to disable the scope & new defaults enforcement
In this release cycle, a few services are enabling the
enforce scope and new defaults by default. Example Nova:
- https://review.opendev.org/c/openstack/nova/+/866218)

Until the new defaults enalbing by default is not released we
should keep testing the old defaults in existing jobs and we can
add new jobs testing new defautls. To do that we can provide the
way in devstack to keep scope/new defaults disable by default which
can be enabled by setting enforce_scope variable to true.

Once any service release the new defaults enabled by default then
we can switch the bhavior, enable the scope/new defaults by default
and a single job can disbale them to keep testing the old defaults
until service does not remove those.

Change-Id: I5c2ec3e1667172a75e06458f16cf3d57947b2c53
2023-01-11 09:45:12 -06:00
Rajat Dhasmana aa47cb34ae Add config options for cinder nfs backend
Currently the cinder nfs backend leaves out few options in a
multi backend deployment. It works in single nfs backend deployment
as devstack-plugin-nfs correctly configures all options[1].
We can clearly see the difference between what devstack-plugin-nfs
configures[1] and what devstack nfs configures[2].

Following options are missing which are added by this patch.
* nas_host
* nas_share_path
* nas_secure_file_operations
* nas_secure_file_permissions
* nfs_snapshot_support

[1] https://github.com/openstack/devstack-plugin-nfs/blob/dd12367f90fc86d42bfebe8a0ebb694dc0308810/devstack/plugin.sh#L60-L68
[2] https://github.com/openstack/devstack/blob/a52041cd3f067156e478e355f5712a60e12ce649/lib/cinder_backends/nfs#L32-L34

Change-Id: I03cad66abb3c6f2ae1d5cf943ac952a30961f783
2022-12-27 06:16:55 +00:00
Slawek Kaplonski a52041cd3f Drop lib/neutron module
Module lib/neutron was introduced long time ago as new module to deploy
neutron. It was intended to replace old lib/neutron-legacy module. But
since very long time it wasn't really finished and used by anyone and
lib/neutron-legacy is defacto standard module used by everyone to deploy
neutron with devstack.
In [1] unfinished lib/neutron was deprecated and now it's time to remove
it from the devstack code.

This patch also renames old "lib/neutron-legacy" module to be
"lib/neutron" now.

Previously "old" lib/neutron-legacy module was accepting neutron
services names wit "q-" prefix and "new" lib/neutron module was accepting
services with "neutron-" prefix. Now, as there is only one module it
accepts both prefixes.
For historical reasons and to be consistent with old lib/neutron-legacy
which was widely used everywhere, services will be named with "q-"
prefix but both prefixes will be accepted to enable or disable services.

This patch also moves _configure_neutron_service function to be called
at the end of the "configure_neutron" after all agents and service
plugins are already configured.

[1] https://review.opendev.org/c/openstack/devstack/+/823653

Related-bug: #1996748

Change-Id: Ibf1c8b2ee6b6618f77cd8486e9c687993d7cb4a0
2022-12-16 09:59:11 +01:00
Zuul 2d71d54814 Merge "Fix the db user for mariadb in ubuntu 22.04" 2022-12-15 19:27:45 +00:00
Zuul 1ddae48da3 Merge "Add RBAC scope and new defaults setting support for placement" 2022-12-14 10:15:01 +00:00
Zuul aae4d3ea90 Merge "[neutron] Don't configure firewall_driver for core ML2 plugin" 2022-12-13 23:45:23 +00:00
Zuul 540ec94a04 Merge "Add openEuler 22.03 LTS support" 2022-12-13 22:22:34 +00:00
Ghanshyam Mann 9a1be7794b Pin tox<4.0.0 for <=stable/zed branch testing
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.

----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------

We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.

This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.

Depends-On: https://review.opendev.org/c/openstack/devstack/+/867066

Related-Bug: #1999183

[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.

Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
2022-12-09 02:55:08 +00:00
Slawek Kaplonski 30acfc6d14 [neutron] Don't configure firewall_driver for core ML2 plugin
In the past firewall_driver setting was configured for ML2 plugin
because it was used in the
neutron.agent.securitygroups_rpc.is_firewall_enabled() function but
currently it's not needed anymore as there is other config option
"enable_security_group" for that.

Related-bug: #1996748
Change-Id: I9b09c6afb3f1f1c33d1bdfea52ba6f4c0d0cf2dc
2022-12-08 10:57:55 +00:00
Miguel Lavalle 0a40648b38 Fix the db user for mariadb in ubuntu 22.04
In Ubuntu 22.04, mariadb version 10.6 is installed. Per [0] and [1]
authentication management was changed in version 10.4. This change
adapts the way the db user is created to the new rules in versions
10.4 and later.

[0] https://mariadb.com/kb/en/authentication-from-mariadb-104/
[1] https://mariadb.org/authentication-in-mariadb-10-4/

Closes-Bug: #1999090
Change-Id: I77a699a9e191eb83628ad5d361282e66744b6e4a
2022-12-07 17:05:35 -06:00
wangxiyuan 6440c6d7e6 Add openEuler 22.03 LTS support
openEuler 20.03 LTS SP2 support was removed from devstack in last
few months due to its python version is too old and the CI job
always fail. And openEuler 20.03 LTS SP2 was out of maintainer in May
2022 by openEuler community.

The newest LTS version was released in March 2022 called 22.03 LTS.
This release will be maintained for at least 2 years. And the python
version is 3.9 which works well for devstack.

This Patch add the openEuler distro support back. And add the related
CI job to make sure its works well.

Change-Id: I99c99d08b4a44d3dc644bd2e56b5ae7f7ee44210
2022-12-07 10:03:27 +08:00
Zuul fd502fe052 Merge "Stop setting [ovs_vif_ovs] ovsdb_interface" 2022-12-06 20:15:30 +00:00
Ghanshyam Mann 16c2b389ed Add RBAC scope and new defaults setting support for placement
Adding devstack flag to enable and test the Placement API policies
scope and new defaults.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/866212
Change-Id: I6f56fc28f2c1e4cdde946deb2ae06afddf85ff0d
2022-11-30 14:24:07 -06:00
Takashi Kajinami db3eff7dd2 Stop setting [ovs_vif_ovs] ovsdb_interface
The option was already deprecated in os-vif 2.2.0[1]. The override is
no longer required since bug 1929446 was already resolved.

[1] https://review.opendev.org/c/openstack/os-vif/+/744816

Related-Bug: #1929446
Change-Id: I5bc55723a178b32d947da2ac91d2f62aa8124990
2022-11-30 14:06:12 +09:00
Martin Kopec 818d1a225d [doc] Update Ubuntu to 22.04
This updates documentation to reflect the switch to
Ubuntu 22.04 (jammy) in the CI:
https://review.opendev.org/c/openstack/devstack/+/860795

Change-Id: I8bee430029dcc719629bd92451c2791571f8a30c
2022-11-28 11:19:45 +01:00
Zuul 2795e8215d Merge "Switch devstack nodeset to Ubuntu 22.04 (jammy)" 2022-11-19 22:03:55 +00:00
Dr. Jens Harbott 8d299efa4b Switch devstack nodeset to Ubuntu 22.04 (jammy)
Depends-On: https://review.opendev.org/c/openstack/devstack-plugin-ceph/+/864948
Change-Id: I26b4784a4d772abbf8572f6273bda37f2fec5336
2022-11-18 07:17:09 +00:00
Zuul 448036a6ad Merge "Add RBAC scope and new defaults setting support for Nova & Tempest" 2022-11-15 12:17:46 +00:00
Zuul f90c8ea704 Merge "Revert "Make debian-bullseye job non-voting"" 2022-11-14 20:42:15 +00:00
Dr. Jens Harbott d00921a57b Revert "Make debian-bullseye job non-voting"
This reverts commit a468076651.

Reason for revert: Debian job got repaired

Change-Id: I3ef969f6e373de103d26c9282cab94cea7ae87e5
2022-11-14 15:10:45 +01:00
Zuul edea9b5fd3 Merge "[Doc] Fix Glance image size limit command" 2022-11-14 13:10:53 +00:00
Zuul 757a2a96b5 Merge "Fix dbcounter install on Debian Bullseye" 2022-11-14 08:40:26 +00:00
Ghanshyam Mann 857f4993f3 Add RBAC scope and new defaults setting support for Nova & Tempest
Nova is ready with the scope and new defaults as per the new
RBAC design. Adding devstack flag to enable the scope checks
and new defaults enforcement in nova side.

Change-Id: I305ea626a4b622c5534d523f4b619832f9d35f8d
2022-11-11 15:38:31 -06:00
Clark Boylan 97b2a51d6b Fix dbcounter install on Debian Bullseye
The dbcounter install on Debian Bullseye is broken in a really fun way.
The problem is that we end up mixing pypi openssl and distro
cryptography under pip and those two versions of libraries are not
compatible.

The reason this happens is that debian's pip package debundles the pip
deps. This splits them out into /usr/share/python-wheels and it will
prefer distro versions of libraries over pypi installed versions of
libraries. But if a pypi version is installed and a distro version is
not then the pypi version is used. If the pypi version of library A does
not work with distro version of library B then debundled pip breaks.
This has happened with crypytography and pyOpenSSL.

This happens because urllib3 (a debundled pip dep) appears to use
pyopenssl conditionally. Novnc depends on python3-cryptography, and
openstack depends on cryptogrpahy from pypi ensuring we get both a
distro and a pypi version installed. However, pyOpenSSL is only pulled
in from pypi via openstack deps. This leaves debundled urllib3
attempting to use pypi pyOpenSSL with distro cryptography and that combo
isn't valid due to an interface change.

To fix this we install python3-openssl ensuring that debundled pip will
use distro pyOpenSSL with distro cryptography making everything happy
again. But we only do this when we install novnc as novnc is what pulls
in distro cryptography in the first place. We can't simply install
python3-openssl on all debuntu platforms because this breaks Ubuntu
Focal in the other direction. On Ubuntu focal distro pip uses distro
pyOpenSSL when no pypi pyOpenSSl is installed (prior to keystone
install) and is not compatible with pypi cryptography.

Honestly, this whole intersection between distro and pypi installs of
cryptography and pyOpenSSL could probably be made cleaner. One option
would be for us to always install the constraints version of both
packages from pypi and the distro pacakges very early in the devstack
run. But that seems far more complicated so I'm not attempting that
here.

Change-Id: I0fc6a8e66e365ac49c6c7ceb4c71c68714b9f541
2022-11-10 09:21:45 -08:00
Zuul ab162024bb Merge "Add new service "file_tracker"" 2022-11-10 15:09:43 +00:00
Zuul 1054f12bda Merge "Add LVM NVMe support" 2022-11-10 10:10:02 +00:00
Dan Smith a468076651 Make debian-bullseye job non-voting
As noted in the QA meeting this week, this job is failing due to
something that seems outside of our control:

https://meetings.opendev.org/meetings/qa/2022/qa.2022-11-08-15.00.log.html

Make it non-voting until that is resolved.

Change-Id: Ia571d1dab45eb1bbb8665373d416515d3c95fb14
2022-11-09 10:11:46 -08:00
Rodolfo Alonso Hernandez d1c2bf5e7c Add new service "file_tracker"
This new service periodically tracks the file open in the system.

Closes-Bug: #1995502
Change-Id: I02e097fef07655ff571af9f35bf258b2ed975098
2022-11-07 08:21:34 +00:00
Martin Kopec 47a429777c Extend single-core-review for non-functional changes
Adding a second exception for single-core-review in Devstack
repository - changes which do not affect core functionality, like
f.e. job cleanups, can be reviewed by a single core.

Change-Id: Idb6cefa510fdbfed41379eb410f4884852d1177f
2022-11-04 14:34:07 +01:00
Zuul 60b31d412c Merge "[Doc] Fix tox command option to run smoke tests" 2022-11-04 09:26:51 +00:00
Zuul 1f5d6c0abb Merge "Use separate OVS and OVN directories" 2022-11-01 18:57:38 +00:00
Slawek Kaplonski 5e7afb779c Run dmesg command with sudo
It seems that setting "sysctl kernel.dmesg_restrict" was changed
in Ubuntu 22.04 (Jammy) to "1" and because of that running "dmesg"
command requires now root privileges.

Closes-bug: #1994023

Change-Id: I2adc76e3025fadf994bab2e2e1fd608e688874fc
2022-10-24 12:18:40 +02:00
Zuul c3a82032ab Merge "docs: Add warnings about password selection" 2022-10-21 09:23:45 +00:00
Brian Haley 71c9965547 Use separate OVS and OVN directories
If stack.sh is run on a system that already has OVN packages
installed, it could fail to find its DB sockets. This is because
the 'ln -s' will place the symlink inside of /var/run/ovn
instead of using a single directory as intended.

Change the code in neutron_plugins/ovn_agent to not make the
symlink and instead use separate directories for OVS and OVN.

Closes-bug: #1980421

Change-Id: Ic28a93bdc3dfe4a6159234baeabd0064db452b07
2022-10-20 19:49:10 -04:00
Zuul 6c8e88f61d Merge "Adding devstack support for Rocky Linux 9" 2022-10-14 09:53:29 +00:00
Adrian Fusco Arnejo 358987f065 Adding devstack support for Rocky Linux 9
Adding job and nodeset to run tempest-full-py3 in Rocky Linux 9 instance

Change-Id: I6fb390bfeec436b50a3ddc18d154bbce3f3b1975
2022-10-13 08:29:10 +00:00
Zuul dc8fc5c169 Merge "Re-enable horizon in jammy-based jobs" 2022-10-12 08:12:55 +00:00
Dr. Jens Harbott 781fbf47b5 docs: Add warnings about password selection
Some services fail when using special characters in passwords, add some
warnings to our docs.

Closes-Bug: 1744985
Change-Id: I601149e2e7362507b38f01719f7197385a27e0a8
2022-10-11 15:43:09 +02:00
Masayuki Igawa 7d1ba835c3 [Doc] Fix tox command option to run smoke tests
This commit fixes the tox command option to run the smoke tests. The
original arguments fail with the error[1], and `-efull` and
`tempest.scenario.test_network_basic_ops` are not for the smoke tests.

[1]
 $ tox -efull tempest.scenario.test_network_basic_ops
 ...
 tempest run: error: unrecognized arguments: tempest.scenario.test_network_basic_ops

Change-Id: I9c3dd9fb4f64bf856c5cab88a2aeaae355c84a65
2022-10-11 12:40:20 +09:00
Dr. Jens Harbott 2e6756640c Re-enable horizon in jammy-based jobs
The issue that Horizon had with python3.10 has been fixed some time ago,
so we can stop disabling it for those jobs.

Also stop including roles from devstack-gate which we no longer need.

Change-Id: Ia5d0b31561adc5051acd96fcaab183e60c3c2f99
2022-10-10 21:37:02 +02:00
Zuul ace4e8a912 Merge "Simplify role addtion helper functions" 2022-10-10 15:38:09 +00:00
Zuul 412c86d825 Merge "get_or_create_domain: simplify with "--or-show" argument" 2022-10-10 15:38:05 +00:00
Zuul e0773993e6 Merge "Update to Fedora 36" 2022-10-09 12:41:22 +00:00
Ian Wienand e69b78df6f Simplify role addtion helper functions
Because adding the role is idempotent, we can save doing the initial
check for role assignment.  Also simplify the output matching by using
osc's filters where appropriate.

Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: If2a661cc565a43a7821b8f0a10edd97de08eb911
2022-10-07 11:47:17 +02:00
Ian Wienand e3bc6b5f57 get_or_create_domain: simplify with "--or-show" argument
Similar to other functions, this uses "--or-show" to avoid double
calls.

Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: I548f9acd812687838e04b705f86f3b70d2b10caf
2022-10-07 11:11:47 +02:00
Ian Wienand 9ece457b7b Update to Fedora 36
Update the Fedora job to the latest release nodes

Depends-On: https://review.opendev.org/c/openstack/devstack/+/860634
Change-Id: If2d7f99e3665a2e3df4cf763efc64dd381f02350
2022-10-07 06:14:57 +00:00
Zuul f0ad3e5f3f Merge "Update user guide for Octavia" 2022-10-05 18:45:57 +00:00
Martin Kopec 0d5c8d6643 Update DEVSTACK_SERIES to 2023.1
stable/zed branch has been created now and
current master is for 2023.1 Antelope.

Change-Id: I6186d01b1bf8548425500cc9feee6ab494a3db03
2022-09-28 06:46:06 +00:00
Tom Weininger 1516997afe Update user guide for Octavia
Change-Id: I8e3134c3b2d591f7ab72b8040e1b931e967e11be
2022-09-26 11:13:12 +02:00
Masayuki Igawa f49b435e98 [Doc] Fix Glance image size limit command
This commit fixes the configuration document which mentions how to
change Glance default image size quota at runtime because we don't have
`openstack registered limit update` command but
`openstack registered limit set` command[1].

[1] https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/registered-limit.html#registered-limit-set

Change-Id: I399685ed1f864f8f1ce7295ed6f83336cfccbd81
2022-09-22 11:28:21 +09:00
Zuul 0b0e6a6474 Merge "[ci] Remove the implied-branches pragma" 2022-09-20 16:22:26 +00:00
Gorka Eguileor 97061c9a1f Add LVM NVMe support
This patch adds NVMe LVM support to the existing iSCSI LVM configuration
support.

We deprecate the CINDER_ISCSI_HELPER configuration option since we are
no longer limited to iSCSI, and replace it with the CINDER_TARGET_HELPER
option.

The patch also adds another 3 target configuration options:

- CINDER_TARGET_PROTOCOL
- CINDER_TARGET_PREFIX
- CINDER_TARGET_PORT

These options will have different defaults based on the selected target
helper.  For tgtadm and lioadm they'll be iSCSI,
iqn.2010-10.org.openstack:, and 3260 respectively, and for nvmet they'll
be nvmet_rdma, nvme-subsystem-1, and 4420.

Besides nvmet_rdma the CINDER_TARGET_PROTOCOL option can also be set to
nvmet_tcp, and nvmet_fc.

For the RDMA transport protocol devstack will be using Soft-RoCE and
creating a device on top of the network interface.

LVM NVMe-TCP support is added in the dependency mentioned in the footer
and LVM NVMe-FC will be added in later patches (need os-brick and cinder
patches) but the code here should still be valid.

Change-Id: I6578cdc27489b34916cdeb72ba3fdf06ea9d4ad8
2022-09-13 12:53:31 +02:00
Zuul b5c2e7b3fa Merge "Respect constraints on tempest venv consistently" 2022-08-30 22:53:05 +00:00
Slawek Kaplonski 3de92db663 Fix installation of OVS/OVN from sources
This patch changes user who runs ovsdb-server and ovn-nortd services
to root.
It also adds installation of the libssl dev package before compilation
of the openvswitch if TLS service is enabled.

Co-Authored-By: Fernando Royo <froyo@redhat.com>

Closes-Bug: #1987832
Change-Id: I83fc9250ae5b7c1686938a0dd25d66b40fc6c6aa
2022-08-26 13:00:03 +02:00
June Yi b9b6d6b862 Respect constraints on tempest venv consistently
In case of online mode, there is a procedure to recreate tempest venv.
For consistency of tempest venv during the entire stack.sh process,
add logic to consider the TEMPEST_VENV_UPPER_CONSTRAINTS option here.

Closes-bug: #1980483
Signed-off-by: June Yi <june.yi@samsung.com>
Change-Id: I0cea282152fd363af8671cab1b5f733ebe2bd4df
2022-08-25 19:59:34 +09:00
Zuul 995c906950 Merge "Clean up n-net remnants" 2022-08-24 17:50:52 +00:00
Zuul 8fa03a37ad Merge "Clean up neutron cleanup code" 2022-08-23 20:05:48 +00:00
Zuul c61380a136 Merge "Clean up use of get_field" 2022-08-23 18:08:05 +00:00
Zuul 3154eab0d7 Merge "Cinder: add creator role when barbican is enabled" 2022-08-23 16:57:32 +00:00
Dr. Jens Harbott e7d2623dca Clean up neutron cleanup code
neutron-ns-metadata-proxy was dropped from Neutron 5 years ago, no need
to keep trying to kill it.

Change-Id: I20b6d68dd8dde36057a2418bca0841bdea377b07
2022-08-23 18:08:19 +02:00
Alan Bishop ccd116d364 Cinder: add creator role when barbican is enabled
When barbican is enabled, add the "creator" role to cinder's service
user so that cinder can create secrets. Cinder needs to create
barbican secrets when migrating encryption keys from the legacy
ConfKeyManager to barbican. Cinder also needs to create barbican
secrets in order to support transferring encrypted volumes.

Implements: bp/transfer-encrypted-volume
Depends-On: I216f78e8a300ab3f79bbcbb38110adf2bbec2196
Change-Id: Ia3f414c4b9b0829f60841a6dd63c97a893fdde4d
2022-08-22 19:52:00 -07:00
Dr. Jens Harbott ca5f919561 Clean up n-net remnants
In I90316208d1af42c1659d3bee386f95e38aaf2c56 support for nova-network
was removed, but some bits remained, fix this up.

Change-Id: Iba7e1785fd0bdf0a6e94e5e03438fc7634621e49
2022-08-21 10:52:41 +02:00
Eliad Cohen fdfc14451a Clean up use of get_field
Openstack client can return the id field for create/show commands using
`-f value -c id`. Cleaned up the use of grep 'id' with get_field

Change-Id: I2f4338f30c11e5139cda51c92524782b86f0aacc
2022-08-16 15:27:45 -04:00
Martin Kopec 90e5479f38 Remove forgotten LinuxMint occurrence
Right now we don't officialy support LinuxMint as our
documentation says [1], it seems LinuxMint is a relict
and got forgotten over time.

This patch removes LinuxMint from the code in order not to
confuse users.

[1] https://docs.openstack.org/devstack/latest/
Closes-Bug: #1983427

Change-Id: Ie1ced25f89389494b28a7b2e9bb1c4273e002dd5
2022-08-16 17:29:16 +02:00
Zuul 28ee346393 Merge "iniset: fix handling of values containg ampersand" 2022-08-10 14:21:00 +00:00
Zuul ea82effa19 Merge "Fix doc for adding sudo privileges to stack user" 2022-08-10 10:52:19 +00:00
Nobuhiro MIKI d266c87b1d iniset: fix handling of values containg ampersand
Attempting to set a value containing the ampersand
character (&) by iniset would corrupt the value.
So, add an escaping process.

Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Closes-Bug: #1983816
Change-Id: Ie2633bacd2d761d110e6cb12f95382325c329415
2022-08-08 18:59:53 +09:00
Zuul 51a3f2ef1e Merge "delete __pycache__ directory with sudo privileges" 2022-08-06 17:28:46 +00:00
Zuul d9e2d10d28 Merge "Neutron: Do not set removed allow_overlapping_ips" 2022-08-03 12:13:54 +00:00
Hoai-Thu Vuong 79bef068b6 remove duplicate line of REGION_NAME
Change-Id: I42b270749f057c5751e809aba282112b990b9f38
2022-08-02 14:41:59 +07:00
Zuul 8506b5bd7c Merge "Add NEUTRON_ENDPOINT_SERVICE_NAME variable to set service name" 2022-08-02 00:06:56 +00:00
Zuul 0af962d60a Merge "Neutron: Set experimental option to use linuxbridge agent" 2022-08-01 23:36:22 +00:00
Martin Kopec b70d98fe75 Fix doc for adding sudo privileges to stack user
Writing NOPASSWD directive into /etc/sudoers was throwing
permission denied errors. This commit writes the directive
to the /etc/sudoers.d/stack file instead.

Closes-Bug: #1981541
Change-Id: If30f01aa5f3a33dda79ff4a6892116511c8e1542
2022-07-20 14:06:42 +00:00
Takashi Kajinami facf15626e Neutron: Do not set removed allow_overlapping_ips
The parameter has been removed from neutron by [1].

[1] fde91e8059a9a23fb7ece6e3463984329c7ea581

Change-Id: I3b838ea741d19729d6fcf03c0478b1b4d8ec1213
2022-07-19 13:24:38 +00:00
Slawek Kaplonski 1a21ccbdf8 Add NEUTRON_ENDPOINT_SERVICE_NAME variable to set service name
This option can be used to set name of the service used in the
networking service endpoint URL.

Depends-On: https://review.opendev.org/c/openstack/grenade/+/850306

Change-Id: I9e9a06eadc1604214c627bd3bda010cc00aaf83d
2022-07-19 14:51:24 +02:00
Takashi Kajinami cf0bf746e9 Neutron: Set experimental option to use linuxbridge agent
Recently the experimental mechanism has been added to Neutron and now
it requires the [experimental] linuxbridge option when the linuxbridge
mechanism driver is used.

Depends-on: https://review.opendev.org/c/openstack/neutron/+/845181
Change-Id: Ice82a391cda9eb0193f23e6794be7ab3df12c40b
2022-07-19 12:46:04 +02:00
Yadnesh Kulkarni 85340e77f3 delete __pycache__ directory with sudo privileges
Signed-off-by: Yadnesh Kulkarni <ykulkarn@redhat.com>
Change-Id: I9cf3cd8921347eacc1effb2b197b97bc6ff3e0df
2022-07-11 17:14:40 +05:30
Dr. Jens Harbott bd6e5205b1 Increase timeout waiting for OVN startup
We see some cases where OVN startup takes much longer than 5 seconds, up
to 28 seconds have been observed, so increase the limit to 40 to be on
the safe side.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1980421
Change-Id: I6da4a537e6a8d527ff71a821f07164fc7d342882
2022-07-03 22:30:41 +02:00
Zuul 02f8c16c9b Merge "Make devstack-platform-debian-bullseye voting" 2022-06-30 07:37:03 +00:00
Zuul 8d347090d3 Merge "Do not create cinder backup pool and key when cephadm is used" 2022-06-29 19:02:12 +00:00
Martin Kopec e1fb94f82a Make devstack-platform-debian-bullseye voting
The job has been successfully passing lately, let's make it voting.

Change-Id: Ib3b803a26c8647fd49c89371516c0ac7baba2703
2022-06-29 10:43:33 +02:00
Slawek Kaplonski ce1ae9ddef Fix missing "$" in the ENFORCE_SCOPE's variable name
Because of the missing "$" before ENFORCE_SCOPE in the lib/neutron
module, it was treated as an ENFORCE_SCOPE string instead of variable
and Neutron was deployed always with old defaults and disabled scope
enforcement.

Change-Id: Ibe67fea634c5f7abb521c0369ff30dd5db84db8c
2022-06-29 09:57:50 +02:00
Zuul 9ddae9b388 Merge "Avoid including bad service names in perf.json" 2022-06-24 11:11:19 +00:00
Dan Smith fe7cfa6b8c Avoid including bad service names in perf.json
Some of the API services are not properly mounted under /$service/
in the apache proxy. This patch tries to avoid recording data
for "services" like "v2.0" (in the case of neutron) by only adding
names if they're all letters. A single warning is emitted for any
services excluded by this check.

For the moment this will mean we don't collect data for those services,
but when their devstack API config is fixed, they'll start to show
up.

Change-Id: I41cc300e89a4f97a008a8ba97c91f0980f9b9c3f
2022-06-23 09:25:22 -07:00
Vladislav Belogrudov 8a38a73ddf Correct hostname for OVN agent
Currently Devstack uses short hostname for configuration of OVN.
This leads to inability to start instances (failing port binding)
on hosts with full hostnames (including dots). Open vSwitch expects
hostname in external_ids that corresponds to one returned by
``hostname`` command.

Closes-Bug: #1943631
Change-Id: I15b71a49c482be0c8f15ad834e29ea1b33307c86
2022-06-23 07:42:19 +02:00
Zuul eacaa99853 Merge "Reduce memory consumption in Cinder services" 2022-06-22 08:53:39 +00:00
Martin Kopec 8ff52ea12b Mark devstack-platform-centos-9-stream as n-v
Due to the below bug the job has been constantly failing.
Let's make it n-v until the bug is resolved:
  - https://bugs.launchpad.net/neutron/+bug/1979047

Change-Id: Ifc8cc96843a8eac5c98cd1e1f9e4b6287a7f2e7c
2022-06-21 17:31:50 +02:00
Gorka Eguileor d5af514ac9 Reduce memory consumption in Cinder services
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.

The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.

The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory.  As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB.  If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.

This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.

Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
2022-06-21 12:16:32 +02:00
Zuul 44d07f3001 Merge "Run debian platform job with OVN" 2022-06-15 15:14:52 +00:00
Zuul 8eede1fc39 Merge "Add support for IPv6 tunnel endpoints" 2022-06-08 21:39:03 +00:00
Zuul 7391297bc3 Merge "Capture QEMU core dumps when possible" 2022-06-08 20:35:06 +00:00
Dr. Jens Harbott e6e7100e85 Don't install pinned setuptools with distro pip
We are seeing failures when using an updated setuptools version
installed together with distro pip on Ubuntu 22.04. Install the version
from u-c only when we are also installing pip from upstream.

Change-Id: Ibb6e9424e5794ccbf9a937d2eecfa3bf60ed312e
2022-06-07 13:42:54 +02:00
Brian Haley c869d59857 Add support for IPv6 tunnel endpoints
Currently, neutron tunnel endpoints must be IPv4 addresses,
i.e. $HOST_IP, although IPv6 endpoints are supported by most
drivers.

Create a TUNNEL_IP_VERSION variable to choose which host IP
to use, either HOST_IP or HOST_IPV6, and configure it in the
OVS and Linuxbridge agent driver files. The default is still
IPv4, but it can be over-ridden by specifying TUNNEL_ENDPOINT_IP
accordingly.

This behaves similar to the SERVICE_IP_VERSION option, which
can either be set to 4 or 6, but not 4+6 - the tunnel overhead
should be consistent on all systems in order not to have MTU
issues.

Must set the ML2 overlay_ip_version config option to match
else agent tunnel sync RPC will not work.

Must set the OVN external_ids:ovn-encap-ip config option to
the correct address.

Updated 'devstack-ipv6-only' job definition and verification role
that will set all services and tunnels to use IPv6 addresses.

Closes-bug: #1619476

Change-Id: I6034278dfc17b55d7863bc4db541bbdaa983a686
2022-06-07 02:28:51 +00:00
Francesco Pantano 96dbf55016 Do not create cinder backup pool and key when cephadm is used
When cephadm is used, if ENABLE_CEPH_C_BAK is True both pool and
key are created by devstack-plugin-ceph. This piece of code can
still stay here to make sure the cinder config is properly built.

Change-Id: I799521f008123b8e42b2021c1c11d374b834bec3
2022-06-06 14:19:32 +02:00
Zuul e661cae7e8 Merge "Allow to skip stop of ovn services" 2022-06-03 20:40:15 +00:00
Zuul 906cf81528 Merge "Add apache2 to the services we collect for memory" 2022-06-03 18:44:10 +00:00
Dan Smith f7d87aa433 Capture QEMU core dumps when possible
Some of the hardest-to-debug issues are qemu crashes deep in a nova
workflow that can't be reproduced locally. This adds a post task to
the playbook so that we capture the most recent qemu core dump, if
there is one.

Change-Id: I48a2ea883325ca920b7e7909edad53a9832fb319
2022-06-03 07:54:35 -07:00
yatinkarel 35fb53423a [ironic][swift]Temporary add sha1 to allowed_digests
Swift removed sha1 from supported digests with [1] and
that broked ironic tinyipa job. Temorary add sha1 to
allowed_digests until it's fixed in ironic.

[1] https://review.opendev.org/c/openstack/swift/+/525771

Story: 2010068
Task: 45539
Change-Id: I68dfc472ce901058b6a7d691c98ed1641d431e54
2022-06-03 11:52:50 +05:30
Zuul 0ae279b54a Merge "Fix doc and user create script to set homedir permissions" 2022-05-31 21:15:54 +00:00
Zuul d0657a02e5 Merge "Do not barf stack trace if stats DB is missing" 2022-05-31 19:04:26 +00:00
yatinkarel 6dd896fefa Allow to skip stop of ovn services
Grenade jobs stop services, check fip connectivity
for a nova server and then upgrade to next release.

But since ovn data plane and db services are stopped along
with other services, fip connectivity fails as a result.

We shouldn't stop these services along with other
neutron services. This patch adds a new variable
"SKIP_STOP_OVN" which can be used by grenade jobs
to skip stop of ovn services.

This will also fix the ovn grenade jobs.

Also source fixup_stuff.sh so function fixup_ovn_centos
is available. It's already sourced in stack.sh but
that's not used in grenade run.

Change-Id: I94818a19f19973779cb2e11753d2881d54dfa3bc
2022-05-31 12:57:39 +05:30
Dan Smith e85c68e60f Add apache2 to the services we collect for memory
Change-Id: Ic6daef5b4df50ce43c6782542cb54c1958e54655
2022-05-26 09:31:36 -07:00
Zuul 0e08e9b48c Merge "Cleanup comment that should've been removed" 2022-05-25 09:12:18 +00:00
Dr. Jens Harbott 599b241d32 Run debian platform job with OVN
Packages for OVN are now available in bullseye, so we can drop the
special handling.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5e5c78aa19c5208c207ddcf14e208bae8fbc3c55
2022-05-25 08:57:56 +00:00
yatinkarel c64ea4f213 Fix doc and user create script to set homedir permissions
RHEL based distros set homedir permissions to 700,
and Ubuntu 21.04+ to 750[1], i.e missing executable
permission for group or others, this results into failures
as defined in the below bug.

Since in doc we add useradd command, it's good to
add instructions to fix the permissions there itself
instead of getting failures during installation and then
fixing it.

Also update user create script to fix permissions
by adding executable bit to DEST directory if missing.

[1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533

Closes-Bug: #1966858
Change-Id: Id2787886433281238eb95ee11a75eddeef514293
2022-05-25 06:34:30 +00:00
Zuul 8e1d5aa22e Merge "Drop openEuler support" 2022-05-24 11:34:09 +00:00
Dan Smith 1cdf413ac6 Do not barf stack trace if stats DB is missing
This can happen if devstack fails to run, but we still run the post
tasks. Also could happen if some sort of hybrid job configuration
does not run all of devstack but we still end up running post jobs.

Just warn to stderr and assume no DB info.

Change-Id: I211a331ab668dbb0ad7882908cca4363f865d924
2022-05-23 13:56:13 -07:00
Clark Boylan 1d5be95196 Cleanup comment that should've been removed
The previous change, I237f5663b0f8b060f6df130de04e17e2b1695f8a, removed
a SETUPTOOLS flag, but not the comment explaining why that flag was
previously set. Clean up that comment.

Change-Id: I32b0240fd56310d7f10596aaa8ef432679bfd66a
2022-05-23 08:46:50 -07:00
Clark Boylan 50e3c06ec2 Fix dbcounter installation on Jammy
There are two problems with dbcounter installation on Jammy. The first
is straightforward. We have to use `py_modules` instead of `modules` to
specify the source file. I don't know how this works on other distros
but the docs [0] seem to clearly indicate py_modules does this.

The second issue is quite an issue and requires story time. When
pip/setuptools insteall editable installs (as is done for many of the
openstack projects) it creates an easy-install.pth file that tells the
python interpreter to add the source dirs of those repos to the python
path. Normally these paths are appended to your sys.path. Pip's isolated
build env relies on the assumption that these paths are appeneded to the
path when it santizes sys.path to create the isolated environemnt.

However, when SETUPTOOLS_SYS_PATH_TECHNIQUE is set to rewrite the paths
are not appended and are inserted in the middle. This breaks pip's
isolated build env which broke dbcounter installations. We fix this by
not setting SETUPTOOLS_SYS_PATH_TECHNIQUE to rewrite. Upstream indicates
the reason we set this half a decade ago has since been fixed properly.

The reason Jammy and nothing else breaks is that python3.10 is the first
python version to use pip's isolated build envs by default.

I've locally fiddled with a patch to pip [1] to try and fix this
behavior even when rewrite is set. I don't plan to push this upstream
but it helps to illustrate where the problem lies. If someone else would
like to upstream this feel free.

Finally this change makes the jammy platform job voting again and adds
it to the gate to ensure we don't regress again.

[0] https://docs.python.org/3/distutils/sourcedist.html#specifying-the-files-to-distribute
[1] https://paste.opendev.org/show/bqVAuhgMtVtfYupZK5J6/

Change-Id: I237f5663b0f8b060f6df130de04e17e2b1695f8a
2022-05-20 10:35:18 -07:00
Zuul 34c2842676 Merge "Configure placement section in neutron conf" 2022-05-19 17:23:50 +00:00
Dr. Jens Harbott 560ee16a85 Drop openEuler support
The job is broken since it is running with python3.7 and most services
now require at least python3.8.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie21f71acffabd78c79e2b141951ccf30a5c06445
2022-05-19 14:06:11 +02:00
Dr. Jens Harbott 083eeee5af Make jammy platform jobs non-voting
We missed to add the jobs to the gate queue and so they have already
regressed before they were actually in place. Make them non-voting for
now until the issues are fixed.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5d1f83dfe23747096163076dcf80750585c0260e
2022-05-19 13:55:35 +02:00
Zuul 08254ca312 Merge "Add Ubuntu 22.04 LTS (jammy) platform job" 2022-05-19 08:16:18 +00:00
Zuul 2f889954ce Merge "lib/tempest: add wait for Glance image import" 2022-05-18 15:38:49 +00:00
Brian Rosmaita 111a38b4d6 lib/tempest: add wait for Glance image import
Glance image import is asynchronous and may be configured to do image
conversion.  If image import is being used, it's possible that the
tempest configuration code is executed before the import has
completed and there may be no active images yet.  In that case,
we will poll glance every TEMPEST_GLANCE_IMPORT_POLL_INTERVAL seconds
(default: 1) to see if there are TEMPEST_GLANCE_IMAGE_COUNT active
images (default: 1) up to TEMPEST_GLANCE_IMPORT_POLL_LIMIT times
(default: 12).

You can see an example of the issue this patch addresses in real
life:
https://review.opendev.org/c/openstack/glance/+/841278/1#message-456096e48b28e5b866deb8bf53e9258ee08219a0

Change-Id: Ie99f12691d9062611a8930accfa14d9540970cc5
2022-05-18 08:22:49 -04:00
Zuul 9eb64896dd Merge "Use proper sed separator for paths" 2022-05-18 11:30:49 +00:00
yatinkarel 92a34dbe95 Configure placement section in neutron conf
Without it segment plugin fails to connect with
placement api. Configure the placement section
if service is deployed.

Closes-Bug: #1973783
Change-Id: Ie7f37770a04f622735cf2263c601257669ab5064
2022-05-18 15:27:40 +05:30
Zuul 47b7b84422 Merge "Improve API log parsing" 2022-05-18 00:19:23 +00:00
Zuul 4fd2831753 Merge "Change DB counting mechanism" 2022-05-18 00:19:20 +00:00
Zuul 071374fa05 Merge "Collect status of all services" 2022-05-17 18:40:28 +00:00
Zuul 83a81755ac Merge "Wait for OVN dbs also along with sockets" 2022-05-12 19:03:49 +00:00
Dan Smith 64d68679d9 Improve API log parsing
Two runs of the same job on the same patch can yield quite different
numbers for API calls if we just count the raw calls. Many of these
are tempest polling for resources, which on a slow worker can require
many more calls than a fast one.

Tempest seems to not change its User-Agent string, but the client
libraries do. So, if we ignore the regular "python-urllib" agent
calls, we get a much more stable count of service-to-service API
calls in the performance report.

Note that we were also logging in a different (less-rich) format for
the tls-proxy.log file, which hampers our ability to parse that
data in the same format. This switches it to "combined" which is used
by the access.log and contains more useful information, like the
user-agent, among other things.

Change-Id: I8889c2e53f85c41150e1245dcbe2a79bac702aad
2022-05-12 07:55:30 -07:00
Dan Smith fe52d7f0a8 Change DB counting mechanism
The mysql performance_schema method for counting per-database queries
is very heavyweight in that it requires full logging (in a table) of
every query. We do hundreds of thousands in the course of a tempest
run, which ends up creating its own performance problem.

This changes the approach we take, which is to bundle a very tiny
sqlalchemy plugin module which counts just what we care about in
a special database.

It is more complex than just enabling the features in mysql, but it
is a massively smaller runtime overhead. It also provides us the
opportunity to easily zero the counters just before a tempest run.

Change-Id: I361bc30bb970cdaf18b966951f217862d302f0b9
2022-05-12 07:55:02 -07:00
Dr. Jens Harbott 5c765cb8a1 Add Ubuntu 22.04 LTS (jammy) platform job
The new Ubuntu LTS release has been made last week, start running
devstack on it as a platform job.

Horizon has issues with py310, so gets disabled for now.

Run variants with OVS and OVN(default).

Co-Authored-By: yatinkarel <ykarel@redhat.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I47696273d6b009f754335b44ef3356b4f5115cd8
2022-05-12 13:54:02 +02:00
Zuul d450e146cc Merge "Global option for enforcing scope (ENFORCE_SCOPE)" 2022-05-07 10:51:35 +00:00
yatinkarel 1baa8905d5 Wait for OVN dbs also along with sockets
When OVN is setup from distro packages, the
main service is ovn-central which when restarted,
restarts ovn-northd, ovn nb and db services.

And during the restart ovn dbs(ovnnb_db.db and ovnsb_db.db)
are created, which may sometime takes time as seen with
ubuntu jammy tests[1].

We already checking for socket's file to be available,
let's also check for db files as without it ovn-*ctl
operations succeed but changes are not persisted until
db files are available and changes are lost with the restart.

[1] https://review.opendev.org/c/openstack/devstack/+/839389

Change-Id: I178da7af8cba8bcc8a67174e439df7c0f2c7d4d5
2022-05-06 18:06:18 +05:30
yatinkarel 42be2425d8 Collect status of all services
Would be helpful in troubleshooting services
which either fails to start or takes time to
start.

Related-Bug: #1970679
Change-Id: Iba2fce5f8b1cd00708f092e6eb5a1fbd96e97da0
2022-04-29 16:40:32 +00:00
Zuul 85c2999e27 Merge "Tolerate missing deps in get-stats.py" 2022-04-27 22:49:07 +00:00
Zuul bfae1bee79 Merge "Set public bridge up for v6 only configurations" 2022-04-27 10:21:07 +00:00
Zuul 48417ca241 Merge "Drop centos 8 stream testing" 2022-04-26 19:57:12 +00:00
Dan Smith 1b601c7b1e Tolerate missing deps in get-stats.py
In order to run on systems where not all requirements are present,
we should be tolerant of missing external dependencies, such as
psutil and pymysql. Print a warning (to stderr) and just leave out
those stats in that case.

Also make running the stats collector use ignore_errors:yes to avoid
failures in the future. I think the stats is not critical enough to
fail a job for bugs like this.

Related-Bug: #1970195
Change-Id: I132b0e1f5033c4f109a8b8cc776c0877574c4a49
2022-04-26 08:02:39 -07:00
Harald Jensås bab0c92103 Use tryint() for stats value
In some cases the value is [not set], in this case
the conversion to integer does not work.

Closes-Bug: #1970431
Change-Id: I74df7d8bc9f5cbe0709a6471cf7639caea0b58e8
2022-04-26 15:51:35 +02:00
Julia Kreger 6964ba4a98 Set public bridge up for v6 only configurations
A long time ago, Ironic's IPv6 only job started to fail working with
errors indicated the host was unreacable. Turns out, this was because
the $ext_gw_interface was not being set to up, and thus could
be found in a Down state, and thus the kernel would not accept routes
for it.

Adds an explicit step to turn up the public bridge, much as done in
the IPv4 router plugin code which would also be executed in 4+6.

That being said, Ironic's CI jobs are very intentionally IPv6 only
to ensure that we have no chances of v4 addressing getting used
at any point in time.

This should allow Ironic to return it's IPv6 only CI job back
to the normal check queue, once a ironic plugin issue has been
resolved which was introduced while it was removed.

Change-Id: I121ec8a2e9640b21a7126f2eeb23da36b4aa95bf
2022-04-26 06:37:31 -07:00
Grzegorz Grasza 8615563df4 Global option for enforcing scope (ENFORCE_SCOPE)
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.

Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
2022-04-26 14:17:20 +02:00
Ghanshyam Mann c6dfd169ae Drop centos 8 stream testing
In Zed cycle testing runtime, we are targetting the centos 9 stream
- https://governance.openstack.org/tc/reference/runtimes/zed.html

With dropping the python 3.6 support, project started adding python 3.8
as minimum, example nova:
- https://github.com/openstack/nova/blob/56b5aed08c6a3ed81b78dc216f0165ebfe3c3350/setup.cfg#L13

with that, centos 8 stream job is failing 100%
- https://zuul.openstack.org/build/970d029dc96742c3aa0f6932a35e97cf
- https://zuul.openstack.org/builds?job_name=devstack-platform-centos-8-stream&skip=0

This commit drops centos-8-stream testing so that we focus on centos-9-stream.

Change-Id: I045e67b1ca79aba1b2a7be9f88d7804c69c6d781
2022-04-25 15:24:39 -05:00
Zuul 3b0c035b90 Merge "install mod_ssl on centos 9 stream by default" 2022-04-25 20:04:16 +00:00
Balazs Gibizer 7191c5e7e7 Use proper sed separator for paths
I941ef5ea90970a0901236afe81c551aaf24ac1d8 added a sed command that
should match and delete path values but used '/' as sed separator. This
leads to error in unstack.sh runs when the path also contains '/':

+./unstack.sh:main:188 sudo sed -i '/directory=/opt/stack/ d' /etc/gitconfig
sed: -e expression #1, char 13: unknown command: `o'

So this patch replace '/' separator with '+'.

Change-Id: I06811c0d9ee7ecddf84ef1c6dd6cff5129dbf4b1
2022-04-25 15:26:28 +02:00
Zuul 76c519bde6 Merge "modify the sample value of LOGDAYS" 2022-04-22 11:09:36 +00:00
Zuul 45f71b10ef Merge "Gather performance data after tempest" 2022-04-21 23:06:35 +00:00
Sean Mooney af75f689fa install mod_ssl on centos 9 stream by default
This change adds mod_ssl to the default set of rpms installed
on rpm based distros.

this is required if the tls-proxy service is enabled
for multi node centos based jobs.

Change-Id: I52652de88352094c824da68e5baf7db4c17cb027
2022-04-21 20:40:44 +01:00
Zhou Yanbing 4423450eb3 modify the sample value of LOGDAYS
the value of LOGDAYS in samples/local.conf is 2, so change the
value in the comment and the sample value in the document to
be consistent with it.

Change-Id: I5822bbf1d6ad347c67c886be1e3325113d079114
2022-04-21 15:00:41 +08:00
Dan Smith c2772c2984 Gather performance data after tempest
This makes us gather a bunch of consistent statistics after we run
tempest that can be use to measure the impact of a given change. These
are stable metrics such as "number of DB queries made" and "how much
memory is each service using after a tempest run."

Note that this will always run after devstack to generate the JSON
file, but there are two things that control its completeness:

 - MYSQL_GATHER_PERFORMANCE must be enabled to get per-db stats
 - Unless tls-proxy is enabled, we will only get API stats for keystone

Change-Id: Ie3b1504256dc1c9c6b59634e86fa98494bcb07b1
2022-04-20 13:07:22 -07:00
Mohammed Naser 7fa24750a6 ovn: use bundled ovs
We are using the latest OVS, however, OVN needs to build using the
OVS submodule since some of the signatures don't work[1].

[1]: https://github.com/ovn-org/ovn/issues/128

Change-Id: I3ad7e5e80f1141c3d94f7ce7c8b8f8fdb9fb7c3c
2022-04-20 15:50:34 -04:00
Mohammed Naser 28bed125a2 nova: unset cpu_model on aarch64
Without this, running DevStack on an `aarch64` environment will end
up in cpu_model set to "Nehalem" and cpu_mode set to "host-passthrough"
which does not work.

This patch drops that value under aarch64 environments.

Change-Id: I30be5a388dda5ccf08718670dbb14a28a4a8a8eb
2022-04-20 15:13:33 -04:00
Zuul d380858b2d Merge "Add OpenStack two nodes nodeset for Centos 9" 2022-04-19 05:48:02 +00:00
Dan Smith 4baeb3b51f Write safe.directory items to system git config
This is necessary for more consistent behavior across multiple
distro versions. Apparently somewhere along the way, git started
looking at the current user's home directory instead of $HOME.

Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798

Change-Id: I941ef5ea90970a0901236afe81c551aaf24ac1d8
2022-04-18 08:05:44 -07:00
Ian Wienand 676dcaf944 Mark our source trees as safe for git to use as other users
git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.

This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history.  So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.

This plays havoc with our model.  Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks.  We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.

This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe.  This is an
encroachment of the global system for sure, but is about the only
switch available at the moment.  For discussion of other approaches,
see [2].

Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798

[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636

Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
2022-04-13 16:49:07 +10:00
Zuul ce0ff1fd9d Merge "ensure /usr/local/bin in in path" 2022-04-11 14:57:13 +00:00
Artur Angiel bfbd2be00b Added recursive for deletion of $OVN_RUNDIR
After ./unstack.sh trying to 'enable_plugin venus https://opendev.org/openstack/venus' gived following error:

+lib/neutron_plugins/ovn_agent:install_ovn:363  sudo ln -s /var/run/openvswitch /var/run/ovn
ln: failed to create symbolic link '/var/run/ovn/openvswitch': File exists

which led to:

+lib/neutron_plugins/ovn_agent:cleanup_ovn:801  sudo rm -f /var/run/ovn
rm: cannot remove '/var/run/ovn': Is a directory

Change-Id: I1cafdc0c71093ed7249bb9748b57d51110986686
2022-04-10 11:31:21 +02:00
Sean Mooney eca9783a0a ensure /usr/local/bin in in path
osc is typicaly installed in /usr/local/bin
to avoid command not found errors when invoking osc
in devstack ensure that /usr/local/bin is included
in the PATH.

Change-Id: I605fbc4b131149bf5d1b6307b360fe365c680b1a
2022-04-07 13:31:50 +01:00
afariasa f4a703661e Add OpenStack two nodes nodeset for Centos 9
Change-Id: I01c8e5e0e88d0dcfe778f19548a2e268406ef6bf
2022-04-06 15:24:09 +00:00
Zuul aac6b6c791 Merge "Drop setup.py and setup.cfg" 2022-03-29 17:50:05 +00:00
Zuul 729b196445 Merge "Move openEuler job to experimental pipeline" 2022-03-29 14:03:58 +00:00
Ghanshyam Mann 45b029064f Move openEuler job to experimental pipeline
OpenEuler job fails 100% of the time. As discussed in QA meeting,
we agreed to move OpenEuler job to experimental pipeline.
- https://meetings.opendev.org/meetings/qa/2022/qa.2022-03-22-15.00.log.html#l-76

Once it is fixed, we can think of adding back to regular pipeline.

Change-Id: I831889a09fabe5bed5522d17e352ec8009eac321
2022-03-29 07:18:40 +00:00
Zuul 0ed70e3f76 Merge "Update DEVSTACK_SERIES to zed" 2022-03-28 13:02:03 +00:00
Dr. Jens Harbott 5c51a95d10 Drop setup.py and setup.cfg
devstack isn't a python project, these were introduced only for docs
building and made redundant with [0]. We can remove them now.

[0] Iedcc008b170821aa74acefc02ec6a243a0dc307c

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I90ca1c6918c016d10c579fbae49d13fff1ed59af
2022-03-28 14:00:54 +02:00
Zuul e79913c65f Merge "ignore failures to copy the devstack cache" 2022-03-27 09:57:23 +00:00
zhouyanbing 8dc342d400 remove unuseful local variable define
the local varibale: api_cell_conf in start_nova_rest function
is unuseful, so remove it now.

Change-Id: I0019ce807cf3905ee246b684fce2abcb46336306
2022-03-26 14:22:23 +08:00
Martin Kopec 189c7ff142 Update DEVSTACK_SERIES to zed
stable/yoga branch has been created now and
current master is for zed.

Change-Id: I8743a3440a0ce96acb24b34971548b43ae7c8d4c
2022-03-25 14:06:52 +01:00
Zuul 14779fc992 Merge "Clean usage of project_id in the Neutron's L3 service module" 2022-03-24 03:21:17 +00:00
Slawek Kaplonski cebd00aa04 Clean usage of project_id in the Neutron's L3 service module
After patch [1] project_id in that module is no longer needed as to make
it working with new secure RBAC policies we had to hardcode "demo"
project to be used always.
This is small follow-up patch with cleaning after [1].

[1] https://review.opendev.org/c/openstack/devstack/+/826851/

Change-Id: Iddf9692817c91807fc3269547910e4f83585f07f
2022-03-23 15:30:38 +01:00
Zuul a9d392cdbb Merge "Do not use hardcoded IPv4 localhost value" 2022-03-23 10:51:30 +00:00
Ghanshyam Mann 369042b74f Make centos-9-stream job voting
bug#1960346 is fixed by the below series
- https://review.opendev.org/q/(topic:bug/1960346+OR+topic:wait_until_sshable_pingable)+status:merged
and now centos-9-stream job is passing and made voting
on tempest gate.

This commit makes devstack centos9 steam platform job
as voting and add it gate pipeline too.

Change-Id: Ic35420c5d58926ae90a136045a1558112accc533
2022-03-22 10:59:07 -05:00
Zuul 194790df85 Merge "Clean up unified limits configuration for nova and glance" 2022-03-18 19:26:28 +00:00
Brian Haley 7943a92bdb Do not use hardcoded IPv4 localhost value
There are a couple of places that still use a hardcoded
127.0.0.1 value, even if devstack is run with
SERVICE_IP_VERSION=6 in local.conf. While things still
work, SERVICE_LOCAL_HOST should be used instead since
everything else could be using IPv6.

Change-Id: I2dd9247a4ac19f565d4d5ecb2e1490501fda8bca
2022-03-14 16:04:08 -04:00
Michael Johnson 35bc600da1 Fix tls-proxy on newer versions of openssl
Newer versions of openssl (CentOS9Stream for example) do not like using sha1.
Devstack will fail on these systems[1] with the following error:
801B93DCE77F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:333:
This patch updates the tls-proxy code in devstack to use sha256 instead of sha1 which allows devstack to complete when tls-proxy is enabled.

[1] https://zuul.opendev.org/t/openstack/build/1d90b22a39c74e24a8390861b3c5f957/log/job-output.txt#5535

Closes-Bug: #1962600

Change-Id: I71e1371affe32f070167037b0109a489d196bd31
2022-03-11 20:28:39 +00:00
Sean Mooney 13e8db5a6f ignore failures to copy the devstack cache
If the ci images do not have any cached data
we should ignore any error when trying to copying it.
This is requried when using unmodified cloud images.

Change-Id: Ia6e94fc01343d0c292b1477905f8a96a6b43bcf8
2022-03-09 20:17:31 +00:00
melanie witt 2c96180ac8 Clean up unified limits configuration for nova and glance
This is a followup for change Ifdef3510bc7da3098a71739814e35dbaf612ae34
which added configuration of unified limits for nova. This removes an
unnecessary wrapper unsetting of OS_ env variables, unnecessary quoting
on an iniset config value, and a hardcoding of user domain. The glance
code from which the nova code was originally copied is also cleaned up.

Change-Id: I4921af5cc0f624dd5aa848533f7049ee816be593
2022-03-03 23:56:48 +00:00
Zuul a435078fcb Merge "Configure nova unified limits quotas" 2022-03-03 19:12:13 +00:00
Zuul 9bf989eb1a Merge "Made LVM backing disk persistent" 2022-03-02 15:04:47 +00:00
OpenStack Proposal Bot a2ff754536 Updated from generate-devstack-plugins-list
Change-Id: Iff2bf021edee9be3bae21b67e66fe07c552f3a05
2022-03-02 02:13:44 +00:00
Zuul bbe302da85 Merge "Fix installation with OVN backend and compilation" 2022-02-28 10:47:14 +00:00
Zuul 2462893787 Merge "Default CIRROS_ARCH to host arch" 2022-02-22 16:45:51 +00:00
Zuul 8339df0399 Merge "Made Swift backing disk persistent" 2022-02-22 01:54:52 +00:00
Jakob Meng e30620e9a6 Made Swift backing disk persistent
Previously, Swift's backing disk were not be mounted after reboots,
causing swift-proxy-server service to fail with cryptic error
messages such as 'proxy-server: ERROR Insufficient Storage'. Now,
we use 	Dan Smith' create_disk function from functions to create
the backing disk for us and add it to /etc/fstab.

Change-Id: I9cbccc87bc94a55b58e9badf3fdb127d6f1cf599
2022-02-21 20:04:23 +01:00
Zuul d343a70003 Merge "Revert "Revert "Add enforce_scope setting support for keystone""" 2022-02-21 15:33:18 +00:00
Zuul 5e7dad1146 Merge "Use devstack-system-admin for keystone objects creation" 2022-02-21 15:22:08 +00:00
Victor Morales c0882aeaae Add rsync deb package for swift
The rsync debian package is required for swift service. This
requirement has been covered by rpms but not for deb packages.

Change-Id: Iefd1302be9c7fd80e037bbae3638602d6d823580
2022-02-16 18:15:12 -08:00
OpenStack Proposal Bot ef6fac7959 Updated from generate-devstack-plugins-list
Change-Id: If1b667cd4af88511cb1672645a980c9c4fc557ae
2022-02-16 02:16:15 +00:00
Sean Mooney 17b1999eab Default CIRROS_ARCH to host arch
This change use uname -m to get the portable host arch and uses that
as a new default. on x86_64 hosts this should result in no visable change
in behavior however on a non x86 host it will cause devstack to attempt
to download a cirros image that matches the host.

Change-Id: I6d1495a23400ef4cf496302028324fa5794dd45f
2022-02-09 22:14:24 +00:00
Rodolfo Alonso Hernandez 8c6710326e Fix installation with OVN backend and compilation
This patch fixes several issues related to the installation with
OVN backend with the OVS/OVN compilation enabled.

The OVS/OVN local directories prefix, when both services are compiled,
is now "/usr/local".

The "ovn_agent._run_process" function is calling "ovs-appctl" to
configure the logging settings of several services. Instead of
using the service name, the ctl socket file is used instead. That
is more robust and does not fail in systems with previous
installations.

Closes-Bug: #1960514

Change-Id: I69de5333393957593db6e05495f0c3c758efefdf
2022-02-09 21:22:46 +00:00
Zuul 62d6ffa6b3 Merge "Revert "Disable enforcing scopes in Neutron temporary"" 2022-02-08 22:41:18 +00:00
Zuul 1a8b8573ea Merge "Fix deployment of Neutron with enforced scopes" 2022-02-08 22:39:25 +00:00
Zuul 7799e74a05 Merge "Bump fedora-latest to F35" 2022-02-08 22:34:32 +00:00
Jakob Meng accd99e7cd Made LVM backing disk persistent
Previously, loop devices for LVM volume groups backing files were not
created after reboots, causing e.g. Cinder to fail with messages such
as

  ERROR cinder.service [-] Manager for service cinder-volume
  devstack@lvmdriver-1 is reporting problems, not sending
  heartbeat. Service will appear "down".

Now, we use systemd services to manage loop devices for backing files.

Change-Id: I27ec027834966e44aa9a99999358f5b4debc43e0
2022-02-08 11:05:14 +01:00
Zuul f9f6208960 Merge "Add openstack-two-node-centos-8-stream" 2022-02-07 22:42:44 +00:00
Ian Wienand 343e351627 Bump fedora-latest to F35
Generally this is straight forward, but Horizon has a dependency issue
with pyScss (described in [1]) so it is disabled, for now.

[1] https://bugs.launchpad.net/horizon/+bug/1960204

Co-Authored-By: Dr. Jens Harbott <harbott@osism.tech>
Depends-On: https://review.opendev.org/c/openstack/devstack/+/827578
Change-Id: I7c4bf0945f9ac5bd563fe0a698c09b8571c97c5e
2022-02-08 08:08:19 +11:00
Zuul c6ecac744f Merge "revert stackrc execute permissions" 2022-02-05 00:32:06 +00:00
Zuul 091e20b28a Merge "Adapt compute node local.conf to OVN" 2022-02-05 00:26:11 +00:00
Sean Mooney 85c7d8db4e revert stackrc execute permissions
This change reverts the execute permissions from
stackrc which is not meant to be run as a script but sourced
as part of stack.sh

Change-Id: I9a05051e5a297cfaf78d097fa5f90a7c5fd254a6
2022-02-04 12:59:56 +01:00
Rodolfo Alonso Hernandez a756f4b968 Add python3.6 pip support
Since pip v22, python3.6 is not supported (the minimum version is
python3.7). This patch adds the reference for the pip3.6 URL to be
used instead of the default one.

Closes-Bug: #1959600
Change-Id: Iab2c391d5388461fe9e9037cee81884ce8032e72
2022-02-01 11:27:05 +00:00
melanie witt 099a048fb9 Configure nova unified limits quotas
This enables the configuration of nova to use unified limits in
keystone and enforcement in oslo.limit.

Related to blueprint unified-limits-nova

Depends-On: https://review.opendev.org/c/openstack/nova/+/715271

Change-Id: Ifdef3510bc7da3098a71739814e35dbaf612ae34
2022-01-28 20:00:00 +00:00
Zuul 099411815b Merge "Use distro pip on Ubuntu" 2022-01-28 18:49:06 +00:00
Slawek Kaplonski 081c9b716f Revert "Disable enforcing scopes in Neutron temporary"
This reverts commit be7b5bf671.

As related bug is fixed, lets enabled scope enforcement in Neutron
again.

Related-bug: #1959196
Change-Id: I72db7ef533e78a10734d105e6a0debef288e41a1
2022-01-28 09:52:53 +01:00
Slawek Kaplonski 14a0c09001 Fix deployment of Neutron with enforced scopes
After patch [1] new RBAC policies changed in the way that SYSTEM_ADMIN
user isn't anymore allowed to e.g. create resources in behalf of some
projects. Now PROJECT_ADMIN needs to create such resources instead.
So this patch basically reverts most of the changes which were done
in [2] some time ago.
It also introduces new entry in the clouds.yaml file -
"devstack-admin-demo" which is "admin" user in the "demo" project as
it's needed to create some resouces in the demo project now.

Additionally, because of bug [3] this patch changes way how IPv6
external gateway IP is found using Neutron API. This change may be
reverted in the future when bug [3] will be fixed.

[1] https://review.opendev.org/c/openstack/neutron/+/821208
[2] https://review.opendev.org/c/openstack/devstack/+/797450
[3] https://bugs.launchpad.net/neutron/+bug/1959332

Depends-On: https://review.opendev.org/c/openstack/neutron/+/826828

Closes-Bug: #1959196
Change-Id: I32a6e8b9b59269a8699644b563657363425f7174
2022-01-28 09:52:20 +01:00
Ade Lee 1fd45940f3 Add openstack-two-node-centos-8-stream
This will allow multinode FIPS testing

Change-Id: I82b3b8fe56275aed72e13f6d1bd9170c50e5da0d
2022-01-27 15:57:13 +00:00
Slawek Kaplonski be7b5bf671 Disable enforcing scopes in Neutron temporary
After patch [1] was merged in Neutron, enforcing scopes there
is broken.
So lets disable it temporary to unblock Devstack's gate for now.

[1] https://review.opendev.org/c/openstack/neutron/+/821208

Related-Bug: #1959196
Change-Id: I24da6f3897a638749d16f738329a873a5f9a291d
2022-01-27 16:04:32 +01:00
Zuul 6bec828d8e Merge "Fix typo in multinode-lab document" 2022-01-27 08:34:35 +00:00
Grzegorz Grasza 5f5002a378 Revert "Revert "Add enforce_scope setting support for keystone""
This reverts commit 26bd94b45e.

Reason for revert: Devstack keystone creation/setup are moved to
scope tokens, so we can reintroduce the scope check enable.

Change-Id: I6e1c261196dbcaf632748fb6f04e0867648b76c7
2022-01-26 15:41:18 +01:00
Grzegorz Grasza ae40825df6 Use devstack-system-admin for keystone objects creation
This is needed so we can set keystone into enforcing secure RBAC.
This also adjusts lib/glance, which already partially used
devstack-system-admin.

Change-Id: I6df8ad23a3077a8420340167a748ae23ad094962
2022-01-26 15:40:42 +01:00
Dr. Jens Harbott d6909e41af Use distro pip on Ubuntu
Running get-pip.py fails on Ubuntu when running twice, e.g. after a
unstack/stack cycle. Just use distro pip instead.

Closes-Bug: #1957048
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I87a8d53ed8860dd017a6c826dee6b6f4baef3c96
2022-01-22 17:02:29 +01:00
Pierre Riteau 0a31630323 Adapt compute node local.conf to OVN
The default Neutron configuration is now using OVN, but the multinode
lab was using an incompatible configuration:

    The q-agt/neutron-agt service must be disabled with OVN.

Change-Id: I518a739a3daac941880463cde6b47951331d0911
2022-01-21 10:07:07 +01:00
yatinkarel d5d0bed479 Workaround CentOS 8-stream bug until fixed
Recent iputils release in CentOS 8-stream causing
ping failures with non root user. This needs a fix
in systemd package as mentioned in the Related Bugs,
until it's fixed and is in 8-stream mirrors let's
workaround it by setting net.ipv4.ping_group_range
setting manually.

Related-Bug: #1957941
Related-Bug: rhbz#2037807
Change-Id: I0d8dac910647968b625020c2a94e626ba5255058
2022-01-17 08:43:52 +00:00
Zuul b6656b7b38 Merge "Clean up compile_ovn function's parameters" 2022-01-13 17:43:52 +00:00
Zuul 6d55b2a439 Merge "Allow skip the database server installation" 2022-01-12 15:40:57 +00:00
Zuul df551da6f5 Merge "Fix cloning requirements when GIT_DEPTH is set" 2022-01-11 18:51:34 +00:00
Zuul 3a373536f1 Merge "Deprecate lib/neutron" 2022-01-11 17:29:14 +00:00
elajkat c994dc4de2 Deprecate lib/neutron
lib/neutron-legacy was recently undeprecated (see [0]), Openstack CI
uses neutron-legacy and latest work was done in it also.
To avoid double maintenance lib/neutron can be deprecated.

For latest discussion see [1] and [2].

[0]: https://review.opendev.org/c/openstack/devstack/+/704829
[1]: https://meetings.opendev.org/meetings/networking/2022/networking.2022-01-04-14.04.log.html#l-52
[2]: https://meetings.opendev.org/irclogs/%23openstack-qa/%23openstack-qa.2022-01-05.log.html#t2022-01-05T15:57:37

Related-Bug: #1955765
Change-Id: I3fc328b7f47ccd7c1a97cceeea98fb2fbd609017
2022-01-11 14:14:20 +01:00
Zuul 35aa64e5f7 Merge "Added AlmaLinux to CentOS 8 family" 2022-01-11 01:53:55 +00:00
Carlos Camacho cc6e20b24d Allow skip the database server installation
This patch allows to skip the installation
of the database backend packages (MySQL or Postgres)
with the introduction of the INSTALL_DATABASE_SERVER_PACKAGES
variable (defaulted to True).
This is useful in such environments that do not require
to install the MySQL/Postgres server packages directly but using
a container serving that purpose, for those cases all the
remaining steps should be executed just skipping the
packages install.

Change-Id: I26628a31fdda3ce95ed04a2b7ae7b132c288581f
2022-01-10 09:26:56 +01:00
Zuul 6133c1c959 Merge "Only set chap algorithms if not openeuler" 2022-01-07 19:21:40 +00:00
Dr. Jens Harbott 807330ac37 Fix cloning requirements when GIT_DEPTH is set
We always need the master branch of requirements in order to be able to
install tempest with it, so override GIT_DEPTH when cloning that repo.

Closes-Bug: 1956616
Change-Id: Id0b409bfadd73f2c30314724178d6e199121050b
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
2022-01-07 11:42:26 +01:00
Ade Lee ac958698d0 Only set chap algorithms if not openeuler
For some reason, setting the CHAPAlgorithms as in c3b705138
breaks OpenEuler.  Making this conditional so that tests continue
to pass.

Change-Id: Iaa740ecfbb9173dd97e90485bad88225caedb523
2022-01-06 15:20:07 -05:00
Eduardo Santos 4448f243f3 Fix public subnet creation command
There was no space after the --project option in the command that
creates the public subnet, thus if any option follows, the option itself
will be parsed as part of the value passed to the --project option. This
change just adds the missing space.

Change-Id: I1e7375578342a82717222e902fcd65a4a62e33a7
2022-01-06 14:03:16 -03:00
Zuul 9154bf543d Merge "Install OVS from source when it was configured like that" 2022-01-06 00:39:16 +00:00
Zuul e091481341 Merge "Fix tempest upper-constraints" 2022-01-05 10:57:21 +00:00
Zuul 3c98c21fec Merge "Fix mysqladmin failure for Fedora 34 and mariadb" 2022-01-04 19:23:59 +00:00
Zuul 0486d4ccf3 Merge "init_cinder() shouldn't always create DEFAULT_VOLUME_GROUP_NAME" 2022-01-04 18:50:10 +00:00
Zuul 7b0251cf37 Merge "Fix stacking without preconfigured DATABASE_PASSWORD" 2022-01-04 18:33:26 +00:00
Dr. Jens Harbott 2ef4a4c851 Fix tempest upper-constraints
When deploying devstack in a stable branch, the master branch is
available locally only in a CI environment where Zuul prepares all
available branches. For a non-CI deployment we need to stick to using
the remote branch as was the case before [0].

While the situation on the master branch isn't really broken, we apply
the fix here anyway so that future stable branches are created in a
working state.

[0] I5d42ac6b54bf20804d7e5faa39d1289102318b64

Closes-Bug: #1956219
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib7719cb2d48b34db70f885e0afe77d904abba3b5
2022-01-03 19:27:22 +01:00
Zuul 858aca019c Merge "Don't enable the dstat service in CI jobs" 2022-01-03 18:00:28 +00:00
Miguel Lavalle c1a75c6a50 Fix mysqladmin failure for Fedora 34 and mariadb
mysqladmin is incorrectly installed in Fedora 34 with mariadb. This
causes the failure of Zuul Fedora based jobs. The issue is a conflict
between mariadb and community mysql that is described in [1] and [2].

The workaround is to explicitly install package "mariadb"

Also configure an increased swap size like for the other platform jobs
in order to avoid OOM issues.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2026933
[2] https://lists.launchpad.net/maria-discuss/msg06179.html

Closes-Bug: #1956116
Change-Id: Icf6d7e1af5130689ea10b29d37cc9b188b2c9754
2022-01-03 15:33:35 +01:00
Zuul 3155217fb6 Merge "openEuler 20.03 LTS SP2 support" 2021-12-30 12:04:44 +00:00
Zuul 1d7d8e6a17 Merge "Enable oslo.limit to be installed from git repo" 2021-12-30 10:54:09 +00:00
Zuul 71c215ac29 Merge "Revert "Generate deprecation warning for postgresql"" 2021-12-30 10:29:00 +00:00
Zuul 98df253eae Merge "Add option to set chap algorithms for iscsid for FIPS" 2021-12-30 10:28:57 +00:00
Zuul 559f8cc150 Merge "Use MDB backend in Ubuntu" 2021-12-30 10:28:54 +00:00
Zuul 13526abe84 Merge "cinder-backup: Ensure ca cert is defined when tls-proxy is enabled" 2021-12-30 09:32:21 +00:00
yatinkarel 05e622ead2 Use upper-constraints from in review changes
Currently upper-constraints.txt is not getting used
from in-review changes of requirements project and
leading to merge of broken requirements[1].

Use master branch to fetch constraints instead of
the remote branch.

[1] https://review.opendev.org/c/openstack/requirements/+/822575

Depends-On: https://review.opendev.org/c/openstack/requirements/+/823128
Change-Id: I5d42ac6b54bf20804d7e5faa39d1289102318b64
2021-12-29 09:48:39 +00:00
Dr. Jens Harbott 134205c138 Don't enable the dstat service in CI jobs
We still are seeing regular job failures because the pcp package fails
to install. Assume that we can still enable it on demand when someone
needs to debug specific job issues, let us just disable it by default.

Related-Bug: 1943184
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I32ef8038e21c818623db9389588b3c6d3f98dcad
2021-12-23 12:29:14 +01:00
Dr. Jens Harbott 353c3f9cb1 Fix stacking without preconfigured DATABASE_PASSWORD
When we need to read a DATABASE_PASSWORD from the user, make sure we
actually use it in our database URLs.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5ebf6b0280e82f2c87a63cbee7a9957c6bd26898
2021-12-23 12:07:29 +01:00
Slawek Kaplonski 5888947539 Clean up compile_ovn function's parameters
That function was accepting 3 positional arguments and first
of them was boolean value "build_modules" which isn't used anywhere in
that function.
So this patch cleans it a bit by removing that not used parameter.

Change-Id: I5c57b9116338a63b7bfb170c02e33bb4eae725da
2021-12-22 16:00:29 +01:00
Kevin Zhao 7880ba665e openEuler 20.03 LTS SP2 support
openEuler is an open-source Linux based operating system. The current
openEuler kernel is based on Linux and supports multi arch, such as X86_64
and aarch64. It fully unleashes the potential of computing chips. As an
efficient, stable, and secure open-source OS built by global open-source
contributors, openEuler applies to database, big data, cloud computing,
and AI scenarios. openEuler is using RPM for package management.

Note:
Currently there is no available package for uwsgi-plugin-python3 and ovn, so that
openEuler needs manually install them from source.

Website: https://www.openeuler.org/en/

Change-Id: I169a0017998054604a63ac6c177d0f43f8a32ba6
Co-Authored-By: wangxiyuan <wangxiyuan1007@gmail.com>
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
2021-12-22 14:47:27 +08:00
Slawek Kaplonski 24b65adc9c Deploy Neutron with enforced new RBAC rules
This patch adds new config option NEUTRON_ENFORCE_NEW_DEFAULTS which
if set to True will deploy Neutron with enforce new rbac defaults and
scopes.
It will also use SYSTEM_ADMIN user to interact with Neutron where it is
needed.

Depends-On: https://review.opendev.org/c/openstack/neutron/+/798821

Change-Id: I14d934f0deced34d74003b92824cad3c44ec4f5e
2021-12-20 14:42:35 +01:00
Ade Lee c3b7051387 Add option to set chap algorithms for iscsid for FIPS
The default CHAP algorithm for iscsid is md5, which is disallowed
under fips.  We will set the chap algorithm to "SHA3-256,SHA256",
which should work under all configurations.

Change-Id: Ide186fb53b3f9826ff602cb7fb797f245a15033a
2021-12-08 19:20:40 -05:00
Slawek Kaplonski 4185358837 Install OVS from source when it was configured like that
Function _neutron_ovs_base_install_agent_packages always tried to
install openvswitch from packages and start it using systemd units.
That was failing when ovs was expected to be installed from source.
This patch fixes that.

Change-Id: Iae8625dd800d30061ea3dbed9eb0dfbe16f21572
2021-12-08 14:09:49 +00:00
Zuul 6c849e3713 Merge "Support CentOS Stream 9" 2021-12-04 18:18:06 +00:00
Zuul a77943f8aa Merge "Remove unnecessary member role assignments from alt_demo" 2021-12-04 18:18:03 +00:00
Zuul 39acde91f9 Merge "Only write out uwsgi configs when deploying API services" 2021-12-04 17:33:24 +00:00
Lee Yarwood fc8ef86fbe Only write out uwsgi configs when deploying API services
Previously this would always happen for Nova and Cinder even if n-api
and c-api were not enabled on the host respectively.

This change stops this by placing both calls write_uwsgi_config behind
is_service_enabled checks.

Change-Id: I997685da771736dbad79bcfe4b00dbc63bd6d6b6
2021-12-03 12:09:08 +00:00
Lee Yarwood 31334f9a9b nova: Use noVNC 1.3.0 when installing from source
Additionally make the repo name lowercase to match the project name in
our zuul config so that jobs can check the repo out.

Change-Id: Ic2d9c4fa837461bbc29e067a81912b5f72efd3ca
2021-12-03 12:09:01 +00:00
Alfredo Moralejo 5ea4c3c18c Support CentOS Stream 9
This patch includes changes required to run devstack on CentOS Stream 9
which has been already published in official repos by CentOS team [1]:

- Add RDO deps repository for CS9.
- remove xinetd package from installation for swift. Note that
  rsync-daemon is installed which should work fine.
- Replace genisoimage by xorriso in CS9.
- Use /etc/os-release to identify the distro in CS9 as it doesn't
  provide lsb_release command.
- Use pip from rpm package instead of from get-pip.py as done in Fedora.
- Add non-voting job devstack-platform-centos-9-stream to the check
  pipeline.

Change-Id: Ic67cddabd5069211dc0611994b8b8360bcd61bef
2021-12-02 09:10:48 +01:00
Zuul 1414bcfa22 Merge "Remove unnecessary unset for project-scoped token in glance" 2021-12-01 11:27:33 +00:00
Zuul 7020daf7fc Merge "Cleanup keystone library" 2021-11-30 17:59:03 +00:00
Roman Dobosz bd68251463 Change a way for creating data dir in case of OVN.
Calculate the sudo usage with local variable.

Change-Id: I39dff770ff296dc06395acdb430a9cfe1722a30f
2021-11-27 08:12:04 +01:00
yatinkarel b575af0cfe Do not use sudo with OVN_DATADIR when building from source
Jobs with OVN_BUILD_FROMS_SOURCE=True are broken
since [1] as ovn nortd not starting due to permission
issues. Fix it by not using sudo for creating OVN_DATADIR
when building from source.

[1] https://review.opendev.org/c/openstack/devstack/+/806858

Closes-Bug: #1952393
Change-Id: I00f0c8c8173b4d8270fbb3e6079d0d8b332e9de5
2021-11-26 13:44:10 +05:30
Lance Bragstad afd0f84eae Remove unnecessary unset for project-scoped token in glance
Before, we needed to unset a couple of parameters that would make the
client return a project-scoped token instead of a system-scoped token,
which we need when interacting with registered limits in keystone.

This commit removes those unsets since we no longer source those
variables by default. This commit also cleans up some of the redundant
parameters in the registered limit calls, like region.

Change-Id: I1af8a168a29e895d57504d41e30efea271ea232d
2021-11-26 07:26:56 +00:00
Zuul acc9bd6ab9 Merge "Fix OVN DBs cleanup on startup" 2021-11-25 10:38:27 +00:00
Takashi Kajinami c20cd8ed9d cinder-backup: Ensure ca cert is defined when tls-proxy is enabled
Change-Id: Id679eb7061d8e609ce76fbb5b720a041990e8e86
2021-11-24 01:35:46 +09:00
Gregory Thiemonge 6822ff3944 Fix OVN DBs cleanup on startup
When initializing OVN, clean up the correct database directory when
using OVN from packages (/var/lib/ovn/ instead of /opt/stack/data/ovn/).
The /opt/stack/data/ovn location is used only when building OVN from
sources, so a fresh devstack deployment with OVN packages may already
have hundreds of existing routers and ports, creating ARP collisions.

Closes-Bug: #1942201
Change-Id: Ic90d4f2f9d8aaef825ea3325c0ad8fef2a1c5e39
2021-11-23 16:17:24 +01:00
Takashi Kajinami 65a5db8e33 keystone: Dot not set the removed admin_endpoint parameter
The admin_endpoint parameter has been removed from keystone[1], and
setting the parameter is no longer effective.

[1] 192cde56e57a06750641b319da8a72cdcaa554d0

Change-Id: I6ae6a3122668551acc018972624e914fcbb79a22
2021-11-23 12:03:20 +01:00
Lance Bragstad 1d8888dc24 Remove unnecessary member role assignments from alt_demo
This user already has the admin role assignment on a project, which
implies the member role, making explicit calls to add the member role
redundant.

Change-Id: I398c5e2f098aeeb896de83872085cbce529a778a
2021-11-22 21:28:20 +00:00
Zuul 94facb0759 Merge "Add missing ml2, L2 and L3 agent functions to devstack" 2021-11-19 01:10:09 +00:00
Julia Kreger c96993d138 Make OS_CLOUD be able to be configured
OS_CLOUD is used to communiate to CLI tools what cloud
credentials to utilize.
The change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
unfortunately set an explicit OS_CLOUD account which breaks
any jobs which are expecting a previosuly set OS_CLOUD which
may be different to work. For example, OS_CLOUD being set
as devstack-system-admin to facilitate Secure RBAC testing.

Change-Id: Iee900e552584dda622f57eea3508df48dff2e071
2021-11-18 10:39:36 -08:00
Slawek Kaplonski faed11d2a1 Add missing ml2, L2 and L3 agent functions to devstack
Previously those functions were defined in the neutron's devstack plugin
but with [1] we moved qos related code into devstack and we missed about
moving them too.
This is follow up patch to fix that issue.

[1] https://review.opendev.org/c/openstack/devstack/+/815686

Change-Id: Icf459a2f8c6ae3c3cb29b16ba0b92766af41af30
2021-11-18 16:42:40 +01:00
Zuul 487057de80 Merge "Add additional project personas for secure RBAC" 2021-11-18 00:22:24 +00:00
Zuul 8d7ac90f00 Merge "Stop creating userrc_early" 2021-11-17 19:49:59 +00:00
Dr. Jens Harbott f56f7a557a Stop creating userrc_early
We can use the devstack-admin cloud configuration everywhere now
and don't need to set environment variables with cloud credentials
any longer.

Fix the swift setup, where some more options need to be explicitly
specified now and the default OS_CLOUD setting overridden.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
2021-11-16 19:35:32 +01:00
Slawek Kaplonski f9a896c6e6 Rehome functions to enable Neutron's QoS service
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
QoS service is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.

[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142

Change-Id: I48f65d530db53fe2c94cad57a8072e1158d738b0
2021-11-13 19:52:06 +00:00
Lance Bragstad 9c81321bfc Add additional project personas for secure RBAC
This commit formalizes some additional users to act as different project
users and updates clouds.yaml file so they're easy to use.

It creates:

  - a reader on the demo project
  - a reader on the alt_demo project
  - a member on the alt_demo project

With the adoption of secure RBAC personas, these are useful for using
OpenStack APIs as that work continues.

Change-Id: I3237a771275311377313b7d7d80ac059ac69d031
2021-11-13 20:41:43 +01:00
Zuul 483e7e243a Merge "Rehome functions to enable Neutron's placement integration" 2021-11-13 19:02:48 +00:00
Zuul 05e9cb1e19 Merge "Clarify error message for ERROR_ON_CLONE=True" 2021-11-12 22:18:44 +00:00
Dr. Jens Harbott 95555ba398 Cleanup keystone library
IDENTITY_API_VERSION is hardcoded to 3 in most locations already, drop
the remaining occurrences, but keep the variable definition since some
plugins still depend on it. Drop ENABLE_IDENTITY_V2 which no longer
has any effect.

Amend variable list for bootstrap_keystone().

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I06f476d2105bc6ec2b511fc5effcfcc3973eaf97
2021-11-10 06:24:15 +01:00
Zuul 55c7830b4b Merge "Update lib/keystone to add more system users" 2021-11-09 16:11:47 +00:00
Zuul 2000d0ccf3 Merge "neutron-legacy: Remove no longer necessary vpnaas conditional" 2021-11-09 13:59:10 +00:00
Lance Bragstad 021ae0bcc8 Update lib/keystone to add more system users
Keystone has supported system-scope since Queens and we already make
sure we create a cloud profile for system-admin in
/etc/openstack/clouds.yaml.

This commit ensures keystone creates a couple of new users to model
system-member and system-reader personas. Doing this by default in
devstack makes it easier for people to use.

We've already taken a similar approach in tempest by setting up the
various system personas for tempest clients to use.

Change-Id: Iceb7c5f517db20072e121dc7538abaa888423c67
2021-11-05 10:44:58 +01:00
Zuul d28865ba3d Merge "Run Bullseye with more swap" 2021-11-04 23:55:11 +00:00
Zuul a2d4d08b00 Merge "Allow cinder default quotas configuration" 2021-11-04 22:08:00 +00:00
Dr. Jens Harbott f8e00b86ae Run Bullseye with more swap
Since Bullseye like Centos 8 Stream needs more memory due to changed
default settings in newer qemu versions, set the swap size to 4G, which
is the same setting already being used for the CS8 jobs successfully.

Change-Id: I83ea34d6aa647d2ab9d4d78ed354904fce836e68
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
2021-11-04 15:28:50 +01:00
Zuul 9101fbf5c4 Merge "Switch off creating a keystone admin endpoint by default" 2021-11-04 14:20:50 +00:00
Ghanshyam Mann 325792d9b9 Clarify error message for ERROR_ON_CLONE=True
If ERROR_ON_CLONE is set to True which is case for
all the devstack based job, devstack does not clone the
repo instead raise error. From current error message, it
is difficult to know that ERROR_ON_CLONE is True until we
traceback the code or check devstack-base job set ERROR_ON_CLONE
to True.

Current error message is like:
-------
+ functions-common:git_clone:560           :   echo
'The /opt/stack/oslo.limit project was not found; if this is a gate job, add'
  The /opt/stack/oslo.limit project was not found; if this is a gate job, add
+ functions-common:git_clone:561           :   echo 'the project to the
 $PROJECTS variable in the job definition.'
the project to the $PROJECTS variable in the job definition.
+ functions-common:git_clone:562           :   die 562 'Cloning not
  allowed in this configuration'
--------

Adding ERROR_ON_CLONE info in error message will help to
know the reason of devstack not cloning the repo.

Change-Id: I9e9852f046fefb299b4ef4446323e9c86437212f
2021-11-03 19:34:19 +00:00
Zuul c053269fc3 Merge "Make creation of keystone admin endpoint optional" 2021-11-03 12:30:10 +00:00
Zuul fb2e741008 Merge "Stop creating a keystone admin site" 2021-11-03 12:30:07 +00:00
Zuul bca0448438 Merge "Create clouds.yaml early enough" 2021-11-02 17:54:37 +00:00
Slawek Kaplonski 7f6d9283b8 Rehome functions to enable Neutron's placement integration
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.

[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142

Change-Id: Ib86071881f16de1b69c0f9b1b19b6df8b7e66a07
2021-10-27 16:40:30 +02:00
Zuul c8134987c9 Merge "Use Nehalem CPU model by default" 2021-10-22 13:27:53 +00:00
Zuul af23507c34 Merge "Fix use of yaml.load()" 2021-10-22 12:00:35 +00:00
Clark Boylan e06d954229 Use Nehalem CPU model by default
CentOS/RHEL 9 are being compiled for the x86_64-v2 architecture which is
newer than the qemu default of qemu64. This means that for devstack to
boot these instances we need a newer CPU model. Nehalem is apparently
the oldest model that works for x86_64-v2 and is expected to work on
Intel and AMD cpus with kvm or qemu. Switch devstack to this model by
default.

Note that we cannot use host-passthrough or host-model because we want
to support live migration between devstack deployed nova-compute
instances and even within the CI instances that we get the host CPUs can
differ.

Also, we should run this change against as many clouds as possible to
ensure that the newer model works across all of our clouds. There is
some fear that the virtual CPUs presented to us in some clouds may not
be able to run these newer CPU models.

Change-Id: Ibd6e11b59f3c8655bc60ace7383a08458b2177f2
2021-10-21 08:15:12 -07:00
Zuul 6923f7b5e6 Merge "Enable running on Debian Bullseye" 2021-10-20 14:56:29 +00:00
Tristan Cacqueray 4aa27976eb [ci] Remove the implied-branches pragma
This change enables using devstack job with custom branche names.

Change-Id: I95c368f05042a6f8f208988af9a6d89a522a5526
2021-10-19 21:48:17 +00:00
Jens Harbott b538b3267c Switch off creating a keystone admin endpoint by default
With the depending patch, the endpoint will still be created for
heat tests, so we can turn it off for everyone else.

Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/777343
Change-Id: I0dc7d6cedd07e942b9f23b26a785b386aff41fbc
2021-10-17 17:44:13 +00:00
Jens Harbott eb37657d8e Make creation of keystone admin endpoint optional
The keystone admin endpoint technically isn't different any longer from
the other keystone endpoints in v3 of the API. However, some
applications like heat are still relying on it to exist.

So we make the creation of the admin endpoint during bootstrap optional
here, with the intention to change the default to False once all jobs
that still need this are modified to explicitly require it.

Change-Id: I7ab12141c558186e397c174c248a613d1810011b
2021-10-17 19:36:46 +02:00
Zuul 79356c41cd Merge "Don't fail if there is no nf_conntrack_proto_gre module available" 2021-10-17 16:33:33 +00:00
Jens Harbott c2491bac9d Stop creating a keystone admin site
Keystone no longer has any special functionality hidden behind the admin
site. KEYSTONE_AUTH_URI which used to point to the admin site has long
ago been changed to be a copy of KEYSTONE_SERVICE_URI, which points to
the public site.

Drop all KEYSTONE_AUTH_* variables except KEYSTONE_AUTH_URI which may
still be in use in some plugins.

This also allows to finally drop the fixup_keystone() function.

Change-Id: I549f3cadc27d137e014241cdd47e90267859c848
2021-10-17 17:11:03 +02:00
Jens Harbott ee1c614eda Fix use of yaml.load()
The use of this function has been deprecated for a long time[0]. With
PyYAML==6.0 the call is now failing, so replace it with the safe
version.

[0] https://msg.pyyaml.org/load

Signed-off-by: Jens Harbott <frickler@offenerstapel.de>
Change-Id: I7a170262b50a5c80a516095b872d52e1bea5479d
2021-10-16 17:33:12 +02:00
OpenStack Proposal Bot c027ddd3f8 Updated from generate-devstack-plugins-list
Change-Id: I1abc356970a7f2427bc9683a7e64e54ab52a7651
2021-10-16 06:26:49 +00:00
Dr. Jens Harbott 84901f563e Create clouds.yaml early enough
When using glance limits, the create_glance_accounts call needs access
to the devstack-system-admin cloud definition, so we need to create
the clouds.yaml file before that step.

Change-Id: Ie6d807c46b88b16b316aa166870a6a13f2bb346d
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
2021-10-15 15:07:15 +02:00
Slawek Kaplonski b4e683e6b9 Don't fail if there is no nf_conntrack_proto_gre module available
It may be that it is already compiled in the kernel so there is no
need to load kernel module in such case.

Change-Id: Ie1d32e3fd529e13958857cb3ced6710eebde1e4d
2021-10-14 13:50:30 +02:00
Zuul 82facd6edf Merge "Fix updating setuptools in Centos" 2021-10-12 20:43:00 +00:00
Zuul 10d20b14e7 Merge "Further fixup for Ubuntu cloud images" 2021-10-11 09:26:28 +00:00
Zuul d603c2a459 Merge "Remove cinder from service names" 2021-10-11 08:27:27 +00:00
Zuul 23cbf138b4 Merge "tools: Fix use of continue" 2021-10-11 08:10:36 +00:00
Zuul e2e88dc19a Merge "Fix displaying usage for make_cert.sh" 2021-10-11 00:53:22 +00:00
Zuul 2e336ee79f Merge "Rehome functions to enable Neutron's Trunk service plugin" 2021-10-11 00:51:51 +00:00
Dr. Jens Harbott 61a37bff9a Further fixup for Ubuntu cloud images
The official Ubuntu cloud images have some further python pkgs
preinstalled that conflict with our requirements. Allow to
overwrite them.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1871485
Change-Id: I793c250cae5e7b9bc835b7016d790d1f9ae8a7f3
2021-10-08 11:04:03 +02:00
Slawek Kaplonski f758b60a4b Rehome functions to enable Neutron's Trunk service plugin
Those functions were part of the neutron devstack plugin but we
discussed on the neutron team meeting [1] to move it to the Devstack
repo as it's mature enough now.

[1] https://meetings.opendev.org/meetings/networking/2021/networking.2021-10-05-14.00.log.html#l-156

Change-Id: I35446adad1d8a7fed142d834de20c48b611015a5
2021-10-06 12:04:26 +02:00
Michal Berger bfc79dc98b tools: Fix use of continue
continue is not used in a proper context here (outside of loop). Use
null cmd instead to simply fall through the pip installation.

Signed-off-by: Michal Berger <michallinuxstuff@gmail.com>
Change-Id: Iaea2e5c0177b475edf19d08d71933a74debbb5d9
2021-10-05 15:44:45 +02:00
Lee Yarwood 714826d1a2 nova: Ensure each compute uses a unique iSCSI initiator
The current initiator name embedded in our CI images is not unique at
present and can often cause failures during live migrations with
attached volumes. This change ensures the name is unique by running
iscsi-iname again and overwriting the existing name.

We could potentially do this during the image build process itself but
given that devstack systems are not supposed to be multi-purpose this
should be safe to do during the devstack run.

Closes-Bug: #1945983
Change-Id: I9ed26a17858df96c04be9ae52bf2e33e023869a5
2021-10-05 11:36:24 +01:00
Jens Harbott 959a7c262a Enable running on Debian Bullseye
Some adaption in database handling is all that is missing. Also add a
platform job that tests this.

Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I6dd3e48444dd415d84df5e7f5c74540847cdd6db
2021-10-04 17:27:33 +02:00
melanie witt c7791301be Enable oslo.limit to be installed from git repo
oslo.limit isn't currently in the list of libraries that can be
installed from a git repo via LIBS_FROM_GIT.

This adds oslo.limit to enable integrated testing against unmerged
oslo.limit changes.

Change-Id: I26cc567fdf4c84014040ae586bbb029b8de7a236
2021-10-01 17:30:52 +00:00
Lee Yarwood 982b03c605 zuul: Remove dedicated devstack-async job
I83d56c9363d481bb6d5921f5e1f9b024f136044b switched the default of
DEVSTACK_PARALLEL over to True so this dedicated job is no longer
required as *all* jobs should now be using it.

Change-Id: I0f475ab177c2cd49eeb6be861cdd11581e8e0b97
2021-09-30 13:08:35 +01:00
Jens Harbott 56e75e4aef Fix uwsgi config for trailing slashes
The apache mod_proxy documentation[0] says that trailing slashes need to
match for the ProxyPass statement. Since adding a slash to the redirected
url would break things that need to access endpoints like /identity
without anything added, we need to drop the trailing slash for the
target URL. See [1] for the discussion of the CVE fix that changed the
previous behavior.

[0] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass
[1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274

Depends-On: https://review.opendev.org/c/openstack/devstack/+/811389
Change-Id: Ia6b1a41957833fba87a2e6f048d2483267632385
2021-09-28 20:05:08 +02:00
Rajat Dhasmana 65b46a503a Remove cinder from service names
In devstack job, cinder is not a valid service name and logs error
in gate[1] so remove it.

2021-09-28 05:44:47.791807 | controller | + functions-common:service_check:1603      :   for service in ${ENABLED_SERVICES//,/ }
2021-09-28 05:44:47.795506 | controller | + functions-common:service_check:1605      :   sudo systemctl is-enabled devstack@cinder.service
2021-09-28 05:44:47.809647 | controller | Failed to get unit file state for devstack@cinder.service: No such file or directory

[1] https://e978bdcfc0235dcd9417-6560bc3b6382c1d289b358872777ca09.ssl.cf1.rackcdn.com/801989/7/check/tempest-integrated-storage/779d1e7/job-output.txt

Change-Id: I7ca105201d82b72c7e56778425d3bce7c76047db
2021-09-28 03:13:28 -04:00
Ghanshyam Mann 8d1bfcacf8 Update DEVSTACK_SERIES to yoga
stable/xena branch has been created now and
current master is for yoga.

Change-Id: I0c7809bdac6482bb947f394b0c2535fabb4cf067
2021-09-24 18:01:09 -05:00
Grzegorz Grasza 26f8149218 Use MDB backend in Ubuntu
The MDB backend is the default in Ubuntu and specifying
HDB in debconf doesn't change it to HDB.

Closes-Bug: #1939700
Change-Id: If98f7fc8395678365fb73f0c5cd926cef083e470
2021-08-17 09:41:33 +02:00
Roman Dobosz ac1b723c20 Fix displaying usage for make_cert.sh
Now, if no arguments are passed to make_cert.sh script, it will fail on:

  tools/make_cert.sh: line 30: [: missing `]'

and might go on with generating certs depending on the bash settings.
It is fixed within this patch.

Change-Id: I62bf9c972ebd1644da622439e05114f245f20809
2021-08-06 12:55:39 +02:00
Brian Rosmaita f44aa0c55a Allow cinder default quotas configuration
The default cinder quotas for volumes, backups, or snapshots may
be too low for highly concurrent testing, so make these configurable
in devstack.

Change-Id: Ie3cf3239b48f9905f5760ad0166eea954ecf5eed
2021-08-04 18:27:48 -04:00
zenkuro 6f4eafb823 Added AlmaLinux to CentOS 8 family
Change-Id: I9fb6f010842a495c838d468b47dc5081596f41a2
2021-07-15 21:47:23 +03:00
Gregory Thiemonge a5d52831dc Fix updating setuptools in Centos
In RHEL-based distributions, updating setuptools using pip removes the
files from the python3-setuptools RPM. It breaks some tools such as
semanage (which is used by diskimage-builder) that use the -s flag of
the python interpreter (don't import modules from /usr/local).
This commit reinstalls python3-setuptools to fix those applications.

Change-Id: Ib44857e83f75acf37823fae912960a801c83cf7f
2021-06-21 09:58:47 +02:00
Nobuhiro MIKI 110b9a9b1b Fix typo in multinode-lab document
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I1b6100d6b8231f1f96a7768e26ab83f010f1e4dc
2021-04-01 11:14:27 +09:00
Armando Migliaccio a676c4029e Revert "Generate deprecation warning for postgresql"
Based on resolution [1], there's no clear indication that next
steps involve the removal of the DB from Devstack or from the gate.

[1] I332cef8ec4539520adcf37c6d2ea11488289fcfd

This reverts commit d9aaae95f2.

Change-Id: I8410d65c0e0b24035aa035fac7560a686d53ec50
2019-10-17 15:58:34 -04:00
Dirk Mueller dc01a8ab63 Switch TLS tests to TLSv1.2+ only
This would more likely match a relevant production deployment.

Change-Id: I4ee2ff0c00a8e33fd069a782b32eed5fef62c01b
2019-07-14 22:33:45 +02:00
Huan Xiong 63beab5243 init_cinder() shouldn't always create DEFAULT_VOLUME_GROUP_NAME
DEFAULT_VOLUME_GROUP_NAME volume group is LVM ephemeral storage used by
Nova. It is created by init_nova() if user sets NOVA_BACKEND to "LVM".
However, init_cinder() is also hardcoded to create it, based on the
asumption that CINDER_ENABLED_BACKENDS includes it. That assumption
doesn't hold for the current code. What's more important, even if user
wants to use DEFAULT_VOLUME_GROUP_NAME as one of cinder backends and
adds it to CINDER_ENABLED_BACKENDS, the current code in init_cinder()
are general enough and should work fine. This change removes relevant
code in init_cinder(). It also moves DEFAULT_VOLUME_GROUP_NAME clean-up
code from unstack.sh to cleanup_nova().

Change-Id: I53762f8eda6256f962cc4e1f1098406879bbcf5c
2018-03-23 14:42:37 +00:00
YAMAMOTO Takashi 6839d42819 neutron-legacy: Remove no longer necessary vpnaas conditional
VPNaaS agent is going to be an L3 agent extention.

Related-Bug: #1692128
Depends-On: I0b86c432e4b2210e5f2a73a7e3ba16d10467f0f2
Change-Id: Id827274b7c74cdf71db6d1f2ab3eadb5fef099f5
2017-10-17 12:59:27 +09:00
152 changed files with 4586 additions and 3251 deletions
+2
View File
@@ -38,3 +38,5 @@ stack-screenrc
userrc_early
AUTHORS
ChangeLog
tools/dbcounter/build/
tools/dbcounter/dbcounter.egg-info/
+278 -126
View File
@@ -1,16 +1,18 @@
- pragma:
# NOTE(gtema): this is required for the changes in SDK feature/r1 branch to
# be using devstack
# TODO(gtema): delete this once r1 branch is merged into master
implied-branches:
- master
- feature/r1
- nodeset:
name: openstack-single-node
name: openstack-single-node-jammy
nodes:
- name: controller
label: ubuntu-xenial
label: ubuntu-jammy
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: openstack-single-node-noble
nodes:
- name: controller
label: ubuntu-noble
groups:
- name: tempest
nodes:
@@ -37,30 +39,10 @@
- controller
- nodeset:
name: openstack-single-node-xenial
name: devstack-single-node-centos-9-stream
nodes:
- name: controller
label: ubuntu-xenial
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: devstack-single-node-centos-7
nodes:
- name: controller
label: centos-7
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: devstack-single-node-centos-8-stream
nodes:
- name: controller
label: centos-8-stream
label: centos-9-stream
groups:
- name: tempest
nodes:
@@ -77,22 +59,105 @@
- controller
- nodeset:
name: devstack-single-node-fedora-latest
name: devstack-single-node-debian-bookworm
nodes:
- name: controller
label: fedora-34
label: debian-bookworm
groups:
- name: tempest
nodes:
- controller
# Note(sean-k-mooney): this is still used by horizon for
# horizon-integration-tests, horizon-integration-pytest and
# horizon-ui-pytest, remove when horizon is updated.
- nodeset:
name: devstack-single-node-debian-bullseye
nodes:
- name: controller
label: debian-bullseye
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: openstack-two-node
name: devstack-single-node-rockylinux-9
nodes:
- name: controller
label: ubuntu-xenial
label: rockylinux-9
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: openstack-two-node-centos-9-stream
nodes:
- name: controller
label: centos-9-stream
- name: compute1
label: ubuntu-xenial
label: centos-9-stream
groups:
# Node where tests are executed and test results collected
- name: tempest
nodes:
- controller
# Nodes running the compute service
- name: compute
nodes:
- controller
- compute1
# Nodes that are not the controller
- name: subnode
nodes:
- compute1
# Switch node for multinode networking setup
- name: switch
nodes:
- controller
# Peer nodes for multinode networking setup
- name: peers
nodes:
- compute1
- nodeset:
name: openstack-two-node-jammy
nodes:
- name: controller
label: ubuntu-jammy
- name: compute1
label: ubuntu-jammy
groups:
# Node where tests are executed and test results collected
- name: tempest
nodes:
- controller
# Nodes running the compute service
- name: compute
nodes:
- controller
- compute1
# Nodes that are not the controller
- name: subnode
nodes:
- compute1
# Switch node for multinode networking setup
- name: switch
nodes:
- controller
# Peer nodes for multinode networking setup
- name: peers
nodes:
- compute1
- nodeset:
name: openstack-two-node-noble
nodes:
- name: controller
label: ubuntu-noble
- name: compute1
label: ubuntu-noble
groups:
# Node where tests are executed and test results collected
- name: tempest
@@ -176,36 +241,6 @@
nodes:
- compute1
- nodeset:
name: openstack-two-node-xenial
nodes:
- name: controller
label: ubuntu-xenial
- name: compute1
label: ubuntu-xenial
groups:
# Node where tests are executed and test results collected
- name: tempest
nodes:
- controller
# Nodes running the compute service
- name: compute
nodes:
- controller
- compute1
# Nodes that are not the controller
- name: subnode
nodes:
- compute1
# Switch node for multinode networking setup
- name: switch
nodes:
- controller
# Peer nodes for multinode networking setup
- name: peers
nodes:
- compute1
- nodeset:
name: openstack-three-node-focal
nodes:
@@ -278,7 +313,7 @@
- job:
name: devstack-base
parent: multinode
parent: openstack-multinode-fips
abstract: true
description: |
Base abstract Devstack job.
@@ -293,7 +328,6 @@
required-projects:
- opendev.org/openstack/devstack
roles:
- zuul: opendev.org/openstack/devstack-gate
- zuul: opendev.org/openstack/openstack-zuul-jobs
vars:
devstack_localrc:
@@ -327,8 +361,10 @@
'{{ devstack_log_dir }}/devstacklog.txt.summary': logs
'{{ devstack_log_dir }}/tcpdump.pcap': logs
'{{ devstack_log_dir }}/worlddump-latest.txt': logs
'{{ devstack_log_dir }}/qemu.coredump': logs
'{{ devstack_full_log}}': logs
'{{ stage_dir }}/verify_tempest_conf.log': logs
'{{ stage_dir }}/performance.json': logs
'{{ stage_dir }}/apache': logs
'{{ stage_dir }}/apache_config': logs
'{{ stage_dir }}/etc': logs
@@ -337,6 +373,7 @@
/var/log/mysql: logs
/var/log/libvirt: logs
/etc/libvirt: logs
/etc/lvm: logs
/etc/sudoers: logs
/etc/sudoers.d: logs
'{{ stage_dir }}/iptables.txt': logs
@@ -347,6 +384,7 @@
'{{ stage_dir }}/rpm-qa.txt': logs
'{{ stage_dir }}/core': logs
'{{ stage_dir }}/listen53.txt': logs
'{{ stage_dir }}/services.txt': logs
'{{ stage_dir }}/deprecations.log': logs
'{{ stage_dir }}/audit.log': logs
/etc/ceph: logs
@@ -394,6 +432,8 @@
- ^releasenotes/.*$
# Translations
- ^.*/locale/.*po$
# pre-commit config
- ^.pre-commit-config.yaml$
- job:
name: devstack-minimal
@@ -401,7 +441,7 @@
description: |
Minimal devstack base job, intended for use by jobs that need
less than the normal minimum set of required-projects.
nodeset: openstack-single-node-focal
nodeset: openstack-single-node-jammy
required-projects:
- opendev.org/openstack/requirements
vars:
@@ -412,17 +452,21 @@
PUBLIC_BRIDGE_MTU: '{{ external_bridge_mtu }}'
devstack_services:
# Shared services
dstat: true
dstat: false
etcd3: true
memory_tracker: true
file_tracker: true
mysql: true
rabbit: true
openstack-cli-server: true
group-vars:
subnode:
devstack_services:
# Shared services
dstat: true
dstat: false
memory_tracker: true
file_tracker: true
openstack-cli-server: true
devstack_localrc:
# Multinode specific settings
HOST_IP: "{{ hostvars[inventory_hostname]['nodepool']['private_ipv4'] }}"
@@ -468,8 +512,17 @@
- opendev.org/openstack/nova
- opendev.org/openstack/placement
- opendev.org/openstack/swift
- opendev.org/openstack/os-test-images
timeout: 7200
vars:
# based on observation of the integrated gate
# tempest-integrated-compute was only using ~1.7GB of swap
# when zswap and the host turning are enabled that increase
# slightly to ~2GB. we are setting the swap size to 8GB to
# be safe and account for more complex scenarios.
# we should revisit this value after some time to see if we
# can reduce it.
configure_swap_size: 8192
devstack_localrc:
# Common OpenStack services settings
SWIFT_REPLICAS: 1
@@ -478,6 +531,26 @@
DEBUG_LIBVIRT_COREDUMPS: true
NOVA_VNC_ENABLED: true
OVN_DBS_LOG_LEVEL: dbg
# tune the host to optimize memory usage and hide io latency
# these setting will configure the kernel to treat the host page
# cache and swap with equal priority, and prefer deferring writes
# changing the default swappiness, dirty_ratio and
# the vfs_cache_pressure
ENABLE_SYSCTL_MEM_TUNING: true
# the net tuning optimizes ipv4 tcp fast open and config the default
# qdisk policy to pfifo_fast which effectively disable all qos.
# this minimizes the cpu load of the host network stack
ENABLE_SYSCTL_NET_TUNING: true
# zswap allows the kernel to compress pages in memory before swapping
# them to disk. this can reduce the amount of swap used and improve
# performance. effectively this trades a small amount of cpu for an
# increase in swap performance by reducing the amount of data
# written to disk. the overall speedup is proportional to the
# compression ratio and the speed of the swap device.
# NOTE: this option is ignored when not using nova with the libvirt
# virt driver.
NOVA_LIBVIRT_TB_CACHE_SIZE: 128
ENABLE_ZSWAP: true
devstack_local_conf:
post-config:
$NEUTRON_CONF:
@@ -487,9 +560,10 @@
# Core services enabled for this branch.
# This list replaces the test-matrix.
# Shared services
dstat: true
dstat: false
etcd3: true
memory_tracker: true
file_tracker: true
mysql: true
rabbit: true
tls-proxy: true
@@ -524,7 +598,6 @@
c-bak: true
c-sch: true
c-vol: true
cinder: true
# Services we don't need.
# This section is not really needed, it's for readability.
horizon: false
@@ -538,8 +611,9 @@
# Core services enabled for this branch.
# This list replaces the test-matrix.
# Shared services
dstat: true
dstat: false
memory_tracker: true
file_tracker: true
tls-proxy: true
# Nova services
n-cpu: true
@@ -569,16 +643,38 @@
Q_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
NOVA_VNC_ENABLED: true
ENABLE_CHASSIS_AS_GW: false
# tune the host to optimize memory usage and hide io latency
# these setting will configure the kernel to treat the host page
# cache and swap with equal priority, and prefer deferring writes
# changing the default swappiness, dirty_ratio and
# the vfs_cache_pressure
ENABLE_SYSCTL_MEM_TUNING: true
# the net tuning optimizes ipv4 tcp fast open and config the default
# qdisk policy to pfifo_fast which effectively disable all qos.
# this minimizes the cpu load of the host network stack
ENABLE_SYSCTL_NET_TUNING: true
# zswap allows the kernel to compress pages in memory before swapping
# them to disk. this can reduce the amount of swap used and improve
# performance. effectivly this trades a small amount of cpu for an
# increase in swap performance by reducing the amount of data
# written to disk. the overall speedup is porportional to the
# compression ratio and the speed of the swap device.
ENABLE_ZSWAP: true
# NOTE: this option is ignored when not using nova with the libvirt
# virt driver.
NOVA_LIBVIRT_TB_CACHE_SIZE: 128
- job:
name: devstack-ipv6
parent: devstack
description: |
Devstack single node job for integration gate with IPv6.
Devstack single node job for integration gate with IPv6,
all services and tunnels using IPv6 addresses.
vars:
devstack_localrc:
SERVICE_IP_VERSION: 6
SERVICE_HOST: ""
TUNNEL_IP_VERSION: 6
- job:
name: devstack-enforce-scope
@@ -587,14 +683,12 @@
This job runs the devstack with scope checks enabled.
vars:
devstack_localrc:
# Keep enabeling the services here to run with system scope
CINDER_ENFORCE_SCOPE: true
GLANCE_ENFORCE_SCOPE: true
ENFORCE_SCOPE: true
- job:
name: devstack-multinode
parent: devstack
nodeset: openstack-two-node-focal
nodeset: openstack-two-node-jammy
description: |
Simple multinode test to verify multinode functionality on devstack side.
This is not meant to be used as a parent job.
@@ -604,25 +698,95 @@
# and these platforms don't have the round-the-clock support to avoid
# becoming blockers in that situation.
- job:
name: devstack-platform-centos-8-stream
name: devstack-platform-centos-9-stream
parent: tempest-full-py3
description: CentOS 8 Stream platform test
nodeset: devstack-single-node-centos-8-stream
description: CentOS 9 Stream platform test
nodeset: devstack-single-node-centos-9-stream
timeout: 9000
voting: false
- job:
name: devstack-platform-debian-bookworm
parent: tempest-full-py3
description: Debian Bookworm platform test
nodeset: devstack-single-node-debian-bookworm
timeout: 9000
vars:
configure_swap_size: 4096
- job:
name: devstack-async
name: devstack-platform-rocky-blue-onyx
parent: tempest-full-py3
description: Async mode enabled
description: Rocky Linux 9 Blue Onyx platform test
nodeset: devstack-single-node-rockylinux-9
timeout: 9000
# NOTE(danms): This has been failing lately with some repository metadata
# errors. We're marking this as non-voting until it appears to have
# stabilized:
# https://zuul.openstack.org/builds?job_name=devstack-platform-rocky-blue-onyx&skip=0
voting: false
vars:
configure_swap_size: 4096
- job:
name: devstack-platform-ubuntu-noble
parent: tempest-full-py3
description: Ubuntu 24.04 LTS (noble) platform test
nodeset: openstack-single-node-noble
timeout: 9000
vars:
configure_swap_size: 8192
- job:
name: devstack-platform-ubuntu-jammy-ovn-source
parent: devstack-platform-ubuntu-jammy
description: Ubuntu 22.04 LTS (jammy) platform test (OVN from source)
voting: false
vars:
devstack_localrc:
DEVSTACK_PARALLEL: True
zuul_copy_output:
/opt/stack/async: logs
OVN_BUILD_FROM_SOURCE: True
OVN_BRANCH: "v21.06.0"
OVS_BRANCH: "a4b04276ab5934d087669ff2d191a23931335c87"
OVS_SYSCONFDIR: "/usr/local/etc/openvswitch"
- job:
name: devstack-platform-ubuntu-jammy-ovs
parent: tempest-full-py3
description: Ubuntu 22.04 LTS (jammy) platform test (OVS)
nodeset: openstack-single-node-jammy
voting: false
timeout: 9000
vars:
configure_swap_size: 8192
devstack_localrc:
Q_AGENT: openvswitch
Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
Q_ML2_TENANT_NETWORK_TYPE: vxlan
devstack_services:
# Disable OVN services
ovn-northd: false
ovn-controller: false
ovs-vswitchd: false
ovsdb-server: false
# Disable Neutron ML2/OVN services
q-ovn-metadata-agent: false
# Enable Neutron ML2/OVS services
q-agt: true
q-dhcp: true
q-l3: true
q-meta: true
q-metering: true
group-vars:
subnode:
devstack_services:
# Disable OVN services
ovn-controller: false
ovs-vswitchd: false
ovsdb-server: false
# Disable Neutron ML2/OVN services
q-ovn-metadata-agent: false
# Enable Neutron ML2/OVS services
q-agt: true
- job:
name: devstack-no-tls-proxy
@@ -635,23 +799,6 @@
devstack_services:
tls-proxy: false
- job:
name: devstack-platform-fedora-latest
parent: tempest-full-py3
description: Fedora latest platform test
nodeset: devstack-single-node-fedora-latest
voting: false
- job:
name: devstack-platform-fedora-latest-virt-preview
parent: tempest-full-py3
description: Fedora latest platform test using the virt-preview repo.
nodeset: devstack-single-node-fedora-latest
voting: false
vars:
devstack_localrc:
ENABLE_FEDORA_VIRT_PREVIEW_REPO: true
- job:
name: devstack-tox-base
parent: devstack
@@ -708,7 +855,7 @@
- job:
name: devstack-unit-tests
nodeset: ubuntu-focal
nodeset: ubuntu-jammy
description: |
Runs unit tests on devstack project.
@@ -725,9 +872,12 @@
- devstack
- devstack-ipv6
- devstack-enforce-scope
- devstack-platform-fedora-latest
- devstack-platform-centos-8-stream
- devstack-async
- devstack-platform-centos-9-stream
- devstack-platform-debian-bookworm
- devstack-platform-rocky-blue-onyx
- devstack-platform-ubuntu-jammy-ovn-source
- devstack-platform-ubuntu-jammy-ovs
- devstack-platform-ubuntu-noble
- devstack-multinode
- devstack-unit-tests
- openstack-tox-bashate
@@ -741,10 +891,6 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- neutron-linuxbridge-tempest:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- neutron-ovn-tempest-ovs-release:
voting: false
irrelevant-files:
@@ -771,6 +917,11 @@
jobs:
- devstack
- devstack-ipv6
- devstack-platform-debian-bookworm
- devstack-platform-ubuntu-noble
# NOTE(danms): Disabled due to instability, see comment in the job
# definition above.
# - devstack-platform-rocky-blue-onyx
- devstack-enforce-scope
- devstack-multinode
- devstack-unit-tests
@@ -779,10 +930,6 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- neutron-linuxbridge-tempest:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ironic-tempest-bios-ipmi-direct-tinyipa
- swift-dsvm-functional
- grenade:
@@ -806,7 +953,9 @@
# pruned.
#
# * nova-next: maintained by nova for unreleased/undefaulted
# things
# things, this job is not experimental but often is used to test
# things that are not yet production ready or to test what will be
# the new default after a deprecation period has ended.
# * neutron-fullstack-with-uwsgi: maintained by neutron for fullstack test
# when neutron-api is served by uwsgi, it's in exprimental for testing.
# the next cycle we can remove this job if things turn out to be
@@ -814,14 +963,10 @@
# * neutron-functional-with-uwsgi: maintained by neutron for functional
# test. Next cycle we can remove this one if things turn out to be
# stable engouh with uwsgi.
# * neutron-tempest-with-uwsgi: maintained by neutron for tempest test.
# * neutron-ovn-tempest-with-uwsgi: maintained by neutron for tempest test.
# Next cycle we can remove this if everything run out stable enough.
# * nova-multi-cell: maintained by nova and currently non-voting in the
# * nova-multi-cell: maintained by nova and now is voting in the
# check queue for nova changes but relies on devstack configuration
# * devstack-platform-fedora-latest-virt-preview: Maintained by lyarwood
# for Nova to allow early testing of the latest versions of Libvirt and
# QEMU. Should only graduate out of experimental if it ever moves into
# the check queue for Nova.
experimental:
jobs:
@@ -829,7 +974,7 @@
- nova-next
- neutron-fullstack-with-uwsgi
- neutron-functional-with-uwsgi
- neutron-tempest-with-uwsgi
- neutron-ovn-tempest-with-uwsgi
- devstack-plugin-ceph-tempest-py3:
irrelevant-files:
- ^.*\.rst$
@@ -850,8 +995,15 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- devstack-platform-fedora-latest-virt-preview
- devstack-no-tls-proxy
periodic:
jobs:
- devstack-no-tls-proxy
periodic-weekly:
jobs:
- devstack-platform-centos-9-stream
- devstack-platform-debian-bookworm
- devstack-platform-rocky-blue-onyx
- devstack-platform-ubuntu-jammy-ovn-source
- devstack-platform-ubuntu-jammy-ovs
- devstack-platform-ubuntu-noble
+4 -4
View File
@@ -4,7 +4,7 @@ from git source trees.
Goals
=====
* To quickly build dev OpenStack environments in a clean Ubuntu or Fedora
* To quickly build dev OpenStack environments in a clean Ubuntu or RockyLinux
environment
* To describe working configurations of OpenStack (which code branches
work together? what do config files look like for those branches?)
@@ -28,9 +28,9 @@ Versions
The DevStack master branch generally points to trunk versions of OpenStack
components. For older, stable versions, look for branches named
stable/[release] in the DevStack repo. For example, you can do the
following to create a Pike OpenStack cloud::
following to create a Zed OpenStack cloud::
git checkout stable/pike
git checkout stable/zed
./stack.sh
You can also pick specific OpenStack project releases by setting the appropriate
@@ -55,7 +55,7 @@ When the script finishes executing, you should be able to access OpenStack
endpoints, like so:
* Horizon: http://myhost/
* Keystone: http://myhost/identity/v2.0/
* Keystone: http://myhost/identity/v3/
We also provide an environment file that you can use to interact with your
cloud via CLI::
-1
View File
@@ -50,7 +50,6 @@ source $TOP_DIR/lib/placement
source $TOP_DIR/lib/cinder
source $TOP_DIR/lib/swift
source $TOP_DIR/lib/neutron
source $TOP_DIR/lib/neutron-legacy
set -o xtrace
-4
View File
@@ -4,8 +4,4 @@ Pygments
docutils
sphinx>=2.0.0,!=2.1.0 # BSD
openstackdocstheme>=2.2.1 # Apache-2.0
nwdiag
blockdiag
sphinxcontrib-blockdiag
sphinxcontrib-nwdiag
zuul-sphinx>=0.2.0
Binary file not shown.

After

Width:  |  Height:  |  Size: 10 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 13 KiB

+6 -6
View File
@@ -23,14 +23,14 @@
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = [ 'sphinx.ext.autodoc',
'zuul_sphinx',
'openstackdocstheme',
'sphinxcontrib.blockdiag',
'sphinxcontrib.nwdiag' ]
extensions = [
'sphinx.ext.autodoc',
'zuul_sphinx',
'openstackdocstheme',
]
# openstackdocstheme options
openstackdocs_repo_name = 'openstack-dev/devstack'
openstackdocs_repo_name = 'openstack/devstack'
openstackdocs_pdf_link = True
openstackdocs_bug_project = 'devstack'
openstackdocs_bug_tag = ''
+64 -17
View File
@@ -181,6 +181,9 @@ values that most often need to be set.
If the ``*_PASSWORD`` variables are not set here you will be prompted to
enter values for them by ``stack.sh``.
.. warning:: Only use alphanumeric characters in your passwords, as some
services fail to work when using special characters.
The network ranges must not overlap with any networks in use on the
host. Overlap is not uncommon as RFC-1918 'private' ranges are commonly
used for both the local networking and Nova's fixed and floating ranges.
@@ -279,7 +282,7 @@ number of days of old log files to keep.
::
LOGDAYS=1
LOGDAYS=2
Some coloring is used during the DevStack runs to make it easier to
see what is going on. This can be disabled with::
@@ -521,8 +524,8 @@ behavior:
can be configured with any valid IPv6 prefix. The default values make
use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC4193.
Service Version
~~~~~~~~~~~~~~~
Service IP Version
~~~~~~~~~~~~~~~~~~
DevStack can enable service operation over either IPv4 or IPv6 by
setting ``SERVICE_IP_VERSION`` to either ``SERVICE_IP_VERSION=4`` or
@@ -542,6 +545,27 @@ optionally be used to alter the default IPv6 address::
HOST_IPV6=${some_local_ipv6_address}
Tunnel IP Version
~~~~~~~~~~~~~~~~~
DevStack can enable tunnel operation over either IPv4 or IPv6 by
setting ``TUNNEL_IP_VERSION`` to either ``TUNNEL_IP_VERSION=4`` or
``TUNNEL_IP_VERSION=6`` respectively.
When set to ``4`` Neutron will use an IPv4 address for tunnel endpoints,
for example, ``HOST_IP``.
When set to ``6`` Neutron will use an IPv6 address for tunnel endpoints,
for example, ``HOST_IPV6``.
The default value for this setting is ``4``. Dual-mode support, for
example ``4+6`` is not supported, as this value must match the address
family of the local tunnel endpoint IP(v6) address.
The value of ``TUNNEL_IP_VERSION`` has a direct relationship to the
setting of ``TUNNEL_ENDPOINT_IP``, which will default to ``HOST_IP``
when set to ``4``, and ``HOST_IPV6`` when set to ``6``.
Multi-node setup
~~~~~~~~~~~~~~~~
@@ -615,7 +639,7 @@ tests can be run as follows:
::
$ cd /opt/stack/tempest
$ tox -efull tempest.scenario.test_network_basic_ops
$ tox -e smoke
By default tempest is downloaded and the config file is generated, but the
tempest package is not installed in the system's global site-packages (the
@@ -642,6 +666,41 @@ with ``VOLUME_BACKING_FILE_SIZE``.
VOLUME_NAME_PREFIX="volume-"
VOLUME_BACKING_FILE_SIZE=24G
When running highly concurrent tests, the default per-project quotas
for volumes, backups, or snapshots may be too small. These can be
adjusted by setting ``CINDER_QUOTA_VOLUMES``, ``CINDER_QUOTA_BACKUPS``,
or ``CINDER_QUOTA_SNAPSHOTS`` to the desired value. (The default for
each is 10.)
DevStack's Cinder LVM configuration module currently supports both iSCSI and
NVMe connections, and we can choose which one to use with options
``CINDER_TARGET_HELPER``, ``CINDER_TARGET_PROTOCOL``, ``CINDER_TARGET_PREFIX``,
and ``CINDER_TARGET_PORT``.
Defaults use iSCSI with the LIO target manager::
CINDER_TARGET_HELPER="lioadm"
CINDER_TARGET_PROTOCOL="iscsi"
CINDER_TARGET_PREFIX="iqn.2010-10.org.openstack:"
CINDER_TARGET_PORT=3260
Additionally there are 3 supported transport protocols for NVMe,
``nvmet_rdma``, ``nvmet_tcp``, and ``nvmet_fc``, and when the ``nvmet`` target
is selected the protocol, prefix, and port defaults will change to more
sensible defaults for NVMe::
CINDER_TARGET_HELPER="nvmet"
CINDER_TARGET_PROTOCOL="nvmet_rdma"
CINDER_TARGET_PREFIX="nvme-subsystem-1"
CINDER_TARGET_PORT=4420
When selecting the RDMA transport protocol DevStack will create on Cinder nodes
a Software RoCE device on top of the ``HOST_IP_IFACE`` and if it is not defined
then on top of the interface with IP address ``HOST_IP`` or ``HOST_IPV6``.
This Soft-RoCE device will always be created on the Nova compute side since we
cannot tell beforehand whether there will be an RDMA connection or not.
Keystone
~~~~~~~~
@@ -666,7 +725,6 @@ In RegionTwo:
disable_service horizon
KEYSTONE_SERVICE_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
KEYSTONE_AUTH_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
REGION_NAME=RegionTwo
KEYSTONE_REGION_NAME=RegionOne
@@ -679,17 +737,6 @@ KEYSTONE_REGION_NAME to specify the region of Keystone service.
KEYSTONE_REGION_NAME has a default value the same as REGION_NAME thus we omit
it in the configuration of RegionOne.
Disabling Identity API v2
+++++++++++++++++++++++++
The Identity API v2 is deprecated as of Mitaka and it is recommended to only
use the v3 API. It is possible to setup keystone without v2 API, by doing:
::
ENABLE_IDENTITY_V2=False
Glance
++++++
@@ -704,7 +751,7 @@ or at runtime via:
::
openstack --os-cloud devstack-system-admin registered limit update \
openstack --os-cloud devstack-system-admin registered limit set \
--service glance --default-limit 5000 --region RegionOne image_size_total
.. _arch-configuration:
+3 -2
View File
@@ -42,8 +42,9 @@ Getting Your Patch Merged
~~~~~~~~~~~~~~~~~~~~~~~~~
All changes proposed to the Devstack require two ``Code-Review +2`` votes from
Devstack core reviewers before one of the core reviewers can approve the patch
by giving ``Workflow +1`` vote. One exception is for patches to unblock the gate
which can be approved by single core reviewers.
by giving ``Workflow +1`` vote. There are 2 exceptions, approving patches to
unblock the gate and patches that do not relate to the Devstack's core logic,
like for example old job cleanups, can be approved by single core reviewers.
Project Team Lead Duties
~~~~~~~~~~~~~~~~~~~~~~~~
+6
View File
@@ -20,6 +20,12 @@ provides consumption output when available memory is seen to be
falling (i.e. processes are consuming memory). It also provides
output showing locked (unswappable) memory.
file_tracker
------------
The ``file_tracker`` service periodically monitors the number of
open files in the system.
tcpdump
-------
+4 -4
View File
@@ -20,7 +20,7 @@ Walk through various setups used by stackers
guides/neutron
guides/devstack-with-nested-kvm
guides/nova
guides/devstack-with-lbaas-v2
guides/devstack-with-octavia
guides/devstack-with-ldap
All-In-One Single VM
@@ -69,10 +69,10 @@ Nova and devstack
Guide to working with nova features :doc:`Nova and devstack <guides/nova>`.
Configure Load-Balancer Version 2
-----------------------------------
Configure Octavia
-----------------
Guide on :doc:`Configure Load-Balancer Version 2 <guides/devstack-with-lbaas-v2>`.
Guide on :doc:`Configure Octavia <guides/devstack-with-octavia>`.
Deploying DevStack with LDAP
----------------------------
@@ -1,145 +0,0 @@
Devstack with Octavia Load Balancing
====================================
Starting with the OpenStack Pike release, Octavia is now a standalone service
providing load balancing services for OpenStack.
This guide will show you how to create a devstack with `Octavia API`_ enabled.
.. _Octavia API: https://docs.openstack.org/api-ref/load-balancer/v2/index.html
Phase 1: Create DevStack + 2 nova instances
--------------------------------------------
First, set up a vm of your choice with at least 8 GB RAM and 16 GB disk space,
make sure it is updated. Install git and any other developer tools you find
useful.
Install devstack
::
git clone https://opendev.org/openstack/devstack
cd devstack/tools
sudo ./create-stack-user.sh
cd ../..
sudo mv devstack /opt/stack
sudo chown -R stack.stack /opt/stack/devstack
This will clone the current devstack code locally, then setup the "stack"
account that devstack services will run under. Finally, it will move devstack
into its default location in /opt/stack/devstack.
Edit your ``/opt/stack/devstack/local.conf`` to look like
::
[[local|localrc]]
enable_plugin octavia https://opendev.org/openstack/octavia
# If you are enabling horizon, include the octavia dashboard
# enable_plugin octavia-dashboard https://opendev.org/openstack/octavia-dashboard.git
# If you are enabling barbican for TLS offload in Octavia, include it here.
# enable_plugin barbican https://opendev.org/openstack/barbican
# ===== BEGIN localrc =====
DATABASE_PASSWORD=password
ADMIN_PASSWORD=password
SERVICE_PASSWORD=password
SERVICE_TOKEN=password
RABBIT_PASSWORD=password
# Enable Logging
LOGFILE=$DEST/logs/stack.sh.log
VERBOSE=True
LOG_COLOR=True
# Pre-requisite
ENABLED_SERVICES=rabbit,mysql,key
# Horizon - enable for the OpenStack web GUI
# ENABLED_SERVICES+=,horizon
# Nova
ENABLED_SERVICES+=,n-api,n-crt,n-cpu,n-cond,n-sch,n-api-meta,n-sproxy
ENABLED_SERVICES+=,placement-api,placement-client
# Glance
ENABLED_SERVICES+=,g-api
# Neutron
ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta,neutron
ENABLED_SERVICES+=,octavia,o-cw,o-hk,o-hm,o-api
# Cinder
ENABLED_SERVICES+=,c-api,c-vol,c-sch
# Tempest
ENABLED_SERVICES+=,tempest
# Barbican - Optionally used for TLS offload in Octavia
# ENABLED_SERVICES+=,barbican
# ===== END localrc =====
Run stack.sh and do some sanity checks
::
sudo su - stack
cd /opt/stack/devstack
./stack.sh
. ./openrc
openstack network list # should show public and private networks
Create two nova instances that we can use as test http servers:
::
#create nova instances on private network
openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node1
openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node2
openstack server list # should show the nova instances just created
#add secgroup rules to allow ssh etc..
openstack security group rule create default --protocol icmp
openstack security group rule create default --protocol tcp --dst-port 22:22
openstack security group rule create default --protocol tcp --dst-port 80:80
Set up a simple web server on each of these instances. ssh into each instance (username 'cirros', password 'cubswin:)' or 'gocubsgo') and run
::
MYIP=$(ifconfig eth0|grep 'inet addr'|awk -F: '{print $2}'| awk '{print $1}')
while true; do echo -e "HTTP/1.0 200 OK\r\n\r\nWelcome to $MYIP" | sudo nc -l -p 80 ; done&
Phase 2: Create your load balancer
----------------------------------
Make sure you have the 'openstack loadbalancer' commands:
::
pip install python-octaviaclient
Create your load balancer:
::
openstack loadbalancer create --name lb1 --vip-subnet-id private-subnet
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer listener create --protocol HTTP --protocol-port 80 --name listener1 lb1
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer pool create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer healthmonitor create --delay 5 --timeout 2 --max-retries 1 --type HTTP pool1
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer member create --subnet-id private-subnet --address <web server 1 address> --protocol-port 80 pool1
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer member create --subnet-id private-subnet --address <web server 2 address> --protocol-port 80 pool1
Please note: The <web server # address> fields are the IP addresses of the nova
servers created in Phase 1.
Also note, using the API directly you can do all of the above commands in one
API call.
Phase 3: Test your load balancer
--------------------------------
::
openstack loadbalancer show lb1 # Note the vip_address
curl http://<vip_address>
curl http://<vip_address>
This should show the "Welcome to <IP>" message from each member server.
@@ -1,3 +1,5 @@
.. _kvm_nested_virt:
=======================================================
Configure DevStack with KVM-based Nested Virtualization
=======================================================
+144
View File
@@ -0,0 +1,144 @@
Devstack with Octavia Load Balancing
====================================
Starting with the OpenStack Pike release, Octavia is now a standalone service
providing load balancing services for OpenStack.
This guide will show you how to create a devstack with `Octavia API`_ enabled.
.. _Octavia API: https://docs.openstack.org/api-ref/load-balancer/v2/index.html
Phase 1: Create DevStack + 2 nova instances
--------------------------------------------
First, set up a VM of your choice with at least 8 GB RAM and 16 GB disk space,
make sure it is updated. Install git and any other developer tools you find
useful.
Install devstack::
git clone https://opendev.org/openstack/devstack
cd devstack/tools
sudo ./create-stack-user.sh
cd ../..
sudo mv devstack /opt/stack
sudo chown -R stack.stack /opt/stack/devstack
This will clone the current devstack code locally, then setup the "stack"
account that devstack services will run under. Finally, it will move devstack
into its default location in /opt/stack/devstack.
Edit your ``/opt/stack/devstack/local.conf`` to look like::
[[local|localrc]]
# ===== BEGIN localrc =====
DATABASE_PASSWORD=password
ADMIN_PASSWORD=password
SERVICE_PASSWORD=password
SERVICE_TOKEN=password
RABBIT_PASSWORD=password
GIT_BASE=https://opendev.org
# Optional settings:
# OCTAVIA_AMP_BASE_OS=centos
# OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID=9-stream
# OCTAVIA_AMP_IMAGE_SIZE=3
# OCTAVIA_LB_TOPOLOGY=ACTIVE_STANDBY
# OCTAVIA_ENABLE_AMPHORAV2_JOBBOARD=True
# LIBS_FROM_GIT+=octavia-lib,
# Enable Logging
LOGFILE=$DEST/logs/stack.sh.log
VERBOSE=True
LOG_COLOR=True
enable_service rabbit
enable_plugin neutron $GIT_BASE/openstack/neutron
# Octavia supports using QoS policies on the VIP port:
enable_service q-qos
enable_service placement-api placement-client
# Octavia services
enable_plugin octavia $GIT_BASE/openstack/octavia master
enable_plugin octavia-dashboard $GIT_BASE/openstack/octavia-dashboard
enable_plugin ovn-octavia-provider $GIT_BASE/openstack/ovn-octavia-provider
enable_plugin octavia-tempest-plugin $GIT_BASE/openstack/octavia-tempest-plugin
enable_service octavia o-api o-cw o-hm o-hk o-da
# If you are enabling barbican for TLS offload in Octavia, include it here.
# enable_plugin barbican $GIT_BASE/openstack/barbican
# enable_service barbican
# Cinder (optional)
disable_service c-api c-vol c-sch
# Tempest
enable_service tempest
# ===== END localrc =====
.. note::
For best performance it is highly recommended to use KVM
virtualization instead of QEMU.
Also make sure nested virtualization is enabled as documented in
:ref:`the respective guide <kvm_nested_virt>`.
By adding ``LIBVIRT_CPU_MODE="host-passthrough"`` to your
``local.conf`` you enable the guest VMs to make use of all features your
host's CPU provides.
Run stack.sh and do some sanity checks::
sudo su - stack
cd /opt/stack/devstack
./stack.sh
. ./openrc
openstack network list # should show public and private networks
Create two nova instances that we can use as test http servers::
# create nova instances on private network
openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node1
openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node2
openstack server list # should show the nova instances just created
# add secgroup rules to allow ssh etc..
openstack security group rule create default --protocol icmp
openstack security group rule create default --protocol tcp --dst-port 22:22
openstack security group rule create default --protocol tcp --dst-port 80:80
Set up a simple web server on each of these instances. One possibility is to use
the `Golang test server`_ that is used by the Octavia project for CI testing
as well.
Copy the binary to your instances and start it as shown below
(username 'cirros', password 'gocubsgo')::
INST_IP=<instance IP>
scp -O test_server.bin cirros@${INST_IP}:
ssh -f cirros@${INST_IP} ./test_server.bin -id ${INST_IP}
When started this way the test server will respond to HTTP requests with
its own IP.
Phase 2: Create your load balancer
----------------------------------
Create your load balancer::
openstack loadbalancer create --wait --name lb1 --vip-subnet-id private-subnet
openstack loadbalancer listener create --wait --protocol HTTP --protocol-port 80 --name listener1 lb1
openstack loadbalancer pool create --wait --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
openstack loadbalancer healthmonitor create --wait --delay 5 --timeout 2 --max-retries 1 --type HTTP pool1
openstack loadbalancer member create --wait --subnet-id private-subnet --address <web server 1 address> --protocol-port 80 pool1
openstack loadbalancer member create --wait --subnet-id private-subnet --address <web server 2 address> --protocol-port 80 pool1
Please note: The <web server # address> fields are the IP addresses of the nova
servers created in Phase 1.
Also note, using the API directly you can do all of the above commands in one
API call.
Phase 3: Test your load balancer
--------------------------------
::
openstack loadbalancer show lb1 # Note the vip_address
curl http://<vip_address>
curl http://<vip_address>
This should show the "Welcome to <IP>" message from each member server.
.. _Golang test server: https://opendev.org/openstack/octavia-tempest-plugin/src/branch/master/octavia_tempest_plugin/contrib/test_server
+11 -3
View File
@@ -75,13 +75,21 @@ Otherwise create the stack user:
useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
::
chmod +x /opt/stack
This user will be making many changes to your system during installation
and operation so it needs to have sudo privileges to root without a
password:
::
echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
From here on use the ``stack`` user. **Logout** and **login** as the
``stack`` user.
@@ -169,7 +177,7 @@ machines, create a ``local.conf`` with:
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
GLANCE_HOSTPORT=$SERVICE_HOST:9292
ENABLED_SERVICES=n-cpu,q-agt,c-vol,placement-client
ENABLED_SERVICES=n-cpu,c-vol,placement-client,ovn-controller,ovs-vswitchd,ovsdb-server,q-ovn-metadata-agent
NOVA_VNC_ENABLED=True
NOVNCPROXY_URL="http://$SERVICE_HOST:6080/vnc_lite.html"
VNCSERVER_LISTEN=$HOST_IP
@@ -395,7 +403,7 @@ SSH keys need to be exchanged between each compute node:
3. Verify that login via ssh works without a password::
ssh -i /root/.ssh/id_rsa.pub stack@DESTINATION
ssh -i /root/.ssh/id_rsa stack@DESTINATION
In essence, this means that every compute node's root user's public RSA key
must exist in every other compute node's stack user's authorized_keys file and
+6 -54
View File
@@ -41,19 +41,8 @@ network and is on a shared subnet with other machines. The
`local.conf` exhibited here assumes that 1500 is a reasonable MTU to
use on that network.
.. nwdiag::
nwdiag {
inet [ shape = cloud ];
router;
inet -- router;
network hardware_network {
address = "172.18.161.0/24"
router [ address = "172.18.161.1" ];
devstack-1 [ address = "172.18.161.6" ];
}
}
.. image:: /assets/images/neutron-network-1.png
:alt: Network configuration for a single DevStack node
DevStack Configuration
@@ -100,21 +89,8 @@ also want to do multinode testing and networking.
Physical Network Setup
~~~~~~~~~~~~~~~~~~~~~~
.. nwdiag::
nwdiag {
inet [ shape = cloud ];
router;
inet -- router;
network hardware_network {
address = "172.18.161.0/24"
router [ address = "172.18.161.1" ];
devstack-1 [ address = "172.18.161.6" ];
devstack-2 [ address = "172.18.161.7" ];
}
}
.. image:: /assets/images/neutron-network-2.png
:alt: Network configuration for multiple DevStack nodes
After DevStack installs and configures Neutron, traffic from guest VMs
flows out of `devstack-2` (the compute node) and is encapsulated in a
@@ -222,8 +198,6 @@ connect OpenStack nodes (like `devstack-2`) together. This bridge is
used so that project network traffic, using the VXLAN tunneling
protocol, flows between each compute node where project instances run.
DevStack Compute Configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -268,30 +242,8 @@ to the neutron L3 service.
Physical Network Setup
----------------------
.. nwdiag::
nwdiag {
inet [ shape = cloud ];
router;
inet -- router;
network provider_net {
address = "203.0.113.0/24"
router [ address = "203.0.113.1" ];
controller;
compute1;
compute2;
}
network control_plane {
router [ address = "10.0.0.1" ]
address = "10.0.0.0/24"
controller [ address = "10.0.0.2" ]
compute1 [ address = "10.0.0.3" ]
compute2 [ address = "10.0.0.4" ]
}
}
.. image:: /assets/images/neutron-network-3.png
:alt: Network configuration for provider networks
On a compute node, the first interface, eth0 is used for the OpenStack
management (API, message bus, etc) as well as for ssh for an
+1 -1
View File
@@ -122,7 +122,7 @@ when creating the server, for example:
.. code-block:: shell
$ openstack --os-compute-api-version 2.37 server create --flavor cirros256 \
--image cirros-0.3.5-x86_64-disk --nic none --wait test-server
--image cirros-0.6.3-x86_64-disk --nic none --wait test-server
.. note:: ``--os-compute-api-version`` greater than or equal to 2.37 is
required to use ``--nic=none``.
+12 -1
View File
@@ -49,13 +49,21 @@ below)
$ sudo useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
.. code-block:: console
$ sudo chmod +x /opt/stack
Since this user will be making many changes to your system, it will need
to have sudo privileges:
.. code-block:: console
$ apt-get install sudo -y || yum install -y sudo
$ echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
$ echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
.. note:: On some systems you may need to use ``sudo visudo``.
@@ -98,6 +106,9 @@ do the following:
- Set the service password. This is used by the OpenStack services
(Nova, Glance, etc) to authenticate with Keystone.
.. warning:: Only use alphanumeric characters in your passwords, as some
services fail to work when using special characters.
``local.conf`` should look something like this:
.. code-block:: ini
+18 -5
View File
@@ -37,10 +37,10 @@ Install Linux
-------------
Start with a clean and minimal install of a Linux system. DevStack
attempts to support the two latest LTS releases of Ubuntu, the
latest/current Fedora version, CentOS/RHEL 8 and OpenSUSE.
attempts to support the two latest LTS releases of Ubuntu,
Rocky Linux 9 and openEuler.
If you do not have a preference, Ubuntu 20.04 (Focal Fossa) is the
If you do not have a preference, Ubuntu 22.04 (Jammy) is the
most tested, and will probably go the smoothest.
Add Stack User (optional)
@@ -57,6 +57,14 @@ to run DevStack with
$ sudo useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
.. code-block:: console
$ sudo chmod +x /opt/stack
Since this user will be making many changes to your system, it should
have sudo privileges:
@@ -93,7 +101,10 @@ devstack git repo.
This is the minimum required config to get started with DevStack.
.. note:: There is a sample :download:`local.conf </assets/local.conf>` file
under the *samples* directory in the devstack repository.
under the *samples* directory in the devstack repository.
.. warning:: Only use alphanumeric characters in your passwords, as some
services fail to work when using special characters.
Start the install
-----------------
@@ -102,7 +113,7 @@ Start the install
$ ./stack.sh
This will take a 15 - 20 minutes, largely depending on the speed of
This will take 15 - 30 minutes, largely depending on the speed of
your internet connection. Many git trees and packages will be
installed during this process.
@@ -122,6 +133,8 @@ there.
You can ``source openrc`` in your shell, and then use the
``openstack`` command line tool to manage your devstack.
You can :ref:`create a VM and SSH into it <ssh>`.
You can ``cd /opt/stack/tempest`` and run tempest tests that have
been configured to work with your devstack.
+123 -1
View File
@@ -68,7 +68,7 @@ Shared Guest Interface
.. warning::
This is not a recommended configuration. Because of interactions
between ovs and bridging, if you reboot your box with active
between OVS and bridging, if you reboot your box with active
networking you may lose network connectivity to your system.
If you need your guests accessible on the network, but only have 1
@@ -114,3 +114,125 @@ For IPv6, ``FIXED_RANGE_V6`` will default to the first /64 of the value of
``FIXED_RANGE_V6`` will just use the value of that directly.
``SUBNETPOOL_PREFIX_V6`` will just default to the value of
``IPV6_ADDRS_SAFE_TO_USE`` directly.
.. _ssh:
SSH access to instances
=======================
To validate connectivity, you can create an instance using the
``$PRIVATE_NETWORK_NAME`` network (default: ``private``), create a floating IP
using the ``$PUBLIC_NETWORK_NAME`` network (default: ``public``), and attach
this floating IP to the instance:
.. code-block:: shell
openstack keypair create --public-key ~/.ssh/id_rsa.pub test-keypair
openstack server create --network private --key-name test-keypair ... test-server
fip_id=$(openstack floating ip create public -f value -c id)
openstack server add floating ip test-server ${fip_id}
Once done, ensure you have enabled SSH and ICMP (ping) access for the security
group used for the instance. You can either create a custom security group and
specify it when creating the instance or add it after creation, or you can
modify the ``default`` security group created by default for each project.
Let's do the latter:
.. code-block:: shell
openstack security group rule create --proto icmp --dst-port 0 default
openstack security group rule create --proto tcp --dst-port 22 default
Finally, SSH into the instance. If you used the Cirros instance uploaded by
default, then you can run the following:
.. code-block:: shell
openstack server ssh test-server -- -l cirros
This will connect using the ``cirros`` user and the keypair you configured when
creating the instance.
Remote SSH access to instances
==============================
You can also SSH to created instances on your DevStack host from other hosts.
This can be helpful if you are e.g. deploying DevStack in a VM on an existing
cloud and wish to do development on your local machine. There are a few ways to
do this.
.. rubric:: Configure instances to be locally accessible
The most obvious way is to configure guests to be locally accessible, as
described `above <Locally Accessible Guests>`__. This has the advantage of
requiring no further effort on the client. However, it is more involved and
requires either support from your cloud or some inadvisable workarounds.
.. rubric:: Use your DevStack host as a jump host
You can choose to use your DevStack host as a jump host. To SSH to a instance
this way, pass the standard ``-J`` option to the ``openstack ssh`` / ``ssh``
command. For example:
.. code-block::
openstack server ssh test-server -- -l cirros -J username@devstack-host
(where ``test-server`` is name of an existing instance, as described
:ref:`previously <ssh>`, and ``username`` and ``devstack-host`` are the
username and hostname of your DevStack host).
This can also be configured via your ``~/.ssh/config`` file, making it rather
effortless. However, it only allows SSH access. If you want to access e.g. a
web application on the instance, you will need to configure an SSH tunnel and
forward select ports using the ``-L`` option. For example, to forward HTTP
traffic:
.. code-block::
openstack server ssh test-server -- -l cirros -L 8080:username@devstack-host:80
(where ``test-server`` is name of an existing instance, as described
:ref:`previously <ssh>`, and ``username`` and ``devstack-host`` are the
username and hostname of your DevStack host).
As you can imagine, this can quickly get out of hand, particularly for more
complex guest applications with multiple ports.
.. rubric:: Use a proxy or VPN tool
You can use a proxy or VPN tool to enable tunneling for the floating IP
address range of the ``$PUBLIC_NETWORK_NAME`` network (default: ``public``)
defined by ``$FLOATING_RANGE`` (default: ``172.24.4.0/24``). There are many
such tools available to do this. For example, we could use a useful utility
called `shuttle`__. To enable tunneling using ``shuttle``, first ensure you
have allowed SSH and HTTP(S) traffic to your DevStack host. Allowing HTTP(S)
traffic is necessary so you can use the OpenStack APIs remotely. How you do
this will depend on where your DevStack host is running. Once this is done,
install ``sshuttle`` on your localhost:
.. code-block:: bash
sudo apt-get install sshuttle || yum install sshuttle
Finally, start ``sshuttle`` on your localhost using the floating IP address
range. For example, assuming you are using the default value for
``$FLOATING_RANGE``, you can do:
.. code-block:: bash
sshuttle -r username@devstack-host 172.24.4.0/24
(where ``username`` and ``devstack-host`` are the username and hostname of your
DevStack host).
You should now be able to create an instance and SSH into it:
.. code-block:: bash
openstack server ssh test-server -- -l cirros
(where ``test-server`` is name of an existing instance, as described
:ref:`previously <ssh>`)
.. __: https://github.com/sshuttle/sshuttle
+2 -3
View File
@@ -23,13 +23,12 @@ strategy to include the latest Ubuntu release and the latest RHEL
release.*
- Ubuntu: current LTS release plus current development release
- Fedora: current release plus previous release
- RHEL/CentOS: current major release
- RHEL/CentOS/RockyLinux: current major release
- Other OS platforms may continue to be included but the maintenance of
those platforms shall not be assumed simply due to their presence.
Having a listed point-of-contact for each additional OS will greatly
increase its chance of being well-maintained.
- Patches for Ubuntu and/or Fedora will not be held up due to
- Patches for Ubuntu and/or RockyLinux will not be held up due to
side-effects on other OS platforms.
Databases
+8 -19
View File
@@ -24,14 +24,10 @@ official OpenStack projects.
======================================== ===
Plugin Name URL
======================================== ===
inspur/venus `https://opendev.org/inspur/venus <https://opendev.org/inspur/venus>`__
inspur/venus-dashboard `https://opendev.org/inspur/venus-dashboard <https://opendev.org/inspur/venus-dashboard>`__
openstack/aodh `https://opendev.org/openstack/aodh <https://opendev.org/openstack/aodh>`__
openstack/barbican `https://opendev.org/openstack/barbican <https://opendev.org/openstack/barbican>`__
openstack/blazar `https://opendev.org/openstack/blazar <https://opendev.org/openstack/blazar>`__
openstack/ceilometer `https://opendev.org/openstack/ceilometer <https://opendev.org/openstack/ceilometer>`__
openstack/ceilometer-powervm `https://opendev.org/openstack/ceilometer-powervm <https://opendev.org/openstack/ceilometer-powervm>`__
openstack/cinderlib `https://opendev.org/openstack/cinderlib <https://opendev.org/openstack/cinderlib>`__
openstack/cloudkitty `https://opendev.org/openstack/cloudkitty <https://opendev.org/openstack/cloudkitty>`__
openstack/cyborg `https://opendev.org/openstack/cyborg <https://opendev.org/openstack/cyborg>`__
openstack/designate `https://opendev.org/openstack/designate <https://opendev.org/openstack/designate>`__
@@ -41,7 +37,6 @@ openstack/devstack-plugin-container `https://opendev.org/openstack/devstack
openstack/devstack-plugin-kafka `https://opendev.org/openstack/devstack-plugin-kafka <https://opendev.org/openstack/devstack-plugin-kafka>`__
openstack/devstack-plugin-nfs `https://opendev.org/openstack/devstack-plugin-nfs <https://opendev.org/openstack/devstack-plugin-nfs>`__
openstack/devstack-plugin-open-cas `https://opendev.org/openstack/devstack-plugin-open-cas <https://opendev.org/openstack/devstack-plugin-open-cas>`__
openstack/ec2-api `https://opendev.org/openstack/ec2-api <https://opendev.org/openstack/ec2-api>`__
openstack/freezer `https://opendev.org/openstack/freezer <https://opendev.org/openstack/freezer>`__
openstack/freezer-api `https://opendev.org/openstack/freezer-api <https://opendev.org/openstack/freezer-api>`__
openstack/freezer-tempest-plugin `https://opendev.org/openstack/freezer-tempest-plugin <https://opendev.org/openstack/freezer-tempest-plugin>`__
@@ -53,9 +48,7 @@ openstack/ironic-inspector `https://opendev.org/openstack/ironic-i
openstack/ironic-prometheus-exporter `https://opendev.org/openstack/ironic-prometheus-exporter <https://opendev.org/openstack/ironic-prometheus-exporter>`__
openstack/ironic-ui `https://opendev.org/openstack/ironic-ui <https://opendev.org/openstack/ironic-ui>`__
openstack/keystone `https://opendev.org/openstack/keystone <https://opendev.org/openstack/keystone>`__
openstack/kuryr-kubernetes `https://opendev.org/openstack/kuryr-kubernetes <https://opendev.org/openstack/kuryr-kubernetes>`__
openstack/kuryr-libnetwork `https://opendev.org/openstack/kuryr-libnetwork <https://opendev.org/openstack/kuryr-libnetwork>`__
openstack/kuryr-tempest-plugin `https://opendev.org/openstack/kuryr-tempest-plugin <https://opendev.org/openstack/kuryr-tempest-plugin>`__
openstack/magnum `https://opendev.org/openstack/magnum <https://opendev.org/openstack/magnum>`__
openstack/magnum-ui `https://opendev.org/openstack/magnum-ui <https://opendev.org/openstack/magnum-ui>`__
openstack/manila `https://opendev.org/openstack/manila <https://opendev.org/openstack/manila>`__
@@ -66,41 +59,37 @@ openstack/mistral `https://opendev.org/openstack/mistral
openstack/monasca-api `https://opendev.org/openstack/monasca-api <https://opendev.org/openstack/monasca-api>`__
openstack/monasca-events-api `https://opendev.org/openstack/monasca-events-api <https://opendev.org/openstack/monasca-events-api>`__
openstack/monasca-tempest-plugin `https://opendev.org/openstack/monasca-tempest-plugin <https://opendev.org/openstack/monasca-tempest-plugin>`__
openstack/murano `https://opendev.org/openstack/murano <https://opendev.org/openstack/murano>`__
openstack/networking-bagpipe `https://opendev.org/openstack/networking-bagpipe <https://opendev.org/openstack/networking-bagpipe>`__
openstack/networking-baremetal `https://opendev.org/openstack/networking-baremetal <https://opendev.org/openstack/networking-baremetal>`__
openstack/networking-bgpvpn `https://opendev.org/openstack/networking-bgpvpn <https://opendev.org/openstack/networking-bgpvpn>`__
openstack/networking-generic-switch `https://opendev.org/openstack/networking-generic-switch <https://opendev.org/openstack/networking-generic-switch>`__
openstack/networking-hyperv `https://opendev.org/openstack/networking-hyperv <https://opendev.org/openstack/networking-hyperv>`__
openstack/networking-odl `https://opendev.org/openstack/networking-odl <https://opendev.org/openstack/networking-odl>`__
openstack/networking-powervm `https://opendev.org/openstack/networking-powervm <https://opendev.org/openstack/networking-powervm>`__
openstack/networking-sfc `https://opendev.org/openstack/networking-sfc <https://opendev.org/openstack/networking-sfc>`__
openstack/neutron `https://opendev.org/openstack/neutron <https://opendev.org/openstack/neutron>`__
openstack/neutron-dynamic-routing `https://opendev.org/openstack/neutron-dynamic-routing <https://opendev.org/openstack/neutron-dynamic-routing>`__
openstack/neutron-fwaas `https://opendev.org/openstack/neutron-fwaas <https://opendev.org/openstack/neutron-fwaas>`__
openstack/neutron-fwaas-dashboard `https://opendev.org/openstack/neutron-fwaas-dashboard <https://opendev.org/openstack/neutron-fwaas-dashboard>`__
openstack/neutron-tempest-plugin `https://opendev.org/openstack/neutron-tempest-plugin <https://opendev.org/openstack/neutron-tempest-plugin>`__
openstack/neutron-vpnaas `https://opendev.org/openstack/neutron-vpnaas <https://opendev.org/openstack/neutron-vpnaas>`__
openstack/neutron-vpnaas-dashboard `https://opendev.org/openstack/neutron-vpnaas-dashboard <https://opendev.org/openstack/neutron-vpnaas-dashboard>`__
openstack/nova-powervm `https://opendev.org/openstack/nova-powervm <https://opendev.org/openstack/nova-powervm>`__
openstack/nova `https://opendev.org/openstack/nova <https://opendev.org/openstack/nova>`__
openstack/octavia `https://opendev.org/openstack/octavia <https://opendev.org/openstack/octavia>`__
openstack/octavia-dashboard `https://opendev.org/openstack/octavia-dashboard <https://opendev.org/openstack/octavia-dashboard>`__
openstack/octavia-tempest-plugin `https://opendev.org/openstack/octavia-tempest-plugin <https://opendev.org/openstack/octavia-tempest-plugin>`__
openstack/openstacksdk `https://opendev.org/openstack/openstacksdk <https://opendev.org/openstack/openstacksdk>`__
openstack/osprofiler `https://opendev.org/openstack/osprofiler <https://opendev.org/openstack/osprofiler>`__
openstack/oswin-tempest-plugin `https://opendev.org/openstack/oswin-tempest-plugin <https://opendev.org/openstack/oswin-tempest-plugin>`__
openstack/ovn-bgp-agent `https://opendev.org/openstack/ovn-bgp-agent <https://opendev.org/openstack/ovn-bgp-agent>`__
openstack/ovn-octavia-provider `https://opendev.org/openstack/ovn-octavia-provider <https://opendev.org/openstack/ovn-octavia-provider>`__
openstack/patrole `https://opendev.org/openstack/patrole <https://opendev.org/openstack/patrole>`__
openstack/rally-openstack `https://opendev.org/openstack/rally-openstack <https://opendev.org/openstack/rally-openstack>`__
openstack/sahara `https://opendev.org/openstack/sahara <https://opendev.org/openstack/sahara>`__
openstack/sahara-dashboard `https://opendev.org/openstack/sahara-dashboard <https://opendev.org/openstack/sahara-dashboard>`__
openstack/senlin `https://opendev.org/openstack/senlin <https://opendev.org/openstack/senlin>`__
openstack/shade `https://opendev.org/openstack/shade <https://opendev.org/openstack/shade>`__
openstack/solum `https://opendev.org/openstack/solum <https://opendev.org/openstack/solum>`__
openstack/skyline-apiserver `https://opendev.org/openstack/skyline-apiserver <https://opendev.org/openstack/skyline-apiserver>`__
openstack/storlets `https://opendev.org/openstack/storlets <https://opendev.org/openstack/storlets>`__
openstack/tacker `https://opendev.org/openstack/tacker <https://opendev.org/openstack/tacker>`__
openstack/tap-as-a-service `https://opendev.org/openstack/tap-as-a-service <https://opendev.org/openstack/tap-as-a-service>`__
openstack/telemetry-tempest-plugin `https://opendev.org/openstack/telemetry-tempest-plugin <https://opendev.org/openstack/telemetry-tempest-plugin>`__
openstack/trove `https://opendev.org/openstack/trove <https://opendev.org/openstack/trove>`__
openstack/trove-dashboard `https://opendev.org/openstack/trove-dashboard <https://opendev.org/openstack/trove-dashboard>`__
openstack/venus `https://opendev.org/openstack/venus <https://opendev.org/openstack/venus>`__
openstack/venus-dashboard `https://opendev.org/openstack/venus-dashboard <https://opendev.org/openstack/venus-dashboard>`__
openstack/vitrage `https://opendev.org/openstack/vitrage <https://opendev.org/openstack/vitrage>`__
openstack/vitrage-dashboard `https://opendev.org/openstack/vitrage-dashboard <https://opendev.org/openstack/vitrage-dashboard>`__
openstack/vitrage-tempest-plugin `https://opendev.org/openstack/vitrage-tempest-plugin <https://opendev.org/openstack/vitrage-tempest-plugin>`__
@@ -112,7 +101,6 @@ openstack/zaqar-ui `https://opendev.org/openstack/zaqar-ui
openstack/zun `https://opendev.org/openstack/zun <https://opendev.org/openstack/zun>`__
openstack/zun-ui `https://opendev.org/openstack/zun-ui <https://opendev.org/openstack/zun-ui>`__
performa/os-faults `https://opendev.org/performa/os-faults <https://opendev.org/performa/os-faults>`__
skyline/skyline-apiserver `https://opendev.org/skyline/skyline-apiserver <https://opendev.org/skyline/skyline-apiserver>`__
starlingx/config `https://opendev.org/starlingx/config <https://opendev.org/starlingx/config>`__
starlingx/fault `https://opendev.org/starlingx/fault <https://opendev.org/starlingx/fault>`__
starlingx/ha `https://opendev.org/starlingx/ha <https://opendev.org/starlingx/ha>`__
@@ -186,6 +174,7 @@ x/trio2o `https://opendev.org/x/trio2o <https://
x/valet `https://opendev.org/x/valet <https://opendev.org/x/valet>`__
x/vmware-nsx `https://opendev.org/x/vmware-nsx <https://opendev.org/x/vmware-nsx>`__
x/vmware-vspc `https://opendev.org/x/vmware-vspc <https://opendev.org/x/vmware-vspc>`__
x/whitebox-neutron-tempest-plugin `https://opendev.org/x/whitebox-neutron-tempest-plugin <https://opendev.org/x/whitebox-neutron-tempest-plugin>`__
======================================== ===
+1 -4
View File
@@ -238,14 +238,11 @@ package dependencies, packages may be listed at the following
locations in the top-level of the plugin repository:
- ``./devstack/files/debs/$plugin_name`` - Packages to install when running
on Ubuntu, Debian or Linux Mint.
on Ubuntu or Debian.
- ``./devstack/files/rpms/$plugin_name`` - Packages to install when running
on Red Hat, Fedora, or CentOS.
- ``./devstack/files/rpms-suse/$plugin_name`` - Packages to install when
running on SUSE Linux or openSUSE.
Although there a no plans to remove this method of installing
packages, plugins should consider it deprecated for ``bindep`` support
described below.
+25
View File
@@ -0,0 +1,25 @@
=======
Tempest
=======
`Tempest`_ is the OpenStack Integration test suite. It is installed by default
and is used to provide integration testing for many of the OpenStack services.
Just like DevStack itself, it is possible to extend Tempest with plugins. In
fact, many Tempest plugin packages also include DevStack plugin to do things
like pre-create required static resources.
The `Tempest documentation <Tempest>`_ provides a thorough guide to using
Tempest. However, if you simply wish to run the standard set of Tempest tests
against an existing deployment, you can do the following:
.. code-block:: shell
cd /opt/stack/tempest
/opt/stack/data/venv/bin/tempest run ...
The above assumes you have installed DevStack in the default location
(configured via the ``DEST`` configuration variable) and have enabled
virtualenv-based installation in the standard location (configured via the
``USE_VENV`` and ``VENV_DEST`` configuration variables, respectively).
.. _Tempest: https://docs.openstack.org/tempest/latest/
+1
View File
@@ -39,4 +39,5 @@
CustomLog /var/log/%APACHE_NAME%/horizon_access.log combined
</VirtualHost>
%WSGIPYTHONHOME%
WSGISocketPrefix /var/run/%APACHE_NAME%
+1 -25
View File
@@ -1,5 +1,4 @@
Listen %PUBLICPORT%
Listen %ADMINPORT%
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" keystone_combined
<Directory %KEYSTONE_BIN%>
@@ -20,24 +19,11 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
%SSLKEYFILE%
</VirtualHost>
<VirtualHost *:%ADMINPORT%>
WSGIDaemonProcess keystone-admin processes=3 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup keystone-admin
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%M"
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
%SSLENGINE%
%SSLCERTFILE%
%SSLKEYFILE%
</VirtualHost>
%SSLLISTEN%<VirtualHost *:443>
%SSLLISTEN% %SSLENGINE%
%SSLLISTEN% %SSLCERTFILE%
%SSLLISTEN% %SSLKEYFILE%
%SSLLISTEN% SSLProtocol -all +TLSv1.3 +TLSv1.2
%SSLLISTEN%</VirtualHost>
Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
@@ -49,13 +35,3 @@ Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
Alias /identity_admin %KEYSTONE_BIN%/keystone-wsgi-admin
<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
+1
View File
@@ -24,6 +24,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
%SSLLISTEN% %SSLENGINE%
%SSLLISTEN% %SSLCERTFILE%
%SSLLISTEN% %SSLKEYFILE%
%SSLLISTEN% SSLProtocol -all +TLSv1.3 +TLSv1.2
%SSLLISTEN%</VirtualHost>
Alias /networking %NEUTRON_BIN%/neutron-api
-2
View File
@@ -1,7 +1,5 @@
conntrack
curl
dnsmasq-base
dnsmasq-utils # for dhcp_release
ebtables
genisoimage # required for config_drive
iptables
+1
View File
@@ -2,5 +2,6 @@ curl
liberasurecode-dev
make
memcached
rsync
sqlite3
xfsprogs
@@ -1,3 +0,0 @@
enable-tftp
tftp-root=/tftpboot
dhcp-boot=pxelinux.0
+1 -1
View File
@@ -1,4 +1,4 @@
dn: olcDatabase={${LDAP_OLCDB_NUMBER}}hdb,cn=config
dn: olcDatabase={${LDAP_OLCDB_NUMBER}}${LDAP_OLCDB_TYPE},cn=config
changetype: modify
replace: olcSuffix
olcSuffix: ${BASE_DN}
+16
View File
@@ -0,0 +1,16 @@
[Unit]
Description=Activate LVM backing file %BACKING_FILE%
DefaultDependencies=no
After=systemd-udev-settle.service
Before=lvm2-activation-early.service
Wants=systemd-udev-settle.service
[Service]
ExecStart=/sbin/losetup --find --show %DIRECTIO% %BACKING_FILE%
ExecStop=/bin/sh -c '/sbin/losetup -d $$(/sbin/losetup --associated %BACKING_FILE% -O NAME -n)'
RemainAfterExit=yes
Type=oneshot
[Install]
WantedBy=local-fs.target
Also=systemd-udev-settle.service
+118
View File
@@ -0,0 +1,118 @@
#!/usr/bin/env python3
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import socket
import sys
import os
import os.path
import json
server_address = "/tmp/openstack.sock"
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
try:
sock.connect(server_address)
except socket.error as msg:
print(msg, file=sys.stderr)
sys.exit(1)
def send(sock, doc):
jdoc = json.dumps(doc)
sock.send(b'%d\n' % len(jdoc))
sock.sendall(jdoc.encode('utf-8'))
def recv(sock):
length_str = b''
char = sock.recv(1)
if len(char) == 0:
print("Unexpected end of file", file=sys.stderr)
sys.exit(1)
while char != b'\n':
length_str += char
char = sock.recv(1)
if len(char) == 0:
print("Unexpected end of file", file=sys.stderr)
sys.exit(1)
total = int(length_str)
# use a memoryview to receive the data chunk by chunk efficiently
jdoc = memoryview(bytearray(total))
next_offset = 0
while total - next_offset > 0:
recv_size = sock.recv_into(jdoc[next_offset:], total - next_offset)
next_offset += recv_size
try:
doc = json.loads(jdoc.tobytes())
except (TypeError, ValueError) as e:
raise Exception('Data received was not in JSON format')
return doc
try:
env = {}
passenv = ["CINDER_VERSION",
"OS_AUTH_URL",
"OS_NO_CACHE",
"OS_PASSWORD",
"OS_PROJECT_NAME",
"OS_REGION_NAME",
"OS_TENANT_NAME",
"OS_USERNAME",
"OS_VOLUME_API_VERSION",
"OS_CLOUD"]
for name in passenv:
if name in os.environ:
env[name] = os.environ[name]
cmd = {
"app": os.path.basename(sys.argv[0]),
"env": env,
"argv": sys.argv[1:]
}
try:
image_idx = sys.argv.index('image')
create_idx = sys.argv.index('create')
missing_file = image_idx < create_idx and \
not any(x.startswith('--file') for x in sys.argv)
except ValueError:
missing_file = False
if missing_file:
# This means we were called with an image create command, but were
# not provided a --file option. That likely means we're being passed
# the image data to stdin, which won't work because we do not proxy
# stdin to the server. So, we just reject the operation and ask the
# caller to provide the file with --file instead.
# We've already connected to the server, we need to send it some dummy
# data so it doesn't wait forever.
send(sock, {})
print('Image create without --file is not allowed in server mode',
file=sys.stderr)
sys.exit(1)
else:
send(sock, cmd)
doc = recv(sock)
if doc["stdout"] != b'':
print(doc["stdout"], end='')
if doc["stderr"] != b'':
print(doc["stderr"], file=sys.stderr)
sys.exit(doc["status"])
finally:
sock.close()
+118
View File
@@ -0,0 +1,118 @@
#!/usr/bin/env python3
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import socket
import sys
import os
import json
from openstackclient import shell as osc_shell
from io import StringIO
server_address = "/tmp/openstack.sock"
try:
os.unlink(server_address)
except OSError:
if os.path.exists(server_address):
raise
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
print('starting up on %s' % server_address, file=sys.stderr)
sock.bind(server_address)
# Listen for incoming connections
sock.listen(1)
def send(sock, doc):
jdoc = json.dumps(doc)
sock.send(b'%d\n' % len(jdoc))
sock.sendall(jdoc.encode('utf-8'))
def recv(sock):
length_str = b''
char = sock.recv(1)
while char != b'\n':
length_str += char
char = sock.recv(1)
total = int(length_str)
# use a memoryview to receive the data chunk by chunk efficiently
jdoc = memoryview(bytearray(total))
next_offset = 0
while total - next_offset > 0:
recv_size = sock.recv_into(jdoc[next_offset:], total - next_offset)
next_offset += recv_size
try:
doc = json.loads(jdoc.tobytes())
except (TypeError, ValueError) as e:
raise Exception('Data received was not in JSON format')
return doc
while True:
csock, client_address = sock.accept()
try:
doc = recv(csock)
print("%s %s" % (doc["app"], doc["argv"]), file=sys.stderr)
oldenv = {}
for name in doc["env"].keys():
oldenv[name] = os.environ.get(name, None)
os.environ[name] = doc["env"][name]
try:
old_stdout = sys.stdout
old_stderr = sys.stderr
my_stdout = sys.stdout = StringIO()
my_stderr = sys.stderr = StringIO()
class Exit(BaseException):
def __init__(self, status):
self.status = status
def noexit(stat):
raise Exit(stat)
sys.exit = noexit
if doc["app"] == "openstack":
sh = osc_shell.OpenStackShell()
ret = sh.run(doc["argv"])
else:
print("Unknown application %s" % doc["app"], file=sys.stderr)
ret = 1
except Exit as e:
ret = e.status
finally:
sys.stdout = old_stdout
sys.stderr = old_stderr
for name in oldenv.keys():
if oldenv[name] is None:
del os.environ[name]
else:
os.environ[name] = oldenv[name]
send(csock, {
"stdout": my_stdout.getvalue(),
"stderr": my_stderr.getvalue(),
"status": ret,
})
except BaseException as e:
print(e, file=sys.stderr)
finally:
csock.close()
-1
View File
@@ -1 +0,0 @@
dnsmasq
-3
View File
@@ -1,3 +0,0 @@
ceph # NOPRIME
lsb
xfsprogs
-3
View File
@@ -1,3 +0,0 @@
lvm2
qemu-tools
tgt # NOPRIME
-1
View File
@@ -1 +0,0 @@
dstat
-34
View File
@@ -1,34 +0,0 @@
apache2
apache2-devel
bc
ca-certificates-mozilla
curl
gawk
gcc
gcc-c++
git-core
graphviz # docs
iputils
libffi-devel # pyOpenSSL
libjpeg8-devel # Pillow 3.0.0
libopenssl-devel # to rebuild pyOpenSSL if needed
libxslt-devel # lxml
lsof # useful when debugging
make
net-tools
openssh
openssl
pcre-devel # python-pcre
postgresql-devel # psycopg2
psmisc
python3-systemd
python-cmd2 # dist:opensuse-12.3
python-devel # pyOpenSSL
python-xml
tar
tcpdump
unzip
util-linux
wget
which
zlib-devel
-2
View File
@@ -1,2 +0,0 @@
apache2-mod_wsgi # NOPRIME
apache2 # NOPRIME
-4
View File
@@ -1,4 +0,0 @@
cyrus-sasl-devel
memcached
openldap2-devel
sqlite3
-3
View File
@@ -1,3 +0,0 @@
openldap2
openldap2-client
python-ldap
-1
View File
@@ -1 +0,0 @@
python-dateutil
-10
View File
@@ -1,10 +0,0 @@
cdrkit-cdrtools-compat # dist:sle12
cryptsetup
dosfstools
libosinfo
lvm2
mkisofs # not:sle12
open-iscsi
sg3_utils
# Stuff for diablo volumes
sysfsutils
-1
View File
@@ -1 +0,0 @@
ipset
-12
View File
@@ -1,12 +0,0 @@
acl
dnsmasq
dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
ebtables
haproxy # to serve as metadata proxy inside router/dhcp namespaces
iptables
iputils
rabbitmq-server # NOPRIME
radvd # NOPRIME
sqlite3
sudo
vlan
-2
View File
@@ -1,2 +0,0 @@
conntrack-tools
keepalived
-23
View File
@@ -1,23 +0,0 @@
cdrkit-cdrtools-compat # dist:sle12
conntrack-tools
curl
dnsmasq
dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
ebtables
iptables
iputils
kpartx
kvm # NOPRIME
libvirt # NOPRIME
libvirt-python # NOPRIME
# mkisofs is required for config_drive
mkisofs # not:sle12
parted
polkit
# qemu as fallback if kvm cannot be used
qemu # NOPRIME
rabbitmq-server # NOPRIME
socat
sqlite3
sudo
vlan
-3
View File
@@ -1,3 +0,0 @@
openvswitch
openvswitch-switch
-2
View File
@@ -1,2 +0,0 @@
lsscsi
open-iscsi
-1
View File
@@ -1 +0,0 @@
neutron-agent
-1
View File
@@ -1 +0,0 @@
neutron-l3
-6
View File
@@ -1,6 +0,0 @@
curl
liberasurecode-devel
memcached
sqlite3
xfsprogs
xinetd
+1 -1
View File
@@ -1,3 +1,3 @@
ceph # NOPRIME
redhat-lsb-core
redhat-lsb-core # not:rhel9,openEuler-22.03
xfsprogs
+5 -2
View File
@@ -6,9 +6,11 @@ gcc
gcc-c++
gettext # used for compiling message catalogs
git-core
glibc-langpack-en # dist:rhel9
graphviz # needed only for docs
httpd
httpd-devel
iptables-nft # dist:rhel9
iptables-services
java-1.8.0-openjdk-headless
libffi-devel
@@ -16,6 +18,7 @@ libjpeg-turbo-devel # Pillow 3.0.0
libxml2-devel # lxml
libxslt-devel # lxml
libyaml-devel
mod_ssl # required for tls-proxy on centos 9 stream computes
net-tools
openssh-server
openssl
@@ -25,9 +28,9 @@ pkgconfig
postgresql-devel # psycopg2
psmisc
python3-devel
python3-pip
python3-pip # not:openEuler-22.03
python3-systemd
redhat-rpm-config # missing dep for gcc hardening flags, see rhbz#1217376
redhat-rpm-config # not:openEuler-22.03 missing dep for gcc hardening flags, see rhbz#1217376
tar
tcpdump
unzip
+2 -1
View File
@@ -1,9 +1,10 @@
cryptsetup
dosfstools
genisoimage
genisoimage # not:rhel9
iscsi-initiator-utils
libosinfo
lvm2
sg3_utils
# Stuff for diablo volumes
sysfsutils
xorriso # not:rhel8
+3 -4
View File
@@ -1,15 +1,14 @@
conntrack-tools
curl
dnsmasq # for q-dhcp
dnsmasq-utils # for dhcp_release
ebtables
genisoimage # required for config_drive
genisoimage # not:rhel9 required for config_drive
iptables
iputils
kernel-modules
kernel-modules # not:openEuler-22.03
kpartx
parted
polkit
rabbitmq-server # NOPRIME
sqlite
sudo
xorriso # not:rhel8
+1 -1
View File
@@ -4,4 +4,4 @@ memcached
rsync-daemon
sqlite
xfsprogs
xinetd # not:f34
xinetd # not:f36,rhel9
+24 -8
View File
@@ -118,7 +118,7 @@ function _upload_image {
useimport="--import"
fi
openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name" --public --container-format "$container" --disk-format "$disk" $useimport $properties < "${image}"
openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name" --public --container-format "$container" --disk-format "$disk" $useimport $properties --file $(readlink -f "${image}")
}
# Retrieve an image from a URL and upload into Glance.
@@ -133,17 +133,28 @@ function upload_image {
local image image_fname image_name
local max_attempts=5
# Create a directory for the downloaded image tarballs.
mkdir -p $FILES/images
image_fname=`basename "$image_url"`
if [[ $image_url != file* ]]; then
# Downloads the image (uec ami+akistyle), then extracts it.
if [[ ! -f $FILES/$image_fname || "$(stat -c "%s" $FILES/$image_fname)" = "0" ]]; then
wget --progress=dot:giga -c $image_url -O $FILES/$image_fname
if [[ $? -ne 0 ]]; then
echo "Not found: $image_url"
return
fi
for attempt in `seq $max_attempts`; do
local rc=0
wget --progress=dot:giga -c $image_url -O $FILES/$image_fname || rc=$?
if [[ $rc -ne 0 ]]; then
if [[ "$attempt" -eq "$max_attempts" ]]; then
echo "Not found: $image_url"
return
fi
echo "Download failed, retrying in $attempt second, attempt: $attempt"
sleep $attempt
else
break
fi
done
fi
image="$FILES/${image_fname}"
else
@@ -414,10 +425,10 @@ function upload_image {
# kernel for use when uploading the root filesystem.
local kernel_id="" ramdisk_id="";
if [ -n "$kernel" ]; then
kernel_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-kernel" $(_image_properties_to_arg $img_property) --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2)
kernel_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-kernel" $(_image_properties_to_arg $img_property) --public --container-format aki --disk-format aki --file $(readlink -f "$kernel") -f value -c id)
fi
if [ -n "$ramdisk" ]; then
ramdisk_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-ramdisk" $(_image_properties_to_arg $img_property) --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2)
ramdisk_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-ramdisk" $(_image_properties_to_arg $img_property) --public --container-format ari --disk-format ari --file $(readlink -f "$ramdisk") -f value -c id)
fi
_upload_image "${image_name%.img}" ami ami "$image" ${kernel_id:+ kernel_id=$kernel_id} ${ramdisk_id:+ ramdisk_id=$ramdisk_id} $img_property
fi
@@ -683,6 +694,8 @@ function setup_colorized_logging {
iniset $conf_file DEFAULT logging_default_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s"
iniset $conf_file DEFAULT logging_debug_format_suffix "from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d"
iniset $conf_file DEFAULT logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s %(instance)s"
# Enable or disable color for oslo.log
iniset $conf_file DEFAULT log_color $LOG_COLOR
}
function setup_systemd_logging {
@@ -704,6 +717,9 @@ function setup_systemd_logging {
iniset $conf_file DEFAULT logging_context_format_string "%(color)s%(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(project_name)s %(user_name)s%(color)s] %(instance)s%(color)s%(message)s"
iniset $conf_file DEFAULT logging_default_format_string "%(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s"
iniset $conf_file DEFAULT logging_exception_prefix "ERROR %(name)s %(instance)s"
# Enable or disable color for oslo.log
iniset $conf_file DEFAULT log_color $LOG_COLOR
}
function setup_standard_logging_identity {
+263 -141
View File
@@ -49,7 +49,7 @@ KILL_PATH="$(which kill)"
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
KEYSTONE_SERVICE_URI \
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \
HOST_IPV6 SERVICE_IP_VERSION"
HOST_IPV6 SERVICE_IP_VERSION TUNNEL_ENDPOINT_IP TUNNEL_IP_VERSION"
# Saves significant environment variables to .stackenv for later use
@@ -85,7 +85,7 @@ function write_clouds_yaml {
if [ -f "$SSL_BUNDLE_FILE" ]; then
CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
fi
# demo -> devstack
# devstack: user with the member role on demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack \
@@ -96,18 +96,7 @@ function write_clouds_yaml {
--os-password $ADMIN_PASSWORD \
--os-project-name demo
# alt_demo -> devstack-alt
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username alt_demo \
--os-password $ADMIN_PASSWORD \
--os-project-name alt_demo
# admin -> devstack-admin
# devstack-admin: user with the admin role on the admin project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-admin \
@@ -118,7 +107,62 @@ function write_clouds_yaml {
--os-password $ADMIN_PASSWORD \
--os-project-name admin
# admin with a system-scoped token -> devstack-system
# devstack-admin-demo: user with the admin role on the demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-admin-demo \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username admin \
--os-password $ADMIN_PASSWORD \
--os-project-name demo
# devstack-alt: user with the member role on alt_demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username alt_demo \
--os-password $ADMIN_PASSWORD \
--os-project-name alt_demo
# devstack-alt-member: user with the member role on alt_demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt-member \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username alt_demo_member \
--os-password $ADMIN_PASSWORD \
--os-project-name alt_demo
# devstack-alt-reader: user with the reader role on alt_demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt-reader \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username alt_demo_reader \
--os-password $ADMIN_PASSWORD \
--os-project-name alt_demo
# devstack-reader: user with the reader role on demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-reader \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username demo_reader \
--os-password $ADMIN_PASSWORD \
--os-project-name demo
# devstack-system-admin: user with the admin role on the system
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-system-admin \
@@ -129,6 +173,28 @@ function write_clouds_yaml {
--os-password $ADMIN_PASSWORD \
--os-system-scope all
# devstack-system-member: user with the member role on the system
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-system-member \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username system_member \
--os-password $ADMIN_PASSWORD \
--os-system-scope all
# devstack-system-reader: user with the reader role on the system
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-system-reader \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username system_reader \
--os-password $ADMIN_PASSWORD \
--os-system-scope all
cat >> $CLOUDS_YAML <<EOF
functional:
image_name: $DEFAULT_IMAGE_NAME
@@ -170,6 +236,27 @@ function trueorfalse {
$xtrace
}
# bool_to_int <True|False>
#
# Convert True|False to int 1 or 0
# This function can be used to convert the output of trueorfalse
# to an int follow c conventions where false is 0 and 1 it true.
function bool_to_int {
local xtrace
xtrace=$(set +o | grep xtrace)
set +o xtrace
if [ -z $1 ]; then
die $LINENO "Bool value required"
fi
if [[ $1 == "True" ]] ; then
echo '1'
else
echo '0'
fi
$xtrace
}
function isset {
[[ -v "$1" ]]
}
@@ -314,9 +401,9 @@ function warn {
# such as "install_package" further abstract things in better ways.
#
# ``os_VENDOR`` - vendor name: ``Ubuntu``, ``Fedora``, etc
# ``os_RELEASE`` - major release: ``16.04`` (Ubuntu), ``23`` (Fedora)
# ``os_RELEASE`` - major release: ``22.04`` (Ubuntu), ``23`` (Fedora)
# ``os_PACKAGE`` - package type: ``deb`` or ``rpm``
# ``os_CODENAME`` - vendor's codename for release: ``xenial``
# ``os_CODENAME`` - vendor's codename for release: ``jammy``
declare -g os_VENDOR os_RELEASE os_PACKAGE os_CODENAME
@@ -333,7 +420,7 @@ function _ensure_lsb_release {
elif [[ -x $(command -v zypper 2>/dev/null) ]]; then
sudo zypper -n install lsb-release
elif [[ -x $(command -v dnf 2>/dev/null) ]]; then
sudo dnf install -y redhat-lsb-core
sudo dnf install -y redhat-lsb-core || sudo dnf install -y openeuler-lsb
else
die $LINENO "Unable to find or auto-install lsb_release"
fi
@@ -346,14 +433,24 @@ function _ensure_lsb_release {
# - os_VENDOR
# - os_PACKAGE
function GetOSVersion {
# We only support distros that provide a sane lsb_release
_ensure_lsb_release
# CentOS Stream 9 and RHEL 9 do not provide lsb_release
source /etc/os-release
if [[ "${ID}${VERSION}" == "centos9" ]] || [[ "${ID}${VERSION}" =~ "rhel9" ]]; then
os_RELEASE=${VERSION_ID}
os_CODENAME="n/a"
os_VENDOR=$(echo $NAME | tr -d '[:space:]')
elif [[ "${ID}${VERSION}" =~ "rocky9" ]]; then
os_VENDOR="Rocky"
os_RELEASE=${VERSION_ID}
else
_ensure_lsb_release
os_RELEASE=$(lsb_release -r -s)
os_CODENAME=$(lsb_release -c -s)
os_VENDOR=$(lsb_release -i -s)
os_RELEASE=$(lsb_release -r -s)
os_CODENAME=$(lsb_release -c -s)
os_VENDOR=$(lsb_release -i -s)
fi
if [[ $os_VENDOR =~ (Debian|Ubuntu|LinuxMint) ]]; then
if [[ $os_VENDOR =~ (Debian|Ubuntu) ]]; then
os_PACKAGE="deb"
else
os_PACKAGE="rpm"
@@ -371,32 +468,25 @@ declare -g DISTRO
function GetDistro {
GetOSVersion
if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) || \
"$os_VENDOR" =~ (LinuxMint) ]]; then
# 'Everyone' refers to Ubuntu / Debian / Mint releases by
if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) ]]; then
# 'Everyone' refers to Ubuntu / Debian releases by
# the code name adjective
DISTRO=$os_CODENAME
elif [[ "$os_VENDOR" =~ (Fedora) ]]; then
# For Fedora, just use 'f' and the release
DISTRO="f$os_RELEASE"
elif is_opensuse; then
DISTRO="opensuse-$os_RELEASE"
# Tumbleweed uses "n/a" as a codename, and the release is a datestring
# like 20180218, so not very useful. Leap however uses a release
# with a "dot", so for example 15.0
[ "$os_CODENAME" = "n/a" -a "$os_RELEASE" = "${os_RELEASE/\./}" ] && \
DISTRO="opensuse-tumbleweed"
elif is_suse_linux_enterprise; then
# just use major release
DISTRO="sle${os_RELEASE%.*}"
elif [[ "$os_VENDOR" =~ (Red.*Hat) || \
"$os_VENDOR" =~ (CentOS) || \
"$os_VENDOR" =~ (AlmaLinux) || \
"$os_VENDOR" =~ (Scientific) || \
"$os_VENDOR" =~ (OracleServer) || \
"$os_VENDOR" =~ (Rocky) || \
"$os_VENDOR" =~ (Virtuozzo) ]]; then
# Drop the . release as we assume it's compatible
# XXX re-evaluate when we get RHEL10
DISTRO="rhel${os_RELEASE::1}"
elif [[ "$os_VENDOR" =~ (openEuler) ]]; then
DISTRO="openEuler-$os_RELEASE"
else
# We can't make a good choice here. Setting a sensible DISTRO
# is part of the problem, but not the major issue -- we really
@@ -440,7 +530,7 @@ function is_oraclelinux {
# Determine if current distribution is a Fedora-based distribution
# (Fedora, RHEL, CentOS, etc).
# (Fedora, RHEL, CentOS, Rocky, etc).
# is_fedora
function is_fedora {
if [[ -z "$os_VENDOR" ]]; then
@@ -448,44 +538,17 @@ function is_fedora {
fi
[ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || \
[ "$os_VENDOR" = "openEuler" ] || \
[ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \
[ "$os_VENDOR" = "RedHatEnterprise" ] || \
[ "$os_VENDOR" = "RedHatEnterpriseLinux" ] || \
[ "$os_VENDOR" = "Rocky" ] || \
[ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "CentOSStream" ] || \
[ "$os_VENDOR" = "AlmaLinux" ] || \
[ "$os_VENDOR" = "OracleServer" ] || [ "$os_VENDOR" = "Virtuozzo" ]
}
# Determine if current distribution is a SUSE-based distribution
# (openSUSE, SLE).
# is_suse
function is_suse {
is_opensuse || is_suse_linux_enterprise
}
# Determine if current distribution is an openSUSE distribution
# is_opensuse
function is_opensuse {
if [[ -z "$os_VENDOR" ]]; then
GetOSVersion
fi
[[ "$os_VENDOR" =~ (openSUSE) ]]
}
# Determine if current distribution is a SUSE Linux Enterprise (SLE)
# distribution
# is_suse_linux_enterprise
function is_suse_linux_enterprise {
if [[ -z "$os_VENDOR" ]]; then
GetOSVersion
fi
[[ "$os_VENDOR" =~ (^SUSE) ]]
}
# Determine if current distribution is an Ubuntu-based distribution
# It will also detect non-Ubuntu but Debian-based distros
# is_ubuntu
@@ -496,7 +559,14 @@ function is_ubuntu {
[ "$os_PACKAGE" = "deb" ]
}
# Determine if current distribution is an openEuler distribution
# is_openeuler
function is_openeuler {
if [[ -z "$os_PACKAGE" ]]; then
GetOSVersion
fi
[ "$os_VENDOR" = "openEuler" ]
}
# Git Functions
# =============
@@ -547,7 +617,7 @@ function git_clone {
if [[ "$ERROR_ON_CLONE" = "True" ]]; then
echo "The $git_dest project was not found; if this is a gate job, add"
echo "the project to 'required-projects' in the job definition."
die $LINENO "Cloning not allowed in this configuration"
die $LINENO "ERROR_ON_CLONE is set to True so cloning not allowed in this configuration"
fi
git_timed clone $git_clone_flags $git_remote $git_dest
fi
@@ -559,10 +629,12 @@ function git_clone {
if [[ "$ERROR_ON_CLONE" = "True" ]]; then
echo "The $git_dest project was not found; if this is a gate job, add"
echo "the project to the \$PROJECTS variable in the job definition."
die $LINENO "Cloning not allowed in this configuration"
die $LINENO "ERROR_ON_CLONE is set to True so cloning not allowed in this configuration"
fi
# '--branch' can also take tags
git_timed clone $git_clone_flags $git_remote $git_dest --branch $git_ref
git_timed clone --no-checkout $git_clone_flags $git_remote $git_dest
cd $git_dest
git_timed fetch $git_clone_flags origin $git_ref
git_timed checkout FETCH_HEAD
elif [[ "$RECLONE" = "True" ]]; then
# if it does exist then simulate what clone does if asked to RECLONE
cd $git_dest
@@ -572,7 +644,7 @@ function git_clone {
# remove the existing ignored files (like pyc) as they cause breakage
# (due to the py files having older timestamps than our pyc, so python
# thinks the pyc files are correct using them)
find $git_dest -name '*.pyc' -delete
sudo find $git_dest -name '*.pyc' -delete
# handle git_ref accordingly to type (tag, branch)
if [[ -n "`git show-ref refs/tags/$git_ref`" ]]; then
@@ -588,6 +660,18 @@ function git_clone {
fi
fi
# NOTE(ianw) 2022-04-13 : commit [1] has broken many assumptions
# about how we clone and work with repos. Mark them safe globally
# as a work-around.
#
# NOTE(danms): On bionic (and likely others) git-config may write
# ~stackuser/.gitconfig if not run with sudo -H. Using --system
# writes these changes to /etc/gitconfig which is more
# discoverable anyway.
#
# [1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
sudo git config --system --add safe.directory ${git_dest}
# print out the results so we know what change was used in the logs
cd $git_dest
git show --oneline | head -1
@@ -687,7 +771,7 @@ function get_default_host_ip {
if [ -z "$host_ip" -o "$host_ip" == "dhcp" ]; then
host_ip=""
# Find the interface used for the default route
host_ip_iface=${host_ip_iface:-$(ip -f $af route | awk '/default/ {print $5}' | head -1)}
host_ip_iface=${host_ip_iface:-$(ip -f $af route list match default table all | grep via | awk '/default/ {print $5}' | head -1)}
local host_ips
host_ips=$(LC_ALL=C ip -f $af addr show ${host_ip_iface} | sed /temporary/d |awk /$af'/ {split($2,parts,"/"); print parts[1]}')
local ip
@@ -790,14 +874,9 @@ function policy_add {
# Usage: get_or_create_domain <name> <description>
function get_or_create_domain {
local domain_id
# Gets domain id
domain_id=$(
# Gets domain id
openstack domain show $1 \
-f value -c id 2>/dev/null ||
# Creates new domain
openstack domain create $1 \
--description "$2" \
openstack --os-cloud devstack-system-admin domain create $1 \
--description "$2" --or-show \
-f value -c id
)
echo $domain_id
@@ -811,7 +890,7 @@ function get_or_create_group {
# Gets group id
group_id=$(
# Creates new group with --or-show
openstack group create $1 \
openstack --os-cloud devstack-system-admin group create $1 \
--domain $2 --description "$desc" --or-show \
-f value -c id
)
@@ -830,7 +909,7 @@ function get_or_create_user {
# Gets user id
user_id=$(
# Creates new user with --or-show
openstack user create \
openstack --os-cloud devstack-system-admin user create \
$1 \
--password "$2" \
--domain=$3 \
@@ -847,7 +926,7 @@ function get_or_create_project {
local project_id
project_id=$(
# Creates new project with --or-show
openstack project create $1 \
openstack --os-cloud devstack-system-admin project create $1 \
--domain=$2 \
--or-show -f value -c id
)
@@ -860,7 +939,7 @@ function get_or_create_role {
local role_id
role_id=$(
# Creates role with --or-show
openstack role create $1 \
openstack --os-cloud devstack-system-admin role create $1 \
--or-show -f value -c id
)
echo $role_id
@@ -886,29 +965,22 @@ function _get_domain_args {
# Usage: get_or_add_user_project_role <role> <user> <project> [<user_domain> <project_domain>]
function get_or_add_user_project_role {
local user_role_id
local domain_args
domain_args=$(_get_domain_args $4 $5)
# Gets user role id
user_role_id=$(openstack role assignment list \
# Note this is idempotent so we are safe across multiple
# duplicate calls.
openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--project $3 \
$domain_args
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--project $3 \
$domain_args \
| grep '^|\s[a-f0-9]\+' | get_field 1)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
openstack role add $1 \
--user $2 \
--project $3 \
$domain_args
user_role_id=$(openstack role assignment list \
--role $1 \
--user $2 \
--project $3 \
$domain_args \
| grep '^|\s[a-f0-9]\+' | get_field 1)
fi
-c Role -f value)
echo $user_role_id
}
@@ -916,22 +988,48 @@ function get_or_add_user_project_role {
# Usage: get_or_add_user_domain_role <role> <user> <domain>
function get_or_add_user_domain_role {
local user_role_id
# Gets user role id
user_role_id=$(openstack role assignment list \
# Note this is idempotent so we are safe across multiple
# duplicate calls.
openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--domain $3
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--domain $3 \
| grep '^|\s[a-f0-9]\+' | get_field 1)
-c Role -f value)
echo $user_role_id
}
# Gets or adds user role to system
# Usage: get_or_add_user_system_role <role> <user> <system> [<user_domain>]
function get_or_add_user_system_role {
local user_role_id
local domain_args
domain_args=$(_get_domain_args $4)
# Gets user role id
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--system $3 \
$domain_args \
-f value -c Role)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
openstack role add $1 \
openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--domain $3
user_role_id=$(openstack role assignment list \
--system $3 \
$domain_args
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--domain $3 \
| grep '^|\s[a-f0-9]\+' | get_field 1)
--system $3 \
$domain_args \
-f value -c Role)
fi
echo $user_role_id
}
@@ -940,23 +1038,18 @@ function get_or_add_user_domain_role {
# Usage: get_or_add_group_project_role <role> <group> <project>
function get_or_add_group_project_role {
local group_role_id
# Gets group role id
group_role_id=$(openstack role assignment list \
# Note this is idempotent so we are safe across multiple
# duplicate calls.
openstack role add $1 \
--group $2 \
--project $3
group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--group $2 \
--project $3 \
-f value)
if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it
openstack role add $1 \
--group $2 \
--project $3
group_role_id=$(openstack role assignment list \
--role $1 \
--group $2 \
--project $3 \
-f value)
fi
-f value -c Role)
echo $group_role_id
}
@@ -967,9 +1060,9 @@ function get_or_create_service {
# Gets service id
service_id=$(
# Gets service id
openstack service show $2 -f value -c id 2>/dev/null ||
openstack --os-cloud devstack-system-admin service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists
openstack service create \
openstack --os-cloud devstack-system-admin service create \
$2 \
--name $1 \
--description="$3" \
@@ -982,14 +1075,14 @@ function get_or_create_service {
# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
function _get_or_create_endpoint_with_interface {
local endpoint_id
endpoint_id=$(openstack endpoint list \
endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 \
--interface $2 \
--region $4 \
-c ID -f value)
if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint
endpoint_id=$(openstack endpoint create \
endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint create \
$1 $2 $3 --region $4 -f value -c id)
fi
@@ -1023,7 +1116,7 @@ function get_or_create_endpoint {
# Get a URL from the identity service
# Usage: get_endpoint_url <service> <interface>
function get_endpoint_url {
echo $(openstack endpoint list \
echo $(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 --interface $2 \
-c URL -f value)
}
@@ -1038,7 +1131,13 @@ function is_ironic_hardware {
}
function is_ironic_enforce_scope {
is_service_enabled ironic && [[ "$IRONIC_ENFORCE_SCOPE" == "True" ]] && return 0
is_service_enabled ironic && [[ "$IRONIC_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == "True" ]] && return 0
return 1
}
function is_ironic_sharded {
# todo(JayF): Support >1 shard with multiple n-cpu instances for each
is_service_enabled ironic && [[ "$IRONIC_SHARDS" == "1" ]] && return 0
return 1
}
@@ -1058,8 +1157,6 @@ function _get_package_dir {
pkg_dir=$base_dir/debs
elif is_fedora; then
pkg_dir=$base_dir/rpms
elif is_suse; then
pkg_dir=$base_dir/rpms-suse
else
exit_distro_not_supported "list of packages"
fi
@@ -1334,8 +1431,6 @@ function real_install_package {
apt_get install "$@"
elif is_fedora; then
yum_install "$@"
elif is_suse; then
zypper_install "$@"
else
exit_distro_not_supported "installing packages"
fi
@@ -1377,8 +1472,6 @@ function uninstall_package {
apt_get purge "$@"
elif is_fedora; then
sudo dnf remove -y "$@" ||:
elif is_suse; then
sudo zypper remove -y "$@" ||:
else
exit_distro_not_supported "uninstalling packages"
fi
@@ -1447,6 +1540,7 @@ function write_user_unit_file {
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local extra=""
if [[ -n "$group" ]]; then
extra="Group=$group"
@@ -1455,11 +1549,15 @@ function write_user_unit_file {
mkdir -p $SYSTEMD_DIR
iniset -sudo $unitfile "Unit" "Description" "Devstack $service"
iniset -sudo $unitfile "Service" "Environment" "\"PATH=$PATH\""
iniset -sudo $unitfile "Service" "User" "$user"
iniset -sudo $unitfile "Service" "ExecStart" "$command"
iniset -sudo $unitfile "Service" "KillMode" "process"
iniset -sudo $unitfile "Service" "TimeoutStopSec" "300"
iniset -sudo $unitfile "Service" "ExecReload" "$KILL_PATH -HUP \$MAINPID"
if [[ -n "$env_vars" ]] ; then
iniset -sudo $unitfile "Service" "Environment" "$env_vars"
fi
if [[ -n "$group" ]]; then
iniset -sudo $unitfile "Service" "Group" "$group"
fi
@@ -1474,10 +1572,12 @@ function write_uwsgi_user_unit_file {
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local unitfile="$SYSTEMD_DIR/$service"
mkdir -p $SYSTEMD_DIR
iniset -sudo $unitfile "Unit" "Description" "Devstack $service"
iniset -sudo $unitfile "Service" "Environment" "\"PATH=$PATH\""
iniset -sudo $unitfile "Service" "SyslogIdentifier" "$service"
iniset -sudo $unitfile "Service" "User" "$user"
iniset -sudo $unitfile "Service" "ExecStart" "$command"
@@ -1488,6 +1588,9 @@ function write_uwsgi_user_unit_file {
iniset -sudo $unitfile "Service" "NotifyAccess" "all"
iniset -sudo $unitfile "Service" "RestartForceExitStatus" "100"
if [[ -n "$env_vars" ]] ; then
iniset -sudo $unitfile "Service" "Environment" "$env_vars"
fi
if [[ -n "$group" ]]; then
iniset -sudo $unitfile "Service" "Group" "$group"
fi
@@ -1535,10 +1638,17 @@ function _run_under_systemd {
local systemd_service="devstack@$service.service"
local group=$3
local user=${4:-$STACK_USER}
if [[ -z "$user" ]]; then
user=$STACK_USER
fi
local env_vars="$5"
if [[ "$command" =~ "uwsgi" ]] ; then
write_uwsgi_user_unit_file $systemd_service "$cmd" "$group" "$user"
if [[ "$GLOBAL_VENV" == "True" ]] ; then
cmd="$cmd --venv $DEVSTACK_VENV"
fi
write_uwsgi_user_unit_file $systemd_service "$cmd" "$group" "$user" "$env_vars"
else
write_user_unit_file $systemd_service "$cmd" "$group" "$user"
write_user_unit_file $systemd_service "$cmd" "$group" "$user" "$env_vars"
fi
$SYSTEMCTL enable $systemd_service
@@ -1559,18 +1669,20 @@ function is_running {
# If the command includes shell metachatacters (;<>*) it must be run using a shell
# If an optional group is provided sg will be used to run the
# command as that group.
# run_process service "command-line" [group] [user]
# run_process service "command-line" [group] [user] [env_vars]
# env_vars must be a space separated list of variable assigments, ie: "A=1 B=2"
function run_process {
local service=$1
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local name=$service
time_start "run_process"
if is_service_enabled $service; then
_run_under_systemd "$name" "$command" "$group" "$user"
_run_under_systemd "$name" "$command" "$group" "$user" "$env_vars"
fi
time_stop "run_process"
}
@@ -2326,6 +2438,11 @@ function time_stop {
_TIME_TOTAL[$name]=$(($total + $elapsed_time))
}
function install_openstack_cli_server {
export PATH=$TOP_DIR/files/openstack-cli-server:$PATH
run_process openstack-cli-server "$PYTHON $TOP_DIR/files/openstack-cli-server/openstack-cli-server"
}
function oscwrap {
local xtrace
xtrace=$(set +o | grep xtrace)
@@ -2421,6 +2538,11 @@ function clean_pyc_files {
fi
}
function is_fips_enabled {
fips=`cat /proc/sys/crypto/fips_enabled`
[ "$fips" == "1" ]
}
# Restore xtrace
$_XTRACE_FUNCTIONS_COMMON
+3
View File
@@ -189,6 +189,9 @@ function iniset {
local option=$3
local value=$4
# Escape the ampersand character (&)
value=$(echo $value | sed -e 's/&/\\&/g')
if [[ -z $section || -z $option ]]; then
$xtrace
return
+41 -12
View File
@@ -7,7 +7,6 @@
# External functions used:
# - GetOSVersion
# - is_fedora
# - is_suse
# - safe_chown
# Save trace setting
@@ -33,6 +32,26 @@ function join_extras {
# Python Functions
# ================
# Setup the global devstack virtualenvs and the associated environment
# updates.
function setup_devstack_virtualenv {
# We run devstack out of a global virtualenv.
if [[ ! -d $DEVSTACK_VENV ]] ; then
# Using system site packages to enable nova to use libguestfs.
# This package is currently installed via the distro and not
# available on pypi.
python$PYTHON3_VERSION -m venv --system-site-packages $DEVSTACK_VENV
pip_install -U pip setuptools
#NOTE(rpittau): workaround for simplejson removal in osc
# https://review.opendev.org/c/openstack/python-openstackclient/+/920001
pip_install -U simplejson
fi
if [[ ":$PATH:" != *":$DEVSTACK_VENV/bin:"* ]] ; then
export PATH="$DEVSTACK_VENV/bin:$PATH"
export PYTHON="$DEVSTACK_VENV/bin/python3"
fi
}
# Get the path to the pip command.
# get_pip_command
function get_pip_command {
@@ -61,9 +80,11 @@ function get_python_exec_prefix {
fi
$xtrace
local PYTHON_PATH=/usr/local/bin
is_suse && PYTHON_PATH=/usr/bin
echo $PYTHON_PATH
if [[ "$GLOBAL_VENV" == "True" ]] ; then
echo "$DEVSTACK_VENV/bin"
else
echo "/usr/local/bin"
fi
}
# Wrapper for ``pip install`` that only installs versions of libraries
@@ -168,6 +189,14 @@ function pip_install {
if [[ -n ${PIP_VIRTUAL_ENV:=} && -d ${PIP_VIRTUAL_ENV} ]]; then
local cmd_pip=$PIP_VIRTUAL_ENV/bin/pip
local sudo_pip="env"
elif [[ "${GLOBAL_VENV}" == "True" && -d ${DEVSTACK_VENV} ]] ; then
# We have to check that the DEVSTACK_VENV exists because early
# devstack boostrapping needs to operate in a system context
# too bootstrap pip. Once pip is bootstrapped we create the
# global venv and can start to use it.
local cmd_pip=$DEVSTACK_VENV/bin/pip
local sudo_pip="env"
echo "Using python $PYTHON3_VERSION to install $package_dir"
else
local cmd_pip="python$PYTHON3_VERSION -m pip"
# See
@@ -186,15 +215,11 @@ function pip_install {
$xtrace
# adding SETUPTOOLS_SYS_PATH_TECHNIQUE is a workaround to keep
# the same behaviour of setuptools before version 25.0.0.
# related issue: https://github.com/pypa/pip/issues/3874
$sudo_pip \
http_proxy="${http_proxy:-}" \
https_proxy="${https_proxy:-}" \
no_proxy="${no_proxy:-}" \
PIP_FIND_LINKS=$PIP_FIND_LINKS \
SETUPTOOLS_SYS_PATH_TECHNIQUE=rewrite \
$cmd_pip $upgrade \
$@
result=$?
@@ -383,6 +408,9 @@ function _setup_package_with_constraints_edit {
# source we are about to do.
local name
name=$(awk '/^name.*=/ {print $3}' $project_dir/setup.cfg)
if [ -z $name ]; then
name=$(awk '/^name =/ {gsub(/"/, "", $3); print $3}' $project_dir/pyproject.toml)
fi
$REQUIREMENTS_DIR/.venv/bin/edit-constraints \
$REQUIREMENTS_DIR/upper-constraints.txt -- $name
fi
@@ -445,8 +473,11 @@ function setup_package {
pip_install $flags "$project_dir$extras"
# ensure that further actions can do things like setup.py sdist
if [[ "$flags" == "-e" ]]; then
safe_chown -R $STACK_USER $1/*.egg-info
if [[ "$flags" == "-e" && "$GLOBAL_VENV" == "False" ]]; then
# egg-info is not created when project have pyproject.toml
if [ -d $1/*.egg-info ]; then
safe_chown -R $STACK_USER $1/*.egg-info
fi
fi
}
@@ -466,8 +497,6 @@ function install_python {
function install_python3 {
if is_ubuntu; then
apt_get install python${PYTHON3_VERSION} python${PYTHON3_VERSION}-dev
elif is_suse; then
install_package python3-devel python3-dbm
elif is_fedora; then
if [ "$os_VENDOR" = "Fedora" ]; then
install_package python${PYTHON3_VERSION//.}
+5
View File
@@ -60,6 +60,11 @@ function configure_rootwrap {
sudo install -o root -g root -m 644 $rootwrap_conf_src_dir/rootwrap.conf /etc/${project}/rootwrap.conf
sudo sed -e "s:^filters_path=.*$:filters_path=/etc/${project}/rootwrap.d:" -i /etc/${project}/rootwrap.conf
# Rely on $PATH set by devstack to determine what is safe to execute
# by rootwrap rather than use explicit whitelist of paths in
# rootwrap.conf
sudo sed -e 's/^exec_dirs=.*/#&/' -i /etc/${project}/rootwrap.conf
# Set up the rootwrap sudoers
local tempfile
tempfile=$(mktemp)
+97 -81
View File
@@ -27,6 +27,11 @@ set +o xtrace
APACHE_USER=${APACHE_USER:-$STACK_USER}
APACHE_GROUP=${APACHE_GROUP:-$(id -gn $APACHE_USER)}
APACHE_LOCAL_HOST=$SERVICE_LOCAL_HOST
if [[ "$SERVICE_IP_VERSION" == 6 ]]; then
APACHE_LOCAL_HOST=[$APACHE_LOCAL_HOST]
fi
# Set up apache name and configuration directory
# Note that APACHE_CONF_DIR is really more accurately apache's vhost
@@ -39,10 +44,6 @@ elif is_fedora; then
APACHE_NAME=httpd
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/conf.d}
APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
elif is_suse; then
APACHE_NAME=apache2
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/vhosts.d}
APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
fi
APACHE_LOG_DIR="/var/log/${APACHE_NAME}"
@@ -60,11 +61,6 @@ function enable_apache_mod {
sudo a2enmod $mod
restart_apache_server
fi
elif is_suse; then
if ! a2enmod -q $mod ; then
sudo a2enmod $mod
restart_apache_server
fi
elif is_fedora; then
# pass
true
@@ -82,19 +78,15 @@ function install_apache_uwsgi {
apxs="apxs"
fi
# This varies based on packaged/installed. If we've
# pip_installed, then the pip setup will only build a "python"
# module that will be either python2 or python3 depending on what
# it was built with.
#
# For package installs, the distro ships both plugins and you need
# to select the right one ... it will not be autodetected.
UWSGI_PYTHON_PLUGIN=python3
if is_ubuntu; then
local pkg_list="uwsgi uwsgi-plugin-python3 libapache2-mod-proxy-uwsgi"
install_package ${pkg_list}
elif is_fedora; then
# NOTE(ianw) 2022-02-03 : Fedora 35 needs to skip this and fall
# into the install-from-source because the upstream packages
# didn't fix Python 3.10 compatibility before release. Should be
# fixed in uwsgi 4.9.0; can remove this when packages available
# or we drop this release
elif is_fedora && ! is_openeuler && ! [[ $DISTRO =~ f36 ]]; then
# Note httpd comes with mod_proxy_uwsgi and it is loaded by
# default; the mod_proxy_uwsgi package actually conflicts now.
# See:
@@ -103,10 +95,6 @@ function install_apache_uwsgi {
# Thus there is nothing else to do after this install
install_package uwsgi \
uwsgi-plugin-python3
elif [[ $os_VENDOR =~ openSUSE ]]; then
install_package uwsgi \
uwsgi-python3 \
apache2-mod_uwsgi
else
# Compile uwsgi from source.
local dir
@@ -122,10 +110,9 @@ function install_apache_uwsgi {
popd
# delete the temp directory
sudo rm -rf $dir
UWSGI_PYTHON_PLUGIN=python
fi
if is_ubuntu || is_suse ; then
if is_ubuntu; then
# we've got to enable proxy and proxy_uwsgi for this to work
sudo a2enmod proxy
sudo a2enmod proxy_uwsgi
@@ -150,13 +137,13 @@ function install_apache_wsgi {
elif is_fedora; then
sudo rm -f /etc/httpd/conf.d/000-*
install_package httpd python3-mod_wsgi
# rpm distros dont enable httpd by default so enable it to support reboots.
sudo systemctl enable httpd
# For consistency with Ubuntu, switch to the worker mpm, as
# the default is event
sudo sed -i '/mod_mpm_prefork.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf
sudo sed -i '/mod_mpm_event.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf
sudo sed -i '/mod_mpm_worker.so/s/^#//g' /etc/httpd/conf.modules.d/00-mpm.conf
elif is_suse; then
install_package apache2 apache2-mod_wsgi
else
exit_distro_not_supported "apache wsgi installation"
fi
@@ -171,7 +158,7 @@ function install_apache_wsgi {
# recognise it. a2ensite and a2dissite ignore the .conf suffix used as parameter. The default sites'
# files are 000-default.conf and default-ssl.conf.
#
# On Fedora and openSUSE, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.
# On Fedora, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.
#
# On RHEL and CentOS, things should hopefully work as in Fedora.
#
@@ -187,7 +174,7 @@ function apache_site_config_for {
if is_ubuntu; then
# Ubuntu 14.04 - Apache 2.4
echo $APACHE_CONF_DIR/${site}.conf
elif is_fedora || is_suse; then
elif is_fedora; then
# fedora conf.d is only imported if it ends with .conf so this is approx the same
local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
if [ -f $enabled_site_file ]; then
@@ -205,7 +192,7 @@ function enable_apache_site {
enable_apache_mod version
if is_ubuntu; then
sudo a2ensite ${site}
elif is_fedora || is_suse; then
elif is_fedora; then
local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
# Do nothing if site already enabled or no site config exists
if [[ -f ${enabled_site_file}.disabled ]] && [[ ! -f ${enabled_site_file} ]]; then
@@ -219,7 +206,7 @@ function disable_apache_site {
local site=$@
if is_ubuntu; then
sudo a2dissite ${site} || true
elif is_fedora || is_suse; then
elif is_fedora; then
local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
# Do nothing if no site config exists
if [[ -f ${enabled_site_file} ]]; then
@@ -250,13 +237,17 @@ function restart_apache_server {
restart_service $APACHE_NAME
}
# write_uwsgi_config() - Create a new uWSGI config file
function write_uwsgi_config {
local file=$1
local conf=$1
local wsgi=$2
local url=$3
local http=$4
local name=""
name=$(basename $wsgi)
local name=$5
if [ -z "$name" ]; then
name=$(basename $wsgi)
fi
# create a home for the sockets; note don't use /tmp -- apache has
# a private view of it on some platforms.
@@ -271,39 +262,47 @@ function write_uwsgi_config {
local socket="$socket_dir/${name}.socket"
# always cleanup given that we are using iniset here
rm -rf $file
iniset "$file" uwsgi wsgi-file "$wsgi"
iniset "$file" uwsgi processes $API_WORKERS
rm -rf $conf
# Set either the module path or wsgi script path depending on what we've
# been given. Note that the regex isn't exhaustive - neither Python modules
# nor Python variables can start with a number - but it's "good enough"
if [[ "$wsgi" =~ ^[a-zA-Z0-9_.]+:[a-zA-Z0-9_]+$ ]]; then
iniset "$conf" uwsgi module "$wsgi"
else
deprecated 'Configuring uWSGI with a WSGI file is deprecated, use module paths instead'
iniset "$conf" uwsgi wsgi-file "$wsgi"
fi
iniset "$conf" uwsgi processes $API_WORKERS
# This is running standalone
iniset "$file" uwsgi master true
iniset "$conf" uwsgi master true
# Set die-on-term & exit-on-reload so that uwsgi shuts down
iniset "$file" uwsgi die-on-term true
iniset "$file" uwsgi exit-on-reload false
iniset "$conf" uwsgi die-on-term true
iniset "$conf" uwsgi exit-on-reload false
# Set worker-reload-mercy so that worker will not exit till the time
# configured after graceful shutdown
iniset "$file" uwsgi worker-reload-mercy $WORKER_TIMEOUT
iniset "$file" uwsgi enable-threads true
iniset "$file" uwsgi plugins http,${UWSGI_PYTHON_PLUGIN}
iniset "$conf" uwsgi worker-reload-mercy $WORKER_TIMEOUT
iniset "$conf" uwsgi enable-threads true
iniset "$conf" uwsgi plugins http,python3
# uwsgi recommends this to prevent thundering herd on accept.
iniset "$file" uwsgi thunder-lock true
iniset "$conf" uwsgi thunder-lock true
# Set hook to trigger graceful shutdown on SIGTERM
iniset "$file" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"
iniset "$conf" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"
# Override the default size for headers from the 4k default.
iniset "$file" uwsgi buffer-size 65535
iniset "$conf" uwsgi buffer-size 65535
# Make sure the client doesn't try to re-use the connection.
iniset "$file" uwsgi add-header "Connection: close"
iniset "$conf" uwsgi add-header "Connection: close"
# This ensures that file descriptors aren't shared between processes.
iniset "$file" uwsgi lazy-apps true
iniset "$conf" uwsgi lazy-apps true
# If we said bind directly to http, then do that and don't start the apache proxy
if [[ -n "$http" ]]; then
iniset "$file" uwsgi http $http
iniset "$conf" uwsgi http $http
else
local apache_conf=""
apache_conf=$(apache_site_config_for $name)
iniset "$file" uwsgi socket "$socket"
iniset "$file" uwsgi chmod-socket 666
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf
iniset "$conf" uwsgi socket "$socket"
iniset "$conf" uwsgi chmod-socket 666
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}\" retry=0 acquire=1 " | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
fi
@@ -316,47 +315,58 @@ function write_uwsgi_config {
# but that involves having apache buffer the request before sending it to
# uwsgi.
function write_local_uwsgi_http_config {
local file=$1
local conf=$1
local wsgi=$2
local url=$3
name=$(basename $wsgi)
local name=$4
if [ -z "$name" ]; then
name=$(basename $wsgi)
fi
# create a home for the sockets; note don't use /tmp -- apache has
# a private view of it on some platforms.
# always cleanup given that we are using iniset here
rm -rf $file
iniset "$file" uwsgi wsgi-file "$wsgi"
rm -rf $conf
# Set either the module path or wsgi script path depending on what we've
# been given
if [[ "$wsgi" =~ ^[a-zA-Z0-9_.]+:[a-zA-Z0-9_]+$ ]]; then
iniset "$conf" uwsgi module "$wsgi"
else
deprecated 'Configuring uWSGI with a WSGI file is deprecated, use module paths instead'
iniset "$conf" uwsgi wsgi-file "$wsgi"
fi
port=$(get_random_port)
iniset "$file" uwsgi http-socket "127.0.0.1:$port"
iniset "$file" uwsgi processes $API_WORKERS
iniset "$conf" uwsgi http-socket "$APACHE_LOCAL_HOST:$port"
iniset "$conf" uwsgi processes $API_WORKERS
# This is running standalone
iniset "$file" uwsgi master true
iniset "$conf" uwsgi master true
# Set die-on-term & exit-on-reload so that uwsgi shuts down
iniset "$file" uwsgi die-on-term true
iniset "$file" uwsgi exit-on-reload false
iniset "$file" uwsgi enable-threads true
iniset "$file" uwsgi plugins http,${UWSGI_PYTHON_PLUGIN}
# uwsgi recommends this to prevent thundering herd on accept.
iniset "$file" uwsgi thunder-lock true
# Set hook to trigger graceful shutdown on SIGTERM
iniset "$file" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"
iniset "$conf" uwsgi die-on-term true
iniset "$conf" uwsgi exit-on-reload false
# Set worker-reload-mercy so that worker will not exit till the time
# configured after graceful shutdown
iniset "$file" uwsgi worker-reload-mercy $WORKER_TIMEOUT
iniset "$conf" uwsgi worker-reload-mercy $WORKER_TIMEOUT
iniset "$conf" uwsgi enable-threads true
iniset "$conf" uwsgi plugins http,python3
# uwsgi recommends this to prevent thundering herd on accept.
iniset "$conf" uwsgi thunder-lock true
# Set hook to trigger graceful shutdown on SIGTERM
iniset "$conf" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"
# Override the default size for headers from the 4k default.
iniset "$file" uwsgi buffer-size 65535
iniset "$conf" uwsgi buffer-size 65535
# Make sure the client doesn't try to re-use the connection.
iniset "$file" uwsgi add-header "Connection: close"
iniset "$conf" uwsgi add-header "Connection: close"
# This ensures that file descriptors aren't shared between processes.
iniset "$file" uwsgi lazy-apps true
iniset "$file" uwsgi chmod-socket 666
iniset "$file" uwsgi http-raw-body true
iniset "$file" uwsgi http-chunked-input true
iniset "$file" uwsgi http-auto-chunked true
iniset "$file" uwsgi http-keepalive false
iniset "$conf" uwsgi lazy-apps true
iniset "$conf" uwsgi chmod-socket 666
iniset "$conf" uwsgi http-raw-body true
iniset "$conf" uwsgi http-chunked-input true
iniset "$conf" uwsgi http-auto-chunked true
iniset "$conf" uwsgi http-keepalive false
# Increase socket timeout for slow chunked uploads
iniset "$file" uwsgi socket-timeout 30
iniset "$conf" uwsgi socket-timeout 30
enable_apache_mod proxy
enable_apache_mod proxy_http
@@ -364,7 +374,7 @@ function write_local_uwsgi_http_config {
apache_conf=$(apache_site_config_for $name)
echo "KeepAlive Off" | sudo tee $apache_conf
echo "SetEnv proxy-sendchunked 1" | sudo tee -a $apache_conf
echo "ProxyPass \"${url}\" \"http://127.0.0.1:$port\" retry=0 " | sudo tee -a $apache_conf
echo "ProxyPass \"${url}\" \"http://$APACHE_LOCAL_HOST:$port\" retry=0 acquire=1 " | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
}
@@ -383,18 +393,24 @@ function write_local_proxy_http_config {
echo "KeepAlive Off" | sudo tee $apache_conf
echo "SetEnv proxy-sendchunked 1" | sudo tee -a $apache_conf
echo "ProxyPass \"${loc}\" \"$url\" retry=0 " | sudo tee -a $apache_conf
echo "ProxyPass \"${loc}\" \"$url\" retry=0 acquire=1 " | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
}
function remove_uwsgi_config {
local file=$1
local conf=$1
local wsgi=$2
local name=""
# TODO(stephenfin): Remove this call when everyone is using module path
# configuration instead of file path configuration
name=$(basename $wsgi)
rm -rf $file
if [[ "$wsgi" = /* ]]; then
deprecated "Passing a wsgi script to remove_uwsgi_config is deprecated, pass an application name instead"
fi
rm -rf $conf
disable_apache_site $name
}
+203 -70
View File
@@ -43,6 +43,13 @@ GITDIR["python-cinderclient"]=$DEST/python-cinderclient
GITDIR["python-brick-cinderclient-ext"]=$DEST/python-brick-cinderclient-ext
CINDER_DIR=$DEST/cinder
if [[ $SERVICE_IP_VERSION == 6 ]]; then
CINDER_MY_IP="$HOST_IPV6"
else
CINDER_MY_IP="$HOST_IP"
fi
# Cinder virtual environment
if [[ ${USE_VENV} = True ]]; then
PROJECT_VENV["cinder"]=${CINDER_DIR}.venv
@@ -69,6 +76,11 @@ CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
# We do not need to report service status every 10s for devstack-like
# deployments. In the gate this generates extra work for the services and the
# database which are already taxed.
CINDER_SERVICE_REPORT_INTERVAL=${CINDER_SERVICE_REPORT_INTERVAL:-120}
# What type of LVM device should Cinder use for LVM backend
# Defaults to auto, which will do thin provisioning if it's a fresh
# volume group, otherwise it will do thick. The other valid choices are
@@ -76,6 +88,10 @@ CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $S
# thin provisioning.
CINDER_LVM_TYPE=${CINDER_LVM_TYPE:-auto}
# ``CINDER_USE_SERVICE_TOKEN`` is a mode where service token is passed along with
# user token while communicating to external REST APIs like Glance.
CINDER_USE_SERVICE_TOKEN=$(trueorfalse True CINDER_USE_SERVICE_TOKEN)
# Default backends
# The backend format is type:name where type is one of the supported backend
# types (lvm, nfs, etc) and name is the identifier used in the Cinder
@@ -88,13 +104,33 @@ CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1}
CINDER_VOLUME_CLEAR=${CINDER_VOLUME_CLEAR:-${CINDER_VOLUME_CLEAR_DEFAULT:-zero}}
CINDER_VOLUME_CLEAR=$(echo ${CINDER_VOLUME_CLEAR} | tr '[:upper:]' '[:lower:]')
# Default to lioadm
CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-lioadm}
VOLUME_TYPE_MULTIATTACH=${VOLUME_TYPE_MULTIATTACH:-multiattach}
# EL and SUSE should only use lioadm
if is_fedora || is_suse; then
if [[ ${CINDER_ISCSI_HELPER} != "lioadm" ]]; then
die "lioadm is the only valid Cinder target_helper config on this platform"
if [[ -n "$CINDER_ISCSI_HELPER" ]]; then
if [[ -z "$CINDER_TARGET_HELPER" ]]; then
deprecated 'Using CINDER_ISCSI_HELPER is deprecated, use CINDER_TARGET_HELPER instead'
CINDER_TARGET_HELPER="$CINDER_ISCSI_HELPER"
else
deprecated 'Deprecated CINDER_ISCSI_HELPER is set, but is being overwritten by CINDER_TARGET_HELPER'
fi
fi
CINDER_TARGET_HELPER=${CINDER_TARGET_HELPER:-lioadm}
if [[ $CINDER_TARGET_HELPER == 'nvmet' ]]; then
CINDER_TARGET_PROTOCOL=${CINDER_TARGET_PROTOCOL:-'nvmet_rdma'}
CINDER_TARGET_PREFIX=${CINDER_TARGET_PREFIX:-'nvme-subsystem-1'}
CINDER_TARGET_PORT=${CINDER_TARGET_PORT:-4420}
else
CINDER_TARGET_PROTOCOL=${CINDER_TARGET_PROTOCOL:-'iscsi'}
CINDER_TARGET_PREFIX=${CINDER_TARGET_PREFIX:-'iqn.2010-10.org.openstack:'}
CINDER_TARGET_PORT=${CINDER_TARGET_PORT:-3260}
fi
# EL should only use lioadm
if is_fedora; then
if [[ ${CINDER_TARGET_HELPER} != "lioadm" && ${CINDER_TARGET_HELPER} != 'nvmet' ]]; then
die "lioadm and nvmet are the only valid Cinder target_helper config on this platform"
fi
fi
@@ -151,6 +187,12 @@ fi
# Environment variables to configure the image-volume cache
CINDER_IMG_CACHE_ENABLED=${CINDER_IMG_CACHE_ENABLED:-True}
# Environment variables to configure the optimized volume upload
CINDER_UPLOAD_OPTIMIZED=${CINDER_UPLOAD_OPTIMIZED:-False}
# Environment variables to configure the internal tenant during optimized volume upload
CINDER_UPLOAD_INTERNAL_TENANT=${CINDER_UPLOAD_INTERNAL_TENANT:-False}
# For limits, if left unset, it will use cinder defaults of 0 for unlimited
CINDER_IMG_CACHE_SIZE_GB=${CINDER_IMG_CACHE_SIZE_GB:-}
CINDER_IMG_CACHE_SIZE_COUNT=${CINDER_IMG_CACHE_SIZE_COUNT:-}
@@ -160,6 +202,11 @@ CINDER_IMG_CACHE_SIZE_COUNT=${CINDER_IMG_CACHE_SIZE_COUNT:-}
# enable the cache for all cinder backends.
CINDER_CACHE_ENABLED_FOR_BACKENDS=${CINDER_CACHE_ENABLED_FOR_BACKENDS:-$CINDER_ENABLED_BACKENDS}
# Configure which cinder backends will have optimized volume upload, this takes the same
# form as the CINDER_ENABLED_BACKENDS config option. By default it will
# enable the cache for all cinder backends.
CINDER_UPLOAD_OPTIMIZED_BACKENDS=${CINDER_UPLOAD_OPTIMIZED_BACKENDS:-$CINDER_ENABLED_BACKENDS}
# Flag to set the oslo_policy.enforce_scope. This is used to switch
# the Volume API policies to start checking the scope of token. by default,
# this flag is False.
@@ -187,7 +234,7 @@ function _cinder_cleanup_apache_wsgi {
function cleanup_cinder {
# ensure the volume group is cleared up because fails might
# leave dead volumes in the group
if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
if [ "$CINDER_TARGET_HELPER" = "tgtadm" ]; then
local targets
targets=$(sudo tgtadm --op show --mode target)
if [ $? -ne 0 ]; then
@@ -215,8 +262,14 @@ function cleanup_cinder {
else
stop_service tgtd
fi
else
elif [ "$CINDER_TARGET_HELPER" = "lioadm" ]; then
sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
elif [ "$CINDER_TARGET_HELPER" = "nvmet" ]; then
# If we don't disconnect everything vgremove will block
sudo nvme disconnect-all
sudo nvmetcli clear
else
die $LINENO "Unknown value \"$CINDER_TARGET_HELPER\" for CINDER_TARGET_HELPER"
fi
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
@@ -237,7 +290,7 @@ function cleanup_cinder {
fi
stop_process "c-api"
remove_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI"
remove_uwsgi_config "$CINDER_UWSGI_CONF" "cinder-wsgi"
}
# configure_cinder() - Set config files, create data dirs, etc
@@ -267,7 +320,7 @@ function configure_cinder {
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $CINDER_CONF DEFAULT target_helper "$CINDER_ISCSI_HELPER"
iniset $CINDER_CONF DEFAULT target_helper "$CINDER_TARGET_HELPER"
iniset $CINDER_CONF database connection `database_connection_url cinder`
iniset $CINDER_CONF DEFAULT api_paste_config $CINDER_API_PASTE_INI
iniset $CINDER_CONF DEFAULT rootwrap_config "$CINDER_CONF_DIR/rootwrap.conf"
@@ -275,22 +328,26 @@ function configure_cinder {
iniset $CINDER_CONF DEFAULT osapi_volume_listen $CINDER_SERVICE_LISTEN_ADDRESS
iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH
iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH
if [[ $SERVICE_IP_VERSION == 6 ]]; then
iniset $CINDER_CONF DEFAULT my_ip "$HOST_IPV6"
else
iniset $CINDER_CONF DEFAULT my_ip "$HOST_IP"
fi
iniset $CINDER_CONF DEFAULT my_ip "$CINDER_MY_IP"
iniset $CINDER_CONF key_manager backend cinder.keymgr.conf_key_mgr.ConfKeyManager
iniset $CINDER_CONF key_manager fixed_key $(openssl rand -hex 16)
if [[ -n "$CINDER_ALLOWED_DIRECT_URL_SCHEMES" ]]; then
iniset $CINDER_CONF DEFAULT allowed_direct_url_schemes $CINDER_ALLOWED_DIRECT_URL_SCHEMES
fi
# set default quotas
iniset $CINDER_CONF DEFAULT quota_volumes ${CINDER_QUOTA_VOLUMES:-10}
iniset $CINDER_CONF DEFAULT quota_backups ${CINDER_QUOTA_BACKUPS:-10}
iniset $CINDER_CONF DEFAULT quota_snapshots ${CINDER_QUOTA_SNAPSHOTS:-10}
# Avoid RPC timeouts in slow CI and test environments by doubling the
# default response timeout set by RPC clients. See bug #1873234 for more
# details and example failures.
iniset $CINDER_CONF DEFAULT rpc_response_timeout 120
iniset $CINDER_CONF DEFAULT report_interval $CINDER_SERVICE_REPORT_INTERVAL
iniset $CINDER_CONF DEFAULT service_down_time $(($CINDER_SERVICE_REPORT_INTERVAL * 6))
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
local enabled_backends=""
local default_name=""
@@ -311,6 +368,14 @@ function configure_cinder {
iniset $CINDER_CONF DEFAULT default_volume_type ${default_name}
fi
configure_cinder_image_volume_cache
# The upload optimization uses Cinder's clone volume functionality to
# clone the Image-Volume from source volume hence can only be
# performed when glance is using cinder as it's backend.
if [[ "$USE_CINDER_FOR_GLANCE" == "True" ]]; then
# Configure optimized volume upload
configure_cinder_volume_upload
fi
fi
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
@@ -348,7 +413,9 @@ function configure_cinder {
# Format logging
setup_logging $CINDER_CONF $CINDER_USE_MOD_WSGI
write_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI" "/volume"
if is_service_enabled c-api; then
write_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI" "/volume"
fi
if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
configure_cinder_driver
@@ -370,54 +437,58 @@ function configure_cinder {
if [[ ! -z "$CINDER_COORDINATION_URL" ]]; then
iniset $CINDER_CONF coordination backend_url "$CINDER_COORDINATION_URL"
elif is_service_enabled etcd3; then
iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT"
# NOTE(jan.gutter): api_version can revert to default once tooz is
# updated with the etcd v3.4 defaults
iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT?api_version=v3"
fi
if [[ "$CINDER_ENFORCE_SCOPE" == True ]] ; then
if [[ "$CINDER_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $CINDER_CONF oslo_policy enforce_scope true
iniset $CINDER_CONF oslo_policy enforce_new_defaults true
else
iniset $CINDER_CONF oslo_policy enforce_scope false
iniset $CINDER_CONF oslo_policy enforce_new_defaults false
fi
if [ "$CINDER_USE_SERVICE_TOKEN" == "True" ]; then
init_cinder_service_user_conf
fi
}
# create_cinder_accounts() - Set up common required cinder accounts
# Tenant User Roles
# Project User Roles
# ------------------------------------------------------------------
# service cinder admin # if enabled
# SERVICE_PROJECT_NAME cinder service
# SERVICE_PROJECT_NAME cinder creator (if Barbican is enabled)
# Migrated from keystone_data.sh
function create_cinder_accounts {
# Cinder
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
create_service_user "cinder"
local extra_role=""
# cinder needs the "creator" role in order to interact with barbican
if is_service_enabled barbican; then
extra_role=$(get_or_create_role "creator")
fi
create_service_user "cinder" $extra_role
local cinder_api_url
if [[ "$CINDER_USE_MOD_WSGI" == "False" ]]; then
cinder_api_url="$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT"
else
cinder_api_url="$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume"
fi
# block-storage is the official service type
get_or_create_service "cinder" "block-storage" "Cinder Volume Service"
if [ "$CINDER_USE_MOD_WSGI" == "False" ]; then
get_or_create_endpoint \
"block-storage" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/\$(project_id)s"
get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
get_or_create_endpoint \
"volumev3" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/\$(project_id)s"
else
get_or_create_endpoint \
"block-storage" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v3/\$(project_id)s"
get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
get_or_create_endpoint \
"volumev3" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v3/\$(project_id)s"
fi
get_or_create_endpoint \
"block-storage" \
"$REGION_NAME" \
"$cinder_api_url/v3"
configure_cinder_internal_tenant
fi
}
@@ -440,10 +511,6 @@ function init_cinder {
be_type=${be%%:*}
be_name=${be##*:}
if type init_cinder_backend_${be_type} >/dev/null 2>&1; then
# Always init the default volume group for lvm.
if [[ "$be_type" == "lvm" ]]; then
init_default_lvm_volume_group
fi
init_cinder_backend_${be_type} ${be_name}
fi
done
@@ -462,9 +529,9 @@ function init_cinder {
function install_cinder {
git_clone $CINDER_REPO $CINDER_DIR $CINDER_BRANCH
setup_develop $CINDER_DIR
if [[ "$CINDER_ISCSI_HELPER" == "tgtadm" ]]; then
if [[ "$CINDER_TARGET_HELPER" == "tgtadm" ]]; then
install_package tgt
elif [[ "$CINDER_ISCSI_HELPER" == "lioadm" ]]; then
elif [[ "$CINDER_TARGET_HELPER" == "lioadm" ]]; then
if is_ubuntu; then
# TODO(frickler): Workaround for https://launchpad.net/bugs/1819819
sudo mkdir -p /etc/target
@@ -473,6 +540,43 @@ function install_cinder {
else
install_package targetcli
fi
elif [[ "$CINDER_TARGET_HELPER" == "nvmet" ]]; then
install_package nvme-cli
# TODO: Remove manual installation of the dependency when the
# requirement is added to nvmetcli:
# http://lists.infradead.org/pipermail/linux-nvme/2022-July/033576.html
if is_ubuntu; then
install_package python3-configshell-fb
else
install_package python3-configshell
fi
# Install from source because Ubuntu doesn't have the package and some packaged versions didn't work on Python 3
pip_install git+git://git.infradead.org/users/hch/nvmetcli.git
sudo modprobe nvmet
sudo modprobe nvme-fabrics
if [[ $CINDER_TARGET_PROTOCOL == 'nvmet_rdma' ]]; then
install_package rdma-core
sudo modprobe nvme-rdma
# Create the Soft-RoCE device over the networking interface
local iface=${HOST_IP_IFACE:-`ip -br -$SERVICE_IP_VERSION a | grep $CINDER_MY_IP | awk '{print $1}'`}
if [[ -z "$iface" ]]; then
die $LINENO "Cannot find interface to bind Soft-RoCE"
fi
if ! sudo rdma link | grep $iface ; then
sudo rdma link add rxe_$iface type rxe netdev $iface
fi
elif [[ $CINDER_TARGET_PROTOCOL == 'nvmet_tcp' ]]; then
sudo modprobe nvme-tcp
else # 'nvmet_fc'
sudo modprobe nvme-fc
fi
fi
}
@@ -509,18 +613,13 @@ function start_cinder {
service_port=$CINDER_SERVICE_PORT_INT
service_protocol="http"
fi
if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
if [ "$CINDER_TARGET_HELPER" = "tgtadm" ]; then
if is_service_enabled c-vol; then
# Delete any old stack.conf
sudo rm -f /etc/tgt/conf.d/stack.conf
_configure_tgt_for_config_d
if is_ubuntu; then
sudo service tgt restart
elif is_suse; then
# NOTE(dmllr): workaround restart bug
# https://bugzilla.suse.com/show_bug.cgi?id=934642
stop_service tgtd
start_service tgtd
else
restart_service tgtd
fi
@@ -549,8 +648,13 @@ function start_cinder {
fi
run_process c-sch "$CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF"
run_process c-bak "$CINDER_BIN_DIR/cinder-backup --config-file $CINDER_CONF"
run_process c-vol "$CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF"
# Tune glibc for Python Services using single malloc arena for all threads
# and disabling dynamic thresholds to reduce memory usage when using native
# threads directly or via eventlet.tpool
# https://www.gnu.org/software/libc/manual/html_node/Memory-Allocation-Tunables.html
malloc_tuning="MALLOC_ARENA_MAX=1 MALLOC_MMAP_THRESHOLD_=131072 MALLOC_TRIM_THRESHOLD_=262144"
run_process c-bak "$CINDER_BIN_DIR/cinder-backup --config-file $CINDER_CONF" "" "" "$malloc_tuning"
run_process c-vol "$CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF" "" "" "$malloc_tuning"
# NOTE(jdg): For cinder, startup order matters. To ensure that repor_capabilities is received
# by the scheduler start the cinder-volume service last (or restart it) after the scheduler
@@ -565,6 +669,23 @@ function stop_cinder {
stop_process c-vol
}
function create_one_type {
type_name=$1
property_key=$2
property_value=$3
# NOTE (e0ne): openstack client doesn't work with cinder in noauth mode
if is_service_enabled keystone; then
openstack --os-region-name="$REGION_NAME" volume type create --property $property_key="$property_value" $type_name
else
# TODO (e0ne): use openstack client once it will support cinder in noauth mode:
# https://bugs.launchpad.net/python-cinderclient/+bug/1755279
local cinder_url
cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST:$CINDER_SERVICE_PORT/v3
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-create $type_name
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-key $type_name set $property_key="$property_value"
fi
}
# create_volume_types() - Create Cinder's configured volume types
function create_volume_types {
# Create volume types
@@ -572,19 +693,13 @@ function create_volume_types {
local be be_name
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_name=${be##*:}
# NOTE (e0ne): openstack client doesn't work with cinder in noauth mode
if is_service_enabled keystone; then
openstack --os-region-name="$REGION_NAME" volume type create --property volume_backend_name="${be_name}" ${be_name}
else
# TODO (e0ne): use openstack client once it will support cinder in noauth mode:
# https://bugs.launchpad.net/python-cinderclient/+bug/1755279
local cinder_url
cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST:$CINDER_SERVICE_PORT/v3
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-create ${be_name}
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-key ${be_name} set volume_backend_name=${be_name}
fi
create_one_type $be_name "volume_backend_name" $be_name
done
if [[ $ENABLE_VOLUME_MULTIATTACH == "True" ]]; then
create_one_type $VOLUME_TYPE_MULTIATTACH $VOLUME_TYPE_MULTIATTACH "<is> True"
fi
# Increase quota for the service project if glance is using cinder,
# since it's likely to occasionally go above the default 10 in parallel
# test execution.
@@ -628,6 +743,24 @@ function configure_cinder_image_volume_cache {
done
}
function configure_cinder_volume_upload {
# Expect UPLOAD_VOLUME_OPTIMIZED_FOR_BACKENDS to be a list of backends
# similar to CINDER_ENABLED_BACKENDS with NAME:TYPE where NAME will
# be the backend specific configuration stanza in cinder.conf.
local be be_name
for be in ${CINDER_UPLOAD_OPTIMIZED_BACKENDS//,/ }; do
be_name=${be##*:}
iniset $CINDER_CONF $be_name image_upload_use_cinder_backend $CINDER_UPLOAD_OPTIMIZED
iniset $CINDER_CONF $be_name image_upload_use_internal_tenant $CINDER_UPLOAD_INTERNAL_TENANT
done
}
function init_cinder_service_user_conf {
configure_keystone_authtoken_middleware $CINDER_CONF cinder service_user
iniset $CINDER_CONF service_user send_service_user_token True
iniset $CINDER_CONF service_user auth_strategy keystone
}
# Restore xtrace
$_XTRACE_CINDER
+1 -1
View File
@@ -50,7 +50,7 @@ function configure_cinder_backend_lvm {
iniset $CINDER_CONF $be_name volume_backend_name $be_name
iniset $CINDER_CONF $be_name volume_driver "cinder.tests.fake_driver.FakeGateDriver"
iniset $CINDER_CONF $be_name volume_group $VOLUME_GROUP_NAME-$be_name
iniset $CINDER_CONF $be_name target_helper "$CINDER_ISCSI_HELPER"
iniset $CINDER_CONF $be_name target_helper "$CINDER_TARGET_HELPER"
iniset $CINDER_CONF $be_name lvm_type "$CINDER_LVM_TYPE"
if [[ "$CINDER_VOLUME_CLEAR" == "non" ]]; then
+4 -1
View File
@@ -50,7 +50,10 @@ function configure_cinder_backend_lvm {
iniset $CINDER_CONF $be_name volume_backend_name $be_name
iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.lvm.LVMVolumeDriver"
iniset $CINDER_CONF $be_name volume_group $VOLUME_GROUP_NAME-$be_name
iniset $CINDER_CONF $be_name target_helper "$CINDER_ISCSI_HELPER"
iniset $CINDER_CONF $be_name target_helper "$CINDER_TARGET_HELPER"
iniset $CINDER_CONF $be_name target_protocol "$CINDER_TARGET_PROTOCOL"
iniset $CINDER_CONF $be_name target_port "$CINDER_TARGET_PORT"
iniset $CINDER_CONF $be_name target_prefix "$CINDER_TARGET_PREFIX"
iniset $CINDER_CONF $be_name lvm_type "$CINDER_LVM_TYPE"
iniset $CINDER_CONF $be_name volume_clear "$CINDER_VOLUME_CLEAR"
}
+9
View File
@@ -32,6 +32,15 @@ function configure_cinder_backend_nfs {
iniset $CINDER_CONF $be_name volume_backend_name $be_name
iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.nfs.NfsDriver"
iniset $CINDER_CONF $be_name nfs_shares_config "$CINDER_CONF_DIR/nfs-shares-$be_name.conf"
iniset $CINDER_CONF $be_name nas_host localhost
iniset $CINDER_CONF $be_name nas_share_path ${NFS_EXPORT_DIR}
iniset $CINDER_CONF $be_name nas_secure_file_operations \
${NFS_SECURE_FILE_OPERATIONS}
iniset $CINDER_CONF $be_name nas_secure_file_permissions \
${NFS_SECURE_FILE_PERMISSIONS}
# NFS snapshot support is currently opt-in only.
iniset $CINDER_CONF $be_name nfs_snapshot_support True
echo "$CINDER_NFS_SERVERPATH" | tee "$CINDER_CONF_DIR/nfs-shares-$be_name.conf"
}
+8 -5
View File
@@ -26,12 +26,15 @@ CINDER_BAK_CEPH_USER=${CINDER_BAK_CEPH_USER:-cinder-bak}
function configure_cinder_backup_ceph {
sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_BAK_CEPH_POOL} ${CINDER_BAK_CEPH_POOL_PG} ${CINDER_BAK_CEPH_POOL_PGP}
if [[ "$REMOTE_CEPH" = "False" && "$CEPH_REPLICAS" -ne 1 ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID}
# Execute this part only when cephadm is not used
if [[ "$CEPHADM_DEPLOY" = "False" ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_BAK_CEPH_POOL} ${CINDER_BAK_CEPH_POOL_PG} ${CINDER_BAK_CEPH_POOL_PGP}
if [[ "$REMOTE_CEPH" = "False" && "$CEPH_REPLICAS" -ne 1 ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID}
fi
sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
fi
sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.ceph.CephBackupDriver"
iniset $CINDER_CONF DEFAULT backup_ceph_conf "$CEPH_CONF_FILE"
+3
View File
@@ -24,6 +24,9 @@ function configure_cinder_backup_swift {
# to use it.
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.swift.SwiftBackupDriver"
iniset $CINDER_CONF DEFAULT backup_swift_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_"
if is_service_enabled tls-proxy; then
iniset $CINDER_CONF DEFAULT backup_swift_ca_cert_file $SSL_BUNDLE_FILE
fi
}
# init_cinder_backup_swift: nothing to do
+4 -2
View File
@@ -89,6 +89,10 @@ function initialize_database_backends {
DATABASE_PASSWORD=$MYSQL_PASSWORD
fi
return 0
}
function define_database_baseurl {
# We configure Nova, Horizon, Glance and Keystone to use MySQL as their
# database server. While they share a single server, each has their own
# database and tables.
@@ -100,8 +104,6 @@ function initialize_database_backends {
# NOTE: Don't specify ``/db`` in this string so we can use it for multiple services
BASE_SQL_CONN=${BASE_SQL_CONN:-$(get_database_type_$DATABASE_TYPE)://$DATABASE_USER:$DATABASE_PASSWORD@$DATABASE_HOST}
return 0
}
# Recreate a given database
+92 -36
View File
@@ -12,6 +12,7 @@ _XTRACE_DB_MYSQL=$(set +o | grep xtrace)
set +o xtrace
MYSQL_DRIVER=${MYSQL_DRIVER:-PyMySQL}
INSTALL_DATABASE_SERVER_PACKAGES=$(trueorfalse True INSTALL_DATABASE_SERVER_PACKAGES)
register_database mysql
@@ -19,11 +20,7 @@ if [[ -z "$MYSQL_SERVICE_NAME" ]]; then
MYSQL_SERVICE_NAME=mysql
if is_fedora && ! is_oraclelinux; then
MYSQL_SERVICE_NAME=mariadb
elif is_suse && systemctl list-unit-files | grep -q 'mariadb\.service'; then
# Older mariadb packages on SLES 12 provided mysql.service. The
# newer ones on SLES 12 and 15 use mariadb.service; they also
# provide a mysql.service symlink for backwards-compatibility, but
# let's not rely on that.
elif [[ "$DISTRO" =~ bookworm|bullseye ]]; then
MYSQL_SERVICE_NAME=mariadb
fi
fi
@@ -51,7 +48,7 @@ function cleanup_database_mysql {
elif is_oraclelinux; then
uninstall_package mysql-community-server
sudo rm -rf /var/lib/mysql
elif is_suse || is_fedora; then
elif is_fedora; then
uninstall_package mariadb-server
sudo rm -rf /var/lib/mysql
else
@@ -66,12 +63,12 @@ function recreate_database_mysql {
}
function configure_database_mysql {
local my_conf mysql slow_log
local my_conf mysql slow_log my_client_conf
echo_summary "Configuring and starting MySQL"
if is_ubuntu; then
my_conf=/etc/mysql/my.cnf
elif is_suse || is_oraclelinux; then
elif is_oraclelinux; then
my_conf=/etc/my.cnf
elif is_fedora; then
my_conf=/etc/my.cnf
@@ -83,42 +80,69 @@ function configure_database_mysql {
exit_distro_not_supported "mysql configuration"
fi
# Start mysql-server
if is_fedora || is_suse; then
# Set fips mode on
if is_ubuntu; then
if is_fips_enabled; then
my_client_conf=/etc/mysql/mysql.conf.d/mysql.cnf
iniset -sudo $my_client_conf mysql ssl-fips-mode "on"
iniset -sudo $my_conf mysqld ssl-fips-mode "on"
fi
fi
# Change bind-address from localhost (127.0.0.1) to any (::)
iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"
# (Re)Start mysql-server
if is_fedora; then
# service is not started by default
start_service $MYSQL_SERVICE_NAME
elif is_ubuntu; then
# required since bind-address could have changed above
restart_service $MYSQL_SERVICE_NAME
fi
# Set the root password - only works the first time. For Ubuntu, we already
# did that with debconf before installing the package, but we still try,
# because the package might have been installed already.
sudo mysqladmin -u root password $DATABASE_PASSWORD || true
# because the package might have been installed already. We don't do this
# for Ubuntu 22.04 (jammy) because the authorization model change in
# version 10.4 of mariadb. See
# https://mariadb.org/authentication-in-mariadb-10-4/
if ! (is_ubuntu && [[ "$DISTRO" == "jammy" ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then
sudo mysqladmin -u root password $DATABASE_PASSWORD || true
fi
# In case of Mariadb, giving hostname in arguments causes permission
# problems as it expects connection through socket
if is_ubuntu && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then
local cmd_args="-uroot -p$DATABASE_PASSWORD "
else
local cmd_args="-uroot -p$DATABASE_PASSWORD -h127.0.0.1 "
local cmd_args="-uroot -p$DATABASE_PASSWORD -h$SERVICE_LOCAL_HOST "
fi
# In mariadb e.g. on Ubuntu socket plugin is used for authentication
# as root so it works only as sudo. To restore old "mysql like" behaviour,
# we need to change auth plugin for root user
if is_ubuntu && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then
sudo mysql $cmd_args -e "UPDATE mysql.user SET plugin='' WHERE user='$DATABASE_USER' AND host='localhost';"
sudo mysql $cmd_args -e "FLUSH PRIVILEGES;"
# TODO(frickler): simplify this logic
if is_ubuntu && [[ ! "$DISTRO" =~ bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then
if [[ "$DISTRO" == "jammy" ]]; then
# For Ubuntu 22.04 (jammy) we follow the model outlined in
# https://mariadb.org/authentication-in-mariadb-10-4/
sudo mysql -e "ALTER USER $DATABASE_USER@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('$DATABASE_PASSWORD');"
else
sudo mysql $cmd_args -e "UPDATE mysql.user SET plugin='' WHERE user='$DATABASE_USER' AND host='localhost';"
sudo mysql $cmd_args -e "FLUSH PRIVILEGES;"
fi
fi
if ! (is_ubuntu && [[ "$DISTRO" == "jammy" ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then
# Create DB user if it does not already exist
sudo mysql $cmd_args -e "CREATE USER IF NOT EXISTS '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
# Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases:
sudo mysql $cmd_args -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%';"
fi
# Create DB user if it does not already exist
sudo mysql $cmd_args -e "CREATE USER IF NOT EXISTS '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
# Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases:
sudo mysql $cmd_args -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%';"
# Now update ``my.cnf`` for some local needs and restart the mysql service
# Change bind-address from localhost (127.0.0.1) to any (::) and
# set default db type to InnoDB
iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"
# Set default db type to InnoDB
iniset -sudo $my_conf mysqld sql_mode TRADITIONAL
iniset -sudo $my_conf mysqld default-storage-engine InnoDB
iniset -sudo $my_conf mysqld max_connections 1024
@@ -143,6 +167,29 @@ function configure_database_mysql {
iniset -sudo $my_conf mysqld log-queries-not-using-indexes 1
fi
if [[ "$MYSQL_GATHER_PERFORMANCE" == "True" ]]; then
echo "enabling MySQL performance counting"
# Install our sqlalchemy plugin
pip_install ${TOP_DIR}/tools/dbcounter
# Create our stats database for accounting
recreate_database stats
mysql -u $DATABASE_USER -p$DATABASE_PASSWORD -h $MYSQL_HOST -e \
"CREATE TABLE queries (db VARCHAR(32), op VARCHAR(32),
count INT, PRIMARY KEY (db, op)) ENGINE MEMORY" stats
fi
if [[ "$MYSQL_REDUCE_MEMORY" == "True" ]]; then
iniset -sudo $my_conf mysqld read_buffer_size 64K
iniset -sudo $my_conf mysqld innodb_buffer_pool_size 16M
iniset -sudo $my_conf mysqld thread_stack 192K
iniset -sudo $my_conf mysqld thread_cache_size 8
iniset -sudo $my_conf mysqld tmp_table_size 8M
iniset -sudo $my_conf mysqld sort_buffer_size 8M
iniset -sudo $my_conf mysqld max_allowed_packet 8M
fi
restart_service $MYSQL_SERVICE_NAME
}
@@ -173,18 +220,17 @@ EOF
chmod 0600 $HOME/.my.cnf
fi
# Install mysql-server
if is_oraclelinux; then
install_package mysql-community-server
elif is_fedora; then
install_package mariadb-server mariadb-devel
sudo systemctl enable $MYSQL_SERVICE_NAME
elif is_suse; then
install_package mariadb-server
sudo systemctl enable $MYSQL_SERVICE_NAME
elif is_ubuntu; then
install_package $MYSQL_SERVICE_NAME-server
else
exit_distro_not_supported "mysql installation"
if [[ "$INSTALL_DATABASE_SERVER_PACKAGES" == "True" ]]; then
if is_oraclelinux; then
install_package mysql-community-server
elif is_fedora; then
install_package mariadb-server mariadb-devel mariadb
sudo systemctl enable $MYSQL_SERVICE_NAME
elif is_ubuntu; then
install_package $MYSQL_SERVICE_NAME-server
else
exit_distro_not_supported "mysql installation"
fi
fi
}
@@ -200,7 +246,17 @@ function install_database_python_mysql {
function database_connection_url_mysql {
local db=$1
echo "$BASE_SQL_CONN/$db?charset=utf8"
local plugin
# NOTE(danms): We don't enable perf on subnodes yet because the
# plugin is not installed there
if [[ "$MYSQL_GATHER_PERFORMANCE" == "True" ]]; then
if is_service_enabled mysql; then
plugin="&plugin=dbcounter"
fi
fi
echo "$BASE_SQL_CONN/$db?charset=utf8$plugin"
}
+18 -16
View File
@@ -13,7 +13,7 @@ set +o xtrace
MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-200}
INSTALL_DATABASE_SERVER_PACKAGES=$(trueorfalse True INSTALL_DATABASE_SERVER_PACKAGES)
register_database postgresql
@@ -32,7 +32,7 @@ function cleanup_database_postgresql {
# Get ruthless with mysql
apt_get purge -y postgresql*
return
elif is_fedora || is_suse; then
elif is_fedora; then
uninstall_package postgresql-server
else
return
@@ -46,6 +46,10 @@ function recreate_database_postgresql {
createdb -h $DATABASE_HOST -U$DATABASE_USER -l C -T template0 -E utf8 $db
}
function _exit_pg_init {
sudo cat /var/lib/pgsql/initdb_postgresql.log
}
function configure_database_postgresql {
local pg_conf pg_dir pg_hba check_role version
echo_summary "Configuring and starting PostgreSQL"
@@ -53,7 +57,9 @@ function configure_database_postgresql {
pg_hba=/var/lib/pgsql/data/pg_hba.conf
pg_conf=/var/lib/pgsql/data/postgresql.conf
if ! sudo [ -e $pg_hba ]; then
trap _exit_pg_init EXIT
sudo postgresql-setup initdb
trap - EXIT
fi
elif is_ubuntu; then
version=`psql --version | cut -d ' ' -f3 | cut -d. -f1-2`
@@ -66,11 +72,6 @@ function configure_database_postgresql {
pg_dir=`find /etc/postgresql -name pg_hba.conf|xargs dirname`
pg_hba=$pg_dir/pg_hba.conf
pg_conf=$pg_dir/postgresql.conf
elif is_suse; then
pg_hba=/var/lib/pgsql/data/pg_hba.conf
pg_conf=/var/lib/pgsql/data/postgresql.conf
# initdb is called when postgresql is first started
sudo [ -e $pg_hba ] || start_service postgresql
else
exit_distro_not_supported "postgresql configuration"
fi
@@ -95,7 +96,6 @@ function configure_database_postgresql {
function install_database_postgresql {
echo_summary "Installing postgresql"
deprecated "Use of postgresql in devstack is deprecated, and will be removed during the Pike cycle"
local pgpass=$HOME/.pgpass
if [[ ! -e $pgpass ]]; then
cat <<EOF > $pgpass
@@ -105,15 +105,17 @@ EOF
else
sed -i "s/:root:\w\+/:root:$DATABASE_PASSWORD/" $pgpass
fi
if is_ubuntu; then
install_package postgresql
elif is_fedora || is_suse; then
install_package postgresql-server
if is_fedora; then
sudo systemctl enable postgresql
if [[ "$INSTALL_DATABASE_SERVER_PACKAGES" == "True" ]]; then
if is_ubuntu; then
install_package postgresql
elif is_fedora; then
install_package postgresql-server
if is_fedora; then
sudo systemctl enable postgresql
fi
else
exit_distro_not_supported "postgresql installation"
fi
else
exit_distro_not_supported "postgresql installation"
fi
}
+6
View File
@@ -40,12 +40,18 @@ function start_dstat {
if is_service_enabled peakmem_tracker; then
die $LINENO "The peakmem_tracker service has been removed, use memory_tracker instead"
fi
# To enable file_tracker add:
# enable_service file_tracker
# to your localrc
run_process file_tracker "$TOP_DIR/tools/file_tracker.sh"
}
# stop_dstat() stop dstat process
function stop_dstat {
stop_process dstat
stop_process memory_tracker
stop_process file_tracker
}
# Restore xtrace
+1 -1
View File
@@ -51,7 +51,7 @@ function start_etcd3 {
fi
cmd+=" --listen-client-urls http://$SERVICE_HOST:$ETCD_PORT"
if [ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]; then
cmd+=" --debug"
cmd+=" --log-level=debug"
fi
local unitfile="$SYSTEMD_DIR/$ETCD_SYSTEMD_SERVICE"
+40 -31
View File
@@ -47,9 +47,8 @@ USE_CINDER_FOR_GLANCE=$(trueorfalse False USE_CINDER_FOR_GLANCE)
# from CINDER_ENABLED_BACKENDS
GLANCE_CINDER_DEFAULT_BACKEND=${GLANCE_CINDER_DEFAULT_BACKEND:-lvmdriver-1}
GLANCE_STORE_ROOTWRAP_BASE_DIR=/usr/local/etc/glance
# NOTE (abhishekk): For opensuse data files are stored in different directory
if is_opensuse; then
GLANCE_STORE_ROOTWRAP_BASE_DIR=/usr/etc/glance
if [[ "$GLOBAL_VENV" == "True" ]] ; then
GLANCE_STORE_ROOTWRAP_BASE_DIR=${DEVSTACK_VENV}/etc/glance
fi
# When Cinder is used as a glance store, you can optionally configure cinder to
# optimize bootable volume creation by allowing volumes to be cloned directly
@@ -76,6 +75,7 @@ GLANCE_MULTIPLE_FILE_STORES=${GLANCE_MULTIPLE_FILE_STORES:-fast}
GLANCE_DEFAULT_BACKEND=${GLANCE_DEFAULT_BACKEND:-fast}
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
GLANCE_CACHE_DRIVER=${GLANCE_CACHE_DRIVER:-centralized_db}
# Full Glance functionality requires running in standalone mode. If we are
# not in uwsgi mode, then we are standalone, otherwise allow separate control.
@@ -99,10 +99,13 @@ GLANCE_USE_IMPORT_WORKFLOW=$(trueorfalse False GLANCE_USE_IMPORT_WORKFLOW)
GLANCE_ENABLE_QUOTAS=$(trueorfalse True GLANCE_ENABLE_QUOTAS)
# Flag to set the oslo_policy.enforce_scope. This is used to switch
# the Image API policies to start checking the scope of token. By Default,
# this flag is False.
# This is used to disable the Image API policies scope and new defaults.
# By Default, it is True.
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
GLANCE_ENFORCE_SCOPE=$(trueorfalse False GLANCE_ENFORCE_SCOPE)
GLANCE_ENFORCE_SCOPE=$(trueorfalse True GLANCE_ENFORCE_SCOPE)
# Flag to disable image format inspection on upload
GLANCE_ENFORCE_IMAGE_FORMAT=$(trueorfalse True GLANCE_ENFORCE_IMAGE_FORMAT)
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
@@ -168,6 +171,7 @@ function cleanup_glance {
# Cleanup reserved stores directories
sudo rm -rf $GLANCE_STAGING_DIR $GLANCE_TASKS_DIR
fi
remove_uwsgi_config "$GLANCE_UWSGI_CONF" "glance-wsgi-api"
}
# Set multiple cinder store related config options for each of the cinder store
@@ -288,24 +292,17 @@ function configure_glance_store {
function configure_glance_quotas {
# NOTE(danms): We need to have some of the OS_ things unset in
# order to use system scope, which is required for creating these
# limits. This is a hack, but I dunno how else to get osc to use
# system scope.
# Registered limit resources in keystone are system-specific resources.
# Make sure we use a system-scoped token to interact with this API.
bash -c "unset OS_USERNAME OS_TENANT_NAME OS_PROJECT_NAME;
openstack --os-cloud devstack-system-admin registered limit create \
--service glance --default-limit $GLANCE_LIMIT_IMAGE_SIZE_TOTAL \
--region $REGION_NAME image_size_total; \
openstack --os-cloud devstack-system-admin registered limit create \
--service glance --default-limit $GLANCE_LIMIT_IMAGE_SIZE_TOTAL \
--region $REGION_NAME image_stage_total; \
openstack --os-cloud devstack-system-admin registered limit create \
--service glance --default-limit 100 --region $REGION_NAME \
image_count_total; \
openstack --os-cloud devstack-system-admin registered limit create \
--service glance --default-limit 100 --region $REGION_NAME \
image_count_uploading"
openstack --os-cloud devstack-system-admin registered limit create --service glance \
--default-limit $GLANCE_LIMIT_IMAGE_SIZE_TOTAL --region $REGION_NAME image_size_total
openstack --os-cloud devstack-system-admin registered limit create --service glance \
--default-limit $GLANCE_LIMIT_IMAGE_SIZE_TOTAL --region $REGION_NAME image_stage_total
openstack --os-cloud devstack-system-admin registered limit create --service glance \
--default-limit 100 --region $REGION_NAME image_count_total
openstack --os-cloud devstack-system-admin registered limit create --service glance \
--default-limit 100 --region $REGION_NAME image_count_uploading
# Tell glance to use these limits
iniset $GLANCE_API_CONF DEFAULT use_keystone_limits True
@@ -316,13 +313,13 @@ function configure_glance_quotas {
iniset $GLANCE_API_CONF oslo_limit username glance
iniset $GLANCE_API_CONF oslo_limit auth_type password
iniset $GLANCE_API_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI
iniset $GLANCE_API_CONF oslo_limit system_scope "'all'"
iniset $GLANCE_API_CONF oslo_limit system_scope all
iniset $GLANCE_API_CONF oslo_limit endpoint_id \
$(openstack endpoint list --service glance -f value -c ID)
$(openstack --os-cloud devstack-system-admin endpoint list --service glance -f value -c ID)
# Allow the glance service user to read quotas
openstack role add --user glance --user-domain Default --system all \
reader
openstack --os-cloud devstack-system-admin role add --user glance \
--user-domain $SERVICE_DOMAIN_NAME --system all reader
}
# configure_glance() - Set config files, create data dirs, etc
@@ -337,6 +334,7 @@ function configure_glance {
iniset $GLANCE_API_CONF database connection $dburl
iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF DEFAULT image_cache_driver $GLANCE_CACHE_DRIVER
iniset $GLANCE_API_CONF oslo_concurrency lock_path $GLANCE_LOCK_DIR
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
configure_keystone_authtoken_middleware $GLANCE_API_CONF glance
@@ -348,6 +346,7 @@ function configure_glance {
# Only use these if you know what you are doing! See OSSN-0065
iniset $GLANCE_API_CONF DEFAULT show_image_direct_url $GLANCE_SHOW_DIRECT_URL
iniset $GLANCE_API_CONF DEFAULT show_multiple_locations $GLANCE_SHOW_MULTIPLE_LOCATIONS
iniset $GLANCE_API_CONF image_format require_image_format_match $GLANCE_ENFORCE_IMAGE_FORMAT
# Configure glance_store
configure_glance_store $USE_CINDER_FOR_GLANCE $GLANCE_ENABLE_MULTIPLE_STORES
@@ -400,6 +399,7 @@ function configure_glance {
iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_driver $GLANCE_CACHE_DRIVER
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
@@ -437,12 +437,17 @@ function configure_glance {
iniset $GLANCE_API_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
iniset $GLANCE_API_CONF DEFAULT worker_self_reference_url $GLANCE_URL
fi
if [[ "$GLANCE_ENFORCE_SCOPE" == True ]] ; then
if [[ "$GLANCE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $GLANCE_API_CONF oslo_policy enforce_scope true
iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults true
iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac true
else
iniset $GLANCE_API_CONF oslo_policy enforce_scope false
iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults false
iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac false
fi
}
@@ -547,7 +552,7 @@ function glance_remote_conf {
# start_glance_remote_clone() - Clone the regular glance api worker
function start_glance_remote_clone {
local glance_remote_conf_dir glance_remote_port remote_data
local glance_remote_uwsgi
local glance_remote_uwsgi venv
glance_remote_conf_dir="$(glance_remote_conf "")"
glance_remote_port=$(get_random_port)
@@ -585,12 +590,16 @@ function start_glance_remote_clone {
# We need to create the systemd service for the clone, but then
# change it to include an Environment line to point the WSGI app
# at the alternate config directory.
if [[ "$GLOBAL_VENV" == True ]]; then
venv="--venv $DEVSTACK_VENV"
fi
write_uwsgi_user_unit_file devstack@g-api-r.service "$(which uwsgi) \
--procname-prefix \
glance-api-remote \
--ini $glance_remote_uwsgi" \
--ini $glance_remote_uwsgi \
$venv" \
"" "$STACK_USER"
iniset -sudo ${SYSTEMD_DIR}/devstack@g-api-r.service \
iniadd -sudo ${SYSTEMD_DIR}/devstack@g-api-r.service \
"Service" "Environment" \
"OS_GLANCE_CONFIG_DIR=$glance_remote_conf_dir"
+15 -1
View File
@@ -109,12 +109,21 @@ function configure_horizon {
_horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT "True"
fi
if is_service_enabled c-bak; then
_horizon_config_set $local_settings OPENSTACK_CINDER_FEATURES enable_backup "True"
fi
# Create an empty directory that apache uses as docroot
sudo mkdir -p $HORIZON_DIR/.blackhole
local horizon_conf
horizon_conf=$(apache_site_config_for horizon)
local wsgi_venv_config=""
if [[ "$GLOBAL_VENV" == "True" ]] ; then
wsgi_venv_config="WSGIPythonHome $DEVSTACK_VENV"
fi
# Configure apache to run horizon
# Set up the django horizon application to serve via apache/wsgi
sudo sh -c "sed -e \"
@@ -124,12 +133,13 @@ function configure_horizon {
s,%APACHE_NAME%,$APACHE_NAME,g;
s,%DEST%,$DEST,g;
s,%WEBROOT%,$HORIZON_APACHE_ROOT,g;
s,%WSGIPYTHONHOME%,$wsgi_venv_config,g;
\" $FILES/apache-horizon.template >$horizon_conf"
if is_ubuntu; then
disable_apache_site 000-default
sudo touch $horizon_conf
elif is_fedora || is_suse; then
elif is_fedora; then
: # nothing to do
else
exit_distro_not_supported "horizon apache configuration"
@@ -163,6 +173,10 @@ function install_horizon {
# Apache installation, because we mark it NOPRIME
install_apache_wsgi
# Install the memcache library so that horizon can use memcached as its
# cache backend
pip_install_gr pymemcache
git_clone $HORIZON_REPO $HORIZON_DIR $HORIZON_BRANCH
}
+98
View File
@@ -0,0 +1,98 @@
#!/bin/bash
# Kernel Samepage Merging (KSM)
# -----------------------------
# Processes that mark their memory as mergeable can share identical memory
# pages if KSM is enabled. This is particularly useful for nova + libvirt
# backends but any other setup that marks its memory as mergeable can take
# advantage. The drawback is there is higher cpu load; however, we tend to
# be memory bound not cpu bound so enable KSM by default but allow people
# to opt out if the CPU time is more important to them.
ENABLE_KSM=$(trueorfalse True ENABLE_KSM)
ENABLE_KSMTUNED=$(trueorfalse True ENABLE_KSMTUNED)
function configure_ksm {
if [[ $ENABLE_KSMTUNED == "True" ]] ; then
install_package "ksmtuned"
fi
if [[ -f /sys/kernel/mm/ksm/run ]] ; then
echo $(bool_to_int ENABLE_KSM) | sudo tee /sys/kernel/mm/ksm/run
fi
}
# Compressed swap (ZSWAP)
#------------------------
# as noted in the kernel docs https://docs.kernel.org/admin-guide/mm/zswap.html
# Zswap is a lightweight compressed cache for swap pages.
# It takes pages that are in the process of being swapped out and attempts
# to compress them into a dynamically allocated RAM-based memory pool.
# zswap basically trades CPU cycles for potentially reduced swap I/O.
# This trade-off can also result in a significant performance improvement
# if reads from the compressed cache are faster than reads from a swap device.
ENABLE_ZSWAP=$(trueorfalse False ENABLE_ZSWAP)
# lz4 is very fast although it does not have the best compression
# zstd has much better compression but more latency
ZSWAP_COMPRESSOR=${ZSWAP_COMPRESSOR:="lz4"}
ZSWAP_ZPOOL=${ZSWAP_ZPOOL:="z3fold"}
function configure_zswap {
if [[ $ENABLE_ZSWAP == "True" ]] ; then
# Centos 9 stream seems to only support enabling but not run time
# tuning so dont try to choose better default on centos
if is_ubuntu; then
echo ${ZSWAP_COMPRESSOR} | sudo tee /sys/module/zswap/parameters/compressor
echo ${ZSWAP_ZPOOL} | sudo tee /sys/module/zswap/parameters/zpool
fi
echo 1 | sudo tee /sys/module/zswap/parameters/enabled
# print curent zswap kernel config
sudo grep -R . /sys/module/zswap/parameters || /bin/true
fi
}
ENABLE_SYSCTL_MEM_TUNING=$(trueorfalse False ENABLE_SYSCTL_MEM_TUNING)
function configure_sysctl_mem_parmaters {
if [[ $ENABLE_SYSCTL_MEM_TUNING == "True" ]] ; then
# defer write when memory is available
sudo sysctl -w vm.dirty_ratio=60
sudo sysctl -w vm.dirty_background_ratio=10
sudo sysctl -w vm.vfs_cache_pressure=50
# assume swap is compressed so on new kernels
# give it equal priority as page cache which is
# uncompressed. on kernels < 5.8 the max is 100
# not 200 so it will strongly prefer swapping.
sudo sysctl -w vm.swappiness=100
sudo grep -R . /proc/sys/vm/ || /bin/true
fi
}
function configure_host_mem {
configure_zswap
configure_ksm
configure_sysctl_mem_parmaters
}
ENABLE_SYSCTL_NET_TUNING=$(trueorfalse False ENABLE_SYSCTL_NET_TUNING)
function configure_sysctl_net_parmaters {
if [[ $ENABLE_SYSCTL_NET_TUNING == "True" ]] ; then
# detect dead TCP connections after 120 seconds
sudo sysctl -w net.ipv4.tcp_keepalive_time=60
sudo sysctl -w net.ipv4.tcp_keepalive_intvl=10
sudo sysctl -w net.ipv4.tcp_keepalive_probes=6
# reudce network latency for new connections
sudo sysctl -w net.ipv4.tcp_fastopen=3
# print tcp options
sudo grep -R . /proc/sys/net/ipv4/tcp* || /bin/true
# disable qos by default
sudo sysctl -w net.core.default_qdisc=pfifo_fast
fi
}
function configure_host_net {
configure_sysctl_net_parmaters
}
function tune_host {
configure_host_mem
configure_host_net
}
+1 -1
View File
@@ -31,7 +31,7 @@ function install_infra {
local PIP_VIRTUAL_ENV="$REQUIREMENTS_DIR/.venv"
[ ! -d $PIP_VIRTUAL_ENV ] && ${VIRTUALENV_CMD} $PIP_VIRTUAL_ENV
# We don't care about testing git pbr in the requirements venv.
PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr
PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr setuptools
PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install $REQUIREMENTS_DIR
# Unset the PIP_VIRTUAL_ENV so that PBR does not end up trapped
+83 -44
View File
@@ -9,7 +9,6 @@
# - ``tls`` file
# - ``DEST``, ``STACK_USER``
# - ``FILES``
# - ``IDENTITY_API_VERSION``
# - ``BASE_SQL_CONN``
# - ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
# - ``S3_SERVICE_PORT`` (template backend only)
@@ -50,9 +49,7 @@ fi
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
KEYSTONE_ADMIN_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public
KEYSTONE_ADMIN_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-admin
# KEYSTONE_DEPLOY defines how keystone is deployed, allowed values:
# - mod_wsgi : Run keystone under Apache HTTPd mod_wsgi
@@ -81,21 +78,12 @@ KEYSTONE_RESOURCE_BACKEND=${KEYSTONE_RESOURCE_BACKEND:-sql}
KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}
KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
# Set Keystone interface configuration
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
KEYSTONE_AUTH_PORT=${KEYSTONE_AUTH_PORT:-35357}
KEYSTONE_AUTH_PORT_INT=${KEYSTONE_AUTH_PORT_INT:-35358}
KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
# Public facing bits
KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST}
KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
KEYSTONE_SERVICE_PORT_INT=${KEYSTONE_SERVICE_PORT_INT:-5001}
KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
# Bind hosts
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
# Set the project for service accounts in Keystone
SERVICE_DOMAIN_NAME=${SERVICE_DOMAIN_NAME:-Default}
SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
@@ -106,7 +94,6 @@ SERVICE_TENANT_NAME=${SERVICE_PROJECT_NAME:-service}
# if we are running with SSL use https protocols
if is_service_enabled tls-proxy; then
KEYSTONE_AUTH_PROTOCOL="https"
KEYSTONE_SERVICE_PROTOCOL="https"
fi
@@ -134,6 +121,15 @@ KEYSTONE_PASSWORD_HASH_ROUNDS=${KEYSTONE_PASSWORD_HASH_ROUNDS:-4}
# Cache settings
KEYSTONE_ENABLE_CACHE=${KEYSTONE_ENABLE_CACHE:-True}
# Whether to create a keystone admin endpoint for legacy applications
KEYSTONE_ADMIN_ENDPOINT=$(trueorfalse False KEYSTONE_ADMIN_ENDPOINT)
# Flag to set the oslo_policy.enforce_scope. This is used to switch
# the Identity API policies to start checking the scope of token. By Default,
# this flag is False.
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
KEYSTONE_ENFORCE_SCOPE=$(trueorfalse False KEYSTONE_ENFORCE_SCOPE)
# Functions
# ---------
@@ -154,11 +150,8 @@ function cleanup_keystone {
sudo rm -f $(apache_site_config_for keystone)
else
stop_process "keystone"
# TODO: remove admin at pike-2
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "keystone-wsgi-public"
sudo rm -f $(apache_site_config_for keystone-wsgi-public)
sudo rm -f $(apache_site_config_for keystone-wsgi-admin)
fi
}
@@ -171,12 +164,10 @@ function _config_keystone_apache_wsgi {
local keystone_certfile=""
local keystone_keyfile=""
local keystone_service_port=$KEYSTONE_SERVICE_PORT
local keystone_auth_port=$KEYSTONE_AUTH_PORT
local venv_path=""
if is_service_enabled tls-proxy; then
keystone_service_port=$KEYSTONE_SERVICE_PORT_INT
keystone_auth_port=$KEYSTONE_AUTH_PORT_INT
fi
if [[ ${USE_VENV} = True ]]; then
venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages"
@@ -185,7 +176,6 @@ function _config_keystone_apache_wsgi {
sudo cp $FILES/apache-keystone.template $keystone_apache_conf
sudo sed -e "
s|%PUBLICPORT%|$keystone_service_port|g;
s|%ADMINPORT%|$keystone_auth_port|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
s|%SSLLISTEN%|$keystone_ssl_listen|g;
s|%SSLENGINE%|$keystone_ssl|g;
@@ -223,22 +213,17 @@ function configure_keystone {
iniset_rpc_backend keystone $KEYSTONE_CONF oslo_messaging_notifications
local service_port=$KEYSTONE_SERVICE_PORT
local auth_port=$KEYSTONE_AUTH_PORT
if is_service_enabled tls-proxy; then
# Set the service ports for a proxy to take the originals
service_port=$KEYSTONE_SERVICE_PORT_INT
auth_port=$KEYSTONE_AUTH_PORT_INT
fi
# Override the endpoints advertised by keystone (the public_endpoint and
# admin_endpoint) so that clients use the correct endpoint. By default, the
# keystone server uses the public_port and admin_port which isn't going to
# work when you want to use a different port (in the case of proxy), or you
# don't want the port (in the case of putting keystone on a path in
# apache).
# Override the endpoints advertised by keystone so that clients use the correct
# endpoint. By default, the keystone server uses the public_port which isn't
# going to work when you want to use a different port (in the case of proxy),
# or you don't want the port (in the case of putting keystone on a path in apache).
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
if [[ "$KEYSTONE_TOKEN_FORMAT" != "" ]]; then
iniset $KEYSTONE_CONF token provider $KEYSTONE_TOKEN_FORMAT
@@ -261,7 +246,6 @@ function configure_keystone {
_config_keystone_apache_wsgi
else # uwsgi
write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity"
write_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" "/identity_admin"
fi
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
@@ -281,6 +265,16 @@ function configure_keystone {
iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
fi
iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml
if [[ "$KEYSTONE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $KEYSTONE_CONF oslo_policy enforce_scope true
iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults true
else
iniset $KEYSTONE_CONF oslo_policy enforce_scope false
iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults false
fi
}
# create_keystone_accounts() - Sets up common required keystone accounts
@@ -303,20 +297,28 @@ function configure_keystone {
# admins admin admin admin
# nonadmins demo, alt_demo member, anotherrole demo, alt_demo
# System User Roles
# ------------------------------------------------------------------
# all admin admin
# all system_reader reader
# all system_member member
# Migrated from keystone_data.sh
function create_keystone_accounts {
# The keystone bootstrapping process (performed via keystone-manage
# bootstrap) creates an admin user, admin role, member role, and admin
# bootstrap) creates an admin user and an admin
# project. As a sanity check we exercise the CLI to retrieve the IDs for
# these values.
local admin_project
admin_project=$(openstack project show "admin" -f value -c id)
local admin_user
admin_user=$(openstack user show "admin" -f value -c id)
# These roles are also created during bootstrap but we don't need their IDs
local admin_role="admin"
local member_role="member"
local reader_role="reader"
async_run ks-domain-role get_or_add_user_domain_role $admin_role $admin_user default
@@ -352,21 +354,53 @@ function create_keystone_accounts {
async_wait ks-{domain-role,domain,project,service,reseller,anotherrole}
async_run ks-demo-member get_or_add_user_project_role $member_role $demo_user $demo_project
async_run ks-demo-admin get_or_add_user_project_role $admin_role $admin_user $demo_project
async_run ks-demo-another get_or_add_user_project_role $another_role $demo_user $demo_project
async_run ks-demo-invis get_or_add_user_project_role $member_role $demo_user $invis_project
# alt_demo
# Create a user to act as a reader on project demo
local demo_reader
demo_reader=$(get_or_create_user "demo_reader" \
"$ADMIN_PASSWORD" "default" "demo_reader@example.com")
async_run ks-demo-reader get_or_add_user_project_role $reader_role $demo_reader $demo_project
# Create a different project called alt_demo
local alt_demo_project
alt_demo_project=$(get_or_create_project "alt_demo" default)
# Create a user to act as member, admin and anotherrole on project alt_demo
local alt_demo_user
alt_demo_user=$(get_or_create_user "alt_demo" \
"$ADMIN_PASSWORD" "default" "alt_demo@example.com")
async_run ks-alt-member get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_project
async_run ks-alt-admin get_or_add_user_project_role $admin_role $admin_user $alt_demo_project
async_run ks-alt-admin get_or_add_user_project_role $admin_role $alt_demo_user $alt_demo_project
async_run ks-alt-another get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_project
# Create another user to act as a member on project alt_demo
local alt_demo_member
alt_demo_member=$(get_or_create_user "alt_demo_member" \
"$ADMIN_PASSWORD" "default" "alt_demo_member@example.com")
async_run ks-alt-member-user get_or_add_user_project_role $member_role $alt_demo_member $alt_demo_project
# Create another user to act as a reader on project alt_demo
local alt_demo_reader
alt_demo_reader=$(get_or_create_user "alt_demo_reader" \
"$ADMIN_PASSWORD" "default" "alt_demo_reader@example.com")
async_run ks-alt-reader-user get_or_add_user_project_role $reader_role $alt_demo_reader $alt_demo_project
# Create two users, give one the member role on the system and the other the
# reader role on the system. These two users model system-member and
# system-reader personas. The admin user already has the admin role on the
# system and we can re-use this user as a system-admin.
system_member_user=$(get_or_create_user "system_member" \
"$ADMIN_PASSWORD" "default" "system_member@example.com")
async_run ks-system-member get_or_add_user_system_role $member_role $system_member_user "all"
system_reader_user=$(get_or_create_user "system_reader" \
"$ADMIN_PASSWORD" "default" "system_reader@example.com")
async_run ks-system-reader get_or_add_user_system_role $reader_role $system_reader_user "all"
# groups
local admin_group
admin_group=$(get_or_create_group "admins" \
@@ -381,8 +415,9 @@ function create_keystone_accounts {
async_run ks-group-anotheralt get_or_add_group_project_role $another_role $non_admin_group $alt_demo_project
async_run ks-group-admin get_or_add_group_project_role $admin_role $admin_group $admin_project
async_wait ks-demo-{member,admin,another,invis}
async_wait ks-alt-{member,admin,another}
async_wait ks-demo-{member,admin,another,invis,reader}
async_wait ks-alt-{admin,another,member-user,reader-user}
async_wait ks-system-{member,reader}
async_wait ks-group-{memberdemo,anotherdemo,memberalt,anotheralt,admin}
if is_service_enabled ldap; then
@@ -518,7 +553,7 @@ function install_keystone {
function start_keystone {
# Get right service port for testing
local service_port=$KEYSTONE_SERVICE_PORT
local auth_protocol=$KEYSTONE_AUTH_PROTOCOL
local auth_protocol=$KEYSTONE_SERVICE_PROTOCOL
if is_service_enabled tls-proxy; then
service_port=$KEYSTONE_SERVICE_PORT_INT
auth_protocol="http"
@@ -537,7 +572,7 @@ function start_keystone {
# unencryted traffic at this point.
# If running in Apache, use the path rather than port.
local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v$IDENTITY_API_VERSION/
local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v3/
if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then
die $LINENO "keystone did not start"
@@ -546,7 +581,6 @@ function start_keystone {
# Start proxies if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy keystone-service '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT
start_tls_proxy keystone-auth '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT
fi
# (re)start memcached to make sure we have a clean memcache.
@@ -567,11 +601,8 @@ function stop_keystone {
# This function uses the following GLOBAL variables:
# - ``KEYSTONE_BIN_DIR``
# - ``ADMIN_PASSWORD``
# - ``IDENTITY_API_VERSION``
# - ``REGION_NAME``
# - ``KEYSTONE_SERVICE_PROTOCOL``
# - ``KEYSTONE_SERVICE_HOST``
# - ``KEYSTONE_SERVICE_PORT``
# - ``KEYSTONE_SERVICE_URI``
function bootstrap_keystone {
$KEYSTONE_BIN_DIR/keystone-manage bootstrap \
--bootstrap-username admin \
@@ -580,8 +611,16 @@ function bootstrap_keystone {
--bootstrap-role-name admin \
--bootstrap-service-name keystone \
--bootstrap-region-id "$REGION_NAME" \
--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
--bootstrap-public-url "$KEYSTONE_SERVICE_URI"
if [ "$KEYSTONE_ADMIN_ENDPOINT" == "True" ]; then
openstack endpoint create --region "$REGION_NAME" \
--os-username admin \
--os-user-domain-id default \
--os-password "$ADMIN_PASSWORD" \
--os-project-name admin \
--os-project-domain-id default \
keystone admin "$KEYSTONE_SERVICE_URI"
fi
}
# create_ldap_domain() - Create domain file and initialize domain with a user
+4 -14
View File
@@ -33,16 +33,12 @@ LDAP_SERVICE_NAME=slapd
if is_ubuntu; then
LDAP_OLCDB_NUMBER=1
LDAP_OLCDB_TYPE=mdb
LDAP_ROOTPW_COMMAND=replace
elif is_fedora; then
LDAP_OLCDB_NUMBER=2
LDAP_OLCDB_TYPE=hdb
LDAP_ROOTPW_COMMAND=add
elif is_suse; then
# SUSE has slappasswd in /usr/sbin/
PATH=$PATH:/usr/sbin/
LDAP_OLCDB_NUMBER=1
LDAP_ROOTPW_COMMAND=add
LDAP_SERVICE_NAME=ldap
fi
@@ -56,6 +52,7 @@ function _ldap_varsubst {
local slappass=$2
sed -e "
s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER|
s|\${LDAP_OLCDB_TYPE}|$LDAP_OLCDB_TYPE|
s|\${SLAPPASS}|$slappass|
s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|
s|\${BASE_DC}|$LDAP_BASE_DC|
@@ -72,8 +69,6 @@ function cleanup_ldap {
sudo rm -rf /etc/ldap/ldap.conf /var/lib/ldap
elif is_fedora; then
sudo rm -rf /etc/openldap /var/lib/ldap
elif is_suse; then
sudo rm -rf /var/lib/ldap
fi
}
@@ -122,11 +117,6 @@ function install_ldap {
configure_ldap
elif is_fedora; then
start_ldap
elif is_suse; then
_ldap_varsubst $FILES/ldap/suse-base-config.ldif.in >$tmp_ldap_dir/suse-base-config.ldif
sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $tmp_ldap_dir/suse-base-config.ldif
sudo sed -i '/^OPENLDAP_START_LDAPI=/s/"no"/"yes"/g' /etc/sysconfig/openldap
start_ldap
fi
echo "LDAP_PASSWORD is $LDAP_PASSWORD"
@@ -157,7 +147,7 @@ function configure_ldap {
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
slapd slapd/domain string Users
slapd shared/organization string $LDAP_DOMAIN
slapd slapd/backend string HDB
slapd slapd/backend string ${LDAP_OLCDB_TYPE^^}
slapd slapd/purge_database boolean true
slapd slapd/move_old_database boolean true
slapd slapd/allow_ldap_v2 boolean false
+2
View File
@@ -38,6 +38,7 @@ GITDIR["oslo.config"]=$DEST/oslo.config
GITDIR["oslo.context"]=$DEST/oslo.context
GITDIR["oslo.db"]=$DEST/oslo.db
GITDIR["oslo.i18n"]=$DEST/oslo.i18n
GITDIR["oslo.limit"]=$DEST/oslo.limit
GITDIR["oslo.log"]=$DEST/oslo.log
GITDIR["oslo.messaging"]=$DEST/oslo.messaging
GITDIR["oslo.middleware"]=$DEST/oslo.middleware
@@ -102,6 +103,7 @@ function install_libs {
_install_lib_from_source "oslo.context"
_install_lib_from_source "oslo.db"
_install_lib_from_source "oslo.i18n"
_install_lib_from_source "oslo.limit"
_install_lib_from_source "oslo.log"
_install_lib_from_source "oslo.messaging"
_install_lib_from_source "oslo.middleware"
+41 -30
View File
@@ -53,28 +53,10 @@ function _remove_lvm_volume_group {
sudo vgremove -f $vg
}
# _clean_lvm_backing_file() removes the backing file of the
# volume group
#
# Usage: _clean_lvm_backing_file() $backing_file
function _clean_lvm_backing_file {
local backing_file=$1
# If the backing physical device is a loop device, it was probably setup by DevStack
if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
local vg_dev
vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/'$BACKING_FILE_SUFFIX'/ { print $1}')
if [[ -n "$vg_dev" ]]; then
sudo losetup -d $vg_dev
fi
rm -f $backing_file
fi
}
# clean_lvm_volume_group() cleans up the volume group and removes the
# backing file
#
# Usage: clean_lvm_volume_group $vg
# Usage: clean_lvm_volume_group() $vg
function clean_lvm_volume_group {
local vg=$1
@@ -83,11 +65,22 @@ function clean_lvm_volume_group {
# if there is no logical volume left, it's safe to attempt a cleanup
# of the backing file
if [[ -z "$(sudo lvs --noheadings -o lv_name $vg 2>/dev/null)" ]]; then
_clean_lvm_backing_file $DATA_DIR/$vg$BACKING_FILE_SUFFIX
local backing_file=$DATA_DIR/$vg$BACKING_FILE_SUFFIX
if [[ -n "$vg$BACKING_FILE_SUFFIX" ]] && \
[[ -e "/etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service" ]]; then
sudo systemctl disable --now $vg$BACKING_FILE_SUFFIX.service
sudo rm -f /etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service
sudo systemctl daemon-reload
fi
# If the backing physical device is a loop device, it was probably setup by DevStack
if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
rm -f $backing_file
fi
fi
}
# _create_lvm_volume_group creates default volume group
#
# Usage: _create_lvm_volume_group() $vg $size
@@ -106,8 +99,20 @@ function _create_lvm_volume_group {
directio="--direct-io=on"
fi
# Only create systemd service if it doesn't already exists
if [[ ! -e "/etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service" ]]; then
sed -e "
s|%DIRECTIO%|${directio}|g;
s|%BACKING_FILE%|${backing_file}|g;
" $FILES/lvm-backing-file.template | sudo tee \
/etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service
sudo systemctl daemon-reload
sudo systemctl enable --now $vg$BACKING_FILE_SUFFIX.service
fi
local vg_dev
vg_dev=$(sudo losetup -f --show $directio $backing_file)
vg_dev=$(sudo losetup --associated $backing_file -O NAME -n)
# Only create volume group if it doesn't already exist
if ! sudo vgs $vg; then
@@ -124,19 +129,25 @@ function init_lvm_volume_group {
local vg=$1
local size=$2
# Start the tgtd service on Fedora and SUSE if tgtadm is used
if is_fedora || is_suse && [[ "$CINDER_ISCSI_HELPER" = "tgtadm" ]]; then
# Start the tgtd service on Fedora if tgtadm is used
if is_fedora; then
start_service tgtd
fi
# Start with a clean volume group
_create_lvm_volume_group $vg $size
# Remove iscsi targets
if [ "$CINDER_ISCSI_HELPER" = "lioadm" ]; then
sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
else
sudo tgtadm --op show --mode target | awk '/Target/ {print $3}' | sudo xargs -r -n1 tgt-admin --delete
if is_service_enabled cinder; then
# Remove iscsi targets
if [ "$CINDER_TARGET_HELPER" = "lioadm" ]; then
sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
elif [ "$CINDER_TARGET_HELPER" = "tgtadm" ]; then
sudo tgtadm --op show --mode target | awk '/Target/ {print $3}' | sudo xargs -r -n1 tgt-admin --delete
elif [ "$CINDER_TARGET_HELPER" = "nvmet" ]; then
# If we don't disconnect everything vgremove will block
sudo nvme disconnect-all
sudo nvmetcli clear
fi
fi
_clean_lvm_volume_group $vg
}
@@ -189,7 +200,7 @@ function set_lvm_filter {
filter_string=$filter_string$filter_suffix
clean_lvm_filter
sudo sed -i "/# global_filter = \[*\]/a\ $global_filter$filter_string" /etc/lvm/lvm.conf
sudo sed -i "/# global_filter = \[.*\]/a\ $filter_string" /etc/lvm/lvm.conf
echo_summary "set lvm.conf device global_filter to: $filter_string"
}
+1001 -515
View File
File diff suppressed because it is too large Load Diff
+3 -1028
View File
File diff suppressed because it is too large Load Diff
+1 -1
View File
@@ -13,7 +13,7 @@ Plugin specific configuration variables should be in this file.
functions
---------
``lib/neutron-legacy`` calls the following functions when the ``$Q_PLUGIN`` is enabled
``lib/neutron`` calls the following functions when the ``$Q_PLUGIN`` is enabled
* ``neutron_plugin_create_nova_conf`` :
optionally set options in nova_conf
+1 -1
View File
@@ -67,7 +67,7 @@ function has_neutron_plugin_security_group {
}
function neutron_plugin_check_adv_test_requirements {
is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
is_service_enabled q-agt neutron-agent && is_service_enabled q-dhcp neutron-dhcp && return 0
}
# Restore xtrace
+1 -1
View File
@@ -72,7 +72,7 @@ function has_neutron_plugin_security_group {
}
function neutron_plugin_check_adv_test_requirements {
is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
is_service_enabled q-agt neutron-agent && is_service_enabled q-dhcp neutron-dhcp && return 0
}
# Restore xtrace
+1 -1
View File
@@ -97,7 +97,7 @@ function neutron_plugin_setup_interface_driver {
}
function neutron_plugin_check_adv_test_requirements {
is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
is_service_enabled q-agt neutron-agent && is_service_enabled q-dhcp neutron-dhcp && return 0
}
# Restore xtrace
+10 -13
View File
@@ -67,7 +67,7 @@ function neutron_plugin_configure_common {
Q_PLUGIN_CLASS="ml2"
# The ML2 plugin delegates L3 routing/NAT functionality to
# the L3 service plugin which must therefore be specified.
_neutron_service_plugin_class_add $ML2_L3_PLUGIN
neutron_service_plugin_class_add $ML2_L3_PLUGIN
}
function neutron_plugin_configure_service {
@@ -111,20 +111,13 @@ function neutron_plugin_configure_service {
fi
fi
fi
# REVISIT(rkukura): Setting firewall_driver here for
# neutron.agent.securitygroups_rpc.is_firewall_enabled() which is
# used in the server, in case no L2 agent is configured on the
# server's node. If an L2 agent is configured, this will get
# overridden with the correct driver. The ml2 plugin should
# instead use its own config variable to indicate whether security
# groups is enabled, and that will need to be set here instead.
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.not.a.real.FirewallDriver
else
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
fi
populate_ml2_config /$Q_PLUGIN_CONF_FILE securitygroup enable_security_group=$Q_USE_SECGROUP
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 mechanism_drivers=$Q_ML2_PLUGIN_MECHANISM_DRIVERS
if [[ "$Q_ML2_PLUGIN_MECHANISM_DRIVERS" == *"linuxbridge"* ]]; then
iniset $NEUTRON_CONF experimental linuxbridge True
fi
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 overlay_ip_version=$TUNNEL_IP_VERSION
if [[ -n "$Q_ML2_PLUGIN_TYPE_DRIVERS" ]]; then
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 type_drivers=$Q_ML2_PLUGIN_TYPE_DRIVERS
@@ -156,5 +149,9 @@ function has_neutron_plugin_security_group {
return 0
}
function configure_qos_ml2 {
neutron_ml2_extension_driver_add "qos"
}
# Restore xtrace
$_XTRACE_NEUTRON_ML2
+1 -1
View File
@@ -68,7 +68,7 @@ function neutron_plugin_setup_interface_driver {
}
function neutron_plugin_check_adv_test_requirements {
is_service_enabled q-agt && is_service_enabled q-dhcp && return 0
is_service_enabled q-agt neutron-agent && is_service_enabled q-dhcp neutron-dhcp && return 0
}
# Restore xtrace
+149 -71
View File
@@ -24,11 +24,6 @@ source ${TOP_DIR}/lib/neutron_plugins/openvswitch_agent
# Load devstack ovs compliation and loading functions
source ${TOP_DIR}/lib/neutron_plugins/ovs_source
# Defaults
# --------
Q_BUILD_OVS_FROM_GIT=$(trueorfalse True Q_BUILD_OVS_FROM_GIT)
# Set variables for building OVN from source
OVN_REPO=${OVN_REPO:-https://github.com/ovn-org/ovn.git}
OVN_REPO_NAME=$(basename ${OVN_REPO} | cut -f1 -d'.')
@@ -74,6 +69,9 @@ OVN_UUID=${OVN_UUID:-}
# unless the distro kernel includes ovs+conntrack support.
OVN_BUILD_MODULES=$(trueorfalse False OVN_BUILD_MODULES)
OVN_BUILD_FROM_SOURCE=$(trueorfalse False OVN_BUILD_FROM_SOURCE)
if [[ "$OVN_BUILD_FROM_SOURCE" == "True" ]]; then
Q_BUILD_OVS_FROM_GIT=True
fi
# Whether or not to install the ovs python module from ovs source. This can be
# used to test and validate new ovs python features. This should only be used
@@ -93,16 +91,23 @@ OVN_GENEVE_OVERHEAD=${OVN_GENEVE_OVERHEAD:-38}
# http://www.openvswitch.org/support/dist-docs/ovs-appctl.8.txt
OVN_DBS_LOG_LEVEL=${OVN_DBS_LOG_LEVEL:-info}
# OVN metadata agent configuration
OVN_META_CONF=$NEUTRON_CONF_DIR/neutron_ovn_metadata_agent.ini
OVN_META_DATA_HOST=${OVN_META_DATA_HOST:-$(ipv6_unquote $SERVICE_HOST)}
# OVN agent configuration
OVN_AGENT_CONF=$NEUTRON_CONF_DIR/plugins/ml2/ovn_agent.ini
OVN_AGENT_EXTENSIONS=${OVN_AGENT_EXTENSIONS:-}
# If True (default) the node will be considered a gateway node.
ENABLE_CHASSIS_AS_GW=$(trueorfalse True ENABLE_CHASSIS_AS_GW)
OVN_L3_CREATE_PUBLIC_NETWORK=$(trueorfalse True OVN_L3_CREATE_PUBLIC_NETWORK)
export OVSDB_SERVER_LOCAL_HOST=$SERVICE_LOCAL_HOST
TUNNEL_IP=$TUNNEL_ENDPOINT_IP
if [[ "$SERVICE_IP_VERSION" == 6 ]]; then
OVSDB_SERVER_LOCAL_HOST=[$OVSDB_SERVER_LOCAL_HOST]
TUNNEL_IP=[$TUNNEL_IP]
fi
OVN_IGMP_SNOOPING_ENABLE=$(trueorfalse False OVN_IGMP_SNOOPING_ENABLE)
@@ -119,13 +124,20 @@ OVS_SCRIPTDIR=$OVS_SHAREDIR/scripts
OVS_DATADIR=$DATA_DIR/ovs
OVS_SYSCONFDIR=${OVS_SYSCONFDIR:-$OVS_PREFIX/etc/openvswitch}
OVN_DATADIR=$DATA_DIR/ovn
if [[ "$OVN_BUILD_FROM_SOURCE" == "True" ]]; then
OVN_DATADIR=$DATA_DIR/ovn
else
# When using OVN from packages, the data dir for OVN DBs is
# /var/lib/ovn
OVN_DATADIR=/var/lib/ovn
fi
OVN_SHAREDIR=$OVS_PREFIX/share/ovn
OVN_SCRIPTDIR=$OVN_SHAREDIR/scripts
OVN_RUNDIR=$OVS_PREFIX/var/run/ovn
NEUTRON_OVN_BIN_DIR=$(get_python_exec_prefix)
NEUTRON_OVN_METADATA_BINARY="neutron-ovn-metadata-agent"
NEUTRON_OVN_AGENT_BINARY="neutron-ovn-agent"
STACK_GROUP="$( id --group --name "$STACK_USER" )"
@@ -165,12 +177,23 @@ Q_LOG_DRIVER_LOG_BASE=${Q_LOG_DRIVER_LOG_BASE:-acl_log_meter}
# Utility Functions
# -----------------
function wait_for_db_file {
local count=0
while [ ! -f $1 ]; do
sleep 1
count=$((count+1))
if [ "$count" -gt 40 ]; then
die $LINENO "DB File $1 not found"
fi
done
}
function wait_for_sock_file {
local count=0
while [ ! -S $1 ]; do
sleep 1
count=$((count+1))
if [ "$count" -gt 5 ]; then
if [ "$count" -gt 40 ]; then
die $LINENO "Socket $1 not found"
fi
done
@@ -227,11 +250,12 @@ function _run_process {
local cmd="$2"
local stop_cmd="$3"
local group=$4
local user=${5:-$STACK_USER}
local user=$5
local rundir=${6:-$OVS_RUNDIR}
local systemd_service="devstack@$service.service"
local unit_file="$SYSTEMD_DIR/$systemd_service"
local environment="OVN_RUNDIR=$OVS_RUNDIR OVN_DBDIR=$OVN_DATADIR OVN_LOGDIR=$LOGDIR OVS_RUNDIR=$OVS_RUNDIR OVS_DBDIR=$OVS_DATADIR OVS_LOGDIR=$LOGDIR"
local environment="OVN_RUNDIR=$OVN_RUNDIR OVN_DBDIR=$OVN_DATADIR OVN_LOGDIR=$LOGDIR OVS_RUNDIR=$OVS_RUNDIR OVS_DBDIR=$OVS_DATADIR OVS_LOGDIR=$LOGDIR"
echo "Starting $service executed command": $cmd
@@ -247,9 +271,14 @@ function _run_process {
_start_process $systemd_service
local testcmd="test -e $OVS_RUNDIR/$service.pid"
local testcmd="test -e $rundir/$service.pid"
test_with_retry "$testcmd" "$service did not start" $SERVICE_TIMEOUT 1
sudo ovs-appctl -t $service vlog/set console:off syslog:info file:info
local service_ctl_file
service_ctl_file=$(ls $rundir | grep $service | grep ctl)
if [ -z "$service_ctl_file" ]; then
die $LINENO "ctl file for service $service is not present."
fi
sudo ovs-appctl -t $rundir/$service_ctl_file vlog/set console:off syslog:info file:info
}
function clone_repository {
@@ -265,7 +294,7 @@ function clone_repository {
function create_public_bridge {
# Create the public bridge that OVN will use
sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE -- set bridge $PUBLIC_BRIDGE protocols=OpenFlow13,OpenFlow15
sudo ovs-vsctl set open . external-ids:ovn-bridge-mappings=$PHYSICAL_NETWORK:$PUBLIC_BRIDGE
sudo ovs-vsctl set open . external-ids:ovn-bridge-mappings=${OVN_BRIDGE_MAPPINGS}
_configure_public_network_connectivity
}
@@ -288,16 +317,13 @@ function _disable_libvirt_apparmor {
# compile_ovn() - Compile OVN from source and load needed modules
# Accepts three parameters:
# - first optional is False by default and means that
# modules are built and installed.
# - second optional parameter defines prefix for
# - first optional parameter defines prefix for
# ovn compilation
# - third optional parameter defines localstatedir for
# - second optional parameter defines localstatedir for
# ovn single machine runtime
function compile_ovn {
local build_modules=${1:-False}
local prefix=$2
local localstatedir=$3
local prefix=$1
local localstatedir=$2
if [ -n "$prefix" ]; then
prefix="--prefix=$prefix"
@@ -314,8 +340,24 @@ function compile_ovn {
./boot.sh
fi
# NOTE(mnaser): OVN requires that you build using the OVS from the
# submodule.
#
# https://github.com/ovn-org/ovn/blob/3fb397b63663297acbcbf794e1233951222ae5af/Documentation/intro/install/general.rst#bootstrapping
# https://github.com/ovn-org/ovn/issues/128
git submodule update --init
pushd ovs
if [ ! -f configure ] ; then
./boot.sh
fi
if [ ! -f config.status ] || [ configure -nt config.status ] ; then
./configure --with-ovs-source=$DEST/$OVS_REPO_NAME $prefix $localstatedir
./configure
fi
make -j$(($(nproc) + 1))
popd
if [ ! -f config.status ] || [ configure -nt config.status ] ; then
./configure $prefix $localstatedir
fi
make -j$(($(nproc) + 1))
sudo make install
@@ -328,7 +370,7 @@ function compile_ovn {
# OVN service sanity check
function ovn_sanity_check {
if is_service_enabled q-agt neutron-agt; then
if is_service_enabled q-agt neutron-agent; then
die $LINENO "The q-agt/neutron-agt service must be disabled with OVN."
elif is_service_enabled q-l3 neutron-l3; then
die $LINENO "The q-l3/neutron-l3 service must be disabled with OVN."
@@ -341,11 +383,6 @@ function ovn_sanity_check {
# install_ovn() - Collect source and prepare
function install_ovn {
if [[ "$Q_BUILD_OVS_FROM_GIT" == "False" ]]; then
echo "Installation of OVS from source disabled."
return 0
fi
echo "Installing OVN and dependent packages"
# Check the OVN configuration
@@ -356,10 +393,6 @@ function install_ovn {
sudo mkdir -p $OVS_RUNDIR
sudo chown $(whoami) $OVS_RUNDIR
# NOTE(lucasagomes): To keep things simpler, let's reuse the same
# RUNDIR for both OVS and OVN. This way we avoid having to specify the
# --db option in the ovn-{n,s}bctl commands while playing with DevStack
sudo ln -s $OVS_RUNDIR $OVN_RUNDIR
if [[ "$OVN_BUILD_FROM_SOURCE" == "True" ]]; then
# If OVS is already installed, remove it, because we're about to
@@ -375,7 +408,7 @@ function install_ovn {
compile_ovs $OVN_BUILD_MODULES
if use_new_ovn_repository; then
compile_ovn $OVN_BUILD_MODULES
compile_ovn
fi
sudo mkdir -p $OVS_PREFIX/var/log/openvswitch
@@ -383,6 +416,8 @@ function install_ovn {
sudo mkdir -p $OVS_PREFIX/var/log/ovn
sudo chown $(whoami) $OVS_PREFIX/var/log/ovn
else
# Load fixup_ovn_centos
source ${TOP_DIR}/tools/fixup_stuff.sh
fixup_ovn_centos
install_package $(get_packages openvswitch)
install_package $(get_packages ovn)
@@ -448,7 +483,7 @@ function filter_network_api_extensions {
function configure_ovn_plugin {
echo "Configuring Neutron for OVN"
if is_service_enabled q-svc ; then
if is_service_enabled q-svc neutron-api; then
filter_network_api_extensions
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2_type_geneve max_header_size=$OVN_GENEVE_OVERHEAD
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_nb_connection="$OVN_NB_REMOTE"
@@ -472,7 +507,9 @@ function configure_ovn_plugin {
inicomment /$Q_PLUGIN_CONF_FILE network_log local_output_log_base="$Q_LOG_DRIVER_LOG_BASE"
fi
if is_service_enabled q-ovn-metadata-agent; then
if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent; then
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=True
elif is_service_enabled q-ovn-agent neutron-ovn-agent && [[ "$OVN_AGENT_EXTENSIONS" =~ 'metadata' ]]; then
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=True
else
populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=False
@@ -493,7 +530,9 @@ function configure_ovn_plugin {
fi
if is_service_enabled n-api-meta ; then
if is_service_enabled q-ovn-metadata-agent ; then
if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent; then
iniset $NOVA_CONF neutron service_metadata_proxy True
elif is_service_enabled q-ovn-agent neutron-ovn-agent && [[ "$OVN_AGENT_EXTENSIONS" =~ 'metadata' ]]; then
iniset $NOVA_CONF neutron service_metadata_proxy True
fi
fi
@@ -526,29 +565,42 @@ function configure_ovn {
fi
# Metadata
if is_service_enabled q-ovn-metadata-agent && is_service_enabled ovn-controller; then
local sample_file=""
local config_file=""
if is_service_enabled q-ovn-agent neutron-ovn-agent && [[ "$OVN_AGENT_EXTENSIONS" =~ 'metadata' ]] && is_service_enabled ovn-controller; then
sample_file=$NEUTRON_DIR/etc/neutron/plugins/ml2/ovn_agent.ini.sample
config_file=$OVN_AGENT_CONF
elif is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent && is_service_enabled ovn-controller; then
sample_file=$NEUTRON_DIR/etc/neutron_ovn_metadata_agent.ini.sample
config_file=$OVN_META_CONF
fi
if [ -n "$config_file" ]; then
sudo install -d -o $STACK_USER $NEUTRON_CONF_DIR
mkdir -p $NEUTRON_DIR/etc/neutron/plugins/ml2
(cd $NEUTRON_DIR && exec ./tools/generate_config_file_samples.sh)
cp $NEUTRON_DIR/etc/neutron_ovn_metadata_agent.ini.sample $OVN_META_CONF
configure_root_helper_options $OVN_META_CONF
cp $sample_file $config_file
configure_root_helper_options $config_file
iniset $OVN_META_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $OVN_META_CONF DEFAULT nova_metadata_host $OVN_META_DATA_HOST
iniset $OVN_META_CONF DEFAULT metadata_workers $API_WORKERS
iniset $OVN_META_CONF DEFAULT state_path $NEUTRON_STATE_PATH
iniset $OVN_META_CONF ovs ovsdb_connection tcp:$OVSDB_SERVER_LOCAL_HOST:6640
iniset $OVN_META_CONF ovn ovn_sb_connection $OVN_SB_REMOTE
iniset $config_file DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $config_file DEFAULT nova_metadata_host $OVN_META_DATA_HOST
iniset $config_file DEFAULT metadata_workers $API_WORKERS
iniset $config_file DEFAULT state_path $DATA_DIR/neutron
iniset $config_file ovs ovsdb_connection tcp:$OVSDB_SERVER_LOCAL_HOST:6640
iniset $config_file ovn ovn_sb_connection $OVN_SB_REMOTE
if is_service_enabled tls-proxy; then
iniset $OVN_META_CONF ovn \
iniset $config_file ovn \
ovn_sb_ca_cert $INT_CA_DIR/ca-chain.pem
iniset $OVN_META_CONF ovn \
iniset $config_file ovn \
ovn_sb_certificate $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt
iniset $OVN_META_CONF ovn \
iniset $config_file ovn \
ovn_sb_private_key $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key
fi
if [[ $config_file == $OVN_AGENT_CONF ]]; then
iniset $config_file agent extensions $OVN_AGENT_EXTENSIONS
iniset $config_file ovn ovn_nb_connection $OVN_NB_REMOTE
fi
fi
}
@@ -561,14 +613,20 @@ function init_ovn {
# create new ones on each devstack run.
_disable_libvirt_apparmor
local mkdir_cmd="mkdir -p ${OVN_DATADIR}"
mkdir -p $OVN_DATADIR
if [[ "$OVN_BUILD_FROM_SOURCE" == "False" ]]; then
mkdir_cmd="sudo ${mkdir_cmd}"
fi
$mkdir_cmd
mkdir -p $OVS_DATADIR
rm -f $OVS_DATADIR/*.db
rm -f $OVS_DATADIR/.*.db.~lock~
rm -f $OVN_DATADIR/*.db
rm -f $OVN_DATADIR/.*.db.~lock~
sudo rm -f $OVN_DATADIR/*.db
sudo rm -f $OVN_DATADIR/.*.db.~lock~
sudo rm -f $OVN_RUNDIR/*.sock
}
function _start_ovs {
@@ -595,12 +653,12 @@ function _start_ovs {
dbcmd+=" --remote=db:hardware_vtep,Global,managers $OVS_DATADIR/vtep.db"
fi
dbcmd+=" $OVS_DATADIR/conf.db"
_run_process ovsdb-server "$dbcmd"
_run_process ovsdb-server "$dbcmd" "" "$STACK_GROUP" "root" "$OVS_RUNDIR"
# Note: ovn-controller will create and configure br-int once it is started.
# So, no need to create it now because nothing depends on that bridge here.
local ovscmd="$OVS_SBINDIR/ovs-vswitchd --log-file --pidfile --detach"
_run_process ovs-vswitchd "$ovscmd" "" "$STACK_GROUP" "root"
_run_process ovs-vswitchd "$ovscmd" "" "$STACK_GROUP" "root" "$OVS_RUNDIR"
else
_start_process "$OVSDB_SERVER_SERVICE"
_start_process "$OVS_VSWITCHD_SERVICE"
@@ -620,8 +678,8 @@ function _start_ovs {
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-remote="$OVN_SB_REMOTE"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-bridge="br-int"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-type="geneve"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-ip="$HOST_IP"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:hostname="$LOCAL_HOSTNAME"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-ip="$TUNNEL_IP"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:hostname=$(hostname)
# Select this chassis to host gateway routers
if [[ "$ENABLE_CHASSIS_AS_GW" == "True" ]]; then
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-cms-options="enable-chassis-as-gw"
@@ -635,11 +693,11 @@ function _start_ovs {
if is_service_enabled ovn-controller-vtep ; then
ovn_base_setup_bridge br-v
vtep-ctl add-ps br-v
vtep-ctl set Physical_Switch br-v tunnel_ips=$HOST_IP
vtep-ctl set Physical_Switch br-v tunnel_ips=$TUNNEL_IP
enable_service ovs-vtep
local vtepcmd="$OVS_SCRIPTDIR/ovs-vtep --log-file --pidfile --detach br-v"
_run_process ovs-vtep "$vtepcmd" "" "$STACK_GROUP" "root"
_run_process ovs-vtep "$vtepcmd" "" "$STACK_GROUP" "root" "$OVS_RUNDIR"
vtep-ctl set-manager tcp:$HOST_IP:6640
fi
@@ -662,9 +720,12 @@ function _start_ovn_services {
if is_service_enabled ovs-vtep ; then
_start_process "devstack@ovs-vtep.service"
fi
if is_service_enabled q-ovn-metadata-agent; then
if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent ; then
_start_process "devstack@q-ovn-metadata-agent.service"
fi
if is_service_enabled q-ovn-agent neutron-ovn-agent ; then
_start_process "devstack@q-ovn-agent.service"
fi
}
# start_ovn() - Start running processes, including screen
@@ -683,23 +744,26 @@ function start_ovn {
local cmd="/bin/bash $SCRIPTDIR/ovn-ctl --no-monitor start_northd"
local stop_cmd="/bin/bash $SCRIPTDIR/ovn-ctl stop_northd"
_run_process ovn-northd "$cmd" "$stop_cmd"
_run_process ovn-northd "$cmd" "$stop_cmd" "$STACK_GROUP" "root" "$OVN_RUNDIR"
else
_start_process "$OVN_NORTHD_SERVICE"
fi
# Wait for the service to be ready
wait_for_sock_file $OVS_RUNDIR/ovnnb_db.sock
wait_for_sock_file $OVS_RUNDIR/ovnsb_db.sock
# Check for socket and db files for both OVN NB and SB
wait_for_sock_file $OVN_RUNDIR/ovnnb_db.sock
wait_for_sock_file $OVN_RUNDIR/ovnsb_db.sock
wait_for_db_file $OVN_DATADIR/ovnnb_db.db
wait_for_db_file $OVN_DATADIR/ovnsb_db.db
if is_service_enabled tls-proxy; then
sudo ovn-nbctl --db=unix:$OVS_RUNDIR/ovnnb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem
sudo ovn-sbctl --db=unix:$OVS_RUNDIR/ovnsb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem
sudo ovn-nbctl --db=unix:$OVN_RUNDIR/ovnnb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem
sudo ovn-sbctl --db=unix:$OVN_RUNDIR/ovnsb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem
fi
sudo ovn-nbctl --db=unix:$OVS_RUNDIR/ovnnb_db.sock set-connection p${OVN_PROTO}:6641:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
sudo ovn-sbctl --db=unix:$OVS_RUNDIR/ovnsb_db.sock set-connection p${OVN_PROTO}:6642:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
sudo ovs-appctl -t $OVS_RUNDIR/ovnnb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
sudo ovs-appctl -t $OVS_RUNDIR/ovnsb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
sudo ovn-nbctl --db=unix:$OVN_RUNDIR/ovnnb_db.sock set-connection p${OVN_PROTO}:6641:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
sudo ovn-sbctl --db=unix:$OVN_RUNDIR/ovnsb_db.sock set-connection p${OVN_PROTO}:6642:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
sudo ovs-appctl -t $OVN_RUNDIR/ovnnb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
sudo ovs-appctl -t $OVN_RUNDIR/ovnsb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
fi
if is_service_enabled ovn-controller ; then
@@ -707,7 +771,7 @@ function start_ovn {
local cmd="/bin/bash $SCRIPTDIR/ovn-ctl --no-monitor start_controller"
local stop_cmd="/bin/bash $SCRIPTDIR/ovn-ctl stop_controller"
_run_process ovn-controller "$cmd" "$stop_cmd" "$STACK_GROUP" "root"
_run_process ovn-controller "$cmd" "$stop_cmd" "$STACK_GROUP" "root" "$OVN_RUNDIR"
else
_start_process "$OVN_CONTROLLER_SERVICE"
fi
@@ -716,18 +780,24 @@ function start_ovn {
if is_service_enabled ovn-controller-vtep ; then
if [[ "$OVN_BUILD_FROM_SOURCE" == "True" ]]; then
local cmd="$OVS_BINDIR/ovn-controller-vtep --log-file --pidfile --detach --ovnsb-db=$OVN_SB_REMOTE"
_run_process ovn-controller-vtep "$cmd" "" "$STACK_GROUP" "root"
_run_process ovn-controller-vtep "$cmd" "" "$STACK_GROUP" "root" "$OVN_RUNDIR"
else
_start_process "$OVN_CONTROLLER_VTEP_SERVICE"
fi
fi
if is_service_enabled q-ovn-metadata-agent; then
if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent; then
run_process q-ovn-metadata-agent "$NEUTRON_OVN_BIN_DIR/$NEUTRON_OVN_METADATA_BINARY --config-file $OVN_META_CONF"
# Format logging
setup_logging $OVN_META_CONF
fi
if is_service_enabled q-ovn-agent neutron-ovn-agent; then
run_process q-ovn-agent "$NEUTRON_OVN_BIN_DIR/$NEUTRON_OVN_AGENT_BINARY --config-file $OVN_AGENT_CONF"
# Format logging
setup_logging $OVN_AGENT_CONF
fi
_start_ovn_services
}
@@ -746,10 +816,18 @@ function _stop_process {
}
function stop_ovn {
if is_service_enabled q-ovn-metadata-agent; then
sudo pkill -9 -f haproxy || :
if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent; then
# pkill takes care not to kill itself, but it may kill its parent
# sudo unless we use the "ps | grep [f]oo" trick
sudo pkill -9 -f "[h]aproxy" || :
_stop_process "devstack@q-ovn-metadata-agent.service"
fi
if is_service_enabled q-ovn-agent neutron-ovn-agent; then
# pkill takes care not to kill itself, but it may kill its parent
# sudo unless we use the "ps | grep [f]oo" trick
sudo pkill -9 -f "[h]aproxy" || :
_stop_process "devstack@q-ovn-agent.service"
fi
if is_service_enabled ovn-controller-vtep ; then
_stop_process "$OVN_CONTROLLER_VTEP_SERVICE"
fi
@@ -792,5 +870,5 @@ function cleanup_ovn {
_cleanup $ovs_path
fi
sudo rm -f $OVN_RUNDIR
sudo rm -rf $OVN_RUNDIR
}
+19 -19
View File
@@ -7,6 +7,12 @@
_XTRACE_NEUTRON_OVS_BASE=$(set +o | grep xtrace)
set +o xtrace
# Load devstack ovs compliation and loading functions
source ${TOP_DIR}/lib/neutron_plugins/ovs_source
# Defaults
# --------
OVS_BRIDGE=${OVS_BRIDGE:-br-int}
# OVS recognize default 'system' datapath or 'netdev' for userspace datapath
OVS_DATAPATH_TYPE=${OVS_DATAPATH_TYPE:-system}
@@ -60,26 +66,20 @@ function _neutron_ovs_base_install_ubuntu_dkms {
}
function _neutron_ovs_base_install_agent_packages {
# Install deps
install_package $(get_packages "openvswitch")
if is_ubuntu; then
_neutron_ovs_base_install_ubuntu_dkms
restart_service openvswitch-switch
elif is_fedora; then
restart_service openvswitch
sudo systemctl enable openvswitch
elif is_suse; then
if [[ $DISTRO == "sle12" ]] && vercmp "$os_RELEASE" "<" "12.2" ; then
if [ "$Q_BUILD_OVS_FROM_GIT" == "True" ]; then
remove_ovs_packages
compile_ovs False /usr/local /var
load_conntrack_gre_module
start_new_ovs
else
# Install deps
install_package $(get_packages "openvswitch")
if is_ubuntu; then
_neutron_ovs_base_install_ubuntu_dkms
restart_service openvswitch-switch
else
# workaround for https://bugzilla.suse.com/show_bug.cgi?id=1085971
if [[ $DISTRO =~ "tumbleweed" ]]; then
sudo sed -i -e "s,^OVS_USER_ID=.*,OVS_USER_ID='root:root'," /etc/sysconfig/openvswitch
fi
restart_service openvswitch || {
journalctl -xe || :
systemctl status openvswitch
}
elif is_fedora; then
restart_service openvswitch
sudo systemctl enable openvswitch
fi
fi
}
+14 -15
View File
@@ -14,6 +14,7 @@
# Defaults
# --------
Q_BUILD_OVS_FROM_GIT=$(trueorfalse False Q_BUILD_OVS_FROM_GIT)
# Set variables for building OVS from source
OVS_REPO=${OVS_REPO:-https://github.com/openvswitch/ovs.git}
@@ -32,9 +33,9 @@ function load_module {
local fatal=$2
if [ "$(trueorfalse True fatal)" == "True" ]; then
sudo modprobe $module || (dmesg && die $LINENO "FAILED TO LOAD $module")
sudo modprobe $module || (sudo dmesg && die $LINENO "FAILED TO LOAD $module")
else
sudo modprobe $module || (echo "FAILED TO LOAD $module" && dmesg)
sudo modprobe $module || (echo "FAILED TO LOAD $module" && sudo dmesg)
fi
}
@@ -86,9 +87,15 @@ function prepare_for_ovs_compilation {
install_package kernel-devel-$KERNEL_VERSION
install_package kernel-headers-$KERNEL_VERSION
if is_service_enabled tls-proxy; then
install_package openssl-devel
fi
elif is_ubuntu ; then
install_package linux-headers-$KERNEL_VERSION
if is_service_enabled tls-proxy; then
install_package libssl-dev
fi
fi
}
@@ -96,7 +103,7 @@ function prepare_for_ovs_compilation {
function load_ovs_kernel_modules {
load_module openvswitch
load_module vport-geneve False
dmesg | tail
sudo dmesg | tail
}
# reload_ovs_kernel_modules() - reload openvswitch kernel module
@@ -157,10 +164,8 @@ function compile_ovs {
sudo make install
if [[ "$build_modules" == "True" ]]; then
sudo make INSTALL_MOD_DIR=kernel/net/openvswitch modules_install
reload_ovs_kernel_modules
else
load_ovs_kernel_modules
fi
reload_ovs_kernel_modules
cd $_pwd
}
@@ -175,24 +180,18 @@ function action_openvswitch {
${action}_service openvswitch-switch
elif is_fedora; then
${action}_service openvswitch
elif is_suse; then
if [[ $DISTRO == "sle12" ]] && [[ $os_RELEASE -lt 12.2 ]]; then
${action}_service openvswitch-switch
else
${action}_service openvswitch
fi
fi
}
# start_new_ovs() - removes old ovs database, creates a new one and starts ovs
function start_new_ovs {
sudo rm -f /etc/openvswitch/conf.db /etc/openvswitch/.conf.db~lock~
sudo /usr/share/openvswitch/scripts/ovs-ctl start
sudo /usr/local/share/openvswitch/scripts/ovs-ctl start
}
# stop_new_ovs() - stops ovs
function stop_new_ovs {
local ovs_ctl='/usr/share/openvswitch/scripts/ovs-ctl'
local ovs_ctl='/usr/local/share/openvswitch/scripts/ovs-ctl'
if [ -x $ovs_ctl ] ; then
sudo $ovs_ctl stop
@@ -211,5 +210,5 @@ function remove_ovs_packages {
# load_conntrack_gre_module() - loads nf_conntrack_proto_gre kernel module
function load_conntrack_gre_module {
sudo modprobe nf_conntrack_proto_gre
load_module nf_conntrack_proto_gre False
}
+56 -39
View File
@@ -47,7 +47,8 @@ Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-True}
# used for the network. In case of ofagent, you should add the
# corresponding entry to your OFAGENT_PHYSICAL_INTERFACE_MAPPINGS.
# For openvswitch agent, you should add the corresponding entry to
# your OVS_BRIDGE_MAPPINGS.
# your OVS_BRIDGE_MAPPINGS and for OVN add the corresponding entry
# to your OVN_BRIDGE_MAPPINGS.
#
# eg. (ofagent)
# Q_USE_PROVIDERNET_FOR_PUBLIC=True
@@ -60,6 +61,11 @@ Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-True}
# PUBLIC_PHYSICAL_NETWORK=public
# OVS_BRIDGE_MAPPINGS=public:br-ex
#
# eg. (ovn agent)
# Q_USER_PROVIDERNET_FOR_PUBLIC=True
# PUBLIC_PHYSICAL_NETWORK=public
# OVN_BRIDGE_MAPPINGS=public:br-ex
#
# The provider-network-type defaults to flat, however, the values
# PUBLIC_PROVIDERNET_TYPE and PUBLIC_PROVIDERNET_SEGMENTATION_ID could
# be set to specify the parameters for an alternate network type.
@@ -147,10 +153,6 @@ function _neutron_get_ext_gw_interface {
}
function create_neutron_initial_network {
local project_id
project_id=$(openstack project list | grep " demo " | get_field 1)
die_if_not_set $LINENO project_id "Failure retrieving project_id for demo"
# Allow drivers that need to create an initial network to do so here
if type -p neutron_plugin_create_initial_network_profile > /dev/null; then
neutron_plugin_create_initial_network_profile $PHYSICAL_NETWORK
@@ -170,15 +172,15 @@ function create_neutron_initial_network {
if is_provider_network; then
die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specify the PROVIDER_NETWORK_TYPE"
NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create $PHYSICAL_NETWORK --project $project_id --provider-network-type $PROVIDER_NETWORK_TYPE --provider-physical-network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider-segment $SEGMENTATION_ID} --share | grep ' id ' | get_field 2)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $project_id"
NET_ID=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" network create $PHYSICAL_NETWORK --provider-network-type $PROVIDER_NETWORK_TYPE --provider-physical-network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider-segment $SEGMENTATION_ID} --share -f value -c id)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK"
if [[ "$IP_VERSION" =~ 4.* ]]; then
if [ -z $SUBNETPOOL_V4_ID ]; then
fixed_range_v4=$FIXED_RANGE
fi
SUBNET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create --project $project_id --ip-version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} --network $NET_ID ${fixed_range_v4:+--subnet-range $fixed_range_v4} | grep ' id ' | get_field 2)
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $project_id"
SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} --network $NET_ID ${fixed_range_v4:+--subnet-range $fixed_range_v4} -f value -c id)
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME"
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then
@@ -187,8 +189,8 @@ function create_neutron_initial_network {
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$IPV6_PROVIDER_FIXED_RANGE
fi
IPV6_SUBNET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create --project $project_id --ip-version 6 --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID ${fixed_range_v6:+--subnet-range $fixed_range_v6} | grep ' id ' | get_field 2)
die_if_not_set $LINENO IPV6_SUBNET_ID "Failure creating IPV6_SUBNET_ID for $IPV6_PROVIDER_SUBNET_NAME $project_id"
IPV6_SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 6 --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID ${fixed_range_v6:+--subnet-range $fixed_range_v6} -f value -c id)
die_if_not_set $LINENO IPV6_SUBNET_ID "Failure creating IPV6_SUBNET_ID for $IPV6_PROVIDER_SUBNET_NAME"
fi
if [[ $Q_AGENT == "openvswitch" ]]; then
@@ -197,17 +199,17 @@ function create_neutron_initial_network {
sudo ip link set $PUBLIC_INTERFACE up
fi
else
NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create --project $project_id "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $project_id"
NET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" network create "$PRIVATE_NETWORK_NAME" -f value -c id)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME"
if [[ "$IP_VERSION" =~ 4.* ]]; then
# Create IPv4 private subnet
SUBNET_ID=$(_neutron_create_private_subnet_v4 $project_id)
SUBNET_ID=$(_neutron_create_private_subnet_v4)
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then
# Create IPv6 private subnet
IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6 $project_id)
IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6)
fi
fi
@@ -215,12 +217,12 @@ function create_neutron_initial_network {
# Create a router, and add the private subnet as one of its interfaces
if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
# create a tenant-owned router.
ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create --project $project_id $Q_ROUTER_NAME | grep ' id ' | get_field 2)
die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $project_id $Q_ROUTER_NAME"
ROUTER_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" router create $Q_ROUTER_NAME -f value -c id)
die_if_not_set $LINENO ROUTER_ID "Failure creating router $Q_ROUTER_NAME"
else
# Plugin only supports creating a single router, which should be admin owned.
ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create $Q_ROUTER_NAME -f value -c id)
die_if_not_set $LINENO ROUTER_ID "Failure creating router $Q_ROUTER_NAME"
fi
EXTERNAL_NETWORK_FLAGS="--external"
@@ -229,9 +231,9 @@ function create_neutron_initial_network {
fi
# Create an external network, and a subnet. Configure the external network as router gw
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type ${PUBLIC_PROVIDERNET_TYPE:-flat} ${PUBLIC_PROVIDERNET_SEGMENTATION_ID:+--provider-segment $PUBLIC_PROVIDERNET_SEGMENTATION_ID} --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type ${PUBLIC_PROVIDERNET_TYPE:-flat} ${PUBLIC_PROVIDERNET_SEGMENTATION_ID:+--provider-segment $PUBLIC_PROVIDERNET_SEGMENTATION_ID} --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} -f value -c id)
else
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2)
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS -f value -c id)
fi
die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
@@ -249,35 +251,32 @@ function create_neutron_initial_network {
# Create private IPv4 subnet
function _neutron_create_private_subnet_v4 {
local project_id=$1
if [ -z $SUBNETPOOL_V4_ID ]; then
fixed_range_v4=$FIXED_RANGE
fi
local subnet_params="--project $project_id "
subnet_params+="--ip-version 4 "
local subnet_params="--ip-version 4 "
if [[ -n "$NETWORK_GATEWAY" ]]; then
subnet_params+="--gateway $NETWORK_GATEWAY "
fi
subnet_params+="${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} "
subnet_params+="${fixed_range_v4:+--subnet-range $fixed_range_v4} "
subnet_params+="--network $NET_ID $PRIVATE_SUBNET_NAME"
local subnet_id
subnet_id=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2)
die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $project_id"
subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params -f value -c id)
die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet"
echo $subnet_id
}
# Create private IPv6 subnet
function _neutron_create_private_subnet_v6 {
local project_id=$1
die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE"
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$FIXED_RANGE_V6
fi
local subnet_params="--project $project_id "
subnet_params+="--ip-version 6 "
local subnet_params="--ip-version 6 "
if [[ -n "$IPV6_PRIVATE_NETWORK_GATEWAY" ]]; then
subnet_params+="--gateway $IPV6_PRIVATE_NETWORK_GATEWAY "
fi
@@ -285,8 +284,8 @@ function _neutron_create_private_subnet_v6 {
subnet_params+="${fixed_range_v6:+--subnet-range $fixed_range_v6} "
subnet_params+="$ipv6_modes --network $NET_ID $IPV6_PRIVATE_SUBNET_NAME "
local ipv6_subnet_id
ipv6_subnet_id=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2)
die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $project_id"
ipv6_subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params -f value -c id)
die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet"
echo $ipv6_subnet_id
}
@@ -319,7 +318,7 @@ function _neutron_create_public_subnet_v6 {
# Configure neutron router for IPv4 public access
function _neutron_configure_router_v4 {
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router add subnet $ROUTER_ID $SUBNET_ID
openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" router add subnet $ROUTER_ID $SUBNET_ID
# Create a public subnet on the external network
local id_and_ext_gw_ip
id_and_ext_gw_ip=$(_neutron_create_public_subnet_v4 $EXT_NET_ID)
@@ -327,10 +326,10 @@ function _neutron_configure_router_v4 {
ext_gw_ip=$(echo $id_and_ext_gw_ip | get_field 2)
PUB_SUBNET_ID=$(echo $id_and_ext_gw_ip | get_field 5)
# Configure the external network as the default router gateway
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router set --external-gateway $EXT_NET_ID $ROUTER_ID
openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" router set --external-gateway $EXT_NET_ID $ROUTER_ID
# This logic is specific to using OVN or the l3-agent for layer 3
if ([[ $Q_AGENT == "ovn" ]] && [[ "$OVN_L3_CREATE_PUBLIC_NETWORK" == "True" ]] && is_service_enabled q-svc neutron-server) || is_service_enabled q-l3 neutron-l3; then
if ([[ $Q_AGENT == "ovn" ]] && [[ "$OVN_L3_CREATE_PUBLIC_NETWORK" == "True" ]] && is_service_enabled q-svc neutron-api) || is_service_enabled q-l3 neutron-l3; then
# Configure and enable public bridge
local ext_gw_interface="none"
if is_neutron_ovs_base_plugin; then
@@ -363,7 +362,7 @@ function _neutron_configure_router_v4 {
# Configure neutron router for IPv6 public access
function _neutron_configure_router_v6 {
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router add subnet $ROUTER_ID $IPV6_SUBNET_ID
openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" router add subnet $ROUTER_ID $IPV6_SUBNET_ID
# Create a public subnet on the external network
local ipv6_id_and_ext_gw_ip
ipv6_id_and_ext_gw_ip=$(_neutron_create_public_subnet_v6 $EXT_NET_ID)
@@ -375,11 +374,11 @@ function _neutron_configure_router_v6 {
# If the external network has not already been set as the default router
# gateway when configuring an IPv4 public subnet, do so now
if [[ "$IP_VERSION" == "6" ]]; then
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router set --external-gateway $EXT_NET_ID $ROUTER_ID
openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" router set --external-gateway $EXT_NET_ID $ROUTER_ID
fi
# This logic is specific to using OVN or the l3-agent for layer 3
if ([[ $Q_AGENT == "ovn" ]] && [[ "$OVN_L3_CREATE_PUBLIC_NETWORK" == "True" ]] && is_service_enabled q-svc neutron-server) || is_service_enabled q-l3 neutron-l3; then
if ([[ $Q_AGENT == "ovn" ]] && [[ "$OVN_L3_CREATE_PUBLIC_NETWORK" == "True" ]] && is_service_enabled q-svc neutron-api) || is_service_enabled q-l3 neutron-l3; then
# if the Linux host considers itself to be a router then it will
# ignore all router advertisements
# Ensure IPv6 RAs are accepted on interfaces with a default route.
@@ -396,7 +395,13 @@ function _neutron_configure_router_v6 {
sudo sysctl -w net.ipv6.conf.all.forwarding=1
# Configure and enable public bridge
# Override global IPV6_ROUTER_GW_IP with the true value from neutron
IPV6_ROUTER_GW_IP=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" port list -c 'Fixed IP Addresses' | grep $ipv6_pub_subnet_id | awk -F'ip_address' '{ print $2 }' | cut -f2 -d\' | tr '\n' ' ')
# NOTE(slaweq): when enforce scopes is enabled in Neutron, router's
# gateway ports aren't visible in API because such ports don't belongs
# to any tenant. Because of that, at least temporary we need to find
# IPv6 address of the router's gateway in a bit different way.
# It can be reverted when bug
# https://bugs.launchpad.net/neutron/+bug/1959332 will be fixed
IPV6_ROUTER_GW_IP=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" router show $ROUTER_ID -c external_gateway_info -f json | grep -C 1 $ipv6_pub_subnet_id | grep ip_address | awk '{print $2}' | tr -d '"')
die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP"
if is_neutron_ovs_base_plugin; then
@@ -404,7 +409,10 @@ function _neutron_configure_router_v6 {
ext_gw_interface=$(_neutron_get_ext_gw_interface)
local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
# Configure interface for public bridge
# Configure interface for public bridge by setting the interface
# to "up" in case the job is running entirely private network based
# testing.
sudo ip link set $ext_gw_interface up
sudo ip -6 addr replace $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
# Any IPv6 private subnet that uses the default IPV6 subnet pool
# and that is plugged into the default router (Q_ROUTER_NAME) will
@@ -427,3 +435,12 @@ function is_networking_extension_supported {
EXT_LIST=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" extension list --network -c Alias -f value)
[[ $EXT_LIST =~ $extension ]] && return 0
}
function plugin_agent_add_l3_agent_extension {
local l3_agent_extension=$1
if [[ -z "$L3_AGENT_EXTENSIONS" ]]; then
L3_AGENT_EXTENSIONS=$l3_agent_extension
elif [[ ! ,${L3_AGENT_EXTENSIONS}, =~ ,${l3_agent_extension}, ]]; then
L3_AGENT_EXTENSIONS+=",$l3_agent_extension"
fi
}
+1 -1
View File
@@ -12,7 +12,7 @@ AGENT_METERING_BINARY="$NEUTRON_BIN_DIR/neutron-metering-agent"
METERING_PLUGIN="neutron.services.metering.metering_plugin.MeteringPlugin"
function neutron_agent_metering_configure_common {
_neutron_service_plugin_class_add $METERING_PLUGIN
neutron_service_plugin_class_add $METERING_PLUGIN
}
function neutron_agent_metering_configure_agent {
+21
View File
@@ -0,0 +1,21 @@
#!/bin/bash
function configure_placement_service_plugin {
neutron_service_plugin_class_add "placement"
}
function configure_placement_neutron {
iniset $NEUTRON_CONF placement auth_type "$NEUTRON_PLACEMENT_AUTH_TYPE"
iniset $NEUTRON_CONF placement auth_url "$KEYSTONE_SERVICE_URI"
iniset $NEUTRON_CONF placement username "$NEUTRON_PLACEMENT_USERNAME"
iniset $NEUTRON_CONF placement password "$SERVICE_PASSWORD"
iniset $NEUTRON_CONF placement user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NEUTRON_CONF placement project_name "$SERVICE_TENANT_NAME"
iniset $NEUTRON_CONF placement project_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NEUTRON_CONF placement region_name "$REGION_NAME"
}
function configure_placement_extension {
configure_placement_service_plugin
configure_placement_neutron
}
+30
View File
@@ -0,0 +1,30 @@
#!/bin/bash
function configure_qos_service_plugin {
neutron_service_plugin_class_add "qos"
}
function configure_qos_core_plugin {
configure_qos_$Q_PLUGIN
}
function configure_qos_l2_agent {
plugin_agent_add_l2_agent_extension "qos"
}
function configure_qos {
configure_qos_service_plugin
configure_qos_core_plugin
configure_qos_l2_agent
}
function configure_l3_agent_extension_fip_qos {
plugin_agent_add_l3_agent_extension "fip_qos"
}
function configure_l3_agent_extension_gateway_ip_qos {
plugin_agent_add_l3_agent_extension "gateway_ip_qos"
}

Some files were not shown because too many files have changed in this diff Show More