0b596470c8
Stable/Rocky and Stable/Queens use ubuntu xenial for gate which does not have python3.6 interpreter. As OpenStack is dropping the python2 support, many dependencies of Tempest and its plugins need py3.6 interpreter. For Example: neutron-lib latest release Bug#1860033. This installs python3.6 and makes it available in Tempest venv so that Tempest master can keep testing the stable branch. py3.6 provided by ppa. Stein onwards distro ver (bionic) has py3.6 so no issue there. Closes-Bug: 1860033 Co-authored-by: Radosław Piliszek <radoslaw.piliszek@gmail.com> Change-Id: I143b5d9b5cbe9a3c3f0d749badf2b6332a753fb5
266 lines
10 KiB
Bash
Executable File
266 lines
10 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# **fixup_stuff.sh**
|
|
|
|
# fixup_stuff.sh
|
|
#
|
|
# All distro and package specific hacks go in here
|
|
#
|
|
# - prettytable 0.7.2 permissions are 600 in the package and
|
|
# pip 1.4 doesn't fix it (1.3 did)
|
|
#
|
|
# - httplib2 0.8 permissions are 600 in the package and
|
|
# pip 1.4 doesn't fix it (1.3 did)
|
|
#
|
|
# - Fedora:
|
|
# - set selinux not enforcing
|
|
# - uninstall firewalld (f20 only)
|
|
|
|
|
|
# If ``TOP_DIR`` is set we're being sourced rather than running stand-alone
|
|
# or in a sub-shell
|
|
if [[ -z "$TOP_DIR" ]]; then
|
|
set -o errexit
|
|
set -o xtrace
|
|
|
|
# Keep track of the current directory
|
|
TOOLS_DIR=$(cd $(dirname "$0") && pwd)
|
|
TOP_DIR=$(cd $TOOLS_DIR/..; pwd)
|
|
|
|
# Change dir to top of DevStack
|
|
cd $TOP_DIR
|
|
|
|
# Import common functions
|
|
source $TOP_DIR/functions
|
|
|
|
FILES=$TOP_DIR/files
|
|
fi
|
|
|
|
# Keystone Port Reservation
|
|
# -------------------------
|
|
# Reserve and prevent ``KEYSTONE_AUTH_PORT`` and ``KEYSTONE_AUTH_PORT_INT`` from
|
|
# being used as ephemeral ports by the system. The default(s) are 35357 and
|
|
# 35358 which are in the Linux defined ephemeral port range (in disagreement
|
|
# with the IANA ephemeral port range). This is a workaround for bug #1253482
|
|
# where Keystone will try and bind to the port and the port will already be
|
|
# in use as an ephemeral port by another process. This places an explicit
|
|
# exception into the Kernel for the Keystone AUTH ports.
|
|
function fixup_keystone {
|
|
keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
|
|
|
|
# Only do the reserved ports when available, on some system (like containers)
|
|
# where it's not exposed we are almost pretty sure these ports would be
|
|
# exclusive for our DevStack.
|
|
if sysctl net.ipv4.ip_local_reserved_ports >/dev/null 2>&1; then
|
|
# Get any currently reserved ports, strip off leading whitespace
|
|
reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
|
|
|
|
if [[ -z "${reserved_ports}" ]]; then
|
|
# If there are no currently reserved ports, reserve the keystone ports
|
|
sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
|
|
else
|
|
# If there are currently reserved ports, keep those and also reserve the
|
|
# Keystone specific ports. Duplicate reservations are merged into a single
|
|
# reservation (or range) automatically by the kernel.
|
|
sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
|
|
fi
|
|
else
|
|
echo_summary "WARNING: unable to reserve keystone ports"
|
|
fi
|
|
}
|
|
|
|
# Ubuntu Cloud Archive
|
|
#---------------------
|
|
# We've found that Libvirt on Xenial is flaky and crashes enough to be
|
|
# a regular top e-r bug. Opt into Ubuntu Cloud Archive if on Xenial to
|
|
# get newer Libvirt.
|
|
# Make it possible to switch this based on an environment variable as
|
|
# libvirt 2.5.0 doesn't handle nested virtualization quite well and this
|
|
# is required for the trove development environment.
|
|
function fixup_uca {
|
|
if [[ "${ENABLE_UBUNTU_CLOUD_ARCHIVE}" == "False" || "$DISTRO" != "xenial" ]]; then
|
|
return
|
|
fi
|
|
|
|
# This pulls in apt-add-repository
|
|
install_package "software-properties-common"
|
|
# Use UCA for newer libvirt.
|
|
if [[ -f /etc/ci/mirror_info.sh ]] ; then
|
|
# If we are on a nodepool provided host and it has told us about where
|
|
# we can find local mirrors then use that mirror.
|
|
source /etc/ci/mirror_info.sh
|
|
|
|
sudo apt-add-repository -y "deb $NODEPOOL_UCA_MIRROR xenial-updates/queens main"
|
|
else
|
|
# Otherwise use upstream UCA
|
|
sudo add-apt-repository -y cloud-archive:queens
|
|
fi
|
|
|
|
# Disable use of libvirt wheel since a cached wheel build might be
|
|
# against older libvirt binary. Particularly a problem if using
|
|
# the openstack wheel mirrors, but can hit locally too.
|
|
# TODO(clarkb) figure out how to use upstream wheel again.
|
|
iniset -sudo /etc/pip.conf "global" "no-binary" "libvirt-python"
|
|
|
|
# Force update our APT repos, since we added UCA above.
|
|
REPOS_UPDATED=False
|
|
apt_get_update
|
|
}
|
|
|
|
# Python Packages
|
|
# ---------------
|
|
|
|
# get_package_path python-package # in import notation
|
|
function get_package_path {
|
|
local package=$1
|
|
echo $(python -c "import os; import $package; print(os.path.split(os.path.realpath($package.__file__))[0])")
|
|
}
|
|
|
|
|
|
# Pre-install affected packages so we can fix the permissions
|
|
# These can go away once we are confident that pip 1.4.1+ is available everywhere
|
|
|
|
function fixup_python_packages {
|
|
# Fix prettytable 0.7.2 permissions
|
|
# Don't specify --upgrade so we use the existing package if present
|
|
pip_install 'prettytable>=0.7'
|
|
PACKAGE_DIR=$(get_package_path prettytable)
|
|
# Only fix version 0.7.2
|
|
dir=$(echo $PACKAGE_DIR/prettytable-0.7.2*)
|
|
if [[ -d $dir ]]; then
|
|
sudo chmod +r $dir/*
|
|
fi
|
|
|
|
# Fix httplib2 0.8 permissions
|
|
# Don't specify --upgrade so we use the existing package if present
|
|
pip_install httplib2
|
|
PACKAGE_DIR=$(get_package_path httplib2)
|
|
# Only fix version 0.8
|
|
dir=$(echo $PACKAGE_DIR-0.8*)
|
|
if [[ -d $dir ]]; then
|
|
sudo chmod +r $dir/*
|
|
fi
|
|
}
|
|
|
|
function fixup_fedora {
|
|
if ! is_fedora; then
|
|
return
|
|
fi
|
|
# Disable selinux to avoid configuring to allow Apache access
|
|
# to Horizon files (LP#1175444)
|
|
if selinuxenabled; then
|
|
sudo setenforce 0
|
|
fi
|
|
|
|
FORCE_FIREWALLD=$(trueorfalse False FORCE_FIREWALLD)
|
|
if [[ $FORCE_FIREWALLD == "False" ]]; then
|
|
# On Fedora 20 firewalld interacts badly with libvirt and
|
|
# slows things down significantly (this issue was fixed in
|
|
# later fedoras). There was also an additional issue with
|
|
# firewalld hanging after install of libvirt with polkit [1].
|
|
# firewalld also causes problems with neturon+ipv6 [2]
|
|
#
|
|
# Note we do the same as the RDO packages and stop & disable,
|
|
# rather than remove. This is because other packages might
|
|
# have the dependency [3][4].
|
|
#
|
|
# [1] https://bugzilla.redhat.com/show_bug.cgi?id=1099031
|
|
# [2] https://bugs.launchpad.net/neutron/+bug/1455303
|
|
# [3] https://github.com/redhat-openstack/openstack-puppet-modules/blob/master/firewall/manifests/linux/redhat.pp
|
|
# [4] https://docs.openstack.org/devstack/latest/guides/neutron.html
|
|
if is_package_installed firewalld; then
|
|
sudo systemctl disable firewalld
|
|
# The iptables service files are no longer included by default,
|
|
# at least on a baremetal Fedora 21 Server install.
|
|
install_package iptables-services
|
|
sudo systemctl enable iptables
|
|
sudo systemctl stop firewalld
|
|
sudo systemctl start iptables
|
|
fi
|
|
fi
|
|
|
|
if [[ "$os_VENDOR" == "Fedora" ]] && [[ "$os_RELEASE" -ge "22" ]]; then
|
|
# requests ships vendored version of chardet/urllib3, but on
|
|
# fedora these are symlinked back to the primary versions to
|
|
# avoid duplication of code on disk. This is fine when
|
|
# maintainers keep things in sync, but since devstack takes
|
|
# over and installs later versions via pip we can end up with
|
|
# incompatible versions.
|
|
#
|
|
# The rpm package is not removed to preserve the dependent
|
|
# packages like cloud-init; rather we remove the symlinks and
|
|
# force a re-install of requests so the vendored versions it
|
|
# wants are present.
|
|
#
|
|
# Realted issues:
|
|
# https://bugs.launchpad.net/glance/+bug/1476770
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1253823
|
|
|
|
base_path=$(get_package_path requests)/packages
|
|
if [ -L $base_path/chardet -o -L $base_path/urllib3 ]; then
|
|
sudo rm -f $base_path/{chardet,urllib3}
|
|
# install requests with the bundled urllib3 to avoid conflicts
|
|
pip_install --upgrade --force-reinstall requests
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has
|
|
# connection issues under proxy so re-install the latest version using
|
|
# pip. To avoid having pip's virtualenv overwritten by the distro's
|
|
# package (e.g. due to installing a distro package with a dependency
|
|
# on python-virtualenv), first install the distro python-virtualenv
|
|
# to satisfy any dependencies then use pip to overwrite it.
|
|
|
|
# ... but, for infra builds, the pip-and-virtualenv [1] element has
|
|
# already done this to ensure the latest pip, virtualenv and
|
|
# setuptools on the base image for all platforms. It has also added
|
|
# the packages to the yum/dnf ignore list to prevent them being
|
|
# overwritten with old versions. F26 and dnf 2.0 has changed
|
|
# behaviour that means re-installing python-virtualenv fails [2].
|
|
# Thus we do a quick check if we're in the infra environment by
|
|
# looking for the mirror config script before doing this, and just
|
|
# skip it if so.
|
|
|
|
# [1] https://git.openstack.org/cgit/openstack/diskimage-builder/tree/ \
|
|
# diskimage_builder/elements/pip-and-virtualenv/ \
|
|
# install.d/pip-and-virtualenv-source-install/04-install-pip
|
|
# [2] https://bugzilla.redhat.com/show_bug.cgi?id=1477823
|
|
|
|
function fixup_virtualenv {
|
|
if [[ ! -f /etc/ci/mirror_info.sh ]]; then
|
|
install_package python-virtualenv
|
|
pip_install -U --force-reinstall virtualenv
|
|
fi
|
|
}
|
|
|
|
# Ubuntu Xenial with py3.6
|
|
#-------------------------
|
|
# Install py3.6 on Xenial for Tempest
|
|
function fixup_tempest_on_xenial {
|
|
# All the stable branches are tested with Tempest and its plugins master
|
|
# branch. In ussuri cycle, openstack is dropping the py2.7 support which
|
|
# make Tempest & its plugin not able to run on py2.7 or sometime <py3.6
|
|
# venv for code or dependency version compatibility reason
|
|
# (Example: bug#1860033). Tempest is being installed and run on venv
|
|
# which give us flexibility to run with any interpreter irrespective of
|
|
# tested env python version. Stable branches till stable/rocky use
|
|
# ubuntu xenial which does not have py3.6 and so does need to be
|
|
# installed separately.
|
|
if [[ "$DISTRO" == "xenial" ]]; then
|
|
echo "Installing python 3.6 from ppa"
|
|
sudo add-apt-repository ppa:deadsnakes/ppa --yes
|
|
sudo apt-get update
|
|
sudo apt-get install python3.6 python3.6-dev --yes
|
|
fi
|
|
}
|
|
|
|
function fixup_all {
|
|
fixup_keystone
|
|
fixup_uca
|
|
fixup_python_packages
|
|
fixup_fedora
|
|
fixup_virtualenv
|
|
fixup_tempest_on_xenial
|
|
}
|