Merge "Use apache for tls-proxy ssl termination"
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index d6df1ef..9d023bf 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -1,16 +1,16 @@
-.. Note to patch submitters:
+.. Note to patch submitters:
- # ============================= #
- # THIS FILE IS AUTOGENERATED ! #
- # ============================= #
+ # ============================= #
+ # THIS FILE IS AUTOGENERATED ! #
+ # ============================= #
- ** Plugins are found automatically and added to this list **
+ ** Plugins are found automatically and added to this list **
- This file is created by a periodic proposal job. You should not
- edit this file.
+ This file is created by a periodic proposal job. You should not
+ edit this file.
- You should edit the files data/devstack-plugins-registry.footer
- data/devstack-plugins-registry.header to modify this text.
+ You should edit the files data/devstack-plugins-registry.footer
+ data/devstack-plugins-registry.header to modify this text.
==========================
DevStack Plugin Registry
@@ -24,6 +24,7 @@
====================================== ===
Plugin Name URL
====================================== ===
+almanach `git://git.openstack.org/openstack/almanach <https://git.openstack.org/cgit/openstack/almanach>`__
aodh `git://git.openstack.org/openstack/aodh <https://git.openstack.org/cgit/openstack/aodh>`__
app-catalog-ui `git://git.openstack.org/openstack/app-catalog-ui <https://git.openstack.org/cgit/openstack/app-catalog-ui>`__
astara `git://git.openstack.org/openstack/astara <https://git.openstack.org/cgit/openstack/astara>`__
@@ -61,11 +62,12 @@
gnocchi `git://git.openstack.org/openstack/gnocchi <https://git.openstack.org/cgit/openstack/gnocchi>`__
group-based-policy `git://git.openstack.org/openstack/group-based-policy <https://git.openstack.org/cgit/openstack/group-based-policy>`__
heat `git://git.openstack.org/openstack/heat <https://git.openstack.org/cgit/openstack/heat>`__
-higgins `git://git.openstack.org/openstack/higgins <https://git.openstack.org/cgit/openstack/higgins>`__
horizon-mellanox `git://git.openstack.org/openstack/horizon-mellanox <https://git.openstack.org/cgit/openstack/horizon-mellanox>`__
ironic `git://git.openstack.org/openstack/ironic <https://git.openstack.org/cgit/openstack/ironic>`__
ironic-inspector `git://git.openstack.org/openstack/ironic-inspector <https://git.openstack.org/cgit/openstack/ironic-inspector>`__
ironic-staging-drivers `git://git.openstack.org/openstack/ironic-staging-drivers <https://git.openstack.org/cgit/openstack/ironic-staging-drivers>`__
+karbor `git://git.openstack.org/openstack/karbor <https://git.openstack.org/cgit/openstack/karbor>`__
+karbor-dashboard `git://git.openstack.org/openstack/karbor-dashboard <https://git.openstack.org/cgit/openstack/karbor-dashboard>`__
kingbird `git://git.openstack.org/openstack/kingbird <https://git.openstack.org/cgit/openstack/kingbird>`__
kuryr-libnetwork `git://git.openstack.org/openstack/kuryr-libnetwork <https://git.openstack.org/cgit/openstack/kuryr-libnetwork>`__
magnum `git://git.openstack.org/openstack/magnum <https://git.openstack.org/cgit/openstack/magnum>`__
@@ -101,6 +103,7 @@
networking-plumgrid `git://git.openstack.org/openstack/networking-plumgrid <https://git.openstack.org/cgit/openstack/networking-plumgrid>`__
networking-powervm `git://git.openstack.org/openstack/networking-powervm <https://git.openstack.org/cgit/openstack/networking-powervm>`__
networking-sfc `git://git.openstack.org/openstack/networking-sfc <https://git.openstack.org/cgit/openstack/networking-sfc>`__
+networking-vpp `git://git.openstack.org/openstack/networking-vpp <https://git.openstack.org/cgit/openstack/networking-vpp>`__
networking-vsphere `git://git.openstack.org/openstack/networking-vsphere <https://git.openstack.org/cgit/openstack/networking-vsphere>`__
neutron `git://git.openstack.org/openstack/neutron <https://git.openstack.org/cgit/openstack/neutron>`__
neutron-dynamic-routing `git://git.openstack.org/openstack/neutron-dynamic-routing <https://git.openstack.org/cgit/openstack/neutron-dynamic-routing>`__
@@ -110,6 +113,7 @@
neutron-vpnaas `git://git.openstack.org/openstack/neutron-vpnaas <https://git.openstack.org/cgit/openstack/neutron-vpnaas>`__
nova-docker `git://git.openstack.org/openstack/nova-docker <https://git.openstack.org/cgit/openstack/nova-docker>`__
nova-lxd `git://git.openstack.org/openstack/nova-lxd <https://git.openstack.org/cgit/openstack/nova-lxd>`__
+nova-mksproxy `git://git.openstack.org/openstack/nova-mksproxy <https://git.openstack.org/cgit/openstack/nova-mksproxy>`__
nova-powervm `git://git.openstack.org/openstack/nova-powervm <https://git.openstack.org/cgit/openstack/nova-powervm>`__
octavia `git://git.openstack.org/openstack/octavia <https://git.openstack.org/cgit/openstack/octavia>`__
osprofiler `git://git.openstack.org/openstack/osprofiler <https://git.openstack.org/cgit/openstack/osprofiler>`__
@@ -122,12 +126,11 @@
searchlight `git://git.openstack.org/openstack/searchlight <https://git.openstack.org/cgit/openstack/searchlight>`__
searchlight-ui `git://git.openstack.org/openstack/searchlight-ui <https://git.openstack.org/cgit/openstack/searchlight-ui>`__
senlin `git://git.openstack.org/openstack/senlin <https://git.openstack.org/cgit/openstack/senlin>`__
-smaug `git://git.openstack.org/openstack/smaug <https://git.openstack.org/cgit/openstack/smaug>`__
-smaug-dashboard `git://git.openstack.org/openstack/smaug-dashboard <https://git.openstack.org/cgit/openstack/smaug-dashboard>`__
solum `git://git.openstack.org/openstack/solum <https://git.openstack.org/cgit/openstack/solum>`__
tacker `git://git.openstack.org/openstack/tacker <https://git.openstack.org/cgit/openstack/tacker>`__
tap-as-a-service `git://git.openstack.org/openstack/tap-as-a-service <https://git.openstack.org/cgit/openstack/tap-as-a-service>`__
tricircle `git://git.openstack.org/openstack/tricircle <https://git.openstack.org/cgit/openstack/tricircle>`__
+trio2o `git://git.openstack.org/openstack/trio2o <https://git.openstack.org/cgit/openstack/trio2o>`__
trove `git://git.openstack.org/openstack/trove <https://git.openstack.org/cgit/openstack/trove>`__
trove-dashboard `git://git.openstack.org/openstack/trove-dashboard <https://git.openstack.org/cgit/openstack/trove-dashboard>`__
vitrage `git://git.openstack.org/openstack/vitrage <https://git.openstack.org/cgit/openstack/vitrage>`__
@@ -137,6 +140,8 @@
watcher-dashboard `git://git.openstack.org/openstack/watcher-dashboard <https://git.openstack.org/cgit/openstack/watcher-dashboard>`__
zaqar `git://git.openstack.org/openstack/zaqar <https://git.openstack.org/cgit/openstack/zaqar>`__
zaqar-ui `git://git.openstack.org/openstack/zaqar-ui <https://git.openstack.org/cgit/openstack/zaqar-ui>`__
+zun `git://git.openstack.org/openstack/zun <https://git.openstack.org/cgit/openstack/zun>`__
+zun-ui `git://git.openstack.org/openstack/zun-ui <https://git.openstack.org/cgit/openstack/zun-ui>`__
====================================== ===
diff --git a/files/debs/cinder b/files/debs/cinder
index 3595e01..c1b79fd 100644
--- a/files/debs/cinder
+++ b/files/debs/cinder
@@ -3,3 +3,4 @@
open-iscsi-utils # Deprecated since quantal dist:precise
qemu-utils
tgt # NOPRIME
+thin-provisioning-tools
diff --git a/lib/keystone b/lib/keystone
index f52cc3f..851db04 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -248,9 +248,6 @@
iniset $KEYSTONE_CONF cache backend "oslo_cache.memcache_pool"
iniset $KEYSTONE_CONF cache memcache_servers localhost:11211
- # Do not cache the catalog backend due to https://bugs.launchpad.net/keystone/+bug/1537617
- iniset $KEYSTONE_CONF catalog caching "False"
-
iniset_rpc_backend keystone $KEYSTONE_CONF
# Register SSL certificates if provided
@@ -345,6 +342,8 @@
iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/"
+ iniset $KEYSTONE_CONF credential key_repository "$KEYSTONE_CONF_DIR/credential-keys/"
+
# Configure the project created by the 'keystone-manage bootstrap' as the cloud-admin project.
# The users from this project are globally admin as before, but it also
# allows policy changes in order to clarify the adminess scope.
@@ -514,6 +513,9 @@
rm -rf "$KEYSTONE_CONF_DIR/fernet-keys/"
$KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF fernet_setup
fi
+ rm -rf "$KEYSTONE_CONF_DIR/credential-keys/"
+ $KEYSTONE_BIN_DIR/keystone-manage --config-file $KEYSTONE_CONF credential_setup
+
}
# install_keystoneauth() - Collect source and prepare
diff --git a/lib/lvm b/lib/lvm
index b9d7c39..d35a76f 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -58,7 +58,9 @@
if [[ -n "$backing_file" ]] && [[ -e "$backing_file" ]]; then
local vg_dev
vg_dev=$(sudo losetup -j $backing_file | awk -F':' '/'$BACKING_FILE_SUFFIX'/ { print $1}')
- sudo losetup -d $vg_dev
+ if [[ -n "$vg_dev" ]]; then
+ sudo losetup -d $vg_dev
+ fi
rm -f $backing_file
fi
}
diff --git a/lib/neutron b/lib/neutron
index e377018..a715b4e 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -305,6 +305,9 @@
iniset $NOVA_CONF DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
+ # optionally set options in nova_conf
+ neutron_plugin_create_nova_conf
+
if is_service_enabled neutron-metadata-agent; then
iniset $NOVA_CONF neutron service_metadata_proxy "True"
fi
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index 1810099..123ba42 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -211,13 +211,15 @@
# Example: ``OVS_PHYSICAL_BRIDGE=br-eth1``
OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-br-ex}
+default_route_dev=$(ip route | grep ^default | awk '{print $5}')
+die_if_not_set $LINENO default_route_dev "Failure retrieving default route device"
# With the linuxbridge agent, if using VLANs for tenant networks,
# or if using flat or VLAN provider networks, set in ``localrc`` to
# the name of the network interface to use for the physical
# network.
#
# Example: ``LB_PHYSICAL_INTERFACE=eth1``
-LB_PHYSICAL_INTERFACE=${LB_PHYSICAL_INTERFACE:-}
+LB_PHYSICAL_INTERFACE=${LB_PHYSICAL_INTERFACE:-$default_route_dev}
# When Neutron tunnels are enabled it is needed to specify the
# IP address of the end point in the local server. This IP is set
diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index b598241..2e96284 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3
@@ -146,6 +146,14 @@
}
function create_neutron_initial_network {
+ if ! is_service_enabled q-svc && ! is_service_enabled neutron-api; then
+ echo "Controller services not enabled. No networks configured!"
+ return
+ fi
+ if [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "False" ]]; then
+ echo "Network creation disabled!"
+ return
+ fi
local project_id
project_id=$(openstack project list | grep " demo " | get_field 1)
die_if_not_set $LINENO project_id "Failure retrieving project_id for demo"
diff --git a/lib/nova b/lib/nova
index 8970a7c..60c1f51 100644
--- a/lib/nova
+++ b/lib/nova
@@ -85,6 +85,9 @@
# NOTE: Set ``FORCE_CONFIG_DRIVE="False"`` to turn OFF config drive
FORCE_CONFIG_DRIVE=${FORCE_CONFIG_DRIVE:-"False"}
+# Option to initialize CellsV2 environment
+NOVA_CONFIGURE_CELLSV2=$(trueorfalse False NOVA_CONFIGURE_CELLSV2)
+
# Nova supports pluggable schedulers. The default ``FilterScheduler``
# should work in most cases.
SCHEDULER=${SCHEDULER:-filter_scheduler}
@@ -682,10 +685,15 @@
# All nova components talk to a central database.
# Only do this step once on the API node for an entire cluster.
if is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-api; then
- # (Re)create nova database
+ # (Re)create nova databases
recreate_database nova
+ if [ "$NOVA_CONFIGURE_CELLSV2" != "False" ]; then
+ recreate_database nova_api_cell0
+ fi
- # Migrate nova database
+ # Migrate nova database. If "nova-manage cell_v2 simple_cell_setup" has
+ # been run this migrates the "nova" and "nova_api_cell0" database.
+ # Otherwise it just migrates the "nova" database.
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db sync
if is_service_enabled n-cell; then
@@ -938,6 +946,15 @@
fi
}
+# create_cell(): Group the available hosts into a cell
+function create_cell {
+ if ! is_service_enabled n-cell; then
+ nova-manage cell_v2 simple_cell_setup --transport-url $(get_transport_url)
+ else
+ echo 'Skipping cellsv2 setup for this cellsv1 configuration'
+ fi
+}
+
# Restore xtrace
$_XTRACE_LIB_NOVA
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index cc013c3..6b7c7c2 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -65,6 +65,7 @@
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet","/dev/net/tun",
+ "/dev/vfio/vfio",
]
EOF
fi
diff --git a/lib/nova_plugins/hypervisor-fake b/lib/nova_plugins/hypervisor-fake
index 6ac2199..f9b95c1 100644
--- a/lib/nova_plugins/hypervisor-fake
+++ b/lib/nova_plugins/hypervisor-fake
@@ -45,7 +45,7 @@
iniset $NOVA_CONF DEFAULT quota_fixed_ips -1
iniset $NOVA_CONF DEFAULT quota_metadata_items -1
iniset $NOVA_CONF DEFAULT quota_injected_files -1
- iniset $NOVA_CONF DEFAULT quota_injected_file_path_bytes -1
+ iniset $NOVA_CONF DEFAULT quota_injected_file_path_length -1
iniset $NOVA_CONF DEFAULT quota_security_groups -1
iniset $NOVA_CONF DEFAULT quota_security_group_rules -1
iniset $NOVA_CONF DEFAULT quota_key_pairs -1
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 20dde8e..b4eb3c1 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -100,6 +100,14 @@
yum_install libcgroup-tools
fi
fi
+
+ if [[ "$ENABLE_FILE_INJECTION" == "True" ]] ; then
+ if is_ubuntu; then
+ install_package python-guestfs
+ elif is_fedora || is_suse; then
+ install_package python-libguestfs
+ fi
+ fi
}
# start_nova_hypervisor - Start any required external services
diff --git a/lib/tempest b/lib/tempest
index 67fb454..b491bf8 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -354,6 +354,8 @@
iniset $TEMPEST_CONFIG compute max_microversion $tempest_compute_max_microversion
fi
+ # TODO(mriedem): Remove allow_port_security_disabled after liberty-eol.
+ iniset $TEMPEST_CONFIG compute-feature-enabled allow_port_security_disabled True
iniset $TEMPEST_CONFIG compute-feature-enabled personality ${ENABLE_FILE_INJECTION:-False}
iniset $TEMPEST_CONFIG compute-feature-enabled resize True
iniset $TEMPEST_CONFIG compute-feature-enabled live_migration ${LIVE_MIGRATION_AVAILABLE:-False}
diff --git a/stack.sh b/stack.sh
index 119ca85..6a5a2a3 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1268,10 +1268,7 @@
start_neutron
fi
# Once neutron agents are started setup initial network elements
-if is_service_enabled q-svc && [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]]; then
- echo_summary "Creating initial neutron network elements"
- create_neutron_initial_network
-fi
+create_neutron_initial_network
if is_service_enabled nova; then
echo_summary "Starting Nova"
@@ -1380,11 +1377,24 @@
check_libs_from_git
+# Configure nova cellsv2
+# ----------------------
+
+# Do this late because it requires compute hosts to have started
+if is_service_enabled n-api && [ "$NOVA_CONFIGURE_CELLSV2" == "True" ]; then
+ create_cell
+fi
+
# Bash completion
# ===============
# Prepare bash completion for OSC
-openstack complete | sudo tee /etc/bash_completion.d/osc.bash_completion > /dev/null
+#
+# BUG: https://bugs.launchpad.net/python-openstackclient/+bug/1619274
+# the os-cloud param should not be required but if we don't provide it
+# then this command hangs indefinitely if something is wrong with
+# default environment credentials.
+openstack --os-cloud=devstack complete | sudo tee /etc/bash_completion.d/osc.bash_completion > /dev/null
# If cinder is configured, set global_filter for PV devices
if is_service_enabled cinder; then
diff --git a/stackrc b/stackrc
index f7bdbc2..c14085a 100644
--- a/stackrc
+++ b/stackrc
@@ -16,6 +16,15 @@
# Destination path for installation
DEST=/opt/stack
+# Destination for working data
+DATA_DIR=${DEST}/data
+
+# Destination for status files
+SERVICE_DIR=${DEST}/status
+
+# Path for subunit output file
+SUBUNIT_OUTPUT=${DEST}/devstack.subunit
+
# Determine stack user
if [[ $EUID -eq 0 ]]; then
STACK_USER=stack
@@ -121,15 +130,6 @@
source $RC_DIR/.localrc.auto
fi
-# Destination for working data
-DATA_DIR=${DATA_DIR:-$DEST/data}
-
-# Destination for status files
-SERVICE_DIR=${SERVICE_DIR:-$DEST/status}
-
-# Path for subunit output file
-SUBUNIT_OUTPUT=${SUBUNIT_OUTPUT:-$DEST/devstack.subunit}
-
# Default for log coloring is based on interactive-or-not.
# Baseline assumption is that non-interactive invocations are for CI,
# where logs are to be presented as browsable text files; hence color
diff --git a/tools/generate-devstack-plugins-list.py b/tools/generate-devstack-plugins-list.py
index bbad1bf..56f12e7 100644
--- a/tools/generate-devstack-plugins-list.py
+++ b/tools/generate-devstack-plugins-list.py
@@ -46,6 +46,9 @@
# Check if this project has a plugin file
def has_devstack_plugin(proj):
+ # Don't link in the deb packaging repos
+ if "openstack/deb-" in proj:
+ return False
r = requests.get("https://git.openstack.org/cgit/%s/plain/devstack/plugin.sh" % proj)
return r.status_code == 200
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 1267699..a5ccb19 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -24,7 +24,20 @@
FILES=$TOP_DIR/files
-PIP_GET_PIP_URL=https://bootstrap.pypa.io/get-pip.py
+# The URL from where the get-pip.py file gets downloaded. If a local
+# get-pip.py mirror is available, PIP_GET_PIP_URL can be set to that
+# mirror in local.conf to avoid download timeouts.
+# Example:
+# PIP_GET_PIP_URL="http://local-server/get-pip.py"
+#
+# Note that if get-pip.py already exists in $FILES this script will
+# not re-download or check for a new version. For example, this is
+# done by openstack-infra diskimage-builder elements as part of image
+# preparation [1]. This prevents any network access, which can be
+# unreliable in CI situations.
+# [1] http://git.openstack.org/cgit/openstack-infra/project-config/tree/nodepool/elements/cache-devstack/source-repository-pip
+
+PIP_GET_PIP_URL=${PIP_GET_PIP_URL:-"https://bootstrap.pypa.io/get-pip.py"}
LOCAL_PIP="$FILES/$(basename $PIP_GET_PIP_URL)"
GetDistro