Recent change to devstack dropped installing test-requirements [1]
However, this caused gate failures due to lack of glance-store
deps for cinder and swift support.
This patch makes devstack install relevant extras depending on
enabled features.
Additionally, relevant functions are added/fixed to make this
possible.
glance-store = glance_store (for gerrit search match)
[1] https://review.opendev.org/715469
Change-Id: I0bf5792a6058b52936115b515ea8360f6264a7c9
From Train release Glance has added support [0][1] to configure multiple stores
of same or different types. This patch enables developers to configure
multiple file stores for glance. In order to configure multiple file stores
user need to set below options in local.conf
GLANCE_ENABLE_MULTIPLE_STORES=True/False
To enable multiple stores of glance.
GLANCE_MULTIPLE_FILE_STORES=veryfast,fast,cheap,verycheap,slow,veryslow
Comma separated list of store identifiers.
GLANCE_DEFAULT_BACKEND=fast
Default glance store in which image should be stored if store identifier not
specified explicilty. Should be one of the store identifier from
GLANCE_MULTIPLE_FILE_STORES config option.
NOTE: This support is added so that we can start adding tempest/CI tests for
glance multiple stores.
[0] 515412b59f5b3af07a1787b9f8e85a4d656d3e1c
[1] https://docs.openstack.org/glance/train/admin/multistores.html
Change-Id: I494f77555cfe9115356ce0ee75c7d7f192141447
Since [1] Glance init depends on either g-api or g-reg being
enabled.
This broke multinode g-api deployments with singlenode database
backend.
This commit aligns Glance with other services w.r.t when to
apply database init.
[1] d8dec362baa2bf7f6ffe1c47352fdbe032eaf20a
Change-Id: Idc07764d6ba3a828f19691f56c73cbe9179c2673
Closes-bug: #1860021
With Glance defining default policies in code, it's no longer necessary
to install policy.json from the repo.
Change-Id: I9f9160f5a2bf9fd77fb3807e12de219b7a49952d
Depends-On: https://review.opendev.org/693129
This is no longer being used due to Keystone PKI tokens no longer
being implemented.
In order to not break backward compatibility we create a new function
that is to be used instead and deprecate the old one. Modify the old
function to ignore the 3rd argument and display a deprecation warning.
Adjust callers to no longer create and set that directory, calling the
new function instead.
Change-Id: Id0dec1ba72467cce5cacfcfdb2bc0af2bd3a3610
Option "lock_path" from group "DEFAULT" is deprecated. Use option
"lock_path" from group "oslo_concurrency".
Change-Id: I7c7501a4a351155eeba77bb7cd43c8d6f5ea73bc
Cinder v1 was removed over a year ago. Change the cinder template
URLs devstack defines in the glance-api.conf to use cinder v3
instead.
Change-Id: I4a68dc0b53631be0708e7411c37619dd6dfd4fa6
The glance-api service may use multiple config files, so
tell oslo.config about the config dir instead of a specific
config file when the service is started.
Change-Id: Iad3602d209cbb31e10683c67e1fd6b465d19f560
Partial-bug: #1805765
We use $API_WORKERS to throttle the number of workers
in other services but were not doing it for g-reg for
some reason, which by default will run ncpu workers
up to a limit of 8.
Change-Id: Idc81ce05546e6d625c10e2229256eafbe7c057a5
Closes-Bug: #1774781
- There are some locations where we need the raw IPv6 address instead of the
url-quoted version enclosed in brackets.
- Make nova-api-metadata service listen on IPv6 when we need that.
- Use SERVICE_HOST instead of HOST_IP for TLS_IP.
Change-Id: Id074be38ee95754e88b7219de7d9beb06f796fad
Partial-Bug: 1656329
This patch creates a new config file glance-image-import.conf
at /etc/glance path. Also, each config option is initialized
with default values.
Need these changes to implement specs [1]:
[1]: https://blueprints.launchpad.net/glance/+spec/inject-automatic-metadata
Related-Change-Id: If14c7dc4f38360006f9cb350fbba54fa2f33be61
Change-Id: I665507db1838a50e344d3be909d7490f1f52040c
The current Glance config files are a combination of copied and
generated files. This patch makes all the files generated and
removes now unnecssary ini(un)comment statements. It additionally
removes some ini(un)comment statements that weren't having any
effect on the previously generated files.
Change-Id: I6e4b7694e8bebb7fe6661ead034ee257c768e342
We install the glance api on all nodes in multinode testing. This has
been failing because we don't configure the glance auth cache dirs if
we only install the glance api service. This was done as part of
init_glance which is only run when installing g-reg.
Fix this by moving the auth cache dir creation step into
configure_glance which is run for the glance api.
Change-Id: Ie669827507df0f524e6e53fe4ab3dff848dd4bd7
This reverts commit ef5ebed6c9ca3d9d47fd2a732a1542555a0f65ba.
The problem here is a backwards-incompatible change to
configure_auth_token_middleware. Plugins are still passing a
"signing_dir" which is interpreted now as the "section" argument
... this leads to an interesting red-herring issue; because "v" is a
gnu sed command for checking the version, a signing_dir of "/var/..."
(as done in most plugins) gives the weird error:
sed: -e expression #1, char 32: expected newer version of sed
I think we'll either need a new function, or dummy arguments to get
this back in.
Change-Id: I2098d4eb2747282622cf486fa7dbf216f932f58b
PKI tokens have been actively deprecated from keystone and there are
deprecations being emitted from keystonemiddleware. Because of this we
no longer need an auth cache directory in the services where the PKI
certifcates used to be stored.
Remove the creation and use of all these AUTH_CACHE directories.
Change-Id: I5680376e70e74882e9fdb87ee1b95d5f40570ad7
Code in grenade and elsewhere rely on the process/service name
when one runs "ps auxw" and they grep for example "grep -e glance-api"
to check if the service is running. with uwsgi, let us make sure
we use process name prefix so it is easier to spot the services
and be compatible with code elsewhere that relies on this.
Change-Id: I4d1cd223ed9904fcb19b26fc9362b676e0b4f9b3
We run glance behind uwsgi. This means that the URL glance knows about
itself is wrong, and version discovery fails. Set the public endpoint to
the value of GLANCE_URL which should always be correct.
Change-Id: Ia7c69024a0ef6cc0fdc284ffcd06eee5678a1007
We are trying to keep better track of what pieces of devstack consume
the most time. Add the db sync commands to the time tracking as they run
the database migrations which can take more time than expected.
Change-Id: Ib92f2b8304ccf703712d45fd7207444de3599e2d
The old implementation for is_$service_enabled simply checked if any of
the subservices were enabled and if so the service was considered to be
enabled. This makes disabling services complicated as it means you have
to list every single subservice which can and do change over time.
Instead also check if the generic service name is in the disabled
services list and if so don't treat the service as enabled.
Change-Id: I7fe4dfca2cd9c15069d50a04161a29c5638291cb
This commit adds support for deploying glance as a wsgi script under
uwsgi. To get around limitations in the uwsgi protocol when using
python3 for chunked encoding we have to setup uwsgi in http mode on a
random port listening on localhost and use mod_proxy to forward the
incoming requests. The alternative approach of having apache buffer the
requests locally with the send_cl option with mod_proxy_uwsgi only
worked on python2 and also has the limitation that apache is buffering
the entire chunked object, which could be several gigabytes in size.
Depends-On: I089a22a4be4227a551c32442dba27c426f54c87d
Change-Id: Ie98fb7da5e8ecfa49cd680b88139cb7034d5f88f
As we move to enabling glance-api to use a wsgi script that might be run
as multiple processes, there are a couple places where external
synchronization is necessary. To use this we need to set the lock_path
config option from oslo.concurrency so external locks will work.
Change-Id: I9a66a8636d12037ff9aa4fb73cc3f9b9343dd7e9
tls-proxy is the way we're now doing a standard install using https
between services. There is a lot more work to make services directly
handle https, and having python daemons do that directly is a bit of
an anti pattern. Nothing currently tests this in project-config from
my recent grepping, so in the interest of long term maintenance,
delete it all.
Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
glare has been removed from glance already. Now error will be raised
if enable g-glare in local.conf.
Remove the glare support by glance.
Change-Id: I9a389af194dd2b8aed75d3c921293d800f8c591b
The oslo.messaging docs on the notification messaging driver
says that "messaging" (1.0) is a legacy format and you should
use messagingv2 unless otherwise required for that old format.
By default we should be testing with messagingv2.
Change-Id: I3031afe7551a0c8dde46e1ccfacff445fb68e122
Nova has been supporting glance v2 since Newton and removed
support for glance v1 in Ocata:
97e7b97210139a7f7888f0d6901e499664de02a3
We should disable glance v1 by default because there are several
test paths in Tempest which don't get run when glance v1 is
available because it uses glance v1 rather than v2.
Depends-On: I54db379f6fbe859fd9f1b0cdd5b74102539ab265
Change-Id: I7f962a07317cdad917ee896d79e49ee18938d074
The proliferation of internal/admin endpoints is mostly legacy and
based on some specific deployment patterns. These are not used by
everyone, and for the devstack case aren't really that useful. We
should simplify our service catalog down to the minimum we need for
development.
Change-Id: Ided7a65c81b3a0b56f0184847fc82e17c29a771e
This provides a single setup_logging function which builds consistent
colorization if the config supports it, otherwise builds the identity
strings that we need to actually keep track of requests.
Change-Id: Iffe30326a5b974ad141aed6288f61e0d6fd18ca9
This makes setup_colorized_logging be a thing which takes a single
parameter and doesn't let projects do things differently. It also
changes the order of values from user / project to project / user to
represent the hierachy more clearly.
Change-Id: I8c0ba7da54be588e3e068734feb4f78ed7c5a14a
* iniuncomment followed by iniset for reseller_prefix just adds a
duplicate line in the config file that configparser does not like
so just remove the uncomment
* fall back to http:// url for glance->swift keystone authentication
* insecure flag to talk to swift
Depends-On: I51d56d16a5b175bd45dee09edc0b2748d72a5d06
Change-Id: I02ed01e20f8dce195c51273e8384130af53384ce
This patch sets Keystone v3 as default in services
configuration files and in the openrc and stackrc scripts.
Change-Id: I24546f02067ea23d088d383b85e3a78d7b43f166
Partially-Implements: bp keystonev3
With [1] glance_store introduced default settings for user_domain_id and
project_domain_id. Sadly since these are always passed to the keystone
client, they override any settings to user_domain_name and
project_domain_name that are made in the config, leading to authentication
failures.
So as a workaround until [2] is fixed, we explicitly place the corresponding
domain_ids into the config.
[1] https://review.openstack.org/297665
[2] https://bugs.launchpad.net/tempest/+bug/1620999
Change-Id: Ica81a1a176614392291f2db4cc6398ed30663aed
Stud is now abandonware (see https://github.com/bumptech/stud) and is
not packaged in xenial. Lets use Apache for SSL termination since its
there already.
Change-Id: Ifcba410f5969521e8b3d30f02795541c1661f83a
To properly test the integration between Glance CORS feature and
Horizon Javascript environment uploading image files directly to Glance
(using this feature), we need to enable CORS support for Glance in
integration tests. Adding corresponding Devstack variable to configure
Glance in such a way that it accepts direct requests from Horizon
Javascript is the prerequisite step for the integration testing of this
feature.
By default Horizon and Glance are located on the same host, hence
default value cors.allowed_origin = http://$SERVICE_HOST should work.
If a more complicated setup is desired, where Horizon is located on a
different host, GLANCE_CORS_ALLOWED_ORIGIN environment variable should
be exported to Devstack.
Partially implements blueprint: horizon-glance-large-image-upload
Change-Id: I4881fb6631c2daa2ad8946210eff4bb021957374
As part of the process of deprecating Glance's V1, the glance team would
like to start testing V2-only environments. Therefore, this change
provides a way to force other services to use V2.
Change-Id: I87e77d07964eac01e9a796817cbc88bd6e59c721
Currently, the db sync operation does not specify the config dir or
config file.
If there is a config file in the home path, it will use this one,
but not the right one devstack write.
Set config file to these operations.
Change-Id: Id1fbc3d85280c19596f5ebd301c46bcf018fa2f6
Closes-Bug: #1578098
