We haven't been testing the distro for a while in CI, e.g. in
Tempest, the jobs on opensuse15 haven't been executed for a year
now.
Therefore the patch removes opensuse support from devstack.
Closes-Bug: #2002900
Change-Id: I0f5e4c644e2d14d1b8bb5bc0096d1469febe5fcc
Just like we remove db files let's also remove
socket files when initializing ovn. Those will
reappear once service fully restarts along with
db files. Without it we see random issue as
described in the below bug.
Closes-Bug: #2002629
Change-Id: I726a9cac9c805d017273aa79e844724f0d00cdf0
In this release cycle, a few services are enabling the
enforce scope and new defaults by default. Example Nova:
- https://review.opendev.org/c/openstack/nova/+/866218)
Until the new defaults enalbing by default is not released we
should keep testing the old defaults in existing jobs and we can
add new jobs testing new defautls. To do that we can provide the
way in devstack to keep scope/new defaults disable by default which
can be enabled by setting enforce_scope variable to true.
Once any service release the new defaults enabled by default then
we can switch the bhavior, enable the scope/new defaults by default
and a single job can disbale them to keep testing the old defaults
until service does not remove those.
Change-Id: I5c2ec3e1667172a75e06458f16cf3d57947b2c53
Module lib/neutron was introduced long time ago as new module to deploy
neutron. It was intended to replace old lib/neutron-legacy module. But
since very long time it wasn't really finished and used by anyone and
lib/neutron-legacy is defacto standard module used by everyone to deploy
neutron with devstack.
In [1] unfinished lib/neutron was deprecated and now it's time to remove
it from the devstack code.
This patch also renames old "lib/neutron-legacy" module to be
"lib/neutron" now.
Previously "old" lib/neutron-legacy module was accepting neutron
services names wit "q-" prefix and "new" lib/neutron module was accepting
services with "neutron-" prefix. Now, as there is only one module it
accepts both prefixes.
For historical reasons and to be consistent with old lib/neutron-legacy
which was widely used everywhere, services will be named with "q-"
prefix but both prefixes will be accepted to enable or disable services.
This patch also moves _configure_neutron_service function to be called
at the end of the "configure_neutron" after all agents and service
plugins are already configured.
[1] https://review.opendev.org/c/openstack/devstack/+/823653
Related-bug: #1996748
Change-Id: Ibf1c8b2ee6b6618f77cd8486e9c687993d7cb4a0
Tox 4.0.0 has some incompatible changes, epecially more
strict on allowlist_externals. Tempest recently changed
allowlist_externals not to be *[1] causing the failure
on jobs where lib/tempest failing to run the tempest
as command in virtual env.
----------
venv: commands[0]> tempest verify-config -uro /tmp/tmp.qH5KgJHTF4
venv: failed with tempest is not allowed, use allowlist_externals to allow it
------
We do not need to test/fix the <=stable/zed branches with tox 4.0.0
and pinning them with the compatible tox version of the time stable
brnaches were releaased is better way.
This commit proposes:
1. Pinning the tox<4.0.0 for <=stable/ze branches testing
2. Workaround to unblock the master gate by pinning it <4.0.0 but
we should make our testing compatible with tox 4.0.0 soon.
Depends-On: https://review.opendev.org/c/openstack/devstack/+/867066
Related-Bug: #1999183
[1] https://review.opendev.org/c/openstack/tempest/+/865314 devstack based job started failing to run tempest command on venv.
Change-Id: I9a138af94dedc0d8ce5a0d519d75779415d3c30b
In the past firewall_driver setting was configured for ML2 plugin
because it was used in the
neutron.agent.securitygroups_rpc.is_firewall_enabled() function but
currently it's not needed anymore as there is other config option
"enable_security_group" for that.
Related-bug: #1996748
Change-Id: I9b09c6afb3f1f1c33d1bdfea52ba6f4c0d0cf2dc
openEuler 20.03 LTS SP2 support was removed from devstack in last
few months due to its python version is too old and the CI job
always fail. And openEuler 20.03 LTS SP2 was out of maintainer in May
2022 by openEuler community.
The newest LTS version was released in March 2022 called 22.03 LTS.
This release will be maintained for at least 2 years. And the python
version is 3.9 which works well for devstack.
This Patch add the openEuler distro support back. And add the related
CI job to make sure its works well.
Change-Id: I99c99d08b4a44d3dc644bd2e56b5ae7f7ee44210
The option was already deprecated in os-vif 2.2.0[1]. The override is
no longer required since bug 1929446 was already resolved.
[1] https://review.opendev.org/c/openstack/os-vif/+/744816
Related-Bug: #1929446
Change-Id: I5bc55723a178b32d947da2ac91d2f62aa8124990
Nova is ready with the scope and new defaults as per the new
RBAC design. Adding devstack flag to enable the scope checks
and new defaults enforcement in nova side.
Change-Id: I305ea626a4b622c5534d523f4b619832f9d35f8d
The dbcounter install on Debian Bullseye is broken in a really fun way.
The problem is that we end up mixing pypi openssl and distro
cryptography under pip and those two versions of libraries are not
compatible.
The reason this happens is that debian's pip package debundles the pip
deps. This splits them out into /usr/share/python-wheels and it will
prefer distro versions of libraries over pypi installed versions of
libraries. But if a pypi version is installed and a distro version is
not then the pypi version is used. If the pypi version of library A does
not work with distro version of library B then debundled pip breaks.
This has happened with crypytography and pyOpenSSL.
This happens because urllib3 (a debundled pip dep) appears to use
pyopenssl conditionally. Novnc depends on python3-cryptography, and
openstack depends on cryptogrpahy from pypi ensuring we get both a
distro and a pypi version installed. However, pyOpenSSL is only pulled
in from pypi via openstack deps. This leaves debundled urllib3
attempting to use pypi pyOpenSSL with distro cryptography and that combo
isn't valid due to an interface change.
To fix this we install python3-openssl ensuring that debundled pip will
use distro pyOpenSSL with distro cryptography making everything happy
again. But we only do this when we install novnc as novnc is what pulls
in distro cryptography in the first place. We can't simply install
python3-openssl on all debuntu platforms because this breaks Ubuntu
Focal in the other direction. On Ubuntu focal distro pip uses distro
pyOpenSSL when no pypi pyOpenSSl is installed (prior to keystone
install) and is not compatible with pypi cryptography.
Honestly, this whole intersection between distro and pypi installs of
cryptography and pyOpenSSL could probably be made cleaner. One option
would be for us to always install the constraints version of both
packages from pypi and the distro pacakges very early in the devstack
run. But that seems far more complicated so I'm not attempting that
here.
Change-Id: I0fc6a8e66e365ac49c6c7ceb4c71c68714b9f541
Adding a second exception for single-core-review in Devstack
repository - changes which do not affect core functionality, like
f.e. job cleanups, can be reviewed by a single core.
Change-Id: Idb6cefa510fdbfed41379eb410f4884852d1177f
It seems that setting "sysctl kernel.dmesg_restrict" was changed
in Ubuntu 22.04 (Jammy) to "1" and because of that running "dmesg"
command requires now root privileges.
Closes-bug: #1994023
Change-Id: I2adc76e3025fadf994bab2e2e1fd608e688874fc
If stack.sh is run on a system that already has OVN packages
installed, it could fail to find its DB sockets. This is because
the 'ln -s' will place the symlink inside of /var/run/ovn
instead of using a single directory as intended.
Change the code in neutron_plugins/ovn_agent to not make the
symlink and instead use separate directories for OVS and OVN.
Closes-bug: #1980421
Change-Id: Ic28a93bdc3dfe4a6159234baeabd0064db452b07
Some services fail when using special characters in passwords, add some
warnings to our docs.
Closes-Bug: 1744985
Change-Id: I601149e2e7362507b38f01719f7197385a27e0a8
This commit fixes the tox command option to run the smoke tests. The
original arguments fail with the error[1], and `-efull` and
`tempest.scenario.test_network_basic_ops` are not for the smoke tests.
[1]
$ tox -efull tempest.scenario.test_network_basic_ops
...
tempest run: error: unrecognized arguments: tempest.scenario.test_network_basic_ops
Change-Id: I9c3dd9fb4f64bf856c5cab88a2aeaae355c84a65
The issue that Horizon had with python3.10 has been fixed some time ago,
so we can stop disabling it for those jobs.
Also stop including roles from devstack-gate which we no longer need.
Change-Id: Ia5d0b31561adc5051acd96fcaab183e60c3c2f99
Because adding the role is idempotent, we can save doing the initial
check for role assignment. Also simplify the output matching by using
osc's filters where appropriate.
Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: If2a661cc565a43a7821b8f0a10edd97de08eb911
Similar to other functions, this uses "--or-show" to avoid double
calls.
Co-Authored-By: Jens Harbott <harbott@osism.tech>
Change-Id: I548f9acd812687838e04b705f86f3b70d2b10caf
