8640 Commits

Author SHA1 Message Date
Jenkins
29215d95c7 Merge "systemd: Always create the systemd unit files" 2017-06-14 07:50:37 +00:00
Jenkins
660f4ae3ca Merge "Support installing os-traits from git" 2017-06-14 06:19:11 +00:00
Jenkins
f1da3fbf75 Merge "Install test-requirements with main install" 2017-06-14 06:19:04 +00:00
Jenkins
2c0692c2c7 Merge "Remove temporary openSUSE-42.2 workaround" 2017-06-14 06:18:58 +00:00
Jenkins
f500d6a29d Merge "Use systemd-tmpfiles to create /var/run/uwsgi" 2017-06-14 06:18:12 +00:00
Markus Zoeller
15b0a5f1eb systemd: Always create the systemd unit files
Commit 5edae54 introduced the usage of systemd in Devstack. This allowed
the transition away from 'screen'. Systemd needs "user unit files" to
describe the services. Currently, those unit files get only created when
an openstack service (n-cpu, c-sch, g-api, ...) is in the list of enabled
services (`ENABLED_SERVICES`). This means, when Devstack is fully stacked,
there is no way to start the systemd unit of an openstack service which
is *not* in that list.

This commit changes that behavior, and creates the systemd unit files
independently of the list ENABLED_SERVICES. This means, when Devstack
is fully stacked, I can start a systemd unit of an openstack service which
wasn't in the ENABLED_SERVICES list. This allows more flexible lifecycle
management of openstack services in the gate, which is useful for tests
which test components which are not in the "default configuration" (e.g.
the "nova-serialproxy" service).

The `clean.sh` script purges all traces of systemd user unit files created
by devstack.

Change-Id: I0f7e1ee8723f4de47cbc56b727182f90a2b32bfb
2017-06-14 14:29:39 +10:00
Boris Pavlovic
2b6e9ac471 Improve OpenStack performance by redcuing bcrypt hasing rounds number
Reduce bcrypt hashing rounds from 12 to 4 (minimal possilbe).

This is going to imporve a lot of perforamcne of OpenStack.

Bcrypt is hashing algorithm that is designed to use a lot of resources and
in that way stops brutforce attacks. It's exponential algorithm that depends
on amount of rounds. By default they use 12 rounds which is quite high value,
good enough for real secure production enviorments.

In case of DevStack it's going to slow down all authentication by many times.
Rally shows about 5 times slownest (adding 2-5 seconds to every authenticate)
DevStack is meant for developemnt & CI so performance is way more important than
security.

Change-Id: Id8c763d63cb91f37a774f9400f35c309f37d6f12
2017-06-13 18:33:28 +00:00
Jenkins
f4b4a79979 Merge "XenAPI: Move dom0 related operations to os-xenapi devstack plugin" 2017-06-13 13:56:12 +00:00
Jenkins
e403cd3c00 Merge "nova: fix usage of scheduler_driver config option" 2017-06-13 08:40:58 +00:00
Clark Boylan
f266a2dc81 Install test-requirements with main install
To reduce the total number of invocations necessary for pip which isn't
the quickest thing ever (due to needing to evaluate constraints and deps
lists and what is currently installed) combine the main installation of
software with its test-requirements.txt file which should roughly halve
our pip invocations.

Change-Id: Ibcc3264136e66d34a879ad1c90a62e1bb6a84243
2017-06-12 14:57:59 -07:00
Dan Smith
f63aa021cf Fleetify nova conductor for N cells
This makes us start two levels of nova-conductor processes, and one per cell.

Change-Id: Ice4aceac5dc44954db3661480b9365f54e47a4c9
2017-06-12 12:44:22 -07:00
Lance Bragstad
dcd4b64c99 Increase KEYSTONE_LOCKOUT_DURATION to 10
Transient failures were being reported because the current lockout
period for users was too short. While this does increase the
run time IdentityV3UsersTest.test_user_account_lockout, it
allows for more flexibility if there is network latency or some
other factor that cause the lockout to expired before the
next authentication.

Change-Id: I61bc39bbc35ac414b4a72929a90845956c99eb1a
Closes-Bug: 1693917
2017-06-12 14:41:42 +00:00
Jenkins
9234316794 Merge "Make use of Ubuntu Cloud Archive switchable" 2017-06-09 01:55:36 +00:00
Huan Xie
f15fd26943 XenAPI: Move dom0 related operations to os-xenapi devstack plugin
When installing OpenStack via DevStack on XenServer, we need to
some preparation operations in dom0 which will refer the function
in devstack/tools/xen/functions file, but we are planning to move
the whole folder of tools/xen from devstack to os-xenapi, so it
this patch is to moving the dom0 related operation to os-xenapi
repo first.

Change-Id: Ib59d802a7a4eab4ccce0e29d80f29efa4655bc0b
Depends-On: I712ee74ce945859ba5118e09b7d9436ca2686cb7
2017-06-07 22:02:56 -07:00
Jenkins
1ca22d50b0 Merge "Don't treat service as enabled if in disabled list" 2017-06-07 22:02:53 +00:00
Jenkins
986da6428d Merge "Updated from generate-devstack-plugins-list" 2017-06-07 18:43:12 +00:00
Clark Boylan
902158bb8f Don't treat service as enabled if in disabled list
The old implementation for is_$service_enabled simply checked if any of
the subservices were enabled and if so the service was considered to be
enabled. This makes disabling services complicated as it means you have
to list every single subservice which can and do change over time.

Instead also check if the generic service name is in the disabled
services list and if so don't treat the service as enabled.

Change-Id: I7fe4dfca2cd9c15069d50a04161a29c5638291cb
2017-06-07 17:23:38 +00:00
Matt Riedemann
886d7dbe12 nova: fix usage of scheduler_driver config option
The scheduler_driver option has been moved and deprecated. This
change uses the new group and name for the option.

Change-Id: I27aeff5911510c9f47191acaa0c0b5b71f977cd7
2017-06-07 10:52:20 -04:00
Jenkins
3742b14622 Merge "Change "files" directory in etcd project" 2017-06-07 13:33:58 +00:00
OpenStack Proposal Bot
a40e036d80 Updated from generate-devstack-plugins-list
Change-Id: I5980980fe5071a781b5b95efd69f479359f8ee6e
2017-06-07 08:24:31 +00:00
Dirk Mueller
bbf14db3a7 Remove temporary openSUSE-42.2 workaround
We required initially 42.2 test updates to be enabled as the
liberasurecode-devel update wasn't released. It is now released
so we can stop pulling that part in.

Change-Id: I4e514e317da8a95809593a49c6dce619bc4c021f
2017-06-06 23:29:41 +02:00
Jenkins
4bca739576 Merge "Use correct argument order in truorfalse for USE_JOURNAL" 2017-06-06 13:24:32 +00:00
Jenkins
bc8d7ef89e Merge "Start placement before services that might like to use it" 2017-06-06 00:01:06 +00:00
Jenkins
64d20857ed Merge "Enable opensuse-42.2 as a tested distro" 2017-06-05 23:56:45 +00:00
Jenkins
c639fc4302 Merge "Fix configuration link syntax error" 2017-06-05 22:01:24 +00:00
Matt Riedemann
aefc926cd4 Support installing os-traits from git
This will be used in a src job for running os-traits changes
in a dsvm/tempest setup.

Change-Id: I3c4433fb1ca2787e96b577a15d584b625c364ef3
2017-06-05 20:45:43 +00:00
Jenkins
adabee29f6 Merge "Don't run and check c-api if it is disabled" 2017-06-05 20:22:10 +00:00
Jenkins
e1a2448970 Merge "Expose etcd port as a variable" 2017-06-05 18:28:11 +00:00
Dirk Mueller
e61e19ee82 Enable opensuse-42.2 as a tested distro
openSUSE 42.2 passes testing on the experimental gate and
in order to add it as continuosly tested target we need to
add it to the positive list of tested distributions.

Change-Id: I46f94cfad828534f324994c3d21bddff40e8f9a2
2017-06-05 19:28:30 +02:00
Clark Boylan
e28db4c2f2 Set swift functest config when using tls
Because the swift functests (which use test.conf) run out of a
virtualenv they don't get access to the system wide trust of the
devstack CA. Handle this by explicitly configuring the cafile to trust
in the test.conf file.

We also set the web_front_end to apache2 as that is what is terminating
TLS for us. The tests handle different web server behaviors using this
flag.

Swift's functests will need to read these values in and properly
configure things on its end.

Change-Id: I4cdba36ccab6acd76205184882ee29e4f1e12333
2017-06-05 09:21:46 -07:00
Chris Dent
7a74c2ab24 Start placement before services that might like to use it
Otherwise those services, notably n-cpu, will try to register
resource providers before placement is ready.

Change-Id: I89fd4fa42baf3d19ee209c59cd85b97adb97c58b
Closes-Bug: #1695634
2017-06-05 16:18:46 +00:00
Matt Riedemann
1ade00da55 Fix scheduler_default_filters usage
The scheduler_default_filters config option moved out of the
DEFAULT option group into a more specific group, and the old
option is deprecated as a result so we need to update our usage.

Change-Id: I5d6574d19c3f16abadddb19f34cb645dcdcc07f4
2017-06-05 11:01:45 -04:00
gong yong sheng
07b3bc24a3 Change restart Always to always
Change-Id: I1cb00cc012eda72ff50e958ba1fb04daeac69e26
Closes-bug: #1695822
2017-06-05 14:04:00 +08:00
Jenkins
dc9ef55fc6 Merge "Make stack.sh work on SUSE" 2017-05-31 20:48:10 +00:00
Jenkins
a718b5ea92 Merge "Use proper python when configuring certs" 2017-05-31 19:59:59 +00:00
Rodolfo Alonso Hernandez
6f962a2ee5 Change "files" directory in etcd project
Function "_install_etcd" is trying to use "files" directory
to download a file. Instead of this, this directory should be
$FILES, which is defined previously in parent script.

TrivialFix
Change-Id: I643ce3b9aba1f65f03524430c748bf120d071509
2017-05-31 13:36:22 +01:00
Jenkins
86f9bc7b0b Merge "Add global_request_id to systemd logs" 2017-05-31 12:29:52 +00:00
Jenkins
b3ced44e37 Merge "Configure volume_clear setting per backend" 2017-05-31 05:14:58 +00:00
Jenkins
d94f44558a Merge "Use string cert CA defaults" 2017-05-31 04:29:13 +00:00
Sean McGinnis
29ec28216f Configure volume_clear setting per backend
volume_clear is currently set in the DEFAULT section,
but this is a backend specific setting, and therefore
needs to be set in the backend config section.

Change-Id: Ifa3a659bb4768b8915a0f23e7f14b0f3348d93d2
2017-05-30 15:51:17 -05:00
Clark Boylan
2dfca047d9 Don't run and check c-api if it is disabled
Previously we didn't block out the c-api startup code because the
devstack functions to start services check that for us. However, since
the cinder devstack code checks the service is up and runs the tls proxy
if tls is enabled we need to block it all off to avoid doing those
things if c-api is disabled.

Change-Id: I1c4f22f785af96caaf4baa21ff28714b9afd3458
2017-05-30 13:22:39 -07:00
Markus Zoeller
14728c7a51 docs: add "kvm on s390x" specific configuration in local.conf
The upstream CI runs exclusively on nodes with x86 architectures, but
OpenStack supports even more platforms. One of them is the KVM
on s390x (IBM z systems), which is supported since the *Kilo* release.
This change describes the additional settings in the ``local.conf`` file
to enable Devstack on that platform. This is useful for PoCs.

Change-Id: I943b552ca2e36210ac57f36c16db930eb5e58623
2017-05-30 13:53:36 +02:00
Clark Boylan
35649ae0d2 Make stack.sh work on SUSE
This adds packages to suse for systemd python linkages as well as
apache2 and which. And configures mod_proxy and mod_proxy_uwsgi with
a2enmod.

We also properly query if apache mods are enabled to avoid running
into systemd service restart limits. Enable mod_version across the board
as we use it and it may not be enabled by default (like in SUSE).

Also in addition to enabling mod_ssl we enable the SSL flag so that TLS
will work...

Finally we tell the system to trust the devstack CA.

Change-Id: I3442cebfb2e7c2550733eb95a12fab42e1229ce7
2017-05-28 09:58:51 -07:00
Matthew Treinish
e6217a9719 Use uwsgi for glance-api
This commit adds support for deploying glance as a wsgi script under
uwsgi. To get around limitations in the uwsgi protocol when using
python3 for chunked encoding we have to setup uwsgi in http mode on a
random port listening on localhost and use mod_proxy to forward the
incoming requests. The alternative approach of having apache buffer the
requests locally with the send_cl option with mod_proxy_uwsgi only
worked on python2 and also has the limitation that apache is buffering
the entire chunked object, which could be several gigabytes in size.

Depends-On: I089a22a4be4227a551c32442dba27c426f54c87d
Change-Id: Ie98fb7da5e8ecfa49cd680b88139cb7034d5f88f
2017-05-28 14:36:36 +00:00
Matthew Treinish
309b99ebcf
Add a function to get an available random port
This commit adds a new function get_random_port to return a randomly
available port from the local port range.

Change-Id: Icaed180cc14602a74cdb3fd3456b690d8a4c729c
2017-05-28 10:04:53 -04:00
Clark Boylan
4baac65725 Use proper python when configuring certs
We have to do silly overrides of cert locations for requests for
reasons. If we are running under python3 then we were previously looking
in the wrong location for the requests certs. Update the cert fixing
function to properly use python3 to find the certs if python3 is
enabled.

Change-Id: Id1369da0d812edcf9b1204e9c567f8bfe77c48b2
2017-05-27 20:57:56 -07:00
root
fabc976e41 Fix configuration link syntax error
The configuration guide link has syntax problem in README.rst,
and the click the link will lead to page 404.

Fix the syntax problem

Change-Id: I47a1641a6898930dca508cdac98b1b43c05dc446
2017-05-27 15:03:58 +08:00
Hongbin Lu
de8580691d Expose etcd port as a variable
This allows devstack plugins to retrieve the etcd port from devstack
instead of hard-coding it.

Change-Id: I106b559b8ac0fb99a0426bce97a27f67e32d264d
2017-05-27 03:54:45 +00:00
Jenkins
899616290c Merge "Change version of noVNC to stable" 2017-05-26 21:21:19 +00:00
Jenkins
6b1967bba4 Merge "Remove nova cert from devstack" 2017-05-26 19:33:42 +00:00