8599 Commits

Author SHA1 Message Date
Jenkins
d94f44558a Merge "Use string cert CA defaults" 2017-05-31 04:29:13 +00:00
Sean McGinnis
29ec28216f Configure volume_clear setting per backend
volume_clear is currently set in the DEFAULT section,
but this is a backend specific setting, and therefore
needs to be set in the backend config section.

Change-Id: Ifa3a659bb4768b8915a0f23e7f14b0f3348d93d2
2017-05-30 15:51:17 -05:00
Clark Boylan
2dfca047d9 Don't run and check c-api if it is disabled
Previously we didn't block out the c-api startup code because the
devstack functions to start services check that for us. However, since
the cinder devstack code checks the service is up and runs the tls proxy
if tls is enabled we need to block it all off to avoid doing those
things if c-api is disabled.

Change-Id: I1c4f22f785af96caaf4baa21ff28714b9afd3458
2017-05-30 13:22:39 -07:00
Markus Zoeller
14728c7a51 docs: add "kvm on s390x" specific configuration in local.conf
The upstream CI runs exclusively on nodes with x86 architectures, but
OpenStack supports even more platforms. One of them is the KVM
on s390x (IBM z systems), which is supported since the *Kilo* release.
This change describes the additional settings in the ``local.conf`` file
to enable Devstack on that platform. This is useful for PoCs.

Change-Id: I943b552ca2e36210ac57f36c16db930eb5e58623
2017-05-30 13:53:36 +02:00
Clark Boylan
35649ae0d2 Make stack.sh work on SUSE
This adds packages to suse for systemd python linkages as well as
apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with
a2enmod.

We also properly query if apache mods are enabled to avoid running
into systemd service restart limits. Enable mod_version across the board
as we use it and it may not be enabled by default (like in SUSE).

Also in addition to enabling mod_ssl we enable the SSL flag so that TLS
will work...

Finally we tell the system to trust the devstack CA.

Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7
2017-05-28 09:58:51 -07:00
Matthew Treinish
309b99ebcf
Add a function to get an available random port
This commit adds a new function get_random_port to return a randomly
available port from the local port range.

Change-Id: Icaed180cc14602a74cdb3fd3456b690d8a4c729c
2017-05-28 10:04:53 -04:00
Clark Boylan
4baac65725 Use proper python when configuring certs
We have to do silly overrides of cert locations for requests for
reasons. If we are running under python3 then we were previously looking
in the wrong location for the requests certs. Update the cert fixing
function to properly use python3 to find the certs if python3 is
enabled.

Change-Id: Id1369da0d812edcf9b1204e9c567f8bfe77c48b2
2017-05-27 20:57:56 -07:00
root
fabc976e41 Fix configuration link syntax error
The configuration guide link has syntax problem in README.rst,
and the click the link will lead to page 404.

Fix the syntax problem

Change-Id: I47a1641a6898930dca508cdac98b1b43c05dc446
2017-05-27 15:03:58 +08:00
Hongbin Lu
de8580691d Expose etcd port as a variable
This allows devstack plugins to retrieve the etcd port from devstack
instead of hard-coding it.

Change-Id: I106b559b8ac0fb99a0426bce97a27f67e32d264d
2017-05-27 03:54:45 +00:00
Jenkins
899616290c Merge "Change version of noVNC to stable" 2017-05-26 21:21:19 +00:00
Jenkins
6b1967bba4 Merge "Remove nova cert from devstack" 2017-05-26 19:33:42 +00:00
Jenkins
202470eca1 Merge "Do not upload vhdx images as vhd" 2017-05-26 19:33:35 +00:00
Jenkins
8085df74a8 Merge "Use the proper keystone endpoints in clouds.yaml" 2017-05-26 19:24:51 +00:00
Jenkins
ff40f6e291 Merge "lib/neutron: Don't assume plugin config is provided by neutron repo" 2017-05-26 19:24:44 +00:00
Jenkins
f8aad91bd1 Merge "cleanup: remove DEVSTACK_CINDER_SECURE_DELETE" 2017-05-26 19:22:48 +00:00
Jenkins
4faa849565 Merge "update sphinx" 2017-05-26 19:22:36 +00:00
Jenkins
4ae18aec88 Merge "stack: Workaround libvirt issue with multiple of 16 byte fixed_key values" 2017-05-26 19:22:30 +00:00
Jenkins
6d302a8324 Merge "Enable ssh validation by default" 2017-05-26 19:21:11 +00:00
Kirill Zaitsev
d0db62a476 Use systemd-tmpfiles to create /var/run/uwsgi
On ubuntu contents of /var/run do not persist between reboots. Devstack
uses /var/run/uwsgi as home for wsgi sockets. This means that after
rebooting the machine services, that rely on uwsgi would fail to start.
Currently it affects keystone.service and placement-api.service.
This patch changes delegates directory creation to systemd-tmpfiles,
which would run on startup.

Change-Id: I27d168cea93698739ef08ac76c828695a49176c7
Closes-Bug: #1692767
2017-05-26 19:11:02 +03:00
Sean Dague
e123edeebf Add global_request_id to systemd logs
With cinder supporting this now, start logging global_request_id in
systemd logs. It will be None for all the services until the work
starts coming together, but it is safe to do.

Change-Id: Ic6ba1a42da88c03e43d89658b453f6a0b353e0db
2017-05-26 07:18:32 -04:00
Jenkins
9b2a2fa55d Merge "Fix typo" 2017-05-25 20:52:28 +00:00
Jenkins
7b230532dc Merge "Get rid of zookeeper from devstack" 2017-05-25 18:46:09 +00:00
Davanum Srinivas
853b475bfd Fix typo
should be etcd3

Change-Id: Icfa24654699a4e4e4be8a53f7bbe4634badbff7b
2017-05-25 13:03:58 -04:00
Amrith Kumar
bb436d3373 Make use of Ubuntu Cloud Archive switchable
The trove development environment is typically a linux VM within which
openstack is installed, and trove launches guest vm's within that
environment. To make it possible for these vm's to launch in one human
lifetime, one must set vt/x and enable nested hypervisors to use with
kvm; qemu emulation will take way too long.

The new libvirtd (v2.5.0) in Ubuntu Cloud Archive doesn't handle
nested hypervisors well and if you use it, you end up with a guest
hanging on the GRUB line.

To enable that use-case, we provide ENABLE_UBUNTU_CLOUD_ARCHIVE which
the trove developer can set (to False) before running devstack.

Change-Id: Ia0265c67bb7d2a438575a03c0ddbf2d9c53266ed
Closes-Bug: #1689370
2017-05-25 12:36:25 -04:00
Kirill Zaitsev
c0644f39a4 Use correct argument order in truorfalse for USE_JOURNAL
truorfalse function from common-functions accepts default as the first
parameter. The arguments for USE_JOURNAL were mixed up and this commit
restores correct order.

Change-Id: Id3621b0e1910a625d6cfb8e81bd27bea82543ae9
2017-05-25 12:16:11 +00:00
Jenkins
793db3ac35 Merge "Allow disabling etcd3" 2017-05-24 17:01:32 +00:00
Jenkins
f0442dd592 Merge "Use sha256sum instead of gpg for verification" 2017-05-24 14:57:29 +00:00
Davanum Srinivas
c0d16c279a Get rid of zookeeper from devstack
In Ibbb430fb1dbf66942168e0cb52d990ab6a2eb8d7, we are adding
etcd3 as a new base service. We should drop zookeeper
and use etcd3 as the backend.

Since cinder is the first service for this tooz+etcd3 DLM
scenario and cinder uses eventlet we have cannnot use the
grpc based driver in tooz. So new CINDER_COORDINATION_URL
that defaults to the etcd3's grpc HTTP gateway based
tooz backend.

We need to hold this change until the tooz change (see
Depends-On) is available in a tooz release.

Depends-On: I6184ed193482dad9643ccb2b97133d4957485408
Change-Id: Ia187e1a86413edf25b909b6bb57e84fb4930a696
2017-05-24 14:13:27 +00:00
Andreas Scheuring
94b9fae4e9 Allow disabling etcd3
Etcd3 was enabled recently as new service in devstack [1]. But there's
no way to disable etcd3. This is required on architectures where no etcd
binaries are available (e.g. s390x). The long term goal of course should
be to have those binaries available. The short term circumvention is to
allow disabling the service in local.conf:

   disable_service etcd3

[1] 546656fc05
Change-Id: I6184ed193482dad9643ccb2b97133d4957485408
Partial-Bug: #1693192
2017-05-24 15:32:03 +02:00
Sean Dague
bba924121c Use sha256sum instead of gpg for verification
gpg verification requires network connectivity which is non
mirrorable. We try to avoid that in devstack whenever possible. A
sha256sum is a totally reasonable way of knowing if the downloaded
package is valid.

Closes-Bug: #1693092

Change-Id: Id496ab53f76444f08dc6961f1ecd25f450cc96d7
2017-05-24 08:04:18 -04:00
Lucian Petrut
2715fd0b4a Do not upload vhdx images as vhd
This change ensures that when uploading vhdx images, we use the
proper format.

At the moment, vhdx images are uploaded as vhd, which can be
troublesome: first because this is misleading, second because the
actual image format may be checked, having the image rejected.

Change-Id: I9578be41ea9dc252404b7553679ac527e08a0ff6
2017-05-24 13:36:57 +03:00
Davanum Srinivas
d8283fde66 Avoid installing etcd3 in subnodes
We need to handle this better, for now, just don't install
etcd in the sub nodes. We need to setup the proper clustering
mechanism if we want to have etcd3 running in multiple nodes

Change-Id: I8dd385e3c993942473e67d04367cdf74495dbeef
2017-05-23 22:12:42 -04:00
Jenkins
08de346d03 Merge "etcd3 as a base service" 2017-05-24 00:08:47 +00:00
Maciej Józefczyk
0d9fd60ad4 Change version of noVNC to stable
In master branch of noVNC project file vnc_auto.html was renamed to
vnc_lite.html Because of that nova-novncproxy looks for file that
actually doesn't exist.

We need to change branch of noVNC to latest stable, because other
projects are not ready yet to rename the path. Those projects
depends on noVNC package installed in system, but it is too old
for now for both CentOS (version 0.5) and Ubuntu (version 0.4).
The only way to make noVNC console working on Devstack is to change
the branch to stable one.

Unit test also has to be modified in order to ignore novnc repo
from checking against cloning non-master branch.

Change-Id: Iaf4761aedf93bc6b914a6a0c5cf1cfedcc29583c
Closes-bug: #1692513
2017-05-23 16:49:13 +02:00
Jenkins
23ed6666ed Merge "Always setup libvirt for tap devices when using Neutron" 2017-05-23 01:26:25 +00:00
Davanum Srinivas
546656fc05 etcd3 as a base service
ETCD_DOWNLOAD_URL is set to github url, in our CI, we can point
ETCD_DOWNLOAD_URL to a url in tarballs.openstack.org possibly
in devstack-gate

Download the etcd binaries and drop them into /opt/stack/bin and
use it from there. Cache the tgz for subsequent use (local workflow)

daemon-reload is called twice once from inside the write_user_unit_file
and then when we adjust the entries with additional things recommended
by the etcd team. We need a better way to do this in the future.

Added a TODO to verify the downloaded artifact later. The etcd team
posts gpg signature, we could verify that or run sha256sum and hard
code that in lib/etcd3 file. We would have to update it whenever we
bump the etcd3 version.

We use the public key "CoreOS Application Signing Key <security@coreos.com>"
with ID FC8A365E to verify the integrity of the downloaded file

Any jobs that need to be run on architectures where v3.1.7 is not available
should rey the v3.2.0-rcX release candidates. We can switch to v3.2.0
when it gets released.

Initial version of this code was borrowed from the dragonflow
repo:
http://git.openstack.org/cgit/openstack/dragonflow/tree/devstack

Change-Id: Ibbb430fb1dbf66942168e0cb52d990ab6a2eb8d7
2017-05-22 21:57:48 +00:00
Nir Magnezi
ac2ae8c047 Remove nova cert from devstack
As a followup to I2c78a0c6599b92040146cf9f0042cff8fd2509c3, the nova
cert service should be removed from devstack.

Without this fix, stacking will fail is USE_SCREEN=True

Change-Id: I115580352fa380b896bae290f9a4efbfe4ff0dfd
2017-05-22 12:40:57 +03:00
Doug Hellmann
4db30f9f05 update sphinx
Update sphinx to the version used to build the documentation elsewhere
and turn on the option to treat warnings as errors to ensure that no
poorly constructed rst is introduced. Cap sphinx<1.6.1, since that
version has a conflict with pbr right now.

Change-Id: I19b3332229e2094988cbf8968c42a0323194a209
Signed-off-by: Doug Hellmann <doug@doughellmann.com>
2017-05-21 11:00:04 -04:00
Lee Yarwood
00ff904b09 stack: Workaround libvirt issue with multiple of 16 byte fixed_key values
Unable to use LUKS passphrase that is exactly 16 bytes long
https://bugzilla.redhat.com/show_bug.cgi?id=1447297

Change-Id: I565339762549b076119ffedb6b83abfa12977f5e
2017-05-19 13:49:35 +01:00
Jenkins
6a62619cbc Merge "add a table of contents" 2017-05-18 14:28:18 +00:00
Jenkins
e4c98aa42a Merge "Add --tcp option to dstat command for connection stats" 2017-05-18 14:19:20 +00:00
Jenkins
e19abda40a Merge "Restore log colors under devstack/systemd" 2017-05-17 20:10:30 +00:00
melanie witt
fc572a5da0 Add --tcp option to dstat command for connection stats
This enables tcp stats (listen, established, syn, time_wait, close) in
dstat to allow us to get a high-level view of performance changes in
the system during gate runs.

Change-Id: Ifbffbed22446e7e6a3b825c18266b63d2f2e7718
2017-05-17 19:05:56 +00:00
Jenkins
5ff1b476e4 Merge "Copy 'resource_filters.json' file to cinder config folder" 2017-05-17 19:02:22 +00:00
Isaac Beckman
54a8dc291f cleanup: remove DEVSTACK_CINDER_SECURE_DELETE
DEVSTACK_CINDER_SECURE_DELETE is deprecated from liberty release.
This should have been removed after kilo-eol

Change-Id: I82c15a19f8fe0326d4a5c2a076baa6d3e53fcf32
2017-05-17 14:27:41 +03:00
Kevin Benton
d1fe0e62e7 Always setup libvirt for tap devices when using Neutron
This logic has been tied to OVS since it was introduced in [1] and
revised in [2]. However, many other backends may use tap devices that
aren't related to OVS, such as Calico[3] and Linux Bridge after [4]
merges.

This patch just removes the dependency on OVS specifically so
/dev/net/tun is added to cgroups whenever any Neutron backend is used.
This is done in other deployment tools like Juju[5] so it's not
unprecedented.

1. Ifab268f739b004db13024633e8abeb17691b9e46
2. Ic1da132fa421f1c70c10a319ee3239831b0f956f
3.
http://docs.projectcalico.org/master/getting-started/openstack/installation/ubuntu#compute-node-install
4. I23c5faaeab69aede1fd038a36f4a0b8f928498ce
5.
2790f81ecd/templates/qemu.conf

Change-Id: I075595158d8f3b5a6811c4794aa7b91912940db5
Partial-Bug: #1675343
2017-05-17 06:07:35 +00:00
Jenkins
00e5a98eea Merge "Use -y with 'pip uninstall'" 2017-05-17 00:41:04 +00:00
Eric Fried
8cd310d763 Restore log colors under devstack/systemd
One of the pending issues with the conversion to systemd was the loss of
log coloring.  It turns out that journalctl by default strips out
characters it considers "unprintable" - including the color codes
emitted by the old-style logging.  However, journalctl can be made to
print them by adding the `-a` flag.

This change makes devstack's log formatter conf settings include color
codes like the old screen-based setup used to

We also remove stackrc's setting of JOURNALCTL_F, whose usage was
removed via I6af6d1857effaf662a9d72bd394864934eacbe70.

Change-Id: I2401e267913a24d18dae355aa933072dbbdab1d8
2017-05-16 14:56:57 -05:00
Brian Haley
954fd1b729 Use -y with 'pip uninstall'
'pip uninstall' will hang running stack.sh if it has to
prompt the user for input, use -y.

Change-Id: Ic94639e444b87fd3538463d5a51c01a0208a2ab2
Closes-bug: #1691172
2017-05-16 12:24:45 -04:00
Dan Smith
1f55d38911 Add systemd ulimit override function and set an override for NOFILE
This sets our default ulimit NOFILE to 2048, which is double what we
set things like mysql'd max_connections to.

Change-Id: I5126bed1e6b9f8c64db00eae4151ac61e47b1bf8
2017-05-16 09:23:28 -07:00