XenAPI requires two instances of L2Agent: the standard one manages OVS
bridges in DomU and the service name is called as q-agt in Devstack;
the other new L2Agent manages OVS bridges in Dom0 and the service name
is called as q-domuA. In order to support the new agent q-domuA, it
requires some XenAPI-specific configurations. But unfortunately those
XenAPI-specific configurations were configured in the standard agent
file, meaning other changes made to the standard agent file would not
have the correct effect. So it has caused issues, for example, floating
IP addresses are not reachable.
This fix is to move the XenAPI-specific configurations from the stardard
agent configuration file to the XenAPI-specific agent configuration file
so that it won't impact the standard agent's behavior.
Change-Id: I45944e84a1f81d016aa00da6d782801ee8457ea4
Currently the x509 certificate setup is done after all the
openstack services have been deployed. This is OK because
none of the services require that the x509 certs exist
when they are being deployed. With the integration of TLS
into the nova novnc proxy (and later spice & serial proxy)
service, x509 certs will need to exist before Nova is
deployed.
The CA setup must thus be moved earlier in the devstack
deployment flow, prior to the setup of any services. One
part of the CA setup, however, fixes up the global cert
bundle locations and this can only be done after the
python requests module is install, thus must remain in
its current location.
Change-Id: Idcd264fb73bb88dc2f4280c53c013dfe4364afff
This removes all of the heat code from the devstack tree, in favor of the
devstack plugin in Heat's tree.
Depends-On: I4bed1e5cef5afa7b049b07640086a86a3f881e13
Depends-On: Ic392bcc24bc374ee8511a94f1d8f6ac23131c7e3
Change-Id: I5b60422bf1f5fa78aa8f3383f7a222e0356d9e42
The deprecated AMI image file opts will be removed soon.
See https://review.openstack.org/#/c/338377.
So we can't use the fallback mechanism anymore. This patch is to
specify the correct image parameters for XenServer.
Change-Id: Ic287a3ed1725c42ea29022158bc9720c9a96533f
Previously the usage of neutron debug ports was removed by
5e01c47e4d671166b9396c507a7105a5ac8256dc but there was still call to
teardown_neutron_debug. Recently a change to devstack-gate
1d6cc0771a3399300117f488e9d71e7ea46a4d82 caused that call to be
triggered and breaking the gate-devstack-dsvm-updown job.
This patch deletes the call and comments regarding setup_neutron_debug
and teardown_neutron_debug.
Change-Id: Ifdacb0cec1307db469bd66f551474539184cf2cd
Besides updating to OSC CLI, this patch also fixes an argument name typo
present before in 'nova keypair-add' (--pub_key should be --pub-key).
Specifying $OS_PROJECT_NAME in case user is associated to multiple
projects containing security groups with same name (e.g. 'default').
Change-Id: I776f6edfc4c6c798a39d3260827a18c695f05c87
Nova is going to land a database migration in Ocata
under change I72fb724dc13e1a5f4e97c58915b538ba761c582d
which enforces that at least the simple cells v2 setup
is performed, which creates the cell mappings, cell0 and
host mappings. Before we can land that change in Nova
we have to make cells v2 setup a default in the integrated
gate jobs.
Depends-On: Ie44e615384df464516aa30b9044b5e54b7d995bb
Change-Id: If1af9c478e8ea2420f2523a9bb8b70fafddc86b7
The neutron client is going to be deprecated during the
Ocata timeframe, so it is time to start switching to the
openstack client to invoke networking commands.
use of neutron client in neutron-legacy has been left as is.
The command for setting the router gateway is left as follow up.
Change-Id: I0a63e03d7d4a08ad6c27f2729fc298322baab397
When using neutron network under xenserver, we must enable linux bridge
in Dom0 as neutron will use linux bridge qbr in compute node for
security group. But by default XenServer use openvswitch and disabled
linux bridge. This patch is to remove this restriction.
Change-Id: I0e8124ff2323810fdc46c717a750ce7e8f4aa0c6
The initial start of the neutron OVS agent always prints
a warning:
WARNING stevedore.named [] Could not load
neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
There's an alias for that in setup.cfg called
iptables_hybrid that would avoid it.
Change-Id: I3f5bf782f4f27dc123e462e494741a8a941641ec
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.
Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f166
Partially-Implements: bp keystonev3
When using XenServer, it will create two neutron-openvswitch-agent
q-agt and q-domua even it's single box environment, but it didn't
stop the q-domua, this patch is to stop q-domua in unstack.sh
Change-Id: I511ed534bfb7d5fe6136f6a0b33f1d749d30862c
Closes-Bug: #1631721
This commit removes some config values for tempest that no
longer exist in tempest/config.py therefore are no longer needed
in tempest.conf.
Change-Id: I5778973012e57e8d9df9bf864590f8ed7fe05561
Sets the port_security feature flag in tempest.conf
if the port_security extension is enabled, which it's not
by default in neutron but is set by default in devstack.
This adds global variable for setting the port_security
extension in ml2.conf and in tempest.conf so we only have
to set this in one place.
Depends-On: I1efd5c838aa0d73cc6e8864e3041eea25850198d
Change-Id: I6334b200e42edd785f74cfb41520627393039619
Related-Bug: #1624082
this is the first patch in a series to actually make fernet the default
token provider in keystone. the patches for grenade, release notes, and
actually switching the value in keystone all depend on this patch first.
reasons for switching over:
- fernet tokens are the recommended token provider
- the install guide for newton recommends deployers use fernet tokens [0]
- we previously attempted this switch but ran into timing issues [1],
the timing issues have been resolved [2]
[0] http://docs.openstack.org/newton/install-guide-ubuntu/keystone-install.html
[1] 153db269705f37d4144ad3fcf26dc67269755d7d
[2] https://review.openstack.org/#/q/topic:make-fernet-default
Change-Id: I3b819ae8d2924f3bece03902e05d1a8c5e5923f1
The devstack ldap configuration for keystone is still using some
old options that are no longer valid. The write support is
being removed this release. And in previous releases, the ldap
assignment driver support was removed and was not removed here.
Change-Id: I538626b681eaee6a7ac10dfbc29605b73fbe13bf
To avoid it being created multiple times for multinode setup.
Note: This reverts "Enable neutron to work in a multi node setup"
(commit 88f8558d874072536e7660a233f24207a7089651) partly and fixes
the issue differently.
The configuration in question uses the new lib/neutron. (not neutron-legacy)
In that case, calling create_neutron_initial_network from stack.sh directly
is a wrong way, as create_neutron_initial_network is sourced by
neutron-legacy. The new neutron code should not rely on the legacy one.
Closes-Bug: #1613069
Change-Id: I868afeb065d80d8ccd57630b90658e330ab94251
Q_ variables belong to neutron-legacy.
These are True by default in neutron.
Remove them in favor of post-config meta section.
Change-Id: If691a79b09003f85a07c9f33e0379a2b21e48141
Until the policy changes land for Nova, Glance, etc, this
value is not used. Additionally, by having it set, it actually
makes it hard/impossible for the required changes to land in
the other services. Disable/comment out the changes in the
Keystone specific lib file for now, and we will re-enable once
the Services can make use of them.
Change-Id: Ia1de9083c21107dac2f0abb56bda166bdb37a69d
The ceph cinder backend script was setting the wrong
config option in cinder.conf for the secret uuid. This
was being masked by a bug in nova which is failing on
this bug when trying to fix the nova bug...right. It
makes sense.
See:
http://docs.ceph.com/docs/master/rbd/rbd-openstack/#configuring-cinder
Change-Id: I4655cae3212d589177d2570403b563a83aad529a
Closes-Bug: #1635488
It's not used, and a recent change to trim down projects lists in
devstack-gate broke devstack in the gate that enabled heat.
Change-Id: I405423bdc9ba8dd9b30fce6fdceacccf662d5da3
Ubuntu wily support is EOL so lets make room for yakkety.
Change-Id: Ib13d43f6d89bdf7c684cd34655a077a13e237be3
Signed-off-by: Chuck Short <chuck.short@canonical.com>