Merge "Restrict enabling the manage_volume volume feature"
diff --git a/SYSTEMD.rst b/SYSTEMD.rst
new file mode 100644
index 0000000..b6ed193
--- /dev/null
+++ b/SYSTEMD.rst
@@ -0,0 +1,177 @@
+===========================
+ Using Systemd in DevStack
+===========================
+
+.. note::
+
+ This is an in progress document as we work out the way forward here
+ with DevStack and systemd.
+
+DevStack can be run with all the services as systemd unit
+files. Systemd is now the default init system for nearly every Linux
+distro, and systemd encodes and solves many of the problems related to
+poorly running processes.
+
+Why this instead of screen?
+===========================
+
+The screen model for DevStack was invented when the number of services
+that a DevStack user was going to run was typically < 10. This made
+screen hot keys to jump around very easy. However, the landscape has
+changed (not all services are stoppable in screen as some are under
+Apache, there are typically at least 20 items)
+
+There is also a common developer workflow of changing code in more
+than one service, and needing to restart a bunch of services for that
+to take effect.
+
+To enable this add the following to your local.conf::
+
+ USE_SYSTEMD=True
+
+
+
+Unit Structure
+==============
+
+.. note::
+
+ Originally we actually wanted to do this as user units, however
+ there are issues with running this under non interactive
+ shells. For now, we'll be running as system units. Some user unit
+ code is left in place in case we can switch back later.
+
+All DevStack user units are created as a part of the DevStack slice
+given the name ``devstack@$servicename.service``. This lets us do
+certain operations at the slice level.
+
+Manipulating Units
+==================
+
+Assuming the unit ``n-cpu`` to make the examples more clear.
+
+Enable a unit (allows it to be started)::
+
+ sudo systemctl enable devstack@n-cpu.service
+
+Disable a unit::
+
+ sudo systemctl disable devstack@n-cpu.service
+
+Start a unit::
+
+ sudo systemctl start devstack@n-cpu.service
+
+Stop a unit::
+
+ sudo systemctl stop devstack@n-cpu.service
+
+Restart a unit::
+
+ sudo systemctl restart devstack@n-cpu.service
+
+See status of a unit::
+
+ sudo systemctl status devstack@n-cpu.service
+
+
+Querying Logs
+=============
+
+One of the other major things that comes with systemd is journald, a
+consolidated way to access logs (including querying through structured
+metadata). This is accessed by the user via ``journalctl`` command.
+
+
+Logs can be accessed through ``journalctl``. journalctl has powerful
+query facilities. We'll start with some common options.
+
+Follow logs for a specific service::
+
+ journalctl -f --unit devstack@n-cpu.service
+
+Following logs for multiple services simultaneously::
+
+ journalctl -f --unit devstack@n-cpu.service --user-unit
+ devstack@n-cond.service
+
+Use higher precision time stamps::
+
+ journalctl -f -o short-precise --unit devstack@n-cpu.service
+
+
+Known Issues
+============
+
+Be careful about systemd python libraries. There are 3 of them on
+pypi, and they are all very different. They unfortunately all install
+into the ``systemd`` namespace, which can cause some issues.
+
+- ``systemd-python`` - this is the upstream maintained library, it has
+ a version number like systemd itself (currently ``233``). This is
+ the one you want.
+- ``systemd`` - a python 3 only library, not what you want.
+- ``python-systemd`` - another library you don't want. Installing it
+ on a system will break ansible's ability to run.
+
+
+If we were using user units, the ``[Service]`` - ``Group=`` parameter
+doesn't seem to work with user units, even though the documentation
+says that it should. This means that we will need to do an explicit
+``/usr/bin/sg``. This has the downside of making the SYSLOG_IDENTIFIER
+be ``sg``. We can explicitly set that with ``SyslogIdentifier=``, but
+it's really unfortunate that we're going to need this work
+around. This is currently not a problem because we're only using
+system units.
+
+Future Work
+===========
+
+oslo.log journald
+-----------------
+
+Journald has an extremely rich mechanism for direct logging including
+structured metadata. We should enhance oslo.log to take advantage of
+that. It would let us do things like::
+
+ journalctl REQUEST_ID=......
+
+ journalctl INSTANCE_ID=......
+
+And get all lines related to the request id or instance id.
+
+sub targets/slices
+------------------
+
+We might want to create per project slices so that it's easy to
+follow, restart all services of a single project (like swift) without
+impacting other services.
+
+log colorizing
+--------------
+
+We lose log colorization through this process. We might want to build
+a custom colorizer that we could run journalctl output through
+optionally for people.
+
+user units
+----------
+
+It would be great if we could do services as user units, so that there
+is a clear separation of code being run as not root, to ensure running
+as root never accidentally gets baked in as an assumption to
+services. However, user units interact poorly with devstack-gate and
+the way that commands are run as users with ansible and su.
+
+Maybe someday we can figure that out.
+
+References
+==========
+
+- Arch Linux Wiki - https://wiki.archlinux.org/index.php/Systemd/User
+- Python interface to journald -
+ https://www.freedesktop.org/software/systemd/python-systemd/journal.html
+- Systemd documentation on service files -
+ https://www.freedesktop.org/software/systemd/man/systemd.service.html
+- Systemd documentation on exec (can be used to impact service runs) -
+ https://www.freedesktop.org/software/systemd/man/systemd.exec.html
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index 7793d8e..f03304f 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -130,8 +130,8 @@
DevStack master tracks the upstream master of all the projects. If you
would like to run a stable branch of OpenStack, you should use the
corresponding stable branch of DevStack as well. For instance the
-``stable/kilo`` version of DevStack will already default to all the
-projects running at ``stable/kilo`` levels.
+``stable/ocata`` version of DevStack will already default to all the
+projects running at ``stable/ocata`` levels.
Note: it's also possible to manually adjust the ``*_BRANCH`` variables
further if you would like to test specific milestones, or even custom
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index dfc9936..484ebba 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -73,8 +73,7 @@
::
- groupadd stack
- useradd -g stack -s /bin/bash -d /opt/stack -m stack
+ useradd -s /bin/bash -d /opt/stack -m stack
This user will be making many changes to your system during installation
and operation so it needs to have sudo privileges to root without a
@@ -176,7 +175,7 @@
MYSQL_HOST=$SERVICE_HOST
RABBIT_HOST=$SERVICE_HOST
GLANCE_HOSTPORT=$SERVICE_HOST:9292
- ENABLED_SERVICES=n-cpu,n-net,n-api-meta,c-vol
+ ENABLED_SERVICES=n-cpu,q-agt,n-api-meta,c-vol
NOVA_VNC_ENABLED=True
NOVNCPROXY_URL="http://$SERVICE_HOST:6080/vnc_auto.html"
VNCSERVER_LISTEN=$HOST_IP
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 011c41f..48a4fa8 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -47,7 +47,7 @@
::
- adduser stack
+ useradd -s /bin/bash -d /opt/stack -m stack
Since this user will be making many changes to your system, it will need
to have sudo privileges:
diff --git a/doc/source/index.rst b/doc/source/index.rst
index edd6595..c3bac9d 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -39,7 +39,7 @@
-------------
Start with a clean and minimal install of a Linux system. Devstack
-attempts to support Ubuntu 14.04/16.04, Fedora 23/24, CentOS/RHEL 7,
+attempts to support Ubuntu 16.04/17.04, Fedora 24/25, CentOS/RHEL 7,
as well as Debian and OpenSUSE.
If you do not have a preference, Ubuntu 16.04 is the most tested, and
@@ -56,7 +56,7 @@
::
- $ sudo adduser stack
+ $ sudo useradd -s /bin/bash -d /opt/stack -m stack
Since this user will be making many changes to your system, it should
have sudo privileges:
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 17da67b..cc55c0b 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -108,7 +108,6 @@
networking-mlnx `git://git.openstack.org/openstack/networking-mlnx <https://git.openstack.org/cgit/openstack/networking-mlnx>`__
networking-nec `git://git.openstack.org/openstack/networking-nec <https://git.openstack.org/cgit/openstack/networking-nec>`__
networking-odl `git://git.openstack.org/openstack/networking-odl <https://git.openstack.org/cgit/openstack/networking-odl>`__
-networking-ofagent `git://git.openstack.org/openstack/networking-ofagent <https://git.openstack.org/cgit/openstack/networking-ofagent>`__
networking-onos `git://git.openstack.org/openstack/networking-onos <https://git.openstack.org/cgit/openstack/networking-onos>`__
networking-ovn `git://git.openstack.org/openstack/networking-ovn <https://git.openstack.org/cgit/openstack/networking-ovn>`__
networking-ovs-dpdk `git://git.openstack.org/openstack/networking-ovs-dpdk <https://git.openstack.org/cgit/openstack/networking-ovs-dpdk>`__
@@ -129,6 +128,7 @@
nova-powervm `git://git.openstack.org/openstack/nova-powervm <https://git.openstack.org/cgit/openstack/nova-powervm>`__
oaktree `git://git.openstack.org/openstack/oaktree <https://git.openstack.org/cgit/openstack/oaktree>`__
octavia `git://git.openstack.org/openstack/octavia <https://git.openstack.org/cgit/openstack/octavia>`__
+octavia-dashboard `git://git.openstack.org/openstack/octavia-dashboard <https://git.openstack.org/cgit/openstack/octavia-dashboard>`__
os-xenapi `git://git.openstack.org/openstack/os-xenapi <https://git.openstack.org/cgit/openstack/os-xenapi>`__
osprofiler `git://git.openstack.org/openstack/osprofiler <https://git.openstack.org/cgit/openstack/osprofiler>`__
panko `git://git.openstack.org/openstack/panko <https://git.openstack.org/cgit/openstack/panko>`__
@@ -150,6 +150,7 @@
vitrage `git://git.openstack.org/openstack/vitrage <https://git.openstack.org/cgit/openstack/vitrage>`__
vitrage-dashboard `git://git.openstack.org/openstack/vitrage-dashboard <https://git.openstack.org/cgit/openstack/vitrage-dashboard>`__
vmware-nsx `git://git.openstack.org/openstack/vmware-nsx <https://git.openstack.org/cgit/openstack/vmware-nsx>`__
+vmware-vspc `git://git.openstack.org/openstack/vmware-vspc <https://git.openstack.org/cgit/openstack/vmware-vspc>`__
watcher `git://git.openstack.org/openstack/watcher <https://git.openstack.org/cgit/openstack/watcher>`__
watcher-dashboard `git://git.openstack.org/openstack/watcher-dashboard <https://git.openstack.org/cgit/openstack/watcher-dashboard>`__
zaqar `git://git.openstack.org/openstack/zaqar <https://git.openstack.org/cgit/openstack/zaqar>`__
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 84dc273..1284360 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -7,7 +7,7 @@
</Directory>
<VirtualHost *:%PUBLICPORT%>
- WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+ WSGIDaemonProcess keystone-public processes=3 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup keystone-public
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
@@ -21,7 +21,7 @@
</VirtualHost>
<VirtualHost *:%ADMINPORT%>
- WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+ WSGIDaemonProcess keystone-admin processes=3 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup keystone-admin
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
diff --git a/files/debs/neutron b/files/debs/neutron
index 2307fa5..e30f678 100644
--- a/files/debs/neutron
+++ b/files/debs/neutron
@@ -2,6 +2,7 @@
dnsmasq-base
dnsmasq-utils # for dhcp_release only available in dist:precise
ebtables
+haproxy # to serve as metadata proxy inside router/dhcp namespaces
iptables
iputils-arping
iputils-ping
diff --git a/files/debs/q-agt b/files/debs/neutron-agent
similarity index 100%
rename from files/debs/q-agt
rename to files/debs/neutron-agent
diff --git a/files/debs/q-l3 b/files/debs/neutron-l3
similarity index 100%
rename from files/debs/q-l3
rename to files/debs/neutron-l3
diff --git a/files/debs/q-agt b/files/debs/q-agt
new file mode 120000
index 0000000..99fe353
--- /dev/null
+++ b/files/debs/q-agt
@@ -0,0 +1 @@
+neutron-agent
\ No newline at end of file
diff --git a/files/debs/q-l3 b/files/debs/q-l3
new file mode 120000
index 0000000..0a5ca2a
--- /dev/null
+++ b/files/debs/q-l3
@@ -0,0 +1 @@
+neutron-l3
\ No newline at end of file
diff --git a/files/rpms-suse/neutron b/files/rpms-suse/neutron
index e9abc6e..d1cc73f 100644
--- a/files/rpms-suse/neutron
+++ b/files/rpms-suse/neutron
@@ -2,6 +2,7 @@
dnsmasq
dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
ebtables
+haproxy # to serve as metadata proxy inside router/dhcp namespaces
iptables
iputils
mariadb # NOPRIME
diff --git a/files/rpms-suse/q-agt b/files/rpms-suse/neutron-agent
similarity index 100%
rename from files/rpms-suse/q-agt
rename to files/rpms-suse/neutron-agent
diff --git a/files/rpms-suse/q-l3 b/files/rpms-suse/neutron-l3
similarity index 100%
rename from files/rpms-suse/q-l3
rename to files/rpms-suse/neutron-l3
diff --git a/files/rpms-suse/q-agt b/files/rpms-suse/q-agt
new file mode 120000
index 0000000..99fe353
--- /dev/null
+++ b/files/rpms-suse/q-agt
@@ -0,0 +1 @@
+neutron-agent
\ No newline at end of file
diff --git a/files/rpms-suse/q-l3 b/files/rpms-suse/q-l3
new file mode 120000
index 0000000..0a5ca2a
--- /dev/null
+++ b/files/rpms-suse/q-l3
@@ -0,0 +1 @@
+neutron-l3
\ No newline at end of file
diff --git a/files/rpms/neutron b/files/rpms/neutron
index 2e49a0c..a4e029a 100644
--- a/files/rpms/neutron
+++ b/files/rpms/neutron
@@ -2,6 +2,7 @@
dnsmasq # for q-dhcp
dnsmasq-utils # for dhcp_release
ebtables
+haproxy # to serve as metadata proxy inside router/dhcp namespaces
iptables
iputils
mysql-devel
diff --git a/files/rpms/q-agt b/files/rpms/neutron-agent
similarity index 100%
rename from files/rpms/q-agt
rename to files/rpms/neutron-agent
diff --git a/files/rpms/q-l3 b/files/rpms/neutron-l3
similarity index 100%
rename from files/rpms/q-l3
rename to files/rpms/neutron-l3
diff --git a/files/rpms/q-agt b/files/rpms/q-agt
new file mode 120000
index 0000000..99fe353
--- /dev/null
+++ b/files/rpms/q-agt
@@ -0,0 +1 @@
+neutron-agent
\ No newline at end of file
diff --git a/files/rpms/q-l3 b/files/rpms/q-l3
new file mode 120000
index 0000000..0a5ca2a
--- /dev/null
+++ b/files/rpms/q-l3
@@ -0,0 +1 @@
+neutron-l3
\ No newline at end of file
diff --git a/functions b/functions
index f262fbc..f6679fd 100644
--- a/functions
+++ b/functions
@@ -12,7 +12,7 @@
# ensure we don't re-source this in the same environment
[[ -z "$_DEVSTACK_FUNCTIONS" ]] || return 0
-declare -r _DEVSTACK_FUNCTIONS=1
+declare -r -g _DEVSTACK_FUNCTIONS=1
# Include the common functions
FUNC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
@@ -575,7 +575,9 @@
function setup_logging {
local conf_file=$1
local other_cond=${2:-"False"}
- if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$other_cond" == "False" ]; then
+ if [[ "$USE_SYSTEMD" == "True" ]]; then
+ setup_systemd_logging $conf_file
+ elif [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$other_cond" == "False" ]; then
setup_colorized_logging $conf_file
else
setup_standard_logging_identity $conf_file
@@ -601,6 +603,17 @@
iniset $conf_file $conf_section logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s �[01;35m%(instance)s�[00m"
}
+function setup_systemd_logging {
+ local conf_file=$1
+ local conf_section="DEFAULT"
+ local project_var="project_name"
+ local user_var="user_name"
+ iniset $conf_file $conf_section logging_context_format_string "%(levelname)s %(name)s [%(request_id)s %("$project_var")s %("$user_var")s] %(instance)s%(message)s"
+ iniset $conf_file $conf_section logging_default_format_string "%(levelname)s %(name)s [-] %(instance)s%(color)s%(message)s"
+ iniset $conf_file $conf_section logging_debug_format_suffix "from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d"
+ iniset $conf_file $conf_section logging_exception_prefix "ERROR %(name)s %(instance)s"
+}
+
function setup_standard_logging_identity {
local conf_file=$1
iniset $conf_file DEFAULT logging_user_identity_format "%(project_name)s %(user_name)s"
@@ -666,11 +679,7 @@
# running_in_container - Returns true otherwise false
function running_in_container {
- if grep -q lxc /proc/1/cgroup; then
- return 0
- fi
-
- return 1
+ [[ $(systemd-detect-virt --container) != 'none' ]]
}
diff --git a/functions-common b/functions-common
index 7e9e200..ec68644 100644
--- a/functions-common
+++ b/functions-common
@@ -37,12 +37,12 @@
# ensure we don't re-source this in the same environment
[[ -z "$_DEVSTACK_FUNCTIONS_COMMON" ]] || return 0
-declare -r _DEVSTACK_FUNCTIONS_COMMON=1
+declare -r -g _DEVSTACK_FUNCTIONS_COMMON=1
# Global Config Variables
-declare -A GITREPO
-declare -A GITBRANCH
-declare -A GITDIR
+declare -A -g GITREPO
+declare -A -g GITBRANCH
+declare -A -g GITDIR
TRACK_DEPENDS=${TRACK_DEPENDS:-False}
@@ -306,7 +306,7 @@
# ``os_PACKAGE`` - package type: ``deb`` or ``rpm``
# ``os_CODENAME`` - vendor's codename for release: ``xenial``
-declare os_VENDOR os_RELEASE os_PACKAGE os_CODENAME
+declare -g os_VENDOR os_RELEASE os_PACKAGE os_CODENAME
# Make a *best effort* attempt to install lsb_release packages for the
# user if not available. Note can't use generic install_package*
@@ -361,7 +361,7 @@
# Translate the OS version values into common nomenclature
# Sets global ``DISTRO`` from the ``os_*`` values
-declare DISTRO
+declare -g DISTRO
function GetDistro {
GetOSVersion
@@ -1443,6 +1443,59 @@
exit 0
}
+function write_user_unit_file {
+ local service=$1
+ local command="$2"
+ local group=$3
+ local user=$4
+ local extra=""
+ if [[ -n "$group" ]]; then
+ extra="Group=$group"
+ fi
+ local unitfile="$SYSTEMD_DIR/$service"
+ mkdir -p $SYSTEMD_DIR
+
+ iniset -sudo $unitfile "Unit" "Description" "Devstack $service"
+ iniset -sudo $unitfile "Service" "User" "$user"
+ iniset -sudo $unitfile "Service" "ExecStart" "$command"
+ if [[ -n "$group" ]]; then
+ iniset -sudo $unitfile "Service" "Group" "$group"
+ fi
+ iniset -sudo $unitfile "Install" "WantedBy" "multi-user.target"
+
+ # changes to existing units sometimes need a refresh
+ $SYSTEMCTL daemon-reload
+}
+
+function _run_under_systemd {
+ local service=$1
+ local command="$2"
+ local cmd=$command
+ local systemd_service="devstack@$service.service"
+ local group=$3
+ local user=${4:-$STACK_USER}
+ write_user_unit_file $systemd_service "$cmd" "$group" "$user"
+
+ $SYSTEMCTL enable $systemd_service
+ $SYSTEMCTL start $systemd_service
+ _journal_log $service $systemd_service
+}
+
+function _journal_log {
+ local service=$1
+ local unit=$2
+ local logfile="${service}.log.${CURRENT_LOG_TIME}"
+ local real_logfile="${LOGDIR}/${logfile}"
+ if [[ -n ${LOGDIR} ]]; then
+ $JOURNALCTL_F $2 > "$real_logfile" &
+ bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${service}.log"
+ if [[ -n ${SCREEN_LOGDIR} ]]; then
+ # Drop the backward-compat symlink
+ ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log
+ fi
+ fi
+}
+
# Helper to remove the ``*.failure`` files under ``$SERVICE_DIR/$SCREEN_NAME``.
# This is used for ``service_check`` when all the ``screen_it`` are called finished
# Uses globals ``SCREEN_NAME``, ``SERVICE_DIR``
@@ -1478,16 +1531,24 @@
local service=$1
local command="$2"
local group=$3
- local subservice=$4
+ local user=$4
- local name=${subservice:-$service}
+ local name=$service
time_start "run_process"
if is_service_enabled $service; then
- if [[ "$USE_SCREEN" = "True" ]]; then
+ if [[ "$USE_SYSTEMD" = "True" ]]; then
+ _run_under_systemd "$name" "$command" "$group" "$user"
+ elif [[ "$USE_SCREEN" = "True" ]]; then
+ if [[ "$user" == "root" ]]; then
+ command="sudo $command"
+ fi
screen_process "$name" "$command" "$group"
else
# Spawn directly without screen
+ if [[ "$user" == "root" ]]; then
+ command="sudo $command"
+ fi
_run_process "$name" "$command" "$group" &
fi
fi
@@ -1618,6 +1679,14 @@
if is_service_enabled $service; then
# Kill via pid if we have one available
+ if [[ "$USE_SYSTEMD" == "True" ]]; then
+ # Only do this for units which appear enabled, this also
+ # catches units that don't really exist for cases like
+ # keystone without a failure.
+ $SYSTEMCTL stop devstack@$service.service
+ $SYSTEMCTL disable devstack@$service.service
+ fi
+
if [[ -r $SERVICE_DIR/$SCREEN_NAME/$service.pid ]]; then
pkill -g $(cat $SERVICE_DIR/$SCREEN_NAME/$service.pid)
# oslo.service tends to stop actually shutting down
@@ -2376,9 +2445,9 @@
# Resolution is only in whole seconds, so should be used for long
# running activities.
-declare -A _TIME_TOTAL
-declare -A _TIME_START
-declare -r _TIME_BEGIN=$(date +%s)
+declare -A -g _TIME_TOTAL
+declare -A -g _TIME_START
+declare -r -g _TIME_BEGIN=$(date +%s)
# time_start $name
#
diff --git a/inc/python b/inc/python
index 2bdc097..2443c4d 100644
--- a/inc/python
+++ b/inc/python
@@ -19,7 +19,7 @@
# PROJECT_VENV contains the name of the virtual environment for each
# project. A null value installs to the system Python directories.
-declare -A PROJECT_VENV
+declare -A -g PROJECT_VENV
# Python Functions
@@ -553,6 +553,8 @@
function install_python3 {
if is_ubuntu; then
apt_get install python${PYTHON3_VERSION} python${PYTHON3_VERSION}-dev
+ elif is_suse; then
+ install_package python3-devel python3-dbm
fi
}
diff --git a/lib/dstat b/lib/dstat
index b705948..982b703 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -21,16 +21,22 @@
# A better kind of sysstat, with the top process per time slice
run_process dstat "$TOP_DIR/tools/dstat.sh $LOGDIR"
- # To enable peakmem_tracker add:
- # enable_service peakmem_tracker
+ # To enable memory_tracker add:
+ # enable_service memory_tracker
# to your localrc
- run_process peakmem_tracker "$TOP_DIR/tools/peakmem_tracker.sh"
+ run_process memory_tracker "$TOP_DIR/tools/memory_tracker.sh" "" "root"
+
+ # remove support for the old name when it's no longer used (sometime in Queens)
+ if is_service_enabled peakmem_tracker; then
+ deprecated "Use of peakmem_tracker in devstack is deprecated, use memory_tracker instead"
+ run_process peakmem_tracker "$TOP_DIR/tools/memory_tracker.sh" "" "root"
+ fi
}
# stop_dstat() stop dstat process
function stop_dstat {
stop_process dstat
- stop_process peakmem_tracker
+ stop_process memory_tracker
}
# Restore xtrace
diff --git a/lib/glance b/lib/glance
index 0ba2cfa..2f4aa5f 100644
--- a/lib/glance
+++ b/lib/glance
@@ -55,9 +55,7 @@
GLANCE_POLICY_JSON=$GLANCE_CONF_DIR/policy.json
GLANCE_SCHEMA_JSON=$GLANCE_CONF_DIR/schema-image.json
GLANCE_SWIFT_STORE_CONF=$GLANCE_CONF_DIR/glance-swift-store.conf
-GLANCE_GLARE_CONF=$GLANCE_CONF_DIR/glance-glare.conf
-GLANCE_GLARE_PASTE_INI=$GLANCE_CONF_DIR/glance-glare-paste.ini
-GLANCE_V1_ENABLED=${GLANCE_V1_ENABLED:-True}
+GLANCE_V1_ENABLED=${GLANCE_V1_ENABLED:-False}
if is_ssl_enabled_service "glance" || is_service_enabled tls-proxy; then
GLANCE_SERVICE_PROTOCOL="https"
@@ -72,8 +70,6 @@
GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
GLANCE_REGISTRY_PORT=${GLANCE_REGISTRY_PORT:-9191}
GLANCE_REGISTRY_PORT_INT=${GLANCE_REGISTRY_PORT_INT:-19191}
-GLANCE_GLARE_PORT=${GLANCE_GLARE_PORT:-9494}
-GLANCE_GLARE_HOSTPORT=${GLANCE_GLARE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_GLARE_PORT}
# Functions
# ---------
@@ -98,9 +94,6 @@
sudo install -d -o $STACK_USER $GLANCE_CONF_DIR $GLANCE_METADEF_DIR
# Copy over our glance configurations and update them
- if is_service_enabled g-glare; then
- cp $GLANCE_DIR/etc/glance-glare.conf $GLANCE_GLARE_CONF
- fi
cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
iniset $GLANCE_REGISTRY_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $GLANCE_REGISTRY_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
@@ -143,9 +136,6 @@
# Store specific configs
iniset $GLANCE_API_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
- if is_service_enabled g-glare; then
- iniset $GLANCE_GLARE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/
- fi
iniset $GLANCE_API_CONF DEFAULT registry_host $GLANCE_SERVICE_HOST
iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS"
@@ -172,22 +162,6 @@
iniset $GLANCE_SWIFT_STORE_CONF ref1 user $SERVICE_PROJECT_NAME:glance-swift
- # Store the glare in swift if enabled.
- if is_service_enabled g-glare; then
- iniset $GLANCE_GLARE_CONF glance_store default_store swift
- iniset $GLANCE_GLARE_CONF glance_store swift_store_create_container_on_put True
-
- iniset $GLANCE_GLARE_CONF glance_store swift_store_config_file $GLANCE_SWIFT_STORE_CONF
- iniset $GLANCE_GLARE_CONF glance_store default_swift_reference ref1
- iniset $GLANCE_GLARE_CONF glance_store stores "file, http, swift"
- iniset $GLANCE_GLARE_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
-
- # commenting is not strictly necessary but it's confusing to have bad values in conf
- inicomment $GLANCE_GLARE_CONF glance_store swift_store_user
- inicomment $GLANCE_GLARE_CONF glance_store swift_store_key
- inicomment $GLANCE_GLARE_CONF glance_store swift_store_auth_address
- fi
-
iniset $GLANCE_SWIFT_STORE_CONF ref1 key $SERVICE_PASSWORD
if python3_enabled; then
# NOTE(dims): Currently the glance_store+swift does not support either an insecure flag
@@ -266,29 +240,6 @@
iniset $GLANCE_API_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s"
iniset $GLANCE_CACHE_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/%(project_id)s"
fi
-
- # Configure GLANCE_GLARE (Glance Glare)
- if is_service_enabled g-glare; then
- local dburl
- dburl=`database_connection_url glance`
- setup_logging $GLANCE_GLARE_CONF
- iniset $GLANCE_GLARE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
- iniset $GLANCE_GLARE_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS
- iniset $GLANCE_GLARE_CONF DEFAULT bind_port $GLANCE_GLARE_PORT
- inicomment $GLANCE_GLARE_CONF DEFAULT log_file
- iniset $GLANCE_GLARE_CONF DEFAULT workers "$API_WORKERS"
-
- iniset $GLANCE_GLARE_CONF database connection $dburl
- iniset $GLANCE_GLARE_CONF paste_deploy flavor keystone
- configure_auth_token_middleware $GLANCE_GLARE_CONF glare $GLANCE_AUTH_CACHE_DIR/artifact
- # Register SSL certificates if provided
- if is_ssl_enabled_service glance; then
- ensure_certificates GLANCE
- iniset $GLANCE_GLARE_CONF DEFAULT cert_file "$GLANCE_SSL_CERT"
- iniset $GLANCE_GLARE_CONF DEFAULT key_file "$GLANCE_SSL_KEY"
- fi
- cp $GLANCE_DIR/etc/glance-glare-paste.ini $GLANCE_GLARE_PASTE_INI
- fi
}
# create_glance_accounts() - Set up common required glance accounts
@@ -298,7 +249,6 @@
# SERVICE_PROJECT_NAME glance service
# SERVICE_PROJECT_NAME glance-swift ResellerAdmin (if Swift is enabled)
# SERVICE_PROJECT_NAME glance-search search (if Search is enabled)
-# SERVICE_PROJECT_NAME glare service (if enabled)
function create_glance_accounts {
if is_service_enabled g-api; then
@@ -321,16 +271,6 @@
iniset $GLANCE_SWIFT_STORE_CONF ref1 project_domain_id $service_domain_id
iniset $GLANCE_SWIFT_STORE_CONF ref1 user_domain_id $service_domain_id
fi
-
- # Add glance-glare service and endpoints
- if is_service_enabled g-glare; then
- create_service_user "glare"
- get_or_create_service "glare" "artifact" "Glance Artifact Service"
-
- get_or_create_endpoint "artifact" \
- "$REGION_NAME" \
- "$GLANCE_SERVICE_PROTOCOL://$GLANCE_GLARE_HOSTPORT"
- fi
}
# create_glance_cache_dir() - Part of the init_glance() process
@@ -400,15 +340,6 @@
if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT; then
die $LINENO "g-api did not start"
fi
-
- #Start g-glare after g-reg/g-api
- if is_service_enabled g-glare; then
- run_process g-glare "$GLANCE_BIN_DIR/glance-glare --config-file=$GLANCE_CONF_DIR/glance-glare.conf"
- echo "Waiting for Glare [g-glare] ($GLANCE_GLARE_HOSTPORT) to start..."
- if ! wait_for_service $SERVICE_TIMEOUT $GLANCE_SERVICE_PROTOCOL://$GLANCE_GLARE_HOSTPORT; then
- die $LINENO " Glare [g-glare] did not start"
- fi
- fi
}
# stop_glance() - Stop running processes
@@ -416,10 +347,6 @@
# Kill the Glance screen windows
stop_process g-api
stop_process g-reg
-
- if is_service_enabled g-glare; then
- stop_process g-glare
- fi
}
# Restore xtrace
diff --git a/lib/keystone b/lib/keystone
index 530f3b4..af607c3 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -602,8 +602,11 @@
tail_log key /var/log/$APACHE_NAME/keystone.log
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
else # uwsgi
- run_process key "$KEYSTONE_BIN_DIR/uwsgi $KEYSTONE_PUBLIC_UWSGI_FILE" "" "key-p"
- run_process key "$KEYSTONE_BIN_DIR/uwsgi $KEYSTONE_ADMIN_UWSGI_FILE" "" "key-a"
+ # TODO(sdague): we should really get down to a single keystone here
+ enable_service key-p
+ enable_service key-a
+ run_process key-p "$KEYSTONE_BIN_DIR/uwsgi $KEYSTONE_PUBLIC_UWSGI_FILE" ""
+ run_process key-a "$KEYSTONE_BIN_DIR/uwsgi $KEYSTONE_ADMIN_UWSGI_FILE" ""
fi
echo "Waiting for keystone to start..."
diff --git a/lib/neutron b/lib/neutron
index 44d41f8..dd91466 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -74,8 +74,16 @@
NEUTRON_ROOTWRAP_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf
NEUTRON_ROOTWRAP_DAEMON_CMD="sudo $NEUTRON_ROOTWRAP-daemon $NEUTRON_ROOTWRAP_CONF_FILE"
+# This is needed because _neutron_ovs_base_configure_l3_agent will set
+# external_network_bridge
+Q_USE_PROVIDERNET_FOR_PUBLIC=${Q_USE_PROVIDERNET_FOR_PUBLIC:-True}
+# This is needed because _neutron_ovs_base_configure_l3_agent uses it to create
+# an external network bridge
+PUBLIC_BRIDGE=${PUBLIC_BRIDGE:-br-ex}
+PUBLIC_BRIDGE_MTU=${PUBLIC_BRIDGE_MTU:-1500}
+
# Additional neutron api config files
-declare -a _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS
+declare -a -g _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS
# Functions
# ---------
@@ -163,7 +171,7 @@
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_flat flat_networks public
if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then
- iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security
+ neutron_ml2_extension_driver_add port_security
fi
fi
@@ -284,7 +292,7 @@
function configure_neutron_nova_new {
iniset $NOVA_CONF DEFAULT use_neutron True
iniset $NOVA_CONF neutron auth_type "password"
- iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
+ iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_URI/v3"
iniset $NOVA_CONF neutron username neutron
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
iniset $NOVA_CONF neutron user_domain_name "Default"
@@ -481,6 +489,18 @@
iniset $NEUTRON_CONF DEFAULT service_plugins $plugins
}
+function _neutron_ml2_extension_driver_add {
+ local driver=$1
+ local drivers=""
+
+ drivers=$(iniget $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers)
+ if [ $drivers ]; then
+ drivers+=","
+ fi
+ drivers+="${driver}"
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers $drivers
+}
+
function neutron_server_config_add_new {
_NEUTRON_SERVER_EXTRA_CONF_FILES_ABS+=($1)
}
@@ -553,6 +573,15 @@
fi
}
+function neutron_ml2_extension_driver_add {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ _neutron_ml2_extension_driver_add_old "$@"
+ else
+ _neutron_ml2_extension_driver_add "$@"
+ fi
+}
+
function install_neutron_agent_packages {
if is_neutron_legacy_enabled; then
# Call back to old function
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 1a16a44..86a2b1d 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -141,10 +141,10 @@
# These config files are relative to ``/etc/neutron``. The above
# example would specify ``--config-file /etc/neutron/file1`` for
# neutron server.
-declare -a Q_PLUGIN_EXTRA_CONF_FILES
+declare -a -g Q_PLUGIN_EXTRA_CONF_FILES
# same as Q_PLUGIN_EXTRA_CONF_FILES, but with absolute path.
-declare -a _Q_PLUGIN_EXTRA_CONF_FILES_ABS
+declare -a -g _Q_PLUGIN_EXTRA_CONF_FILES_ABS
Q_RR_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf
@@ -870,6 +870,16 @@
fi
}
+# _neutron_ml2_extension_driver_add_old() - add ML2 extension driver
+function _neutron_ml2_extension_driver_add_old {
+ local extension=$1
+ if [[ $Q_ML2_PLUGIN_EXT_DRIVERS == '' ]]; then
+ Q_ML2_PLUGIN_EXT_DRIVERS=$extension
+ elif [[ ! ,${Q_ML2_PLUGIN_EXT_DRIVERS}, =~ ,${extension}, ]]; then
+ Q_ML2_PLUGIN_EXT_DRIVERS="$Q_ML2_PLUGIN_EXT_DRIVERS,$extension"
+ fi
+}
+
# mutnauq_server_config_add() - add server config file
function mutnauq_server_config_add {
_Q_PLUGIN_EXTRA_CONF_FILES_ABS+=($1)
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index e87a30c..07974fe 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -197,8 +197,8 @@
if [ -z $SUBNETPOOL_V6_ID ]; then
fixed_range_v6=$IPV6_PROVIDER_FIXED_RANGE
fi
- SUBNET_V6_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create --project $project_id --ip-version 6 --ipv6-address-mode $IPV6_ADDRESS_MODE --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID $fixed_range_v6 | grep 'id' | get_field 2)
- die_if_not_set $LINENO SUBNET_V6_ID "Failure creating SUBNET_V6_ID for $IPV6_PROVIDER_SUBNET_NAME $project_id"
+ IPV6_SUBNET_ID=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create --project $project_id --ip-version 6 --gateway $IPV6_PROVIDER_NETWORK_GATEWAY $IPV6_PROVIDER_SUBNET_NAME ${SUBNETPOOL_V6_ID:+--subnet-pool $SUBNETPOOL_V6_ID} --network $NET_ID --subnet-range $fixed_range_v6 | grep ' id ' | get_field 2)
+ die_if_not_set $LINENO IPV6_SUBNET_ID "Failure creating IPV6_SUBNET_ID for $IPV6_PROVIDER_SUBNET_NAME $project_id"
fi
if [[ $Q_AGENT == "openvswitch" ]]; then
diff --git a/lib/nova b/lib/nova
index 4c9f30f..a36a740 100644
--- a/lib/nova
+++ b/lib/nova
@@ -631,7 +631,7 @@
function init_nova_service_user_conf {
iniset $NOVA_CONF service_user send_service_user_token True
iniset $NOVA_CONF service_user auth_type password
- iniset $NOVA_CONF service_user auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT"
+ iniset $NOVA_CONF service_user auth_url "$KEYSTONE_SERVICE_URI"
iniset $NOVA_CONF service_user username nova
iniset $NOVA_CONF service_user password "$SERVICE_PASSWORD"
iniset $NOVA_CONF service_user user_domain_name "$SERVICE_DOMAIN_NAME"
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index 7ffd14d..c9544fe 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -42,6 +42,7 @@
iniset $NOVA_CONF DEFAULT compute_driver ironic.IronicDriver
iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
iniset $NOVA_CONF DEFAULT scheduler_host_manager ironic_host_manager
+ iniset $NOVA_CONF filter_scheduler use_baremetal_filters True
iniset $NOVA_CONF DEFAULT ram_allocation_ratio 1.0
iniset $NOVA_CONF DEFAULT reserved_host_memory_mb 0
# ironic section
diff --git a/lib/placement b/lib/placement
index e7ffe33..4cc5cd8 100644
--- a/lib/placement
+++ b/lib/placement
@@ -100,7 +100,7 @@
function configure_placement_nova_compute {
iniset $NOVA_CONF placement auth_type "password"
- iniset $NOVA_CONF placement auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
+ iniset $NOVA_CONF placement auth_url "$KEYSTONE_SERVICE_URI/v3"
iniset $NOVA_CONF placement username placement
iniset $NOVA_CONF placement password "$SERVICE_PASSWORD"
iniset $NOVA_CONF placement user_domain_name "$SERVICE_DOMAIN_NAME"
diff --git a/lib/swift b/lib/swift
index 5b510e5..6c2af61 100644
--- a/lib/swift
+++ b/lib/swift
@@ -38,6 +38,15 @@
# Set up default directories
GITDIR["python-swiftclient"]=$DEST/python-swiftclient
+# Swift virtual environment
+if [[ ${USE_VENV} = True ]]; then
+ PROJECT_VENV["swift"]=${SWIFT_DIR}.venv
+ SWIFT_BIN_DIR=${PROJECT_VENV["swift"]}/bin
+else
+ SWIFT_BIN_DIR=$(get_python_exec_prefix)
+fi
+
+
SWIFT_DIR=$DEST/swift
SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
@@ -807,10 +816,10 @@
local proxy_port=${SWIFT_DEFAULT_BIND_PORT}
start_tls_proxy swift '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT
fi
- run_process s-proxy "swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
+ run_process s-proxy "$SWIFT_BIN_DIR/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
for type in object container account; do
- run_process s-${type} "swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
+ run_process s-${type} "$SWIFT_BIN_DIR/swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
done
fi
diff --git a/lib/tempest b/lib/tempest
index 95b25bc..ceba5e9 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -17,7 +17,7 @@
# - ``PUBLIC_NETWORK_NAME``
# - ``VIRT_DRIVER``
# - ``LIBVIRT_TYPE``
-# - ``KEYSTONE_SERVICE_PROTOCOL``, ``KEYSTONE_SERVICE_HOST`` from lib/keystone
+# - ``KEYSTONE_SERVICE_URI``, ``KEYSTONE_SERVICE_URI_V3`` from lib/keystone
#
# Optional Dependencies:
#
@@ -223,7 +223,7 @@
# Ensure ``flavor_ref`` and ``flavor_ref_alt`` have different values.
# Some resize instance in tempest tests depends on this.
for f in ${flavors[@]:1}; do
- if [[ $f -ne $flavor_ref ]]; then
+ if [[ "$f" != "$flavor_ref" ]]; then
flavor_ref_alt=$f
break
fi
@@ -257,7 +257,7 @@
iniset $TEMPEST_CONFIG volume build_timeout $BUILD_TIMEOUT
# Identity
- iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:5000/v2.0/"
+ iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_URI/v2.0/"
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
iniset $TEMPEST_CONFIG identity user_lockout_failure_attempts $KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS
iniset $TEMPEST_CONFIG identity user_lockout_duration $KEYSTONE_LOCKOUT_DURATION
@@ -273,13 +273,11 @@
if [ "$ENABLE_IDENTITY_V2" == "True" ]; then
# Run Identity API v2 tests ONLY if needed
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 True
- iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2}
else
# Skip Identity API v2 tests by default
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
- # Use v3 auth tokens for running all Tempest tests
- iniset $TEMPEST_CONFIG identity auth_version v3
fi
+ iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then
iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
diff --git a/lib/tls b/lib/tls
index f9ef554..fb2fa3a 100644
--- a/lib/tls
+++ b/lib/tls
@@ -457,29 +457,30 @@
# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
#
-# The apache defaults are too conservative if we want reliable tempest
-# testing. Bump these values up from ~400 max clients to 1024 max clients.
+# We want to be memory thrifty so tune down apache to allow 256 total
+# connections. This should still be plenty for a dev env yet lighter than
+# apache defaults.
<IfModule mpm_worker_module>
# Note that the next three conf values must be changed together.
# MaxClients = ServerLimit * ThreadsPerChild
-ServerLimit 32
+ServerLimit 8
ThreadsPerChild 32
-MaxClients 1024
-StartServers 3
-MinSpareThreads 96
-MaxSpareThreads 192
+MaxClients 256
+StartServers 2
+MinSpareThreads 32
+MaxSpareThreads 96
ThreadLimit 64
MaxRequestsPerChild 0
</IfModule>
<IfModule mpm_event_module>
# Note that the next three conf values must be changed together.
# MaxClients = ServerLimit * ThreadsPerChild
-ServerLimit 32
+ServerLimit 8
ThreadsPerChild 32
-MaxClients 1024
-StartServers 3
-MinSpareThreads 96
-MaxSpareThreads 192
+MaxClients 256
+StartServers 2
+MinSpareThreads 32
+MaxSpareThreads 96
ThreadLimit 64
MaxRequestsPerChild 0
</IfModule>
diff --git a/stack.sh b/stack.sh
index 4cee385..20cdc1d 100755
--- a/stack.sh
+++ b/stack.sh
@@ -192,7 +192,7 @@
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (xenial|yakkety|zesty|sid|testing|jessie|f24|f25|rhel7|kvmibm1) ]]; then
+if [[ ! ${DISTRO} =~ (xenial|yakkety|zesty|stretch|jessie|f24|f25|rhel7|kvmibm1) ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
if [[ "$FORCE" != "yes" ]]; then
die $LINENO "If you wish to run this script anyway run with FORCE=yes"
@@ -1057,11 +1057,18 @@
fi
create_keystone_accounts
- create_nova_accounts
- create_glance_accounts
- create_cinder_accounts
- create_neutron_accounts
-
+ if is_service_enabled nova; then
+ create_nova_accounts
+ fi
+ if is_service_enabled glance; then
+ create_glance_accounts
+ fi
+ if is_service_enabled cinder; then
+ create_cinder_accounts
+ fi
+ if is_service_enabled neutron; then
+ create_neutron_accounts
+ fi
if is_service_enabled swift; then
create_swift_accounts
fi
diff --git a/stackrc b/stackrc
index 46b8747..61501b5 100644
--- a/stackrc
+++ b/stackrc
@@ -5,7 +5,7 @@
# ensure we don't re-source this in the same environment
[[ -z "$_DEVSTACK_STACKRC" ]] || return 0
-declare -r _DEVSTACK_STACKRC=1
+declare -r -g _DEVSTACK_STACKRC=1
# Find the other rc files
RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd)
@@ -87,6 +87,23 @@
# be disabled for automated testing by setting this value to False.
USE_SCREEN=$(trueorfalse True USE_SCREEN)
+# Whether to use SYSTEMD to manage services
+USE_SYSTEMD=$(trueorfalse False USE_SYSTEMD)
+USER_UNITS=$(trueorfalse False USER_UNITS)
+if [[ "$USER_UNITS" == "True" ]]; then
+ SYSTEMD_DIR="$HOME/.local/share/systemd/user"
+ SYSTEMCTL="systemctl --user"
+ JOURNALCTL_F="journalctl -f -o short-precise --user-unit"
+else
+ SYSTEMD_DIR="/etc/systemd/system"
+ SYSTEMCTL="sudo systemctl"
+ JOURNALCTL_F="journalctl -f -o short-precise --unit"
+fi
+
+if [[ "$USE_SYSTEMD" == "True" ]]; then
+ USE_SCREEN=False
+fi
+
# When using screen, should we keep a log file on disk? You might
# want this False if you have a long-running setup where verbose logs
# can fill-up the host.
diff --git a/tools/memory_tracker.sh b/tools/memory_tracker.sh
new file mode 100755
index 0000000..7397c03
--- /dev/null
+++ b/tools/memory_tracker.sh
@@ -0,0 +1,118 @@
+#!/bin/bash
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -o errexit
+
+# time to sleep between checks
+SLEEP_TIME=20
+
+# MemAvailable is the best estimation and has built-in heuristics
+# around reclaimable memory. However, it is not available until 3.14
+# kernel (i.e. Ubuntu LTS Trusty misses it). In that case, we fall
+# back to free+buffers+cache as the available memory.
+USE_MEM_AVAILABLE=0
+if grep -q '^MemAvailable:' /proc/meminfo; then
+ USE_MEM_AVAILABLE=1
+fi
+
+function get_mem_unevictable {
+ awk '/^Unevictable:/ {print $2}' /proc/meminfo
+}
+
+function get_mem_available {
+ if [[ $USE_MEM_AVAILABLE -eq 1 ]]; then
+ awk '/^MemAvailable:/ {print $2}' /proc/meminfo
+ else
+ awk '/^MemFree:/ {free=$2}
+ /^Buffers:/ {buffers=$2}
+ /^Cached:/ {cached=$2}
+ END { print free+buffers+cached }' /proc/meminfo
+ fi
+}
+
+function tracker {
+ local low_point
+ local unevictable_point
+ low_point=$(get_mem_available)
+ # log mlocked memory at least on first iteration
+ unevictable_point=0
+ while [ 1 ]; do
+
+ local mem_available
+ mem_available=$(get_mem_available)
+
+ local unevictable
+ unevictable=$(get_mem_unevictable)
+
+ if [ $mem_available -lt $low_point -o $unevictable -ne $unevictable_point ]; then
+ echo "[[["
+ date
+
+ # whenever we see less memory available than last time, dump the
+ # snapshot of current usage; i.e. checking the latest entry in the file
+ # will give the peak-memory usage
+ if [[ $mem_available -lt $low_point ]]; then
+ low_point=$mem_available
+ echo "---"
+ # always available greppable output; given difference in
+ # meminfo output as described above...
+ echo "memory_tracker low_point: $mem_available"
+ echo "---"
+ cat /proc/meminfo
+ echo "---"
+ # would hierarchial view be more useful (-H)? output is
+ # not sorted by usage then, however, and the first
+ # question is "what's using up the memory"
+ #
+ # there are a lot of kernel threads, especially on a 8-cpu
+ # system. do a best-effort removal to improve
+ # signal/noise ratio of output.
+ ps --sort=-pmem -eo pid:10,pmem:6,rss:15,ppid:10,cputime:10,nlwp:8,wchan:25,args:100 |
+ grep -v ']$'
+ fi
+ echo "---"
+
+ # list processes that lock memory from swap
+ if [[ $unevictable -ne $unevictable_point ]]; then
+ unevictable_point=$unevictable
+ ./tools/mlock_report.py
+ fi
+
+ echo "]]]"
+ fi
+ sleep $SLEEP_TIME
+ done
+}
+
+function usage {
+ echo "Usage: $0 [-x] [-s N]" 1>&2
+ exit 1
+}
+
+while getopts ":s:x" opt; do
+ case $opt in
+ s)
+ SLEEP_TIME=$OPTARG
+ ;;
+ x)
+ set -o xtrace
+ ;;
+ *)
+ usage
+ ;;
+ esac
+done
+shift $((OPTIND-1))
+
+tracker
diff --git a/tools/mlock_report.py b/tools/mlock_report.py
new file mode 100755
index 0000000..1d23af9
--- /dev/null
+++ b/tools/mlock_report.py
@@ -0,0 +1,59 @@
+#!/usr/bin/env python
+
+# This tool lists processes that lock memory pages from swapping to disk.
+
+import re
+import subprocess
+
+import psutil
+
+
+SUMMARY_REGEX = re.compile(r".*\s+(?P<locked>[\d]+)\s+KB")
+
+
+def main():
+ try:
+ print _get_report()
+ except Exception as e:
+ print "Failure listing processes locking memory: %s" % str(e)
+
+
+def _get_report():
+ mlock_users = []
+ for proc in psutil.process_iter():
+ pid = proc.pid
+ # sadly psutil does not expose locked pages info, that's why we
+ # call to pmap and parse the output here
+ try:
+ out = subprocess.check_output(['pmap', '-XX', str(pid)])
+ except subprocess.CalledProcessError as e:
+ # 42 means process just vanished, which is ok
+ if e.returncode == 42:
+ continue
+ raise
+ last_line = out.splitlines()[-1]
+
+ # some processes don't provide a memory map, for example those
+ # running as kernel services, so we need to skip those that don't
+ # match
+ result = SUMMARY_REGEX.match(last_line)
+ if result:
+ locked = int(result.group('locked'))
+ if locked:
+ mlock_users.append({'name': proc.name(),
+ 'pid': pid,
+ 'locked': locked})
+
+ # produce a single line log message with per process mlock stats
+ if mlock_users:
+ return "; ".join(
+ "[%(name)s (pid:%(pid)s)]=%(locked)dKB" % args
+ # log heavy users first
+ for args in sorted(mlock_users, key=lambda d: d['locked'])
+ )
+ else:
+ return "no locked memory"
+
+
+if __name__ == "__main__":
+ main()
diff --git a/tools/peakmem_tracker.sh b/tools/peakmem_tracker.sh
deleted file mode 100755
index ecbd79a..0000000
--- a/tools/peakmem_tracker.sh
+++ /dev/null
@@ -1,98 +0,0 @@
-#!/bin/bash
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-set -o errexit
-
-# time to sleep between checks
-SLEEP_TIME=20
-
-# MemAvailable is the best estimation and has built-in heuristics
-# around reclaimable memory. However, it is not available until 3.14
-# kernel (i.e. Ubuntu LTS Trusty misses it). In that case, we fall
-# back to free+buffers+cache as the available memory.
-USE_MEM_AVAILBLE=0
-if grep -q '^MemAvailable:' /proc/meminfo; then
- USE_MEM_AVAILABLE=1
-fi
-
-function get_mem_available {
- if [[ $USE_MEM_AVAILABLE -eq 1 ]]; then
- awk '/^MemAvailable:/ {print $2}' /proc/meminfo
- else
- awk '/^MemFree:/ {free=$2}
- /^Buffers:/ {buffers=$2}
- /^Cached:/ {cached=$2}
- END { print free+buffers+cached }' /proc/meminfo
- fi
-}
-
-# whenever we see less memory available than last time, dump the
-# snapshot of current usage; i.e. checking the latest entry in the
-# file will give the peak-memory usage
-function tracker {
- local low_point
- low_point=$(get_mem_available)
- while [ 1 ]; do
-
- local mem_available
- mem_available=$(get_mem_available)
-
- if [[ $mem_available -lt $low_point ]]; then
- low_point=$mem_available
- echo "[[["
- date
- echo "---"
- # always available greppable output; given difference in
- # meminfo output as described above...
- echo "peakmem_tracker low_point: $mem_available"
- echo "---"
- cat /proc/meminfo
- echo "---"
- # would hierarchial view be more useful (-H)? output is
- # not sorted by usage then, however, and the first
- # question is "what's using up the memory"
- #
- # there are a lot of kernel threads, especially on a 8-cpu
- # system. do a best-effort removal to improve
- # signal/noise ratio of output.
- ps --sort=-pmem -eo pid:10,pmem:6,rss:15,ppid:10,cputime:10,nlwp:8,wchan:25,args:100 |
- grep -v ']$'
- echo "]]]"
- fi
-
- sleep $SLEEP_TIME
- done
-}
-
-function usage {
- echo "Usage: $0 [-x] [-s N]" 1>&2
- exit 1
-}
-
-while getopts ":s:x" opt; do
- case $opt in
- s)
- SLEEP_TIME=$OPTARG
- ;;
- x)
- set -o xtrace
- ;;
- *)
- usage
- ;;
- esac
-done
-shift $((OPTIND-1))
-
-tracker
diff --git a/tools/xen/functions b/tools/xen/functions
index 93f3413..bc0c515 100644
--- a/tools/xen/functions
+++ b/tools/xen/functions
@@ -294,6 +294,18 @@
# Assert ithas a numeric nonzero value
expr "$cpu_count" + 0
+ # 8 VCPUs should be enough for devstack VM; avoid using too
+ # many VCPUs:
+ # 1. too many VCPUs may trigger a kernel bug which result VM
+ # not able to boot:
+ # https://kernel.googlesource.com/pub/scm/linux/kernel/git/wsa/linux/+/e2e004acc7cbe3c531e752a270a74e95cde3ea48
+ # 2. The remaining CPUs can be used for other purpose:
+ # e.g. boot test VMs.
+ MAX_VCPUS=8
+ if [ $cpu_count -ge $MAX_VCPUS ]; then
+ cpu_count=$MAX_VCPUS
+ fi
+
xe vm-param-set uuid=$vm VCPUs-max=$cpu_count
xe vm-param-set uuid=$vm VCPUs-at-startup=$cpu_count
}