Merge "doc: document override_defaults phase"
diff --git a/doc/source/guides/devstack-with-lbaas-v2.rst b/doc/source/guides/devstack-with-lbaas-v2.rst
index 4e5f874..f3bd2fe 100644
--- a/doc/source/guides/devstack-with-lbaas-v2.rst
+++ b/doc/source/guides/devstack-with-lbaas-v2.rst
@@ -1,13 +1,17 @@
-Configure Load-Balancer in Kilo
+Configure Load-Balancer Version 2
=================================
-The Kilo release of OpenStack will support Version 2 of the neutron load balancer. Until now, using OpenStack `LBaaS V2 <http://docs.openstack.org/api/openstack-network/2.0/content/lbaas_ext.html>`_ has required a good understanding of neutron and LBaaS architecture and several manual steps.
+Starting in the OpenStack Liberty release, the
+`neutron LBaaS v2 API <http://developer.openstack.org/api-ref-networking-v2-ext.html>`_
+is now stable while the LBaaS v1 API has been deprecated. The LBaaS v2 reference
+driver is based on Octavia.
Phase 1: Create DevStack + 2 nova instances
--------------------------------------------
-First, set up a vm of your choice with at least 8 GB RAM and 16 GB disk space, make sure it is updated. Install git and any other developer tools you find useful.
+First, set up a vm of your choice with at least 8 GB RAM and 16 GB disk space,
+make sure it is updated. Install git and any other developer tools you find useful.
Install devstack
@@ -24,6 +28,7 @@
[[local|localrc]]
# Load the external LBaaS plugin.
enable_plugin neutron-lbaas https://git.openstack.org/openstack/neutron-lbaas
+ enable_plugin octavia https://git.openstack.org/openstack/octavia
# ===== BEGIN localrc =====
DATABASE_PASSWORD=password
@@ -42,13 +47,13 @@
ENABLED_SERVICES+=,horizon
# Nova
ENABLED_SERVICES+=,n-api,n-crt,n-obj,n-cpu,n-cond,n-sch
- IMAGE_URLS+=",https://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img"
# Glance
ENABLED_SERVICES+=,g-api,g-reg
# Neutron
ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-l3,q-meta
- # Enable LBaaS V2
+ # Enable LBaaS v2
ENABLED_SERVICES+=,q-lbaasv2
+ ENABLED_SERVICES+=,octavia,o-cw,o-hk,o-hm,o-api
# Cinder
ENABLED_SERVICES+=,c-api,c-vol,c-sch
# Tempest
@@ -69,11 +74,11 @@
::
#create nova instances on private network
- nova boot --image $(nova image-list | awk '/ cirros-0.3.0-x86_64-disk / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node1
- nova boot --image $(nova image-list | awk '/ cirros-0.3.0-x86_64-disk / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node2
+ nova boot --image $(nova image-list | awk '/ cirros-.*-x86_64-uec / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node1
+ nova boot --image $(nova image-list | awk '/ cirros-.*-x86_64-uec / {print $2}') --flavor 1 --nic net-id=$(neutron net-list | awk '/ private / {print $2}') node2
nova list # should show the nova instances just created
- #add secgroup rule to allow ssh etc..
+ #add secgroup rules to allow ssh etc..
neutron security-group-rule-create default --protocol icmp
neutron security-group-rule-create default --protocol tcp --port-range-min 22 --port-range-max 22
neutron security-group-rule-create default --protocol tcp --port-range-min 80 --port-range-max 80
@@ -91,9 +96,16 @@
::
neutron lbaas-loadbalancer-create --name lb1 private-subnet
+ neutron lbaas-loadbalancer-show lb1 # Wait for the provisioning_status to be ACTIVE.
neutron lbaas-listener-create --loadbalancer lb1 --protocol HTTP --protocol-port 80 --name listener1
+ sleep 10 # Sleep since LBaaS actions can take a few seconds depending on the environment.
neutron lbaas-pool-create --lb-algorithm ROUND_ROBIN --listener listener1 --protocol HTTP --name pool1
+ sleep 10
neutron lbaas-member-create --subnet private-subnet --address 10.0.0.3 --protocol-port 80 pool1
+ sleep 10
neutron lbaas-member-create --subnet private-subnet --address 10.0.0.5 --protocol-port 80 pool1
-Please note here that the "10.0.0.3" and "10.0.0.5" in the above commands are the IPs of the nodes (in my test run-thru, they were actually 10.2 and 10.4), and the address of the created LB will be reported as "vip_address" from the lbaas-loadbalancer-create, and a quick test of that LB is "curl that-lb-ip", which should alternate between showing the IPs of the two nodes.
+Please note here that the "10.0.0.3" and "10.0.0.5" in the above commands are the IPs of the nodes
+(in my test run-thru, they were actually 10.2 and 10.4), and the address of the created LB will be
+reported as "vip_address" from the lbaas-loadbalancer-create, and a quick test of that LB is
+"curl that-lb-ip", which should alternate between showing the IPs of the two nodes.
diff --git a/files/ebtables.workaround b/files/ebtables.workaround
new file mode 100644
index 0000000..c8af51f
--- /dev/null
+++ b/files/ebtables.workaround
@@ -0,0 +1,23 @@
+#!/bin/bash
+#
+# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+#
+# This is a terrible, terrible, truly terrible work around for
+# environments that have libvirt < 1.2.11. ebtables requires that you
+# specifically tell it you would like to not race and get punched in
+# the face when 2 run at the same time with a --concurrent flag.
+
+flock -w 300 /var/lock/ebtables.nova /sbin/ebtables.real $@
diff --git a/lib/databases/mysql b/lib/databases/mysql
index c2ab32e..cc74b33 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -143,7 +143,7 @@
[client]
user=$DATABASE_USER
password=$DATABASE_PASSWORD
-host=$DATABASE_HOST
+host=$MYSQL_HOST
EOF
chmod 0600 $HOME/.my.cnf
fi
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 7b6f1c6..85f7fc0 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -256,7 +256,7 @@
# If using GRE tunnels for tenant networks, specify the range of
# tunnel IDs from which tenant networks are allocated. Can be
-# overriden in ``localrc`` in necesssary.
+# overridden in ``localrc`` in necessary.
TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGES:-1:1000}
# To use VLANs for tenant networks, set to True in localrc. VLANs
@@ -536,7 +536,7 @@
if is_provider_network; then
die_if_not_set $LINENO PHYSICAL_NETWORK "You must specify the PHYSICAL_NETWORK"
- die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specifiy the PROVIDER_NETWORK_TYPE"
+ die_if_not_set $LINENO PROVIDER_NETWORK_TYPE "You must specify the PROVIDER_NETWORK_TYPE"
NET_ID=$(neutron net-create $PHYSICAL_NETWORK --tenant_id $TENANT_ID --provider:network_type $PROVIDER_NETWORK_TYPE --provider:physical_network "$PHYSICAL_NETWORK" ${SEGMENTATION_ID:+--provider:segmentation_id $SEGMENTATION_ID} --shared | grep ' id ' | get_field 2)
die_if_not_set $LINENO NET_ID "Failure creating NET_ID for $PHYSICAL_NETWORK $TENANT_ID"
@@ -834,6 +834,10 @@
_move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet"
if [[ $(ip -f inet6 a s dev "$OVS_PHYSICAL_BRIDGE" | grep -c 'global') != 0 ]]; then
+ # ip(8) wants the prefix length when deleting
+ local v6_gateway
+ v6_gateway=$(ip -6 a s dev $OVS_PHYSICAL_BRIDGE | grep $IPV6_PUBLIC_NETWORK_GATEWAY | awk '{ print $2 }')
+ sudo ip -6 addr del $v6_gateway dev $OVS_PHYSICAL_BRIDGE
_move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False "inet6"
fi
@@ -1122,7 +1126,7 @@
iniset $NEUTRON_CONF DEFAULT auth_strategy $Q_AUTH_STRATEGY
_neutron_setup_keystone $NEUTRON_CONF keystone_authtoken
- # Configuration for neutron notifations to nova.
+ # Configuration for neutron notifications to nova.
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES
iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 78c5978..045fc8b 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -31,6 +31,11 @@
fi
install_package libvirt-bin libvirt-dev
pip_install_gr libvirt-python
+ if [[ "$EBTABLES_RACE_FIX" == "True" ]]; then
+ # Work around for bug #1501558. We can remove this once we
+ # get to a version of Ubuntu that has new enough libvirt.
+ TOP_DIR=$TOP_DIR $TOP_DIR/tools/install_ebtables_workaround.sh
+ fi
#pip_install_gr <there-si-no-guestfs-in-pypi>
elif is_fedora || is_suse; then
install_package kvm
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 03eacd8..298dcb6 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -58,7 +58,7 @@
# NOTE(bnemec): Retry initial rabbitmq configuration to deal with
# the fact that sometimes it fails to start properly.
# Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1144100
- # NOTE(tonyb): Extend the orginal retry logic to only restart rabbitmq
+ # NOTE(tonyb): Extend the original retry logic to only restart rabbitmq
# every second time around the loop.
# See: https://bugs.launchpad.net/devstack/+bug/1449056 for details on
# why this is needed. This can bee seen on vivid and Debian unstable
@@ -106,7 +106,7 @@
fi
}
-# iniset cofiguration
+# iniset configuration
function iniset_rpc_backend {
local package=$1
local file=$2
diff --git a/lib/stack b/lib/stack
index 47e8ce2..7d98604 100644
--- a/lib/stack
+++ b/lib/stack
@@ -14,7 +14,7 @@
# Functions
# ---------
-# Generic service install handles venv creation if confgured for service
+# Generic service install handles venv creation if configured for service
# stack_install_service service
function stack_install_service {
local service=$1
diff --git a/lib/swift b/lib/swift
index ee0238d..d7ccc24 100644
--- a/lib/swift
+++ b/lib/swift
@@ -123,13 +123,13 @@
# trace through the logs when looking for its use.
SWIFT_LOG_TOKEN_LENGTH=${SWIFT_LOG_TOKEN_LENGTH:-12}
-# Set ``SWIFT_MAX_HEADER_SIZE`` to configure the maximun length of headers in
+# Set ``SWIFT_MAX_HEADER_SIZE`` to configure the maximum length of headers in
# Swift API
SWIFT_MAX_HEADER_SIZE=${SWIFT_MAX_HEADER_SIZE:-16384}
# Set ``OBJECT_PORT_BASE``, ``CONTAINER_PORT_BASE``, ``ACCOUNT_PORT_BASE``
-# Port bases used in port number calclution for the service "nodes"
-# The specified port number will be used, the additinal ports calculated by
+# Port bases used in port number calculation for the service "nodes"
+# The specified port number will be used, the additional ports calculated by
# base_port + node_num * 10
OBJECT_PORT_BASE=${OBJECT_PORT_BASE:-6613}
CONTAINER_PORT_BASE=${CONTAINER_PORT_BASE:-6611}
diff --git a/stack.sh b/stack.sh
index 9b811b7..a3d943a 100755
--- a/stack.sh
+++ b/stack.sh
@@ -925,8 +925,8 @@
restart_rpc_backend
-# Export Certicate Authority Bundle
-# ---------------------------------
+# Export Certificate Authority Bundle
+# -----------------------------------
# If certificates were used and written to the SSL bundle file then these
# should be exported so clients can validate their connections.
diff --git a/stackrc b/stackrc
index f400047..23a4a7c 100644
--- a/stackrc
+++ b/stackrc
@@ -766,6 +766,16 @@
# Use native SSL for servers in ``SSL_ENABLED_SERVICES``
USE_SSL=$(trueorfalse False USE_SSL)
+# ebtables is inherently racey. If you run it by two or more processes
+# simultaneously it will collide, badly, in the kernel and produce
+# failures or corruption of ebtables. The only way around it is for
+# all tools running ebtables to only ever do so with the --concurrent
+# flag. This requires libvirt >= 1.2.11.
+#
+# If you don't have this then the following work around will replace
+# ebtables with a wrapper script so that it is safe to run without
+# that flag.
+EBTABLES_RACE_FIX=$(trueorfalse False EBTABLES_RACE_FIX)
# Following entries need to be last items in file
diff --git a/tests/unittest.sh b/tests/unittest.sh
index df7a8b4..2570319 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -92,16 +92,17 @@
fi
}
-# print a summary of passing and failing tests, exiting
-# with an error if we have failed tests
+# Print a summary of passing and failing tests and exit
+# (with an error if we have failed tests)
# usage: report_results
function report_results {
echo "$PASS Tests PASSED"
- if [[ $ERROR -gt 1 ]]; then
+ if [[ $ERROR -gt 0 ]]; then
echo
echo "The following $ERROR tests FAILED"
echo -e "$FAILED_FUNCS"
echo "---"
exit 1
fi
+ exit 0
}
diff --git a/tools/install_ebtables_workaround.sh b/tools/install_ebtables_workaround.sh
new file mode 100755
index 0000000..45ced87
--- /dev/null
+++ b/tools/install_ebtables_workaround.sh
@@ -0,0 +1,31 @@
+#!/bin/bash -eu
+#
+# Copyright 2015 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+#
+# This replaces the ebtables on your system with a wrapper script that
+# does implicit locking. This is needed if libvirt < 1.2.11 on your platform.
+
+EBTABLES=/sbin/ebtables
+EBTABLESREAL=/sbin/ebtables.real
+FILES=$TOP_DIR/files
+
+if [[ -f "$EBTABLES" ]]; then
+ if file $EBTABLES | grep ELF; then
+ sudo mv $EBTABLES $EBTABLESREAL
+ sudo install -m 0755 $FILES/ebtables.workaround $EBTABLES
+ echo "Replaced ebtables with locking workaround"
+ fi
+fi