Merge "Switch devstack nodeset to Ubuntu 22.04 (jammy)"
diff --git a/.zuul.yaml b/.zuul.yaml
index 76a70dc..471ca10 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -707,8 +707,6 @@
description: Debian Bullseye platform test
nodeset: devstack-single-node-debian-bullseye
timeout: 9000
- # TODO(danms) n-v until the known issue is resolved
- voting: false
vars:
configure_swap_size: 4096
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 776ef1d..a83b2de 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -751,7 +751,7 @@
::
- openstack --os-cloud devstack-system-admin registered limit update \
+ openstack --os-cloud devstack-system-admin registered limit set \
--service glance --default-limit 5000 --region RegionOne image_size_total
.. _arch-configuration:
diff --git a/lib/nova b/lib/nova
index 8e8ea8a..14eb8fc 100644
--- a/lib/nova
+++ b/lib/nova
@@ -97,6 +97,12 @@
METADATA_SERVICE_PORT=${METADATA_SERVICE_PORT:-8775}
NOVA_ENABLE_CACHE=${NOVA_ENABLE_CACHE:-True}
+# Flag to set the oslo_policy.enforce_scope and oslo_policy.enforce_new_defaults.
+# This is used to switch the compute API policies enable the scope and new defaults.
+# By Default, these flag are False.
+# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
+NOVA_ENFORCE_SCOPE=$(trueorfalse False NOVA_ENFORCE_SCOPE)
+
if [[ $SERVICE_IP_VERSION == 6 ]]; then
NOVA_MY_IP="$HOST_IPV6"
else
@@ -481,6 +487,10 @@
NOVA_ENABLED_APIS=$(echo $NOVA_ENABLED_APIS | sed "s/,metadata//")
fi
iniset $NOVA_CONF DEFAULT enabled_apis "$NOVA_ENABLED_APIS"
+ if [[ "$NOVA_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == "True" ]]; then
+ iniset $NOVA_CONF oslo_policy enforce_new_defaults True
+ iniset $NOVA_CONF oslo_policy enforce_scope True
+ fi
if is_service_enabled tls-proxy && [ "$NOVA_USE_MOD_WSGI" == "False" ]; then
# Set the service port for a proxy to take the original
iniset $NOVA_CONF DEFAULT osapi_compute_listen_port "$NOVA_SERVICE_PORT_INT"
@@ -911,8 +921,23 @@
# a websockets/html5 or flash powered VNC console for vm instances
NOVNC_FROM_PACKAGE=$(trueorfalse False NOVNC_FROM_PACKAGE)
if [ "$NOVNC_FROM_PACKAGE" = "True" ]; then
+ # Installing novnc on Debian bullseye breaks the global pip
+ # install. This happens because novnc pulls in distro cryptography
+ # which will be prefered by distro pip, but if anything has
+ # installed pyOpenSSL from pypi (keystone) that is not compatible
+ # with distro cryptography. Fix this by installing
+ # python3-openssl (pyOpenSSL) from the distro which pip will prefer
+ # on Debian. Ubuntu has inverse problems so we only do this for
+ # Debian.
+ local novnc_packages
+ novnc_packages="novnc"
+ GetOSVersion
+ if [[ "$os_VENDOR" = "Debian" ]] ; then
+ novnc_packages="$novnc_packages python3-openssl"
+ fi
+
NOVNC_WEB_DIR=/usr/share/novnc
- install_package novnc
+ install_package $novnc_packages
else
NOVNC_WEB_DIR=$DEST/novnc
git_clone $NOVNC_REPO $NOVNC_WEB_DIR $NOVNC_BRANCH
diff --git a/lib/tempest b/lib/tempest
index 87a2244..b232f24 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -674,6 +674,10 @@
iniset $TEMPEST_CONFIG auth admin_project_name ''
fi
+ if [[ "$NOVA_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
+ iniset $TEMPEST_CONFIG enforce_scope nova true
+ fi
+
if [[ "$GLANCE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then
iniset $TEMPEST_CONFIG enforce_scope glance true
fi