Merge "Add LVM NVMe support"
diff --git a/.zuul.yaml b/.zuul.yaml
index c29cb31..1923444 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -1,11 +1,3 @@
-- pragma:
- # NOTE(gtema): this is required for the changes in SDK feature/r1 branch to
- # be using devstack
- # TODO(gtema): delete this once r1 branch is merged into master
- implied-branches:
- - master
- - feature/r1
-
- nodeset:
name: openstack-single-node
nodes:
@@ -90,7 +82,7 @@
name: devstack-single-node-fedora-latest
nodes:
- name: controller
- label: fedora-35
+ label: fedora-36
groups:
- name: tempest
nodes:
@@ -107,6 +99,16 @@
- controller
- nodeset:
+ name: devstack-single-node-rockylinux-9
+ nodes:
+ - name: controller
+ label: rockylinux-9
+ groups:
+ - name: tempest
+ nodes:
+ - controller
+
+- nodeset:
name: openstack-two-node
nodes:
- name: controller
@@ -343,7 +345,6 @@
required-projects:
- opendev.org/openstack/devstack
roles:
- - zuul: opendev.org/openstack/devstack-gate
- zuul: opendev.org/openstack/openstack-zuul-jobs
vars:
devstack_localrc:
@@ -673,6 +674,17 @@
description: Debian Bullseye platform test
nodeset: devstack-single-node-debian-bullseye
timeout: 9000
+ # TODO(danms) n-v until the known issue is resolved
+ voting: false
+ vars:
+ configure_swap_size: 4096
+
+- job:
+ name: devstack-platform-rocky-blue-onyx
+ parent: tempest-full-py3
+ description: Rocky Linux 9 Blue Onyx platform test
+ nodeset: devstack-single-node-rockylinux-9
+ timeout: 9000
vars:
configure_swap_size: 4096
@@ -684,9 +696,6 @@
timeout: 9000
vars:
configure_swap_size: 4096
- devstack_services:
- # Horizon doesn't like py310
- horizon: false
- job:
name: devstack-platform-ubuntu-jammy-ovn-source
@@ -714,8 +723,6 @@
Q_ML2_PLUGIN_MECHANISM_DRIVERS: openvswitch
Q_ML2_TENANT_NETWORK_TYPE: vxlan
devstack_services:
- # Horizon doesn't like py310
- horizon: false
# Disable OVN services
ovn-northd: false
ovn-controller: false
@@ -760,10 +767,6 @@
voting: false
vars:
configure_swap_size: 4096
- # Python 3.10 dependency issues; see
- # https://bugs.launchpad.net/horizon/+bug/1960204
- devstack_services:
- horizon: false
- job:
name: devstack-platform-fedora-latest-virt-preview
@@ -852,6 +855,7 @@
- devstack-platform-fedora-latest
- devstack-platform-centos-9-stream
- devstack-platform-debian-bullseye
+ - devstack-platform-rocky-blue-onyx
- devstack-platform-ubuntu-jammy
- devstack-platform-ubuntu-jammy-ovn-source
- devstack-platform-ubuntu-jammy-ovs
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 0d8773f..776ef1d 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -181,6 +181,9 @@
If the ``*_PASSWORD`` variables are not set here you will be prompted to
enter values for them by ``stack.sh``.
+.. warning:: Only use alphanumeric characters in your passwords, as some
+ services fail to work when using special characters.
+
The network ranges must not overlap with any networks in use on the
host. Overlap is not uncommon as RFC-1918 'private' ranges are commonly
used for both the local networking and Nova's fixed and floating ranges.
@@ -636,7 +639,7 @@
::
$ cd /opt/stack/tempest
- $ tox -efull tempest.scenario.test_network_basic_ops
+ $ tox -e smoke
By default tempest is downloaded and the config file is generated, but the
tempest package is not installed in the system's global site-packages (the
diff --git a/doc/source/contributor/contributing.rst b/doc/source/contributor/contributing.rst
index 4de238f..8b5a85b 100644
--- a/doc/source/contributor/contributing.rst
+++ b/doc/source/contributor/contributing.rst
@@ -42,8 +42,9 @@
~~~~~~~~~~~~~~~~~~~~~~~~~
All changes proposed to the Devstack require two ``Code-Review +2`` votes from
Devstack core reviewers before one of the core reviewers can approve the patch
-by giving ``Workflow +1`` vote. One exception is for patches to unblock the gate
-which can be approved by single core reviewers.
+by giving ``Workflow +1`` vote. There are 2 exceptions, approving patches to
+unblock the gate and patches that do not relate to the Devstack's core logic,
+like for example old job cleanups, can be approved by single core reviewers.
Project Team Lead Duties
~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/doc/source/guides.rst b/doc/source/guides.rst
index e7ec629..e7b46b6 100644
--- a/doc/source/guides.rst
+++ b/doc/source/guides.rst
@@ -20,7 +20,7 @@
guides/neutron
guides/devstack-with-nested-kvm
guides/nova
- guides/devstack-with-lbaas-v2
+ guides/devstack-with-octavia
guides/devstack-with-ldap
All-In-One Single VM
@@ -69,10 +69,10 @@
Guide to working with nova features :doc:`Nova and devstack <guides/nova>`.
-Configure Load-Balancer Version 2
------------------------------------
+Configure Octavia
+-----------------
-Guide on :doc:`Configure Load-Balancer Version 2 <guides/devstack-with-lbaas-v2>`.
+Guide on :doc:`Configure Octavia <guides/devstack-with-octavia>`.
Deploying DevStack with LDAP
----------------------------
diff --git a/doc/source/guides/devstack-with-lbaas-v2.rst b/doc/source/guides/devstack-with-lbaas-v2.rst
deleted file mode 100644
index 5d96ca7..0000000
--- a/doc/source/guides/devstack-with-lbaas-v2.rst
+++ /dev/null
@@ -1,145 +0,0 @@
-Devstack with Octavia Load Balancing
-====================================
-
-Starting with the OpenStack Pike release, Octavia is now a standalone service
-providing load balancing services for OpenStack.
-
-This guide will show you how to create a devstack with `Octavia API`_ enabled.
-
-.. _Octavia API: https://docs.openstack.org/api-ref/load-balancer/v2/index.html
-
-Phase 1: Create DevStack + 2 nova instances
---------------------------------------------
-
-First, set up a vm of your choice with at least 8 GB RAM and 16 GB disk space,
-make sure it is updated. Install git and any other developer tools you find
-useful.
-
-Install devstack
-
-::
-
- git clone https://opendev.org/openstack/devstack
- cd devstack/tools
- sudo ./create-stack-user.sh
- cd ../..
- sudo mv devstack /opt/stack
- sudo chown -R stack.stack /opt/stack/devstack
-
-This will clone the current devstack code locally, then setup the "stack"
-account that devstack services will run under. Finally, it will move devstack
-into its default location in /opt/stack/devstack.
-
-Edit your ``/opt/stack/devstack/local.conf`` to look like
-
-::
-
- [[local|localrc]]
- enable_plugin octavia https://opendev.org/openstack/octavia
- # If you are enabling horizon, include the octavia dashboard
- # enable_plugin octavia-dashboard https://opendev.org/openstack/octavia-dashboard.git
- # If you are enabling barbican for TLS offload in Octavia, include it here.
- # enable_plugin barbican https://opendev.org/openstack/barbican
-
- # ===== BEGIN localrc =====
- DATABASE_PASSWORD=password
- ADMIN_PASSWORD=password
- SERVICE_PASSWORD=password
- SERVICE_TOKEN=password
- RABBIT_PASSWORD=password
- # Enable Logging
- LOGFILE=$DEST/logs/stack.sh.log
- VERBOSE=True
- LOG_COLOR=True
- # Pre-requisite
- ENABLED_SERVICES=rabbit,mysql,key
- # Horizon - enable for the OpenStack web GUI
- # ENABLED_SERVICES+=,horizon
- # Nova
- ENABLED_SERVICES+=,n-api,n-crt,n-cpu,n-cond,n-sch,n-api-meta,n-sproxy
- ENABLED_SERVICES+=,placement-api,placement-client
- # Glance
- ENABLED_SERVICES+=,g-api
- # Neutron
- ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta,neutron
- ENABLED_SERVICES+=,octavia,o-cw,o-hk,o-hm,o-api
- # Cinder
- ENABLED_SERVICES+=,c-api,c-vol,c-sch
- # Tempest
- ENABLED_SERVICES+=,tempest
- # Barbican - Optionally used for TLS offload in Octavia
- # ENABLED_SERVICES+=,barbican
- # ===== END localrc =====
-
-Run stack.sh and do some sanity checks
-
-::
-
- sudo su - stack
- cd /opt/stack/devstack
- ./stack.sh
- . ./openrc
-
- openstack network list # should show public and private networks
-
-Create two nova instances that we can use as test http servers:
-
-::
-
- #create nova instances on private network
- openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node1
- openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node2
- openstack server list # should show the nova instances just created
-
- #add secgroup rules to allow ssh etc..
- openstack security group rule create default --protocol icmp
- openstack security group rule create default --protocol tcp --dst-port 22:22
- openstack security group rule create default --protocol tcp --dst-port 80:80
-
-Set up a simple web server on each of these instances. ssh into each instance (username 'cirros', password 'cubswin:)' or 'gocubsgo') and run
-
-::
-
- MYIP=$(ifconfig eth0|grep 'inet addr'|awk -F: '{print $2}'| awk '{print $1}')
- while true; do echo -e "HTTP/1.0 200 OK\r\n\r\nWelcome to $MYIP" | sudo nc -l -p 80 ; done&
-
-Phase 2: Create your load balancer
-----------------------------------
-
-Make sure you have the 'openstack loadbalancer' commands:
-
-::
-
- pip install python-octaviaclient
-
-Create your load balancer:
-
-::
-
- openstack loadbalancer create --name lb1 --vip-subnet-id private-subnet
- openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
- openstack loadbalancer listener create --protocol HTTP --protocol-port 80 --name listener1 lb1
- openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
- openstack loadbalancer pool create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
- openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
- openstack loadbalancer healthmonitor create --delay 5 --timeout 2 --max-retries 1 --type HTTP pool1
- openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
- openstack loadbalancer member create --subnet-id private-subnet --address <web server 1 address> --protocol-port 80 pool1
- openstack loadbalancer show lb1 # Wait for the provisioning_status to be ACTIVE.
- openstack loadbalancer member create --subnet-id private-subnet --address <web server 2 address> --protocol-port 80 pool1
-
-Please note: The <web server # address> fields are the IP addresses of the nova
-servers created in Phase 1.
-Also note, using the API directly you can do all of the above commands in one
-API call.
-
-Phase 3: Test your load balancer
---------------------------------
-
-::
-
- openstack loadbalancer show lb1 # Note the vip_address
- curl http://<vip_address>
- curl http://<vip_address>
-
-This should show the "Welcome to <IP>" message from each member server.
diff --git a/doc/source/guides/devstack-with-nested-kvm.rst b/doc/source/guides/devstack-with-nested-kvm.rst
index 3732f06..ba483e9 100644
--- a/doc/source/guides/devstack-with-nested-kvm.rst
+++ b/doc/source/guides/devstack-with-nested-kvm.rst
@@ -1,3 +1,5 @@
+.. _kvm_nested_virt:
+
=======================================================
Configure DevStack with KVM-based Nested Virtualization
=======================================================
diff --git a/doc/source/guides/devstack-with-octavia.rst b/doc/source/guides/devstack-with-octavia.rst
new file mode 100644
index 0000000..55939f0
--- /dev/null
+++ b/doc/source/guides/devstack-with-octavia.rst
@@ -0,0 +1,144 @@
+Devstack with Octavia Load Balancing
+====================================
+
+Starting with the OpenStack Pike release, Octavia is now a standalone service
+providing load balancing services for OpenStack.
+
+This guide will show you how to create a devstack with `Octavia API`_ enabled.
+
+.. _Octavia API: https://docs.openstack.org/api-ref/load-balancer/v2/index.html
+
+Phase 1: Create DevStack + 2 nova instances
+--------------------------------------------
+
+First, set up a VM of your choice with at least 8 GB RAM and 16 GB disk space,
+make sure it is updated. Install git and any other developer tools you find
+useful.
+
+Install devstack::
+
+ git clone https://opendev.org/openstack/devstack
+ cd devstack/tools
+ sudo ./create-stack-user.sh
+ cd ../..
+ sudo mv devstack /opt/stack
+ sudo chown -R stack.stack /opt/stack/devstack
+
+This will clone the current devstack code locally, then setup the "stack"
+account that devstack services will run under. Finally, it will move devstack
+into its default location in /opt/stack/devstack.
+
+Edit your ``/opt/stack/devstack/local.conf`` to look like::
+
+ [[local|localrc]]
+ # ===== BEGIN localrc =====
+ DATABASE_PASSWORD=password
+ ADMIN_PASSWORD=password
+ SERVICE_PASSWORD=password
+ SERVICE_TOKEN=password
+ RABBIT_PASSWORD=password
+ GIT_BASE=https://opendev.org
+ # Optional settings:
+ # OCTAVIA_AMP_BASE_OS=centos
+ # OCTAVIA_AMP_DISTRIBUTION_RELEASE_ID=9-stream
+ # OCTAVIA_AMP_IMAGE_SIZE=3
+ # OCTAVIA_LB_TOPOLOGY=ACTIVE_STANDBY
+ # OCTAVIA_ENABLE_AMPHORAV2_JOBBOARD=True
+ # LIBS_FROM_GIT+=octavia-lib,
+ # Enable Logging
+ LOGFILE=$DEST/logs/stack.sh.log
+ VERBOSE=True
+ LOG_COLOR=True
+ enable_service rabbit
+ enable_plugin neutron $GIT_BASE/openstack/neutron
+ # Octavia supports using QoS policies on the VIP port:
+ enable_service q-qos
+ enable_service placement-api placement-client
+ # Octavia services
+ enable_plugin octavia $GIT_BASE/openstack/octavia master
+ enable_plugin octavia-dashboard $GIT_BASE/openstack/octavia-dashboard
+ enable_plugin ovn-octavia-provider $GIT_BASE/openstack/ovn-octavia-provider
+ enable_plugin octavia-tempest-plugin $GIT_BASE/openstack/octavia-tempest-plugin
+ enable_service octavia o-api o-cw o-hm o-hk o-da
+ # If you are enabling barbican for TLS offload in Octavia, include it here.
+ # enable_plugin barbican $GIT_BASE/openstack/barbican
+ # enable_service barbican
+ # Cinder (optional)
+ disable_service c-api c-vol c-sch
+ # Tempest
+ enable_service tempest
+ # ===== END localrc =====
+
+.. note::
+ For best performance it is highly recommended to use KVM
+ virtualization instead of QEMU.
+ Also make sure nested virtualization is enabled as documented in
+ :ref:`the respective guide <kvm_nested_virt>`.
+ By adding ``LIBVIRT_CPU_MODE="host-passthrough"`` to your
+ ``local.conf`` you enable the guest VMs to make use of all features your
+ host's CPU provides.
+
+Run stack.sh and do some sanity checks::
+
+ sudo su - stack
+ cd /opt/stack/devstack
+ ./stack.sh
+ . ./openrc
+
+ openstack network list # should show public and private networks
+
+Create two nova instances that we can use as test http servers::
+
+ # create nova instances on private network
+ openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node1
+ openstack server create --image $(openstack image list | awk '/ cirros-.*-x86_64-.* / {print $2}') --flavor 1 --nic net-id=$(openstack network list | awk '/ private / {print $2}') node2
+ openstack server list # should show the nova instances just created
+
+ # add secgroup rules to allow ssh etc..
+ openstack security group rule create default --protocol icmp
+ openstack security group rule create default --protocol tcp --dst-port 22:22
+ openstack security group rule create default --protocol tcp --dst-port 80:80
+
+Set up a simple web server on each of these instances. One possibility is to use
+the `Golang test server`_ that is used by the Octavia project for CI testing
+as well.
+Copy the binary to your instances and start it as shown below
+(username 'cirros', password 'gocubsgo')::
+
+ INST_IP=<instance IP>
+ scp -O test_server.bin cirros@${INST_IP}:
+ ssh -f cirros@${INST_IP} ./test_server.bin -id ${INST_IP}
+
+When started this way the test server will respond to HTTP requests with
+its own IP.
+
+Phase 2: Create your load balancer
+----------------------------------
+
+Create your load balancer::
+
+ openstack loadbalancer create --wait --name lb1 --vip-subnet-id private-subnet
+ openstack loadbalancer listener create --wait --protocol HTTP --protocol-port 80 --name listener1 lb1
+ openstack loadbalancer pool create --wait --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
+ openstack loadbalancer healthmonitor create --wait --delay 5 --timeout 2 --max-retries 1 --type HTTP pool1
+ openstack loadbalancer member create --wait --subnet-id private-subnet --address <web server 1 address> --protocol-port 80 pool1
+ openstack loadbalancer member create --wait --subnet-id private-subnet --address <web server 2 address> --protocol-port 80 pool1
+
+Please note: The <web server # address> fields are the IP addresses of the nova
+servers created in Phase 1.
+Also note, using the API directly you can do all of the above commands in one
+API call.
+
+Phase 3: Test your load balancer
+--------------------------------
+
+::
+
+ openstack loadbalancer show lb1 # Note the vip_address
+ curl http://<vip_address>
+ curl http://<vip_address>
+
+This should show the "Welcome to <IP>" message from each member server.
+
+
+.. _Golang test server: https://opendev.org/openstack/octavia-tempest-plugin/src/branch/master/octavia_tempest_plugin/contrib/test_server
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 79a76de..658422b 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -89,7 +89,7 @@
::
- echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+ echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
From here on use the ``stack`` user. **Logout** and **login** as the
``stack`` user.
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 03d9374..a4385b5 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -63,7 +63,7 @@
.. code-block:: console
$ apt-get install sudo -y || yum install -y sudo
- $ echo "stack ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+ $ echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
.. note:: On some systems you may need to use ``sudo visudo``.
@@ -106,6 +106,9 @@
- Set the service password. This is used by the OpenStack services
(Nova, Glance, etc) to authenticate with Keystone.
+.. warning:: Only use alphanumeric characters in your passwords, as some
+ services fail to work when using special characters.
+
``local.conf`` should look something like this:
.. code-block:: ini
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 0434d68..ba53c6d 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -38,7 +38,7 @@
Start with a clean and minimal install of a Linux system. DevStack
attempts to support the two latest LTS releases of Ubuntu, the
-latest/current Fedora version, CentOS/RHEL 8 and OpenSUSE.
+latest/current Fedora version, CentOS/RHEL/Rocky Linux 9 and OpenSUSE.
If you do not have a preference, Ubuntu 20.04 (Focal Fossa) is the
most tested, and will probably go the smoothest.
@@ -101,7 +101,10 @@
This is the minimum required config to get started with DevStack.
.. note:: There is a sample :download:`local.conf </assets/local.conf>` file
- under the *samples* directory in the devstack repository.
+ under the *samples* directory in the devstack repository.
+
+.. warning:: Only use alphanumeric characters in your passwords, as some
+ services fail to work when using special characters.
Start the install
-----------------
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 7d70d74..62dd15b 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -238,7 +238,7 @@
locations in the top-level of the plugin repository:
- ``./devstack/files/debs/$plugin_name`` - Packages to install when running
- on Ubuntu, Debian or Linux Mint.
+ on Ubuntu or Debian.
- ``./devstack/files/rpms/$plugin_name`` - Packages to install when running
on Red Hat, Fedora, or CentOS.
diff --git a/files/debs/nova b/files/debs/nova
index 0194f00..5c00ad7 100644
--- a/files/debs/nova
+++ b/files/debs/nova
@@ -1,7 +1,5 @@
conntrack
curl
-dnsmasq-base
-dnsmasq-utils # for dhcp_release
ebtables
genisoimage # required for config_drive
iptables
diff --git a/files/rpms-suse/nova b/files/rpms-suse/nova
index 1cc2f62..082b9ac 100644
--- a/files/rpms-suse/nova
+++ b/files/rpms-suse/nova
@@ -1,8 +1,6 @@
cdrkit-cdrtools-compat # dist:sle12
conntrack-tools
curl
-dnsmasq
-dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
ebtables
iptables
iputils
diff --git a/files/rpms/nova b/files/rpms/nova
index 9522e57..f2824ee 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -1,7 +1,5 @@
conntrack-tools
curl
-dnsmasq # for q-dhcp
-dnsmasq-utils # for dhcp_release
ebtables
genisoimage # not:rhel9 required for config_drive
iptables
diff --git a/files/rpms/swift b/files/rpms/swift
index 7d906aa..49a1833 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -4,4 +4,4 @@
rsync-daemon
sqlite
xfsprogs
-xinetd # not:f35,rhel9
+xinetd # not:f36,rhel9
diff --git a/functions b/functions
index ccca5cd..7ada0fe 100644
--- a/functions
+++ b/functions
@@ -414,10 +414,10 @@
# kernel for use when uploading the root filesystem.
local kernel_id="" ramdisk_id="";
if [ -n "$kernel" ]; then
- kernel_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-kernel" $(_image_properties_to_arg $img_property) --public --container-format aki --disk-format aki < "$kernel" | grep ' id ' | get_field 2)
+ kernel_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-kernel" $(_image_properties_to_arg $img_property) --public --container-format aki --disk-format aki < "$kernel" -f value -c id)
fi
if [ -n "$ramdisk" ]; then
- ramdisk_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-ramdisk" $(_image_properties_to_arg $img_property) --public --container-format ari --disk-format ari < "$ramdisk" | grep ' id ' | get_field 2)
+ ramdisk_id=$(openstack --os-cloud=devstack-admin --os-region-name="$REGION_NAME" image create "$image_name-ramdisk" $(_image_properties_to_arg $img_property) --public --container-format ari --disk-format ari < "$ramdisk" -f value -c id)
fi
_upload_image "${image_name%.img}" ami ami "$image" ${kernel_id:+ kernel_id=$kernel_id} ${ramdisk_id:+ ramdisk_id=$ramdisk_id} $img_property
fi
diff --git a/functions-common b/functions-common
index e16bb27..0aee5d1 100644
--- a/functions-common
+++ b/functions-common
@@ -418,6 +418,9 @@
os_RELEASE=${VERSION_ID}
os_CODENAME="n/a"
os_VENDOR=$(echo $NAME | tr -d '[:space:]')
+ elif [[ "${ID}${VERSION}" =~ "rocky9" ]]; then
+ os_VENDOR="Rocky"
+ os_RELEASE=${VERSION_ID}
else
_ensure_lsb_release
@@ -426,7 +429,7 @@
os_VENDOR=$(lsb_release -i -s)
fi
- if [[ $os_VENDOR =~ (Debian|Ubuntu|LinuxMint) ]]; then
+ if [[ $os_VENDOR =~ (Debian|Ubuntu) ]]; then
os_PACKAGE="deb"
else
os_PACKAGE="rpm"
@@ -444,9 +447,8 @@
function GetDistro {
GetOSVersion
- if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) || \
- "$os_VENDOR" =~ (LinuxMint) ]]; then
- # 'Everyone' refers to Ubuntu / Debian / Mint releases by
+ if [[ "$os_VENDOR" =~ (Ubuntu) || "$os_VENDOR" =~ (Debian) ]]; then
+ # 'Everyone' refers to Ubuntu / Debian releases by
# the code name adjective
DISTRO=$os_CODENAME
elif [[ "$os_VENDOR" =~ (Fedora) ]]; then
@@ -467,6 +469,7 @@
"$os_VENDOR" =~ (AlmaLinux) || \
"$os_VENDOR" =~ (Scientific) || \
"$os_VENDOR" =~ (OracleServer) || \
+ "$os_VENDOR" =~ (Rocky) || \
"$os_VENDOR" =~ (Virtuozzo) ]]; then
# Drop the . release as we assume it's compatible
# XXX re-evaluate when we get RHEL10
@@ -514,7 +517,7 @@
# Determine if current distribution is a Fedora-based distribution
-# (Fedora, RHEL, CentOS, etc).
+# (Fedora, RHEL, CentOS, Rocky, etc).
# is_fedora
function is_fedora {
if [[ -z "$os_VENDOR" ]]; then
@@ -524,6 +527,7 @@
[ "$os_VENDOR" = "Fedora" ] || [ "$os_VENDOR" = "Red Hat" ] || \
[ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \
[ "$os_VENDOR" = "RedHatEnterprise" ] || \
+ [ "$os_VENDOR" = "Rocky" ] || \
[ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "CentOSStream" ] || \
[ "$os_VENDOR" = "AlmaLinux" ] || \
[ "$os_VENDOR" = "OracleServer" ] || [ "$os_VENDOR" = "Virtuozzo" ]
@@ -646,7 +650,7 @@
# remove the existing ignored files (like pyc) as they cause breakage
# (due to the py files having older timestamps than our pyc, so python
# thinks the pyc files are correct using them)
- find $git_dest -name '*.pyc' -delete
+ sudo find $git_dest -name '*.pyc' -delete
# handle git_ref accordingly to type (tag, branch)
if [[ -n "`git show-ref refs/tags/$git_ref`" ]]; then
@@ -876,14 +880,9 @@
# Usage: get_or_create_domain <name> <description>
function get_or_create_domain {
local domain_id
- # Gets domain id
domain_id=$(
- # Gets domain id
- openstack --os-cloud devstack-system-admin domain show $1 \
- -f value -c id 2>/dev/null ||
- # Creates new domain
openstack --os-cloud devstack-system-admin domain create $1 \
- --description "$2" \
+ --description "$2" --or-show \
-f value -c id
)
echo $domain_id
@@ -972,29 +971,22 @@
# Usage: get_or_add_user_project_role <role> <user> <project> [<user_domain> <project_domain>]
function get_or_add_user_project_role {
local user_role_id
+ local domain_args
domain_args=$(_get_domain_args $4 $5)
- # Gets user role id
+ # Note this is idempotent so we are safe across multiple
+ # duplicate calls.
+ openstack --os-cloud devstack-system-admin role add $1 \
+ --user $2 \
+ --project $3 \
+ $domain_args
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--project $3 \
$domain_args \
- | grep '^|\s[a-f0-9]\+' | get_field 1)
- if [[ -z "$user_role_id" ]]; then
- # Adds role to user and get it
- openstack --os-cloud devstack-system-admin role add $1 \
- --user $2 \
- --project $3 \
- $domain_args
- user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
- --role $1 \
- --user $2 \
- --project $3 \
- $domain_args \
- | grep '^|\s[a-f0-9]\+' | get_field 1)
- fi
+ -c Role -f value)
echo $user_role_id
}
@@ -1002,23 +994,18 @@
# Usage: get_or_add_user_domain_role <role> <user> <domain>
function get_or_add_user_domain_role {
local user_role_id
- # Gets user role id
+
+ # Note this is idempotent so we are safe across multiple
+ # duplicate calls.
+ openstack --os-cloud devstack-system-admin role add $1 \
+ --user $2 \
+ --domain $3
user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--user $2 \
--domain $3 \
- | grep '^|\s[a-f0-9]\+' | get_field 1)
- if [[ -z "$user_role_id" ]]; then
- # Adds role to user and get it
- openstack --os-cloud devstack-system-admin role add $1 \
- --user $2 \
- --domain $3
- user_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
- --role $1 \
- --user $2 \
- --domain $3 \
- | grep '^|\s[a-f0-9]\+' | get_field 1)
- fi
+ -c Role -f value)
+
echo $user_role_id
}
@@ -1057,23 +1044,18 @@
# Usage: get_or_add_group_project_role <role> <group> <project>
function get_or_add_group_project_role {
local group_role_id
- # Gets group role id
+
+ # Note this is idempotent so we are safe across multiple
+ # duplicate calls.
+ openstack role add $1 \
+ --group $2 \
+ --project $3
group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
--role $1 \
--group $2 \
--project $3 \
- -f value)
- if [[ -z "$group_role_id" ]]; then
- # Adds role to group and get it
- openstack --os-cloud devstack-system-admin role add $1 \
- --group $2 \
- --project $3
- group_role_id=$(openstack --os-cloud devstack-system-admin role assignment list \
- --role $1 \
- --group $2 \
- --project $3 \
- -f value)
- fi
+ -f value -c Role)
+
echo $group_role_id
}
diff --git a/inc/ini-config b/inc/ini-config
index 7993682..f65e42d 100644
--- a/inc/ini-config
+++ b/inc/ini-config
@@ -189,6 +189,9 @@
local option=$3
local value=$4
+ # Escape the ampersand character (&)
+ value=$(echo $value | sed -e 's/&/\\&/g')
+
if [[ -z $section || -z $option ]]; then
$xtrace
return
diff --git a/lib/apache b/lib/apache
index 94f3cfc..705776c 100644
--- a/lib/apache
+++ b/lib/apache
@@ -95,7 +95,7 @@
# didn't fix Python 3.10 compatibility before release. Should be
# fixed in uwsgi 4.9.0; can remove this when packages available
# or we drop this release
- elif is_fedora && ! [[ $DISTRO =~ f35 ]]; then
+ elif is_fedora && ! [[ $DISTRO =~ f36 ]]; then
# Note httpd comes with mod_proxy_uwsgi and it is loaded by
# default; the mod_proxy_uwsgi package actually conflicts now.
# See:
diff --git a/lib/cinder b/lib/cinder
index bc704c1..bf2fe50 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -416,16 +416,24 @@
# create_cinder_accounts() - Set up common required cinder accounts
-# Tenant User Roles
+# Project User Roles
# ------------------------------------------------------------------
-# service cinder admin # if enabled
+# SERVICE_PROJECT_NAME cinder service
+# SERVICE_PROJECT_NAME cinder creator (if Barbican is enabled)
# Migrated from keystone_data.sh
function create_cinder_accounts {
# Cinder
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
- create_service_user "cinder"
+ local extra_role=""
+
+ # cinder needs the "creator" role in order to interact with barbican
+ if is_service_enabled barbican; then
+ extra_role=$(get_or_create_role "creator")
+ fi
+
+ create_service_user "cinder" $extra_role
# block-storage is the official service type
get_or_create_service "cinder" "block-storage" "Cinder Volume Service"
diff --git a/lib/neutron b/lib/neutron
index 2d77df6..b3e3d72 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -114,6 +114,12 @@
# Physical network for VLAN network usage.
NEUTRON_PHYSICAL_NETWORK=${NEUTRON_PHYSICAL_NETWORK:-}
+# The name of the service in the endpoint URL
+NEUTRON_ENDPOINT_SERVICE_NAME=${NEUTRON_ENDPOINT_SERVICE_NAME-"networking"}
+if [[ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" && -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]]; then
+ NEUTRON_ENDPOINT_SERVICE_NAME="networking"
+fi
+
# Additional neutron api config files
declare -a -g _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS
@@ -213,7 +219,6 @@
iniset $NEUTRON_CONF DEFAULT core_plugin $NEUTRON_CORE_PLUGIN
iniset $NEUTRON_CONF DEFAULT policy_file $policy_file
- iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips True
iniset $NEUTRON_CONF DEFAULT router_distributed $NEUTRON_DISTRIBUTED_ROUTING
iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY
@@ -229,6 +234,10 @@
else
mech_drivers+=",linuxbridge"
fi
+ if [[ "$mech_drivers" == *"linuxbridge"* ]]; then
+ iniset $NEUTRON_CONF experimental linuxbridge True
+ fi
+
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers $mech_drivers
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 overlay_ip_version $TUNNEL_IP_VERSION
@@ -393,10 +402,13 @@
local neutron_url
if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then
- neutron_url=$NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST/networking/
+ neutron_url=$NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST/
else
neutron_url=$NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST:$NEUTRON_SERVICE_PORT/
fi
+ if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then
+ neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME
+ fi
if [[ "$ENABLED_SERVICES" =~ "neutron-api" ]]; then
@@ -477,19 +489,22 @@
if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then
run_process neutron-api "$(which uwsgi) --procname-prefix neutron-api --ini $NEUTRON_UWSGI_CONF"
- neutron_url=$service_protocol://$NEUTRON_SERVICE_HOST/networking/
+ neutron_url=$service_protocol://$NEUTRON_SERVICE_HOST/
enable_service neutron-rpc-server
run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $opts"
else
# Start the Neutron service
# TODO(sc68cal) Stop hard coding this
run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server $opts"
- neutron_url=$service_protocol://$NEUTRON_SERVICE_HOST:$service_port
+ neutron_url=$service_protocol://$NEUTRON_SERVICE_HOST:$service_port/
# Start proxy if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy neutron '*' $NEUTRON_SERVICE_PORT $NEUTRON_SERVICE_HOST $NEUTRON_SERVICE_PORT_INT
fi
fi
+ if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then
+ neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME
+ fi
if ! wait_for_service $SERVICE_TIMEOUT $neutron_url; then
die $LINENO "neutron-api did not start"
@@ -552,7 +567,6 @@
fi
if is_service_enabled neutron-metadata-agent; then
- sudo pkill -9 -f neutron-ns-metadata-proxy || :
stop_process neutron-metadata-agent
fi
}
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 5e6af0f..baf67f2 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -145,6 +145,12 @@
# /etc/neutron is assumed by many of devstack plugins. Do not change.
_Q_PLUGIN_EXTRA_CONF_PATH=/etc/neutron
+# The name of the service in the endpoint URL
+NEUTRON_ENDPOINT_SERVICE_NAME=${NEUTRON_ENDPOINT_SERVICE_NAME-"networking"}
+if [[ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" && -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]]; then
+ NEUTRON_ENDPOINT_SERVICE_NAME="networking"
+fi
+
# List of config file names in addition to the main plugin config file
# To add additional plugin config files, use ``neutron_server_config_add``
# utility function. For example:
@@ -431,10 +437,13 @@
function create_mutnauq_accounts {
local neutron_url
if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then
- neutron_url=$Q_PROTOCOL://$SERVICE_HOST/networking/
+ neutron_url=$Q_PROTOCOL://$SERVICE_HOST/
else
neutron_url=$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/
fi
+ if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then
+ neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME
+ fi
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
@@ -538,17 +547,20 @@
if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then
enable_service neutron-api
run_process neutron-api "$(which uwsgi) --procname-prefix neutron-api --ini $NEUTRON_UWSGI_CONF"
- neutron_url=$Q_PROTOCOL://$Q_HOST/networking/
+ neutron_url=$Q_PROTOCOL://$Q_HOST/
enable_service neutron-rpc-server
run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $cfg_file_options"
else
run_process q-svc "$NEUTRON_BIN_DIR/neutron-server $cfg_file_options"
- neutron_url=$service_protocol://$Q_HOST:$service_port
+ neutron_url=$service_protocol://$Q_HOST:$service_port/
# Start proxy if enabled
if is_service_enabled tls-proxy; then
start_tls_proxy neutron '*' $Q_PORT $Q_HOST $Q_PORT_INT
fi
fi
+ if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then
+ neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME
+ fi
echo "Waiting for Neutron to start..."
local testcmd="wget ${ssl_ca} --no-proxy -q -O- $neutron_url"
@@ -616,7 +628,6 @@
fi
if is_service_enabled q-meta; then
- sudo pkill -9 -f neutron-ns-metadata-proxy || :
stop_process q-meta
fi
@@ -905,18 +916,30 @@
neutron_plugin_configure_plugin_agent
}
+function _replace_api_paste_composite {
+ local sep
+ sep=$(echo -ne "\x01")
+ # Replace it
+ $sudo sed -i -e "s/\/\: neutronversions_composite/\/"${NEUTRON_ENDPOINT_SERVICE_NAME}"\/\: neutronversions_composite/" "$Q_API_PASTE_FILE"
+ $sudo sed -i -e "s/\/healthcheck\: healthcheck/\/"${NEUTRON_ENDPOINT_SERVICE_NAME}"\/healthcheck\: healthcheck/" "$Q_API_PASTE_FILE"
+ $sudo sed -i -e "s/\/v2.0\: neutronapi_v2_0/\/"${NEUTRON_ENDPOINT_SERVICE_NAME}"\/v2.0\: neutronapi_v2_0/" "$Q_API_PASTE_FILE"
+}
+
# _configure_neutron_service() - Set config files for neutron service
# It is called when q-svc is enabled.
function _configure_neutron_service {
Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini
cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE
+ if [[ -n "$NEUTRON_ENDPOINT_SERVICE_NAME" ]]; then
+ _replace_api_paste_composite
+ fi
+
# Update either configuration file with plugin
iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $NEUTRON_CONF oslo_policy policy_file $Q_POLICY_FILE
- iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
configure_keystone_authtoken_middleware $NEUTRON_CONF $Q_ADMIN_USERNAME
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index 7343606..fa61f1e 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -125,6 +125,9 @@
fi
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 mechanism_drivers=$Q_ML2_PLUGIN_MECHANISM_DRIVERS
+ if [[ "$Q_ML2_PLUGIN_MECHANISM_DRIVERS" == *"linuxbridge"* ]]; then
+ iniset $NEUTRON_CONF experimental linuxbridge True
+ fi
populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 overlay_ip_version=$TUNNEL_IP_VERSION
if [[ -n "$Q_ML2_PLUGIN_TYPE_DRIVERS" ]]; then
diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent
index 341b84d..e64224c 100644
--- a/lib/neutron_plugins/ovn_agent
+++ b/lib/neutron_plugins/ovn_agent
@@ -244,11 +244,12 @@
local cmd="$2"
local stop_cmd="$3"
local group=$4
- local user=${5:-$STACK_USER}
+ local user=$5
+ local rundir=${6:-$OVS_RUNDIR}
local systemd_service="devstack@$service.service"
local unit_file="$SYSTEMD_DIR/$systemd_service"
- local environment="OVN_RUNDIR=$OVS_RUNDIR OVN_DBDIR=$OVN_DATADIR OVN_LOGDIR=$LOGDIR OVS_RUNDIR=$OVS_RUNDIR OVS_DBDIR=$OVS_DATADIR OVS_LOGDIR=$LOGDIR"
+ local environment="OVN_RUNDIR=$OVN_RUNDIR OVN_DBDIR=$OVN_DATADIR OVN_LOGDIR=$LOGDIR OVS_RUNDIR=$OVS_RUNDIR OVS_DBDIR=$OVS_DATADIR OVS_LOGDIR=$LOGDIR"
echo "Starting $service executed command": $cmd
@@ -264,14 +265,14 @@
_start_process $systemd_service
- local testcmd="test -e $OVS_RUNDIR/$service.pid"
+ local testcmd="test -e $rundir/$service.pid"
test_with_retry "$testcmd" "$service did not start" $SERVICE_TIMEOUT 1
local service_ctl_file
- service_ctl_file=$(ls $OVS_RUNDIR | grep $service | grep ctl)
+ service_ctl_file=$(ls $rundir | grep $service | grep ctl)
if [ -z "$service_ctl_file" ]; then
die $LINENO "ctl file for service $service is not present."
fi
- sudo ovs-appctl -t $OVS_RUNDIR/$service_ctl_file vlog/set console:off syslog:info file:info
+ sudo ovs-appctl -t $rundir/$service_ctl_file vlog/set console:off syslog:info file:info
}
function clone_repository {
@@ -370,10 +371,6 @@
sudo mkdir -p $OVS_RUNDIR
sudo chown $(whoami) $OVS_RUNDIR
- # NOTE(lucasagomes): To keep things simpler, let's reuse the same
- # RUNDIR for both OVS and OVN. This way we avoid having to specify the
- # --db option in the ovn-{n,s}bctl commands while playing with DevStack
- sudo ln -s $OVS_RUNDIR $OVN_RUNDIR
if [[ "$OVN_BUILD_FROM_SOURCE" == "True" ]]; then
# If OVS is already installed, remove it, because we're about to
@@ -616,12 +613,12 @@
dbcmd+=" --remote=db:hardware_vtep,Global,managers $OVS_DATADIR/vtep.db"
fi
dbcmd+=" $OVS_DATADIR/conf.db"
- _run_process ovsdb-server "$dbcmd"
+ _run_process ovsdb-server "$dbcmd" "" "$STACK_GROUP" "root" "$OVS_RUNDIR"
# Note: ovn-controller will create and configure br-int once it is started.
# So, no need to create it now because nothing depends on that bridge here.
local ovscmd="$OVS_SBINDIR/ovs-vswitchd --log-file --pidfile --detach"
- _run_process ovs-vswitchd "$ovscmd" "" "$STACK_GROUP" "root"
+ _run_process ovs-vswitchd "$ovscmd" "" "$STACK_GROUP" "root" "$OVS_RUNDIR"
else
_start_process "$OVSDB_SERVER_SERVICE"
_start_process "$OVS_VSWITCHD_SERVICE"
@@ -660,7 +657,7 @@
enable_service ovs-vtep
local vtepcmd="$OVS_SCRIPTDIR/ovs-vtep --log-file --pidfile --detach br-v"
- _run_process ovs-vtep "$vtepcmd" "" "$STACK_GROUP" "root"
+ _run_process ovs-vtep "$vtepcmd" "" "$STACK_GROUP" "root" "$OVS_RUNDIR"
vtep-ctl set-manager tcp:$HOST_IP:6640
fi
@@ -704,26 +701,26 @@
local cmd="/bin/bash $SCRIPTDIR/ovn-ctl --no-monitor start_northd"
local stop_cmd="/bin/bash $SCRIPTDIR/ovn-ctl stop_northd"
- _run_process ovn-northd "$cmd" "$stop_cmd"
+ _run_process ovn-northd "$cmd" "$stop_cmd" "$STACK_GROUP" "root" "$OVN_RUNDIR"
else
_start_process "$OVN_NORTHD_SERVICE"
fi
# Wait for the service to be ready
# Check for socket and db files for both OVN NB and SB
- wait_for_sock_file $OVS_RUNDIR/ovnnb_db.sock
- wait_for_sock_file $OVS_RUNDIR/ovnsb_db.sock
+ wait_for_sock_file $OVN_RUNDIR/ovnnb_db.sock
+ wait_for_sock_file $OVN_RUNDIR/ovnsb_db.sock
wait_for_db_file $OVN_DATADIR/ovnnb_db.db
wait_for_db_file $OVN_DATADIR/ovnsb_db.db
if is_service_enabled tls-proxy; then
- sudo ovn-nbctl --db=unix:$OVS_RUNDIR/ovnnb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem
- sudo ovn-sbctl --db=unix:$OVS_RUNDIR/ovnsb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem
+ sudo ovn-nbctl --db=unix:$OVN_RUNDIR/ovnnb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem
+ sudo ovn-sbctl --db=unix:$OVN_RUNDIR/ovnsb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem
fi
- sudo ovn-nbctl --db=unix:$OVS_RUNDIR/ovnnb_db.sock set-connection p${OVN_PROTO}:6641:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
- sudo ovn-sbctl --db=unix:$OVS_RUNDIR/ovnsb_db.sock set-connection p${OVN_PROTO}:6642:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
- sudo ovs-appctl -t $OVS_RUNDIR/ovnnb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
- sudo ovs-appctl -t $OVS_RUNDIR/ovnsb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
+ sudo ovn-nbctl --db=unix:$OVN_RUNDIR/ovnnb_db.sock set-connection p${OVN_PROTO}:6641:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
+ sudo ovn-sbctl --db=unix:$OVN_RUNDIR/ovnsb_db.sock set-connection p${OVN_PROTO}:6642:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000
+ sudo ovs-appctl -t $OVN_RUNDIR/ovnnb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
+ sudo ovs-appctl -t $OVN_RUNDIR/ovnsb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL
fi
if is_service_enabled ovn-controller ; then
@@ -731,7 +728,7 @@
local cmd="/bin/bash $SCRIPTDIR/ovn-ctl --no-monitor start_controller"
local stop_cmd="/bin/bash $SCRIPTDIR/ovn-ctl stop_controller"
- _run_process ovn-controller "$cmd" "$stop_cmd" "$STACK_GROUP" "root"
+ _run_process ovn-controller "$cmd" "$stop_cmd" "$STACK_GROUP" "root" "$OVN_RUNDIR"
else
_start_process "$OVN_CONTROLLER_SERVICE"
fi
@@ -740,7 +737,7 @@
if is_service_enabled ovn-controller-vtep ; then
if [[ "$OVN_BUILD_FROM_SOURCE" == "True" ]]; then
local cmd="$OVS_BINDIR/ovn-controller-vtep --log-file --pidfile --detach --ovnsb-db=$OVN_SB_REMOTE"
- _run_process ovn-controller-vtep "$cmd" "" "$STACK_GROUP" "root"
+ _run_process ovn-controller-vtep "$cmd" "" "$STACK_GROUP" "root" "$OVN_RUNDIR"
else
_start_process "$OVN_CONTROLLER_VTEP_SERVICE"
fi
diff --git a/lib/neutron_plugins/ovs_source b/lib/neutron_plugins/ovs_source
index 9ae5555..ea71e60 100644
--- a/lib/neutron_plugins/ovs_source
+++ b/lib/neutron_plugins/ovs_source
@@ -33,9 +33,9 @@
local fatal=$2
if [ "$(trueorfalse True fatal)" == "True" ]; then
- sudo modprobe $module || (dmesg && die $LINENO "FAILED TO LOAD $module")
+ sudo modprobe $module || (sudo dmesg && die $LINENO "FAILED TO LOAD $module")
else
- sudo modprobe $module || (echo "FAILED TO LOAD $module" && dmesg)
+ sudo modprobe $module || (echo "FAILED TO LOAD $module" && sudo dmesg)
fi
}
@@ -87,9 +87,15 @@
install_package kernel-devel-$KERNEL_VERSION
install_package kernel-headers-$KERNEL_VERSION
+ if is_service_enabled tls-proxy; then
+ install_package openssl-devel
+ fi
elif is_ubuntu ; then
install_package linux-headers-$KERNEL_VERSION
+ if is_service_enabled tls-proxy; then
+ install_package libssl-dev
+ fi
fi
}
@@ -97,7 +103,7 @@
function load_ovs_kernel_modules {
load_module openvswitch
load_module vport-geneve False
- dmesg | tail
+ sudo dmesg | tail
}
# reload_ovs_kernel_modules() - reload openvswitch kernel module
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index fbd4692..3dffc33 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -166,14 +166,14 @@
if is_provider_network; then
die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specify the PROVIDER_NETWORK_TYPE"
- NET_ID=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" network create $PHYSICAL_NETWORK --provider-network-type $PROVIDER_NETWORK_TYPE --provider-physical-network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider-segment $SEGMENTATION_ID} --share | grep ' id ' | get_field 2)
+ NET_ID=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" network create $PHYSICAL_NETWORK --provider-network-type $PROVIDER_NETWORK_TYPE --provider-physical-network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider-segment $SEGMENTATION_ID} --share -f value -c id)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK"
if [[ "$IP_VERSION" =~ 4.* ]]; then
if [ -z $SUBNETPOOL_V4_ID ]; then
fixed_range_v4=$FIXED_RANGE
fi
- SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} --network $NET_ID ${fixed_range_v4:+--subnet-range $fixed_range_v4} | grep ' id ' | get_field 2)
+ SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 4 ${ALLOCATION_POOL:+--allocation-pool $ALLOCATION_POOL} $PROVIDER_SUBNET_NAME --gateway $NETWORK_GATEWAY ${SUBNETPOOL_V4_ID:+--subnet-pool $SUBNETPOOL_V4_ID} --network $NET_ID ${fixed_range_v4:+--subnet-range $fixed_range_v4} -f value -c id)
die_if_not_set $LINENO SUBNET_ID "Failure creating SUBNET_ID for $PROVIDER_SUBNET_NAME"
fi
@@ -183,7 +183,7 @@
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$IPV6_PROVIDER_FIXED_RANGE
fi
- IPV6_SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 6 --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID ${fixed_range_v6:+--subnet-range $fixed_range_v6} | grep ' id ' | get_field 2)
+ IPV6_SUBNET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" subnet create --ip-version 6 --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID ${fixed_range_v6:+--subnet-range $fixed_range_v6} -f value -c id)
die_if_not_set $LINENO IPV6_SUBNET_ID "Failure creating IPV6_SUBNET_ID for $IPV6_PROVIDER_SUBNET_NAME"
fi
@@ -193,7 +193,7 @@
sudo ip link set $PUBLIC_INTERFACE up
fi
else
- NET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" network create "$PRIVATE_NETWORK_NAME" | grep ' id ' | get_field 2)
+ NET_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" network create "$PRIVATE_NETWORK_NAME" -f value -c id)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PRIVATE_NETWORK_NAME"
if [[ "$IP_VERSION" =~ 4.* ]]; then
@@ -211,11 +211,11 @@
# Create a router, and add the private subnet as one of its interfaces
if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then
# create a tenant-owned router.
- ROUTER_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" router create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
+ ROUTER_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" router create $Q_ROUTER_NAME -f value -c id)
die_if_not_set $LINENO ROUTER_ID "Failure creating router $Q_ROUTER_NAME"
else
# Plugin only supports creating a single router, which should be admin owned.
- ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create $Q_ROUTER_NAME | grep ' id ' | get_field 2)
+ ROUTER_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router create $Q_ROUTER_NAME -f value -c id)
die_if_not_set $LINENO ROUTER_ID "Failure creating router $Q_ROUTER_NAME"
fi
@@ -225,9 +225,9 @@
fi
# Create an external network, and a subnet. Configure the external network as router gw
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
- EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type ${PUBLIC_PROVIDERNET_TYPE:-flat} ${PUBLIC_PROVIDERNET_SEGMENTATION_ID:+--provider-segment $PUBLIC_PROVIDERNET_SEGMENTATION_ID} --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
+ EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type ${PUBLIC_PROVIDERNET_TYPE:-flat} ${PUBLIC_PROVIDERNET_SEGMENTATION_ID:+--provider-segment $PUBLIC_PROVIDERNET_SEGMENTATION_ID} --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} -f value -c id)
else
- EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2)
+ EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS -f value -c id)
fi
die_if_not_set $LINENO EXT_NET_ID "Failure creating EXT_NET_ID for $PUBLIC_NETWORK_NAME"
@@ -257,7 +257,7 @@
subnet_params+="${fixed_range_v4:+--subnet-range $fixed_range_v4} "
subnet_params+="--network $NET_ID $PRIVATE_SUBNET_NAME"
local subnet_id
- subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2)
+ subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params -f value -c id)
die_if_not_set $LINENO subnet_id "Failure creating private IPv4 subnet"
echo $subnet_id
}
@@ -278,7 +278,7 @@
subnet_params+="${fixed_range_v6:+--subnet-range $fixed_range_v6} "
subnet_params+="$ipv6_modes --network $NET_ID $IPV6_PRIVATE_SUBNET_NAME "
local ipv6_subnet_id
- ipv6_subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params | grep ' id ' | get_field 2)
+ ipv6_subnet_id=$(openstack --os-cloud devstack-admin-demo --os-region "$REGION_NAME" subnet create $subnet_params -f value -c id)
die_if_not_set $LINENO ipv6_subnet_id "Failure creating private IPv6 subnet"
echo $ipv6_subnet_id
}
diff --git a/lib/nova b/lib/nova
index 7902c5f..8e8ea8a 100644
--- a/lib/nova
+++ b/lib/nova
@@ -113,20 +113,6 @@
QEMU_CONF=/etc/libvirt/qemu.conf
-# Set default defaults here as some hypervisor drivers override these
-PUBLIC_INTERFACE_DEFAULT=br100
-# Set ``GUEST_INTERFACE_DEFAULT`` to some interface on the box so that
-# the default isn't completely crazy. This will match ``eth*``, ``em*``, or
-# the new ``p*`` interfaces, then basically picks the first
-# alphabetically. It's probably wrong, however it's less wrong than
-# always using ``eth0`` which doesn't exist on new Linux distros at all.
-GUEST_INTERFACE_DEFAULT=$(ip link \
- | grep 'state UP' \
- | awk '{print $2}' \
- | sed 's/://' \
- | grep ^[ep] \
- | head -1)
-
# ``NOVA_VNC_ENABLED`` can be used to forcibly enable VNC configuration.
# In multi-node setups allows compute hosts to not run ``n-novnc``.
NOVA_VNC_ENABLED=$(trueorfalse False NOVA_VNC_ENABLED)
diff --git a/lib/tempest b/lib/tempest
index 206b37b..87a2244 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -695,13 +695,13 @@
local tmp_cfg_file
tmp_cfg_file=$(mktemp)
cd $TEMPEST_DIR
- if [[ "$OFFLINE" != "True" ]]; then
- tox -revenv-tempest --notest
- fi
local tmp_u_c_m
tmp_u_c_m=$(mktemp -t tempest_u_c_m.XXXXXXXXXX)
set_tempest_venv_constraints $tmp_u_c_m
+ if [[ "$OFFLINE" != "True" ]]; then
+ tox -revenv-tempest --notest
+ fi
tox -evenv-tempest -- pip install -c $tmp_u_c_m -r requirements.txt
rm -f $tmp_u_c_m
diff --git a/stack.sh b/stack.sh
index df283bb..cc90fca 100755
--- a/stack.sh
+++ b/stack.sh
@@ -12,7 +12,7 @@
# a multi-node developer install.
# To keep this script simple we assume you are running on a recent **Ubuntu**
-# (Bionic or newer), **Fedora** (F24 or newer), or **CentOS/RHEL**
+# (Bionic or newer), **Fedora** (F36 or newer), or **CentOS/RHEL**
# (7 or newer) machine. (It may work on other platforms but support for those
# platforms is left to those who added them to DevStack.) It should work in
# a VM or physical server. Additionally, we maintain a list of ``deb`` and
@@ -229,7 +229,7 @@
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
-SUPPORTED_DISTROS="bullseye|focal|jammy|f35|opensuse-15.2|opensuse-tumbleweed|rhel8|rhel9"
+SUPPORTED_DISTROS="bullseye|focal|jammy|f36|opensuse-15.2|opensuse-tumbleweed|rhel8|rhel9"
if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
@@ -1152,7 +1152,8 @@
# ----
if is_service_enabled q-dhcp; then
- # Delete traces of nova networks from prior runs
+ # TODO(frickler): These are remnants from n-net, check which parts are really
+ # still needed for Neutron.
# Do not kill any dnsmasq instance spawned by NetworkManager
netman_pid=$(pidof NetworkManager || true)
if [ -z "$netman_pid" ]; then
@@ -1212,12 +1213,7 @@
echo_summary "Configuring Nova"
init_nova
- # Additional Nova configuration that is dependent on other services
- # TODO(stephenfin): Is it possible for neutron to *not* be enabled now? If
- # not, remove the if here
- if is_service_enabled neutron; then
- async_runfunc configure_neutron_nova
- fi
+ async_runfunc configure_neutron_nova
fi
diff --git a/stackrc b/stackrc
index f0039f0..a05d1e5 100644
--- a/stackrc
+++ b/stackrc
@@ -243,7 +243,7 @@
# Setting the variable to 'ALL' will activate the download for all
# libraries.
-DEVSTACK_SERIES="zed"
+DEVSTACK_SERIES="2023.1"
##############
#
@@ -903,8 +903,6 @@
# Default is dependent on TUNNEL_IP_VERSION above.
TUNNEL_ENDPOINT_IP=${TUNNEL_ENDPOINT_IP:-${DEF_TUNNEL_ENDPOINT_IP}}
-REGION_NAME=${REGION_NAME:-RegionOne}
-
# Configure services to use syslog instead of writing to individual log files
SYSLOG=$(trueorfalse False SYSLOG)
SYSLOG_HOST=${SYSLOG_HOST:-$HOST_IP}
diff --git a/tests/test_ini_config.sh b/tests/test_ini_config.sh
index 6ed1647..6367cde 100755
--- a/tests/test_ini_config.sh
+++ b/tests/test_ini_config.sh
@@ -44,6 +44,9 @@
multi = foo1
multi = foo2
+[fff]
+ampersand =
+
[key_with_spaces]
rgw special key = something
@@ -85,7 +88,7 @@
# test iniget_sections
VAL=$(iniget_sections "${TEST_INI}")
-assert_equal "$VAL" "default aaa bbb ccc ddd eee key_with_spaces \
+assert_equal "$VAL" "default aaa bbb ccc ddd eee fff key_with_spaces \
del_separate_options del_same_option del_missing_option \
del_missing_option_multi del_no_options"
@@ -124,6 +127,13 @@
VAL=$(iniget ${TEST_INI} bbb handlers)
assert_equal "$VAL" "33,44" "inset at EOF"
+# Test with ampersand in values
+for i in `seq 3`; do
+ iniset ${TEST_INI} fff ampersand '&y'
+done
+VAL=$(iniget ${TEST_INI} fff ampersand)
+assert_equal "$VAL" "&y" "iniset ampersands in option"
+
# test empty option
if ini_has_option ${SUDO_ARG} ${TEST_INI} ddd empty; then
passed "ini_has_option: ddd.empty present"