Compare commits

...

817 Commits

Author SHA1 Message Date
Zuul 2f3440dcfe Merge "Replace deprecated datetime.utcnow()" 2024-10-25 08:38:40 +00:00
Zuul 4ca490fd56 Merge "Globally skip devstack job for pre-commit config update" 2024-10-25 07:56:22 +00:00
Zuul 1d74620626 Merge "Add image format enforcement toggle" 2024-10-25 07:56:19 +00:00
Takashi Kajinami 2e04d0fa20 Globally skip devstack job for pre-commit config update
pre-commit has been introduced to number of projects like oslo to run
lint checks such as hacking. The pre-commit config file does not affect
functionality, so devstack job is not needed when only the file is
updated.

Change-Id: I4294fe0c4df2c36c8575613b05a1f9c2eb745d18
2024-10-24 00:54:28 +09:00
Zuul a1376e6f8c Merge "Bump cirros version to 0.6.3" 2024-10-21 14:22:36 +00:00
Takashi Natsume 50b0b60227 Replace deprecated datetime.utcnow()
The datetime.utcnow() is deprecated in Python 3.12.
Replace datetime.utcnow() with
datetime.now(datetime.timezone.utc).replace(tzinfo=None).

Change-Id: I9bf6f69d9e174d490bb4f3eaef3b364ddf97a954
Signed-off-by: Takashi Natsume <takanattie@gmail.com>
2024-10-19 12:55:43 +00:00
OpenStack Proposal Bot 29545a5109 Updated from generate-devstack-plugins-list
Change-Id: I374de22c7c916f9497c55bf404141776fd17f6c8
2024-10-16 02:50:33 +00:00
Zuul 224938d313 Merge "lib/cinder: Align endpoint creation code" 2024-10-10 08:20:11 +00:00
Zuul 9a05aa85ff Merge "lib/cinder: Strip project_id from URL" 2024-10-10 07:53:21 +00:00
Zuul 482e027a96 Merge "Catch and print the postgresql initdb error" 2024-10-09 17:48:31 +00:00
Zuul 3b23fbc77e Merge "lib/swift: Consistently quota variables" 2024-10-09 13:48:59 +00:00
Zuul a72e0f4bec Merge "lib/cinder: Remove 'volume3' endpoint" 2024-10-09 10:02:15 +00:00
Dan Smith 803a7d44c4 Add image format enforcement toggle
Related to blueprint glance-as-defender

Needed-By: https://review.opendev.org/c/openstack/tempest/+/931028
Change-Id: I8b22ed85eefde399f2e472780106dd39e51a5700
2024-10-02 07:03:15 -07:00
Rodolfo Alonso Hernandez f49d475bf2 Catch and print the postgresql initdb error
The logs are stored, by default, in
/var/lib/pgsql/initdb_postgresql.log.

Related-Bug: #2083482
Change-Id: I2c83e896819b20cd7a1ee8d8ee33354fb047a6d9
2024-10-02 13:24:03 +00:00
Stephen Finucane 6a8f65b476 lib/swift: Consistently quota variables
Change-Id: I6c3245a77cdc2849067568cfda5a838afda687e3
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:57 +01:00
Stephen Finucane 49933804c9 docs: Expand SSH guide further
smooney noted that using your DevStack host as a jump host is yet
another reasonable option. Add this option also.

Change-Id: I24887c254e131a8979653a7d17e64a708acf294a
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:35 +01:00
Stephen Finucane 14f60b951a docs: Expand SSH guide
Detail how one can SSH into guests running on a remote DevStack host.

Change-Id: I9f988b1193d67859b129f05d08b32a23e50aee49
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:35 +01:00
Stephen Finucane 3362be9eda docs: Add SSH guide
This is really easy win for people using DevStack for the first time.

Change-Id: I8de2d4d115d34e9d87dd461016b5b894d3f000e7
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:35 +01:00
Stephen Finucane 6512f0140c doc: drop sphinxcontrib-nwdiag, sphinxcontrib-blockdiag usage
sphinxcontrib-nwdiag does not appear to be maintained anymore [1] and
there have been no releases in nearly 5 years. Statically generate the
images and include them this way. We can revert this change if the
maintainership issue resolves itself.

sphinxcontrib-blockdiag has had activity more recently [2], but it's
still been nearly 3 years. More importantly, we don't actually use it so
there's no reason to keep it around.

[1] https://pypi.org/project/sphinxcontrib-nwdiag/#history
[1] https://pypi.org/project/sphinxcontrib-blockdiag/#history

Change-Id: Ic5244c792acd01f8aec5ff626e53303c1738aa69
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-10-01 11:54:21 +01:00
Dr. Jens Harbott fec589a1ce Bump cirros version to 0.6.3
This is the latest cirros release, featuring an updated kernel and some
fixes and added features, let's use it.

[0] https://github.com/cirros-dev/cirros/releases/tag/0.6.3

Change-Id: I2506fa713e0426789fa40a5f4f7fd4e963a158f0
2024-09-26 21:23:17 +02:00
Ghanshyam Mann 03bc214525 Update DEVSTACK_SERIES to 2025.1
stable/2024.2 branch has been created now and
current master is for 2025.1.

Change-Id: If5c9de9ddfab1bff313c70cf2c40ce7fbe60473f
2024-09-25 12:03:40 -07:00
Stephen Finucane 9b44390381 lib/cinder: Align endpoint creation code
Do this the same way we do it for Nova, to make for easier review.

Change-Id: I31877705894a21570f130723e0a27ff38f945eea
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-09-24 12:14:45 +00:00
Stephen Finucane 2d487d8c7b lib/cinder: Strip project_id from URL
This is optional. There's no need to include it.

Change-Id: I2e745865696dbb317f819ecb74f5b5df88a9ed76
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-09-24 12:14:37 +00:00
Stephen Finucane d7c3c0accc lib/cinder: Remove 'volume3' endpoint
This was needed when 'block-storage' pointed to the v2 API. This is no
longer the case (and hasn't been for some time). This is unnecessary
duplication now.

Change-Id: I00cfb56d3e54d0162b1609f4bf58814e9000c103
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/tempest/+/930296
2024-09-24 12:14:20 +00:00
yatinkarel 0ff6272862 Run chown for egg-info only if the directory exists
9-stream jobs failing since [1] merged as these still use
GLOBAL_VENV=False.
egg-info directory is not created in project source
directory when pyproject.toml is used in the project.
pyproject.toml being added across projects[2] to support pip 23.1.

[1] https://review.opendev.org/c/openstack/nova/+/899753
[2] https://review.opendev.org/q/topic:%22pip-23.1-support%22

Change-Id: I53954a37461aee5dd7f487d6bd205caef4408392
2024-09-03 08:14:00 +00:00
Sean Mooney 5ed2b7c6b2 make devstack-platform-ubuntu-noble voting
devstack-platform-ubuntu-noble was added in
Ie1f8ebc5db75d6913239c529ee923395a764e19c
and has been runnning for a little over 2 months

in that time

https://zuul.openstack.org/builds?job_name=devstack-platform-ubuntu-noble

the job has been pretty stable so its time to make
this voting in advance of it becoming required in the
2025.1 release.

Change-Id: Iffd6ccf9603117d6720931e260afa2da13c26ec4
2024-08-31 02:09:15 +01:00
Zuul ab83f37d33 Merge "ovn: use bundled ovs" 2024-08-29 11:37:57 +00:00
Zuul a90a776bce Merge "Fix get_default_host_ip ipv6 address parsing" 2024-08-27 12:05:55 +00:00
Zuul 129ac797e2 Merge "Handle_tags and branches for unmaintained also" 2024-08-20 17:21:53 +00:00
Zuul e8e25c1a6a Merge "Move the check of "rpc_workers" after the post-config phase" 2024-08-20 17:21:51 +00:00
Zuul 611b626d9c Merge "etcd: Replace deprecated --debug option" 2024-08-20 17:21:49 +00:00
Takashi Kajinami 9e1348f81b etcd: Replace deprecated --debug option
... to resolve the following warning.

[WARNING] Deprecated '--debug' flag is set to true (use
'--log-level=debug' instead

Change-Id: Idb412cea64dfc42e3d1223b77f134804eeb7bd60
2024-08-20 17:23:02 +09:00
Zuul d00bd6d41a Merge "Configure cinder service token" 2024-08-16 19:17:32 +00:00
Zuul 56e6b238cb Merge "Add config options for optimized upload volume" 2024-08-16 19:06:17 +00:00
Dan Smith 1a336ef4ae Trivial fixes from review of os-test-images
This fixes some trivial things from the review where this support was
added:

https://review.opendev.org/c/openstack/devstack/+/925425

Change-Id: I990a3816f425a1b4c8680ec43d698e32eea2238b
2024-08-15 06:05:58 +00:00
Rajat Dhasmana 80c1605a1d Configure cinder service token
Glance is implementing new location APIs, for which, cinder needs
to pass service token to register a location in glance.
This is required in the case when glance is using cinder as a backend
and cinder tries to upload a volume in the optimized path.

We are adding a new option, ``CINDER_USE_SERVICE_TOKEN`` that will
configure the service user section in cinder.conf. By default, it
is set to False.

Change-Id: I0045539f1e31a6d26c4f31935c5ddfaaa7607a48
2024-08-14 01:07:13 +05:30
Rajat Dhasmana d6e3d06001 Add config options for optimized upload volume
When glance is using cinder as a backend, we can use optimized
path for upload volume to image operation.
The config options image_upload_use_cinder_backend and
image_upload_use_internal_tenant are used to configure optimization
in the upload volume to image workflow where we create a cinder
volume in the internal service project and register the location
in glance.

Recently it was found that the glance location API workflow was
broken[1] for the upload volume case and it wasn't detected because we
are not testing it in our glance cinder job "cinder-for-glance-optimized".

This patch adds the config option to test the optimized path.

Note that the optimized upload functionality is only possible when glance
uses cinder as it's backend since it uses clone volume functionality to
clone the Image-Volume from the source volume.

[1] https://bugs.launchpad.net/glance/+bug/2054575

Change-Id: I521ed04696a5a545b2a2923cf8008bd64add7782
2024-08-14 00:56:30 +05:30
Eric Harney 3b0d76c30b Fix get_default_host_ip ipv6 address parsing
This is another occurrence of the issue fixed in bug
1786259 with change I30bf655f which occurs when there
are multiple IPv6 gateways present.

Before this change:
$ source openrc
+++++functions-common:get_default_host_ip:776  ip -f inet6 addr show 100
Device "100" does not exist.

This is because the ip route command returns:
default proto ra metric 100 expires 1497sec pref medium
	nexthop via fe80::4e16:fc01:298c:98ed dev ens3 weight 1
	nexthop via fe80::4e16:fc01:2983:88aa dev ens3 weight 1

Related-Bug: #1786259
Change-Id: I7729730df66a4dc7ee11df1d23b19b9c0794b575
2024-08-12 17:15:55 +00:00
Dan Smith 84ce1984b1 Add os-test-images support in lib/tempest
This generates the test images in os-test-images and also configures
tempest to know where it is (and if image conversion is enabled in
glance).

Change-Id: Ib74002828a77838ab95d2322e92bdab68caac37c
2024-08-09 07:17:28 -07:00
Zuul b2c406f497 Merge "oslo.log: Configure log color by $LOG_COLOR" 2024-08-08 06:34:11 +00:00
Rodolfo Alonso Hernandez 79a812a69e Move the check of "rpc_workers" after the post-config phase
The configuration variable can be checked in the Neutron configuration
during the post-config phase when the configuration files and sections
are merged together.

Closes-Bug: #2075342
Change-Id: Ic42463e2f72488a1b14ce49e4e435cb4a2c0c855
2024-08-07 15:35:26 -04:00
melanie witt 38dea33fe9 oslo.log: Configure log color by $LOG_COLOR
Relatively recently oslo.log 6.1.0 was released and contains change
I7966d4f4977b267f620946de4a5509f53b043652 which added an option to
enable color in logs which defaults to False. This caused a change in
behavior for DevStack such that viewing logs with journalctl no longer
showed different colors for different log levels, which can make
debugging more difficult when developing with DevStack.

This adds olso.log color configuration based on the existing $LOG_COLOR
DevStack variable for log color which defaults to True for interactive
invocations.

Change-Id: If10aada573eb4360e81585d4fb7e5d97f15bc52b
2024-08-05 18:03:49 +00:00
elajkat 92b65a84cc Handle_tags and branches for unmaintained also
Related-Bug: #2056276
Change-Id: Iaa34624d1d85cadf1b45bec780ef8d97dd054041
2024-08-05 11:39:06 +02:00
karolinku 8784a3027f Replacing usage of rdo-release rpm
with centos-release-openstack rpms follwing [1].

[1] https://issues.redhat.com/browse/RDO-311

Change-Id: I50951e077e73297d10b075677a440992d1e2fa91
2024-07-31 12:36:43 +02:00
Riccardo Pittau 6990b06cd3 Install simplejson in devstack venv
Workaround to avoid failure due to missing osc dependency
removed in [1]

[1] https://review.opendev.org/c/openstack/python-openstackclient/+/920001

Change-Id: I3f7541e691717186b7c73f10ffabae6fc0c5c9f9
2024-07-25 14:37:41 +02:00
Zuul d84b874ef6 Merge "Make nova only use the nova account" 2024-07-23 16:50:12 +00:00
Zuul 640899124f Merge "docs: Add a minimal Tempest guide" 2024-07-23 15:25:53 +00:00
Zuul 2694cc9d44 Merge "lib/neutron: Migrate neutron to WSGI module path" 2024-07-23 12:57:58 +00:00
Stephen Finucane 95697d84cb docs: Add a minimal Tempest guide
This can be fleshed out more in the future, including with information
about managing plugins, but this is a start.

Change-Id: I1094d093b704e37370e3e434ebf3697954e99da3
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
2024-07-23 11:37:05 +01:00
Stephen Finucane 0cd876384a lib/neutron: Migrate neutron to WSGI module path
Change-Id: Ie99ec3bf4198fa7cd7583d2dca648e1474f94aea
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/neutron/+/916407
2024-07-22 11:10:18 +00:00
Rodolfo Alonso Hernandez 13888a31d2 [Neutron] neutron-rpc-server is not a configurable service
The "neutron-rpc-server" is not a configurable service that can be
enabled or disabled. This service is a dependant process of the
"neutron-api-server" service that is spawned when the Neutron API
uses the WSGI module. The execution of this child service will depend
on:
* The Neutron API service when running with the WSGI module. If
  the Neutron API uses the eventlet module, this service won't run
  (the RPC workers will be spawned by the eventlet server).
* The "rpc_workers" configuration variable. If this variable is
  explicitly set to "0", the server must not run.

Closes-Bug: #2073844
Related-Bug: #2073572
Change-Id: Ic019423ca033ded8609d82bb11841b975862ac14
2024-07-20 15:55:07 +00:00
Rodolfo Alonso Hernandez aaaa03718b [Neutron] Do not execute RPC workers if "rpc_workers=0"
When the Neutron WSGI module is used, an independent service called
"neutron-rpc-server" is configured and executed. However it will fail
if the number of RPC workers is configured to zero. In that case,
the configuration and execution of this service should be skipped.

If the service is explicitly disabled in the devstack configuration,
it won't be executed neither.

Closes-Bug: #2073572
Change-Id: Idd023a2a8f588152221f20a13ae24fbb7d1618a4
2024-07-19 13:43:40 +00:00
Sean Mooney 6df5371918 bump guest ram to prevent kernel panics
one observation we had in down stream ci is
sometimes the cirros 0.6.2 image appared to
crash when using 128MB of ram.

upstream we have been dealing with semi random
kernel panics  which are losely corralated with
cinder volume usage.

Recently we optimisted the devstack jobs by using zswap
this has reduced memory pressure in the jobs.

This patch increase the ram allocated to a flavor
to see if we can afford that with the current conncurnace
level in an attempt to reduce kernel panics.

Two new parmaters are added to allow jobs or users
to set the desired ram size.
TEMPEST_FLAVOR_RAM=${TEMPEST_FLAVOR_RAM:-192}
TEMPEST_FLAVOR_ALT_RAM=${TEMPEST_FLAVOR_ALT_RAM:-256}

Change-Id: Ib6a2d5ab61a771d4f85bd2c2412052efadc77ac5
2024-07-12 20:16:06 +01:00
Zuul 1d48d2fa51 Merge "Drop remainders of identity API v2.0 references" 2024-07-11 22:55:29 +00:00
Zuul ea2ca7ea88 Merge "Add devstack-platform-ubuntu-noble to periodic" 2024-07-11 10:09:33 +00:00
Dr. Jens Harbott 696dbdf045 Make nova only use the nova account
Each service should only be using that service's user account within its
configuration, in order to reduce the possible impact of credential
leaks. Start with nova, other services will follow.

Change-Id: I6b3fef5de05d5e0cc032b83a2ed834f1c997a048
2024-07-11 09:52:44 +02:00
Zuul b67c20eca5 Merge "[Neutron] Add a new Neutron service: neutron-ovn-maintenance-worker" 2024-07-10 10:42:34 +00:00
Dr. Jens Harbott d714f7deaa Add devstack-platform-ubuntu-noble to periodic
Seems the platform is stable, let's add it to the periodic-weekly tests
that we run.

Change-Id: I185443c0fdb9e1248542a16fd877dc6b8ffd7683
2024-07-09 17:14:54 +02:00
Dr. Jens Harbott eb0ac1d217 Drop remainders of identity API v2.0 references
keystone has dropped the v2.0 API in queens, time to drop all special
casing for it.

Change-Id: If628c4627f7c8b8c2ee9bca16ea6db693cf8526a
2024-07-08 18:02:25 +02:00
Zuul 49729ab2c5 Merge "[Neutron] Add a new Neutron service: neutron-periodic-workers" 2024-07-08 15:14:10 +00:00
Rodolfo Alonso Hernandez 3a0c0b9ff4 [Neutron] Add a new Neutron service: neutron-ovn-maintenance-worker
This new service is spawned when using Neutron WSGI module. This new
service executes the OVN maintenance task that syncs the Neutron
database and the OVN database.

Depends-On: https://review.opendev.org/c/openstack/neutron/+/922074
Related-Bug: #1912359

Change-Id: I495459cd9e35e2e76ba7fc9611a589e1685814f5
2024-07-03 09:06:13 +00:00
yatinkarel c707dd3fc2 [nova] Add flag to set libvirt tb_cache_size
A config option is being added in nova with [1]
in order to allow configuring lower tb-cache size
for qemu guest VMs.

This patch adds a flag in devstack so jobs can
utilize it to set required tb-cache size.

[1] https://review.opendev.org/c/openstack/nova/+/868419

Co-Authored-By: Sean Mooney <work@seanmooney.info>
Related: blueprint libvirt-tb-cache-size
Change-Id: Ifde737eb5d87dfe860445097d1f2b0ce16b0de05
2024-06-26 17:40:16 +01:00
Sean Mooney db305d2a4b enable openstack-cli-server and other perfromace tunings
This commit enabeles a number of performance optimizations
to tune the host vms memory and io by leveraging zswap
and other kernel parmaters to minimize the effect of io
latency and memory pressure.

The openstack-cli-server has been enabled in the nova ci
for several months now and has proven to speed up devstack
signifcantly, while this change does not enable it by
default in devstack it does enable it by default in the ci
jobs.

simiarly the zswap and other tuning remain disabled by default
in devstack but are enabled by default in the devstack job.

This change limits the qemu tb_cache_size to 128MB form 1G,
this requires libvirt 8.0.0 or newer. as bullseye and
openeuler-22.03 do not meet that requirement they have been
removed. libvirt 8.0.0 will be the new min version supported
in nova in the 2025.1 release so the decions was made
to drop supprot for older release now instead of doing it
at the start of the 2025.1 cycle. debain coverage is still
provided by the newer bookworm relase. openeuler-22.03 has
been superseded by the openeuler-24.03 lts release.
openeuler-24.03 is not currnetly aviable in ci but supprot
could be readded if desired however that is out os scope of
this change.

Change-Id: Ib45ca08c7e3e833b14f7e6ec496ad2d2f7073f99
2024-06-25 11:01:54 +01:00
Zuul b425e822f6 Merge "stackrc: Remove USE_PYTHON3" 2024-06-24 10:52:04 +00:00
Zuul d0284d8c7b Merge "add ubuntu noble (24.04) support" 2024-06-24 00:19:12 +00:00
Sean Mooney 41d253a6f9 add ubuntu noble (24.04) support
This change installs setuptools in the requirements
and global venv to ensure that distutils is present

This change also adds new single and two node
nodeset for noble and a devstack platform job as nonvoting.

Change-Id: Ie1f8ebc5db75d6913239c529ee923395a764e19c
2024-06-21 16:35:32 +01:00
Rodolfo Alonso Hernandez 56368c271d [Neutron] Add a new Neutron service: neutron-periodic-workers
This new service is spawned when using Neutron WSGI module. This new
service executes the plugin workers inside a wrapper executor class
called ``AllServicesNeutronWorker``. The workers are executed as
threads inside the process.

Depends-On: https://review.opendev.org/c/openstack/neutron/+/922110
Related-Bug: #2069581

Change-Id: I6b76b7bcee1365c80f76231e0311406831f8ce41
2024-06-21 13:13:16 +00:00
yatinkarel 4d69238383 Fix rdo_release for unmaintained branches
Only branches with stable/ as prefix were considered
but now we have branches even with different
prefix like unmaintained/, fix it to consider
such cases by using a generic filter instead of
assuming branch name starts with stable.

Change-Id: I967de13094ff6df46737a22d4e1758f9900dfbc9
2024-06-21 18:30:30 +05:30
Zuul 9bcd7c240d Merge "openrc: Group auth-related options together" 2024-06-20 20:10:19 +00:00
Zuul 5f35bfd2a7 Merge "openrc: Stop setting OS_TENANT_NAME" 2024-06-20 09:59:22 +00:00
Zuul f6adb245bb Merge "Fix deployment of the neutron with uwsgi" 2024-06-14 22:53:04 +00:00
Slawek Kaplonski b500d80c76 Fix deployment of the neutron with uwsgi
After patch [1] deploying neutron with uwsgi was not working correctly
due to the fact that there was different paths for the applications
set in the api-paste.ini file. Instead of default ones like:

/: neutronversions_composite
/healthcheck: healthcheck
/v2.0: neutronapi_v2_0

it was changing it to something like:

/networking/: neutronversions_composite
/networking/healthcheck: healthcheck
/networking/v2.0: neutronapi_v2_0

where 'networking' can be configured to something else.
This patch fixes deployment of neutron with uwsgi by not changing its
api-paste.ini file when NEUTRON_DEPLOY_MOD_WSGI=True.

[1] https://review.opendev.org/c/openstack/devstack/+/849145

Closes-bug: #2069418
Change-Id: I12b860d4d98442e2b5ac0c9fd854f1226633b518
2024-06-14 14:08:00 +02:00
Stephen Finucane 5412dbfe7b stackrc: Remove USE_PYTHON3
This is no longer necessary and any users of this should be updated to
remove references.

Change-Id: Ice5083d8897376fd2ed6bd509419526e15baaf12
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-28 13:35:28 +01:00
Stephen Finucane 9fff87fbc7 openrc: Group auth-related options together
Change-Id: I98f283b33c2350cc4388463571013896086b31fa
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-28 13:33:32 +01:00
Stephen Finucane 608489cd59 openrc: Stop setting OS_TENANT_NAME
All clients - OSC included - use keystoneauth under the hood which
hasn't required this in a very long time. Stop setting it and remove the
warning.

We also remove references to 'NOVA_*' variables that haven't been a
thing since well before *I* started working on OpenStack 😅

Change-Id: I882081040215d8e32932ec5d03be34e467e4fbc2
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-28 13:30:45 +01:00
Zuul 92d70a8543 Merge "Display backup dashboard on Horizon when c-bak is enabled" 2024-05-22 12:50:03 +00:00
Zuul 85b8d2ccab Merge "lib/apache: Reshuffle lines" 2024-05-16 14:26:12 +00:00
Zuul 0eab4f97e4 Merge "lib/apache: Pass name, not path, to remove_uwsgi_config" 2024-05-16 14:26:10 +00:00
OpenStack Proposal Bot fadf63e4a9 Updated from generate-devstack-plugins-list
Change-Id: Ifa6db2e765f5f15a1d7421eef061377e55b58ec7
2024-05-16 02:37:02 +00:00
MinhNLH2 6971ccc49a Display backup dashboard on Horizon when c-bak is enabled
Currently, when enabling c-bak service, the backup tab will not
be shown on Horizon by default. This patch tells Horizon to
display backup dashboard when c-bak is enabled.

Closes-Bug: 2064496
Change-Id: I06295706e985bac58de2878c6d24c51f3267c205
Signed-off-by: MinhNLH2 <minh.nlh.work@gmail.com>
2024-05-16 00:37:07 +07:00
Ben Nemec 9a97326c3f Use OSCaaS to speed up devstack runs
OpenStackClient has a significant amount of startup overhead, which
adds a non-trivial amount of time to each devstack run because it makes
a lot of OSC calls. This change uses the OSC service from [0] to run
a persistent process that handles openstack calls. This removes most
of the startup overhead and in my local testing removes about three
minutes per devstack run.

Currently this is implemented as an opt-in feature. There are likely a
lot of edge cases in projects that use a devstack plugin so turning it
on universally is going to require boiling the ocean. I think getting
this in and enabled for some of the major projects should give us a lot
of the benefit without the enormous effort of making it 100% compatible
across all of OpenStack.

Depends-On: https://review.opendev.org/c/openstack/nova/+/918689
Depends-On: https://review.opendev.org/c/openstack/ironic/+/918690
Change-Id: I28e6159944746abe2d320369249b87f1c4b9e24e
0: http://lists.openstack.org/pipermail/openstack-dev/2016-April/092546.html
2024-05-14 07:30:55 -07:00
Stephen Finucane a6f3901a4b lib/apache: Reshuffle lines
Make it a little more obvious what the difference between the two helper
functions is.

Change-Id: I07ec34ecfcd2b7925485145c4b4bf68eda385a32
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-14 14:14:26 +01:00
Stephen Finucane d5182ce3fc lib/apache: Pass name, not path, to remove_uwsgi_config
We'd like to move from configuring uWSGI with '.wsgi' files to
configuring with module paths. Do this for all in-tree services and log
a deprecation warning for anyone still passing a path.

Note that since 'basepath foo' returns 'foo', this is effectively a
no-op for the services being converted here.

Change-Id: Ia1ad5ff160a9821ceab97ff1c24bc48cd4bf1d6f
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2024-05-14 14:12:02 +01:00
Zuul 951e53bfcc Merge "Upload images with --file instead of stdin" 2024-05-14 10:25:13 +00:00
Dr. Jens Harbott c80b9f4fc1 Drop reno
devstack doesn't do releases, so there should be no release notes,
either. Drop the one that was accidentally created to avoid confusion.

Change-Id: I75a295e50c36925a0137a5458444fb48bd5d9f8a
2024-05-13 11:04:45 +02:00
Dan Smith 769adbd69d Upload images with --file instead of stdin
This is more likely how people will actually upload their images, but
it also prevents the "osc as a service" feature from working because
stdin isn't proxied (of course). So just convert our uses of "image
create" to use --file instead of stdin.

Change-Id: I7205eb0100ba7406650ed609cf517cba2c8d30aa
2024-05-09 10:47:50 -07:00
Dan Smith aee9b0ff9e Make rocky 9 job non-voting
This job is currently failing with mirror or repo issues.

Change-Id: Ie0f862f933cd99cc9fe698d5a178b952e6e93ac4
2024-05-09 10:47:49 -07:00
Brian Haley 9be4ceeaa1 Fix datetime.utcnow() deprecation warning
Running stack.sh on a python 3.12 system generates this
warning from worlddump.py:

  DeprecationWarning: datetime.datetime.utcnow() is deprecated

Use datetime.now(timezone.utc) instead, which should be
backwards-compatible with older python versions.

TrivialFix

Change-Id: I11fe60f6b04842412045c6cb97f493f7fef66e1a
2024-04-23 15:37:37 -04:00
Stephen Finucane b6613b1e71 lib/apache: Use module paths instead of WSGI scripts
pbr's 'wsgi_scripts' entrypoint functionality is not long for this world
so we need to start working towards an alternative. We could start
packaging our own WSGI scripts in DevStack but using module paths seems
like a better option, particularly when it's supported by other WSGI
servers like gunicorn.

Currently only nova is migrated. We should switch additional projects as
they migrate and eventually remove the support for WSGI scripts
entirely.

Change-Id: I057dc635c01e54740ee04dfe7b39ef83db5dc180
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/nova/+/902687/
2024-04-19 11:42:07 +01:00
Zuul e2aeab1bc1 Merge "Fix neutron empty string check" 2024-04-16 21:47:40 +00:00
Zuul 1abf3598fa Merge "lib/apache: Rename variable" 2024-04-16 17:15:25 +00:00
Jaromir Wysoglad c336b87342 Fix neutron empty string check
The variable should be in quotes for the check to work

Testing the behavior in bash:
current behavior:
$ config_file=""
$ if [ -n ${config_file} ]; then echo a; fi
a

$ config_file="abc"
$ if [ -n ${config_file} ]; then echo a; fi
a

behavior with quotes:
$ config_file=""
$ if [ -n "$config_file" ]; then echo a; fi

$ config_file="abc"
$ if [ -n "$config_file" ]; then echo a; fi
a

Change-Id: Iba956d9d4f43b925848174a632aabe58999be74b
2024-04-12 08:37:49 +02:00
Zuul fca44cc375 Merge "Do not configure system-scope admin for keystone" 2024-04-03 19:57:45 +00:00
Martin Kopec 99a96288eb Update DEVSTACK_SERIES to 2024.2
stable/2024.1 branch has been created now and
current master is for 2024.2.

Change-Id: I4af9e87318ef9cbfede7df7c23872a1a7e38c820
2024-03-28 23:38:19 +01:00
Douglas Mendizábal e1b7cc0ef8 Do not configure system-scope admin for keystone
This patch removes a couple of tempest.conf settings that are being
overwrriten when Keystone is set to enforce scope.

These settings are already being set by the keystone devstack plugin [1]
and do not need to be overwritten here.

Keystone is changing the default admin credentials to be project-admin
instead of system-admin to address some failing tests in services that
require project-scoped admin for their admin APIs. [2]  These overrides
are preventing that change from taking effect.

[1] https://opendev.org/openstack/keystone/src/branch/stable/2024.1/devstack/lib/scope.sh#L24-L25
[2] https://review.opendev.org/c/openstack/keystone/+/913999

Change-Id: I48edbcbaa993f2d1f35160c415986d21a15a4999
2024-03-25 12:15:59 -04:00
Zuul f4f09416ca Merge "Drop unused environments for TripleO and heat agents" 2024-03-19 18:55:14 +00:00
huicoffee 5f5255bc01 Remove Glance uWSGI config in clean.sh
Updated clean.sh to remove Glance's Apache uWSGI config files in
APACHE_CONF_DIR, including /etc/apache2/sites-enabled/ on Ubuntu.

Test Plan:
- Run clean.sh.
- Confirm Glance uWSGI configs are removed from APACHE_CONF_DIR.

Closes-Bug: #2057999

Change-Id: I44475b8e084c4b20d7b7cb7f28574f797dbda7a2
2024-03-15 20:15:09 +08:00
OpenStack Proposal Bot 5e837d1f0d Updated from generate-devstack-plugins-list
Change-Id: Ic99b518ddf1045893991accaa089f44d0d4f4b0d
2024-03-06 03:13:36 +00:00
Zuul c7fdfbaed2 Merge "Ignore 500 status code in generate plugin script" 2024-03-05 22:29:21 +00:00
Zuul ee178dcdb5 Merge "Drop the devstack-single-node-centos-7 nodeset" 2024-03-05 17:57:23 +00:00
Zuul 94562b4003 Merge "Make centralized_db driver as default cache driver" 2024-03-05 17:26:24 +00:00
Ghanshyam Mann 1fe7707cf0 Ignore 500 status code in generate plugin script
Due to various reasons, this script may encounter the
500 status code from some repo (x/fuel-plugin-onos in current case[1])
If that happen then it return failure status code to the
propose-updates job and fail that job

- https://zuul.openstack.org/builds?job_name=propose-updates&project=openstack%2Fdevstack&skip=0

It is better not to raise the 500 error in this script and just ignore those
repo to process further to detect the plugin.

[1] https://zuul.openstack.org/build/dba0aa41d145472397916dfcd13948de/log/job-output.txt#2442

Change-Id: Ibca0a2aac404161340e8fc00170018eecf5c8326
2024-03-05 08:37:03 -08:00
Jeremy Stanley af57c0b778 Drop the devstack-single-node-centos-7 nodeset
OpenDev is preparing to remove centos-7 nodes on March 15[*]. This
change drops one nodeset definition which is the last remaining
reference on DevStack's master branch.

[*] https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/A2YIY5L7MVYSQMTVZU3L3OM7GLVVZPLK/

Change-Id: Icd487e1012263a9b0bc13b529d31ff2025108adf
2024-03-04 18:27:51 +00:00
Takashi Kajinami 50c791c0ae Drop unused environments for TripleO and heat agents
TripleO was already retired. These environments are not actually used
by heat jobs.

Change-Id: I63b7413a1575a620f9d2cbd56e93be78816639e0
2024-02-29 17:02:55 +09:00
Zuul 57c685496f Merge "Drop nodesets with ubuntu-xenial" 2024-02-26 21:04:24 +00:00
Zuul 8bc99f3ef1 Merge "nova: unset cpu_model on aarch64" 2024-02-23 18:27:39 +00:00
Dr. Jens Harbott 402b7e89b6 Drop nodesets with ubuntu-xenial
The ubuntu-xenial labels are going to disappear from opendev as that
image is EOL and will we deleted. Clean up our zuul config.

Update some example reference as well.

Change-Id: Id04110f7c871caa1739ff2b62e9796be4fb9aa00
2024-02-23 11:46:03 +01:00
Zuul ed41f85d72 Merge "Add cinder-manage to /usr/local/bin/" 2024-02-13 17:14:03 +00:00
Slawek Kaplonski 4ddd456dd3 Add support for the pyproject.toml file in setup with constraints
In the _setup_package_with_constraints_edit name of the package was
always discovered from the setup.cfg file. But as some projects
implements PEP-621 (see [1] for the SQLAlchemy for example) it is not
enough now.
This patch adds parsing pyproject.toml file also if name is not found in
the setup.cfg file.

[1] https://github.com/sqlalchemy/sqlalchemy/commit/a8dbf8763a8fa2ca53cc01033f06681a421bf60b

Closes-Bug: #2052509
Change-Id: Iee9262079d09a8bd22cd05a8f17950a41a0d1f9d
2024-02-09 15:50:16 +01:00
Zuul 1ba76adccb Merge "Increase timeout for reimage operation" 2024-02-08 14:15:10 +00:00
Zuul 15a6f3e410 Merge "Uncap bashate" 2024-02-07 19:16:32 +00:00
Abhishek Kekane d251d12d71 Make centralized_db driver as default cache driver
Making newly introduced `centralized_db` driver as default cache
driver for glance so that it can be tested in available CI jobs.

New cache driver `centralized_db` needs `worker_self_reference_url`
in glance-api.conf file otherwise glance api service will fail to
start.

Related blueprint centralized-cache-db
Depends-On: https://review.opendev.org/c/openstack/glance/+/899871

Change-Id: I75267988b1c80ac9daa5843ce8462bbac49ffe27
2024-01-31 21:37:20 +00:00
Takashi Kajinami b485549efc Uncap bashate
The bashate tool has been very stable for a while and we rarely expect
changes which may break existing scripts.

This removes the current capping to avoid updating the upper limit when
when a new release is created in bashate.

Change-Id: Iae94811aebf58b491d6b2b2773db88ac50fdd737
2024-01-29 11:42:32 +09:00
Sean Mooney 5c1736b782 fix zswap enable flag
zswap should only be enabled if ENABLE_ZSWAP is true.
The if condition was checking ENABLE_KSMTUNED.
That is now fixed.

Change-Id: I76ba139de69fb1710bcb96cc9f638260463e2032
2024-01-24 10:53:12 +00:00
Zuul 031732998a Merge "add support for zswap and ksmtuned" 2024-01-24 00:21:17 +00:00
Sean Mooney 224fe1b09a add support for zswap and ksmtuned
This change add a new lib/host-mem file and moves the existing
ksm support to a new configure_ksm function.
Additional support for ksmtuned is added with a new flag
"ENABLE_KSMTUNED" which defaults to true.

This change also adds support for zswap. zswap is disabled
by default. When enabled on ubuntu lz4 will
be used as the default compressor and z3fold as the zpool.
On non debian distros the compressor and zpool are not set.
The default values should result in very low overhead although
the zstd compressor may provide better overall performance in ci
or with slow io due to the higher compression ratio.

Additionally memory and network sysctl tunings are optionally applied
to defer writes, prefer swapping and optimise tcp connection
startup and keepalive. The sysctl tunings are disabled by default
The base devstack job has been modifed to enable zram and sysctl
tuning.

Both ksm and zswap are wrapped by a tune_host function
which is now called very early in devstack to ensure
they are configured before any memory/network intensive
operations are executed.

The ci jobs do not enable this functionality by default.
To use this functionaltiy define

        ENABLE_SYSCTL_MEM_TUNING: true
        ENABLE_SYSCTL_NET_TUNING: true
        ENABLE_ZSWAP: true

in the devstack_localrc section of the job vars.

Change-Id: Ia5202d5a9903492a4c18b50ea8d12bd91cc9f135
2024-01-16 19:51:00 +00:00
Rodolfo Alonso Hernandez 6091df25a3 [OVN] Add support for the Neutron OVN agent service
The Neutron OVN agent is a service that could run in any node. The
functionality will depend on the extensions configured. This new
agent is meant to be the replacement for the Neutron OVN metadata
agent once the "metadata" extension is implemented in this service
[1].

[1]https://review.opendev.org/c/openstack/neutron/+/898238

Related-Bug: #2017871
Change-Id: I8f82f0047e89aac122a67f59db84f03e1a6bf519
2024-01-15 09:23:58 +00:00
Fabian Wiesel a2da805f81 Fixup of 'Fix spelling of ADITIONAL_VENV_PACKAGES'
Introduced a dangling } in the environment variable.
This removes it.

Change-Id: If9413dc1751399e5b9c9a0094772394252e5a81c
2024-01-08 10:18:35 +01:00
Zuul a88b17177d Merge "Fix spelling of ADITIONAL_VENV_PACKAGES" 2024-01-03 19:03:37 +00:00
OpenStack Proposal Bot 7699ce2d5c Updated from generate-devstack-plugins-list
Change-Id: Ie5cbd87269a10d6abdf1d24f7e6224d9aac3bf5d
2023-12-25 03:14:20 +00:00
Fabian Wiesel 6fc0e74aa7 Fix spelling of ADITIONAL_VENV_PACKAGES
This preserved `ADITIONAL_VENV_PACKAGES` as an input for backwards
compatiblity, but takes `ADDITIONAL_VENV_PACKAGES` with priority.

Fixes spelling in comment.

Related-Bug: #2046936
Change-Id: I84151d8f71b12da134e8fb9dbf3ae30f2a171fe2
2023-12-19 13:48:57 +01:00
Rajat Dhasmana 5e98509eaa Increase timeout for reimage operation
Looking at the recent failures in the tempest-integrated-compute
job, the reimage operation seems to be taking longer than our
expected time of 60 seconds (which was increased because of a similar
failure in the past, default is 20 seconds).
The main culprit for this failure is the image conversion from qcow2
to raw which is taking ~159 seconds.

Dec 05 13:29:59.709129 np0035951188 cinder-volume[77000]: DEBUG oslo_concurrency.processutils [req-5113eccb-05ba-486a-8130-a58898c8ad35 req-0edf972a-109a-465f-a771-ceb87ecbda3e tempest-ServerActionsV293TestJSON-1780705112 None] CMD "sudo cinder-rootwrap /etc/cinder/rootwrap.conf qemu-img convert -O raw -t none -f qcow2 /opt/stack/data/cinder/conversion/image_download_dbe01f18-1c90-4536-a09a-b49f0811c7a0_copod3cm /dev/mapper/stack--volumes--lvmdriver--1-volume--073a98e8--3c89--4734--9ae5--59af25f8914a" returned: 0 in 159.272s {{(pid=77000) execute /opt/stack/data/venv/lib/python3.10/site-packages/oslo_concurrency/processutils.py:422}}

The recent run took ~165 seconds on the cinder side but it failed
early since the nova operation timed out in 60 seconds hence
deleting the volume.
To be on the safer side, 180 seconds seems to be a sane time for
the operation to complete which this patch configures.

Closes-Bug: 2046252
Change-Id: I8a9628216038f6d363cab5dd8177274c9cfc17c2
2023-12-12 12:55:30 +00:00
Yadnesh Kulkarni 6b0f055b4e Make multiple attempts to download image
Downloading an image can fail due to network issues, so let's
retry 5 times before giving up. We have seen issues in CI due
to network issues as described below and in the Related-Bug:-

Often times fetching Fedora image in FIPS jobs fails due to
"GnuTLS: One of the involved algorithms has insufficient security level."

This occurs when request to pull image is redirected to a mirror that's
incompatible with FIPS enabled system.

Making multiple attempts to download images could provide better chance of
pulling images from different mirrors and avoid failure of the job.
This will also save a few rechecks.

Related-Bug: #2045725
Change-Id: I7163aea4d121cb27620e4f2a083a543abfc286bf
2023-12-08 17:32:34 +05:30
Stephen Finucane d126330efe lib/apache: Rename variable
This is a little more meaningful, IMO.

Change-Id: Ib9d3fdc54b1cdbd822c2a4eca0a3310ca3f6324c
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2023-12-06 09:58:18 +00:00
Eric Harney 2e14add0fd Add cinder-manage to /usr/local/bin/
This is useful in a dev environment.

Change-Id: I247eb4aea23a906d0e667ec6c5ac79f932bdca24
2023-11-29 09:22:10 -05:00
Abhishek Kekane 2211c778db Allow devstack to set cache driver for glance
Added new devstack variable `GLANCE_CACHE_DRIVER` default
to `sqlite` to set the cache driver for glance service.

Related blueprint centralized-cache-db

Change-Id: I76d064590356e2d65bfc6a3f57d1bdaeeb83a74a
2023-11-22 06:25:48 +00:00
elajkat bb0c273697 Option for SQLAlchemy and alembic git source
Change-Id: If7ff0075834a1e9cee01713676166e56b797debd
Closes-Bug: #2042941
2023-11-16 19:49:29 +05:30
Zuul 9a55a925c4 Merge "Revert "Enable keystone token caching by OSC"" 2023-11-15 19:41:16 +00:00
yatin 82c30cd82e Revert "Enable keystone token caching by OSC"
This reverts commit 67630d4c52.

Reason for revert: Seeing random failures across jobs as sometimes
'keyring_pass.cfg' gets duplicated keys and that makes executions
of any openstackclient command to fail until the file is removed.
This should be handled before re enabling the token caching again.

Change-Id: I3d2fe53a2e7552ac6304c30aa2fe5be33d77df53
Related-Bug: #2042943
2023-11-15 12:44:50 +00:00
Dr. Jens Harbott e7c12616e2 Add periodic-weekly pipeline with platform jobs
Originally we only had the openeuler jobs there, but the other platforms
could also do with some regular testing.

Change-Id: I93526a4c592d85acd4debf72eb59e306ab8e6382
2023-11-14 16:32:17 +01:00
Zuul 57d3b21dd9 Merge "ignore dbcounter sub dirs" 2023-11-12 19:49:24 +00:00
tzing 0f402b8327 Fix openEuler support
openEuler 22.03 LTS support was removed from devstack in last
few months due to its libvirt version is too old and the CI job
always fail.

This Patch add a yum repository for libvirt7.2.0, and add the
related CI job to make sure its works well.

Change-Id: Ic507f165cfa117451283360854c4776a968bbb10
2023-11-07 06:14:58 +00:00
Zuul 3ffcc89d5d Merge "Enable keystone token caching by OSC" 2023-10-30 20:28:18 +00:00
Sean Mooney 5123700ea6 ignore dbcounter sub dirs
currently id you run devstack with the dbcounter service enabled
the created subdirs show up in git status

this change justs add them to .gitgnore

Change-Id: Iee48eb4e12ac22734c8a2c1dcbe0b92a0a387eaa
2023-10-27 02:38:19 +01:00
Artem Goncharov 67630d4c52 Enable keystone token caching by OSC
SDK uses python keyring library to enable token caching. Normally this
is requiring a proper desktop (interactive) session, but there are some
backend plugins working in non-interactive mode. Store cache in an
unencrypted file on FS (this is not worse than storing passwords in
plaintext).

Change-Id: I42d698f15db5918443073fff8f27b926126d1d0f
2023-10-26 11:07:30 +02:00
Ghanshyam Mann bacb840094 Enable NEUTRON_ENFORCE_SCOPE to True by default
Neutron bobcat release has enabled the RBAC new defaults
by default. With the latest release of Neutron have new
defaults enable, we should configure the same by default in
devstack. This change make NEUTRON_ENFORCE_SCOPE flag to
True by default so that every job will run with Neutron
new defaults.

As old defaults are still supported (in deprecated way),
we will keep this flag so that we can have one job disable
it and test the old defaults.

Change-Id: I3361d33885b2e3af7cad0141f9b799b2723ee8a1
2023-10-25 12:52:28 -07:00
Dr. Jens Harbott 29e73a2155 Enable performance collection on Debian
Change-Id: I84f1432262138cc9ff0942e1a2b2abe7447afe34
2023-10-24 06:18:22 +02:00
Dan Smith cace404431 Fix performance stats gathering for global VENV
Change-Id: I113c571ffddb241b29b1394e181ed0145b3c1e04
2023-10-23 11:21:24 -07:00
Zuul 5613db3caa Merge "Add support volume backup_driver config option" 2023-10-19 13:35:48 +00:00
Zuul 99919cbbd8 Merge "Horizon: Install pymemcached" 2023-10-18 06:26:49 +00:00
Zuul 4975fad23e Merge "Allow forcing nova compute_id" 2023-10-17 13:43:45 +00:00
Takashi Kajinami d2acd60870 Horizon: Install pymemcached
... so that we can use PyMemcacheCache backend. The MemcachedCache
backend, which has been used previously, has been removed in recent
Django, and we are switching the default backend in [1].

[1] https://review.opendev.org/c/openstack/horizon/+/891828

Change-Id: Ie1da8970628e34c41721198cdada8c7bb3b26ec0
2023-10-16 15:04:13 +09:00
OpenStack Proposal Bot eb9b08a883 Updated from generate-devstack-plugins-list
Change-Id: Ieecc17159ac36b65124598c36fc92b77c2a75399
2023-10-14 02:26:11 +00:00
Dan Smith 72cf4e6006 Allow forcing nova compute_id
Developers that need to stack and re-stack non-AIO compute-only
environments will want to be able to keep the compute node uuid the
same across runs. This mimics the behavior of a deployment tool that
pre-creates the uuids, so it matches pretty well. Default to the
current behavior of create-on-start, but allow forcing it ahead of
time to something specific.

Change-Id: Icab0b783e2233cad9a93c04758a5bccac0832203
2023-10-12 11:08:30 -07:00
Dr. Jens Harbott ca4d5132e6 zuul: Drop neutron-linuxbridge-tempest job
Neutron has deprecated linuxbridge support and is only doing reduced
testing for the neutron-linuxbridge-tempest job, so we need no longer
run it in devstack, even less gate on it.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie1a8f978efe7fc9b037cf6a6b70b67d539d76fd6
2023-10-10 09:22:16 +02:00
Lukas Piwowarski 8c25a85861 Add support volume backup_driver config option
The depends-on patch adds a new backup_driver option to tempest.
The goal of this change is to be able to do a proper cleanup of
containers when swift is used as a backup driver.

Thich change makes sure that the new option is properly set to
"swift" when Swift is used as the driver.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/896011/13
Change-Id: I76e7fd712ee352051f8aa2f2912a29abad9ad017
2023-10-05 15:28:12 +00:00
Zuul 68ca13311d Merge "Update DEVSTACK_SERIES to 2024.1" 2023-10-04 11:58:11 +00:00
Zuul 9e41895dea Merge "CI: Make bookworm platform job voting" 2023-10-03 10:43:20 +00:00
Ghanshyam Mann 3d37d13ee7 Update DEVSTACK_SERIES to 2024.1
stable/2023.2 branch has been created now and
current master is for 2024.1

Change-Id: I67eee1ba721a1ad99b3503312acc2f94a52c5552
2023-09-28 11:36:07 -07:00
Zuul f871476c22 Merge "Use OS_CLOUD in sample local.sh" 2023-09-25 13:31:33 +00:00
Dan Smith 25cd7eb672 Fix g-api-r for non-global venv
This makes the glance-api-remote setup honor the GLOBAL_VENV flag,
and not pass the --venv stuff to uwsgi if it is disabled. This should
fix the glance-multistore-cinder-import-fips job.

Change-Id: I2005da5ced027d273e1f25f47b644fecafffc6c1
2023-09-21 09:54:49 -07:00
Jake Yip 5441b3df6e Use OS_CLOUD in sample local.sh
local.sh, if present, will be executed at the end of stack.sh. The
sample file here is meant to be copied to devstack root if desired.

Unfortunately, due to Change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
changing to use OS_CLOUD in stack.sh, sourcing openrc here will cause
both OS_CLOUD and traditional OS_* env vars to be set, which causes a
conflict.

Change-Id: Id80b46acab7d600ad7394ab5bc1984304825a672
2023-09-20 11:32:33 +00:00
Dr. Jens Harbott f73d312783 CI: Make bookworm platform job voting
It has been very stable for some time and it is going to be a major
platform for the next cycle.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Id2df9514b41eda0798179157282a8486b1e9ae23
2023-09-20 07:04:37 +02:00
OpenStack Proposal Bot d3953db766 Updated from generate-devstack-plugins-list
Change-Id: I18a47f5d604bbb83173151fb0b129deee2fcbe62
2023-09-19 02:15:19 +00:00
Zuul 129d0964a8 Merge "Remove openeuler job from periodic and check queue" 2023-09-12 21:45:50 +00:00
Zuul 0c9dbbbe11 Merge "Allow others to override NOVA_SERVICE_REPORT_INTERVAL" 2023-09-12 17:07:55 +00:00
Martin Kopec 290a02d1f8 Remove openeuler job from periodic and check queue
The openeuler job running version 22.03 fails due to old libvirt.
Nova requires version 7.0.0 or greater.

Related-Bug: #2035224
Change-Id: I4ad6151c3d8555de059c9228253d287aecf9f953
2023-09-12 17:32:03 +02:00
Zuul 428cb8a0a9 Merge "[nova][ironic] Support configuring 1 shard on n-cpu" 2023-09-12 11:37:19 +00:00
Zuul af8750c82a Merge "Remove wget + rpm workaround to manage repos install in CentOS" 2023-09-12 09:38:36 +00:00
Zuul e6ac2b6983 Merge "Add OVN_BRIDGE_MAPPINGS - support extra bridge" 2023-09-12 09:38:33 +00:00
Jay Faulkner e1297193dc [nova][ironic] Support configuring 1 shard on n-cpu
Allows for testing of basic sharding configuration.

Change-Id: Idfb2bd1822898d95af8643d69d97d9a76b4d64cc
Needed-By: https://review.opendev.org/c/openstack/ironic/+/894460
2023-09-11 17:44:09 +00:00
Zuul d51a6b9a11 Merge "Fix $LOGDIR owner to be stack.stack" 2023-09-05 16:50:32 +00:00
Lucas Alvares Gomes a389128dba OVN: Let ironic manage the OVN startup in it's case.
In order for Ironic perform full testing with devstack, it uses
virtual machines attached to a ovs bridge network to simulate
bare metal machines. This worked great for OVS because often
OVS was already running on the nodes due to the package, and
we could just apply configuration and be done with it when
Ironic's devstack plugin was applying initial configuration and
setting up the test environment.

With OVN, and the requirement of a specific co-installed OVS
version, Ironic has discovered that we cannot perform this same
configuration without having already started OVN during the
initial system setup. Which is fine, but we can't initialize
and start OVN twice. It just doesn't work.

The original form of this patch was proposed by lucasgnomes
in order to validate that we, did, indeed, need to do this
to enable Ironic to successfully test an OVN based
configuration, and is now being revised to handle that case
automatically when Ironic is the selected virt plugin.

Co-Authored-By: Julia Kreger <juliaashleykreger@gmail.com>
Change-Id: Ifbfdaaa97fdbe75ede49dc47235e92a8035d1de6
2023-09-04 13:38:23 +00:00
Harald Jensås 16ac21f0da Add OVN_BRIDGE_MAPPINGS - support extra bridge
Add's the OVN_BRIDGE_MAPPINGS variable to ovn_agent.
Uses the same format as OVS_BRIDGE_MAPPINGS, it defaults
to "$PYSICAL_NETWORK:$PUBLIC_BRIDGE".

This enables use of providernet for public network and
setting up additional bridges, for example a for baremetal.

Example:
  Q_USE_PROVIDER_NETWORKING="True"
  OVS_PHYSICAL_BRIDGE="brbm"
  PHYSICAL_NETWORK="mynetwork"
  PUBLIC_PHYSICAL_NETWORK="public"
  PUBLIC_BRIDGE="br-ex"
  OVN_BRIDGE_MAPPINGS="public:br-ex,mynetwork:brbm"

Change-Id: I37317251bbe95d64de06d6232c2d472a98c0ee4d
2023-09-04 13:45:23 +02:00
Dr. Jens Harbott 427a4e1a9b Drop focal platform job and support
This was dropped in tempest, too[0], and we want to focus on getting and
keeping the jammy job stable.

Still retaining the nodeset definitions until we are sure they are not
needed in other projects.

[0] https://review.opendev.org/c/openstack/tempest/+/884952

Change-Id: Iafb5a939a650b763935d8b7ce7069ac4c6d9a95b
2023-09-03 12:07:41 -07:00
yatinkarel ffc1b76f64 [neutron] Rely on PATH env set by devstack
This was missed as part of [1], neutron sets
exec_dirs in rootwrap.conf differently so that
also needs to be fixed.

Without it neutron openvswitch jobs relying on
neutron-keepalived-state-change scripts were
failing when deployed with GLOBAL_VENV=True as
binaries no longer found at /usr/local/bin.

[1] https://review.opendev.org/c/openstack/devstack/+/558930

Closes-Bug: #2031415
Change-Id: I9aa56bff02594f253381ffe47a70949079f4c240
2023-08-28 11:01:07 +05:30
Zuul e2bd271790 Merge "Fix configuration of LVM global_filter" 2023-08-24 19:57:23 +00:00
Zuul 2342fcabd7 Merge "Fix glance-remote with global venv" 2023-08-24 03:41:31 +00:00
melanie witt ef53db76d0 Fix configuration of LVM global_filter
As far as I could tell, the global_filter config added in change
I5d5c48e188cbb9b4208096736807f082bce524e8 wasn't actually making it
into the lvm.conf. Given the volume (or rather LVM volume) related
issues we've been seeing in the gate recently, we can give this a try
to see if the global_filter setting has any positive effect.

This also adds the contents of /etc/lvm/* to the logs collected by the
jobs, so that we can see the LVM config.

Change-Id: I2b39acd352669231d16b5cb2e151f290648355c0
2023-08-24 03:28:31 +00:00
Dan Smith 5a51aa524c Fix glance-remote with global venv
The base systemd unit file setup now writes an Environment= line to
the file for the venv. The glance-remote code was setting that to
point at the alternate config location, using iniset which was
clobbering the venv one. Switch to iniadd to fix.

Also, we need to explicitly put the --venv flag into the command since
we write our unit file ourselves. This probably needs a cleanup at
this point, but since the glance gate is blocked, do this for now.

Change-Id: I2bd33de45c41b18ed7d4270a7301b1e322134987
2023-08-23 14:41:39 -07:00
Zuul 640c318f38 Merge "Set GLOBAL_VENV to false for centos and rocky" 2023-08-23 19:42:43 +00:00
Martin Kopec 7cd3a8eebe Set GLOBAL_VENV to false for centos and rocky
As a temporary workaround, let's set the GLOBAL_VENV to false
specifically for centos 9 stream and rocky distros where we
encountered issues after changing the default value
of GLOBAL_VENV to True in Devstack:
https://review.opendev.org/c/openstack/devstack/+/558930

Related-Bug: #2031639
Change-Id: I708b5a81c32b0bd650dcd63a51e16346863a6fc0
2023-08-23 17:39:34 +02:00
Zuul 21eac99e4e Merge "Update etcd version to 3.4.27" 2023-08-23 00:42:11 +00:00
Jan Gutter 3a7a3cd8c5 Update etcd version to 3.4.27
* etcd 3.3 is no longer maintained.
* etcd 3.4 removes deprecated interfaces, and clients may
  need updated configs.
* The cinder backend coordination URL needs to explicitly
  specify the version, until tooz can be updated
  https://review.opendev.org/c/openstack/tooz/+/891355
* etcd only supports in-place upgrades between minor
  versions, so any jobs testing upgrades could fail if
  they skip from 3.2 directly to 3.4

Change-Id: Ifcecdffa17a3a2b1075aa503978c44545c4a2a3c
2023-08-22 16:34:03 +01:00
Zuul bd472fd53d Merge "Revert "Woraround systemd issue on CentOS 9-stream"" 2023-08-22 07:00:11 +00:00
yatin 7c4a955c52 Revert "Woraround systemd issue on CentOS 9-stream"
This reverts commit 113689ee46.

Reason for revert: systemd-252-17.el9 which includes the fix is now available in CentOS 9-stream repos.

Change-Id: I6fe19838a75a30fd5d2434c03b7f403f1c7e4b50
2023-08-21 06:28:30 +00:00
Artom Lifshitz 220004fb5c Allow others to override NOVA_SERVICE_REPORT_INTERVAL
While the patch where this was first introduced and set to 120 [1] is
sensible for the vast majority of jobs, it's conceivable that some
jobs might want a different value.

Specifically, the whitebox-tempest-plugin changes configurations and
restarts Nova services, and to do so it waits for the service status
to update in the API before continuing with the tests. With the report
interval set to 120 and the down time threshold set to 720, the
service would continue showing 'up' in the API long after it was
actually down, causing the wait to time out.

Whitebox is a low-traffic project with only a couple of devstack jobs
that run tempest tests sequentially (concurrency=1). Its CI is also
pretty stable. It seems legitimate for it to keep the old default
values of report_interval and service_down_time.

This patch keeps the 120 default for NOVA_SERVICE_REPORT_INTERVAL, but
makes it configurable by individual jobs. Since the original patch
also introduced CINDER_SERVICE_REPORT_INTERVAL as a constant, make
that configurable as well.

[1] https://review.opendev.org/c/openstack/devstack/+/890439

Needed-by: https://review.opendev.org/c/openstack/whitebox-tempest-plugin/+/891612
Change-Id: I64fa2059537ea072a38fb4900d3c7d2d8f0ce429
2023-08-16 14:32:12 -04:00
Ghanshyam 08b434e5b0 Revert "GLOBAL_VENV: add nova to linked binaries"
This reverts commit 26b5eddeaa.

Reason for revert: nova changed to use osc

- https://review.opendev.org/c/openstack/nova/+/891247/2

Resolving conflict due to
- https://review.opendev.org/c/openstack/devstack/+/891248

Change-Id: I69e179a90a241946b3f426a41c38ae72a66ba6dc
2023-08-14 12:42:49 -07:00
Dr. Jens Harbott 4c45bec6eb GLOBAL_VENV: add more binaries
glance and rally binaries are also needed.

Also make sure the cinder-rtstool is only called when cinder is actually
enabled.

Change-Id: I18113eabf2fa83e36bace276883775303f6a1e9a
2023-08-12 11:35:08 +02:00
Zuul af9e67c050 Merge "GLOBAL_VENV: add nova to linked binaries" 2023-08-12 05:32:31 +00:00
Zuul cd486f13aa Merge "Add debian-bookworm job" 2023-08-11 21:46:42 +00:00
Dr. Jens Harbott 26b5eddeaa GLOBAL_VENV: add nova to linked binaries
This is being used in some nova jobs, so we need to add it. Also order
the list of linked binaries to allow easier maintenance.

Change-Id: Ief012f7842d6e14380c9575740d1856bc1f2355e
2023-08-11 21:51:05 +02:00
Zuul c1d1954e91 Merge "Add option to install everything in global venvs" 2023-08-11 18:04:15 +00:00
Zuul d7ab61747a Merge "Disable waiting forever for connpool workers" 2023-08-09 03:06:35 +00:00
Brian Haley 4363b0bd84 Fix $LOGDIR owner to be stack.stack
I have seen this failure in the gate a few times:

[ERROR] /opt/stack/devstack/functions-common:2334 Neutron did not start
/opt/stack/devstack/functions-common: line 310:
  /opt/stack/logs/error.log: Permission denied

So whatever was trying to be written to error.log never
happened. Change to be like other directories in this
file and make the $LOGDIR owner stack.stack.

Change-Id: I673011aba10c8d03234100503ccc5876e75baff2
2023-08-08 08:38:00 -04:00
Zuul 3e0a118d17 Merge "Add SERVICE_REPORT_INTERVAL knob" 2023-08-08 05:05:39 +00:00
Alfredo Moralejo 0da88c4af0 Remove wget + rpm workaround to manage repos install in CentOS
RDO has moved rdo-release packages to a new infra which supports EMS so
we do not need to wget it and install it using local rpm install.

This partially reverts [1].

[1] https://review.opendev.org/c/openstack/devstack/+/884277/

Change-Id: I189d0c3da0e7b017e2568022c14e6c8fb28251f1
2023-08-07 14:16:12 +02:00
Zuul b4e934c9fa Merge "Woraround systemd issue on CentOS 9-stream" 2023-08-05 11:37:11 +00:00
Dan Smith c3b0b9034e Disable waiting forever for connpool workers
This will cause apache to no longer wait forever for a connection
pool member to become available before returning 503 to the client.
This may help us determine if some of the timeouts we see when
talking to the services come from an overloaded apache.

Change-Id: Ibc19fc9a53e2330f9aca45f5a10a59c576cb22e6
2023-08-04 07:16:27 -07:00
Dan Smith 3832ff52b4 Add SERVICE_REPORT_INTERVAL knob
Heavily-loaded workers in CI consistently fail to complete the
service checkin task, which is configured for every ten seconds in
nova and cinder. This generates additional load on the database server
as well as consumes a threadpool worker. If we're not making the
deadline, there's really no point in having it be so high. Further,
since the workers must remain up for all the tempest tests we're
running against them, there's really no benefit to a fast-fail
detection.

This sets the report_interval to 120s for nova and cinder, and sets
service_down_time to 6x that value, which is consistent with the
default scale.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/890448
Change-Id: Idd7aa1daf354256b143a3778f161cfc72b318ea5
2023-08-03 12:20:05 -07:00
yatinkarel 113689ee46 Woraround systemd issue on CentOS 9-stream
systemd-252-16.el9 introduced a regression
where libvirtd process exits after 120s of
inactivity.
Add a workaround to unset 120s timeout for
libvirtd, the workaround can be removed once
the fix is available in systemd rpm.

Related-Bug: #2029335
Change-Id: Id6db6c17518b54d5fef7c381c509066a569aff6d
2023-08-02 13:13:07 +05:30
Dr. Jens Harbott 0b79f6f769 Add debian-bookworm job
Change-Id: Id5e54775e2be38a75db0bd1f55d1d3b5ae7ef71f
2023-08-02 05:11:03 +00:00
Clark Boylan a40f9cb91f Add option to install everything in global venvs
Since we are python3 only for openstack we create a single python3
virtualenv to install all the packages into. This gives us the benefits
of installing into a virtualenv while still ensuring coinstallability.
This is a major change and will likely break many things.

There are several reasons for this. The change that started this effort
was pip stopped uninstalling packages which used distutils to generate
their package installation. Many distro packages do this which meant
that pip installed packages and distro packages could not coexist in the
global install space. More recently git has made pip installing repos as
root more difficult due to file ownership concerns.

Currently the switch to the global venv is optional, but if we go down
this path we should very quickly remove the old global installation
method as it has only caused us problems.

Major hurdles we have to get over are convincing rootwrap to trust
binaries in the virtualenvs (so you'll notice we update rootwrap
configs).

Some distros still have issues, keep them using the old setup for now.

Depends-On: https://review.opendev.org/c/openstack/grenade/+/880266
Co-Authored-By: Dr. Jens Harbott <frickler@offenerstapel.de>
Change-Id: If9bc7ba45522189d03f19b86cb681bb150ee2f25
2023-08-02 07:07:25 +02:00
Dr. Jens Harbott 7a2021dfa0 Add rocky job to gate
It was made voting some time ago, but we missed also running it in gate.

With that RHEL platform test in place, we can keep c9s permanently
non-voting, which is better suited to match its instability.

Change-Id: I6712ac6dc64e4fe2203b2a5f6a381f6d2150ba0f
2023-08-02 07:01:49 +02:00
Zuul 9dba09975d Merge "Drop Fedora support" 2023-08-01 17:49:48 +00:00
Dan Smith d115bfd72a Reduce the flush frequency of dbcounter plugin
This relaxes the limits for dbcounter to make it flush stats to the
database less often. Currently every thirty seconds or 100 hits, we
write a stats line to the database. In some services (like keystone)
this can trigger more than one write per second because of the
massive number of SELECT calls that service makes.

This removes the hit limit and decreases the mandatory flush interval
to once a minute. Hopefully this will manifest as lower load on the
database triggered by what would be readonly operations.

Change-Id: I43a58532c0541075a2d36408abc50a41f7994bda
2023-07-31 07:20:12 -07:00
Zuul 280feb0861 Merge "git: git checkout for a commit hash combinated with depth argument" 2023-07-31 11:29:32 +00:00
Zuul b314d07e34 Merge "Fix reboot on fedora like nodes" 2023-07-25 16:18:54 +00:00
Zuul 61cd302439 Merge "Remove unused file" 2023-07-25 14:45:38 +00:00
Zuul b52dceee7b Merge "Switch TLS tests to TLSv1.2+ only" 2023-07-21 16:37:18 +00:00
Zuul 9845128969 Merge "Support RHEL 9" 2023-07-21 12:35:17 +00:00
jskunda 770352beb0 git: git checkout for a commit hash combinated with depth argument
This patch: https://review.opendev.org/c/openstack/devstack/+/882299
provides functionality, that commit hash can be passed as last arugment,
however when GIT_DEPTH is set, it fails, as in:

timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git ./ovn
--depth 1 --branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
fatal: Remote branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
not found in upstream origin

Closes-Bug: #2023020
Change-Id: I748354964a133e028e12458cc9014d6d014cbdb9
2023-07-20 10:21:41 +02:00
Brian Haley e261bd809e Always set image_uuid_alt in configure_tempest()
When there is only a single image, configure_tempest()
needs to always set image_uuid_alt the same as image_uuid,
else it will fail trying to determine the size of the
flavor to use for it later in the function.

Introduced by [0], and subsequent change did not fix it.

[0] https://review.opendev.org/c/openstack/devstack/+/886795

Change-Id: Ibfe99ff732570dbd415772c5625f43e35b68c871
Related-bug: #2028123
2023-07-19 16:04:12 -04:00
yatinkarel 931b45defd Handle more than 1 image while configuring tempest
[1] caused a regression causing failures when
more than 1 images are setup. Fixing it by correctly
using the array variable. Also add a break in the
for loop once if condition is met.

[1] https://review.opendev.org/c/openstack/devstack/+/886795

Closes-Bug: #2028123
Change-Id: I4f13c1239312bbcca8c65e875d65d03702161c18
2023-07-19 12:28:39 +05:30
Zuul 16b34a92ae Merge "Set two different image in tempest irespective of DEFAULT_IMAGE_NAME" 2023-07-18 18:25:27 +00:00
Zuul b368c9fb5e Merge "The AZ filter is deprecated and planned for removal this cycle" 2023-07-17 15:16:38 +00:00
Zuul 92f62fe184 Merge "Add 10 second buffer for uwsgi service stop" 2023-07-06 11:14:43 +00:00
Dan Smith 58c80b2424 nova: Bump timeout-per-gb for BFV rebuild ops
This increases the timeout we use to wait for cinder to perform a
volume reimage. Since devstack is often running on a single machine
with non-production IO performance, we should bump this limit to avoid
hitting it before the rebuild completes.

Change-Id: Ie2663b951acb0c1a65597a39e032948764e6ae6a
2023-06-28 14:13:22 -07:00
Ghanshyam Mann e32715b251 Set two different image in tempest irespective of DEFAULT_IMAGE_NAME
In current logic to set two different image in Tempest in config
option image_ref and image_ref_alt, we consider if DEFAULT_IMAGE_NAME
is found in glance then set the same image in tempest for those
two config option. This means even we have two different image available
in glance, still we set same image in image_ref as well as image_ref_alt
and all the rebuild tests are rebuilt on the same image.

I could not find any reason why we set same image if DEFAULT_IMAGE_NAME
exist, below are the original change added this logic
- https://review.opendev.org/c/openstack/devstack/+/17553

We had a requirement of test to run on two different images
- https://review.opendev.org/c/openstack/tempest/+/831018

and for that we need to set DEFAULT_IMAGE_NAME to non exist image
name but that broke the Ironic which was reply on the valid name
in DEFAULT_IMAGE_NAME
- https://review.opendev.org/c/openstack/ironic/+/886790

As we do not have any reason not to set two different image
if DEFAULT_IMAGE_NAME is set, I am removing the condition of
DEFAULT_IMAGE_NAME from lib/tempest logic and always set two
different images if they are available.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/886796

Change-Id: I9d215f48d4440f2fa6dcc0d222a10896caf01215
2023-06-27 13:43:47 -05:00
OpenStack Proposal Bot 27568ea334 Updated from generate-devstack-plugins-list
Change-Id: I6fd6a718ce39d849342b30970ca39477ce285374
2023-06-27 02:19:53 +00:00
Dr. Jens Harbott 4a1b2808af Remove unused file
This was forgotten in [0]

[0] I20501fec140998b91c9ddfd84b7b10168624430a

Change-Id: Iacd86e3953f573a0fc38dc4898aafefccb3a9a79
2023-06-26 12:23:58 +02:00
Sean Mooney ad029c0e8b The AZ filter is deprecated and planned for removal this cycle
To facilitate that this change removes it form the default filter
list. By default nova has used placement for AZs so this filter
has not been requried since xena.

Change-Id: Ie5e216dd8c2a7ecf43cc6954ec4f73d4d67b5b3b
2023-06-26 11:00:24 +01:00
yatinkarel 7288df34f8 Add 10 second buffer for uwsgi service stop
Default for systemd TimeoutStopSec is 90 seconds
and that is same for default graceful shutdown of
uwsgi service(WORKER_TIMEOUT).

Due to the Related-Bug graceful stop attempt
fails and there is no room for force shutdown.
This patch reduces default for WORKER_TIMEOUT by
10 seconds so there is a buffer to force stop the
service.

Closes-Bug: #2020643
Related-Bug: #2015065
Change-Id: I6aacac94f9697088338b3d2f99d8eaa22c2be67b
2023-06-21 18:14:27 +05:30
Dr. Jens Harbott 39228451b6 Bump default cirros version to 0.6.2
Cirros has made a new release, including a newer kernel that should fix
some issues when using nested virtualization.

Related-Bug: 2023559
Change-Id: I63469371b13801094a3ee1baae6e343999fbefa5
2023-06-15 10:46:51 +02:00
Zuul c152a409dd Merge "Remove usage of neutron-debug since it has been removed" 2023-06-12 17:20:11 +00:00
Zuul 9d9f15725f Merge "Install systemd-coredump on Debian-based distros" 2023-06-12 16:52:00 +00:00
OpenStack Proposal Bot f1c5442bec Updated from generate-devstack-plugins-list
Change-Id: Icc3aa69d7bbfa217676402682454cd4b37fb6c29
2023-06-10 03:07:59 +00:00
Dr. Jens Harbott fbc1865dc4 Drop Fedora support
Fedora 36 is EOL, also opendev is dropping support for Fedora images
completely since interest in running jobs on that platform is no longer
existing. CentOS 9 Stream has evolved as replacement platform for new
features.

Only drop the Zuul configuration and the tag in stack.sh for now plus
update some docs. Cleanup of the deployment code will be done in a
second step.

Change-Id: Ica483fde27346e3939b5fc0d7e0a6dfeae0e8d1e
2023-06-07 15:19:37 +02:00
Brian Haley a13201646d Install systemd-coredump on Debian-based distros
On Debian-based distros, the 'coredumpctl' command is
provided by the systemd-coredump package, which is not
installed by default. On failure, when "post" commands
are executed this error is seen:

  controller | /bin/bash: line 1: coredumpctl: command not found

Install it along with other libvirt packages to avoid
the error.

On Fedora distros it is in the systemd package, so the
problem is not seen since it is always installed.

Change-Id: I6012bd3240d68736a5db8ae49dc32098a086f320
2023-05-30 13:31:05 -04:00
Zuul c424a7a299 Merge "Use RDO official CloudSIG mirrors for C9S deployments" 2023-05-29 13:14:36 +00:00
Alfredo Moralejo b2ad00cb66 Use RDO official CloudSIG mirrors for C9S deployments
Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.

In order to install the rdo-release rpm from repo.fedoraproject.org,
which does not support EMS, I'm using a workaround to wget, which works
with non-EMS servers because it uses gnutls instead of openssl, and
install it locally with rpm.

This is also consistent to CentOS 8 implementatioin.

Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
2023-05-26 14:22:20 +02:00
Martin Kopec a37b6abc8e Resolve distutils deprecation warning
The distutils package is deprecated and slated for removal in
Python 3.12. Let's use shutil.which which is also recomended
by PEP 632: https://peps.python.org/pep-0632/#migration-advice

Closes-Bug: #2009229
Change-Id: Ibb2a9731449e765c4a56952a9f02679e9618778b
2023-05-26 13:46:42 +02:00
Zuul cc49f4debb Merge "Enable GLANCE_ENFORCE_SCOPE to True by default" 2023-05-25 01:29:42 +00:00
Zuul dfd7aeaf6c Merge "Enable NOVA_ENFORCE_SCOPE to True by default" 2023-05-24 02:23:03 +00:00
Zuul 14152d27b0 Merge "Revert "Revert "Bump cirros version to 0.6.1""" 2023-05-23 16:08:54 +00:00
Zuul d0e0900ed9 Merge "Default MYSQL_REDUCE_MEMORY=True" 2023-05-22 22:28:40 +00:00
Zuul 5d77dcc7ff Merge "Set dhcp_client based on cirros version" 2023-05-22 19:49:25 +00:00
Dan Smith 814e659e32 Default MYSQL_REDUCE_MEMORY=True
We have lots of evidence that this is a net benefit, so enable it
by default instead of everyone having to opt-in.

Change-Id: I66fa1799ff5177c3667630a89e15c072a8bf975a
2023-05-22 10:25:38 -07:00
Martin Kopec b5f4b1148a Revert "Revert "Bump cirros version to 0.6.1""
This reverts commit 37d11d00e5.

Reason for revert: reverting this revert as the issue caused by the original patch (before the first revert) is fixed by:
https://review.opendev.org/c/openstack/devstack/+/881504

Therefore we can proceed with the cirros version bump.

Change-Id: I43e2b04a0142c19fb1a79da5a33cc444149e18f1
2023-05-22 12:56:34 +00:00
Martin Kopec a294389403 Set dhcp_client based on cirros version
This change allows us to bump the default cirros version
in devstack. Since cirros version 0.6.0 dhcpcd is the default
dhcp client. The older cirros images used udhcpc client (the only
available client at that time) which is also the default client
in Tempest.
This patch makes devstack configure dhcpcd client in tempest.conf
if cirros >= 0.6.0 is going to be used in scenario tests.

The commit also introduces a new SCENARIO_IMAGE_TYPE option.
It is now a trigger for cirros specific settings, later it might
be used for any other image's settings.

Closes-Bug: #2007973
Change-Id: I2738c3b1d302c6656ce2c209671ea954fbc1b05b
2023-05-22 12:22:30 +02:00
Ghanshyam Mann cb1ec1834d Enable GLANCE_ENFORCE_SCOPE to True by default
Glance antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/glance/+/872522

With the latest release of Glance have new defaults enable,
we should test the same by default in devstack. This change
make GLANCE_ENFORCE_SCOPE flag to True by default so that every
job will run with Glance new defaults.

As old defaults are still supported (in deprecated way), we will keep
GLANCE_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/883701

Change-Id: Idde6f3cb766597575ca822f21b4bb3a465e5e753
2023-05-19 19:24:25 +00:00
Ghanshyam Mann bfa43975bc Enable NOVA_ENFORCE_SCOPE to True by default
Nova antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/nova/+/866218

With the latest release of Nova have new defaults enable,
we should test the same by default in devstack. This change
make NOVA_ENFORCE_SCOPE flag to True by default so that every
job will run with Nova new defaults.

As old defaults are still supported (in deprecated way), we will keep
NOVA_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.

Change-Id: Id56819f03c19a5b7fe30adf799ecd3b8aeb67695
2023-05-18 12:54:19 -05:00
Brian Haley 6764eab264 Remove usage of neutron-debug since it has been removed
The neutron-debug command was deprecated and finally removed,
so tools/ping_neutron.sh can no longer rely on it to create
a probe namespace. Instead, just try and use any namespace
with the network ID in it, since it's either the DHCP (ML2/OVS)
or Metadata (OVN) namespace, which should work just as well.

As this code is rarely (never?) used, this best-effort attempt
is good enough.

Change-Id: I98c992a2a774ef1fb22cee2e90ee342ab2d537ac
Depends-on: https://review.opendev.org/c/openstack/neutron/+/883081
2023-05-12 16:34:08 -04:00
Zuul 34afa91fc9 Merge "git: support git checkout for a commit hash" 2023-05-04 18:46:35 +00:00
Zuul d2e95a1126 Merge "Fix name for neutron tempest uwsgi job" 2023-04-26 19:23:16 +00:00
Zuul 2e607b0cbd Merge "Modify devstack-base to allow for fips" 2023-04-20 23:55:40 +00:00
Ihar Hrachyshka e8915786e1 git: support git checkout for a commit hash
git_clone assumes a branch or a tag is passed as the last argument, and
it fails when a commit hash is passed, as in:

timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git
/opt/stack/ovn --branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0
Cloning into '/opt/stack/ovn'...
fatal: Remote branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0 not found
in upstream origin

Change-Id: Id1328d7cba418fa7c227ae9db4fe83c09fd06035
2023-04-20 11:06:37 -04:00
Zuul b33ec4bf1b Merge "Remove support for opensuse" 2023-04-18 17:15:32 +00:00
yatinkarel 991a2794a3 Fix name for neutron tempest uwsgi job
This was renamed long back in [1].

[1] https://review.opendev.org/c/openstack/neutron/+/797051

Change-Id: If11e975fd890f55f99efc2c7d8122256ff831ad8
2023-04-17 11:17:37 +00:00
Ade Lee 15b2e42968 Modify devstack-base to allow for fips
devstack-base is changed to descend from
openstack-multinode-fips which is defined in
project-config.

This allows jobs to execute the enable_fips playbook
to enable FIPS mode on the node, but only if they
opt-in by setting enable_fips to True.  Otherwise,
this is a no-op.

Change-Id: I5631281662dbd18056ffba291290ed0978ab937e
2023-04-17 08:43:22 +00:00
yatinkarel 42517968ff [ovs] Reload ovs kernel module always
Irrespective of build_modules is True
or False reload ovs modules always.

If ovs is installed from package before(like
with multi-node-bridge role), then installing
ovs from source requires openvswitch kernel
module to be reloaded.

The issue was not seen before jammy as there
module was reloaded when build_modules was set
to True.

Closes-Bug: #2015364
Change-Id: I1785b49b2ef72ca1f817f504d5ea56021410c052
2023-04-14 20:01:36 +05:30
OpenStack Proposal Bot fa42b3ca7b Updated from generate-devstack-plugins-list
Change-Id: I84015f860155e5c8ec3bcf54353d91405a13e549
2023-04-14 02:16:59 +00:00
Sean Mooney 80c3ffe154 Fix reboot on fedora like nodes
This change enables httpd in systemd so that it
starts after a reboot and updates how selinux is
disabled to use /etc/selinux/config in addtion
to setenforce.

Change-Id: I5ea8693c0b967937483bd921b1d9984ea14bc723
2023-03-27 20:58:37 +00:00
Zuul b10c060272 Merge "Add config options for cinder nfs backend" 2023-03-27 14:20:04 +00:00
Zuul 4dfb67a831 Merge "Update DEVSTACK_SERIES to 2023.2" 2023-03-17 01:59:49 +00:00
Rajat Dhasmana 1898a683be Create multiattach volume type for tempest
Creating multiattach volume is a non-admin operation but creating
multiattach volume type is an admin operation.
Previously cinder allowed creating multiattach volumes without a
volume type but that support is being removed with[1].
The change requires updating tempest tests[2] but some tempest
tests are non-admin, which require admin priviledges to create the
multiattach volume type.
Based on the last discussion with tempest team[3], the proposed
solution is to create a multiattach volume type in devstack,
if ENABLE_VOLUME_MULTIATTACH is True, and use it in tempest
tests. Similar to how admins create multiattach volume types
for non-admin users.

This patch creates a multiattach volume type if
ENABLE_VOLUME_MULTIATTACH is True. Also we set the multiattach
type name as a tempest config option 'volume_type_multiattach'.

[1] https://review.opendev.org/c/openstack/cinder/+/874865
[2] https://review.opendev.org/c/openstack/tempest/+/875372
[3] https://meetings.opendev.org/irclogs/%23openstack-cinder/%23openstack-cinder.2023-03-13.log.html#t2023-03-13T18:47:56

Change-Id: Icd3690565bf7b27898cd206641e612da3993703d
2023-03-15 07:21:54 +00:00
Zuul 35c9afffa5 Merge "Fix NotImplementedError in dbcounter on SQLA 2.x" 2023-03-13 18:52:52 +00:00
Zuul 3894077e6c Merge "Rehome functions to enable Neutron's segments integration" 2023-03-13 12:57:35 +00:00
Ghanshyam Mann 07a7293721 Update DEVSTACK_SERIES to 2023.2
stable/2023.1 branch has been created now and
current master is for 2023.2.

Change-Id: Ibd499ac35a38a5c1818c1df6009c5273ef3e90f7
2023-03-10 20:30:53 -06:00
Michael Johnson f834f9adaf Fix NotImplementedError in dbcounter on SQLA 2.x
This patch fixes a NotImplementedError raised in the dbcounter plugin when using SQLAlchemy 2.x. The plugin signature has changed and now requires an "update_url" method as part of the plugin[1].
This patch also updates the do_incr() explicit SQL string to use a TextClause and the new requirement for named bound parameters[2].

Closes-Bug: #2009521

[1] https://docs.sqlalchemy.org/en/20/changelog/migration_14.html#changes-to-createengineplugin
[2] https://docs.sqlalchemy.org/en/20/changelog/migration_20.html#execute-method-more-strict-execution-options-are-more-prominent

Change-Id: Ie5484597057a3306757cc46b657446ad61ac2098
2023-03-06 20:09:10 +00:00
Yamato Tanaka 03c3fd763e Support RHEL 9
This patch includes changes required to run devstack on RHEL 9.

- en_US.utf8 is provided by glibc-langpack-en
- iptables command is provided by iptables-nft
- Use /etc/os-release to identify the distro in RHEL 9 as it doesn't
  provide lsb_release command.
- CRB repository name is different from CentOS 9

Change-Id: I8f6d9263b24f9c2cf82e09258e2d14d7766ad337
2023-03-03 14:47:10 +09:00
Zuul ab8e51eb49 Merge "Disable memory_tracker and file_tracker in unstask.sh properly" 2023-02-28 06:13:08 +00:00
Zuul f7d15274f6 Merge "Revert "Bump cirros version to 0.6.1"" 2023-02-22 09:52:58 +00:00
Nobuhiro MIKI 0572d73f85 Disable memory_tracker and file_tracker in unstask.sh properly
stop_dstat() calls stop_process() for dstat, memory_tracker and
file_tracker respectively. Inside stop_process(), a check for the
existence of the service is performed by is_service_enabled().

So even if we apply this seemingly dangerous commit,
is_service_enabled() is respected, so it's safe.

Closes-Bug: #1998990
Change-Id: Ica58cdb1d60c4c796f582d82ed2cde0be94b1a7e
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
2023-02-22 10:38:49 +09:00
Ghanshyam 37d11d00e5 Revert "Bump cirros version to 0.6.1"
This reverts commit 91efe177b1.

Reason for revert: it broke tempest-slow job https://9afe3d390e4175b60a80-89b1085289883615a17bd93ef47f6ca9.ssl.cf5.rackcdn.com/871018/13/gate/tempest-slow-py3/d139ae1/testr_results.html

Change-Id: Ib74e51a780d3e8101f4147db9d24eebea4980fb1
2023-02-21 21:41:40 +00:00
Zuul e5c8e2951f Merge "Bump cirros version to 0.6.1" 2023-02-20 21:47:05 +00:00
Zuul 37322e4e67 Merge "Try to reduce mysql memory usage" 2023-02-20 21:47:01 +00:00
Zuul 8adb83a9bb Merge "Fix rockylinux and make it voting" 2023-02-20 17:16:42 +00:00
Zuul 45ef5741f2 Merge "Added recursive for deletion of $OVN_RUNDIR" 2023-02-17 16:30:07 +00:00
Dan Smith 7567359755 Try to reduce mysql memory usage
These are a few tweaks I applied to my own memory-constrained cloud
instances that seemed to help. I have lower performance requirements
so this may make things worse and not better, but it's worth seeing
what the impact is. I'll admit to not knowing the full impact of these
as they're mostly collected from various tutorials on lowering memory
usage.

Enable this for now on devstack-multinode

Change-Id: I7b223391d3de01e3e81b02076debd01d9d2f097c
2023-02-16 12:52:50 -08:00
Martin Kopec ec07b343d2 Remove support for opensuse
We haven't been testing the distro for a while in CI, e.g. in
Tempest, the jobs on opensuse15 haven't been executed for a year
now.
Therefore the patch removes opensuse support from devstack.

Closes-Bug: #2002900
Change-Id: I0f5e4c644e2d14d1b8bb5bc0096d1469febe5fcc
2023-02-16 12:01:39 +01:00
Gregory Thiemonge fcc525f4fc Fix rockylinux and make it voting
Some rockylinux deployments have the curl-minimal package installed by
default (the latest GenericCloud image still has the curl package), it
triggers an error when devstack wants to install the curl package.
Fix this issue by swaping curl-minimal with curl before installing base
packages.

Change-Id: I969e8dc22e7d11c9917a843d9245f33a04fe197d
2023-02-16 10:33:38 +01:00
Dr. Jens Harbott 48af5d4b1b Make rockylinux job non-voting
It is currently failing, let's unblock the CI until we have a fix.

Change-Id: I7f072ceef57c302eb6ce20e108043d2390e9f481
2023-02-14 17:11:24 +01:00
elajkat a84b2091cf Rehome functions to enable Neutron's segments integration
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.

[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142

Change-Id: I2c26063896ab2679cffd01227a40a3283caa3b17
2023-02-13 13:36:24 +00:00
Zuul 7533276c0a Merge "Remove the neutron bash completion installation" 2023-02-02 00:50:10 +00:00
Ghanshyam Mann 7fe998109b Fix setting the tempest virtual env constraints env var
Devstack set the env var TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE
which are used to use the constraints during Tempest virtual env installation.
Those env var are set to non-master constraint when we need to use non-master
constraints but when we need to use the master constraints we do not set/reset
them point to master constraints. This create the issue when running the grenade
job where we run Tempest on the old devstack as well as in the new devstack.
When tempest is installed on old devstack then old tempest is used and it sets
these env var to stable/<branch> constraints (this is the case when old devstack
(the stable branch is in EM phase) uses the old tempest not the master tempest),
all good till now. But the problem comes when in the same grenade script run
upgrade-tempest install the master tempest (when new devstack branches are in
the 'supported' phase and use the master tempest means) and are supposed to use
the master constraints. But the TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE env
var set by old tempest is used by the tempest and due to a mismatch in constraints
it fails.

This happened when we tried to pin the stable/wallaby with Tempest 29.0.0
- https://review.opendev.org/c/openstack/devstack/+/871782

and table/xena grenade job failed (stable/xena use master tempest and supposed
to use master constraints)
- https://zuul.opendev.org/t/openstack/build/fb7b2a8b562c42bab4c741819f5e9732/log/controller/logs/grenade.sh_log.txt#16641

We should set/reset those constraint env var to master constraints if configuration
tell devstack to use the master constraints.

[1] https://github.com/openstack/devstack/blob/71c3c40c269a50303247855319d1d3a5d30f6773/lib/tempest#L124

Closes-Bug: #2003993
Change-Id: I5e938139b47f443a4c358415d0d4dcf6549cd085
2023-01-27 04:37:07 +00:00
Bence Romsics 71c3c40c26 'sudo pkill -f' should not match the sudo process
pkill already takes care that it does not kill itself, however the
same problem may happen with 'sudo pkill -f' killing sudo. Use one
of the usual regex tricks to avoid that.

Change-Id: Ic6a94f516cbc509a2d77699494aa7bcaecf96ebc
Closes-Bug: #1999395
2023-01-25 11:38:11 +01:00
Dr. Jens Harbott 91efe177b1 Bump cirros version to 0.6.1
Cirros has made a fresh release, let us use it. Switch the download URLs
to https and drop an old example that no longer is available.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/871271
Change-Id: I1d391b871fc9bfa825db30db9434922226b94d8a
2023-01-24 15:51:26 +00:00
Rodolfo Alonso Hernandez 5a6f0bbd4c Remove the neutron bash completion installation
The python-neutronclient CLI code is going to be removed from this
repository.

Change-Id: I39b3a43a7742481ec6d9501d5459bf0837ba0122
Related-Bug: #2003861
2023-01-21 20:21:26 +01:00
Zuul 864f4d1ef0 Merge "[OVN] Ensure socket files are absent in init_ovn" 2023-01-16 22:24:28 +00:00
yatinkarel 7fecba2f13 [OVN] Ensure socket files are absent in init_ovn
Just like we remove db files let's also remove
socket files when initializing ovn. Those will
reappear once service fully restarts along with
db files. Without it we see random issue as
described in the below bug.

Closes-Bug: #2002629
Change-Id: I726a9cac9c805d017273aa79e844724f0d00cdf0
2023-01-12 17:35:43 +05:30
Ghanshyam Mann 69d71cfdf9 Option to disable the scope & new defaults enforcement
In this release cycle, a few services are enabling the
enforce scope and new defaults by default. Example Nova:
- https://review.opendev.org/c/openstack/nova/+/866218)

Until the new defaults enalbing by default is not released we
should keep testing the old defaults in existing jobs and we can
add new jobs testing new defautls. To do that we can provide the
way in devstack to keep scope/new defaults disable by default which
can be enabled by setting enforce_scope variable to true.

Once any service release the new defaults enabled by default then
we can switch the bhavior, enable the scope/new defaults by default
and a single job can disbale them to keep testing the old defaults
until service does not remove those.

Change-Id: I5c2ec3e1667172a75e06458f16cf3d57947b2c53
2023-01-11 09:45:12 -06:00
Rajat Dhasmana aa47cb34ae Add config options for cinder nfs backend
Currently the cinder nfs backend leaves out few options in a
multi backend deployment. It works in single nfs backend deployment
as devstack-plugin-nfs correctly configures all options[1].
We can clearly see the difference between what devstack-plugin-nfs
configures[1] and what devstack nfs configures[2].

Following options are missing which are added by this patch.
* nas_host
* nas_share_path
* nas_secure_file_operations
* nas_secure_file_permissions
* nfs_snapshot_support

[1] https://github.com/openstack/devstack-plugin-nfs/blob/dd12367f90fc86d42bfebe8a0ebb694dc0308810/devstack/plugin.sh#L60-L68
[2] https://github.com/openstack/devstack/blob/a52041cd3f067156e478e355f5712a60e12ce649/lib/cinder_backends/nfs#L32-L34

Change-Id: I03cad66abb3c6f2ae1d5cf943ac952a30961f783
2022-12-27 06:16:55 +00:00
Slawek Kaplonski a52041cd3f Drop lib/neutron module
Module lib/neutron was introduced long time ago as new module to deploy
neutron. It was intended to replace old lib/neutron-legacy module. But
since very long time it wasn't really finished and used by anyone and
lib/neutron-legacy is defacto standard module used by everyone to deploy
neutron with devstack.
In [1] unfinished lib/neutron was deprecated and now it's time to remove
it from the devstack code.

This patch also renames old "lib/neutron-legacy" module to be
"lib/neutron" now.

Previously "old" lib/neutron-legacy module was accepting neutron
services names wit "q-" prefix and "new" lib/neutron module was accepting
services with "neutron-" prefix. Now, as there is only one module it
accepts both prefixes.
For historical reasons and to be consistent with old lib/neutron-legacy
which was widely used everywhere, services will be named with "q-"
prefix but both prefixes will be accepted to enable or disable services.

This patch also moves _configure_neutron_service function to be called
at the end of the "configure_neutron" after all agents and service
plugins are already configured.

[1] https://review.opendev.org/c/openstack/devstack/+/823653

Related-bug: #1996748

Change-Id: Ibf1c8b2ee6b6618f77cd8486e9c687993d7cb4a0
2022-12-16 09:59:11 +01:00
Zuul 2d71d54814 Merge "Fix the db user for mariadb in ubuntu 22.04" 2022-12-15 19:27:45 +00:00
Zuul 1ddae48da3 Merge "Add RBAC scope and new defaults setting support for placement" 2022-12-14 10:15:01 +00:00
Zuul aae4d3ea90 Merge "[neutron] Don't configure firewall_driver for core ML2 plugin" 2022-12-13 23:45:23 +00:00
Zuul 540ec94a04 Merge "Add openEuler 22.03 LTS support" 2022-12-13 22:22:34 +00:00
Ghanshyam Mann 9a1be7794b Pin tox<4.0.0 for <=stable/zed branch testing
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.

----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------

We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.

This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.

Depends-On: https://review.opendev.org/c/openstack/devstack/+/867066

Related-Bug: #1999183

[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.

Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
2022-12-09 02:55:08 +00:00
Slawek Kaplonski 30acfc6d14 [neutron] Don't configure firewall_driver for core ML2 plugin
In the past firewall_driver setting was configured for ML2 plugin
because it was used in the
neutron.agent.securitygroups_rpc.is_firewall_enabled() function but
currently it's not needed anymore as there is other config option
"enable_security_group" for that.

Related-bug: #1996748
Change-Id: I9b09c6afb3f1f1c33d1bdfea52ba6f4c0d0cf2dc
2022-12-08 10:57:55 +00:00
Miguel Lavalle 0a40648b38 Fix the db user for mariadb in ubuntu 22.04
In Ubuntu 22.04, mariadb version 10.6 is installed. Per [0] and [1]
authentication management was changed in version 10.4. This change
adapts the way the db user is created to the new rules in versions
10.4 and later.

[0] https://mariadb.com/kb/en/authentication-from-mariadb-104/
[1] https://mariadb.org/authentication-in-mariadb-10-4/

Closes-Bug: #1999090
Change-Id: I77a699a9e191eb83628ad5d361282e66744b6e4a
2022-12-07 17:05:35 -06:00
wangxiyuan 6440c6d7e6 Add openEuler 22.03 LTS support
openEuler 20.03 LTS SP2 support was removed from devstack in last
few months due to its python version is too old and the CI job
always fail. And openEuler 20.03 LTS SP2 was out of maintainer in May
2022 by openEuler community.

The newest LTS version was released in March 2022 called 22.03 LTS.
This release will be maintained for at least 2 years. And the python
version is 3.9 which works well for devstack.

This Patch add the openEuler distro support back. And add the related
CI job to make sure its works well.

Change-Id: I99c99d08b4a44d3dc644bd2e56b5ae7f7ee44210
2022-12-07 10:03:27 +08:00
Zuul fd502fe052 Merge "Stop setting [ovs_vif_ovs] ovsdb_interface" 2022-12-06 20:15:30 +00:00
Ghanshyam Mann 16c2b389ed Add RBAC scope and new defaults setting support for placement
Adding devstack flag to enable and test the Placement API policies
scope and new defaults.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/866212
Change-Id: I6f56fc28f2c1e4cdde946deb2ae06afddf85ff0d
2022-11-30 14:24:07 -06:00
Takashi Kajinami db3eff7dd2 Stop setting [ovs_vif_ovs] ovsdb_interface
The option was already deprecated in os-vif 2.2.0[1]. The override is
no longer required since bug 1929446 was already resolved.

[1] https://review.opendev.org/c/openstack/os-vif/+/744816

Related-Bug: #1929446
Change-Id: I5bc55723a178b32d947da2ac91d2f62aa8124990
2022-11-30 14:06:12 +09:00
Martin Kopec 818d1a225d [doc] Update Ubuntu to 22.04
This updates documentation to reflect the switch to
Ubuntu 22.04 (jammy) in the CI:
https://review.opendev.org/c/openstack/devstack/+/860795

Change-Id: I8bee430029dcc719629bd92451c2791571f8a30c
2022-11-28 11:19:45 +01:00
Zuul 2795e8215d Merge "Switch devstack nodeset to Ubuntu 22.04 (jammy)" 2022-11-19 22:03:55 +00:00
Dr. Jens Harbott 8d299efa4b Switch devstack nodeset to Ubuntu 22.04 (jammy)
Depends-On: https://review.opendev.org/c/openstack/devstack-plugin-ceph/+/864948
Change-Id: I26b4784a4d772abbf8572f6273bda37f2fec5336
2022-11-18 07:17:09 +00:00
Zuul 448036a6ad Merge "Add RBAC scope and new defaults setting support for Nova & Tempest" 2022-11-15 12:17:46 +00:00
Zuul f90c8ea704 Merge "Revert "Make debian-bullseye job non-voting"" 2022-11-14 20:42:15 +00:00
Dr. Jens Harbott d00921a57b Revert "Make debian-bullseye job non-voting"
This reverts commit a468076651.

Reason for revert: Debian job got repaired

Change-Id: I3ef969f6e373de103d26c9282cab94cea7ae87e5
2022-11-14 15:10:45 +01:00
Zuul edea9b5fd3 Merge "[Doc] Fix Glance image size limit command" 2022-11-14 13:10:53 +00:00
Zuul 757a2a96b5 Merge "Fix dbcounter install on Debian Bullseye" 2022-11-14 08:40:26 +00:00
Ghanshyam Mann 857f4993f3 Add RBAC scope and new defaults setting support for Nova & Tempest
Nova is ready with the scope and new defaults as per the new
RBAC design. Adding devstack flag to enable the scope checks
and new defaults enforcement in nova side.

Change-Id: I305ea626a4b622c5534d523f4b619832f9d35f8d
2022-11-11 15:38:31 -06:00
Clark Boylan 97b2a51d6b Fix dbcounter install on Debian Bullseye
The dbcounter install on Debian Bullseye is broken in a really fun way.
The problem is that we end up mixing pypi openssl and distro
cryptography under pip and those two versions of libraries are not
compatible.

The reason this happens is that debian's pip package debundles the pip
deps. This splits them out into /usr/share/python-wheels and it will
prefer distro versions of libraries over pypi installed versions of
libraries. But if a pypi version is installed and a distro version is
not then the pypi version is used. If the pypi version of library A does
not work with distro version of library B then debundled pip breaks.
This has happened with crypytography and pyOpenSSL.

This happens because urllib3 (a debundled pip dep) appears to use
pyopenssl conditionally. Novnc depends on python3-cryptography, and
openstack depends on cryptogrpahy from pypi ensuring we get both a
distro and a pypi version installed. However, pyOpenSSL is only pulled
in from pypi via openstack deps. This leaves debundled urllib3
attempting to use pypi pyOpenSSL with distro cryptography and that combo
isn't valid due to an interface change.

To fix this we install python3-openssl ensuring that debundled pip will
use distro pyOpenSSL with distro cryptography making everything happy
again. But we only do this when we install novnc as novnc is what pulls
in distro cryptography in the first place. We can't simply install
python3-openssl on all debuntu platforms because this breaks Ubuntu
Focal in the other direction. On Ubuntu focal distro pip uses distro
pyOpenSSL when no pypi pyOpenSSl is installed (prior to keystone
install) and is not compatible with pypi cryptography.

Honestly, this whole intersection between distro and pypi installs of
cryptography and pyOpenSSL could probably be made cleaner. One option
would be for us to always install the constraints version of both
packages from pypi and the distro pacakges very early in the devstack
run. But that seems far more complicated so I'm not attempting that
here.

Change-Id: I0fc6a8e66e365ac49c6c7ceb4c71c68714b9f541
2022-11-10 09:21:45 -08:00
Zuul ab162024bb Merge "Add new service "file_tracker"" 2022-11-10 15:09:43 +00:00
Zuul 1054f12bda Merge "Add LVM NVMe support" 2022-11-10 10:10:02 +00:00
Dan Smith a468076651 Make debian-bullseye job non-voting
As noted in the QA meeting this week, this job is failing due to
something that seems outside of our control:

https://meetings.opendev.org/meetings/qa/2022/qa.2022-11-08-15.00.log.html

Make it non-voting until that is resolved.

Change-Id: Ia571d1dab45eb1bbb8665373d416515d3c95fb14
2022-11-09 10:11:46 -08:00
Rodolfo Alonso Hernandez d1c2bf5e7c Add new service "file_tracker"
This new service periodically tracks the file open in the system.

Closes-Bug: #1995502
Change-Id: I02e097fef07655ff571af9f35bf258b2ed975098
2022-11-07 08:21:34 +00:00
Martin Kopec 47a429777c Extend single-core-review for non-functional changes
Adding a second exception for single-core-review in Devstack
repository - changes which do not affect core functionality, like
f.e. job cleanups, can be reviewed by a single core.

Change-Id: Idb6cefa510fdbfed41379eb410f4884852d1177f
2022-11-04 14:34:07 +01:00
Zuul 60b31d412c Merge "[Doc] Fix tox command option to run smoke tests" 2022-11-04 09:26:51 +00:00
Zuul 1f5d6c0abb Merge "Use separate OVS and OVN directories" 2022-11-01 18:57:38 +00:00
Slawek Kaplonski 5e7afb779c Run dmesg command with sudo
It seems that setting "sysctl kernel.dmesg_restrict" was changed
in Ubuntu 22.04 (Jammy) to "1" and because of that running "dmesg"
command requires now root privileges.

Closes-bug: #1994023

Change-Id: I2adc76e3025fadf994bab2e2e1fd608e688874fc
2022-10-24 12:18:40 +02:00
Zuul c3a82032ab Merge "docs: Add warnings about password selection" 2022-10-21 09:23:45 +00:00
Brian Haley 71c9965547 Use separate OVS and OVN directories
If stack.sh is run on a system that already has OVN packages
installed, it could fail to find its DB sockets. This is because
the 'ln -s' will place the symlink inside of /var/run/ovn
instead of using a single directory as intended.

Change the code in neutron_plugins/ovn_agent to not make the
symlink and instead use separate directories for OVS and OVN.

Closes-bug: #1980421

Change-Id: Ic28a93bdc3dfe4a6159234baeabd0064db452b07
2022-10-20 19:49:10 -04:00
Zuul 6c8e88f61d Merge "Adding devstack support for Rocky Linux 9" 2022-10-14 09:53:29 +00:00
Adrian Fusco Arnejo 358987f065 Adding devstack support for Rocky Linux 9
Adding job and nodeset to run tempest-full-py3 in Rocky Linux 9 instance

Change-Id: I6fb390bfeec436b50a3ddc18d154bbce3f3b1975
2022-10-13 08:29:10 +00:00
Zuul dc8fc5c169 Merge "Re-enable horizon in jammy-based jobs" 2022-10-12 08:12:55 +00:00
Dr. Jens Harbott 781fbf47b5 docs: Add warnings about password selection
Some services fail when using special characters in passwords, add some
warnings to our docs.

Closes-Bug: 1744985
Change-Id: I601149e2e7362507b38f01719f7197385a27e0a8
2022-10-11 15:43:09 +02:00
Masayuki Igawa 7d1ba835c3 [Doc] Fix tox command option to run smoke tests
This commit fixes the tox command option to run the smoke tests. The
original arguments fail with the error[1], and `-efull` and
`tempest.scenario.test_network_basic_ops` are not for the smoke tests.

[1]
 $ tox -efull tempest.scenario.test_network_basic_ops
 ...
 tempest run: error: unrecognized arguments: tempest.scenario.test_network_basic_ops

Change-Id: I9c3dd9fb4f64bf856c5cab88a2aeaae355c84a65
2022-10-11 12:40:20 +09:00
Dr. Jens Harbott 2e6756640c Re-enable horizon in jammy-based jobs
The issue that Horizon had with python3.10 has been fixed some time ago,
so we can stop disabling it for those jobs.

Also stop including roles from devstack-gate which we no longer need.

Change-Id: Ia5d0b31561adc5051acd96fcaab183e60c3c2f99
2022-10-10 21:37:02 +02:00
Zuul ace4e8a912 Merge "Simplify role addtion helper functions" 2022-10-10 15:38:09 +00:00
Zuul 412c86d825 Merge "get_or_create_domain: simplify with "--or-show" argument" 2022-10-10 15:38:05 +00:00
Zuul e0773993e6 Merge "Update to Fedora 36" 2022-10-09 12:41:22 +00:00
Ian Wienand e69b78df6f Simplify role addtion helper functions
Because adding the role is idempotent, we can save doing the initial
check for role assignment.  Also simplify the output matching by using
osc's filters where appropriate.

Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: If2a661cc565a43a7821b8f0a10edd97de08eb911
2022-10-07 11:47:17 +02:00
Ian Wienand e3bc6b5f57 get_or_create_domain: simplify with "--or-show" argument
Similar to other functions, this uses "--or-show" to avoid double
calls.

Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: I548f9acd812687838e04b705f86f3b70d2b10caf
2022-10-07 11:11:47 +02:00
Ian Wienand 9ece457b7b Update to Fedora 36
Update the Fedora job to the latest release nodes

Depends-On: https://review.opendev.org/c/openstack/devstack/+/860634
Change-Id: If2d7f99e3665a2e3df4cf763efc64dd381f02350
2022-10-07 06:14:57 +00:00
Zuul f0ad3e5f3f Merge "Update user guide for Octavia" 2022-10-05 18:45:57 +00:00
Martin Kopec 0d5c8d6643 Update DEVSTACK_SERIES to 2023.1
stable/zed branch has been created now and
current master is for 2023.1 Antelope.

Change-Id: I6186d01b1bf8548425500cc9feee6ab494a3db03
2022-09-28 06:46:06 +00:00
Tom Weininger 1516997afe Update user guide for Octavia
Change-Id: I8e3134c3b2d591f7ab72b8040e1b931e967e11be
2022-09-26 11:13:12 +02:00
Masayuki Igawa f49b435e98 [Doc] Fix Glance image size limit command
This commit fixes the configuration document which mentions how to
change Glance default image size quota at runtime because we don't have
`openstack registered limit update` command but
`openstack registered limit set` command[1].

[1] https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/registered-limit.html#registered-limit-set

Change-Id: I399685ed1f864f8f1ce7295ed6f83336cfccbd81
2022-09-22 11:28:21 +09:00
Zuul 0b0e6a6474 Merge "[ci] Remove the implied-branches pragma" 2022-09-20 16:22:26 +00:00
Gorka Eguileor 97061c9a1f Add LVM NVMe support
This patch adds NVMe LVM support to the existing iSCSI LVM configuration
support.

We deprecate the CINDER_ISCSI_HELPER configuration option since we are
no longer limited to iSCSI, and replace it with the CINDER_TARGET_HELPER
option.

The patch also adds another 3 target configuration options:

- CINDER_TARGET_PROTOCOL
- CINDER_TARGET_PREFIX
- CINDER_TARGET_PORT

These options will have different defaults based on the selected target
helper.  For tgtadm and lioadm they'll be iSCSI,
iqn.2010-10.org.openstack:, and 3260 respectively, and for nvmet they'll
be nvmet_rdma, nvme-subsystem-1, and 4420.

Besides nvmet_rdma the CINDER_TARGET_PROTOCOL option can also be set to
nvmet_tcp, and nvmet_fc.

For the RDMA transport protocol devstack will be using Soft-RoCE and
creating a device on top of the network interface.

LVM NVMe-TCP support is added in the dependency mentioned in the footer
and LVM NVMe-FC will be added in later patches (need os-brick and cinder
patches) but the code here should still be valid.

Change-Id: I6578cdc27489b34916cdeb72ba3fdf06ea9d4ad8
2022-09-13 12:53:31 +02:00
Zuul b5c2e7b3fa Merge "Respect constraints on tempest venv consistently" 2022-08-30 22:53:05 +00:00
Slawek Kaplonski 3de92db663 Fix installation of OVS/OVN from sources
This patch changes user who runs ovsdb-server and ovn-nortd services
to root.
It also adds installation of the libssl dev package before compilation
of the openvswitch if TLS service is enabled.

Co-Authored-By: Fernando Royo <froyo@redhat.com>

Closes-Bug: #1987832
Change-Id: I83fc9250ae5b7c1686938a0dd25d66b40fc6c6aa
2022-08-26 13:00:03 +02:00
June Yi b9b6d6b862 Respect constraints on tempest venv consistently
In case of online mode, there is a procedure to recreate tempest venv.
For consistency of tempest venv during the entire stack.sh process,
add logic to consider the TEMPEST_VENV_UPPER_CONSTRAINTS option here.

Closes-bug: #1980483
Signed-off-by: June Yi <june.yi@samsung.com>
Change-Id: I0cea282152fd363af8671cab1b5f733ebe2bd4df
2022-08-25 19:59:34 +09:00
Zuul 995c906950 Merge "Clean up n-net remnants" 2022-08-24 17:50:52 +00:00
Zuul 8fa03a37ad Merge "Clean up neutron cleanup code" 2022-08-23 20:05:48 +00:00
Zuul c61380a136 Merge "Clean up use of get_field" 2022-08-23 18:08:05 +00:00
Zuul 3154eab0d7 Merge "Cinder: add creator role when barbican is enabled" 2022-08-23 16:57:32 +00:00
Dr. Jens Harbott e7d2623dca Clean up neutron cleanup code
neutron-ns-metadata-proxy was dropped from Neutron 5 years ago, no need
to keep trying to kill it.

Change-Id: I20b6d68dd8dde36057a2418bca0841bdea377b07
2022-08-23 18:08:19 +02:00
Alan Bishop ccd116d364 Cinder: add creator role when barbican is enabled
When barbican is enabled, add the "creator" role to cinder's service
user so that cinder can create secrets. Cinder needs to create
barbican secrets when migrating encryption keys from the legacy
ConfKeyManager to barbican. Cinder also needs to create barbican
secrets in order to support transferring encrypted volumes.

Implements: bp/transfer-encrypted-volume
Depends-On: I216f78e8a300ab3f79bbcbb38110adf2bbec2196
Change-Id: Ia3f414c4b9b0829f60841a6dd63c97a893fdde4d
2022-08-22 19:52:00 -07:00
Dr. Jens Harbott ca5f919561 Clean up n-net remnants
In I90316208d1af42c1659d3bee386f95e38aaf2c56 support for nova-network
was removed, but some bits remained, fix this up.

Change-Id: Iba7e1785fd0bdf0a6e94e5e03438fc7634621e49
2022-08-21 10:52:41 +02:00
Eliad Cohen fdfc14451a Clean up use of get_field
Openstack client can return the id field for create/show commands using
`-f value -c id`. Cleaned up the use of grep 'id' with get_field

Change-Id: I2f4338f30c11e5139cda51c92524782b86f0aacc
2022-08-16 15:27:45 -04:00
Martin Kopec 90e5479f38 Remove forgotten LinuxMint occurrence
Right now we don't officialy support LinuxMint as our
documentation says [1], it seems LinuxMint is a relict
and got forgotten over time.

This patch removes LinuxMint from the code in order not to
confuse users.

[1] https://docs.openstack.org/devstack/latest/
Closes-Bug: #1983427

Change-Id: Ie1ced25f89389494b28a7b2e9bb1c4273e002dd5
2022-08-16 17:29:16 +02:00
Zuul 28ee346393 Merge "iniset: fix handling of values containg ampersand" 2022-08-10 14:21:00 +00:00
Zuul ea82effa19 Merge "Fix doc for adding sudo privileges to stack user" 2022-08-10 10:52:19 +00:00
Nobuhiro MIKI d266c87b1d iniset: fix handling of values containg ampersand
Attempting to set a value containing the ampersand
character (&) by iniset would corrupt the value.
So, add an escaping process.

Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Closes-Bug: #1983816
Change-Id: Ie2633bacd2d761d110e6cb12f95382325c329415
2022-08-08 18:59:53 +09:00
Zuul 51a3f2ef1e Merge "delete __pycache__ directory with sudo privileges" 2022-08-06 17:28:46 +00:00
Zuul d9e2d10d28 Merge "Neutron: Do not set removed allow_overlapping_ips" 2022-08-03 12:13:54 +00:00
Hoai-Thu Vuong 79bef068b6 remove duplicate line of REGION_NAME
Change-Id: I42b270749f057c5751e809aba282112b990b9f38
2022-08-02 14:41:59 +07:00
Zuul 8506b5bd7c Merge "Add NEUTRON_ENDPOINT_SERVICE_NAME variable to set service name" 2022-08-02 00:06:56 +00:00
Zuul 0af962d60a Merge "Neutron: Set experimental option to use linuxbridge agent" 2022-08-01 23:36:22 +00:00
Martin Kopec b70d98fe75 Fix doc for adding sudo privileges to stack user
Writing NOPASSWD directive into /etc/sudoers was throwing
permission denied errors. This commit writes the directive
to the /etc/sudoers.d/stack file instead.

Closes-Bug: #1981541
Change-Id: If30f01aa5f3a33dda79ff4a6892116511c8e1542
2022-07-20 14:06:42 +00:00
Takashi Kajinami facf15626e Neutron: Do not set removed allow_overlapping_ips
The parameter has been removed from neutron by [1].

[1] fde91e8059a9a23fb7ece6e3463984329c7ea581

Change-Id: I3b838ea741d19729d6fcf03c0478b1b4d8ec1213
2022-07-19 13:24:38 +00:00
Slawek Kaplonski 1a21ccbdf8 Add NEUTRON_ENDPOINT_SERVICE_NAME variable to set service name
This option can be used to set name of the service used in the
networking service endpoint URL.

Depends-On: https://review.opendev.org/c/openstack/grenade/+/850306

Change-Id: I9e9a06eadc1604214c627bd3bda010cc00aaf83d
2022-07-19 14:51:24 +02:00
Takashi Kajinami cf0bf746e9 Neutron: Set experimental option to use linuxbridge agent
Recently the experimental mechanism has been added to Neutron and now
it requires the [experimental] linuxbridge option when the linuxbridge
mechanism driver is used.

Depends-on: https://review.opendev.org/c/openstack/neutron/+/845181
Change-Id: Ice82a391cda9eb0193f23e6794be7ab3df12c40b
2022-07-19 12:46:04 +02:00
Yadnesh Kulkarni 85340e77f3 delete __pycache__ directory with sudo privileges
Signed-off-by: Yadnesh Kulkarni <ykulkarn@redhat.com>
Change-Id: I9cf3cd8921347eacc1effb2b197b97bc6ff3e0df
2022-07-11 17:14:40 +05:30
Dr. Jens Harbott bd6e5205b1 Increase timeout waiting for OVN startup
We see some cases where OVN startup takes much longer than 5 seconds, up
to 28 seconds have been observed, so increase the limit to 40 to be on
the safe side.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1980421
Change-Id: I6da4a537e6a8d527ff71a821f07164fc7d342882
2022-07-03 22:30:41 +02:00
Zuul 02f8c16c9b Merge "Make devstack-platform-debian-bullseye voting" 2022-06-30 07:37:03 +00:00
Zuul 8d347090d3 Merge "Do not create cinder backup pool and key when cephadm is used" 2022-06-29 19:02:12 +00:00
Martin Kopec e1fb94f82a Make devstack-platform-debian-bullseye voting
The job has been successfully passing lately, let's make it voting.

Change-Id: Ib3b803a26c8647fd49c89371516c0ac7baba2703
2022-06-29 10:43:33 +02:00
Slawek Kaplonski ce1ae9ddef Fix missing "$" in the ENFORCE_SCOPE's variable name
Because of the missing "$" before ENFORCE_SCOPE in the lib/neutron
module, it was treated as an ENFORCE_SCOPE string instead of variable
and Neutron was deployed always with old defaults and disabled scope
enforcement.

Change-Id: Ibe67fea634c5f7abb521c0369ff30dd5db84db8c
2022-06-29 09:57:50 +02:00
Zuul 9ddae9b388 Merge "Avoid including bad service names in perf.json" 2022-06-24 11:11:19 +00:00
Dan Smith fe7cfa6b8c Avoid including bad service names in perf.json
Some of the API services are not properly mounted under /$service/
in the apache proxy. This patch tries to avoid recording data
for "services" like "v2.0" (in the case of neutron) by only adding
names if they're all letters. A single warning is emitted for any
services excluded by this check.

For the moment this will mean we don't collect data for those services,
but when their devstack API config is fixed, they'll start to show
up.

Change-Id: I41cc300e89a4f97a008a8ba97c91f0980f9b9c3f
2022-06-23 09:25:22 -07:00
Vladislav Belogrudov 8a38a73ddf Correct hostname for OVN agent
Currently Devstack uses short hostname for configuration of OVN.
This leads to inability to start instances (failing port binding)
on hosts with full hostnames (including dots). Open vSwitch expects
hostname in external_ids that corresponds to one returned by
``hostname`` command.

Closes-Bug: #1943631
Change-Id: I15b71a49c482be0c8f15ad834e29ea1b33307c86
2022-06-23 07:42:19 +02:00
Zuul eacaa99853 Merge "Reduce memory consumption in Cinder services" 2022-06-22 08:53:39 +00:00
Martin Kopec 8ff52ea12b Mark devstack-platform-centos-9-stream as n-v
Due to the below bug the job has been constantly failing.
Let's make it n-v until the bug is resolved:
  - https://bugs.launchpad.net/neutron/+bug/1979047

Change-Id: Ifc8cc96843a8eac5c98cd1e1f9e4b6287a7f2e7c
2022-06-21 17:31:50 +02:00
Gorka Eguileor d5af514ac9 Reduce memory consumption in Cinder services
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.

The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.

The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory.  As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB.  If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.

This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.

Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
2022-06-21 12:16:32 +02:00
Zuul 44d07f3001 Merge "Run debian platform job with OVN" 2022-06-15 15:14:52 +00:00
Zuul 8eede1fc39 Merge "Add support for IPv6 tunnel endpoints" 2022-06-08 21:39:03 +00:00
Zuul 7391297bc3 Merge "Capture QEMU core dumps when possible" 2022-06-08 20:35:06 +00:00
Dr. Jens Harbott e6e7100e85 Don't install pinned setuptools with distro pip
We are seeing failures when using an updated setuptools version
installed together with distro pip on Ubuntu 22.04. Install the version
from u-c only when we are also installing pip from upstream.

Change-Id: Ibb6e9424e5794ccbf9a937d2eecfa3bf60ed312e
2022-06-07 13:42:54 +02:00
Brian Haley c869d59857 Add support for IPv6 tunnel endpoints
Currently, neutron tunnel endpoints must be IPv4 addresses,
i.e. $HOST_IP, although IPv6 endpoints are supported by most
drivers.

Create a TUNNEL_IP_VERSION variable to choose which host IP
to use, either HOST_IP or HOST_IPV6, and configure it in the
OVS and Linuxbridge agent driver files. The default is still
IPv4, but it can be over-ridden by specifying TUNNEL_ENDPOINT_IP
accordingly.

This behaves similar to the SERVICE_IP_VERSION option, which
can either be set to 4 or 6, but not 4+6 - the tunnel overhead
should be consistent on all systems in order not to have MTU
issues.

Must set the ML2 overlay_ip_version config option to match
else agent tunnel sync RPC will not work.

Must set the OVN external_ids:ovn-encap-ip config option to
the correct address.

Updated 'devstack-ipv6-only' job definition and verification role
that will set all services and tunnels to use IPv6 addresses.

Closes-bug: #1619476

Change-Id: I6034278dfc17b55d7863bc4db541bbdaa983a686
2022-06-07 02:28:51 +00:00
Francesco Pantano 96dbf55016 Do not create cinder backup pool and key when cephadm is used
When cephadm is used, if ENABLE_CEPH_C_BAK is True both pool and
key are created by devstack-plugin-ceph. This piece of code can
still stay here to make sure the cinder config is properly built.

Change-Id: I799521f008123b8e42b2021c1c11d374b834bec3
2022-06-06 14:19:32 +02:00
Zuul e661cae7e8 Merge "Allow to skip stop of ovn services" 2022-06-03 20:40:15 +00:00
Zuul 906cf81528 Merge "Add apache2 to the services we collect for memory" 2022-06-03 18:44:10 +00:00
Dan Smith f7d87aa433 Capture QEMU core dumps when possible
Some of the hardest-to-debug issues are qemu crashes deep in a nova
workflow that can't be reproduced locally. This adds a post task to
the playbook so that we capture the most recent qemu core dump, if
there is one.

Change-Id: I48a2ea883325ca920b7e7909edad53a9832fb319
2022-06-03 07:54:35 -07:00
yatinkarel 35fb53423a [ironic][swift]Temporary add sha1 to allowed_digests
Swift removed sha1 from supported digests with [1] and
that broked ironic tinyipa job. Temorary add sha1 to
allowed_digests until it's fixed in ironic.

[1] https://review.opendev.org/c/openstack/swift/+/525771

Story: 2010068
Task: 45539
Change-Id: I68dfc472ce901058b6a7d691c98ed1641d431e54
2022-06-03 11:52:50 +05:30
Zuul 0ae279b54a Merge "Fix doc and user create script to set homedir permissions" 2022-05-31 21:15:54 +00:00
Zuul d0657a02e5 Merge "Do not barf stack trace if stats DB is missing" 2022-05-31 19:04:26 +00:00
yatinkarel 6dd896fefa Allow to skip stop of ovn services
Grenade jobs stop services, check fip connectivity
for a nova server and then upgrade to next release.

But since ovn data plane and db services are stopped along
with other services, fip connectivity fails as a result.

We shouldn't stop these services along with other
neutron services. This patch adds a new variable
"SKIP_STOP_OVN" which can be used by grenade jobs
to skip stop of ovn services.

This will also fix the ovn grenade jobs.

Also source fixup_stuff.sh so function fixup_ovn_centos
is available. It's already sourced in stack.sh but
that's not used in grenade run.

Change-Id: I94818a19f19973779cb2e11753d2881d54dfa3bc
2022-05-31 12:57:39 +05:30
Dan Smith e85c68e60f Add apache2 to the services we collect for memory
Change-Id: Ic6daef5b4df50ce43c6782542cb54c1958e54655
2022-05-26 09:31:36 -07:00
Zuul 0e08e9b48c Merge "Cleanup comment that should've been removed" 2022-05-25 09:12:18 +00:00
Dr. Jens Harbott 599b241d32 Run debian platform job with OVN
Packages for OVN are now available in bullseye, so we can drop the
special handling.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5e5c78aa19c5208c207ddcf14e208bae8fbc3c55
2022-05-25 08:57:56 +00:00
yatinkarel c64ea4f213 Fix doc and user create script to set homedir permissions
RHEL based distros set homedir permissions to 700,
and Ubuntu 21.04+ to 750[1], i.e missing executable
permission for group or others, this results into failures
as defined in the below bug.

Since in doc we add useradd command, it's good to
add instructions to fix the permissions there itself
instead of getting failures during installation and then
fixing it.

Also update user create script to fix permissions
by adding executable bit to DEST directory if missing.

[1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533

Closes-Bug: #1966858
Change-Id: Id2787886433281238eb95ee11a75eddeef514293
2022-05-25 06:34:30 +00:00
Zuul 8e1d5aa22e Merge "Drop openEuler support" 2022-05-24 11:34:09 +00:00
Dan Smith 1cdf413ac6 Do not barf stack trace if stats DB is missing
This can happen if devstack fails to run, but we still run the post
tasks. Also could happen if some sort of hybrid job configuration
does not run all of devstack but we still end up running post jobs.

Just warn to stderr and assume no DB info.

Change-Id: I211a331ab668dbb0ad7882908cca4363f865d924
2022-05-23 13:56:13 -07:00
Clark Boylan 1d5be95196 Cleanup comment that should've been removed
The previous change, I237f5663b0f8b060f6df130de04e17e2b1695f8a, removed
a SETUPTOOLS flag, but not the comment explaining why that flag was
previously set. Clean up that comment.

Change-Id: I32b0240fd56310d7f10596aaa8ef432679bfd66a
2022-05-23 08:46:50 -07:00
Clark Boylan 50e3c06ec2 Fix dbcounter installation on Jammy
There are two problems with dbcounter installation on Jammy. The first
is straightforward. We have to use `py_modules` instead of `modules` to
specify the source file. I don't know how this works on other distros
but the docs [0] seem to clearly indicate py_modules does this.

The second issue is quite an issue and requires story time. When
pip/setuptools insteall editable installs (as is done for many of the
openstack projects) it creates an easy-install.pth file that tells the
python interpreter to add the source dirs of those repos to the python
path. Normally these paths are appended to your sys.path. Pip's isolated
build env relies on the assumption that these paths are appeneded to the
path when it santizes sys.path to create the isolated environemnt.

However, when SETUPTOOLS_SYS_PATH_TECHNIQUE is set to rewrite the paths
are not appended and are inserted in the middle. This breaks pip's
isolated build env which broke dbcounter installations. We fix this by
not setting SETUPTOOLS_SYS_PATH_TECHNIQUE to rewrite. Upstream indicates
the reason we set this half a decade ago has since been fixed properly.

The reason Jammy and nothing else breaks is that python3.10 is the first
python version to use pip's isolated build envs by default.

I've locally fiddled with a patch to pip [1] to try and fix this
behavior even when rewrite is set. I don't plan to push this upstream
but it helps to illustrate where the problem lies. If someone else would
like to upstream this feel free.

Finally this change makes the jammy platform job voting again and adds
it to the gate to ensure we don't regress again.

[0] https://docs.python.org/3/distutils/sourcedist.html#specifying-the-files-to-distribute
[1] https://paste.opendev.org/show/bqVAuhgMtVtfYupZK5J6/

Change-Id: I237f5663b0f8b060f6df130de04e17e2b1695f8a
2022-05-20 10:35:18 -07:00
Zuul 34c2842676 Merge "Configure placement section in neutron conf" 2022-05-19 17:23:50 +00:00
Dr. Jens Harbott 560ee16a85 Drop openEuler support
The job is broken since it is running with python3.7 and most services
now require at least python3.8.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie21f71acffabd78c79e2b141951ccf30a5c06445
2022-05-19 14:06:11 +02:00
Dr. Jens Harbott 083eeee5af Make jammy platform jobs non-voting
We missed to add the jobs to the gate queue and so they have already
regressed before they were actually in place. Make them non-voting for
now until the issues are fixed.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5d1f83dfe23747096163076dcf80750585c0260e
2022-05-19 13:55:35 +02:00
Zuul 08254ca312 Merge "Add Ubuntu 22.04 LTS (jammy) platform job" 2022-05-19 08:16:18 +00:00
Zuul 2f889954ce Merge "lib/tempest: add wait for Glance image import" 2022-05-18 15:38:49 +00:00
Brian Rosmaita 111a38b4d6 lib/tempest: add wait for Glance image import
Glance image import is asynchronous and may be configured to do image
conversion.  If image import is being used, it's possible that the
tempest configuration code is executed before the import has
completed and there may be no active images yet.  In that case,
we will poll glance every TEMPEST_GLANCE_IMPORT_POLL_INTERVAL seconds
(default: 1) to see if there are TEMPEST_GLANCE_IMAGE_COUNT active
images (default: 1) up to TEMPEST_GLANCE_IMPORT_POLL_LIMIT times
(default: 12).

You can see an example of the issue this patch addresses in real
life:
https://review.opendev.org/c/openstack/glance/+/841278/1#message-456096e48b28e5b866deb8bf53e9258ee08219a0

Change-Id: Ie99f12691d9062611a8930accfa14d9540970cc5
2022-05-18 08:22:49 -04:00
Zuul 9eb64896dd Merge "Use proper sed separator for paths" 2022-05-18 11:30:49 +00:00
yatinkarel 92a34dbe95 Configure placement section in neutron conf
Without it segment plugin fails to connect with
placement api. Configure the placement section
if service is deployed.

Closes-Bug: #1973783
Change-Id: Ie7f37770a04f622735cf2263c601257669ab5064
2022-05-18 15:27:40 +05:30
Zuul 47b7b84422 Merge "Improve API log parsing" 2022-05-18 00:19:23 +00:00
Zuul 4fd2831753 Merge "Change DB counting mechanism" 2022-05-18 00:19:20 +00:00
Zuul 071374fa05 Merge "Collect status of all services" 2022-05-17 18:40:28 +00:00
Zuul 83a81755ac Merge "Wait for OVN dbs also along with sockets" 2022-05-12 19:03:49 +00:00
Dan Smith 64d68679d9 Improve API log parsing
Two runs of the same job on the same patch can yield quite different
numbers for API calls if we just count the raw calls. Many of these
are tempest polling for resources, which on a slow worker can require
many more calls than a fast one.

Tempest seems to not change its User-Agent string, but the client
libraries do. So, if we ignore the regular "python-urllib" agent
calls, we get a much more stable count of service-to-service API
calls in the performance report.

Note that we were also logging in a different (less-rich) format for
the tls-proxy.log file, which hampers our ability to parse that
data in the same format. This switches it to "combined" which is used
by the access.log and contains more useful information, like the
user-agent, among other things.

Change-Id: I8889c2e53f85c41150e1245dcbe2a79bac702aad
2022-05-12 07:55:30 -07:00
Dan Smith fe52d7f0a8 Change DB counting mechanism
The mysql performance_schema method for counting per-database queries
is very heavyweight in that it requires full logging (in a table) of
every query. We do hundreds of thousands in the course of a tempest
run, which ends up creating its own performance problem.

This changes the approach we take, which is to bundle a very tiny
sqlalchemy plugin module which counts just what we care about in
a special database.

It is more complex than just enabling the features in mysql, but it
is a massively smaller runtime overhead. It also provides us the
opportunity to easily zero the counters just before a tempest run.

Change-Id: I361bc30bb970cdaf18b966951f217862d302f0b9
2022-05-12 07:55:02 -07:00
Dr. Jens Harbott 5c765cb8a1 Add Ubuntu 22.04 LTS (jammy) platform job
The new Ubuntu LTS release has been made last week, start running
devstack on it as a platform job.

Horizon has issues with py310, so gets disabled for now.

Run variants with OVS and OVN(default).

Co-Authored-By: yatinkarel <ykarel@redhat.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I47696273d6b009f754335b44ef3356b4f5115cd8
2022-05-12 13:54:02 +02:00
Zuul d450e146cc Merge "Global option for enforcing scope (ENFORCE_SCOPE)" 2022-05-07 10:51:35 +00:00
yatinkarel 1baa8905d5 Wait for OVN dbs also along with sockets
When OVN is setup from distro packages, the
main service is ovn-central which when restarted,
restarts ovn-northd, ovn nb and db services.

And during the restart ovn dbs(ovnnb_db.db and ovnsb_db.db)
are created, which may sometime takes time as seen with
ubuntu jammy tests[1].

We already checking for socket's file to be available,
let's also check for db files as without it ovn-*ctl
operations succeed but changes are not persisted until
db files are available and changes are lost with the restart.

[1] https://review.opendev.org/c/openstack/devstack/+/839389

Change-Id: I178da7af8cba8bcc8a67174e439df7c0f2c7d4d5
2022-05-06 18:06:18 +05:30
yatinkarel 42be2425d8 Collect status of all services
Would be helpful in troubleshooting services
which either fails to start or takes time to
start.

Related-Bug: #1970679
Change-Id: Iba2fce5f8b1cd00708f092e6eb5a1fbd96e97da0
2022-04-29 16:40:32 +00:00
Zuul 85c2999e27 Merge "Tolerate missing deps in get-stats.py" 2022-04-27 22:49:07 +00:00
Zuul bfae1bee79 Merge "Set public bridge up for v6 only configurations" 2022-04-27 10:21:07 +00:00
Zuul 48417ca241 Merge "Drop centos 8 stream testing" 2022-04-26 19:57:12 +00:00
Dan Smith 1b601c7b1e Tolerate missing deps in get-stats.py
In order to run on systems where not all requirements are present,
we should be tolerant of missing external dependencies, such as
psutil and pymysql. Print a warning (to stderr) and just leave out
those stats in that case.

Also make running the stats collector use ignore_errors:yes to avoid
failures in the future. I think the stats is not critical enough to
fail a job for bugs like this.

Related-Bug: #1970195
Change-Id: I132b0e1f5033c4f109a8b8cc776c0877574c4a49
2022-04-26 08:02:39 -07:00
Harald Jensås bab0c92103 Use tryint() for stats value
In some cases the value is [not set], in this case
the conversion to integer does not work.

Closes-Bug: #1970431
Change-Id: I74df7d8bc9f5cbe0709a6471cf7639caea0b58e8
2022-04-26 15:51:35 +02:00
Julia Kreger 6964ba4a98 Set public bridge up for v6 only configurations
A long time ago, Ironic's IPv6 only job started to fail working with
errors indicated the host was unreacable. Turns out, this was because
the $ext_gw_interface was not being set to up, and thus could
be found in a Down state, and thus the kernel would not accept routes
for it.

Adds an explicit step to turn up the public bridge, much as done in
the IPv4 router plugin code which would also be executed in 4+6.

That being said, Ironic's CI jobs are very intentionally IPv6 only
to ensure that we have no chances of v4 addressing getting used
at any point in time.

This should allow Ironic to return it's IPv6 only CI job back
to the normal check queue, once a ironic plugin issue has been
resolved which was introduced while it was removed.

Change-Id: I121ec8a2e9640b21a7126f2eeb23da36b4aa95bf
2022-04-26 06:37:31 -07:00
Grzegorz Grasza 8615563df4 Global option for enforcing scope (ENFORCE_SCOPE)
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.

Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
2022-04-26 14:17:20 +02:00
Ghanshyam Mann c6dfd169ae Drop centos 8 stream testing
In Zed cycle testing runtime, we are targetting the centos 9 stream
- https://governance.openstack.org/tc/reference/runtimes/zed.html

With dropping the python 3.6 support, project started adding python 3.8
as minimum, example nova:
- https://github.com/openstack/nova/blob/56b5aed08c6a3ed81b78dc216f0165ebfe3c3350/setup.cfg#L13

with that, centos 8 stream job is failing 100%
- https://zuul.openstack.org/build/970d029dc96742c3aa0f6932a35e97cf
- https://zuul.openstack.org/builds?job_name=devstack-platform-centos-8-stream&skip=0

This commit drops centos-8-stream testing so that we focus on centos-9-stream.

Change-Id: I045e67b1ca79aba1b2a7be9f88d7804c69c6d781
2022-04-25 15:24:39 -05:00
Zuul 3b0c035b90 Merge "install mod_ssl on centos 9 stream by default" 2022-04-25 20:04:16 +00:00
Balazs Gibizer 7191c5e7e7 Use proper sed separator for paths
I941ef5ea90970a0901236afe81c551aaf24ac1d8 added a sed command that
should match and delete path values but used '/' as sed separator. This
leads to error in unstack.sh runs when the path also contains '/':

+./unstack.sh:main:188 sudo sed -i '/directory=/opt/stack/ d' /etc/gitconfig
sed: -e expression #1, char 13: unknown command: `o'

So this patch replace '/' separator with '+'.

Change-Id: I06811c0d9ee7ecddf84ef1c6dd6cff5129dbf4b1
2022-04-25 15:26:28 +02:00
Zuul 76c519bde6 Merge "modify the sample value of LOGDAYS" 2022-04-22 11:09:36 +00:00
Zuul 45f71b10ef Merge "Gather performance data after tempest" 2022-04-21 23:06:35 +00:00
Sean Mooney af75f689fa install mod_ssl on centos 9 stream by default
This change adds mod_ssl to the default set of rpms installed
on rpm based distros.

this is required if the tls-proxy service is enabled
for multi node centos based jobs.

Change-Id: I52652de88352094c824da68e5baf7db4c17cb027
2022-04-21 20:40:44 +01:00
Zhou Yanbing 4423450eb3 modify the sample value of LOGDAYS
the value of LOGDAYS in samples/local.conf is 2, so change the
value in the comment and the sample value in the document to
be consistent with it.

Change-Id: I5822bbf1d6ad347c67c886be1e3325113d079114
2022-04-21 15:00:41 +08:00
Dan Smith c2772c2984 Gather performance data after tempest
This makes us gather a bunch of consistent statistics after we run
tempest that can be use to measure the impact of a given change. These
are stable metrics such as "number of DB queries made" and "how much
memory is each service using after a tempest run."

Note that this will always run after devstack to generate the JSON
file, but there are two things that control its completeness:

 - MYSQL_GATHER_PERFORMANCE must be enabled to get per-db stats
 - Unless tls-proxy is enabled, we will only get API stats for keystone

Change-Id: Ie3b1504256dc1c9c6b59634e86fa98494bcb07b1
2022-04-20 13:07:22 -07:00
Mohammed Naser 7fa24750a6 ovn: use bundled ovs
We are using the latest OVS, however, OVN needs to build using the
OVS submodule since some of the signatures don't work[1].

[1]: https://github.com/ovn-org/ovn/issues/128

Change-Id: I3ad7e5e80f1141c3d94f7ce7c8b8f8fdb9fb7c3c
2022-04-20 15:50:34 -04:00
Mohammed Naser 28bed125a2 nova: unset cpu_model on aarch64
Without this, running DevStack on an `aarch64` environment will end
up in cpu_model set to "Nehalem" and cpu_mode set to "host-passthrough"
which does not work.

This patch drops that value under aarch64 environments.

Change-Id: I30be5a388dda5ccf08718670dbb14a28a4a8a8eb
2022-04-20 15:13:33 -04:00
Zuul d380858b2d Merge "Add OpenStack two nodes nodeset for Centos 9" 2022-04-19 05:48:02 +00:00
Dan Smith 4baeb3b51f Write safe.directory items to system git config
This is necessary for more consistent behavior across multiple
distro versions. Apparently somewhere along the way, git started
looking at the current user's home directory instead of $HOME.

Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798

Change-Id: I941ef5ea90970a0901236afe81c551aaf24ac1d8
2022-04-18 08:05:44 -07:00
Ian Wienand 676dcaf944 Mark our source trees as safe for git to use as other users
git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.

This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history.  So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.

This plays havoc with our model.  Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks.  We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.

This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe.  This is an
encroachment of the global system for sure, but is about the only
switch available at the moment.  For discussion of other approaches,
see [2].

Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798

[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636

Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
2022-04-13 16:49:07 +10:00
Zuul ce0ff1fd9d Merge "ensure /usr/local/bin in in path" 2022-04-11 14:57:13 +00:00
Artur Angiel bfbd2be00b Added recursive for deletion of $OVN_RUNDIR
After ./unstack.sh trying to 'enable_plugin venus https://opendev.org/openstack/venus' gived following error:

+lib/neutron_plugins/ovn_agent:install_ovn:363  sudo ln -s /var/run/openvswitch /var/run/ovn
ln: failed to create symbolic link '/var/run/ovn/openvswitch': File exists

which led to:

+lib/neutron_plugins/ovn_agent:cleanup_ovn:801  sudo rm -f /var/run/ovn
rm: cannot remove '/var/run/ovn': Is a directory

Change-Id: I1cafdc0c71093ed7249bb9748b57d51110986686
2022-04-10 11:31:21 +02:00
Sean Mooney eca9783a0a ensure /usr/local/bin in in path
osc is typicaly installed in /usr/local/bin
to avoid command not found errors when invoking osc
in devstack ensure that /usr/local/bin is included
in the PATH.

Change-Id: I605fbc4b131149bf5d1b6307b360fe365c680b1a
2022-04-07 13:31:50 +01:00
afariasa f4a703661e Add OpenStack two nodes nodeset for Centos 9
Change-Id: I01c8e5e0e88d0dcfe778f19548a2e268406ef6bf
2022-04-06 15:24:09 +00:00
Zuul aac6b6c791 Merge "Drop setup.py and setup.cfg" 2022-03-29 17:50:05 +00:00
Zuul 729b196445 Merge "Move openEuler job to experimental pipeline" 2022-03-29 14:03:58 +00:00
Ghanshyam Mann 45b029064f Move openEuler job to experimental pipeline
OpenEuler job fails 100% of the time. As discussed in QA meeting,
we agreed to move OpenEuler job to experimental pipeline.
- https://meetings.opendev.org/meetings/qa/2022/qa.2022-03-22-15.00.log.html#l-76

Once it is fixed, we can think of adding back to regular pipeline.

Change-Id: I831889a09fabe5bed5522d17e352ec8009eac321
2022-03-29 07:18:40 +00:00
Zuul 0ed70e3f76 Merge "Update DEVSTACK_SERIES to zed" 2022-03-28 13:02:03 +00:00
Dr. Jens Harbott 5c51a95d10 Drop setup.py and setup.cfg
devstack isn't a python project, these were introduced only for docs
building and made redundant with [0]. We can remove them now.

[0] Iedcc008b170821aa74acefc02ec6a243a0dc307c

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I90ca1c6918c016d10c579fbae49d13fff1ed59af
2022-03-28 14:00:54 +02:00
Zuul e79913c65f Merge "ignore failures to copy the devstack cache" 2022-03-27 09:57:23 +00:00
zhouyanbing 8dc342d400 remove unuseful local variable define
the local varibale: api_cell_conf in start_nova_rest function
is unuseful, so remove it now.

Change-Id: I0019ce807cf3905ee246b684fce2abcb46336306
2022-03-26 14:22:23 +08:00
Martin Kopec 189c7ff142 Update DEVSTACK_SERIES to zed
stable/yoga branch has been created now and
current master is for zed.

Change-Id: I8743a3440a0ce96acb24b34971548b43ae7c8d4c
2022-03-25 14:06:52 +01:00
Zuul 14779fc992 Merge "Clean usage of project_id in the Neutron's L3 service module" 2022-03-24 03:21:17 +00:00
Slawek Kaplonski cebd00aa04 Clean usage of project_id in the Neutron's L3 service module
After patch [1] project_id in that module is no longer needed as to make
it working with new secure RBAC policies we had to hardcode "demo"
project to be used always.
This is small follow-up patch with cleaning after [1].

[1] https://review.opendev.org/c/openstack/devstack/+/826851/

Change-Id: Iddf9692817c91807fc3269547910e4f83585f07f
2022-03-23 15:30:38 +01:00
Zuul a9d392cdbb Merge "Do not use hardcoded IPv4 localhost value" 2022-03-23 10:51:30 +00:00
Ghanshyam Mann 369042b74f Make centos-9-stream job voting
bug#1960346 is fixed by the below series
- https://review.opendev.org/q/(topic:bug/1960346+OR+topic:wait_until_sshable_pingable)+status:merged
and now centos-9-stream job is passing and made voting
on tempest gate.

This commit makes devstack centos9 steam platform job
as voting and add it gate pipeline too.

Change-Id: Ic35420c5d58926ae90a136045a1558112accc533
2022-03-22 10:59:07 -05:00
Zuul 194790df85 Merge "Clean up unified limits configuration for nova and glance" 2022-03-18 19:26:28 +00:00
Brian Haley 7943a92bdb Do not use hardcoded IPv4 localhost value
There are a couple of places that still use a hardcoded
127.0.0.1 value, even if devstack is run with
SERVICE_IP_VERSION=6 in local.conf. While things still
work, SERVICE_LOCAL_HOST should be used instead since
everything else could be using IPv6.

Change-Id: I2dd9247a4ac19f565d4d5ecb2e1490501fda8bca
2022-03-14 16:04:08 -04:00
Michael Johnson 35bc600da1 Fix tls-proxy on newer versions of openssl
Newer versions of openssl (CentOS9Stream for example) do not like using sha1.
Devstack will fail on these systems[1] with the following error:
801B93DCE77F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:333:
This patch updates the tls-proxy code in devstack to use sha256 instead of sha1 which allows devstack to complete when tls-proxy is enabled.

[1] https://zuul.opendev.org/t/openstack/build/1d90b22a39c74e24a8390861b3c5f957/log/job-output.txt#5535

Closes-Bug: #1962600

Change-Id: I71e1371affe32f070167037b0109a489d196bd31
2022-03-11 20:28:39 +00:00
Sean Mooney 13e8db5a6f ignore failures to copy the devstack cache
If the ci images do not have any cached data
we should ignore any error when trying to copying it.
This is requried when using unmodified cloud images.

Change-Id: Ia6e94fc01343d0c292b1477905f8a96a6b43bcf8
2022-03-09 20:17:31 +00:00
melanie witt 2c96180ac8 Clean up unified limits configuration for nova and glance
This is a followup for change Ifdef3510bc7da3098a71739814e35dbaf612ae34
which added configuration of unified limits for nova. This removes an
unnecessary wrapper unsetting of OS_ env variables, unnecessary quoting
on an iniset config value, and a hardcoding of user domain. The glance
code from which the nova code was originally copied is also cleaned up.

Change-Id: I4921af5cc0f624dd5aa848533f7049ee816be593
2022-03-03 23:56:48 +00:00
Zuul a435078fcb Merge "Configure nova unified limits quotas" 2022-03-03 19:12:13 +00:00
Zuul 9bf989eb1a Merge "Made LVM backing disk persistent" 2022-03-02 15:04:47 +00:00
OpenStack Proposal Bot a2ff754536 Updated from generate-devstack-plugins-list
Change-Id: Iff2bf021edee9be3bae21b67e66fe07c552f3a05
2022-03-02 02:13:44 +00:00
Zuul bbe302da85 Merge "Fix installation with OVN backend and compilation" 2022-02-28 10:47:14 +00:00
Zuul 2462893787 Merge "Default CIRROS_ARCH to host arch" 2022-02-22 16:45:51 +00:00
Zuul 8339df0399 Merge "Made Swift backing disk persistent" 2022-02-22 01:54:52 +00:00
Jakob Meng e30620e9a6 Made Swift backing disk persistent
Previously, Swift's backing disk were not be mounted after reboots,
causing swift-proxy-server service to fail with cryptic error
messages such as 'proxy-server: ERROR Insufficient Storage'. Now,
we use 	Dan Smith' create_disk function from functions to create
the backing disk for us and add it to /etc/fstab.

Change-Id: I9cbccc87bc94a55b58e9badf3fdb127d6f1cf599
2022-02-21 20:04:23 +01:00
Zuul d343a70003 Merge "Revert "Revert "Add enforce_scope setting support for keystone""" 2022-02-21 15:33:18 +00:00
Zuul 5e7dad1146 Merge "Use devstack-system-admin for keystone objects creation" 2022-02-21 15:22:08 +00:00
Victor Morales c0882aeaae Add rsync deb package for swift
The rsync debian package is required for swift service. This
requirement has been covered by rpms but not for deb packages.

Change-Id: Iefd1302be9c7fd80e037bbae3638602d6d823580
2022-02-16 18:15:12 -08:00
OpenStack Proposal Bot ef6fac7959 Updated from generate-devstack-plugins-list
Change-Id: If1b667cd4af88511cb1672645a980c9c4fc557ae
2022-02-16 02:16:15 +00:00
Sean Mooney 17b1999eab Default CIRROS_ARCH to host arch
This change use uname -m to get the portable host arch and uses that
as a new default. on x86_64 hosts this should result in no visable change
in behavior however on a non x86 host it will cause devstack to attempt
to download a cirros image that matches the host.

Change-Id: I6d1495a23400ef4cf496302028324fa5794dd45f
2022-02-09 22:14:24 +00:00
Rodolfo Alonso Hernandez 8c6710326e Fix installation with OVN backend and compilation
This patch fixes several issues related to the installation with
OVN backend with the OVS/OVN compilation enabled.

The OVS/OVN local directories prefix, when both services are compiled,
is now "/usr/local".

The "ovn_agent._run_process" function is calling "ovs-appctl" to
configure the logging settings of several services. Instead of
using the service name, the ctl socket file is used instead. That
is more robust and does not fail in systems with previous
installations.

Closes-Bug: #1960514

Change-Id: I69de5333393957593db6e05495f0c3c758efefdf
2022-02-09 21:22:46 +00:00
Zuul 62d6ffa6b3 Merge "Revert "Disable enforcing scopes in Neutron temporary"" 2022-02-08 22:41:18 +00:00
Zuul 1a8b8573ea Merge "Fix deployment of Neutron with enforced scopes" 2022-02-08 22:39:25 +00:00
Zuul 7799e74a05 Merge "Bump fedora-latest to F35" 2022-02-08 22:34:32 +00:00
Jakob Meng accd99e7cd Made LVM backing disk persistent
Previously, loop devices for LVM volume groups backing files were not
created after reboots, causing e.g. Cinder to fail with messages such
as

  ERROR cinder.service [-] Manager for service cinder-volume
  devstack@lvmdriver-1 is reporting problems, not sending
  heartbeat. Service will appear "down".

Now, we use systemd services to manage loop devices for backing files.

Change-Id: I27ec027834966e44aa9a99999358f5b4debc43e0
2022-02-08 11:05:14 +01:00
Zuul f9f6208960 Merge "Add openstack-two-node-centos-8-stream" 2022-02-07 22:42:44 +00:00
Ian Wienand 343e351627 Bump fedora-latest to F35
Generally this is straight forward, but Horizon has a dependency issue
with pyScss (described in [1]) so it is disabled, for now.

[1] https://bugs.launchpad.net/horizon/+bug/1960204

Co-Authored-By: Dr. Jens Harbott <harbott@osism.tech>
Depends-On: https://review.opendev.org/c/openstack/devstack/+/827578
Change-Id: I7c4bf0945f9ac5bd563fe0a698c09b8571c97c5e
2022-02-08 08:08:19 +11:00
Zuul c6ecac744f Merge "revert stackrc execute permissions" 2022-02-05 00:32:06 +00:00
Zuul 091e20b28a Merge "Adapt compute node local.conf to OVN" 2022-02-05 00:26:11 +00:00
Sean Mooney 85c7d8db4e revert stackrc execute permissions
This change reverts the execute permissions from
stackrc which is not meant to be run as a script but sourced
as part of stack.sh

Change-Id: I9a05051e5a297cfaf78d097fa5f90a7c5fd254a6
2022-02-04 12:59:56 +01:00
Rodolfo Alonso Hernandez a756f4b968 Add python3.6 pip support
Since pip v22, python3.6 is not supported (the minimum version is
python3.7). This patch adds the reference for the pip3.6 URL to be
used instead of the default one.

Closes-Bug: #1959600
Change-Id: Iab2c391d5388461fe9e9037cee81884ce8032e72
2022-02-01 11:27:05 +00:00
melanie witt 099a048fb9 Configure nova unified limits quotas
This enables the configuration of nova to use unified limits in
keystone and enforcement in oslo.limit.

Related to blueprint unified-limits-nova

Depends-On: https://review.opendev.org/c/openstack/nova/+/715271

Change-Id: Ifdef3510bc7da3098a71739814e35dbaf612ae34
2022-01-28 20:00:00 +00:00
Zuul 099411815b Merge "Use distro pip on Ubuntu" 2022-01-28 18:49:06 +00:00
Slawek Kaplonski 081c9b716f Revert "Disable enforcing scopes in Neutron temporary"
This reverts commit be7b5bf671.

As related bug is fixed, lets enabled scope enforcement in Neutron
again.

Related-bug: #1959196
Change-Id: I72db7ef533e78a10734d105e6a0debef288e41a1
2022-01-28 09:52:53 +01:00
Slawek Kaplonski 14a0c09001 Fix deployment of Neutron with enforced scopes
After patch [1] new RBAC policies changed in the way that SYSTEM_ADMIN
user isn't anymore allowed to e.g. create resources in behalf of some
projects. Now PROJECT_ADMIN needs to create such resources instead.
So this patch basically reverts most of the changes which were done
in [2] some time ago.
It also introduces new entry in the clouds.yaml file -
"devstack-admin-demo" which is "admin" user in the "demo" project as
it's needed to create some resouces in the demo project now.

Additionally, because of bug [3] this patch changes way how IPv6
external gateway IP is found using Neutron API. This change may be
reverted in the future when bug [3] will be fixed.

[1] https://review.opendev.org/c/openstack/neutron/+/821208
[2] https://review.opendev.org/c/openstack/devstack/+/797450
[3] https://bugs.launchpad.net/neutron/+bug/1959332

Depends-On: https://review.opendev.org/c/openstack/neutron/+/826828

Closes-Bug: #1959196
Change-Id: I32a6e8b9b59269a8699644b563657363425f7174
2022-01-28 09:52:20 +01:00
Ade Lee 1fd45940f3 Add openstack-two-node-centos-8-stream
This will allow multinode FIPS testing

Change-Id: I82b3b8fe56275aed72e13f6d1bd9170c50e5da0d
2022-01-27 15:57:13 +00:00
Slawek Kaplonski be7b5bf671 Disable enforcing scopes in Neutron temporary
After patch [1] was merged in Neutron, enforcing scopes there
is broken.
So lets disable it temporary to unblock Devstack's gate for now.

[1] https://review.opendev.org/c/openstack/neutron/+/821208

Related-Bug: #1959196
Change-Id: I24da6f3897a638749d16f738329a873a5f9a291d
2022-01-27 16:04:32 +01:00
Zuul 6bec828d8e Merge "Fix typo in multinode-lab document" 2022-01-27 08:34:35 +00:00
Grzegorz Grasza 5f5002a378 Revert "Revert "Add enforce_scope setting support for keystone""
This reverts commit 26bd94b45e.

Reason for revert: Devstack keystone creation/setup are moved to
scope tokens, so we can reintroduce the scope check enable.

Change-Id: I6e1c261196dbcaf632748fb6f04e0867648b76c7
2022-01-26 15:41:18 +01:00
Grzegorz Grasza ae40825df6 Use devstack-system-admin for keystone objects creation
This is needed so we can set keystone into enforcing secure RBAC.
This also adjusts lib/glance, which already partially used
devstack-system-admin.

Change-Id: I6df8ad23a3077a8420340167a748ae23ad094962
2022-01-26 15:40:42 +01:00
Dr. Jens Harbott d6909e41af Use distro pip on Ubuntu
Running get-pip.py fails on Ubuntu when running twice, e.g. after a
unstack/stack cycle. Just use distro pip instead.

Closes-Bug: #1957048
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I87a8d53ed8860dd017a6c826dee6b6f4baef3c96
2022-01-22 17:02:29 +01:00
Pierre Riteau 0a31630323 Adapt compute node local.conf to OVN
The default Neutron configuration is now using OVN, but the multinode
lab was using an incompatible configuration:

    The q-agt/neutron-agt service must be disabled with OVN.

Change-Id: I518a739a3daac941880463cde6b47951331d0911
2022-01-21 10:07:07 +01:00
yatinkarel d5d0bed479 Workaround CentOS 8-stream bug until fixed
Recent iputils release in CentOS 8-stream causing
ping failures with non root user. This needs a fix
in systemd package as mentioned in the Related Bugs,
until it's fixed and is in 8-stream mirrors let's
workaround it by setting net.ipv4.ping_group_range
setting manually.

Related-Bug: #1957941
Related-Bug: rhbz#2037807
Change-Id: I0d8dac910647968b625020c2a94e626ba5255058
2022-01-17 08:43:52 +00:00
Zuul b6656b7b38 Merge "Clean up compile_ovn function's parameters" 2022-01-13 17:43:52 +00:00
Zuul 6d55b2a439 Merge "Allow skip the database server installation" 2022-01-12 15:40:57 +00:00
Zuul df551da6f5 Merge "Fix cloning requirements when GIT_DEPTH is set" 2022-01-11 18:51:34 +00:00
Zuul 3a373536f1 Merge "Deprecate lib/neutron" 2022-01-11 17:29:14 +00:00
elajkat c994dc4de2 Deprecate lib/neutron
lib/neutron-legacy was recently undeprecated (see [0]), Openstack CI
uses neutron-legacy and latest work was done in it also.
To avoid double maintenance lib/neutron can be deprecated.

For latest discussion see [1] and [2].

[0]: https://review.opendev.org/c/openstack/devstack/+/704829
[1]: https://meetings.opendev.org/meetings/networking/2022/networking.2022-01-04-14.04.log.html#l-52
[2]: https://meetings.opendev.org/irclogs/%23openstack-qa/%23openstack-qa.2022-01-05.log.html#t2022-01-05T15:57:37

Related-Bug: #1955765
Change-Id: I3fc328b7f47ccd7c1a97cceeea98fb2fbd609017
2022-01-11 14:14:20 +01:00
Zuul 35aa64e5f7 Merge "Added AlmaLinux to CentOS 8 family" 2022-01-11 01:53:55 +00:00
Carlos Camacho cc6e20b24d Allow skip the database server installation
This patch allows to skip the installation
of the database backend packages (MySQL or Postgres)
with the introduction of the INSTALL_DATABASE_SERVER_PACKAGES
variable (defaulted to True).
This is useful in such environments that do not require
to install the MySQL/Postgres server packages directly but using
a container serving that purpose, for those cases all the
remaining steps should be executed just skipping the
packages install.

Change-Id: I26628a31fdda3ce95ed04a2b7ae7b132c288581f
2022-01-10 09:26:56 +01:00
Zuul 6133c1c959 Merge "Only set chap algorithms if not openeuler" 2022-01-07 19:21:40 +00:00
Dr. Jens Harbott 807330ac37 Fix cloning requirements when GIT_DEPTH is set
We always need the master branch of requirements in order to be able to
install tempest with it, so override GIT_DEPTH when cloning that repo.

Closes-Bug: 1956616
Change-Id: Id0b409bfadd73f2c30314724178d6e199121050b
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
2022-01-07 11:42:26 +01:00
Ade Lee ac958698d0 Only set chap algorithms if not openeuler
For some reason, setting the CHAPAlgorithms as in c3b705138
breaks OpenEuler.  Making this conditional so that tests continue
to pass.

Change-Id: Iaa740ecfbb9173dd97e90485bad88225caedb523
2022-01-06 15:20:07 -05:00
Eduardo Santos 4448f243f3 Fix public subnet creation command
There was no space after the --project option in the command that
creates the public subnet, thus if any option follows, the option itself
will be parsed as part of the value passed to the --project option. This
change just adds the missing space.

Change-Id: I1e7375578342a82717222e902fcd65a4a62e33a7
2022-01-06 14:03:16 -03:00
Zuul 9154bf543d Merge "Install OVS from source when it was configured like that" 2022-01-06 00:39:16 +00:00
Zuul e091481341 Merge "Fix tempest upper-constraints" 2022-01-05 10:57:21 +00:00
Zuul 3c98c21fec Merge "Fix mysqladmin failure for Fedora 34 and mariadb" 2022-01-04 19:23:59 +00:00
Zuul 0486d4ccf3 Merge "init_cinder() shouldn't always create DEFAULT_VOLUME_GROUP_NAME" 2022-01-04 18:50:10 +00:00
Zuul 7b0251cf37 Merge "Fix stacking without preconfigured DATABASE_PASSWORD" 2022-01-04 18:33:26 +00:00
Dr. Jens Harbott 2ef4a4c851 Fix tempest upper-constraints
When deploying devstack in a stable branch, the master branch is
available locally only in a CI environment where Zuul prepares all
available branches. For a non-CI deployment we need to stick to using
the remote branch as was the case before [0].

While the situation on the master branch isn't really broken, we apply
the fix here anyway so that future stable branches are created in a
working state.

[0] I5d42ac6b54bf20804d7e5faa39d1289102318b64

Closes-Bug: #1956219
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ib7719cb2d48b34db70f885e0afe77d904abba3b5
2022-01-03 19:27:22 +01:00
Zuul 858aca019c Merge "Don't enable the dstat service in CI jobs" 2022-01-03 18:00:28 +00:00
Miguel Lavalle c1a75c6a50 Fix mysqladmin failure for Fedora 34 and mariadb
mysqladmin is incorrectly installed in Fedora 34 with mariadb. This
causes the failure of Zuul Fedora based jobs. The issue is a conflict
between mariadb and community mysql that is described in [1] and [2].

The workaround is to explicitly install package "mariadb"

Also configure an increased swap size like for the other platform jobs
in order to avoid OOM issues.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2026933
[2] https://lists.launchpad.net/maria-discuss/msg06179.html

Closes-Bug: #1956116
Change-Id: Icf6d7e1af5130689ea10b29d37cc9b188b2c9754
2022-01-03 15:33:35 +01:00
Zuul 3155217fb6 Merge "openEuler 20.03 LTS SP2 support" 2021-12-30 12:04:44 +00:00
Zuul 1d7d8e6a17 Merge "Enable oslo.limit to be installed from git repo" 2021-12-30 10:54:09 +00:00
Zuul 71c215ac29 Merge "Revert "Generate deprecation warning for postgresql"" 2021-12-30 10:29:00 +00:00
Zuul 98df253eae Merge "Add option to set chap algorithms for iscsid for FIPS" 2021-12-30 10:28:57 +00:00
Zuul 559f8cc150 Merge "Use MDB backend in Ubuntu" 2021-12-30 10:28:54 +00:00
Zuul 13526abe84 Merge "cinder-backup: Ensure ca cert is defined when tls-proxy is enabled" 2021-12-30 09:32:21 +00:00
yatinkarel 05e622ead2 Use upper-constraints from in review changes
Currently upper-constraints.txt is not getting used
from in-review changes of requirements project and
leading to merge of broken requirements[1].

Use master branch to fetch constraints instead of
the remote branch.

[1] https://review.opendev.org/c/openstack/requirements/+/822575

Depends-On: https://review.opendev.org/c/openstack/requirements/+/823128
Change-Id: I5d42ac6b54bf20804d7e5faa39d1289102318b64
2021-12-29 09:48:39 +00:00
Dr. Jens Harbott 134205c138 Don't enable the dstat service in CI jobs
We still are seeing regular job failures because the pcp package fails
to install. Assume that we can still enable it on demand when someone
needs to debug specific job issues, let us just disable it by default.

Related-Bug: 1943184
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I32ef8038e21c818623db9389588b3c6d3f98dcad
2021-12-23 12:29:14 +01:00
Dr. Jens Harbott 353c3f9cb1 Fix stacking without preconfigured DATABASE_PASSWORD
When we need to read a DATABASE_PASSWORD from the user, make sure we
actually use it in our database URLs.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5ebf6b0280e82f2c87a63cbee7a9957c6bd26898
2021-12-23 12:07:29 +01:00
Slawek Kaplonski 5888947539 Clean up compile_ovn function's parameters
That function was accepting 3 positional arguments and first
of them was boolean value "build_modules" which isn't used anywhere in
that function.
So this patch cleans it a bit by removing that not used parameter.

Change-Id: I5c57b9116338a63b7bfb170c02e33bb4eae725da
2021-12-22 16:00:29 +01:00
Kevin Zhao 7880ba665e openEuler 20.03 LTS SP2 support
openEuler is an open-source Linux based operating system. The current
openEuler kernel is based on Linux and supports multi arch, such as X86_64
and aarch64. It fully unleashes the potential of computing chips. As an
efficient, stable, and secure open-source OS built by global open-source
contributors, openEuler applies to database, big data, cloud computing,
and AI scenarios. openEuler is using RPM for package management.

Note:
Currently there is no available package for uwsgi-plugin-python3 and ovn, so that
openEuler needs manually install them from source.

Website: https://www.openeuler.org/en/

Change-Id: I169a0017998054604a63ac6c177d0f43f8a32ba6
Co-Authored-By: wangxiyuan <wangxiyuan1007@gmail.com>
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
2021-12-22 14:47:27 +08:00
Slawek Kaplonski 24b65adc9c Deploy Neutron with enforced new RBAC rules
This patch adds new config option NEUTRON_ENFORCE_NEW_DEFAULTS which
if set to True will deploy Neutron with enforce new rbac defaults and
scopes.
It will also use SYSTEM_ADMIN user to interact with Neutron where it is
needed.

Depends-On: https://review.opendev.org/c/openstack/neutron/+/798821

Change-Id: I14d934f0deced34d74003b92824cad3c44ec4f5e
2021-12-20 14:42:35 +01:00
Ade Lee c3b7051387 Add option to set chap algorithms for iscsid for FIPS
The default CHAP algorithm for iscsid is md5, which is disallowed
under fips.  We will set the chap algorithm to "SHA3-256,SHA256",
which should work under all configurations.

Change-Id: Ide186fb53b3f9826ff602cb7fb797f245a15033a
2021-12-08 19:20:40 -05:00
Slawek Kaplonski 4185358837 Install OVS from source when it was configured like that
Function _neutron_ovs_base_install_agent_packages always tried to
install openvswitch from packages and start it using systemd units.
That was failing when ovs was expected to be installed from source.
This patch fixes that.

Change-Id: Iae8625dd800d30061ea3dbed9eb0dfbe16f21572
2021-12-08 14:09:49 +00:00
Zuul 6c849e3713 Merge "Support CentOS Stream 9" 2021-12-04 18:18:06 +00:00
Zuul a77943f8aa Merge "Remove unnecessary member role assignments from alt_demo" 2021-12-04 18:18:03 +00:00
Zuul 39acde91f9 Merge "Only write out uwsgi configs when deploying API services" 2021-12-04 17:33:24 +00:00
Lee Yarwood fc8ef86fbe Only write out uwsgi configs when deploying API services
Previously this would always happen for Nova and Cinder even if n-api
and c-api were not enabled on the host respectively.

This change stops this by placing both calls write_uwsgi_config behind
is_service_enabled checks.

Change-Id: I997685da771736dbad79bcfe4b00dbc63bd6d6b6
2021-12-03 12:09:08 +00:00
Lee Yarwood 31334f9a9b nova: Use noVNC 1.3.0 when installing from source
Additionally make the repo name lowercase to match the project name in
our zuul config so that jobs can check the repo out.

Change-Id: Ic2d9c4fa837461bbc29e067a81912b5f72efd3ca
2021-12-03 12:09:01 +00:00
Alfredo Moralejo 5ea4c3c18c Support CentOS Stream 9
This patch includes changes required to run devstack on CentOS Stream 9
which has been already published in official repos by CentOS team [1]:

- Add RDO deps repository for CS9.
- remove xinetd package from installation for swift. Note that
  rsync-daemon is installed which should work fine.
- Replace genisoimage by xorriso in CS9.
- Use /etc/os-release to identify the distro in CS9 as it doesn't
  provide lsb_release command.
- Use pip from rpm package instead of from get-pip.py as done in Fedora.
- Add non-voting job devstack-platform-centos-9-stream to the check
  pipeline.

Change-Id: Ic67cddabd5069211dc0611994b8b8360bcd61bef
2021-12-02 09:10:48 +01:00
Zuul 1414bcfa22 Merge "Remove unnecessary unset for project-scoped token in glance" 2021-12-01 11:27:33 +00:00
Zuul 7020daf7fc Merge "Cleanup keystone library" 2021-11-30 17:59:03 +00:00
Roman Dobosz bd68251463 Change a way for creating data dir in case of OVN.
Calculate the sudo usage with local variable.

Change-Id: I39dff770ff296dc06395acdb430a9cfe1722a30f
2021-11-27 08:12:04 +01:00
yatinkarel b575af0cfe Do not use sudo with OVN_DATADIR when building from source
Jobs with OVN_BUILD_FROMS_SOURCE=True are broken
since [1] as ovn nortd not starting due to permission
issues. Fix it by not using sudo for creating OVN_DATADIR
when building from source.

[1] https://review.opendev.org/c/openstack/devstack/+/806858

Closes-Bug: #1952393
Change-Id: I00f0c8c8173b4d8270fbb3e6079d0d8b332e9de5
2021-11-26 13:44:10 +05:30
Lance Bragstad afd0f84eae Remove unnecessary unset for project-scoped token in glance
Before, we needed to unset a couple of parameters that would make the
client return a project-scoped token instead of a system-scoped token,
which we need when interacting with registered limits in keystone.

This commit removes those unsets since we no longer source those
variables by default. This commit also cleans up some of the redundant
parameters in the registered limit calls, like region.

Change-Id: I1af8a168a29e895d57504d41e30efea271ea232d
2021-11-26 07:26:56 +00:00
Zuul acc9bd6ab9 Merge "Fix OVN DBs cleanup on startup" 2021-11-25 10:38:27 +00:00
Takashi Kajinami c20cd8ed9d cinder-backup: Ensure ca cert is defined when tls-proxy is enabled
Change-Id: Id679eb7061d8e609ce76fbb5b720a041990e8e86
2021-11-24 01:35:46 +09:00
Gregory Thiemonge 6822ff3944 Fix OVN DBs cleanup on startup
When initializing OVN, clean up the correct database directory when
using OVN from packages (/var/lib/ovn/ instead of /opt/stack/data/ovn/).
The /opt/stack/data/ovn location is used only when building OVN from
sources, so a fresh devstack deployment with OVN packages may already
have hundreds of existing routers and ports, creating ARP collisions.

Closes-Bug: #1942201
Change-Id: Ic90d4f2f9d8aaef825ea3325c0ad8fef2a1c5e39
2021-11-23 16:17:24 +01:00
Takashi Kajinami 65a5db8e33 keystone: Dot not set the removed admin_endpoint parameter
The admin_endpoint parameter has been removed from keystone[1], and
setting the parameter is no longer effective.

[1] 192cde56e57a06750641b319da8a72cdcaa554d0

Change-Id: I6ae6a3122668551acc018972624e914fcbb79a22
2021-11-23 12:03:20 +01:00
Lance Bragstad 1d8888dc24 Remove unnecessary member role assignments from alt_demo
This user already has the admin role assignment on a project, which
implies the member role, making explicit calls to add the member role
redundant.

Change-Id: I398c5e2f098aeeb896de83872085cbce529a778a
2021-11-22 21:28:20 +00:00
Zuul 94facb0759 Merge "Add missing ml2, L2 and L3 agent functions to devstack" 2021-11-19 01:10:09 +00:00
Julia Kreger c96993d138 Make OS_CLOUD be able to be configured
OS_CLOUD is used to communiate to CLI tools what cloud
credentials to utilize.
The change I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
unfortunately set an explicit OS_CLOUD account which breaks
any jobs which are expecting a previosuly set OS_CLOUD which
may be different to work. For example, OS_CLOUD being set
as devstack-system-admin to facilitate Secure RBAC testing.

Change-Id: Iee900e552584dda622f57eea3508df48dff2e071
2021-11-18 10:39:36 -08:00
Slawek Kaplonski faed11d2a1 Add missing ml2, L2 and L3 agent functions to devstack
Previously those functions were defined in the neutron's devstack plugin
but with [1] we moved qos related code into devstack and we missed about
moving them too.
This is follow up patch to fix that issue.

[1] https://review.opendev.org/c/openstack/devstack/+/815686

Change-Id: Icf459a2f8c6ae3c3cb29b16ba0b92766af41af30
2021-11-18 16:42:40 +01:00
Zuul 487057de80 Merge "Add additional project personas for secure RBAC" 2021-11-18 00:22:24 +00:00
Zuul 8d7ac90f00 Merge "Stop creating userrc_early" 2021-11-17 19:49:59 +00:00
Dr. Jens Harbott f56f7a557a Stop creating userrc_early
We can use the devstack-admin cloud configuration everywhere now
and don't need to set environment variables with cloud credentials
any longer.

Fix the swift setup, where some more options need to be explicitly
specified now and the default OS_CLOUD setting overridden.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I86ffa9cd52454f1c1c72d29b3a0e0caa3e44b829
2021-11-16 19:35:32 +01:00
Slawek Kaplonski f9a896c6e6 Rehome functions to enable Neutron's QoS service
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
QoS service is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.

[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142

Change-Id: I48f65d530db53fe2c94cad57a8072e1158d738b0
2021-11-13 19:52:06 +00:00
Lance Bragstad 9c81321bfc Add additional project personas for secure RBAC
This commit formalizes some additional users to act as different project
users and updates clouds.yaml file so they're easy to use.

It creates:

  - a reader on the demo project
  - a reader on the alt_demo project
  - a member on the alt_demo project

With the adoption of secure RBAC personas, these are useful for using
OpenStack APIs as that work continues.

Change-Id: I3237a771275311377313b7d7d80ac059ac69d031
2021-11-13 20:41:43 +01:00
Zuul 483e7e243a Merge "Rehome functions to enable Neutron's placement integration" 2021-11-13 19:02:48 +00:00
Zuul 05e9cb1e19 Merge "Clarify error message for ERROR_ON_CLONE=True" 2021-11-12 22:18:44 +00:00
Dr. Jens Harbott 95555ba398 Cleanup keystone library
IDENTITY_API_VERSION is hardcoded to 3 in most locations already, drop
the remaining occurrences, but keep the variable definition since some
plugins still depend on it. Drop ENABLE_IDENTITY_V2 which no longer
has any effect.

Amend variable list for bootstrap_keystone().

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I06f476d2105bc6ec2b511fc5effcfcc3973eaf97
2021-11-10 06:24:15 +01:00
Zuul 55c7830b4b Merge "Update lib/keystone to add more system users" 2021-11-09 16:11:47 +00:00
Zuul 2000d0ccf3 Merge "neutron-legacy: Remove no longer necessary vpnaas conditional" 2021-11-09 13:59:10 +00:00
Lance Bragstad 021ae0bcc8 Update lib/keystone to add more system users
Keystone has supported system-scope since Queens and we already make
sure we create a cloud profile for system-admin in
/etc/openstack/clouds.yaml.

This commit ensures keystone creates a couple of new users to model
system-member and system-reader personas. Doing this by default in
devstack makes it easier for people to use.

We've already taken a similar approach in tempest by setting up the
various system personas for tempest clients to use.

Change-Id: Iceb7c5f517db20072e121dc7538abaa888423c67
2021-11-05 10:44:58 +01:00
Zuul d28865ba3d Merge "Run Bullseye with more swap" 2021-11-04 23:55:11 +00:00
Zuul a2d4d08b00 Merge "Allow cinder default quotas configuration" 2021-11-04 22:08:00 +00:00
Dr. Jens Harbott f8e00b86ae Run Bullseye with more swap
Since Bullseye like Centos 8 Stream needs more memory due to changed
default settings in newer qemu versions, set the swap size to 4G, which
is the same setting already being used for the CS8 jobs successfully.

Change-Id: I83ea34d6aa647d2ab9d4d78ed354904fce836e68
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
2021-11-04 15:28:50 +01:00
Zuul 9101fbf5c4 Merge "Switch off creating a keystone admin endpoint by default" 2021-11-04 14:20:50 +00:00
Ghanshyam Mann 325792d9b9 Clarify error message for ERROR_ON_CLONE=True
If ERROR_ON_CLONE is set to True which is case for
all the devstack based job, devstack does not clone the
repo instead raise error. From current error message, it
is difficult to know that ERROR_ON_CLONE is True until we
traceback the code or check devstack-base job set ERROR_ON_CLONE
to True.

Current error message is like:
-------
+ functions-common:git_clone:560           :   echo
'The /opt/stack/oslo.limit project was not found; if this is a gate job, add'
  The /opt/stack/oslo.limit project was not found; if this is a gate job, add
+ functions-common:git_clone:561           :   echo 'the project to the
 $PROJECTS variable in the job definition.'
the project to the $PROJECTS variable in the job definition.
+ functions-common:git_clone:562           :   die 562 'Cloning not
  allowed in this configuration'
--------

Adding ERROR_ON_CLONE info in error message will help to
know the reason of devstack not cloning the repo.

Change-Id: I9e9852f046fefb299b4ef4446323e9c86437212f
2021-11-03 19:34:19 +00:00
Zuul c053269fc3 Merge "Make creation of keystone admin endpoint optional" 2021-11-03 12:30:10 +00:00
Zuul fb2e741008 Merge "Stop creating a keystone admin site" 2021-11-03 12:30:07 +00:00
Zuul bca0448438 Merge "Create clouds.yaml early enough" 2021-11-02 17:54:37 +00:00
Slawek Kaplonski 7f6d9283b8 Rehome functions to enable Neutron's placement integration
Those functions were part of the neutron devstack plugin but we
discussed it during last PTG [1] and decided to move to the Devstack
repo as plugins which are used by e.g. CI jobs which are defined outside
of the neutron repository.
Placement integration is used e.g. in the tempest-slow job which is
defined in tempest and used by many different OpenStack projects.

[1] https://etherpad.opendev.org/p/neutron-yoga-ptg#L142

Change-Id: Ib86071881f16de1b69c0f9b1b19b6df8b7e66a07
2021-10-27 16:40:30 +02:00
Zuul c8134987c9 Merge "Use Nehalem CPU model by default" 2021-10-22 13:27:53 +00:00
Zuul af23507c34 Merge "Fix use of yaml.load()" 2021-10-22 12:00:35 +00:00
Clark Boylan e06d954229 Use Nehalem CPU model by default
CentOS/RHEL 9 are being compiled for the x86_64-v2 architecture which is
newer than the qemu default of qemu64. This means that for devstack to
boot these instances we need a newer CPU model. Nehalem is apparently
the oldest model that works for x86_64-v2 and is expected to work on
Intel and AMD cpus with kvm or qemu. Switch devstack to this model by
default.

Note that we cannot use host-passthrough or host-model because we want
to support live migration between devstack deployed nova-compute
instances and even within the CI instances that we get the host CPUs can
differ.

Also, we should run this change against as many clouds as possible to
ensure that the newer model works across all of our clouds. There is
some fear that the virtual CPUs presented to us in some clouds may not
be able to run these newer CPU models.

Change-Id: Ibd6e11b59f3c8655bc60ace7383a08458b2177f2
2021-10-21 08:15:12 -07:00
Zuul 6923f7b5e6 Merge "Enable running on Debian Bullseye" 2021-10-20 14:56:29 +00:00
Tristan Cacqueray 4aa27976eb [ci] Remove the implied-branches pragma
This change enables using devstack job with custom branche names.

Change-Id: I95c368f05042a6f8f208988af9a6d89a522a5526
2021-10-19 21:48:17 +00:00
Jens Harbott b538b3267c Switch off creating a keystone admin endpoint by default
With the depending patch, the endpoint will still be created for
heat tests, so we can turn it off for everyone else.

Depends-On: https://review.opendev.org/c/openstack/openstacksdk/+/777343
Change-Id: I0dc7d6cedd07e942b9f23b26a785b386aff41fbc
2021-10-17 17:44:13 +00:00
Jens Harbott eb37657d8e Make creation of keystone admin endpoint optional
The keystone admin endpoint technically isn't different any longer from
the other keystone endpoints in v3 of the API. However, some
applications like heat are still relying on it to exist.

So we make the creation of the admin endpoint during bootstrap optional
here, with the intention to change the default to False once all jobs
that still need this are modified to explicitly require it.

Change-Id: I7ab12141c558186e397c174c248a613d1810011b
2021-10-17 19:36:46 +02:00
Zuul 79356c41cd Merge "Don't fail if there is no nf_conntrack_proto_gre module available" 2021-10-17 16:33:33 +00:00
Jens Harbott c2491bac9d Stop creating a keystone admin site
Keystone no longer has any special functionality hidden behind the admin
site. KEYSTONE_AUTH_URI which used to point to the admin site has long
ago been changed to be a copy of KEYSTONE_SERVICE_URI, which points to
the public site.

Drop all KEYSTONE_AUTH_* variables except KEYSTONE_AUTH_URI which may
still be in use in some plugins.

This also allows to finally drop the fixup_keystone() function.

Change-Id: I549f3cadc27d137e014241cdd47e90267859c848
2021-10-17 17:11:03 +02:00
Jens Harbott ee1c614eda Fix use of yaml.load()
The use of this function has been deprecated for a long time[0]. With
PyYAML==6.0 the call is now failing, so replace it with the safe
version.

[0] https://msg.pyyaml.org/load

Signed-off-by: Jens Harbott <frickler@offenerstapel.de>
Change-Id: I7a170262b50a5c80a516095b872d52e1bea5479d
2021-10-16 17:33:12 +02:00
OpenStack Proposal Bot c027ddd3f8 Updated from generate-devstack-plugins-list
Change-Id: I1abc356970a7f2427bc9683a7e64e54ab52a7651
2021-10-16 06:26:49 +00:00
Dr. Jens Harbott 84901f563e Create clouds.yaml early enough
When using glance limits, the create_glance_accounts call needs access
to the devstack-system-admin cloud definition, so we need to create
the clouds.yaml file before that step.

Change-Id: Ie6d807c46b88b16b316aa166870a6a13f2bb346d
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
2021-10-15 15:07:15 +02:00
Slawek Kaplonski b4e683e6b9 Don't fail if there is no nf_conntrack_proto_gre module available
It may be that it is already compiled in the kernel so there is no
need to load kernel module in such case.

Change-Id: Ie1d32e3fd529e13958857cb3ced6710eebde1e4d
2021-10-14 13:50:30 +02:00
Zuul 82facd6edf Merge "Fix updating setuptools in Centos" 2021-10-12 20:43:00 +00:00
Zuul 10d20b14e7 Merge "Further fixup for Ubuntu cloud images" 2021-10-11 09:26:28 +00:00
Zuul d603c2a459 Merge "Remove cinder from service names" 2021-10-11 08:27:27 +00:00
Zuul 23cbf138b4 Merge "tools: Fix use of continue" 2021-10-11 08:10:36 +00:00
Zuul e2e88dc19a Merge "Fix displaying usage for make_cert.sh" 2021-10-11 00:53:22 +00:00
Zuul 2e336ee79f Merge "Rehome functions to enable Neutron's Trunk service plugin" 2021-10-11 00:51:51 +00:00
Dr. Jens Harbott 61a37bff9a Further fixup for Ubuntu cloud images
The official Ubuntu cloud images have some further python pkgs
preinstalled that conflict with our requirements. Allow to
overwrite them.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1871485
Change-Id: I793c250cae5e7b9bc835b7016d790d1f9ae8a7f3
2021-10-08 11:04:03 +02:00
Slawek Kaplonski f758b60a4b Rehome functions to enable Neutron's Trunk service plugin
Those functions were part of the neutron devstack plugin but we
discussed on the neutron team meeting [1] to move it to the Devstack
repo as it's mature enough now.

[1] https://meetings.opendev.org/meetings/networking/2021/networking.2021-10-05-14.00.log.html#l-156

Change-Id: I35446adad1d8a7fed142d834de20c48b611015a5
2021-10-06 12:04:26 +02:00
Michal Berger bfc79dc98b tools: Fix use of continue
continue is not used in a proper context here (outside of loop). Use
null cmd instead to simply fall through the pip installation.

Signed-off-by: Michal Berger <michallinuxstuff@gmail.com>
Change-Id: Iaea2e5c0177b475edf19d08d71933a74debbb5d9
2021-10-05 15:44:45 +02:00
Lee Yarwood 714826d1a2 nova: Ensure each compute uses a unique iSCSI initiator
The current initiator name embedded in our CI images is not unique at
present and can often cause failures during live migrations with
attached volumes. This change ensures the name is unique by running
iscsi-iname again and overwriting the existing name.

We could potentially do this during the image build process itself but
given that devstack systems are not supposed to be multi-purpose this
should be safe to do during the devstack run.

Closes-Bug: #1945983
Change-Id: I9ed26a17858df96c04be9ae52bf2e33e023869a5
2021-10-05 11:36:24 +01:00
Jens Harbott 959a7c262a Enable running on Debian Bullseye
Some adaption in database handling is all that is missing. Also add a
platform job that tests this.

Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
Change-Id: I6dd3e48444dd415d84df5e7f5c74540847cdd6db
2021-10-04 17:27:33 +02:00
melanie witt c7791301be Enable oslo.limit to be installed from git repo
oslo.limit isn't currently in the list of libraries that can be
installed from a git repo via LIBS_FROM_GIT.

This adds oslo.limit to enable integrated testing against unmerged
oslo.limit changes.

Change-Id: I26cc567fdf4c84014040ae586bbb029b8de7a236
2021-10-01 17:30:52 +00:00
Lee Yarwood 982b03c605 zuul: Remove dedicated devstack-async job
I83d56c9363d481bb6d5921f5e1f9b024f136044b switched the default of
DEVSTACK_PARALLEL over to True so this dedicated job is no longer
required as *all* jobs should now be using it.

Change-Id: I0f475ab177c2cd49eeb6be861cdd11581e8e0b97
2021-09-30 13:08:35 +01:00
Jens Harbott 56e75e4aef Fix uwsgi config for trailing slashes
The apache mod_proxy documentation[0] says that trailing slashes need to
match for the ProxyPass statement. Since adding a slash to the redirected
url would break things that need to access endpoints like /identity
without anything added, we need to drop the trailing slash for the
target URL. See [1] for the discussion of the CVE fix that changed the
previous behavior.

[0] https://httpd.apache.org/docs/trunk/mod/mod_proxy.html#proxypass
[1] https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1945274

Depends-On: https://review.opendev.org/c/openstack/devstack/+/811389
Change-Id: Ia6b1a41957833fba87a2e6f048d2483267632385
2021-09-28 20:05:08 +02:00
Rajat Dhasmana 65b46a503a Remove cinder from service names
In devstack job, cinder is not a valid service name and logs error
in gate[1] so remove it.

2021-09-28 05:44:47.791807 | controller | + functions-common:service_check:1603      :   for service in ${ENABLED_SERVICES//,/ }
2021-09-28 05:44:47.795506 | controller | + functions-common:service_check:1605      :   sudo systemctl is-enabled devstack@cinder.service
2021-09-28 05:44:47.809647 | controller | Failed to get unit file state for devstack@cinder.service: No such file or directory

[1] https://e978bdcfc0235dcd9417-6560bc3b6382c1d289b358872777ca09.ssl.cf1.rackcdn.com/801989/7/check/tempest-integrated-storage/779d1e7/job-output.txt

Change-Id: I7ca105201d82b72c7e56778425d3bce7c76047db
2021-09-28 03:13:28 -04:00
Ghanshyam Mann 8d1bfcacf8 Update DEVSTACK_SERIES to yoga
stable/xena branch has been created now and
current master is for yoga.

Change-Id: I0c7809bdac6482bb947f394b0c2535fabb4cf067
2021-09-24 18:01:09 -05:00
Brian Haley c9f3e5bdd7 Fix stackrc os-resource-classes typo
Attempting to use LIBS_FROM_GIT="ALL" results in a failure
due to a typo in stackrc for os-resource-classes repo.

  Cloning into '/opt/stack/os-resource-classes'...
  fatal: protocol ':-https' is not supported
  <snip>
  [ERROR] /opt/stack/devstack/functions-common:629 git call failed: [git clone :-https://opendev.org/openstack/os-resource-classes.git /opt/stack/os-resource-classes --branch master]

Remove the extraneous '='.

Change-Id: I21f86324dc15fe808b38e366f7af18c96fd3890c
2021-09-16 11:43:03 -04:00
Zuul 069b0bf4a9 Merge "Glance remote worker should use own cache directory" 2021-09-14 09:08:59 +00:00
OpenStack Proposal Bot 6c8bd96f72 Updated from generate-devstack-plugins-list
Change-Id: If2ea45a2cc7993a9a80187092f2750496e7c8ab7
2021-09-09 06:10:23 +00:00
Radosław Piliszek a38d41ed92 Drop dep on libmysqlclient-dev
It was required to build MySQL-python bindings but, for some time,
we test and rely solely on PyMySQL which is pure Python and hence
does not require this dep.

This package is going away as distros move towards MariaDB.

Change-Id: I6004ccf28a23009a0fc07bfc9458b59a927b969a
2021-09-08 07:51:47 +00:00
Zuul 591e15a3dc Merge "Configure access to physical network also with ML2/OVN backend" 2021-08-31 20:47:21 +00:00
Slawek Kaplonski b1a89eb80b Configure access to physical network also with ML2/OVN backend
Neutron L3 module in Devstack has way to conigure access to physical
network on the node. It can put physical interface to the physical
bridge or, in case when such physical device isn't set, it creates
NAT rule in iptables.

There was missing the same operation for ML2/OVN backend as L3 agent is
not used there at all.

This patch adds the same to be done in both L3 agent and ovn_agent
modules.

Closes-Bug: #1939627
Change-Id: I9e558d1d5d3edbce9e7a025ba3c11267f1579820
2021-08-31 12:41:47 +00:00
Zuul e102559f87 Merge "Set swap size to 4G for c8 jobs" 2021-08-25 16:28:43 +00:00
Zuul ab2a529714 Merge "swift: Fix the empty gid option in rsyncd.conf" 2021-08-24 20:38:27 +00:00
Zuul 48945c5968 Merge "Make Ironic job as voting" 2021-08-24 15:29:13 +00:00
Zuul e3682892a3 Merge "make swift-dsvm-functional job as voting" 2021-08-24 15:23:40 +00:00
Takashi Kajinami 25f84277ea swift: Fix the empty gid option in rsyncd.conf
This change fixes the empty value set to the gid option in rsyncd.conf,
which was caused by reference to the invalid USER_GROUP variable, and
ensures the option is set to the group which STACK_USER belongs to.

This also fixes duplicate declaration of the local user_group variable.

Closes-Bug: #1940742
Change-Id: Ifd0a5ef0bc5f3647f43b169df1f7176393971853
2021-08-21 21:58:11 +09:00
Zuul c807a8bbff Merge "nova: Enable apic removal workaround for bug #1939108 when using QEMU" 2021-08-21 02:51:24 +00:00
OpenStack Proposal Bot 14b7fc5003 Updated from generate-devstack-plugins-list
Change-Id: I924cdf727818b33d71fe71ac110f224164c6b453
2021-08-20 06:13:36 +00:00
Lee Yarwood 1e86a25cc2 nova: Enable apic removal workaround for bug #1939108 when using QEMU
This change enables [workarounds]libvirt_disable_apic when devstack is
deployed using the libvirt virt driver and qemu virt type in an effort
to avoid issues outlined in bug #1939108 caused by the older kernel
currently used in Cirros 0.5.2.

Depends-On: https://review.opendev.org/c/openstack/nova/+/766043
Closes-Bug: #1939108
Change-Id: Ibb6c34133bb1c95ef11cc59d9b12a0f65502c61b
2021-08-19 14:25:53 +01:00
Radosław Piliszek 8b8a4c75b7 Remove libvirt-python from upper-constraints
... when installed from distribution.

This is mostly to fix Ironic's gate as their ecosystem is too
broad and complex to quickly remove libvirt-python from all
possible requirements.txt

More details inline.

See also: https://review.opendev.org/c/openstack/devstack/+/798514
aka f0bf2bdff1

Change-Id: Ic44daf15e952bbe3c424984ffb2474261e68008f
2021-08-18 15:01:27 +00:00
Ghanshyam Mann 31f0418bad Make Ironic job as voting
ironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa
job is voting on Ironic and neutron gate which mean it is
stable enough and make sense to make it voting on devstack gate too.

ironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa is alias
job of ironic-tempest-bios-ipmi-direct-tinyipa so using the original
job instead of alias
- https://opendev.org/openstack/ironic/src/branch/master/zuul.d/ironic-jobs.yaml#L784

Change-Id: I95c67ad69e6eae6a72d25a851a71b7de85e56fd2
2021-08-17 08:49:28 -05:00
Ghanshyam Mann ed323805f2 make swift-dsvm-functional job as voting
swift-dsvm-functional job test swift under python3 and
voting on swift gate whihc means this is a stable job now,
let's make this voting to devstack gate too.

Removing swift-dsvm-functional-py3 job as it does not exist anymore
after- https://review.opendev.org/c/openstack/swift/+/731318

swift-dsvm-functional itself is py3 job now.

Change-Id: I58847f74306194eaad132680815101a134fb4022
2021-08-17 08:45:02 -05:00
Grzegorz Grasza 26f8149218 Use MDB backend in Ubuntu
The MDB backend is the default in Ubuntu and specifying
HDB in debconf doesn't change it to HDB.

Closes-Bug: #1939700
Change-Id: If98f7fc8395678365fb73f0c5cd926cef083e470
2021-08-17 09:41:33 +02:00
Zuul ebc7b0ed25 Merge "Simplify pip install" 2021-08-12 19:54:55 +00:00
Zuul 5585d84c92 Merge "Support optimized cinder backend for glance" 2021-08-12 18:54:55 +00:00
yatinkarel 60b5538c33 Set swap size to 4G for c8 jobs
Tempest is failing randomly with different reasons
as mentioned in the bug, updating swap size those
issues are not seen.

Before [1] default swap size used to be 8GB but was dropped
to 1G so need to configure it in required job itself.

Did couple of tests in [2] and with 4GB+ swap jobs are
running green. On investigation found that with qemu-5
both Ubuntu and CentOS jobs have memory crunch, currently
Ubuntu jobs are not impacted as they are running with
qemu-4.

[1] https://review.opendev.org/c/openstack/openstack-zuul-jobs/+/750941
[2] https://review.opendev.org/c/openstack/devstack/+/803144

Closes-Bug: #1938914
Change-Id: I57910b5fde5ddf2bd37d93e06c1aff77c6e231e9
2021-08-12 21:27:13 +05:30
Zuul bdf454f411 Merge "Add devstack-enforce-scope job to enable the rbac scope checks" 2021-08-12 14:52:21 +00:00
Zuul 78a07d709c Merge "Add Fedora 34 support" 2021-08-12 14:29:59 +00:00
Zuul e7bb05d3f0 Merge "install_pip: Use packaged pip on Fedora" 2021-08-12 14:29:57 +00:00
Zuul ca3407cd88 Merge "install_pip: don't fail when not installed" 2021-08-12 14:29:54 +00:00
Zuul 57a868dd87 Merge "Revert "Workaround for new pip 20.3 behavior"" 2021-08-12 14:27:46 +00:00
Ghanshyam Mann 6fecfd4fff Add devstack-enforce-scope job to enable the rbac scope checks
keystone has system scope feature implemented since
queens release. Now Devstack also started moving towards the new RBAC.

This commit adds a new job 'devstack-enforce-scope' which enable the
scope checks on service side and see if devstack setting are fine or not.

This job will be expanded to enable the scope checks for the other service
also once they start supporting the system scope.

This will help us to test the scope check setting.

Change-Id: Ie9cd9c7e7cd8fdf8c8930e59ae9d297f86eb9a95
2021-08-11 10:32:42 -05:00
Ian Wienand 8dac135cb8 Simplify pip install
The uninstall here has been around since
Ibb4b42119dc2e51577c77bbbbffb110863e5324d.  At the time, there might
have been conflicts between packaged and installed pip.  We don't need
it today; get-pip.py keeps itself separate enough in /usr/local on all
platforms.  Thus we can also remove the suse/centos special-casing.

python3-pip is in the RPM list so we don't need to
re-install for Fedora.

Add a note on why we are over-installing pip.

Remove some old setuptools workarounds that are commented out.

Change-Id: Ie3cb81a8ff71cf4b81e23831c380f83b0381de71
2021-08-11 15:00:18 +10:00
Ian Wienand 156ccbad85 Add Fedora 34 support
* update the support distro filter

* don't install xinetd which doesn't exist in F34 any more.  I think
  there is probably a bit more to do with swift ring-server but that
  can be a problem for another time.

* remove old F31 workaround

Change-Id:If2f74f146a166b9721540aaf3f1f9fce3030525c
2021-08-11 14:07:21 +10:00
Ian Wienand a20971850a install_pip: Use packaged pip on Fedora
This uses the python3-pip package for Fedora but maintains the status
quo for existing distributions (i.e. for Suse we run get-pip.py but
don't uninstall, and for everything else we uninstall python3-pip and
run get-pip.py to be running the latest pip).

As noted inline, installing get-pip.py over Fedora 34's package no
longer works, and likely won't ever work again.  Unlike the LTS
distributions, the Fedora pip should be more up-to-date, so I think
it's best we just avoid any package overwrites.

Change-Id: I84129aadfcf585bb150a3daa39616246d3d84bbd
2021-08-11 14:07:17 +10:00
Abhishek Kekane 00ac547aca Glance remote worker should use own cache directory
Earlier glance remote worker was using same cache directory used by
glance worker. Ideally both should use their own cache directory.

This patch makes provision for the same by setting different path
for image_cache_dir config option.

Change-Id: If2627e9c212fd765b96d925046c04e9cb1001c3d
2021-08-10 16:26:35 +00:00
Ghanshyam 26bd94b45e Revert "Add enforce_scope setting support for keystone"
This reverts commit 9dc2b88eb4.

Reason for revert: Devstack creation/setup the things are not yet moved to scope tokens so we need to wait for that first and then do the scope check enable globally. 

Change-Id: If0368aca39c1325bf90abd23831118b89e746222
2021-08-10 09:54:01 -05:00
Zuul 971dfbf8a0 Merge "Allow to install os-resource-classes from git repo" 2021-08-10 06:57:20 +00:00
Ian Wienand 2df2aa0158 install_pip: don't fail when not installed
On some platforms, "python -m pip" isn't available.  Currently this is
run undconditionally from the "get_versions" function; remove the call.

Change-Id: I91d6c66d055f02fa7b4368593b629933f82d8117
2021-08-10 14:36:30 +10:00
Ian Wienand 6b9a564622 Revert "Workaround for new pip 20.3 behavior"
This reverts commit 7a3a7ce876 and
bcd0acf6c0 and part of
f1ed7c77c5 which all cap our pip
installs.

Given the pip ecosystem can often incorporate major changes, tracking
upstream at least generally gives us one problem at a time to solve
rather than trying to handle version jumps when LTS distros update.

The new dependency resolver included some changes that disallow
setting URL's like "file:///path/to/project#egg=project" in
constraints.  Apparently the fact it used to work was an accident of
the requires/constraints mechanism; it does make some sense as the URL
doesn't really have a version-number that the resolver can put in an
ordering graph.

The _setup_package_with_constraints_edit function comment highlights
what this is trying to do

 # Updates the constraints from REQUIREMENTS_DIR to reflect the
 # future installed state of this package. This ensures when we
 # install this package we get the from source version.

In other words; if constraints has "foo==1.2.3" and Zuul has checked
out "foo" for testing, we have to make sure pip doesn't choose version
1.2.3 from pypi.

It seems like removing the entry from upper-requirements.txt is the
important part; adding the URL path to the on-disk version was just
something that seemed to work at the time, but isn't really necessary.
We will install the package in question which will be the latest
version (from Zuul checkout) and without the package in
upper-requirements.txt nothing will try and downgrade it.

Therefore the solution proposed here is to remove the adding of the
URL parts.

This allows us to uncap pip and restore testing with the new
dependency resolver.

Closes-Bug: #1906322
Change-Id: Ib9ba52147199a9d6d0293182d5db50c4a567d677
2021-08-10 14:22:35 +10:00
Roman Dobosz ac1b723c20 Fix displaying usage for make_cert.sh
Now, if no arguments are passed to make_cert.sh script, it will fail on:

  tools/make_cert.sh: line 30: [: missing `]'

and might go on with generating certs depending on the bash settings.
It is fixed within this patch.

Change-Id: I62bf9c972ebd1644da622439e05114f245f20809
2021-08-06 12:55:39 +02:00
Zuul e937dcb743 Merge "Fix Usage of rdo-release rpm" 2021-08-05 01:36:47 +00:00
Brian Rosmaita f44aa0c55a Allow cinder default quotas configuration
The default cinder quotas for volumes, backups, or snapshots may
be too low for highly concurrent testing, so make these configurable
in devstack.

Change-Id: Ie3cf3239b48f9905f5760ad0166eea954ecf5eed
2021-08-04 18:27:48 -04:00
OpenStack Proposal Bot ba68a49598 Updated from generate-devstack-plugins-list
Change-Id: I062b9a121c79650973c8d8d975e1c723d5798777
2021-07-31 06:13:46 +00:00
yatinkarel 0456baaee5 Fix Usage of rdo-release rpm
rdo-release.el8.rpm rpm points to latest RDO release,
so use it for master, for stable releases use corresponding
release rpm.

Change-Id: I508eceb00d7501ffcfac73d7bc2272badb241494
2021-07-30 19:32:51 +05:30
Zuul 3e58254d38 Merge "Switch fedora-latest to use fedora-34" 2021-07-29 23:49:31 +00:00
Marek Tamaskovic 524487728e Fix opening shell as user 'stack'
The usage of sudo with su is not recommended. It results in incosnistent
environment variables. Instead use just sudo with appropriate arguments.
The argument '-u stack' specifies that the sudo will execute as user 'stack'.
The last argument '-i' will launch an interactive shell.

Closes-Bug: #1938148

Change-Id: I42387660480377cdf9a0b04f190e7e1f21fb354f
2021-07-28 17:03:52 +02:00
Zuul 13f02e8b76 Merge "Enable tempest tests for hostname sanitization" 2021-07-27 10:33:00 +00:00
Zuul 5d380b6f7f Merge "zuul: Add /etc/libvirt to log collection" 2021-07-26 20:34:10 +00:00
Pavan Kesava Rao 71bd10e451 Enable tempest tests for hostname sanitization
Starting Wallaby release, nova sanitizes instance hostnames having
freeform characters with dashes. It should be tested in Devstack.

Depends-On: https://review.opendev.org/c/openstack/tempest/+/795699
Change-Id: I54794e58b67620c36e8f2966ec3b62dd24da745b
2021-07-22 12:15:16 -04:00
Zuul a5ed116814 Merge "Add enforce_scope setting support for Glance" 2021-07-20 16:42:45 +00:00
Zuul 015622115e Merge "Add enforce_scope setting support for Cinder" 2021-07-20 16:42:43 +00:00
Zuul 5162d0fd07 Merge "Add configuration notes about glance limits" 2021-07-19 20:29:18 +00:00
Zuul 373d1f3879 Merge "Provide override for glance image size limit" 2021-07-19 20:29:15 +00:00
Zuul 92cb77b93e Merge "libvirt: Stop installing python bindings from pip" 2021-07-19 18:27:41 +00:00
Dan Smith c8b66ff33e Add configuration notes about glance limits
Change-Id: I21a43584116f4b719cf99d3942044cbf13fefb9a
2021-07-19 11:25:09 -07:00
Julia Kreger 5a642450d6 Provide override for glance image size limit
The glance image size limitation was added and unfortuantely
does prevent larger images from being uploaded to glance. In the
case of all baremetal testing, this value is realistically smaller
than stock "cloud" images which support booting to baremetal with
often requisite firmware blobs, which forces some images over 1GB
in size.

Adds GLANCE_LIMIT_IMAGE_SIZE_TOTAL which allows users who need
larger images to be able to override the default while still
enabling limits enforcement in their deployment. The default
value is 1000.

Change-Id: Id425aa546f1a5973bae8be9c017782d18f0b4a47
2021-07-19 10:13:42 -07:00
Zuul 4465472270 Merge "Configure glance unified limit quotas" 2021-07-17 09:09:49 +00:00
Zuul 7f5e4ed4f3 Merge "Add enforce_scope setting support for keystone" 2021-07-16 16:17:31 +00:00
zenkuro 6f4eafb823 Added AlmaLinux to CentOS 8 family
Change-Id: I9fb6f010842a495c838d468b47dc5081596f41a2
2021-07-15 21:47:23 +03:00
Zuul 0d5ba5b250 Merge "Make explicit the network backend used in the CI jobs" 2021-07-11 19:00:41 +00:00
Zuul 6c46859f7e Merge "Use specific credentials for tempest plugin setup" 2021-07-07 22:31:48 +00:00
Przemyslaw Szczerbik 1ab63132df Allow to install os-resource-classes from git repo
Example local.conf config snippet:

LIBS_FROM_GIT="os-resource-classes"
OS_RESOURCE_CLASSES_REPO="${LOCAL_GIT_BASE}/os-resource-classes"
OS_RESOURCE_CLASSES_BRANCH="dev_branch"

Closes-Bug: #1934784
Change-Id: I972a2a49aa816433152e5cfac4f672c0465d083f
2021-07-06 14:48:21 +02:00
Lee Yarwood f0bf2bdff1 libvirt: Stop installing python bindings from pip
As set out in bug #1933096 these bindings are dynamically built against
the version of libvirt present in the environment at build time.

As a result using a pre-built wheel can cause AttributeError's when the
bindings have previously been built elsewhere against an older version
of libvirt installed on the host. This is currently the case in CentOS 8
stream based CI jobs where we try to use 7.4.0 bindings that appear to
be built against libvirt <= 6.10 leading to bug #1933096.

This change seeks to avoid this by installing the bindings from packages
that will always be built against the correct corresponding version of
libvirt.

Change-Id: I76184c17a776c4e1ecaab9549d9d36c8c07c60fa
Closes-Bug: #1933096
2021-06-29 11:53:22 +01:00
Zuul 94d7cacfe2 Merge "Revert edk2 workaround" 2021-06-25 10:16:44 +00:00
Lee Yarwood 2175ff3108 zuul: Add /etc/libvirt to log collection
Useful when debugging libvirtd issues such as bug #1912310.

Related-Bug: #1912310
Change-Id: Ic8504bd61316e44215672cc44436a3b9a19e114d
2021-06-25 10:59:52 +01:00
Rodolfo Alonso Hernandez bf13075632 Make explicit the network backend used in the CI jobs
All Neutron CI jobs (except for unit, functional and fullstack jobs),
have explicitly defined the network backend used:
- linuxbridge
- ovs
- ovn

That was discussed and approved during the Neutron CI meetings [1].

[1]https://meetings.opendev.org/meetings/neutron_ci/2021/neutron_ci.2021-06-15-15.00.log.html

Depends-On: https://review.opendev.org/c/openstack/neutron/+/797051
Change-Id: Ib14542311e9b1d49829bef54f433b8a04709a9fd
2021-06-23 13:03:52 +00:00
Zuul 2e559c7dfb Merge "os_vif: Add support for configuring os_vif_ovs plugin" 2021-06-22 19:03:33 +00:00
Julia Kreger 5c9affdd9a Use specific credentials for tempest plugin setup
The tempest plugin expects the classic environment variables
to be present for credentials to access the cloud, but this is
wrong in cases where we're trying to setup system
scoped services and need to remove the environment variables
that was being used.

Instead, change the plugin to use the os-cloud entry definitions,
and specifically in this case devstack-admin which makes sense
until we begin to start to make tempest itself scope aware.

We likely will want to change the environment variables from being
registered in devstack at some point and completely shift towards
passing an-os-cloud parameter, but that is outside the scope of
this change as doing so will likely break all plugins.

Change-Id: I8d4ec68f116eea07bc7346f939e134fa2e655eac
2021-06-22 14:49:12 +00:00
Gregory Thiemonge a5d52831dc Fix updating setuptools in Centos
In RHEL-based distributions, updating setuptools using pip removes the
files from the python3-setuptools RPM. It breaks some tools such as
semanage (which is used by diskimage-builder) that use the -s flag of
the python interpreter (don't import modules from /usr/local).
This commit reinstalls python3-setuptools to fix those applications.

Change-Id: Ib44857e83f75acf37823fae912960a801c83cf7f
2021-06-21 09:58:47 +02:00
Gregory Thiemonge 7befae663c Delay horizon startup
Move the 'Starting Horizon' task after the end of the wait for
create_flavors.
The start_horizon function restarts the httpd server, the openstack
services are unavailable during a short period of time, so the
"openstack flavor create" calls might fail randomly.

Closes-Bug: #1932580
Change-Id: I32ee7457586e3de8ba4dfce3b1a12025f9776542
2021-06-19 14:19:26 +02:00
Sean Mooney 5344885a61 os_vif: Add support for configuring os_vif_ovs plugin
This change add an os-vif lib that declares two new variables
OS_VIF_OVS_OVSDB_INTERFACE and OS_VIF_OVS_ISOLATE_VIF

The former is introduced to workaround bug #1929446 which cause the nova
and neutron agents to periodically block waiting for ovs to respond.

OS_VIF_OVS_ISOLATE_VIF is added to address bug #1734320 when using
ml2/ovs vif isolation should always be used to prevent cross tenant
traffic during a live migration.  This makes devstack more closely
mirror reality by enabling it when ml2/ovs is used and disabling it
otherwise.

Related-Bug: #1734320
Related-Bug: #1929446
Related-Bug: #1912310
Change-Id: I88254c6e22b52585506ee4907c1c03b8d4f2dac7
2021-06-18 14:05:39 +00:00
Radosław Piliszek 808331488d Revert edk2 workaround
It is not needed anymore.

Change-Id: I706a33b0a7c737a23b9a7270af1e53e5de83c66f
2021-06-18 12:06:02 +00:00
Julia Kreger 6af3cb9eb2 nova ironic-hypevisor - support scoped auth config
The Secure RBAC effort has updated Ironic such that it
can support a mode where it is scope enforcing for all
interactions with the API. Due to the design, and operating
nature of Ironic's API, services speaking with it must
authenticate with a system scope to have a full picture
of the universe.

In this case, we need to update the nova configuration
accordingly such that the compute service understands
how to talk to ironic so that it can see the nodes under
management.

Ironic will likely update this again at a later point in
time to enable a "hybrid" mixed-mode as the operating model
and related permissions *should* allow nova to use a project
scoped "owner" account with Ironic, in order to access
and command nodes to deploy. But at this time, we're
focusing on the exclusive operating mode.

Change-Id: I1946725ce08c495178c419eaf38829f921c91bbe
Needed-By: https://review.opendev.org/c/openstack/ironic/+/778957
2021-06-15 11:32:45 -07:00
Zuul 74bcc0b4ef Merge "Drop broute from ebtables_dump" 2021-06-15 07:13:31 +00:00
Artem Goncharov 89baa314c1 Temporary add feature pragma
OpenStackSDK has a feature branch "feature/r1" as a preparation for the
R1.0 release. Due to different branch naming functional tests with
devstack are not running. Add temporarily (for the duration of the
feature branch) pragma to the zuul.yaml to allow Zuul run functional
tests. It will be dropped once SDK gets next major release.
Previous attemp didn't work well for other projects, therefore
explicitly include master as well.

Change-Id: I3a5722873f395bc52cc55a0fd6bcea0ebe3b74fc
2021-06-11 17:06:16 +02:00
Zuul 416902ee4b Merge "[OVN] Set up routing on public bridge like OVS did" 2021-06-11 01:16:03 +00:00
Mohammed Naser 20d6a21e8a Switch fedora-latest to use fedora-34
Fedora 32 is now EOL, we should test against the newly released
version of Fedora which is 34.

Depends-On: https://review.opendev.org/c/openstack/project-config/+/795604
Change-Id: I10d868aca20d1a10d3e7fcfeb78f6fda4c896ee8
2021-06-09 14:20:11 -04:00
Zuul a6fca2b742 Merge "Move verify-ipv6-only-deployments" 2021-06-09 17:22:39 +00:00
Jens Harbott 5a684eb51b Drop broute from ebtables_dump
This table is no longer present on most installations, drop it
from the list to avoid error messages during log collection
that people mistake to be the real error why devstack is failing.

This may lose some debugging information in edge cases, but I
think the improvement of the general user experience is more
important.

Change-Id: Ibb9b247a018a788c8c4b40487762319fe470bf0f
Closes-Bug: 1885198
2021-06-09 09:37:34 +02:00
Radosław Piliszek 9529878808 [OVN] Set up routing on public bridge like OVS did
This fixes various reported and unreported issues with the new
behaviour.

Removes code repetition as well to pay off some technical debt.

Closes-Bug: #1930360
Change-Id: I726c532e96ca434520838ae8a35d5b88b6dd337b
2021-06-08 16:19:40 +00:00
Radosław Piliszek 2fb8c7a5ee Move verify-ipv6-only-deployments
from Tempest to DevStack as it tests DevStack side of things and
is useful for projects not using Tempest.

Verbatim copy except for the devstack- prefix and the /devstack/
path.

Change-Id: Ie166730843f874b9c99e37244e460d7ad33b7eeb
2021-06-07 17:44:54 +00:00
Radosław Piliszek 81937a230a [CI] Drop CentOS Linux 8 job and nodeset
CentOS Stream 8 (aka CentOS 8 Stream) is the currently
supported runtime platform. [0]

DevStack works with CentOS Stream only now. [1]

The only usage of the nodeset being dropped is handled by the
Depends-On.

[0] https://governance.openstack.org/tc/reference/runtimes/xena.html
[1] https://review.opendev.org/c/openstack/devstack/+/759122

Depends-On: https://review.opendev.org/c/openstack/cinder-tempest-plugin/+/795159
Change-Id: Ic0f696b46dce3dba529b53a8f9de8cda6b913c7b
2021-06-07 17:28:38 +00:00
Radosław Piliszek 96509ea025 Check centos-8-stream
CentOS Stream 8 (aka CentOS 8 Stream) is the currently
supported runtime platform. [0]

Some background history:
The Manila team has asked QA to test centos-8-stream
in the common gate.
A bit later it turned out the point releases of CentOS 8 (aka
CentOS Linux 8) will stop happening entirely by the end of 2021.
[1]

Includes a workaround to the edk2-ovmf issue on CentOS Stream 8
x86_64.

[0] https://governance.openstack.org/tc/reference/runtimes/xena.html
[1] https://lists.centos.org/pipermail/centos-devel/2020-December/075451.html

Change-Id: Iee5a262af757f27f79ba1d6f790e949427dca190
2021-06-07 06:54:20 +00:00
Zuul 4c4b9bc9ef Merge "Revert "Temporary add feature pragma"" 2021-06-05 15:05:53 +00:00
Ghanshyam 3ad1661384 Revert "Temporary add feature pragma"
This reverts commit 6843bc798c.

Reason for revert: not sure why but this end up disabling the integration job on check pipeline,

Change-Id: Icfaf8ea17b3ce2e405414c23f8075b18d297bf8b
example: latest recheck on PS12 check pipeline job for neutron - https://review.opendev.org/c/openstack/neutron/+/790060
2021-06-04 21:32:17 +00:00
Zuul 1cefb089ba Merge "setup.cfg: Replace dashes with underscores" 2021-06-04 20:38:29 +00:00
Zuul f42347285a Merge "Temporary add feature pragma" 2021-06-04 17:52:46 +00:00
Zuul 3662e10ef6 Merge "Updated from generate-devstack-plugins-list" 2021-06-04 17:16:34 +00:00
Monty Taylor 6843bc798c Temporary add feature pragma
OpenStackSDK has a feature branch "feature/r1" as a preparation for the
R1.0 release. Due to different branch naming functional tests with
devstack are not running. Add temporarily (for the duration of the
feature branch) pragma to the zuul.yaml to allow Zuul run functional
tests. It will be dropped once SDK gets next major release.

Change-Id: I671b589150fe731125e16316a994a5942219920b
2021-06-04 15:28:30 +00:00
Dan Smith 4e916aeb06 Configure glance unified limit quotas
This makes us configure limits for glance and enable enforcement.

Depends-On: https://review.opendev.org/c/openstack/glance/+/794247
Change-Id: If58d8474cae95b1be3044bd52010b8288a7f5fcc
2021-06-03 06:50:17 -07:00
OpenStack Proposal Bot cbc0b64a34 Updated from generate-devstack-plugins-list
Change-Id: I2d5b0c59d5dd33f639ec685b16768325d67e9dbf
2021-06-03 06:14:05 +00:00
Gregory Thiemonge 949f5ada60 Add route to IPv6 private subnets in ML2/OVN
Enable IPv6 private subnet routing in ML2/OVN, it uses the behavior that
already exists in ML2/OVS: add a route from the devstack node to the
CIDRs of the default IPv6 subnet pool. Any IPv6 subnet created using the
default subnet pool and plugged into the default router is reachable
from the host (ex: ipv6-private-subnet).

Change-Id: I02ca1d94e9f4d5ad4a06182f5ac9a2434941cf08
2021-06-02 12:40:46 +00:00
Zuul aa25b741fe Merge "OVN : include source compliation functions" 2021-06-01 22:24:53 +00:00
Ghanshyam Mann 8ea11c2947 Update IRC network to OFTC
Change-Id: I260d9e65782add011f00d9087e0a5ac71e2be324
2021-05-31 15:04:29 -05:00
Anand Bhat 58f6048dd4 setup.cfg: Replace dashes with underscores
Setuptools v54.1.0 introduces a warning that the use of dash-separated
options in 'setup.cfg' will not be supported in a future version [1].
Get ahead of the issue by replacing the dashes with underscores. Without
this, we see 'UserWarning' messages like the following on new enough
versions of setuptools:

  UserWarning: Usage of dash-separated 'description-file' will not be
  supported in future versions. Please use the underscore name
  'description_file' instead

[1] https://github.com/pypa/setuptools/commit/a2e9ae4cb

Change-Id: I6b8e791c06319fa5fa0935337520c36800b1abd6
2021-05-28 11:36:23 +05:30
Ian Wienand 77835633c5 OVN : include source compliation functions
This patch moves the OVS compilation module from Neutron into DevStack.
It also renamed it to "ovs_source" to highlight its function, and the
include has been moved to where the rest of the includes are located.

Although this module is not required since by default DevStack installs
OVS/OVN from the host OS packages instead of compiling from source,
this is a nice to have as it avoids having bits and pieces of the code
scattered around multiple repositories.

Co-Authored-By: Lucas Alvares Gomes <lucasagomes@gmail.com>
Change-Id: I39ec9ce0a91bea05cf8c446a9767ab879ac8e8f3
2021-05-27 17:10:53 +01:00
Lucas Alvares Gomes 22038a9a8c [OVN] Configure public bridge enabled by default
This patch makes the OVN_L3_CREATE_PUBLIC_NETWORK configuration True by
default. This option makes the OVN lib in DevStack create & configure
the external bridge, matching the same behavior from the OVS driver
in DevStack.

Change-Id: Icda53b95fdc3c169ac48a6ec4343c87ba404baa4
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2021-05-27 16:17:06 +01:00
Zuul a634c7f91c Merge "[CI] Add no-tls-proxy job" 2021-05-26 19:23:31 +00:00
Ghanshyam Mann 7604e085b4 Pin nodeset for unit test job
devstack unit test job does not set any nodeset
and so does use default nodeset defined in base jobs
in opendev. When opendev switches the default nodeset to
the latest distro version, devstack unit test job can start
failing. Example:

- https://review.opendev.org/q/I01408f2f2959b0788fe712ac268a526502226ee9
- https://review.opendev.org/q/Ib1ea47bc7384e1f579cb08c779a32151fccd6845

To avoid such a situation in future, let's set the working nodeset
for this job also so that when we cut the stable branch we can
run it on the working distro version. 

Change-Id: I302140778fedf08bc8ba72c453837fa7b8f8f9ae
2021-05-25 18:10:44 +00:00
Zuul e4b0685b6b Merge "docs: recommend Ubuntu 20.04 instead of Bionic" 2021-05-25 16:23:16 +00:00
Zuul 6a4e7b0413 Merge "[TrivialFix] Delete symlink apts-debs" 2021-05-25 15:26:48 +00:00
Zuul 249ded23ad Merge "Change default network backend driver to ML2/OVN" 2021-05-25 02:45:36 +00:00
Radosław Piliszek ddb66f2344 [CI] Add no-tls-proxy job
Some gates run devstack like this and it follows different code
paths.
Let's ensure we don't break it now and then.

Change-Id: I6ee1bfc30bced53f6d7fb841e01714069919fd88
Reference: http://lists.openstack.org/pipermail/openstack-discuss/2020-July/015997.html
Reference: http://eavesdrop.openstack.org/meetings/qa/2021/qa.2021-05-11-14.00.log.html
2021-05-24 17:45:06 +00:00
Lucas Alvares Gomes e38a39ad40 Change default network backend driver to ML2/OVN
This patch is changing the default network backend driver in DevStack to
OVN.

This is a long effort from the Neutron community that has been
discussed on previous PTGs and agreed upon.

A similar patch to this one [0] have been merged in the past but got
reverted [1] because it did break some zuul jobs. This one also include
fixes for such jobs and was verified at [2]

[0] https://review.opendev.org/c/openstack/devstack/+/735097
[1] https://review.opendev.org/c/openstack/neutron/+/775632
[2] https://review.opendev.org/c/zuul/zuul-jobs/+/791117

Change-Id: I8c2be82f33ed9f6c36f5509b3b210ee1a38e87ca
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2021-05-24 09:48:35 +01:00
Zuul fcdc8aff6a Merge "Add support for ceph_iscsi cinder driver" 2021-05-20 23:25:33 +00:00
Zuul 0e31ce488f Merge "Remove Block Storage API v2 support" 2021-05-20 22:26:26 +00:00
Ghanshyam Mann f0736406f5 Fix unit test to use python3 command
unit test jobs staretd to run on ubuntu-focal now
and failing for using 'python' command.

Change-Id: Ie002faf4c96ac7f207207a481c057b8df0289e6c
2021-05-19 11:20:06 -05:00
Ihar Hrachyshka 2a9673f027 docs: recommend Ubuntu 20.04 instead of Bionic
Bionic support was dropped in I39e38e4a6c2e52dd3822c9fdea354258359a9f53.

Change-Id: I765aac352590fd2f74d3fd90676d6d098548e6b8
2021-05-19 10:23:05 -04:00
Brian Rosmaita 35cec0d7c0 Remove Block Storage API v2 support
The Block Storage API v2 was deprecated in Pike by change
I913c44799cddc37c3342729ec0ef34068db5b2d4 and is (finally)
being removed in Xena [0].  So remove v2 support from devstack.

[0] https://wiki.openstack.org/wiki/CinderXenaPTGSummary#Removing_the_Block_Storage_API_v2

Depends-on: https://review.opendev.org/c/openstack/devstack/+/792048
Change-Id: I856d78648d28ac4cad0fb212bef1ae6ad32fca90
2021-05-19 08:43:44 -04:00
Zuul 9ee7821e80 Merge "Replace dstat with pcp-dstat" 2021-05-18 08:06:39 +00:00
Zuul c9abd1d6ba Merge "Drop Bionic support" 2021-05-18 07:54:47 +00:00
Brian Rosmaita 6e9f7c2570 Support optimized cinder backend for glance
When Glance is configured with a cinder glance_store, Cinder can be
configured to allow cloning of image data directly in the backend
instead of transferring data through Glance.  Expose these
configuration options in devstack to facilitate testing this feature.

Adds:
- CINDER_ALLOWED_DIRECT_URL_SCHEMES
- GLANCE_SHOW_DIRECT_URL
- GLANCE_SHOW_MULTIPLE_LOCATIONS

Change-Id: Iee619b443088fd77cf7b1a48563203bdf4a93a39
2021-05-17 19:29:19 -04:00
Lucas Alvares Gomes c19c1262c8 Replace dstat with pcp-dstat
The dstat project is no longer maintained.

The pcp-dstat package installs a dstat command so no further updates to
the scripts should be needed.

Change-Id: Ied8c9d29bed4f887c364db7080a0f2a0c02328af
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2021-05-17 16:11:34 +01:00
Zuul b04a62beff Merge "Revert "Change Neutron's default ML2 driver to OVN"" 2021-05-14 04:33:52 +00:00
Ghanshyam ff073a5643 Revert "Change Neutron's default ML2 driver to OVN"
This reverts commit 5c304d8176.

Reason for revert: There are more things to fix/move like done in 791085 and 791282 Also let's change all required default in devstack scripts instead of devstack's zuul job side. Basically do this change without any change in .zuul.yaml

Change-Id: Ie0f59d1b9a4b97ad9fd8131819054dfb616f31fd
2021-05-13 16:25:17 +00:00
Zuul 1769eebed0 Merge "Change Neutron's default ML2 driver to OVN" 2021-05-12 17:58:29 +00:00
Zuul 082f4786f0 Merge "Changed minversion in tox to 3.18.0" 2021-05-12 17:46:23 +00:00
Zuul 1259b7ecbc Merge "Cinder: only set volume_clear for LVM" 2021-05-12 16:26:21 +00:00
Anand Bhat 230f5c434c Changed minversion in tox to 3.18.0
The patch bumps min version of tox to 3.18.0 python in order to
replace tox's whitelist_externals by allowlist_externals option:
https://github.com/tox-dev/tox/blob/master/docs/changelog.rst#v3180-2020-07-23

Change-Id: Id8bdda703afc39d352e3a53877318dc30d91a5f7
2021-05-12 17:01:05 +05:30
Lucas Alvares Gomes 69a66fb62b Fix docs job
Sphinx 4.0.0 added a new dependency [0] which is causing the job to fail
at the moment.

This patch fix the problem by adding UC to the docs jobs.

[0] https://www.sphinx-doc.org/en/master/changes.html (LaTeX: add
tex-gyre font dependency)

Change-Id: I28019331017405c06577ada88f8e9f6d9a2afc23
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2021-05-11 14:05:22 +01:00
Lucas Alvares Gomes 5c304d8176 Change Neutron's default ML2 driver to OVN
As part of the Victoria PTG the Neutron community [0] agreed on changing
the default backend driver from ML2/OVS to ML2/OVN in DevStack. A lot of
changes have been submitted towards this goal including but not limted
to:

* Moving the OVN module to DevStack:
  https://review.opendev.org/c/openstack/devstack/+/734621

* Updating the OVN module to use distro packages instead of compiling
  OVN from source: https://review.opendev.org/c/openstack/devstack/+/763402o

And now this patch is changing the the actual Q_AGENT,
Q_ML2_TENANT_NETWORK_TYPE and Q_ML2_PLUGIN_MECHANISM_DRIVERS values in
devstack to what is expected by OVN as well as updating the Zuul
templates to enable the OVN services.

[0] https://etherpad.opendev.org/p/neutron-victoria-ptg

Change-Id: I92054ce9d2ab7a42746ed5dececef583b0f8a833
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2021-05-10 14:43:28 +01:00
Zuul 166c88b610 Merge "Handle disappearing pids in mlock_report.py" 2021-05-02 15:03:07 +00:00
Clark Boylan 06b7352478 Fix async race updating nova configs
The configure_neutron_nova function updates nova configs. While that is
still running we separately update nova configs in stack.sh. This can
result in unexpected configs (that don't work). Fix this by waiting for
configure_neutron_nova to complete its work before we do nova config
updates directly in stack.sh.

For specifics we say that:

  [neutron]
  project_domain_name = Default

was missing from both nova.conf and nova-cpu.conf and instances could
not be created because keystone complained about not finding domain in
project. The strong suspicion here is that on some systems
configure_neutron_nova would write out project_domain_name while the
stack.sh inisets were running resulting in stack.sh overwriting the
project_domain_name content.

One theory is that disabling swift makes this problem more likely as
there is swift work in the middle of the async period. This is supported
by the fact that our job that hits this problem does indeed disable
swift.

Change-Id: I0961d882d555a21233c6b4fbfc077cfe33b88499
2021-04-29 11:54:50 -07:00
Zuul bab78dede2 Merge "cinder: Increase VOLUME_BACKING_FILE_SIZE" 2021-04-29 16:26:21 +00:00
Ghanshyam Mann 7ad4cd07c8 Drop Bionic support
Since victoria cycle, we have moved upstream testing to
Ubuntu Focal (20.04) and so does no Bionic distro in
Xena cycle testing runtime[1]. Grenade jobs also started
running on Focal since victoria was released.

Only thing left was legacy jobs which were not migrated to
Ubuntu Focal in Victoria and as per another community-wide
goal[2], all the lgeacy jobs were suppsoed to be migrated
to zuulv3 native jobs in victoria cycle itself. One of the
pending job was in nova (nova-grenade-multinode) which is also
migrated to zuulv3 native now
- https://review.opendev.org/c/openstack/nova/+/778885

If there is any job running on bionic, we strongly recommend
to migrate it to Ubuntu Focal.

[1] https://governance.openstack.org/tc/reference/runtimes/xena.html
[2] https://governance.openstack.org/tc/goals/selected/victoria/native-zuulv3-jobs.html

Change-Id: I39e38e4a6c2e52dd3822c9fdea354258359a9f53
2021-04-29 09:33:59 -05:00
Ian Wienand b02a43291c Handle disappearing pids in mlock_report.py
If a pid disappears on us while we're reading, we should just continue
on.

EnvironmentError is just an alias for OSError since Python 3.3, so use
the latter name. [0]

[0] https://docs.python.org/3/library/exceptions.html#OSError

Change-Id: I3a25cca328e1469f72c84a118a9691c1c0258bc4
Closes-Bug: #1926434
2021-04-28 16:31:17 +00:00
Lee Yarwood 0386c1cda6 cinder: Default CINDER_ISCSI_HELPER to tgtadm on Bionic
If5c860d1e69aaef9a9236303c370479a7714ad43 attempted to move this default
to lioadm while pinning certain Bionic based jobs to tgtadm.

Unfortunately it missed the legacy dsvm based jobs within various
projects that do not inherit from the devstack-platform-bionic base job
and that are also not covered by devstack's gate.

This change simply forces CINDER_ISCSI_HELPER to tgtadm on Bionic based
hosts to ensure it is always used.

Closes-Bug: #1926411
Change-Id: Ib4b38b45f25575c92fb09b8e97fa1b24af0cc06a
2021-04-28 09:32:39 +01:00
Lee Yarwood c062792709 cinder: Default CINDER_ISCSI_HELPER to lioadm
As outlined in bug #1917750 the use of tgtadm in multinode environments
with multiple c-vol services can cause volumes to use duplicate WWNs.

This has been shown to cause some encrypted volume test failures as
os-brick returns a /dev/disk/by-id path to n-cpu that can point to the
wrong underlying volume when multiple volumes with the same WWN are
connected to a host.

There is also some speculation that the duplicate WWNs are also causing
libvirt to fail to detach volumes from instances but as yet this has not
been proven.

This change aims to avoid all of the above by switching the default of
CINDER_ISCSI_HELPER to lioadm for all deployments instead of just EL and
SUSE based deployments.

The Bionic platform job however is pinned to tgtadm as there issues
installing python3-rtslib-fb.

Closes-Bug: #1917750
Change-Id: If5c860d1e69aaef9a9236303c370479a7714ad43
2021-04-23 10:53:10 +01:00
Zuul e59b945a7d Merge "[OVN] Fix Fedora/CentOS OVN configuration" 2021-04-19 12:34:43 +00:00
Radosław Piliszek d04e795b31 [TrivialFix] Delete symlink apts-debs
Follow up on old I0416180db5b6add996ce5b48c6966c1b68adbcb0

Change-Id: If2f6166cf7c585bf303d0f6c28a2745d85eabbed
2021-04-19 06:52:30 +00:00
Zuul 6a5dd3fd9d Merge "Add some debug to async_wait failures" 2021-04-16 21:18:06 +00:00
Zuul 9bc8f8e627 Merge "Move gawk into general for post-config" 2021-04-15 23:08:23 +00:00
Zuul 84a2d4d35a Merge "Work around CHILD_MAX bash limitation for async" 2021-04-15 13:27:35 +00:00
Dan Smith 51e384554b Add some debug to async_wait failures
This dumps some data in the case where we fail to wait for a child
pid to help debug what is going on. This also cleans up a few review
comments from the actual fix.

Change-Id: I7b58ce0cf2b41bdffa448973edb4c992fe5f730c
Related-Bug: #1923728
2021-04-15 06:16:42 -07:00
Zuul a37704691c Merge "Rely on ceph.conf settings when cinder backup pool is created" 2021-04-15 09:43:26 +00:00
Dan Smith aa5c38727b Work around CHILD_MAX bash limitation for async
Apparently bash (via POSIX) only guarantees a small (32ish) number of
children can be started and their statuses retrieved at any given
point. On larger jobs with lots of plugins and additional work, we
may go over that limit, especially for long-lived children, such
as the install_tempest task.

This works around that issue by creating a fifo for each child at
spawn time. When the child is complete, it will block on a read
against that fifo (and thus not exit). When the parent goes to wait
on the child, it first writes to that fifo, unblocking the child so
that it can exit near the time we go to wait.

Closes-Bug: #1923728
Change-Id: Id755bdb1e7f1664ec08742d034c174e87a3d2902
2021-04-14 14:33:07 -07:00
Zuul ef1e9ada9b Merge "Make stackviz tasks not to fail jobs" 2021-04-10 13:41:29 +00:00
Ghanshyam Mann 580fec54c3 Make stackviz tasks not to fail jobs
Due to issue on stckviz side, job start
failing with POST_FAILURE. If we fix the
issue still we need to wait for periodic job
periodic-package-stackviz-element to publish
the latest tarball on https://tarballs.openstack.org/stackviz/dist/.

Let's not fail the job for any issue occur during
stackviz processing.

Closes-Bug: 1863161

Change-Id: Ifee04f28ecee52e74803f1623aba5cfe5ee5ec90
2021-04-08 22:17:56 +00:00
Zuul e53142ed0d Merge "Default to parallel execution" 2021-04-08 18:10:36 +00:00
Zuul cd0147194d Merge "Configure Cinder backup driver" 2021-04-08 15:33:49 +00:00
Zuul 5a12a7fc4b Merge "Update DEVSTACK_SERIES to xena" 2021-04-08 01:03:01 +00:00
Francesco Pantano 448db9ec41 Rely on ceph.conf settings when cinder backup pool is created
Ceph adds the osd pool default size option on ceph.conf via [1];
this means we don't need to specify the size of this pool if
the same value (same variable) is used (CEPH_REPLICAS).
This change is an attempt of removing the size setting, relying
on the implicit declaration of the value provided by ceph.conf.

[1] https://github.com/openstack/devstack-plugin-ceph/blob/master/devstack/lib/ceph#L425

Change-Id: I5fa2105ceb3b97a4e38926d76c1e4028f1108d4a
2021-04-07 22:57:29 +02:00
Zuul 2c275ab7db Merge "gzip, not xz" 2021-04-07 13:12:25 +00:00
Radosław Piliszek 6f2c807bfa gzip, not xz
xz may cause POST_FAILUREs due to memory pressure [1].

[1] http://lists.openstack.org/pipermail/openstack-discuss/2021-April/021609.html

Change-Id: I2ea3175ecf2508b62640bfffdd798d7072e55550
2021-04-06 18:43:32 +00:00
Ghanshyam Mann 25d37efb91 Update DEVSTACK_SERIES to xena
stable/wallaby branch has been created now and
current master is for xena.

Change-Id: I42f67361fe50795d929752434342effddf123486
2021-04-06 10:35:19 -05:00
Lee Yarwood 362641b1b8 cinder: Increase VOLUME_BACKING_FILE_SIZE
As reported in bug #1920136 the tempest-integrated-compute job has
started to see insufficient free virtual space errors being reported by
c-sch and c-vol when creating volumes. This change simply increases the
default size of the underlying LVM PV used to host these volumes within
the default LVM/iSCSI c-vol backend deployed by devstack.

Change-Id: I965d4a485215ac482403f1e83609452550dfd860
Closes-Bug: #1920136
2021-04-06 11:35:44 +01:00
Nobuhiro MIKI 110b9a9b1b Fix typo in multinode-lab document
Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Change-Id: I1b6100d6b8231f1f96a7768e26ab83f010f1e4dc
2021-04-01 11:14:27 +09:00
Hironori Shiina 01a84d2d03 Configure Cinder backup driver
This patch adds a new environment variable, CINDER_BACKUP_DRIVER for
configuring cinder backup driver used when c-bak service is enabled.
This gets cinder backup driver configurable with a similar pattern to
cinder backends. Although the current configurable backup drivers don't
need cleanup functions, the interface for cleanup is prepared for the
future.

The following backup drivers can be configured:
  swift:
  This is the default backup driver.
  ceph:
  This already can be configured if ceph backend driver is enabled. For
  backward compatibility, ceph backup driver is used if ceph backend
  driver is enabled and no backup driver is specified.
  s3_swift:
  The s3 backup driver gets configurable with this patch. By specifying
  's3_swift', the driver is configured for swift s3api.

In the future, lib/cinder_backups/s3 should be created separatedly for
external S3 compatible storage. This file will just set given parameters
such as a URL and credentials.

Change-Id: I356c224d938e1aa59c8589387a03682b3ec6e23d
2021-03-31 15:12:25 -04:00
Toshiaki Takahashi d207ba9015 Move gawk into general for post-config
Devstack script for setting post-config needs gawk.
So this patch moves gawk from files/*/nova into files/*/general.

Closes-Bug: #1909041
Change-Id: I06a1a5524f146a8d7337963e846b5a6b7561be13
2021-03-30 09:44:06 +00:00
Dan Smith 84b328c814 Default to parallel execution
Several jobs have been running in parallel since the late Wallaby
cycle, and other developers have had it enabled locally. I have heard
no async-related stability or debug-ability complaints thus far.
I think that we should convert the default to parallel early in the
Xena cycle in an attempt to spread the speed improvements across the
board, while also collecting data on a wider set of configurations.

Change-Id: I83d56c9363d481bb6d5921f5e1f9b024f136044b
2021-03-26 07:17:42 -07:00
Zuul a64c843052 Merge "Set default OVS_SYSCONFDIR value depending on OVS_PREFIX" 2021-03-24 19:23:22 +00:00
Zuul 83821a11ac Merge "Address feedback from glance-remote patch" 2021-03-23 16:56:21 +00:00
Zuul 64efd9862c Merge "nova: Default NOVA_USE_SERVICE_TOKEN to True" 2021-03-23 14:44:24 +00:00
Rodolfo Alonso Hernandez 30819e66dd Set default OVS_SYSCONFDIR value depending on OVS_PREFIX
When OVN is built from source, the value of OVS_PREFIX is set to
"/usr/local". All other paths referring to OVS should be prefixed
with this value.

Closes-Bug: #1920634
Related-Bug: #1918656

Change-Id: I9a45a5379d1c47cdf67b9c6d3d0409a88501e61e
2021-03-22 07:18:44 +00:00
Zuul 8ef0d73cba Merge "Use (or set properly) system-id generated by openvswitch" 2021-03-20 02:58:55 +00:00
Zuul 195c885cb3 Merge "Allow to install os-ken from git repo" 2021-03-18 12:45:10 +00:00
Zuul e049a31970 Merge "[OVN] Support for network-logging config" 2021-03-17 18:05:59 +00:00
Slawek Kaplonski 1ed276c177 Use (or set properly) system-id generated by openvswitch
In case when OVN_UUID isn't set by user, and it isn't stored
in /etc/openvswith/system-id.conf file, Devstack will reuse it.
If it's not, it will generate and store it in the
/etc/openvswitch/system-id.conf file so it can be set to same value
after openvswitch will be e.g. restarted.

In case when OVN_UUID is set by user, it will be also saved in
/etc/openvswitch/system-id.conf file to make it persistent when e.g
openvswitch will be restarted.

Closes-Bug: #1918656
Change-Id: I8e3b05f3ab83e204bc1ce895baec0e1ba515895b
2021-03-17 14:04:06 +00:00
Brian Haley af79a934ef Use 'ip addr replace' in OVN code
Instead of doing a flush/add, use replace like the ML2/OVS
code does. Should have the same behavior of not failing if
the address is already present.

Change-Id: If9d8a848b079ccb8c0c9b8e6fb708107aa0d46c7
2021-03-15 12:20:42 -04:00
Zuul f3e9399d38 Merge "Update Cirros to 0.5.2" 2021-03-12 13:31:13 +00:00
Zuul ff895cc787 Merge "Add a variable to configure the Tempest venv upper constraints" 2021-03-09 21:50:25 +00:00
Zuul d5a97c1787 Merge "Simulate a remote/standalone g-api worker" 2021-03-09 20:24:56 +00:00
Dan Smith 61b4fbf143 Address feedback from glance-remote patch
This cleans up some of the quote and variable handling that was
pointed out in review of the previous patch. This is non-critical,
so I'm putting it in a subsequent patch to avoid disturbing the
careful alignment of patches across three projects that are mostly
approved.

Change-Id: I9b281efd74ba5cd78f97b84e5704b41fd040e481
2021-03-09 09:28:16 -08:00
Dan Smith 802259a496 Simulate a remote/standalone g-api worker
In order to be able to test glance's distributed import function,
we need to have multiple workers in an arrangement like they
would be if one was on another host (potentially at another site).
This extra worker must be separate from the default image service
in order to repeatedly hit one and then the other to test cross-
service interactions.

This allows you to enable_service g-api-r, which will clone the main
g-api service, modify it to run on a different port, and start it.
The service will be registered in the catalog as image_remote.

Depends-On: https://review.opendev.org/c/openstack/glance/+/769976
Change-Id: I0e2bb5412701d515153c023873addb9d7abdb8a4
2021-03-08 18:25:32 -08:00
Lee Yarwood 38fed19acc Update Cirros to 0.5.2
This release [1] includes a single fix [2] pulling in the ahci module
which is required by Iad1adbc23b31dd54a96299e7a8a4b622c15eed8d, a
nova-next change introducing q35 testing to the job.

This depends on the following change caching the image within the CI
host image:

Depends-On: https://review.opendev.org/c/openstack/project-config/+/779178/

[1] https://github.com/cirros-dev/cirros/releases/tag/0.5.2
[2] https://github.com/cirros-dev/cirros/pull/65

Change-Id: I12e0bdb3699e5343592ab834468ba6b2fcdcaaf4
2021-03-08 08:50:53 +00:00
Ghanshyam Mann bd0d0fde24 Add enforce_scope setting support for Cinder
Conder started moving to new RBAC and cinder-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on cinder side and on Temepst side to tell
cinder is all configured with scope checks and test can be run with
scoped token.

Change-Id: Ic7cd919c000c4e7b9a3a06638a5bd87b1617e749
2021-03-06 17:23:39 -06:00
Ghanshyam Mann 8c93049220 Add enforce_scope setting support for Glance
Glance started moving to new RBAC and glance-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on glance side and so does on Temepst side to tell
glance is ready with scope checks so that test can be run with
scoped token.

Change-Id: I09f513d08212bc80a3a86a750b29b1c6625d2f89
2021-03-05 09:40:39 -06:00
Ghanshyam Mann 9dc2b88eb4 Add enforce_scope setting support for keystone
Keystone-tempest-plugin has implemented the secure RBAC
tests and enabling the enforce_scope via keystone devstack
plugin. Doing those setting in devstack will help to manage
easily and in central place also avoid restarting the api
service.

Change-Id: I30da189474476d3397152a0a15c2e30a62d712ad
2021-03-05 09:32:19 -06:00
Stephen Finucane 3948fcb03c Remove MAINTAINERS.rst
This file is mega out-of-date and no longer helpful. Remove it.

Change-Id: Ic7e215c3e48a9c453d19355ad7d683494811d2af
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2021-03-05 15:10:19 +00:00
Stephen Finucane 970891a4ef Remove references to XenAPI driver
The XenAPI driver was removed during the Victoria release [1], while the
libvirt+xen driver has been removed in the Wallaby release [2]. Remove
references to Xen from DevStack since its all a no-op now.

[1] I42b302afbb1cfede7a0f7b16485a596cd70baf17
[2] I73305e82da5d8da548961b801a8e75fb0e8c4cf1

Change-Id: If7055feb88391f496a5e5e4c72008bf0050c5356
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2021-03-05 15:10:19 +00:00
Stephen Finucane 3c6d105929 nova: Remove nova-xvpvncproxy
This was removed this service from nova in Ussuri [1]. There's no need
to keep this around.

[1] I2f7f2379d0cd54e4d0a91008ddb44858cfc5a4cf

Change-Id: Idc95c6467a8c6e0c0ed07a6458425ff0a10ff995
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2021-03-05 15:10:11 +00:00
Akihiro Motoki f548ce4816 Allow to install os-ken from git repo
os-ken is used by neutron ML2/OVS agent.
We need to install os-ken from source to test os-ken changes
against neutron. We already have tempest-integrated-networking job
in os-ken repo but it turns out it consumes os-ken from PyPI :-(

Change-Id: Ibcff212591e9fed25f1316403627269d81455b09
2021-03-04 10:31:30 +09:00
Stephen Finucane 8f3e51d79f nova: Die if console TLS enabled with tls-proxy
We require the 'tls-proxy' service to set up certificates for us. Hard
fail if 'NOVA_CONSOLE_PROXY_COMPUTE_TLS' is enabled but the 'tls-proxy'
service is not.

Change-Id: I52fec12b78ecd8f76f835551ccb84dfb1d5b3d8a
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2021-03-02 16:18:48 +00:00
Lucas Alvares Gomes 8903d8c1e2 [OVN] Fix Fedora/CentOS OVN configuration
When installing OVN from packages, the rpm for Fedora / CentOS pre set
some configurations that conflicts with the post configuration done by
DevStack.

This patch fixes this problem by erasing the pre-set configuration from
the packages and leaving it to DevStack to configure OVN for its use
(just like we would do when compiling it from source).

Change-Id: I9c18023c9aa79c0633748a6169f4f283e9d74ef0
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2021-02-24 13:52:33 +00:00
Zuul 0de8a5534f Merge "Stop configure 'member' role in tempest_roles" 2021-02-23 19:43:06 +00:00
Ghanshyam Mann 3bdc8f66ad Add a variable to configure the Tempest venv upper constraints
We use Tempest master for testing the supported stable
branches so using master upper constraints works fine but
when we need to use old Tempest in the below cases then master
upper constraints do not work and devstack will not be
able to install Tempest in vnenv:

- Testing Extended Maintenance branch
- Testing py2.7 jobs until stable/train with in-tree tempest plugins

This commit adds a variable to set the compatible upper constraint
to use for Tempest's old version.

Few of the current failure which can be fixed by this new configurable var:
- networking-generic-switch-tempest-dlm-python2
  - https://zuul.opendev.org/t/openstack/build/ebcf3d68d62c4af3a43a222aa9ce5556
- devstack-platform-xenial on stable/steinand stable/train
  - https://zuul.opendev.org/t/openstack/build/37ffc1af6f3f4b44b5ca8cbfa27068ac

Change-Id: I5b2217d85e6871ca3f7a3f6f859fdce9a50d3946
2021-02-20 14:05:36 -06:00
Zuul 49cd2252f0 Merge "Fix DevStack setup on CentOS 8.3" 2021-02-20 18:23:04 +00:00
Zuul bacaf0c4aa Merge "Fix nova db dependency" 2021-02-18 12:22:17 +00:00
Pierre Riteau f361122798 Fix DevStack setup on CentOS 8.3
CentOS 8.3 changed the name of the PowerTools repository to powertools:
https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.2011#Yum_repo_file_and_repoid_changes

With this repository disabled, DevStack fails to install libyaml-devel,
which causes a failure to install many packages. In my environment
DevStack stopped with an error caused by a missing wget.

Keep the command using the old repository name, for compatibility with
older CentOS releases.

Change-Id: I5541a8aee8467abf10ce8a10d770618bdd693f02
2021-02-17 17:43:13 +01:00
Dan Smith 48b7633ae8 Fix nova db dependency
When I reordered the nova database creation for better performance
and cleaner arrangement, I broke the non-standard arrangement where
the super and cell conductors are squashed together. In devstack,
this is implemented by pointing the controllers at cell1 in the
config, which makes it hard to create and sync the databases in the
natural order. This manifested in a failure when running in this
mode (which apparently Trove is).

As a quick fix, this special-cases the setup for cell0 if that mode
is enabled. I will follow this up with a cleaner refactor of all that
stuff so this hack isn't required, but that will take a bit longer.

Change-Id: I5385157c281beb041bf67cba546be20cf9497cbe
2021-02-16 16:02:00 -08:00
Zuul 18bf75e52f Merge "Always verify os_glance reserved namespace" 2021-02-16 21:16:48 +00:00
Ghanshyam Mann 57b092dbce Stop configure 'member' role in tempest_roles
Config option auth.tempest_roles is used to set the
extra roles to all dynamic cred tests users.
- https://opendev.org/openstack/tempest/src/commit/9b6f441fdc2a970410ea631dc1318896349e010f/tempest/common/credentials_factory.py#L82

Devstack set the 'member' role in CONF.auth.tempest_roles
- https://opendev.org/openstack/devstack/src/commit/556f84aea90c572873fc9834292635b41e590224/lib/tempest#L628

This cause issue if any tests testing for speciifc rols and want
to exclude the 'member' role, basically this bug
- https://bugs.launchpad.net/devstack/+bug/1915740

Also with 'member' role assigned by default, Tempest will not be
able to test the secure RBAC new default 'reader' role.

Let's remove  this role assignment now and let test congfigure what
they want.

Closes-Bug: #1915740

Change-Id: I0b6ab9fb943c7b0925a0a0d2490a8bcdfa76cedc
2021-02-15 17:34:17 +00:00
Lee Yarwood b516efedf9 nova: Default NOVA_USE_SERVICE_TOKEN to True
Introduced in devstack by I2d7348c4a72af96c0ed2ef6c0ab75d16e9aec8fc and
long tested by nova-next this enabled by most deployment tools by
default now and should be enabled by default in devstack.

Change-Id: Ia76b96fe87d99560db947a59cd0660aab9b05335
2021-02-15 10:32:03 +00:00
Zuul 556f84aea9 Merge "Async task support" 2021-02-11 22:33:01 +00:00
Zuul f9047f3151 Merge "Increase volumes quota for service project" 2021-02-11 20:55:48 +00:00
Zuul 357698d4cb Merge "orchestrate-devstack: Copy controller ceph.conf and keyrings to subnode" 2021-02-11 03:23:23 +00:00
Lee Yarwood e11d367d8e orchestrate-devstack: Copy controller ceph.conf and keyrings to subnode
This change introduces a basic role to copy the contents of /etc/ceph
between the controller and subnodes during orchestrate-devstack allowing
a multinode ceph job to be introduced by
I9ffdff44a3ad42ebdf26ab72e24dfe3b12b1ef8b.

Note that this role is only used when devstack-plugin-ceph is enabled.

Change-Id: I324c0f35db34f8540ca164bf8c6e3dea67c5b1b4
2021-02-10 16:01:04 +00:00
Dan Smith 30d9bf9a6d Async task support
We have a *ton* of stuff in devstack that is very linear, specifically
the ten-ish minutes we spend loading osc to run a single API command
against something. We also generate configs, sync databases, and other
things that use one core of our worker and make our runtime longer
than it really needs to be.

The idea in this patch is to make it super simple to run some things
in the background and then wait for them to finish before proceeding
to something that will require them to be done. This avoids the
interleaving you would expect by redirecting the async tasks to a log
file, and then cat'ing that log file synchronously during the wait
operation. The per-task log file remains so it's easier to examine
it in isolation.

Multiple people have reported between 22-30% improvement in the
time it takes to stack with this. More can be done, but what is here
already makes a significant difference.

Change-Id: I270a910b531641b023c13f75dfedca057a1f1031
2021-02-09 15:57:04 -08:00
Flavio Fernandes a2273cc4c8 [OVN] Support for network-logging config
This patchset adds configuration support for network logging
when the OVN driver is enabled.

Depends-On: https://review.opendev.org/768129
Change-Id: I6fc0973bedfd1dcc72b01981cd64f9283662d37c
Signed-off-by: Flavio Fernandes <flaviof@redhat.com>
2021-02-08 10:56:38 -05:00
Dan Smith b4bba2f2c8 Increase volumes quota for service project
If we are backing glance with cinder, we will use more volumes and
if timing is right, we will clash with other tests and be unable
to create what we need. If we are backing glance with cinder, we
should increase the volumes quota, which this patch does (to 50 from
a default of 10).

Closes-Bug: #1914665
Change-Id: I2ad1c4d21f996ee1a9ce29ba4f1a4b8f5720f8fb
2021-02-05 15:36:01 +00:00
Zuul aa2821eb89 Merge "Drop opensuse platform job" 2021-02-02 18:18:36 +00:00
Vanou Ishii eef2a0d751 Fix Early Use of die function in stack.sh
This commit fixes use of die function before it's defined.
die function can be used after sourcing $TOP_DIR/functions chain-
sources $TOP_DIR/functions-common.
Because fixed portion of stack.sh checks existence of $TOP_DIR/inc
and sourcing $TOP_DIR/function chain source $TOP_DIR/inc, this commit
uses echo & exit command instead of die function.

Closes-Bug: #1913021
Change-Id: I5ec174cf7b02269525b1bfd0bfa94ea889d16fce
2021-01-25 16:51:19 +09:00
Zuul 84ead5aacf Merge "Also cap pip in tempest tox venv" 2021-01-23 01:19:20 +00:00
Dan Smith ed164289a5 Always verify os_glance reserved namespace
On master, we should always enable tempest's verification of Glance's
os_glance namespace enforcement.

Change-Id: Ia71878e6c53ee683a868112959876798e946e2ce
Depends-On: https://review.opendev.org/c/openstack/glance/+/771070
2021-01-18 09:57:00 -08:00
Dan Smith bcd0acf6c0 Also cap pip in tempest tox venv
I am still unable to stack because of pip 20.3, but this time
because of the tempest venv build. This forces it to the same
capped pip, which further works around the problem.

Change-Id: Icfaaefe1aa576733764b393cba96d276c9b1cf68
Related-Bug: #1906367
2021-01-13 12:28:18 -08:00
Dan Smith edee6dc341 Add debug helper script
I'm not sure if others will find this useful, but I use this
script to run pieces of devstack while trying to write/debug
things. It saves me a lot of time being able to get to some
project-lib function without a full clean/re-stack.

Figured I'd share in case it's worth putting into the tree.

Change-Id: I9a92fa71d34f50c2f5ba7d11c1a45301bd4478bf
2021-01-12 17:41:19 -08:00
Zuul e2f574fb90 Merge "cinder: Double [DEFAULT]/rpc_response_timeout to 120" 2021-01-08 10:35:39 +00:00
Zuul 643ee3d51e Merge "Clean up create_disk() a little" 2021-01-08 10:19:27 +00:00
Jens Harbott b37240382d Drop opensuse platform job
It has been broken for over a month. Feel free to revert in combination
with a fix, better with a commitment to keep the job in working shape
permanently.

Change-Id: I2604374c23716d56de29e16a459b7c7f45b84891
2021-01-08 09:41:56 +01:00
Dan Smith 36a575b036 Clean up create_disk() a little
The create_disk() helper had some redundant checks and dead code. This
refactors it to put all the stale cleanup at the top, and groups the
new actions together with more relevant comments to make it easier
to understand.

Change-Id: I1f6218a1994e66786ed9a8065e30bcceec7b8956
2021-01-07 11:29:01 -08:00
Zuul 5867ff9b75 Merge "Install systemd-python from distribution package" 2021-01-07 11:02:00 +00:00
Zuul aef50ed18c Merge "[OVN] Use OVN from packages" 2020-12-30 16:29:29 +00:00
Federico Ressi 7e3428b987 Install systemd-python from distribution package
CentOS 8 support start to fail because of an issue [1]
compiling systemd python binding modules.
Let install it from distribution packages as documented by
python-systemd project Web page [2]

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1862714
[2] https://github.com/systemd/python-systemd

Closes-Bug: #1908386
Change-Id: Ic7cfd72ce1b875e75b1cdbdd44a902b25d51abb8
2020-12-23 14:22:27 +00:00
Lee Yarwood fc41717222 cinder: Double [DEFAULT]/rpc_response_timeout to 120
Bug #1873234 documents a number of CI failures caused by RPC requests
from c-api to c-vol timing out due to `lvchange` taking longer than the
default rpc_response_timeout of 60 seconds to complete.

While the underlying reason for the slowness should be investigated by
the cinder team a trivial workaround to the fallout created by these
timeouts is to simply double the client RPC timeout used by c-api,
allowing c-vol to return and overall the request to succeed.

Change-Id: I53dc0ae10af6aa13f1349b58373932eb6a15ab02
Related-Bug: #1873234
2020-12-23 10:58:26 +00:00
Ghanshyam Mann 04b0b61557 Install swift keystone extras requirements
Since the introduction of I8f24b839bf42e2fb9803dc7df3a30ae20cf264
s-proxy is no longer able to launch as keystonemiddleware (listed under
test-requirements.txt) has not been installed.

keystonemiddleware is listed as extras requirements in swift
- https://github.com/openstack/swift/blob/e0d46d77fa740768f1dd5b989a63be85ff1fec20/setup.cfg#L79

Let's install swift keystone extra requirements also.

Closes-Bug: #1909018
Change-Id: I02c692e95d70017eea03d82d75ae6c5e87bde8b1
2020-12-23 09:51:24 +00:00
Lucas Alvares Gomes e651d9ef88 [OVN] Use OVN from packages
This patch changes the OVN module from DevStack to allow for using the
OSapackaged version of OVN instead of compiling it from source.

A new variable called OVN_BUILD_FROM_SOURCE has been introduced and when
set to False (the default value) OVN will then use the packaged version
for setting up DevStack.

Note, in the stop_ovn() function, the OVN metadata agent service name
was wrong and the service wasn't being stopped as part of ./unstack.sh.
This patch also fixed it as well.

Change-Id: Ib41e3b486550200572afd6b3ba783d7644d70d44
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
Co-Authored-By: Slawek Kaplonski <skaplons@redhat.com>
2020-12-19 18:50:48 +01:00
Zuul a9afdb18b4 Merge "fix is_fedora for centos 8 stream" 2020-12-18 02:32:54 +00:00
Masayuki Igawa 89acae9779 Use python3-guestfs in Ubuntu
This commit makes to use python3-guestfs instead of python-guestfs in
Ubuntu because python-guestfs package is not provided in focal[1][2].
This causes errors in some gate job if `ENABLE_FILE_INJECTION` is true
like the following.

```
...
Package python-guestfs is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
  python3-guestfs

E: Package 'python-guestfs' has no installation candidate
...
```
http://paste.openstack.org/show/801073/

[1] https://packages.ubuntu.com/search?lang=en&keywords=python3-guestfs
[2] https://packages.ubuntu.com/search?lang=en&suite=default&arch=any&searchon=names&keywords=python-guestfs

Change-Id: Iffe60aa0351b732d543927afa1f1e846ba2a89fd
2020-12-16 09:17:08 +09:00
Sean Mooney e7c017bd89 fix is_fedora for centos 8 stream
When deploying on the centos 8 stream variant
the output of "lsb_release -i -s" is
CentOSStream instead of CentOS

This breaks the is_fedora function in devstack
preventing package installation and removal.

Change-Id: I39ccefbd06f46adf5077f8d8001f37d3b190f040
2020-12-15 19:58:37 +00:00
Zuul 97f3100c4f Merge "zuul: Remove nova-live-migration from check queue" 2020-12-06 21:44:11 +00:00
Zuul 5dff818602 Merge "Decrease MTU to account for IPv6 header" 2020-12-04 05:28:02 +00:00
Elod Illes 7a3a7ce876 Workaround for new pip 20.3 behavior
This patch caps pip version during bootstrap to avoid the issue:

"ERROR: Links are not allowed as constraints"

A proper fix would be to adapt to new pip behavior.

Depends-On: https://review.opendev.org/764811
Change-Id: I1feed4573820436f91f8f654cc189fa3a21956fd
2020-11-30 17:01:20 -06:00
Zuul 907b9042b8 Merge "tempest: Enable shelve_migrate tests with Libvirt" 2020-11-29 12:43:55 +00:00
Zuul 6d735429da Merge "Make create_disk() persistent" 2020-11-23 23:15:36 +00:00
Zuul 788b6a97f8 Merge "Remove deprecated tail_log function" 2020-11-23 10:24:34 +00:00
Lee Yarwood cdc2e9f656 zuul: Remove nova-live-migration from check queue
As documented in the associated TODO this job can be removed now that it
has been migrated to zuulv3 by Ib342e2d3c395830b4667a60de7e492d3b9de2f0a.

Change-Id: Id7c0fd8eec09386cd638956a46c1f75844194b9d
2020-11-19 09:19:11 +00:00
Zuul 3a96dd10c6 Merge "[CI] Copy /etc/ceph output to logs" 2020-11-16 06:50:49 +00:00
Victoria Martinez de la Cruz 7a5fda8326 [CI] Copy /etc/ceph output to logs
Change-Id: I91317c7d4972f07f741cdde2f406e290bb65467b
2020-11-13 12:58:41 -03:00
Zuul b958edd3f9 Merge "enable ussuri cloud archive on ubuntu bionic" 2020-11-13 02:44:57 +00:00
Zuul 0d2d6f93f6 Merge "Look for ipv6 routes so ipv6-only jobs will not fail" 2020-11-11 18:07:28 +00:00
Zuul 4e86376c0b Merge "Configure os-vif ovsdb_connection" 2020-11-11 18:00:04 +00:00
Sean Mooney 6c03a85d8b enable ussuri cloud archive on ubuntu bionic
This change updates bionic installs to use the
ussuri cloud archive to enable the use of libvirt 6.0.0.
This is required to prevent a libvirt bug that causes intermittent
failures for the tempest test_live_block_migration_paused testcase.

Change-Id: I9c395c2b5fdfe6ad9a43477280e88e9a9b34f057
Related-Bug: 1901739
2020-11-11 04:59:21 +00:00
Weronika Sikora d7d87b0202 Set image_alt_ssh_user during stack
At this moment, only image_ssh_user is present in the config
of Tempest. It's set to cirros by default and used for
SSH connections in tests. However, several tests build
instances with image_ref_alt, but still use image_ssh_user to
connect, which results in failure if image_ref_alt is set to
a non-cirros image. They should use image_alt_ssh_user instead,
which can be set to whichever user the image_ref_alt needs in
either local.conf or during plugin installation.

Change-Id: I899909fb71a9862c891e94ba54c6a8fa137f9769
Partial-Bug: #1844535
2020-11-10 12:43:47 +01:00
Dan Smith 6766f71d62 Make create_disk() persistent
Right now a system configured with the ceph plugin will not survive
a reboot because the backing disk we create and mount isn't mounted
at startup, preventing ceph from starting and the rest of nova/glance
from working.

This makes create_disk() idempotently write an fstab rule for the
disk we make, and adds a destroy_disk() handler for cleanup.

Change-Id: I50cd4234f51a335af25be756bd2459dca5aa343c
2020-11-09 14:59:23 -08:00
Nate Johnston efc04eec00 Look for ipv6 routes so ipv6-only jobs will not fail
For change 739139 [1] PS 12, the
neutron-tempest-plugin-scenario-linuxbridge died in devstack with
"/opt/stack/devstack/functions-common:237 Failure retrieving default
route device", which comes from
"/opt/stack/devstack/lib/neutron-legacy:237:die_if_not_set".

Looking at the worlddump.txt for that job [2] I see that there is a
default ipv6 route; the vm was not configured with ipv4 networking.

    ip route
    --------

    ip -6 route
    -----------

    ::1 dev lo proto kernel metric 256 pref medium
    2607:ff68:100:54::/64 dev ens3 proto kernel metric 256 expires 86380sec pref medium
    fe80::/64 dev ens3 proto kernel metric 256 pref medium
    default via fe80::f816:3eff:fe77:b05c dev ens3 proto ra metric 1024 expires 280sec hoplimit 64 pref medium

Looking at the devstack code that throws the error [3] it looks like
it only looks for a default route in the output of `ip route`, which
does not include ipv6 information.  This change should look in both
the ipv4 and ipv6 route table.  A similar check in the L3 setup code
is also updated.

[1] https://review.opendev.org/#/c/739139/
[2] https://d4eb7e3efe98cba79a4b-f4d168cdb20f40841821e4b213645c0f.ssl.cf2.rackcdn.com/739139/12/gate/neutron-tempest-plugin-scenario-linuxbridge/9a6b4f7/controller/logs/worlddump-latest.txt
[3] https://opendev.org/openstack/devstack/src/branch/master/lib/neutron-legacy#L236

Closes-Bug: #1902002
Change-Id: I839e8c222368df98fec308cf41248a9dd0a8c187
2020-11-09 17:05:38 -05:00
Brian Haley 2bb62b43bf Decrease MTU to account for IPv6 header
(MTU - 50) only supports VxLAN over IPv4, decrease it
to support IPv6 as well, which is 20 bytes larger.

Change-Id: I0cf258770f628c1b4fb590bd274b5433fbcc1450
2020-11-06 17:34:53 -05:00
Jens Harbott 47f76acbba Determine default IPv4 route device only when needed
Sometimes instances don't have an IPv4 default route, so only check for
it when we actually need it. In a followup patch we could extend the
code to check for an IPv6 default route instead or in addition.

Related-Bug: 1902002
Change-Id: Ie6cd241721f6b1f8e030960921a696939b2dab10
2020-10-30 09:43:55 +01:00
Jens Harbott 3f28c272d0 Remove deprecated tail_log function
This function has been deprecated for a long time, let's finally
remove it. It is only generating a warning anyway.

Change-Id: I7bd440adf2ce8283e3ad3d5d09e6b2b877e2b42e
2020-10-28 13:06:52 +00:00
Lucas Alvares Gomes 6ecfe67d8e Configure os-vif ovsdb_connection
This patch set the os-vif "ovsdb_connection" configuration option so it
can connect to the local OVSDB. By default, this option points to
tcp:127.0.0.1:6640 and would fail if SERVICE_IP_VERSION == 6.

Also, if SERVICE_IP_VERSION is an IPv6 address, it should be wraped with
square brackets for it to work.

Change-Id: Ie6eec4e140c7464936cf0b0c6307026a94c9f4ee
Signed-off-by: Lucas Alvares Gomes <lucasagomes@gmail.com>
2020-10-26 13:55:33 +00:00
Sean Mooney 7de6e0b2ec fix ipv6 flag order in worlddump
this change corrects the flag order from 'route -6'
to '-6 route' as the -6 flag is an option when used with
ip is an argument to the the ip command and not the route
subcommand.

-6 is accpeted as an argument to the standalone 'route'
commannd but not 'ip route' subcommand.

Change-Id: Ic2ae472e42b7b455693d0aade48dc5109e1f21ba
2020-10-21 14:05:17 +01:00
Walter A. Boring IV b107f9cf18 Add support for ceph_iscsi cinder driver
This patch adds support to configure the new ceph iscsi driver

Depends-On: https://review.opendev.org/#/c/662829/
Depends-On:https://review.opendev.org/668667
Change-Id: Ica180e00dedb8e7ed60e27e3f4841faa8fef938c
2020-10-15 22:04:46 +00:00
Jens Harbott 0545b48f3b Add IPv6 route information to worlddump
The "ip route" command only outputs IPv4 routes, add a command to also
show IPv6 route information.

Drop output from "ip link" as that information is contained within the
"ip addr" output already.

Change-Id: Iae87f43c4b1c57f07de041e823da9d350c670389
2020-10-13 16:06:44 +02:00
Zuul 6e68add275 Merge "Fix: do not lose the tox_environment value in func tests" 2020-10-13 10:22:08 +00:00
Luigi Toscano 906d824a19 Fix: do not lose the tox_environment value in func tests
The current code always overrides tox_environment when running
functional tests, but the correct behavior is to add
the discovered environment variables to tox_environments,
while keeping the user-specified value for it.

The current behavior breaks the devstack-tox-functional children
jobs, like openstacksdk-functional-devstack-ironic, which set
tox_environment.

Change-Id: I5dc9054a1495ca0ef7745c08316441ab153956f4
2020-10-11 21:59:07 +02:00
Zuul 48bc0924cf Merge "Removing fixup for f32 + dnsmasq 2.81" 2020-10-10 15:01:18 +00:00
Dan Radez 3ebb95f9b5 Removing fixup for f32 + dnsmasq 2.81
workaround reported https://bugs.launchpad.net/neutron/+bug/1896945
fixed by https://review.opendev.org/#/c/755356/

Change-Id: I86a0be548e344ed4e95eab7212ba432bf570d2ae
2020-10-10 10:34:12 +00:00
Riccardo Pittau 8e74a617df Move supported distros to variable
Improve redability of the distro check using a variable to
store supported distributions.

Change-Id: Iffa1619065358d459bd04523b7eeae9049f8f2f0
2020-10-06 11:01:12 +02:00
Ghanshyam Mann 29efb72822 Update DEVSTACK_SERIES to wallaby
stable/victoria branch has been created now and
current master is for wallaby.

Change-Id: I5f5b233127d6ef24452fcd05db990f9ddc244dc4
2020-09-30 11:06:49 -05:00
Zuul 4727c5c946 Merge "Change glance default back to WSGI mode" 2020-09-29 18:49:20 +00:00
Dan Smith 155109df89 Change glance default back to WSGI mode
The situation around glance under WSGI has changed a lot in a week.
We can now run tasks and imports under WSGI, so let's switch the
default back so that glance is consistent (by default) with the
other projects.

Change-Id: I3ae285b2ac4972c0b8abaccfc7c0ede0e1c49bf1
2020-09-28 08:28:57 -07:00
Alexandre Arents 4a1186aa90 tempest: Enable shelve_migrate tests with Libvirt
Enable the compute feature for shelve_migrate on all but LXC and
Xen virt_types.

Related-Bug: #1732428
Depends-On: https://review.opendev.org/#/c/696084/
Change-Id: I31cd00c9117607682213cfa0399709e560f4ad0d
2020-09-25 07:12:42 +00:00
Armando Migliaccio a676c4029e Revert "Generate deprecation warning for postgresql"
Based on resolution [1], there's no clear indication that next
steps involve the removal of the DB from Devstack or from the gate.

[1] I332cef8ec4539520adcf37c6d2ea11488289fcfd

This reverts commit d9aaae95f2.

Change-Id: I8410d65c0e0b24035aa035fac7560a686d53ec50
2019-10-17 15:58:34 -04:00
Eric Harney 8c86e5a53e Cinder: only set volume_clear for LVM
This only applies to the LVM driver (when using
thick provisioning), and doesn't have any effect on
other backends like NFS, so only write the conf entry
for LVM.

Change-Id: I722ba2fa0010d9887ed9b7fdd9e050cd4694768e
2019-10-17 15:48:08 -04:00
Dirk Mueller dc01a8ab63 Switch TLS tests to TLSv1.2+ only
This would more likely match a relevant production deployment.

Change-Id: I4ee2ff0c00a8e33fd069a782b32eed5fef62c01b
2019-07-14 22:33:45 +02:00
Huan Xiong 63beab5243 init_cinder() shouldn't always create DEFAULT_VOLUME_GROUP_NAME
DEFAULT_VOLUME_GROUP_NAME volume group is LVM ephemeral storage used by
Nova. It is created by init_nova() if user sets NOVA_BACKEND to "LVM".
However, init_cinder() is also hardcoded to create it, based on the
asumption that CINDER_ENABLED_BACKENDS includes it. That assumption
doesn't hold for the current code. What's more important, even if user
wants to use DEFAULT_VOLUME_GROUP_NAME as one of cinder backends and
adds it to CINDER_ENABLED_BACKENDS, the current code in init_cinder()
are general enough and should work fine. This change removes relevant
code in init_cinder(). It also moves DEFAULT_VOLUME_GROUP_NAME clean-up
code from unstack.sh to cleanup_nova().

Change-Id: I53762f8eda6256f962cc4e1f1098406879bbcf5c
2018-03-23 14:42:37 +00:00
YAMAMOTO Takashi 6839d42819 neutron-legacy: Remove no longer necessary vpnaas conditional
VPNaaS agent is going to be an L3 agent extention.

Related-Bug: #1692128
Depends-On: I0b86c432e4b2210e5f2a73a7e3ba16d10467f0f2
Change-Id: Id827274b7c74cdf71db6d1f2ab3eadb5fef099f5
2017-10-17 12:59:27 +09:00
186 changed files with 6302 additions and 4104 deletions
+2
View File
@@ -38,3 +38,5 @@ stack-screenrc
userrc_early
AUTHORS
ChangeLog
tools/dbcounter/build/
tools/dbcounter/dbcounter.egg-info/
+321 -140
View File
@@ -1,8 +1,18 @@
- nodeset:
name: openstack-single-node
name: openstack-single-node-jammy
nodes:
- name: controller
label: ubuntu-xenial
label: ubuntu-jammy
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: openstack-single-node-noble
nodes:
- name: controller
label: ubuntu-noble
groups:
- name: tempest
nodes:
@@ -29,30 +39,10 @@
- controller
- nodeset:
name: openstack-single-node-xenial
name: devstack-single-node-centos-9-stream
nodes:
- name: controller
label: ubuntu-xenial
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: devstack-single-node-centos-7
nodes:
- name: controller
label: centos-7
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: devstack-single-node-centos-8
nodes:
- name: controller
label: centos-8
label: centos-9-stream
groups:
- name: tempest
nodes:
@@ -69,22 +59,105 @@
- controller
- nodeset:
name: devstack-single-node-fedora-latest
name: devstack-single-node-debian-bookworm
nodes:
- name: controller
label: fedora-32
label: debian-bookworm
groups:
- name: tempest
nodes:
- controller
# Note(sean-k-mooney): this is still used by horizon for
# horizon-integration-tests, horizon-integration-pytest and
# horizon-ui-pytest, remove when horizon is updated.
- nodeset:
name: devstack-single-node-debian-bullseye
nodes:
- name: controller
label: debian-bullseye
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: openstack-two-node
name: devstack-single-node-rockylinux-9
nodes:
- name: controller
label: ubuntu-xenial
label: rockylinux-9
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: openstack-two-node-centos-9-stream
nodes:
- name: controller
label: centos-9-stream
- name: compute1
label: ubuntu-xenial
label: centos-9-stream
groups:
# Node where tests are executed and test results collected
- name: tempest
nodes:
- controller
# Nodes running the compute service
- name: compute
nodes:
- controller
- compute1
# Nodes that are not the controller
- name: subnode
nodes:
- compute1
# Switch node for multinode networking setup
- name: switch
nodes:
- controller
# Peer nodes for multinode networking setup
- name: peers
nodes:
- compute1
- nodeset:
name: openstack-two-node-jammy
nodes:
- name: controller
label: ubuntu-jammy
- name: compute1
label: ubuntu-jammy
groups:
# Node where tests are executed and test results collected
- name: tempest
nodes:
- controller
# Nodes running the compute service
- name: compute
nodes:
- controller
- compute1
# Nodes that are not the controller
- name: subnode
nodes:
- compute1
# Switch node for multinode networking setup
- name: switch
nodes:
- controller
# Peer nodes for multinode networking setup
- name: peers
nodes:
- compute1
- nodeset:
name: openstack-two-node-noble
nodes:
- name: controller
label: ubuntu-noble
- name: compute1
label: ubuntu-noble
groups:
# Node where tests are executed and test results collected
- name: tempest
@@ -168,36 +241,6 @@
nodes:
- compute1
- nodeset:
name: openstack-two-node-xenial
nodes:
- name: controller
label: ubuntu-xenial
- name: compute1
label: ubuntu-xenial
groups:
# Node where tests are executed and test results collected
- name: tempest
nodes:
- controller
# Nodes running the compute service
- name: compute
nodes:
- controller
- compute1
# Nodes that are not the controller
- name: subnode
nodes:
- compute1
# Switch node for multinode networking setup
- name: switch
nodes:
- controller
# Peer nodes for multinode networking setup
- name: peers
nodes:
- compute1
- nodeset:
name: openstack-three-node-focal
nodes:
@@ -270,7 +313,7 @@
- job:
name: devstack-base
parent: multinode
parent: openstack-multinode-fips
abstract: true
description: |
Base abstract Devstack job.
@@ -285,7 +328,6 @@
required-projects:
- opendev.org/openstack/devstack
roles:
- zuul: opendev.org/openstack/devstack-gate
- zuul: opendev.org/openstack/openstack-zuul-jobs
vars:
devstack_localrc:
@@ -319,8 +361,10 @@
'{{ devstack_log_dir }}/devstacklog.txt.summary': logs
'{{ devstack_log_dir }}/tcpdump.pcap': logs
'{{ devstack_log_dir }}/worlddump-latest.txt': logs
'{{ devstack_log_dir }}/qemu.coredump': logs
'{{ devstack_full_log}}': logs
'{{ stage_dir }}/verify_tempest_conf.log': logs
'{{ stage_dir }}/performance.json': logs
'{{ stage_dir }}/apache': logs
'{{ stage_dir }}/apache_config': logs
'{{ stage_dir }}/etc': logs
@@ -328,6 +372,8 @@
/var/log/postgresql: logs
/var/log/mysql: logs
/var/log/libvirt: logs
/etc/libvirt: logs
/etc/lvm: logs
/etc/sudoers: logs
/etc/sudoers.d: logs
'{{ stage_dir }}/iptables.txt': logs
@@ -338,8 +384,10 @@
'{{ stage_dir }}/rpm-qa.txt': logs
'{{ stage_dir }}/core': logs
'{{ stage_dir }}/listen53.txt': logs
'{{ stage_dir }}/services.txt': logs
'{{ stage_dir }}/deprecations.log': logs
'{{ stage_dir }}/audit.log': logs
/etc/ceph: logs
/var/log/ceph: logs
/var/log/openvswitch: logs
/var/log/glusterfs: logs
@@ -384,6 +432,8 @@
- ^releasenotes/.*$
# Translations
- ^.*/locale/.*po$
# pre-commit config
- ^.pre-commit-config.yaml$
- job:
name: devstack-minimal
@@ -391,7 +441,7 @@
description: |
Minimal devstack base job, intended for use by jobs that need
less than the normal minimum set of required-projects.
nodeset: openstack-single-node-focal
nodeset: openstack-single-node-jammy
required-projects:
- opendev.org/openstack/requirements
vars:
@@ -402,17 +452,21 @@
PUBLIC_BRIDGE_MTU: '{{ external_bridge_mtu }}'
devstack_services:
# Shared services
dstat: true
dstat: false
etcd3: true
memory_tracker: true
file_tracker: true
mysql: true
rabbit: true
openstack-cli-server: true
group-vars:
subnode:
devstack_services:
# Shared services
dstat: true
dstat: false
memory_tracker: true
file_tracker: true
openstack-cli-server: true
devstack_localrc:
# Multinode specific settings
HOST_IP: "{{ hostvars[inventory_hostname]['nodepool']['private_ipv4'] }}"
@@ -458,8 +512,17 @@
- opendev.org/openstack/nova
- opendev.org/openstack/placement
- opendev.org/openstack/swift
- opendev.org/openstack/os-test-images
timeout: 7200
vars:
# based on observation of the integrated gate
# tempest-integrated-compute was only using ~1.7GB of swap
# when zswap and the host turning are enabled that increase
# slightly to ~2GB. we are setting the swap size to 8GB to
# be safe and account for more complex scenarios.
# we should revisit this value after some time to see if we
# can reduce it.
configure_swap_size: 8192
devstack_localrc:
# Common OpenStack services settings
SWIFT_REPLICAS: 1
@@ -467,6 +530,27 @@
SWIFT_HASH: 1234123412341234
DEBUG_LIBVIRT_COREDUMPS: true
NOVA_VNC_ENABLED: true
OVN_DBS_LOG_LEVEL: dbg
# tune the host to optimize memory usage and hide io latency
# these setting will configure the kernel to treat the host page
# cache and swap with equal priority, and prefer deferring writes
# changing the default swappiness, dirty_ratio and
# the vfs_cache_pressure
ENABLE_SYSCTL_MEM_TUNING: true
# the net tuning optimizes ipv4 tcp fast open and config the default
# qdisk policy to pfifo_fast which effectively disable all qos.
# this minimizes the cpu load of the host network stack
ENABLE_SYSCTL_NET_TUNING: true
# zswap allows the kernel to compress pages in memory before swapping
# them to disk. this can reduce the amount of swap used and improve
# performance. effectively this trades a small amount of cpu for an
# increase in swap performance by reducing the amount of data
# written to disk. the overall speedup is proportional to the
# compression ratio and the speed of the swap device.
# NOTE: this option is ignored when not using nova with the libvirt
# virt driver.
NOVA_LIBVIRT_TB_CACHE_SIZE: 128
ENABLE_ZSWAP: true
devstack_local_conf:
post-config:
$NEUTRON_CONF:
@@ -476,9 +560,10 @@
# Core services enabled for this branch.
# This list replaces the test-matrix.
# Shared services
dstat: true
dstat: false
etcd3: true
memory_tracker: true
file_tracker: true
mysql: true
rabbit: true
tls-proxy: true
@@ -495,13 +580,14 @@
n-sch: true
# Placement service
placement-api: true
# OVN services
ovn-controller: true
ovn-northd: true
ovs-vswitchd: true
ovsdb-server: true
# Neutron services
q-agt: true
q-dhcp: true
q-l3: true
q-meta: true
q-metering: true
q-svc: true
q-ovn-metadata-agent: true
# Swift services
s-account: true
s-container: true
@@ -512,7 +598,6 @@
c-bak: true
c-sch: true
c-vol: true
cinder: true
# Services we don't need.
# This section is not really needed, it's for readability.
horizon: false
@@ -526,15 +611,20 @@
# Core services enabled for this branch.
# This list replaces the test-matrix.
# Shared services
dstat: true
dstat: false
memory_tracker: true
file_tracker: true
tls-proxy: true
# Nova services
n-cpu: true
# Placement services
placement-client: true
# OVN services
ovn-controller: true
ovs-vswitchd: true
ovsdb-server: true
# Neutron services
q-agt: true
q-ovn-metadata-agent: true
# Cinder services
c-bak: true
c-vol: true
@@ -552,21 +642,53 @@
GLANCE_HOSTPORT: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}:9292"
Q_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
NOVA_VNC_ENABLED: true
ENABLE_CHASSIS_AS_GW: false
# tune the host to optimize memory usage and hide io latency
# these setting will configure the kernel to treat the host page
# cache and swap with equal priority, and prefer deferring writes
# changing the default swappiness, dirty_ratio and
# the vfs_cache_pressure
ENABLE_SYSCTL_MEM_TUNING: true
# the net tuning optimizes ipv4 tcp fast open and config the default
# qdisk policy to pfifo_fast which effectively disable all qos.
# this minimizes the cpu load of the host network stack
ENABLE_SYSCTL_NET_TUNING: true
# zswap allows the kernel to compress pages in memory before swapping
# them to disk. this can reduce the amount of swap used and improve
# performance. effectivly this trades a small amount of cpu for an
# increase in swap performance by reducing the amount of data
# written to disk. the overall speedup is porportional to the
# compression ratio and the speed of the swap device.
ENABLE_ZSWAP: true
# NOTE: this option is ignored when not using nova with the libvirt
# virt driver.
NOVA_LIBVIRT_TB_CACHE_SIZE: 128
- job:
name: devstack-ipv6
parent: devstack
description: |
Devstack single node job for integration gate with IPv6.
Devstack single node job for integration gate with IPv6,
all services and tunnels using IPv6 addresses.
vars:
devstack_localrc:
SERVICE_IP_VERSION: 6
SERVICE_HOST: ""
TUNNEL_IP_VERSION: 6
- job:
name: devstack-enforce-scope
parent: devstack
description: |
This job runs the devstack with scope checks enabled.
vars:
devstack_localrc:
ENFORCE_SCOPE: true
- job:
name: devstack-multinode
parent: devstack
nodeset: openstack-two-node-focal
nodeset: openstack-two-node-jammy
description: |
Simple multinode test to verify multinode functionality on devstack side.
This is not meant to be used as a parent job.
@@ -576,43 +698,106 @@
# and these platforms don't have the round-the-clock support to avoid
# becoming blockers in that situation.
- job:
name: devstack-platform-centos-8
name: devstack-platform-centos-9-stream
parent: tempest-full-py3
description: Centos 8 platform test
nodeset: devstack-single-node-centos-8
voting: false
description: CentOS 9 Stream platform test
nodeset: devstack-single-node-centos-9-stream
timeout: 9000
- job:
name: devstack-platform-opensuse-15
parent: tempest-full-py3
description: openSUSE 15.x platform test
nodeset: devstack-single-node-opensuse-15
voting: false
- job:
name: devstack-platform-bionic
name: devstack-platform-debian-bookworm
parent: tempest-full-py3
description: Ubuntu Bionic platform test
nodeset: openstack-single-node-bionic
voting: false
description: Debian Bookworm platform test
nodeset: devstack-single-node-debian-bookworm
timeout: 9000
vars:
configure_swap_size: 4096
- job:
name: devstack-platform-fedora-latest
name: devstack-platform-rocky-blue-onyx
parent: tempest-full-py3
description: Fedora latest platform test
nodeset: devstack-single-node-fedora-latest
description: Rocky Linux 9 Blue Onyx platform test
nodeset: devstack-single-node-rockylinux-9
timeout: 9000
# NOTE(danms): This has been failing lately with some repository metadata
# errors. We're marking this as non-voting until it appears to have
# stabilized:
# https://zuul.openstack.org/builds?job_name=devstack-platform-rocky-blue-onyx&skip=0
voting: false
vars:
configure_swap_size: 4096
- job:
name: devstack-platform-fedora-latest-virt-preview
name: devstack-platform-ubuntu-noble
parent: tempest-full-py3
description: Fedora latest platform test using the virt-preview repo.
nodeset: devstack-single-node-fedora-latest
description: Ubuntu 24.04 LTS (noble) platform test
nodeset: openstack-single-node-noble
timeout: 9000
vars:
configure_swap_size: 8192
- job:
name: devstack-platform-ubuntu-jammy-ovn-source
parent: devstack-platform-ubuntu-jammy
description: Ubuntu 22.04 LTS (jammy) platform test (OVN from source)
voting: false
vars:
devstack_localrc:
ENABLE_FEDORA_VIRT_PREVIEW_REPO: true
OVN_BUILD_FROM_SOURCE: True
OVN_BRANCH: "v21.06.0"
OVS_BRANCH: "a4b04276ab5934d087669ff2d191a23931335c87"
OVS_SYSCONFDIR: "/usr/local/etc/openvswitch"
- job:
name: devstack-platform-ubuntu-jammy-ovs
parent: tempest-full-py3
description: Ubuntu 22.04 LTS (jammy) platform test (OVS)
nodeset: openstack-single-node-jammy
voting: false
timeout: 9000
vars:
configure_swap_size: 8192
devstack_localrc:
Q_AGENT: openvswitch
Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
Q_ML2_TENANT_NETWORK_TYPE: vxlan
devstack_services:
# Disable OVN services
ovn-northd: false
ovn-controller: false
ovs-vswitchd: false
ovsdb-server: false
# Disable Neutron ML2/OVN services
q-ovn-metadata-agent: false
# Enable Neutron ML2/OVS services
q-agt: true
q-dhcp: true
q-l3: true
q-meta: true
q-metering: true
group-vars:
subnode:
devstack_services:
# Disable OVN services
ovn-controller: false
ovs-vswitchd: false
ovsdb-server: false
# Disable Neutron ML2/OVN services
q-ovn-metadata-agent: false
# Enable Neutron ML2/OVS services
q-agt: true
- job:
name: devstack-no-tls-proxy
parent: tempest-full-py3
description: |
Tempest job with tls-proxy off.
Some gates run devstack like this and it follows different code paths.
vars:
devstack_services:
tls-proxy: false
- job:
name: devstack-tox-base
@@ -670,6 +855,7 @@
- job:
name: devstack-unit-tests
nodeset: ubuntu-jammy
description: |
Runs unit tests on devstack project.
@@ -685,32 +871,23 @@
jobs:
- devstack
- devstack-ipv6
- devstack-platform-opensuse-15
- devstack-platform-fedora-latest
- devstack-platform-centos-8
- devstack-platform-bionic
- devstack-enforce-scope
- devstack-platform-centos-9-stream
- devstack-platform-debian-bookworm
- devstack-platform-rocky-blue-onyx
- devstack-platform-ubuntu-jammy-ovn-source
- devstack-platform-ubuntu-jammy-ovs
- devstack-platform-ubuntu-noble
- devstack-multinode
- devstack-unit-tests
- openstack-tox-bashate
- ironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa:
voting: false
- swift-dsvm-functional:
voting: false
irrelevant-files: &dsvm-irrelevant-files
- ^.*\.rst$
- ^doc/.*$
- swift-dsvm-functional-py3:
voting: false
irrelevant-files: *dsvm-irrelevant-files
- ironic-tempest-bios-ipmi-direct-tinyipa
- swift-dsvm-functional
- grenade:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- neutron-grenade-multinode:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- neutron-tempest-linuxbridge:
- neutron-ovs-grenade-multinode:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
@@ -736,30 +913,25 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
# NOTE(gmann): Remove this job from devstack pipeline once it is
# migrated to zuulv3 native. This is legacy job and rely on
# devstack-gate + devstack setting so any change in devstack can
# break it.
- nova-live-migration:
voting: false
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
gate:
jobs:
- devstack
- devstack-ipv6
- devstack-platform-debian-bookworm
- devstack-platform-ubuntu-noble
# NOTE(danms): Disabled due to instability, see comment in the job
# definition above.
# - devstack-platform-rocky-blue-onyx
- devstack-enforce-scope
- devstack-multinode
- devstack-unit-tests
- openstack-tox-bashate
- neutron-grenade-multinode:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- neutron-tempest-linuxbridge:
- neutron-ovs-grenade-multinode:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- ironic-tempest-bios-ipmi-direct-tinyipa
- swift-dsvm-functional
- grenade:
irrelevant-files:
- ^.*\.rst$
@@ -781,7 +953,9 @@
# pruned.
#
# * nova-next: maintained by nova for unreleased/undefaulted
# things
# things, this job is not experimental but often is used to test
# things that are not yet production ready or to test what will be
# the new default after a deprecation period has ended.
# * neutron-fullstack-with-uwsgi: maintained by neutron for fullstack test
# when neutron-api is served by uwsgi, it's in exprimental for testing.
# the next cycle we can remove this job if things turn out to be
@@ -789,14 +963,10 @@
# * neutron-functional-with-uwsgi: maintained by neutron for functional
# test. Next cycle we can remove this one if things turn out to be
# stable engouh with uwsgi.
# * neutron-tempest-with-uwsgi: maintained by neutron for tempest test.
# * neutron-ovn-tempest-with-uwsgi: maintained by neutron for tempest test.
# Next cycle we can remove this if everything run out stable enough.
# * nova-multi-cell: maintained by nova and currently non-voting in the
# * nova-multi-cell: maintained by nova and now is voting in the
# check queue for nova changes but relies on devstack configuration
# * devstack-platform-fedora-latest-virt-preview: Maintained by lyarwood
# for Nova to allow early testing of the latest versions of Libvirt and
# QEMU. Should only graduate out of experimental if it ever moves into
# the check queue for Nova.
experimental:
jobs:
@@ -804,16 +974,16 @@
- nova-next
- neutron-fullstack-with-uwsgi
- neutron-functional-with-uwsgi
- neutron-tempest-with-uwsgi
- neutron-ovn-tempest-with-uwsgi
- devstack-plugin-ceph-tempest-py3:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- neutron-tempest-dvr:
- neutron-ovs-tempest-dvr:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- neutron-tempest-dvr-ha-multinode-full:
- neutron-ovs-tempest-dvr-ha-multinode-full:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
@@ -825,4 +995,15 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- devstack-platform-fedora-latest-virt-preview
- devstack-no-tls-proxy
periodic:
jobs:
- devstack-no-tls-proxy
periodic-weekly:
jobs:
- devstack-platform-centos-9-stream
- devstack-platform-debian-bookworm
- devstack-platform-rocky-blue-onyx
- devstack-platform-ubuntu-jammy-ovn-source
- devstack-platform-ubuntu-jammy-ovs
- devstack-platform-ubuntu-noble
+1 -5
View File
@@ -74,8 +74,7 @@ of test of specific fragile functions in the ``functions`` and
``tools`` - Contains a collection of stand-alone scripts. While these
may reference the top-level DevStack configuration they can generally be
run alone. There are also some sub-directories to support specific
environments such as XenServer.
run alone.
Scripts
@@ -275,9 +274,6 @@ your change
even years from now -- why we were motivated to make a change at the
time.
* **Reviewers** -- please see ``MAINTAINERS.rst`` for a list of people
that should be added to reviews of various sub-systems.
Making Changes, Testing, and CI
-------------------------------
-92
View File
@@ -1,92 +0,0 @@
MAINTAINERS
===========
Overview
--------
The following is a list of people known to have interests in
particular areas or sub-systems of devstack.
It is a rather general guide intended to help seed the initial
reviewers list of a change. A +1 on a review from someone identified
as being a maintainer of its affected area is a very positive flag to
the core team for the veracity of the change.
The ``devstack-core`` group can still be added to all reviews.
Format
~~~~~~
The format of the file is the name of the maintainer and their
gerrit-registered email.
Maintainers
-----------
.. contents:: :local:
Ceph
~~~~
* Sebastien Han <sebastien.han@enovance.com>
Cinder
~~~~~~
Fedora/CentOS/RHEL
~~~~~~~~~~~~~~~~~~
* Ian Wienand <iwienand@redhat.com>
Neutron
~~~~~~~
MidoNet
~~~~~~~
* Jaume Devesa <devvesa@gmail.com>
* Ryu Ishimoto <ryu@midokura.com>
* YAMAMOTO Takashi <yamamoto@midokura.com>
OpenDaylight
~~~~~~~~~~~~
* Kyle Mestery <mestery@mestery.com>
OpenFlow Agent (ofagent)
~~~~~~~~~~~~~~~~~~~~~~~~
* YAMAMOTO Takashi <yamamoto@valinux.co.jp>
* Fumihiko Kakuma <kakuma@valinux.co.jp>
Swift
~~~~~
* Chmouel Boudjnah <chmouel@enovance.com>
SUSE
~~~~
* Ralf Haferkamp <rhafer@suse.de>
* Vincent Untz <vuntz@suse.com>
Tempest
~~~~~~~
Xen
~~~
* Bob Ball <bob.ball@citrix.com>
Zaqar (Marconi)
~~~~~~~~~~~~~~~
* Flavio Percoco <flaper87@gmail.com>
* Malini Kamalambal <malini.kamalambal@rackspace.com>
Oracle Linux
~~~~~~~~~~~~
* Wiekus Beukes <wiekus.beukes@oracle.com>
+4 -4
View File
@@ -4,7 +4,7 @@ from git source trees.
Goals
=====
* To quickly build dev OpenStack environments in a clean Ubuntu or Fedora
* To quickly build dev OpenStack environments in a clean Ubuntu or RockyLinux
environment
* To describe working configurations of OpenStack (which code branches
work together? what do config files look like for those branches?)
@@ -28,9 +28,9 @@ Versions
The DevStack master branch generally points to trunk versions of OpenStack
components. For older, stable versions, look for branches named
stable/[release] in the DevStack repo. For example, you can do the
following to create a Pike OpenStack cloud::
following to create a Zed OpenStack cloud::
git checkout stable/pike
git checkout stable/zed
./stack.sh
You can also pick specific OpenStack project releases by setting the appropriate
@@ -55,7 +55,7 @@ When the script finishes executing, you should be able to access OpenStack
endpoints, like so:
* Horizon: http://myhost/
* Keystone: http://myhost/identity/v2.0/
* Keystone: http://myhost/identity/v3/
We also provide an environment file that you can use to interact with your
cloud via CLI::
+3 -2
View File
@@ -50,7 +50,6 @@ source $TOP_DIR/lib/placement
source $TOP_DIR/lib/cinder
source $TOP_DIR/lib/swift
source $TOP_DIR/lib/neutron
source $TOP_DIR/lib/neutron-legacy
set -o xtrace
@@ -113,7 +112,7 @@ cleanup_rpc_backend
cleanup_database
# Clean out data and status
sudo rm -rf $DATA_DIR $DEST/status
sudo rm -rf $DATA_DIR $DEST/status $DEST/async
# Clean out the log file and log directories
if [[ -n "$LOGFILE" ]] && [[ -f "$LOGFILE" ]]; then
@@ -145,3 +144,5 @@ done
rm -rf ~/.config/openstack
# Clear any fstab entries made
sudo sed -i '/.*comment=devstack-.*/ d' /etc/fstab
-4
View File
@@ -4,8 +4,4 @@ Pygments
docutils
sphinx>=2.0.0,!=2.1.0 # BSD
openstackdocstheme>=2.2.1 # Apache-2.0
nwdiag
blockdiag
sphinxcontrib-blockdiag
sphinxcontrib-nwdiag
zuul-sphinx>=0.2.0
Binary file not shown.

After

Width:  |  Height:  |  Size: 10 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 13 KiB

+6 -6
View File
@@ -23,14 +23,14 @@
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
extensions = [ 'sphinx.ext.autodoc',
'zuul_sphinx',
'openstackdocstheme',
'sphinxcontrib.blockdiag',
'sphinxcontrib.nwdiag' ]
extensions = [
'sphinx.ext.autodoc',
'zuul_sphinx',
'openstackdocstheme',
]
# openstackdocstheme options
openstackdocs_repo_name = 'openstack-dev/devstack'
openstackdocs_repo_name = 'openstack/devstack'
openstackdocs_pdf_link = True
openstackdocs_bug_project = 'devstack'
openstackdocs_bug_tag = ''
+75 -16
View File
@@ -181,6 +181,9 @@ values that most often need to be set.
If the ``*_PASSWORD`` variables are not set here you will be prompted to
enter values for them by ``stack.sh``.
.. warning:: Only use alphanumeric characters in your passwords, as some
services fail to work when using special characters.
The network ranges must not overlap with any networks in use on the
host. Overlap is not uncommon as RFC-1918 'private' ranges are commonly
used for both the local networking and Nova's fixed and floating ranges.
@@ -279,7 +282,7 @@ number of days of old log files to keep.
::
LOGDAYS=1
LOGDAYS=2
Some coloring is used during the DevStack runs to make it easier to
see what is going on. This can be disabled with::
@@ -521,8 +524,8 @@ behavior:
can be configured with any valid IPv6 prefix. The default values make
use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC4193.
Service Version
~~~~~~~~~~~~~~~
Service IP Version
~~~~~~~~~~~~~~~~~~
DevStack can enable service operation over either IPv4 or IPv6 by
setting ``SERVICE_IP_VERSION`` to either ``SERVICE_IP_VERSION=4`` or
@@ -542,6 +545,27 @@ optionally be used to alter the default IPv6 address::
HOST_IPV6=${some_local_ipv6_address}
Tunnel IP Version
~~~~~~~~~~~~~~~~~
DevStack can enable tunnel operation over either IPv4 or IPv6 by
setting ``TUNNEL_IP_VERSION`` to either ``TUNNEL_IP_VERSION=4`` or
``TUNNEL_IP_VERSION=6`` respectively.
When set to ``4`` Neutron will use an IPv4 address for tunnel endpoints,
for example, ``HOST_IP``.
When set to ``6`` Neutron will use an IPv6 address for tunnel endpoints,
for example, ``HOST_IPV6``.
The default value for this setting is ``4``. Dual-mode support, for
example ``4+6`` is not supported, as this value must match the address
family of the local tunnel endpoint IP(v6) address.
The value of ``TUNNEL_IP_VERSION`` has a direct relationship to the
setting of ``TUNNEL_ENDPOINT_IP``, which will default to ``HOST_IP``
when set to ``4``, and ``HOST_IPV6`` when set to ``6``.
Multi-node setup
~~~~~~~~~~~~~~~~
@@ -615,7 +639,7 @@ tests can be run as follows:
::
$ cd /opt/stack/tempest
$ tox -efull tempest.scenario.test_network_basic_ops
$ tox -e smoke
By default tempest is downloaded and the config file is generated, but the
tempest package is not installed in the system's global site-packages (the
@@ -628,12 +652,6 @@ outside of tox. If you would like to install it add the following to your
INSTALL_TEMPEST=True
Xenserver
~~~~~~~~~
If you would like to use Xenserver as the hypervisor, please refer to
the instructions in ``./tools/xen/README.md``.
Cinder
~~~~~~
@@ -648,6 +666,41 @@ with ``VOLUME_BACKING_FILE_SIZE``.
VOLUME_NAME_PREFIX="volume-"
VOLUME_BACKING_FILE_SIZE=24G
When running highly concurrent tests, the default per-project quotas
for volumes, backups, or snapshots may be too small. These can be
adjusted by setting ``CINDER_QUOTA_VOLUMES``, ``CINDER_QUOTA_BACKUPS``,
or ``CINDER_QUOTA_SNAPSHOTS`` to the desired value. (The default for
each is 10.)
DevStack's Cinder LVM configuration module currently supports both iSCSI and
NVMe connections, and we can choose which one to use with options
``CINDER_TARGET_HELPER``, ``CINDER_TARGET_PROTOCOL``, ``CINDER_TARGET_PREFIX``,
and ``CINDER_TARGET_PORT``.
Defaults use iSCSI with the LIO target manager::
CINDER_TARGET_HELPER="lioadm"
CINDER_TARGET_PROTOCOL="iscsi"
CINDER_TARGET_PREFIX="iqn.2010-10.org.openstack:"
CINDER_TARGET_PORT=3260
Additionally there are 3 supported transport protocols for NVMe,
``nvmet_rdma``, ``nvmet_tcp``, and ``nvmet_fc``, and when the ``nvmet`` target
is selected the protocol, prefix, and port defaults will change to more
sensible defaults for NVMe::
CINDER_TARGET_HELPER="nvmet"
CINDER_TARGET_PROTOCOL="nvmet_rdma"
CINDER_TARGET_PREFIX="nvme-subsystem-1"
CINDER_TARGET_PORT=4420
When selecting the RDMA transport protocol DevStack will create on Cinder nodes
a Software RoCE device on top of the ``HOST_IP_IFACE`` and if it is not defined
then on top of the interface with IP address ``HOST_IP`` or ``HOST_IPV6``.
This Soft-RoCE device will always be created on the Nova compute side since we
cannot tell beforehand whether there will be an RDMA connection or not.
Keystone
~~~~~~~~
@@ -672,7 +725,6 @@ In RegionTwo:
disable_service horizon
KEYSTONE_SERVICE_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
KEYSTONE_AUTH_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
REGION_NAME=RegionTwo
KEYSTONE_REGION_NAME=RegionOne
@@ -685,15 +737,22 @@ KEYSTONE_REGION_NAME to specify the region of Keystone service.
KEYSTONE_REGION_NAME has a default value the same as REGION_NAME thus we omit
it in the configuration of RegionOne.
Disabling Identity API v2
+++++++++++++++++++++++++
Glance
++++++
The Identity API v2 is deprecated as of Mitaka and it is recommended to only
use the v3 API. It is possible to setup keystone without v2 API, by doing:
The default image size quota of 1GiB may be too small if larger images
are to be used. Change the default at setup time with:
::
ENABLE_IDENTITY_V2=False
GLANCE_LIMIT_IMAGE_SIZE_TOTAL=5000
or at runtime via:
::
openstack --os-cloud devstack-system-admin registered limit set \
--service glance --default-limit 5000 --region RegionOne image_size_total
.. _arch-configuration:
+4 -3
View File
@@ -13,7 +13,7 @@ with Devstack.
Communication
~~~~~~~~~~~~~
* IRC channel ``#openstack-qa`` at FreeNode
* IRC channel ``#openstack-qa`` at OFTC.
* Mailing list (prefix subjects with ``[qa][devstack]`` for faster responses)
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss
@@ -42,8 +42,9 @@ Getting Your Patch Merged
~~~~~~~~~~~~~~~~~~~~~~~~~
All changes proposed to the Devstack require two ``Code-Review +2`` votes from
Devstack core reviewers before one of the core reviewers can approve the patch
by giving ``Workflow +1`` vote. One exception is for patches to unblock the gate
which can be approved by single core reviewers.
by giving ``Workflow +1`` vote. There are 2 exceptions, approving patches to
unblock the gate and patches that do not relate to the Devstack's core logic,
like for example old job cleanups, can be approved by single core reviewers.
Project Team Lead Duties
~~~~~~~~~~~~~~~~~~~~~~~~
+6
View File
@@ -20,6 +20,12 @@ provides consumption output when available memory is seen to be
falling (i.e. processes are consuming memory). It also provides
output showing locked (unswappable) memory.
file_tracker
------------
The ``file_tracker`` service periodically monitors the number of
open files in the system.
tcpdump
-------
+4 -4
View File
@@ -20,7 +20,7 @@ Walk through various setups used by stackers
guides/neutron
guides/devstack-with-nested-kvm
guides/nova
guides/devstack-with-lbaas-v2
guides/devstack-with-octavia
guides/devstack-with-ldap
All-In-One Single VM
@@ -69,10 +69,10 @@ Nova and devstack
Guide to working with nova features :doc:`Nova and devstack <guides/nova>`.
Configure Load-Balancer Version 2
-----------------------------------
Configure Octavia
-----------------
Guide on :doc:`Configure Load-Balancer Version 2 <guides/devstack-with-lbaas-v2>`.
Guide on :doc:`Configure Octavia <guides/devstack-with-octavia>`.
Deploying DevStack with LDAP
----------------------------
@@ -1,145 +0,0 @@
Devstack with Octavia Load Balancing
====================================
Starting with the OpenStack Pike release, Octavia is now a standalone service
providing load balancing services for OpenStack.
This guide will show you how to create a devstack with `Octavia API`_ enabled.
.. _Octavia API: https://docs.openstack.org/api-ref/load-balancer/v2/index.html
Phase 1: Create DevStack + 2 nova instances
--------------------------------------------
First, set up a vm of your choice with at least 8 GB RAM and 16 GB disk space,
make sure it is updated. Install git and any other developer tools you find
useful.
Install devstack
::
git clone https://opendev.org/openstack/devstack
cd devstack/tools
sudo ./create-stack-user.sh
cd ../..
sudo mv devstack /opt/stack
sudo chown -R stack.stack /opt/stack/devstack
This will clone the current devstack code locally, then setup the "stack"
account that devstack services will run under. Finally, it will move devstack
into its default location in /opt/stack/devstack.
Edit your ``/opt/stack/devstack/local.conf`` to look like
::
[[local|localrc]]
enable_plugin octavia https://opendev.org/openstack/octavia
# If you are enabling horizon, include the octavia dashboard
# enable_plugin octavia-dashboard https://opendev.org/openstack/octavia-dashboard.git
# If you are enabling barbican for TLS offload in Octavia, include it here.
# enable_plugin barbican https://opendev.org/openstack/barbican
# ===== BEGIN localrc =====
DATABASE_PASSWORD=password
ADMIN_PASSWORD=password
SERVICE_PASSWORD=password
SERVICE_TOKEN=password
RABBIT_PASSWORD=password
# Enable Logging
LOGFILE=$DEST/logs/stack.sh.log
VERBOSE=True
LOG_COLOR=True
# Pre-requisite
ENABLED_SERVICES=rabbit,mysql,key
# Horizon - enable for the OpenStack web GUI
# ENABLED_SERVICES+=,horizon
# Nova
ENABLED_SERVICES+=,n-api,n-crt,n-cpu,n-cond,n-sch,n-api-meta,n-sproxy
ENABLED_SERVICES+=,placement-api,placement-client
# Glance
ENABLED_SERVICES+=,g-api
# Neutron
ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta,neutron
ENABLED_SERVICES+=,octavia,o-cw,o-hk,o-hm,o-api
# Cinder
ENABLED_SERVICES+=,c-api,c-vol,c-sch
# Tempest
ENABLED_SERVICES+=,tempest
# Barbican - Optionally used for TLS offload in Octavia
# ENABLED_SERVICES+=,barbican
# ===== END localrc =====
Run stack.sh and do some sanity checks
::
sudo su - stack
cd /opt/stack/devstack
./stack.sh
. ./openrc
openstack network list # should show public and private networks
Create two nova instances that we can use as test http servers:
::
#create nova instances on private network
openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node1
openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node2
openstack server list # should show the nova instances just created
#add secgroup rules to allow ssh etc..
openstack security group rule create default --protocol icmp
openstack security group rule create default --protocol tcp --dst-port 22:22
openstack security group rule create default --protocol tcp --dst-port 80:80
Set up a simple web server on each of these instances. ssh into each instance (username 'cirros', password 'cubswin:)' or 'gocubsgo') and run
::
MYIP=$(ifconfig eth0|grep 'inet addr'|awk -F: '{print $2}'| awk '{print $1}')
while true; do echo -e "HTTP/1.0 200 OK\r\n\r\nWelcome to $MYIP" | sudo nc -l -p 80 ; done&
Phase 2: Create your load balancer
----------------------------------
Make sure you have the 'openstack loadbalancer' commands:
::
pip install python-octaviaclient
Create your load balancer:
::
openstack loadbalancer create --name lb1 --vip-subnet-id private-subnet
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer listener create --protocol HTTP --protocol-port 80 --name listener1 lb1
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer pool create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer healthmonitor create --delay 5 --timeout 2 --max-retries 1 --type HTTP pool1
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer member create --subnet-id private-subnet --address <web server 1 address> --protocol-port 80 pool1
openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
openstack loadbalancer member create --subnet-id private-subnet --address <web server 2 address> --protocol-port 80 pool1
Please note: The <web server # address> fields are the IP addresses of the nova
servers created in Phase 1.
Also note, using the API directly you can do all of the above commands in one
API call.
Phase 3: Test your load balancer
--------------------------------
::
openstack loadbalancer show lb1 # Note the vip_address
curl http://<vip_address>
curl http://<vip_address>
This should show the "Welcome to <IP>" message from each member server.
@@ -1,3 +1,5 @@
.. _kvm_nested_virt:
=======================================================
Configure DevStack with KVM-based Nested Virtualization
=======================================================
+144
View File
@@ -0,0 +1,144 @@
Devstack with Octavia Load Balancing
====================================
Starting with the OpenStack Pike release, Octavia is now a standalone service
providing load balancing services for OpenStack.
This guide will show you how to create a devstack with `Octavia API`_ enabled.
.. _Octavia API: https://docs.openstack.org/api-ref/load-balancer/v2/index.html
Phase 1: Create DevStack + 2 nova instances
--------------------------------------------
First, set up a VM of your choice with at least 8 GB RAM and 16 GB disk space,
make sure it is updated. Install git and any other developer tools you find
useful.
Install devstack::
git clone https://opendev.org/openstack/devstack
cd devstack/tools
sudo ./create-stack-user.sh
cd ../..
sudo mv devstack /opt/stack
sudo chown -R stack.stack /opt/stack/devstack
This will clone the current devstack code locally, then setup the "stack"
account that devstack services will run under. Finally, it will move devstack
into its default location in /opt/stack/devstack.
Edit your ``/opt/stack/devstack/local.conf`` to look like::
[[local|localrc]]
# ===== BEGIN localrc =====
DATABASE_PASSWORD=password
ADMIN_PASSWORD=password
SERVICE_PASSWORD=password
SERVICE_TOKEN=password
RABBIT_PASSWORD=password
GIT_BASE=https://opendev.org
# Optional settings:
# OCTAVIA_AMP_BASE_OS=centos
# OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID=9-stream
# OCTAVIA_AMP_IMAGE_SIZE=3
# OCTAVIA_LB_TOPOLOGY=ACTIVE_STANDBY
# OCTAVIA_ENABLE_AMPHORAV2_JOBBOARD=True
# LIBS_FROM_GIT+=octavia-lib,
# Enable Logging
LOGFILE=$DEST/logs/stack.sh.log
VERBOSE=True
LOG_COLOR=True
enable_service rabbit
enable_plugin neutron $GIT_BASE/openstack/neutron
# Octavia supports using QoS policies on the VIP port:
enable_service q-qos
enable_service placement-api placement-client
# Octavia services
enable_plugin octavia $GIT_BASE/openstack/octavia master
enable_plugin octavia-dashboard $GIT_BASE/openstack/octavia-dashboard
enable_plugin ovn-octavia-provider $GIT_BASE/openstack/ovn-octavia-provider
enable_plugin octavia-tempest-plugin $GIT_BASE/openstack/octavia-tempest-plugin
enable_service octavia o-api o-cw o-hm o-hk o-da
# If you are enabling barbican for TLS offload in Octavia, include it here.
# enable_plugin barbican $GIT_BASE/openstack/barbican
# enable_service barbican
# Cinder (optional)
disable_service c-api c-vol c-sch
# Tempest
enable_service tempest
# ===== END localrc =====
.. note::
For best performance it is highly recommended to use KVM
virtualization instead of QEMU.
Also make sure nested virtualization is enabled as documented in
:ref:`the respective guide <kvm_nested_virt>`.
By adding ``LIBVIRT_CPU_MODE="host-passthrough"`` to your
``local.conf`` you enable the guest VMs to make use of all features your
host's CPU provides.
Run stack.sh and do some sanity checks::
sudo su - stack
cd /opt/stack/devstack
./stack.sh
. ./openrc
openstack network list # should show public and private networks
Create two nova instances that we can use as test http servers::
# create nova instances on private network
openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node1
openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node2
openstack server list # should show the nova instances just created
# add secgroup rules to allow ssh etc..
openstack security group rule create default --protocol icmp
openstack security group rule create default --protocol tcp --dst-port 22:22
openstack security group rule create default --protocol tcp --dst-port 80:80
Set up a simple web server on each of these instances. One possibility is to use
the `Golang test server`_ that is used by the Octavia project for CI testing
as well.
Copy the binary to your instances and start it as shown below
(username 'cirros', password 'gocubsgo')::
INST_IP=<instance IP>
scp -O test_server.bin cirros@${INST_IP}:
ssh -f cirros@${INST_IP} ./test_server.bin -id ${INST_IP}
When started this way the test server will respond to HTTP requests with
its own IP.
Phase 2: Create your load balancer
----------------------------------
Create your load balancer::
openstack loadbalancer create --wait --name lb1 --vip-subnet-id private-subnet
openstack loadbalancer listener create --wait --protocol HTTP --protocol-port 80 --name listener1 lb1
openstack loadbalancer pool create --wait --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
openstack loadbalancer healthmonitor create --wait --delay 5 --timeout 2 --max-retries 1 --type HTTP pool1
openstack loadbalancer member create --wait --subnet-id private-subnet --address <web server 1 address> --protocol-port 80 pool1
openstack loadbalancer member create --wait --subnet-id private-subnet --address <web server 2 address> --protocol-port 80 pool1
Please note: The <web server # address> fields are the IP addresses of the nova
servers created in Phase 1.
Also note, using the API directly you can do all of the above commands in one
API call.
Phase 3: Test your load balancer
--------------------------------
::
openstack loadbalancer show lb1 # Note the vip_address
curl http://<vip_address>
curl http://<vip_address>
This should show the "Welcome to <IP>" message from each member server.
.. _Golang test server: https://opendev.org/openstack/octavia-tempest-plugin/src/branch/master/octavia_tempest_plugin/contrib/test_server
+11 -3
View File
@@ -75,13 +75,21 @@ Otherwise create the stack user:
useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
::
chmod +x /opt/stack
This user will be making many changes to your system during installation
and operation so it needs to have sudo privileges to root without a
password:
::
echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
From here on use the ``stack`` user. **Logout** and **login** as the
``stack`` user.
@@ -169,7 +177,7 @@ machines, create a ``local.conf`` with:
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
GLANCE_HOSTPORT=$SERVICE_HOST:9292
ENABLED_SERVICES=n-cpu,q-agt,c-vol,placement-client
ENABLED_SERVICES=n-cpu,c-vol,placement-client,ovn-controller,ovs-vswitchd,ovsdb-server,q-ovn-metadata-agent
NOVA_VNC_ENABLED=True
NOVNCPROXY_URL="http://$SERVICE_HOST:6080/vnc_lite.html"
VNCSERVER_LISTEN=$HOST_IP
@@ -395,7 +403,7 @@ SSH keys need to be exchanged between each compute node:
3. Verify that login via ssh works without a password::
ssh -i /root/.ssh/id_rsa.pub stack@DESTINATION
ssh -i /root/.ssh/id_rsa stack@DESTINATION
In essence, this means that every compute node's root user's public RSA key
must exist in every other compute node's stack user's authorized_keys file and
+6 -54
View File
@@ -41,19 +41,8 @@ network and is on a shared subnet with other machines. The
`local.conf` exhibited here assumes that 1500 is a reasonable MTU to
use on that network.
.. nwdiag::
nwdiag {
inet [ shape = cloud ];
router;
inet -- router;
network hardware_network {
address = "172.18.161.0/24"
router [ address = "172.18.161.1" ];
devstack-1 [ address = "172.18.161.6" ];
}
}
.. image:: /assets/images/neutron-network-1.png
:alt: Network configuration for a single DevStack node
DevStack Configuration
@@ -100,21 +89,8 @@ also want to do multinode testing and networking.
Physical Network Setup
~~~~~~~~~~~~~~~~~~~~~~
.. nwdiag::
nwdiag {
inet [ shape = cloud ];
router;
inet -- router;
network hardware_network {
address = "172.18.161.0/24"
router [ address = "172.18.161.1" ];
devstack-1 [ address = "172.18.161.6" ];
devstack-2 [ address = "172.18.161.7" ];
}
}
.. image:: /assets/images/neutron-network-2.png
:alt: Network configuration for multiple DevStack nodes
After DevStack installs and configures Neutron, traffic from guest VMs
flows out of `devstack-2` (the compute node) and is encapsulated in a
@@ -222,8 +198,6 @@ connect OpenStack nodes (like `devstack-2`) together. This bridge is
used so that project network traffic, using the VXLAN tunneling
protocol, flows between each compute node where project instances run.
DevStack Compute Configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -268,30 +242,8 @@ to the neutron L3 service.
Physical Network Setup
----------------------
.. nwdiag::
nwdiag {
inet [ shape = cloud ];
router;
inet -- router;
network provider_net {
address = "203.0.113.0/24"
router [ address = "203.0.113.1" ];
controller;
compute1;
compute2;
}
network control_plane {
router [ address = "10.0.0.1" ]
address = "10.0.0.0/24"
controller [ address = "10.0.0.2" ]
compute1 [ address = "10.0.0.3" ]
compute2 [ address = "10.0.0.4" ]
}
}
.. image:: /assets/images/neutron-network-3.png
:alt: Network configuration for provider networks
On a compute node, the first interface, eth0 is used for the OpenStack
management (API, message bus, etc) as well as for ssh for an
+1 -1
View File
@@ -122,7 +122,7 @@ when creating the server, for example:
.. code-block:: shell
$ openstack --os-compute-api-version 2.37 server create --flavor cirros256 \
--image cirros-0.3.5-x86_64-disk --nic none --wait test-server
--image cirros-0.6.3-x86_64-disk --nic none --wait test-server
.. note:: ``--os-compute-api-version`` greater than or equal to 2.37 is
required to use ``--nic=none``.
+12 -1
View File
@@ -49,13 +49,21 @@ below)
$ sudo useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
.. code-block:: console
$ sudo chmod +x /opt/stack
Since this user will be making many changes to your system, it will need
to have sudo privileges:
.. code-block:: console
$ apt-get install sudo -y || yum install -y sudo
$ echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
$ echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
.. note:: On some systems you may need to use ``sudo visudo``.
@@ -98,6 +106,9 @@ do the following:
- Set the service password. This is used by the OpenStack services
(Nova, Glance, etc) to authenticate with Keystone.
.. warning:: Only use alphanumeric characters in your passwords, as some
services fail to work when using special characters.
``local.conf`` should look something like this:
.. code-block:: ini
+19 -6
View File
@@ -37,10 +37,10 @@ Install Linux
-------------
Start with a clean and minimal install of a Linux system. DevStack
attempts to support the two latest LTS releases of Ubuntu, the
latest/current Fedora version, CentOS/RHEL 8 and OpenSUSE.
attempts to support the two latest LTS releases of Ubuntu,
Rocky Linux 9 and openEuler.
If you do not have a preference, Ubuntu 18.04 (Bionic Beaver) is the
If you do not have a preference, Ubuntu 22.04 (Jammy) is the
most tested, and will probably go the smoothest.
Add Stack User (optional)
@@ -57,13 +57,21 @@ to run DevStack with
$ sudo useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
.. code-block:: console
$ sudo chmod +x /opt/stack
Since this user will be making many changes to your system, it should
have sudo privileges:
.. code-block:: console
$ echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
$ sudo su - stack
$ sudo -u stack -i
Download DevStack
-----------------
@@ -93,7 +101,10 @@ devstack git repo.
This is the minimum required config to get started with DevStack.
.. note:: There is a sample :download:`local.conf </assets/local.conf>` file
under the *samples* directory in the devstack repository.
under the *samples* directory in the devstack repository.
.. warning:: Only use alphanumeric characters in your passwords, as some
services fail to work when using special characters.
Start the install
-----------------
@@ -102,7 +113,7 @@ Start the install
$ ./stack.sh
This will take a 15 - 20 minutes, largely depending on the speed of
This will take 15 - 30 minutes, largely depending on the speed of
your internet connection. Many git trees and packages will be
installed during this process.
@@ -122,6 +133,8 @@ there.
You can ``source openrc`` in your shell, and then use the
``openstack`` command line tool to manage your devstack.
You can :ref:`create a VM and SSH into it <ssh>`.
You can ``cd /opt/stack/tempest`` and run tempest tests that have
been configured to work with your devstack.
+123 -1
View File
@@ -68,7 +68,7 @@ Shared Guest Interface
.. warning::
This is not a recommended configuration. Because of interactions
between ovs and bridging, if you reboot your box with active
between OVS and bridging, if you reboot your box with active
networking you may lose network connectivity to your system.
If you need your guests accessible on the network, but only have 1
@@ -114,3 +114,125 @@ For IPv6, ``FIXED_RANGE_V6`` will default to the first /64 of the value of
``FIXED_RANGE_V6`` will just use the value of that directly.
``SUBNETPOOL_PREFIX_V6`` will just default to the value of
``IPV6_ADDRS_SAFE_TO_USE`` directly.
.. _ssh:
SSH access to instances
=======================
To validate connectivity, you can create an instance using the
``$PRIVATE_NETWORK_NAME`` network (default: ``private``), create a floating IP
using the ``$PUBLIC_NETWORK_NAME`` network (default: ``public``), and attach
this floating IP to the instance:
.. code-block:: shell
openstack keypair create --public-key ~/.ssh/id_rsa.pub test-keypair
openstack server create --network private --key-name test-keypair ... test-server
fip_id=$(openstack floating ip create public -f value -c id)
openstack server add floating ip test-server ${fip_id}
Once done, ensure you have enabled SSH and ICMP (ping) access for the security
group used for the instance. You can either create a custom security group and
specify it when creating the instance or add it after creation, or you can
modify the ``default`` security group created by default for each project.
Let's do the latter:
.. code-block:: shell
openstack security group rule create --proto icmp --dst-port 0 default
openstack security group rule create --proto tcp --dst-port 22 default
Finally, SSH into the instance. If you used the Cirros instance uploaded by
default, then you can run the following:
.. code-block:: shell
openstack server ssh test-server -- -l cirros
This will connect using the ``cirros`` user and the keypair you configured when
creating the instance.
Remote SSH access to instances
==============================
You can also SSH to created instances on your DevStack host from other hosts.
This can be helpful if you are e.g. deploying DevStack in a VM on an existing
cloud and wish to do development on your local machine. There are a few ways to
do this.
.. rubric:: Configure instances to be locally accessible
The most obvious way is to configure guests to be locally accessible, as
described `above <Locally Accessible Guests>`__. This has the advantage of
requiring no further effort on the client. However, it is more involved and
requires either support from your cloud or some inadvisable workarounds.
.. rubric:: Use your DevStack host as a jump host
You can choose to use your DevStack host as a jump host. To SSH to a instance
this way, pass the standard ``-J`` option to the ``openstack ssh`` / ``ssh``
command. For example:
.. code-block::
openstack server ssh test-server -- -l cirros -J username@devstack-host
(where ``test-server`` is name of an existing instance, as described
:ref:`previously <ssh>`, and ``username`` and ``devstack-host`` are the
username and hostname of your DevStack host).
This can also be configured via your ``~/.ssh/config`` file, making it rather
effortless. However, it only allows SSH access. If you want to access e.g. a
web application on the instance, you will need to configure an SSH tunnel and
forward select ports using the ``-L`` option. For example, to forward HTTP
traffic:
.. code-block::
openstack server ssh test-server -- -l cirros -L 8080:username@devstack-host:80
(where ``test-server`` is name of an existing instance, as described
:ref:`previously <ssh>`, and ``username`` and ``devstack-host`` are the
username and hostname of your DevStack host).
As you can imagine, this can quickly get out of hand, particularly for more
complex guest applications with multiple ports.
.. rubric:: Use a proxy or VPN tool
You can use a proxy or VPN tool to enable tunneling for the floating IP
address range of the ``$PUBLIC_NETWORK_NAME`` network (default: ``public``)
defined by ``$FLOATING_RANGE`` (default: ``172.24.4.0/24``). There are many
such tools available to do this. For example, we could use a useful utility
called `shuttle`__. To enable tunneling using ``shuttle``, first ensure you
have allowed SSH and HTTP(S) traffic to your DevStack host. Allowing HTTP(S)
traffic is necessary so you can use the OpenStack APIs remotely. How you do
this will depend on where your DevStack host is running. Once this is done,
install ``sshuttle`` on your localhost:
.. code-block:: bash
sudo apt-get install sshuttle || yum install sshuttle
Finally, start ``sshuttle`` on your localhost using the floating IP address
range. For example, assuming you are using the default value for
``$FLOATING_RANGE``, you can do:
.. code-block:: bash
sshuttle -r username@devstack-host 172.24.4.0/24
(where ``username`` and ``devstack-host`` are the username and hostname of your
DevStack host).
You should now be able to create an instance and SSH into it:
.. code-block:: bash
openstack server ssh test-server -- -l cirros
(where ``test-server`` is name of an existing instance, as described
:ref:`previously <ssh>`)
.. __: https://github.com/sshuttle/sshuttle
+2 -3
View File
@@ -23,13 +23,12 @@ strategy to include the latest Ubuntu release and the latest RHEL
release.*
- Ubuntu: current LTS release plus current development release
- Fedora: current release plus previous release
- RHEL/CentOS: current major release
- RHEL/CentOS/RockyLinux: current major release
- Other OS platforms may continue to be included but the maintenance of
those platforms shall not be assumed simply due to their presence.
Having a listed point-of-contact for each additional OS will greatly
increase its chance of being well-maintained.
- Patches for Ubuntu and/or Fedora will not be held up due to
- Patches for Ubuntu and/or RockyLinux will not be held up due to
side-effects on other OS platforms.
Databases
+11 -34
View File
@@ -28,8 +28,6 @@ openstack/aodh `https://opendev.org/openstack/aodh <ht
openstack/barbican `https://opendev.org/openstack/barbican <https://opendev.org/openstack/barbican>`__
openstack/blazar `https://opendev.org/openstack/blazar <https://opendev.org/openstack/blazar>`__
openstack/ceilometer `https://opendev.org/openstack/ceilometer <https://opendev.org/openstack/ceilometer>`__
openstack/ceilometer-powervm `https://opendev.org/openstack/ceilometer-powervm <https://opendev.org/openstack/ceilometer-powervm>`__
openstack/cinderlib `https://opendev.org/openstack/cinderlib <https://opendev.org/openstack/cinderlib>`__
openstack/cloudkitty `https://opendev.org/openstack/cloudkitty <https://opendev.org/openstack/cloudkitty>`__
openstack/cyborg `https://opendev.org/openstack/cyborg <https://opendev.org/openstack/cyborg>`__
openstack/designate `https://opendev.org/openstack/designate <https://opendev.org/openstack/designate>`__
@@ -39,9 +37,6 @@ openstack/devstack-plugin-container `https://opendev.org/openstack/devstack
openstack/devstack-plugin-kafka `https://opendev.org/openstack/devstack-plugin-kafka <https://opendev.org/openstack/devstack-plugin-kafka>`__
openstack/devstack-plugin-nfs `https://opendev.org/openstack/devstack-plugin-nfs <https://opendev.org/openstack/devstack-plugin-nfs>`__
openstack/devstack-plugin-open-cas `https://opendev.org/openstack/devstack-plugin-open-cas <https://opendev.org/openstack/devstack-plugin-open-cas>`__
openstack/devstack-plugin-pika `https://opendev.org/openstack/devstack-plugin-pika <https://opendev.org/openstack/devstack-plugin-pika>`__
openstack/devstack-plugin-zmq `https://opendev.org/openstack/devstack-plugin-zmq <https://opendev.org/openstack/devstack-plugin-zmq>`__
openstack/ec2-api `https://opendev.org/openstack/ec2-api <https://opendev.org/openstack/ec2-api>`__
openstack/freezer `https://opendev.org/openstack/freezer <https://opendev.org/openstack/freezer>`__
openstack/freezer-api `https://opendev.org/openstack/freezer-api <https://opendev.org/openstack/freezer-api>`__
openstack/freezer-tempest-plugin `https://opendev.org/openstack/freezer-tempest-plugin <https://opendev.org/openstack/freezer-tempest-plugin>`__
@@ -52,12 +47,8 @@ openstack/ironic `https://opendev.org/openstack/ironic <
openstack/ironic-inspector `https://opendev.org/openstack/ironic-inspector <https://opendev.org/openstack/ironic-inspector>`__
openstack/ironic-prometheus-exporter `https://opendev.org/openstack/ironic-prometheus-exporter <https://opendev.org/openstack/ironic-prometheus-exporter>`__
openstack/ironic-ui `https://opendev.org/openstack/ironic-ui <https://opendev.org/openstack/ironic-ui>`__
openstack/karbor `https://opendev.org/openstack/karbor <https://opendev.org/openstack/karbor>`__
openstack/karbor-dashboard `https://opendev.org/openstack/karbor-dashboard <https://opendev.org/openstack/karbor-dashboard>`__
openstack/keystone `https://opendev.org/openstack/keystone <https://opendev.org/openstack/keystone>`__
openstack/kuryr-kubernetes `https://opendev.org/openstack/kuryr-kubernetes <https://opendev.org/openstack/kuryr-kubernetes>`__
openstack/kuryr-libnetwork `https://opendev.org/openstack/kuryr-libnetwork <https://opendev.org/openstack/kuryr-libnetwork>`__
openstack/kuryr-tempest-plugin `https://opendev.org/openstack/kuryr-tempest-plugin <https://opendev.org/openstack/kuryr-tempest-plugin>`__
openstack/magnum `https://opendev.org/openstack/magnum <https://opendev.org/openstack/magnum>`__
openstack/magnum-ui `https://opendev.org/openstack/magnum-ui <https://opendev.org/openstack/magnum-ui>`__
openstack/manila `https://opendev.org/openstack/manila <https://opendev.org/openstack/manila>`__
@@ -65,55 +56,40 @@ openstack/manila-tempest-plugin `https://opendev.org/openstack/manila-t
openstack/manila-ui `https://opendev.org/openstack/manila-ui <https://opendev.org/openstack/manila-ui>`__
openstack/masakari `https://opendev.org/openstack/masakari <https://opendev.org/openstack/masakari>`__
openstack/mistral `https://opendev.org/openstack/mistral <https://opendev.org/openstack/mistral>`__
openstack/monasca-analytics `https://opendev.org/openstack/monasca-analytics <https://opendev.org/openstack/monasca-analytics>`__
openstack/monasca-api `https://opendev.org/openstack/monasca-api <https://opendev.org/openstack/monasca-api>`__
openstack/monasca-ceilometer `https://opendev.org/openstack/monasca-ceilometer <https://opendev.org/openstack/monasca-ceilometer>`__
openstack/monasca-events-api `https://opendev.org/openstack/monasca-events-api <https://opendev.org/openstack/monasca-events-api>`__
openstack/monasca-log-api `https://opendev.org/openstack/monasca-log-api <https://opendev.org/openstack/monasca-log-api>`__
openstack/monasca-tempest-plugin `https://opendev.org/openstack/monasca-tempest-plugin <https://opendev.org/openstack/monasca-tempest-plugin>`__
openstack/monasca-transform `https://opendev.org/openstack/monasca-transform <https://opendev.org/openstack/monasca-transform>`__
openstack/murano `https://opendev.org/openstack/murano <https://opendev.org/openstack/murano>`__
openstack/networking-bagpipe `https://opendev.org/openstack/networking-bagpipe <https://opendev.org/openstack/networking-bagpipe>`__
openstack/networking-baremetal `https://opendev.org/openstack/networking-baremetal <https://opendev.org/openstack/networking-baremetal>`__
openstack/networking-bgpvpn `https://opendev.org/openstack/networking-bgpvpn <https://opendev.org/openstack/networking-bgpvpn>`__
openstack/networking-generic-switch `https://opendev.org/openstack/networking-generic-switch <https://opendev.org/openstack/networking-generic-switch>`__
openstack/networking-hyperv `https://opendev.org/openstack/networking-hyperv <https://opendev.org/openstack/networking-hyperv>`__
openstack/networking-l2gw `https://opendev.org/openstack/networking-l2gw <https://opendev.org/openstack/networking-l2gw>`__
openstack/networking-midonet `https://opendev.org/openstack/networking-midonet <https://opendev.org/openstack/networking-midonet>`__
openstack/networking-odl `https://opendev.org/openstack/networking-odl <https://opendev.org/openstack/networking-odl>`__
openstack/networking-powervm `https://opendev.org/openstack/networking-powervm <https://opendev.org/openstack/networking-powervm>`__
openstack/networking-sfc `https://opendev.org/openstack/networking-sfc <https://opendev.org/openstack/networking-sfc>`__
openstack/neutron `https://opendev.org/openstack/neutron <https://opendev.org/openstack/neutron>`__
openstack/neutron-dynamic-routing `https://opendev.org/openstack/neutron-dynamic-routing <https://opendev.org/openstack/neutron-dynamic-routing>`__
openstack/neutron-fwaas `https://opendev.org/openstack/neutron-fwaas <https://opendev.org/openstack/neutron-fwaas>`__
openstack/neutron-fwaas-dashboard `https://opendev.org/openstack/neutron-fwaas-dashboard <https://opendev.org/openstack/neutron-fwaas-dashboard>`__
openstack/neutron-tempest-plugin `https://opendev.org/openstack/neutron-tempest-plugin <https://opendev.org/openstack/neutron-tempest-plugin>`__
openstack/neutron-vpnaas `https://opendev.org/openstack/neutron-vpnaas <https://opendev.org/openstack/neutron-vpnaas>`__
openstack/neutron-vpnaas-dashboard `https://opendev.org/openstack/neutron-vpnaas-dashboard <https://opendev.org/openstack/neutron-vpnaas-dashboard>`__
openstack/nova-powervm `https://opendev.org/openstack/nova-powervm <https://opendev.org/openstack/nova-powervm>`__
openstack/nova `https://opendev.org/openstack/nova <https://opendev.org/openstack/nova>`__
openstack/octavia `https://opendev.org/openstack/octavia <https://opendev.org/openstack/octavia>`__
openstack/octavia-dashboard `https://opendev.org/openstack/octavia-dashboard <https://opendev.org/openstack/octavia-dashboard>`__
openstack/octavia-tempest-plugin `https://opendev.org/openstack/octavia-tempest-plugin <https://opendev.org/openstack/octavia-tempest-plugin>`__
openstack/openstacksdk `https://opendev.org/openstack/openstacksdk <https://opendev.org/openstack/openstacksdk>`__
openstack/os-loganalyze `https://opendev.org/openstack/os-loganalyze <https://opendev.org/openstack/os-loganalyze>`__
openstack/osprofiler `https://opendev.org/openstack/osprofiler <https://opendev.org/openstack/osprofiler>`__
openstack/oswin-tempest-plugin `https://opendev.org/openstack/oswin-tempest-plugin <https://opendev.org/openstack/oswin-tempest-plugin>`__
openstack/ovn-bgp-agent `https://opendev.org/openstack/ovn-bgp-agent <https://opendev.org/openstack/ovn-bgp-agent>`__
openstack/ovn-octavia-provider `https://opendev.org/openstack/ovn-octavia-provider <https://opendev.org/openstack/ovn-octavia-provider>`__
openstack/panko `https://opendev.org/openstack/panko <https://opendev.org/openstack/panko>`__
openstack/patrole `https://opendev.org/openstack/patrole <https://opendev.org/openstack/patrole>`__
openstack/qinling `https://opendev.org/openstack/qinling <https://opendev.org/openstack/qinling>`__
openstack/qinling-dashboard `https://opendev.org/openstack/qinling-dashboard <https://opendev.org/openstack/qinling-dashboard>`__
openstack/rally-openstack `https://opendev.org/openstack/rally-openstack <https://opendev.org/openstack/rally-openstack>`__
openstack/sahara `https://opendev.org/openstack/sahara <https://opendev.org/openstack/sahara>`__
openstack/sahara-dashboard `https://opendev.org/openstack/sahara-dashboard <https://opendev.org/openstack/sahara-dashboard>`__
openstack/searchlight `https://opendev.org/openstack/searchlight <https://opendev.org/openstack/searchlight>`__
openstack/searchlight-ui `https://opendev.org/openstack/searchlight-ui <https://opendev.org/openstack/searchlight-ui>`__
openstack/senlin `https://opendev.org/openstack/senlin <https://opendev.org/openstack/senlin>`__
openstack/shade `https://opendev.org/openstack/shade <https://opendev.org/openstack/shade>`__
openstack/solum `https://opendev.org/openstack/solum <https://opendev.org/openstack/solum>`__
openstack/skyline-apiserver `https://opendev.org/openstack/skyline-apiserver <https://opendev.org/openstack/skyline-apiserver>`__
openstack/storlets `https://opendev.org/openstack/storlets <https://opendev.org/openstack/storlets>`__
openstack/tacker `https://opendev.org/openstack/tacker <https://opendev.org/openstack/tacker>`__
openstack/tap-as-a-service `https://opendev.org/openstack/tap-as-a-service <https://opendev.org/openstack/tap-as-a-service>`__
openstack/telemetry-tempest-plugin `https://opendev.org/openstack/telemetry-tempest-plugin <https://opendev.org/openstack/telemetry-tempest-plugin>`__
openstack/trove `https://opendev.org/openstack/trove <https://opendev.org/openstack/trove>`__
openstack/trove-dashboard `https://opendev.org/openstack/trove-dashboard <https://opendev.org/openstack/trove-dashboard>`__
openstack/venus `https://opendev.org/openstack/venus <https://opendev.org/openstack/venus>`__
openstack/venus-dashboard `https://opendev.org/openstack/venus-dashboard <https://opendev.org/openstack/venus-dashboard>`__
openstack/vitrage `https://opendev.org/openstack/vitrage <https://opendev.org/openstack/vitrage>`__
openstack/vitrage-dashboard `https://opendev.org/openstack/vitrage-dashboard <https://opendev.org/openstack/vitrage-dashboard>`__
openstack/vitrage-tempest-plugin `https://opendev.org/openstack/vitrage-tempest-plugin <https://opendev.org/openstack/vitrage-tempest-plugin>`__
@@ -143,6 +119,7 @@ x/devstack-plugin-glusterfs `https://opendev.org/x/devstack-plugin-
x/devstack-plugin-hdfs `https://opendev.org/x/devstack-plugin-hdfs <https://opendev.org/x/devstack-plugin-hdfs>`__
x/devstack-plugin-libvirt-qemu `https://opendev.org/x/devstack-plugin-libvirt-qemu <https://opendev.org/x/devstack-plugin-libvirt-qemu>`__
x/devstack-plugin-mariadb `https://opendev.org/x/devstack-plugin-mariadb <https://opendev.org/x/devstack-plugin-mariadb>`__
x/devstack-plugin-tobiko `https://opendev.org/x/devstack-plugin-tobiko <https://opendev.org/x/devstack-plugin-tobiko>`__
x/devstack-plugin-vmax `https://opendev.org/x/devstack-plugin-vmax <https://opendev.org/x/devstack-plugin-vmax>`__
x/drbd-devstack `https://opendev.org/x/drbd-devstack <https://opendev.org/x/drbd-devstack>`__
x/fenix `https://opendev.org/x/fenix <https://opendev.org/x/fenix>`__
@@ -169,6 +146,7 @@ x/networking-fortinet `https://opendev.org/x/networking-forti
x/networking-hpe `https://opendev.org/x/networking-hpe <https://opendev.org/x/networking-hpe>`__
x/networking-huawei `https://opendev.org/x/networking-huawei <https://opendev.org/x/networking-huawei>`__
x/networking-infoblox `https://opendev.org/x/networking-infoblox <https://opendev.org/x/networking-infoblox>`__
x/networking-l2gw `https://opendev.org/x/networking-l2gw <https://opendev.org/x/networking-l2gw>`__
x/networking-lagopus `https://opendev.org/x/networking-lagopus <https://opendev.org/x/networking-lagopus>`__
x/networking-mlnx `https://opendev.org/x/networking-mlnx <https://opendev.org/x/networking-mlnx>`__
x/networking-nec `https://opendev.org/x/networking-nec <https://opendev.org/x/networking-nec>`__
@@ -190,14 +168,13 @@ x/rsd-virt-for-nova `https://opendev.org/x/rsd-virt-for-nov
x/scalpels `https://opendev.org/x/scalpels <https://opendev.org/x/scalpels>`__
x/slogging `https://opendev.org/x/slogging <https://opendev.org/x/slogging>`__
x/stackube `https://opendev.org/x/stackube <https://opendev.org/x/stackube>`__
x/tap-as-a-service `https://opendev.org/x/tap-as-a-service <https://opendev.org/x/tap-as-a-service>`__
x/tap-as-a-service-dashboard `https://opendev.org/x/tap-as-a-service-dashboard <https://opendev.org/x/tap-as-a-service-dashboard>`__
x/tatu `https://opendev.org/x/tatu <https://opendev.org/x/tatu>`__
x/tobiko `https://opendev.org/x/tobiko <https://opendev.org/x/tobiko>`__
x/trio2o `https://opendev.org/x/trio2o <https://opendev.org/x/trio2o>`__
x/valet `https://opendev.org/x/valet <https://opendev.org/x/valet>`__
x/vmware-nsx `https://opendev.org/x/vmware-nsx <https://opendev.org/x/vmware-nsx>`__
x/vmware-vspc `https://opendev.org/x/vmware-vspc <https://opendev.org/x/vmware-vspc>`__
x/whitebox-neutron-tempest-plugin `https://opendev.org/x/whitebox-neutron-tempest-plugin <https://opendev.org/x/whitebox-neutron-tempest-plugin>`__
======================================== ===
+2 -5
View File
@@ -238,13 +238,10 @@ package dependencies, packages may be listed at the following
locations in the top-level of the plugin repository:
- ``./devstack/files/debs/$plugin_name`` - Packages to install when running
on Ubuntu, Debian or Linux Mint.
on Ubuntu or Debian.
- ``./devstack/files/rpms/$plugin_name`` - Packages to install when running
on Red Hat, Fedora, CentOS or XenServer.
- ``./devstack/files/rpms-suse/$plugin_name`` - Packages to install when
running on SUSE Linux or openSUSE.
on Red Hat, Fedora, or CentOS.
Although there a no plans to remove this method of installing
packages, plugins should consider it deprecated for ``bindep`` support
-25
View File
@@ -196,31 +196,6 @@ See the `remote-pdb`_ home page for more options.
.. _`remote-pdb`: https://pypi.org/project/remote-pdb/
Known Issues
============
Be careful about systemd python libraries. There are 3 of them on
pypi, and they are all very different. They unfortunately all install
into the ``systemd`` namespace, which can cause some issues.
- ``systemd-python`` - this is the upstream maintained library, it has
a version number like systemd itself (currently ``234``). This is
the one you want.
- ``systemd`` - a python 3 only library, not what you want.
- ``python-systemd`` - another library you don't want. Installing it
on a system will break ansible's ability to run. The package has now
been renamed to ``cysystemd``, which avoids the namespace collision.
If we were using user units, the ``[Service]`` - ``Group=`` parameter
doesn't seem to work with user units, even though the documentation
says that it should. This means that we will need to do an explicit
``/usr/bin/sg``. This has the downside of making the SYSLOG_IDENTIFIER
be ``sg``. We can explicitly set that with ``SyslogIdentifier=``, but
it's really unfortunate that we're going to need this work
around. This is currently not a problem because we're only using
system units.
Future Work
===========
+25
View File
@@ -0,0 +1,25 @@
=======
Tempest
=======
`Tempest`_ is the OpenStack Integration test suite. It is installed by default
and is used to provide integration testing for many of the OpenStack services.
Just like DevStack itself, it is possible to extend Tempest with plugins. In
fact, many Tempest plugin packages also include DevStack plugin to do things
like pre-create required static resources.
The `Tempest documentation <Tempest>`_ provides a thorough guide to using
Tempest. However, if you simply wish to run the standard set of Tempest tests
against an existing deployment, you can do the following:
.. code-block:: shell
cd /opt/stack/tempest
/opt/stack/data/venv/bin/tempest run ...
The above assumes you have installed DevStack in the default location
(configured via the ``DEST`` configuration variable) and have enabled
virtualenv-based installation in the standard location (configured via the
``USE_VENV`` and ``VENV_DEST`` configuration variables, respectively).
.. _Tempest: https://docs.openstack.org/tempest/latest/
+2 -1
View File
@@ -6,7 +6,7 @@ if is_service_enabled tempest; then
source $TOP_DIR/lib/tempest
elif [[ "$1" == "stack" && "$2" == "install" ]]; then
echo_summary "Installing Tempest"
install_tempest
async_runfunc install_tempest
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
# Tempest config must come after layer 2 services are running
:
@@ -17,6 +17,7 @@ if is_service_enabled tempest; then
# local.conf Tempest option overrides
:
elif [[ "$1" == "stack" && "$2" == "test-config" ]]; then
async_wait install_tempest
echo_summary "Initializing Tempest"
configure_tempest
echo_summary "Installing Tempest Plugins"
+1
View File
@@ -39,4 +39,5 @@
CustomLog /var/log/%APACHE_NAME%/horizon_access.log combined
</VirtualHost>
%WSGIPYTHONHOME%
WSGISocketPrefix /var/run/%APACHE_NAME%
+1 -25
View File
@@ -1,5 +1,4 @@
Listen %PUBLICPORT%
Listen %ADMINPORT%
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)" keystone_combined
<Directory %KEYSTONE_BIN%>
@@ -20,24 +19,11 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
%SSLKEYFILE%
</VirtualHost>
<VirtualHost *:%ADMINPORT%>
WSGIDaemonProcess keystone-admin processes=3 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup keystone-admin
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%M"
ErrorLog /var/log/%APACHE_NAME%/keystone.log
CustomLog /var/log/%APACHE_NAME%/keystone_access.log keystone_combined
%SSLENGINE%
%SSLCERTFILE%
%SSLKEYFILE%
</VirtualHost>
%SSLLISTEN%<VirtualHost *:443>
%SSLLISTEN% %SSLENGINE%
%SSLLISTEN% %SSLCERTFILE%
%SSLLISTEN% %SSLKEYFILE%
%SSLLISTEN% SSLProtocol -all +TLSv1.3 +TLSv1.2
%SSLLISTEN%</VirtualHost>
Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
@@ -49,13 +35,3 @@ Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
Alias /identity_admin %KEYSTONE_BIN%/keystone-wsgi-admin
<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
+1
View File
@@ -24,6 +24,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
%SSLLISTEN% %SSLENGINE%
%SSLLISTEN% %SSLCERTFILE%
%SSLLISTEN% %SSLKEYFILE%
%SSLLISTEN% SSLProtocol -all +TLSv1.3 +TLSv1.2
%SSLLISTEN%</VirtualHost>
Alias /networking %NEUTRON_BIN%/neutron-api
-1
View File
@@ -1 +0,0 @@
debs/
+2 -1
View File
@@ -1 +1,2 @@
dstat
dstat # dist:bionic
pcp
+2 -1
View File
@@ -5,6 +5,7 @@ bsdmainutils
curl
default-jre-headless # NOPRIME
g++
gawk
gcc
gettext # used for compiling message catalogs
git
@@ -13,7 +14,6 @@ iputils-ping
libapache2-mod-proxy-uwsgi
libffi-dev # for pyOpenSSL
libjpeg-dev # Pillow 3.0.0
libmysqlclient-dev # MySQL-python
libpcre3-dev # for python-pcre
libpq-dev # psycopg2
libssl-dev # for pyOpenSSL
@@ -28,6 +28,7 @@ pkg-config
psmisc
python3-dev
python3-pip
python3-systemd
python3-venv
tar
tcpdump
-1
View File
@@ -6,7 +6,6 @@ haproxy # to serve as metadata proxy inside router/dhcp namespaces
iptables
iputils-arping
iputils-ping
libmysqlclient-dev
mysql-server #NOPRIME
postgresql-server-dev-all
python3-mysqldb
-4
View File
@@ -1,15 +1,11 @@
conntrack
curl
dnsmasq-base
dnsmasq-utils # for dhcp_release
ebtables
gawk
genisoimage # required for config_drive
iptables
iputils-arping
kpartx
libjs-jquery-tablesorter # Needed for coverage html reports
libmysqlclient-dev
libvirt-clients # NOPRIME
libvirt-daemon-system # NOPRIME
libvirt-dev # NOPRIME
+1
View File
@@ -2,5 +2,6 @@ curl
liberasurecode-dev
make
memcached
rsync
sqlite3
xfsprogs
@@ -1,3 +0,0 @@
enable-tftp
tftp-root=/tftpboot
dhcp-boot=pxelinux.0
+1 -1
View File
@@ -1,4 +1,4 @@
dn: olcDatabase={${LDAP_OLCDB_NUMBER}}hdb,cn=config
dn: olcDatabase={${LDAP_OLCDB_NUMBER}}${LDAP_OLCDB_TYPE},cn=config
changetype: modify
replace: olcSuffix
olcSuffix: ${BASE_DN}
+16
View File
@@ -0,0 +1,16 @@
[Unit]
Description=Activate LVM backing file %BACKING_FILE%
DefaultDependencies=no
After=systemd-udev-settle.service
Before=lvm2-activation-early.service
Wants=systemd-udev-settle.service
[Service]
ExecStart=/sbin/losetup --find --show %DIRECTIO% %BACKING_FILE%
ExecStop=/bin/sh -c '/sbin/losetup -d $$(/sbin/losetup --associated %BACKING_FILE% -O NAME -n)'
RemainAfterExit=yes
Type=oneshot
[Install]
WantedBy=local-fs.target
Also=systemd-udev-settle.service
+118
View File
@@ -0,0 +1,118 @@
#!/usr/bin/env python3
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import socket
import sys
import os
import os.path
import json
server_address = "/tmp/openstack.sock"
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
try:
sock.connect(server_address)
except socket.error as msg:
print(msg, file=sys.stderr)
sys.exit(1)
def send(sock, doc):
jdoc = json.dumps(doc)
sock.send(b'%d\n' % len(jdoc))
sock.sendall(jdoc.encode('utf-8'))
def recv(sock):
length_str = b''
char = sock.recv(1)
if len(char) == 0:
print("Unexpected end of file", file=sys.stderr)
sys.exit(1)
while char != b'\n':
length_str += char
char = sock.recv(1)
if len(char) == 0:
print("Unexpected end of file", file=sys.stderr)
sys.exit(1)
total = int(length_str)
# use a memoryview to receive the data chunk by chunk efficiently
jdoc = memoryview(bytearray(total))
next_offset = 0
while total - next_offset > 0:
recv_size = sock.recv_into(jdoc[next_offset:], total - next_offset)
next_offset += recv_size
try:
doc = json.loads(jdoc.tobytes())
except (TypeError, ValueError) as e:
raise Exception('Data received was not in JSON format')
return doc
try:
env = {}
passenv = ["CINDER_VERSION",
"OS_AUTH_URL",
"OS_NO_CACHE",
"OS_PASSWORD",
"OS_PROJECT_NAME",
"OS_REGION_NAME",
"OS_TENANT_NAME",
"OS_USERNAME",
"OS_VOLUME_API_VERSION",
"OS_CLOUD"]
for name in passenv:
if name in os.environ:
env[name] = os.environ[name]
cmd = {
"app": os.path.basename(sys.argv[0]),
"env": env,
"argv": sys.argv[1:]
}
try:
image_idx = sys.argv.index('image')
create_idx = sys.argv.index('create')
missing_file = image_idx < create_idx and \
not any(x.startswith('--file') for x in sys.argv)
except ValueError:
missing_file = False
if missing_file:
# This means we were called with an image create command, but were
# not provided a --file option. That likely means we're being passed
# the image data to stdin, which won't work because we do not proxy
# stdin to the server. So, we just reject the operation and ask the
# caller to provide the file with --file instead.
# We've already connected to the server, we need to send it some dummy
# data so it doesn't wait forever.
send(sock, {})
print('Image create without --file is not allowed in server mode',
file=sys.stderr)
sys.exit(1)
else:
send(sock, cmd)
doc = recv(sock)
if doc["stdout"] != b'':
print(doc["stdout"], end='')
if doc["stderr"] != b'':
print(doc["stderr"], file=sys.stderr)
sys.exit(doc["status"])
finally:
sock.close()
+118
View File
@@ -0,0 +1,118 @@
#!/usr/bin/env python3
# Copyright 2016 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import socket
import sys
import os
import json
from openstackclient import shell as osc_shell
from io import StringIO
server_address = "/tmp/openstack.sock"
try:
os.unlink(server_address)
except OSError:
if os.path.exists(server_address):
raise
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
print('starting up on %s' % server_address, file=sys.stderr)
sock.bind(server_address)
# Listen for incoming connections
sock.listen(1)
def send(sock, doc):
jdoc = json.dumps(doc)
sock.send(b'%d\n' % len(jdoc))
sock.sendall(jdoc.encode('utf-8'))
def recv(sock):
length_str = b''
char = sock.recv(1)
while char != b'\n':
length_str += char
char = sock.recv(1)
total = int(length_str)
# use a memoryview to receive the data chunk by chunk efficiently
jdoc = memoryview(bytearray(total))
next_offset = 0
while total - next_offset > 0:
recv_size = sock.recv_into(jdoc[next_offset:], total - next_offset)
next_offset += recv_size
try:
doc = json.loads(jdoc.tobytes())
except (TypeError, ValueError) as e:
raise Exception('Data received was not in JSON format')
return doc
while True:
csock, client_address = sock.accept()
try:
doc = recv(csock)
print("%s %s" % (doc["app"], doc["argv"]), file=sys.stderr)
oldenv = {}
for name in doc["env"].keys():
oldenv[name] = os.environ.get(name, None)
os.environ[name] = doc["env"][name]
try:
old_stdout = sys.stdout
old_stderr = sys.stderr
my_stdout = sys.stdout = StringIO()
my_stderr = sys.stderr = StringIO()
class Exit(BaseException):
def __init__(self, status):
self.status = status
def noexit(stat):
raise Exit(stat)
sys.exit = noexit
if doc["app"] == "openstack":
sh = osc_shell.OpenStackShell()
ret = sh.run(doc["argv"])
else:
print("Unknown application %s" % doc["app"], file=sys.stderr)
ret = 1
except Exit as e:
ret = e.status
finally:
sys.stdout = old_stdout
sys.stderr = old_stderr
for name in oldenv.keys():
if oldenv[name] is None:
del os.environ[name]
else:
os.environ[name] = oldenv[name]
send(csock, {
"stdout": my_stdout.getvalue(),
"stderr": my_stderr.getvalue(),
"status": ret,
})
except BaseException as e:
print(e, file=sys.stderr)
finally:
csock.close()
-1
View File
@@ -1 +0,0 @@
dnsmasq
-3
View File
@@ -1,3 +0,0 @@
ceph # NOPRIME
lsb
xfsprogs
-3
View File
@@ -1,3 +0,0 @@
lvm2
qemu-tools
tgt # NOPRIME
-1
View File
@@ -1 +0,0 @@
dstat
-33
View File
@@ -1,33 +0,0 @@
apache2
apache2-devel
bc
ca-certificates-mozilla
curl
gcc
gcc-c++
git-core
graphviz # docs
iputils
libffi-devel # pyOpenSSL
libjpeg8-devel # Pillow 3.0.0
libopenssl-devel # to rebuild pyOpenSSL if needed
libxslt-devel # lxml
lsof # useful when debugging
make
net-tools
openssh
openssl
pcre-devel # python-pcre
postgresql-devel # psycopg2
psmisc
python-cmd2 # dist:opensuse-12.3
python-devel # pyOpenSSL
python-xml
systemd-devel # for systemd-python
tar
tcpdump
unzip
util-linux
wget
which
zlib-devel
-2
View File
@@ -1,2 +0,0 @@
apache2-mod_wsgi # NOPRIME
apache2 # NOPRIME
-4
View File
@@ -1,4 +0,0 @@
cyrus-sasl-devel
memcached
openldap2-devel
sqlite3
-3
View File
@@ -1,3 +0,0 @@
openldap2
openldap2-client
python-ldap
-1
View File
@@ -1 +0,0 @@
python-dateutil
-10
View File
@@ -1,10 +0,0 @@
cdrkit-cdrtools-compat # dist:sle12
cryptsetup
dosfstools
libosinfo
lvm2
mkisofs # not:sle12
open-iscsi
sg3_utils
# Stuff for diablo volumes
sysfsutils
-1
View File
@@ -1 +0,0 @@
ipset
-12
View File
@@ -1,12 +0,0 @@
acl
dnsmasq
dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
ebtables
haproxy # to serve as metadata proxy inside router/dhcp namespaces
iptables
iputils
rabbitmq-server # NOPRIME
radvd # NOPRIME
sqlite3
sudo
vlan
-2
View File
@@ -1,2 +0,0 @@
conntrack-tools
keepalived
-24
View File
@@ -1,24 +0,0 @@
cdrkit-cdrtools-compat # dist:sle12
conntrack-tools
curl
dnsmasq
dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
ebtables
gawk
iptables
iputils
kpartx
kvm # NOPRIME
libvirt # NOPRIME
libvirt-python # NOPRIME
# mkisofs is required for config_drive
mkisofs # not:sle12
parted
polkit
# qemu as fallback if kvm cannot be used
qemu # NOPRIME
rabbitmq-server # NOPRIME
socat
sqlite3
sudo
vlan
-3
View File
@@ -1,3 +0,0 @@
openvswitch
openvswitch-switch
-2
View File
@@ -1,2 +0,0 @@
lsscsi
open-iscsi
-1
View File
@@ -1 +0,0 @@
neutron-agent
-1
View File
@@ -1 +0,0 @@
neutron-l3
-6
View File
@@ -1,6 +0,0 @@
curl
liberasurecode-devel
memcached
sqlite3
xfsprogs
xinetd
+1 -1
View File
@@ -1,3 +1,3 @@
ceph # NOPRIME
redhat-lsb-core
redhat-lsb-core # not:rhel9,openEuler-22.03
xfsprogs
+7 -3
View File
@@ -1,13 +1,16 @@
bc
curl
dbus
gawk
gcc
gcc-c++
gettext # used for compiling message catalogs
git-core
glibc-langpack-en # dist:rhel9
graphviz # needed only for docs
httpd
httpd-devel
iptables-nft # dist:rhel9
iptables-services
java-1.8.0-openjdk-headless
libffi-devel
@@ -15,6 +18,7 @@ libjpeg-turbo-devel # Pillow 3.0.0
libxml2-devel # lxml
libxslt-devel # lxml
libyaml-devel
mod_ssl # required for tls-proxy on centos 9 stream computes
net-tools
openssh-server
openssl
@@ -24,9 +28,9 @@ pkgconfig
postgresql-devel # psycopg2
psmisc
python3-devel
python3-pip
redhat-rpm-config # missing dep for gcc hardening flags, see rhbz#1217376
systemd-devel # for systemd-python
python3-pip # not:openEuler-22.03
python3-systemd
redhat-rpm-config # not:openEuler-22.03 missing dep for gcc hardening flags, see rhbz#1217376
tar
tcpdump
unzip
+2 -1
View File
@@ -1,9 +1,10 @@
cryptsetup
dosfstools
genisoimage
genisoimage # not:rhel9
iscsi-initiator-utils
libosinfo
lvm2
sg3_utils
# Stuff for diablo volumes
sysfsutils
xorriso # not:rhel8
+3 -5
View File
@@ -1,16 +1,14 @@
conntrack-tools
curl
dnsmasq # for q-dhcp
dnsmasq-utils # for dhcp_release
ebtables
gawk
genisoimage # required for config_drive
genisoimage # not:rhel9 required for config_drive
iptables
iputils
kernel-modules
kernel-modules # not:openEuler-22.03
kpartx
parted
polkit
rabbitmq-server # NOPRIME
sqlite
sudo
xorriso # not:rhel8
+1 -1
View File
@@ -4,4 +4,4 @@ memcached
rsync-daemon
sqlite
xfsprogs
xinetd
xinetd # not:f36,rhel9
+57 -46
View File
@@ -21,6 +21,7 @@ source ${FUNC_DIR}/inc/ini-config
source ${FUNC_DIR}/inc/meta-config
source ${FUNC_DIR}/inc/python
source ${FUNC_DIR}/inc/rootwrap
source ${FUNC_DIR}/inc/async
# Save trace setting
_XTRACE_FUNCTIONS=$(set +o | grep xtrace)
@@ -117,7 +118,7 @@ function _upload_image {
useimport="--import"
fi
openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name" --public --container-format "$container" --disk-format "$disk" $useimport $properties < "${image}"
openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name" --public --container-format "$container" --disk-format "$disk" $useimport $properties --file $(readlink -f "${image}")
}
# Retrieve an image from a URL and upload into Glance.
@@ -132,17 +133,28 @@ function upload_image {
local image image_fname image_name
local max_attempts=5
# Create a directory for the downloaded image tarballs.
mkdir -p $FILES/images
image_fname=`basename "$image_url"`
if [[ $image_url != file* ]]; then
# Downloads the image (uec ami+akistyle), then extracts it.
if [[ ! -f $FILES/$image_fname || "$(stat -c "%s" $FILES/$image_fname)" = "0" ]]; then
wget --progress=dot:giga -c $image_url -O $FILES/$image_fname
if [[ $? -ne 0 ]]; then
echo "Not found: $image_url"
return
fi
for attempt in `seq $max_attempts`; do
local rc=0
wget --progress=dot:giga -c $image_url -O $FILES/$image_fname || rc=$?
if [[ $rc -ne 0 ]]; then
if [[ "$attempt" -eq "$max_attempts" ]]; then
echo "Not found: $image_url"
return
fi
echo "Download failed, retrying in $attempt second, attempt: $attempt"
sleep $attempt
else
break
fi
done
fi
image="$FILES/${image_fname}"
else
@@ -279,31 +291,6 @@ function upload_image {
return
fi
# XenServer-vhd-ovf-format images are provided as .vhd.tgz
# and should not be decompressed prior to loading
if [[ "$image_url" =~ '.vhd.tgz' ]]; then
image_name="${image_fname%.vhd.tgz}"
local force_vm_mode=""
if [[ "$image_name" =~ 'cirros' ]]; then
# Cirros VHD image currently only boots in PV mode.
# Nova defaults to PV for all VHD images, but
# the glance setting is needed for booting
# directly from volume.
force_vm_mode="vm_mode=xen"
fi
_upload_image "$image_name" ovf vhd "$image" $force_vm_mode
return
fi
# .xen-raw.tgz suggests a Xen capable raw image inside a tgz.
# and should not be decompressed prior to loading.
# Setting metadata, so PV mode is used.
if [[ "$image_url" =~ '.xen-raw.tgz' ]]; then
image_name="${image_fname%.xen-raw.tgz}"
_upload_image "$image_name" tgz raw "$image" vm_mode=xen
return
fi
if [[ "$image_url" =~ '.hds' ]]; then
image_name="${image_fname%.hds}"
vm_mode=${image_name##*-}
@@ -438,10 +425,10 @@ function upload_image {
# kernel for use when uploading the root filesystem.
local kernel_id="" ramdisk_id="";
if [ -n "$kernel" ]; then
kernel_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-kernel" $(_image_properties_to_arg $img_property) --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2)
kernel_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-kernel" $(_image_properties_to_arg $img_property) --public --container-format aki --disk-format aki --file $(readlink -f "$kernel") -f value -c id)
fi
if [ -n "$ramdisk" ]; then
ramdisk_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-ramdisk" $(_image_properties_to_arg $img_property) --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2)
ramdisk_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-ramdisk" $(_image_properties_to_arg $img_property) --public --container-format ari --disk-format ari --file $(readlink -f "$ramdisk") -f value -c id)
fi
_upload_image "${image_name%.img}" ami ami "$image" ${kernel_id:+ kernel_id=$kernel_id} ${ramdisk_id:+ ramdisk_id=$ramdisk_id} $img_property
fi
@@ -707,6 +694,8 @@ function setup_colorized_logging {
iniset $conf_file DEFAULT logging_default_format_string "%(asctime)s.%(msecs)03d %(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s"
iniset $conf_file DEFAULT logging_debug_format_suffix "from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d"
iniset $conf_file DEFAULT logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s %(instance)s"
# Enable or disable color for oslo.log
iniset $conf_file DEFAULT log_color $LOG_COLOR
}
function setup_systemd_logging {
@@ -728,6 +717,9 @@ function setup_systemd_logging {
iniset $conf_file DEFAULT logging_context_format_string "%(color)s%(levelname)s %(name)s [%(global_request_id)s %(request_id)s %(project_name)s %(user_name)s%(color)s] %(instance)s%(color)s%(message)s"
iniset $conf_file DEFAULT logging_default_format_string "%(color)s%(levelname)s %(name)s [-%(color)s] %(instance)s%(color)s%(message)s"
iniset $conf_file DEFAULT logging_exception_prefix "ERROR %(name)s %(instance)s"
# Enable or disable color for oslo.log
iniset $conf_file DEFAULT log_color $LOG_COLOR
}
function setup_standard_logging_identity {
@@ -751,23 +743,22 @@ if ! function_exists echo_nolog; then
fi
# create_disk - Create backing disk
# create_disk - Create, configure, and mount a backing disk
function create_disk {
local node_number
local disk_image=${1}
local storage_data_dir=${2}
local loopback_disk_size=${3}
local key
# Create a loopback disk and format it to XFS.
if [[ -e ${disk_image} ]]; then
if egrep -q ${storage_data_dir} /proc/mounts; then
sudo umount ${storage_data_dir}
sudo rm -f ${disk_image}
fi
fi
key=$(echo $disk_image | sed 's#/.##')
key="devstack-$key"
sudo mkdir -p ${storage_data_dir}/drives/images
destroy_disk $disk_image $storage_data_dir
# Create an empty file of the correct size (and ensure the
# directory structure up to that path exists)
sudo mkdir -p $(dirname ${disk_image})
sudo truncate -s ${loopback_disk_size} ${disk_image}
# Make a fresh XFS filesystem. Use bigger inodes so xattr can fit in
@@ -777,11 +768,31 @@ function create_disk {
# Swift and Ceph.
sudo mkfs.xfs -f -i size=1024 ${disk_image}
# Mount the disk with mount options to make it as efficient as possible
if ! egrep -q ${storage_data_dir} /proc/mounts; then
sudo mount -t xfs -o loop,noatime,nodiratime,logbufs=8 \
${disk_image} ${storage_data_dir}
# Install a new loopback fstab entry for this disk image, and mount it
echo "$disk_image $storage_data_dir xfs loop,noatime,nodiratime,logbufs=8,comment=$key 0 0" | sudo tee -a /etc/fstab
sudo mkdir -p $storage_data_dir
sudo mount -v $storage_data_dir
}
# Unmount, de-configure, and destroy a backing disk
function destroy_disk {
local disk_image=$1
local storage_data_dir=$2
local key
key=$(echo $disk_image | sed 's#/.##')
key="devstack-$key"
# Unmount the target, if mounted
if egrep -q $storage_data_dir /proc/mounts; then
sudo umount $storage_data_dir
fi
# Clear any fstab rules
sudo sed -i '/.*comment=$key.*/ d' /etc/fstab
# Delete the file
sudo rm -f $disk_image
}
+269 -148
View File
@@ -49,7 +49,7 @@ KILL_PATH="$(which kill)"
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
KEYSTONE_SERVICE_URI \
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \
HOST_IPV6 SERVICE_IP_VERSION"
HOST_IPV6 SERVICE_IP_VERSION TUNNEL_ENDPOINT_IP TUNNEL_IP_VERSION"
# Saves significant environment variables to .stackenv for later use
@@ -85,7 +85,7 @@ function write_clouds_yaml {
if [ -f "$SSL_BUNDLE_FILE" ]; then
CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
fi
# demo -> devstack
# devstack: user with the member role on demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack \
@@ -96,18 +96,7 @@ function write_clouds_yaml {
--os-password $ADMIN_PASSWORD \
--os-project-name demo
# alt_demo -> devstack-alt
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username alt_demo \
--os-password $ADMIN_PASSWORD \
--os-project-name alt_demo
# admin -> devstack-admin
# devstack-admin: user with the admin role on the admin project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-admin \
@@ -118,7 +107,62 @@ function write_clouds_yaml {
--os-password $ADMIN_PASSWORD \
--os-project-name admin
# admin with a system-scoped token -> devstack-system
# devstack-admin-demo: user with the admin role on the demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-admin-demo \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username admin \
--os-password $ADMIN_PASSWORD \
--os-project-name demo
# devstack-alt: user with the member role on alt_demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username alt_demo \
--os-password $ADMIN_PASSWORD \
--os-project-name alt_demo
# devstack-alt-member: user with the member role on alt_demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt-member \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username alt_demo_member \
--os-password $ADMIN_PASSWORD \
--os-project-name alt_demo
# devstack-alt-reader: user with the reader role on alt_demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-alt-reader \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username alt_demo_reader \
--os-password $ADMIN_PASSWORD \
--os-project-name alt_demo
# devstack-reader: user with the reader role on demo project
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-reader \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username demo_reader \
--os-password $ADMIN_PASSWORD \
--os-project-name demo
# devstack-system-admin: user with the admin role on the system
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-system-admin \
@@ -129,6 +173,28 @@ function write_clouds_yaml {
--os-password $ADMIN_PASSWORD \
--os-system-scope all
# devstack-system-member: user with the member role on the system
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-system-member \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username system_member \
--os-password $ADMIN_PASSWORD \
--os-system-scope all
# devstack-system-reader: user with the reader role on the system
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-system-reader \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username system_reader \
--os-password $ADMIN_PASSWORD \
--os-system-scope all
cat >> $CLOUDS_YAML <<EOF
functional:
image_name: $DEFAULT_IMAGE_NAME
@@ -170,6 +236,27 @@ function trueorfalse {
$xtrace
}
# bool_to_int <True|False>
#
# Convert True|False to int 1 or 0
# This function can be used to convert the output of trueorfalse
# to an int follow c conventions where false is 0 and 1 it true.
function bool_to_int {
local xtrace
xtrace=$(set +o | grep xtrace)
set +o xtrace
if [ -z $1 ]; then
die $LINENO "Bool value required"
fi
if [[ $1 == "True" ]] ; then
echo '1'
else
echo '0'
fi
$xtrace
}
function isset {
[[ -v "$1" ]]
}
@@ -314,9 +401,9 @@ function warn {
# such as "install_package" further abstract things in better ways.
#
# ``os_VENDOR`` - vendor name: ``Ubuntu``, ``Fedora``, etc
# ``os_RELEASE`` - major release: ``16.04`` (Ubuntu), ``23`` (Fedora)
# ``os_RELEASE`` - major release: ``22.04`` (Ubuntu), ``23`` (Fedora)
# ``os_PACKAGE`` - package type: ``deb`` or ``rpm``
# ``os_CODENAME`` - vendor's codename for release: ``xenial``
# ``os_CODENAME`` - vendor's codename for release: ``jammy``
declare -g os_VENDOR os_RELEASE os_PACKAGE os_CODENAME
@@ -333,7 +420,7 @@ function _ensure_lsb_release {
elif [[ -x $(command -v zypper 2>/dev/null) ]]; then
sudo zypper -n install lsb-release
elif [[ -x $(command -v dnf 2>/dev/null) ]]; then
sudo dnf install -y redhat-lsb-core
sudo dnf install -y redhat-lsb-core || sudo dnf install -y openeuler-lsb
else
die $LINENO "Unable to find or auto-install lsb_release"
fi
@@ -346,14 +433,24 @@ function _ensure_lsb_release {
# - os_VENDOR
# - os_PACKAGE
function GetOSVersion {
# We only support distros that provide a sane lsb_release
_ensure_lsb_release
# CentOS Stream 9 and RHEL 9 do not provide lsb_release
source /etc/os-release
if [[ "${ID}${VERSION}" == "centos9" ]] || [[ "${ID}${VERSION}" =~ "rhel9" ]]; then
os_RELEASE=${VERSION_ID}
os_CODENAME="n/a"
os_VENDOR=$(echo $NAME | tr -d '[:space:]')
elif [[ "${ID}${VERSION}" =~ "rocky9" ]]; then
os_VENDOR="Rocky"
os_RELEASE=${VERSION_ID}
else
_ensure_lsb_release
os_RELEASE=$(lsb_release -r -s)
os_CODENAME=$(lsb_release -c -s)
os_VENDOR=$(lsb_release -i -s)
os_RELEASE=$(lsb_release -r -s)
os_CODENAME=$(lsb_release -c -s)
os_VENDOR=$(lsb_release -i -s)
fi
if [[ $os_VENDOR =~ (Debian|Ubuntu|LinuxMint) ]]; then
if [[ $os_VENDOR =~ (Debian|Ubuntu) ]]; then
os_PACKAGE="deb"
else
os_PACKAGE="rpm"
@@ -371,34 +468,25 @@ declare -g DISTRO
function GetDistro {
GetOSVersion
if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) || \
"$os_VENDOR" =~ (LinuxMint) ]]; then
# 'Everyone' refers to Ubuntu / Debian / Mint releases by
if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) ]]; then
# 'Everyone' refers to Ubuntu / Debian releases by
# the code name adjective
DISTRO=$os_CODENAME
elif [[ "$os_VENDOR" =~ (Fedora) ]]; then
# For Fedora, just use 'f' and the release
DISTRO="f$os_RELEASE"
elif is_opensuse; then
DISTRO="opensuse-$os_RELEASE"
# Tumbleweed uses "n/a" as a codename, and the release is a datestring
# like 20180218, so not very useful. Leap however uses a release
# with a "dot", so for example 15.0
[ "$os_CODENAME" = "n/a" -a "$os_RELEASE" = "${os_RELEASE/\./}" ] && \
DISTRO="opensuse-tumbleweed"
elif is_suse_linux_enterprise; then
# just use major release
DISTRO="sle${os_RELEASE%.*}"
elif [[ "$os_VENDOR" =~ (Red.*Hat) || \
"$os_VENDOR" =~ (CentOS) || \
"$os_VENDOR" =~ (AlmaLinux) || \
"$os_VENDOR" =~ (Scientific) || \
"$os_VENDOR" =~ (OracleServer) || \
"$os_VENDOR" =~ (Rocky) || \
"$os_VENDOR" =~ (Virtuozzo) ]]; then
# Drop the . release as we assume it's compatible
# XXX re-evaluate when we get RHEL10
DISTRO="rhel${os_RELEASE::1}"
elif [[ "$os_VENDOR" =~ (XenServer) ]]; then
DISTRO="xs${os_RELEASE%.*}"
elif [[ "$os_VENDOR" =~ (openEuler) ]]; then
DISTRO="openEuler-$os_RELEASE"
else
# We can't make a good choice here. Setting a sensible DISTRO
# is part of the problem, but not the major issue -- we really
@@ -442,7 +530,7 @@ function is_oraclelinux {
# Determine if current distribution is a Fedora-based distribution
# (Fedora, RHEL, CentOS, etc).
# (Fedora, RHEL, CentOS, Rocky, etc).
# is_fedora
function is_fedora {
if [[ -z "$os_VENDOR" ]]; then
@@ -450,41 +538,14 @@ function is_fedora {
fi
[ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || \
[ "$os_VENDOR" = "openEuler" ] || \
[ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \
[ "$os_VENDOR" = "RedHatEnterprise" ] || \
[ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "OracleServer" ] || \
[ "$os_VENDOR" = "Virtuozzo" ]
}
# Determine if current distribution is a SUSE-based distribution
# (openSUSE, SLE).
# is_suse
function is_suse {
is_opensuse || is_suse_linux_enterprise
}
# Determine if current distribution is an openSUSE distribution
# is_opensuse
function is_opensuse {
if [[ -z "$os_VENDOR" ]]; then
GetOSVersion
fi
[[ "$os_VENDOR" =~ (openSUSE) ]]
}
# Determine if current distribution is a SUSE Linux Enterprise (SLE)
# distribution
# is_suse_linux_enterprise
function is_suse_linux_enterprise {
if [[ -z "$os_VENDOR" ]]; then
GetOSVersion
fi
[[ "$os_VENDOR" =~ (^SUSE) ]]
[ "$os_VENDOR" = "RedHatEnterpriseLinux" ] || \
[ "$os_VENDOR" = "Rocky" ] || \
[ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "CentOSStream" ] || \
[ "$os_VENDOR" = "AlmaLinux" ] || \
[ "$os_VENDOR" = "OracleServer" ] || [ "$os_VENDOR" = "Virtuozzo" ]
}
@@ -498,7 +559,14 @@ function is_ubuntu {
[ "$os_PACKAGE" = "deb" ]
}
# Determine if current distribution is an openEuler distribution
# is_openeuler
function is_openeuler {
if [[ -z "$os_PACKAGE" ]]; then
GetOSVersion
fi
[ "$os_VENDOR" = "openEuler" ]
}
# Git Functions
# =============
@@ -549,7 +617,7 @@ function git_clone {
if [[ "$ERROR_ON_CLONE" = "True" ]]; then
echo "The $git_dest project was not found; if this is a gate job, add"
echo "the project to 'required-projects' in the job definition."
die $LINENO "Cloning not allowed in this configuration"
die $LINENO "ERROR_ON_CLONE is set to True so cloning not allowed in this configuration"
fi
git_timed clone $git_clone_flags $git_remote $git_dest
fi
@@ -561,10 +629,12 @@ function git_clone {
if [[ "$ERROR_ON_CLONE" = "True" ]]; then
echo "The $git_dest project was not found; if this is a gate job, add"
echo "the project to the \$PROJECTS variable in the job definition."
die $LINENO "Cloning not allowed in this configuration"
die $LINENO "ERROR_ON_CLONE is set to True so cloning not allowed in this configuration"
fi
# '--branch' can also take tags
git_timed clone $git_clone_flags $git_remote $git_dest --branch $git_ref
git_timed clone --no-checkout $git_clone_flags $git_remote $git_dest
cd $git_dest
git_timed fetch $git_clone_flags origin $git_ref
git_timed checkout FETCH_HEAD
elif [[ "$RECLONE" = "True" ]]; then
# if it does exist then simulate what clone does if asked to RECLONE
cd $git_dest
@@ -574,7 +644,7 @@ function git_clone {
# remove the existing ignored files (like pyc) as they cause breakage
# (due to the py files having older timestamps than our pyc, so python
# thinks the pyc files are correct using them)
find $git_dest -name '*.pyc' -delete
sudo find $git_dest -name '*.pyc' -delete
# handle git_ref accordingly to type (tag, branch)
if [[ -n "`git show-ref refs/tags/$git_ref`" ]]; then
@@ -590,6 +660,18 @@ function git_clone {
fi
fi
# NOTE(ianw) 2022-04-13 : commit [1] has broken many assumptions
# about how we clone and work with repos. Mark them safe globally
# as a work-around.
#
# NOTE(danms): On bionic (and likely others) git-config may write
# ~stackuser/.gitconfig if not run with sudo -H. Using --system
# writes these changes to /etc/gitconfig which is more
# discoverable anyway.
#
# [1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
sudo git config --system --add safe.directory ${git_dest}
# print out the results so we know what change was used in the logs
cd $git_dest
git show --oneline | head -1
@@ -689,7 +771,7 @@ function get_default_host_ip {
if [ -z "$host_ip" -o "$host_ip" == "dhcp" ]; then
host_ip=""
# Find the interface used for the default route
host_ip_iface=${host_ip_iface:-$(ip -f $af route | awk '/default/ {print $5}' | head -1)}
host_ip_iface=${host_ip_iface:-$(ip -f $af route list match default table all | grep via | awk '/default/ {print $5}' | head -1)}
local host_ips
host_ips=$(LC_ALL=C ip -f $af addr show ${host_ip_iface} | sed /temporary/d |awk /$af'/ {split($2,parts,"/"); print parts[1]}')
local ip
@@ -792,14 +874,9 @@ function policy_add {
# Usage: get_or_create_domain <name> <description>
function get_or_create_domain {
local domain_id
# Gets domain id
domain_id=$(
# Gets domain id
openstack domain show $1 \
-f value -c id 2>/dev/null ||
# Creates new domain
openstack domain create $1 \
--description "$2" \
openstack --os-cloud devstack-system-admin domain create $1 \
--description "$2" --or-show \
-f value -c id
)
echo $domain_id
@@ -813,7 +890,7 @@ function get_or_create_group {
# Gets group id
group_id=$(
# Creates new group with --or-show
openstack group create $1 \
openstack --os-cloud devstack-system-admin group create $1 \
--domain $2 --description "$desc" --or-show \
-f value -c id
)
@@ -832,7 +909,7 @@ function get_or_create_user {
# Gets user id
user_id=$(
# Creates new user with --or-show
openstack user create \
openstack --os-cloud devstack-system-admin user create \
$1 \
--password "$2" \
--domain=$3 \
@@ -849,7 +926,7 @@ function get_or_create_project {
local project_id
project_id=$(
# Creates new project with --or-show
openstack project create $1 \
openstack --os-cloud devstack-system-admin project create $1 \
--domain=$2 \
--or-show -f value -c id
)
@@ -862,7 +939,7 @@ function get_or_create_role {
local role_id
role_id=$(
# Creates role with --or-show
openstack role create $1 \
openstack --os-cloud devstack-system-admin role create $1 \
--or-show -f value -c id
)
echo $role_id
@@ -888,29 +965,22 @@ function _get_domain_args {
# Usage: get_or_add_user_project_role <role> <user> <project> [<user_domain> <project_domain>]
function get_or_add_user_project_role {
local user_role_id
local domain_args
domain_args=$(_get_domain_args $4 $5)
# Gets user role id
user_role_id=$(openstack role assignment list \
# Note this is idempotent so we are safe across multiple
# duplicate calls.
openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--project $3 \
$domain_args
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--project $3 \
$domain_args \
| grep '^|\s[a-f0-9]\+' | get_field 1)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
openstack role add $1 \
--user $2 \
--project $3 \
$domain_args
user_role_id=$(openstack role assignment list \
--role $1 \
--user $2 \
--project $3 \
$domain_args \
| grep '^|\s[a-f0-9]\+' | get_field 1)
fi
-c Role -f value)
echo $user_role_id
}
@@ -918,22 +988,48 @@ function get_or_add_user_project_role {
# Usage: get_or_add_user_domain_role <role> <user> <domain>
function get_or_add_user_domain_role {
local user_role_id
# Gets user role id
user_role_id=$(openstack role assignment list \
# Note this is idempotent so we are safe across multiple
# duplicate calls.
openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--domain $3
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--domain $3 \
| grep '^|\s[a-f0-9]\+' | get_field 1)
-c Role -f value)
echo $user_role_id
}
# Gets or adds user role to system
# Usage: get_or_add_user_system_role <role> <user> <system> [<user_domain>]
function get_or_add_user_system_role {
local user_role_id
local domain_args
domain_args=$(_get_domain_args $4)
# Gets user role id
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--system $3 \
$domain_args \
-f value -c Role)
if [[ -z "$user_role_id" ]]; then
# Adds role to user and get it
openstack role add $1 \
openstack --os-cloud devstack-system-admin role add $1 \
--user $2 \
--domain $3
user_role_id=$(openstack role assignment list \
--system $3 \
$domain_args
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--domain $3 \
| grep '^|\s[a-f0-9]\+' | get_field 1)
--system $3 \
$domain_args \
-f value -c Role)
fi
echo $user_role_id
}
@@ -942,23 +1038,18 @@ function get_or_add_user_domain_role {
# Usage: get_or_add_group_project_role <role> <group> <project>
function get_or_add_group_project_role {
local group_role_id
# Gets group role id
group_role_id=$(openstack role assignment list \
# Note this is idempotent so we are safe across multiple
# duplicate calls.
openstack role add $1 \
--group $2 \
--project $3
group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--group $2 \
--project $3 \
-f value)
if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it
openstack role add $1 \
--group $2 \
--project $3
group_role_id=$(openstack role assignment list \
--role $1 \
--group $2 \
--project $3 \
-f value)
fi
-f value -c Role)
echo $group_role_id
}
@@ -969,9 +1060,9 @@ function get_or_create_service {
# Gets service id
service_id=$(
# Gets service id
openstack service show $2 -f value -c id 2>/dev/null ||
openstack --os-cloud devstack-system-admin service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists
openstack service create \
openstack --os-cloud devstack-system-admin service create \
$2 \
--name $1 \
--description="$3" \
@@ -984,14 +1075,14 @@ function get_or_create_service {
# Usage: _get_or_create_endpoint_with_interface <service> <interface> <url> <region>
function _get_or_create_endpoint_with_interface {
local endpoint_id
endpoint_id=$(openstack endpoint list \
endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 \
--interface $2 \
--region $4 \
-c ID -f value)
if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint
endpoint_id=$(openstack endpoint create \
endpoint_id=$(openstack --os-cloud devstack-system-admin endpoint create \
$1 $2 $3 --region $4 -f value -c id)
fi
@@ -1025,7 +1116,7 @@ function get_or_create_endpoint {
# Get a URL from the identity service
# Usage: get_endpoint_url <service> <interface>
function get_endpoint_url {
echo $(openstack endpoint list \
echo $(openstack --os-cloud devstack-system-admin endpoint list \
--service $1 --interface $2 \
-c URL -f value)
}
@@ -1039,6 +1130,17 @@ function is_ironic_hardware {
return 1
}
function is_ironic_enforce_scope {
is_service_enabled ironic && [[ "$IRONIC_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == "True" ]] && return 0
return 1
}
function is_ironic_sharded {
# todo(JayF): Support >1 shard with multiple n-cpu instances for each
is_service_enabled ironic && [[ "$IRONIC_SHARDS" == "1" ]] && return 0
return 1
}
# Package Functions
# =================
@@ -1055,8 +1157,6 @@ function _get_package_dir {
pkg_dir=$base_dir/debs
elif is_fedora; then
pkg_dir=$base_dir/rpms
elif is_suse; then
pkg_dir=$base_dir/rpms-suse
else
exit_distro_not_supported "list of packages"
fi
@@ -1331,8 +1431,6 @@ function real_install_package {
apt_get install "$@"
elif is_fedora; then
yum_install "$@"
elif is_suse; then
zypper_install "$@"
else
exit_distro_not_supported "installing packages"
fi
@@ -1374,8 +1472,6 @@ function uninstall_package {
apt_get purge "$@"
elif is_fedora; then
sudo dnf remove -y "$@" ||:
elif is_suse; then
sudo zypper remove -y "$@" ||:
else
exit_distro_not_supported "uninstalling packages"
fi
@@ -1444,6 +1540,7 @@ function write_user_unit_file {
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local extra=""
if [[ -n "$group" ]]; then
extra="Group=$group"
@@ -1452,11 +1549,15 @@ function write_user_unit_file {
mkdir -p $SYSTEMD_DIR
iniset -sudo $unitfile "Unit" "Description" "Devstack $service"
iniset -sudo $unitfile "Service" "Environment" "\"PATH=$PATH\""
iniset -sudo $unitfile "Service" "User" "$user"
iniset -sudo $unitfile "Service" "ExecStart" "$command"
iniset -sudo $unitfile "Service" "KillMode" "process"
iniset -sudo $unitfile "Service" "TimeoutStopSec" "300"
iniset -sudo $unitfile "Service" "ExecReload" "$KILL_PATH -HUP \$MAINPID"
if [[ -n "$env_vars" ]] ; then
iniset -sudo $unitfile "Service" "Environment" "$env_vars"
fi
if [[ -n "$group" ]]; then
iniset -sudo $unitfile "Service" "Group" "$group"
fi
@@ -1471,10 +1572,12 @@ function write_uwsgi_user_unit_file {
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local unitfile="$SYSTEMD_DIR/$service"
mkdir -p $SYSTEMD_DIR
iniset -sudo $unitfile "Unit" "Description" "Devstack $service"
iniset -sudo $unitfile "Service" "Environment" "\"PATH=$PATH\""
iniset -sudo $unitfile "Service" "SyslogIdentifier" "$service"
iniset -sudo $unitfile "Service" "User" "$user"
iniset -sudo $unitfile "Service" "ExecStart" "$command"
@@ -1485,6 +1588,9 @@ function write_uwsgi_user_unit_file {
iniset -sudo $unitfile "Service" "NotifyAccess" "all"
iniset -sudo $unitfile "Service" "RestartForceExitStatus" "100"
if [[ -n "$env_vars" ]] ; then
iniset -sudo $unitfile "Service" "Environment" "$env_vars"
fi
if [[ -n "$group" ]]; then
iniset -sudo $unitfile "Service" "Group" "$group"
fi
@@ -1532,10 +1638,17 @@ function _run_under_systemd {
local systemd_service="devstack@$service.service"
local group=$3
local user=${4:-$STACK_USER}
if [[ -z "$user" ]]; then
user=$STACK_USER
fi
local env_vars="$5"
if [[ "$command" =~ "uwsgi" ]] ; then
write_uwsgi_user_unit_file $systemd_service "$cmd" "$group" "$user"
if [[ "$GLOBAL_VENV" == "True" ]] ; then
cmd="$cmd --venv $DEVSTACK_VENV"
fi
write_uwsgi_user_unit_file $systemd_service "$cmd" "$group" "$user" "$env_vars"
else
write_user_unit_file $systemd_service "$cmd" "$group" "$user"
write_user_unit_file $systemd_service "$cmd" "$group" "$user" "$env_vars"
fi
$SYSTEMCTL enable $systemd_service
@@ -1556,18 +1669,20 @@ function is_running {
# If the command includes shell metachatacters (;<>*) it must be run using a shell
# If an optional group is provided sg will be used to run the
# command as that group.
# run_process service "command-line" [group] [user]
# run_process service "command-line" [group] [user] [env_vars]
# env_vars must be a space separated list of variable assigments, ie: "A=1 B=2"
function run_process {
local service=$1
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local name=$service
time_start "run_process"
if is_service_enabled $service; then
_run_under_systemd "$name" "$command" "$group" "$user"
_run_under_systemd "$name" "$command" "$group" "$user" "$env_vars"
fi
time_stop "run_process"
}
@@ -1609,10 +1724,6 @@ function service_check {
}
function tail_log {
deprecated "With the removal of screen support, tail_log is deprecated and will be removed after Queens"
}
# Plugin Functions
# =================
@@ -2327,6 +2438,11 @@ function time_stop {
_TIME_TOTAL[$name]=$(($total + $elapsed_time))
}
function install_openstack_cli_server {
export PATH=$TOP_DIR/files/openstack-cli-server:$PATH
run_process openstack-cli-server "$PYTHON $TOP_DIR/files/openstack-cli-server/openstack-cli-server"
}
function oscwrap {
local xtrace
xtrace=$(set +o | grep xtrace)
@@ -2422,6 +2538,11 @@ function clean_pyc_files {
fi
}
function is_fips_enabled {
fips=`cat /proc/sys/crypto/fips_enabled`
[ "$fips" == "1" ]
}
# Restore xtrace
$_XTRACE_FUNCTIONS_COMMON
+256
View File
@@ -0,0 +1,256 @@
#!/bin/bash
#
# Symbolic asynchronous tasks for devstack
#
# Usage:
#
# async_runfunc my_shell_func foo bar baz
#
# ... do other stuff ...
#
# async_wait my_shell_func
#
DEVSTACK_PARALLEL=$(trueorfalse True DEVSTACK_PARALLEL)
_ASYNC_BG_TIME=0
# Keep track of how much total time was spent in background tasks
# Takes a job runtime in ms.
function _async_incr_bg_time {
local elapsed_ms="$1"
_ASYNC_BG_TIME=$(($_ASYNC_BG_TIME + $elapsed_ms))
}
# Get the PID of a named future to wait on
function async_pidof {
local name="$1"
local inifile="${DEST}/async/${name}.ini"
if [ -f "$inifile" ]; then
iniget $inifile job pid
else
echo 'UNKNOWN'
return 1
fi
}
# Log a message about a job. If the message contains "%command" then the
# full command line of the job will be substituted in the output
function async_log {
local name="$1"
shift
local message="$*"
local inifile=${DEST}/async/${name}.ini
local pid
local command
pid=$(iniget $inifile job pid)
command=$(iniget $inifile job command | tr '#' '-')
message=$(echo "$message" | sed "s#%command#$command#g")
echo "[$BASHPID Async ${name}:${pid}]: $message"
}
# Inner function that actually runs the requested task. We wrap it like this
# just so we can emit a finish message as soon as the work is done, to make
# it easier to find the tracking just before an error.
function async_inner {
local name="$1"
local rc
local fifo="${DEST}/async/${name}.fifo"
shift
set -o xtrace
if $* >${DEST}/async/${name}.log 2>&1; then
rc=0
set +o xtrace
async_log "$name" "finished successfully"
else
rc=$?
set +o xtrace
async_log "$name" "FAILED with rc $rc"
fi
iniset ${DEST}/async/${name}.ini job end_time $(date "+%s%3N")
# Block on the fifo until we are signaled to exit by the main process
cat $fifo
return $rc
}
# Run something async. Takes a symbolic name and a list of arguments of
# what to run. Ideally this would be rarely used and async_runfunc() would
# be used everywhere for readability.
#
# This spawns the work in a background worker, records a "future" to be
# collected by a later call to async_wait()
function async_run {
local xtrace
xtrace=$(set +o | grep xtrace)
set +o xtrace
local name="$1"
shift
local inifile=${DEST}/async/${name}.ini
local fifo=${DEST}/async/${name}.fifo
touch $inifile
iniset $inifile job command "$*"
iniset $inifile job start_time $(date +%s%3N)
if [[ "$DEVSTACK_PARALLEL" = "True" ]]; then
mkfifo $fifo
async_inner $name $* &
iniset $inifile job pid $!
async_log "$name" "running: %command"
$xtrace
else
iniset $inifile job pid "self"
async_log "$name" "Running synchronously: %command"
$xtrace
$*
return $?
fi
}
# Shortcut for running a shell function async. Uses the function name as the
# async name.
function async_runfunc {
async_run $1 $*
}
# Dump some information to help debug a failed wait
function async_wait_dump {
local failpid=$1
echo "=== Wait failure dump from $BASHPID ==="
echo "Processes:"
ps -f
echo "Waiting jobs:"
for name in $(ls ${DEST}/async/*.ini); do
echo "Job $name :"
cat "$name"
done
echo "Failed PID status:"
sudo cat /proc/$failpid/status
sudo cat /proc/$failpid/cmdline
echo "=== End wait failure dump ==="
}
# Wait for an async future to complete. May return immediately if already
# complete, or of the future has already been waited on (avoid this). May
# block until the future completes.
function async_wait {
local xtrace
xtrace=$(set +o | grep xtrace)
set +o xtrace
local pid rc running inifile runtime fifo
rc=0
for name in $*; do
running=$(ls ${DEST}/async/*.ini 2>/dev/null | wc -l)
inifile="${DEST}/async/${name}.ini"
fifo="${DEST}/async/${name}.fifo"
if pid=$(async_pidof "$name"); then
async_log "$name" "Waiting for completion of %command" \
"running on PID $pid ($running other jobs running)"
time_start async_wait
if [[ "$pid" != "self" ]]; then
# Signal the child to go ahead and exit since we are about to
# wait for it to collect its status.
async_log "$name" "Signaling child to exit"
echo WAKEUP > $fifo
async_log "$name" "Signaled"
# Do not actually call wait if we ran synchronously
if wait $pid; then
rc=0
else
rc=$?
fi
cat ${DEST}/async/${name}.log
rm -f $fifo
fi
time_stop async_wait
local start_time
local end_time
start_time=$(iniget $inifile job start_time)
end_time=$(iniget $inifile job end_time)
_async_incr_bg_time $(($end_time - $start_time))
runtime=$((($end_time - $start_time) / 1000))
async_log "$name" "finished %command with result" \
"$rc in $runtime seconds"
rm -f $inifile
if [ $rc -ne 0 ]; then
async_wait_dump $pid
echo Stopping async wait due to error: $*
break
fi
else
# This could probably be removed - it is really just here
# to help notice if you wait for something by the wrong
# name, but it also shows up for things we didn't start
# because they were not enabled.
echo Not waiting for async task $name that we never started or \
has already been waited for
fi
done
$xtrace
return $rc
}
# Check for uncollected futures and wait on them
function async_cleanup {
local name
if [[ "$DEVSTACK_PARALLEL" != "True" ]]; then
return 0
fi
for inifile in $(find ${DEST}/async -name '*.ini'); do
name=$(basename $pidfile .ini)
echo "WARNING: uncollected async future $name"
async_wait $name || true
done
}
# Make sure our async dir is created and clean
function async_init {
local async_dir=${DEST}/async
# Clean any residue if present from previous runs
rm -Rf $async_dir
# Make sure we have a state directory
mkdir -p $async_dir
}
function async_print_timing {
local bg_time_minus_wait
local elapsed_time
local serial_time
local speedup
if [[ "$DEVSTACK_PARALLEL" != "True" ]]; then
return 0
fi
# The logic here is: All the background task time would be
# serialized if we did not do them in the background. So we can
# add that to the elapsed time for the whole run. However, time we
# spend waiting for async things to finish adds to the elapsed
# time, but is time where we're not doing anything useful. Thus,
# we substract that from the would-be-serialized time.
bg_time_minus_wait=$((\
($_ASYNC_BG_TIME - ${_TIME_TOTAL[async_wait]}) / 1000))
elapsed_time=$(($(date "+%s") - $_TIME_BEGIN))
serial_time=$(($elapsed_time + $bg_time_minus_wait))
echo
echo "================="
echo " Async summary"
echo "================="
echo " Time spent in the background minus waits: $bg_time_minus_wait sec"
echo " Elapsed time: $elapsed_time sec"
echo " Time if we did everything serially: $serial_time sec"
echo " Speedup: " $(echo | awk "{print $serial_time / $elapsed_time}")
}
+3
View File
@@ -189,6 +189,9 @@ function iniset {
local option=$3
local value=$4
# Escape the ampersand character (&)
value=$(echo $value | sed -e 's/&/\\&/g')
if [[ -z $section || -z $option ]]; then
$xtrace
return
+45 -15
View File
@@ -7,7 +7,6 @@
# External functions used:
# - GetOSVersion
# - is_fedora
# - is_suse
# - safe_chown
# Save trace setting
@@ -33,6 +32,26 @@ function join_extras {
# Python Functions
# ================
# Setup the global devstack virtualenvs and the associated environment
# updates.
function setup_devstack_virtualenv {
# We run devstack out of a global virtualenv.
if [[ ! -d $DEVSTACK_VENV ]] ; then
# Using system site packages to enable nova to use libguestfs.
# This package is currently installed via the distro and not
# available on pypi.
python$PYTHON3_VERSION -m venv --system-site-packages $DEVSTACK_VENV
pip_install -U pip setuptools
#NOTE(rpittau): workaround for simplejson removal in osc
# https://review.opendev.org/c/openstack/python-openstackclient/+/920001
pip_install -U simplejson
fi
if [[ ":$PATH:" != *":$DEVSTACK_VENV/bin:"* ]] ; then
export PATH="$DEVSTACK_VENV/bin:$PATH"
export PYTHON="$DEVSTACK_VENV/bin/python3"
fi
}
# Get the path to the pip command.
# get_pip_command
function get_pip_command {
@@ -61,9 +80,11 @@ function get_python_exec_prefix {
fi
$xtrace
local PYTHON_PATH=/usr/local/bin
is_suse && PYTHON_PATH=/usr/bin
echo $PYTHON_PATH
if [[ "$GLOBAL_VENV" == "True" ]] ; then
echo "$DEVSTACK_VENV/bin"
else
echo "/usr/local/bin"
fi
}
# Wrapper for ``pip install`` that only installs versions of libraries
@@ -168,6 +189,14 @@ function pip_install {
if [[ -n ${PIP_VIRTUAL_ENV:=} && -d ${PIP_VIRTUAL_ENV} ]]; then
local cmd_pip=$PIP_VIRTUAL_ENV/bin/pip
local sudo_pip="env"
elif [[ "${GLOBAL_VENV}" == "True" && -d ${DEVSTACK_VENV} ]] ; then
# We have to check that the DEVSTACK_VENV exists because early
# devstack boostrapping needs to operate in a system context
# too bootstrap pip. Once pip is bootstrapped we create the
# global venv and can start to use it.
local cmd_pip=$DEVSTACK_VENV/bin/pip
local sudo_pip="env"
echo "Using python $PYTHON3_VERSION to install $package_dir"
else
local cmd_pip="python$PYTHON3_VERSION -m pip"
# See
@@ -186,15 +215,11 @@ function pip_install {
$xtrace
# adding SETUPTOOLS_SYS_PATH_TECHNIQUE is a workaround to keep
# the same behaviour of setuptools before version 25.0.0.
# related issue: https://github.com/pypa/pip/issues/3874
$sudo_pip \
http_proxy="${http_proxy:-}" \
https_proxy="${https_proxy:-}" \
no_proxy="${no_proxy:-}" \
PIP_FIND_LINKS=$PIP_FIND_LINKS \
SETUPTOOLS_SYS_PATH_TECHNIQUE=rewrite \
$cmd_pip $upgrade \
$@
result=$?
@@ -378,12 +403,16 @@ function _setup_package_with_constraints_edit {
project_dir=$(cd $project_dir && pwd)
if [ -n "$REQUIREMENTS_DIR" ]; then
# Constrain this package to this project directory from here on out.
# Remove this package from constraints before we install it.
# That way, later installs won't "downgrade" the install from
# source we are about to do.
local name
name=$(awk '/^name.*=/ {print $3}' $project_dir/setup.cfg)
if [ -z $name ]; then
name=$(awk '/^name =/ {gsub(/"/, "", $3); print $3}' $project_dir/pyproject.toml)
fi
$REQUIREMENTS_DIR/.venv/bin/edit-constraints \
$REQUIREMENTS_DIR/upper-constraints.txt -- $name \
"$flags file://$project_dir#egg=$name"
$REQUIREMENTS_DIR/upper-constraints.txt -- $name
fi
setup_package $bindep $project_dir "$flags" $extras
@@ -444,8 +473,11 @@ function setup_package {
pip_install $flags "$project_dir$extras"
# ensure that further actions can do things like setup.py sdist
if [[ "$flags" == "-e" ]]; then
safe_chown -R $STACK_USER $1/*.egg-info
if [[ "$flags" == "-e" && "$GLOBAL_VENV" == "False" ]]; then
# egg-info is not created when project have pyproject.toml
if [ -d $1/*.egg-info ]; then
safe_chown -R $STACK_USER $1/*.egg-info
fi
fi
}
@@ -465,8 +497,6 @@ function install_python {
function install_python3 {
if is_ubuntu; then
apt_get install python${PYTHON3_VERSION} python${PYTHON3_VERSION}-dev
elif is_suse; then
install_package python3-devel python3-dbm
elif is_fedora; then
if [ "$os_VENDOR" = "Fedora" ]; then
install_package python${PYTHON3_VERSION//.}
+5
View File
@@ -60,6 +60,11 @@ function configure_rootwrap {
sudo install -o root -g root -m 644 $rootwrap_conf_src_dir/rootwrap.conf /etc/${project}/rootwrap.conf
sudo sed -e "s:^filters_path=.*$:filters_path=/etc/${project}/rootwrap.d:" -i /etc/${project}/rootwrap.conf
# Rely on $PATH set by devstack to determine what is safe to execute
# by rootwrap rather than use explicit whitelist of paths in
# rootwrap.conf
sudo sed -e 's/^exec_dirs=.*/#&/' -i /etc/${project}/rootwrap.conf
# Set up the rootwrap sudoers
local tempfile
tempfile=$(mktemp)
+97 -84
View File
@@ -27,6 +27,11 @@ set +o xtrace
APACHE_USER=${APACHE_USER:-$STACK_USER}
APACHE_GROUP=${APACHE_GROUP:-$(id -gn $APACHE_USER)}
APACHE_LOCAL_HOST=$SERVICE_LOCAL_HOST
if [[ "$SERVICE_IP_VERSION" == 6 ]]; then
APACHE_LOCAL_HOST=[$APACHE_LOCAL_HOST]
fi
# Set up apache name and configuration directory
# Note that APACHE_CONF_DIR is really more accurately apache's vhost
@@ -39,10 +44,6 @@ elif is_fedora; then
APACHE_NAME=httpd
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/conf.d}
APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
elif is_suse; then
APACHE_NAME=apache2
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/vhosts.d}
APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
fi
APACHE_LOG_DIR="/var/log/${APACHE_NAME}"
@@ -60,11 +61,6 @@ function enable_apache_mod {
sudo a2enmod $mod
restart_apache_server
fi
elif is_suse; then
if ! a2enmod -q $mod ; then
sudo a2enmod $mod
restart_apache_server
fi
elif is_fedora; then
# pass
true
@@ -82,22 +78,15 @@ function install_apache_uwsgi {
apxs="apxs"
fi
# This varies based on packaged/installed. If we've
# pip_installed, then the pip setup will only build a "python"
# module that will be either python2 or python3 depending on what
# it was built with.
#
# For package installs, the distro ships both plugins and you need
# to select the right one ... it will not be autodetected.
UWSGI_PYTHON_PLUGIN=python3
if is_ubuntu; then
local pkg_list="uwsgi uwsgi-plugin-python3 libapache2-mod-proxy-uwsgi"
if [[ "$DISTRO" == 'bionic' ]]; then
pkg_list="${pkg_list} uwsgi-plugin-python"
fi
install_package ${pkg_list}
elif is_fedora; then
# NOTE(ianw) 2022-02-03 : Fedora 35 needs to skip this and fall
# into the install-from-source because the upstream packages
# didn't fix Python 3.10 compatibility before release. Should be
# fixed in uwsgi 4.9.0; can remove this when packages available
# or we drop this release
elif is_fedora && ! is_openeuler && ! [[ $DISTRO =~ f36 ]]; then
# Note httpd comes with mod_proxy_uwsgi and it is loaded by
# default; the mod_proxy_uwsgi package actually conflicts now.
# See:
@@ -106,10 +95,6 @@ function install_apache_uwsgi {
# Thus there is nothing else to do after this install
install_package uwsgi \
uwsgi-plugin-python3
elif [[ $os_VENDOR =~ openSUSE ]]; then
install_package uwsgi \
uwsgi-python3 \
apache2-mod_uwsgi
else
# Compile uwsgi from source.
local dir
@@ -125,10 +110,9 @@ function install_apache_uwsgi {
popd
# delete the temp directory
sudo rm -rf $dir
UWSGI_PYTHON_PLUGIN=python
fi
if is_ubuntu || is_suse ; then
if is_ubuntu; then
# we've got to enable proxy and proxy_uwsgi for this to work
sudo a2enmod proxy
sudo a2enmod proxy_uwsgi
@@ -153,13 +137,13 @@ function install_apache_wsgi {
elif is_fedora; then
sudo rm -f /etc/httpd/conf.d/000-*
install_package httpd python3-mod_wsgi
# rpm distros dont enable httpd by default so enable it to support reboots.
sudo systemctl enable httpd
# For consistency with Ubuntu, switch to the worker mpm, as
# the default is event
sudo sed -i '/mod_mpm_prefork.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf
sudo sed -i '/mod_mpm_event.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf
sudo sed -i '/mod_mpm_worker.so/s/^#//g' /etc/httpd/conf.modules.d/00-mpm.conf
elif is_suse; then
install_package apache2 apache2-mod_wsgi
else
exit_distro_not_supported "apache wsgi installation"
fi
@@ -174,7 +158,7 @@ function install_apache_wsgi {
# recognise it. a2ensite and a2dissite ignore the .conf suffix used as parameter. The default sites'
# files are 000-default.conf and default-ssl.conf.
#
# On Fedora and openSUSE, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.
# On Fedora, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.
#
# On RHEL and CentOS, things should hopefully work as in Fedora.
#
@@ -190,7 +174,7 @@ function apache_site_config_for {
if is_ubuntu; then
# Ubuntu 14.04 - Apache 2.4
echo $APACHE_CONF_DIR/${site}.conf
elif is_fedora || is_suse; then
elif is_fedora; then
# fedora conf.d is only imported if it ends with .conf so this is approx the same
local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
if [ -f $enabled_site_file ]; then
@@ -208,7 +192,7 @@ function enable_apache_site {
enable_apache_mod version
if is_ubuntu; then
sudo a2ensite ${site}
elif is_fedora || is_suse; then
elif is_fedora; then
local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
# Do nothing if site already enabled or no site config exists
if [[ -f ${enabled_site_file}.disabled ]] && [[ ! -f ${enabled_site_file} ]]; then
@@ -222,7 +206,7 @@ function disable_apache_site {
local site=$@
if is_ubuntu; then
sudo a2dissite ${site} || true
elif is_fedora || is_suse; then
elif is_fedora; then
local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
# Do nothing if no site config exists
if [[ -f ${enabled_site_file} ]]; then
@@ -253,13 +237,17 @@ function restart_apache_server {
restart_service $APACHE_NAME
}
# write_uwsgi_config() - Create a new uWSGI config file
function write_uwsgi_config {
local file=$1
local conf=$1
local wsgi=$2
local url=$3
local http=$4
local name=""
name=$(basename $wsgi)
local name=$5
if [ -z "$name" ]; then
name=$(basename $wsgi)
fi
# create a home for the sockets; note don't use /tmp -- apache has
# a private view of it on some platforms.
@@ -274,39 +262,47 @@ function write_uwsgi_config {
local socket="$socket_dir/${name}.socket"
# always cleanup given that we are using iniset here
rm -rf $file
iniset "$file" uwsgi wsgi-file "$wsgi"
iniset "$file" uwsgi processes $API_WORKERS
rm -rf $conf
# Set either the module path or wsgi script path depending on what we've
# been given. Note that the regex isn't exhaustive - neither Python modules
# nor Python variables can start with a number - but it's "good enough"
if [[ "$wsgi" =~ ^[a-zA-Z0-9_.]+:[a-zA-Z0-9_]+$ ]]; then
iniset "$conf" uwsgi module "$wsgi"
else
deprecated 'Configuring uWSGI with a WSGI file is deprecated, use module paths instead'
iniset "$conf" uwsgi wsgi-file "$wsgi"
fi
iniset "$conf" uwsgi processes $API_WORKERS
# This is running standalone
iniset "$file" uwsgi master true
iniset "$conf" uwsgi master true
# Set die-on-term & exit-on-reload so that uwsgi shuts down
iniset "$file" uwsgi die-on-term true
iniset "$file" uwsgi exit-on-reload false
iniset "$conf" uwsgi die-on-term true
iniset "$conf" uwsgi exit-on-reload false
# Set worker-reload-mercy so that worker will not exit till the time
# configured after graceful shutdown
iniset "$file" uwsgi worker-reload-mercy $WORKER_TIMEOUT
iniset "$file" uwsgi enable-threads true
iniset "$file" uwsgi plugins http,${UWSGI_PYTHON_PLUGIN}
iniset "$conf" uwsgi worker-reload-mercy $WORKER_TIMEOUT
iniset "$conf" uwsgi enable-threads true
iniset "$conf" uwsgi plugins http,python3
# uwsgi recommends this to prevent thundering herd on accept.
iniset "$file" uwsgi thunder-lock true
iniset "$conf" uwsgi thunder-lock true
# Set hook to trigger graceful shutdown on SIGTERM
iniset "$file" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"
iniset "$conf" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"
# Override the default size for headers from the 4k default.
iniset "$file" uwsgi buffer-size 65535
iniset "$conf" uwsgi buffer-size 65535
# Make sure the client doesn't try to re-use the connection.
iniset "$file" uwsgi add-header "Connection: close"
iniset "$conf" uwsgi add-header "Connection: close"
# This ensures that file descriptors aren't shared between processes.
iniset "$file" uwsgi lazy-apps true
iniset "$conf" uwsgi lazy-apps true
# If we said bind directly to http, then do that and don't start the apache proxy
if [[ -n "$http" ]]; then
iniset "$file" uwsgi http $http
iniset "$conf" uwsgi http $http
else
local apache_conf=""
apache_conf=$(apache_site_config_for $name)
iniset "$file" uwsgi socket "$socket"
iniset "$file" uwsgi chmod-socket 666
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf
iniset "$conf" uwsgi socket "$socket"
iniset "$conf" uwsgi chmod-socket 666
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}\" retry=0 acquire=1 " | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
fi
@@ -319,47 +315,58 @@ function write_uwsgi_config {
# but that involves having apache buffer the request before sending it to
# uwsgi.
function write_local_uwsgi_http_config {
local file=$1
local conf=$1
local wsgi=$2
local url=$3
name=$(basename $wsgi)
local name=$4
if [ -z "$name" ]; then
name=$(basename $wsgi)
fi
# create a home for the sockets; note don't use /tmp -- apache has
# a private view of it on some platforms.
# always cleanup given that we are using iniset here
rm -rf $file
iniset "$file" uwsgi wsgi-file "$wsgi"
rm -rf $conf
# Set either the module path or wsgi script path depending on what we've
# been given
if [[ "$wsgi" =~ ^[a-zA-Z0-9_.]+:[a-zA-Z0-9_]+$ ]]; then
iniset "$conf" uwsgi module "$wsgi"
else
deprecated 'Configuring uWSGI with a WSGI file is deprecated, use module paths instead'
iniset "$conf" uwsgi wsgi-file "$wsgi"
fi
port=$(get_random_port)
iniset "$file" uwsgi http-socket "127.0.0.1:$port"
iniset "$file" uwsgi processes $API_WORKERS
iniset "$conf" uwsgi http-socket "$APACHE_LOCAL_HOST:$port"
iniset "$conf" uwsgi processes $API_WORKERS
# This is running standalone
iniset "$file" uwsgi master true
iniset "$conf" uwsgi master true
# Set die-on-term & exit-on-reload so that uwsgi shuts down
iniset "$file" uwsgi die-on-term true
iniset "$file" uwsgi exit-on-reload false
iniset "$file" uwsgi enable-threads true
iniset "$file" uwsgi plugins http,${UWSGI_PYTHON_PLUGIN}
# uwsgi recommends this to prevent thundering herd on accept.
iniset "$file" uwsgi thunder-lock true
# Set hook to trigger graceful shutdown on SIGTERM
iniset "$file" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"
iniset "$conf" uwsgi die-on-term true
iniset "$conf" uwsgi exit-on-reload false
# Set worker-reload-mercy so that worker will not exit till the time
# configured after graceful shutdown
iniset "$file" uwsgi worker-reload-mercy $WORKER_TIMEOUT
iniset "$conf" uwsgi worker-reload-mercy $WORKER_TIMEOUT
iniset "$conf" uwsgi enable-threads true
iniset "$conf" uwsgi plugins http,python3
# uwsgi recommends this to prevent thundering herd on accept.
iniset "$conf" uwsgi thunder-lock true
# Set hook to trigger graceful shutdown on SIGTERM
iniset "$conf" uwsgi hook-master-start "unix_signal:15 gracefully_kill_them_all"
# Override the default size for headers from the 4k default.
iniset "$file" uwsgi buffer-size 65535
iniset "$conf" uwsgi buffer-size 65535
# Make sure the client doesn't try to re-use the connection.
iniset "$file" uwsgi add-header "Connection: close"
iniset "$conf" uwsgi add-header "Connection: close"
# This ensures that file descriptors aren't shared between processes.
iniset "$file" uwsgi lazy-apps true
iniset "$file" uwsgi chmod-socket 666
iniset "$file" uwsgi http-raw-body true
iniset "$file" uwsgi http-chunked-input true
iniset "$file" uwsgi http-auto-chunked true
iniset "$file" uwsgi http-keepalive false
iniset "$conf" uwsgi lazy-apps true
iniset "$conf" uwsgi chmod-socket 666
iniset "$conf" uwsgi http-raw-body true
iniset "$conf" uwsgi http-chunked-input true
iniset "$conf" uwsgi http-auto-chunked true
iniset "$conf" uwsgi http-keepalive false
# Increase socket timeout for slow chunked uploads
iniset "$file" uwsgi socket-timeout 30
iniset "$conf" uwsgi socket-timeout 30
enable_apache_mod proxy
enable_apache_mod proxy_http
@@ -367,7 +374,7 @@ function write_local_uwsgi_http_config {
apache_conf=$(apache_site_config_for $name)
echo "KeepAlive Off" | sudo tee $apache_conf
echo "SetEnv proxy-sendchunked 1" | sudo tee -a $apache_conf
echo "ProxyPass \"${url}\" \"http://127.0.0.1:$port\" retry=0 " | sudo tee -a $apache_conf
echo "ProxyPass \"${url}\" \"http://$APACHE_LOCAL_HOST:$port\" retry=0 acquire=1 " | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
}
@@ -386,18 +393,24 @@ function write_local_proxy_http_config {
echo "KeepAlive Off" | sudo tee $apache_conf
echo "SetEnv proxy-sendchunked 1" | sudo tee -a $apache_conf
echo "ProxyPass \"${loc}\" \"$url\" retry=0 " | sudo tee -a $apache_conf
echo "ProxyPass \"${loc}\" \"$url\" retry=0 acquire=1 " | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
}
function remove_uwsgi_config {
local file=$1
local conf=$1
local wsgi=$2
local name=""
# TODO(stephenfin): Remove this call when everyone is using module path
# configuration instead of file path configuration
name=$(basename $wsgi)
rm -rf $file
if [[ "$wsgi" = /* ]]; then
deprecated "Passing a wsgi script to remove_uwsgi_config is deprecated, pass an application name instead"
fi
rm -rf $conf
disable_apache_site $name
}
+284 -93
View File
@@ -31,6 +31,7 @@ set +o xtrace
CINDER_DRIVER=${CINDER_DRIVER:-default}
CINDER_PLUGINS=$TOP_DIR/lib/cinder_plugins
CINDER_BACKENDS=$TOP_DIR/lib/cinder_backends
CINDER_BACKUPS=$TOP_DIR/lib/cinder_backups
# grab plugin config if specified via cinder_driver
if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
@@ -42,6 +43,13 @@ GITDIR["python-cinderclient"]=$DEST/python-cinderclient
GITDIR["python-brick-cinderclient-ext"]=$DEST/python-brick-cinderclient-ext
CINDER_DIR=$DEST/cinder
if [[ $SERVICE_IP_VERSION == 6 ]]; then
CINDER_MY_IP="$HOST_IPV6"
else
CINDER_MY_IP="$HOST_IP"
fi
# Cinder virtual environment
if [[ ${USE_VENV} = True ]]; then
PROJECT_VENV["cinder"]=${CINDER_DIR}.venv
@@ -68,6 +76,11 @@ CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)}
# We do not need to report service status every 10s for devstack-like
# deployments. In the gate this generates extra work for the services and the
# database which are already taxed.
CINDER_SERVICE_REPORT_INTERVAL=${CINDER_SERVICE_REPORT_INTERVAL:-120}
# What type of LVM device should Cinder use for LVM backend
# Defaults to auto, which will do thin provisioning if it's a fresh
# volume group, otherwise it will do thick. The other valid choices are
@@ -75,6 +88,10 @@ CINDER_SERVICE_LISTEN_ADDRESS=${CINDER_SERVICE_LISTEN_ADDRESS:-$(ipv6_unquote $S
# thin provisioning.
CINDER_LVM_TYPE=${CINDER_LVM_TYPE:-auto}
# ``CINDER_USE_SERVICE_TOKEN`` is a mode where service token is passed along with
# user token while communicating to external REST APIs like Glance.
CINDER_USE_SERVICE_TOKEN=$(trueorfalse True CINDER_USE_SERVICE_TOKEN)
# Default backends
# The backend format is type:name where type is one of the supported backend
# types (lvm, nfs, etc) and name is the identifier used in the Cinder
@@ -87,16 +104,61 @@ CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1}
CINDER_VOLUME_CLEAR=${CINDER_VOLUME_CLEAR:-${CINDER_VOLUME_CLEAR_DEFAULT:-zero}}
CINDER_VOLUME_CLEAR=$(echo ${CINDER_VOLUME_CLEAR} | tr '[:upper:]' '[:lower:]')
# Centos7 and OpenSUSE switched to using LIO and that's all that's supported,
# although the tgt bits are in EPEL and OpenSUSE we don't want that for CI
if is_fedora || is_suse; then
CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-lioadm}
if [[ ${CINDER_ISCSI_HELPER} != "lioadm" ]]; then
die "lioadm is the only valid Cinder target_helper config on this platform"
VOLUME_TYPE_MULTIATTACH=${VOLUME_TYPE_MULTIATTACH:-multiattach}
if [[ -n "$CINDER_ISCSI_HELPER" ]]; then
if [[ -z "$CINDER_TARGET_HELPER" ]]; then
deprecated 'Using CINDER_ISCSI_HELPER is deprecated, use CINDER_TARGET_HELPER instead'
CINDER_TARGET_HELPER="$CINDER_ISCSI_HELPER"
else
deprecated 'Deprecated CINDER_ISCSI_HELPER is set, but is being overwritten by CINDER_TARGET_HELPER'
fi
else
CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-tgtadm}
fi
CINDER_TARGET_HELPER=${CINDER_TARGET_HELPER:-lioadm}
if [[ $CINDER_TARGET_HELPER == 'nvmet' ]]; then
CINDER_TARGET_PROTOCOL=${CINDER_TARGET_PROTOCOL:-'nvmet_rdma'}
CINDER_TARGET_PREFIX=${CINDER_TARGET_PREFIX:-'nvme-subsystem-1'}
CINDER_TARGET_PORT=${CINDER_TARGET_PORT:-4420}
else
CINDER_TARGET_PROTOCOL=${CINDER_TARGET_PROTOCOL:-'iscsi'}
CINDER_TARGET_PREFIX=${CINDER_TARGET_PREFIX:-'iqn.2010-10.org.openstack:'}
CINDER_TARGET_PORT=${CINDER_TARGET_PORT:-3260}
fi
# EL should only use lioadm
if is_fedora; then
if [[ ${CINDER_TARGET_HELPER} != "lioadm" && ${CINDER_TARGET_HELPER} != 'nvmet' ]]; then
die "lioadm and nvmet are the only valid Cinder target_helper config on this platform"
fi
fi
# When Cinder is used as a backend for Glance, it can be configured to clone
# the volume containing image data directly in the backend instead of
# transferring data from volume to volume. Value is a comma separated list of
# schemes (currently only 'file' and 'cinder' are supported). The default
# configuration in Cinder is empty (that is, do not use this feature). NOTE:
# to use this feature you must also enable GLANCE_SHOW_DIRECT_URL and/or
# GLANCE_SHOW_MULTIPLE_LOCATIONS for glance-api.conf.
CINDER_ALLOWED_DIRECT_URL_SCHEMES=${CINDER_ALLOWED_DIRECT_URL_SCHEMES:-}
if [[ -n "$CINDER_ALLOWED_DIRECT_URL_SCHEMES" ]]; then
if [[ "${GLANCE_SHOW_DIRECT_URL:-False}" != "True" \
&& "${GLANCE_SHOW_MULTIPLE_LOCATIONS:-False}" != "True" ]]; then
warn $LINENO "CINDER_ALLOWED_DIRECT_URL_SCHEMES is set, but neither \
GLANCE_SHOW_DIRECT_URL nor GLANCE_SHOW_MULTIPLE_LOCATIONS is True"
fi
fi
# For backward compatibility
# Before CINDER_BACKUP_DRIVER was introduced, ceph backup driver was configured
# along with ceph backend driver.
if [[ -z "${CINDER_BACKUP_DRIVER}" && "$CINDER_ENABLED_BACKENDS" =~ "ceph" ]]; then
CINDER_BACKUP_DRIVER=ceph
fi
# Supported backup drivers are in lib/cinder_backups
CINDER_BACKUP_DRIVER=${CINDER_BACKUP_DRIVER:-swift}
# Toggle for deploying Cinder under a wsgi server. Legacy mod_wsgi
# reference should be cleaned up to more accurately refer to uwsgi.
@@ -113,9 +175,24 @@ if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
done
fi
# Source the backup driver
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if [[ -r $CINDER_BACKUPS/$CINDER_BACKUP_DRIVER ]]; then
source $CINDER_BACKUPS/$CINDER_BACKUP_DRIVER
else
die "cinder backup driver $CINDER_BACKUP_DRIVER is not supported"
fi
fi
# Environment variables to configure the image-volume cache
CINDER_IMG_CACHE_ENABLED=${CINDER_IMG_CACHE_ENABLED:-True}
# Environment variables to configure the optimized volume upload
CINDER_UPLOAD_OPTIMIZED=${CINDER_UPLOAD_OPTIMIZED:-False}
# Environment variables to configure the internal tenant during optimized volume upload
CINDER_UPLOAD_INTERNAL_TENANT=${CINDER_UPLOAD_INTERNAL_TENANT:-False}
# For limits, if left unset, it will use cinder defaults of 0 for unlimited
CINDER_IMG_CACHE_SIZE_GB=${CINDER_IMG_CACHE_SIZE_GB:-}
CINDER_IMG_CACHE_SIZE_COUNT=${CINDER_IMG_CACHE_SIZE_COUNT:-}
@@ -125,6 +202,17 @@ CINDER_IMG_CACHE_SIZE_COUNT=${CINDER_IMG_CACHE_SIZE_COUNT:-}
# enable the cache for all cinder backends.
CINDER_CACHE_ENABLED_FOR_BACKENDS=${CINDER_CACHE_ENABLED_FOR_BACKENDS:-$CINDER_ENABLED_BACKENDS}
# Configure which cinder backends will have optimized volume upload, this takes the same
# form as the CINDER_ENABLED_BACKENDS config option. By default it will
# enable the cache for all cinder backends.
CINDER_UPLOAD_OPTIMIZED_BACKENDS=${CINDER_UPLOAD_OPTIMIZED_BACKENDS:-$CINDER_ENABLED_BACKENDS}
# Flag to set the oslo_policy.enforce_scope. This is used to switch
# the Volume API policies to start checking the scope of token. by default,
# this flag is False.
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
CINDER_ENFORCE_SCOPE=$(trueorfalse False CINDER_ENFORCE_SCOPE)
# Functions
# ---------
@@ -146,7 +234,7 @@ function _cinder_cleanup_apache_wsgi {
function cleanup_cinder {
# ensure the volume group is cleared up because fails might
# leave dead volumes in the group
if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
if [ "$CINDER_TARGET_HELPER" = "tgtadm" ]; then
local targets
targets=$(sudo tgtadm --op show --mode target)
if [ $? -ne 0 ]; then
@@ -174,8 +262,14 @@ function cleanup_cinder {
else
stop_service tgtd
fi
else
elif [ "$CINDER_TARGET_HELPER" = "lioadm" ]; then
sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
elif [ "$CINDER_TARGET_HELPER" = "nvmet" ]; then
# If we don't disconnect everything vgremove will block
sudo nvme disconnect-all
sudo nvmetcli clear
else
die $LINENO "Unknown value \"$CINDER_TARGET_HELPER\" for CINDER_TARGET_HELPER"
fi
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
@@ -189,8 +283,14 @@ function cleanup_cinder {
done
fi
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if type cleanup_cinder_backup_$CINDER_BACKUP_DRIVER >/dev/null 2>&1; then
cleanup_cinder_backup_$CINDER_BACKUP_DRIVER
fi
fi
stop_process "c-api"
remove_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI"
remove_uwsgi_config "$CINDER_UWSGI_CONF" "cinder-wsgi"
}
# configure_cinder() - Set config files, create data dirs, etc
@@ -220,7 +320,7 @@ function configure_cinder {
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $CINDER_CONF DEFAULT target_helper "$CINDER_ISCSI_HELPER"
iniset $CINDER_CONF DEFAULT target_helper "$CINDER_TARGET_HELPER"
iniset $CINDER_CONF database connection `database_connection_url cinder`
iniset $CINDER_CONF DEFAULT api_paste_config $CINDER_API_PASTE_INI
iniset $CINDER_CONF DEFAULT rootwrap_config "$CINDER_CONF_DIR/rootwrap.conf"
@@ -228,13 +328,25 @@ function configure_cinder {
iniset $CINDER_CONF DEFAULT osapi_volume_listen $CINDER_SERVICE_LISTEN_ADDRESS
iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH
iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH
if [[ $SERVICE_IP_VERSION == 6 ]]; then
iniset $CINDER_CONF DEFAULT my_ip "$HOST_IPV6"
else
iniset $CINDER_CONF DEFAULT my_ip "$HOST_IP"
fi
iniset $CINDER_CONF DEFAULT my_ip "$CINDER_MY_IP"
iniset $CINDER_CONF key_manager backend cinder.keymgr.conf_key_mgr.ConfKeyManager
iniset $CINDER_CONF key_manager fixed_key $(openssl rand -hex 16)
if [[ -n "$CINDER_ALLOWED_DIRECT_URL_SCHEMES" ]]; then
iniset $CINDER_CONF DEFAULT allowed_direct_url_schemes $CINDER_ALLOWED_DIRECT_URL_SCHEMES
fi
# set default quotas
iniset $CINDER_CONF DEFAULT quota_volumes ${CINDER_QUOTA_VOLUMES:-10}
iniset $CINDER_CONF DEFAULT quota_backups ${CINDER_QUOTA_BACKUPS:-10}
iniset $CINDER_CONF DEFAULT quota_snapshots ${CINDER_QUOTA_SNAPSHOTS:-10}
# Avoid RPC timeouts in slow CI and test environments by doubling the
# default response timeout set by RPC clients. See bug #1873234 for more
# details and example failures.
iniset $CINDER_CONF DEFAULT rpc_response_timeout 120
iniset $CINDER_CONF DEFAULT report_interval $CINDER_SERVICE_REPORT_INTERVAL
iniset $CINDER_CONF DEFAULT service_down_time $(($CINDER_SERVICE_REPORT_INTERVAL * 6))
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
local enabled_backends=""
@@ -250,24 +362,28 @@ function configure_cinder {
default_name=$be_name
fi
enabled_backends+=$be_name,
iniset $CINDER_CONF $be_name volume_clear $CINDER_VOLUME_CLEAR
done
iniset $CINDER_CONF DEFAULT enabled_backends ${enabled_backends%,*}
if [[ -n "$default_name" ]]; then
iniset $CINDER_CONF DEFAULT default_volume_type ${default_name}
fi
configure_cinder_image_volume_cache
# The upload optimization uses Cinder's clone volume functionality to
# clone the Image-Volume from source volume hence can only be
# performed when glance is using cinder as it's backend.
if [[ "$USE_CINDER_FOR_GLANCE" == "True" ]]; then
# Configure optimized volume upload
configure_cinder_volume_upload
fi
fi
if is_service_enabled c-bak; then
# NOTE(mriedem): The default backup driver uses swift and if we're
# on a subnode we might not know if swift is enabled, but chances are
# good that it is on the controller so configure the backup service
# to use it. If we want to configure the backup service to use
# a non-swift driver, we'll likely need environment variables.
iniset $CINDER_CONF DEFAULT backup_swift_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_"
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if type configure_cinder_backup_$CINDER_BACKUP_DRIVER >/dev/null 2>&1; then
configure_cinder_backup_$CINDER_BACKUP_DRIVER
else
die "configure_cinder_backup_$CINDER_BACKUP_DRIVER doesn't exist in $CINDER_BACKUPS/$CINDER_BACKUP_DRIVER"
fi
fi
if is_service_enabled ceilometer; then
@@ -297,7 +413,9 @@ function configure_cinder {
# Format logging
setup_logging $CINDER_CONF $CINDER_USE_MOD_WSGI
write_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI" "/volume"
if is_service_enabled c-api; then
write_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI" "/volume"
fi
if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
configure_cinder_driver
@@ -319,61 +437,58 @@ function configure_cinder {
if [[ ! -z "$CINDER_COORDINATION_URL" ]]; then
iniset $CINDER_CONF coordination backend_url "$CINDER_COORDINATION_URL"
elif is_service_enabled etcd3; then
iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT"
# NOTE(jan.gutter): api_version can revert to default once tooz is
# updated with the etcd v3.4 defaults
iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT?api_version=v3"
fi
if [[ "$CINDER_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $CINDER_CONF oslo_policy enforce_scope true
iniset $CINDER_CONF oslo_policy enforce_new_defaults true
else
iniset $CINDER_CONF oslo_policy enforce_scope false
iniset $CINDER_CONF oslo_policy enforce_new_defaults false
fi
if [ "$CINDER_USE_SERVICE_TOKEN" == "True" ]; then
init_cinder_service_user_conf
fi
}
# create_cinder_accounts() - Set up common required cinder accounts
# Tenant User Roles
# Project User Roles
# ------------------------------------------------------------------
# service cinder admin # if enabled
# SERVICE_PROJECT_NAME cinder service
# SERVICE_PROJECT_NAME cinder creator (if Barbican is enabled)
# Migrated from keystone_data.sh
function create_cinder_accounts {
# Cinder
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
create_service_user "cinder"
local extra_role=""
# cinder needs the "creator" role in order to interact with barbican
if is_service_enabled barbican; then
extra_role=$(get_or_create_role "creator")
fi
create_service_user "cinder" $extra_role
local cinder_api_url
if [[ "$CINDER_USE_MOD_WSGI" == "False" ]]; then
cinder_api_url="$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT"
else
cinder_api_url="$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume"
fi
# block-storage is the official service type
get_or_create_service "cinder" "block-storage" "Cinder Volume Service"
if [ "$CINDER_USE_MOD_WSGI" == "False" ]; then
get_or_create_endpoint \
"block-storage" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/\$(project_id)s"
get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
get_or_create_endpoint \
"volumev2" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(project_id)s"
get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
get_or_create_endpoint \
"volumev3" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/\$(project_id)s"
else
get_or_create_endpoint \
"block-storage" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v3/\$(project_id)s"
get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
get_or_create_endpoint \
"volumev2" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v2/\$(project_id)s"
get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
get_or_create_endpoint \
"volumev3" \
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v3/\$(project_id)s"
fi
get_or_create_endpoint \
"block-storage" \
"$REGION_NAME" \
"$cinder_api_url/v3"
configure_cinder_internal_tenant
fi
}
@@ -396,15 +511,17 @@ function init_cinder {
be_type=${be%%:*}
be_name=${be##*:}
if type init_cinder_backend_${be_type} >/dev/null 2>&1; then
# Always init the default volume group for lvm.
if [[ "$be_type" == "lvm" ]]; then
init_default_lvm_volume_group
fi
init_cinder_backend_${be_type} ${be_name}
fi
done
fi
if is_service_enabled c-bak && [[ -n "$CINDER_BACKUP_DRIVER" ]]; then
if type init_cinder_backup_$CINDER_BACKUP_DRIVER >/dev/null 2>&1; then
init_cinder_backup_$CINDER_BACKUP_DRIVER
fi
fi
mkdir -p $CINDER_STATE_PATH/volumes
}
@@ -412,9 +529,9 @@ function init_cinder {
function install_cinder {
git_clone $CINDER_REPO $CINDER_DIR $CINDER_BRANCH
setup_develop $CINDER_DIR
if [[ "$CINDER_ISCSI_HELPER" == "tgtadm" ]]; then
if [[ "$CINDER_TARGET_HELPER" == "tgtadm" ]]; then
install_package tgt
elif [[ "$CINDER_ISCSI_HELPER" == "lioadm" ]]; then
elif [[ "$CINDER_TARGET_HELPER" == "lioadm" ]]; then
if is_ubuntu; then
# TODO(frickler): Workaround for https://launchpad.net/bugs/1819819
sudo mkdir -p /etc/target
@@ -423,6 +540,43 @@ function install_cinder {
else
install_package targetcli
fi
elif [[ "$CINDER_TARGET_HELPER" == "nvmet" ]]; then
install_package nvme-cli
# TODO: Remove manual installation of the dependency when the
# requirement is added to nvmetcli:
# http://lists.infradead.org/pipermail/linux-nvme/2022-July/033576.html
if is_ubuntu; then
install_package python3-configshell-fb
else
install_package python3-configshell
fi
# Install from source because Ubuntu doesn't have the package and some packaged versions didn't work on Python 3
pip_install git+git://git.infradead.org/users/hch/nvmetcli.git
sudo modprobe nvmet
sudo modprobe nvme-fabrics
if [[ $CINDER_TARGET_PROTOCOL == 'nvmet_rdma' ]]; then
install_package rdma-core
sudo modprobe nvme-rdma
# Create the Soft-RoCE device over the networking interface
local iface=${HOST_IP_IFACE:-`ip -br -$SERVICE_IP_VERSION a | grep $CINDER_MY_IP | awk '{print $1}'`}
if [[ -z "$iface" ]]; then
die $LINENO "Cannot find interface to bind Soft-RoCE"
fi
if ! sudo rdma link | grep $iface ; then
sudo rdma link add rxe_$iface type rxe netdev $iface
fi
elif [[ $CINDER_TARGET_PROTOCOL == 'nvmet_tcp' ]]; then
sudo modprobe nvme-tcp
else # 'nvmet_fc'
sudo modprobe nvme-fc
fi
fi
}
@@ -459,18 +613,13 @@ function start_cinder {
service_port=$CINDER_SERVICE_PORT_INT
service_protocol="http"
fi
if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
if [ "$CINDER_TARGET_HELPER" = "tgtadm" ]; then
if is_service_enabled c-vol; then
# Delete any old stack.conf
sudo rm -f /etc/tgt/conf.d/stack.conf
_configure_tgt_for_config_d
if is_ubuntu; then
sudo service tgt restart
elif is_suse; then
# NOTE(dmllr): workaround restart bug
# https://bugzilla.suse.com/show_bug.cgi?id=934642
stop_service tgtd
start_service tgtd
else
restart_service tgtd
fi
@@ -499,8 +648,13 @@ function start_cinder {
fi
run_process c-sch "$CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF"
run_process c-bak "$CINDER_BIN_DIR/cinder-backup --config-file $CINDER_CONF"
run_process c-vol "$CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF"
# Tune glibc for Python Services using single malloc arena for all threads
# and disabling dynamic thresholds to reduce memory usage when using native
# threads directly or via eventlet.tpool
# https://www.gnu.org/software/libc/manual/html_node/Memory-Allocation-Tunables.html
malloc_tuning="MALLOC_ARENA_MAX=1 MALLOC_MMAP_THRESHOLD_=131072 MALLOC_TRIM_THRESHOLD_=262144"
run_process c-bak "$CINDER_BIN_DIR/cinder-backup --config-file $CINDER_CONF" "" "" "$malloc_tuning"
run_process c-vol "$CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF" "" "" "$malloc_tuning"
# NOTE(jdg): For cinder, startup order matters. To ensure that repor_capabilities is received
# by the scheduler start the cinder-volume service last (or restart it) after the scheduler
@@ -515,6 +669,23 @@ function stop_cinder {
stop_process c-vol
}
function create_one_type {
type_name=$1
property_key=$2
property_value=$3
# NOTE (e0ne): openstack client doesn't work with cinder in noauth mode
if is_service_enabled keystone; then
openstack --os-region-name="$REGION_NAME" volume type create --property $property_key="$property_value" $type_name
else
# TODO (e0ne): use openstack client once it will support cinder in noauth mode:
# https://bugs.launchpad.net/python-cinderclient/+bug/1755279
local cinder_url
cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST:$CINDER_SERVICE_PORT/v3
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-create $type_name
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-key $type_name set $property_key="$property_value"
fi
}
# create_volume_types() - Create Cinder's configured volume types
function create_volume_types {
# Create volume types
@@ -522,18 +693,20 @@ function create_volume_types {
local be be_name
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_name=${be##*:}
# NOTE (e0ne): openstack client doesn't work with cinder in noauth mode
if is_service_enabled keystone; then
openstack --os-region-name="$REGION_NAME" volume type create --property volume_backend_name="${be_name}" ${be_name}
else
# TODO (e0ne): use openstack client once it will support cinder in noauth mode:
# https://bugs.launchpad.net/python-cinderclient/+bug/1755279
local cinder_url
cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST:$CINDER_SERVICE_PORT/v3
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-create ${be_name}
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-key ${be_name} set volume_backend_name=${be_name}
fi
create_one_type $be_name "volume_backend_name" $be_name
done
if [[ $ENABLE_VOLUME_MULTIATTACH == "True" ]]; then
create_one_type $VOLUME_TYPE_MULTIATTACH $VOLUME_TYPE_MULTIATTACH "<is> True"
fi
# Increase quota for the service project if glance is using cinder,
# since it's likely to occasionally go above the default 10 in parallel
# test execution.
if [[ "$USE_CINDER_FOR_GLANCE" == "True" ]]; then
openstack --os-region-name="$REGION_NAME" \
quota set --volumes 50 "$SERVICE_PROJECT_NAME"
fi
fi
}
@@ -570,6 +743,24 @@ function configure_cinder_image_volume_cache {
done
}
function configure_cinder_volume_upload {
# Expect UPLOAD_VOLUME_OPTIMIZED_FOR_BACKENDS to be a list of backends
# similar to CINDER_ENABLED_BACKENDS with NAME:TYPE where NAME will
# be the backend specific configuration stanza in cinder.conf.
local be be_name
for be in ${CINDER_UPLOAD_OPTIMIZED_BACKENDS//,/ }; do
be_name=${be##*:}
iniset $CINDER_CONF $be_name image_upload_use_cinder_backend $CINDER_UPLOAD_OPTIMIZED
iniset $CINDER_CONF $be_name image_upload_use_internal_tenant $CINDER_UPLOAD_INTERNAL_TENANT
done
}
function init_cinder_service_user_conf {
configure_keystone_authtoken_middleware $CINDER_CONF cinder service_user
iniset $CINDER_CONF service_user send_service_user_token True
iniset $CINDER_CONF service_user auth_strategy keystone
}
# Restore xtrace
$_XTRACE_CINDER
-32
View File
@@ -6,12 +6,6 @@
# Enable with:
#
# CINDER_ENABLED_BACKENDS+=,ceph:ceph
#
# Optional parameters:
# CINDER_BAK_CEPH_POOL=<pool-name>
# CINDER_BAK_CEPH_USER=<user>
# CINDER_BAK_CEPH_POOL_PG=<pg-num>
# CINDER_BAK_CEPH_POOL_PGP=<pgp-num>
# Dependencies:
#
@@ -29,11 +23,6 @@ set +o xtrace
# Defaults
# --------
CINDER_BAK_CEPH_POOL=${CINDER_BAK_CEPH_POOL:-backups}
CINDER_BAK_CEPH_POOL_PG=${CINDER_BAK_CEPH_POOL_PG:-8}
CINDER_BAK_CEPH_POOL_PGP=${CINDER_BAK_CEPH_POOL_PGP:-8}
CINDER_BAK_CEPH_USER=${CINDER_BAK_CEPH_USER:-cinder-bak}
# Entry Points
# ------------
@@ -52,27 +41,6 @@ function configure_cinder_backend_ceph {
iniset $CINDER_CONF $be_name rbd_flatten_volume_from_snapshot False
iniset $CINDER_CONF $be_name rbd_max_clone_depth 5
iniset $CINDER_CONF DEFAULT glance_api_version 2
if is_service_enabled c-bak; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_BAK_CEPH_POOL} ${CINDER_BAK_CEPH_POOL_PG} ${CINDER_BAK_CEPH_POOL_PGP}
if [ "$REMOTE_CEPH" = "False" ]; then
# Configure Cinder backup service options, ceph pool, ceph user and ceph key
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} size ${CEPH_REPLICAS}
if [[ $CEPH_REPLICAS -ne 1 ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID}
fi
fi
sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.ceph.CephBackupDriver"
iniset $CINDER_CONF DEFAULT backup_ceph_conf "$CEPH_CONF_FILE"
iniset $CINDER_CONF DEFAULT backup_ceph_pool "$CINDER_BAK_CEPH_POOL"
iniset $CINDER_CONF DEFAULT backup_ceph_user "$CINDER_BAK_CEPH_USER"
iniset $CINDER_CONF DEFAULT backup_ceph_stripe_unit 0
iniset $CINDER_CONF DEFAULT backup_ceph_stripe_count 0
iniset $CINDER_CONF DEFAULT restore_discard_excess_bytes True
fi
}
# Restore xtrace
+56
View File
@@ -0,0 +1,56 @@
#!/bin/bash
#
# lib/cinder_backends/ceph_iscsi
# Configure the ceph_iscsi backend
# Enable with:
#
# CINDER_ENABLED_BACKENDS+=,ceph_iscsi:ceph_iscsi
#
# Optional paramteters:
# CEPH_ISCSI_API_URL=<url to the rbd-target-api service>
#
# Dependencies:
#
# - ``functions`` file
# - ``cinder`` configurations
# configure_ceph_backend_ceph_iscsi - called from configure_cinder()
# Save trace setting
_XTRACE_CINDER_CEPH_ISCSI=$(set +o | grep xtrace)
set +o xtrace
# Entry Points
# ------------
# configure_cinder_backend_ceph_iscsi - Set config files, create data dirs, etc
# configure_cinder_backend_ceph_iscsi $name
function configure_cinder_backend_ceph_iscsi {
local be_name=$1
CEPH_ISCSI_API_URL=${CEPH_ISCSI_API_URL:-http://$CEPH_ISCSI_API_HOST:$CEPH_ISCSI_API_PORT}
iniset $CINDER_CONF $be_name volume_backend_name $be_name
iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.ceph.rbd_iscsi.RBDISCSIDriver"
iniset $CINDER_CONF $be_name rbd_ceph_conf "$CEPH_CONF_FILE"
iniset $CINDER_CONF $be_name rbd_pool "$CINDER_CEPH_POOL"
iniset $CINDER_CONF $be_name rbd_user "$CINDER_CEPH_USER"
iniset $CINDER_CONF $be_name rbd_iscsi_api_user "$CEPH_ISCSI_API_USER"
iniset $CINDER_CONF $be_name rbd_iscsi_api_password "$CEPH_ISCSI_API_PASSWORD"
iniset $CINDER_CONF $be_name rbd_iscsi_api_url "$CEPH_ISCSI_API_URL"
iniset $CINDER_CONF $be_name rbd_iscsi_target_iqn "$CEPH_ISCSI_TARGET_IQN"
iniset $CINDER_CONF $be_name rbd_flatten_volume_from_snapshot False
iniset $CINDER_CONF $be_name rbd_max_clone_depth 5
iniset $CINDER_CONF DEFAULT glance_api_version 2
pip_install rbd-iscsi-client
}
# Restore xtrace
$_XTRACE_CINDER_CEPH_ISCSI
# Local variables:
# mode: shell-script
# End:
+1 -1
View File
@@ -50,7 +50,7 @@ function configure_cinder_backend_lvm {
iniset $CINDER_CONF $be_name volume_backend_name $be_name
iniset $CINDER_CONF $be_name volume_driver "cinder.tests.fake_driver.FakeGateDriver"
iniset $CINDER_CONF $be_name volume_group $VOLUME_GROUP_NAME-$be_name
iniset $CINDER_CONF $be_name target_helper "$CINDER_ISCSI_HELPER"
iniset $CINDER_CONF $be_name target_helper "$CINDER_TARGET_HELPER"
iniset $CINDER_CONF $be_name lvm_type "$CINDER_LVM_TYPE"
if [[ "$CINDER_VOLUME_CLEAR" == "non" ]]; then
+5 -2
View File
@@ -50,9 +50,12 @@ function configure_cinder_backend_lvm {
iniset $CINDER_CONF $be_name volume_backend_name $be_name
iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.lvm.LVMVolumeDriver"
iniset $CINDER_CONF $be_name volume_group $VOLUME_GROUP_NAME-$be_name
iniset $CINDER_CONF $be_name target_helper "$CINDER_ISCSI_HELPER"
iniset $CINDER_CONF $be_name target_helper "$CINDER_TARGET_HELPER"
iniset $CINDER_CONF $be_name target_protocol "$CINDER_TARGET_PROTOCOL"
iniset $CINDER_CONF $be_name target_port "$CINDER_TARGET_PORT"
iniset $CINDER_CONF $be_name target_prefix "$CINDER_TARGET_PREFIX"
iniset $CINDER_CONF $be_name lvm_type "$CINDER_LVM_TYPE"
iniset $CINDER_CONF $be_name volume_clear "$CINDER_VOLUME_CLEAR"
}
# init_cinder_backend_lvm - Initialize volume group
+9
View File
@@ -32,6 +32,15 @@ function configure_cinder_backend_nfs {
iniset $CINDER_CONF $be_name volume_backend_name $be_name
iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.nfs.NfsDriver"
iniset $CINDER_CONF $be_name nfs_shares_config "$CINDER_CONF_DIR/nfs-shares-$be_name.conf"
iniset $CINDER_CONF $be_name nas_host localhost
iniset $CINDER_CONF $be_name nas_share_path ${NFS_EXPORT_DIR}
iniset $CINDER_CONF $be_name nas_secure_file_operations \
${NFS_SECURE_FILE_OPERATIONS}
iniset $CINDER_CONF $be_name nas_secure_file_permissions \
${NFS_SECURE_FILE_PERMISSIONS}
# NFS snapshot support is currently opt-in only.
iniset $CINDER_CONF $be_name nfs_snapshot_support True
echo "$CINDER_NFS_SERVERPATH" | tee "$CINDER_CONF_DIR/nfs-shares-$be_name.conf"
}
+56
View File
@@ -0,0 +1,56 @@
#!/bin/bash
#
# lib/cinder_backups/ceph
# Configure the ceph backup driver
# Enable with:
#
# CINDER_BACKUP_DRIVER=ceph
# Dependencies:
#
# - ``functions`` file
# - ``cinder`` configurations
# Save trace setting
_XTRACE_CINDER_CEPH=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
CINDER_BAK_CEPH_POOL=${CINDER_BAK_CEPH_POOL:-backups}
CINDER_BAK_CEPH_POOL_PG=${CINDER_BAK_CEPH_POOL_PG:-8}
CINDER_BAK_CEPH_POOL_PGP=${CINDER_BAK_CEPH_POOL_PGP:-8}
CINDER_BAK_CEPH_USER=${CINDER_BAK_CEPH_USER:-cinder-bak}
function configure_cinder_backup_ceph {
# Execute this part only when cephadm is not used
if [[ "$CEPHADM_DEPLOY" = "False" ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_BAK_CEPH_POOL} ${CINDER_BAK_CEPH_POOL_PG} ${CINDER_BAK_CEPH_POOL_PGP}
if [[ "$REMOTE_CEPH" = "False" && "$CEPH_REPLICAS" -ne 1 ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID}
fi
sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
fi
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.ceph.CephBackupDriver"
iniset $CINDER_CONF DEFAULT backup_ceph_conf "$CEPH_CONF_FILE"
iniset $CINDER_CONF DEFAULT backup_ceph_pool "$CINDER_BAK_CEPH_POOL"
iniset $CINDER_CONF DEFAULT backup_ceph_user "$CINDER_BAK_CEPH_USER"
iniset $CINDER_CONF DEFAULT backup_ceph_stripe_unit 0
iniset $CINDER_CONF DEFAULT backup_ceph_stripe_count 0
iniset $CINDER_CONF DEFAULT restore_discard_excess_bytes True
}
# init_cinder_backup_ceph: nothing to do
# cleanup_cinder_backup_ceph: nothing to do
# Restore xtrace
$_XTRACE_CINDER_CEPH
# Local variables:
# mode: shell-script
# End:
+45
View File
@@ -0,0 +1,45 @@
#!/bin/bash
#
# lib/cinder_backups/s3_swift
# Configure the s3 backup driver with swift s3api
#
# TODO: create lib/cinder_backup/s3 for external s3 compatible storage
# Enable with:
#
# CINDER_BACKUP_DRIVER=s3_swift
# enable_service s3api s-proxy s-object s-container s-account
# Dependencies:
#
# - ``functions`` file
# - ``cinder`` configurations
# Save trace setting
_XTRACE_CINDER_S3_SWIFT=$(set +o | grep xtrace)
set +o xtrace
function configure_cinder_backup_s3_swift {
# This configuration requires swift and s3api. If we're
# on a subnode we might not know if they are enabled
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.s3.S3BackupDriver"
iniset $CINDER_CONF DEFAULT backup_s3_endpoint_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$S3_SERVICE_PORT"
}
function init_cinder_backup_s3_swift {
openstack ec2 credential create
iniset $CINDER_CONF DEFAULT backup_s3_store_access_key "$(openstack ec2 credential list -c Access -f value)"
iniset $CINDER_CONF DEFAULT backup_s3_store_secret_key "$(openstack ec2 credential list -c Secret -f value)"
if is_service_enabled tls-proxy; then
iniset $CINDER_CONF DEFAULT backup_s3_ca_cert_file "$SSL_BUNDLE_FILE"
fi
}
# cleanup_cinder_backup_s3_swift: nothing to do
# Restore xtrace
$_XTRACE_CINDER_S3_SWIFT
# Local variables:
# mode: shell-script
# End:
+41
View File
@@ -0,0 +1,41 @@
#!/bin/bash
#
# lib/cinder_backups/swift
# Configure the swift backup driver
# Enable with:
#
# CINDER_BACKUP_DRIVER=swift
# Dependencies:
#
# - ``functions`` file
# - ``cinder`` configurations
# Save trace setting
_XTRACE_CINDER_SWIFT=$(set +o | grep xtrace)
set +o xtrace
function configure_cinder_backup_swift {
# NOTE(mriedem): The default backup driver uses swift and if we're
# on a subnode we might not know if swift is enabled, but chances are
# good that it is on the controller so configure the backup service
# to use it.
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.swift.SwiftBackupDriver"
iniset $CINDER_CONF DEFAULT backup_swift_url "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/v1/AUTH_"
if is_service_enabled tls-proxy; then
iniset $CINDER_CONF DEFAULT backup_swift_ca_cert_file $SSL_BUNDLE_FILE
fi
}
# init_cinder_backup_swift: nothing to do
# cleanup_cinder_backup_swift: nothing to do
# Restore xtrace
$_XTRACE_CINDER_SWIFT
# Local variables:
# mode: shell-script
# End:
-46
View File
@@ -1,46 +0,0 @@
#!/bin/bash
#
# lib/cinder_plugins/XenAPINFS
# Configure the XenAPINFS driver
# Enable with:
#
# CINDER_DRIVER=XenAPINFS
# Dependencies:
#
# - ``functions`` file
# - ``cinder`` configurations
# configure_cinder_driver - make configuration changes, including those to other services
# Save trace setting
_XTRACE_CINDER_XENAPINFS=$(set +o | grep xtrace)
set +o xtrace
# Defaults
# --------
# Set up default directories
# Entry Points
# ------------
# configure_cinder_driver - Set config files, create data dirs, etc
function configure_cinder_driver {
iniset $CINDER_CONF DEFAULT volume_driver "cinder.volume.drivers.xenapi.sm.XenAPINFSDriver"
iniset $CINDER_CONF DEFAULT xenapi_connection_url "$CINDER_XENAPI_CONNECTION_URL"
iniset $CINDER_CONF DEFAULT xenapi_connection_username "$CINDER_XENAPI_CONNECTION_USERNAME"
iniset $CINDER_CONF DEFAULT xenapi_connection_password "$CINDER_XENAPI_CONNECTION_PASSWORD"
iniset $CINDER_CONF DEFAULT xenapi_nfs_server "$CINDER_XENAPI_NFS_SERVER"
iniset $CINDER_CONF DEFAULT xenapi_nfs_serverpath "$CINDER_XENAPI_NFS_SERVERPATH"
}
# Restore xtrace
$_XTRACE_CINDER_XENAPINFS
# Local variables:
# mode: shell-script
# End:
+4 -2
View File
@@ -89,6 +89,10 @@ function initialize_database_backends {
DATABASE_PASSWORD=$MYSQL_PASSWORD
fi
return 0
}
function define_database_baseurl {
# We configure Nova, Horizon, Glance and Keystone to use MySQL as their
# database server. While they share a single server, each has their own
# database and tables.
@@ -100,8 +104,6 @@ function initialize_database_backends {
# NOTE: Don't specify ``/db`` in this string so we can use it for multiple services
BASE_SQL_CONN=${BASE_SQL_CONN:-$(get_database_type_$DATABASE_TYPE)://$DATABASE_USER:$DATABASE_PASSWORD@$DATABASE_HOST}
return 0
}
# Recreate a given database
+92 -36
View File
@@ -12,6 +12,7 @@ _XTRACE_DB_MYSQL=$(set +o | grep xtrace)
set +o xtrace
MYSQL_DRIVER=${MYSQL_DRIVER:-PyMySQL}
INSTALL_DATABASE_SERVER_PACKAGES=$(trueorfalse True INSTALL_DATABASE_SERVER_PACKAGES)
register_database mysql
@@ -19,11 +20,7 @@ if [[ -z "$MYSQL_SERVICE_NAME" ]]; then
MYSQL_SERVICE_NAME=mysql
if is_fedora && ! is_oraclelinux; then
MYSQL_SERVICE_NAME=mariadb
elif is_suse && systemctl list-unit-files | grep -q 'mariadb\.service'; then
# Older mariadb packages on SLES 12 provided mysql.service. The
# newer ones on SLES 12 and 15 use mariadb.service; they also
# provide a mysql.service symlink for backwards-compatibility, but
# let's not rely on that.
elif [[ "$DISTRO" =~ bookworm|bullseye ]]; then
MYSQL_SERVICE_NAME=mariadb
fi
fi
@@ -51,7 +48,7 @@ function cleanup_database_mysql {
elif is_oraclelinux; then
uninstall_package mysql-community-server
sudo rm -rf /var/lib/mysql
elif is_suse || is_fedora; then
elif is_fedora; then
uninstall_package mariadb-server
sudo rm -rf /var/lib/mysql
else
@@ -66,12 +63,12 @@ function recreate_database_mysql {
}
function configure_database_mysql {
local my_conf mysql slow_log
local my_conf mysql slow_log my_client_conf
echo_summary "Configuring and starting MySQL"
if is_ubuntu; then
my_conf=/etc/mysql/my.cnf
elif is_suse || is_oraclelinux; then
elif is_oraclelinux; then
my_conf=/etc/my.cnf
elif is_fedora; then
my_conf=/etc/my.cnf
@@ -83,42 +80,69 @@ function configure_database_mysql {
exit_distro_not_supported "mysql configuration"
fi
# Start mysql-server
if is_fedora || is_suse; then
# Set fips mode on
if is_ubuntu; then
if is_fips_enabled; then
my_client_conf=/etc/mysql/mysql.conf.d/mysql.cnf
iniset -sudo $my_client_conf mysql ssl-fips-mode "on"
iniset -sudo $my_conf mysqld ssl-fips-mode "on"
fi
fi
# Change bind-address from localhost (127.0.0.1) to any (::)
iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"
# (Re)Start mysql-server
if is_fedora; then
# service is not started by default
start_service $MYSQL_SERVICE_NAME
elif is_ubuntu; then
# required since bind-address could have changed above
restart_service $MYSQL_SERVICE_NAME
fi
# Set the root password - only works the first time. For Ubuntu, we already
# did that with debconf before installing the package, but we still try,
# because the package might have been installed already.
sudo mysqladmin -u root password $DATABASE_PASSWORD || true
# because the package might have been installed already. We don't do this
# for Ubuntu 22.04 (jammy) because the authorization model change in
# version 10.4 of mariadb. See
# https://mariadb.org/authentication-in-mariadb-10-4/
if ! (is_ubuntu && [[ "$DISTRO" == "jammy" ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then
sudo mysqladmin -u root password $DATABASE_PASSWORD || true
fi
# In case of Mariadb, giving hostname in arguments causes permission
# problems as it expects connection through socket
if is_ubuntu && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then
local cmd_args="-uroot -p$DATABASE_PASSWORD "
else
local cmd_args="-uroot -p$DATABASE_PASSWORD -h127.0.0.1 "
local cmd_args="-uroot -p$DATABASE_PASSWORD -h$SERVICE_LOCAL_HOST "
fi
# In mariadb e.g. on Ubuntu socket plugin is used for authentication
# as root so it works only as sudo. To restore old "mysql like" behaviour,
# we need to change auth plugin for root user
if is_ubuntu && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then
sudo mysql $cmd_args -e "UPDATE mysql.user SET plugin='' WHERE user='$DATABASE_USER' AND host='localhost';"
sudo mysql $cmd_args -e "FLUSH PRIVILEGES;"
# TODO(frickler): simplify this logic
if is_ubuntu && [[ ! "$DISTRO" =~ bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then
if [[ "$DISTRO" == "jammy" ]]; then
# For Ubuntu 22.04 (jammy) we follow the model outlined in
# https://mariadb.org/authentication-in-mariadb-10-4/
sudo mysql -e "ALTER USER $DATABASE_USER@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('$DATABASE_PASSWORD');"
else
sudo mysql $cmd_args -e "UPDATE mysql.user SET plugin='' WHERE user='$DATABASE_USER' AND host='localhost';"
sudo mysql $cmd_args -e "FLUSH PRIVILEGES;"
fi
fi
if ! (is_ubuntu && [[ "$DISTRO" == "jammy" ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then
# Create DB user if it does not already exist
sudo mysql $cmd_args -e "CREATE USER IF NOT EXISTS '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
# Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases:
sudo mysql $cmd_args -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%';"
fi
# Create DB user if it does not already exist
sudo mysql $cmd_args -e "CREATE USER IF NOT EXISTS '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';"
# Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases:
sudo mysql $cmd_args -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%';"
# Now update ``my.cnf`` for some local needs and restart the mysql service
# Change bind-address from localhost (127.0.0.1) to any (::) and
# set default db type to InnoDB
iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"
# Set default db type to InnoDB
iniset -sudo $my_conf mysqld sql_mode TRADITIONAL
iniset -sudo $my_conf mysqld default-storage-engine InnoDB
iniset -sudo $my_conf mysqld max_connections 1024
@@ -143,6 +167,29 @@ function configure_database_mysql {
iniset -sudo $my_conf mysqld log-queries-not-using-indexes 1
fi
if [[ "$MYSQL_GATHER_PERFORMANCE" == "True" ]]; then
echo "enabling MySQL performance counting"
# Install our sqlalchemy plugin
pip_install ${TOP_DIR}/tools/dbcounter
# Create our stats database for accounting
recreate_database stats
mysql -u $DATABASE_USER -p$DATABASE_PASSWORD -h $MYSQL_HOST -e \
"CREATE TABLE queries (db VARCHAR(32), op VARCHAR(32),
count INT, PRIMARY KEY (db, op)) ENGINE MEMORY" stats
fi
if [[ "$MYSQL_REDUCE_MEMORY" == "True" ]]; then
iniset -sudo $my_conf mysqld read_buffer_size 64K
iniset -sudo $my_conf mysqld innodb_buffer_pool_size 16M
iniset -sudo $my_conf mysqld thread_stack 192K
iniset -sudo $my_conf mysqld thread_cache_size 8
iniset -sudo $my_conf mysqld tmp_table_size 8M
iniset -sudo $my_conf mysqld sort_buffer_size 8M
iniset -sudo $my_conf mysqld max_allowed_packet 8M
fi
restart_service $MYSQL_SERVICE_NAME
}
@@ -173,18 +220,17 @@ EOF
chmod 0600 $HOME/.my.cnf
fi
# Install mysql-server
if is_oraclelinux; then
install_package mysql-community-server
elif is_fedora; then
install_package mariadb-server mariadb-devel
sudo systemctl enable $MYSQL_SERVICE_NAME
elif is_suse; then
install_package mariadb-server
sudo systemctl enable $MYSQL_SERVICE_NAME
elif is_ubuntu; then
install_package $MYSQL_SERVICE_NAME-server
else
exit_distro_not_supported "mysql installation"
if [[ "$INSTALL_DATABASE_SERVER_PACKAGES" == "True" ]]; then
if is_oraclelinux; then
install_package mysql-community-server
elif is_fedora; then
install_package mariadb-server mariadb-devel mariadb
sudo systemctl enable $MYSQL_SERVICE_NAME
elif is_ubuntu; then
install_package $MYSQL_SERVICE_NAME-server
else
exit_distro_not_supported "mysql installation"
fi
fi
}
@@ -200,7 +246,17 @@ function install_database_python_mysql {
function database_connection_url_mysql {
local db=$1
echo "$BASE_SQL_CONN/$db?charset=utf8"
local plugin
# NOTE(danms): We don't enable perf on subnodes yet because the
# plugin is not installed there
if [[ "$MYSQL_GATHER_PERFORMANCE" == "True" ]]; then
if is_service_enabled mysql; then
plugin="&plugin=dbcounter"
fi
fi
echo "$BASE_SQL_CONN/$db?charset=utf8$plugin"
}
+18 -16
View File
@@ -13,7 +13,7 @@ set +o xtrace
MAX_DB_CONNECTIONS=${MAX_DB_CONNECTIONS:-200}
INSTALL_DATABASE_SERVER_PACKAGES=$(trueorfalse True INSTALL_DATABASE_SERVER_PACKAGES)
register_database postgresql
@@ -32,7 +32,7 @@ function cleanup_database_postgresql {
# Get ruthless with mysql
apt_get purge -y postgresql*
return
elif is_fedora || is_suse; then
elif is_fedora; then
uninstall_package postgresql-server
else
return
@@ -46,6 +46,10 @@ function recreate_database_postgresql {
createdb -h $DATABASE_HOST -U$DATABASE_USER -l C -T template0 -E utf8 $db
}
function _exit_pg_init {
sudo cat /var/lib/pgsql/initdb_postgresql.log
}
function configure_database_postgresql {
local pg_conf pg_dir pg_hba check_role version
echo_summary "Configuring and starting PostgreSQL"
@@ -53,7 +57,9 @@ function configure_database_postgresql {
pg_hba=/var/lib/pgsql/data/pg_hba.conf
pg_conf=/var/lib/pgsql/data/postgresql.conf
if ! sudo [ -e $pg_hba ]; then
trap _exit_pg_init EXIT
sudo postgresql-setup initdb
trap - EXIT
fi
elif is_ubuntu; then
version=`psql --version | cut -d ' ' -f3 | cut -d. -f1-2`
@@ -66,11 +72,6 @@ function configure_database_postgresql {
pg_dir=`find /etc/postgresql -name pg_hba.conf|xargs dirname`
pg_hba=$pg_dir/pg_hba.conf
pg_conf=$pg_dir/postgresql.conf
elif is_suse; then
pg_hba=/var/lib/pgsql/data/pg_hba.conf
pg_conf=/var/lib/pgsql/data/postgresql.conf
# initdb is called when postgresql is first started
sudo [ -e $pg_hba ] || start_service postgresql
else
exit_distro_not_supported "postgresql configuration"
fi
@@ -95,7 +96,6 @@ function configure_database_postgresql {
function install_database_postgresql {
echo_summary "Installing postgresql"
deprecated "Use of postgresql in devstack is deprecated, and will be removed during the Pike cycle"
local pgpass=$HOME/.pgpass
if [[ ! -e $pgpass ]]; then
cat <<EOF > $pgpass
@@ -105,15 +105,17 @@ EOF
else
sed -i "s/:root:\w\+/:root:$DATABASE_PASSWORD/" $pgpass
fi
if is_ubuntu; then
install_package postgresql
elif is_fedora || is_suse; then
install_package postgresql-server
if is_fedora; then
sudo systemctl enable postgresql
if [[ "$INSTALL_DATABASE_SERVER_PACKAGES" == "True" ]]; then
if is_ubuntu; then
install_package postgresql
elif is_fedora; then
install_package postgresql-server
if is_fedora; then
sudo systemctl enable postgresql
fi
else
exit_distro_not_supported "postgresql installation"
fi
else
exit_distro_not_supported "postgresql installation"
fi
}
+6
View File
@@ -40,12 +40,18 @@ function start_dstat {
if is_service_enabled peakmem_tracker; then
die $LINENO "The peakmem_tracker service has been removed, use memory_tracker instead"
fi
# To enable file_tracker add:
# enable_service file_tracker
# to your localrc
run_process file_tracker "$TOP_DIR/tools/file_tracker.sh"
}
# stop_dstat() stop dstat process
function stop_dstat {
stop_process dstat
stop_process memory_tracker
stop_process file_tracker
}
# Restore xtrace
+1 -1
View File
@@ -51,7 +51,7 @@ function start_etcd3 {
fi
cmd+=" --listen-client-urls http://$SERVICE_HOST:$ETCD_PORT"
if [ "$ENABLE_DEBUG_LOG_LEVEL" == "True" ]; then
cmd+=" --debug"
cmd+=" --log-level=debug"
fi
local unitfile="$SYSTEMD_DIR/$ETCD_SYSTEMD_SERVICE"
+169 -10
View File
@@ -47,10 +47,21 @@ USE_CINDER_FOR_GLANCE=$(trueorfalse False USE_CINDER_FOR_GLANCE)
# from CINDER_ENABLED_BACKENDS
GLANCE_CINDER_DEFAULT_BACKEND=${GLANCE_CINDER_DEFAULT_BACKEND:-lvmdriver-1}
GLANCE_STORE_ROOTWRAP_BASE_DIR=/usr/local/etc/glance
# NOTE (abhishekk): For opensuse data files are stored in different directory
if is_opensuse; then
GLANCE_STORE_ROOTWRAP_BASE_DIR=/usr/etc/glance
if [[ "$GLOBAL_VENV" == "True" ]] ; then
GLANCE_STORE_ROOTWRAP_BASE_DIR=${DEVSTACK_VENV}/etc/glance
fi
# When Cinder is used as a glance store, you can optionally configure cinder to
# optimize bootable volume creation by allowing volumes to be cloned directly
# in the backend instead of transferring data via Glance. To use this feature,
# set CINDER_ALLOWED_DIRECT_URL_SCHEMES for cinder.conf and enable
# GLANCE_SHOW_DIRECT_URL and/or GLANCE_SHOW_MULTIPLE_LOCATIONS for Glance. The
# default value for both of these is False, because for some backends they
# present a grave security risk (though not for Cinder, because all that's
# exposed is the volume_id where the image data is stored.) See OSSN-0065 for
# more information: https://wiki.openstack.org/wiki/OSSN/OSSN-0065
GLANCE_SHOW_DIRECT_URL=$(trueorfalse False GLANCE_SHOW_DIRECT_URL)
GLANCE_SHOW_MULTIPLE_LOCATIONS=$(trueorfalse False GLANCE_SHOW_MULTIPLE_LOCATIONS)
# Glance multi-store configuration
# Boolean flag to enable multiple store configuration for glance
GLANCE_ENABLE_MULTIPLE_STORES=$(trueorfalse False GLANCE_ENABLE_MULTIPLE_STORES)
@@ -64,13 +75,14 @@ GLANCE_MULTIPLE_FILE_STORES=${GLANCE_MULTIPLE_FILE_STORES:-fast}
GLANCE_DEFAULT_BACKEND=${GLANCE_DEFAULT_BACKEND:-fast}
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
GLANCE_CACHE_DRIVER=${GLANCE_CACHE_DRIVER:-centralized_db}
# Full Glance functionality requires running in standalone mode. If we are
# not in uwsgi mode, then we are standalone, otherwise allow separate control.
if [[ "$WSGI_MODE" != "uwsgi" ]]; then
GLANCE_STANDALONE=True
fi
GLANCE_STANDALONE=${GLANCE_STANDALONE:-True}
GLANCE_STANDALONE=${GLANCE_STANDALONE:-False}
# File path for each store specified in GLANCE_MULTIPLE_FILE_STORES, the store
# identifier will be appended to this path at runtime. If GLANCE_MULTIPLE_FILE_STORES
@@ -84,6 +96,16 @@ GLANCE_STAGING_DIR=${GLANCE_MULTISTORE_FILE_IMAGE_DIR:=$DATA_DIR/os_glance_stagi
GLANCE_TASKS_DIR=${GLANCE_MULTISTORE_FILE_IMAGE_DIR:=$DATA_DIR/os_glance_tasks_store}
GLANCE_USE_IMPORT_WORKFLOW=$(trueorfalse False GLANCE_USE_IMPORT_WORKFLOW)
GLANCE_ENABLE_QUOTAS=$(trueorfalse True GLANCE_ENABLE_QUOTAS)
# Flag to set the oslo_policy.enforce_scope. This is used to switch
# This is used to disable the Image API policies scope and new defaults.
# By Default, it is True.
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
GLANCE_ENFORCE_SCOPE=$(trueorfalse True GLANCE_ENFORCE_SCOPE)
# Flag to disable image format inspection on upload
GLANCE_ENFORCE_IMAGE_FORMAT=$(trueorfalse True GLANCE_ENFORCE_IMAGE_FORMAT)
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
@@ -107,6 +129,10 @@ GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT}
GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
GLANCE_UWSGI=$GLANCE_BIN_DIR/glance-wsgi-api
GLANCE_UWSGI_CONF=$GLANCE_CONF_DIR/glance-uwsgi.ini
# Glance default limit for Devstack
GLANCE_LIMIT_IMAGE_SIZE_TOTAL=${GLANCE_LIMIT_IMAGE_SIZE_TOTAL:-1000}
# If wsgi mode is uwsgi run glance under uwsgi, else default to eventlet
# TODO(mtreinish): Remove the eventlet path here and in all the similar
# conditionals below after the Pike release
@@ -130,8 +156,9 @@ function is_glance_enabled {
# cleanup_glance() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_glance {
# delete image files (glance)
sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR
# delete image files (glance) and all of the glance-remote temporary
# storage
sudo rm -rf $GLANCE_CACHE_DIR $GLANCE_IMAGE_DIR "${DATA_DIR}/glance-remote"
# Cleanup multiple stores directories
if [[ "$GLANCE_ENABLE_MULTIPLE_STORES" == "True" ]]; then
@@ -144,6 +171,7 @@ function cleanup_glance {
# Cleanup reserved stores directories
sudo rm -rf $GLANCE_STAGING_DIR $GLANCE_TASKS_DIR
fi
remove_uwsgi_config "$GLANCE_UWSGI_CONF" "glance-wsgi-api"
}
# Set multiple cinder store related config options for each of the cinder store
@@ -262,6 +290,38 @@ function configure_glance_store {
fi
}
function configure_glance_quotas {
# Registered limit resources in keystone are system-specific resources.
# Make sure we use a system-scoped token to interact with this API.
openstack --os-cloud devstack-system-admin registered limit create --service glance \
--default-limit $GLANCE_LIMIT_IMAGE_SIZE_TOTAL --region $REGION_NAME image_size_total
openstack --os-cloud devstack-system-admin registered limit create --service glance \
--default-limit $GLANCE_LIMIT_IMAGE_SIZE_TOTAL --region $REGION_NAME image_stage_total
openstack --os-cloud devstack-system-admin registered limit create --service glance \
--default-limit 100 --region $REGION_NAME image_count_total
openstack --os-cloud devstack-system-admin registered limit create --service glance \
--default-limit 100 --region $REGION_NAME image_count_uploading
# Tell glance to use these limits
iniset $GLANCE_API_CONF DEFAULT use_keystone_limits True
# Configure oslo_limit so it can talk to keystone
iniset $GLANCE_API_CONF oslo_limit user_domain_name $SERVICE_DOMAIN_NAME
iniset $GLANCE_API_CONF oslo_limit password $SERVICE_PASSWORD
iniset $GLANCE_API_CONF oslo_limit username glance
iniset $GLANCE_API_CONF oslo_limit auth_type password
iniset $GLANCE_API_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI
iniset $GLANCE_API_CONF oslo_limit system_scope all
iniset $GLANCE_API_CONF oslo_limit endpoint_id \
$(openstack --os-cloud devstack-system-admin endpoint list --service glance -f value -c ID)
# Allow the glance service user to read quotas
openstack --os-cloud devstack-system-admin role add --user glance \
--user-domain $SERVICE_DOMAIN_NAME --system all reader
}
# configure_glance() - Set config files, create data dirs, etc
function configure_glance {
sudo install -d -o $STACK_USER $GLANCE_CONF_DIR $GLANCE_METADEF_DIR
@@ -274,18 +334,19 @@ function configure_glance {
iniset $GLANCE_API_CONF database connection $dburl
iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF DEFAULT image_cache_driver $GLANCE_CACHE_DRIVER
iniset $GLANCE_API_CONF oslo_concurrency lock_path $GLANCE_LOCK_DIR
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
configure_keystone_authtoken_middleware $GLANCE_API_CONF glance
iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2
iniset_rpc_backend glance $GLANCE_API_CONF
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz"
iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,raw,iso"
fi
if [ "$VIRT_DRIVER" = 'libvirt' ] && [ "$LIBVIRT_TYPE" = 'parallels' ]; then
iniset $GLANCE_API_CONF DEFAULT disk_formats "ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso,ploop"
fi
# Only use these if you know what you are doing! See OSSN-0065
iniset $GLANCE_API_CONF DEFAULT show_image_direct_url $GLANCE_SHOW_DIRECT_URL
iniset $GLANCE_API_CONF DEFAULT show_multiple_locations $GLANCE_SHOW_MULTIPLE_LOCATIONS
iniset $GLANCE_API_CONF image_format require_image_format_match $GLANCE_ENFORCE_IMAGE_FORMAT
# Configure glance_store
configure_glance_store $USE_CINDER_FOR_GLANCE $GLANCE_ENABLE_MULTIPLE_STORES
@@ -338,6 +399,7 @@ function configure_glance {
iniset $GLANCE_CACHE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_driver $GLANCE_CACHE_DRIVER
iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance
@@ -365,11 +427,27 @@ function configure_glance {
if [[ "$GLANCE_STANDALONE" == False ]]; then
write_local_uwsgi_http_config "$GLANCE_UWSGI_CONF" "$GLANCE_UWSGI" "/image"
# Grab our uwsgi listen address and use that to fill out our
# worker_self_reference_url config
iniset $GLANCE_API_CONF DEFAULT worker_self_reference_url \
$(awk '-F= ' '/^http-socket/ { print "http://"$2}' \
$GLANCE_UWSGI_CONF)
else
write_local_proxy_http_config glance "http://$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT_INT" "/image"
iniset $GLANCE_API_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
iniset $GLANCE_API_CONF DEFAULT worker_self_reference_url $GLANCE_URL
fi
if [[ "$GLANCE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $GLANCE_API_CONF oslo_policy enforce_scope true
iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults true
iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac true
else
iniset $GLANCE_API_CONF oslo_policy enforce_scope false
iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults false
iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac false
fi
}
@@ -401,6 +479,11 @@ function create_glance_accounts {
service_domain_id=$(get_or_create_domain $SERVICE_DOMAIN_NAME)
iniset $GLANCE_SWIFT_STORE_CONF ref1 project_domain_id $service_domain_id
iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id $service_domain_id
if [[ "$GLANCE_ENABLE_QUOTAS" = True ]]; then
configure_glance_quotas
fi
fi
}
@@ -460,6 +543,76 @@ function install_glance {
setup_develop $GLANCE_DIR
}
# glance_remote_conf() - Return the path to an alternate config file for
# the remote glance clone
function glance_remote_conf {
echo $(dirname "${GLANCE_CONF_DIR}")/glance-remote/$(basename "$1")
}
# start_glance_remote_clone() - Clone the regular glance api worker
function start_glance_remote_clone {
local glance_remote_conf_dir glance_remote_port remote_data
local glance_remote_uwsgi venv
glance_remote_conf_dir="$(glance_remote_conf "")"
glance_remote_port=$(get_random_port)
glance_remote_uwsgi="$(glance_remote_conf $GLANCE_UWSGI_CONF)"
# Clone the existing ready-to-go glance-api setup
sudo rm -Rf "$glance_remote_conf_dir"
sudo cp -r "$GLANCE_CONF_DIR" "$glance_remote_conf_dir"
sudo chown $STACK_USER -R "$glance_remote_conf_dir"
# Point this worker at different data dirs
remote_data="${DATA_DIR}/glance-remote"
mkdir -p $remote_data/os_glance_tasks_store \
"${remote_data}/os_glance_staging_store"
iniset $(glance_remote_conf "$GLANCE_API_CONF") os_glance_staging_store \
filesystem_store_datadir "${remote_data}/os_glance_staging_store"
iniset $(glance_remote_conf "$GLANCE_API_CONF") os_glance_tasks_store \
filesystem_store_datadir "${remote_data}/os_glance_tasks_store"
# Point this worker to use different cache dir
mkdir -p "$remote_data/cache"
iniset $(glance_remote_conf "$GLANCE_API_CONF") DEFAULT \
image_cache_dir "${remote_data}/cache"
# Change our uwsgi to our new port
sed -ri "s/^(http-socket.*):[0-9]+/\1:$glance_remote_port/" \
"$glance_remote_uwsgi"
# Update the self-reference url with our new port
iniset $(glance_remote_conf $GLANCE_API_CONF) DEFAULT \
worker_self_reference_url \
$(awk '-F= ' '/^http-socket/ { print "http://"$2 }' \
"$glance_remote_uwsgi")
# We need to create the systemd service for the clone, but then
# change it to include an Environment line to point the WSGI app
# at the alternate config directory.
if [[ "$GLOBAL_VENV" == True ]]; then
venv="--venv $DEVSTACK_VENV"
fi
write_uwsgi_user_unit_file devstack@g-api-r.service "$(which uwsgi) \
--procname-prefix \
glance-api-remote \
--ini $glance_remote_uwsgi \
$venv" \
"" "$STACK_USER"
iniadd -sudo ${SYSTEMD_DIR}/devstack@g-api-r.service \
"Service" "Environment" \
"OS_GLANCE_CONFIG_DIR=$glance_remote_conf_dir"
# Reload and restart with the new config
$SYSTEMCTL daemon-reload
$SYSTEMCTL restart devstack@g-api-r
get_or_create_service glance_remote image_remote "Alternate glance"
get_or_create_endpoint image_remote $REGION_NAME \
$(awk '-F= ' '/^http-socket/ { print "http://"$2 }' \
$glance_remote_uwsgi)
}
# start_glance() - Start running processes
function start_glance {
local service_protocol=$GLANCE_SERVICE_PROTOCOL
@@ -475,6 +628,11 @@ function start_glance {
run_process g-api "$GLANCE_BIN_DIR/glance-api --config-dir=$GLANCE_CONF_DIR"
fi
if is_service_enabled g-api-r; then
echo "Starting the g-api-r clone service..."
start_glance_remote_clone
fi
echo "Waiting for g-api ($GLANCE_SERVICE_HOST) to start..."
if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_URL; then
die $LINENO "g-api did not start"
@@ -484,6 +642,7 @@ function start_glance {
# stop_glance() - Stop running processes
function stop_glance {
stop_process g-api
stop_process g-api-r
}
# Restore xtrace
+15 -1
View File
@@ -109,12 +109,21 @@ function configure_horizon {
_horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT "True"
fi
if is_service_enabled c-bak; then
_horizon_config_set $local_settings OPENSTACK_CINDER_FEATURES enable_backup "True"
fi
# Create an empty directory that apache uses as docroot
sudo mkdir -p $HORIZON_DIR/.blackhole
local horizon_conf
horizon_conf=$(apache_site_config_for horizon)
local wsgi_venv_config=""
if [[ "$GLOBAL_VENV" == "True" ]] ; then
wsgi_venv_config="WSGIPythonHome $DEVSTACK_VENV"
fi
# Configure apache to run horizon
# Set up the django horizon application to serve via apache/wsgi
sudo sh -c "sed -e \"
@@ -124,12 +133,13 @@ function configure_horizon {
s,%APACHE_NAME%,$APACHE_NAME,g;
s,%DEST%,$DEST,g;
s,%WEBROOT%,$HORIZON_APACHE_ROOT,g;
s,%WSGIPYTHONHOME%,$wsgi_venv_config,g;
\" $FILES/apache-horizon.template >$horizon_conf"
if is_ubuntu; then
disable_apache_site 000-default
sudo touch $horizon_conf
elif is_fedora || is_suse; then
elif is_fedora; then
: # nothing to do
else
exit_distro_not_supported "horizon apache configuration"
@@ -163,6 +173,10 @@ function install_horizon {
# Apache installation, because we mark it NOPRIME
install_apache_wsgi
# Install the memcache library so that horizon can use memcached as its
# cache backend
pip_install_gr pymemcache
git_clone $HORIZON_REPO $HORIZON_DIR $HORIZON_BRANCH
}
+98
View File
@@ -0,0 +1,98 @@
#!/bin/bash
# Kernel Samepage Merging (KSM)
# -----------------------------
# Processes that mark their memory as mergeable can share identical memory
# pages if KSM is enabled. This is particularly useful for nova + libvirt
# backends but any other setup that marks its memory as mergeable can take
# advantage. The drawback is there is higher cpu load; however, we tend to
# be memory bound not cpu bound so enable KSM by default but allow people
# to opt out if the CPU time is more important to them.
ENABLE_KSM=$(trueorfalse True ENABLE_KSM)
ENABLE_KSMTUNED=$(trueorfalse True ENABLE_KSMTUNED)
function configure_ksm {
if [[ $ENABLE_KSMTUNED == "True" ]] ; then
install_package "ksmtuned"
fi
if [[ -f /sys/kernel/mm/ksm/run ]] ; then
echo $(bool_to_int ENABLE_KSM) | sudo tee /sys/kernel/mm/ksm/run
fi
}
# Compressed swap (ZSWAP)
#------------------------
# as noted in the kernel docs https://docs.kernel.org/admin-guide/mm/zswap.html
# Zswap is a lightweight compressed cache for swap pages.
# It takes pages that are in the process of being swapped out and attempts
# to compress them into a dynamically allocated RAM-based memory pool.
# zswap basically trades CPU cycles for potentially reduced swap I/O.
# This trade-off can also result in a significant performance improvement
# if reads from the compressed cache are faster than reads from a swap device.
ENABLE_ZSWAP=$(trueorfalse False ENABLE_ZSWAP)
# lz4 is very fast although it does not have the best compression
# zstd has much better compression but more latency
ZSWAP_COMPRESSOR=${ZSWAP_COMPRESSOR:="lz4"}
ZSWAP_ZPOOL=${ZSWAP_ZPOOL:="z3fold"}
function configure_zswap {
if [[ $ENABLE_ZSWAP == "True" ]] ; then
# Centos 9 stream seems to only support enabling but not run time
# tuning so dont try to choose better default on centos
if is_ubuntu; then
echo ${ZSWAP_COMPRESSOR} | sudo tee /sys/module/zswap/parameters/compressor
echo ${ZSWAP_ZPOOL} | sudo tee /sys/module/zswap/parameters/zpool
fi
echo 1 | sudo tee /sys/module/zswap/parameters/enabled
# print curent zswap kernel config
sudo grep -R . /sys/module/zswap/parameters || /bin/true
fi
}
ENABLE_SYSCTL_MEM_TUNING=$(trueorfalse False ENABLE_SYSCTL_MEM_TUNING)
function configure_sysctl_mem_parmaters {
if [[ $ENABLE_SYSCTL_MEM_TUNING == "True" ]] ; then
# defer write when memory is available
sudo sysctl -w vm.dirty_ratio=60
sudo sysctl -w vm.dirty_background_ratio=10
sudo sysctl -w vm.vfs_cache_pressure=50
# assume swap is compressed so on new kernels
# give it equal priority as page cache which is
# uncompressed. on kernels < 5.8 the max is 100
# not 200 so it will strongly prefer swapping.
sudo sysctl -w vm.swappiness=100
sudo grep -R . /proc/sys/vm/ || /bin/true
fi
}
function configure_host_mem {
configure_zswap
configure_ksm
configure_sysctl_mem_parmaters
}
ENABLE_SYSCTL_NET_TUNING=$(trueorfalse False ENABLE_SYSCTL_NET_TUNING)
function configure_sysctl_net_parmaters {
if [[ $ENABLE_SYSCTL_NET_TUNING == "True" ]] ; then
# detect dead TCP connections after 120 seconds
sudo sysctl -w net.ipv4.tcp_keepalive_time=60
sudo sysctl -w net.ipv4.tcp_keepalive_intvl=10
sudo sysctl -w net.ipv4.tcp_keepalive_probes=6
# reudce network latency for new connections
sudo sysctl -w net.ipv4.tcp_fastopen=3
# print tcp options
sudo grep -R . /proc/sys/net/ipv4/tcp* || /bin/true
# disable qos by default
sudo sysctl -w net.core.default_qdisc=pfifo_fast
fi
}
function configure_host_net {
configure_sysctl_net_parmaters
}
function tune_host {
configure_host_mem
configure_host_net
}
+1 -1
View File
@@ -31,7 +31,7 @@ function install_infra {
local PIP_VIRTUAL_ENV="$REQUIREMENTS_DIR/.venv"
[ ! -d $PIP_VIRTUAL_ENV ] && ${VIRTUALENV_CMD} $PIP_VIRTUAL_ENV
# We don't care about testing git pbr in the requirements venv.
PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr
PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr setuptools
PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install $REQUIREMENTS_DIR
# Unset the PIP_VIRTUAL_ENV so that PBR does not end up trapped
+102 -57
View File
@@ -9,7 +9,6 @@
# - ``tls`` file
# - ``DEST``, ``STACK_USER``
# - ``FILES``
# - ``IDENTITY_API_VERSION``
# - ``BASE_SQL_CONN``
# - ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
# - ``S3_SERVICE_PORT`` (template backend only)
@@ -50,9 +49,7 @@ fi
KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini
KEYSTONE_ADMIN_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-admin.ini
KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public
KEYSTONE_ADMIN_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-admin
# KEYSTONE_DEPLOY defines how keystone is deployed, allowed values:
# - mod_wsgi : Run keystone under Apache HTTPd mod_wsgi
@@ -81,21 +78,12 @@ KEYSTONE_RESOURCE_BACKEND=${KEYSTONE_RESOURCE_BACKEND:-sql}
KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-fernet}
KEYSTONE_TOKEN_FORMAT=$(echo ${KEYSTONE_TOKEN_FORMAT} | tr '[:upper:]' '[:lower:]')
# Set Keystone interface configuration
KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
KEYSTONE_AUTH_PORT=${KEYSTONE_AUTH_PORT:-35357}
KEYSTONE_AUTH_PORT_INT=${KEYSTONE_AUTH_PORT_INT:-35358}
KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
# Public facing bits
KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST}
KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
KEYSTONE_SERVICE_PORT_INT=${KEYSTONE_SERVICE_PORT_INT:-5001}
KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
# Bind hosts
KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
# Set the project for service accounts in Keystone
SERVICE_DOMAIN_NAME=${SERVICE_DOMAIN_NAME:-Default}
SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
@@ -106,7 +94,6 @@ SERVICE_TENANT_NAME=${SERVICE_PROJECT_NAME:-service}
# if we are running with SSL use https protocols
if is_service_enabled tls-proxy; then
KEYSTONE_AUTH_PROTOCOL="https"
KEYSTONE_SERVICE_PROTOCOL="https"
fi
@@ -134,6 +121,15 @@ KEYSTONE_PASSWORD_HASH_ROUNDS=${KEYSTONE_PASSWORD_HASH_ROUNDS:-4}
# Cache settings
KEYSTONE_ENABLE_CACHE=${KEYSTONE_ENABLE_CACHE:-True}
# Whether to create a keystone admin endpoint for legacy applications
KEYSTONE_ADMIN_ENDPOINT=$(trueorfalse False KEYSTONE_ADMIN_ENDPOINT)
# Flag to set the oslo_policy.enforce_scope. This is used to switch
# the Identity API policies to start checking the scope of token. By Default,
# this flag is False.
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
KEYSTONE_ENFORCE_SCOPE=$(trueorfalse False KEYSTONE_ENFORCE_SCOPE)
# Functions
# ---------
@@ -154,11 +150,8 @@ function cleanup_keystone {
sudo rm -f $(apache_site_config_for keystone)
else
stop_process "keystone"
# TODO: remove admin at pike-2
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "keystone-wsgi-public"
sudo rm -f $(apache_site_config_for keystone-wsgi-public)
sudo rm -f $(apache_site_config_for keystone-wsgi-admin)
fi
}
@@ -171,12 +164,10 @@ function _config_keystone_apache_wsgi {
local keystone_certfile=""
local keystone_keyfile=""
local keystone_service_port=$KEYSTONE_SERVICE_PORT
local keystone_auth_port=$KEYSTONE_AUTH_PORT
local venv_path=""
if is_service_enabled tls-proxy; then
keystone_service_port=$KEYSTONE_SERVICE_PORT_INT
keystone_auth_port=$KEYSTONE_AUTH_PORT_INT
fi
if [[ ${USE_VENV} = True ]]; then
venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages"
@@ -185,7 +176,6 @@ function _config_keystone_apache_wsgi {
sudo cp $FILES/apache-keystone.template $keystone_apache_conf
sudo sed -e "
s|%PUBLICPORT%|$keystone_service_port|g;
s|%ADMINPORT%|$keystone_auth_port|g;
s|%APACHE_NAME%|$APACHE_NAME|g;
s|%SSLLISTEN%|$keystone_ssl_listen|g;
s|%SSLENGINE%|$keystone_ssl|g;
@@ -223,22 +213,17 @@ function configure_keystone {
iniset_rpc_backend keystone $KEYSTONE_CONF oslo_messaging_notifications
local service_port=$KEYSTONE_SERVICE_PORT
local auth_port=$KEYSTONE_AUTH_PORT
if is_service_enabled tls-proxy; then
# Set the service ports for a proxy to take the originals
service_port=$KEYSTONE_SERVICE_PORT_INT
auth_port=$KEYSTONE_AUTH_PORT_INT
fi
# Override the endpoints advertised by keystone (the public_endpoint and
# admin_endpoint) so that clients use the correct endpoint. By default, the
# keystone server uses the public_port and admin_port which isn't going to
# work when you want to use a different port (in the case of proxy), or you
# don't want the port (in the case of putting keystone on a path in
# apache).
# Override the endpoints advertised by keystone so that clients use the correct
# endpoint. By default, the keystone server uses the public_port which isn't
# going to work when you want to use a different port (in the case of proxy),
# or you don't want the port (in the case of putting keystone on a path in apache).
iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
if [[ "$KEYSTONE_TOKEN_FORMAT" != "" ]]; then
iniset $KEYSTONE_CONF token provider $KEYSTONE_TOKEN_FORMAT
@@ -261,7 +246,6 @@ function configure_keystone {
_config_keystone_apache_wsgi
else # uwsgi
write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity"
write_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI" "/identity_admin"
fi
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384
@@ -281,6 +265,16 @@ function configure_keystone {
iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
fi
iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml
if [[ "$KEYSTONE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $KEYSTONE_CONF oslo_policy enforce_scope true
iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults true
else
iniset $KEYSTONE_CONF oslo_policy enforce_scope false
iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults false
fi
}
# create_keystone_accounts() - Sets up common required keystone accounts
@@ -303,40 +297,48 @@ function configure_keystone {
# admins admin admin admin
# nonadmins demo, alt_demo member, anotherrole demo, alt_demo
# System User Roles
# ------------------------------------------------------------------
# all admin admin
# all system_reader reader
# all system_member member
# Migrated from keystone_data.sh
function create_keystone_accounts {
# The keystone bootstrapping process (performed via keystone-manage
# bootstrap) creates an admin user, admin role, member role, and admin
# bootstrap) creates an admin user and an admin
# project. As a sanity check we exercise the CLI to retrieve the IDs for
# these values.
local admin_project
admin_project=$(openstack project show "admin" -f value -c id)
local admin_user
admin_user=$(openstack user show "admin" -f value -c id)
# These roles are also created during bootstrap but we don't need their IDs
local admin_role="admin"
local member_role="member"
local reader_role="reader"
get_or_add_user_domain_role $admin_role $admin_user default
async_run ks-domain-role get_or_add_user_domain_role $admin_role $admin_user default
# Create service project/role
get_or_create_domain "$SERVICE_DOMAIN_NAME"
get_or_create_project "$SERVICE_PROJECT_NAME" "$SERVICE_DOMAIN_NAME"
async_run ks-project get_or_create_project "$SERVICE_PROJECT_NAME" "$SERVICE_DOMAIN_NAME"
# Service role, so service users do not have to be admins
get_or_create_role service
async_run ks-service get_or_create_role service
# The ResellerAdmin role is used by Nova and Ceilometer so we need to keep it.
# The admin role in swift allows a user to act as an admin for their project,
# but ResellerAdmin is needed for a user to act as any project. The name of this
# role is also configurable in swift-proxy.conf
get_or_create_role ResellerAdmin
async_run ks-reseller get_or_create_role ResellerAdmin
# another_role demonstrates that an arbitrary role may be created and used
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
local another_role="anotherrole"
get_or_create_role $another_role
async_run ks-anotherrole get_or_create_role $another_role
# invisible project - admin can't see this one
local invis_project
@@ -349,21 +351,55 @@ function create_keystone_accounts {
demo_user=$(get_or_create_user "demo" \
"$ADMIN_PASSWORD" "default" "demo@example.com")
get_or_add_user_project_role $member_role $demo_user $demo_project
get_or_add_user_project_role $admin_role $admin_user $demo_project
get_or_add_user_project_role $another_role $demo_user $demo_project
get_or_add_user_project_role $member_role $demo_user $invis_project
async_wait ks-{domain-role,domain,project,service,reseller,anotherrole}
# alt_demo
async_run ks-demo-member get_or_add_user_project_role $member_role $demo_user $demo_project
async_run ks-demo-admin get_or_add_user_project_role $admin_role $admin_user $demo_project
async_run ks-demo-another get_or_add_user_project_role $another_role $demo_user $demo_project
async_run ks-demo-invis get_or_add_user_project_role $member_role $demo_user $invis_project
# Create a user to act as a reader on project demo
local demo_reader
demo_reader=$(get_or_create_user "demo_reader" \
"$ADMIN_PASSWORD" "default" "demo_reader@example.com")
async_run ks-demo-reader get_or_add_user_project_role $reader_role $demo_reader $demo_project
# Create a different project called alt_demo
local alt_demo_project
alt_demo_project=$(get_or_create_project "alt_demo" default)
# Create a user to act as member, admin and anotherrole on project alt_demo
local alt_demo_user
alt_demo_user=$(get_or_create_user "alt_demo" \
"$ADMIN_PASSWORD" "default" "alt_demo@example.com")
get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_project
get_or_add_user_project_role $admin_role $admin_user $alt_demo_project
get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_project
async_run ks-alt-admin get_or_add_user_project_role $admin_role $alt_demo_user $alt_demo_project
async_run ks-alt-another get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_project
# Create another user to act as a member on project alt_demo
local alt_demo_member
alt_demo_member=$(get_or_create_user "alt_demo_member" \
"$ADMIN_PASSWORD" "default" "alt_demo_member@example.com")
async_run ks-alt-member-user get_or_add_user_project_role $member_role $alt_demo_member $alt_demo_project
# Create another user to act as a reader on project alt_demo
local alt_demo_reader
alt_demo_reader=$(get_or_create_user "alt_demo_reader" \
"$ADMIN_PASSWORD" "default" "alt_demo_reader@example.com")
async_run ks-alt-reader-user get_or_add_user_project_role $reader_role $alt_demo_reader $alt_demo_project
# Create two users, give one the member role on the system and the other the
# reader role on the system. These two users model system-member and
# system-reader personas. The admin user already has the admin role on the
# system and we can re-use this user as a system-admin.
system_member_user=$(get_or_create_user "system_member" \
"$ADMIN_PASSWORD" "default" "system_member@example.com")
async_run ks-system-member get_or_add_user_system_role $member_role $system_member_user "all"
system_reader_user=$(get_or_create_user "system_reader" \
"$ADMIN_PASSWORD" "default" "system_reader@example.com")
async_run ks-system-reader get_or_add_user_system_role $reader_role $system_reader_user "all"
# groups
local admin_group
@@ -373,11 +409,16 @@ function create_keystone_accounts {
non_admin_group=$(get_or_create_group "nonadmins" \
"default" "non-admin group")
get_or_add_group_project_role $member_role $non_admin_group $demo_project
get_or_add_group_project_role $another_role $non_admin_group $demo_project
get_or_add_group_project_role $member_role $non_admin_group $alt_demo_project
get_or_add_group_project_role $another_role $non_admin_group $alt_demo_project
get_or_add_group_project_role $admin_role $admin_group $admin_project
async_run ks-group-memberdemo get_or_add_group_project_role $member_role $non_admin_group $demo_project
async_run ks-group-anotherdemo get_or_add_group_project_role $another_role $non_admin_group $demo_project
async_run ks-group-memberalt get_or_add_group_project_role $member_role $non_admin_group $alt_demo_project
async_run ks-group-anotheralt get_or_add_group_project_role $another_role $non_admin_group $alt_demo_project
async_run ks-group-admin get_or_add_group_project_role $admin_role $admin_group $admin_project
async_wait ks-demo-{member,admin,another,invis,reader}
async_wait ks-alt-{admin,another,member-user,reader-user}
async_wait ks-system-{member,reader}
async_wait ks-group-{memberdemo,anotherdemo,memberalt,anotheralt,admin}
if is_service_enabled ldap; then
create_ldap_domain
@@ -512,7 +553,7 @@ function install_keystone {
function start_keystone {
# Get right service port for testing
local service_port=$KEYSTONE_SERVICE_PORT
local auth_protocol=$KEYSTONE_AUTH_PROTOCOL
local auth_protocol=$KEYSTONE_SERVICE_PROTOCOL
if is_service_enabled tls-proxy; then
service_port=$KEYSTONE_SERVICE_PORT_INT
auth_protocol="http"
@@ -531,7 +572,7 @@ function start_keystone {
# unencryted traffic at this point.
# If running in Apache, use the path rather than port.
local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v$IDENTITY_API_VERSION/
local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v3/
if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then
die $LINENO "keystone did not start"
@@ -540,7 +581,6 @@ function start_keystone {
# Start proxies if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy keystone-service '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT
start_tls_proxy keystone-auth '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT
fi
# (re)start memcached to make sure we have a clean memcache.
@@ -561,11 +601,8 @@ function stop_keystone {
# This function uses the following GLOBAL variables:
# - ``KEYSTONE_BIN_DIR``
# - ``ADMIN_PASSWORD``
# - ``IDENTITY_API_VERSION``
# - ``REGION_NAME``
# - ``KEYSTONE_SERVICE_PROTOCOL``
# - ``KEYSTONE_SERVICE_HOST``
# - ``KEYSTONE_SERVICE_PORT``
# - ``KEYSTONE_SERVICE_URI``
function bootstrap_keystone {
$KEYSTONE_BIN_DIR/keystone-manage bootstrap \
--bootstrap-username admin \
@@ -574,8 +611,16 @@ function bootstrap_keystone {
--bootstrap-role-name admin \
--bootstrap-service-name keystone \
--bootstrap-region-id "$REGION_NAME" \
--bootstrap-admin-url "$KEYSTONE_AUTH_URI" \
--bootstrap-public-url "$KEYSTONE_SERVICE_URI"
if [ "$KEYSTONE_ADMIN_ENDPOINT" == "True" ]; then
openstack endpoint create --region "$REGION_NAME" \
--os-username admin \
--os-user-domain-id default \
--os-password "$ADMIN_PASSWORD" \
--os-project-name admin \
--os-project-domain-id default \
keystone admin "$KEYSTONE_SERVICE_URI"
fi
}
# create_ldap_domain() - Create domain file and initialize domain with a user
+4 -14
View File
@@ -33,16 +33,12 @@ LDAP_SERVICE_NAME=slapd
if is_ubuntu; then
LDAP_OLCDB_NUMBER=1
LDAP_OLCDB_TYPE=mdb
LDAP_ROOTPW_COMMAND=replace
elif is_fedora; then
LDAP_OLCDB_NUMBER=2
LDAP_OLCDB_TYPE=hdb
LDAP_ROOTPW_COMMAND=add
elif is_suse; then
# SUSE has slappasswd in /usr/sbin/
PATH=$PATH:/usr/sbin/
LDAP_OLCDB_NUMBER=1
LDAP_ROOTPW_COMMAND=add
LDAP_SERVICE_NAME=ldap
fi
@@ -56,6 +52,7 @@ function _ldap_varsubst {
local slappass=$2
sed -e "
s|\${LDAP_OLCDB_NUMBER}|$LDAP_OLCDB_NUMBER|
s|\${LDAP_OLCDB_TYPE}|$LDAP_OLCDB_TYPE|
s|\${SLAPPASS}|$slappass|
s|\${LDAP_ROOTPW_COMMAND}|$LDAP_ROOTPW_COMMAND|
s|\${BASE_DC}|$LDAP_BASE_DC|
@@ -72,8 +69,6 @@ function cleanup_ldap {
sudo rm -rf /etc/ldap/ldap.conf /var/lib/ldap
elif is_fedora; then
sudo rm -rf /etc/openldap /var/lib/ldap
elif is_suse; then
sudo rm -rf /var/lib/ldap
fi
}
@@ -122,11 +117,6 @@ function install_ldap {
configure_ldap
elif is_fedora; then
start_ldap
elif is_suse; then
_ldap_varsubst $FILES/ldap/suse-base-config.ldif.in >$tmp_ldap_dir/suse-base-config.ldif
sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $tmp_ldap_dir/suse-base-config.ldif
sudo sed -i '/^OPENLDAP_START_LDAPI=/s/"no"/"yes"/g' /etc/sysconfig/openldap
start_ldap
fi
echo "LDAP_PASSWORD is $LDAP_PASSWORD"
@@ -157,7 +147,7 @@ function configure_ldap {
slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
slapd slapd/domain string Users
slapd shared/organization string $LDAP_DOMAIN
slapd slapd/backend string HDB
slapd slapd/backend string ${LDAP_OLCDB_TYPE^^}
slapd slapd/purge_database boolean true
slapd slapd/move_old_database boolean true
slapd slapd/allow_ldap_v2 boolean false
Regular → Executable
+4
View File
@@ -38,6 +38,7 @@ GITDIR["oslo.config"]=$DEST/oslo.config
GITDIR["oslo.context"]=$DEST/oslo.context
GITDIR["oslo.db"]=$DEST/oslo.db
GITDIR["oslo.i18n"]=$DEST/oslo.i18n
GITDIR["oslo.limit"]=$DEST/oslo.limit
GITDIR["oslo.log"]=$DEST/oslo.log
GITDIR["oslo.messaging"]=$DEST/oslo.messaging
GITDIR["oslo.middleware"]=$DEST/oslo.middleware
@@ -59,6 +60,7 @@ GITDIR["tooz"]=$DEST/tooz
# Non oslo libraries are welcomed below as well, this prevents
# duplication of this code.
GITDIR["os-brick"]=$DEST/os-brick
GITDIR["os-resource-classes"]=$DEST/os-resource-classes
GITDIR["os-traits"]=$DEST/os-traits
# Support entry points installation of console scripts
@@ -101,6 +103,7 @@ function install_libs {
_install_lib_from_source "oslo.context"
_install_lib_from_source "oslo.db"
_install_lib_from_source "oslo.i18n"
_install_lib_from_source "oslo.limit"
_install_lib_from_source "oslo.log"
_install_lib_from_source "oslo.messaging"
_install_lib_from_source "oslo.middleware"
@@ -122,6 +125,7 @@ function install_libs {
#
# os-traits for nova
_install_lib_from_source "os-brick"
_install_lib_from_source "os-resource-classes"
_install_lib_from_source "os-traits"
#
# python client libraries we might need from git can go here
+41 -30
View File
@@ -53,28 +53,10 @@ function _remove_lvm_volume_group {
sudo vgremove -f $vg
}
# _clean_lvm_backing_file() removes the backing file of the
# volume group
#
# Usage: _clean_lvm_backing_file() $backing_file
function _clean_lvm_backing_file {
local backing_file=$1
# If the backing physical device is a loop device, it was probably setup by DevStack
if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
local vg_dev
vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/'$BACKING_FILE_SUFFIX'/ { print $1}')
if [[ -n "$vg_dev" ]]; then
sudo losetup -d $vg_dev
fi
rm -f $backing_file
fi
}
# clean_lvm_volume_group() cleans up the volume group and removes the
# backing file
#
# Usage: clean_lvm_volume_group $vg
# Usage: clean_lvm_volume_group() $vg
function clean_lvm_volume_group {
local vg=$1
@@ -83,11 +65,22 @@ function clean_lvm_volume_group {
# if there is no logical volume left, it's safe to attempt a cleanup
# of the backing file
if [[ -z "$(sudo lvs --noheadings -o lv_name $vg 2>/dev/null)" ]]; then
_clean_lvm_backing_file $DATA_DIR/$vg$BACKING_FILE_SUFFIX
local backing_file=$DATA_DIR/$vg$BACKING_FILE_SUFFIX
if [[ -n "$vg$BACKING_FILE_SUFFIX" ]] && \
[[ -e "/etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service" ]]; then
sudo systemctl disable --now $vg$BACKING_FILE_SUFFIX.service
sudo rm -f /etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service
sudo systemctl daemon-reload
fi
# If the backing physical device is a loop device, it was probably setup by DevStack
if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
rm -f $backing_file
fi
fi
}
# _create_lvm_volume_group creates default volume group
#
# Usage: _create_lvm_volume_group() $vg $size
@@ -106,8 +99,20 @@ function _create_lvm_volume_group {
directio="--direct-io=on"
fi
# Only create systemd service if it doesn't already exists
if [[ ! -e "/etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service" ]]; then
sed -e "
s|%DIRECTIO%|${directio}|g;
s|%BACKING_FILE%|${backing_file}|g;
" $FILES/lvm-backing-file.template | sudo tee \
/etc/systemd/system/$vg$BACKING_FILE_SUFFIX.service
sudo systemctl daemon-reload
sudo systemctl enable --now $vg$BACKING_FILE_SUFFIX.service
fi
local vg_dev
vg_dev=$(sudo losetup -f --show $directio $backing_file)
vg_dev=$(sudo losetup --associated $backing_file -O NAME -n)
# Only create volume group if it doesn't already exist
if ! sudo vgs $vg; then
@@ -124,19 +129,25 @@ function init_lvm_volume_group {
local vg=$1
local size=$2
# Start the tgtd service on Fedora and SUSE if tgtadm is used
if is_fedora || is_suse && [[ "$CINDER_ISCSI_HELPER" = "tgtadm" ]]; then
# Start the tgtd service on Fedora if tgtadm is used
if is_fedora; then
start_service tgtd
fi
# Start with a clean volume group
_create_lvm_volume_group $vg $size
# Remove iscsi targets
if [ "$CINDER_ISCSI_HELPER" = "lioadm" ]; then
sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
else
sudo tgtadm --op show --mode target | awk '/Target/ {print $3}' | sudo xargs -r -n1 tgt-admin --delete
if is_service_enabled cinder; then
# Remove iscsi targets
if [ "$CINDER_TARGET_HELPER" = "lioadm" ]; then
sudo cinder-rtstool get-targets | sudo xargs -rn 1 cinder-rtstool delete
elif [ "$CINDER_TARGET_HELPER" = "tgtadm" ]; then
sudo tgtadm --op show --mode target | awk '/Target/ {print $3}' | sudo xargs -r -n1 tgt-admin --delete
elif [ "$CINDER_TARGET_HELPER" = "nvmet" ]; then
# If we don't disconnect everything vgremove will block
sudo nvme disconnect-all
sudo nvmetcli clear
fi
fi
_clean_lvm_volume_group $vg
}
@@ -189,7 +200,7 @@ function set_lvm_filter {
filter_string=$filter_string$filter_suffix
clean_lvm_filter
sudo sed -i "/# global_filter = \[*\]/a\ $global_filter$filter_string" /etc/lvm/lvm.conf
sudo sed -i "/# global_filter = \[.*\]/a\ $filter_string" /etc/lvm/lvm.conf
echo_summary "set lvm.conf device global_filter to: $filter_string"
}
+1001 -515
View File
File diff suppressed because it is too large Load Diff
+3 -1005
View File
File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More