Merge "Fixes devstack ldap plugin"
diff --git a/README.rst b/README.rst
index b4240bd..adbf59a 100644
--- a/README.rst
+++ b/README.rst
@@ -14,7 +14,7 @@
* To provide an environment for the OpenStack CI testing on every commit
to the projects
-Read more at http://docs.openstack.org/developer/devstack
+Read more at https://docs.openstack.org/devstack/latest
IMPORTANT: Be sure to carefully read `stack.sh` and any other scripts you
execute before you run them, as they install software and will alter your
@@ -92,5 +92,5 @@
`local.conf`. It is likely that you will need to provide and modify
this file if you want anything other than the most basic setup. Start
by reading the `configuration guide
-<https://docs.openstack.org/developer/devstack/configuration.html>`_
+<https://docs.openstack.org/devstack/latest/configuration.html>`_
for details of the configuration file and the many available options.
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 1a8ddbc..b4e2891 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -197,6 +197,22 @@
to poke at your shiny new OpenStack. The most recent log file is
available in ``stack.sh.log``.
+Starting in the Ocata release, Nova requires a `Cells v2`_ deployment. Compute
+node services must be mapped to a cell before they can be used.
+
+After each compute node is stacked, verify it shows up in the
+``nova service-list --binary nova-compute`` output. The compute service is
+registered in the cell database asynchronously so this may require polling.
+
+Once the compute node services shows up, run the ``./tools/discover_hosts.sh``
+script from the control node to map compute hosts to the single cell.
+
+The compute service running on the primary control node will be
+discovered automatically when the control node is stacked so this really
+only needs to be performed for subnodes.
+
+.. _Cells v2: https://docs.openstack.org/nova/latest/user/cells.html
+
Cleaning Up After DevStack
--------------------------
diff --git a/doc/source/guides/nova.rst b/doc/source/guides/nova.rst
index a91e0d1..6bbab53 100644
--- a/doc/source/guides/nova.rst
+++ b/doc/source/guides/nova.rst
@@ -13,7 +13,7 @@
<http://specs.openstack.org/openstack/nova-specs/specs/juno/implemented/serial-ports.html>`_
to allow read/write access to the serial console of an instance via
`nova-serialproxy
-<http://docs.openstack.org/developer/nova/man/nova-serialproxy.html>`_.
+<https://docs.openstack.org/nova/latest/cli/nova-serialproxy.html>`_.
The service can be enabled by adding ``n-sproxy`` to
``ENABLED_SERVICES``. Further options can be enabled via
@@ -62,11 +62,9 @@
Enabling the service is enough to be functional for a single machine DevStack.
-These config options are defined in `nova.console.serial
-<https://github.com/openstack/nova/blob/master/nova/console/serial.py#L33-L52>`_
-and `nova.cmd.serialproxy
-<https://github.com/openstack/nova/blob/master/nova/cmd/serialproxy.py#L26-L33>`_.
+These config options are defined in `nova.conf.serial_console
+<https://github.com/openstack/nova/blob/master/nova/conf/serial_console.py>`_.
For more information on OpenStack configuration see the `OpenStack
Configuration Reference
-<http://docs.openstack.org/trunk/config-reference/content/list-of-compute-config-options.html>`_
+<https://docs.openstack.org/ocata/config-reference/compute.html>`_
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 92e5ecd..f9ca055 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -92,6 +92,7 @@
monasca-analytics `git://git.openstack.org/openstack/monasca-analytics <https://git.openstack.org/cgit/openstack/monasca-analytics>`__
monasca-api `git://git.openstack.org/openstack/monasca-api <https://git.openstack.org/cgit/openstack/monasca-api>`__
monasca-ceilometer `git://git.openstack.org/openstack/monasca-ceilometer <https://git.openstack.org/cgit/openstack/monasca-ceilometer>`__
+monasca-events-api `git://git.openstack.org/openstack/monasca-events-api <https://git.openstack.org/cgit/openstack/monasca-events-api>`__
monasca-log-api `git://git.openstack.org/openstack/monasca-log-api <https://git.openstack.org/cgit/openstack/monasca-log-api>`__
monasca-transform `git://git.openstack.org/openstack/monasca-transform <https://git.openstack.org/cgit/openstack/monasca-transform>`__
murano `git://git.openstack.org/openstack/murano <https://git.openstack.org/cgit/openstack/murano>`__
@@ -106,6 +107,7 @@
networking-dpm `git://git.openstack.org/openstack/networking-dpm <https://git.openstack.org/cgit/openstack/networking-dpm>`__
networking-fortinet `git://git.openstack.org/openstack/networking-fortinet <https://git.openstack.org/cgit/openstack/networking-fortinet>`__
networking-generic-switch `git://git.openstack.org/openstack/networking-generic-switch <https://git.openstack.org/cgit/openstack/networking-generic-switch>`__
+networking-hpe `git://git.openstack.org/openstack/networking-hpe <https://git.openstack.org/cgit/openstack/networking-hpe>`__
networking-huawei `git://git.openstack.org/openstack/networking-huawei <https://git.openstack.org/cgit/openstack/networking-huawei>`__
networking-infoblox `git://git.openstack.org/openstack/networking-infoblox <https://git.openstack.org/cgit/openstack/networking-infoblox>`__
networking-l2gw `git://git.openstack.org/openstack/networking-l2gw <https://git.openstack.org/cgit/openstack/networking-l2gw>`__
diff --git a/files/rpms/cinder b/files/rpms/cinder
index 2c7b45b..3bc4e7a 100644
--- a/files/rpms/cinder
+++ b/files/rpms/cinder
@@ -1,5 +1,5 @@
iscsi-initiator-utils
lvm2
qemu-img
-scsi-target-utils # not:rhel7,f24,f25 NOPRIME
-targetcli # dist:rhel7,f24,f25 NOPRIME
\ No newline at end of file
+scsi-target-utils # not:rhel7,f24,f25,f26 NOPRIME
+targetcli # dist:rhel7,f24,f25,f26 NOPRIME
diff --git a/files/rpms/general b/files/rpms/general
index 1393d18..2443cc8 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -9,9 +9,9 @@
graphviz # needed only for docs
httpd
httpd-devel
-iptables-services # NOPRIME f23,f24,f25
+iptables-services # NOPRIME f23,f24,f25,f26
java-1.7.0-openjdk-headless # NOPRIME rhel7
-java-1.8.0-openjdk-headless # NOPRIME f23,f24,f25
+java-1.8.0-openjdk-headless # NOPRIME f23,f24,f25,f26
libffi-devel
libjpeg-turbo-devel # Pillow 3.0.0
libxml2-devel # lxml
diff --git a/files/rpms/nova b/files/rpms/nova
index a368c55..632e796 100644
--- a/files/rpms/nova
+++ b/files/rpms/nova
@@ -7,7 +7,7 @@
genisoimage # required for config_drive
iptables
iputils
-kernel-modules # dist:f23,f24,f25
+kernel-modules # dist:f23,f24,f25,f26
kpartx
libxml2-python
m2crypto
diff --git a/files/rpms/swift b/files/rpms/swift
index 2f12df0..2e09cec 100644
--- a/files/rpms/swift
+++ b/files/rpms/swift
@@ -2,7 +2,7 @@
liberasurecode-devel
memcached
pyxattr
-rsync-daemon # dist:f23,f24,f25
+rsync-daemon # dist:f23,f24,f25,f26
sqlite
xfsprogs
xinetd
diff --git a/functions b/functions
index f04bc1f..6f2164a 100644
--- a/functions
+++ b/functions
@@ -750,19 +750,16 @@
echo $port
}
-
+# Save some state information
+#
+# Write out various useful state information to /etc/devstack-version
function write_devstack_version {
- pushd $TOP_DIR
- local git_version=""
- git_version=$(git log --format="%H %ci" -1)
cat - > /tmp/devstack-version <<EOF
-#!/bin/bash
-
-echo "DevStack Version: ${DEVSTACK_SERIES} - ${git_version}"
-echo "OS Version: ${os_VENDOR} ${os_RELEASE} ${os_CODENAME}"
-
+DevStack Version: ${DEVSTACK_SERIES}
+Change: $(git log --format="%H %s %ci" -1)
+OS Version: ${os_VENDOR} ${os_RELEASE} ${os_CODENAME}
EOF
- sudo install -m 755 /tmp/devstack-version /usr/local/bin/devstack-version
+ sudo install -m 644 /tmp/devstack-version /etc/devstack-version
rm /tmp/devstack-version
}
diff --git a/inc/python b/inc/python
index 718cbb2..f388f48 100644
--- a/inc/python
+++ b/inc/python
@@ -441,7 +441,7 @@
# project_dir: directory of project repo (e.g., /opt/stack/keystone)
# extras: comma-separated list of optional dependencies to install
# (e.g., ldap,memcache).
-# See http://docs.openstack.org/developer/pbr/#extra-requirements
+# See https://docs.openstack.org/pbr/latest/user/using.html#extra-requirements
# The command is like "pip install <project_dir>[<extras>]"
function setup_install {
local project_dir=$1
@@ -455,7 +455,7 @@
# project_dir: directory of project repo (e.g., /opt/stack/keystone)
# extras: comma-separated list of optional dependencies to install
# (e.g., ldap,memcache).
-# See http://docs.openstack.org/developer/pbr/#extra-requirements
+# See https://docs.openstack.org/pbr/latest/user/using.html#extra-requirements
# The command is like "pip install -e <project_dir>[<extras>]"
function setup_develop {
local project_dir=$1
@@ -487,7 +487,7 @@
# flags: pip CLI options/flags
# extras: comma-separated list of optional dependencies to install
# (e.g., ldap,memcache).
-# See http://docs.openstack.org/developer/pbr/#extra-requirements
+# See https://docs.openstack.org/pbr/latest/user/using.html#extra-requirements
# The command is like "pip install <flags> <project_dir>[<extras>]"
function _setup_package_with_constraints_edit {
local project_dir=$1
@@ -523,7 +523,7 @@
# flags: pip CLI options/flags
# extras: comma-separated list of optional dependencies to install
# (e.g., ldap,memcache).
-# See http://docs.openstack.org/developer/pbr/#extra-requirements
+# See https://docs.openstack.org/pbr/latest/user/using.html#extra-requirements
# The command is like "pip install <flags> <project_dir>[<extras>]"
function setup_package {
local project_dir=$1
diff --git a/lib/apache b/lib/apache
index e29acf2..ffd7966 100644
--- a/lib/apache
+++ b/lib/apache
@@ -287,7 +287,7 @@
# mod_proxy_uwsgi because the chunked encoding gets dropped. See:
# https://github.com/unbit/uwsgi/issues/1540 You can workaround this on python2
# but that involves having apache buffer the request before sending it to
-# uswgi.
+# uwsgi.
function write_local_uwsgi_http_config {
local file=$1
local wsgi=$2
diff --git a/lib/cinder b/lib/cinder
index b585416..4274be7 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -55,6 +55,8 @@
CINDER_CONF_DIR=/etc/cinder
CINDER_CONF=$CINDER_CONF_DIR/cinder.conf
+CINDER_UWSGI=$CINDER_BIN_DIR/cinder-wsgi
+CINDER_UWSGI_CONF=$CINDER_CONF_DIR/cinder-api-uwsgi.ini
CINDER_API_PASTE_INI=$CINDER_CONF_DIR/api-paste.ini
# Public facing bits
@@ -106,8 +108,9 @@
CINDER_ISCSI_HELPER=${CINDER_ISCSI_HELPER:-tgtadm}
fi
-# Toggle for deploying Cinder under HTTPD + mod_wsgi
-CINDER_USE_MOD_WSGI=${CINDER_USE_MOD_WSGI:-False}
+# Toggle for deploying Cinder under a wsgi server. Legacy mod_wsgi
+# reference should be cleaned up to more accurately refer to uwsgi.
+CINDER_USE_MOD_WSGI=${CINDER_USE_MOD_WSGI:-True}
# Source the enabled backends
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then
@@ -196,38 +199,8 @@
done
fi
- if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
- _cinder_cleanup_apache_wsgi
- fi
-}
-
-# _cinder_config_apache_wsgi() - Set WSGI config files
-function _cinder_config_apache_wsgi {
- local cinder_apache_conf
- cinder_apache_conf=$(apache_site_config_for osapi-volume)
- local cinder_ssl=""
- local cinder_certfile=""
- local cinder_keyfile=""
- local cinder_api_port=$CINDER_SERVICE_PORT
- local venv_path=""
-
- if [[ ${USE_VENV} = True ]]; then
- venv_path="python-path=${PROJECT_VENV["cinder"]}/lib/python2.7/site-packages"
- fi
-
- # copy proxy vhost file
- sudo cp $FILES/apache-cinder-api.template $cinder_apache_conf
- sudo sed -e "
- s|%PUBLICPORT%|$cinder_api_port|g;
- s|%APACHE_NAME%|$APACHE_NAME|g;
- s|%APIWORKERS%|$API_WORKERS|g
- s|%CINDER_BIN_DIR%|$CINDER_BIN_DIR|g;
- s|%SSLENGINE%|$cinder_ssl|g;
- s|%SSLCERTFILE%|$cinder_certfile|g;
- s|%SSLKEYFILE%|$cinder_keyfile|g;
- s|%USER%|$STACK_USER|g;
- s|%VIRTUALENV%|$venv_path|g
- " -i $cinder_apache_conf
+ stop_process "c-api"
+ remove_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI"
}
# configure_cinder() - Set config files, create data dirs, etc
@@ -319,9 +292,18 @@
fi
if is_service_enabled tls-proxy; then
- # Set the service port for a proxy to take the original
- iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
- iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
+ if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
+ # Set the service port for a proxy to take the original
+ if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
+ iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
+ iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST
+ iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST
+ else
+ iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT
+ iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
+ iniset $CINDER_CONF DEFAULT osapi_volume_base_URL $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT
+ fi
+ fi
fi
if [ "$SYSLOG" != "False" ]; then
@@ -333,9 +315,7 @@
# Format logging
setup_logging $CINDER_CONF $CINDER_USE_MOD_WSGI
- if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
- _cinder_config_apache_wsgi
- fi
+ write_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI" "/volume"
if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then
configure_cinder_driver
@@ -374,29 +354,47 @@
# Migrated from keystone_data.sh
function create_cinder_accounts {
-
# Cinder
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
create_service_user "cinder"
get_or_create_service "cinder" "volume" "Cinder Volume Service"
- get_or_create_endpoint \
- "volume" \
- "$REGION_NAME" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(project_id)s"
+ if [ "$CINDER_USE_MOD_WSGI" == "False" ]; then
+ get_or_create_endpoint \
+ "volume" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v1/\$(project_id)s"
- get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
- get_or_create_endpoint \
- "volumev2" \
- "$REGION_NAME" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(project_id)s"
+ get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
+ get_or_create_endpoint \
+ "volumev2" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v2/\$(project_id)s"
- get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
- get_or_create_endpoint \
- "volumev3" \
- "$REGION_NAME" \
- "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/\$(project_id)s"
+ get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
+ get_or_create_endpoint \
+ "volumev3" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/\$(project_id)s"
+ else
+ get_or_create_endpoint \
+ "volume" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v1/\$(project_id)s"
+
+ get_or_create_service "cinderv2" "volumev2" "Cinder Volume Service V2"
+ get_or_create_endpoint \
+ "volumev2" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v2/\$(project_id)s"
+
+ get_or_create_service "cinderv3" "volumev3" "Cinder Volume Service V3"
+ get_or_create_endpoint \
+ "volumev3" \
+ "$REGION_NAME" \
+ "$CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST/volume/v3/\$(project_id)s"
+ fi
configure_cinder_internal_tenant
fi
@@ -449,10 +447,6 @@
elif [[ "$CINDER_ISCI_HELPER" == "lioadm" ]]; then
install_package targetcli
fi
-
- if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
- install_apache_wsgi
- fi
}
# install_cinderclient() - Collect source and prepare
@@ -483,7 +477,8 @@
function start_cinder {
local service_port=$CINDER_SERVICE_PORT
local service_protocol=$CINDER_SERVICE_PROTOCOL
- if is_service_enabled tls-proxy; then
+ local cinder_url
+ if is_service_enabled tls-proxy && ["$CINDER_USE_MOD_WSGI" == "False"]; then
service_port=$CINDER_SERVICE_PORT_INT
service_protocol="http"
fi
@@ -507,24 +502,23 @@
fi
fi
- if is_service_enabled c-api ; then
- if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
- enable_apache_site osapi-volume
- restart_apache_server
- tail_log c-api /var/log/$APACHE_NAME/c-api.log
- else
+ if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
+ if [ "$CINDER_USE_MOD_WSGI" == "False" ]; then
run_process c-api "$CINDER_BIN_DIR/cinder-api --config-file $CINDER_CONF"
+ cinder_url=$service_protocol://$SERVICE_HOST:$service_port
+ # Start proxy if tsl enabled
+ if is_service_enabled tls_proxy; then
+ start_tls_proxy cinder '*' $CINDER_SERVICE_PORT $CINDER_SERVICE_HOST $CINDER_SERVICE_POR_INT
+ fi
+ else
+ run_process "c-api" "$CINDER_BIN_DIR/uwsgi --ini $CINDER_UWSGI_CONF"
+ cinder_url=$service_protocol://$SERVICE_HOST/volume/v3
fi
+ fi
- echo "Waiting for Cinder API to start..."
- if ! wait_for_service $SERVICE_TIMEOUT $service_protocol://$CINDER_SERVICE_HOST:$service_port; then
- die $LINENO "c-api did not start"
- fi
-
- # Start proxies if enabled
- if is_service_enabled tls-proxy; then
- start_tls_proxy cinder '*' $CINDER_SERVICE_PORT $CINDER_SERVICE_HOST $CINDER_SERVICE_PORT_INT
- fi
+ echo "Waiting for Cinder API to start..."
+ if ! wait_for_service $SERVICE_TIMEOUT $cinder_url; then
+ die $LINENO "c-api did not start"
fi
run_process c-sch "$CINDER_BIN_DIR/cinder-scheduler --config-file $CINDER_CONF"
@@ -538,12 +532,7 @@
# stop_cinder() - Stop running processes
function stop_cinder {
- if [ "$CINDER_USE_MOD_WSGI" == "True" ]; then
- disable_apache_site osapi-volume
- restart_apache_server
- else
- stop_process c-api
- fi
+ stop_process c-api
# Kill the cinder screen windows
local serv
diff --git a/lib/glance b/lib/glance
index 41145f9..0a5b9f5 100644
--- a/lib/glance
+++ b/lib/glance
@@ -72,7 +72,7 @@
GLANCE_REGISTRY_PORT=${GLANCE_REGISTRY_PORT:-9191}
GLANCE_REGISTRY_PORT_INT=${GLANCE_REGISTRY_PORT_INT:-19191}
GLANCE_UWSGI=$GLANCE_BIN_DIR/glance-wsgi-api
-GLANCE_UWSGI_CONF=$GLANCE_CONF_DIR/glance-uswgi.ini
+GLANCE_UWSGI_CONF=$GLANCE_CONF_DIR/glance-uwsgi.ini
# If wsgi mode is uwsgi run glance under uwsgi, else default to eventlet
# TODO(mtreinish): Remove the eventlet path here and in all the similar
# conditionals below after the Pike release
diff --git a/lib/lvm b/lib/lvm
index 0cebd92..f047181 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -35,7 +35,7 @@
# _clean_lvm_volume_group removes all default LVM volumes
#
-# Usage: clean_lvm_volume_group $vg
+# Usage: _clean_lvm_volume_group $vg
function _clean_lvm_volume_group {
local vg=$1
@@ -43,6 +43,16 @@
sudo lvremove -f $vg
}
+# _remove_lvm_volume_group removes the volume group
+#
+# Usage: _remove_lvm_volume_group $vg
+function _remove_lvm_volume_group {
+ local vg=$1
+
+ # Remove the volume group
+ sudo vgremove -f $vg
+}
+
# _clean_lvm_backing_file() removes the backing file of the
# volume group
#
@@ -69,6 +79,7 @@
local vg=$1
_clean_lvm_volume_group $vg
+ _remove_lvm_volume_group $vg
# if there is no logical volume left, it's safe to attempt a cleanup
# of the backing file
if [[ -z "$(sudo lvs --noheadings -o lv_name $vg 2>/dev/null)" ]]; then
diff --git a/lib/nova b/lib/nova
index 3fa5de6..8311a54 100644
--- a/lib/nova
+++ b/lib/nova
@@ -51,6 +51,8 @@
NOVA_CONF_DIR=/etc/nova
NOVA_CONF=$NOVA_CONF_DIR/nova.conf
NOVA_CELLS_CONF=$NOVA_CONF_DIR/nova-cells.conf
+NOVA_COND_CONF=$NOVA_CONF_DIR/nova.conf
+NOVA_CPU_CONF=$NOVA_CONF_DIR/nova-cpu.conf
NOVA_FAKE_CONF=$NOVA_CONF_DIR/nova-fake.conf
NOVA_CELLS_DB=${NOVA_CELLS_DB:-nova_cell}
NOVA_API_DB=${NOVA_API_DB:-nova_api}
@@ -59,6 +61,13 @@
NOVA_UWSGI_CONF=$NOVA_CONF_DIR/nova-api-uwsgi.ini
NOVA_METADATA_UWSGI_CONF=$NOVA_CONF_DIR/nova-metadata-uwsgi.ini
+# The total number of cells we expect. Must be greater than one and doesn't
+# count cell0.
+NOVA_NUM_CELLS=${NOVA_NUM_CELLS:-1}
+# Our cell index, so we know what rabbit vhost to connect to.
+# This should be in the range of 1-$NOVA_NUM_CELLS
+NOVA_CPU_CELL=${NOVA_CPU_CELL:-1}
+
NOVA_API_PASTE_INI=${NOVA_API_PASTE_INI:-$NOVA_CONF_DIR/api-paste.ini}
# Toggle for deploying Nova-API under a wsgi server. We default to
@@ -424,7 +433,16 @@
# require them running on the host. The ensures that n-cpu doesn't
# leak a need to use the db in a multinode scenario.
if is_service_enabled n-api n-cond n-sched; then
- iniset $NOVA_CONF database connection `database_connection_url nova`
+ # If we're in multi-tier cells mode, we want our control services pointing
+ # at cell0 instead of cell1 to ensure isolation. If not, we point everything
+ # at the main database like normal.
+ if [[ "$CELLSV2_SETUP" == "singleconductor" ]]; then
+ local db="nova_cell1"
+ else
+ local db="nova_cell0"
+ fi
+
+ iniset $NOVA_CONF database connection `database_connection_url $db`
iniset $NOVA_CONF api_database connection `database_connection_url nova_api`
fi
@@ -518,6 +536,7 @@
# Set the oslo messaging driver to the typical default. This does not
# enable notifications, but it will allow them to function when enabled.
iniset $NOVA_CONF oslo_messaging_notifications driver "messagingv2"
+ iniset $NOVA_CONF oslo_messaging_notifications transport_url $(get_transport_url)
iniset_rpc_backend nova $NOVA_CONF
iniset $NOVA_CONF glance api_servers "$GLANCE_URL"
@@ -541,23 +560,44 @@
# Setup logging for nova-dhcpbridge command line
sudo cp "$NOVA_CONF" "$NOVA_CONF_DIR/nova-dhcpbridge.conf"
- local service="n-dhcp"
- local logfile="${service}.log.${CURRENT_LOG_TIME}"
- local real_logfile="${LOGDIR}/${logfile}"
- if [[ -n ${LOGDIR} ]]; then
- bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${service}.log"
- iniset "$NOVA_CONF_DIR/nova-dhcpbridge.conf" DEFAULT log_file "$real_logfile"
- if [[ -n ${SCREEN_LOGDIR} ]]; then
- # Drop the backward-compat symlink
- ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log
+ if is_service_enabled n-net; then
+ local service="n-dhcp"
+ local logfile="${service}.log.${CURRENT_LOG_TIME}"
+ local real_logfile="${LOGDIR}/${logfile}"
+ if [[ -n ${LOGDIR} ]]; then
+ bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${service}.log"
+ iniset "$NOVA_CONF_DIR/nova-dhcpbridge.conf" DEFAULT log_file "$real_logfile"
+ if [[ -n ${SCREEN_LOGDIR} ]]; then
+ # Drop the backward-compat symlink
+ ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log
+ fi
fi
- fi
- iniset $NOVA_CONF DEFAULT dhcpbridge_flagfile "$NOVA_CONF_DIR/nova-dhcpbridge.conf"
+ iniset $NOVA_CONF DEFAULT dhcpbridge_flagfile "$NOVA_CONF_DIR/nova-dhcpbridge.conf"
+ fi
if [ "$NOVA_USE_SERVICE_TOKEN" == "True" ]; then
init_nova_service_user_conf
fi
+
+ if is_service_enabled n-cond; then
+ for i in $(seq 1 $NOVA_NUM_CELLS); do
+ local conf
+ local vhost
+ conf=$(conductor_conf $i)
+ vhost="nova_cell${i}"
+ iniset $conf database connection `database_connection_url nova_cell${i}`
+ iniset $conf conductor workers "$API_WORKERS"
+ iniset $conf DEFAULT debug "$ENABLE_DEBUG_LOG_LEVEL"
+ # if we have a singleconductor, we don't have per host message queues.
+ if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
+ iniset_rpc_backend nova $conf DEFAULT
+ else
+ rpc_backend_add_vhost $vhost
+ iniset_rpc_backend nova $conf DEFAULT $vhost
+ fi
+ done
+ fi
}
function init_nova_service_user_conf {
@@ -572,6 +612,11 @@
iniset $NOVA_CONF service_user auth_strategy keystone
}
+function conductor_conf {
+ local cell="$1"
+ echo "${NOVA_CONF_DIR}/nova_cell${cell}.conf"
+}
+
function init_nova_cells {
if is_service_enabled n-cell; then
cp $NOVA_CONF $NOVA_CELLS_CONF
@@ -593,6 +638,9 @@
iniset $NOVA_CELLS_CONF DEFAULT enabled_apis metadata
fi
+ # Cells v1 conductor should be the nova-cells.conf
+ NOVA_COND_CONF=$NOVA_CELLS_CONF
+
time_start "dbsync"
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CELLS_CONF db sync
time_stop "dbsync"
@@ -638,8 +686,6 @@
recreate_database $NOVA_API_DB
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF api_db sync
- # (Re)create nova databases
- recreate_database nova
recreate_database nova_cell0
# map_cell0 will create the cell mapping record in the nova_api DB so
@@ -648,6 +694,12 @@
# and nova_cell0 databases.
nova-manage cell_v2 map_cell0 --database_connection `database_connection_url nova_cell0`
+ # (Re)create nova databases
+ for i in $(seq 1 $NOVA_NUM_CELLS); do
+ recreate_database nova_cell${i}
+ $NOVA_BIN_DIR/nova-manage --config-file $(conductor_conf $i) db sync
+ done
+
# Migrate nova and nova_cell0 databases.
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db sync
@@ -660,8 +712,9 @@
$NOVA_BIN_DIR/nova-manage --config-file $NOVA_CONF db online_data_migrations
# create the cell1 cell for the main nova db where the hosts live
- nova-manage cell_v2 create_cell --transport-url $(get_transport_url) \
- --name 'cell1'
+ for i in $(seq 1 $NOVA_NUM_CELLS); do
+ nova-manage --config-file $NOVA_CONF --config-file $(conductor_conf $i) cell_v2 create_cell --name "cell$i"
+ done
fi
create_nova_cache_dir
@@ -758,6 +811,16 @@
export PATH=$old_path
}
+# Detect and setup conditions under which singleconductor setup is
+# needed. Notably cellsv1.
+function _set_singleconductor {
+ # NOTE(danms): Don't setup conductor fleet for cellsv1
+ if is_service_enabled n-cell; then
+ CELLSV2_SETUP="singleconductor"
+ fi
+}
+
+
# start_nova_compute() - Start the compute process
function start_nova_compute {
# Hack to set the path for rootwrap
@@ -770,15 +833,28 @@
local compute_cell_conf=$NOVA_CONF
fi
+ if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
+ # NOTE(danms): Grenade doesn't setup multi-cell rabbit, so
+ # skip these bits and use the normal config.
+ NOVA_CPU_CONF=$compute_cell_conf
+ echo "Skipping multi-cell conductor fleet setup"
+ else
+ # "${CELLSV2_SETUP}" is "superconductor"
+ cp $compute_cell_conf $NOVA_CPU_CONF
+ # FIXME(danms): Should this be configurable?
+ iniset $NOVA_CPU_CONF workarounds disable_group_policy_check_upcall True
+ iniset_rpc_backend nova $NOVA_CPU_CONF DEFAULT "nova_cell${NOVA_CPU_CELL}"
+ fi
+
if [[ "$VIRT_DRIVER" = 'libvirt' ]]; then
# The group **$LIBVIRT_GROUP** is added to the current user in this script.
# ``sg`` is used in run_process to execute nova-compute as a member of the
# **$LIBVIRT_GROUP** group.
- run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LIBVIRT_GROUP
+ run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $NOVA_CPU_CONF" $LIBVIRT_GROUP
elif [[ "$VIRT_DRIVER" = 'lxd' ]]; then
- run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $LXD_GROUP
+ run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $NOVA_CPU_CONF" $LXD_GROUP
elif [[ "$VIRT_DRIVER" = 'docker' || "$VIRT_DRIVER" = 'zun' ]]; then
- run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf" $DOCKER_GROUP
+ run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $NOVA_CPU_CONF" $DOCKER_GROUP
elif [[ "$VIRT_DRIVER" = 'fake' ]]; then
local i
for i in `seq 1 $NUMBER_FAKE_NOVA_COMPUTE`; do
@@ -787,13 +863,13 @@
# gets its own configuration and own log file.
local fake_conf="${NOVA_FAKE_CONF}-${i}"
iniset $fake_conf DEFAULT nhost "${HOSTNAME}${i}"
- run_process "n-cpu-${i}" "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf --config-file $fake_conf"
+ run_process "n-cpu-${i}" "$NOVA_BIN_DIR/nova-compute --config-file $NOVA_CPU_CONF --config-file $fake_conf"
done
else
if is_service_enabled n-cpu && [[ -r $NOVA_PLUGINS/hypervisor-$VIRT_DRIVER ]]; then
start_nova_hypervisor
fi
- run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $compute_cell_conf"
+ run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $NOVA_CPU_CONF"
fi
export PATH=$old_path
@@ -813,7 +889,6 @@
fi
# ``run_process`` checks ``is_service_enabled``, it is not needed here
- run_process n-cond "$NOVA_BIN_DIR/nova-conductor --config-file $compute_cell_conf"
run_process n-cell-region "$NOVA_BIN_DIR/nova-cells --config-file $api_cell_conf"
run_process n-cell-child "$NOVA_BIN_DIR/nova-cells --config-file $compute_cell_conf"
@@ -840,9 +915,46 @@
export PATH=$old_path
}
+function enable_nova_fleet {
+ if is_service_enabled n-cond; then
+ enable_service n-super-cond
+ for i in $(seq 1 $NOVA_NUM_CELLS); do
+ enable_service n-cond-cell${i}
+ done
+ fi
+}
+
+function start_nova_conductor {
+ if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
+ echo "Starting nova-conductor in a cellsv1-compatible way"
+ run_process n-cond "$NOVA_BIN_DIR/nova-conductor --config-file $NOVA_COND_CONF"
+ return
+ fi
+
+ enable_nova_fleet
+ if is_service_enabled n-super-cond; then
+ run_process n-super-cond "$NOVA_BIN_DIR/nova-conductor --config-file $NOVA_COND_CONF"
+ fi
+ for i in $(seq 1 $NOVA_NUM_CELLS); do
+ if is_service_enabled n-cond-cell${i}; then
+ local conf
+ conf=$(conductor_conf $i)
+ run_process n-cond-cell${i} "$NOVA_BIN_DIR/nova-conductor --config-file $conf"
+ fi
+ done
+}
+
function start_nova {
+ # this catches the cells v1 case early
+ _set_singleconductor
start_nova_rest
+ start_nova_conductor
start_nova_compute
+ if is_service_enabled n-api; then
+ # dump the cell mapping to ensure life is good
+ echo "Dumping cells_v2 mapping"
+ nova-manage cell_v2 list_cells --verbose
+ fi
}
function stop_nova_compute {
@@ -861,14 +973,24 @@
function stop_nova_rest {
# Kill the non-compute nova processes
- for serv in n-api n-api-meta n-net n-sch n-novnc n-xvnc n-cauth n-spice n-cond n-cell n-cell n-sproxy; do
+ for serv in n-api n-api-meta n-net n-sch n-novnc n-xvnc n-cauth n-spice n-cell n-cell n-sproxy; do
stop_process $serv
done
}
+function stop_nova_conductor {
+ enable_nova_fleet
+ for srv in n-super-cond $(seq -f n-cond-cell%0.f 1 $NOVA_NUM_CELLS); do
+ if is_service_enabled $srv; then
+ stop_process $srv
+ fi
+ done
+}
+
# stop_nova() - Stop running processes (non-screen)
function stop_nova {
stop_nova_rest
+ stop_nova_conductor
stop_nova_compute
}
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 3e38b89..8d74c77 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -73,15 +73,7 @@
#pip_install_gr <there-si-no-guestfs-in-pypi>
elif is_fedora || is_suse; then
# On "KVM for IBM z Systems", kvm does not have its own package
- if [[ ! ${DISTRO} =~ "kvmibm1" && ! ${DISTRO} =~ "rhel7" ]]; then
- install_package kvm
- fi
-
- if [[ ${DISTRO} =~ "rhel7" ]]; then
- # This should install the latest qemu-kvm build,
- # which is called qemu-kvm-ev in centos7
- # (as the default OS qemu-kvm package is usually rather old,
- # and should be updated by above)
+ if [[ ! ${DISTRO} =~ "kvmibm1" ]]; then
install_package qemu-kvm
fi
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index f3c8add..0c08a0f 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -115,7 +115,10 @@
sudo dpkg-statoverride --add --update $STAT_OVERRIDE
fi
done
- elif is_fedora || is_suse; then
+ elif is_suse; then
+ # Workaround for missing dependencies in python-libguestfs
+ install_package python-libguestfs guestfs-data augeas augeas-lenses
+ elif is_fedora; then
install_package python-libguestfs
fi
fi
diff --git a/lib/swift b/lib/swift
index fc09093..455740e 100644
--- a/lib/swift
+++ b/lib/swift
@@ -846,6 +846,14 @@
fi
run_process s-proxy "$SWIFT_BIN_DIR/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
+ # We also started the storage services, but proxy started last and
+ # will take the longest to start, so by the time it comes up, we're
+ # probably fine.
+ echo "Waiting for swift proxy to start..."
+ if ! wait_for_service $SERVICE_TIMEOUT $SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$SWIFT_DEFAULT_BIND_PORT/info; then
+ die $LINENO "swift proxy did not start"
+ fi
+
if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]]; then
swift_configure_tempurls
fi
diff --git a/samples/local.conf b/samples/local.conf
index 6d5351f..8b76137 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -10,7 +10,7 @@
# This is a collection of some of the settings we have found to be useful
# in our DevStack development environments. Additional settings are described
-# in http://docs.openstack.org/developer/devstack/configuration.html#local-conf
+# in https://docs.openstack.org/devstack/latest/configuration.html#local-conf
# These should be considered as samples and are unsupported DevStack code.
# The ``localrc`` section replaces the old ``localrc`` configuration file.
diff --git a/setup.cfg b/setup.cfg
index 73d22b5..fcd2b13 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -5,7 +5,7 @@
README.rst
author = OpenStack
author-email = openstack-dev@lists.openstack.org
-home-page = http://docs.openstack.org/developer/devstack
+home-page = https://docs.openstack.org/devstack/latest
classifier =
Intended Audience :: Developers
License :: OSI Approved :: Apache Software License
diff --git a/stack.sh b/stack.sh
index fd18651..015ee6e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -216,12 +216,12 @@
fi
source $TOP_DIR/stackrc
-# this installs a devstack-version script to make it easy to report the version back
+# write /etc/devstack-version
write_devstack_version
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (xenial|yakkety|zesty|stretch|jessie|f24|f25|opensuse-42.2|rhel7|kvmibm1) ]]; then
+if [[ ! ${DISTRO} =~ (xenial|yakkety|zesty|stretch|jessie|f24|f25|f26|opensuse-42.2|opensuse-42.3|rhel7|kvmibm1) ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
if [[ "$FORCE" != "yes" ]]; then
die $LINENO "If you wish to run this script anyway run with FORCE=yes"
@@ -1304,7 +1304,9 @@
# Unable to use LUKS passphrase that is exactly 16 bytes long
# https://bugzilla.redhat.com/show_bug.cgi?id=1447297
if is_service_enabled nova; then
- iniset $NOVA_CONF key_manager fixed_key $(generate_hex_string 36)
+ key=$(generate_hex_string 36)
+ iniset $NOVA_CONF key_manager fixed_key "$key"
+ iniset $NOVA_CPU_CONF key_manager fixed_key "$key"
fi
# Launch the nova-api and wait for it to answer before continuing
@@ -1534,12 +1536,12 @@
echo
echo "Services are running under systemd unit files."
echo "For more information see: "
- echo "https://docs.openstack.org/developer/devstack/systemd.html"
+ echo "https://docs.openstack.org/devstack/latest/systemd.html"
echo
fi
-# devstack version
-devstack-version
+# Useful info on current state
+cat /etc/devstack-version
echo
# Indicate how long this took to run (bash maintained variable ``SECONDS``)
diff --git a/stackrc b/stackrc
index c57e485..877da82 100644
--- a/stackrc
+++ b/stackrc
@@ -77,6 +77,14 @@
# Set the default Nova APIs to enable
NOVA_ENABLED_APIS=osapi_compute,metadata
+# CELLSV2_SETUP - how we should configure services with cells v2
+#
+# - superconductor - this is one conductor for the api services, and
+# one per cell managing the compute services. This is prefered
+# - singleconductor - this is one conductor for the whole deployment,
+# this is not recommended, and will be removed in the future.
+CELLSV2_SETUP=${CELLSV2_SETUP:-"superconductor"}
+
# Set the root URL for Horizon
HORIZON_APACHE_ROOT="/dashboard"
@@ -719,31 +727,14 @@
DEFAULT_IMAGE_FILE_NAME=${DEFAULT_IMAGE_FILE_NAME:-$DEFAULT_IMAGE_NAME}
IMAGE_URLS+="http://partnerweb.vmware.com/programs/vmdkimage/${DEFAULT_IMAGE_FILE_NAME}";;
xenserver)
- DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.4-x86_64-disk}
- DEFAULT_IMAGE_FILE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.4-x86_64-disk.vhd.tgz}
- IMAGE_URLS+="http://ca.downloads.xensource.com/OpenStack/cirros-0.3.4-x86_64-disk.vhd.tgz"
+ DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.5-x86_64-disk}
+ DEFAULT_IMAGE_FILE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.5-x86_64-disk.vhd.tgz}
+ IMAGE_URLS+="http://ca.downloads.xensource.com/OpenStack/cirros-0.3.5-x86_64-disk.vhd.tgz"
IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz";;
esac
DOWNLOAD_DEFAULT_IMAGES=False
fi
-# Staging area for new images. These images are cached by a run of
-# ./tools/image_list.sh during CI image build (see
-# project-config:nodepool/elements/cache-devstack/extra-data.d/55-cache-devstack-repos).
-#
-# To avoid CI failures grabbing the images, new images should be here
-# for at least 24hrs (nodepool builds images at 14:00UTC) so the they
-# are in the cache.
-PRECACHE_IMAGES=$(trueorfalse False PRECACHE_IMAGES)
-if [[ "$PRECACHE_IMAGES" == "True" ]]; then
- # required for trove devstack tests; see
- # git.openstack.org/cgit/openstack/trove/tree/devstack/plugin.sh
- IMAGE_URL="http://tarballs.openstack.org/trove/images/ubuntu/mysql.qcow2"
- if ! [[ "$IMAGE_URLS" =~ "$IMAGE_URL" ]]; then
- IMAGE_URLS+=",$IMAGE_URL"
- fi
-fi
-
# Detect duplicate values in IMAGE_URLS
for image_url in ${IMAGE_URLS//,/ }; do
if [ $(echo "$IMAGE_URLS" | grep -o -F "$image_url" | wc -l) -gt 1 ]; then
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index 0b78bde..55cd725 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -157,7 +157,7 @@
# [1] https://bugzilla.redhat.com/show_bug.cgi?id=1099031
# [2] https://bugs.launchpad.net/neutron/+bug/1455303
# [3] https://github.com/redhat-openstack/openstack-puppet-modules/blob/master/firewall/manifests/linux/redhat.pp
- # [4] http://docs.openstack.org/developer/devstack/guides/neutron.html
+ # [4] https://docs.openstack.org/devstack/latest/guides/neutron.html
if is_package_installed firewalld; then
sudo systemctl disable firewalld
# The iptables service files are no longer included by default,
diff --git a/tools/image_list.sh b/tools/image_list.sh
index 27b3d46..29b93ed 100755
--- a/tools/image_list.sh
+++ b/tools/image_list.sh
@@ -36,7 +36,7 @@
# Sanity check - ensure we have a minimum number of images
num=$(echo $ALL_IMAGES | tr ',' '\n' | sort | uniq | wc -l)
-if [[ "$num" -lt 5 ]]; then
+if [[ "$num" -lt 4 ]]; then
echo "ERROR: We only found $num images in $ALL_IMAGES, which can't be right."
exit 1
fi
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index da59093..9334910 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -88,6 +88,22 @@
export PYTHON=$(which python 2>/dev/null)
fi
+if is_suse; then
+ # novnc has an extraneous dependency on pyOpenSSL, which causes symbol conflicts
+ # in the bundled libssl of python-cryptography. when both are loaded into the same
+ # process, they start hanging or segfaulting.
+ install_package novnc
+ # deinstall the extra but irrelevant dependencies
+ sudo rpm -e --nodeps python-cffi python-cryptography python-pyOpenSSL
+ # reinstall cffi which got overwriten by the package.
+ sudo pip install -I cffi
+ # now reinstall cryptography from source, in order to rebuilt it against the
+ # system libssl rather than the bundled openSSL 1.1, which segfaults when combined
+ # with the system provided (which libpython links against) openSSL 1.0
+ sudo pip install cryptography --no-binary :all:
+fi
+
+
# Mark end of run
# ---------------