Compare commits

...

131 Commits

Author SHA1 Message Date
Jeremy Stanley 1183167f19 Drop the devstack-single-node-centos-7 nodeset
OpenDev is preparing to remove centos-7 nodes on March 15[*]. This
change drops one nodeset definition which is the last remaining
reference on DevStack's master branch.

[*] https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/message/A2YIY5L7MVYSQMTVZU3L3OM7GLVVZPLK/

Change-Id: Icd487e1012263a9b0bc13b529d31ff2025108adf
(cherry picked from commit 73da7dfb93)
2024-03-04 18:53:45 +00:00
Sean Mooney 2bb18a4caa The AZ filter is deprecated and planned for removal this cycle
To facilitate that this change removes it form the default filter
list. By default nova has used placement for AZs so this filter
has not been requried since xena.

Change-Id: Ie5e216dd8c2a7ecf43cc6954ec4f73d4d67b5b3b
(cherry picked from commit ad029c0e8b)
(cherry picked from commit 0726a4f919)
2023-08-25 20:11:58 +00:00
Zuul 461089b238 Merge "git: git checkout for a commit hash combinated with depth argument" into stable/zed 2023-08-13 21:52:17 +00:00
jskunda 722465ec97 git: git checkout for a commit hash combinated with depth argument
This patch: https://review.opendev.org/c/openstack/devstack/+/882299
provides functionality, that commit hash can be passed as last arugment,
however when GIT_DEPTH is set, it fails, as in:

timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git ./ovn
--depth 1 --branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
fatal: Remote branch 03b95a4566a15f7544f4cdf35629dacede4dcf55
not found in upstream origin

Closes-Bug: #2023020
Change-Id: I748354964a133e028e12458cc9014d6d014cbdb9
2023-08-02 15:42:57 +02:00
Alfredo Moralejo e62f4f25f3 Use RDO official CloudSIG mirrors for C9S deployments
Instead of using RDO Trunk repo server, CentOS official mirrors provide
a most reliable infrastructure and supports EMS which is required when
enabling FIPS in C9S.

In order to install the rdo-release rpm from repo.fedoraproject.org,
which does not support EMS, I'm using a workaround to wget, which works
with non-EMS servers because it uses gnutls instead of openssl, and
install it locally with rpm.

This is also consistent to CentOS 8 implementatioin.

Closes-Bug: #2020661
Closes-Bug: #2020434
Change-Id: Icd99f467d47aaafaaf3ee8f2a3c4da08842cb672
(cherry picked from commit b2ad00cb66)
2023-08-01 15:35:41 +00:00
Dan Smith b31d70a576 nova: Bump timeout-per-gb for BFV rebuild ops
This increases the timeout we use to wait for cinder to perform a
volume reimage. Since devstack is often running on a single machine
with non-production IO performance, we should bump this limit to avoid
hitting it before the rebuild completes.

Change-Id: Ie2663b951acb0c1a65597a39e032948764e6ae6a
(cherry picked from commit 58c80b2424)
(cherry picked from commit 6767465bc5)
2023-07-18 10:19:27 +02:00
Ihar Hrachyshka 94b49698a8 git: support git checkout for a commit hash
git_clone assumes a branch or a tag is passed as the last argument, and
it fails when a commit hash is passed, as in:

timeout -s SIGINT 0 git clone https://github.com/ovn-org/ovn.git
/opt/stack/ovn --branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0
Cloning into '/opt/stack/ovn'...
fatal: Remote branch 36e3ab9b47e93af0599a818e9d6b2930e49473f0 not found
in upstream origin

Change-Id: Id1328d7cba418fa7c227ae9db4fe83c09fd06035
(cherry picked from commit e8915786e1)
2023-05-04 20:07:55 +00:00
yatinkarel 4181791e06 [ovs] Reload ovs kernel module always
Irrespective of build_modules is True
or False reload ovs modules always.

If ovs is installed from package before(like
with multi-node-bridge role), then installing
ovs from source requires openvswitch kernel
module to be reloaded.

The issue was not seen before jammy as there
module was reloaded when build_modules was set
to True.

Closes-Bug: #2015364
Change-Id: I1785b49b2ef72ca1f817f504d5ea56021410c052
(cherry picked from commit 42517968ff)
(cherry picked from commit f1d555d1e7)
2023-04-14 14:39:04 +00:00
Dan Smith b12cc4181c Try to reduce mysql memory usage
These are a few tweaks I applied to my own memory-constrained cloud
instances that seemed to help. I have lower performance requirements
so this may make things worse and not better, but it's worth seeing
what the impact is. I'll admit to not knowing the full impact of these
as they're mostly collected from various tutorials on lowering memory
usage.

Enable this for now on devstack-multinode

Change-Id: I7b223391d3de01e3e81b02076debd01d9d2f097c
(cherry picked from commit 7567359755)
2023-03-21 17:39:26 +01:00
Rajat Dhasmana 977b591ee1 Create multiattach volume type for tempest
Creating multiattach volume is a non-admin operation but creating
multiattach volume type is an admin operation.
Previously cinder allowed creating multiattach volumes without a
volume type but that support is being removed with[1].
The change requires updating tempest tests[2] but some tempest
tests are non-admin, which require admin priviledges to create the
multiattach volume type.
Based on the last discussion with tempest team[3], the proposed
solution is to create a multiattach volume type in devstack,
if ENABLE_VOLUME_MULTIATTACH is True, and use it in tempest
tests. Similar to how admins create multiattach volume types
for non-admin users.

This patch creates a multiattach volume type if
ENABLE_VOLUME_MULTIATTACH is True. Also we set the multiattach
type name as a tempest config option 'volume_type_multiattach'.

[1] https://review.opendev.org/c/openstack/cinder/+/874865
[2] https://review.opendev.org/c/openstack/tempest/+/875372
[3] https://meetings.opendev.org/irclogs/%23openstack-cinder/%23openstack-cinder.2023-03-13.log.html#t2023-03-13T18:47:56

Change-Id: Icd3690565bf7b27898cd206641e612da3993703d
(cherry picked from commit 1898a683be)
(cherry picked from commit 16594b7b2a)
Conflicts: lib/cinder
    conflicts due to nvme support being added in 2023.1
    https://review.opendev.org/c/openstack/devstack/+/814193
2023-03-15 19:30:33 +00:00
Ghanshyam Mann 30a7d790b6 Fix setting the tempest virtual env constraints env var
Devstack set the env var TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE
which are used to use the constraints during Tempest virtual env installation.
Those env var are set to non-master constraint when we need to use non-master
constraints but when we need to use the master constraints we do not set/reset
them point to master constraints. This create the issue when running the grenade
job where we run Tempest on the old devstack as well as in the new devstack.
When tempest is installed on old devstack then old tempest is used and it sets
these env var to stable/<branch> constraints (this is the case when old devstack
(the stable branch is in EM phase) uses the old tempest not the master tempest),
all good till now. But the problem comes when in the same grenade script run
upgrade-tempest install the master tempest (when new devstack branches are in
the 'supported' phase and use the master tempest means) and are supposed to use
the master constraints. But the TOX_CONSTRAINTS_FILE/UPPER_CONSTRAINTS_FILE env
var set by old tempest is used by the tempest and due to a mismatch in constraints
it fails.

This happened when we tried to pin the stable/wallaby with Tempest 29.0.0
- https://review.opendev.org/c/openstack/devstack/+/871782

and table/xena grenade job failed (stable/xena use master tempest and supposed
to use master constraints)
- https://zuul.opendev.org/t/openstack/build/fb7b2a8b562c42bab4c741819f5e9732/log/controller/logs/grenade.sh_log.txt#16641

We should set/reset those constraint env var to master constraints if configuration
tell devstack to use the master constraints.

[1] https://github.com/openstack/devstack/blob/71c3c40c269a50303247855319d1d3a5d30f6773/lib/tempest#L124

Closes-Bug: #2003993
Change-Id: I5e938139b47f443a4c358415d0d4dcf6549cd085
(cherry picked from commit 7fe998109b)
2023-01-26 22:38:37 -06:00
yatinkarel 74dbd6ee8d [OVN] Ensure socket files are absent in init_ovn
Just like we remove db files let's also remove
socket files when initializing ovn. Those will
reappear once service fully restarts along with
db files. Without it we see random issue as
described in the below bug.

Closes-Bug: #2002629
Change-Id: I726a9cac9c805d017273aa79e844724f0d00cdf0
(cherry picked from commit 7fecba2f13)
2023-01-17 05:47:46 +00:00
Ghanshyam Mann 44c3ea4f1b [stable-only] Pin tox<4 in run-both.yaml playbook also
We pinned tox<4 in ensure-tox pre.yaml playbook
- https://review.opendev.org/q/I9a138af94dedc0d8ce5a0d519d75779415d3c30b

but did not realize that it is used in run-both.yaml playbook
also where we should pin too.

Depends-On: https://review.opendev.org/c/openstack/swift/+/869519

Change-Id: I4407f7036e3fd51ac79f68791151c3f9cd03bd01
2023-01-07 02:56:35 +00:00
Ghanshyam Mann 211cc4c036 Pin tox<4.0.0 for <=stable/zed branch testing
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.

----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------

We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.

This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.

Depends-On: https://review.opendev.org/c/openstack/devstack/+/867067

Related-Bug: #1999183

[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.

Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
(cherry picked from commit ba54baa425)
2022-12-09 02:54:44 +00:00
Martin Kopec e6bb5c9959 Stop running devstack-no-tls-proxy on stable branch
Let's run devstack-no-tls-proxy job only on master periodic.

Change-Id: I4c0a5144da2549fe988bbabe8536e9a9873e1cf7
2022-11-29 17:06:39 +01:00
Dr. Jens Harbott 49c1a34e7a Remove Fedora platform jobs from Zed branch
These jobs are not intended to run on stable branches; remove them
to avoid issues with updating the nodeset on the master branch:

- devstack-platform-fedora-latest
- devstack-platform-fedora-latest-virt-preview

Change-Id: I4044c20765ad96fb5304d145b2c18be9736de7f3
2022-10-07 08:12:45 +02:00
Martin Kopec aeae198c17 Stop installing Tempest at system wide for stable branch
As added in notes for INSTALL_TEMPEST variable, we need to set
this to False for a stable branch so that devstack does not
install Tempest system wide.

Change-Id: I8a79feedb676514dfe9c3125c9d8e66417547d52
2022-09-30 14:05:04 +02:00
Martin Kopec 88b9edf921 Cap stable/zed network, swift, volume api_extensions for tempest
This commit caps the network, volume and swift extensions on
Tempest's config option api_extensions.

Change-Id: I33d17c81a40861284087de337bc33b3d9e60f076
2022-09-29 17:42:58 +02:00
Martin Kopec 12752ea219 Cap max microversions for stable/zed
This commit cap the max microversions for compute, volume
and placement API for stable/zed.

Compute - https://opendev.org/openstack/nova/src/branch/stable/zed/nova/api/openstack/compute/rest_api_version_history.rst#microversion%202.93

Volume - https://opendev.org/openstack/cinder/src/branch/stable/zed/cinder/api/openstack/rest_api_version_history.rst#section-58

Placement - https://opendev.org/openstack/placement/src/branch/master/placement/rest_api_version_history.rst#support-for-the-any-traits-syntax-in-the-required-parameter

Change-Id: I43361fdf1a7e1da8dade305470c1c17fe0ce6454
2022-09-28 02:22:43 +02:00
Martin Kopec 100946429a Update branches for stable/zed
Step 4 of the Devstack release:
https://wiki.openstack.org/wiki/QA/releases

Change-Id: I8af6e1ca1bdfb0718b0bda83142fb2a91e61f9d5
2022-09-28 02:11:28 +02:00
OpenStack Release Bot 0e95a7221a Update TOX_CONSTRAINTS_FILE for stable/zed
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.

Until the requirements repository has as stable/zed branch, tests will
continue to use the upper-constraints list on master.

Change-Id: I7089a04cff68145388f12dab18c6cdd1a5a96336
2022-09-27 08:30:36 +00:00
OpenStack Release Bot ce2962ab48 Update .gitreview for stable/zed
Change-Id: I4fd09e5412f4e3b51a20f6d83271b3870d6f572e
2022-09-27 08:30:34 +00:00
Zuul 0b0e6a6474 Merge "[ci] Remove the implied-branches pragma" 2022-09-20 16:22:26 +00:00
Zuul b5c2e7b3fa Merge "Respect constraints on tempest venv consistently" 2022-08-30 22:53:05 +00:00
Slawek Kaplonski 3de92db663 Fix installation of OVS/OVN from sources
This patch changes user who runs ovsdb-server and ovn-nortd services
to root.
It also adds installation of the libssl dev package before compilation
of the openvswitch if TLS service is enabled.

Co-Authored-By: Fernando Royo <froyo@redhat.com>

Closes-Bug: #1987832
Change-Id: I83fc9250ae5b7c1686938a0dd25d66b40fc6c6aa
2022-08-26 13:00:03 +02:00
June Yi b9b6d6b862 Respect constraints on tempest venv consistently
In case of online mode, there is a procedure to recreate tempest venv.
For consistency of tempest venv during the entire stack.sh process,
add logic to consider the TEMPEST_VENV_UPPER_CONSTRAINTS option here.

Closes-bug: #1980483
Signed-off-by: June Yi <june.yi@samsung.com>
Change-Id: I0cea282152fd363af8671cab1b5f733ebe2bd4df
2022-08-25 19:59:34 +09:00
Zuul 995c906950 Merge "Clean up n-net remnants" 2022-08-24 17:50:52 +00:00
Zuul 8fa03a37ad Merge "Clean up neutron cleanup code" 2022-08-23 20:05:48 +00:00
Zuul c61380a136 Merge "Clean up use of get_field" 2022-08-23 18:08:05 +00:00
Zuul 3154eab0d7 Merge "Cinder: add creator role when barbican is enabled" 2022-08-23 16:57:32 +00:00
Dr. Jens Harbott e7d2623dca Clean up neutron cleanup code
neutron-ns-metadata-proxy was dropped from Neutron 5 years ago, no need
to keep trying to kill it.

Change-Id: I20b6d68dd8dde36057a2418bca0841bdea377b07
2022-08-23 18:08:19 +02:00
Alan Bishop ccd116d364 Cinder: add creator role when barbican is enabled
When barbican is enabled, add the "creator" role to cinder's service
user so that cinder can create secrets. Cinder needs to create
barbican secrets when migrating encryption keys from the legacy
ConfKeyManager to barbican. Cinder also needs to create barbican
secrets in order to support transferring encrypted volumes.

Implements: bp/transfer-encrypted-volume
Depends-On: I216f78e8a300ab3f79bbcbb38110adf2bbec2196
Change-Id: Ia3f414c4b9b0829f60841a6dd63c97a893fdde4d
2022-08-22 19:52:00 -07:00
Dr. Jens Harbott ca5f919561 Clean up n-net remnants
In I90316208d1af42c1659d3bee386f95e38aaf2c56 support for nova-network
was removed, but some bits remained, fix this up.

Change-Id: Iba7e1785fd0bdf0a6e94e5e03438fc7634621e49
2022-08-21 10:52:41 +02:00
Eliad Cohen fdfc14451a Clean up use of get_field
Openstack client can return the id field for create/show commands using
`-f value -c id`. Cleaned up the use of grep 'id' with get_field

Change-Id: I2f4338f30c11e5139cda51c92524782b86f0aacc
2022-08-16 15:27:45 -04:00
Martin Kopec 90e5479f38 Remove forgotten LinuxMint occurrence
Right now we don't officialy support LinuxMint as our
documentation says [1], it seems LinuxMint is a relict
and got forgotten over time.

This patch removes LinuxMint from the code in order not to
confuse users.

[1] https://docs.openstack.org/devstack/latest/
Closes-Bug: #1983427

Change-Id: Ie1ced25f89389494b28a7b2e9bb1c4273e002dd5
2022-08-16 17:29:16 +02:00
Zuul 28ee346393 Merge "iniset: fix handling of values containg ampersand" 2022-08-10 14:21:00 +00:00
Zuul ea82effa19 Merge "Fix doc for adding sudo privileges to stack user" 2022-08-10 10:52:19 +00:00
Nobuhiro MIKI d266c87b1d iniset: fix handling of values containg ampersand
Attempting to set a value containing the ampersand
character (&) by iniset would corrupt the value.
So, add an escaping process.

Signed-off-by: Nobuhiro MIKI <nmiki@yahoo-corp.jp>
Closes-Bug: #1983816
Change-Id: Ie2633bacd2d761d110e6cb12f95382325c329415
2022-08-08 18:59:53 +09:00
Zuul 51a3f2ef1e Merge "delete __pycache__ directory with sudo privileges" 2022-08-06 17:28:46 +00:00
Zuul d9e2d10d28 Merge "Neutron: Do not set removed allow_overlapping_ips" 2022-08-03 12:13:54 +00:00
Hoai-Thu Vuong 79bef068b6 remove duplicate line of REGION_NAME
Change-Id: I42b270749f057c5751e809aba282112b990b9f38
2022-08-02 14:41:59 +07:00
Zuul 8506b5bd7c Merge "Add NEUTRON_ENDPOINT_SERVICE_NAME variable to set service name" 2022-08-02 00:06:56 +00:00
Zuul 0af962d60a Merge "Neutron: Set experimental option to use linuxbridge agent" 2022-08-01 23:36:22 +00:00
Martin Kopec b70d98fe75 Fix doc for adding sudo privileges to stack user
Writing NOPASSWD directive into /etc/sudoers was throwing
permission denied errors. This commit writes the directive
to the /etc/sudoers.d/stack file instead.

Closes-Bug: #1981541
Change-Id: If30f01aa5f3a33dda79ff4a6892116511c8e1542
2022-07-20 14:06:42 +00:00
Takashi Kajinami facf15626e Neutron: Do not set removed allow_overlapping_ips
The parameter has been removed from neutron by [1].

[1] fde91e8059a9a23fb7ece6e3463984329c7ea581

Change-Id: I3b838ea741d19729d6fcf03c0478b1b4d8ec1213
2022-07-19 13:24:38 +00:00
Slawek Kaplonski 1a21ccbdf8 Add NEUTRON_ENDPOINT_SERVICE_NAME variable to set service name
This option can be used to set name of the service used in the
networking service endpoint URL.

Depends-On: https://review.opendev.org/c/openstack/grenade/+/850306

Change-Id: I9e9a06eadc1604214c627bd3bda010cc00aaf83d
2022-07-19 14:51:24 +02:00
Takashi Kajinami cf0bf746e9 Neutron: Set experimental option to use linuxbridge agent
Recently the experimental mechanism has been added to Neutron and now
it requires the [experimental] linuxbridge option when the linuxbridge
mechanism driver is used.

Depends-on: https://review.opendev.org/c/openstack/neutron/+/845181
Change-Id: Ice82a391cda9eb0193f23e6794be7ab3df12c40b
2022-07-19 12:46:04 +02:00
Yadnesh Kulkarni 85340e77f3 delete __pycache__ directory with sudo privileges
Signed-off-by: Yadnesh Kulkarni <ykulkarn@redhat.com>
Change-Id: I9cf3cd8921347eacc1effb2b197b97bc6ff3e0df
2022-07-11 17:14:40 +05:30
Dr. Jens Harbott bd6e5205b1 Increase timeout waiting for OVN startup
We see some cases where OVN startup takes much longer than 5 seconds, up
to 28 seconds have been observed, so increase the limit to 40 to be on
the safe side.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Closes-Bug: 1980421
Change-Id: I6da4a537e6a8d527ff71a821f07164fc7d342882
2022-07-03 22:30:41 +02:00
Zuul 02f8c16c9b Merge "Make devstack-platform-debian-bullseye voting" 2022-06-30 07:37:03 +00:00
Zuul 8d347090d3 Merge "Do not create cinder backup pool and key when cephadm is used" 2022-06-29 19:02:12 +00:00
Martin Kopec e1fb94f82a Make devstack-platform-debian-bullseye voting
The job has been successfully passing lately, let's make it voting.

Change-Id: Ib3b803a26c8647fd49c89371516c0ac7baba2703
2022-06-29 10:43:33 +02:00
Slawek Kaplonski ce1ae9ddef Fix missing "$" in the ENFORCE_SCOPE's variable name
Because of the missing "$" before ENFORCE_SCOPE in the lib/neutron
module, it was treated as an ENFORCE_SCOPE string instead of variable
and Neutron was deployed always with old defaults and disabled scope
enforcement.

Change-Id: Ibe67fea634c5f7abb521c0369ff30dd5db84db8c
2022-06-29 09:57:50 +02:00
Zuul 9ddae9b388 Merge "Avoid including bad service names in perf.json" 2022-06-24 11:11:19 +00:00
Dan Smith fe7cfa6b8c Avoid including bad service names in perf.json
Some of the API services are not properly mounted under /$service/
in the apache proxy. This patch tries to avoid recording data
for "services" like "v2.0" (in the case of neutron) by only adding
names if they're all letters. A single warning is emitted for any
services excluded by this check.

For the moment this will mean we don't collect data for those services,
but when their devstack API config is fixed, they'll start to show
up.

Change-Id: I41cc300e89a4f97a008a8ba97c91f0980f9b9c3f
2022-06-23 09:25:22 -07:00
Vladislav Belogrudov 8a38a73ddf Correct hostname for OVN agent
Currently Devstack uses short hostname for configuration of OVN.
This leads to inability to start instances (failing port binding)
on hosts with full hostnames (including dots). Open vSwitch expects
hostname in external_ids that corresponds to one returned by
``hostname`` command.

Closes-Bug: #1943631
Change-Id: I15b71a49c482be0c8f15ad834e29ea1b33307c86
2022-06-23 07:42:19 +02:00
Zuul eacaa99853 Merge "Reduce memory consumption in Cinder services" 2022-06-22 08:53:39 +00:00
Martin Kopec 8ff52ea12b Mark devstack-platform-centos-9-stream as n-v
Due to the below bug the job has been constantly failing.
Let's make it n-v until the bug is resolved:
  - https://bugs.launchpad.net/neutron/+bug/1979047

Change-Id: Ifc8cc96843a8eac5c98cd1e1f9e4b6287a7f2e7c
2022-06-21 17:31:50 +02:00
Gorka Eguileor d5af514ac9 Reduce memory consumption in Cinder services
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.

The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.

The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory.  As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB.  If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.

This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.

Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
2022-06-21 12:16:32 +02:00
Zuul 44d07f3001 Merge "Run debian platform job with OVN" 2022-06-15 15:14:52 +00:00
Zuul 8eede1fc39 Merge "Add support for IPv6 tunnel endpoints" 2022-06-08 21:39:03 +00:00
Zuul 7391297bc3 Merge "Capture QEMU core dumps when possible" 2022-06-08 20:35:06 +00:00
Dr. Jens Harbott e6e7100e85 Don't install pinned setuptools with distro pip
We are seeing failures when using an updated setuptools version
installed together with distro pip on Ubuntu 22.04. Install the version
from u-c only when we are also installing pip from upstream.

Change-Id: Ibb6e9424e5794ccbf9a937d2eecfa3bf60ed312e
2022-06-07 13:42:54 +02:00
Brian Haley c869d59857 Add support for IPv6 tunnel endpoints
Currently, neutron tunnel endpoints must be IPv4 addresses,
i.e. $HOST_IP, although IPv6 endpoints are supported by most
drivers.

Create a TUNNEL_IP_VERSION variable to choose which host IP
to use, either HOST_IP or HOST_IPV6, and configure it in the
OVS and Linuxbridge agent driver files. The default is still
IPv4, but it can be over-ridden by specifying TUNNEL_ENDPOINT_IP
accordingly.

This behaves similar to the SERVICE_IP_VERSION option, which
can either be set to 4 or 6, but not 4+6 - the tunnel overhead
should be consistent on all systems in order not to have MTU
issues.

Must set the ML2 overlay_ip_version config option to match
else agent tunnel sync RPC will not work.

Must set the OVN external_ids:ovn-encap-ip config option to
the correct address.

Updated 'devstack-ipv6-only' job definition and verification role
that will set all services and tunnels to use IPv6 addresses.

Closes-bug: #1619476

Change-Id: I6034278dfc17b55d7863bc4db541bbdaa983a686
2022-06-07 02:28:51 +00:00
Francesco Pantano 96dbf55016 Do not create cinder backup pool and key when cephadm is used
When cephadm is used, if ENABLE_CEPH_C_BAK is True both pool and
key are created by devstack-plugin-ceph. This piece of code can
still stay here to make sure the cinder config is properly built.

Change-Id: I799521f008123b8e42b2021c1c11d374b834bec3
2022-06-06 14:19:32 +02:00
Zuul e661cae7e8 Merge "Allow to skip stop of ovn services" 2022-06-03 20:40:15 +00:00
Zuul 906cf81528 Merge "Add apache2 to the services we collect for memory" 2022-06-03 18:44:10 +00:00
Dan Smith f7d87aa433 Capture QEMU core dumps when possible
Some of the hardest-to-debug issues are qemu crashes deep in a nova
workflow that can't be reproduced locally. This adds a post task to
the playbook so that we capture the most recent qemu core dump, if
there is one.

Change-Id: I48a2ea883325ca920b7e7909edad53a9832fb319
2022-06-03 07:54:35 -07:00
yatinkarel 35fb53423a [ironic][swift]Temporary add sha1 to allowed_digests
Swift removed sha1 from supported digests with [1] and
that broked ironic tinyipa job. Temorary add sha1 to
allowed_digests until it's fixed in ironic.

[1] https://review.opendev.org/c/openstack/swift/+/525771

Story: 2010068
Task: 45539
Change-Id: I68dfc472ce901058b6a7d691c98ed1641d431e54
2022-06-03 11:52:50 +05:30
Zuul 0ae279b54a Merge "Fix doc and user create script to set homedir permissions" 2022-05-31 21:15:54 +00:00
Zuul d0657a02e5 Merge "Do not barf stack trace if stats DB is missing" 2022-05-31 19:04:26 +00:00
yatinkarel 6dd896fefa Allow to skip stop of ovn services
Grenade jobs stop services, check fip connectivity
for a nova server and then upgrade to next release.

But since ovn data plane and db services are stopped along
with other services, fip connectivity fails as a result.

We shouldn't stop these services along with other
neutron services. This patch adds a new variable
"SKIP_STOP_OVN" which can be used by grenade jobs
to skip stop of ovn services.

This will also fix the ovn grenade jobs.

Also source fixup_stuff.sh so function fixup_ovn_centos
is available. It's already sourced in stack.sh but
that's not used in grenade run.

Change-Id: I94818a19f19973779cb2e11753d2881d54dfa3bc
2022-05-31 12:57:39 +05:30
Dan Smith e85c68e60f Add apache2 to the services we collect for memory
Change-Id: Ic6daef5b4df50ce43c6782542cb54c1958e54655
2022-05-26 09:31:36 -07:00
Zuul 0e08e9b48c Merge "Cleanup comment that should've been removed" 2022-05-25 09:12:18 +00:00
Dr. Jens Harbott 599b241d32 Run debian platform job with OVN
Packages for OVN are now available in bullseye, so we can drop the
special handling.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5e5c78aa19c5208c207ddcf14e208bae8fbc3c55
2022-05-25 08:57:56 +00:00
yatinkarel c64ea4f213 Fix doc and user create script to set homedir permissions
RHEL based distros set homedir permissions to 700,
and Ubuntu 21.04+ to 750[1], i.e missing executable
permission for group or others, this results into failures
as defined in the below bug.

Since in doc we add useradd command, it's good to
add instructions to fix the permissions there itself
instead of getting failures during installation and then
fixing it.

Also update user create script to fix permissions
by adding executable bit to DEST directory if missing.

[1] https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533

Closes-Bug: #1966858
Change-Id: Id2787886433281238eb95ee11a75eddeef514293
2022-05-25 06:34:30 +00:00
Zuul 8e1d5aa22e Merge "Drop openEuler support" 2022-05-24 11:34:09 +00:00
Dan Smith 1cdf413ac6 Do not barf stack trace if stats DB is missing
This can happen if devstack fails to run, but we still run the post
tasks. Also could happen if some sort of hybrid job configuration
does not run all of devstack but we still end up running post jobs.

Just warn to stderr and assume no DB info.

Change-Id: I211a331ab668dbb0ad7882908cca4363f865d924
2022-05-23 13:56:13 -07:00
Clark Boylan 1d5be95196 Cleanup comment that should've been removed
The previous change, I237f5663b0f8b060f6df130de04e17e2b1695f8a, removed
a SETUPTOOLS flag, but not the comment explaining why that flag was
previously set. Clean up that comment.

Change-Id: I32b0240fd56310d7f10596aaa8ef432679bfd66a
2022-05-23 08:46:50 -07:00
Clark Boylan 50e3c06ec2 Fix dbcounter installation on Jammy
There are two problems with dbcounter installation on Jammy. The first
is straightforward. We have to use `py_modules` instead of `modules` to
specify the source file. I don't know how this works on other distros
but the docs [0] seem to clearly indicate py_modules does this.

The second issue is quite an issue and requires story time. When
pip/setuptools insteall editable installs (as is done for many of the
openstack projects) it creates an easy-install.pth file that tells the
python interpreter to add the source dirs of those repos to the python
path. Normally these paths are appended to your sys.path. Pip's isolated
build env relies on the assumption that these paths are appeneded to the
path when it santizes sys.path to create the isolated environemnt.

However, when SETUPTOOLS_SYS_PATH_TECHNIQUE is set to rewrite the paths
are not appended and are inserted in the middle. This breaks pip's
isolated build env which broke dbcounter installations. We fix this by
not setting SETUPTOOLS_SYS_PATH_TECHNIQUE to rewrite. Upstream indicates
the reason we set this half a decade ago has since been fixed properly.

The reason Jammy and nothing else breaks is that python3.10 is the first
python version to use pip's isolated build envs by default.

I've locally fiddled with a patch to pip [1] to try and fix this
behavior even when rewrite is set. I don't plan to push this upstream
but it helps to illustrate where the problem lies. If someone else would
like to upstream this feel free.

Finally this change makes the jammy platform job voting again and adds
it to the gate to ensure we don't regress again.

[0] https://docs.python.org/3/distutils/sourcedist.html#specifying-the-files-to-distribute
[1] https://paste.opendev.org/show/bqVAuhgMtVtfYupZK5J6/

Change-Id: I237f5663b0f8b060f6df130de04e17e2b1695f8a
2022-05-20 10:35:18 -07:00
Zuul 34c2842676 Merge "Configure placement section in neutron conf" 2022-05-19 17:23:50 +00:00
Dr. Jens Harbott 560ee16a85 Drop openEuler support
The job is broken since it is running with python3.7 and most services
now require at least python3.8.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: Ie21f71acffabd78c79e2b141951ccf30a5c06445
2022-05-19 14:06:11 +02:00
Dr. Jens Harbott 083eeee5af Make jammy platform jobs non-voting
We missed to add the jobs to the gate queue and so they have already
regressed before they were actually in place. Make them non-voting for
now until the issues are fixed.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I5d1f83dfe23747096163076dcf80750585c0260e
2022-05-19 13:55:35 +02:00
Zuul 08254ca312 Merge "Add Ubuntu 22.04 LTS (jammy) platform job" 2022-05-19 08:16:18 +00:00
Zuul 2f889954ce Merge "lib/tempest: add wait for Glance image import" 2022-05-18 15:38:49 +00:00
Brian Rosmaita 111a38b4d6 lib/tempest: add wait for Glance image import
Glance image import is asynchronous and may be configured to do image
conversion.  If image import is being used, it's possible that the
tempest configuration code is executed before the import has
completed and there may be no active images yet.  In that case,
we will poll glance every TEMPEST_GLANCE_IMPORT_POLL_INTERVAL seconds
(default: 1) to see if there are TEMPEST_GLANCE_IMAGE_COUNT active
images (default: 1) up to TEMPEST_GLANCE_IMPORT_POLL_LIMIT times
(default: 12).

You can see an example of the issue this patch addresses in real
life:
https://review.opendev.org/c/openstack/glance/+/841278/1#message-456096e48b28e5b866deb8bf53e9258ee08219a0

Change-Id: Ie99f12691d9062611a8930accfa14d9540970cc5
2022-05-18 08:22:49 -04:00
Zuul 9eb64896dd Merge "Use proper sed separator for paths" 2022-05-18 11:30:49 +00:00
yatinkarel 92a34dbe95 Configure placement section in neutron conf
Without it segment plugin fails to connect with
placement api. Configure the placement section
if service is deployed.

Closes-Bug: #1973783
Change-Id: Ie7f37770a04f622735cf2263c601257669ab5064
2022-05-18 15:27:40 +05:30
Zuul 47b7b84422 Merge "Improve API log parsing" 2022-05-18 00:19:23 +00:00
Zuul 4fd2831753 Merge "Change DB counting mechanism" 2022-05-18 00:19:20 +00:00
Zuul 071374fa05 Merge "Collect status of all services" 2022-05-17 18:40:28 +00:00
Zuul 83a81755ac Merge "Wait for OVN dbs also along with sockets" 2022-05-12 19:03:49 +00:00
Dan Smith 64d68679d9 Improve API log parsing
Two runs of the same job on the same patch can yield quite different
numbers for API calls if we just count the raw calls. Many of these
are tempest polling for resources, which on a slow worker can require
many more calls than a fast one.

Tempest seems to not change its User-Agent string, but the client
libraries do. So, if we ignore the regular "python-urllib" agent
calls, we get a much more stable count of service-to-service API
calls in the performance report.

Note that we were also logging in a different (less-rich) format for
the tls-proxy.log file, which hampers our ability to parse that
data in the same format. This switches it to "combined" which is used
by the access.log and contains more useful information, like the
user-agent, among other things.

Change-Id: I8889c2e53f85c41150e1245dcbe2a79bac702aad
2022-05-12 07:55:30 -07:00
Dan Smith fe52d7f0a8 Change DB counting mechanism
The mysql performance_schema method for counting per-database queries
is very heavyweight in that it requires full logging (in a table) of
every query. We do hundreds of thousands in the course of a tempest
run, which ends up creating its own performance problem.

This changes the approach we take, which is to bundle a very tiny
sqlalchemy plugin module which counts just what we care about in
a special database.

It is more complex than just enabling the features in mysql, but it
is a massively smaller runtime overhead. It also provides us the
opportunity to easily zero the counters just before a tempest run.

Change-Id: I361bc30bb970cdaf18b966951f217862d302f0b9
2022-05-12 07:55:02 -07:00
Dr. Jens Harbott 5c765cb8a1 Add Ubuntu 22.04 LTS (jammy) platform job
The new Ubuntu LTS release has been made last week, start running
devstack on it as a platform job.

Horizon has issues with py310, so gets disabled for now.

Run variants with OVS and OVN(default).

Co-Authored-By: yatinkarel <ykarel@redhat.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I47696273d6b009f754335b44ef3356b4f5115cd8
2022-05-12 13:54:02 +02:00
Zuul d450e146cc Merge "Global option for enforcing scope (ENFORCE_SCOPE)" 2022-05-07 10:51:35 +00:00
yatinkarel 1baa8905d5 Wait for OVN dbs also along with sockets
When OVN is setup from distro packages, the
main service is ovn-central which when restarted,
restarts ovn-northd, ovn nb and db services.

And during the restart ovn dbs(ovnnb_db.db and ovnsb_db.db)
are created, which may sometime takes time as seen with
ubuntu jammy tests[1].

We already checking for socket's file to be available,
let's also check for db files as without it ovn-*ctl
operations succeed but changes are not persisted until
db files are available and changes are lost with the restart.

[1] https://review.opendev.org/c/openstack/devstack/+/839389

Change-Id: I178da7af8cba8bcc8a67174e439df7c0f2c7d4d5
2022-05-06 18:06:18 +05:30
yatinkarel 42be2425d8 Collect status of all services
Would be helpful in troubleshooting services
which either fails to start or takes time to
start.

Related-Bug: #1970679
Change-Id: Iba2fce5f8b1cd00708f092e6eb5a1fbd96e97da0
2022-04-29 16:40:32 +00:00
Zuul 85c2999e27 Merge "Tolerate missing deps in get-stats.py" 2022-04-27 22:49:07 +00:00
Zuul bfae1bee79 Merge "Set public bridge up for v6 only configurations" 2022-04-27 10:21:07 +00:00
Zuul 48417ca241 Merge "Drop centos 8 stream testing" 2022-04-26 19:57:12 +00:00
Dan Smith 1b601c7b1e Tolerate missing deps in get-stats.py
In order to run on systems where not all requirements are present,
we should be tolerant of missing external dependencies, such as
psutil and pymysql. Print a warning (to stderr) and just leave out
those stats in that case.

Also make running the stats collector use ignore_errors:yes to avoid
failures in the future. I think the stats is not critical enough to
fail a job for bugs like this.

Related-Bug: #1970195
Change-Id: I132b0e1f5033c4f109a8b8cc776c0877574c4a49
2022-04-26 08:02:39 -07:00
Harald Jensås bab0c92103 Use tryint() for stats value
In some cases the value is [not set], in this case
the conversion to integer does not work.

Closes-Bug: #1970431
Change-Id: I74df7d8bc9f5cbe0709a6471cf7639caea0b58e8
2022-04-26 15:51:35 +02:00
Julia Kreger 6964ba4a98 Set public bridge up for v6 only configurations
A long time ago, Ironic's IPv6 only job started to fail working with
errors indicated the host was unreacable. Turns out, this was because
the $ext_gw_interface was not being set to up, and thus could
be found in a Down state, and thus the kernel would not accept routes
for it.

Adds an explicit step to turn up the public bridge, much as done in
the IPv4 router plugin code which would also be executed in 4+6.

That being said, Ironic's CI jobs are very intentionally IPv6 only
to ensure that we have no chances of v4 addressing getting used
at any point in time.

This should allow Ironic to return it's IPv6 only CI job back
to the normal check queue, once a ironic plugin issue has been
resolved which was introduced while it was removed.

Change-Id: I121ec8a2e9640b21a7126f2eeb23da36b4aa95bf
2022-04-26 06:37:31 -07:00
Grzegorz Grasza 8615563df4 Global option for enforcing scope (ENFORCE_SCOPE)
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.

Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
2022-04-26 14:17:20 +02:00
Ghanshyam Mann c6dfd169ae Drop centos 8 stream testing
In Zed cycle testing runtime, we are targetting the centos 9 stream
- https://governance.openstack.org/tc/reference/runtimes/zed.html

With dropping the python 3.6 support, project started adding python 3.8
as minimum, example nova:
- https://github.com/openstack/nova/blob/56b5aed08c6a3ed81b78dc216f0165ebfe3c3350/setup.cfg#L13

with that, centos 8 stream job is failing 100%
- https://zuul.openstack.org/build/970d029dc96742c3aa0f6932a35e97cf
- https://zuul.openstack.org/builds?job_name=devstack-platform-centos-8-stream&skip=0

This commit drops centos-8-stream testing so that we focus on centos-9-stream.

Change-Id: I045e67b1ca79aba1b2a7be9f88d7804c69c6d781
2022-04-25 15:24:39 -05:00
Zuul 3b0c035b90 Merge "install mod_ssl on centos 9 stream by default" 2022-04-25 20:04:16 +00:00
Balazs Gibizer 7191c5e7e7 Use proper sed separator for paths
I941ef5ea90970a0901236afe81c551aaf24ac1d8 added a sed command that
should match and delete path values but used '/' as sed separator. This
leads to error in unstack.sh runs when the path also contains '/':

+./unstack.sh:main:188 sudo sed -i '/directory=/opt/stack/ d' /etc/gitconfig
sed: -e expression #1, char 13: unknown command: `o'

So this patch replace '/' separator with '+'.

Change-Id: I06811c0d9ee7ecddf84ef1c6dd6cff5129dbf4b1
2022-04-25 15:26:28 +02:00
Zuul 76c519bde6 Merge "modify the sample value of LOGDAYS" 2022-04-22 11:09:36 +00:00
Zuul 45f71b10ef Merge "Gather performance data after tempest" 2022-04-21 23:06:35 +00:00
Sean Mooney af75f689fa install mod_ssl on centos 9 stream by default
This change adds mod_ssl to the default set of rpms installed
on rpm based distros.

this is required if the tls-proxy service is enabled
for multi node centos based jobs.

Change-Id: I52652de88352094c824da68e5baf7db4c17cb027
2022-04-21 20:40:44 +01:00
Zhou Yanbing 4423450eb3 modify the sample value of LOGDAYS
the value of LOGDAYS in samples/local.conf is 2, so change the
value in the comment and the sample value in the document to
be consistent with it.

Change-Id: I5822bbf1d6ad347c67c886be1e3325113d079114
2022-04-21 15:00:41 +08:00
Dan Smith c2772c2984 Gather performance data after tempest
This makes us gather a bunch of consistent statistics after we run
tempest that can be use to measure the impact of a given change. These
are stable metrics such as "number of DB queries made" and "how much
memory is each service using after a tempest run."

Note that this will always run after devstack to generate the JSON
file, but there are two things that control its completeness:

 - MYSQL_GATHER_PERFORMANCE must be enabled to get per-db stats
 - Unless tls-proxy is enabled, we will only get API stats for keystone

Change-Id: Ie3b1504256dc1c9c6b59634e86fa98494bcb07b1
2022-04-20 13:07:22 -07:00
Zuul d380858b2d Merge "Add OpenStack two nodes nodeset for Centos 9" 2022-04-19 05:48:02 +00:00
Dan Smith 4baeb3b51f Write safe.directory items to system git config
This is necessary for more consistent behavior across multiple
distro versions. Apparently somewhere along the way, git started
looking at the current user's home directory instead of $HOME.

Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798

Change-Id: I941ef5ea90970a0901236afe81c551aaf24ac1d8
2022-04-18 08:05:44 -07:00
Ian Wienand 676dcaf944 Mark our source trees as safe for git to use as other users
git commit [1] introduced a new behaviour to work around a CVE that
disallows any git operations in directories not owned by the current
user.

This may seem unrelated to installation, but it plays havoc with PBR,
which calls out to git to get to get revision history.  So if you are
"pip install"-ing from a source tree you don't own, the PBR git calls
in that tree now fail and the install blows up.

This plays havoc with our model.  Firstly, we checkout all code as
"stack" then install it globally with "sudo" (i.e. root) -- which
breaks.  We also have cases of essentially the opposite -- checkouts
we have installed as root, but then run tox in them as a regular user;
tox wants to install the source in its venv but now we have another
user conflict.

This uses the only available configuration option to avoid that by
globally setting the source directories we clone as safe.  This is an
encroachment of the global system for sure, but is about the only
switch available at the moment.  For discussion of other approaches,
see [2].

Related-Bug: https://bugs.launchpad.net/devstack/+bug/1968798

[1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
[2] https://review.opendev.org/c/openstack/devstack/+/837636

Change-Id: Ib9896a99b6d6c4d359ee412743ce30512b3c4fb7
2022-04-13 16:49:07 +10:00
Zuul ce0ff1fd9d Merge "ensure /usr/local/bin in in path" 2022-04-11 14:57:13 +00:00
Sean Mooney eca9783a0a ensure /usr/local/bin in in path
osc is typicaly installed in /usr/local/bin
to avoid command not found errors when invoking osc
in devstack ensure that /usr/local/bin is included
in the PATH.

Change-Id: I605fbc4b131149bf5d1b6307b360fe365c680b1a
2022-04-07 13:31:50 +01:00
afariasa f4a703661e Add OpenStack two nodes nodeset for Centos 9
Change-Id: I01c8e5e0e88d0dcfe778f19548a2e268406ef6bf
2022-04-06 15:24:09 +00:00
Zuul aac6b6c791 Merge "Drop setup.py and setup.cfg" 2022-03-29 17:50:05 +00:00
Zuul 729b196445 Merge "Move openEuler job to experimental pipeline" 2022-03-29 14:03:58 +00:00
Ghanshyam Mann 45b029064f Move openEuler job to experimental pipeline
OpenEuler job fails 100% of the time. As discussed in QA meeting,
we agreed to move OpenEuler job to experimental pipeline.
- https://meetings.opendev.org/meetings/qa/2022/qa.2022-03-22-15.00.log.html#l-76

Once it is fixed, we can think of adding back to regular pipeline.

Change-Id: I831889a09fabe5bed5522d17e352ec8009eac321
2022-03-29 07:18:40 +00:00
Zuul 0ed70e3f76 Merge "Update DEVSTACK_SERIES to zed" 2022-03-28 13:02:03 +00:00
Dr. Jens Harbott 5c51a95d10 Drop setup.py and setup.cfg
devstack isn't a python project, these were introduced only for docs
building and made redundant with [0]. We can remove them now.

[0] Iedcc008b170821aa74acefc02ec6a243a0dc307c

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I90ca1c6918c016d10c579fbae49d13fff1ed59af
2022-03-28 14:00:54 +02:00
Zuul e79913c65f Merge "ignore failures to copy the devstack cache" 2022-03-27 09:57:23 +00:00
zhouyanbing 8dc342d400 remove unuseful local variable define
the local varibale: api_cell_conf in start_nova_rest function
is unuseful, so remove it now.

Change-Id: I0019ce807cf3905ee246b684fce2abcb46336306
2022-03-26 14:22:23 +08:00
Martin Kopec 189c7ff142 Update DEVSTACK_SERIES to zed
stable/yoga branch has been created now and
current master is for zed.

Change-Id: I8743a3440a0ce96acb24b34971548b43ae7c8d4c
2022-03-25 14:06:52 +01:00
Zuul 14779fc992 Merge "Clean usage of project_id in the Neutron's L3 service module" 2022-03-24 03:21:17 +00:00
Slawek Kaplonski cebd00aa04 Clean usage of project_id in the Neutron's L3 service module
After patch [1] project_id in that module is no longer needed as to make
it working with new secure RBAC policies we had to hardcode "demo"
project to be used always.
This is small follow-up patch with cleaning after [1].

[1] https://review.opendev.org/c/openstack/devstack/+/826851/

Change-Id: Iddf9692817c91807fc3269547910e4f83585f07f
2022-03-23 15:30:38 +01:00
Sean Mooney 13e8db5a6f ignore failures to copy the devstack cache
If the ci images do not have any cached data
we should ignore any error when trying to copying it.
This is requried when using unmodified cloud images.

Change-Id: Ia6e94fc01343d0c292b1477905f8a96a6b43bcf8
2022-03-09 20:17:31 +00:00
Tristan Cacqueray 4aa27976eb [ci] Remove the implied-branches pragma
This change enables using devstack job with custom branche names.

Change-Id: I95c368f05042a6f8f208988af9a6d89a522a5526
2021-10-19 21:48:17 +00:00
61 changed files with 1094 additions and 407 deletions
+1
View File
@@ -2,3 +2,4 @@
host=review.opendev.org
port=29418
project=openstack/devstack.git
defaultbranch=stable/zed
+70 -119
View File
@@ -1,11 +1,3 @@
- pragma:
# NOTE(gtema): this is required for the changes in SDK feature/r1 branch to
# be using devstack
# TODO(gtema): delete this once r1 branch is merged into master
implied-branches:
- master
- feature/r1
- nodeset:
name: openstack-single-node
nodes:
@@ -16,6 +8,16 @@
nodes:
- controller
- nodeset:
name: openstack-single-node-jammy
nodes:
- name: controller
label: ubuntu-jammy
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: openstack-single-node-focal
nodes:
@@ -46,26 +48,6 @@
nodes:
- controller
- nodeset:
name: devstack-single-node-centos-7
nodes:
- name: controller
label: centos-7
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: devstack-single-node-centos-8-stream
nodes:
- name: controller
label: centos-8-stream
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: devstack-single-node-centos-9-stream
nodes:
@@ -86,16 +68,6 @@
nodes:
- controller
- nodeset:
name: devstack-single-node-fedora-latest
nodes:
- name: controller
label: fedora-35
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: devstack-single-node-debian-bullseye
nodes:
@@ -106,16 +78,6 @@
nodes:
- controller
- nodeset:
name: devstack-single-node-openeuler-20.03-sp2
nodes:
- name: controller
label: openEuler-20-03-LTS-SP2
groups:
- name: tempest
nodes:
- controller
- nodeset:
name: openstack-two-node
nodes:
@@ -147,12 +109,12 @@
- compute1
- nodeset:
name: openstack-two-node-centos-8-stream
name: openstack-two-node-centos-9-stream
nodes:
- name: controller
label: centos-8-stream
label: centos-9-stream
- name: compute1
label: centos-8-stream
label: centos-9-stream
groups:
# Node where tests are executed and test results collected
- name: tempest
@@ -387,8 +349,10 @@
'{{ devstack_log_dir }}/devstacklog.txt.summary': logs
'{{ devstack_log_dir }}/tcpdump.pcap': logs
'{{ devstack_log_dir }}/worlddump-latest.txt': logs
'{{ devstack_log_dir }}/qemu.coredump': logs
'{{ devstack_full_log}}': logs
'{{ stage_dir }}/verify_tempest_conf.log': logs
'{{ stage_dir }}/performance.json': logs
'{{ stage_dir }}/apache': logs
'{{ stage_dir }}/apache_config': logs
'{{ stage_dir }}/etc': logs
@@ -407,6 +371,7 @@
'{{ stage_dir }}/rpm-qa.txt': logs
'{{ stage_dir }}/core': logs
'{{ stage_dir }}/listen53.txt': logs
'{{ stage_dir }}/services.txt': logs
'{{ stage_dir }}/deprecations.log': logs
'{{ stage_dir }}/audit.log': logs
/etc/ceph: logs
@@ -633,11 +598,13 @@
name: devstack-ipv6
parent: devstack
description: |
Devstack single node job for integration gate with IPv6.
Devstack single node job for integration gate with IPv6,
all services and tunnels using IPv6 addresses.
vars:
devstack_localrc:
SERVICE_IP_VERSION: 6
SERVICE_HOST: ""
TUNNEL_IP_VERSION: 6
- job:
name: devstack-enforce-scope
@@ -646,10 +613,7 @@
This job runs the devstack with scope checks enabled.
vars:
devstack_localrc:
# Keep enabeling the services here to run with system scope
CINDER_ENFORCE_SCOPE: true
GLANCE_ENFORCE_SCOPE: true
NEUTRON_ENFORCE_SCOPE: true
ENFORCE_SCOPE: true
- job:
name: devstack-multinode
@@ -658,27 +622,23 @@
description: |
Simple multinode test to verify multinode functionality on devstack side.
This is not meant to be used as a parent job.
vars:
devstack_localrc:
MYSQL_REDUCE_MEMORY: true
# NOTE(ianw) Platform tests have traditionally been non-voting because
# we often have to rush things through devstack to stabilise the gate,
# and these platforms don't have the round-the-clock support to avoid
# becoming blockers in that situation.
- job:
name: devstack-platform-centos-8-stream
parent: tempest-full-py3
description: CentOS 8 Stream platform test
nodeset: devstack-single-node-centos-8-stream
voting: false
timeout: 9000
vars:
configure_swap_size: 4096
- job:
name: devstack-platform-centos-9-stream
parent: tempest-full-py3
description: CentOS 9 Stream platform test
nodeset: devstack-single-node-centos-9-stream
timeout: 9000
# TODO(kopecmartin) n-v until the following is resolved:
# https://bugs.launchpad.net/neutron/+bug/1979047
voting: false
vars:
configure_swap_size: 4096
@@ -687,17 +647,50 @@
parent: tempest-full-py3
description: Debian Bullseye platform test
nodeset: devstack-single-node-debian-bullseye
voting: false
timeout: 9000
vars:
configure_swap_size: 4096
# NOTE(yoctozepto): Debian Bullseye does not yet offer OVN. Switch to OVS
# for the time being.
- job:
name: devstack-platform-ubuntu-jammy
parent: tempest-full-py3
description: Ubuntu 22.04 LTS (jammy) platform test
nodeset: openstack-single-node-jammy
timeout: 9000
vars:
configure_swap_size: 4096
devstack_services:
# Horizon doesn't like py310
horizon: false
- job:
name: devstack-platform-ubuntu-jammy-ovn-source
parent: devstack-platform-ubuntu-jammy
description: Ubuntu 22.04 LTS (jammy) platform test (OVN from source)
voting: false
vars:
devstack_localrc:
OVN_BUILD_FROM_SOURCE: True
OVN_BRANCH: "v21.06.0"
OVS_BRANCH: "a4b04276ab5934d087669ff2d191a23931335c87"
OVS_SYSCONFDIR: "/usr/local/etc/openvswitch"
- job:
name: devstack-platform-ubuntu-jammy-ovs
parent: tempest-full-py3
description: Ubuntu 22.04 LTS (jammy) platform test (OVS)
nodeset: openstack-single-node-jammy
voting: false
timeout: 9000
vars:
configure_swap_size: 8192
devstack_localrc:
Q_AGENT: openvswitch
Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
Q_ML2_TENANT_NETWORK_TYPE: vxlan
devstack_services:
# Horizon doesn't like py310
horizon: false
# Disable OVN services
ovn-northd: false
ovn-controller: false
@@ -723,20 +716,6 @@
# Enable Neutron ML2/OVS services
q-agt: true
- job:
name: devstack-platform-openEuler-20.03-SP2
parent: tempest-full-py3
description: openEuler 20.03 SP2 platform test
nodeset: devstack-single-node-openeuler-20.03-sp2
voting: false
timeout: 9000
vars:
configure_swap_size: 4096
devstack_localrc:
# NOTE(wxy): OVN package is not supported by openEuler yet. Build it
# from source instead.
OVN_BUILD_FROM_SOURCE: True
- job:
name: devstack-no-tls-proxy
parent: tempest-full-py3
@@ -748,30 +727,6 @@
devstack_services:
tls-proxy: false
- job:
name: devstack-platform-fedora-latest
parent: tempest-full-py3
description: Fedora latest platform test
nodeset: devstack-single-node-fedora-latest
voting: false
vars:
configure_swap_size: 4096
# Python 3.10 dependency issues; see
# https://bugs.launchpad.net/horizon/+bug/1960204
devstack_services:
horizon: false
- job:
name: devstack-platform-fedora-latest-virt-preview
parent: tempest-full-py3
description: Fedora latest platform test using the virt-preview repo.
nodeset: devstack-single-node-fedora-latest
voting: false
vars:
configure_swap_size: 4096
devstack_localrc:
ENABLE_FEDORA_VIRT_PREVIEW_REPO: true
- job:
name: devstack-tox-base
parent: devstack
@@ -845,11 +800,11 @@
- devstack
- devstack-ipv6
- devstack-enforce-scope
- devstack-platform-fedora-latest
- devstack-platform-centos-8-stream
- devstack-platform-centos-9-stream
- devstack-platform-debian-bullseye
- devstack-platform-openEuler-20.03-SP2
- devstack-platform-ubuntu-jammy
- devstack-platform-ubuntu-jammy-ovn-source
- devstack-platform-ubuntu-jammy-ovs
- devstack-multinode
- devstack-unit-tests
- openstack-tox-bashate
@@ -893,7 +848,11 @@
jobs:
- devstack
- devstack-ipv6
- devstack-platform-centos-9-stream
# TODO(kopecmartin) n-v until the following is resolved:
# https://bugs.launchpad.net/neutron/+bug/1979047
# - devstack-platform-centos-9-stream
- devstack-platform-debian-bullseye
- devstack-platform-ubuntu-jammy
- devstack-enforce-scope
- devstack-multinode
- devstack-unit-tests
@@ -941,10 +900,6 @@
# Next cycle we can remove this if everything run out stable enough.
# * nova-multi-cell: maintained by nova and currently non-voting in the
# check queue for nova changes but relies on devstack configuration
# * devstack-platform-fedora-latest-virt-preview: Maintained by lyarwood
# for Nova to allow early testing of the latest versions of Libvirt and
# QEMU. Should only graduate out of experimental if it ever moves into
# the check queue for Nova.
experimental:
jobs:
@@ -973,8 +928,4 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- devstack-platform-fedora-latest-virt-preview
- devstack-no-tls-proxy
periodic:
jobs:
- devstack-no-tls-proxy
+24 -3
View File
@@ -279,7 +279,7 @@ number of days of old log files to keep.
::
LOGDAYS=1
LOGDAYS=2
Some coloring is used during the DevStack runs to make it easier to
see what is going on. This can be disabled with::
@@ -521,8 +521,8 @@ behavior:
can be configured with any valid IPv6 prefix. The default values make
use of an auto-generated ``IPV6_GLOBAL_ID`` to comply with RFC4193.
Service Version
~~~~~~~~~~~~~~~
Service IP Version
~~~~~~~~~~~~~~~~~~
DevStack can enable service operation over either IPv4 or IPv6 by
setting ``SERVICE_IP_VERSION`` to either ``SERVICE_IP_VERSION=4`` or
@@ -542,6 +542,27 @@ optionally be used to alter the default IPv6 address::
HOST_IPV6=${some_local_ipv6_address}
Tunnel IP Version
~~~~~~~~~~~~~~~~~
DevStack can enable tunnel operation over either IPv4 or IPv6 by
setting ``TUNNEL_IP_VERSION`` to either ``TUNNEL_IP_VERSION=4`` or
``TUNNEL_IP_VERSION=6`` respectively.
When set to ``4`` Neutron will use an IPv4 address for tunnel endpoints,
for example, ``HOST_IP``.
When set to ``6`` Neutron will use an IPv6 address for tunnel endpoints,
for example, ``HOST_IPV6``.
The default value for this setting is ``4``. Dual-mode support, for
example ``4+6`` is not supported, as this value must match the address
family of the local tunnel endpoint IP(v6) address.
The value of ``TUNNEL_IP_VERSION`` has a direct relationship to the
setting of ``TUNNEL_ENDPOINT_IP``, which will default to ``HOST_IP``
when set to ``4``, and ``HOST_IPV6`` when set to ``6``.
Multi-node setup
~~~~~~~~~~~~~~~~
+9 -1
View File
@@ -75,13 +75,21 @@ Otherwise create the stack user:
useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
::
chmod +x /opt/stack
This user will be making many changes to your system during installation
and operation so it needs to have sudo privileges to root without a
password:
::
echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
From here on use the ``stack`` user. **Logout** and **login** as the
``stack`` user.
+9 -1
View File
@@ -49,13 +49,21 @@ below)
$ sudo useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
.. code-block:: console
$ sudo chmod +x /opt/stack
Since this user will be making many changes to your system, it will need
to have sudo privileges:
.. code-block:: console
$ apt-get install sudo -y || yum install -y sudo
$ echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
$ echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
.. note:: On some systems you may need to use ``sudo visudo``.
+9 -1
View File
@@ -38,7 +38,7 @@ Install Linux
Start with a clean and minimal install of a Linux system. DevStack
attempts to support the two latest LTS releases of Ubuntu, the
latest/current Fedora version, CentOS/RHEL 8, OpenSUSE and openEuler.
latest/current Fedora version, CentOS/RHEL 8 and OpenSUSE.
If you do not have a preference, Ubuntu 20.04 (Focal Fossa) is the
most tested, and will probably go the smoothest.
@@ -57,6 +57,14 @@ to run DevStack with
$ sudo useradd -s /bin/bash -d /opt/stack -m stack
Ensure home directory for the ``stack`` user has executable permission for all,
as RHEL based distros create it with ``700`` and Ubuntu 21.04+ with ``750``
which can cause issues during deployment.
.. code-block:: console
$ sudo chmod +x /opt/stack
Since this user will be making many changes to your system, it should
have sudo privileges:
+1 -1
View File
@@ -238,7 +238,7 @@ package dependencies, packages may be listed at the following
locations in the top-level of the plugin repository:
- ``./devstack/files/debs/$plugin_name`` - Packages to install when running
on Ubuntu, Debian or Linux Mint.
on Ubuntu or Debian.
- ``./devstack/files/rpms/$plugin_name`` - Packages to install when running
on Red Hat, Fedora, or CentOS.
-2
View File
@@ -1,7 +1,5 @@
conntrack
curl
dnsmasq-base
dnsmasq-utils # for dhcp_release
ebtables
genisoimage # required for config_drive
iptables
-2
View File
@@ -1,8 +1,6 @@
cdrkit-cdrtools-compat # dist:sle12
conntrack-tools
curl
dnsmasq
dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
ebtables
iptables
iputils
+1 -1
View File
@@ -1,3 +1,3 @@
ceph # NOPRIME
redhat-lsb-core # not:rhel9,openEuler-20.03
redhat-lsb-core # not:rhel9
xfsprogs
+2 -3
View File
@@ -16,7 +16,7 @@ libjpeg-turbo-devel # Pillow 3.0.0
libxml2-devel # lxml
libxslt-devel # lxml
libyaml-devel
make # dist:openEuler-20.03
mod_ssl # required for tls-proxy on centos 9 stream computes
net-tools
openssh-server
openssl
@@ -28,8 +28,7 @@ psmisc
python3-devel
python3-pip
python3-systemd
redhat-rpm-config # not:openEuler-20.03 missing dep for gcc hardening flags, see rhbz#1217376
systemd-devel # dist:openEuler-20.03
redhat-rpm-config # missing dep for gcc hardening flags, see rhbz#1217376
tar
tcpdump
unzip
+1 -3
View File
@@ -1,12 +1,10 @@
conntrack-tools
curl
dnsmasq # for q-dhcp
dnsmasq-utils # for dhcp_release
ebtables
genisoimage # not:rhel9 required for config_drive
iptables
iputils
kernel-modules # not:openEuler-20.03
kernel-modules
kpartx
parted
polkit
+1 -1
View File
@@ -1,5 +1,5 @@
curl
liberasurecode-devel # not:openEuler-20.03
liberasurecode-devel
memcached
rsync-daemon
sqlite
+2 -2
View File
@@ -414,10 +414,10 @@ function upload_image {
# kernel for use when uploading the root filesystem.
local kernel_id="" ramdisk_id="";
if [ -n "$kernel" ]; then
kernel_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-kernel" $(_image_properties_to_arg $img_property) --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2)
kernel_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-kernel" $(_image_properties_to_arg $img_property) --public --container-format aki --disk-format aki < "$kernel" -f value -c id)
fi
if [ -n "$ramdisk" ]; then
ramdisk_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-ramdisk" $(_image_properties_to_arg $img_property) --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2)
ramdisk_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-ramdisk" $(_image_properties_to_arg $img_property) --public --container-format ari --disk-format ari < "$ramdisk" -f value -c id)
fi
_upload_image "${image_name%.img}" ami ami "$image" ${kernel_id:+ kernel_id=$kernel_id} ${ramdisk_id:+ ramdisk_id=$ramdisk_id} $img_property
fi
+41 -25
View File
@@ -49,7 +49,7 @@ KILL_PATH="$(which kill)"
STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \
KEYSTONE_SERVICE_URI \
LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \
HOST_IPV6 SERVICE_IP_VERSION"
HOST_IPV6 SERVICE_IP_VERSION TUNNEL_ENDPOINT_IP TUNNEL_IP_VERSION"
# Saves significant environment variables to .stackenv for later use
@@ -399,7 +399,7 @@ function _ensure_lsb_release {
elif [[ -x $(command -v zypper 2>/dev/null) ]]; then
sudo zypper -n install lsb-release
elif [[ -x $(command -v dnf 2>/dev/null) ]]; then
sudo dnf install -y redhat-lsb-core || sudo dnf install -y openeuler-lsb
sudo dnf install -y redhat-lsb-core
else
die $LINENO "Unable to find or auto-install lsb_release"
fi
@@ -426,7 +426,7 @@ function GetOSVersion {
os_VENDOR=$(lsb_release -i -s)
fi
if [[ $os_VENDOR =~ (Debian|Ubuntu|LinuxMint) ]]; then
if [[ $os_VENDOR =~ (Debian|Ubuntu) ]]; then
os_PACKAGE="deb"
else
os_PACKAGE="rpm"
@@ -444,9 +444,8 @@ declare -g DISTRO
function GetDistro {
GetOSVersion
if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) || \
"$os_VENDOR" =~ (LinuxMint) ]]; then
# 'Everyone' refers to Ubuntu / Debian / Mint releases by
if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) ]]; then
# 'Everyone' refers to Ubuntu / Debian releases by
# the code name adjective
DISTRO=$os_CODENAME
elif [[ "$os_VENDOR" =~ (Fedora) ]]; then
@@ -471,10 +470,6 @@ function GetDistro {
# Drop the . release as we assume it's compatible
# XXX re-evaluate when we get RHEL10
DISTRO="rhel${os_RELEASE::1}"
elif [[ "$os_VENDOR" =~ (openEuler) ]]; then
# The DISTRO here is `openEuler-20.03`. While, actually only openEuler
# 20.03 LTS SP2 is fully tested. Other SP version maybe have bugs.
DISTRO="openEuler-$os_RELEASE"
else
# We can't make a good choice here. Setting a sensible DISTRO
# is part of the problem, but not the major issue -- we really
@@ -526,7 +521,6 @@ function is_fedora {
fi
[ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || \
[ "$os_VENDOR" = "openEuler" ] || \
[ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \
[ "$os_VENDOR" = "RedHatEnterprise" ] || \
[ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "CentOSStream" ] || \
@@ -576,12 +570,6 @@ function is_ubuntu {
[ "$os_PACKAGE" = "deb" ]
}
function is_openeuler {
if [[ -z "$os_PACKAGE" ]]; then
GetOSVersion
fi
[ "$os_VENDOR" = "openEuler" ]
}
# Git Functions
# =============
@@ -646,8 +634,10 @@ function git_clone {
echo "the project to the \$PROJECTS variable in the job definition."
die $LINENO "ERROR_ON_CLONE is set to True so cloning not allowed in this configuration"
fi
# '--branch' can also take tags
git_timed clone $git_clone_flags $git_remote $git_dest --branch $git_ref
git_timed clone --no-checkout $git_clone_flags $git_remote $git_dest
cd $git_dest
git_timed fetch $git_clone_flags origin $git_ref
git_timed checkout FETCH_HEAD
elif [[ "$RECLONE" = "True" ]]; then
# if it does exist then simulate what clone does if asked to RECLONE
cd $git_dest
@@ -657,7 +647,7 @@ function git_clone {
# remove the existing ignored files (like pyc) as they cause breakage
# (due to the py files having older timestamps than our pyc, so python
# thinks the pyc files are correct using them)
find $git_dest -name '*.pyc' -delete
sudo find $git_dest -name '*.pyc' -delete
# handle git_ref accordingly to type (tag, branch)
if [[ -n "`git show-ref refs/tags/$git_ref`" ]]; then
@@ -673,6 +663,18 @@ function git_clone {
fi
fi
# NOTE(ianw) 2022-04-13 : commit [1] has broken many assumptions
# about how we clone and work with repos. Mark them safe globally
# as a work-around.
#
# NOTE(danms): On bionic (and likely others) git-config may write
# ~stackuser/.gitconfig if not run with sudo -H. Using --system
# writes these changes to /etc/gitconfig which is more
# discoverable anyway.
#
# [1] https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9
sudo git config --system --add safe.directory ${git_dest}
# print out the results so we know what change was used in the logs
cd $git_dest
git show --oneline | head -1
@@ -1154,7 +1156,7 @@ function is_ironic_hardware {
}
function is_ironic_enforce_scope {
is_service_enabled ironic && [[ "$IRONIC_ENFORCE_SCOPE" == "True" ]] && return 0
is_service_enabled ironic && [[ "$IRONIC_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == "True" ]] && return 0
return 1
}
@@ -1563,6 +1565,7 @@ function write_user_unit_file {
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local extra=""
if [[ -n "$group" ]]; then
extra="Group=$group"
@@ -1576,6 +1579,9 @@ function write_user_unit_file {
iniset -sudo $unitfile "Service" "KillMode" "process"
iniset -sudo $unitfile "Service" "TimeoutStopSec" "300"
iniset -sudo $unitfile "Service" "ExecReload" "$KILL_PATH -HUP \$MAINPID"
if [[ -n "$env_vars" ]] ; then
iniset -sudo $unitfile "Service" "Environment" "$env_vars"
fi
if [[ -n "$group" ]]; then
iniset -sudo $unitfile "Service" "Group" "$group"
fi
@@ -1590,6 +1596,7 @@ function write_uwsgi_user_unit_file {
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local unitfile="$SYSTEMD_DIR/$service"
mkdir -p $SYSTEMD_DIR
@@ -1604,6 +1611,9 @@ function write_uwsgi_user_unit_file {
iniset -sudo $unitfile "Service" "NotifyAccess" "all"
iniset -sudo $unitfile "Service" "RestartForceExitStatus" "100"
if [[ -n "$env_vars" ]] ; then
iniset -sudo $unitfile "Service" "Environment" "$env_vars"
fi
if [[ -n "$group" ]]; then
iniset -sudo $unitfile "Service" "Group" "$group"
fi
@@ -1651,10 +1661,14 @@ function _run_under_systemd {
local systemd_service="devstack@$service.service"
local group=$3
local user=${4:-$STACK_USER}
if [[ -z "$user" ]]; then
user=$STACK_USER
fi
local env_vars="$5"
if [[ "$command" =~ "uwsgi" ]] ; then
write_uwsgi_user_unit_file $systemd_service "$cmd" "$group" "$user"
write_uwsgi_user_unit_file $systemd_service "$cmd" "$group" "$user" "$env_vars"
else
write_user_unit_file $systemd_service "$cmd" "$group" "$user"
write_user_unit_file $systemd_service "$cmd" "$group" "$user" "$env_vars"
fi
$SYSTEMCTL enable $systemd_service
@@ -1675,18 +1689,20 @@ function is_running {
# If the command includes shell metachatacters (;<>*) it must be run using a shell
# If an optional group is provided sg will be used to run the
# command as that group.
# run_process service "command-line" [group] [user]
# run_process service "command-line" [group] [user] [env_vars]
# env_vars must be a space separated list of variable assigments, ie: "A=1 B=2"
function run_process {
local service=$1
local command="$2"
local group=$3
local user=$4
local env_vars="$5"
local name=$service
time_start "run_process"
if is_service_enabled $service; then
_run_under_systemd "$name" "$command" "$group" "$user"
_run_under_systemd "$name" "$command" "$group" "$user" "$env_vars"
fi
time_stop "run_process"
}
+3
View File
@@ -189,6 +189,9 @@ function iniset {
local option=$3
local value=$4
# Escape the ampersand character (&)
value=$(echo $value | sed -e 's/&/\\&/g')
if [[ -z $section || -z $option ]]; then
$xtrace
return
-4
View File
@@ -186,15 +186,11 @@ function pip_install {
$xtrace
# adding SETUPTOOLS_SYS_PATH_TECHNIQUE is a workaround to keep
# the same behaviour of setuptools before version 25.0.0.
# related issue: https://github.com/pypa/pip/issues/3874
$sudo_pip \
http_proxy="${http_proxy:-}" \
https_proxy="${https_proxy:-}" \
no_proxy="${no_proxy:-}" \
PIP_FIND_LINKS=$PIP_FIND_LINKS \
SETUPTOOLS_SYS_PATH_TECHNIQUE=rewrite \
$cmd_pip $upgrade \
$@
result=$?
+1 -1
View File
@@ -95,7 +95,7 @@ function install_apache_uwsgi {
# didn't fix Python 3.10 compatibility before release. Should be
# fixed in uwsgi 4.9.0; can remove this when packages available
# or we drop this release
elif is_fedora && ! is_openeuler && ! [[ $DISTRO =~ f35 ]]; then
elif is_fedora && ! [[ $DISTRO =~ f35 ]]; then
# Note httpd comes with mod_proxy_uwsgi and it is loaded by
# default; the mod_proxy_uwsgi package actually conflicts now.
# See:
+43 -17
View File
@@ -91,6 +91,8 @@ CINDER_VOLUME_CLEAR=$(echo ${CINDER_VOLUME_CLEAR} | tr '[:upper:]' '[:lower:]')
# Default to lioadm
CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-lioadm}
VOLUME_TYPE_MULTIATTACH=${VOLUME_TYPE_MULTIATTACH:-multiattach}
# EL and SUSE should only use lioadm
if is_fedora || is_suse; then
if [[ ${CINDER_ISCSI_HELPER} != "lioadm" ]]; then
@@ -380,7 +382,7 @@ function configure_cinder {
iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT"
fi
if [[ "$CINDER_ENFORCE_SCOPE" == True ]] ; then
if [[ "$CINDER_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $CINDER_CONF oslo_policy enforce_scope true
iniset $CINDER_CONF oslo_policy enforce_new_defaults true
fi
@@ -388,16 +390,24 @@ function configure_cinder {
# create_cinder_accounts() - Set up common required cinder accounts
# Tenant User Roles
# Project User Roles
# ------------------------------------------------------------------
# service cinder admin # if enabled
# SERVICE_PROJECT_NAME cinder service
# SERVICE_PROJECT_NAME cinder creator (if Barbican is enabled)
# Migrated from keystone_data.sh
function create_cinder_accounts {
# Cinder
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
create_service_user "cinder"
local extra_role=""
# cinder needs the "creator" role in order to interact with barbican
if is_service_enabled barbican; then
extra_role=$(get_or_create_role "creator")
fi
create_service_user "cinder" $extra_role
# block-storage is the official service type
get_or_create_service "cinder" "block-storage" "Cinder Volume Service"
@@ -552,8 +562,13 @@ function start_cinder {
fi
run_process c-sch "$CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF"
run_process c-bak "$CINDER_BIN_DIR/cinder-backup --config-file $CINDER_CONF"
run_process c-vol "$CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF"
# Tune glibc for Python Services using single malloc arena for all threads
# and disabling dynamic thresholds to reduce memory usage when using native
# threads directly or via eventlet.tpool
# https://www.gnu.org/software/libc/manual/html_node/Memory-Allocation-Tunables.html
malloc_tuning="MALLOC_ARENA_MAX=1 MALLOC_MMAP_THRESHOLD_=131072 MALLOC_TRIM_THRESHOLD_=262144"
run_process c-bak "$CINDER_BIN_DIR/cinder-backup --config-file $CINDER_CONF" "" "" "$malloc_tuning"
run_process c-vol "$CINDER_BIN_DIR/cinder-volume --config-file $CINDER_CONF" "" "" "$malloc_tuning"
# NOTE(jdg): For cinder, startup order matters. To ensure that repor_capabilities is received
# by the scheduler start the cinder-volume service last (or restart it) after the scheduler
@@ -568,6 +583,23 @@ function stop_cinder {
stop_process c-vol
}
function create_one_type {
type_name=$1
property_key=$2
property_value=$3
# NOTE (e0ne): openstack client doesn't work with cinder in noauth mode
if is_service_enabled keystone; then
openstack --os-region-name="$REGION_NAME" volume type create --property $property_key="$property_value" $type_name
else
# TODO (e0ne): use openstack client once it will support cinder in noauth mode:
# https://bugs.launchpad.net/python-cinderclient/+bug/1755279
local cinder_url
cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST:$CINDER_SERVICE_PORT/v3
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-create $type_name
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-key $type_name set $property_key="$property_value"
fi
}
# create_volume_types() - Create Cinder's configured volume types
function create_volume_types {
# Create volume types
@@ -575,19 +607,13 @@ function create_volume_types {
local be be_name
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_name=${be##*:}
# NOTE (e0ne): openstack client doesn't work with cinder in noauth mode
if is_service_enabled keystone; then
openstack --os-region-name="$REGION_NAME" volume type create --property volume_backend_name="${be_name}" ${be_name}
else
# TODO (e0ne): use openstack client once it will support cinder in noauth mode:
# https://bugs.launchpad.net/python-cinderclient/+bug/1755279
local cinder_url
cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST:$CINDER_SERVICE_PORT/v3
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-create ${be_name}
OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-key ${be_name} set volume_backend_name=${be_name}
fi
create_one_type $be_name "volume_backend_name" $be_name
done
if [[ $ENABLE_VOLUME_MULTIATTACH == "True" ]]; then
create_one_type $VOLUME_TYPE_MULTIATTACH $VOLUME_TYPE_MULTIATTACH "<is> True"
fi
# Increase quota for the service project if glance is using cinder,
# since it's likely to occasionally go above the default 10 in parallel
# test execution.
+8 -5
View File
@@ -26,12 +26,15 @@ CINDER_BAK_CEPH_USER=${CINDER_BAK_CEPH_USER:-cinder-bak}
function configure_cinder_backup_ceph {
sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_BAK_CEPH_POOL} ${CINDER_BAK_CEPH_POOL_PG} ${CINDER_BAK_CEPH_POOL_PGP}
if [[ "$REMOTE_CEPH" = "False" && "$CEPH_REPLICAS" -ne 1 ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID}
# Execute this part only when cephadm is not used
if [[ "$CEPHADM_DEPLOY" = "False" ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool create ${CINDER_BAK_CEPH_POOL} ${CINDER_BAK_CEPH_POOL_PG} ${CINDER_BAK_CEPH_POOL_PGP}
if [[ "$REMOTE_CEPH" = "False" && "$CEPH_REPLICAS" -ne 1 ]]; then
sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID}
fi
sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
fi
sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring
iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.ceph.CephBackupDriver"
iniset $CINDER_CONF DEFAULT backup_ceph_conf "$CEPH_CONF_FILE"
+34 -1
View File
@@ -150,6 +150,29 @@ function configure_database_mysql {
iniset -sudo $my_conf mysqld log-queries-not-using-indexes 1
fi
if [[ "$MYSQL_GATHER_PERFORMANCE" == "True" ]]; then
echo "enabling MySQL performance counting"
# Install our sqlalchemy plugin
pip_install ${TOP_DIR}/tools/dbcounter
# Create our stats database for accounting
recreate_database stats
mysql -u $DATABASE_USER -p$DATABASE_PASSWORD -h $MYSQL_HOST -e \
"CREATE TABLE queries (db VARCHAR(32), op VARCHAR(32),
count INT, PRIMARY KEY (db, op)) ENGINE MEMORY" stats
fi
if [[ "$MYSQL_REDUCE_MEMORY" == "True" ]]; then
iniset -sudo $my_conf mysqld read_buffer_size 64K
iniset -sudo $my_conf mysqld innodb_buffer_pool_size 16M
iniset -sudo $my_conf mysqld thread_stack 192K
iniset -sudo $my_conf mysqld thread_cache_size 8
iniset -sudo $my_conf mysqld tmp_table_size 8M
iniset -sudo $my_conf mysqld sort_buffer_size 8M
iniset -sudo $my_conf mysqld max_allowed_packet 8M
fi
restart_service $MYSQL_SERVICE_NAME
}
@@ -209,7 +232,17 @@ function install_database_python_mysql {
function database_connection_url_mysql {
local db=$1
echo "$BASE_SQL_CONN/$db?charset=utf8"
local plugin
# NOTE(danms): We don't enable perf on subnodes yet because the
# plugin is not installed there
if [[ "$MYSQL_GATHER_PERFORMANCE" == "True" ]]; then
if is_service_enabled mysql; then
plugin="&plugin=dbcounter"
fi
fi
echo "$BASE_SQL_CONN/$db?charset=utf8$plugin"
}
+1 -1
View File
@@ -432,7 +432,7 @@ function configure_glance {
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
fi
if [[ "$GLANCE_ENFORCE_SCOPE" == True ]] ; then
if [[ "$GLANCE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $GLANCE_API_CONF oslo_policy enforce_scope true
iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults true
iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac true
+1 -1
View File
@@ -265,7 +265,7 @@ function configure_keystone {
iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
iniset $KEYSTONE_CONF security_compliance unique_last_password_count $KEYSTONE_UNIQUE_LAST_PASSWORD_COUNT
fi
if [[ "$KEYSTONE_ENFORCE_SCOPE" == True ]] ; then
if [[ "$KEYSTONE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $KEYSTONE_CONF oslo_policy enforce_scope true
iniset $KEYSTONE_CONF oslo_policy enforce_new_defaults true
iniset $KEYSTONE_CONF oslo_policy policy_file policy.yaml
+23 -8
View File
@@ -114,6 +114,12 @@ NEUTRON_TENANT_VLAN_RANGE=${NEUTRON_TENANT_VLAN_RANGE:-${TENANT_VLAN_RANGE:-100:
# Physical network for VLAN network usage.
NEUTRON_PHYSICAL_NETWORK=${NEUTRON_PHYSICAL_NETWORK:-}
# The name of the service in the endpoint URL
NEUTRON_ENDPOINT_SERVICE_NAME=${NEUTRON_ENDPOINT_SERVICE_NAME-"networking"}
if [[ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" && -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]]; then
NEUTRON_ENDPOINT_SERVICE_NAME="networking"
fi
# Additional neutron api config files
declare -a -g _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS
@@ -213,7 +219,6 @@ function configure_neutron_new {
iniset $NEUTRON_CONF DEFAULT core_plugin $NEUTRON_CORE_PLUGIN
iniset $NEUTRON_CONF DEFAULT policy_file $policy_file
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips True
iniset $NEUTRON_CONF DEFAULT router_distributed $NEUTRON_DISTRIBUTED_ROUTING
iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY
@@ -229,7 +234,12 @@ function configure_neutron_new {
else
mech_drivers+=",linuxbridge"
fi
if [[ "$mech_drivers" == *"linuxbridge"* ]]; then
iniset $NEUTRON_CONF experimental linuxbridge True
fi
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers $mech_drivers
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 overlay_ip_version $TUNNEL_IP_VERSION
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_flat flat_networks $PUBLIC_NETWORK_NAME
@@ -251,10 +261,10 @@ function configure_neutron_new {
# Configure the neutron agent
if [[ $NEUTRON_AGENT == "linuxbridge" ]]; then
iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables
iniset $NEUTRON_CORE_PLUGIN_CONF vxlan local_ip $HOST_IP
iniset $NEUTRON_CORE_PLUGIN_CONF vxlan local_ip $TUNNEL_ENDPOINT_IP
elif [[ $NEUTRON_AGENT == "openvswitch" ]]; then
iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver openvswitch
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $TUNNEL_ENDPOINT_IP
if [[ "$NEUTRON_DISTRIBUTED_ROUTING" = "True" ]]; then
iniset $NEUTRON_CORE_PLUGIN_CONF agent l2_population True
@@ -392,10 +402,13 @@ function create_neutron_accounts_new {
local neutron_url
if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then
neutron_url=$NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST/networking/
neutron_url=$NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST/
else
neutron_url=$NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST:$NEUTRON_SERVICE_PORT/
fi
if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then
neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME
fi
if [[ "$ENABLED_SERVICES" =~ "neutron-api" ]]; then
@@ -476,19 +489,22 @@ function start_neutron_api {
if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then
run_process neutron-api "$(which uwsgi) --procname-prefix neutron-api --ini $NEUTRON_UWSGI_CONF"
neutron_url=$service_protocol://$NEUTRON_SERVICE_HOST/networking/
neutron_url=$service_protocol://$NEUTRON_SERVICE_HOST/
enable_service neutron-rpc-server
run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $opts"
else
# Start the Neutron service
# TODO(sc68cal) Stop hard coding this
run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server $opts"
neutron_url=$service_protocol://$NEUTRON_SERVICE_HOST:$service_port
neutron_url=$service_protocol://$NEUTRON_SERVICE_HOST:$service_port/
# Start proxy if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy neutron '*' $NEUTRON_SERVICE_PORT $NEUTRON_SERVICE_HOST $NEUTRON_SERVICE_PORT_INT
fi
fi
if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then
neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME
fi
if ! wait_for_service $SERVICE_TIMEOUT $neutron_url; then
die $LINENO "neutron-api did not start"
@@ -551,7 +567,6 @@ function stop_neutron_new {
fi
if is_service_enabled neutron-metadata-agent; then
sudo pkill -9 -f neutron-ns-metadata-proxy || :
stop_process neutron-metadata-agent
fi
}
@@ -632,7 +647,7 @@ function configure_neutron {
# configure_rbac_policies() - Configure Neutron to enforce new RBAC
# policies and scopes if NEUTRON_ENFORCE_SCOPE == True
function configure_rbac_policies {
if [ "$NEUTRON_ENFORCE_SCOPE" == "True" ]; then
if [[ "$NEUTRON_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == "True" ]]; then
iniset $NEUTRON_CONF oslo_policy enforce_new_defaults True
iniset $NEUTRON_CONF oslo_policy enforce_scope True
else
+36 -14
View File
@@ -138,10 +138,19 @@ Q_NOTIFY_NOVA_PORT_DATA_CHANGES=${Q_NOTIFY_NOVA_PORT_DATA_CHANGES:-True}
VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
# Allow to skip stopping of OVN services
SKIP_STOP_OVN=${SKIP_STOP_OVN:-False}
# The directory which contains files for Q_PLUGIN_EXTRA_CONF_FILES.
# /etc/neutron is assumed by many of devstack plugins. Do not change.
_Q_PLUGIN_EXTRA_CONF_PATH=/etc/neutron
# The name of the service in the endpoint URL
NEUTRON_ENDPOINT_SERVICE_NAME=${NEUTRON_ENDPOINT_SERVICE_NAME-"networking"}
if [[ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" && -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]]; then
NEUTRON_ENDPOINT_SERVICE_NAME="networking"
fi
# List of config file names in addition to the main plugin config file
# To add additional plugin config files, use ``neutron_server_config_add``
# utility function. For example:
@@ -243,13 +252,6 @@ if [[ $Q_AGENT == "linuxbridge" && -z ${LB_PHYSICAL_INTERFACE} ]]; then
LB_PHYSICAL_INTERFACE=$default_route_dev
fi
# When Neutron tunnels are enabled it is needed to specify the
# IP address of the end point in the local server. This IP is set
# by default to the same IP address that the HOST IP.
# This variable can be used to specify a different end point IP address
# Example: ``TUNNEL_ENDPOINT_IP=1.1.1.1``
TUNNEL_ENDPOINT_IP=${TUNNEL_ENDPOINT_IP:-$HOST_IP}
# With the openvswitch plugin, set to True in ``localrc`` to enable
# provider GRE tunnels when ``ENABLE_TENANT_TUNNELS`` is False.
#
@@ -435,10 +437,13 @@ function create_nova_conf_neutron {
function create_mutnauq_accounts {
local neutron_url
if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then
neutron_url=$Q_PROTOCOL://$SERVICE_HOST/networking/
neutron_url=$Q_PROTOCOL://$SERVICE_HOST/
else
neutron_url=$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/
fi
if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then
neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME
fi
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
@@ -500,7 +505,7 @@ function configure_neutron_after_post_config {
# configure_rbac_policies() - Configure Neutron to enforce new RBAC
# policies and scopes if NEUTRON_ENFORCE_SCOPE == True
function configure_rbac_policies {
if [ "$NEUTRON_ENFORCE_SCOPE" == "True" ]; then
if [[ "$NEUTRON_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == True ]]; then
iniset $NEUTRON_CONF oslo_policy enforce_new_defaults True
iniset $NEUTRON_CONF oslo_policy enforce_scope True
else
@@ -542,17 +547,20 @@ function start_neutron_service_and_check {
if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then
enable_service neutron-api
run_process neutron-api "$(which uwsgi) --procname-prefix neutron-api --ini $NEUTRON_UWSGI_CONF"
neutron_url=$Q_PROTOCOL://$Q_HOST/networking/
neutron_url=$Q_PROTOCOL://$Q_HOST/
enable_service neutron-rpc-server
run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $cfg_file_options"
else
run_process q-svc "$NEUTRON_BIN_DIR/neutron-server $cfg_file_options"
neutron_url=$service_protocol://$Q_HOST:$service_port
neutron_url=$service_protocol://$Q_HOST:$service_port/
# Start proxy if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy neutron '*' $Q_PORT $Q_HOST $Q_PORT_INT
fi
fi
if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then
neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME
fi
echo "Waiting for Neutron to start..."
local testcmd="wget ${ssl_ca} --no-proxy -q -O- $neutron_url"
@@ -620,7 +628,6 @@ function stop_mutnauq_other {
fi
if is_service_enabled q-meta; then
sudo pkill -9 -f neutron-ns-metadata-proxy || :
stop_process q-meta
fi
@@ -638,7 +645,7 @@ function stop_mutnauq {
stop_mutnauq_other
stop_mutnauq_l2_agent
if [[ $Q_AGENT == "ovn" ]]; then
if [[ $Q_AGENT == "ovn" && $SKIP_STOP_OVN != "True" ]]; then
stop_ovn
fi
}
@@ -909,18 +916,30 @@ function _configure_neutron_plugin_agent {
neutron_plugin_configure_plugin_agent
}
function _replace_api_paste_composite {
local sep
sep=$(echo -ne "\x01")
# Replace it
$sudo sed -i -e "s/\/\: neutronversions_composite/\/"${NEUTRON_ENDPOINT_SERVICE_NAME}"\/\: neutronversions_composite/" "$Q_API_PASTE_FILE"
$sudo sed -i -e "s/\/healthcheck\: healthcheck/\/"${NEUTRON_ENDPOINT_SERVICE_NAME}"\/healthcheck\: healthcheck/" "$Q_API_PASTE_FILE"
$sudo sed -i -e "s/\/v2.0\: neutronapi_v2_0/\/"${NEUTRON_ENDPOINT_SERVICE_NAME}"\/v2.0\: neutronapi_v2_0/" "$Q_API_PASTE_FILE"
}
# _configure_neutron_service() - Set config files for neutron service
# It is called when q-svc is enabled.
function _configure_neutron_service {
Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini
cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
if [[ -n "$NEUTRON_ENDPOINT_SERVICE_NAME" ]]; then
_replace_api_paste_composite
fi
# Update either configuration file with plugin
iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $NEUTRON_CONF oslo_policy policy_file $Q_POLICY_FILE
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
configure_keystone_authtoken_middleware $NEUTRON_CONF $Q_ADMIN_USERNAME
@@ -931,6 +950,9 @@ function _configure_neutron_service {
configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova
# Configuration for placement client
configure_keystone_authtoken_middleware $NEUTRON_CONF placement placement
# Configure plugin
neutron_plugin_configure_service
}
+4
View File
@@ -125,6 +125,10 @@ function neutron_plugin_configure_service {
fi
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 mechanism_drivers=$Q_ML2_PLUGIN_MECHANISM_DRIVERS
if [[ "$Q_ML2_PLUGIN_MECHANISM_DRIVERS" == *"linuxbridge"* ]]; then
iniset $NEUTRON_CONF experimental linuxbridge True
fi
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 overlay_ip_version=$TUNNEL_IP_VERSION
if [[ -n "$Q_ML2_PLUGIN_TYPE_DRIVERS" ]]; then
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 type_drivers=$Q_ML2_PLUGIN_TYPE_DRIVERS
+25 -6
View File
@@ -99,8 +99,10 @@ ENABLE_CHASSIS_AS_GW=$(trueorfalse True ENABLE_CHASSIS_AS_GW)
OVN_L3_CREATE_PUBLIC_NETWORK=$(trueorfalse True OVN_L3_CREATE_PUBLIC_NETWORK)
export OVSDB_SERVER_LOCAL_HOST=$SERVICE_LOCAL_HOST
TUNNEL_IP=$TUNNEL_ENDPOINT_IP
if [[ "$SERVICE_IP_VERSION" == 6 ]]; then
OVSDB_SERVER_LOCAL_HOST=[$OVSDB_SERVER_LOCAL_HOST]
TUNNEL_IP=[$TUNNEL_IP]
fi
OVN_IGMP_SNOOPING_ENABLE=$(trueorfalse False OVN_IGMP_SNOOPING_ENABLE)
@@ -169,12 +171,23 @@ Q_LOG_DRIVER_LOG_BASE=${Q_LOG_DRIVER_LOG_BASE:-acl_log_meter}
# Utility Functions
# -----------------
function wait_for_db_file {
local count=0
while [ ! -f $1 ]; do
sleep 1
count=$((count+1))
if [ "$count" -gt 40 ]; then
die $LINENO "DB File $1 not found"
fi
done
}
function wait_for_sock_file {
local count=0
while [ ! -S $1 ]; do
sleep 1
count=$((count+1))
if [ "$count" -gt 5 ]; then
if [ "$count" -gt 40 ]; then
die $LINENO "Socket $1 not found"
fi
done
@@ -384,6 +397,8 @@ function install_ovn {
sudo mkdir -p $OVS_PREFIX/var/log/ovn
sudo chown $(whoami) $OVS_PREFIX/var/log/ovn
else
# Load fixup_ovn_centos
source ${TOP_DIR}/tools/fixup_stuff.sh
fixup_ovn_centos
install_package $(get_packages openvswitch)
install_package $(get_packages ovn)
@@ -575,6 +590,7 @@ function init_ovn {
rm -f $OVS_DATADIR/.*.db.~lock~
sudo rm -f $OVN_DATADIR/*.db
sudo rm -f $OVN_DATADIR/.*.db.~lock~
sudo rm -f $OVN_RUNDIR/*.sock
}
function _start_ovs {
@@ -601,7 +617,7 @@ function _start_ovs {
dbcmd+=" --remote=db:hardware_vtep,Global,managers $OVS_DATADIR/vtep.db"
fi
dbcmd+=" $OVS_DATADIR/conf.db"
_run_process ovsdb-server "$dbcmd"
_run_process ovsdb-server "$dbcmd" "" "$STACK_GROUP" "root"
# Note: ovn-controller will create and configure br-int once it is started.
# So, no need to create it now because nothing depends on that bridge here.
@@ -626,8 +642,8 @@ function _start_ovs {
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-remote="$OVN_SB_REMOTE"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-bridge="br-int"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-type="geneve"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-ip="$HOST_IP"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:hostname="$LOCAL_HOSTNAME"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-encap-ip="$TUNNEL_IP"
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:hostname=$(hostname)
# Select this chassis to host gateway routers
if [[ "$ENABLE_CHASSIS_AS_GW" == "True" ]]; then
sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-cms-options="enable-chassis-as-gw"
@@ -641,7 +657,7 @@ function _start_ovs {
if is_service_enabled ovn-controller-vtep ; then
ovn_base_setup_bridge br-v
vtep-ctl add-ps br-v
vtep-ctl set Physical_Switch br-v tunnel_ips=$HOST_IP
vtep-ctl set Physical_Switch br-v tunnel_ips=$TUNNEL_IP
enable_service ovs-vtep
local vtepcmd="$OVS_SCRIPTDIR/ovs-vtep --log-file --pidfile --detach br-v"
@@ -689,14 +705,17 @@ function start_ovn {
local cmd="/bin/bash $SCRIPTDIR/ovn-ctl --no-monitor start_northd"
local stop_cmd="/bin/bash $SCRIPTDIR/ovn-ctl stop_northd"
_run_process ovn-northd "$cmd" "$stop_cmd"
_run_process ovn-northd "$cmd" "$stop_cmd" "$STACK_GROUP" "root"
else
_start_process "$OVN_NORTHD_SERVICE"
fi
# Wait for the service to be ready
# Check for socket and db files for both OVN NB and SB
wait_for_sock_file $OVS_RUNDIR/ovnnb_db.sock
wait_for_sock_file $OVS_RUNDIR/ovnsb_db.sock
wait_for_db_file $OVN_DATADIR/ovnnb_db.db
wait_for_db_file $OVN_DATADIR/ovnsb_db.db
if is_service_enabled tls-proxy; then
sudo ovn-nbctl --db=unix:$OVS_RUNDIR/ovnnb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem
+7 -3
View File
@@ -87,9 +87,15 @@ function prepare_for_ovs_compilation {
install_package kernel-devel-$KERNEL_VERSION
install_package kernel-headers-$KERNEL_VERSION
if is_service_enabled tls-proxy; then
install_package openssl-devel
fi
elif is_ubuntu ; then
install_package linux-headers-$KERNEL_VERSION
if is_service_enabled tls-proxy; then
install_package libssl-dev
fi
fi
}
@@ -158,10 +164,8 @@ function compile_ovs {
sudo make install
if [[ "$build_modules" == "True" ]]; then
sudo make INSTALL_MOD_DIR=kernel/net/openvswitch modules_install
reload_ovs_kernel_modules
else
load_ovs_kernel_modules
fi
reload_ovs_kernel_modules
cd $_pwd
}
+24 -27
View File
@@ -147,10 +147,6 @@ function _neutron_get_ext_gw_interface {
}
function create_neutron_initial_network {
local project_id
project_id=$(openstack project list | grep " demo " | get_field 1)
die_if_not_set $LINENO project_id "Failure retrieving project_id for demo"
# Allow drivers that need to create an initial network to do so here
if type -p neutron_plugin_create_initial_network_profile > /dev/null; then
neutron_plugin_create_initial_network_profile $PHYSICAL_NETWORK
@@ -170,15 +166,15 @@ function create_neutron_initial_network {
if is_provider_network; then
die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specify the PROVIDER_NETWORK_TYPE"
NET_ID=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" network create $PHYSICAL_NETWORK --provider-network-type $PROVIDER_NETWORK_TYPE --provider-physical-network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider-segment $SEGMENTATION_ID} --share | grep ' id ' | get_field 2)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $project_id"
NET_ID=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" network create $PHYSICAL_NETWORK --provider-network-type $PROVIDER_NETWORK_TYPE --provider-physical-network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider-segment $SEGMENTATION_ID} --share -f value -c id)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK"
if [[ "$IP_VERSION" =~ 4.* ]]; then
if [ -z $SUBNETPOOL_V4_ID ]; then
fixed_range_v4=$FIXED_RANGE
fi
SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} --network $NET_ID ${fixed_range_v4:+--subnet-range $fixed_range_v4} | grep ' id ' | get_field 2)
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME $project_id"
SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} --network $NET_ID ${fixed_range_v4:+--subnet-range $fixed_range_v4} -f value -c id)
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME"
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then
@@ -187,8 +183,8 @@ function create_neutron_initial_network {
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$IPV6_PROVIDER_FIXED_RANGE
fi
IPV6_SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 6 --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID ${fixed_range_v6:+--subnet-range $fixed_range_v6} | grep ' id ' | get_field 2)
die_if_not_set $LINENO IPV6_SUBNET_ID "Failure creating IPV6_SUBNET_ID for $IPV6_PROVIDER_SUBNET_NAME $project_id"
IPV6_SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 6 --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID ${fixed_range_v6:+--subnet-range $fixed_range_v6} -f value -c id)
die_if_not_set $LINENO IPV6_SUBNET_ID "Failure creating IPV6_SUBNET_ID for $IPV6_PROVIDER_SUBNET_NAME"
fi
if [[ $Q_AGENT == "openvswitch" ]]; then
@@ -197,17 +193,17 @@ function create_neutron_initial_network {
sudo ip link set $PUBLIC_INTERFACE up
fi
else
NET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" network create "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME $project_id"
NET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" network create "$PRIVATE_NETWORK_NAME" -f value -c id)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME"
if [[ "$IP_VERSION" =~ 4.* ]]; then
# Create IPv4 private subnet
SUBNET_ID=$(_neutron_create_private_subnet_v4 $project_id)
SUBNET_ID=$(_neutron_create_private_subnet_v4)
fi
if [[ "$IP_VERSION" =~ .*6 ]]; then
# Create IPv6 private subnet
IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6 $project_id)
IPV6_SUBNET_ID=$(_neutron_create_private_subnet_v6)
fi
fi
@@ -215,12 +211,12 @@ function create_neutron_initial_network {
# Create a router, and add the private subnet as one of its interfaces
if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
# create a tenant-owned router.
ROUTER_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" router create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $project_id $Q_ROUTER_NAME"
ROUTER_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" router create $Q_ROUTER_NAME -f value -c id)
die_if_not_set $LINENO ROUTER_ID "Failure creating router $Q_ROUTER_NAME"
else
# Plugin only supports creating a single router, which should be admin owned.
ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
die_if_not_set $LINENO ROUTER_ID "Failure creating ROUTER_ID for $Q_ROUTER_NAME"
ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create $Q_ROUTER_NAME -f value -c id)
die_if_not_set $LINENO ROUTER_ID "Failure creating router $Q_ROUTER_NAME"
fi
EXTERNAL_NETWORK_FLAGS="--external"
@@ -229,9 +225,9 @@ function create_neutron_initial_network {
fi
# Create an external network, and a subnet. Configure the external network as router gw
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type ${PUBLIC_PROVIDERNET_TYPE:-flat} ${PUBLIC_PROVIDERNET_SEGMENTATION_ID:+--provider-segment $PUBLIC_PROVIDERNET_SEGMENTATION_ID} --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type ${PUBLIC_PROVIDERNET_TYPE:-flat} ${PUBLIC_PROVIDERNET_SEGMENTATION_ID:+--provider-segment $PUBLIC_PROVIDERNET_SEGMENTATION_ID} --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} -f value -c id)
else
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2)
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS -f value -c id)
fi
die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
@@ -249,7 +245,6 @@ function create_neutron_initial_network {
# Create private IPv4 subnet
function _neutron_create_private_subnet_v4 {
local project_id=$1
if [ -z $SUBNETPOOL_V4_ID ]; then
fixed_range_v4=$FIXED_RANGE
fi
@@ -262,14 +257,13 @@ function _neutron_create_private_subnet_v4 {
subnet_params+="${fixed_range_v4:+--subnet-range $fixed_range_v4} "
subnet_params+="--network $NET_ID $PRIVATE_SUBNET_NAME"
local subnet_id
subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2)
die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet for $project_id"
subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params -f value -c id)
die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet"
echo $subnet_id
}
# Create private IPv6 subnet
function _neutron_create_private_subnet_v6 {
local project_id=$1
die_if_not_set $LINENO IPV6_RA_MODE "IPV6 RA Mode not set"
die_if_not_set $LINENO IPV6_ADDRESS_MODE "IPV6 Address Mode not set"
local ipv6_modes="--ipv6-ra-mode $IPV6_RA_MODE --ipv6-address-mode $IPV6_ADDRESS_MODE"
@@ -284,8 +278,8 @@ function _neutron_create_private_subnet_v6 {
subnet_params+="${fixed_range_v6:+--subnet-range $fixed_range_v6} "
subnet_params+="$ipv6_modes --network $NET_ID $IPV6_PRIVATE_SUBNET_NAME "
local ipv6_subnet_id
ipv6_subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2)
die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet for $project_id"
ipv6_subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params -f value -c id)
die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet"
echo $ipv6_subnet_id
}
@@ -409,7 +403,10 @@ function _neutron_configure_router_v6 {
ext_gw_interface=$(_neutron_get_ext_gw_interface)
local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
# Configure interface for public bridge
# Configure interface for public bridge by setting the interface
# to "up" in case the job is running entirely private network based
# testing.
sudo ip link set $ext_gw_interface up
sudo ip -6 addr replace $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
# Any IPv6 private subnet that uses the default IPV6 subnet pool
# and that is plugged into the default router (Q_ROUTER_NAME) will
+6 -21
View File
@@ -103,24 +103,10 @@ FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"False"}
# The following NOVA_FILTERS contains SameHostFilter and DifferentHostFilter with
# the default filters.
NOVA_FILTERS="AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter"
NOVA_FILTERS="ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter"
QEMU_CONF=/etc/libvirt/qemu.conf
# Set default defaults here as some hypervisor drivers override these
PUBLIC_INTERFACE_DEFAULT=br100
# Set ``GUEST_INTERFACE_DEFAULT`` to some interface on the box so that
# the default isn't completely crazy. This will match ``eth*``, ``em*``, or
# the new ``p*`` interfaces, then basically picks the first
# alphabetically. It's probably wrong, however it's less wrong than
# always using ``eth0`` which doesn't exist on new Linux distros at all.
GUEST_INTERFACE_DEFAULT=$(ip link \
| grep 'state UP' \
| awk '{print $2}' \
| sed 's/://' \
| grep ^[ep] \
| head -1)
# ``NOVA_VNC_ENABLED`` can be used to forcibly enable VNC configuration.
# In multi-node setups allows compute hosts to not run ``n-novnc``.
NOVA_VNC_ENABLED=$(trueorfalse False NOVA_VNC_ENABLED)
@@ -324,11 +310,7 @@ EOF
# set chap algorithms. The default chap_algorithm is md5 which will
# not work under FIPS.
# FIXME(alee) For some reason, this breaks openeuler. Openeuler devs should weigh in
# and determine the correct solution for openeuler here
if ! is_openeuler; then
iniset -sudo /etc/iscsi/iscsid.conf DEFAULT "node.session.auth.chap_algs" "SHA3-256,SHA256"
fi
iniset -sudo /etc/iscsi/iscsid.conf DEFAULT "node.session.auth.chap_algs" "SHA3-256,SHA256"
# ensure that iscsid is started, even when disabled by default
restart_service iscsid
@@ -1000,6 +982,10 @@ function start_nova_compute {
# by the compute process.
configure_console_compute
# Set rebuild timeout longer for BFV instances because we likely have
# slower disk than expected. Default is 20s/GB
iniset $NOVA_CPU_CONF DEFAULT reimage_timeout_per_gb 60
# Configure the OVSDB connection for os-vif
if [ -n "$OVSDB_SERVER_LOCAL_HOST" ]; then
iniset $NOVA_CPU_CONF os_vif_ovs ovsdb_connection "tcp:$OVSDB_SERVER_LOCAL_HOST:6640"
@@ -1045,7 +1031,6 @@ function start_nova_rest {
local old_path=$PATH
export PATH=$NOVA_BIN_DIR:$PATH
local api_cell_conf=$NOVA_CONF
local compute_cell_conf=$NOVA_CONF
run_process n-sch "$NOVA_BIN_DIR/nova-scheduler --config-file $compute_cell_conf"
+5
View File
@@ -402,6 +402,11 @@ function configure_swift {
# Versioned Writes
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:versioned_writes allow_versioned_writes true
# Add sha1 temporary https://storyboard.openstack.org/#!/story/2010068
if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]]; then
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:tempurl allowed_digests "sha1 sha256 sha512"
fi
# Configure Ceilometer
if is_service_enabled ceilometer; then
iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:ceilometer "set log_level" "WARN"
+139 -20
View File
@@ -58,7 +58,7 @@ BUILD_TIMEOUT=${BUILD_TIMEOUT:-196}
# This must be False on stable branches, as master tempest
# deps do not match stable branch deps. Set this to True to
# have tempest installed in DevStack by default.
INSTALL_TEMPEST=${INSTALL_TEMPEST:-"True"}
INSTALL_TEMPEST=${INSTALL_TEMPEST:-"False"}
# This variable is passed directly to pip install inside the common tox venv
# that is created
@@ -71,6 +71,17 @@ TEMPEST_VOLUME_VENDOR=${TEMPEST_VOLUME_VENDOR:-$TEMPEST_DEFAULT_VOLUME_VENDOR}
TEMPEST_DEFAULT_STORAGE_PROTOCOL="iSCSI"
TEMPEST_STORAGE_PROTOCOL=${TEMPEST_STORAGE_PROTOCOL:-$TEMPEST_DEFAULT_STORAGE_PROTOCOL}
# Glance/Image variables
# When Glance image import is enabled, image creation is asynchronous and images
# may not yet be active when tempest looks for them. In that case, we poll
# Glance every TEMPEST_GLANCE_IMPORT_POLL_INTERVAL seconds for the number of
# times specified by TEMPEST_GLANCE_IMPORT_POLL_LIMIT. If you are importing
# multiple images, set TEMPEST_GLANCE_IMAGE_COUNT so the poller does not quit
# too early (though it will not exceed the polling limit).
TEMPEST_GLANCE_IMPORT_POLL_INTERVAL=${TEMPEST_GLANCE_IMPORT_POLL_INTERVAL:-1}
TEMPEST_GLANCE_IMPORT_POLL_LIMIT=${TEMPEST_GLANCE_IMPORT_POLL_LIMIT:-12}
TEMPEST_GLANCE_IMAGE_COUNT=${TEMPEST_GLANCE_IMAGE_COUNT:-1}
# Neutron/Network variables
IPV6_ENABLED=$(trueorfalse True IPV6_ENABLED)
IPV6_SUBNET_ATTRIBUTES_ENABLED=$(trueorfalse True IPV6_SUBNET_ATTRIBUTES_ENABLED)
@@ -117,6 +128,13 @@ function set_tempest_venv_constraints {
(cd $REQUIREMENTS_DIR &&
git show master:upper-constraints.txt 2>/dev/null ||
git show origin/master:upper-constraints.txt) > $tmp_c
# NOTE(gmann): we need to set the below env var pointing to master
# constraints even that is what default in tox.ini. Otherwise it can
# create the issue for grenade run where old and new devstack can have
# different tempest (old and master) to install. For detail problem,
# refer to the https://bugs.launchpad.net/devstack/+bug/2003993
export UPPER_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/master
export TOX_CONSTRAINTS_FILE=https://releases.openstack.org/constraints/upper/master
else
echo "Using $TEMPEST_VENV_UPPER_CONSTRAINTS constraints in Tempest virtual env."
cat $TEMPEST_VENV_UPPER_CONSTRAINTS > $tmp_c
@@ -127,6 +145,48 @@ function set_tempest_venv_constraints {
fi
}
# Makes a call to glance to get a list of active images, ignoring
# ramdisk and kernel images. Takes 3 arguments, an array and two
# variables. The array will contain the list of active image UUIDs;
# if an image with ``DEFAULT_IMAGE_NAME`` is found, its UUID will be
# set as the value of *both* other parameters.
function get_active_images {
declare -n img_array=$1
declare -n img_id=$2
declare -n img_id_alt=$3
# start with a fresh array in case we are called multiple times
img_array=()
while read -r IMAGE_NAME IMAGE_UUID; do
if [ "$IMAGE_NAME" = "$DEFAULT_IMAGE_NAME" ]; then
img_id="$IMAGE_UUID"
img_id_alt="$IMAGE_UUID"
fi
img_array+=($IMAGE_UUID)
done < <(openstack --os-cloud devstack-admin image list --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
}
function poll_glance_images {
declare -n image_array=$1
declare -n image_id=$2
declare -n image_id_alt=$3
local -i poll_count
poll_count=$TEMPEST_GLANCE_IMPORT_POLL_LIMIT
while (( poll_count-- > 0 )) ; do
sleep $TEMPEST_GLANCE_IMPORT_POLL_INTERVAL
get_active_images image_array image_id image_id_alt
if (( ${#image_array[*]} >= $TEMPEST_GLANCE_IMAGE_COUNT )) ; then
return
fi
done
local msg
msg="Polling limit of $TEMPEST_GLANCE_IMPORT_POLL_LIMIT exceeded; "
msg+="poll interval was $TEMPEST_GLANCE_IMPORT_POLL_INTERVAL sec"
warn $LINENO "$msg"
}
# configure_tempest() - Set config files, create data dirs, etc
function configure_tempest {
if [[ "$INSTALL_TEMPEST" == "True" ]]; then
@@ -168,13 +228,21 @@ function configure_tempest {
declare -a images
if is_service_enabled glance; then
while read -r IMAGE_NAME IMAGE_UUID; do
if [ "$IMAGE_NAME" = "$DEFAULT_IMAGE_NAME" ]; then
image_uuid="$IMAGE_UUID"
image_uuid_alt="$IMAGE_UUID"
get_active_images images image_uuid image_uuid_alt
if (( ${#images[*]} < $TEMPEST_GLANCE_IMAGE_COUNT )); then
# Glance image import is asynchronous and may be configured
# to do image conversion. If image import is being used,
# it's possible that this code is being executed before the
# import has completed and there may be no active images yet.
if [[ "$GLANCE_USE_IMPORT_WORKFLOW" == "True" ]]; then
poll_glance_images images image_uuid image_uuid_alt
if (( ${#images[*]} < $TEMPEST_GLANCE_IMAGE_COUNT )); then
echo "Only found ${#images[*]} image(s), was looking for $TEMPEST_GLANCE_IMAGE_COUNT"
exit 1
fi
fi
images+=($IMAGE_UUID)
done < <(openstack --os-cloud devstack-admin image list --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
fi
case "${#images[*]}" in
0)
@@ -394,7 +462,7 @@ function configure_tempest {
# NOTE- To avoid microversion tests failure on stable branch, we need to change "tempest_compute_max_microversion"
# for stable branch on each release which should be changed from "latest" to max supported version of that release.
local tempest_compute_min_microversion=${TEMPEST_COMPUTE_MIN_MICROVERSION:-None}
local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"latest"}
local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"2.93"}
# Reset microversions to None where v2.0 is running which does not support microversion.
# Both "None" means no microversion testing.
if [[ "$TEMPEST_COMPUTE_TYPE" == "compute_legacy" ]]; then
@@ -487,7 +555,7 @@ function configure_tempest {
fi
iniset $TEMPEST_CONFIG volume-feature-enabled volume_revert $(trueorfalse False TEMPEST_VOLUME_REVERT_TO_SNAPSHOT)
local tempest_volume_min_microversion=${TEMPEST_VOLUME_MIN_MICROVERSION:-None}
local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"latest"}
local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"3.70"}
if [ "$tempest_volume_min_microversion" == "None" ]; then
inicomment $TEMPEST_CONFIG volume min_microversion
else
@@ -536,13 +604,17 @@ function configure_tempest {
iniset $TEMPEST_CONFIG volume storage_protocol "$TEMPEST_STORAGE_PROTOCOL"
fi
if [[ $ENABLE_VOLUME_MULTIATTACH == "True" ]]; then
iniset $TEMPEST_CONFIG volume volume_type_multiattach $VOLUME_TYPE_MULTIATTACH
fi
# Placement Features
# Set the microversion range for placement.
# Setting [None, latest] range of microversion which allow Tempest to run all microversions tests.
# NOTE- To avoid microversion tests failure on stable branch, we need to change "tempest_placement_max_microversion"
# for stable branch on each release which should be changed from "latest" to max supported version of that release.
local tempest_placement_min_microversion=${TEMPEST_PLACEMENT_MIN_MICROVERSION:-None}
local tempest_placement_max_microversion=${TEMPEST_PLACEMENT_MAX_MICROVERSION:-"latest"}
local tempest_placement_max_microversion=${TEMPEST_PLACEMENT_MAX_MICROVERSION:-"1.39"}
if [ "$tempest_placement_min_microversion" == "None" ]; then
inicomment $TEMPEST_CONFIG placement min_microversion
else
@@ -607,14 +679,19 @@ function configure_tempest {
# If services enable the enforce_scope for their policy
# we need to enable the same on Tempest side so that
# test can be run with scoped token.
if [[ "$KEYSTONE_ENFORCE_SCOPE" == True ]] ; then
if [[ "$KEYSTONE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $TEMPEST_CONFIG enforce_scope keystone true
iniset $TEMPEST_CONFIG auth admin_system 'all'
iniset $TEMPEST_CONFIG auth admin_project_name ''
fi
iniset $TEMPEST_CONFIG enforce_scope glance "$GLANCE_ENFORCE_SCOPE"
iniset $TEMPEST_CONFIG enforce_scope cinder "$CINDER_ENFORCE_SCOPE"
if [[ "$GLANCE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $TEMPEST_CONFIG enforce_scope glance true
fi
if [[ "$CINDER_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $TEMPEST_CONFIG enforce_scope cinder true
fi
if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
# libvirt-lxc does not support boot from volume or attaching volumes
@@ -629,13 +706,13 @@ function configure_tempest {
local tmp_cfg_file
tmp_cfg_file=$(mktemp)
cd $TEMPEST_DIR
if [[ "$OFFLINE" != "True" ]]; then
tox -revenv-tempest --notest
fi
local tmp_u_c_m
tmp_u_c_m=$(mktemp -t tempest_u_c_m.XXXXXXXXXX)
set_tempest_venv_constraints $tmp_u_c_m
if [[ "$OFFLINE" != "True" ]]; then
tox -revenv-tempest --notest
fi
tox -evenv-tempest -- pip install -c $tmp_u_c_m -r requirements.txt
rm -f $tmp_u_c_m
@@ -672,7 +749,30 @@ function configure_tempest {
DISABLE_NETWORK_API_EXTENSIONS+=", l3_agent_scheduler"
fi
local network_api_extensions=${NETWORK_API_EXTENSIONS:-"all"}
DEFAULT_NET_EXT="address-scope,agent,allowed-address-pairs,auto-allocated-topology"
DEFAULT_NET_EXT+=",availability_zone,binding,default-subnetpools,dhcp_agent_scheduler"
DEFAULT_NET_EXT+=",dvr,ext-gw-mode,external-net,extra_dhcp_opt,extraroute,flavors"
DEFAULT_NET_EXT+=",l3-flavors,l3-ha,l3_agent_scheduler,multi-provider,net-mtu"
DEFAULT_NET_EXT+=",network-ip-availability,network_availability_zone,pagination"
DEFAULT_NET_EXT+=",port-security,project-id,provider,quotas,quota_details,rbac-policies"
DEFAULT_NET_EXT+=",revision-if-match,router,router_availability_zone,security-group,service-type,sorting"
DEFAULT_NET_EXT+=",standard-attr-description,standard-attr-revisions,standard-attr-tag,standard-attr-timestamp"
DEFAULT_NET_EXT+=",subnet-service-types,subnet_allocation,net-mtu-writable,ip-substring-filtering"
DEFAULT_NET_EXT+=",availability_zone_filter,filter-validation,empty-string-filtering,port-mac-address-regenerate"
DEFAULT_NET_EXT+=",port-security-groups-filtering,fip-port-details,binding-extended"
DEFAULT_NET_EXT+=",subnet_onboard,l3-port-ip-change-not-allowed,agent-resources-synced"
DEFAULT_NET_EXT+=",floatingip-pools,rbac-security-groups,subnetpool-prefix-ops,router-admin-state-down-before-update"
DEFAULT_NET_EXT+=",rbac-subnetpool,tag-ports-during-bulk-creation,stateful-security-group,address-group,extraroute-atomic"
DEFAULT_NET_EXT+=",port-numa-affinity-policy,rbac-address-scope,security-groups-remote-address-group,trunk,trunk-details"
DEFAULT_NET_EXT+=",rbac-address-group,port-device-profile"
DEFAULT_NET_EXT+=",multiple-external-gateways,qos-pps-minimum,l3-ext-ndp-proxy,rbac-bgpvpn"
DEFAULT_NET_EXT+=",qos-pps,ecmp_routes,bgp,floating-ip-port-forwarding-port-ranges"
# New in Yoga
DEFAULT_NET_EXT+=",security-groups-shared-filtering,security-groups-normalized-cidr,quota-check-limit"
DEFAULT_NET_EXT+=",port-resource-request-groups"
# New in Zed
DEFAULT_NET_EXT+=",port-mac-override,floating-ip-port-forwarding-detail,network-cascade-delete"
local network_api_extensions=${NETWORK_API_EXTENSIONS:-$DEFAULT_NET_EXT}
if [[ ! -z "$DISABLE_NETWORK_API_EXTENSIONS" ]]; then
# Enabled extensions are either the ones explicitly specified or those available on the API endpoint
network_api_extensions=${NETWORK_API_EXTENSIONS:-$(iniget $tmp_cfg_file network-feature-enabled api_extensions | tr -d " ")}
@@ -684,7 +784,10 @@ function configure_tempest {
fi
iniset $TEMPEST_CONFIG network-feature-enabled api_extensions $network_api_extensions
# Swift API Extensions
local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-"all"}
DEFAULT_SWIFT_OPT="account_quotas,bulk_delete,bulk_upload,container_quotas"
DEFAULT_SWIFT_OPT+=",container_sync,crossdomain,formpost,ratelimit,slo"
DEFAULT_SWIFT_OPT+=",staticweb,tempauth,tempurl,versioned_writes"
local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$DEFAULT_SWIFT_OPT}
if [[ ! -z "$DISABLE_OBJECT_STORAGE_API_EXTENSIONS" ]]; then
# Enabled extensions are either the ones explicitly specified or those available on the API endpoint
object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$(iniget $tmp_cfg_file object-storage-feature-enabled discoverable_apis | tr -d " ")}
@@ -693,7 +796,18 @@ function configure_tempest {
fi
iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis $object_storage_api_extensions
# Cinder API Extensions
local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"}
DEFAULT_VOL_EXT="OS-SCH-HNT,backups,capabilities,cgsnapshots,consistencygroups"
DEFAULT_VOL_EXT+=",encryption,os-admin-actions,os-availability-zone"
DEFAULT_VOL_EXT+=",os-extended-services,os-extended-snapshot-attributes"
DEFAULT_VOL_EXT+=",os-hosts,os-quota-class-sets,os-quota-sets"
DEFAULT_VOL_EXT+=",os-services,os-snapshot-actions,os-snapshot-manage"
DEFAULT_VOL_EXT+=",os-snapshot-unmanage,os-types-extra-specs,os-types-manage"
DEFAULT_VOL_EXT+=",os-used-limits,os-vol-host-attr,os-vol-image-meta"
DEFAULT_VOL_EXT+=",os-vol-mig-status-attr,os-vol-tenant-attr,os-volume-actions"
DEFAULT_VOL_EXT+=",os-volume-encryption-metadata,os-volume-manage"
DEFAULT_VOL_EXT+=",os-volume-transfer,os-volume-type-access"
DEFAULT_VOL_EXT+=",os-volume-unmanage,qos-specs,scheduler-stats"
local volume_api_extensions=${VOLUME_API_EXTENSIONS:-$DEFAULT_VOL_EXT}
if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then
# Enabled extensions are either the ones explicitly specified or those available on the API endpoint
volume_api_extensions=${VOLUME_API_EXTENSIONS:-$(iniget $tmp_cfg_file volume-feature-enabled api_extensions | tr -d " ")}
@@ -709,7 +823,12 @@ function configure_tempest {
# install_tempest() - Collect source and prepare
function install_tempest {
git_clone $TEMPEST_REPO $TEMPEST_DIR $TEMPEST_BRANCH
pip_install 'tox!=2.8.0'
# NOTE(gmann): Pinning tox<4.0.0 for stable/zed and lower. Tox 4.0.0
# released after zed was released and has some incompatible changes
# and it is ok not to fix the issues caused by tox 4.0.0 in stable
# beanches jobs. We can continue testing the stable/zed and lower
# branches with tox<4.0.0
pip_install 'tox!=2.8.0,<4.0.0'
pushd $TEMPEST_DIR
# NOTE(gmann): checkout the TEMPEST_BRANCH in case TEMPEST_BRANCH
# is tag name not master. git_clone would not checkout tag because
+1 -1
View File
@@ -557,7 +557,7 @@ $listen_string
ErrorLog $APACHE_LOG_DIR/tls-proxy_error.log
ErrorLogFormat "%{cu}t [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] [frontend\ %A] %M% ,\ referer\ %{Referer}i"
LogLevel info
CustomLog $APACHE_LOG_DIR/tls-proxy_access.log "%{%Y-%m-%d}t %{%T}t.%{msec_frac}t [%l] %a \"%r\" %>s %b"
CustomLog $APACHE_LOG_DIR/tls-proxy_access.log combined
</VirtualHost>
EOF
if is_suse ; then
+9
View File
@@ -17,9 +17,18 @@
dest: "{{ stage_dir }}/verify_tempest_conf.log"
state: hard
when: tempest_log.stat.exists
- name: Capture most recent qemu crash dump, if any
shell:
executable: /bin/bash
cmd: |
coredumpctl -o {{ devstack_log_dir }}/qemu.coredump dump /usr/bin/qemu-system-x86_64
ignore_errors: yes
roles:
- export-devstack-journal
- apache-logs-conf
# This should run as early as possible to make sure we don't skew
# the post-tempest results with other activities.
- capture-performance-data
- devstack-project-conf
# capture-system-logs should be the last role before stage-output
- capture-system-logs
+7 -1
View File
@@ -5,4 +5,10 @@
bindep_profile: test
bindep_dir: "{{ zuul_work_dir }}"
- test-setup
- ensure-tox
# NOTE(gmann): Pinning tox<4.0.0 for stable/zed and lower. Tox 4.0.0
# released after zed was released and has some incompatible changes
# and it is ok not to fix the issues caused by tox 4.0.0 in stable
# beanches jobs. We can continue testing the stable/zed and lower
# branches with tox<4.0.0
- role: ensure-tox
ensure_tox_version: "<4"
+7 -1
View File
@@ -6,6 +6,12 @@
bindep_profile: test
bindep_dir: "{{ zuul_work_dir }}"
- test-setup
- ensure-tox
# NOTE(gmann): Pinning tox<4.0.0 for stable/zed and lower. Tox 4.0.0
# released after zed was released and has some incompatible changes
# and it is ok not to fix the issues caused by tox 4.0.0 in stable
# beanches jobs. We can continue testing the stable/zed and lower
# branches with tox<4.0.0
- role: ensure-tox
ensure_tox_version: "<4"
- get-devstack-os-environment
- tox
-1
View File
@@ -64,7 +64,6 @@
'Debian': '/etc/apache2/sites-enabled/'
'Suse': '/etc/apache2/conf.d/'
'RedHat': '/etc/httpd/conf.d/'
'openEuler': '/etc/httpd/conf.d/'
- name: Discover configurations
find:
+25
View File
@@ -0,0 +1,25 @@
Generate performance logs for staging
Captures usage information from mysql, systemd, apache logs, and other
parts of the system and generates a performance.json file in the
staging directory.
**Role Variables**
.. zuul:rolevar:: stage_dir
:default: {{ ansible_user_dir }}
The base stage directory
.. zuul:rolevar:: devstack_conf_dir
:default: /opt/stack
The base devstack destination directory
.. zuul:rolevar:: debian_suse_apache_deref_logs
The apache logs found in the debian/suse locations
.. zuul:rolevar:: redhat_apache_deref_logs
The apache logs found in the redhat locations
@@ -0,0 +1,3 @@
devstack_base_dir: /opt/stack
devstack_conf_dir: "{{ devstack_base_dir }}"
stage_dir: "{{ ansible_user_dir }}"
@@ -0,0 +1,16 @@
- name: Generate statistics
shell:
executable: /bin/bash
cmd: |
source {{ devstack_conf_dir }}/stackrc
python3 {{ devstack_conf_dir }}/tools/get-stats.py \
--db-user="$DATABASE_USER" \
--db-pass="$DATABASE_PASSWORD" \
--db-host="$DATABASE_HOST" \
{{ apache_logs }} > {{ stage_dir }}/performance.json
vars:
apache_logs: >-
{% for i in debian_suse_apache_deref_logs.results | default([]) + redhat_apache_deref_logs.results | default([]) %}
--apache-log="{{ i.stat.path }}"
{% endfor %}
ignore_errors: yes
+1
View File
@@ -9,6 +9,7 @@ Stage a number of different logs / reports:
- coredumps
- dns resolver
- listen53
- services
- unbound.log
- deprecation messages
@@ -19,6 +19,9 @@
rpm -qa | sort > {{ stage_dir }}/rpm-qa.txt
fi
# Services status
sudo systemctl status --all > services.txt 2>/dev/null
# NOTE(kchamart) The 'audit.log' can be useful in cases when QEMU
# failed to start due to denials from SELinux — useful for CentOS
# and Fedora machines. For Ubuntu (which runs AppArmor), DevStack
@@ -1,10 +1,10 @@
Verify the IPv6-only deployments
Verify all addresses in IPv6-only deployments
This role needs to be invoked from a playbook that
run tests. This role verifies the IPv6 setting on
devstack side and devstack deploy services on IPv6.
This role is invoked before tests are run so that
if any missing IPv6 setting or deployments can fail
runs tests. This role verifies the IPv6 settings on the
devstack side and that devstack deploys with all addresses
being IPv6. This role is invoked before tests are run so that
if there is any missing IPv6 setting, deployments can fail
the job early.
@@ -2,6 +2,7 @@
# This uses hard links to avoid using extra space.
command: "find {{ devstack_cache_dir }}/files -mindepth 1 -maxdepth 1 -exec cp -l {} {{ devstack_base_dir }}/devstack/files/ ;"
become: true
ignore_errors: yes
- name: Set ownership of cached files
file:
+1 -1
View File
@@ -49,7 +49,7 @@ SERVICE_PASSWORD=$ADMIN_PASSWORD
# path of the destination log file. A timestamp will be appended to the given name.
LOGFILE=$DEST/logs/stack.sh.log
# Old log files are automatically removed after 7 days to keep things neat. Change
# Old log files are automatically removed after 2 days to keep things neat. Change
# the number of days by setting ``LOGDAYS``.
LOGDAYS=2
-12
View File
@@ -1,12 +0,0 @@
[metadata]
name = DevStack
summary = OpenStack DevStack
description_file =
README.rst
author = OpenStack
author_email = openstack-discuss@lists.openstack.org
home_page = https://docs.openstack.org/devstack/latest
classifier =
Intended Audience :: Developers
License :: OSI Approved :: Apache Software License
Operating System :: POSIX :: Linux
-22
View File
@@ -1,22 +0,0 @@
#!/usr/bin/env python
# Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT
import setuptools
setuptools.setup(
setup_requires=['pbr'],
pbr=True)
+36 -17
View File
@@ -67,7 +67,9 @@ unset `env | grep -E '^OS_' | cut -d = -f 1`
umask 022
# Not all distros have sbin in PATH for regular users.
PATH=$PATH:/usr/local/sbin:/usr/sbin:/sbin
# osc will normally be installed at /usr/local/bin/openstack so ensure
# /usr/local/bin is also in the path
PATH=$PATH:/usr/local/bin:/usr/local/sbin:/usr/sbin:/sbin
# Keep track of the DevStack directory
TOP_DIR=$(cd $(dirname "$0") && pwd)
@@ -227,7 +229,7 @@ write_devstack_version
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
SUPPORTED_DISTROS="bullseye|focal|f35|opensuse-15.2|opensuse-tumbleweed|rhel8|rhel9|openEuler-20.03"
SUPPORTED_DISTROS="bullseye|focal|jammy|f35|opensuse-15.2|opensuse-tumbleweed|rhel8|rhel9"
if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
@@ -278,13 +280,6 @@ chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
# TODO(wxy): Currently some base packages are not installed by default in
# openEuler. Remove the code below once the packaged are installed by default
# in the future.
if [[ $DISTRO == "openEuler-20.03" ]]; then
install_package hostname
fi
# Configure Distro Repositories
# -----------------------------
@@ -316,7 +311,22 @@ function _install_rdo {
sudo dnf -y install https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el8.rpm
fi
elif [[ $DISTRO == "rhel9" ]]; then
sudo curl -L -o /etc/yum.repos.d/delorean-deps.repo http://trunk.rdoproject.org/centos9-master/delorean-deps.repo
install_package wget
# We need to download rdo-release package using wget as installing with dnf from repo.fedoraproject.org fails in
# FIPS enabled systems after https://bugzilla.redhat.com/show_bug.cgi?id=2157951
# Until we can pull rdo-release from a server which supports EMS, this workaround is doing wget, which does
# not relies on openssl but on gnutls, and then install it locally using rpm
TEMPRDODIR=$(mktemp -d)
if [[ "$TARGET_BRANCH" == "master" ]]; then
# rdo-release.el9.rpm points to latest RDO release, use that for master
wget -P $TEMPRDODIR https://rdoproject.org/repos/rdo-release.el9.rpm
else
# For stable branches use corresponding release rpm
rdo_release=$(echo $TARGET_BRANCH | sed "s|stable/||g")
wget -P $TEMPRDODIR https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el9.rpm
fi
sudo rpm -ivh $TEMPRDODIR/rdo-release*rpm
rm -rf $TEMPRDODIR
fi
sudo dnf -y update
}
@@ -1157,7 +1167,8 @@ fi
# ----
if is_service_enabled q-dhcp; then
# Delete traces of nova networks from prior runs
# TODO(frickler): These are remnants from n-net, check which parts are really
# still needed for Neutron.
# Do not kill any dnsmasq instance spawned by NetworkManager
netman_pid=$(pidof NetworkManager || true)
if [ -z "$netman_pid" ]; then
@@ -1217,12 +1228,7 @@ if is_service_enabled nova; then
echo_summary "Configuring Nova"
init_nova
# Additional Nova configuration that is dependent on other services
# TODO(stephenfin): Is it possible for neutron to *not* be enabled now? If
# not, remove the if here
if is_service_enabled neutron; then
async_runfunc configure_neutron_nova
fi
async_runfunc configure_neutron_nova
fi
@@ -1510,6 +1516,19 @@ async_cleanup
time_totals
async_print_timing
if is_service_enabled mysql; then
if [[ "$MYSQL_GATHER_PERFORMANCE" == "True" && "$MYSQL_HOST" ]]; then
echo ""
echo ""
echo "Post-stack database query stats:"
mysql -u $DATABASE_USER -p$DATABASE_PASSWORD -h $MYSQL_HOST stats -e \
'SELECT * FROM queries' -t 2>/dev/null
mysql -u $DATABASE_USER -p$DATABASE_PASSWORD -h $MYSQL_HOST stats -e \
'DELETE FROM queries' 2>/dev/null
fi
fi
# Using the cloud
# ===============
+40 -3
View File
@@ -15,7 +15,7 @@ source $RC_DIR/functions
# Set the target branch. This is used so that stable branching
# does not need to update each repo below.
TARGET_BRANCH=master
TARGET_BRANCH=stable/zed
# Cycle trailing projects need to branch later than the others.
TRAILING_TARGET_BRANCH=master
@@ -179,6 +179,10 @@ fi
# TODO(frickler): Drop this when plugins no longer need it
IDENTITY_API_VERSION=3
# Global option for enforcing scope. If enabled, ENFORCE_SCOPE overrides
# each services ${SERVICE}_ENFORCE_SCOPE variables
ENFORCE_SCOPE=$(trueorfalse False ENFORCE_SCOPE)
# Enable use of Python virtual environments. Individual project use of
# venvs are controlled by the PROJECT_VENV array; every project with
# an entry in the array will be installed into the named venv.
@@ -193,6 +197,15 @@ ADDITIONAL_VENV_PACKAGES=${ADITIONAL_VENV_PACKAGES:-""}
# (currently only implemented for MySQL backend)
DATABASE_QUERY_LOGGING=$(trueorfalse False DATABASE_QUERY_LOGGING)
# This can be used to turn on various non-default items in the
# performance_schema that are of interest to us
MYSQL_GATHER_PERFORMANCE=$(trueorfalse True MYSQL_GATHER_PERFORMANCE)
# This can be used to reduce the amount of memory mysqld uses while running.
# These are unscientifically determined, and could reduce performance or
# cause other issues.
MYSQL_REDUCE_MEMORY=$(trueorfalse False MYSQL_REDUCE_MEMORY)
# Set a timeout for git operations. If git is still running when the
# timeout expires, the command will be retried up to 3 times. This is
# in the format for timeout(1);
@@ -235,7 +248,7 @@ REQUIREMENTS_DIR=${REQUIREMENTS_DIR:-$DEST/requirements}
# Setting the variable to 'ALL' will activate the download for all
# libraries.
DEVSTACK_SERIES="yoga"
DEVSTACK_SERIES="zed"
##############
#
@@ -869,7 +882,31 @@ SERVICE_HOST=${SERVICE_HOST:-${DEF_SERVICE_HOST}}
# This is either 127.0.0.1 for IPv4 or ::1 for IPv6
SERVICE_LOCAL_HOST=${SERVICE_LOCAL_HOST:-${DEF_SERVICE_LOCAL_HOST}}
REGION_NAME=${REGION_NAME:-RegionOne}
# TUNNEL IP version
# This is the IP version to use for tunnel endpoints
TUNNEL_IP_VERSION=${TUNNEL_IP_VERSION:-4}
# Validate TUNNEL_IP_VERSION
if [[ $TUNNEL_IP_VERSION != "4" ]] && [[ $TUNNEL_IP_VERSION != "6" ]]; then
die $LINENO "TUNNEL_IP_VERSION must be either 4 or 6"
fi
if [[ "$TUNNEL_IP_VERSION" == 4 ]]; then
DEF_TUNNEL_ENDPOINT_IP=$HOST_IP
fi
if [[ "$TUNNEL_IP_VERSION" == 6 ]]; then
# Only die if the user has not over-ridden the endpoint IP
if [[ "$HOST_IPV6" == "" ]] && [[ "$TUNNEL_ENDPOINT_IP" == "" ]]; then
die $LINENO "Could not determine host IPv6 address. See local.conf for suggestions on setting HOST_IPV6."
fi
DEF_TUNNEL_ENDPOINT_IP=$HOST_IPV6
fi
# Allow the use of an alternate address for tunnel endpoints.
# Default is dependent on TUNNEL_IP_VERSION above.
TUNNEL_ENDPOINT_IP=${TUNNEL_ENDPOINT_IP:-${DEF_TUNNEL_ENDPOINT_IP}}
# Configure services to use syslog instead of writing to individual log files
SYSLOG=$(trueorfalse False SYSLOG)
+11 -1
View File
@@ -44,6 +44,9 @@ empty =
multi = foo1
multi = foo2
[fff]
ampersand =
[key_with_spaces]
rgw special key = something
@@ -85,7 +88,7 @@ fi
# test iniget_sections
VAL=$(iniget_sections "${TEST_INI}")
assert_equal "$VAL" "default aaa bbb ccc ddd eee key_with_spaces \
assert_equal "$VAL" "default aaa bbb ccc ddd eee fff key_with_spaces \
del_separate_options del_same_option del_missing_option \
del_missing_option_multi del_no_options"
@@ -124,6 +127,13 @@ iniset ${SUDO_ARG} ${TEST_INI} bbb handlers "33,44"
VAL=$(iniget ${TEST_INI} bbb handlers)
assert_equal "$VAL" "33,44" "inset at EOF"
# Test with ampersand in values
for i in `seq 3`; do
iniset ${TEST_INI} fff ampersand '&y'
done
VAL=$(iniget ${TEST_INI} fff ampersand)
assert_equal "$VAL" "&y" "iniset ampersands in option"
# test empty option
if ini_has_option ${SUDO_ARG} ${TEST_INI} ddd empty; then
passed "ini_has_option: ddd.empty present"
-12
View File
@@ -96,19 +96,7 @@ function test_libs_exist {
echo "test_libs_exist PASSED"
}
function test_branch_master {
for lib in $ALL_LIBS; do
if [[ ${GITBRANCH[$lib]} != "master" ]]; then
echo "GITBRANCH for $lib not master (${GITBRANCH[$lib]})"
exit 1
fi
done
echo "test_branch_master PASSED"
}
set -o errexit
test_libs_exist
test_branch_master
test_all_libs_upto_date
+9
View File
@@ -44,6 +44,15 @@ fi
if ! getent passwd $STACK_USER >/dev/null; then
echo "Creating a user called $STACK_USER"
useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
# RHEL based distros create home dir with 700 permissions,
# And Ubuntu 21.04+ with 750, i.e missing executable
# permission for either group or others
# Devstack deploy will have issues with this, fix it by
# adding executable permission
if [[ $(stat -c '%A' $DEST|grep -o x|wc -l) -lt 3 ]]; then
echo "Executable permission missing for $DEST, adding it"
chmod +x $DEST
fi
fi
echo "Giving stack user passwordless sudo privileges"
+120
View File
@@ -0,0 +1,120 @@
import json
import logging
import os
import threading
import time
import queue
import sqlalchemy
from sqlalchemy.engine import CreateEnginePlugin
from sqlalchemy import event
# https://docs.sqlalchemy.org/en/14/core/connections.html?
# highlight=createengineplugin#sqlalchemy.engine.CreateEnginePlugin
LOG = logging.getLogger(__name__)
# The theory of operation here is that we register this plugin with
# sqlalchemy via an entry_point. It gets loaded by virtue of plugin=
# being in the database connection URL, which gives us an opportunity
# to hook the engines that get created.
#
# We opportunistically spawn a thread, which we feed "hits" to over a
# queue, and which occasionally writes those hits to a special
# database called 'stats'. We access that database with the same user,
# pass, and host as the main connection URL for simplicity.
class LogCursorEventsPlugin(CreateEnginePlugin):
def __init__(self, url, kwargs):
self.db_name = url.database
LOG.info('Registered counter for database %s' % self.db_name)
new_url = sqlalchemy.engine.URL.create(url.drivername,
url.username,
url.password,
url.host,
url.port,
'stats')
self.engine = sqlalchemy.create_engine(new_url)
self.queue = queue.Queue()
self.thread = None
def engine_created(self, engine):
"""Hook the engine creation process.
This is the plug point for the sqlalchemy plugin. Using
plugin=$this in the URL causes this method to be called when
the engine is created, giving us a chance to hook it below.
"""
event.listen(engine, "before_cursor_execute", self._log_event)
def ensure_writer_thread(self):
self.thread = threading.Thread(target=self.stat_writer, daemon=True)
self.thread.start()
def _log_event(self, conn, cursor, statement, parameters, context,
executemany):
"""Queue a "hit" for this operation to be recorded.
Attepts to determine the operation by the first word of the
statement, or 'OTHER' if it cannot be determined.
"""
# Start our thread if not running. If we were forked after the
# engine was created and this plugin was associated, our
# writer thread is gone, so respawn.
if not self.thread or not self.thread.is_alive():
self.ensure_writer_thread()
try:
op = statement.strip().split(' ', 1)[0] or 'OTHER'
except Exception:
op = 'OTHER'
self.queue.put((self.db_name, op))
def do_incr(self, db, op, count):
"""Increment the counter for (db,op) by count."""
query = ('INSERT INTO queries (db, op, count) '
' VALUES (%s, %s, %s) '
' ON DUPLICATE KEY UPDATE count=count+%s')
try:
with self.engine.begin() as conn:
r = conn.execute(query, (db, op, count, count))
except Exception as e:
LOG.error('Failed to account for access to database %r: %s',
db, e)
def stat_writer(self):
"""Consume messages from the queue and write them in batches.
This reads "hists" from from a queue fed by _log_event() and
writes (db,op)+=count stats to the database after ten seconds
of no activity to avoid triggering a write for every SELECT
call. Write no less often than every thirty seconds and/or 100
pending hits to avoid being starved by constant activity.
"""
LOG.debug('[%i] Writer thread running' % os.getpid())
while True:
to_write = {}
total = 0
last = time.time()
while time.time() - last < 30 and total < 100:
try:
item = self.queue.get(timeout=10)
to_write.setdefault(item, 0)
to_write[item] += 1
total += 1
except queue.Empty:
break
if to_write:
LOG.debug('[%i] Writing DB stats %s' % (
os.getpid(),
','.join(['%s:%s=%i' % (db, op, count)
for (db, op), count in to_write.items()])))
for (db, op), count in to_write.items():
self.do_incr(db, op, count)
+3
View File
@@ -0,0 +1,3 @@
[build-system]
requires = ["sqlalchemy", "setuptools>=42"]
build-backend = "setuptools.build_meta"
+14
View File
@@ -0,0 +1,14 @@
[metadata]
name = dbcounter
author = Dan Smith
author_email = dms@danplanet.com
version = 0.1
description = A teeny tiny dbcounter plugin for use with devstack
url = http://github.com/openstack/devstack
license = Apache
[options]
py_modules = dbcounter
entry_points =
[sqlalchemy.plugins]
dbcounter = dbcounter:LogCursorEventsPlugin
-24
View File
@@ -153,32 +153,8 @@ function fixup_ubuntu {
sudo rm -rf /usr/lib/python3/dist-packages/simplejson-*.egg-info
}
function fixup_openeuler {
if ! is_openeuler; then
return
fi
if is_arch "x86_64"; then
arch="x86_64"
elif is_arch "aarch64"; then
arch="aarch64"
fi
# Some packages' version in openEuler are too old, use the newer ones we
# provide in oepkg. (oepkg is an openEuler third part yum repo which is
# endorsed by openEuler community)
(echo '[openstack-ci]'
echo 'name=openstack'
echo 'baseurl=https://repo.oepkgs.net/openEuler/rpm/openEuler-20.03-LTS-SP2/budding-openeuler/openstack-master-ci/'$arch'/'
echo 'enabled=1'
echo 'gpgcheck=0') | sudo tee -a /etc/yum.repos.d/openstack-master.repo > /dev/null
yum_install liberasurecode-devel
}
function fixup_all {
fixup_ubuntu
fixup_fedora
fixup_suse
fixup_openeuler
}
+220
View File
@@ -0,0 +1,220 @@
#!/usr/bin/python3
import argparse
import csv
import datetime
import glob
import itertools
import json
import logging
import os
import re
import socket
import subprocess
import sys
try:
import psutil
except ImportError:
psutil = None
print('No psutil, process information will not be included',
file=sys.stderr)
try:
import pymysql
except ImportError:
pymysql = None
print('No pymysql, database information will not be included',
file=sys.stderr)
LOG = logging.getLogger('perf')
# https://www.elastic.co/blog/found-crash-elasticsearch#mapping-explosion
def tryint(value):
try:
return int(value)
except (ValueError, TypeError):
return value
def get_service_stats(service):
stats = {'MemoryCurrent': 0}
output = subprocess.check_output(['/usr/bin/systemctl', 'show', service] +
['-p%s' % stat for stat in stats])
for line in output.decode().split('\n'):
if not line:
continue
stat, val = line.split('=')
stats[stat] = tryint(val)
return stats
def get_services_stats():
services = [os.path.basename(s) for s in
glob.glob('/etc/systemd/system/devstack@*.service')] + \
['apache2.service']
return [dict(service=service, **get_service_stats(service))
for service in services]
def get_process_stats(proc):
cmdline = proc.cmdline()
if 'python' in cmdline[0]:
cmdline = cmdline[1:]
return {'cmd': cmdline[0],
'pid': proc.pid,
'args': ' '.join(cmdline[1:]),
'rss': proc.memory_info().rss}
def get_processes_stats(matches):
me = os.getpid()
procs = psutil.process_iter()
def proc_matches(proc):
return me != proc.pid and any(
re.search(match, ' '.join(proc.cmdline()))
for match in matches)
return [
get_process_stats(proc)
for proc in procs
if proc_matches(proc)]
def get_db_stats(host, user, passwd):
dbs = []
try:
db = pymysql.connect(host=host, user=user, password=passwd,
database='stats',
cursorclass=pymysql.cursors.DictCursor)
except pymysql.err.OperationalError as e:
if 'Unknown database' in str(e):
print('No stats database; assuming devstack failed',
file=sys.stderr)
return []
raise
with db:
with db.cursor() as cur:
cur.execute('SELECT db,op,count FROM queries')
for row in cur:
dbs.append({k: tryint(v) for k, v in row.items()})
return dbs
def get_http_stats_for_log(logfile):
stats = {}
apache_fields = ('host', 'a', 'b', 'date', 'tz', 'request', 'status',
'length', 'c', 'agent')
ignore_agents = ('curl', 'uwsgi', 'nova-status')
ignored_services = set()
for line in csv.reader(open(logfile), delimiter=' '):
fields = dict(zip(apache_fields, line))
if len(fields) != len(apache_fields):
# Not a combined access log, so we can bail completely
return []
try:
method, url, http = fields['request'].split(' ')
except ValueError:
method = url = http = ''
if 'HTTP' not in http:
# Not a combined access log, so we can bail completely
return []
# Tempest's User-Agent is unchanged, but client libraries and
# inter-service API calls use proper strings. So assume
# 'python-urllib' is tempest so we can tell it apart.
if 'python-urllib' in fields['agent'].lower():
agent = 'tempest'
else:
agent = fields['agent'].split(' ')[0]
if agent.startswith('python-'):
agent = agent.replace('python-', '')
if '/' in agent:
agent = agent.split('/')[0]
if agent in ignore_agents:
continue
try:
service, rest = url.strip('/').split('/', 1)
except ValueError:
# Root calls like "GET /identity"
service = url.strip('/')
rest = ''
if not service.isalpha():
ignored_services.add(service)
continue
method_key = '%s-%s' % (agent, method)
try:
length = int(fields['length'])
except ValueError:
LOG.warning('[%s] Failed to parse length %r from line %r' % (
logfile, fields['length'], line))
length = 0
stats.setdefault(service, {'largest': 0})
stats[service].setdefault(method_key, 0)
stats[service][method_key] += 1
stats[service]['largest'] = max(stats[service]['largest'],
length)
if ignored_services:
LOG.warning('Ignored services: %s' % ','.join(
sorted(ignored_services)))
# Flatten this for ES
return [{'service': service, 'log': os.path.basename(logfile),
**vals}
for service, vals in stats.items()]
def get_http_stats(logfiles):
return list(itertools.chain.from_iterable(get_http_stats_for_log(log)
for log in logfiles))
def get_report_info():
return {
'timestamp': datetime.datetime.now().isoformat(),
'hostname': socket.gethostname(),
'version': 2,
}
if __name__ == '__main__':
process_defaults = ['privsep', 'mysqld', 'erlang', 'etcd']
parser = argparse.ArgumentParser()
parser.add_argument('--db-user', default='root',
help=('MySQL user for collecting stats '
'(default: "root")'))
parser.add_argument('--db-pass', default=None,
help='MySQL password for db-user')
parser.add_argument('--db-host', default='localhost',
help='MySQL hostname')
parser.add_argument('--apache-log', action='append', default=[],
help='Collect API call stats from this apache log')
parser.add_argument('--process', action='append',
default=process_defaults,
help=('Include process stats for this cmdline regex '
'(default is %s)' % ','.join(process_defaults)))
args = parser.parse_args()
logging.basicConfig(level=logging.WARNING)
data = {
'services': get_services_stats(),
'db': pymysql and args.db_pass and get_db_stats(args.db_host,
args.db_user,
args.db_pass) or [],
'processes': psutil and get_processes_stats(args.process) or [],
'api': get_http_stats(args.apache_log),
'report': get_report_info(),
}
print(json.dumps(data, indent=2))
+7 -4
View File
@@ -139,15 +139,18 @@ if is_fedora && [[ ${DISTRO} == f* || ${DISTRO} == rhel9 ]]; then
# recent enough anyway. This is included via rpms/general
: # Simply fall through
elif is_ubuntu; then
: # pip on Ubuntu 20.04 is new enough, too
# pip on Ubuntu 20.04 is new enough, too
# drop setuptools from u-c
sed -i -e '/setuptools/d' $REQUIREMENTS_DIR/upper-constraints.txt
else
install_get_pip
# Note setuptools is part of requirements.txt and we want to make sure
# we obey any versioning as described there.
pip_install_gr setuptools
fi
set -x
# Note setuptools is part of requirements.txt and we want to make sure
# we obey any versioning as described there.
pip_install_gr setuptools
get_versions
+18 -7
View File
@@ -23,32 +23,43 @@ function verify_devstack_ipv6_setting {
_service_listen_address=$(echo $SERVICE_LISTEN_ADDRESS | tr -d [])
local _service_local_host=''
_service_local_host=$(echo $SERVICE_LOCAL_HOST | tr -d [])
local _tunnel_endpoint_ip=''
_tunnel_endpoint_ip=$(echo $TUNNEL_ENDPOINT_IP | tr -d [])
if [[ "$SERVICE_IP_VERSION" != 6 ]]; then
echo $SERVICE_IP_VERSION "SERVICE_IP_VERSION is not set to 6 which is must for devstack to deploy services with IPv6 address."
exit 1
fi
if [[ "$TUNNEL_IP_VERSION" != 6 ]]; then
echo $TUNNEL_IP_VERSION "TUNNEL_IP_VERSION is not set to 6 so TUNNEL_ENDPOINT_IP cannot be an IPv6 address."
exit 1
fi
is_service_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_host'"))')
if [[ "$is_service_host_ipv6" != "True" ]]; then
echo $SERVICE_HOST "SERVICE_HOST is not ipv6 which means devstack cannot deploy services on IPv6 address."
echo $SERVICE_HOST "SERVICE_HOST is not IPv6 which means devstack cannot deploy services on IPv6 addresses."
exit 1
fi
is_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_host_ipv6'"))')
if [[ "$is_host_ipv6" != "True" ]]; then
echo $HOST_IPV6 "HOST_IPV6 is not ipv6 which means devstack cannot deploy services on IPv6 address."
echo $HOST_IPV6 "HOST_IPV6 is not IPv6 which means devstack cannot deploy services on IPv6 addresses."
exit 1
fi
is_service_listen_address=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_listen_address'"))')
if [[ "$is_service_listen_address" != "True" ]]; then
echo $SERVICE_LISTEN_ADDRESS "SERVICE_LISTEN_ADDRESS is not ipv6 which means devstack cannot deploy services on IPv6 address."
echo $SERVICE_LISTEN_ADDRESS "SERVICE_LISTEN_ADDRESS is not IPv6 which means devstack cannot deploy services on IPv6 addresses."
exit 1
fi
is_service_local_host=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_local_host'"))')
if [[ "$is_service_local_host" != "True" ]]; then
echo $SERVICE_LOCAL_HOST "SERVICE_LOCAL_HOST is not ipv6 which means devstack cannot deploy services on IPv6 address."
echo $SERVICE_LOCAL_HOST "SERVICE_LOCAL_HOST is not IPv6 which means devstack cannot deploy services on IPv6 addresses."
exit 1
fi
is_tunnel_endpoint_ip=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_tunnel_endpoint_ip'"))')
if [[ "$is_tunnel_endpoint_ip" != "True" ]]; then
echo $TUNNEL_ENDPOINT_IP "TUNNEL_ENDPOINT_IP is not IPv6 which means devstack will not deploy with an IPv6 endpoint address."
exit 1
fi
echo "Devstack is properly configured with IPv6"
echo "SERVICE_IP_VERSION: " $SERVICE_IP_VERSION "HOST_IPV6: " $HOST_IPV6 "SERVICE_HOST: " $SERVICE_HOST "SERVICE_LISTEN_ADDRESS: " $SERVICE_LISTEN_ADDRESS "SERVICE_LOCAL_HOST: " $SERVICE_LOCAL_HOST
echo "SERVICE_IP_VERSION:" $SERVICE_IP_VERSION "HOST_IPV6:" $HOST_IPV6 "SERVICE_HOST:" $SERVICE_HOST "SERVICE_LISTEN_ADDRESS:" $SERVICE_LISTEN_ADDRESS "SERVICE_LOCAL_HOST:" $SERVICE_LOCAL_HOST "TUNNEL_IP_VERSION:" $TUNNEL_IP_VERSION "TUNNEL_ENDPOINT_IP:" $TUNNEL_ENDPOINT_IP
}
function sanity_check_system_ipv6_enabled {
@@ -72,7 +83,7 @@ function verify_service_listen_address_is_ipv6 {
is_endpoint_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$endpoint_address'"))')
if [[ "$is_endpoint_ipv6" != "True" ]]; then
all_ipv6=False
echo $endpoint ": This is not ipv6 endpoint which means corresponding service is not listening on IPv6 address."
echo $endpoint ": This is not an IPv6 endpoint which means corresponding service is not listening on an IPv6 address."
continue
fi
endpoints_verified=True
@@ -80,7 +91,7 @@ function verify_service_listen_address_is_ipv6 {
if [[ "$all_ipv6" == "False" ]] || [[ "$endpoints_verified" == "False" ]]; then
exit 1
fi
echo "All services deployed by devstack is on IPv6 endpoints"
echo "All services deployed by devstack are on IPv6 endpoints"
echo $endpoints
}
+1 -1
View File
@@ -35,7 +35,7 @@ commands = bash -c "find {toxinidir} \
[testenv:docs]
deps =
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/zed}
-r{toxinidir}/doc/requirements.txt
allowlist_externals = bash
setenv =
+5
View File
@@ -181,3 +181,8 @@ fi
clean_pyc_files
rm -Rf $DEST/async
# Clean any safe.directory items we wrote into the global
# gitconfig. We can identify the relevant ones by checking that they
# point to somewhere in our $DEST directory.
sudo sed -i "\+directory = ${DEST}+ d" /etc/gitconfig