Merge "Ensure keepalive isn't used on uwsgi http mode"
diff --git a/files/rpms/cinder b/files/rpms/cinder
index 0274642..2c7b45b 100644
--- a/files/rpms/cinder
+++ b/files/rpms/cinder
@@ -1,4 +1,5 @@
iscsi-initiator-utils
lvm2
qemu-img
-scsi-target-utils # NOPRIME
+scsi-target-utils # not:rhel7,f24,f25 NOPRIME
+targetcli # dist:rhel7,f24,f25 NOPRIME
\ No newline at end of file
diff --git a/functions b/functions
index e056c3f..738040d 100644
--- a/functions
+++ b/functions
@@ -751,6 +751,21 @@
}
+function write_devstack_version {
+ pushd $TOP_DIR
+ local git_version=""
+ git_version=$(git log --format="%H %s %ci" -1)
+ cat - > /tmp/devstack-version <<EOF
+#!/bin/bash
+
+echo "DevStack Version: ${DEVSTACK_SERIES} - ${git_version}"
+echo "OS Version: ${os_VENDOR} ${os_RELEASE} ${os_CODENAME}"
+
+EOF
+ sudo install -m 755 /tmp/devstack-version /usr/local/bin/devstack-version
+ rm /tmp/devstack-version
+}
+
# Restore xtrace
$_XTRACE_FUNCTIONS
diff --git a/lib/apache b/lib/apache
index 35a9e7b..cf438a0 100644
--- a/lib/apache
+++ b/lib/apache
@@ -250,7 +250,6 @@
# always cleanup given that we are using iniset here
rm -rf $file
iniset "$file" uwsgi wsgi-file "$wsgi"
- iniset "$file" uwsgi socket "$socket"
iniset "$file" uwsgi processes $API_WORKERS
# This is running standalone
iniset "$file" uwsgi master true
@@ -267,7 +266,6 @@
iniset "$file" uwsgi add-header "Connection: close"
# This ensures that file descriptors aren't shared between processes.
iniset "$file" uwsgi lazy-apps true
- iniset "$file" uwsgi chmod-socket 666
# If we said bind directly to http, then do that and don't start the apache proxy
if [[ -n "$http" ]]; then
@@ -276,6 +274,8 @@
local apache_conf=""
apache_conf=$(apache_site_config_for $name)
echo "SetEnv proxy-sendcl 1" | sudo tee $apache_conf
+ iniset "$file" uwsgi socket "$socket"
+ iniset "$file" uwsgi chmod-socket 666
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee -a $apache_conf
enable_apache_site $name
restart_apache_server
diff --git a/lib/cinder b/lib/cinder
index 243b639..b585416 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -95,7 +95,16 @@
# https://bugs.launchpad.net/cinder/+bug/1180976
CINDER_PERIODIC_INTERVAL=${CINDER_PERIODIC_INTERVAL:-60}
-CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-tgtadm}
+# Centos7 switched to using LIO and that's all that's supported,
+# although the tgt bits are in EPEL we don't want that for CI
+if is_fedora; then
+ CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-lioadm}
+ if [[ ${CINDER_ISCSI_HELPER} != "lioadm" ]]; then
+ die "lioadm is the only valid Cinder iscsi_helper config on this platform"
+ fi
+else
+ CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-tgtadm}
+fi
# Toggle for deploying Cinder under HTTPD + mod_wsgi
CINDER_USE_MOD_WSGI=${CINDER_USE_MOD_WSGI:-False}
@@ -313,7 +322,6 @@
# Set the service port for a proxy to take the original
iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
- iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
fi
if [ "$SYSLOG" != "False" ]; then
@@ -436,12 +444,10 @@
function install_cinder {
git_clone $CINDER_REPO $CINDER_DIR $CINDER_BRANCH
setup_develop $CINDER_DIR
- if [ "$CINDER_ISCSI_HELPER" = "tgtadm" ]; then
- if is_fedora; then
- install_package scsi-target-utils
- else
- install_package tgt
- fi
+ if [[ "$CINDER_ISCSI_HELPER" == "tgtadm" ]]; then
+ install_package tgt
+ elif [[ "$CINDER_ISCI_HELPER" == "lioadm" ]]; then
+ install_package targetcli
fi
if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
diff --git a/lib/nova b/lib/nova
index f56509a..3fa5de6 100644
--- a/lib/nova
+++ b/lib/nova
@@ -17,7 +17,6 @@
#
# - install_nova
# - configure_nova
-# - _config_nova_apache_wsgi
# - create_nova_conf
# - init_nova
# - start_nova
@@ -28,7 +27,6 @@
_XTRACE_LIB_NOVA=$(set +o | grep xtrace)
set +o xtrace
-
# Defaults
# --------
@@ -56,17 +54,20 @@
NOVA_FAKE_CONF=$NOVA_CONF_DIR/nova-fake.conf
NOVA_CELLS_DB=${NOVA_CELLS_DB:-nova_cell}
NOVA_API_DB=${NOVA_API_DB:-nova_api}
+NOVA_UWSGI=$NOVA_BIN_DIR/nova-api-wsgi
+NOVA_METADATA_UWSGI=$NOVA_BIN_DIR/nova-metadata-wsgi
+NOVA_UWSGI_CONF=$NOVA_CONF_DIR/nova-api-uwsgi.ini
+NOVA_METADATA_UWSGI_CONF=$NOVA_CONF_DIR/nova-metadata-uwsgi.ini
NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
-if is_suse; then
- NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/srv/www/htdocs/nova}
-else
- NOVA_WSGI_DIR=${NOVA_WSGI_DIR:-/var/www/nova}
-fi
-
-# Toggle for deploying Nova-API under HTTPD + mod_wsgi
-NOVA_USE_MOD_WSGI=${NOVA_USE_MOD_WSGI:-False}
+# Toggle for deploying Nova-API under a wsgi server. We default to
+# true to use UWSGI, but allow False so that fall back to the
+# eventlet server can happen for grenade runs.
+# NOTE(cdent): We can adjust to remove the eventlet-base api service
+# after pike, at which time we can stop using NOVA_USE_MOD_WSGI to
+# mean "use uwsgi" because we'll be always using uwsgi.
+NOVA_USE_MOD_WSGI=${NOVA_USE_MOD_WSGI:-True}
if is_service_enabled tls-proxy; then
NOVA_SERVICE_PROTOCOL="https"
@@ -236,66 +237,10 @@
# cleanup_nova_hypervisor
#fi
- if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
- _cleanup_nova_apache_wsgi
- fi
-}
-
-# _cleanup_nova_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file
-function _cleanup_nova_apache_wsgi {
- sudo rm -f $NOVA_WSGI_DIR/*
- sudo rm -f $(apache_site_config_for nova-api)
- sudo rm -f $(apache_site_config_for nova-metadata)
-}
-
-# _config_nova_apache_wsgi() - Set WSGI config files of Nova API
-function _config_nova_apache_wsgi {
- sudo mkdir -p $NOVA_WSGI_DIR
-
- local nova_apache_conf
- nova_apache_conf=$(apache_site_config_for nova-api)
- local nova_metadata_apache_conf
- nova_metadata_apache_conf=$(apache_site_config_for nova-metadata)
- local nova_ssl=""
- local nova_certfile=""
- local nova_keyfile=""
- local nova_api_port=$NOVA_SERVICE_PORT
- local nova_metadata_port=$METADATA_SERVICE_PORT
- local venv_path=""
-
- if [[ ${USE_VENV} = True ]]; then
- venv_path="python-path=${PROJECT_VENV["nova"]}/lib/$(python_version)/site-packages"
- fi
-
- # copy proxy vhost and wsgi helper files
- sudo cp $NOVA_DIR/nova/wsgi/nova-api.py $NOVA_WSGI_DIR/nova-api
- sudo cp $NOVA_DIR/nova/wsgi/nova-metadata.py $NOVA_WSGI_DIR/nova-metadata
-
- sudo cp $FILES/apache-nova-api.template $nova_apache_conf
- sudo sed -e "
- s|%PUBLICPORT%|$nova_api_port|g;
- s|%APACHE_NAME%|$APACHE_NAME|g;
- s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-api|g;
- s|%SSLENGINE%|$nova_ssl|g;
- s|%SSLCERTFILE%|$nova_certfile|g;
- s|%SSLKEYFILE%|$nova_keyfile|g;
- s|%USER%|$STACK_USER|g;
- s|%VIRTUALENV%|$venv_path|g
- s|%APIWORKERS%|$API_WORKERS|g
- " -i $nova_apache_conf
-
- sudo cp $FILES/apache-nova-metadata.template $nova_metadata_apache_conf
- sudo sed -e "
- s|%PUBLICPORT%|$nova_metadata_port|g;
- s|%APACHE_NAME%|$APACHE_NAME|g;
- s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-metadata|g;
- s|%SSLENGINE%|$nova_ssl|g;
- s|%SSLCERTFILE%|$nova_certfile|g;
- s|%SSLKEYFILE%|$nova_keyfile|g;
- s|%USER%|$STACK_USER|g;
- s|%VIRTUALENV%|$venv_path|g
- s|%APIWORKERS%|$API_WORKERS|g
- " -i $nova_metadata_apache_conf
+ stop_process "n-api"
+ stop_process "n-api-meta"
+ remove_uwsgi_config "$NOVA_UWSGI_CONF" "$NOVA_UWSGI"
+ remove_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI"
}
# configure_nova() - Set config files, create data dirs, etc
@@ -489,7 +434,7 @@
NOVA_ENABLED_APIS=$(echo $NOVA_ENABLED_APIS | sed "s/,metadata//")
fi
iniset $NOVA_CONF DEFAULT enabled_apis "$NOVA_ENABLED_APIS"
- if is_service_enabled tls-proxy; then
+ if is_service_enabled tls-proxy && [ "$NOVA_USE_MOD_WSGI" == "False" ]; then
# Set the service port for a proxy to take the original
iniset $NOVA_CONF DEFAULT osapi_compute_listen_port "$NOVA_SERVICE_PORT_INT"
iniset $NOVA_CONF DEFAULT osapi_compute_link_prefix $NOVA_SERVICE_PROTOCOL://$NOVA_SERVICE_HOST:$NOVA_SERVICE_PORT
@@ -524,11 +469,10 @@
iniset $NOVA_CONF DEFAULT force_config_drive "$FORCE_CONFIG_DRIVE"
fi
# Format logging
- setup_logging $NOVA_CONF $NOVA_USE_MOD_WSGI
+ setup_logging $NOVA_CONF
- if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
- _config_nova_apache_wsgi
- fi
+ write_uwsgi_config "$NOVA_UWSGI_CONF" "$NOVA_UWSGI" "/compute"
+ write_uwsgi_config "$NOVA_METADATA_UWSGI_CONF" "$NOVA_METADATA_UWSGI" "" ":${METADATA_SERVICE_PORT}"
if is_service_enabled ceilometer; then
iniset $NOVA_CONF DEFAULT instance_usage_audit "True"
@@ -777,10 +721,6 @@
git_clone $NOVA_REPO $NOVA_DIR $NOVA_BRANCH
setup_develop $NOVA_DIR
sudo install -D -m 0644 -o $STACK_USER {$NOVA_DIR/tools/,/etc/bash_completion.d/}nova-manage.bash_completion
-
- if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
- install_apache_wsgi
- fi
}
# start_nova_api() - Start the API process ahead of other things
@@ -788,6 +728,7 @@
# Get right service port for testing
local service_port=$NOVA_SERVICE_PORT
local service_protocol=$NOVA_SERVICE_PROTOCOL
+ local nova_url
if is_service_enabled tls-proxy; then
service_port=$NOVA_SERVICE_PORT_INT
service_protocol="http"
@@ -797,29 +738,23 @@
local old_path=$PATH
export PATH=$NOVA_BIN_DIR:$PATH
- # If the site is not enabled then we are in a grenade scenario
- local enabled_site_file
- enabled_site_file=$(apache_site_config_for nova-api)
- if [ -f ${enabled_site_file} ] && [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
- enable_apache_site nova-api
- enable_apache_site nova-metadata
- restart_apache_server
- tail_log nova-api /var/log/$APACHE_NAME/nova-api.log
- tail_log nova-metadata /var/log/$APACHE_NAME/nova-metadata.log
- else
+ if [ "$NOVA_USE_MOD_WSGI" == "False" ]; then
run_process n-api "$NOVA_BIN_DIR/nova-api"
+ nova_url=$service_protocol://$SERVICE_HOST:$service_port
+ # Start proxy if tsl enabled
+ if is_service_enabled tls-proxy; then
+ start_tls_proxy nova '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT
+ fi
+ else
+ run_process "n-api" "$NOVA_BIN_DIR/uwsgi --ini $NOVA_UWSGI_CONF"
+ nova_url=$service_protocol://$SERVICE_HOST/compute/v2.1/
fi
echo "Waiting for nova-api to start..."
- if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$SERVICE_HOST:$service_port; then
+ if ! wait_for_service $SERVICE_TIMEOUT $nova_url; then
die $LINENO "nova-api did not start"
fi
- # Start proxies if enabled
- if is_service_enabled tls-proxy; then
- start_tls_proxy nova '*' $NOVA_SERVICE_PORT $NOVA_SERVICE_HOST $NOVA_SERVICE_PORT_INT
- fi
-
export PATH=$old_path
}
@@ -890,7 +825,11 @@
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf"
run_process n-sch "$NOVA_BIN_DIR/nova-scheduler --config-file $compute_cell_conf"
- run_process n-api-meta "$NOVA_BIN_DIR/nova-api-metadata --config-file $compute_cell_conf"
+ if [ "$NOVA_USE_MOD_WSGI" == "False" ]; then
+ run_process n-api-meta "$NOVA_BIN_DIR/nova-api-metadata --config-file $compute_cell_conf"
+ else
+ run_process n-api-meta "$NOVA_BIN_DIR/uwsgi --ini $NOVA_METADATA_UWSGI_CONF"
+ fi
run_process n-novnc "$NOVA_BIN_DIR/nova-novncproxy --config-file $api_cell_conf --web $NOVNC_WEB_DIR"
run_process n-xvnc "$NOVA_BIN_DIR/nova-xvpvncproxy --config-file $api_cell_conf"
@@ -921,17 +860,8 @@
}
function stop_nova_rest {
- if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
- disable_apache_site nova-api
- disable_apache_site nova-metadata
- restart_apache_server
- else
- stop_process n-api
- fi
- # Kill the nova screen windows
- # Some services are listed here twice since more than one instance
- # of a service may be running in certain configs.
- for serv in n-api n-net n-sch n-novnc n-xvnc n-cauth n-spice n-cond n-cell n-cell n-api-meta n-sproxy; do
+ # Kill the non-compute nova processes
+ for serv in n-api n-api-meta n-net n-sch n-novnc n-xvnc n-cauth n-spice n-cond n-cell n-cell n-sproxy; do
stop_process $serv
done
}
diff --git a/lib/swift b/lib/swift
index e247f15..fc09093 100644
--- a/lib/swift
+++ b/lib/swift
@@ -842,7 +842,7 @@
if is_service_enabled tls-proxy; then
local proxy_port=${SWIFT_DEFAULT_BIND_PORT}
- start_tls_proxy swift '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT
+ start_tls_proxy swift '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT $SWIFT_MAX_HEADER_SIZE
fi
run_process s-proxy "$SWIFT_BIN_DIR/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
diff --git a/lib/tls b/lib/tls
index 6d67c90..6a3d260 100644
--- a/lib/tls
+++ b/lib/tls
@@ -494,6 +494,8 @@
local f_port=$3
local b_host=$4
local b_port=$5
+ # 8190 is the default apache size.
+ local f_header_size=${6:-8190}
tune_apache_connections
@@ -521,6 +523,11 @@
# ('Connection aborted.', BadStatusLine("''",)) error
KeepAlive Off
+ # This increase in allowed request header sizes is required
+ # for swift functional testing to work with tls enabled. It is 2 bytes
+ # larger than the apache default of 8190.
+ LimitRequestFieldSize $f_header_size
+
<Location />
ProxyPass http://$b_host:$b_port/ retry=0 nocanon
ProxyPassReverse http://$b_host:$b_port/
diff --git a/stack.sh b/stack.sh
index 59f2597..fd18651 100755
--- a/stack.sh
+++ b/stack.sh
@@ -216,6 +216,9 @@
fi
source $TOP_DIR/stackrc
+# this installs a devstack-version script to make it easy to report the version back
+write_devstack_version
+
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
if [[ ! ${DISTRO} =~ (xenial|yakkety|zesty|stretch|jessie|f24|f25|opensuse-42.2|rhel7|kvmibm1) ]]; then
@@ -1521,19 +1524,28 @@
# Warn that a deprecated feature was used
if [[ -n "$DEPRECATED_TEXT" ]]; then
- echo_summary "WARNING: $DEPRECATED_TEXT"
+ echo
+ echo -e "WARNING: $DEPRECATED_TEXT"
+ echo
fi
# If USE_SYSTEMD is enabled, tell the user about using it.
if [[ "$USE_SYSTEMD" == "True" ]]; then
+ echo
echo "Services are running under systemd unit files."
echo "For more information see: "
echo "https://docs.openstack.org/developer/devstack/systemd.html"
+ echo
fi
+# devstack version
+devstack-version
+echo
+
# Indicate how long this took to run (bash maintained variable ``SECONDS``)
echo_summary "stack.sh completed in $SECONDS seconds."
+
# Restore/close logging file descriptors
exec 1>&3
exec 2>&3
diff --git a/stackrc b/stackrc
index 50f7c89..c57e485 100644
--- a/stackrc
+++ b/stackrc
@@ -53,7 +53,7 @@
# Keystone - nothing works without keystone
ENABLED_SERVICES=key
# Nova - services to support libvirt based openstack clouds
- ENABLED_SERVICES+=,n-api,n-cpu,n-cond,n-sch,n-novnc,n-cauth
+ ENABLED_SERVICES+=,n-api,n-cpu,n-cond,n-sch,n-novnc,n-cauth,n-api-meta
# Placement service needed for Nova
ENABLED_SERVICES+=,placement-api,placement-client
# Glance services needed for Nova
@@ -272,6 +272,7 @@
# Setting the variable to 'ALL' will activate the download for all
# libraries.
+DEVSTACK_SERIES="pike"
##############
#