The /identity_admin endpoint is the port 80/443 equivalent of the
service that typically runs on port 35357. In v2 some operations must be
performed on the admin endpoint whereas on v3 the services on 5000 and
35357 are exactly the same. This would be why the service was mounted at
/identity_v2_admin however that is misleading because both the v2 and v3
services are present on that endpoint.
This is particularly confusing because we set this as the OS_AUTH_URL
endpoint and it makes it seem like we are doing v2 authentication when
we are not.
Change-Id: If73735026079fb19ca5bd44b3a4dc1f507b5c99d
With [1] glance_store introduced default settings for user_domain_id and
project_domain_id. Sadly since these are always passed to the keystone
client, they override any settings to user_domain_name and
project_domain_name that are made in the config, leading to authentication
failures.
So as a workaround until [2] is fixed, we explicitly place the corresponding
domain_ids into the config.
[1] https://review.openstack.org/297665
[2] https://bugs.launchpad.net/tempest/+bug/1620999
Change-Id: Ica81a1a176614392291f2db4cc6398ed30663aed
To support multinode testing where we just copy the CA to all the
instances don't remake the CA if it already exists.
The end result is that you can trusty a single chain and all your
clients will be happy regardless of which host they are talking to.
Change-Id: I90892e6828a59fa37af717361a2f1eed15a87ae4
TIL:
Similarly, all the END rules are merged, and executed when all the
input is exhausted (or when an exit statement is executed).
i.e. matching YUM_FAILED calls "exit", which falls through to the END
rules which calls "exit result" ... which is zero. i.e. if the return
code is 1 then we actually hide that and return with zero.
This is rather annoying because errors that should halt to alert us of
a package install failure pass through, only for you to have to debug
much later on seemingly unrelated problems.
This always sets "result" and thus should be returning the right
thing. I've updated the documentation to hopefully make it clearer
what's going on.
Change-Id: Ia15b7dc55efb8d3e3e945241b67a468b8a914672
In Debian jessie and later release,there is no packages
called "qemu-kvm" for AArch64. Also modify the libguestfs0
packages for AArch64
Closes-bug: #1612182
Change-Id: I5eb6bd137896eb9abfc4f8dbb41b41105e4820cd
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
Instead of only using the userrc_early when keystone
is an enabled service we will do it on all runs of
stack.sh. This way services can be split up more
across devstack nodes, and you can do configuration
requiring credentials on nodes that don't install
keystone.
Change-Id: I74574ae9f45a74bcbcc8e3149228ecb795ab4fb7
Stud is now abandonware (see https://github.com/bumptech/stud) and is
not packaged in xenial. Lets use Apache for SSL termination since its
there already.
Change-Id: Ifcba410f5969521e8b3d30f02795541c1661f83a
The flag ENABLE_DEBUG_LOG_LEVEL indicates if this should be
set or not.
This will now be supported in Neutron.
Change-Id: I3afe0546b379873247fee1ef9f4cc2708a7b5713
Some systems may have more than one default route.
Set up iptables NAT rules on all v4 default route devices.
Accept RAs on all v6 default route devices.
Closes-Bug: #1624773
Change-Id: If58509297497ea33c6c156f083a4394000bd0561
The use_usb_tablet option is replaced by the pointer_model
option.
Depends-On: Id18b5503799922e4096bde296a9e7bb4f2a994aa
Change-Id: Ic2a49f88df988c6404c1c72e9ee28a487e4f7908
There is a bit of a weird history here, but the net is we're not
installing python-guestfs when ENABLE_FILE_INJECTION is set, which
it is in the gate-tempest-dsvm-neutron-full-ssh job, which makes
file injection (personality) tests fail.
The history:
Commit 0ae942b41c6dcd0fe7353e7d68574194fb72a66d moved installing
python-guestfs to the hypervisor-libvirt file and it was conditional
on a flag to enable file injection and the backing distro.
Commit a3c94468baa159840a47c34cf94d97d816208313 removed the ability
to configure nova for file injection, which never made any Tempest
tests fail because we didn't have a job that tested file injection
with ssh, which is what gate-tempest-dsvm-neutron-full-ssh does.
Commit 6d3670a65280d71529f8aad8ca5a0422abffebd0 added the ability
back to enable file injection and the gate-tempest-dsvm-neutron-full-ssh
job uses it, but missed added the condition back in from 0ae942b41
which installed the python-guestfs package. This change adds that
back in.
Change-Id: I1c1ef093b70007100646c086dc5724cd64751d00
Closes-Bug: #1622649
A couple of hundred of these were added with
Ia02f4e1819ac47b12b4ce4381e04253eb26e9f70 and you can see in some of
the proposals at I21fd2b3866efe66dd1f7173003c2521688aa7fd6 they're
starting to match. Just ignore packaging repos as they're not really
relevant for the purposes of plugin list.
Change-Id: Iaf9e0c0fb672a70c3aee1bbcf587bb0d387e5945
Configure the linux bridge physical interface to use the interface for
the default route on the current host. In the future we should consider
using a dangling interface so that we aren't affecting the host
instances networking but this roughly matches what testing has been
using in the past.
Change-Id: I7859437f97e6cab929e90208fe56f7efd62dfe01
Ubuntu's LVM packaging does not support thin provisioning by
default:
/usr/sbin/thin_check: execvp failed: No such file or directory
This is fixed with install of thin-provisioning-tools.
Change-Id: I31f572934ea94cae6e2aea27a2c731ee5bca68d3
Closes-Bug: #1615134
The default get_pip url regulary times out when starting devstack
from behind company firewalls. Making this a configureable variable,
user can make use of internal git-pip.py mirrors without modifying
any code.
Change-Id: I66a5534d51ab23a4d8586c27d37b4b6b8a6892c9
This patch setup cellsv2 for Nova after plugin initialization phase.
Since this requires compute hosts to be started, we need to do it
after we have initialized all other plugins. Things like ironic
aren't setup when we were running this as part of nova setup, and
thus this command can fail.
When cellsv1 is used (n-cell is enabled) skip calling
cells_v2 simple_cell_setup, which will never have hosts
at the top level and which will always fail.
Change-Id: Ic7d0115da51d6ea17ee49071af259a7789c62ab9
Depends-On: I9bbaa4c92503222c9fd015fe075926b50f3dcc8c
In some initialization conditions (having never ran stack.sh) the
result of unstack.sh is dependent on if the user had previously
installed lvm2 or disabled the cinder service.
This change makes all results the same with a bit of LBYL.
There's also a drive-by to put a comment back where it belongs after
being accidentally moved in the related change.
Related-Change: I09b1a7bee0785e5e1bb7dc96158a654bd3f15c83
Change-Id: I9a7e052677d60cbbbdd582877f3c6c48c387f668
Closes-Bug: #1619195
Catalog caching was disabled due to bug 1537617, but this has been
fixed for some time. Re-enabling to get some performance back.
Change-Id: Ic0edf5c70a5040edf3393dbd1e110ab5fb56c110
Related-Bug: 1537617
Keystone had a problem where there was a memcached socket
opened very early on startup which then got shared between
worker processes when running under uwsgi. This can be
prevented by setting lazy-apps so this is the recommended
setting.
See http://uwsgi-docs.readthedocs.io/en/latest/ThingsToKnow.html
"""uWSGI tries to (ab)use the Copy On Write semantics of the
fork() call whenever possible. By default it will fork after
having loaded your applications to share as much of their
memory as possible. If this behavior is undesirable for some
reason, use the lazy-apps option. This will instruct uWSGI to
load the applications after each worker’s fork(). Beware as
there is an older options named lazy that is way more invasive
and highly discouraged (it is still here only for backward
compatibility) """
Change-Id: I6f271dc906528f0c86060452deaf15df81b267d2
Related-Bug: 1600394
