Merge "Support optimized cinder backend for glance"
diff --git a/.zuul.yaml b/.zuul.yaml
index 00129b5..517e12b 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -1,3 +1,11 @@
+- pragma:
+ # NOTE(gtema): this is required for the changes in SDK feature/r1 branch to
+ # be using devstack
+ # TODO(gtema): delete this once r1 branch is merged into master
+ implied-branches:
+ - master
+ - feature/r1
+
- nodeset:
name: openstack-single-node
nodes:
@@ -49,10 +57,10 @@
- controller
- nodeset:
- name: devstack-single-node-centos-8
+ name: devstack-single-node-centos-8-stream
nodes:
- name: controller
- label: centos-8
+ label: centos-8-stream
groups:
- name: tempest
nodes:
@@ -72,7 +80,7 @@
name: devstack-single-node-fedora-latest
nodes:
- name: controller
- label: fedora-32
+ label: fedora-34
groups:
- name: tempest
nodes:
@@ -328,6 +336,7 @@
/var/log/postgresql: logs
/var/log/mysql: logs
/var/log/libvirt: logs
+ /etc/libvirt: logs
/etc/sudoers: logs
/etc/sudoers.d: logs
'{{ stage_dir }}/iptables.txt': logs
@@ -468,6 +477,7 @@
SWIFT_HASH: 1234123412341234
DEBUG_LIBVIRT_COREDUMPS: true
NOVA_VNC_ENABLED: true
+ OVN_DBS_LOG_LEVEL: dbg
devstack_local_conf:
post-config:
$NEUTRON_CONF:
@@ -496,13 +506,14 @@
n-sch: true
# Placement service
placement-api: true
+ # OVN services
+ ovn-controller: true
+ ovn-northd: true
+ ovs-vswitchd: true
+ ovsdb-server: true
# Neutron services
- q-agt: true
- q-dhcp: true
- q-l3: true
- q-meta: true
- q-metering: true
q-svc: true
+ q-ovn-metadata-agent: true
# Swift services
s-account: true
s-container: true
@@ -534,8 +545,12 @@
n-cpu: true
# Placement services
placement-client: true
+ # OVN services
+ ovn-controller: true
+ ovs-vswitchd: true
+ ovsdb-server: true
# Neutron services
- q-agt: true
+ q-ovn-metadata-agent: true
# Cinder services
c-bak: true
c-vol: true
@@ -553,6 +568,7 @@
GLANCE_HOSTPORT: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}:9292"
Q_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
NOVA_VNC_ENABLED: true
+ ENABLE_CHASSIS_AS_GW: false
- job:
name: devstack-ipv6
@@ -565,6 +581,17 @@
SERVICE_HOST: ""
- job:
+ name: devstack-enforce-scope
+ parent: devstack
+ description: |
+ This job runs the devstack with scope checks enabled.
+ vars:
+ devstack_localrc:
+ # Keep enabeling the services here to run with system scope
+ CINDER_ENFORCE_SCOPE: true
+ GLANCE_ENFORCE_SCOPE: true
+
+- job:
name: devstack-multinode
parent: devstack
nodeset: openstack-two-node-focal
@@ -577,24 +604,14 @@
# and these platforms don't have the round-the-clock support to avoid
# becoming blockers in that situation.
- job:
- name: devstack-platform-centos-8
+ name: devstack-platform-centos-8-stream
parent: tempest-full-py3
- description: Centos 8 platform test
- nodeset: devstack-single-node-centos-8
+ description: CentOS 8 Stream platform test
+ nodeset: devstack-single-node-centos-8-stream
voting: false
timeout: 9000
- job:
- name: devstack-platform-bionic
- parent: tempest-full-py3
- description: Ubuntu Bionic platform test
- nodeset: openstack-single-node-bionic
- voting: false
- vars:
- devstack_localrc:
- CINDER_ISCSI_HELPER: tgtadm
-
-- job:
name: devstack-async
parent: tempest-full-py3
description: Async mode enabled
@@ -606,6 +623,17 @@
/opt/stack/async: logs
- job:
+ name: devstack-no-tls-proxy
+ parent: tempest-full-py3
+ description: |
+ Tempest job with tls-proxy off.
+
+ Some gates run devstack like this and it follows different code paths.
+ vars:
+ devstack_services:
+ tls-proxy: false
+
+- job:
name: devstack-platform-fedora-latest
parent: tempest-full-py3
description: Fedora latest platform test
@@ -678,6 +706,7 @@
- job:
name: devstack-unit-tests
+ nodeset: ubuntu-focal
description: |
Runs unit tests on devstack project.
@@ -693,9 +722,9 @@
jobs:
- devstack
- devstack-ipv6
+ - devstack-enforce-scope
- devstack-platform-fedora-latest
- - devstack-platform-centos-8
- - devstack-platform-bionic
+ - devstack-platform-centos-8-stream
- devstack-async
- devstack-multinode
- devstack-unit-tests
@@ -714,11 +743,11 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- - neutron-grenade-multinode:
+ - neutron-ovs-grenade-multinode:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- - neutron-tempest-linuxbridge:
+ - neutron-linuxbridge-tempest:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
@@ -748,14 +777,15 @@
jobs:
- devstack
- devstack-ipv6
+ - devstack-enforce-scope
- devstack-multinode
- devstack-unit-tests
- openstack-tox-bashate
- - neutron-grenade-multinode:
+ - neutron-ovs-grenade-multinode:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- - neutron-tempest-linuxbridge:
+ - neutron-linuxbridge-tempest:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
@@ -808,11 +838,11 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- - neutron-tempest-dvr:
+ - neutron-ovs-tempest-dvr:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- - neutron-tempest-dvr-ha-multinode-full:
+ - neutron-ovs-tempest-dvr-ha-multinode-full:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
@@ -825,3 +855,7 @@
- ^.*\.rst$
- ^doc/.*$
- devstack-platform-fedora-latest-virt-preview
+ - devstack-no-tls-proxy
+ periodic:
+ jobs:
+ - devstack-no-tls-proxy
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 2d0c894..6745614 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -689,6 +689,24 @@
ENABLE_IDENTITY_V2=False
+
+Glance
+++++++
+
+The default image size quota of 1GiB may be too small if larger images
+are to be used. Change the default at setup time with:
+
+::
+
+ GLANCE_LIMIT_IMAGE_SIZE_TOTAL=5000
+
+or at runtime via:
+
+::
+
+ openstack --os-cloud devstack-system-admin registered limit update \
+ --service glance --default-limit 5000 --region RegionOne image_size_total
+
.. _arch-configuration:
Architectures
diff --git a/doc/source/contributor/contributing.rst b/doc/source/contributor/contributing.rst
index 5e0df56..4de238f 100644
--- a/doc/source/contributor/contributing.rst
+++ b/doc/source/contributor/contributing.rst
@@ -13,7 +13,7 @@
Communication
~~~~~~~~~~~~~
-* IRC channel ``#openstack-qa`` at FreeNode
+* IRC channel ``#openstack-qa`` at OFTC.
* Mailing list (prefix subjects with ``[qa][devstack]`` for faster responses)
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-discuss
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 8b8acde..08ce4cb 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -40,7 +40,7 @@
attempts to support the two latest LTS releases of Ubuntu, the
latest/current Fedora version, CentOS/RHEL 8 and OpenSUSE.
-If you do not have a preference, Ubuntu 18.04 (Bionic Beaver) is the
+If you do not have a preference, Ubuntu 20.04 (Focal Fossa) is the
most tested, and will probably go the smoothest.
Add Stack User (optional)
@@ -63,7 +63,7 @@
.. code-block:: console
$ echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack
- $ sudo su - stack
+ $ sudo -u stack -i
Download DevStack
-----------------
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 4e7c2d7..490132e 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -24,6 +24,8 @@
======================================== ===
Plugin Name URL
======================================== ===
+inspur/venus `https://opendev.org/inspur/venus <https://opendev.org/inspur/venus>`__
+inspur/venus-dashboard `https://opendev.org/inspur/venus-dashboard <https://opendev.org/inspur/venus-dashboard>`__
openstack/aodh `https://opendev.org/openstack/aodh <https://opendev.org/openstack/aodh>`__
openstack/barbican `https://opendev.org/openstack/barbican <https://opendev.org/openstack/barbican>`__
openstack/blazar `https://opendev.org/openstack/blazar <https://opendev.org/openstack/blazar>`__
@@ -39,21 +41,18 @@
openstack/devstack-plugin-kafka `https://opendev.org/openstack/devstack-plugin-kafka <https://opendev.org/openstack/devstack-plugin-kafka>`__
openstack/devstack-plugin-nfs `https://opendev.org/openstack/devstack-plugin-nfs <https://opendev.org/openstack/devstack-plugin-nfs>`__
openstack/devstack-plugin-open-cas `https://opendev.org/openstack/devstack-plugin-open-cas <https://opendev.org/openstack/devstack-plugin-open-cas>`__
-openstack/devstack-plugin-pika `https://opendev.org/openstack/devstack-plugin-pika <https://opendev.org/openstack/devstack-plugin-pika>`__
-openstack/devstack-plugin-zmq `https://opendev.org/openstack/devstack-plugin-zmq <https://opendev.org/openstack/devstack-plugin-zmq>`__
openstack/ec2-api `https://opendev.org/openstack/ec2-api <https://opendev.org/openstack/ec2-api>`__
openstack/freezer `https://opendev.org/openstack/freezer <https://opendev.org/openstack/freezer>`__
openstack/freezer-api `https://opendev.org/openstack/freezer-api <https://opendev.org/openstack/freezer-api>`__
openstack/freezer-tempest-plugin `https://opendev.org/openstack/freezer-tempest-plugin <https://opendev.org/openstack/freezer-tempest-plugin>`__
openstack/freezer-web-ui `https://opendev.org/openstack/freezer-web-ui <https://opendev.org/openstack/freezer-web-ui>`__
+openstack/glance `https://opendev.org/openstack/glance <https://opendev.org/openstack/glance>`__
openstack/heat `https://opendev.org/openstack/heat <https://opendev.org/openstack/heat>`__
openstack/heat-dashboard `https://opendev.org/openstack/heat-dashboard <https://opendev.org/openstack/heat-dashboard>`__
openstack/ironic `https://opendev.org/openstack/ironic <https://opendev.org/openstack/ironic>`__
openstack/ironic-inspector `https://opendev.org/openstack/ironic-inspector <https://opendev.org/openstack/ironic-inspector>`__
openstack/ironic-prometheus-exporter `https://opendev.org/openstack/ironic-prometheus-exporter <https://opendev.org/openstack/ironic-prometheus-exporter>`__
openstack/ironic-ui `https://opendev.org/openstack/ironic-ui <https://opendev.org/openstack/ironic-ui>`__
-openstack/karbor `https://opendev.org/openstack/karbor <https://opendev.org/openstack/karbor>`__
-openstack/karbor-dashboard `https://opendev.org/openstack/karbor-dashboard <https://opendev.org/openstack/karbor-dashboard>`__
openstack/keystone `https://opendev.org/openstack/keystone <https://opendev.org/openstack/keystone>`__
openstack/kuryr-kubernetes `https://opendev.org/openstack/kuryr-kubernetes <https://opendev.org/openstack/kuryr-kubernetes>`__
openstack/kuryr-libnetwork `https://opendev.org/openstack/kuryr-libnetwork <https://opendev.org/openstack/kuryr-libnetwork>`__
@@ -65,21 +64,15 @@
openstack/manila-ui `https://opendev.org/openstack/manila-ui <https://opendev.org/openstack/manila-ui>`__
openstack/masakari `https://opendev.org/openstack/masakari <https://opendev.org/openstack/masakari>`__
openstack/mistral `https://opendev.org/openstack/mistral <https://opendev.org/openstack/mistral>`__
-openstack/monasca-analytics `https://opendev.org/openstack/monasca-analytics <https://opendev.org/openstack/monasca-analytics>`__
openstack/monasca-api `https://opendev.org/openstack/monasca-api <https://opendev.org/openstack/monasca-api>`__
-openstack/monasca-ceilometer `https://opendev.org/openstack/monasca-ceilometer <https://opendev.org/openstack/monasca-ceilometer>`__
openstack/monasca-events-api `https://opendev.org/openstack/monasca-events-api <https://opendev.org/openstack/monasca-events-api>`__
-openstack/monasca-log-api `https://opendev.org/openstack/monasca-log-api <https://opendev.org/openstack/monasca-log-api>`__
openstack/monasca-tempest-plugin `https://opendev.org/openstack/monasca-tempest-plugin <https://opendev.org/openstack/monasca-tempest-plugin>`__
-openstack/monasca-transform `https://opendev.org/openstack/monasca-transform <https://opendev.org/openstack/monasca-transform>`__
openstack/murano `https://opendev.org/openstack/murano <https://opendev.org/openstack/murano>`__
openstack/networking-bagpipe `https://opendev.org/openstack/networking-bagpipe <https://opendev.org/openstack/networking-bagpipe>`__
openstack/networking-baremetal `https://opendev.org/openstack/networking-baremetal <https://opendev.org/openstack/networking-baremetal>`__
openstack/networking-bgpvpn `https://opendev.org/openstack/networking-bgpvpn <https://opendev.org/openstack/networking-bgpvpn>`__
openstack/networking-generic-switch `https://opendev.org/openstack/networking-generic-switch <https://opendev.org/openstack/networking-generic-switch>`__
openstack/networking-hyperv `https://opendev.org/openstack/networking-hyperv <https://opendev.org/openstack/networking-hyperv>`__
-openstack/networking-l2gw `https://opendev.org/openstack/networking-l2gw <https://opendev.org/openstack/networking-l2gw>`__
-openstack/networking-midonet `https://opendev.org/openstack/networking-midonet <https://opendev.org/openstack/networking-midonet>`__
openstack/networking-odl `https://opendev.org/openstack/networking-odl <https://opendev.org/openstack/networking-odl>`__
openstack/networking-powervm `https://opendev.org/openstack/networking-powervm <https://opendev.org/openstack/networking-powervm>`__
openstack/networking-sfc `https://opendev.org/openstack/networking-sfc <https://opendev.org/openstack/networking-sfc>`__
@@ -93,24 +86,19 @@
openstack/octavia-dashboard `https://opendev.org/openstack/octavia-dashboard <https://opendev.org/openstack/octavia-dashboard>`__
openstack/octavia-tempest-plugin `https://opendev.org/openstack/octavia-tempest-plugin <https://opendev.org/openstack/octavia-tempest-plugin>`__
openstack/openstacksdk `https://opendev.org/openstack/openstacksdk <https://opendev.org/openstack/openstacksdk>`__
-openstack/os-loganalyze `https://opendev.org/openstack/os-loganalyze <https://opendev.org/openstack/os-loganalyze>`__
openstack/osprofiler `https://opendev.org/openstack/osprofiler <https://opendev.org/openstack/osprofiler>`__
openstack/oswin-tempest-plugin `https://opendev.org/openstack/oswin-tempest-plugin <https://opendev.org/openstack/oswin-tempest-plugin>`__
openstack/ovn-octavia-provider `https://opendev.org/openstack/ovn-octavia-provider <https://opendev.org/openstack/ovn-octavia-provider>`__
-openstack/panko `https://opendev.org/openstack/panko <https://opendev.org/openstack/panko>`__
openstack/patrole `https://opendev.org/openstack/patrole <https://opendev.org/openstack/patrole>`__
-openstack/qinling `https://opendev.org/openstack/qinling <https://opendev.org/openstack/qinling>`__
-openstack/qinling-dashboard `https://opendev.org/openstack/qinling-dashboard <https://opendev.org/openstack/qinling-dashboard>`__
openstack/rally-openstack `https://opendev.org/openstack/rally-openstack <https://opendev.org/openstack/rally-openstack>`__
openstack/sahara `https://opendev.org/openstack/sahara <https://opendev.org/openstack/sahara>`__
openstack/sahara-dashboard `https://opendev.org/openstack/sahara-dashboard <https://opendev.org/openstack/sahara-dashboard>`__
-openstack/searchlight `https://opendev.org/openstack/searchlight <https://opendev.org/openstack/searchlight>`__
-openstack/searchlight-ui `https://opendev.org/openstack/searchlight-ui <https://opendev.org/openstack/searchlight-ui>`__
openstack/senlin `https://opendev.org/openstack/senlin <https://opendev.org/openstack/senlin>`__
openstack/shade `https://opendev.org/openstack/shade <https://opendev.org/openstack/shade>`__
openstack/solum `https://opendev.org/openstack/solum <https://opendev.org/openstack/solum>`__
openstack/storlets `https://opendev.org/openstack/storlets <https://opendev.org/openstack/storlets>`__
openstack/tacker `https://opendev.org/openstack/tacker <https://opendev.org/openstack/tacker>`__
+openstack/tap-as-a-service `https://opendev.org/openstack/tap-as-a-service <https://opendev.org/openstack/tap-as-a-service>`__
openstack/telemetry-tempest-plugin `https://opendev.org/openstack/telemetry-tempest-plugin <https://opendev.org/openstack/telemetry-tempest-plugin>`__
openstack/trove `https://opendev.org/openstack/trove <https://opendev.org/openstack/trove>`__
openstack/trove-dashboard `https://opendev.org/openstack/trove-dashboard <https://opendev.org/openstack/trove-dashboard>`__
@@ -143,6 +131,7 @@
x/devstack-plugin-hdfs `https://opendev.org/x/devstack-plugin-hdfs <https://opendev.org/x/devstack-plugin-hdfs>`__
x/devstack-plugin-libvirt-qemu `https://opendev.org/x/devstack-plugin-libvirt-qemu <https://opendev.org/x/devstack-plugin-libvirt-qemu>`__
x/devstack-plugin-mariadb `https://opendev.org/x/devstack-plugin-mariadb <https://opendev.org/x/devstack-plugin-mariadb>`__
+x/devstack-plugin-tobiko `https://opendev.org/x/devstack-plugin-tobiko <https://opendev.org/x/devstack-plugin-tobiko>`__
x/devstack-plugin-vmax `https://opendev.org/x/devstack-plugin-vmax <https://opendev.org/x/devstack-plugin-vmax>`__
x/drbd-devstack `https://opendev.org/x/drbd-devstack <https://opendev.org/x/drbd-devstack>`__
x/fenix `https://opendev.org/x/fenix <https://opendev.org/x/fenix>`__
@@ -169,6 +158,7 @@
x/networking-hpe `https://opendev.org/x/networking-hpe <https://opendev.org/x/networking-hpe>`__
x/networking-huawei `https://opendev.org/x/networking-huawei <https://opendev.org/x/networking-huawei>`__
x/networking-infoblox `https://opendev.org/x/networking-infoblox <https://opendev.org/x/networking-infoblox>`__
+x/networking-l2gw `https://opendev.org/x/networking-l2gw <https://opendev.org/x/networking-l2gw>`__
x/networking-lagopus `https://opendev.org/x/networking-lagopus <https://opendev.org/x/networking-lagopus>`__
x/networking-mlnx `https://opendev.org/x/networking-mlnx <https://opendev.org/x/networking-mlnx>`__
x/networking-nec `https://opendev.org/x/networking-nec <https://opendev.org/x/networking-nec>`__
@@ -190,10 +180,8 @@
x/scalpels `https://opendev.org/x/scalpels <https://opendev.org/x/scalpels>`__
x/slogging `https://opendev.org/x/slogging <https://opendev.org/x/slogging>`__
x/stackube `https://opendev.org/x/stackube <https://opendev.org/x/stackube>`__
-x/tap-as-a-service `https://opendev.org/x/tap-as-a-service <https://opendev.org/x/tap-as-a-service>`__
x/tap-as-a-service-dashboard `https://opendev.org/x/tap-as-a-service-dashboard <https://opendev.org/x/tap-as-a-service-dashboard>`__
x/tatu `https://opendev.org/x/tatu <https://opendev.org/x/tatu>`__
-x/tobiko `https://opendev.org/x/tobiko <https://opendev.org/x/tobiko>`__
x/trio2o `https://opendev.org/x/trio2o <https://opendev.org/x/trio2o>`__
x/valet `https://opendev.org/x/valet <https://opendev.org/x/valet>`__
x/vmware-nsx `https://opendev.org/x/vmware-nsx <https://opendev.org/x/vmware-nsx>`__
diff --git a/files/apts b/files/apts
deleted file mode 120000
index ef926de..0000000
--- a/files/apts
+++ /dev/null
@@ -1 +0,0 @@
-debs/
\ No newline at end of file
diff --git a/files/debs/dstat b/files/debs/dstat
index 2b643b8..40d00f4 100644
--- a/files/debs/dstat
+++ b/files/debs/dstat
@@ -1 +1,2 @@
-dstat
+dstat # dist:bionic
+pcp
diff --git a/files/rpms/swift b/files/rpms/swift
index 376c6f3..18c957c 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -4,4 +4,4 @@
rsync-daemon
sqlite
xfsprogs
-xinetd
+xinetd # not:f34
diff --git a/functions-common b/functions-common
index 340da75..11679e4 100644
--- a/functions-common
+++ b/functions-common
@@ -1037,6 +1037,11 @@
return 1
}
+function is_ironic_enforce_scope {
+ is_service_enabled ironic && [[ "$IRONIC_ENFORCE_SCOPE" == "True" ]] && return 0
+ return 1
+}
+
# Package Functions
# =================
diff --git a/inc/python b/inc/python
index 8941fd0..9382d35 100644
--- a/inc/python
+++ b/inc/python
@@ -378,12 +378,13 @@
project_dir=$(cd $project_dir && pwd)
if [ -n "$REQUIREMENTS_DIR" ]; then
- # Constrain this package to this project directory from here on out.
+ # Remove this package from constraints before we install it.
+ # That way, later installs won't "downgrade" the install from
+ # source we are about to do.
local name
name=$(awk '/^name.*=/ {print $3}' $project_dir/setup.cfg)
$REQUIREMENTS_DIR/.venv/bin/edit-constraints \
- $REQUIREMENTS_DIR/upper-constraints.txt -- $name \
- "$flags file://$project_dir#egg=$name"
+ $REQUIREMENTS_DIR/upper-constraints.txt -- $name
fi
setup_package $bindep $project_dir "$flags" $extras
diff --git a/lib/apache b/lib/apache
index 870a65a..04259ba 100644
--- a/lib/apache
+++ b/lib/apache
@@ -93,9 +93,6 @@
if is_ubuntu; then
local pkg_list="uwsgi uwsgi-plugin-python3 libapache2-mod-proxy-uwsgi"
- if [[ "$DISTRO" == 'bionic' ]]; then
- pkg_list="${pkg_list} uwsgi-plugin-python"
- fi
install_package ${pkg_list}
elif is_fedora; then
# Note httpd comes with mod_proxy_uwsgi and it is loaded by
diff --git a/lib/cinder b/lib/cinder
index fca01a2..f3e2430 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -91,12 +91,6 @@
# Default to lioadm
CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-lioadm}
-# Bionic needs to default to tgtadm until support is dropped within devstack
-# as the rtslib-fb-targetctl service doesn't start after installing lioadm.
-if is_ubuntu && [[ "$DISTRO" == "bionic" ]]; then
- CINDER_ISCSI_HELPER=tgtadm
-fi
-
# EL and SUSE should only use lioadm
if is_fedora || is_suse; then
if [[ ${CINDER_ISCSI_HELPER} != "lioadm" ]]; then
@@ -166,6 +160,12 @@
# enable the cache for all cinder backends.
CINDER_CACHE_ENABLED_FOR_BACKENDS=${CINDER_CACHE_ENABLED_FOR_BACKENDS:-$CINDER_ENABLED_BACKENDS}
+# Flag to set the oslo_policy.enforce_scope. This is used to switch
+# the Volume API policies to start checking the scope of token. by default,
+# this flag is False.
+# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
+CINDER_ENFORCE_SCOPE=$(trueorfalse False CINDER_ENFORCE_SCOPE)
+
# Functions
# ---------
@@ -372,6 +372,11 @@
elif is_service_enabled etcd3; then
iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT"
fi
+
+ if [[ "$CINDER_ENFORCE_SCOPE" == True ]] ; then
+ iniset $CINDER_CONF oslo_policy enforce_scope true
+ iniset $CINDER_CONF oslo_policy enforce_new_defaults true
+ fi
}
# create_cinder_accounts() - Set up common required cinder accounts
@@ -395,12 +400,6 @@
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/\$(project_id)s"
- get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
- get_or_create_endpoint \
- "volumev2" \
- "$REGION_NAME" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(project_id)s"
-
get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
get_or_create_endpoint \
"volumev3" \
@@ -412,12 +411,6 @@
"$REGION_NAME" \
"$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v3/\$(project_id)s"
- get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
- get_or_create_endpoint \
- "volumev2" \
- "$REGION_NAME" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v2/\$(project_id)s"
-
get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
get_or_create_endpoint \
"volumev3" \
diff --git a/lib/cinder_backends/ceph_iscsi b/lib/cinder_backends/ceph_iscsi
new file mode 100644
index 0000000..94412e0
--- /dev/null
+++ b/lib/cinder_backends/ceph_iscsi
@@ -0,0 +1,56 @@
+#!/bin/bash
+#
+# lib/cinder_backends/ceph_iscsi
+# Configure the ceph_iscsi backend
+
+# Enable with:
+#
+# CINDER_ENABLED_BACKENDS+=,ceph_iscsi:ceph_iscsi
+#
+# Optional paramteters:
+# CEPH_ISCSI_API_URL=<url to the rbd-target-api service>
+#
+# Dependencies:
+#
+# - ``functions`` file
+# - ``cinder`` configurations
+
+# configure_ceph_backend_ceph_iscsi - called from configure_cinder()
+
+
+# Save trace setting
+_XTRACE_CINDER_CEPH_ISCSI=$(set +o | grep xtrace)
+set +o xtrace
+
+# Entry Points
+# ------------
+
+# configure_cinder_backend_ceph_iscsi - Set config files, create data dirs, etc
+# configure_cinder_backend_ceph_iscsi $name
+function configure_cinder_backend_ceph_iscsi {
+ local be_name=$1
+
+ CEPH_ISCSI_API_URL=${CEPH_ISCSI_API_URL:-http://$CEPH_ISCSI_API_HOST:$CEPH_ISCSI_API_PORT}
+
+ iniset $CINDER_CONF $be_name volume_backend_name $be_name
+ iniset $CINDER_CONF $be_name volume_driver "cinder.volume.drivers.ceph.rbd_iscsi.RBDISCSIDriver"
+ iniset $CINDER_CONF $be_name rbd_ceph_conf "$CEPH_CONF_FILE"
+ iniset $CINDER_CONF $be_name rbd_pool "$CINDER_CEPH_POOL"
+ iniset $CINDER_CONF $be_name rbd_user "$CINDER_CEPH_USER"
+ iniset $CINDER_CONF $be_name rbd_iscsi_api_user "$CEPH_ISCSI_API_USER"
+ iniset $CINDER_CONF $be_name rbd_iscsi_api_password "$CEPH_ISCSI_API_PASSWORD"
+ iniset $CINDER_CONF $be_name rbd_iscsi_api_url "$CEPH_ISCSI_API_URL"
+ iniset $CINDER_CONF $be_name rbd_iscsi_target_iqn "$CEPH_ISCSI_TARGET_IQN"
+ iniset $CINDER_CONF $be_name rbd_flatten_volume_from_snapshot False
+ iniset $CINDER_CONF $be_name rbd_max_clone_depth 5
+ iniset $CINDER_CONF DEFAULT glance_api_version 2
+
+ pip_install rbd-iscsi-client
+}
+
+# Restore xtrace
+$_XTRACE_CINDER_CEPH_ISCSI
+
+# Local variables:
+# mode: shell-script
+# End:
diff --git a/lib/glance b/lib/glance
index 118fa7c..9111146 100644
--- a/lib/glance
+++ b/lib/glance
@@ -96,6 +96,13 @@
GLANCE_TASKS_DIR=${GLANCE_MULTISTORE_FILE_IMAGE_DIR:=$DATA_DIR/os_glance_tasks_store}
GLANCE_USE_IMPORT_WORKFLOW=$(trueorfalse False GLANCE_USE_IMPORT_WORKFLOW)
+GLANCE_ENABLE_QUOTAS=$(trueorfalse True GLANCE_ENABLE_QUOTAS)
+
+# Flag to set the oslo_policy.enforce_scope. This is used to switch
+# the Image API policies to start checking the scope of token. By Default,
+# this flag is False.
+# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
+GLANCE_ENFORCE_SCOPE=$(trueorfalse False GLANCE_ENFORCE_SCOPE)
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
@@ -119,6 +126,10 @@
GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
GLANCE_UWSGI=$GLANCE_BIN_DIR/glance-wsgi-api
GLANCE_UWSGI_CONF=$GLANCE_CONF_DIR/glance-uwsgi.ini
+
+# Glance default limit for Devstack
+GLANCE_LIMIT_IMAGE_SIZE_TOTAL=${GLANCE_LIMIT_IMAGE_SIZE_TOTAL:-1000}
+
# If wsgi mode is uwsgi run glance under uwsgi, else default to eventlet
# TODO(mtreinish): Remove the eventlet path here and in all the similar
# conditionals below after the Pike release
@@ -275,6 +286,45 @@
fi
}
+function configure_glance_quotas {
+
+ # NOTE(danms): We need to have some of the OS_ things unset in
+ # order to use system scope, which is required for creating these
+ # limits. This is a hack, but I dunno how else to get osc to use
+ # system scope.
+
+ bash -c "unset OS_USERNAME OS_TENANT_NAME OS_PROJECT_NAME;
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service glance --default-limit $GLANCE_LIMIT_IMAGE_SIZE_TOTAL \
+ --region $REGION_NAME image_size_total; \
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service glance --default-limit $GLANCE_LIMIT_IMAGE_SIZE_TOTAL \
+ --region $REGION_NAME image_stage_total; \
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service glance --default-limit 100 --region $REGION_NAME \
+ image_count_total; \
+ openstack --os-cloud devstack-system-admin registered limit create \
+ --service glance --default-limit 100 --region $REGION_NAME \
+ image_count_uploading"
+
+ # Tell glance to use these limits
+ iniset $GLANCE_API_CONF DEFAULT use_keystone_limits True
+
+ # Configure oslo_limit so it can talk to keystone
+ iniset $GLANCE_API_CONF oslo_limit user_domain_name $SERVICE_DOMAIN_NAME
+ iniset $GLANCE_API_CONF oslo_limit password $SERVICE_PASSWORD
+ iniset $GLANCE_API_CONF oslo_limit username glance
+ iniset $GLANCE_API_CONF oslo_limit auth_type password
+ iniset $GLANCE_API_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI
+ iniset $GLANCE_API_CONF oslo_limit system_scope "'all'"
+ iniset $GLANCE_API_CONF oslo_limit endpoint_id \
+ $(openstack endpoint list --service glance -f value -c ID)
+
+ # Allow the glance service user to read quotas
+ openstack role add --user glance --user-domain Default --system all \
+ reader
+}
+
# configure_glance() - Set config files, create data dirs, etc
function configure_glance {
sudo install -d -o $STACK_USER $GLANCE_CONF_DIR $GLANCE_METADEF_DIR
@@ -388,6 +438,12 @@
iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
fi
+
+ if [[ "$GLANCE_ENFORCE_SCOPE" == True ]] ; then
+ iniset $GLANCE_API_CONF oslo_policy enforce_scope true
+ iniset $GLANCE_API_CONF oslo_policy enforce_new_defaults true
+ iniset $GLANCE_API_CONF DEFAULT enforce_secure_rbac true
+ fi
}
# create_glance_accounts() - Set up common required glance accounts
@@ -418,6 +474,11 @@
service_domain_id=$(get_or_create_domain $SERVICE_DOMAIN_NAME)
iniset $GLANCE_SWIFT_STORE_CONF ref1 project_domain_id $service_domain_id
iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id $service_domain_id
+
+ if [[ "$GLANCE_ENABLE_QUOTAS" = True ]]; then
+ configure_glance_quotas
+ fi
+
fi
}
diff --git a/lib/libraries b/lib/libraries
old mode 100644
new mode 100755
index c7aa815..67ff21f
--- a/lib/libraries
+++ b/lib/libraries
@@ -59,6 +59,7 @@
# Non oslo libraries are welcomed below as well, this prevents
# duplication of this code.
GITDIR["os-brick"]=$DEST/os-brick
+GITDIR["os-resource-classes"]=$DEST/os-resource-classes
GITDIR["os-traits"]=$DEST/os-traits
# Support entry points installation of console scripts
@@ -122,6 +123,7 @@
#
# os-traits for nova
_install_lib_from_source "os-brick"
+ _install_lib_from_source "os-resource-classes"
_install_lib_from_source "os-traits"
#
# python client libraries we might need from git can go here
diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2
index ae4b251..e1f868f 100644
--- a/lib/neutron_plugins/ml2
+++ b/lib/neutron_plugins/ml2
@@ -7,15 +7,16 @@
_XTRACE_NEUTRON_ML2=$(set +o | grep xtrace)
set +o xtrace
-# Default openvswitch L2 agent
-Q_AGENT=${Q_AGENT:-openvswitch}
+# Default OVN L2 agent
+Q_AGENT=${Q_AGENT:-ovn}
if [ -f $TOP_DIR/lib/neutron_plugins/${Q_AGENT}_agent ]; then
source $TOP_DIR/lib/neutron_plugins/${Q_AGENT}_agent
fi
# Enable this to simply and quickly enable tunneling with ML2.
-# Select either 'gre', 'vxlan', or 'gre,vxlan'
-Q_ML2_TENANT_NETWORK_TYPE=${Q_ML2_TENANT_NETWORK_TYPE:-"vxlan"}
+# For ML2/OVS select either 'gre', 'vxlan', or 'gre,vxlan'.
+# For ML2/OVN use 'geneve'.
+Q_ML2_TENANT_NETWORK_TYPE=${Q_ML2_TENANT_NETWORK_TYPE:-"geneve"}
# This has to be set here since the agent will set this in the config file
if [[ "$Q_ML2_TENANT_NETWORK_TYPE" == "gre" || "$Q_ML2_TENANT_NETWORK_TYPE" == "vxlan" ]]; then
Q_TUNNEL_TYPES=$Q_ML2_TENANT_NETWORK_TYPE
@@ -24,7 +25,7 @@
fi
# List of MechanismDrivers to load
-Q_ML2_PLUGIN_MECHANISM_DRIVERS=${Q_ML2_PLUGIN_MECHANISM_DRIVERS:-openvswitch,linuxbridge}
+Q_ML2_PLUGIN_MECHANISM_DRIVERS=${Q_ML2_PLUGIN_MECHANISM_DRIVERS:-ovn}
# Default GRE TypeDriver options
Q_ML2_PLUGIN_GRE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GRE_TYPE_OPTIONS:-tunnel_id_ranges=$TENANT_TUNNEL_RANGES}
# Default VXLAN TypeDriver options
diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent
index e4d0d75..cfcb01e 100644
--- a/lib/neutron_plugins/ovn_agent
+++ b/lib/neutron_plugins/ovn_agent
@@ -21,9 +21,8 @@
source ${TOP_DIR}/lib/neutron_plugins/ovs_base
source ${TOP_DIR}/lib/neutron_plugins/openvswitch_agent
-# Load devstack ovs base functions
-source $NEUTRON_DIR/devstack/lib/ovs
-
+# Load devstack ovs compliation and loading functions
+source ${TOP_DIR}/lib/neutron_plugins/ovs_source
# Defaults
# --------
@@ -88,12 +87,19 @@
# configure the MTU DHCP option.
OVN_GENEVE_OVERHEAD=${OVN_GENEVE_OVERHEAD:-38}
-# The log level of the OVN databases (north and south)
+# The log level of the OVN databases (north and south).
+# Supported log levels are: off, emer, err, warn, info or dbg.
+# More information about log levels can be found at
+# http://www.openvswitch.org/support/dist-docs/ovs-appctl.8.txt
OVN_DBS_LOG_LEVEL=${OVN_DBS_LOG_LEVEL:-info}
OVN_META_CONF=$NEUTRON_CONF_DIR/neutron_ovn_metadata_agent.ini
OVN_META_DATA_HOST=${OVN_META_DATA_HOST:-$(ipv6_unquote $SERVICE_HOST)}
+# If True (default) the node will be considered a gateway node.
+ENABLE_CHASSIS_AS_GW=$(trueorfalse True ENABLE_CHASSIS_AS_GW)
+OVN_L3_CREATE_PUBLIC_NETWORK=$(trueorfalse True OVN_L3_CREATE_PUBLIC_NETWORK)
+
export OVSDB_SERVER_LOCAL_HOST=$SERVICE_LOCAL_HOST
if [[ "$SERVICE_IP_VERSION" == 6 ]]; then
OVSDB_SERVER_LOCAL_HOST=[$OVSDB_SERVER_LOCAL_HOST]
@@ -171,6 +177,9 @@
}
function use_new_ovn_repository {
+ if [[ "$OVN_BUILD_FROM_SOURCE" == "False" ]]; then
+ return 0
+ fi
if [ -z "$is_new_ovn" ]; then
local ovs_repo_dir=$DEST/$OVS_REPO_NAME
if [ ! -d $ovs_repo_dir ]; then
@@ -253,48 +262,10 @@
ERROR_ON_CLONE=false git_clone $repo $dir $branch
}
-function get_ext_gw_interface {
- # Get ext_gw_interface depending on value of Q_USE_PUBLIC_VETH
- # This function is copied directly from the devstack neutron-legacy script
- if [[ "$Q_USE_PUBLIC_VETH" == "True" ]]; then
- echo $Q_PUBLIC_VETH_EX
- else
- # Disable in-band as we are going to use local port
- # to communicate with VMs
- sudo ovs-vsctl set Bridge $PUBLIC_BRIDGE \
- other_config:disable-in-band=true
- echo $PUBLIC_BRIDGE
- fi
-}
-
function create_public_bridge {
# Create the public bridge that OVN will use
- # This logic is based on the devstack neutron-legacy _neutron_configure_router_v4 and _v6
- local ext_gw_ifc
- ext_gw_ifc=$(get_ext_gw_interface)
-
- sudo ovs-vsctl --may-exist add-br $ext_gw_ifc -- set bridge $ext_gw_ifc protocols=OpenFlow13,OpenFlow15
- sudo ovs-vsctl set open . external-ids:ovn-bridge-mappings=$PHYSICAL_NETWORK:$ext_gw_ifc
- if [ -n "$FLOATING_RANGE" ]; then
- local cidr_len=${FLOATING_RANGE#*/}
- sudo ip addr replace $PUBLIC_NETWORK_GATEWAY/$cidr_len dev $ext_gw_ifc
- fi
-
- # Ensure IPv6 RAs are accepted on the interface with the default route.
- # This is needed for neutron-based devstack clouds to work in
- # IPv6-only clouds in the gate. Please do not remove this without
- # talking to folks in Infra. This fix is based on a devstack fix for
- # neutron L3 agent: https://review.openstack.org/#/c/359490/.
- default_route_dev=$(ip route | grep ^default | awk '{print $5}')
- sudo sysctl -w net.ipv6.conf.$default_route_dev.accept_ra=2
-
- sudo sysctl -w net.ipv6.conf.all.forwarding=1
- if [ -n "$IPV6_PUBLIC_RANGE" ]; then
- local ipv6_cidr_len=${IPV6_PUBLIC_RANGE#*/}
- sudo ip -6 addr replace $IPV6_PUBLIC_NETWORK_GATEWAY/$ipv6_cidr_len dev $ext_gw_ifc
- fi
-
- sudo ip link set $ext_gw_ifc up
+ sudo ovs-vsctl --may-exist add-br $PUBLIC_BRIDGE -- set bridge $PUBLIC_BRIDGE protocols=OpenFlow13,OpenFlow15
+ sudo ovs-vsctl set open . external-ids:ovn-bridge-mappings=$PHYSICAL_NETWORK:$PUBLIC_BRIDGE
}
function _disable_libvirt_apparmor {
diff --git a/lib/neutron_plugins/ovs_source b/lib/neutron_plugins/ovs_source
new file mode 100644
index 0000000..294171f
--- /dev/null
+++ b/lib/neutron_plugins/ovs_source
@@ -0,0 +1,215 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# Defaults
+# --------
+
+# Set variables for building OVS from source
+OVS_REPO=${OVS_REPO:-https://github.com/openvswitch/ovs.git}
+OVS_REPO_NAME=$(basename ${OVS_REPO} | cut -f1 -d'.')
+OVS_REPO_NAME=${OVS_REPO_NAME:-ovs}
+OVS_BRANCH=${OVS_BRANCH:-0047ca3a0290f1ef954f2c76b31477cf4b9755f5}
+
+# Functions
+
+# load_module() - Load module using modprobe module given by argument and dies
+# on failure
+# - fatal argument is optional and says whether function should
+# exit if module can't be loaded
+function load_module {
+ local module=$1
+ local fatal=$2
+
+ if [ "$(trueorfalse True fatal)" == "True" ]; then
+ sudo modprobe $module || (dmesg && die $LINENO "FAILED TO LOAD $module")
+ else
+ sudo modprobe $module || (echo "FAILED TO LOAD $module" && dmesg)
+ fi
+}
+
+# prepare_for_compilation() - Fetch ovs git repository and install packages needed for
+# compilation.
+function prepare_for_ovs_compilation {
+ local build_modules=${1:-False}
+ OVS_DIR=$DEST/$OVS_REPO_NAME
+
+ if [ ! -d $OVS_DIR ] ; then
+ # We can't use git_clone here because we want to ignore ERROR_ON_CLONE
+ git_timed clone $OVS_REPO $OVS_DIR
+ cd $OVS_DIR
+ git checkout $OVS_BRANCH
+ else
+ # Even though the directory already exists, call git_clone to update it
+ # if needed based on the RECLONE option
+ git_clone $OVS_REPO $OVS_DIR $OVS_BRANCH
+ cd $OVS_DIR
+ fi
+
+ # TODO: Can you create package list files like you can inside devstack?
+ install_package autoconf automake libtool gcc patch make
+
+ # If build_modules is False, we don't need to install the kernel-*
+ # packages. Just return.
+ if [[ "$build_modules" == "False" ]]; then
+ return
+ fi
+
+ KERNEL_VERSION=`uname -r`
+ if is_fedora ; then
+ # is_fedora covers Fedora, RHEL, CentOS, etc...
+ if [[ "$os_VENDOR" == "Fedora" ]]; then
+ install_package elfutils-libelf-devel
+ KERNEL_VERSION=`echo $KERNEL_VERSION | cut --delimiter='-' --field 1`
+ elif [[ ${KERNEL_VERSION:0:2} != "3." ]]; then
+ # dash is illegal character in rpm version so replace
+ # them with underscore like it is done in the kernel
+ # https://github.com/torvalds/linux/blob/master/scripts/package/mkspec#L25
+ # but only for latest series of the kernel, not 3.x
+
+ KERNEL_VERSION=`echo $KERNEL_VERSION | tr - _`
+ fi
+
+ echo NOTE: if kernel-devel-$KERNEL_VERSION or kernel-headers-$KERNEL_VERSION installation
+ echo failed, please, provide a repository with the package, or yum update / reboot
+ echo your machine to get the latest kernel.
+
+ install_package kernel-devel-$KERNEL_VERSION
+ install_package kernel-headers-$KERNEL_VERSION
+
+ elif is_ubuntu ; then
+ install_package linux-headers-$KERNEL_VERSION
+ fi
+}
+
+# load_ovs_kernel_modules() - load openvswitch kernel module
+function load_ovs_kernel_modules {
+ load_module openvswitch
+ load_module vport-geneve False
+ dmesg | tail
+}
+
+# reload_ovs_kernel_modules() - reload openvswitch kernel module
+function reload_ovs_kernel_modules {
+ set +e
+ ovs_system=$(sudo ovs-dpctl dump-dps | grep ovs-system)
+ if [ -n "$ovs_system" ]; then
+ sudo ovs-dpctl del-dp ovs-system
+ fi
+ set -e
+ sudo modprobe -r vport_geneve
+ sudo modprobe -r openvswitch
+ load_ovs_kernel_modules
+}
+
+# compile_ovs() - Compile OVS from source and load needed modules.
+# Accepts two parameters:
+# - first one is False by default and means that modules are not built and installed.
+# - second optional parameter defines prefix for ovs compilation
+# - third optional parameter defines localstatedir for ovs single machine runtime
+# Env variables OVS_REPO_NAME, OVS_REPO and OVS_BRANCH must be set
+function compile_ovs {
+ local _pwd=$PWD
+ local build_modules=${1:-False}
+ local prefix=$2
+ local localstatedir=$3
+
+ if [ -n "$prefix" ]; then
+ prefix="--prefix=$prefix"
+ fi
+
+ if [ -n "$localstatedir" ]; then
+ localstatedir="--localstatedir=$localstatedir"
+ fi
+
+ prepare_for_ovs_compilation $build_modules
+
+ KERNEL_VERSION=$(uname -r)
+ major_version=$(echo "${KERNEL_VERSION}" | cut -d '.' -f1)
+ patch_level=$(echo "${KERNEL_VERSION}" | cut -d '.' -f2)
+ if [ "${major_version}" -gt 5 ] || [ "${major_version}" == 5 ] && [ "${patch_level}" -gt 5 ]; then
+ echo "NOTE: KERNEL VERSION is ${KERNEL_VERSION} and OVS doesn't support compiling "
+ echo "Kernel module for version higher than 5.5. Skipping module compilation..."
+ build_modules="False"
+ fi
+
+ if [ ! -f configure ] ; then
+ ./boot.sh
+ fi
+ if [ ! -f config.status ] || [ configure -nt config.status ] ; then
+ if [[ "$build_modules" == "True" ]]; then
+ ./configure $prefix $localstatedir --with-linux=/lib/modules/$(uname -r)/build
+ else
+ ./configure $prefix $localstatedir
+ fi
+ fi
+ make -j$(($(nproc) + 1))
+ sudo make install
+ if [[ "$build_modules" == "True" ]]; then
+ sudo make INSTALL_MOD_DIR=kernel/net/openvswitch modules_install
+ reload_ovs_kernel_modules
+ else
+ load_ovs_kernel_modules
+ fi
+
+ cd $_pwd
+}
+
+# action_service - call an action over openvswitch service
+# Accepts one parameter that can be either
+# 'start', 'restart' and 'stop'.
+function action_openvswitch {
+ local action=$1
+
+ if is_ubuntu; then
+ ${action}_service openvswitch-switch
+ elif is_fedora; then
+ ${action}_service openvswitch
+ elif is_suse; then
+ if [[ $DISTRO == "sle12" ]] && [[ $os_RELEASE -lt 12.2 ]]; then
+ ${action}_service openvswitch-switch
+ else
+ ${action}_service openvswitch
+ fi
+ fi
+}
+
+# start_new_ovs() - removes old ovs database, creates a new one and starts ovs
+function start_new_ovs {
+ sudo rm -f /etc/openvswitch/conf.db /etc/openvswitch/.conf.db~lock~
+ sudo /usr/share/openvswitch/scripts/ovs-ctl start
+}
+
+# stop_new_ovs() - stops ovs
+function stop_new_ovs {
+ local ovs_ctl='/usr/share/openvswitch/scripts/ovs-ctl'
+
+ if [ -x $ovs_ctl ] ; then
+ sudo $ovs_ctl stop
+ fi
+}
+
+# remove_ovs_packages() - removes old ovs packages from the system
+function remove_ovs_packages {
+ for package in openvswitch openvswitch-switch openvswitch-common; do
+ if is_package_installed $package; then
+ uninstall_package $package
+ fi
+ done
+}
+
+
+# load_conntrack_gre_module() - loads nf_conntrack_proto_gre kernel module
+function load_conntrack_gre_module {
+ sudo modprobe nf_conntrack_proto_gre
+}
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index 75a3567..b6bc028 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -343,8 +343,8 @@
# Configure the external network as the default router gateway
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router set --external-gateway $EXT_NET_ID $ROUTER_ID
- # This logic is specific to using the l3-agent for layer 3
- if is_service_enabled q-l3 || is_service_enabled neutron-l3; then
+ # This logic is specific to using OVN or the l3-agent for layer 3
+ if ([[ $Q_AGENT == "ovn" ]] && [[ "$OVN_L3_CREATE_PUBLIC_NETWORK" == "True" ]] && is_service_enabled q-svc neutron-server) || is_service_enabled q-l3 neutron-l3; then
# Configure and enable public bridge
local ext_gw_interface="none"
if is_neutron_ovs_base_plugin; then
@@ -392,8 +392,8 @@
openstack --os-cloud devstack-admin --os-region "$REGION_NAME" router set --external-gateway $EXT_NET_ID $ROUTER_ID
fi
- # This logic is specific to using the l3-agent for layer 3
- if is_service_enabled q-l3 || is_service_enabled neutron-l3; then
+ # This logic is specific to using OVN or the l3-agent for layer 3
+ if ([[ $Q_AGENT == "ovn" ]] && [[ "$OVN_L3_CREATE_PUBLIC_NETWORK" == "True" ]] && is_service_enabled q-svc neutron-server) || is_service_enabled q-l3 neutron-l3; then
# if the Linux host considers itself to be a router then it will
# ignore all router advertisements
# Ensure IPv6 RAs are accepted on interfaces with a default route.
@@ -420,6 +420,11 @@
# Configure interface for public bridge
sudo ip -6 addr replace $ipv6_ext_gw_ip/$ipv6_cidr_len dev $ext_gw_interface
+ # Any IPv6 private subnet that uses the default IPV6 subnet pool
+ # and that is plugged into the default router (Q_ROUTER_NAME) will
+ # be reachable from the devstack node (ex: ipv6-private-subnet).
+ # Some scenario tests (such as octavia-tempest-plugin) rely heavily
+ # on this feature.
local replace_range=${SUBNETPOOL_PREFIX_V6}
if [[ -z "${SUBNETPOOL_V6_ID}" ]]; then
replace_range=${FIXED_RANGE_V6}
diff --git a/lib/nova b/lib/nova
index 930529a..de91517 100644
--- a/lib/nova
+++ b/lib/nova
@@ -298,12 +298,6 @@
fi
fi
- if is_fedora && [[ $DISTRO =~ f31] ]]; then
- # For f31 use the rebased 2.1.0 version of the package.
- sudo dnf copr enable -y lyarwood/iscsi-initiator-utils
- sudo dnf update -y
- fi
-
if [[ ${ISCSID_DEBUG} == "True" ]]; then
# Install an override that starts iscsid with debugging
# enabled.
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index d3827c3..e9ceae4 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -58,13 +58,10 @@
function install_libvirt {
if is_ubuntu; then
- install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev
+ install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt
if is_arch "aarch64"; then
install_package qemu-efi
fi
- # uninstall in case the libvirt version changed
- pip_uninstall libvirt-python
- pip_install_gr libvirt-python
#pip_install_gr <there-si-no-guestfs-in-pypi>
elif is_fedora || is_suse; then
@@ -79,14 +76,11 @@
# as the base system version is too old. We should have
# pre-installed these
install_package qemu-kvm
+ install_package libvirt libvirt-devel python3-libvirt
- install_package libvirt libvirt-devel
if is_arch "aarch64"; then
install_package edk2.git-aarch64
fi
-
- pip_uninstall libvirt-python
- pip_install_gr libvirt-python
fi
if [[ $DEBUG_LIBVIRT_COREDUMPS == True ]]; then
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index bda6ef6..f058e9b 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -47,9 +47,13 @@
iniset $NOVA_CONF ironic username admin
iniset $NOVA_CONF ironic password $ADMIN_PASSWORD
iniset $NOVA_CONF ironic auth_url $KEYSTONE_SERVICE_URI
- iniset $NOVA_CONF ironic project_domain_id default
+ if is_ironic_enforce_scope; then
+ iniset $NOVA_CONF ironic system_scope all
+ else
+ iniset $NOVA_CONF ironic project_domain_id default
+ iniset $NOVA_CONF ironic project_name demo
+ fi
iniset $NOVA_CONF ironic user_domain_id default
- iniset $NOVA_CONF ironic project_name demo
iniset $NOVA_CONF ironic region_name $REGION_NAME
# These are used with crufty legacy ironicclient
@@ -82,7 +86,6 @@
:
}
-
# Restore xtrace
$_XTRACE_HYP_IRONIC
diff --git a/lib/os-vif b/lib/os-vif
new file mode 100644
index 0000000..865645c
--- /dev/null
+++ b/lib/os-vif
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# support vsctl or native.
+# until bug #1929446 is resolved we override the os-vif default
+# and fall back to the legacy "vsctl" driver.
+OS_VIF_OVS_OVSDB_INTERFACE=${OS_VIF_OVS_OVSDB_INTERFACE:="vsctl"}
+
+function is_ml2_ovs {
+ if [[ "${Q_AGENT}" == "openvswitch" ]]; then
+ echo "True"
+ fi
+ echo "False"
+}
+
+# This should be true for any ml2/ovs job but should be set to false for
+# all other ovs based jobs e.g. ml2/ovn
+OS_VIF_OVS_ISOLATE_VIF=${OS_VIF_OVS_ISOLATE_VIF:=$(is_ml2_ovs)}
+OS_VIF_OVS_ISOLATE_VIF=$(trueorfalse False OS_VIF_OVS_ISOLATE_VIF)
+
+function configure_os_vif {
+ if [[ -e ${NOVA_CONF} ]]; then
+ iniset ${NOVA_CONF} os_vif_ovs ovsdb_interface ${OS_VIF_OVS_OVSDB_INTERFACE}
+ iniset ${NOVA_CONF} os_vif_ovs isolate_vif ${OS_VIF_OVS_ISOLATE_VIF}
+ fi
+ if [[ -e ${NEUTRON_CONF} ]]; then
+ iniset ${NEUTRON_CONF} os_vif_ovs ovsdb_interface ${OS_VIF_OVS_OVSDB_INTERFACE}
+ iniset ${NEUTRON_CONF} os_vif_ovs isolate_vif ${OS_VIF_OVS_ISOLATE_VIF}
+ fi
+}
diff --git a/lib/tempest b/lib/tempest
index 29a6229..8fd54c5 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -107,7 +107,7 @@
# Takes an image ID parameter as input
function image_size_in_gib {
local size
- size=$(openstack image show $1 -c size -f value)
+ size=$(openstack --os-cloud devstack-admin image show $1 -c size -f value)
echo $size | python3 -c "import math; print(int(math.ceil(float(int(input()) / 1024.0 ** 3))))"
}
@@ -173,7 +173,7 @@
image_uuid_alt="$IMAGE_UUID"
fi
images+=($IMAGE_UUID)
- done < <(openstack image list --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
+ done < <(openstack --os-cloud devstack-admin image list --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
case "${#images[*]}" in
0)
@@ -209,23 +209,23 @@
local alt_username=${ALT_USERNAME:-alt_demo}
local alt_project_name=${ALT_TENANT_NAME:-alt_demo}
local admin_project_id
- admin_project_id=$(openstack project list | awk "/ admin / { print \$2 }")
+ admin_project_id=$(openstack --os-cloud devstack-admin project list | awk "/ admin / { print \$2 }")
if is_service_enabled nova; then
# If ``DEFAULT_INSTANCE_TYPE`` is not declared, use the new behavior
# Tempest creates its own instance types
- available_flavors=$(nova flavor-list)
+ available_flavors=$(openstack --os-cloud devstack-admin flavor list)
if [[ -z "$DEFAULT_INSTANCE_TYPE" ]]; then
if [[ ! ( $available_flavors =~ 'm1.nano' ) ]]; then
# Determine the flavor disk size based on the image size.
disk=$(image_size_in_gib $image_uuid)
- openstack flavor create --id 42 --ram 128 --disk $disk --vcpus 1 --property hw_rng:allowed=True m1.nano
+ openstack --os-cloud devstack-admin flavor create --id 42 --ram 128 --disk $disk --vcpus 1 --property hw_rng:allowed=True m1.nano
fi
flavor_ref=42
if [[ ! ( $available_flavors =~ 'm1.micro' ) ]]; then
# Determine the alt flavor disk size based on the alt image size.
disk=$(image_size_in_gib $image_uuid_alt)
- openstack flavor create --id 84 --ram 192 --disk $disk --vcpus 1 --property hw_rng:allowed=True m1.micro
+ openstack --os-cloud devstack-admin flavor create --id 84 --ram 192 --disk $disk --vcpus 1 --property hw_rng:allowed=True m1.micro
fi
flavor_ref_alt=84
else
@@ -251,7 +251,7 @@
fi
flavor_ref=${flavors[0]}
flavor_ref_alt=$flavor_ref
- flavor_ref_size=$(openstack flavor show --format value --column disk "${flavor_ref}")
+ flavor_ref_size=$(openstack --os-cloud devstack-admin flavor show --format value --column disk "${flavor_ref}")
# Ensure ``flavor_ref`` and ``flavor_ref_alt`` have different values.
# Some resize instance in tempest tests depends on this.
@@ -264,7 +264,7 @@
# flavor selected as default, e.g. m1.small,
# we need to perform additional check.
#
- flavor_ref_alt_size=$(openstack flavor show --format value --column disk "${f}")
+ flavor_ref_alt_size=$(openstack --os-cloud devstack-admin flavor show --format value --column disk "${f}")
if [[ "${flavor_ref_alt_size}" -lt "${flavor_ref_size}" ]]; then
continue
fi
@@ -285,10 +285,10 @@
# If NEUTRON_CREATE_INITIAL_NETWORKS is not true, there is no network created
# and the public_network_id should not be set.
if [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]] && is_networking_extension_supported 'external-net'; then
- public_network_id=$(openstack network show -f value -c id $PUBLIC_NETWORK_NAME)
+ public_network_id=$(openstack --os-cloud devstack-admin network show -f value -c id $PUBLIC_NETWORK_NAME)
# make sure shared network presence does not confuses the tempest tests
- openstack network create --share shared
- openstack subnet create --description shared-subnet --subnet-range ${TEMPEST_SHARED_POOL:-192.168.233.0/24} --network shared shared-subnet
+ openstack --os-cloud devstack-admin network create --share shared
+ openstack --os-cloud devstack-admin subnet create --description shared-subnet --subnet-range ${TEMPEST_SHARED_POOL:-192.168.233.0/24} --network shared shared-subnet
fi
iniset $TEMPEST_CONFIG DEFAULT use_syslog $SYSLOG
@@ -419,6 +419,9 @@
iniset $TEMPEST_CONFIG compute-feature-enabled live_migrate_back_and_forth ${LIVE_MIGRATE_BACK_AND_FORTH:-False}
iniset $TEMPEST_CONFIG compute-feature-enabled attach_encrypted_volume ${ATTACH_ENCRYPTED_VOLUME_AVAILABLE:-True}
+ # Starting Wallaby, nova sanitizes instance hostnames having freeform characters with dashes
+ iniset $TEMPEST_CONFIG compute-feature-enabled hostname_fqdn_sanitization True
+
if [[ -n "$NOVA_FILTERS" ]]; then
iniset $TEMPEST_CONFIG compute-feature-enabled scheduler_enabled_filters ${NOVA_FILTERS}
fi
@@ -459,13 +462,6 @@
iniset $TEMPEST_CONFIG validation network_for_ssh $TEMPEST_SSH_NETWORK_NAME
# Volume
- # Set the service catalog entry for Tempest to run on. Typically
- # used to try different Volume API version targets. The tempest
- # default it to 'volumev3'(v3 APIs endpoint) , so only set this
- # if you want to change it.
- if [[ -n "$TEMPEST_VOLUME_TYPE" ]]; then
- iniset $TEMPEST_CONFIG volume catalog_type $TEMPEST_VOLUME_TYPE
- fi
# Only turn on TEMPEST_VOLUME_MANAGE_SNAPSHOT by default for "lvm" backends
if [[ "$CINDER_ENABLED_BACKENDS" == *"lvm"* ]]; then
TEMPEST_VOLUME_MANAGE_SNAPSHOT=${TEMPEST_VOLUME_MANAGE_SNAPSHOT:-True}
@@ -489,12 +485,6 @@
iniset $TEMPEST_CONFIG volume-feature-enabled volume_revert $(trueorfalse False TEMPEST_VOLUME_REVERT_TO_SNAPSHOT)
local tempest_volume_min_microversion=${TEMPEST_VOLUME_MIN_MICROVERSION:-None}
local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"latest"}
- # Reset microversions to None where v2 is running which does not support microversion.
- # Both "None" means no microversion testing.
- if [[ "$TEMPEST_VOLUME_TYPE" == "volumev2" ]]; then
- tempest_volume_min_microversion=None
- tempest_volume_max_microversion=None
- fi
if [ "$tempest_volume_min_microversion" == "None" ]; then
inicomment $TEMPEST_CONFIG volume min_microversion
else
@@ -610,6 +600,10 @@
fi
done
+ iniset $TEMPEST_CONFIG enforce_scope glance "$GLANCE_ENFORCE_SCOPE"
+
+ iniset $TEMPEST_CONFIG enforce_scope cinder "$CINDER_ENFORCE_SCOPE"
+
if [ "$VIRT_DRIVER" = "libvirt" ] && [ "$LIBVIRT_TYPE" = "lxc" ]; then
# libvirt-lxc does not support boot from volume or attaching volumes
# so basically anything with cinder is out of the question.
@@ -715,9 +709,6 @@
set_tempest_venv_constraints $tmp_u_c_m
tox -r --notest -efull
- # TODO: remove the trailing pip constraint when a proper fix
- # arrives for bug https://bugs.launchpad.net/devstack/+bug/1906322
- $TEMPEST_DIR/.tox/tempest/bin/pip install -U -r $RC_DIR/tools/cap-pip.txt
# NOTE(mtreinish) Respect constraints in the tempest full venv, things that
# are using a tox job other than full will not be respecting constraints but
# running pip install -U on tempest requirements
diff --git a/roles/devstack-ipv6-only-deployments-verification/README.rst b/roles/devstack-ipv6-only-deployments-verification/README.rst
new file mode 100644
index 0000000..400a8da
--- /dev/null
+++ b/roles/devstack-ipv6-only-deployments-verification/README.rst
@@ -0,0 +1,16 @@
+Verify the IPv6-only deployments
+
+This role needs to be invoked from a playbook that
+run tests. This role verifies the IPv6 setting on
+devstack side and devstack deploy services on IPv6.
+This role is invoked before tests are run so that
+if any missing IPv6 setting or deployments can fail
+the job early.
+
+
+**Role Variables**
+
+.. zuul:rolevar:: devstack_base_dir
+ :default: /opt/stack
+
+ The devstack base directory.
diff --git a/roles/devstack-ipv6-only-deployments-verification/defaults/main.yaml b/roles/devstack-ipv6-only-deployments-verification/defaults/main.yaml
new file mode 100644
index 0000000..fea05c8
--- /dev/null
+++ b/roles/devstack-ipv6-only-deployments-verification/defaults/main.yaml
@@ -0,0 +1 @@
+devstack_base_dir: /opt/stack
diff --git a/roles/devstack-ipv6-only-deployments-verification/tasks/main.yaml b/roles/devstack-ipv6-only-deployments-verification/tasks/main.yaml
new file mode 100644
index 0000000..59d3b79
--- /dev/null
+++ b/roles/devstack-ipv6-only-deployments-verification/tasks/main.yaml
@@ -0,0 +1,4 @@
+- name: Verify the ipv6-only deployments
+ become: true
+ become_user: stack
+ shell: "{{ devstack_base_dir }}/devstack/tools/verify-ipv6-only-deployments.sh"
diff --git a/setup.cfg b/setup.cfg
index 146f010..a4e621f 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,11 +1,11 @@
[metadata]
name = DevStack
summary = OpenStack DevStack
-description-file =
+description_file =
README.rst
author = OpenStack
-author-email = openstack-discuss@lists.openstack.org
-home-page = https://docs.openstack.org/devstack/latest
+author_email = openstack-discuss@lists.openstack.org
+home_page = https://docs.openstack.org/devstack/latest
classifier =
Intended Audience :: Developers
License :: OSI Approved :: Apache Software License
diff --git a/stack.sh b/stack.sh
index 163fc5b..2737591 100755
--- a/stack.sh
+++ b/stack.sh
@@ -227,7 +227,7 @@
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
-SUPPORTED_DISTROS="bionic|focal|f31|f32|opensuse-15.2|opensuse-tumbleweed|rhel8"
+SUPPORTED_DISTROS="focal|f34|opensuse-15.2|opensuse-tumbleweed|rhel8"
if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
@@ -300,10 +300,14 @@
}
function _install_rdo {
- # NOTE(ianw) 2020-04-30 : when we have future branches, we
- # probably want to install the relevant branch RDO release as
- # well. But for now it's all master.
- sudo dnf -y install https://rdoproject.org/repos/rdo-release.el8.rpm
+ if [[ "$TARGET_BRANCH" == "master" ]]; then
+ # rdo-release.el8.rpm points to latest RDO release, use that for master
+ sudo dnf -y install https://rdoproject.org/repos/rdo-release.el8.rpm
+ else
+ # For stable branches use corresponding release rpm
+ rdo_release=$(echo $TARGET_BRANCH | sed "s|stable/||g")
+ sudo dnf -y install https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el8.rpm
+ fi
sudo dnf -y update
}
@@ -597,6 +601,7 @@
source $TOP_DIR/lib/dstat
source $TOP_DIR/lib/tcpdump
source $TOP_DIR/lib/etcd3
+source $TOP_DIR/lib/os-vif
# Extras Source
# --------------
@@ -1159,6 +1164,11 @@
sudo sysctl -w net.ipv4.ip_forward=1
fi
+# os-vif
+# ------
+if is_service_enabled nova neutron; then
+ configure_os_vif
+fi
# Storage Service
# ---------------
@@ -1341,6 +1351,7 @@
done
fi
+async_wait create_flavors
if is_service_enabled horizon; then
echo_summary "Starting Horizon"
@@ -1348,8 +1359,6 @@
start_horizon
fi
-async_wait create_flavors
-
# Create account rc files
# =======================
diff --git a/stackrc b/stackrc
old mode 100644
new mode 100755
index 196f61f..620b1fc
--- a/stackrc
+++ b/stackrc
@@ -72,8 +72,10 @@
ENABLED_SERVICES+=,g-api
# Cinder
ENABLED_SERVICES+=,c-sch,c-api,c-vol
+ # OVN
+ ENABLED_SERVICES+=,ovn-controller,ovn-northd,ovs-vswitchd,ovsdb-server
# Neutron
- ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
+ ENABLED_SERVICES+=,q-svc,q-ovn-metadata-agent
# Dashboard
ENABLED_SERVICES+=,horizon
# Additional services
@@ -546,6 +548,10 @@
GITBRANCH["neutron-lib"]=${NEUTRON_LIB_BRANCH:-$TARGET_BRANCH}
GITDIR["neutron-lib"]=$DEST/neutron-lib
+# os-resource-classes library containing a list of standardized resource classes for OpenStack
+GITREPO["os-resource-classes"]=${OS_RESOURCE_CLASSES_REPO=:-${GIT_BASE}/openstack/os-resource-classes.git}
+GITBRANCH["os-resource-classes"]=${OS_RESOURCE_CLASSES_BRANCH:-$TARGET_BRANCH}
+
# os-traits library for resource provider traits in the placement service
GITREPO["os-traits"]=${OS_TRAITS_REPO:-${GIT_BASE}/openstack/os-traits.git}
GITBRANCH["os-traits"]=${OS_TRAITS_BRANCH:-$TARGET_BRANCH}
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 5b53389..ce1b344 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -44,7 +44,7 @@
ALL_LIBS+=" oslo.cache oslo.reports osprofiler cursive"
ALL_LIBS+=" keystoneauth ironic-lib neutron-lib oslo.privsep"
ALL_LIBS+=" diskimage-builder os-vif python-brick-cinderclient-ext"
-ALL_LIBS+=" castellan python-barbicanclient ovsdbapp os-ken"
+ALL_LIBS+=" castellan python-barbicanclient ovsdbapp os-ken os-resource-classes"
# Generate the above list with
# echo ${!GITREPO[@]}
diff --git a/tests/test_write_devstack_local_conf_role.sh b/tests/test_write_devstack_local_conf_role.sh
index b2bc0a2..71d8d51 100755
--- a/tests/test_write_devstack_local_conf_role.sh
+++ b/tests/test_write_devstack_local_conf_role.sh
@@ -6,4 +6,4 @@
source $TOP/functions
source $TOP/tests/unittest.sh
-python ./roles/write-devstack-local-conf/library/test.py
+${PYTHON} $TOP/roles/write-devstack-local-conf/library/test.py
diff --git a/tests/unittest.sh b/tests/unittest.sh
index 3703ece..fced2ab 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -17,6 +17,8 @@
PASS=0
FAILED_FUNCS=""
+export PYTHON=$(which python3 2>/dev/null)
+
# pass a test, printing out MSG
# usage: passed message
function passed {
diff --git a/tools/cap-pip.txt b/tools/cap-pip.txt
deleted file mode 100644
index 8ee551b..0000000
--- a/tools/cap-pip.txt
+++ /dev/null
@@ -1 +0,0 @@
-pip<20.3
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 25f7268..8a2c337 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -59,43 +59,6 @@
fi
}
-# Ubuntu Repositories
-#--------------------
-# Enable universe for bionic since it is missing when installing from ISO.
-function fixup_ubuntu {
- if [[ "$DISTRO" != "bionic" ]]; then
- return
- fi
-
- # This pulls in apt-add-repository
- install_package "software-properties-common"
-
- # Enable universe
- sudo add-apt-repository -y universe
-
- if [[ -f /etc/ci/mirror_info.sh ]] ; then
- # If we are on a nodepool provided host and it has told us about
- # where we can find local mirrors then use that mirror.
- source /etc/ci/mirror_info.sh
- sudo apt-add-repository -y "deb $NODEPOOL_UCA_MIRROR bionic-updates/ussuri main"
- else
- # Enable UCA:ussuri for updated versions of QEMU and libvirt
- sudo add-apt-repository -y cloud-archive:ussuri
- fi
- REPOS_UPDATED=False
- apt_get_update
-
- # Since pip10, pip will refuse to uninstall files from packages
- # that were created with distutils (rather than more modern
- # setuptools). This is because it technically doesn't have a
- # manifest of what to remove. However, in most cases, simply
- # overwriting works. So this hacks around those packages that
- # have been dragged in by some other system dependency
- sudo rm -rf /usr/lib/python3/dist-packages/httplib2-*.egg-info
- sudo rm -rf /usr/lib/python3/dist-packages/pyasn1_modules-*.egg-info
- sudo rm -rf /usr/lib/python3/dist-packages/PyYAML-*.egg-info
-}
-
# Python Packages
# ---------------
@@ -192,6 +155,20 @@
yum_install centos-release-openstack-victoria
}
+function fixup_ubuntu {
+ if ! is_ubuntu; then
+ return
+ fi
+
+ # Since pip10, pip will refuse to uninstall files from packages
+ # that were created with distutils (rather than more modern
+ # setuptools). This is because it technically doesn't have a
+ # manifest of what to remove. However, in most cases, simply
+ # overwriting works. So this hacks around those packages that
+ # have been dragged in by some other system dependency
+ sudo rm -rf /usr/lib/python3/dist-packages/PyYAML-*.egg-info
+}
+
function fixup_all {
fixup_keystone
fixup_ubuntu
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 9afd2e5..7ecea4e 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -46,15 +46,13 @@
function get_versions {
# FIXME(dhellmann): Deal with multiple python versions here? This
# is just used for reporting, so maybe not?
- PIP=$(which pip 2>/dev/null || which pip-python 2>/dev/null || true)
+ PIP=$(which pip 2>/dev/null || which pip-python 2>/dev/null || which pip3 2>/dev/null || true)
if [[ -n $PIP ]]; then
PIP_VERSION=$($PIP --version | awk '{ print $2}')
echo "pip: $PIP_VERSION"
else
echo "pip: Not Installed"
fi
- # Show python3 module version
- python${PYTHON3_VERSION} -m pip --version
}
@@ -91,9 +89,7 @@
die $LINENO "Download of get-pip.py failed"
touch $LOCAL_PIP.downloaded
fi
- # TODO: remove the trailing pip constraint when a proper fix
- # arrives for bug https://bugs.launchpad.net/devstack/+bug/1906322
- sudo -H -E python${PYTHON3_VERSION} $LOCAL_PIP -c $TOOLS_DIR/cap-pip.txt
+ sudo -H -E python${PYTHON3_VERSION} $LOCAL_PIP
}
@@ -130,24 +126,31 @@
configure_pypi_alternative_url
fi
-# Just use system pkgs on Focal
-if [[ "$DISTRO" == focal ]]; then
- exit 0
-fi
-
-# Eradicate any and all system packages
-
-# Python in fedora/suse depends on the python-pip package so removing it
-# results in a nonfunctional system. pip on fedora installs to /usr so pip
-# can safely override the system pip for all versions of fedora
-if ! is_fedora && ! is_suse; then
+if is_fedora && [[ ${DISTRO} == f* ]]; then
+ # get-pip.py will not install over the python3-pip package in
+ # Fedora 34 any more.
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1988935
+ # https://github.com/pypa/pip/issues/9904
+ # You can still install using get-pip.py if python3-pip is *not*
+ # installed; this *should* remain separate under /usr/local and not break
+ # if python3-pip is later installed.
+ # For general sanity, we just use the packaged pip. It should be
+ # recent enough anyway.
+ install_package python3-pip
+elif is_fedora || is_suse; then
+ # Python in suse/centos depends on the python-pip package; because
+ # of the split "system-python" uninstalling python3-pip also
+ # uninstalls the user python3 package which is bad and leaves us
+ # without a python to use. Just install over.
+ install_get_pip
+else
+ # Remove packaged pip, and install the latest upstream.
if is_package_installed python3-pip ; then
uninstall_package python3-pip
fi
+ install_get_pip
fi
-install_get_pip
-
set -x
# Note setuptools is part of requirements.txt and we want to make sure
diff --git a/tools/verify-ipv6-only-deployments.sh b/tools/verify-ipv6-only-deployments.sh
new file mode 100755
index 0000000..2596395
--- /dev/null
+++ b/tools/verify-ipv6-only-deployments.sh
@@ -0,0 +1,92 @@
+#!/bin/bash
+#
+#
+# NOTE(gmann): This script is used in 'devstack-tempest-ipv6' zuul job to verify that
+# services are deployed on IPv6 properly or not. This will capture if any devstck or devstack
+# plugins are missing the required setting to listen on IPv6 address. This is run as part of
+# run phase of zuul job and before test run. Child job of 'devstack-tempest-ipv6'
+# can expand the IPv6 verification specific to project by defining the new post-run script which
+# will run along with this base script.
+# If there are more common verification for IPv6 then we can always extent this script.
+
+# Keep track of the DevStack directory
+TOP_DIR=$(cd $(dirname "$0")/../../devstack && pwd)
+source $TOP_DIR/stackrc
+source $TOP_DIR/openrc admin admin
+
+function verify_devstack_ipv6_setting {
+ local _service_host=''
+ _service_host=$(echo $SERVICE_HOST | tr -d [])
+ local _host_ipv6=''
+ _host_ipv6=$(echo $HOST_IPV6 | tr -d [])
+ local _service_listen_address=''
+ _service_listen_address=$(echo $SERVICE_LISTEN_ADDRESS | tr -d [])
+ local _service_local_host=''
+ _service_local_host=$(echo $SERVICE_LOCAL_HOST | tr -d [])
+ if [[ "$SERVICE_IP_VERSION" != 6 ]]; then
+ echo $SERVICE_IP_VERSION "SERVICE_IP_VERSION is not set to 6 which is must for devstack to deploy services with IPv6 address."
+ exit 1
+ fi
+ is_service_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_host'"))')
+ if [[ "$is_service_host_ipv6" != "True" ]]; then
+ echo $SERVICE_HOST "SERVICE_HOST is not ipv6 which means devstack cannot deploy services on IPv6 address."
+ exit 1
+ fi
+ is_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_host_ipv6'"))')
+ if [[ "$is_host_ipv6" != "True" ]]; then
+ echo $HOST_IPV6 "HOST_IPV6 is not ipv6 which means devstack cannot deploy services on IPv6 address."
+ exit 1
+ fi
+ is_service_listen_address=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_listen_address'"))')
+ if [[ "$is_service_listen_address" != "True" ]]; then
+ echo $SERVICE_LISTEN_ADDRESS "SERVICE_LISTEN_ADDRESS is not ipv6 which means devstack cannot deploy services on IPv6 address."
+ exit 1
+ fi
+ is_service_local_host=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_local_host'"))')
+ if [[ "$is_service_local_host" != "True" ]]; then
+ echo $SERVICE_LOCAL_HOST "SERVICE_LOCAL_HOST is not ipv6 which means devstack cannot deploy services on IPv6 address."
+ exit 1
+ fi
+ echo "Devstack is properly configured with IPv6"
+ echo "SERVICE_IP_VERSION: " $SERVICE_IP_VERSION "HOST_IPV6: " $HOST_IPV6 "SERVICE_HOST: " $SERVICE_HOST "SERVICE_LISTEN_ADDRESS: " $SERVICE_LISTEN_ADDRESS "SERVICE_LOCAL_HOST: " $SERVICE_LOCAL_HOST
+}
+
+function sanity_check_system_ipv6_enabled {
+ system_ipv6_enabled=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_ipv6_enabled())')
+ if [[ $system_ipv6_enabled != "True" ]]; then
+ echo "IPv6 is disabled in system"
+ exit 1
+ fi
+ echo "IPv6 is enabled in system"
+}
+
+function verify_service_listen_address_is_ipv6 {
+ local endpoints_verified=False
+ local all_ipv6=True
+ endpoints=$(openstack endpoint list -f value -c URL)
+ for endpoint in ${endpoints}; do
+ local endpoint_address=''
+ endpoint_address=$(echo "$endpoint" | awk -F/ '{print $3}' | awk -F] '{print $1}')
+ endpoint_address=$(echo $endpoint_address | tr -d [])
+ local is_endpoint_ipv6=''
+ is_endpoint_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$endpoint_address'"))')
+ if [[ "$is_endpoint_ipv6" != "True" ]]; then
+ all_ipv6=False
+ echo $endpoint ": This is not ipv6 endpoint which means corresponding service is not listening on IPv6 address."
+ continue
+ fi
+ endpoints_verified=True
+ done
+ if [[ "$all_ipv6" == "False" ]] || [[ "$endpoints_verified" == "False" ]]; then
+ exit 1
+ fi
+ echo "All services deployed by devstack is on IPv6 endpoints"
+ echo $endpoints
+}
+
+#First thing to verify if system has IPv6 enabled or not
+sanity_check_system_ipv6_enabled
+#Verify whether devstack is configured properly with IPv6 setting
+verify_devstack_ipv6_setting
+#Get all registrfed endpoints by devstack in keystone and verify that each endpoints address is IPv6.
+verify_service_listen_address_is_ipv6
diff --git a/tools/worlddump.py b/tools/worlddump.py
index 22770f1..e292173 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -134,7 +134,7 @@
def ebtables_dump():
- tables = ['filter', 'nat', 'broute']
+ tables = ['filter', 'nat']
_header("EB Tables Dump")
if not _find_cmd('ebtables'):
return