The os-fping API was deprecated in nova in
I92064cbcb5f6414da0c9d294f912a860428af698. I can't see anything
obviously using it on codesearch.
This is only in EPEL for centos, which I'm trying to remove. But I
think less dependencies is always better than more in general hence
the removal.
This is essentially a revert of
Ibdc7479a9038321e4fc3953774a6f3e1dac90530
Change-Id: I163fc48c860bae2a92c83cfdaed26b2e54630e20
It's not only using our upstream caches that you might get an old
libvirt-python wheel that is incompatible with UCA. Move the ignore
out of the mirror check to apply it globally.
This is an alternative to Iba301a8c80c9ed584f5fb5a816f3d2cf5f5f0e77
Change-Id: I588b1e8e49aa60f3ce976dc1b6c8013ba1d88079
The DEFAULT_IMAGE_NAME variable is used to reference the name of the
default image in glance after it has been uploaded by devstack. It is
used both inside and outside of devstack for that purpose. However, when
configuring tempest there are some tests which also do image uploads and
need a filename for specifying which file they should upload into glance
for testing purposes. Previously we were just using DEFAULT_IMAGE_NAME
for both purposes, but this causes a conflict if the name of the image
we upload into glance does not have a file extension. So instead of
conflating the things this commit differentiates between them and adds a
new DEFAULT_IMAGE_FILE_NAME variable to use for this purpose.
Change-Id: Icf74badcf2093d8c75db538232b10b3ac7b86eb8
If the current interface has a default gateway configured is
determined by the regex
default.+<interface-name>
If for example 'enc1' is used, but also an interface 'enc1800' is
present, the regex will also match the 'enc1800' default gateway.
This patch fixes this by looking for <interface-name><white-space>.
This way 'enc1800' is not matched.
Change-Id: Id1d58f5be6296c3a37aef788359ae8fe0fe11d8b
As described in [1], it seems that mod_wsgi is not "graceful" reload
safe. Upon re-init, it can end up in a segfault loop.
The "reload" (not *restart*) after setting up uwsgi was added with
I1d89be1f1b36f26eaf543b99bde6fdc5701474fe but not causing an issue
until uwsgi was enabled.
We do not notice in the gate, because the TLS setup ends up doing a
restart after this setup. In the period between the
write_uwsgi_config and that restart, Apache is sitting in a segfault
loop, but we never noticed because we don't try talking to it. Other
jobs that don't do any further apache configuration have started
failing, however.
Looking at the original comments around "reload_apache_server" I'm not
sure if it is still necessary. [2] shows it is not used outside these
two calls.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1445540
[2] http://codesearch.openstack.org/?q=reload_apache_server&i=nope&files=&repos=
Closes-Bug: #1686210
Change-Id: I5234bae0595efdcd30305a32bf9c121072a3625e
This defines a new function get_notification_url, which returns the URL
of RabbitMQ when you want connect to it, and uses in
ceilometermiddleware. This fixes an issue when we try to use AMQP for
RPC, but not for notifications.
Change-Id: I14450b2440806a17a90e5ddefc243868fdbe4f2c
On Centos, apache has a private view of /tmp and thus can't see this
socket, causing keystone to fail. This happened after
I46294fb24e3c23fa19fcfd7d6c9ee8a932354702.
Move it to /var/run.
Closes-Bug: #1684360
Change-Id: I47f091656802719c259752454ec88bf50760b967
The -ssh job with ssh validation enabled has been quite stable
for a while now [0] so I think it's time to add ssh validation
to the integration gate to prevent regressions from lurking in.
Doing this in devstack ensures that the change only affects
master as we didn't test ssh validation on on stable branches.
[0] http://status.openstack.org/openstack-health/#/g/build_name/gate-tempest-dsvm-neutron-full-ssh?duration=P3M
Change-Id: I187e560911f5d5d482eb7959e5174068c4c9a801
This makes openrc more robust for the grenade scenarios by having a
sane fallback when stackrc is not found.
Change-Id: I297ba519d581d2b6fb4d80d59434acace054bada
It turns out that we ended up with duplicate versions of this function
merging on top of each other within 3 days, and gerrit didn't catch
it. Boo gerrit. Boo bash.
Change-Id: Ic6aa2f9bafdec906de2bc51d5929beeec48a6a40
Swift proxy logs to syslog during the devstack-gate tempest runs. To
better capture the swift logs increase the rsyslog buffer size to 6k
bytes allowing for longer messages like tracebacks.
This was setup by openstack-infra previous during our diskimage
builds.
I03e42964e14d9f930c07ed047851bdf775639c59
Change-Id: Iaa232335865410600c93f47d4777ed4f1bce08e2
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Until we can test with a version of swiftclient that knows how to eat
auth_uri, swift still needs a working gate.
Change-Id: I09f9ad5c87b542df962a79898e06fbf1e968b1e3
Related-Change: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
Related-Change: Ie427f3b0b9eb834ff940fa5d52444a5a6cdcab15
Things like SERVICE_PROTOCOL and KEYSTONE_AUTH_PROTOCOL shouldn't
really be exported in openrc as they encourage using them directly to
build up keystone urls instead of actually using the OS_AUTH_URL.
Remove them.
Change-Id: I4b7cc680f7f14dae29b706a227be540c9e212cad
a2dissite will return a non-zero error code if the site that is being
disabled is not currently enabled (that is, if the conf file for it does
not exist). This can happen during development if you've been messing
with files by hand. Rather than exploding out of a ./stack.sh, accept
the missing file as meaning "it's disabled" and carry one. The rpm
version of disable, which does not use a2dissite, does this already.
Change-Id: Ie5dfd42efdff4bdba5ffaa765af000dd8e1d596e
The removed TODO was talking about USE_SYSTEMD, not WSGI_MODE.
WSGI_MODE makes sense, so the TODO has been done.
Change-Id: Ib574ef123ea4c82d4d88012c990cd1ad660d7879
This makes keystone use the proxy uwsgi module when running in uwsgi
mode. It also introduces a new stackrc variable which is WSGI_MODE
that we can use to control the conditionals in services that current
work with mod_wsgi.
Also update retry timeouts on proxy pass so that workers don't disable
their connections during polling for initial activity.
Change-Id: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
This converts the placement API to use the new WSGI_MODE variable
(which is not introduced until the next changeset). We do this so that
placement and keystone patches can be reviewed independently, but
there are some hidden coupling of mod_wsgi setup which happens only in
keystone, so if we do keystone first, it breaks placement.
Change-Id: Id5b2c67701bcc7b12c8e3764c7199d10f85df80f
The uwsgi proxy version that comes with Ubuntu xenial is too old, so
we have to build it from source. This is a temporary solution until
the next LTS.
This lays the ground work for using it in keystone.
Change-Id: I00fb1759e6988c7df0ce0f3df5ff1ce9fd7cd381
When an apache worker gets a proxy error, it will not retry talking to
the backend server until the retry timeout expires. We bring up the
proxy server *before* the backend server, and poll it. If we are
running a small number of workers, there is a likely chance that we're
going to hit one that errored before the backend was up, thus failing
for now real reason.
Set this to 0 instead to mean always retry failed connections.
Change-Id: I9e584f087bd375f71ddf0c70f83205c425094a17
Ref: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
tls-proxy is the way we're now doing a standard install using https
between services. There is a lot more work to make services directly
handle https, and having python daemons do that directly is a bit of
an anti pattern. Nothing currently tests this in project-config from
my recent grepping, so in the interest of long term maintenance,
delete it all.
Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
Instead of this code all existing in keystone inline, factor out into
a dedicated set of functions, and make keystone use this. This drops
uwsgi supporting https directly, but that's not going to be a
supported model going forward once we get to proxy only anyway.
Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe
We're now in a systemd world where systemd is managing the restart
effectively, there is no reason to be tricksy with apache now that
we're not working around weird upstartd issues.
Change-Id: Ifadfd504eb10a90db5177ea9180b9cd8331a2948
We're going to want to start using it by default so just start with
always installing it. This should not negatively impact anything else.
Also had to fix the test using cowsay, now that cowsay depends on
cowsay-off.
Part of uwsgi in devstack.
Change-Id: I8306a992d9d006bc0130a255145a6880065aa0df
Allow cursive to be installed from git instead of pip.
The barbican-tempest-plugin, which uses cursive indirectly
through nova and glance, would benefit from the ability to
use cursive from git instead of pip.
Change-Id: Icae7d310f1ee392d080e7c8e421a26d7c0ef4727
Allow castellan to be installed from git instead of pip.
Castellan has recently been moved under the oslo framework,
and the barbican-tempest-plugin tests which use castellan
would benefit from the ability to usd castellan from git
instead of pip.
Change-Id: I96edca90c61aec84637b7b1ce842eff04c521923
The swift functional tests use a config which requires keystone ports,
we're about to make those go away. This exposes the actual auth_uri to
swift for consumption.
Change-Id: I5868dfdb8e5f0972ba04e359d212b04351502436
We recently disabled EPEL in openstack-infra, enable it again.
Change-Id: I213b302b34b740354d63b69e8ac7f4e1b3d3cdd7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
