I noticed this when debugging some grenade issues failures.
An include of grenade/functions stores the current value of XTRACE
(on) and disables xtrace for the rest of the import.
We then include devstack's "functions" library, which now overwrites
the stored value of XTRACE the current state; i.e. disabled.
When it finishes it restores the prior state (disabled), and then
grenade restores the same value of XTRACE (disabled).
The result is that xtrace is incorrectly disabled until the next time
it just happens to be turned on.
The solution is to name-space the store of the current-value of xtrace
so when we finish sourcing a file, we always restore the tracing value
to what it was when we entered.
Some files had already discovered this. In general there is
inconsistency around the setting of the variable, and a lot of obvious
copy-paste. This brings consistency across all files by using
_XTRACE_* prefixes for the sotre/restore of tracing values.
Change-Id: Iba7739eada5711d9c269cb4127fa712e9f961695
A number of new settings are required for glance, cinder
and keystone to be installable when the tls-proxy
service is enabled.
For cinder a new public_endpoint option was added and this
needs to be set to the secure port.
Keystone needs the admin_endpoint and public_endpoints
defined otherwise during discovery the default,
non-secure versions, will be returned.
The keystone authtoken identity_uri was set at its default value
in the glance registry and API configuration files.
Change-Id: Ibb944ad7eb000edc6bccfcded765d1976d4d46d0
Closes-Bug: #1460807
132fbcd38ebae52bdd20da54905131b75581520f in cinder changed the
volume_clear StrOpt to use the choices kwarg which enforces the value
specified and raises a ValueError if an invalid value is set for the
option in cinder.conf.
This lets us remove the validation that devstack was doing.
Change-Id: Ia7eead6297ed0f3a972de2021170fe9c7225e856
To avoid hanging services during gracefull shutdown option
graceful_shutdown_timeout should be configured.
Closes-Bug: #1446583
Change-Id: I2b7f0df831d65c55ae8cae241478f49c9641d99f
This patch alows specifiying a deviation of the swift default port 8080 with
variable SWIFT_DEFAULT_BIND_PORT. The created endpoints in keystone for
object-store and the backup_swift_url in cinder.conf will use variable
SWIFT_DEFAULT_BIND_PORT instead of the fixed port 8080.
Change-Id: I47bbcf77368c430718fb8f29b7de1ff305e64422
Closes-Bug: #1489767
Ia0957b47187c3dcadd46154b17022c4213781112 proposes to have bashate
find instances of setting a local value. The issue is that "local"
always returns 0, thus hiding any failure in the commands running to
set the variable.
This is an automated replacement of such instances
Depends-On: I676c805e8f0401f75cc5367eee83b3d880cdef81
Change-Id: I9c8912a8fd596535589b207d7fc553b9d951d3fe
This change adds apache templates for Cinder API services.
Also add possibility to switch between the old and new ways
to setup Cinder API.
Related Cinder blueprint:
https://blueprints.launchpad.net/cinder/+spec/non-eventlet-wsgi-app
Change-Id: Icfad40ee6998296727a95613199e5c2d87bd0a45
Depends-On: Ifbab059001d1567b1f7b394c0411a9ca4629f846
Co-Authored-By: Ivan Kolodyazhny <e0ne@e0ne.info>
The previous approach assumed that devstack in tree service support
would always be a super set of tempest. That's not necessarily
true. Instead when configuring tempest we should look at all the
possible services that tempest could know about, which will let us
disable services we don't have support for.
Change-Id: I9c24705e494689f09a885eb0a640efd50db33fcf
OpenStackClient doesn't currently support volume type create on the V2
API. Make sure that all requests use the V1 api until this has been
fixed in OpenStackClient.
Change-Id: I2fa133d30753e188d383d3de78c0022a3625cb34
Closes-Bug: #1475062
This command was commented out so assumedly there used to be a bug. Switch to
OpenStackClient as the cinder CLI doesn't handle v3 auth correctly.
Implements: bp keystonev3
Change-Id: I1acdc04cf04b7056701bdded31ef2a015de5bce3
Always use the keystone V3 API when creating services and endpoints. The syntax
here is slightly different but we maintain the function interface.
Change-Id: Ib3a375918a45fd6e37d873a1a5c0c4b26bdbb5d8
Implements: bp keystonev3
By default, most Openstack services are bound to 0.0.0.0
and service endpoints are registered as IPv4 addresses.
With this change we introduce two new variables to control
this behavior:
SERVICE_IP_VERSION - can either be "4" or "6".
When set to "4" (default if not set) devstack will operate
as today - most services will open listen sockets on 0.0.0.0
and service endpoints will be registered using HOST_IP as the
address.
When set to "6" devstack services will open listen sockets on ::
and service endpoints will be registered using HOST_IPV6 as the
address.
There is no support for "4+6", more work is required for that.
HOST_IPV6 - if SERVICE_IP_VERSION=6 this must be an IPv6
address configured on the system.
Some existing services, like the Openvswitch agent, will continue
to use IPv4 addresses for things like tunnel endpoints. This is
a current restriction in the code and can be updated at a later
time. This change is just a first step to supporting IPv6-only
control and data planes in devstack.
This change is also partly based on two previous patches,
https://review.openstack.org/#/c/140519/ and
https://review.openstack.org/#/c/176898/
Change-Id: I5c0b775490ce54ab104fd5e89b20fb700212ae74
Co-Authored-By: Sean Collins <sean@coreitpro.com>
Co-Authored-By: Baodong Li <baoli@cisco.com>
Co-Authored-By: Sridhar Gaddam <sridhar.gaddam@enovance.com>
Co-Authored-By: Adam Kacmarsky <adam.kacmarsky@hp.com>
Co-Authored-By: Jeremy Alvis <jeremy.alvis@hp.com>
There is a known bug that restart tgtd fails, so go the
workaround way and stopping/starting it instead.
In addition, remove the else case since unstack also
uses cleanup_cinder, which already unconditionally supports
all distros.
Change-Id: Ib70917a95f001ef36a51815f08416fa30084aad6
os-brick code was pulled out of cinder and made into its own library
https://review.openstack.org/#/c/155552/
added to requirements:
https://review.openstack.org/#/c/177372/
Integration tests were added
https://review.openstack.org/#/c/188156/
But they still use the version of os-brick from pip.
This change updates devstack to pull in the changes from
os-brick patch sets instead, when configured to do so.
Needed-by: Id2bc10782847861fe4bb5e9e46245654450e38fd
Change-Id: I5359dd37dfe94bd469d5ca35f9fbaeda61b5fac4
We can infer the binary and configuration paths just from the project
name and expanding this to the known *_DIR & *_BIN_DIR variables. A
similar thing is done for policyd settings
Change-Id: I7c6a9fa106948ae5cbcf52555ade6154623798f1
When calling os-assisted-snapshots APIs, Cinder often (by default) needs
to pass an admin token to Nova. Currently it uses the credentials of
the current user.
This will cause calls to Nova APIs for assisted volume snapshots to fail.
Configuration options should be added to specify different credentials
for talking to Nova.
Change-Id: I9e3ed53f4e1349d57a0c33518445f54ac63e36ec
Related-Bug: #1308736
Cinder has had an lvm_type option for quite a while
that allows the LVM driver to be configured to use
thin provisioning.
This required an additional PPA in Precise, but is
available in the default Trusty packages.
This patch adds the lvm_type option, and we'll use
it to do gate testing against the lvm_thin configuration.
Change-Id: I99c7fea131f3d79747ec75052adf8b24f41ba483
CINDER_SECURE_DELETE previously iniset volume_clear to none as a
side effect, however secure_delete is not documented in cinder.
Now using CINDER_VOLUME_CLEAR outright. CINDER_SECURE_DELETE is
supported but now deprecated.
Change-Id: Ic8694cf16654c23b27d23853a9f06ddf1050fa93
Closes-Bug: #1450159
Part of the effort to clean up the Cinder logs is to use
the resource tag in the log format. We also want to have
some consistency with other projects in how we do logging.
This change adds the logging format to cinder.conf similar to
what Nova and others use, and most importantly turns on the use
of the resource tag that's in olso_log.
We're slowly cleaning up the logging in Cinder by doing things
like replacing "Delete volume %(volume_id)s compoleted" with
("Delete volume completed successfully.", resource=volume)
It woudl be good to have these picked up as we transition so we're
not missing info. Also, there's sure to be cases where "volume"
isn't a valid dbref and we find issues that need fixed.
Change-Id: I193637fea14d97183f6a9782f37d8edcf929e0c4
Rootwrap shouldn't be a unique snowflake. Plus the binaries tend
to be called assuming PATH will find them. Not so with venvs
so we need to work around that brokenness.
Configure Cinder and Nova to use configure_rootwrap().
Change-Id: I8ee1f66014875caf20a2d14ff6ef3672673ba85a
The Linux-IO is a modern way of handling targets.
Per the IRC discussions lioadm as default
seams like a better default for everyone, for now it will be
optional, but the tgtadm admin support expected to be removed when
lioadm works well with all CI (including third party).
Change-Id: Ia54c59914c1d3ff2ef5f00ecf819426bc448d0a9
rootwrap is horribly called indirectly via PATH. The choice, other than fixing
such nonsense, is to force the path in sudo.
Change-Id: Idac07455359b347e1c617736a515c2261b56d871
A while back I added an lvm.conf file with a device filter setting
to try and clean up the LVM hangs in the gate:
(commit 0b9e76f280208b5b5ad54bb6fbc4133e63037286)
It turns out this wasn't the real problem, the real problem
is that on an LVS/VGS command LVM will attempt to open and read
all potential block devices in /dev to see if they have LVM data
on them. I initially thought the local filter would keep that
from happening, as it turns out the local filter only limits what's
returned AFTER the actual scan process. In order to keep the scan
from happening at all, either a global_filter needs to be used or
lvmetad needs to be running and enabled.
There are situations in gate tests where /dev/sdX devices are created and
deleted and the result is that we hit situations where LVM tries
to open up devices to check them even if they've been removed. The
result is we have a blocking open call from LVM that takes approx
60 seconds to time out and fail.
Ubuntu won't have a version of lvmetad until Vivid, so for now
that just leaves the global_filter as an option.
This patch adds the filter routine to the end of stack.sh. We don't
want to put the routine in lib/cinder_backend/lvm like we had it because
now we have to set the global filter for all LVM commands on the system.
So we put this as one of the last steps in stack.sh and run it if Cinder
is enabled. This way we can query PV's on the system regardless of what
other services may be running and using LVM and make sure that all of
their devices are added to the filter as well.
Also, make sure we only set this for Ubuntu as Fedora/RHEL variants
utilize lvmetad.
This patch also removes the old change that set the local filter.
DocImpact
Should add this to recommended config for Cinder on systems
that don't have lvmetad, and recommend lvmetad for those that do.
Change-Id: I5d5c48e188cbb9b4208096736807f082bce524e8
Closes-Bug: #1373513
This eliminated a number of sudo calls by doing the copy/chown/chmod in
a single step and sets a common pattern.
Change-Id: I9c8f48854d5bc443cc187df0948c28b82c4d2838
iniset_rpc_backend should know what section it needs to set the
config options in better than the callers. The config options
have actually been moved to different sections and the options
in the DEFAULT section are deprecated.
Change-Id: I0e07fe03c7812ef8df49e126bf71c57588635639
As per the logs:
Option "lock_path" from group "DEFAULT" is deprecated. Use option "lock_path" from group
"oslo_concurrency".
Option "sql_connection" from group "DEFAULT" is deprecated. Use option
"connection" from group "database".
Change-Id: I2109cec07ebee916c9ce0ccd24bd9a47d8d3c688
The current issue is that if we deploy c-vol service on a separate
machine, my_ip and SERVICE_HOST will be different, because my_ip is
the machine where c-vol service is running and SERVICE_HOST points
to the machine where the cinder api service is running. If my_ip of
c-vol in cinder.conf is set to the IP of c-api, it will cause the
issue that the volume is unable to attach. The issue can be resolved
by removing my_ip from cinder.conf.
Change-Id: I699c0b5297c60e9f9934f74684abf563f4b0e977
closes-bug: #1428013
Region name should be set to nova.conf and cinder.conf so that
cinder volume can work in multiregion env.
Closes-Bug: #1429738
Change-Id: Ib20911c24d8daabc07e6515f4a23a745d77593ff
These have been emitting deprecated warnings for over a full release cycle:
Q_AGENT_EXTRA_AGENT_OPTS, Q_AGENT_EXTRA_SRV_OPTS, CINDER_MULTI_LVM_BACKEND
Change-Id: I3aa5cabd6ce3a0072cba08bbca1ad23d4a831219
Most of the services create the service user with the admin permission.
This is unnecessary for token validation and they should be restricted
to only having the service role.
Change-Id: Id7a9366d2c6a36139240f64371002362dc2d8d3b
The code for creating service users is almost exactly the same. Abstract
this into a function that can be reused and standardized.
Change-Id: I3a4edbff0a928da7ef9b0097a5a8d508fdfab7ff
skip-redirect was intruduced with the first commit related
to cinder support, nobody remembers why was this undocumented option
there those times.
Change-Id: If579a93090392327bce96ddd1b562977edf762de
