Merge "Add nova-cells-v1 to experimental queue jobs"
diff --git a/.zuul.yaml b/.zuul.yaml
index 49bf08b..b772481 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -29,6 +29,16 @@
- controller
- nodeset:
+ name: devstack-single-node-opensuse-tumbleweed
+ nodes:
+ - name: controller
+ label: opensuse-tumbleweed
+ groups:
+ - name: tempest
+ nodes:
+ - controller
+
+- nodeset:
name: devstack-single-node-fedora-27
nodes:
- name: controller
@@ -46,19 +56,24 @@
- name: compute1
label: ubuntu-xenial
groups:
+ # Node where tests are executed and test results collected
- name: tempest
nodes:
- controller
+ # Nodes running the compute service
- name: compute
nodes:
- controller
- compute1
+ # Nodes that are not the controller
- name: subnode
nodes:
- compute1
+ # Switch node for multinode networking setup
- name: switch
nodes:
- controller
+ # Peer nodes for multinode networking setup
- name: peers
nodes:
- compute1
@@ -75,7 +90,7 @@
all single Devstack jobs, single or multinode.
Variables are defined in job.vars, which is what is then used by single
node jobs and by multi node jobs for the controller, as well as in
- job.group-vars.peers, which is what is used by multi node jobs for peer
+ job.group-vars.peers, which is what is used by multi node jobs for subnode
nodes (everything but the controller).
required-projects:
- openstack-dev/devstack
@@ -106,6 +121,7 @@
# from the location below for all the CI jobs.
ETCD_DOWNLOAD_URL: http://tarballs.openstack.org/etcd/
devstack_services:
+ # Ignore any default set by devstack. Emit a "disable_all_services".
base: false
zuul_copy_output:
'{{ devstack_conf_dir }}/local.conf': 'logs'
@@ -149,7 +165,7 @@
stackenv: True
auto: True
group-vars:
- peers:
+ subnode:
devstack_localrc:
DATABASE_PASSWORD: secretdatabase
RABBIT_PASSWORD: secretrabbit
@@ -186,7 +202,28 @@
name: devstack
parent: devstack-base
description: |
- Single node devstack job for integration gate.
+ Base devstack job for integration gate.
+
+ This base job can be used for single node and multinode devstack jobs.
+
+ With a single node nodeset, this job sets up an "all-in-one" (aio)
+ devstack with the six OpenStack services included in the devstack tree:
+ keystone, glance, cinder, neutron, nova and swift.
+
+ With a two node nodeset, this job sets up an aio + compute node.
+ The controller can be customised using host-vars.controller, the
+ sub-nodes can be customised using group-vars.subnode.
+
+ Descendent jobs can enable / disable services, add devstack configuration
+ options, enable devstack plugins, configure log files or directories to be
+ transferred to the log server.
+
+ The job assumes that there is only one controller node. The number of
+ subnodes can be scaled up seamlessly by setting a custom nodeset in
+ job.nodeset.
+
+ The run playbook consists of a single role, so it can be easily rewritten
+ and extended.
nodeset: openstack-single-node
required-projects:
- openstack/cinder
@@ -198,7 +235,6 @@
- openstack/swift
timeout: 7200
vars:
- test_matrix_configs: [neutron, tlsproxy]
devstack_localrc:
# Common OpenStack services settings
SWIFT_REPLICAS: 1
@@ -209,20 +245,118 @@
NOVA_VNC_ENABLED: true
VNCSERVER_LISTEN: 0.0.0.0
VNCSERVER_PROXYCLIENT_ADDRESS: "{{ hostvars[inventory_hostname]['nodepool']['private_ipv4'] }}"
+ # Multinode specific settings
+ SERVICE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
+ HOST_IP: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
+ PUBLIC_BRIDGE_MTU: "{{ external_bridge_mtu }}"
+ devstack_local_conf:
+ post-config:
+ $NEUTRON_CONF:
+ DEFAULT:
+ global_physnet_mtu: "{{ external_bridge_mtu }}"
devstack_services:
- base: true
+ # Core services enabled for this branch.
+ # This list replaces the test-matrix.
+ # Shared services
+ dstat: true
+ etcd3: true
+ mysql: true
+ peakmem_tracker: true
+ rabbit: true
+ tls-proxy: true
+ # Keystone services
+ key: true
+ # Glance services
+ g-api: true
+ g-reg: true
+ # Nova services
+ n-api: true
+ n-api-meta: true
+ n-cauth: true
+ n-cond: true
+ n-cpu: true
+ n-novnc: true
+ n-obj: true
+ n-sch: true
+ placement-api: true
+ # Neutron services
+ # We need to keep using the neutron-legacy based services for
+ # now until all issues with the new lib/neutron code are solved
+ q-agt: true
+ q-dhcp: true
+ q-l3: true
+ q-meta: true
+ q-metering: true
+ q-svc: true
+ # neutron-api: true
+ # neutron-agent: true
+ # neutron-dhcp: true
+ # neutron-l3: true
+ # neutron-metadata-agent: true
+ # neutron-metering: true
+ # Swift services
+ s-account: true
+ s-container: true
+ s-object: true
+ s-proxy: true
+ # Cinder services
+ c-api: true
+ c-bak: true
+ c-sch: true
+ c-vol: true
+ cinder: true
+ # Services we don't need.
+ # This section is not really needed, it's for readability.
horizon: false
tempest: false
+ # Test matrix emits ceilometer but ceilomenter is not installed in the
+ # integrated gate, so specifying the services has not effect.
+ # ceilometer-*: false
+ group-vars:
+ subnode:
+ devstack_services:
+ # Core services enabled for this branch.
+ # This list replaces the test-matrix.
+ # Shared services
+ dstat: true
+ peakmem_tracker: true
+ tls-proxy: true
+ # Nova services
+ n-cpu: true
+ placement-client: true
+ # Neutron services
+ neutron-agent: true
+ # Cinder services
+ c-bak: true
+ c-vol: true
+ # Services we don't run at all on subnode.
+ # This section is not really needed, it's for readability.
+ # keystone: false
+ # s-*: false
+ horizon: false
+ tempest: false
+ # Test matrix emits ceilometer but ceilomenter is not installed in the
+ # integrated gate, so specifying the services has not effect.
+ # ceilometer-*: false
+ devstack_localrc:
+ # Multinode specific settings
+ HOST_IP: "{{ hostvars[inventory_hostname]['nodepool']['private_ipv4'] }}"
+ SERVICE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
+ PUBLIC_BRIDGE_MTU: "{{ external_bridge_mtu }}"
+ # Subnode specific settings
+ DATABASE_TYPE: mysql
+ GLANCE_HOSTPORT: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}:9292"
+ Q_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
+ RABBIT_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
+ DATABASE_HOST: "{{ hostvars['controller']['nodepool']['private_ipv4'] }}"
- job:
name: devstack-multinode
- parent: devstack-base
- description: Base devstack multinode job
+ parent: devstack
nodeset: openstack-two-node
- # NOTE(andreaf) The multinode job is useful to see the setup of different
- # services on different nodes, however the subnode configuration is not
- # ready yet. Until then this job should stay non-voting.
- voting: false
+ description: |
+ Simple multinode test to verify multinode functionality on devstack side.
+ This is not meant to be used as a parent job.
# NOTE(ianw) Platform tests have traditionally been non-voting because
# we often have to rush things through devstack to stabilise the gate,
@@ -238,11 +372,18 @@
- job:
name: devstack-platform-opensuse-423
parent: tempest-full
- description: OpenSuSE 43.2 platform test
+ description: openSUSE 43.2 platform test
nodeset: devstack-single-node-opensuse-423
voting: false
- job:
+ name: devstack-platform-opensuse-tumbleweed
+ parent: tempest-full
+ description: openSUSE Tumbleweed platform test
+ nodeset: devstack-single-node-opensuse-tumbleweed
+ voting: false
+
+- job:
name: devstack-platform-fedora-27
parent: tempest-full
description: Fedora 27 platform test
@@ -318,6 +459,7 @@
- devstack
- devstack-platform-centos-7
- devstack-platform-opensuse-423
+ - devstack-platform-opensuse-tumbleweed
- devstack-platform-fedora-27
- devstack-multinode
- devstack-unit-tests
diff --git a/clean.sh b/clean.sh
index 2333596..a29ebd9 100755
--- a/clean.sh
+++ b/clean.sh
@@ -122,9 +122,6 @@
if [[ -n "$LOGDIR" ]] && [[ -d "$LOGDIR" ]]; then
sudo rm -rf $LOGDIR
fi
-if [[ -n "$SCREEN_LOGDIR" ]] && [[ -d "$SCREEN_LOGDIR" ]]; then
- sudo rm -rf $SCREEN_LOGDIR
-fi
# Clean out the sytemd user unit files if systemd was used.
if [[ "$USE_SYSTEMD" = "True" ]]; then
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 1d02395..7efe4d6 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -41,6 +41,7 @@
- **extra** - runs after services are started and before any files in
``extra.d`` are executed
- **post-extra** - runs after files in ``extra.d`` are executed
+- **test-config** - runs after tempest (and plugins) are configured
The file is processed strictly in sequence; meta-sections may be
specified more than once but if any settings are duplicated the last to
@@ -655,7 +656,7 @@
Cells
~~~~~
-`Cells <http://wiki.openstack.org/blueprint-nova-compute-cells>`__ is
+`Cells <https://wiki.openstack.org/wiki/Blueprint-nova-compute-cells>`__ is
an alternative scaling option. To setup a cells environment add the
following to your ``localrc`` section:
diff --git a/doc/source/guides/devstack-with-lbaas-v2.rst b/doc/source/guides/devstack-with-lbaas-v2.rst
index 3592844..7dee520 100644
--- a/doc/source/guides/devstack-with-lbaas-v2.rst
+++ b/doc/source/guides/devstack-with-lbaas-v2.rst
@@ -2,7 +2,7 @@
=================================
Starting in the OpenStack Liberty release, the
-`neutron LBaaS v2 API <http://developer.openstack.org/api-ref-networking-v2-ext.html>`_
+`neutron LBaaS v2 API <https://developer.openstack.org/api-ref/network/v2/index.html>`_
is now stable while the LBaaS v1 API has been deprecated. The LBaaS v2 reference
driver is based on Octavia.
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 092809a..1b8dccd 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -396,7 +396,7 @@
In this configuration we are defining IPV4_ADDRS_SAFE_TO_USE to be a
publicly routed IPv4 subnet. In this specific instance we are using
-the special TEST-NET-3 subnet defined in `RFC 5737 <http://tools.ietf.org/html/rfc5737>`_,
+the special TEST-NET-3 subnet defined in `RFC 5737 <https://tools.ietf.org/html/rfc5737>`_,
which is used for documentation. In your DevStack setup, IPV4_ADDRS_SAFE_TO_USE
would be a public IP address range that you or your organization has
allocated to you, so that you could access your instances from the
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 9254c23..2ff4ff0 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -139,7 +139,9 @@
Enable :doc:`devstack plugins <plugins>` to support additional
services, features, and configuration not present in base devstack.
-Use devstack in your CI with :doc:`Ansible roles <roles>` for Zuul V3.
+Use devstack in your CI with :doc:`Ansible roles <zuul_roles>` and
+:doc:`Jobs <zuul_jobs>` for Zuul V3. Migrate your devstack Zuul V2 jobs to Zuul
+V3 with this full migration :doc:`how-to <zuul_ci_jobs_migration>`.
Get :doc:`the big picture <overview>` of what we are trying to do
with devstack, and help us by :doc:`contributing to the project
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 591e226..04b7698 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -31,12 +31,12 @@
bilean `git://git.openstack.org/openstack/bilean <https://git.openstack.org/cgit/openstack/bilean>`__
blazar `git://git.openstack.org/openstack/blazar <https://git.openstack.org/cgit/openstack/blazar>`__
broadview-collector `git://git.openstack.org/openstack/broadview-collector <https://git.openstack.org/cgit/openstack/broadview-collector>`__
+castellan-ui `git://git.openstack.org/openstack/castellan-ui <https://git.openstack.org/cgit/openstack/castellan-ui>`__
ceilometer `git://git.openstack.org/openstack/ceilometer <https://git.openstack.org/cgit/openstack/ceilometer>`__
ceilometer-powervm `git://git.openstack.org/openstack/ceilometer-powervm <https://git.openstack.org/cgit/openstack/ceilometer-powervm>`__
cloudkitty `git://git.openstack.org/openstack/cloudkitty <https://git.openstack.org/cgit/openstack/cloudkitty>`__
collectd-ceilometer-plugin `git://git.openstack.org/openstack/collectd-ceilometer-plugin <https://git.openstack.org/cgit/openstack/collectd-ceilometer-plugin>`__
congress `git://git.openstack.org/openstack/congress <https://git.openstack.org/cgit/openstack/congress>`__
-cue `git://git.openstack.org/openstack/cue <https://git.openstack.org/cgit/openstack/cue>`__
cyborg `git://git.openstack.org/openstack/cyborg <https://git.openstack.org/cgit/openstack/cyborg>`__
designate `git://git.openstack.org/openstack/designate <https://git.openstack.org/cgit/openstack/designate>`__
devstack-plugin-additional-pkg-repos `git://git.openstack.org/openstack/devstack-plugin-additional-pkg-repos <https://git.openstack.org/cgit/openstack/devstack-plugin-additional-pkg-repos>`__
@@ -71,7 +71,6 @@
ironic-inspector `git://git.openstack.org/openstack/ironic-inspector <https://git.openstack.org/cgit/openstack/ironic-inspector>`__
ironic-staging-drivers `git://git.openstack.org/openstack/ironic-staging-drivers <https://git.openstack.org/cgit/openstack/ironic-staging-drivers>`__
ironic-ui `git://git.openstack.org/openstack/ironic-ui <https://git.openstack.org/cgit/openstack/ironic-ui>`__
-k8s-cloud-provider `git://git.openstack.org/openstack/k8s-cloud-provider <https://git.openstack.org/cgit/openstack/k8s-cloud-provider>`__
karbor `git://git.openstack.org/openstack/karbor <https://git.openstack.org/cgit/openstack/karbor>`__
karbor-dashboard `git://git.openstack.org/openstack/karbor-dashboard <https://git.openstack.org/cgit/openstack/karbor-dashboard>`__
keystone `git://git.openstack.org/openstack/keystone <https://git.openstack.org/cgit/openstack/keystone>`__
diff --git a/doc/source/roles.rst b/doc/source/roles.rst
deleted file mode 100644
index 5baa1e4..0000000
--- a/doc/source/roles.rst
+++ /dev/null
@@ -1,4 +0,0 @@
-Roles
-=====
-
-.. zuul:autoroles::
diff --git a/doc/source/zuul_ci_jobs_migration.rst b/doc/source/zuul_ci_jobs_migration.rst
new file mode 100644
index 0000000..c00f06e
--- /dev/null
+++ b/doc/source/zuul_ci_jobs_migration.rst
@@ -0,0 +1,301 @@
+===============================
+Migrating Zuul V2 CI jobs to V3
+===============================
+
+The OpenStack CI system moved from Zuul v2 to Zuul v3, and all CI jobs moved to
+the new CI system. All jobs have been migrated automatically to a format
+compatible with Zuul v3; the jobs produced in this way however are suboptimal
+and do not use the capabilities introduced by Zuul v3, which allow for re-use of
+job parts, in the form of Ansible roles, as well as inheritance between jobs.
+
+DevStack hosts a set of roles, plays and jobs that can be used by other
+repositories to define their DevStack based jobs. To benefit from them, jobs
+must be migrated from the legacy v2 ones into v3 native format.
+
+This document provides guidance and examples to make the migration process as
+painless and smooth as possible.
+
+Where to host the job definitions.
+==================================
+
+In Zuul V3 jobs can be defined in the repository that contains the code they
+excercise. If you are writing CI jobs for an OpenStack service you can define
+your DevStack based CI jobs in one of the repositories that host the code for
+your service. If you have a branchless repo, like a Tempest plugin, that is
+a convenient choice to host the job definitions since job changes do not have
+to be backported. For example, see the beginning of the ``.zuul.yaml`` from the
+sahara Tempest plugin repo:
+
+.. code:: yaml
+
+ # In http://git.openstack.org/cgit/openstack/sahara-tests/tree/.zuul.yaml:
+ - job:
+ name: sahara-tests-tempest
+ description: |
+ Run Tempest tests from the Sahara plugin.
+ parent: devstack-tempest
+
+Which base job to start from
+============================
+
+If your job needs an OpenStack cloud deployed via DevStack, but you don't plan
+on running Tempest tests, you can start from one of the base
+:doc:`jobs <zuul_jobs>` defined in the DevStack repo.
+
+The ``devstack`` job can be used for both single-node jobs and multi-node jobs,
+and it includes the list of services used in the integrated gate (keystone,
+glance, nova, cinder, neutron and swift). Different topologies can be achieved
+by switching the nodeset used in the child job.
+
+The ``devstack-base`` job is similar to ``devstack`` but it does not specify any
+required repo or service to be run in DevStack. It can be useful to setup
+children jobs that use a very narrow DevStack setup.
+
+If your job needs an OpenStack cloud deployed via DevStack, and you do plan
+on running Tempest tests, you can start from one of the base jobs defined in the
+Tempest repo.
+
+The ``devstack-tempest`` job can be used for both single-node jobs and
+multi-node jobs. Different topologies can be achieved by switching the nodeset
+used in the child job.
+
+Jobs can be customized as follows without writing any Ansible code:
+
+- add and/or remove DevStack services
+- add or modify DevStack and services configuration
+- install DevStack plugins
+- extend the number of sub-nodes (multinode only)
+- define extra log files and/or directories to be uploaded on logs.o.o
+- define extra log file extensions to be rewritten to .txt for ease of access
+
+Tempest jobs can be further customized as follows:
+
+- define the Tempest tox environment to be used
+- define the test concurrency
+- define the test regular expression
+
+Writing Ansible code, or importing existing custom roles, jobs can be further
+extended by:
+
+- adding pre and/or post playbooks
+- overriding the run playbook, add custom roles
+
+The (partial) example below extends a Tempest single node base job
+"devstack-tempest" in the Kuryr repository. The parent job name is defined in
+job.parent.
+
+.. code:: yaml
+
+ # https://git.openstack.org/cgit/openstack/kuryr-kubernetes/tree/.zuul.yaml:
+ - job:
+ name: kuryr-kubernetes-tempest-base
+ parent: devstack-tempest
+ description: Base kuryr-kubernetes-job
+ required-projects:
+ - openstack/devstack-plugin-container
+ - openstack/kuryr
+ - openstack/kuryr-kubernetes
+ - openstack/kuryr-tempest-plugin
+ - openstack/neutron-lbaas
+ vars:
+ tempest_test_regex: '^(kuryr_tempest_plugin.tests.)'
+ tox_envlist: 'all'
+ devstack_localrc:
+ KURYR_K8S_API_PORT: 8080
+ TEMPEST_PLUGINS: '/opt/stack/kuryr-tempest-plugin'
+ devstack_services:
+ kubernetes-api: true
+ kubernetes-controller-manager: true
+ kubernetes-scheduler: true
+ kubelet: true
+ kuryr-kubernetes: true
+ (...)
+ devstack_plugins:
+ kuryr-kubernetes: https://git.openstack.org/openstack/kuryr
+ devstack-plugin-container: https://git.openstack.org/openstack/devstack-plugin-container
+ neutron-lbaas: https://git.openstack.org/openstack/neutron-lbaas
+ (...)
+
+Job variables
+=============
+
+Variables can be added to the job in three different places:
+
+- job.vars: these are global variables available to all node in the nodeset
+- job.host-vars.[HOST]: these are variables available only to the specified HOST
+- job.group-vars.[GROUP]: these are variables available only to the specified
+ GROUP
+
+Zuul merges dict variables through job inheritance. Host and group variables
+override variables with the same name defined as global variables.
+
+In the example below, for the sundaes job, hosts that are not part of the
+subnode group will run vanilla and chocolate. Hosts in the subnode group will
+run stracciatella and strawberry.
+
+.. code:: yaml
+
+ - job:
+ name: ice-creams
+ vars:
+ devstack_service:
+ vanilla: true
+ chocolate: false
+ group-vars:
+ subnode:
+ devstack_service:
+ pistacchio: true
+ stracciatella: true
+
+ - job:
+ name: sundaes
+ parent: ice-creams
+ vars:
+ devstack_service:
+ chocolate: true
+ group-vars:
+ subnode:
+ devstack_service:
+ strawberry: true
+ pistacchio: false
+
+
+DevStack Gate Flags
+===================
+
+The old CI system worked using a combination of DevStack, Tempest and
+devstack-gate to setup a test environment and run tests against it. With Zuul
+V3, the logic that used to live in devstack-gate is moved into different repos,
+including DevStack, Tempest and grenade.
+
+DevStack-gate exposes an interface for job definition based on a number of
+DEVSTACK_GATE_* environment variables, or flags. This guide shows how to map
+DEVSTACK_GATE flags into the new
+system.
+
+The repo column indicates in which repository is hosted the code that replaces
+the devstack-gate flag. The new implementation column explains how to reproduce
+the same or a similar behaviour in Zuul v3 jobs. For localrc settings,
+devstack-gate defined a default value. In ansible jobs the default is either the
+value defined in the parent job, or the default from DevStack, if any.
+
+============================================== ============= ==================
+DevStack gate flag Repo New implementation
+============================================== ============= ==================
+OVERRIDE_ZUUL_BRANCH zuul override-checkout:
+ [branch]
+ in the job definition.
+DEVSTACK_GATE_NET_OVERLAY zuul-jobs A bridge called
+ br-infra is set up for
+ all jobs that inherit
+ from multinode with
+ a dedicated `bridge role <https://docs.openstack.org/infra/zuul-jobs/roles.html#role-multi-node-bridge>`_.
+DEVSTACK_GATE_FEATURE_MATRIX devstack-gate ``test_matrix_features``
+ variable of the
+ test-matrix role in
+ devstack-gate. This
+ is a temporary
+ solution, feature
+ matrix will go away.
+ In the future services
+ will be defined in
+ jobs only.
+DEVSTACK_CINDER_VOLUME_CLEAR devstack *CINDER_VOLUME_CLEAR: true/false*
+ in devstack_localrc
+ in the job vars.
+DEVSTACK_GATE_NEUTRON devstack True by default. To
+ disable, disable all
+ neutron services in
+ devstack_services in
+ the job definition.
+DEVSTACK_GATE_CONFIGDRIVE devstack *FORCE_CONFIG_DRIVE: true/false*
+ in devstack_localrc
+ in the job vars.
+DEVSTACK_GATE_INSTALL_TESTONLY devstack *INSTALL_TESTONLY_PACKAGES: true/false*
+ in devstack_localrc
+ in the job vars.
+DEVSTACK_GATE_VIRT_DRIVER devstack *VIRT_DRIVER: [virt driver]*
+ in devstack_localrc
+ in the job vars.
+DEVSTACK_GATE_LIBVIRT_TYPE devstack *LIBVIRT_TYPE: [libvirt type]*
+ in devstack_localrc
+ in the job vars.
+DEVSTACK_GATE_TEMPEST devstack Defined by the job
+ tempest that is used. The
+ ``devstack`` job only
+ runs devstack.
+ The ``devstack-tempest``
+ one triggers a Tempest
+ run as well.
+DEVSTACK_GATE_TEMPEST_FULL tempest *tox_envlist: full*
+ in the job vars.
+DEVSTACK_GATE_TEMPEST_ALL tempest *tox_envlist: all*
+ in the job vars.
+DEVSTACK_GATE_TEMPEST_ALL_PLUGINS tempest *tox_envlist: all-plugin*
+ in the job vars.
+DEVSTACK_GATE_TEMPEST_SCENARIOS tempest *tox_envlist: scenario*
+ in the job vars.
+TEMPEST_CONCURRENCY tempest *tempest_concurrency: [value]*
+ in the job vars. This
+ is available only on
+ jobs that inherit from
+ ``devstack-tempest``
+ down.
+DEVSTACK_GATE_TEMPEST_NOTESTS tempest *tox_envlist: venv-tempest*
+ in the job vars. This
+ will create Tempest
+ virtual environment
+ but run no tests.
+DEVSTACK_GATE_SMOKE_SERIAL tempest *tox_envlist: smoke-serial*
+ in the job vars.
+DEVSTACK_GATE_TEMPEST_DISABLE_TENANT_ISOLATION tempest *tox_envlist: full-serial*
+ in the job vars.
+ *TEMPEST_ALLOW_TENANT_ISOLATION: false*
+ in devstack_localrc in
+ the job vars.
+============================================== ============= ==================
+
+The following flags have not been migrated yet or are legacy and won't be
+migrated at all.
+
+===================================== ====== ==========================
+DevStack gate flag Status Details
+===================================== ====== ==========================
+DEVSTACK_GATE_TOPOLOGY WIP The topology depends on the base
+ job that is used and more
+ specifically on the nodeset
+ attached to it. The new job
+ format allows project to define
+ the variables to be passed to
+ every node/node-group that exists
+ in the topology. Named topologies
+ that include the nodeset and the
+ matching variables can be defined
+ in the form of base jobs.
+DEVSTACK_GATE_GRENADE TBD Grenade Zuul V3 jobs will be
+ hosted in the grenade repo.
+GRENADE_BASE_BRANCH TBD Grenade Zuul V3 jobs will be
+ hosted in the grenade repo.
+DEVSTACK_GATE_NEUTRON_DVR TBD Depends on multinode support.
+DEVSTACK_GATE_EXERCISES TBD Can be done on request.
+DEVSTACK_GATE_IRONIC TBD This will probably be implemented
+ on ironic side.
+DEVSTACK_GATE_IRONIC_DRIVER TBD This will probably be implemented
+ on ironic side.
+DEVSTACK_GATE_IRONIC_BUILD_RAMDISK TBD This will probably be implemented
+ on ironic side.
+DEVSTACK_GATE_POSTGRES Legacy This flag exists in d-g but the
+ only thing that it does is
+ capture postgres logs. This is
+ already supported by the roles in
+ post, so the flag is useless in
+ the new jobs. postgres itself can
+ be enabled via the
+ devstack_service job variable.
+DEVSTACK_GATE_ZEROMQ Legacy This has no effect in d-g.
+DEVSTACK_GATE_MQ_DRIVER Legacy This has no effect in d-g.
+DEVSTACK_GATE_TEMPEST_STRESS_ARGS Legacy Stress is not in Tempest anymore.
+DEVSTACK_GATE_TEMPEST_HEAT_SLOW Legacy This is not used anywhere.
+DEVSTACK_GATE_CELLS Legacy This has no effect in d-g.
+DEVSTACK_GATE_NOVA_API_METADATA_SPLIT Legacy This has no effect in d-g.
+===================================== ====== ==========================
diff --git a/doc/source/zuul_jobs.rst b/doc/source/zuul_jobs.rst
new file mode 100644
index 0000000..cf203a8
--- /dev/null
+++ b/doc/source/zuul_jobs.rst
@@ -0,0 +1,4 @@
+Zuul CI Jobs
+============
+
+.. zuul:autojobs::
diff --git a/doc/source/zuul_roles.rst b/doc/source/zuul_roles.rst
new file mode 100644
index 0000000..4939281
--- /dev/null
+++ b/doc/source/zuul_roles.rst
@@ -0,0 +1,4 @@
+Zuul CI Roles
+=============
+
+.. zuul:autoroles::
diff --git a/functions-common b/functions-common
index df295a3..b1b0995 100644
--- a/functions-common
+++ b/functions-common
@@ -373,6 +373,9 @@
DISTRO="f$os_RELEASE"
elif [[ "$os_VENDOR" =~ (openSUSE) ]]; then
DISTRO="opensuse-$os_RELEASE"
+ # Tumbleweed uses "n/a" as a codename, and the release is a datestring
+ # like 20180218, so not very useful.
+ [ "$os_CODENAME" = "n/a" ] && DISTRO="opensuse-tumbleweed"
elif [[ "$os_VENDOR" =~ (SUSE LINUX) ]]; then
# just use major release
DISTRO="sle${os_RELEASE%.*}"
@@ -2301,12 +2304,7 @@
function cleanup_oscwrap {
local total=0
- if python3_enabled ; then
- local python=python3
- else
- local python=python
- fi
- total=$(cat $OSCWRAP_TIMER_FILE | $python -c "import sys; print(sum(int(l) for l in sys.stdin))")
+ total=$(cat $OSCWRAP_TIMER_FILE | $PYTHON -c "import sys; print(sum(int(l) for l in sys.stdin))")
_TIME_TOTAL["osc"]=$total
rm $OSCWRAP_TIMER_FILE
}
diff --git a/lib/cinder b/lib/cinder
index a1d6871..3a8097f 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -227,7 +227,6 @@
configure_auth_token_middleware $CINDER_CONF cinder $CINDER_AUTH_CACHE_DIR
- iniset $CINDER_CONF DEFAULT auth_strategy keystone
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $CINDER_CONF DEFAULT target_helper "$CINDER_ISCSI_HELPER"
@@ -326,7 +325,7 @@
if [[ ! -z "$CINDER_COORDINATION_URL" ]]; then
iniset $CINDER_CONF coordination backend_url "$CINDER_COORDINATION_URL"
elif is_service_enabled etcd3; then
- iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:2379"
+ iniset $CINDER_CONF coordination backend_url "etcd3+http://${SERVICE_HOST}:$ETCD_PORT"
fi
}
@@ -541,7 +540,17 @@
local be be_name
for be in ${CINDER_ENABLED_BACKENDS//,/ }; do
be_name=${be##*:}
- openstack --os-region-name="$REGION_NAME" volume type create --property volume_backend_name="${be_name}" ${be_name}
+ # NOTE (e0ne): openstack client doesn't work with cinder in noauth mode
+ if is_service_enabled keystone; then
+ openstack --os-region-name="$REGION_NAME" volume type create --property volume_backend_name="${be_name}" ${be_name}
+ else
+ # TODO (e0ne): use openstack client once it will support cinder in noauth mode:
+ # https://bugs.launchpad.net/python-cinderclient/+bug/1755279
+ local cinder_url
+ cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST:$CINDER_SERVICE_PORT/v3
+ OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-create ${be_name}
+ OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-key ${be_name} set volume_backend_name=${be_name}
+ fi
done
fi
}
diff --git a/lib/etcd3 b/lib/etcd3
index d3f7226..26d07fd 100644
--- a/lib/etcd3
+++ b/lib/etcd3
@@ -27,7 +27,6 @@
ETCD_DATA_DIR="$DATA_DIR/etcd"
ETCD_SYSTEMD_SERVICE="devstack@etcd.service"
ETCD_BIN_DIR="$DEST/bin"
-ETCD_PORT=2379
if is_ubuntu ; then
UBUNTU_RELEASE_BASE_NUM=`lsb_release -r | awk '{print $2}' | cut -d '.' -f 1`
@@ -38,13 +37,13 @@
local cmd="$ETCD_BIN_DIR/etcd"
cmd+=" --name $HOSTNAME --data-dir $ETCD_DATA_DIR"
cmd+=" --initial-cluster-state new --initial-cluster-token etcd-cluster-01"
- cmd+=" --initial-cluster $HOSTNAME=http://$SERVICE_HOST:2380"
- cmd+=" --initial-advertise-peer-urls http://$SERVICE_HOST:2380"
+ cmd+=" --initial-cluster $HOSTNAME=http://$SERVICE_HOST:$ETCD_PEER_PORT"
+ cmd+=" --initial-advertise-peer-urls http://$SERVICE_HOST:$ETCD_PEER_PORT"
cmd+=" --advertise-client-urls http://$SERVICE_HOST:$ETCD_PORT"
if [ "$SERVICE_LISTEN_ADDRESS" == "::" ]; then
- cmd+=" --listen-peer-urls http://[::]:2380 "
+ cmd+=" --listen-peer-urls http://[::]:$ETCD_PEER_PORT "
else
- cmd+=" --listen-peer-urls http://0.0.0.0:2380 "
+ cmd+=" --listen-peer-urls http://0.0.0.0:$ETCD_PEER_PORT "
fi
cmd+=" --listen-client-urls http://$SERVICE_HOST:$ETCD_PORT"
diff --git a/lib/neutron b/lib/neutron
index 0834792..cef8d1f 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -32,6 +32,17 @@
NEUTRON_DIR=$DEST/neutron
NEUTRON_AUTH_CACHE_DIR=${NEUTRON_AUTH_CACHE_DIR:-/var/cache/neutron}
+NEUTRON_DISTRIBUTED_ROUTING=$(trueorfalse False NEUTRON_DISTRIBUTED_ROUTING)
+# Distributed Virtual Router (DVR) configuration
+# Can be:
+# - ``legacy`` - No DVR functionality
+# - ``dvr_snat`` - Controller or single node DVR
+# - ``dvr`` - Compute node in multi-node DVR
+# - ``dvr_no_external`` - Compute node in multi-node DVR, no external network
+#
+# Default is 'dvr_snat' since it can handle both DVR and legacy routers
+NEUTRON_DVR_MODE=${NEUTRON_DVR_MODE:-dvr_snat}
+
NEUTRON_BIN_DIR=$(get_python_exec_prefix)
NEUTRON_DHCP_BINARY="neutron-dhcp-agent"
@@ -174,6 +185,7 @@
iniset $NEUTRON_CONF DEFAULT policy_file $policy_file
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips True
+ iniset $NEUTRON_CONF DEFAULT router_distributed $NEUTRON_DISTRIBUTED_ROUTING
iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY
configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken
@@ -182,7 +194,15 @@
# Configure VXLAN
# TODO(sc68cal) not hardcode?
iniset $NEUTRON_CORE_PLUGIN_CONF ml2 tenant_network_types vxlan
- iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers openvswitch,linuxbridge
+
+ local mech_drivers="openvswitch"
+ if [[ "$NEUTRON_DISTRIBUTED_ROUTING" = "True" ]]; then
+ mech_drivers+=",l2population"
+ else
+ mech_drivers+=",linuxbridge"
+ fi
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 mechanism_drivers $mech_drivers
+
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_flat flat_networks public
if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then
@@ -203,6 +223,11 @@
else
iniset $NEUTRON_CORE_PLUGIN_CONF securitygroup firewall_driver iptables_hybrid
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
+
+ if [[ "$NEUTRON_DISTRIBUTED_ROUTING" = "True" ]]; then
+ iniset $NEUTRON_CORE_PLUGIN_CONF agent l2_population True
+ iniset $NEUTRON_CORE_PLUGIN_CONF agent enable_distributed_routing True
+ fi
fi
if ! running_in_container; then
@@ -237,6 +262,10 @@
else
iniset $NEUTRON_CORE_PLUGIN_CONF ovs bridge_mappings "$PUBLIC_NETWORK_NAME:$PUBLIC_BRIDGE"
fi
+
+ if [[ "$NEUTRON_DISTRIBUTED_ROUTING" = "True" ]]; then
+ iniset $NEUTRON_L3_CONF DEFAULT agent_mode $NEUTRON_DVR_MODE
+ fi
fi
# Metadata
@@ -307,7 +336,6 @@
iniset $NOVA_CONF neutron project_domain_name "Default"
iniset $NOVA_CONF neutron auth_strategy $NEUTRON_AUTH_STRATEGY
iniset $NOVA_CONF neutron region_name "$REGION_NAME"
- iniset $NOVA_CONF neutron url $NEUTRON_SERVICE_PROTOCOL://$NEUTRON_SERVICE_HOST:$NEUTRON_SERVICE_PORT
iniset $NOVA_CONF DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 9701ee7..0cd7e31 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -376,7 +376,6 @@
iniset $NOVA_CONF neutron project_domain_name "$SERVICE_DOMAIN_NAME"
iniset $NOVA_CONF neutron auth_strategy "$Q_AUTH_STRATEGY"
iniset $NOVA_CONF neutron region_name "$REGION_NAME"
- iniset $NOVA_CONF neutron url "${Q_PROTOCOL}://$Q_HOST:$Q_PORT"
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
LIBVIRT_FIREWALL_DRIVER=nova.virt.firewall.NoopFirewallDriver
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index 41a467d..9be32b7 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -39,9 +39,9 @@
Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-True}
-# Use flat providernet for public network
+# Use providernet for public network
#
-# If Q_USE_PROVIDERNET_FOR_PUBLIC=True, use a flat provider network
+# If Q_USE_PROVIDERNET_FOR_PUBLIC=True, use a provider network
# for external interface of neutron l3-agent. In that case,
# PUBLIC_PHYSICAL_NETWORK specifies provider:physical_network value
# used for the network. In case of ofagent, you should add the
@@ -59,6 +59,10 @@
# Q_USE_PROVIDERNET_FOR_PUBLIC=True
# PUBLIC_PHYSICAL_NETWORK=public
# OVS_BRIDGE_MAPPINGS=public:br-ex
+#
+# The provider-network-type defaults to flat, however, the values
+# PUBLIC_PROVIDERNET_TYPE and PUBLIC_PROVIDERNET_SEGMENTATION_ID could
+# be set to specify the parameters for an alternate network type.
Q_USE_PROVIDERNET_FOR_PUBLIC=${Q_USE_PROVIDERNET_FOR_PUBLIC:-True}
PUBLIC_PHYSICAL_NETWORK=${PUBLIC_PHYSICAL_NETWORK:-public}
@@ -240,7 +244,7 @@
fi
# Create an external network, and a subnet. Configure the external network as router gw
if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then
- EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type flat --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
+ EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS --provider-network-type ${PUBLIC_PROVIDERNET_TYPE:-flat} ${PUBLIC_PROVIDERNET_SEGMENTATION_ID:+--provider-segment $PUBLIC_PROVIDERNET_SEGMENTATION_ID} --provider-physical-network ${PUBLIC_PHYSICAL_NETWORK} | grep ' id ' | get_field 2)
else
EXT_NET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" network create "$PUBLIC_NETWORK_NAME" $EXTERNAL_NETWORK_FLAGS | grep ' id ' | get_field 2)
fi
diff --git a/lib/nova b/lib/nova
index 580f87f..56e3093 100644
--- a/lib/nova
+++ b/lib/nova
@@ -424,6 +424,9 @@
iniset $NOVA_CONF DEFAULT rootwrap_config "$NOVA_CONF_DIR/rootwrap.conf"
iniset $NOVA_CONF scheduler driver "$SCHEDULER"
iniset $NOVA_CONF filter_scheduler enabled_filters "$FILTERS"
+ if [[ $SCHEDULER == "filter_scheduler" ]]; then
+ iniset $NOVA_CONF scheduler workers "$API_WORKERS"
+ fi
iniset $NOVA_CONF DEFAULT default_floating_pool "$PUBLIC_NETWORK_NAME"
if [[ $SERVICE_IP_VERSION == 6 ]]; then
iniset $NOVA_CONF DEFAULT my_ip "$HOST_IPV6"
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 44d0717..1c7c82f 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -52,7 +52,20 @@
if is_service_enabled rabbit; then
# Install rabbitmq-server
install_package rabbitmq-server
- if is_fedora; then
+ if is_suse; then
+ install_package rabbitmq-server-plugins
+ # the default systemd socket activation only listens on the loopback interface
+ # which causes rabbitmq to try to start its own epmd
+ sudo mkdir -p /etc/systemd/system/epmd.socket.d
+ cat <<EOF | sudo tee /etc/systemd/system/epmd.socket.d/ports.conf >/dev/null
+[Socket]
+ListenStream=
+ListenStream=[::]:4369
+EOF
+ sudo systemctl daemon-reload
+ sudo systemctl restart epmd.socket epmd.service
+ fi
+ if is_fedora || is_suse; then
sudo systemctl enable rabbitmq-server
fi
fi
diff --git a/lib/swift b/lib/swift
index 1187846..6cda9c8 100644
--- a/lib/swift
+++ b/lib/swift
@@ -557,7 +557,11 @@
local swift_log_dir=${SWIFT_DATA_DIR}/logs
sudo rm -rf ${swift_log_dir}
- sudo install -d -o ${STACK_USER} -g adm ${swift_log_dir}/hourly
+ local swift_log_group=adm
+ if is_suse; then
+ swift_log_group=root
+ fi
+ sudo install -d -o ${STACK_USER} -g ${swift_log_group} ${swift_log_dir}/hourly
if [[ $SYSLOG != "False" ]]; then
sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \
diff --git a/lib/tempest b/lib/tempest
index 3b39dae..0605ffb 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -299,6 +299,10 @@
iniset $TEMPEST_CONFIG identity-feature-enabled domain_specific_drivers True
fi
+ # TODO(felipemonteiro): Remove this once Tempest no longer supports Pike
+ # as this is supported in Queens and beyond.
+ iniset $TEMPEST_CONFIG identity-feature-enabled project_tags True
+
# Image
# We want to be able to override this variable in the gate to avoid
# doing an external HTTP fetch for this test.
@@ -554,7 +558,10 @@
if [[ "$OFFLINE" != "True" ]]; then
tox -revenv-tempest --notest
fi
- tox -evenv-tempest -- pip install -c $REQUIREMENTS_DIR/upper-constraints.txt -r requirements.txt
+
+ # The requirements might be on a different branch, while tempest needs master requirements.
+ (cd $REQUIREMENTS_DIR && git show master:upper-constraints.txt) > u-c-m.txt
+ tox -evenv-tempest -- pip install -c u-c-m.txt -r requirements.txt
# Auth:
iniset $TEMPEST_CONFIG auth tempest_roles "Member"
diff --git a/playbooks/devstack.yaml b/playbooks/devstack.yaml
index ede8382..d090638 100644
--- a/playbooks/devstack.yaml
+++ b/playbooks/devstack.yaml
@@ -1,3 +1,7 @@
- hosts: all
+ # This is the default strategy, however since orchestrate-devstack requires
+ # "linear", it is safer to enforce it in case this is running in an
+ # environment configured with a different default strategy.
+ strategy: linear
roles:
- - run-devstack
+ - orchestrate-devstack
diff --git a/playbooks/pre.yaml b/playbooks/pre.yaml
index 6681fb2..4689a63 100644
--- a/playbooks/pre.yaml
+++ b/playbooks/pre.yaml
@@ -1,15 +1,25 @@
-- hosts: controller
- roles:
- - role: test-matrix
- test_matrix_role: primary
-
-- hosts: subnode
- roles:
- - role: test-matrix
- test_matrix_role: subnode
-
- hosts: all
+ pre_tasks:
+ - name: Gather minimum local MTU
+ set_fact:
+ local_mtu: >
+ {% set mtus = [] -%}
+ {% for interface in ansible_interfaces -%}
+ {% set interface_variable = 'ansible_' + interface -%}
+ {% if interface_variable in hostvars[inventory_hostname] -%}
+ {% set _ = mtus.append(hostvars[inventory_hostname][interface_variable]['mtu']|int) -%}
+ {% endif -%}
+ {% endfor -%}
+ {{- mtus|min -}}
+ - name: Calculate external_bridge_mtu
+ # 50 bytes is overhead for vxlan (which is greater than GRE
+ # allowing us to use either overlay option with this MTU.
+ # TODO(andreaf) This should work, but it may have to be reconcilied with
+ # the MTU setting used by the multinode setup roles in multinode pre.yaml
+ set_fact:
+ external_bridge_mtu: "{{ local_mtu | int - 50 }}"
roles:
+ - test-matrix
- configure-swap
- setup-stack-user
- setup-tempest-user
diff --git a/roles/orchestrate-devstack/README.rst b/roles/orchestrate-devstack/README.rst
new file mode 100644
index 0000000..097dcea
--- /dev/null
+++ b/roles/orchestrate-devstack/README.rst
@@ -0,0 +1,25 @@
+Orchestrate a devstack
+
+Runs devstack in a multinode scenario, with one controller node
+and a group of subnodes.
+
+The reason for this role is so that jobs in other repository may
+run devstack in their plays with no need for re-implementing the
+orchestration logic.
+
+The "run-devstack" role is available to run devstack with no
+orchestration.
+
+This role sets up the controller and CA first, it then pushes CA
+data to sub-nodes and run devstack there. The only requirement for
+this role is for the controller inventory_hostname to be "controller"
+and for all sub-nodes to be defined in a group called "subnode".
+
+This role needs to be invoked from a playbook that uses a "linear" strategy.
+
+**Role Variables**
+
+.. zuul:rolevar:: devstack_base_dir
+ :default: /opt/stack
+
+ The devstack base directory.
diff --git a/roles/orchestrate-devstack/defaults/main.yaml b/roles/orchestrate-devstack/defaults/main.yaml
new file mode 100644
index 0000000..fea05c8
--- /dev/null
+++ b/roles/orchestrate-devstack/defaults/main.yaml
@@ -0,0 +1 @@
+devstack_base_dir: /opt/stack
diff --git a/roles/orchestrate-devstack/tasks/main.yaml b/roles/orchestrate-devstack/tasks/main.yaml
new file mode 100644
index 0000000..12db58c
--- /dev/null
+++ b/roles/orchestrate-devstack/tasks/main.yaml
@@ -0,0 +1,38 @@
+- name: Run devstack on the controller
+ include_role:
+ name: run-devstack
+ when: inventory_hostname == 'controller'
+
+- name: Setup devstack on sub-nodes
+ block:
+
+ - name: Sync CA data to subnodes (when any)
+ # Only do this if the tls-proxy service is defined and enabled
+ include_role:
+ name: sync-devstack-data
+ when: devstack_services['tls-proxy']|default(false)
+
+ - name: Run devstack on the sub-nodes
+ include_role:
+ name: run-devstack
+ when: inventory_hostname in groups['subnode']
+
+ - name: Discover hosts
+ # Discovers compute nodes (subnodes) and maps them to cells. Only run
+ # on the controller node.
+ # NOTE(mriedem): We want to remove this if/when nova supports
+ # auto-registration of computes with cells, but that's not happening in
+ # Ocata.
+ # NOTE(andreaf) This is taken (NOTE included) from the discover_hosts
+ # function in devstack gate. Since this is now in devstack, which is
+ # branched, we know that the discover_hosts tool exists.
+ become: true
+ become_user: stack
+ shell: ./tools/discover_hosts.sh
+ args:
+ chdir: "{{ devstack_base_dir }}/devstack"
+ when: inventory_hostname == 'controller'
+
+ when:
+ - '"controller" in hostvars'
+ - '"subnode" in groups'
diff --git a/roles/run-devstack/tasks/main.yaml b/roles/run-devstack/tasks/main.yaml
index 1ff8295..f58b31d 100644
--- a/roles/run-devstack/tasks/main.yaml
+++ b/roles/run-devstack/tasks/main.yaml
@@ -2,7 +2,9 @@
shell:
cmd: |
./stack.sh 2>&1
+ rc=$?
echo "*** FINISHED ***"
+ exit $rc
args:
chdir: "{{devstack_base_dir}}/devstack"
become: true
diff --git a/roles/sync-devstack-data/README.rst b/roles/sync-devstack-data/README.rst
new file mode 100644
index 0000000..500e8cc
--- /dev/null
+++ b/roles/sync-devstack-data/README.rst
@@ -0,0 +1,12 @@
+Sync devstack data for multinode configurations
+
+Sync any data files which include certificates to be used if TLS is enabled.
+This role must be executed on the controller and it pushes data to all
+subnodes.
+
+**Role Variables**
+
+.. zuul:rolevar:: devstack_base_dir
+ :default: /opt/stack
+
+ The devstack base directory.
diff --git a/roles/sync-devstack-data/defaults/main.yaml b/roles/sync-devstack-data/defaults/main.yaml
new file mode 100644
index 0000000..fea05c8
--- /dev/null
+++ b/roles/sync-devstack-data/defaults/main.yaml
@@ -0,0 +1 @@
+devstack_base_dir: /opt/stack
diff --git a/roles/sync-devstack-data/tasks/main.yaml b/roles/sync-devstack-data/tasks/main.yaml
new file mode 100644
index 0000000..4600015
--- /dev/null
+++ b/roles/sync-devstack-data/tasks/main.yaml
@@ -0,0 +1,48 @@
+- name: Ensure the data folder exists
+ become: true
+ file:
+ path: "{{ devstack_base_dir }}/data"
+ state: directory
+ owner: stack
+ group: stack
+ mode: 0755
+ when: 'inventory_hostname in groups["subnode"]|default([])'
+
+- name: Ensure the CA folder exists
+ become: true
+ file:
+ path: "{{ devstack_base_dir }}/data/CA"
+ state: directory
+ owner: stack
+ group: stack
+ mode: 0755
+ when: 'inventory_hostname in groups["subnode"]|default([])'
+
+- name: Pull the CA certificate and folder
+ become: true
+ synchronize:
+ src: "{{ item }}"
+ dest: "{{ zuul.executor.work_root }}/{{ item | basename }}"
+ mode: pull
+ with_items:
+ - "{{ devstack_base_dir }}/data/ca-bundle.pem"
+ - "{{ devstack_base_dir }}/data/CA"
+ when: inventory_hostname == 'controller'
+
+- name: Push the CA certificate
+ become: true
+ become_user: stack
+ synchronize:
+ src: "{{ zuul.executor.work_root }}/ca-bundle.pem"
+ dest: "{{ devstack_base_dir }}/data/ca-bundle.pem"
+ mode: push
+ when: 'inventory_hostname in groups["subnode"]|default([])'
+
+- name: Push the CA folder
+ become: true
+ become_user: stack
+ synchronize:
+ src: "{{ zuul.executor.work_root }}/CA/"
+ dest: "{{ devstack_base_dir }}/data/"
+ mode: push
+ when: 'inventory_hostname in groups["subnode"]|default([])'
diff --git a/stack.sh b/stack.sh
index 554591d..badc1a1 100755
--- a/stack.sh
+++ b/stack.sh
@@ -32,7 +32,7 @@
# Devstack is written in bash, and many functions used throughout
# devstack process text coming off a command (like the ip command)
# and do transforms using grep, sed, cut, awk on the strings that are
-# returned. Many of these programs are interationalized, which is
+# returned. Many of these programs are internationalized, which is
# great for end users, but means that the strings that devstack
# functions depend upon might not be there in other locales. We thus
# need to pin the world to an english basis during the runs.
@@ -221,7 +221,7 @@
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (xenial|zesty|artful|stretch|jessie|f25|f26|f27|opensuse-42.2|opensuse-42.3|rhel7) ]]; then
+if [[ ! ${DISTRO} =~ (xenial|zesty|artful|stretch|jessie|f25|f26|f27|opensuse-42.3|opensuse-tumbleweed|rhel7) ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
if [[ "$FORCE" != "yes" ]]; then
die $LINENO "If you wish to run this script anyway run with FORCE=yes"
@@ -368,7 +368,7 @@
# Certain services such as rabbitmq require that the local hostname resolves
# correctly. Make sure it exists in /etc/hosts so that is always true.
LOCAL_HOSTNAME=`hostname -s`
-if [ -z "`grep ^127.0.0.1 /etc/hosts | grep $LOCAL_HOSTNAME`" ]; then
+if ! fgrep -qwe "$LOCAL_HOSTNAME" /etc/hosts; then
sudo sed -i "s/\(^127.0.0.1.*\)/\1 $LOCAL_HOSTNAME/" /etc/hosts
fi
@@ -778,6 +778,7 @@
# Do the ugly hacks for broken packages and distros
source $TOP_DIR/tools/fixup_stuff.sh
+fixup_all
if [[ "$USE_SYSTEMD" == "True" ]]; then
pip_install_gr systemd-python
@@ -1259,16 +1260,17 @@
done
fi
-# Create a randomized default value for the key manager's fixed_key
-# NOTE(lyarwood): This is currently set to 36 as a workaround to the following
-# libvirt bug that incorrectly pads passphrases that are a multiple of 16 bytes
-# in length.
-# Unable to use LUKS passphrase that is exactly 16 bytes long
-# https://bugzilla.redhat.com/show_bug.cgi?id=1447297
+# NOTE(lyarwood): By default use a single hardcoded fixed_key across devstack
+# deployments. This ensures the keys match across nova and cinder across all
+# hosts.
+FIXED_KEY=${FIXED_KEY:-bae3516cc1c0eb18b05440eba8012a4a880a2ee04d584a9c1579445e675b12defdc716ec}
if is_service_enabled nova; then
- key=$(generate_hex_string 36)
- iniset $NOVA_CONF key_manager fixed_key "$key"
- iniset $NOVA_CPU_CONF key_manager fixed_key "$key"
+ iniset $NOVA_CONF key_manager fixed_key "$FIXED_KEY"
+ iniset $NOVA_CPU_CONF key_manager fixed_key "$FIXED_KEY"
+fi
+
+if is_service_enabled cinder; then
+ iniset $CINDER_CONF key_manager fixed_key "$FIXED_KEY"
fi
# Launch the nova-api and wait for it to answer before continuing
diff --git a/stackrc b/stackrc
index 4f627cc..e8c35f4 100644
--- a/stackrc
+++ b/stackrc
@@ -766,6 +766,8 @@
else
exit_distro_not_supported "invalid hardware type - $ETCD_ARCH"
fi
+ETCD_PORT=${ETCD_PORT:-2379}
+ETCD_PEER_PORT=${ETCD_PEER_PORT:-2380}
ETCD_DOWNLOAD_URL=${ETCD_DOWNLOAD_URL:-https://github.com/coreos/etcd/releases/download}
ETCD_NAME=etcd-$ETCD_VERSION-linux-$ETCD_ARCH
ETCD_DOWNLOAD_FILE=$ETCD_NAME.tar.gz
@@ -947,7 +949,6 @@
fi
# ``LOGDIR`` is always set at this point so it is not useful as a 'enable' for service logs
-# ``SCREEN_LOGDIR`` may be set, it is useful to enable the compat symlinks
# System-wide ulimit file descriptors override
ULIMIT_NOFILE=${ULIMIT_NOFILE:-2048}
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index f78f05f..90b2c8b 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -45,27 +45,29 @@
# where Keystone will try and bind to the port and the port will already be
# in use as an ephemeral port by another process. This places an explicit
# exception into the Kernel for the Keystone AUTH ports.
-keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
+function fixup_keystone {
+ keystone_ports=${KEYSTONE_AUTH_PORT:-35357},${KEYSTONE_AUTH_PORT_INT:-35358}
-# Only do the reserved ports when available, on some system (like containers)
-# where it's not exposed we are almost pretty sure these ports would be
-# exclusive for our DevStack.
-if sysctl net.ipv4.ip_local_reserved_ports >/dev/null 2>&1; then
- # Get any currently reserved ports, strip off leading whitespace
- reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
+ # Only do the reserved ports when available, on some system (like containers)
+ # where it's not exposed we are almost pretty sure these ports would be
+ # exclusive for our DevStack.
+ if sysctl net.ipv4.ip_local_reserved_ports >/dev/null 2>&1; then
+ # Get any currently reserved ports, strip off leading whitespace
+ reserved_ports=$(sysctl net.ipv4.ip_local_reserved_ports | awk -F'=' '{print $2;}' | sed 's/^ //')
- if [[ -z "${reserved_ports}" ]]; then
- # If there are no currently reserved ports, reserve the keystone ports
- sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
+ if [[ -z "${reserved_ports}" ]]; then
+ # If there are no currently reserved ports, reserve the keystone ports
+ sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports}
+ else
+ # If there are currently reserved ports, keep those and also reserve the
+ # Keystone specific ports. Duplicate reservations are merged into a single
+ # reservation (or range) automatically by the kernel.
+ sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
+ fi
else
- # If there are currently reserved ports, keep those and also reserve the
- # Keystone specific ports. Duplicate reservations are merged into a single
- # reservation (or range) automatically by the kernel.
- sudo sysctl -w net.ipv4.ip_local_reserved_ports=${keystone_ports},${reserved_ports}
+ echo_summary "WARNING: unable to reserve keystone ports"
fi
-else
- echo_summary "WARNING: unable to reserve keystone ports"
-fi
+}
# Ubuntu Cloud Archive
#---------------------
@@ -79,8 +81,12 @@
# ENABLE_VOLUME_MULTIATTACH is True, we can't use the Pike UCA
# because multiattach won't work with those package versions.
# We can remove this check when the UCA has libvirt>=3.10.
-if [[ "${ENABLE_UBUNTU_CLOUD_ARCHIVE}" == "True" && "$DISTRO" = "xenial" && \
- "${ENABLE_VOLUME_MULTIATTACH}" == "False" ]]; then
+function fixup_uca {
+ if [[ "${ENABLE_UBUNTU_CLOUD_ARCHIVE}" == "False" || "$DISTRO" != "xenial" || \
+ "${ENABLE_VOLUME_MULTIATTACH}" == "True" ]]; then
+ return
+ fi
+
# This pulls in apt-add-repository
install_package "software-properties-common"
# Use UCA for newer libvirt. Should give us libvirt 2.5.0.
@@ -104,8 +110,7 @@
# Force update our APT repos, since we added UCA above.
REPOS_UPDATED=False
apt_get_update
-fi
-
+}
# Python Packages
# ---------------
@@ -120,27 +125,32 @@
# Pre-install affected packages so we can fix the permissions
# These can go away once we are confident that pip 1.4.1+ is available everywhere
-# Fix prettytable 0.7.2 permissions
-# Don't specify --upgrade so we use the existing package if present
-pip_install 'prettytable>=0.7'
-PACKAGE_DIR=$(get_package_path prettytable)
-# Only fix version 0.7.2
-dir=$(echo $PACKAGE_DIR/prettytable-0.7.2*)
-if [[ -d $dir ]]; then
- sudo chmod +r $dir/*
-fi
+function fixup_python_packages {
+ # Fix prettytable 0.7.2 permissions
+ # Don't specify --upgrade so we use the existing package if present
+ pip_install 'prettytable>=0.7'
+ PACKAGE_DIR=$(get_package_path prettytable)
+ # Only fix version 0.7.2
+ dir=$(echo $PACKAGE_DIR/prettytable-0.7.2*)
+ if [[ -d $dir ]]; then
+ sudo chmod +r $dir/*
+ fi
-# Fix httplib2 0.8 permissions
-# Don't specify --upgrade so we use the existing package if present
-pip_install httplib2
-PACKAGE_DIR=$(get_package_path httplib2)
-# Only fix version 0.8
-dir=$(echo $PACKAGE_DIR-0.8*)
-if [[ -d $dir ]]; then
- sudo chmod +r $dir/*
-fi
+ # Fix httplib2 0.8 permissions
+ # Don't specify --upgrade so we use the existing package if present
+ pip_install httplib2
+ PACKAGE_DIR=$(get_package_path httplib2)
+ # Only fix version 0.8
+ dir=$(echo $PACKAGE_DIR-0.8*)
+ if [[ -d $dir ]]; then
+ sudo chmod +r $dir/*
+ fi
+}
-if is_fedora; then
+function fixup_fedora {
+ if ! is_fedora; then
+ return
+ fi
# Disable selinux to avoid configuring to allow Apache access
# to Horizon files (LP#1175444)
if selinuxenabled; then
@@ -198,7 +208,7 @@
pip_install --upgrade --force-reinstall requests
fi
fi
-fi
+}
# The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has
# connection issues under proxy so re-install the latest version using
@@ -222,7 +232,17 @@
# install.d/pip-and-virtualenv-source-install/04-install-pip
# [2] https://bugzilla.redhat.com/show_bug.cgi?id=1477823
-if [[ ! -f /etc/ci/mirror_info.sh ]]; then
- install_package python-virtualenv
- pip_install -U --force-reinstall virtualenv
-fi
+function fixup_virtualenv {
+ if [[ ! -f /etc/ci/mirror_info.sh ]]; then
+ install_package python-virtualenv
+ pip_install -U --force-reinstall virtualenv
+ fi
+}
+
+function fixup_all {
+ fixup_keystone
+ fixup_uca
+ fixup_python_packages
+ fixup_fedora
+ fixup_virtualenv
+}
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index dbe5278..1bd7392 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -129,10 +129,10 @@
# Eradicate any and all system packages
-# Python in fedora depends on the python-pip package so removing it
+# Python in fedora/suse depends on the python-pip package so removing it
# results in a nonfunctional system. pip on fedora installs to /usr so pip
# can safely override the system pip for all versions of fedora
-if ! is_fedora ; then
+if ! is_fedora && ! is_suse; then
uninstall_package python-pip
uninstall_package python3-pip
fi