If CEILOMETER_USE_MOD_WSGI is True then the API app will
run under mod wsgi. The default is false (for now).
The changes are modeled on keystone's use of apache.
Note that these changes are dependent on
https://review.openstack.org/#/c/121823/ in ceilometer.
Using mod_wsgi allows the ceilometer api to handle "concurrent"
requests. This is extremely useful when trying to benchmark
various aspects of the service.
Change-Id: I4c220c3b52804cd8d9123b47780a98e0346ca81e
Nova v3 API has disappeared in Juno cycle, and we don't test the API
now on the gate since If63dcdb2d05aa0fab0b6848a1248b6678f1ee9ad .
This patch removes the endpoint of Nova v3 API.
Change-Id: I85f87b37558a15d1eaaa781b02fec5b02bd2ab44
Configure nova, cinder, glance, swift and neutron to use SSL
on the endpoints using either SSL natively or via a TLS proxy
using stud.
To enable SSL via proxy, in local.conf add
ENABLED_SERVICES+=,tls-proxy
This will create a new test root CA, a subordinate CA and an SSL
server cert. It uses the value of hostname -f for the certificate
subject. The CA certicates are also added to the system CA bundle.
To enable SSL natively, in local.conf add:
USE_SSL=True
Native SSL by default will also use the devstack-generate root and
subordinate CA.
You can override this on a per-service basis by setting
<SERVICE>_SSL_CERT=/path/to/cert
<SERVICE>_SSL_KEY=/path/to/key
<SERVICE>_SSL_PATH=/path/to/ca
You should also set SERVICE_HOST to the FQDN of the host. This
value defaults to the host IP address.
Change-Id: I36fe56c063ca921131ad98439bd452cb135916ac
Closes-Bug: 1328226
MySQL-python is needed for keystone and we were installing it
implicitely only for apts and not for rpms. Fix keystone only devstack
install on a pristine vm.
Change-Id: I0d117513af4e2ad58635f7a7b22f7a6e3ff36a38
The python-qpid package is available for Ubuntu trusty, precise, and
all the supported RHEL based platforms. This package is necessary if
qpidd is configured as the RPC backend. It is the client API used to
talk to the broker, and must be installed on each system that
communicates with the broker.
Change-Id: I635d3e857aa4b769a80cb7cde405cfd6cae44d32
This change adds the RPC_MESSAGING_PROTOCOL configuration option that
selects the messaging protocol that is used by the RPC backend and
client.
Some brokers can support different kinds of 'on the wire' messaging
protocols. Qpid, for example, supports both AMQP 0-10 (the default),
and AMQP 1.0. Use the RPC_MESSAGING_PROTOCOL configuration variable
to override the default protocol for those brokers that support
multiple protocol options.
This new option is necessary in order to enable the new AMQP 1.0
oslo.messaging transport as described in the blueprint.
Note well: currently this AMQP 1.0 functionality is only available on
fedora 19+ platforms. Support is WIP on ubuntu/debian and rhel/centos
7. Enabling the RPC_MESSAGING_PROTOCOL option on an unsupported
platform will cause devstack to exit with an approriate error
message.
Change-Id: Ib8dea59922844e87d6c947b5dca557f5b5fc1160
Implements: blueprint amqp10-driver-implementation
This change uses mod_version (shipped by default on everything we care
about) to set-up version-specific config within apache rather than
within devstack scripts.
Clean up the horizon and keystone config file generation to use the
internal apache matching.
Since I6478db385fda2fa1c75ced12d3e886b2e1152852 the apache matching in
'functions' is actually duplicated. just leave get_apache_version in
lib/apache as it is used for config-file name matching in there.
Change-Id: I6478db385fda2fa1c75ced12d3e886b2e1152852
installing boto from packages pins some other pure python libraries
(like requests) in an unexpected way. As this is pure python we should
instead let this be install from pip and thus be controlled by global
requirements.
Change-Id: If5df9de8c3e1ad8faceab4b43c86134dbbc55a51
Use the new ErrorLogFormat directive to make the Keystone logs
under Apache to look like the standard oslo log format.
Change-Id: Ie823abf2fa06b8ce22027c21bef455808a4a768e
Install ipset if the q-agt service is enabled.
Partially implements blueprint: add-ipset-to-security
Change-Id: Ic0820a03e9823be39e26254e7c99fe2c4c811c8b
Keystone's access log was going to httpd/access.log, which is the
common place for all access logging. This made it difficult to see
Keystone accesses apart from other access. Keystone's access log
will now be keystone_access.log
This makes the Keystone configuration similar to Horizon which uses
horizon_access.log.
Change-Id: I6e5ac121302b3d138758e6c49dffa9f05ad2fb85
Partial-Bug: #1359995
Having Keystone's log level at debug caused a lot of uninteresting
Httpd-related log lines to be displayed which makes debugging more
difficult than it should be.
Rather than set the log level explicitly, Keystone will use the
Httpd server's setting, which defaults to warn.
Partial-Bug: #1359995
Change-Id: Ieef882944bafd98f7b27497a5276124b21c3e576
Neutron needs to be able to install MySQL-python in the functional
test job, which requires devstack to install mysql devel libraries as
testonly.
As per sdague's recommendation mysql devel libraries are now installed
for nova as well. In the future, any service that installs
mysql-server should also install mysql devel libraries for consistency.
Related-bug: #1346444
Change-Id: Ie715841e33a2c2d31cb4ac724b302eb98ed3366a
The normal extension for log files is .log. Log rotation should
work because the extension is as expected.
Change-Id: Ia5e42ea9d953e8395b86ab58cdef6c2d852efc94
Related-Bug: #1359995
These functions allow images to be built using diskimage-builder which
contain packages built from local project checkouts:
build_dib_pip_repo() - Builds a local pip repo from local projects and configures
apache to serve it
disk_image_create_upload() - Creates and uploads a diskimage-builder built image
The unused function lib/heat disk_image_create has been deleted.
Change-Id: Ia75c7c35bfd48dbe6ae3cb9c3241de0b598cbf84
A few projects are now gating on docs not having warnings/errors in them
during the docs build with sphinx, so developers are going to want to be
able to run 'tox -e docs' locally and fix issues.
The graphviz package is used by sphinx when building docs but you have
to get it from the distro, so this change adds the package to the
various distro lists.
Closes-Bug: #1359749
Change-Id: I7b7dee5e5d0dce6d5020b3e711f500118be163f8
Setup the enviroment and configure Ironic to use iPXE for deployments. If
IRONIC_IPXE_ENABLED enviroment variable is True, DevStack will now start
and configure an Apache HTTP server to serve the images, will copy the
undionly.kpxe boot file in place of the standard pxelinux.0 and will set
the right configuration to Ironic to deploy the images using iPXE+HTTP.
Implements: blueprint ipxe-boot
Change-Id: I0ea40cb8bbf9236c634f803c2bde1081634679ff
This change makes apache set process group name in the process name,
so when listing the processes the user can easily identify what's
running in each apache process. This is specially useful to debug
memory consumption or when a process consumming too much CPU.
Change-Id: I9787980052f451f452d3b8e5e51385ad5aa01e6a
Neutron L3 HA blueprint l3-high-availability requires
keepalived and conntrackd in order to work for developers as
well as for functional tests.
Change-Id: Ic32d913c2bc6fae339b4d5ec509a77df5a21de72
Rebuilding pyOpenSSL requires the SSL development libraries. This is
present in files/rpms/general, but was missed in files/apts/general.
Change-Id: Ie3c688e2d74485eb7f981363633bbddab5da7046
The binary 'msgfmt' is not installed as part of python-gettext for Trusty
(Ubuntu 14.04), so gettext needs to be installed from apt.
Change-Id: I415814559d82be453e978a0d92a0cdb38f105683
Closes-Bug: 1331328
The new lib installs a full Ceph cluster. It can be managed
by the service init scripts. Ceph can also be installed in
standalone without any other components.
This implementation adds the auto-configuration for
the following services with Ceph:
* Glance
* Cinder
* Cinder backup
* Nova
To enable Ceph simply add: ENABLED_SERVICES+=,ceph to your localrc.
If you want to play with the Ceph replication, you can use the
CEPH_REPLICAS option and set a replica. This replica will be used for
every pools (Glance, Cinder, Cinder backup and Nova). The size of the
loopback disk used for Ceph can also be managed thanks to the
CEPH_LOOPBACK_DISK_SIZE option.
Going further pools, users and PGs are configurable as well. The
convention is <SERVICE_NAME_IN_CAPITAL>_CEPH_<OPTION> where services are
GLANCE, CINDER, NOVA, CINDER_BAK. Let's take the example of Cinder:
* CINDER_CEPH_POOL
* CINDER_CEPH_USER
* CINDER_CEPH_POOL_PG
* CINDER_CEPH_POOL_PGP
** Only works on Ubuntu Trusty, Fedora 19/20 or later **
Change-Id: Ifec850ba8e1e5263234ef428669150c76cfdb6ad
Implements: blueprint implement-ceph-backend
Signed-off-by: Sébastien Han <sebastien.han@enovance.com>
