Commit 5edae54 introduced the usage of systemd in Devstack. This allowed
the transition away from 'screen'. Systemd needs "user unit files" to
describe the services. Currently, those unit files get only created when
an openstack service (n-cpu, c-sch, g-api, ...) is in the list of enabled
services (`ENABLED_SERVICES`). This means, when Devstack is fully stacked,
there is no way to start the systemd unit of an openstack service which
is *not* in that list.
This commit changes that behavior, and creates the systemd unit files
independently of the list ENABLED_SERVICES. This means, when Devstack
is fully stacked, I can start a systemd unit of an openstack service which
wasn't in the ENABLED_SERVICES list. This allows more flexible lifecycle
management of openstack services in the gate, which is useful for tests
which test components which are not in the "default configuration" (e.g.
the "nova-serialproxy" service).
The `clean.sh` script purges all traces of systemd user unit files created
by devstack.
Change-Id: I0f7e1ee8723f4de47cbc56b727182f90a2b32bfb
Reduce bcrypt hashing rounds from 12 to 4 (minimal possilbe).
This is going to imporve a lot of perforamcne of OpenStack.
Bcrypt is hashing algorithm that is designed to use a lot of resources and
in that way stops brutforce attacks. It's exponential algorithm that depends
on amount of rounds. By default they use 12 rounds which is quite high value,
good enough for real secure production enviorments.
In case of DevStack it's going to slow down all authentication by many times.
Rally shows about 5 times slownest (adding 2-5 seconds to every authenticate)
DevStack is meant for developemnt & CI so performance is way more important than
security.
Change-Id: Id8c763d63cb91f37a774f9400f35c309f37d6f12
To reduce the total number of invocations necessary for pip which isn't
the quickest thing ever (due to needing to evaluate constraints and deps
lists and what is currently installed) combine the main installation of
software with its test-requirements.txt file which should roughly halve
our pip invocations.
Change-Id: Ibcc3264136e66d34a879ad1c90a62e1bb6a84243
Transient failures were being reported because the current lockout
period for users was too short. While this does increase the
run time IdentityV3UsersTest.test_user_account_lockout, it
allows for more flexibility if there is network latency or some
other factor that cause the lockout to expired before the
next authentication.
Change-Id: I61bc39bbc35ac414b4a72929a90845956c99eb1a
Closes-Bug: 1693917
When installing OpenStack via DevStack on XenServer, we need to
some preparation operations in dom0 which will refer the function
in devstack/tools/xen/functions file, but we are planning to move
the whole folder of tools/xen from devstack to os-xenapi, so it
this patch is to moving the dom0 related operation to os-xenapi
repo first.
Change-Id: Ib59d802a7a4eab4ccce0e29d80f29efa4655bc0b
Depends-On: I712ee74ce945859ba5118e09b7d9436ca2686cb7
The old implementation for is_$service_enabled simply checked if any of
the subservices were enabled and if so the service was considered to be
enabled. This makes disabling services complicated as it means you have
to list every single subservice which can and do change over time.
Instead also check if the generic service name is in the disabled
services list and if so don't treat the service as enabled.
Change-Id: I7fe4dfca2cd9c15069d50a04161a29c5638291cb
The scheduler_driver option has been moved and deprecated. This
change uses the new group and name for the option.
Change-Id: I27aeff5911510c9f47191acaa0c0b5b71f977cd7
We required initially 42.2 test updates to be enabled as the
liberasurecode-devel update wasn't released. It is now released
so we can stop pulling that part in.
Change-Id: I4e514e317da8a95809593a49c6dce619bc4c021f
openSUSE 42.2 passes testing on the experimental gate and
in order to add it as continuosly tested target we need to
add it to the positive list of tested distributions.
Change-Id: I46f94cfad828534f324994c3d21bddff40e8f9a2
Because the swift functests (which use test.conf) run out of a
virtualenv they don't get access to the system wide trust of the
devstack CA. Handle this by explicitly configuring the cafile to trust
in the test.conf file.
We also set the web_front_end to apache2 as that is what is terminating
TLS for us. The tests handle different web server behaviors using this
flag.
Swift's functests will need to read these values in and properly
configure things on its end.
Change-Id: I4cdba36ccab6acd76205184882ee29e4f1e12333
Otherwise those services, notably n-cpu, will try to register
resource providers before placement is ready.
Change-Id: I89fd4fa42baf3d19ee209c59cd85b97adb97c58b
Closes-Bug: #1695634
The scheduler_default_filters config option moved out of the
DEFAULT option group into a more specific group, and the old
option is deprecated as a result so we need to update our usage.
Change-Id: I5d6574d19c3f16abadddb19f34cb645dcdcc07f4
Function "_install_etcd" is trying to use "files" directory
to download a file. Instead of this, this directory should be
$FILES, which is defined previously in parent script.
TrivialFix
Change-Id: I643ce3b9aba1f65f03524430c748bf120d071509
volume_clear is currently set in the DEFAULT section,
but this is a backend specific setting, and therefore
needs to be set in the backend config section.
Change-Id: Ifa3a659bb4768b8915a0f23e7f14b0f3348d93d2
Previously we didn't block out the c-api startup code because the
devstack functions to start services check that for us. However, since
the cinder devstack code checks the service is up and runs the tls proxy
if tls is enabled we need to block it all off to avoid doing those
things if c-api is disabled.
Change-Id: I1c4f22f785af96caaf4baa21ff28714b9afd3458
The upstream CI runs exclusively on nodes with x86 architectures, but
OpenStack supports even more platforms. One of them is the KVM
on s390x (IBM z systems), which is supported since the *Kilo* release.
This change describes the additional settings in the ``local.conf`` file
to enable Devstack on that platform. This is useful for PoCs.
Change-Id: I943b552ca2e36210ac57f36c16db930eb5e58623
This adds packages to suse for systemd python linkages as well as
apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with
a2enmod.
We also properly query if apache mods are enabled to avoid running
into systemd service restart limits. Enable mod_version across the board
as we use it and it may not be enabled by default (like in SUSE).
Also in addition to enabling mod_ssl we enable the SSL flag so that TLS
will work...
Finally we tell the system to trust the devstack CA.
Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7
This commit adds support for deploying glance as a wsgi script under
uwsgi. To get around limitations in the uwsgi protocol when using
python3 for chunked encoding we have to setup uwsgi in http mode on a
random port listening on localhost and use mod_proxy to forward the
incoming requests. The alternative approach of having apache buffer the
requests locally with the send_cl option with mod_proxy_uwsgi only
worked on python2 and also has the limitation that apache is buffering
the entire chunked object, which could be several gigabytes in size.
Depends-On: I089a22a4be4227a551c32442dba27c426f54c87d
Change-Id: Ie98fb7da5e8ecfa49cd680b88139cb7034d5f88f
This commit adds a new function get_random_port to return a randomly
available port from the local port range.
Change-Id: Icaed180cc14602a74cdb3fd3456b690d8a4c729c
We have to do silly overrides of cert locations for requests for
reasons. If we are running under python3 then we were previously looking
in the wrong location for the requests certs. Update the cert fixing
function to properly use python3 to find the certs if python3 is
enabled.
Change-Id: Id1369da0d812edcf9b1204e9c567f8bfe77c48b2
The configuration guide link has syntax problem in README.rst,
and the click the link will lead to page 404.
Fix the syntax problem
Change-Id: I47a1641a6898930dca508cdac98b1b43c05dc446
