279 Commits

Author SHA1 Message Date
Jenkins
aaae79b095 Merge "Use identity V3 API for endpoint creation" 2015-07-14 04:53:34 +00:00
Jenkins
ac3d3f336c Merge "Add IPv6 support to devstack infrastructure" 2015-07-08 12:44:51 +00:00
Jamie Lennox
b17ad7560d Use identity V3 API for endpoint creation
Always use the keystone V3 API when creating services and endpoints. The syntax
here is slightly different but we maintain the function interface.

Change-Id: Ib3a375918a45fd6e37d873a1a5c0c4b26bdbb5d8
Implements: bp keystonev3
2015-07-08 05:17:00 +10:00
Marian Horban
e62c906baf Added processing /compute URL
With config option NOVA_USE_MOD_WSGI=True nova-api handles
requests on /compute URL.

Depends on I83bc4731507fa028377ae6701ed4d32adefa9251

Change-Id: Ic84b5c0dc0726662470ef9c076a0cadca55a3917
2015-07-03 06:10:00 -04:00
Brian Haley
180f5eb652 Add IPv6 support to devstack infrastructure
By default, most Openstack services are bound to 0.0.0.0
and service endpoints are registered as IPv4 addresses.
With this change we introduce two new variables to control
this behavior:

SERVICE_IP_VERSION - can either be "4" or "6".

When set to "4" (default if not set) devstack will operate
as today - most services will open listen sockets on 0.0.0.0
and service endpoints will be registered using HOST_IP as the
address.

When set to "6" devstack services will open listen sockets on ::
and service endpoints will be registered using HOST_IPV6 as the
address.

There is no support for "4+6", more work is required for that.

HOST_IPV6 - if SERVICE_IP_VERSION=6 this must be an IPv6
address configured on the system.

Some existing services, like the Openvswitch agent, will continue
to use IPv4 addresses for things like tunnel endpoints.  This is
a current restriction in the code and can be updated at a later
time.  This change is just a first step to supporting IPv6-only
control and data planes in devstack.

This change is also partly based on two previous patches,
https://review.openstack.org/#/c/140519/ and
https://review.openstack.org/#/c/176898/

Change-Id: I5c0b775490ce54ab104fd5e89b20fb700212ae74
Co-Authored-By: Sean Collins <sean@coreitpro.com>
Co-Authored-By: Baodong Li <baoli@cisco.com>
Co-Authored-By: Sridhar Gaddam <sridhar.gaddam@enovance.com>
Co-Authored-By: Adam Kacmarsky <adam.kacmarsky@hp.com>
Co-Authored-By: Jeremy Alvis <jeremy.alvis@hp.com>
2015-07-02 15:16:34 -06:00
Marian Horban
13f655720d Small fixes for running Nova services under Apache2
Following fixed were done:
1. Cleanup fixed.
2. API_WORKERS config option was added to nova config templates.
3. Nova API screen tabs were named as nova-api and nova-ec2-api.

Change-Id: I68dc6fd6c8aeffcec7f9039afd63bd1599c65682
2015-06-13 13:47:12 -04:00
Dan Smith
03786b1cca Create and initialize the nova api_db
Going forward, nova will have another database at the API level (similar to how
current cells has an api-level cell, with its own database). This patch creates
and initializes it so that we can start testing the migrations with grenade.

Change-Id: I0dfae32102aeda9c5d17e134527b6a18f4b88014
2015-06-10 14:57:33 -07:00
Rob Crittenden
6254d5fd0d Fix nova and glance discovery URLs when tls-proxy is enabled.
Retrieving the root page in the nova and glance APIs include
URLs for the various versions supported. These are by default
reported using unsecure URLs. Configure the services to report
a SSL-based URL instead.

Change-Id: I220757e53b94a5f6d19291371407220fdf54c645
2015-06-05 13:56:27 -04:00
Ian Wienand
c678241308 Infer rootwrap arguments from project
We can infer the binary and configuration paths just from the project
name and expanding this to the known *_DIR & *_BIN_DIR variables.  A
similar thing is done for policyd settings

Change-Id: I7c6a9fa106948ae5cbcf52555ade6154623798f1
2015-05-15 14:01:20 +10:00
Chris Dent
3a2c86aabf Add python_version function to functions-common
This makes it possible to list virtual site-package directories
without statically stating the python version, which is a bit ugly.

Change-Id: I3e7ac39eb43cdc4f656e0c90f3bfb23545722aef
2015-05-12 18:30:31 +00:00
Jenkins
75bae7076a Merge "nova: remove allow_migrate_to_same_host config usage" 2015-05-11 15:43:23 +00:00
Matt Riedemann
b3a8f6032a nova: remove allow_migrate_to_same_host config usage
Nova commit 9b224641295af3763d011816d6399565ac7b98de removed the option
in Liberty so we can remove it's usage in devstack.

Related-Bug: #1364851

Change-Id: If051f43fb75d57c118db4e8e97895ff06fbb54e2
2015-05-08 06:59:39 -07:00
Davanum Srinivas
d5537c1dc8 Add toggle to run Nova API and EC2-API under Apache2
Inspired by keystone and rcbops-cookbooks's nova scripts,
this review adds apache2 templates for two of the Nova
services. Also add code in lib/nova to switch between
the old and new ways to these two services. The patch
depends on the Nova review mentioned below as the two
scripts that are needed will be in Nova's repository.

TODO for later would be to switch on NOVA_USE_MOD_WSGI
when ENABLE_HTTPD_MOD_WSGI_SERVICES is switched on.

Related Nova blueprint:
https://blueprints.launchpad.net/nova/+spec/run-nova-services-under-apache2

Depends-On: Idd7d3d1b3cc5770cdecea7afe6db3c89d5b2c0d0
Change-Id: I9fc0c601db2776d3e9084be84065e728e3f5d414
2015-05-05 01:36:01 +00:00
Dean Troyer
32d6bc6ad1 Add inc/rootwrap
Rootwrap shouldn't be a unique snowflake.  Plus the binaries tend
to be called assuming PATH will find them.  Not so with venvs
so we need to work around that brokenness.

Configure Cinder and Nova to use configure_rootwrap().

Change-Id: I8ee1f66014875caf20a2d14ff6ef3672673ba85a
2015-03-29 22:29:28 -05:00
Dean Troyer
dc97cb71e8 Mostly docs cleanups
Fix documentation build errors and RST formatting

Change-Id: Id93153400c5b069dd9d772381558c7085f64c207
2015-03-28 14:35:12 -05:00
Jenkins
9720239618 Merge "Install Nova into its own venv" 2015-03-27 17:34:10 +00:00
Dean Troyer
4533eeec1f Install Nova into its own venv
Install a couple of optional feature prereqs in hypervisor plugins.

rootwrap is horribly called indirectly via PATH.  The choice, other than fixing
such nonsense, is to force the path in sudo.

TODO:
* python guestfs isn't in pypi, need to specifically install it to not
  use the distro package

Change-Id: Iad9a66d8a937fd0b0d1874005588c702e3d75e04
2015-03-26 14:54:00 -05:00
Gary Kotton
d2287cfb9f Config driver: use "True" instead of "always"
Commit c12a78b35dc910fa97df888960ef2b9a64557254 has set the
"always" flag to be deprecated in liberty. This moves to using
"True" instead.

Change-Id: Idecf7966968369d2f372abffcab85fbf9aa097c7
2015-03-23 00:05:36 -07:00
Jenkins
743d03bf7d Merge "iniset_rpc_backend default section" 2015-03-22 02:41:03 +00:00
Jenkins
05163d66ac Merge "Use install(1) where possible" 2015-03-20 14:30:06 +00:00
Jenkins
889d76b4cf Merge "Stop using deprecated oslo_concurrency and sql_connection config options" 2015-03-20 14:29:44 +00:00
Jenkins
d4c95233d6 Merge "create install_default_policy" 2015-03-19 18:22:51 +00:00
yuntongjin
f26deea6b1 create install_default_policy
Recent versions of oslo policy allow the use of a policy.d to break up
policy in a more user understandable way. Nova is going to use this in
Kilo to break out v2 and v2.1 API policy definitions.

This provides a unified helper for installing sample policies. It
makes some assumptions on project directory structure. Porting other
projects to use this can happen in the future.

Change-Id: Iec23b095176332414faf76a9c329f8bb5f3aa6c3
2015-03-19 09:10:37 -04:00
Dean Troyer
8421c2b9ab Use install(1) where possible
This eliminated a number of sudo calls by doing the copy/chown/chmod in
a single step and sets a common pattern.

Change-Id: I9c8f48854d5bc443cc187df0948c28b82c4d2838
2015-03-18 13:30:59 +11:00
Brant Knudson
2dd110ce86 iniset_rpc_backend default section
iniset_rpc_backend should know what section it needs to set the
config options in better than the callers. The config options
have actually been moved to different sections and the options
in the DEFAULT section are deprecated.

Change-Id: I0e07fe03c7812ef8df49e126bf71c57588635639
2015-03-14 17:53:54 +00:00
Joe Gordon
23d6d50687 Stop using deprecated oslo_concurrency and sql_connection config options
As per the logs:
 Option "lock_path" from group "DEFAULT" is deprecated. Use option "lock_path" from group
"oslo_concurrency".

Option "sql_connection" from group "DEFAULT" is deprecated. Use option
"connection" from group "database".

Change-Id: I2109cec07ebee916c9ce0ccd24bd9a47d8d3c688
2015-03-12 22:01:06 +00:00
Ethan Lynn
679f395fbb Set os_region_name for cinder
Region name should be set to nova.conf and cinder.conf so that
cinder volume can work in multiregion env.

Closes-Bug: #1429738
Change-Id: Ib20911c24d8daabc07e6515f4a23a745d77593ff
2015-03-10 15:15:26 +08:00
Tony Breeds
a339efcd67 Create service definition for nova-serialproxy
Nova has the ability to do remote interactive consoles but there is no
easy way to enable this in devstack.  This change defines a service
called n-serial to enable the service.  Documentation is added to a
new guide on nova, describing how to set further options in local.conf

Change-Id: I401d94b2413c62bfae9b90d2214d77bd4cfc15d5
2015-02-24 18:36:36 +11:00
Jenkins
314723962b Merge "Make EC2 compatible with current AWS CLI." 2015-02-12 17:48:54 +00:00
Jenkins
ee2e53592b Merge "Reduce service user permissions" 2015-02-11 15:55:41 +00:00
Jamie Lennox
9b215db569 Rename get_or_add_user_role
get_or_add_user_role is specific to adding a role on a project.
Rename it to get_or_add_user_project_role to allow room for adding a
domain specific role function.

Change-Id: I999308098d22be9800578ae67144a3b687fbc3be
2015-02-11 14:51:22 +11:00
Jamie Lennox
e8bc2b82a0 Reduce service user permissions
Most of the services create the service user with the admin permission.
This is unnecessary for token validation and they should be restricted
to only having the service role.

Change-Id: Id7a9366d2c6a36139240f64371002362dc2d8d3b
2015-02-11 14:49:56 +11:00
Jamie Lennox
85ff5323ff Isolate creating service users
The code for creating service users is almost exactly the same. Abstract
this into a function that can be reused and standardized.

Change-Id: I3a4edbff0a928da7ef9b0097a5a8d508fdfab7ff
2015-02-09 14:36:20 +11:00
Andrey Pavlov
0ea8b72a20 Make EC2 compatible with current AWS CLI.
Nova listens for EC2 calls now at the URL without path -
http://some.server.com:8773/
I was made in review -
https://review.openstack.org/#/c/152496/

So I suggest to change EC2 urls in keystone catalog.

Change-Id: Ia2975ce0f6a30eed6016733e12c98b5f97648307
Closes-Bug: 1417555
2015-02-06 22:51:07 +03:00
Jenkins
e79678af5e Merge "Remove the default project from all users" 2015-02-06 16:16:36 +00:00
Jamie Lennox
18f39bfb1f Remove the default project from all users
The default project means that a user gains token scoping information
for a project if they don't specify another. This is something we want
to discourage for user creation. User's should specify there own
authentication scope when they authenticate.

Change-Id: I42c3060d59edfcd44d04cd166bad500419dd99bc
2015-01-28 13:38:32 +10:00
Maru Newby
c070a3dbb5 Init default lvm volume group only if required
A recent patch [1] added support for lvm ephemeral storage for nova,
but at the cost of initializing a default lvm volume group even if it
was not required.  This change ensures that init of the default volume
group is only performed when nova and/or cinder are configured to use
lvm.

1: https://review.openstack.org/#/c/132333

Change-Id: I7634ca0ed0ffe1b13464e4d66744918f85149f2e
Closes-Bug: #1414820
2015-01-27 19:09:02 +00:00
Jenkins
955f80a7ef Merge "Enforce UTF-8 encoding when creating databases" 2015-01-20 15:44:07 +00:00
Daniel Genin
d470867f08 Adds support for LVM ephemeral storage in Nova
DevStack currently lacks support for LVM ephemeral storage in Nova.
This support is important for testing of Nova's LVM backend. The
proposed change adds a default volume group, to be shared by Cinder
and Nova. It also adds a configuration option NOVA_BACKEND, which
must be LVM if it is set, that determines whether Nova should be
configured to use LVM ephemeral storage.

Change-Id: I4eb9afff3536fbcd563939f2d325efbb845081bb
2015-01-19 11:51:16 -05:00
Sean Dague
537532931d Make changes such that -o nounset runs
This makes a bunch of variable cleanups that will let -o nounset
function, for the time being we hide nounset behind another setting
variable so that it's not on by default.

Because this is bash, and things are only executed on demand, this
probably only works in the config it was run in. Expect cleaning up
all the paths to be something that takes quite a while.

This also includes a new set of unit tests around the trueorfalse
function, because my change in how it worked, didn't. Tests are good
m'kay.

Change-Id: I71a896623ea9e1f042a73dc0678ce85acf0dc87d
2015-01-15 13:06:14 -05:00
Li Ma
26ac3d7ebb Fix service start sequence
1. zmq-receiver should be started in advance
2. when using zeromq driver, nova-compute relies
on nova-conductor's rpc to be initialized

This fix is totally safe and won't influence
on other services.

Change-Id: I9d7b682df4d411af24a1ff6bcad79697e32fa723
Partially-Implements: blueprint zeromq
2015-01-08 07:19:44 +00:00
Ihar Hrachyshka
157c84b876 Enforce UTF-8 encoding when creating databases
We use InnoDB everywhere, so there should be no issues with long unicode
keys. Dropped charset parameter for recreate_database since it's not
needed anymore.

Change-Id: Ib768402a9337c918309030a92ab81da17269f4f6
2015-01-05 15:57:23 +01:00
Abhishek Chanda
d5b74c688f Take an optional rabbit user name as input
Newer versions of rabbitmq (3.3 and later) do not allow the 'guest'
user to access on non-local interfaces.

- Added a new config RABBIT_USERID which defaults to stackrabbit
- Invoked config scripts using that variable

Adopted from:
https://review.openstack.org/#/c/107779/

Change-Id: I43a231c9611b4cc2e390b603aa3bfb49c915bdc5
Closes-Bug: #1343354
Co-Authored-By: Scott Moser <smoser@ubuntu.com>
2014-12-12 02:20:09 +05:30
Jenkins
d09a1db5a4 Merge "add shebang lines to all lib files" 2014-12-10 20:32:15 +00:00
Sean Dague
e263c82e48 add shebang lines to all lib files
With gerrit 2.8, and the new change screen, this will trigger syntax
highlighting in gerrit. Thus making reviewing code a lot nicer.

Change-Id: Id238748417ffab53e02d59413dba66f61e724383
2014-12-10 11:28:05 -05:00
Jenkins
a0e811ef75 Merge "remove legacy work around for nova paste.ini" 2014-12-09 17:06:07 +00:00
Sean Dague
2f8e08b572 remove nova baremetal driver support
This has been deleted from the nova tree, we should purge it from
devstack, as it will not work any more.

Change-Id: I20501fec140998b91c9ddfd84b7b10168624430a
2014-12-05 08:31:16 -05:00
Ken'ichi Ohmichi
a883698ca7 Fix NOVA_API_VERSION option
lib/nova checks NOVA_API_VERSION for setting Nova v2.1 API endpoint,
but the name of the initialization is different.
This patch fixes it.

Change-Id: I2fa234d66fe76b2a7146288adc1384b33921e178
2014-12-04 23:08:10 +00:00
Sean Dague
c30d3213f8 remove legacy work around for nova paste.ini
This code goes *way* back and is not needed any more

Change-Id: I23716d88899a7fc18b7d4ccfa12b563d288810b0
2014-12-04 11:04:04 -05:00
Ken'ichi Ohmichi
0f176d8bc2 Add NOVA_API_VERSIONS
This provides a mechanism for overriding v2 endpoint with v2.1 so that
tests can be run against a devstack to provide equivalency between the
APIs.

Change-Id: Iaaa530bda6bcdae75e86be8dbe572abe4396e8e9
2014-12-04 11:04:02 -05:00