Merge "Revert "Move default Keystone API version to v3""
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index a7d3b7d..6f45c1c 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -643,8 +643,18 @@
In RegionTwo:
::
-
+
disable_service horizon
KEYSTONE_SERVICE_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
KEYSTONE_AUTH_HOST=<KEYSTONE_IP_ADDRESS_FROM_REGION_ONE>
REGION_NAME=RegionTwo
+
+Disabling Identity API v2
++++++++++++++++++++++++++
+
+The Identity API v2 is deprecated as of Mitaka and it is recommended to only
+use the v3 API. It is possible to setup keystone without v2 API, by doing:
+
+::
+
+ ENABLE_IDENTITY_V2=False
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 37c8515..392bb1b 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -373,3 +373,43 @@
::
mysqladmin -u root -pnova password 'supersecret'
+
+Live Migration
+--------------
+
+In order for live migration to work with the default live migration URI::
+
+ [libvirt]
+ live_migration_uri = qemu+ssh://stack@%s/system
+
+SSH keys need to be exchanged between each compute node:
+
+1. The SOURCE root user's public RSA key (likely in /root/.ssh/id_rsa.pub)
+ needs to be in the DESTINATION stack user's authorized_keys file
+ (~stack/.ssh/authorized_keys). This can be accomplished by manually
+ copying the contents from the file on the SOURCE to the DESTINATION. If
+ you have a password configured for the stack user, then you can use the
+ following command to accomplish the same thing::
+
+ ssh-copy-id -i /root/.ssh/id_rsa.pub stack@DESTINATION
+
+2. The DESTINATION host's public ECDSA key (/etc/ssh/ssh_host_ecdsa_key.pub)
+ needs to be in the SOURCE root user's known_hosts file
+ (/root/.ssh/known_hosts). This can be accomplished by running the
+ following on the SOURCE machine (hostname must be used)::
+
+ ssh-keyscan -H DEST_HOSTNAME | sudo tee -a /root/.ssh/known_hosts
+
+In essence, this means that every compute node's root user's public RSA key
+must exist in every other compute node's stack user's authorized_keys file and
+every compute node's public ECDSA key needs to be in every other compute
+node's root user's known_hosts file. Please note that if the root or stack
+user does not have a SSH key, one can be generated using::
+
+ ssh-keygen -t rsa
+
+The above steps are necessary because libvirtd runs as root when the
+live_migration_uri uses the "qemu:///system" family of URIs. For more
+information, see the `libvirt documentation`_.
+
+.. _libvirt documentation: https://libvirt.org/drvqemu.html#securitydriver
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 84295a5..1e20d7f 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -6,6 +6,8 @@
plugin and the Open vSwitch mechanism driver.
+.. _single-interface-ovs:
+
Using Neutron with a Single Interface
=====================================
@@ -23,7 +25,9 @@
In most cases where DevStack is being deployed with a single
interface, there is a hardware router that is being used for external
connectivity and DHCP. The developer machine is connected to this
-network and is on a shared subnet with other machines.
+network and is on a shared subnet with other machines. The
+`local.conf` exhibited here assumes that 1500 is a reasonable MTU to
+use on that network.
.. nwdiag::
@@ -74,6 +78,8 @@
PUBLIC_NETWORK_GATEWAY="172.18.161.1"
Q_L3_ENABLED=True
PUBLIC_INTERFACE=eth0
+
+ # Open vSwitch provider networking configuration
Q_USE_PROVIDERNET_FOR_PUBLIC=True
OVS_PHYSICAL_BRIDGE=br-ex
PUBLIC_BRIDGE=br-ex
@@ -411,7 +417,7 @@
# Services that a compute node runs
ENABLED_SERVICES=n-cpu,rabbit,q-agt
- ## Neutron options
+ ## Open vSwitch provider networking options
PHYSICAL_NETWORK=default
OVS_PHYSICAL_BRIDGE=br-ex
PUBLIC_INTERFACE=eth1
@@ -434,6 +440,16 @@
Miscellaneous Tips
==================
+Non-Standard MTU on the Physical Network
+----------------------------------------
+
+DevStack defaults to assume that the MTU on the physical network
+is 1500. A different MTU can be specified by adding the following to
+the `localrc` part of `local.conf` on each machine.
+
+::
+ Q_ML2_PLUGIN_PATH_MTU=1500
+
Disabling Next Generation Firewall Tools
----------------------------------------
@@ -474,3 +490,48 @@
by default. If you want to remove all the extension drivers (even
'port_security'), set ``Q_ML2_PLUGIN_EXT_DRIVERS`` to blank.
+
+Using Linux Bridge instead of Open vSwitch
+------------------------------------------
+
+The configuration for using the Linux Bridge ML2 driver is fairly
+straight forward. The Linux Bridge configuration for DevStack is similar
+to the :ref:`Open vSwitch based single interface <single-interface-ovs>`
+setup, with small modifications for the interface mappings.
+
+
+::
+
+ [[local|localrc]]
+ HOST_IP=172.18.161.6
+ SERVICE_HOST=172.18.161.6
+ MYSQL_HOST=172.18.161.6
+ RABBIT_HOST=172.18.161.6
+ GLANCE_HOSTPORT=172.18.161.6:9292
+ ADMIN_PASSWORD=secrete
+ DATABASE_PASSWORD=secrete
+ RABBIT_PASSWORD=secrete
+ SERVICE_PASSWORD=secrete
+
+ # Do not use Nova-Network
+ disable_service n-net
+ # Enable Neutron
+ ENABLED_SERVICES+=,q-svc,q-dhcp,q-meta,q-agt,q-l3
+
+
+ ## Neutron options
+ Q_USE_SECGROUP=True
+ FLOATING_RANGE="172.18.161.0/24"
+ FIXED_RANGE="10.0.0.0/24"
+ Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254
+ PUBLIC_NETWORK_GATEWAY="172.18.161.1"
+ Q_L3_ENABLED=True
+ PUBLIC_INTERFACE=eth0
+
+ Q_USE_PROVIDERNET_FOR_PUBLIC=True
+
+ # Linuxbridge Settings
+ Q_AGENT=linuxbridge
+ LB_PHYSICAL_INTERFACE=eth0
+ PUBLIC_PHYSICAL_NETWORK=default
+ LB_INTERFACE_MAPPINGS=default:eth0
diff --git a/functions b/functions
index 9495710..29d0518 100644
--- a/functions
+++ b/functions
@@ -529,12 +529,58 @@
typeset v1=$1 v2=$2 sep
typeset -a ver1 ver2
+ deprecated "vercmp_numbers is deprecated for more generic vercmp"
+
IFS=. read -ra ver1 <<< "$v1"
IFS=. read -ra ver2 <<< "$v2"
_vercmp_r "${#ver1[@]}" "${ver1[@]}" "${ver2[@]}"
}
+# vercmp ver1 op ver2
+# Compare VER1 to VER2
+# - op is one of < <= == >= >
+# - returns true if satisified
+# e.g.
+# if vercmp 1.0 "<" 2.0; then
+# ...
+# fi
+function vercmp {
+ local v1=$1
+ local op=$2
+ local v2=$3
+ local result
+
+ # sort the two numbers with sort's "-V" argument. Based on if v2
+ # swapped places with v1, we can determine ordering.
+ result=$(echo -e "$v1\n$v2" | sort -V | head -1)
+
+ case $op in
+ "==")
+ [ "$v1" = "$v2" ]
+ return
+ ;;
+ ">")
+ [ "$v1" != "$v2" ] && [ "$result" = "$v2" ]
+ return
+ ;;
+ "<")
+ [ "$v1" != "$v2" ] && [ "$result" = "$v1" ]
+ return
+ ;;
+ ">=")
+ [ "$result" = "$v2" ]
+ return
+ ;;
+ "<=")
+ [ "$result" = "$v1" ]
+ return
+ ;;
+ *)
+ die $LINENO "unrecognised op: $op"
+ ;;
+ esac
+}
# This function sets log formatting options for colorizing log
# output to stdout. It is meant to be called by lib modules.
diff --git a/lib/cinder b/lib/cinder
index 144f41b..3aea050 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -259,7 +259,6 @@
iniset $CINDER_CONF DEFAULT auth_strategy keystone
iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
- iniset $CINDER_CONF DEFAULT verbose True
iniset $CINDER_CONF DEFAULT iscsi_helper "$CINDER_ISCSI_HELPER"
iniset $CINDER_CONF database connection `database_connection_url cinder`
diff --git a/lib/keystone b/lib/keystone
index 7592804..d60a4ba 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -218,6 +218,14 @@
iniset $KEYSTONE_CONF role driver "$KEYSTONE_ROLE_BACKEND"
iniset $KEYSTONE_CONF resource driver "$KEYSTONE_RESOURCE_BACKEND"
+ # Enable caching
+ iniset $KEYSTONE_CONF cache enabled "True"
+ iniset $KEYSTONE_CONF cache backend "oslo_cache.memcache_pool"
+ iniset $KEYSTONE_CONF cache memcache_servers $SERVICE_HOST:11211
+
+ # Do not cache the catalog backend due to https://bugs.launchpad.net/keystone/+bug/1537617
+ iniset $KEYSTONE_CONF catalog caching "False"
+
iniset_rpc_backend keystone $KEYSTONE_CONF
# Register SSL certificates if provided
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 9497a23..78eb55d 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -963,7 +963,7 @@
setup_colorized_logging $NEUTRON_CONF DEFAULT project_id
else
# Show user_name and project_name by default like in nova
- iniset $NEUTRON_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
+ iniset $NEUTRON_CONF DEFAULT logging_user_identity_format "%(user_name)s %(project_name)s"
fi
if is_service_enabled tls-proxy; then
@@ -993,7 +993,6 @@
cp $NEUTRON_DIR/etc/l3_agent.ini.sample $NEUTRON_TEST_CONFIG_FILE
- iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT verbose False
iniset $NEUTRON_TEST_CONFIG_FILE DEFAULT debug False
iniset $NEUTRON_TEST_CONFIG_FILE AGENT root_helper "$Q_RR_COMMAND"
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
@@ -1009,7 +1008,6 @@
cp $NEUTRON_DIR/etc/dhcp_agent.ini.sample $Q_DHCP_CONF_FILE
- iniset $Q_DHCP_CONF_FILE DEFAULT verbose True
iniset $Q_DHCP_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $Q_DHCP_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
@@ -1041,7 +1039,6 @@
cp $NEUTRON_DIR/etc/l3_agent.ini.sample $Q_L3_CONF_FILE
- iniset $Q_L3_CONF_FILE DEFAULT verbose True
iniset $Q_L3_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $Q_L3_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
@@ -1062,7 +1059,6 @@
function _configure_neutron_metadata_agent {
cp $NEUTRON_DIR/etc/metadata_agent.ini.sample $Q_META_CONF_FILE
- iniset $Q_META_CONF_FILE DEFAULT verbose True
iniset $Q_META_CONF_FILE DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $Q_META_CONF_FILE DEFAULT nova_metadata_ip $Q_META_DATA_IP
iniset $Q_META_CONF_FILE AGENT root_helper "$Q_RR_COMMAND"
@@ -1126,7 +1122,6 @@
if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then
iniset /$Q_PLUGIN_CONF_FILE agent root_helper_daemon "$Q_RR_DAEMON_COMMAND"
fi
- iniset $NEUTRON_CONF DEFAULT verbose True
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
# Configure agent for plugin
@@ -1146,7 +1141,6 @@
iniset $NEUTRON_CONF DEFAULT service_plugins $Q_SERVICE_PLUGIN_CLASSES
fi
- iniset $NEUTRON_CONF DEFAULT verbose True
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $NEUTRON_CONF oslo_policy policy_file $Q_POLICY_FILE
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
diff --git a/lib/nova b/lib/nova
index df2b977..79bef9b 100644
--- a/lib/nova
+++ b/lib/nova
@@ -546,7 +546,7 @@
setup_colorized_logging $NOVA_CONF DEFAULT
else
# Show user_name and project_name instead of user_id and project_id
- iniset $NOVA_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
+ iniset $NOVA_CONF DEFAULT logging_user_identity_format "%(user_name)s %(project_name)s"
fi
if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then
_config_nova_apache_wsgi
diff --git a/lib/oslo b/lib/oslo
index 6f5c7d1..1773da2 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -89,6 +89,7 @@
_do_install_oslo_lib "oslo.utils"
_do_install_oslo_lib "oslo.versionedobjects"
_do_install_oslo_lib "oslo.vmware"
+ _do_install_oslo_lib "osprofiler"
_do_install_oslo_lib "pycadf"
_do_install_oslo_lib "stevedore"
_do_install_oslo_lib "taskflow"
diff --git a/lib/tempest b/lib/tempest
index 3c34aad..5c771f9 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -321,7 +321,7 @@
local tmp_cfg_file
tmp_cfg_file=$(mktemp)
cd $TEMPEST_DIR
- tox -revenv -- verify-tempest-config -uro $tmp_cfg_file
+ tox -revenv -- tempest verify-config -uro $tmp_cfg_file
local compute_api_extensions=${COMPUTE_API_EXTENSIONS:-"all"}
if [[ ! -z "$DISABLE_COMPUTE_API_EXTENSIONS" ]]; then
diff --git a/stack.sh b/stack.sh
index 991ac7b..c56024f 100755
--- a/stack.sh
+++ b/stack.sh
@@ -292,7 +292,7 @@
sudo yum-config-manager --enable rhel-7-server-optional-rpms
# install the lastest RDO
- sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm
+ is_package_installed rdo-release || yum_install https://rdoproject.org/repos/rdo-release.rpm
if is_oraclelinux; then
sudo yum-config-manager --enable ol7_optional_latest ol7_addons ol7_MySQL56
diff --git a/tests/test_vercmp.sh b/tests/test_vercmp.sh
new file mode 100755
index 0000000..c88bf86
--- /dev/null
+++ b/tests/test_vercmp.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+
+# Tests for DevStack vercmp functionality
+
+TOP=$(cd $(dirname "$0")/.. && pwd)
+
+# Import common functions
+source $TOP/functions
+source $TOP/tests/unittest.sh
+
+assert_true "numeric gt" vercmp 2.0 ">" 1.0
+assert_true "numeric gte" vercmp 2.0 ">=" 1.0
+assert_true "numeric gt" vercmp 1.0.1 ">" 1.0
+assert_true "numeric gte" vercmp 1.0.1 ">=" 1.0
+assert_true "alpha gt" vercmp 1.0.1b ">" 1.0.1a
+assert_true "alpha gte" vercmp 1.0.1b ">=" 1.0.1a
+assert_true "alpha gt" vercmp b ">" a
+assert_true "alpha gte" vercmp b ">=" a
+assert_true "alpha gt" vercmp 2.0-rc3 ">" 2.0-rc1
+assert_true "alpha gte" vercmp 2.0-rc3 ">=" 2.0-rc1
+
+assert_false "numeric gt fail" vercmp 1.0 ">" 1.0
+assert_true "numeric gte" vercmp 1.0 ">=" 1.0
+assert_false "numeric gt fail" vercmp 0.9 ">" 1.0
+assert_false "numeric gte fail" vercmp 0.9 ">=" 1.0
+assert_false "numeric gt fail" vercmp 0.9.9 ">" 1.0
+assert_false "numeric gte fail" vercmp 0.9.9 ">=" 1.0
+assert_false "numeric gt fail" vercmp 0.9a.9 ">" 1.0.1
+assert_false "numeric gte fail" vercmp 0.9a.9 ">=" 1.0.1
+
+assert_false "numeric lt" vercmp 1.0 "<" 1.0
+assert_true "numeric lte" vercmp 1.0 "<=" 1.0
+assert_true "numeric lt" vercmp 1.0 "<" 1.0.1
+assert_true "numeric lte" vercmp 1.0 "<=" 1.0.1
+assert_true "alpha lt" vercmp 1.0.1a "<" 1.0.1b
+assert_true "alpha lte" vercmp 1.0.1a "<=" 1.0.1b
+assert_true "alpha lt" vercmp a "<" b
+assert_true "alpha lte" vercmp a "<=" b
+assert_true "alpha lt" vercmp 2.0-rc1 "<" 2.0-rc3
+assert_true "alpha lte" vercmp 2.0-rc1 "<=" 2.0-rc3
+
+assert_true "eq" vercmp 1.0 "==" 1.0
+assert_true "eq" vercmp 1.0.1 "==" 1.0.1
+assert_false "eq fail" vercmp 1.0.1 "==" 1.0.2
+assert_false "eq fail" vercmp 2.0-rc1 "==" 2.0-rc2
+
+report_results
diff --git a/tests/unittest.sh b/tests/unittest.sh
index 26b5b8e..3703ece 100644
--- a/tests/unittest.sh
+++ b/tests/unittest.sh
@@ -92,6 +92,51 @@
fi
}
+# assert the arguments evaluate to true
+# assert_true "message" arg1 arg2
+function assert_true {
+ local lineno
+ lineno=`caller 0 | awk '{print $1}'`
+ local function
+ function=`caller 0 | awk '{print $2}'`
+ local msg=$1
+ shift
+
+ $@
+ if [ $? -eq 0 ]; then
+ PASS=$((PASS+1))
+ echo "PASS: $function:L$lineno - $msg"
+ else
+ FAILED_FUNCS+="$function:L$lineno\n"
+ echo "ERROR: test failed in $function:L$lineno!"
+ echo " $msg"
+ ERROR=$((ERROR+1))
+ fi
+}
+
+# assert the arguments evaluate to false
+# assert_false "message" arg1 arg2
+function assert_false {
+ local lineno
+ lineno=`caller 0 | awk '{print $1}'`
+ local function
+ function=`caller 0 | awk '{print $2}'`
+ local msg=$1
+ shift
+
+ $@
+ if [ $? -eq 0 ]; then
+ FAILED_FUNCS+="$function:L$lineno\n"
+ echo "ERROR: test failed in $function:L$lineno!"
+ echo " $msg"
+ ERROR=$((ERROR+1))
+ else
+ PASS=$((PASS+1))
+ echo "PASS: $function:L$lineno - $msg"
+ fi
+}
+
+
# Print a summary of passing and failing tests and exit
# (with an error if we have failed tests)
# usage: report_results
diff --git a/tools/cap-pip.txt b/tools/cap-pip.txt
index 1a6f80c..c280267 100644
--- a/tools/cap-pip.txt
+++ b/tools/cap-pip.txt
@@ -1 +1 @@
-pip<8
+pip!=8
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 542a284..2a9d813 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -117,8 +117,10 @@
# Eradicate any and all system packages
-# python in f23 depends on the python-pip package
-if ! { is_fedora && [[ $DISTRO == "f23" ]]; }; then
+# Python in f23 and f22 depends on the python-pip package so removing it
+# results in a nonfunctional system. pip on fedora installs to /usr so pip
+# can safely override the system pip for all versions of fedora
+if ! is_fedora ; then
uninstall_package python-pip
uninstall_package python3-pip
fi