openSUSE 42.2 passes testing on the experimental gate and
in order to add it as continuosly tested target we need to
add it to the positive list of tested distributions.
Change-Id: I46f94cfad828534f324994c3d21bddff40e8f9a2
Otherwise those services, notably n-cpu, will try to register
resource providers before placement is ready.
Change-Id: I89fd4fa42baf3d19ee209c59cd85b97adb97c58b
Closes-Bug: #1695634
We have to do silly overrides of cert locations for requests for
reasons. If we are running under python3 then we were previously looking
in the wrong location for the requests certs. Update the cert fixing
function to properly use python3 to find the certs if python3 is
enabled.
Change-Id: Id1369da0d812edcf9b1204e9c567f8bfe77c48b2
In Ibbb430fb1dbf66942168e0cb52d990ab6a2eb8d7, we are adding
etcd3 as a new base service. We should drop zookeeper
and use etcd3 as the backend.
Since cinder is the first service for this tooz+etcd3 DLM
scenario and cinder uses eventlet we have cannnot use the
grpc based driver in tooz. So new CINDER_COORDINATION_URL
that defaults to the etcd3's grpc HTTP gateway based
tooz backend.
We need to hold this change until the tooz change (see
Depends-On) is available in a tooz release.
Depends-On: I6184ed193482dad9643ccb2b97133d4957485408
Change-Id: Ia187e1a86413edf25b909b6bb57e84fb4930a696
Etcd3 was enabled recently as new service in devstack [1]. But there's
no way to disable etcd3. This is required on architectures where no etcd
binaries are available (e.g. s390x). The long term goal of course should
be to have those binaries available. The short term circumvention is to
allow disabling the service in local.conf:
disable_service etcd3
[1] 546656fc05
Change-Id: I6184ed193482dad9643ccb2b97133d4957485408
Partial-Bug: #1693192
ETCD_DOWNLOAD_URL is set to github url, in our CI, we can point
ETCD_DOWNLOAD_URL to a url in tarballs.openstack.org possibly
in devstack-gate
Download the etcd binaries and drop them into /opt/stack/bin and
use it from there. Cache the tgz for subsequent use (local workflow)
daemon-reload is called twice once from inside the write_user_unit_file
and then when we adjust the entries with additional things recommended
by the etcd team. We need a better way to do this in the future.
Added a TODO to verify the downloaded artifact later. The etcd team
posts gpg signature, we could verify that or run sha256sum and hard
code that in lib/etcd3 file. We would have to update it whenever we
bump the etcd3 version.
We use the public key "CoreOS Application Signing Key <security@coreos.com>"
with ID FC8A365E to verify the integrity of the downloaded file
Any jobs that need to be run on architectures where v3.1.7 is not available
should rey the v3.2.0-rcX release candidates. We can switch to v3.2.0
when it gets released.
Initial version of this code was borrowed from the dragonflow
repo:
http://git.openstack.org/cgit/openstack/dragonflow/tree/devstack
Change-Id: Ibbb430fb1dbf66942168e0cb52d990ab6a2eb8d7
This sets our default ulimit NOFILE to 2048, which is double what we
set things like mysql'd max_connections to.
Change-Id: I5126bed1e6b9f8c64db00eae4151ac61e47b1bf8
systemd-journald has rate limiting built in, but that's not sufficient
for the level of logging of OpenStack services during test
runs. Disable the rate limiting so that no log messages are lost.
Change-Id: I64599aba74c5a39276bb8f946cd236600b9cc81b
This removes some remnant heat code and references now that heat is
running in a plugin. Before merging this patch the heat team should
verify they got everything they needed into their heat plugin, as
there were more parts left than I was expecting.
Change-Id: I477e3a6e75591aa8ff836c28f7ef56aa1b5f8727
This moves the developer use case over to systemd, and updates all the
relevant docs to discuss the systemd workflow instead of screen. It
does so by defaulting USE_SCREEN=False, so will not impact people that
set it explicitly.
Change-Id: I6d664612bc2b850eb7f56852afbc841867223ab7
In order to start making the transition in the gate make
USE_SCREEN=False also mean USE_SYSTEMD=True. We'll never actually
declare USE_SYSTEMD=True in the gate (as that doesn't exist for stable
branches), but this will let us roll over the existing transition.
We also have to install systemd-python 234 because we are recording
exception info in the journal, and all versions before that had a bug
in processing that.
Remove the somewhat pointless screen following journalctl commands. We
really don't want or need those, and they tend to build up over time.
Depends-On: I24513f5cbac2c34cf0130bf812ff2df6ad76657c
Change-Id: I6af6d1857effaf662a9d72bd394864934eacbe70
The uwsgi proxy version that comes with Ubuntu xenial is too old, so
we have to build it from source. This is a temporary solution until
the next LTS.
This lays the ground work for using it in keystone.
Change-Id: I00fb1759e6988c7df0ce0f3df5ff1ce9fd7cd381
tls-proxy is the way we're now doing a standard install using https
between services. There is a lot more work to make services directly
handle https, and having python daemons do that directly is a bit of
an anti pattern. Nothing currently tests this in project-config from
my recent grepping, so in the interest of long term maintenance,
delete it all.
Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
We recently disabled EPEL in openstack-infra, enable it again.
Change-Id: I213b302b34b740354d63b69e8ac7f4e1b3d3cdd7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
It looks libvirt/qemu requires mode 0755 to functioning properly,
but DATA_DIR won't be set to 0755 if it is different from default.
Change-Id: I37ca0b02b6a75b3756860b547e84c37ccfc99d13
Closes-Bug: #1677421
In an effort to reduce memory consumption enable KSM by default. The
biggest win here is when using libvirt with nova or ironic with its
fake baremetal instances. In theory any process that runs duplicates
with mergeable memory will benefit though.
Change-Id: I4c5addfd3e83b6516023b36cbaabd5169f0d5ceb
Supported Debian distros (codenames) are "sid", "testing",
and "jessie", but it should be "stretch" and "jessie".
"testing" is no codename and therefore should be replaced by
"stretch".
"sid" changes all the time and cannot be guaranteed to run
correctly or is at least not tested.
Change-Id: Id4b80a055452bbff69036d4dc1adeda46ce99664
Closes-Bug: #1673810
Closes-Bug: #1674416
Change ac5fdb4c4090efd682cc5c55aa30ec433da29fc7 introduced
a problem for gnocchi CI because the deployments steps
are now:
1. create cell0
2. start nova-api (with multiple workers)
3. install ceilometer via extras
4. ceilometer calls nova-api to list servers; at this point
nova-api getes the list of cells and caches them, which
will just be cell0
5. create cell1 via simple_cell_setup which also discovers
the n-cpu node so we can schedule instances
6. gnocchi tests create and list instances and at this point it hits
an n-api worker that only has cell0 cached so it does not
find some test servers it created and fails.
The cell0 and cell1 cells should be created in the nova_api db
before starting n-api so that when we first list instances, we
store both cells in the cache that's in n-api. This deployment
order is also how the nova docs describe rolling out cells v2
but the way we were doing this devstack wasn't following that,
or accounting for when devstack plugins are loaded via extras.
This change creates the main cell1 cell earlier in the setup
before n-api is started, and then changes to just run
discover_hosts at the end after n-cpu is running (which is what
simple_cell_setup and map_cell_and_hosts would do implicitly).
Change-Id: I38eab6707340253a10159a169ae61d34784c2d28
Related-Bug: #1669473
Because things like nova may need to create vhosts in the rpc backend,
we need to have started and created credentials before we configure
the service.
Change-Id: I01c9c5288e197fc50a8a4a032e3a32cd166eb180
This allows post-config phase to use neutron_service_plugin_class_add
so that devstack plugins can use it in the same way for both of
neutron-legacy and its "modern" counterpart, lib/neutron.
Closes-Bug: #1667037
Change-Id: I9068fd608e82e70db8d725f92269a26920efebcb
Currently placement api section will be configured on controller
only if service n-cpu is running. It breaks multi node setup.
Closes-Bug: #1667219
Change-Id: I8b0f60f253859f704bb9831d7dac8f55df353ac7
Nova is going to increase the minimum required libvirt
in Pike to 1.2.9 in change:
I9a972e3fde2e4e552f6fc98350820c07873c3de3
Based on the libvirt distro support matrix wiki [1] that
drops support for Ubuntu Trusty and Debian 7.0/Wheezy.
Trusty has libvirt 1.2.2 and Wheezy has 0.9.12 (the Wheezy
support should have been removed long ago apparently). The
7.0 removed here is for Wheezy also based on commit
b2ef890db3d78b24f9da2f4dd80502165c669ad0.
This does not undo the check for "trusty" with the
EBTABLES_RACE_FIX in lib/nova_plugins/function-libvirt
since you can still force devstack to run on Trusty if
you specify the FORCE=yes variable.
Note that RHEL 7.1 has libvirt 1.2.8 so it won't technically
work with devstack and nova + pike + libvirt, but with the
way os_RELEASE is calculated the minor version is dropped
for RHEL distros so we just get "rhel7".
Also note that this doesn't attempt to continue supporting
Trusty or Wheezy if nova is not configured to use libvirt,
simply in order to start moving forward on devstack distro
support in general and to keep some sanity and closeness
to what we test with in the CI system.
While we're in here, we also drop Fedora 23 and add
Ubuntu Zesty.
[1] https://wiki.openstack.org/wiki/LibvirtDistroSupportMatrix
Depends-On: I9a972e3fde2e4e552f6fc98350820c07873c3de3
Depends-On: If69f99bd789e646b0261e27a8a061efde32436f7
Change-Id: I6617283afd798af37e64913b7865cea3c8a62aba
This moves setting of RABBIT_HOST from stack.sh to lib/rpc_backend
so it may be used in grenade runs, which don't have the defaulted
value from stack.sh. The RABBIT_HOST is needed in order to call
get_transport_url in lib/rpc_backend.
Change-Id: I504f7fac7bb9a8c158e20046dbd1dd2d507db02b
Closes-Bug: #1649586
Depends-On: I3d4d7b309e50f4e2970cda55aada02d68c4fa705
When doing multinode devstack we need a way to specify that we've
enabled for the placement service. We use a pseudo service of
placement-client for this.
Change-Id: I04a655fbc58913b3d607400a7f677be299499142
create_cell requires n-api and at least one n-cpu up and running. If
we have a configuration where it is not guarunteed that there is an
n-cpu at the end of a devstack run we have to skip this step and make
the user run it manually later.
Change-Id: I2287ab29f3c1a7252271dcce81673ef365615296
We need a local.conf processing phase after every run phase which lets
us override config options after that point. We didn't explicitly
support this for test-config before, which broke some CI systems when
we moved tempest to use this later phase.
Closes-Bug: #1646391
Change-Id: I7d693afa19acf3e8231e84e45b7a868628ebdbc0
To avoid using legacy functions accidentially.
Depends-On: Ida1f83b6b3ef9b76be13c063c7e35a8703214078
Change-Id: I3ff136fc8330c92007cdfe91b77d7f9865eabd8d
Currently the x509 certificate setup is done after all the
openstack services have been deployed. This is OK because
none of the services require that the x509 certs exist
when they are being deployed. With the integration of TLS
into the nova novnc proxy (and later spice & serial proxy)
service, x509 certs will need to exist before Nova is
deployed.
The CA setup must thus be moved earlier in the devstack
deployment flow, prior to the setup of any services. One
part of the CA setup, however, fixes up the global cert
bundle locations and this can only be done after the
python requests module is install, thus must remain in
its current location.
Change-Id: Idcd264fb73bb88dc2f4280c53c013dfe4364afff
This removes all of the heat code from the devstack tree, in favor of the
devstack plugin in Heat's tree.
Depends-On: I4bed1e5cef5afa7b049b07640086a86a3f881e13
Depends-On: Ic392bcc24bc374ee8511a94f1d8f6ac23131c7e3
Change-Id: I5b60422bf1f5fa78aa8f3383f7a222e0356d9e42
