Merge "lib/neutron: stop loading all config files into all processes"
diff --git a/files/rpms/nova b/files/rpms/nova
index 45f1c94..a368c55 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -9,10 +9,6 @@
iputils
kernel-modules # dist:f23,f24,f25
kpartx
-kvm # NOPRIME
-libvirt-bin # NOPRIME
-libvirt-devel # NOPRIME
-libvirt-python # NOPRIME
libxml2-python
m2crypto
mysql-devel
@@ -21,7 +17,6 @@
numpy # needed by websockify for spice console
parted
polkit
-qemu-kvm # NOPRIME
rabbitmq-server # NOPRIME
sqlite
sudo
diff --git a/functions b/functions
index 89ee367..f262fbc 100644
--- a/functions
+++ b/functions
@@ -664,6 +664,16 @@
}
+# running_in_container - Returns true otherwise false
+function running_in_container {
+ if grep -q lxc /proc/1/cgroup; then
+ return 0
+ fi
+
+ return 1
+}
+
+
# enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling
function enable_kernel_bridge_firewall {
# Load bridge module. This module provides access to firewall for bridged
diff --git a/functions-common b/functions-common
index 0d1b01f..7e9e200 100644
--- a/functions-common
+++ b/functions-common
@@ -1556,7 +1556,7 @@
# Append the process to the screen rc file
screen_rc "$name" "$command"
- screen -S $SCREEN_NAME -p $name -X stuff "$command & echo \$! >$SERVICE_DIR/$SCREEN_NAME/${name}.pid; fg || echo \"$name failed to start\" | tee \"$SERVICE_DIR/$SCREEN_NAME/${name}.failure\"$NL"
+ screen -S $SCREEN_NAME -p $name -X stuff "$command & echo \$! >$SERVICE_DIR/$SCREEN_NAME/${name}.pid; fg || echo \"$name failed to start. Exit code: \$?\" | tee \"$SERVICE_DIR/$SCREEN_NAME/${name}.failure\"$NL"
}
# Screen rc file builder
diff --git a/lib/cinder b/lib/cinder
index 767fd00..c17cea0 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -315,7 +315,7 @@
fi
if is_service_enabled ceilometer; then
- iniset $CINDER_CONF oslo_messaging_notifications driver "messaging"
+ iniset $CINDER_CONF oslo_messaging_notifications driver "messagingv2"
fi
if is_service_enabled tls-proxy; then
diff --git a/lib/glance b/lib/glance
index 58f1def..0ba2cfa 100644
--- a/lib/glance
+++ b/lib/glance
@@ -112,7 +112,7 @@
iniset $GLANCE_REGISTRY_CONF DEFAULT workers "$API_WORKERS"
iniset $GLANCE_REGISTRY_CONF paste_deploy flavor keystone
configure_auth_token_middleware $GLANCE_REGISTRY_CONF glance $GLANCE_AUTH_CACHE_DIR/registry
- iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messaging
+ iniset $GLANCE_REGISTRY_CONF oslo_messaging_notifications driver messagingv2
iniset_rpc_backend glance $GLANCE_REGISTRY_CONF
iniset $GLANCE_REGISTRY_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT"
@@ -125,7 +125,7 @@
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
- iniset $GLANCE_API_CONF oslo_messaging_notifications driver messaging
+ iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2
iniset_rpc_backend glance $GLANCE_API_CONF
if [ "$VIRT_DRIVER" = 'xenserver' ]; then
iniset $GLANCE_API_CONF DEFAULT container_formats "ami,ari,aki,bare,ovf,tgz"
diff --git a/lib/neutron b/lib/neutron
index d80e9d9..b30c5c8 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -150,15 +150,7 @@
iniset $NEUTRON_CONF DEFAULT auth_strategy $NEUTRON_AUTH_STRATEGY
configure_auth_token_middleware $NEUTRON_CONF neutron $NEUTRON_AUTH_CACHE_DIR keystone_authtoken
-
- iniset $NEUTRON_CONF nova auth_type password
- iniset $NEUTRON_CONF nova auth_url "$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_AUTH_PORT/v3"
- iniset $NEUTRON_CONF nova username nova
- iniset $NEUTRON_CONF nova password $SERVICE_PASSWORD
- iniset $NEUTRON_CONF nova user_domain_id default
- iniset $NEUTRON_CONF nova project_name $SERVICE_TENANT_NAME
- iniset $NEUTRON_CONF nova project_domain_id default
- iniset $NEUTRON_CONF nova region_name $REGION_NAME
+ configure_auth_token_middleware $NEUTRON_CONF nova $NEUTRON_AUTH_CACHE_DIR nova
# Configure VXLAN
# TODO(sc68cal) not hardcode?
@@ -185,7 +177,9 @@
iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP
fi
- enable_kernel_bridge_firewall
+ if ! running_in_container; then
+ enable_kernel_bridge_firewall
+ fi
fi
# DHCP Agent
@@ -237,10 +231,6 @@
iniset $NEUTRON_CONF DEFAULT bind_port "$NEUTRON_SERVICE_PORT_INT"
fi
- if is_ssl_enabled_service "nova"; then
- iniset $NEUTRON_CONF nova cafile $SSL_BUNDLE_FILE
- fi
-
if is_ssl_enabled_service "neutron"; then
ensure_certificates NEUTRON
@@ -392,9 +382,9 @@
service_protocol="http"
fi
- local opts = ""
- opts+="--config-file $NEUTRON_CONF"
- opts+="--config-file $NEUTRON_CORE_PLUGIN_CONF"
+ local opts=""
+ opts+=" --config-file $NEUTRON_CONF"
+ opts+=" --config-file $NEUTRON_CORE_PLUGIN_CONF"
local cfg_file
for cfg_file in ${_NEUTRON_SERVER_EXTRA_CONF_FILES_ABS[@]}; do
opts+=" --config-file $cfg_file"
@@ -402,7 +392,7 @@
# Start the Neutron service
# TODO(sc68cal) Stop hard coding this
- run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server $ops"
+ run_process neutron-api "$NEUTRON_BIN_DIR/neutron-server $opts"
if is_ssl_enabled_service "neutron"; then
ssl_ca="--ca-certificate=${SSL_BUNDLE_FILE}"
@@ -482,7 +472,10 @@
local plugins=""
plugins=$(iniget $NEUTRON_CONF DEFAULT service_plugins)
- plugins+=",${service_plugin_class}"
+ if [ $plugins ]; then
+ plugins+=","
+ fi
+ plugins+="${service_plugin_class}"
iniset $NEUTRON_CONF DEFAULT service_plugins $plugins
}
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index b381b64..1a16a44 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -798,7 +798,7 @@
}
function _configure_neutron_ceilometer_notifications {
- iniset $NEUTRON_CONF oslo_messaging_notifications driver messaging
+ iniset $NEUTRON_CONF oslo_messaging_notifications driver messagingv2
}
function _configure_neutron_metering {
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index dfed49b..f2302e3 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -67,7 +67,9 @@
fi
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- enable_kernel_bridge_firewall
+ if ! running_in_container; then
+ enable_kernel_bridge_firewall
+ fi
else
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver
fi
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index 1a97001..50b9ae5 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -80,7 +80,9 @@
function _neutron_ovs_base_configure_firewall_driver {
if [[ "$Q_USE_SECGROUP" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid
- enable_kernel_bridge_firewall
+ if ! running_in_container; then
+ enable_kernel_bridge_firewall
+ fi
else
iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop
fi
diff --git a/lib/nova b/lib/nova
index f5ab201..4c9f30f 100644
--- a/lib/nova
+++ b/lib/nova
@@ -247,7 +247,7 @@
sudo rm -f $(apache_site_config_for nova-metadata)
}
-# _config_nova_apache_wsgi() - Set WSGI config files of Keystone
+# _config_nova_apache_wsgi() - Set WSGI config files of Nova API
function _config_nova_apache_wsgi {
sudo mkdir -p $NOVA_WSGI_DIR
@@ -575,7 +575,7 @@
# Set the oslo messaging driver to the typical default. This does not
# enable notifications, but it will allow them to function when enabled.
- iniset $NOVA_CONF oslo_messaging_notifications driver "messaging"
+ iniset $NOVA_CONF oslo_messaging_notifications driver "messagingv2"
iniset_rpc_backend nova $NOVA_CONF
iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}"
@@ -664,6 +664,10 @@
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF db sync
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF cell create --name=region --cell_type=parent --username=$RABBIT_USERID --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=/ --woffset=0 --wscale=1
$NOVA_BIN_DIR/nova-manage cell create --name=child --cell_type=child --username=$RABBIT_USERID --hostname=$RABBIT_HOST --port=5672 --password=$RABBIT_PASSWORD --virtual_host=child_cell --woffset=0 --wscale=1
+
+ # Creates the single cells v2 cell for the child cell (v1) nova db.
+ nova-manage --config-file $NOVA_CELLS_CONF cell_v2 create_cell \
+ --transport-url $(get_transport_url child_cell) --name 'cell1'
fi
}
@@ -704,9 +708,13 @@
recreate_database nova
recreate_database nova_cell0
- # Migrate nova database. If "nova-manage cell_v2 simple_cell_setup" has
- # been run this migrates the "nova" and "nova_cell0" database.
- # Otherwise it just migrates the "nova" database.
+ # map_cell0 will create the cell mapping record in the nova_api DB so
+ # this needs to come after the api_db sync happens. We also want to run
+ # this before the db sync below since that will migrate both the nova
+ # and nova_cell0 databases.
+ nova-manage cell_v2 map_cell0 --database_connection `database_connection_url nova_cell0`
+
+ # Migrate nova and nova_cell0 databases.
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db sync
if is_service_enabled n-cell; then
@@ -716,6 +724,10 @@
# Run online migrations on the new databases
# Needed for flavor conversion
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db online_data_migrations
+
+ # create the cell1 cell for the main nova db where the hosts live
+ nova-manage cell_v2 create_cell --transport-url $(get_transport_url) \
+ --name 'cell1'
fi
create_nova_cache_dir
@@ -885,7 +897,9 @@
run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf"
if is_service_enabled n-net; then
- enable_kernel_bridge_firewall
+ if ! running_in_container; then
+ enable_kernel_bridge_firewall
+ fi
fi
run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf"
@@ -964,20 +978,6 @@
fi
}
-# create_cell(): Group the available hosts into a cell
-function create_cell {
- # NOTE(danms): map_cell0 always returns 1 right now; remove this when that is fixed
- (nova-manage cell_v2 map_cell0 --database_connection `database_connection_url nova_cell0`|| true)
-
- if ! is_service_enabled n-cell; then
- nova-manage cell_v2 simple_cell_setup --transport-url $(get_transport_url)
- else
- nova-manage --config-file $NOVA_CELLS_CONF --verbose cell_v2 map_cell_and_hosts \
- --transport-url $(get_transport_url child_cell) --name 'cell1'
- nova-manage db sync
- fi
-}
-
# Restore xtrace
$_XTRACE_LIB_NOVA
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 47b054b..56bb6bd 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -34,18 +34,21 @@
#pip_install_gr <there-si-no-guestfs-in-pypi>
elif is_fedora || is_suse; then
# On "KVM for IBM z Systems", kvm does not have its own package
- if [[ ! ${DISTRO} =~ "kvmibm1" ]]; then
+ if [[ ! ${DISTRO} =~ "kvmibm1" && ! ${DISTRO} =~ "rhel7" ]]; then
install_package kvm
fi
- # there is a dependency issue with kvm (which is really just a
- # wrapper to qemu-system-x86) that leaves some bios files out,
- # so install qemu-kvm (which shouldn't strictly be needed, as
- # everything has been merged into qemu-system-x86) to bring in
- # the right packages. see
- # https://bugzilla.redhat.com/show_bug.cgi?id=1235890
- install_package qemu-kvm
+
+ if [[ ${DISTRO} =~ "rhel7" ]]; then
+ # This should install the latest qemu-kvm build,
+ # which is called qemu-kvm-ev in centos7
+ # (as the default OS qemu-kvm package is usually rather old,
+ # and should be updated by above)
+ install_package qemu-kvm
+ fi
+
install_package libvirt libvirt-devel
pip_install_gr libvirt-python
+
fi
}
diff --git a/lib/tempest b/lib/tempest
index 128e972..d95a9f5 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -290,6 +290,10 @@
iniset $TEMPEST_CONFIG identity-feature-enabled security_compliance True
fi
+ # TODO(rodrigods): This is a feature flag for bug 1590578 which is fixed in
+ # Newton and Ocata. This option can be removed after Mitaka is end of life.
+ iniset $TEMPEST_CONFIG identity-feature-enabled forbid_global_implied_dsr True
+
# Image
# We want to be able to override this variable in the gate to avoid
# doing an external HTTP fetch for this test.
diff --git a/stack.sh b/stack.sh
index 94315e1..4cee385 100755
--- a/stack.sh
+++ b/stack.sh
@@ -761,6 +761,7 @@
run_phase stack pre-install
install_rpc_backend
+restart_rpc_backend
# NOTE(sdague): dlm install is conditional on one being enabled by configuration
install_dlm
@@ -952,11 +953,6 @@
fi
-# Finalize queue installation
-# ----------------------------
-restart_rpc_backend
-
-
# Export Certificate Authority Bundle
# -----------------------------------
@@ -1368,7 +1364,7 @@
# Do this late because it requires compute hosts to have started
if is_service_enabled n-api; then
if is_service_enabled n-cpu; then
- create_cell
+ $TOP_DIR/tools/discover_hosts.sh
else
# Some CI systems like Hyper-V build the control plane on
# Linux, and join in non Linux Computes after setup. This
diff --git a/stackrc b/stackrc
index 95f017b..46b8747 100644
--- a/stackrc
+++ b/stackrc
@@ -109,7 +109,7 @@
# base name of the directory from which they are installed. See
# enable_python3_package to edit this variable and use_python3_for to
# test membership.
-export ENABLED_PYTHON3_PACKAGES="nova,glance,cinder,uwsgi"
+export ENABLED_PYTHON3_PACKAGES="nova,glance,cinder,uwsgi,python-openstackclient"
# Explicitly list services not to run under Python 3. See
# disable_python3_package to edit this variable.
@@ -636,9 +636,6 @@
IMAGE_URLS+=","
fi
case "$VIRT_DRIVER" in
- openvz)
- DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-ubuntu-12.04-x86_64}
- IMAGE_URLS+="http://download.openvz.org/template/precreated/ubuntu-12.04-x86_64.tar.gz";;
libvirt)
case "$LIBVIRT_TYPE" in
lxc) # the cirros root disk in the uec tarball is empty, so it will not work for lxc
@@ -656,13 +653,6 @@
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.4-x86_64-disk}
IMAGE_URLS+="http://ca.downloads.xensource.com/OpenStack/cirros-0.3.4-x86_64-disk.vhd.tgz"
IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz";;
- ironic)
- # NOTE(lucasagomes): The logic setting the default image
- # now lives in the Ironic tree
- ;;
- *) # Default to Cirros qcow2 image file
- DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img}
- IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img";;
esac
DOWNLOAD_DEFAULT_IMAGES=False
fi