Merge "Fix reboot on fedora like nodes"
diff --git a/.zuul.yaml b/.zuul.yaml
index fa7f180..9cad5d4 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -370,7 +370,7 @@
- job:
name: devstack-base
- parent: multinode
+ parent: openstack-multinode-fips
abstract: true
description: |
Base abstract Devstack job.
@@ -696,9 +696,6 @@
description: |
Simple multinode test to verify multinode functionality on devstack side.
This is not meant to be used as a parent job.
- vars:
- devstack_localrc:
- MYSQL_REDUCE_MEMORY: true
# NOTE(ianw) Platform tests have traditionally been non-voting because
# we often have to rush things through devstack to stabilise the gate,
@@ -1047,7 +1044,7 @@
# * neutron-functional-with-uwsgi: maintained by neutron for functional
# test. Next cycle we can remove this one if things turn out to be
# stable engouh with uwsgi.
- # * neutron-tempest-with-uwsgi: maintained by neutron for tempest test.
+ # * neutron-ovn-tempest-with-uwsgi: maintained by neutron for tempest test.
# Next cycle we can remove this if everything run out stable enough.
# * nova-multi-cell: maintained by nova and currently non-voting in the
# check queue for nova changes but relies on devstack configuration
@@ -1062,7 +1059,7 @@
- nova-next
- neutron-fullstack-with-uwsgi
- neutron-functional-with-uwsgi
- - neutron-tempest-with-uwsgi
+ - neutron-ovn-tempest-with-uwsgi
- devstack-plugin-ceph-tempest-py3:
irrelevant-files:
- ^.*\.rst$
diff --git a/doc/source/guides/nova.rst b/doc/source/guides/nova.rst
index 5b42797..705d427 100644
--- a/doc/source/guides/nova.rst
+++ b/doc/source/guides/nova.rst
@@ -122,7 +122,7 @@
.. code-block:: shell
$ openstack --os-compute-api-version 2.37 server create --flavor cirros256 \
- --image cirros-0.3.5-x86_64-disk --nic none --wait test-server
+ --image cirros-0.6.2-x86_64-disk --nic none --wait test-server
.. note:: ``--os-compute-api-version`` greater than or equal to 2.37 is
required to use ``--nic=none``.
diff --git a/doc/source/index.rst b/doc/source/index.rst
index 1e932f8..ccd0fef 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -38,8 +38,7 @@
Start with a clean and minimal install of a Linux system. DevStack
attempts to support the two latest LTS releases of Ubuntu, the
-latest/current Fedora version, CentOS/RHEL/Rocky Linux 9, OpenSUSE and
-openEuler.
+latest/current Fedora version, CentOS/RHEL/Rocky Linux 9 and openEuler.
If you do not have a preference, Ubuntu 22.04 (Jammy) is the
most tested, and will probably go the smoothest.
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 2e8e8f5..f54fca9 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -70,7 +70,6 @@
openstack/networking-bgpvpn `https://opendev.org/openstack/networking-bgpvpn <https://opendev.org/openstack/networking-bgpvpn>`__
openstack/networking-generic-switch `https://opendev.org/openstack/networking-generic-switch <https://opendev.org/openstack/networking-generic-switch>`__
openstack/networking-hyperv `https://opendev.org/openstack/networking-hyperv <https://opendev.org/openstack/networking-hyperv>`__
-openstack/networking-odl `https://opendev.org/openstack/networking-odl <https://opendev.org/openstack/networking-odl>`__
openstack/networking-powervm `https://opendev.org/openstack/networking-powervm <https://opendev.org/openstack/networking-powervm>`__
openstack/networking-sfc `https://opendev.org/openstack/networking-sfc <https://opendev.org/openstack/networking-sfc>`__
openstack/neutron `https://opendev.org/openstack/neutron <https://opendev.org/openstack/neutron>`__
@@ -88,7 +87,6 @@
openstack/osprofiler `https://opendev.org/openstack/osprofiler <https://opendev.org/openstack/osprofiler>`__
openstack/oswin-tempest-plugin `https://opendev.org/openstack/oswin-tempest-plugin <https://opendev.org/openstack/oswin-tempest-plugin>`__
openstack/ovn-octavia-provider `https://opendev.org/openstack/ovn-octavia-provider <https://opendev.org/openstack/ovn-octavia-provider>`__
-openstack/patrole `https://opendev.org/openstack/patrole <https://opendev.org/openstack/patrole>`__
openstack/rally-openstack `https://opendev.org/openstack/rally-openstack <https://opendev.org/openstack/rally-openstack>`__
openstack/sahara `https://opendev.org/openstack/sahara <https://opendev.org/openstack/sahara>`__
openstack/sahara-dashboard `https://opendev.org/openstack/sahara-dashboard <https://opendev.org/openstack/sahara-dashboard>`__
diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst
index 62dd15b..dd75b5a 100644
--- a/doc/source/plugins.rst
+++ b/doc/source/plugins.rst
@@ -243,9 +243,6 @@
- ``./devstack/files/rpms/$plugin_name`` - Packages to install when running
on Red Hat, Fedora, or CentOS.
-- ``./devstack/files/rpms-suse/$plugin_name`` - Packages to install when
- running on SUSE Linux or openSUSE.
-
Although there a no plans to remove this method of installing
packages, plugins should consider it deprecated for ``bindep`` support
described below.
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 1a353e5..d99e8e6 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -23,6 +23,7 @@
%SSLLISTEN% %SSLENGINE%
%SSLLISTEN% %SSLCERTFILE%
%SSLLISTEN% %SSLKEYFILE%
+%SSLLISTEN% SSLProtocol -all +TLSv1.3 +TLSv1.2
%SSLLISTEN%</VirtualHost>
Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public
diff --git a/files/apache-neutron.template b/files/apache-neutron.template
index c7796b9..358e87f 100644
--- a/files/apache-neutron.template
+++ b/files/apache-neutron.template
@@ -24,6 +24,7 @@
%SSLLISTEN% %SSLENGINE%
%SSLLISTEN% %SSLCERTFILE%
%SSLLISTEN% %SSLKEYFILE%
+%SSLLISTEN% SSLProtocol -all +TLSv1.3 +TLSv1.2
%SSLLISTEN%</VirtualHost>
Alias /networking %NEUTRON_BIN%/neutron-api
diff --git a/files/dnsmasq-for-baremetal-from-nova-network.conf b/files/dnsmasq-for-baremetal-from-nova-network.conf
deleted file mode 100644
index 66a3751..0000000
--- a/files/dnsmasq-for-baremetal-from-nova-network.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-enable-tftp
-tftp-root=/tftpboot
-dhcp-boot=pxelinux.0
diff --git a/files/rpms-suse/baremetal b/files/rpms-suse/baremetal
deleted file mode 100644
index 61f73ee..0000000
--- a/files/rpms-suse/baremetal
+++ /dev/null
@@ -1 +0,0 @@
-dnsmasq
diff --git a/files/rpms-suse/ceph b/files/rpms-suse/ceph
deleted file mode 100644
index 8c4955d..0000000
--- a/files/rpms-suse/ceph
+++ /dev/null
@@ -1,3 +0,0 @@
-ceph # NOPRIME
-lsb
-xfsprogs
diff --git a/files/rpms-suse/cinder b/files/rpms-suse/cinder
deleted file mode 100644
index b39cc79..0000000
--- a/files/rpms-suse/cinder
+++ /dev/null
@@ -1,3 +0,0 @@
-lvm2
-qemu-tools
-tgt # NOPRIME
diff --git a/files/rpms-suse/dstat b/files/rpms-suse/dstat
deleted file mode 100644
index 2b643b8..0000000
--- a/files/rpms-suse/dstat
+++ /dev/null
@@ -1 +0,0 @@
-dstat
diff --git a/files/rpms-suse/general b/files/rpms-suse/general
deleted file mode 100644
index f636110..0000000
--- a/files/rpms-suse/general
+++ /dev/null
@@ -1,34 +0,0 @@
-apache2
-apache2-devel
-bc
-ca-certificates-mozilla
-curl
-gawk
-gcc
-gcc-c++
-git-core
-graphviz # docs
-iputils
-libffi-devel # pyOpenSSL
-libjpeg8-devel # Pillow 3.0.0
-libopenssl-devel # to rebuild pyOpenSSL if needed
-libxslt-devel # lxml
-lsof # useful when debugging
-make
-net-tools
-openssh
-openssl
-pcre-devel # python-pcre
-postgresql-devel # psycopg2
-psmisc
-python3-systemd
-python-cmd2 # dist:opensuse-12.3
-python-devel # pyOpenSSL
-python-xml
-tar
-tcpdump
-unzip
-util-linux
-wget
-which
-zlib-devel
diff --git a/files/rpms-suse/horizon b/files/rpms-suse/horizon
deleted file mode 100644
index 753ea76..0000000
--- a/files/rpms-suse/horizon
+++ /dev/null
@@ -1,2 +0,0 @@
-apache2-mod_wsgi # NOPRIME
-apache2 # NOPRIME
diff --git a/files/rpms-suse/keystone b/files/rpms-suse/keystone
deleted file mode 100644
index 66cfc23..0000000
--- a/files/rpms-suse/keystone
+++ /dev/null
@@ -1,4 +0,0 @@
-cyrus-sasl-devel
-memcached
-openldap2-devel
-sqlite3
diff --git a/files/rpms-suse/ldap b/files/rpms-suse/ldap
deleted file mode 100644
index 46d26f0..0000000
--- a/files/rpms-suse/ldap
+++ /dev/null
@@ -1,3 +0,0 @@
-openldap2
-openldap2-client
-python-ldap
diff --git a/files/rpms-suse/n-api b/files/rpms-suse/n-api
deleted file mode 100644
index 0f08daa..0000000
--- a/files/rpms-suse/n-api
+++ /dev/null
@@ -1 +0,0 @@
-python-dateutil
diff --git a/files/rpms-suse/n-cpu b/files/rpms-suse/n-cpu
deleted file mode 100644
index 9c724cb..0000000
--- a/files/rpms-suse/n-cpu
+++ /dev/null
@@ -1,10 +0,0 @@
-cdrkit-cdrtools-compat # dist:sle12
-cryptsetup
-dosfstools
-libosinfo
-lvm2
-mkisofs # not:sle12
-open-iscsi
-sg3_utils
-# Stuff for diablo volumes
-sysfsutils
diff --git a/files/rpms-suse/neutron-agent b/files/rpms-suse/neutron-agent
deleted file mode 100644
index ea8819e..0000000
--- a/files/rpms-suse/neutron-agent
+++ /dev/null
@@ -1 +0,0 @@
-ipset
diff --git a/files/rpms-suse/neutron-common b/files/rpms-suse/neutron-common
deleted file mode 100644
index e3799a9..0000000
--- a/files/rpms-suse/neutron-common
+++ /dev/null
@@ -1,12 +0,0 @@
-acl
-dnsmasq
-dnsmasq-utils # dist:opensuse-12.3,opensuse-13.1
-ebtables
-haproxy # to serve as metadata proxy inside router/dhcp namespaces
-iptables
-iputils
-rabbitmq-server # NOPRIME
-radvd # NOPRIME
-sqlite3
-sudo
-vlan
diff --git a/files/rpms-suse/neutron-l3 b/files/rpms-suse/neutron-l3
deleted file mode 100644
index a7a190c..0000000
--- a/files/rpms-suse/neutron-l3
+++ /dev/null
@@ -1,2 +0,0 @@
-conntrack-tools
-keepalived
diff --git a/files/rpms-suse/nova b/files/rpms-suse/nova
deleted file mode 100644
index 082b9ac..0000000
--- a/files/rpms-suse/nova
+++ /dev/null
@@ -1,21 +0,0 @@
-cdrkit-cdrtools-compat # dist:sle12
-conntrack-tools
-curl
-ebtables
-iptables
-iputils
-kpartx
-kvm # NOPRIME
-libvirt # NOPRIME
-libvirt-python # NOPRIME
-# mkisofs is required for config_drive
-mkisofs # not:sle12
-parted
-polkit
-# qemu as fallback if kvm cannot be used
-qemu # NOPRIME
-rabbitmq-server # NOPRIME
-socat
-sqlite3
-sudo
-vlan
diff --git a/files/rpms-suse/openvswitch b/files/rpms-suse/openvswitch
deleted file mode 100644
index 53f8bb2..0000000
--- a/files/rpms-suse/openvswitch
+++ /dev/null
@@ -1,3 +0,0 @@
-
-openvswitch
-openvswitch-switch
diff --git a/files/rpms-suse/os-brick b/files/rpms-suse/os-brick
deleted file mode 100644
index 67b33a9..0000000
--- a/files/rpms-suse/os-brick
+++ /dev/null
@@ -1,2 +0,0 @@
-lsscsi
-open-iscsi
diff --git a/files/rpms-suse/q-agt b/files/rpms-suse/q-agt
deleted file mode 120000
index 99fe353..0000000
--- a/files/rpms-suse/q-agt
+++ /dev/null
@@ -1 +0,0 @@
-neutron-agent
\ No newline at end of file
diff --git a/files/rpms-suse/q-l3 b/files/rpms-suse/q-l3
deleted file mode 120000
index 0a5ca2a..0000000
--- a/files/rpms-suse/q-l3
+++ /dev/null
@@ -1 +0,0 @@
-neutron-l3
\ No newline at end of file
diff --git a/files/rpms-suse/swift b/files/rpms-suse/swift
deleted file mode 100644
index 3663b98..0000000
--- a/files/rpms-suse/swift
+++ /dev/null
@@ -1,6 +0,0 @@
-curl
-liberasurecode-devel
-memcached
-sqlite3
-xfsprogs
-xinetd
diff --git a/files/rpms/general b/files/rpms/general
index b6866de..8a5755c 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -6,9 +6,11 @@
gcc-c++
gettext # used for compiling message catalogs
git-core
+glibc-langpack-en # dist:rhel9
graphviz # needed only for docs
httpd
httpd-devel
+iptables-nft # dist:rhel9
iptables-services
java-1.8.0-openjdk-headless
libffi-devel
diff --git a/functions-common b/functions-common
index 4eed5d8..8cc8643 100644
--- a/functions-common
+++ b/functions-common
@@ -412,9 +412,9 @@
# - os_VENDOR
# - os_PACKAGE
function GetOSVersion {
- # CentOS Stream 9 does not provide lsb_release
+ # CentOS Stream 9 and RHEL 9 do not provide lsb_release
source /etc/os-release
- if [[ "${ID}${VERSION}" == "centos9" ]]; then
+ if [[ "${ID}${VERSION}" == "centos9" ]] || [[ "${ID}${VERSION}" =~ "rhel9" ]]; then
os_RELEASE=${VERSION_ID}
os_CODENAME="n/a"
os_VENDOR=$(echo $NAME | tr -d '[:space:]')
@@ -454,16 +454,6 @@
elif [[ "$os_VENDOR" =~ (Fedora) ]]; then
# For Fedora, just use 'f' and the release
DISTRO="f$os_RELEASE"
- elif is_opensuse; then
- DISTRO="opensuse-$os_RELEASE"
- # Tumbleweed uses "n/a" as a codename, and the release is a datestring
- # like 20180218, so not very useful. Leap however uses a release
- # with a "dot", so for example 15.0
- [ "$os_CODENAME" = "n/a" -a "$os_RELEASE" = "${os_RELEASE/\./}" ] && \
- DISTRO="opensuse-tumbleweed"
- elif is_suse_linux_enterprise; then
- # just use major release
- DISTRO="sle${os_RELEASE%.*}"
elif [[ "$os_VENDOR" =~ (Red.*Hat) || \
"$os_VENDOR" =~ (CentOS) || \
"$os_VENDOR" =~ (AlmaLinux) || \
@@ -530,6 +520,7 @@
[ "$os_VENDOR" = "openEuler" ] || \
[ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \
[ "$os_VENDOR" = "RedHatEnterprise" ] || \
+ [ "$os_VENDOR" = "RedHatEnterpriseLinux" ] || \
[ "$os_VENDOR" = "Rocky" ] || \
[ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "CentOSStream" ] || \
[ "$os_VENDOR" = "AlmaLinux" ] || \
@@ -537,37 +528,6 @@
}
-# Determine if current distribution is a SUSE-based distribution
-# (openSUSE, SLE).
-# is_suse
-function is_suse {
- is_opensuse || is_suse_linux_enterprise
-}
-
-
-# Determine if current distribution is an openSUSE distribution
-# is_opensuse
-function is_opensuse {
- if [[ -z "$os_VENDOR" ]]; then
- GetOSVersion
- fi
-
- [[ "$os_VENDOR" =~ (openSUSE) ]]
-}
-
-
-# Determine if current distribution is a SUSE Linux Enterprise (SLE)
-# distribution
-# is_suse_linux_enterprise
-function is_suse_linux_enterprise {
- if [[ -z "$os_VENDOR" ]]; then
- GetOSVersion
- fi
-
- [[ "$os_VENDOR" =~ (^SUSE) ]]
-}
-
-
# Determine if current distribution is an Ubuntu-based distribution
# It will also detect non-Ubuntu but Debian-based distros
# is_ubuntu
@@ -650,8 +610,9 @@
echo "the project to the \$PROJECTS variable in the job definition."
die $LINENO "ERROR_ON_CLONE is set to True so cloning not allowed in this configuration"
fi
- # '--branch' can also take tags
- git_timed clone $git_clone_flags $git_remote $git_dest --branch $git_ref
+ git_timed clone $git_clone_flags $git_remote $git_dest
+ cd $git_dest
+ git checkout $git_ref
elif [[ "$RECLONE" = "True" ]]; then
# if it does exist then simulate what clone does if asked to RECLONE
cd $git_dest
@@ -1168,8 +1129,6 @@
pkg_dir=$base_dir/debs
elif is_fedora; then
pkg_dir=$base_dir/rpms
- elif is_suse; then
- pkg_dir=$base_dir/rpms-suse
else
exit_distro_not_supported "list of packages"
fi
@@ -1444,8 +1403,6 @@
apt_get install "$@"
elif is_fedora; then
yum_install "$@"
- elif is_suse; then
- zypper_install "$@"
else
exit_distro_not_supported "installing packages"
fi
@@ -1487,8 +1444,6 @@
apt_get purge "$@"
elif is_fedora; then
sudo dnf remove -y "$@" ||:
- elif is_suse; then
- sudo zypper remove -y "$@" ||:
else
exit_distro_not_supported "uninstalling packages"
fi
@@ -2545,6 +2500,11 @@
fi
}
+function is_fips_enabled {
+ fips=`cat /proc/sys/crypto/fips_enabled`
+ [ "$fips" == "1" ]
+}
+
# Restore xtrace
$_XTRACE_FUNCTIONS_COMMON
diff --git a/inc/python b/inc/python
index 3eb3efe..a24f4e9 100644
--- a/inc/python
+++ b/inc/python
@@ -7,7 +7,6 @@
# External functions used:
# - GetOSVersion
# - is_fedora
-# - is_suse
# - safe_chown
# Save trace setting
@@ -62,7 +61,6 @@
$xtrace
local PYTHON_PATH=/usr/local/bin
- is_suse && PYTHON_PATH=/usr/bin
echo $PYTHON_PATH
}
@@ -462,8 +460,6 @@
function install_python3 {
if is_ubuntu; then
apt_get install python${PYTHON3_VERSION} python${PYTHON3_VERSION}-dev
- elif is_suse; then
- install_package python3-devel python3-dbm
elif is_fedora; then
if [ "$os_VENDOR" = "Fedora" ]; then
install_package python${PYTHON3_VERSION//.}
diff --git a/lib/apache b/lib/apache
index 771a7d7..76eae9c 100644
--- a/lib/apache
+++ b/lib/apache
@@ -44,10 +44,6 @@
APACHE_NAME=httpd
APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/conf.d}
APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
-elif is_suse; then
- APACHE_NAME=apache2
- APACHE_CONF_DIR=${APACHE_CONF_DIR:-/etc/$APACHE_NAME/vhosts.d}
- APACHE_SETTINGS_DIR=${APACHE_SETTINGS_DIR:-/etc/$APACHE_NAME/conf.d}
fi
APACHE_LOG_DIR="/var/log/${APACHE_NAME}"
@@ -65,11 +61,6 @@
sudo a2enmod $mod
restart_apache_server
fi
- elif is_suse; then
- if ! a2enmod -q $mod ; then
- sudo a2enmod $mod
- restart_apache_server
- fi
elif is_fedora; then
# pass
true
@@ -104,10 +95,6 @@
# Thus there is nothing else to do after this install
install_package uwsgi \
uwsgi-plugin-python3
- elif [[ $os_VENDOR =~ openSUSE ]]; then
- install_package uwsgi \
- uwsgi-python3 \
- apache2-mod_uwsgi
else
# Compile uwsgi from source.
local dir
@@ -125,7 +112,7 @@
sudo rm -rf $dir
fi
- if is_ubuntu || is_suse ; then
+ if is_ubuntu; then
# we've got to enable proxy and proxy_uwsgi for this to work
sudo a2enmod proxy
sudo a2enmod proxy_uwsgi
@@ -157,8 +144,6 @@
sudo sed -i '/mod_mpm_prefork.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf
sudo sed -i '/mod_mpm_event.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf
sudo sed -i '/mod_mpm_worker.so/s/^#//g' /etc/httpd/conf.modules.d/00-mpm.conf
- elif is_suse; then
- install_package apache2 apache2-mod_wsgi
else
exit_distro_not_supported "apache wsgi installation"
fi
@@ -173,7 +158,7 @@
# recognise it. a2ensite and a2dissite ignore the .conf suffix used as parameter. The default sites'
# files are 000-default.conf and default-ssl.conf.
#
-# On Fedora and openSUSE, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.
+# On Fedora, any file in /etc/httpd/conf.d/ whose name ends with .conf is enabled.
#
# On RHEL and CentOS, things should hopefully work as in Fedora.
#
@@ -189,7 +174,7 @@
if is_ubuntu; then
# Ubuntu 14.04 - Apache 2.4
echo $APACHE_CONF_DIR/${site}.conf
- elif is_fedora || is_suse; then
+ elif is_fedora; then
# fedora conf.d is only imported if it ends with .conf so this is approx the same
local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
if [ -f $enabled_site_file ]; then
@@ -207,7 +192,7 @@
enable_apache_mod version
if is_ubuntu; then
sudo a2ensite ${site}
- elif is_fedora || is_suse; then
+ elif is_fedora; then
local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
# Do nothing if site already enabled or no site config exists
if [[ -f ${enabled_site_file}.disabled ]] && [[ ! -f ${enabled_site_file} ]]; then
@@ -221,7 +206,7 @@
local site=$@
if is_ubuntu; then
sudo a2dissite ${site} || true
- elif is_fedora || is_suse; then
+ elif is_fedora; then
local enabled_site_file="$APACHE_CONF_DIR/${site}.conf"
# Do nothing if no site config exists
if [[ -f ${enabled_site_file} ]]; then
diff --git a/lib/cinder b/lib/cinder
index c50a205..e37eff4 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -118,8 +118,8 @@
fi
-# EL and SUSE should only use lioadm
-if is_fedora || is_suse; then
+# EL should only use lioadm
+if is_fedora; then
if [[ ${CINDER_TARGET_HELPER} != "lioadm" && ${CINDER_TARGET_HELPER} != 'nvmet' ]]; then
die "lioadm and nvmet are the only valid Cinder target_helper config on this platform"
fi
@@ -596,11 +596,6 @@
_configure_tgt_for_config_d
if is_ubuntu; then
sudo service tgt restart
- elif is_suse; then
- # NOTE(dmllr): workaround restart bug
- # https://bugzilla.suse.com/show_bug.cgi?id=934642
- stop_service tgtd
- start_service tgtd
else
restart_service tgtd
fi
diff --git a/lib/databases/mysql b/lib/databases/mysql
index e805b3e..27d1ec6 100644
--- a/lib/databases/mysql
+++ b/lib/databases/mysql
@@ -20,12 +20,6 @@
MYSQL_SERVICE_NAME=mysql
if is_fedora && ! is_oraclelinux; then
MYSQL_SERVICE_NAME=mariadb
- elif is_suse && systemctl list-unit-files | grep -q 'mariadb\.service'; then
- # Older mariadb packages on SLES 12 provided mysql.service. The
- # newer ones on SLES 12 and 15 use mariadb.service; they also
- # provide a mysql.service symlink for backwards-compatibility, but
- # let's not rely on that.
- MYSQL_SERVICE_NAME=mariadb
elif [[ "$DISTRO" == "bullseye" ]]; then
MYSQL_SERVICE_NAME=mariadb
fi
@@ -54,7 +48,7 @@
elif is_oraclelinux; then
uninstall_package mysql-community-server
sudo rm -rf /var/lib/mysql
- elif is_suse || is_fedora; then
+ elif is_fedora; then
uninstall_package mariadb-server
sudo rm -rf /var/lib/mysql
else
@@ -69,12 +63,12 @@
}
function configure_database_mysql {
- local my_conf mysql slow_log
+ local my_conf mysql slow_log my_client_conf
echo_summary "Configuring and starting MySQL"
if is_ubuntu; then
my_conf=/etc/mysql/my.cnf
- elif is_suse || is_oraclelinux; then
+ elif is_oraclelinux; then
my_conf=/etc/my.cnf
elif is_fedora; then
my_conf=/etc/my.cnf
@@ -86,11 +80,20 @@
exit_distro_not_supported "mysql configuration"
fi
+ # Set fips mode on
+ if is_ubuntu; then
+ if is_fips_enabled; then
+ my_client_conf=/etc/mysql/mysql.conf.d/mysql.cnf
+ iniset -sudo $my_client_conf mysql ssl-fips-mode "on"
+ iniset -sudo $my_conf mysqld ssl-fips-mode "on"
+ fi
+ fi
+
# Change bind-address from localhost (127.0.0.1) to any (::)
iniset -sudo $my_conf mysqld bind-address "$(ipv6_unquote $SERVICE_LISTEN_ADDRESS)"
# (Re)Start mysql-server
- if is_fedora || is_suse; then
+ if is_fedora; then
# service is not started by default
start_service $MYSQL_SERVICE_NAME
elif is_ubuntu; then
@@ -222,9 +225,6 @@
elif is_fedora; then
install_package mariadb-server mariadb-devel mariadb
sudo systemctl enable $MYSQL_SERVICE_NAME
- elif is_suse; then
- install_package mariadb-server
- sudo systemctl enable $MYSQL_SERVICE_NAME
elif is_ubuntu; then
install_package $MYSQL_SERVICE_NAME-server
else
diff --git a/lib/databases/postgresql b/lib/databases/postgresql
index 4f0a5a0..b21418b 100644
--- a/lib/databases/postgresql
+++ b/lib/databases/postgresql
@@ -32,7 +32,7 @@
# Get ruthless with mysql
apt_get purge -y postgresql*
return
- elif is_fedora || is_suse; then
+ elif is_fedora; then
uninstall_package postgresql-server
else
return
@@ -66,11 +66,6 @@
pg_dir=`find /etc/postgresql -name pg_hba.conf|xargs dirname`
pg_hba=$pg_dir/pg_hba.conf
pg_conf=$pg_dir/postgresql.conf
- elif is_suse; then
- pg_hba=/var/lib/pgsql/data/pg_hba.conf
- pg_conf=/var/lib/pgsql/data/postgresql.conf
- # initdb is called when postgresql is first started
- sudo [ -e $pg_hba ] || start_service postgresql
else
exit_distro_not_supported "postgresql configuration"
fi
@@ -107,7 +102,7 @@
if [[ "$INSTALL_DATABASE_SERVER_PACKAGES" == "True" ]]; then
if is_ubuntu; then
install_package postgresql
- elif is_fedora || is_suse; then
+ elif is_fedora; then
install_package postgresql-server
if is_fedora; then
sudo systemctl enable postgresql
diff --git a/lib/glance b/lib/glance
index 041acaf..430d94d 100644
--- a/lib/glance
+++ b/lib/glance
@@ -47,10 +47,6 @@
# from CINDER_ENABLED_BACKENDS
GLANCE_CINDER_DEFAULT_BACKEND=${GLANCE_CINDER_DEFAULT_BACKEND:-lvmdriver-1}
GLANCE_STORE_ROOTWRAP_BASE_DIR=/usr/local/etc/glance
-# NOTE (abhishekk): For opensuse data files are stored in different directory
-if is_opensuse; then
- GLANCE_STORE_ROOTWRAP_BASE_DIR=/usr/etc/glance
-fi
# When Cinder is used as a glance store, you can optionally configure cinder to
# optimize bootable volume creation by allowing volumes to be cloned directly
# in the backend instead of transferring data via Glance. To use this feature,
@@ -99,10 +95,10 @@
GLANCE_ENABLE_QUOTAS=$(trueorfalse True GLANCE_ENABLE_QUOTAS)
# Flag to set the oslo_policy.enforce_scope. This is used to switch
-# the Image API policies to start checking the scope of token. By Default,
-# this flag is False.
+# This is used to disable the Image API policies scope and new defaults.
+# By Default, it is True.
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
-GLANCE_ENFORCE_SCOPE=$(trueorfalse False GLANCE_ENFORCE_SCOPE)
+GLANCE_ENFORCE_SCOPE=$(trueorfalse True GLANCE_ENFORCE_SCOPE)
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
GLANCE_METADEF_DIR=$GLANCE_CONF_DIR/metadefs
diff --git a/lib/horizon b/lib/horizon
index b2bf7bc..f76f9e5 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -129,7 +129,7 @@
if is_ubuntu; then
disable_apache_site 000-default
sudo touch $horizon_conf
- elif is_fedora || is_suse; then
+ elif is_fedora; then
: # nothing to do
else
exit_distro_not_supported "horizon apache configuration"
diff --git a/lib/ldap b/lib/ldap
index ea5faa1..b0195db 100644
--- a/lib/ldap
+++ b/lib/ldap
@@ -39,13 +39,6 @@
LDAP_OLCDB_NUMBER=2
LDAP_OLCDB_TYPE=hdb
LDAP_ROOTPW_COMMAND=add
-elif is_suse; then
- # SUSE has slappasswd in /usr/sbin/
- PATH=$PATH:/usr/sbin/
- LDAP_OLCDB_NUMBER=1
- LDAP_OLCDB_TYPE=hdb
- LDAP_ROOTPW_COMMAND=add
- LDAP_SERVICE_NAME=ldap
fi
@@ -76,8 +69,6 @@
sudo rm -rf /etc/ldap/ldap.conf /var/lib/ldap
elif is_fedora; then
sudo rm -rf /etc/openldap /var/lib/ldap
- elif is_suse; then
- sudo rm -rf /var/lib/ldap
fi
}
@@ -126,11 +117,6 @@
configure_ldap
elif is_fedora; then
start_ldap
- elif is_suse; then
- _ldap_varsubst $FILES/ldap/suse-base-config.ldif.in >$tmp_ldap_dir/suse-base-config.ldif
- sudo slapadd -F /etc/openldap/slapd.d/ -bcn=config -l $tmp_ldap_dir/suse-base-config.ldif
- sudo sed -i '/^OPENLDAP_START_LDAPI=/s/"no"/"yes"/g' /etc/sysconfig/openldap
- start_ldap
fi
echo "LDAP_PASSWORD is $LDAP_PASSWORD"
diff --git a/lib/lvm b/lib/lvm
index 57ffb96..57d2cd4 100644
--- a/lib/lvm
+++ b/lib/lvm
@@ -129,8 +129,8 @@
local vg=$1
local size=$2
- # Start the tgtd service on Fedora and SUSE if tgtadm is used
- if is_fedora || is_suse && [[ "$CINDER_TARGET_HELPER" = "tgtadm" ]]; then
+ # Start the tgtd service on Fedora if tgtadm is used
+ if is_fedora; then
start_service tgtd
fi
diff --git a/lib/neutron b/lib/neutron
index 368a1b9..a6de722 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -1112,24 +1112,6 @@
# Functions for Neutron Exercises
#--------------------------------
-function delete_probe {
- local from_net="$1"
- net_id=`_get_net_id $from_net`
- probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}'`
- neutron-debug --os-tenant-name admin --os-username admin probe-delete $probe_id
-}
-
-function _get_net_id {
- openstack --os-cloud devstack-admin --os-region-name="$REGION_NAME" --os-project-name admin --os-username admin --os-password $ADMIN_PASSWORD network list | grep $1 | awk '{print $2}'
-}
-
-function _get_probe_cmd_prefix {
- local from_net="$1"
- net_id=`_get_net_id $from_net`
- probe_id=`neutron-debug --os-tenant-name admin --os-username admin --os-password $ADMIN_PASSWORD probe-list -c id -c network_id | grep $net_id | awk '{print $2}' | head -n 1`
- echo "$Q_RR_COMMAND ip netns exec qprobe-$probe_id"
-}
-
# ssh check
function _ssh_check_neutron {
local from_net=$1
diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base
index cc41a8c..adabc56 100644
--- a/lib/neutron_plugins/ovs_base
+++ b/lib/neutron_plugins/ovs_base
@@ -80,19 +80,6 @@
elif is_fedora; then
restart_service openvswitch
sudo systemctl enable openvswitch
- elif is_suse; then
- if [[ $DISTRO == "sle12" ]] && vercmp "$os_RELEASE" "<" "12.2" ; then
- restart_service openvswitch-switch
- else
- # workaround for https://bugzilla.suse.com/show_bug.cgi?id=1085971
- if [[ $DISTRO =~ "tumbleweed" ]]; then
- sudo sed -i -e "s,^OVS_USER_ID=.*,OVS_USER_ID='root:root'," /etc/sysconfig/openvswitch
- fi
- restart_service openvswitch || {
- journalctl -xe || :
- systemctl status openvswitch
- }
- fi
fi
fi
}
diff --git a/lib/neutron_plugins/ovs_source b/lib/neutron_plugins/ovs_source
index ea71e60..75e7d7c 100644
--- a/lib/neutron_plugins/ovs_source
+++ b/lib/neutron_plugins/ovs_source
@@ -164,10 +164,8 @@
sudo make install
if [[ "$build_modules" == "True" ]]; then
sudo make INSTALL_MOD_DIR=kernel/net/openvswitch modules_install
- reload_ovs_kernel_modules
- else
- load_ovs_kernel_modules
fi
+ reload_ovs_kernel_modules
cd $_pwd
}
@@ -182,12 +180,6 @@
${action}_service openvswitch-switch
elif is_fedora; then
${action}_service openvswitch
- elif is_suse; then
- if [[ $DISTRO == "sle12" ]] && [[ $os_RELEASE -lt 12.2 ]]; then
- ${action}_service openvswitch-switch
- else
- ${action}_service openvswitch
- fi
fi
}
diff --git a/lib/nova b/lib/nova
index 3aa6b9e..888a2e2 100644
--- a/lib/nova
+++ b/lib/nova
@@ -98,10 +98,10 @@
NOVA_ENABLE_CACHE=${NOVA_ENABLE_CACHE:-True}
# Flag to set the oslo_policy.enforce_scope and oslo_policy.enforce_new_defaults.
-# This is used to switch the compute API policies enable the scope and new defaults.
-# By Default, these flag are False.
+# This is used to disable the compute API policies scope and new defaults.
+# By Default, it is True.
# For more detail: https://docs.openstack.org/oslo.policy/latest/configuration/index.html#oslo_policy.enforce_scope
-NOVA_ENFORCE_SCOPE=$(trueorfalse False NOVA_ENFORCE_SCOPE)
+NOVA_ENFORCE_SCOPE=$(trueorfalse True NOVA_ENFORCE_SCOPE)
if [[ $SERVICE_IP_VERSION == 6 ]]; then
NOVA_MY_IP="$HOST_IPV6"
@@ -115,7 +115,7 @@
# The following NOVA_FILTERS contains SameHostFilter and DifferentHostFilter with
# the default filters.
-NOVA_FILTERS="AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter"
+NOVA_FILTERS="ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter"
QEMU_CONF=/etc/libvirt/qemu.conf
@@ -448,8 +448,8 @@
iniset $NOVA_CONF key_manager backend nova.keymgr.conf_key_mgr.ConfKeyManager
- if is_fedora || is_suse; then
- # nova defaults to /usr/local/bin, but fedora and suse pip like to
+ if is_fedora; then
+ # nova defaults to /usr/local/bin, but fedora pip like to
# install things in /usr/bin
iniset $NOVA_CONF DEFAULT bindir "/usr/bin"
fi
@@ -523,7 +523,7 @@
# nova defaults to genisoimage but only mkisofs is available for 15.0+
# rhel provides mkisofs symlink to genisoimage or xorriso appropiately
- if is_suse || is_fedora; then
+ if is_fedora; then
iniset $NOVA_CONF DEFAULT mkisofs_cmd /usr/bin/mkisofs
fi
@@ -1036,6 +1036,10 @@
# by the compute process.
configure_console_compute
+ # Set rebuild timeout longer for BFV instances because we likely have
+ # slower disk than expected. Default is 20s/GB
+ iniset $NOVA_CPU_CONF DEFAULT reimage_timeout_per_gb 60
+
# Configure the OVSDB connection for os-vif
if [ -n "$OVSDB_SERVER_LOCAL_HOST" ]; then
iniset $NOVA_CPU_CONF os_vif_ovs ovsdb_connection "tcp:$OVSDB_SERVER_LOCAL_HOST:6640"
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index c0e45eb..ba2e98e 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -69,12 +69,12 @@
$REQUIREMENTS_DIR/upper-constraints.txt -- libvirt-python
if is_ubuntu; then
- install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt
+ install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt systemd-coredump
if is_arch "aarch64"; then
install_package qemu-efi
fi
#pip_install_gr <there-si-no-guestfs-in-pypi>
- elif is_fedora || is_suse; then
+ elif is_fedora; then
# Optionally enable the virt-preview repo when on Fedora
if [[ $DISTRO =~ f[0-9][0-9] ]] && [[ ${ENABLE_FEDORA_VIRT_PREVIEW_REPO} == "True" ]]; then
@@ -121,8 +121,8 @@
EOF
fi
- if is_fedora || is_suse; then
- # Starting with fedora 18 and opensuse-12.3 enable stack-user to
+ if is_fedora; then
+ # Starting with fedora 18 enable stack-user to
# virsh -c qemu:///system by creating a policy-kit rule for
# stack-user using the new Javascript syntax
rules_dir=/etc/polkit-1/rules.d
diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index c1cd132..87c3d3a 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -114,9 +114,6 @@
sudo dpkg-statoverride --add --update $STAT_OVERRIDE
fi
done
- elif is_suse; then
- # Workaround for missing dependencies in python-libguestfs
- install_package python-libguestfs guestfs-data augeas augeas-lenses
elif is_fedora; then
install_package python3-libguestfs
fi
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 743b4ae..bbb4149 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -52,20 +52,7 @@
if is_service_enabled rabbit; then
# Install rabbitmq-server
install_package rabbitmq-server
- if is_suse; then
- install_package rabbitmq-server-plugins
- # the default systemd socket activation only listens on the loopback interface
- # which causes rabbitmq to try to start its own epmd
- sudo mkdir -p /etc/systemd/system/epmd.socket.d
- cat <<EOF | sudo tee /etc/systemd/system/epmd.socket.d/ports.conf >/dev/null
-[Socket]
-ListenStream=
-ListenStream=[::]:4369
-EOF
- sudo systemctl daemon-reload
- sudo systemctl restart epmd.socket epmd.service
- fi
- if is_fedora || is_suse; then
+ if is_fedora; then
# NOTE(jangutter): If rabbitmq is not running (as in a fresh
# install) then rabbit_setuser triggers epmd@0.0.0.0.socket with
# socket activation. This fails the first time and does not get
diff --git a/lib/swift b/lib/swift
index 251c462..1ebf073 100644
--- a/lib/swift
+++ b/lib/swift
@@ -547,9 +547,6 @@
local swift_log_dir=${SWIFT_DATA_DIR}/logs
sudo rm -rf ${swift_log_dir}
local swift_log_group=adm
- if is_suse; then
- swift_log_group=root
- fi
sudo install -d -o ${STACK_USER} -g ${swift_log_group} ${swift_log_dir}/hourly
if [[ $SYSLOG != "False" ]]; then
diff --git a/lib/tempest b/lib/tempest
index 7da9f17..2f62f6e 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -149,11 +149,10 @@
# ramdisk and kernel images. Takes 3 arguments, an array and two
# variables. The array will contain the list of active image UUIDs;
# if an image with ``DEFAULT_IMAGE_NAME`` is found, its UUID will be
-# set as the value of *both* other parameters.
+# set as the value img_id ($2) parameters.
function get_active_images {
declare -n img_array=$1
declare -n img_id=$2
- declare -n img_id_alt=$3
# start with a fresh array in case we are called multiple times
img_array=()
@@ -161,7 +160,6 @@
while read -r IMAGE_NAME IMAGE_UUID; do
if [ "$IMAGE_NAME" = "$DEFAULT_IMAGE_NAME" ]; then
img_id="$IMAGE_UUID"
- img_id_alt="$IMAGE_UUID"
fi
img_array+=($IMAGE_UUID)
done < <(openstack --os-cloud devstack-admin image list --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }')
@@ -170,13 +168,12 @@
function poll_glance_images {
declare -n image_array=$1
declare -n image_id=$2
- declare -n image_id_alt=$3
local -i poll_count
poll_count=$TEMPEST_GLANCE_IMPORT_POLL_LIMIT
while (( poll_count-- > 0 )) ; do
sleep $TEMPEST_GLANCE_IMPORT_POLL_INTERVAL
- get_active_images image_array image_id image_id_alt
+ get_active_images image_array image_id
if (( ${#image_array[*]} >= $TEMPEST_GLANCE_IMAGE_COUNT )) ; then
return
fi
@@ -228,7 +225,7 @@
declare -a images
if is_service_enabled glance; then
- get_active_images images image_uuid image_uuid_alt
+ get_active_images images image_uuid
if (( ${#images[*]} < $TEMPEST_GLANCE_IMAGE_COUNT )); then
# Glance image import is asynchronous and may be configured
@@ -236,7 +233,7 @@
# it's possible that this code is being executed before the
# import has completed and there may be no active images yet.
if [[ "$GLANCE_USE_IMPORT_WORKFLOW" == "True" ]]; then
- poll_glance_images images image_uuid image_uuid_alt
+ poll_glance_images images image_uuid
if (( ${#images[*]} < $TEMPEST_GLANCE_IMAGE_COUNT )); then
echo "Only found ${#images[*]} image(s), was looking for $TEMPEST_GLANCE_IMAGE_COUNT"
exit 1
@@ -252,13 +249,22 @@
1)
if [ -z "$image_uuid" ]; then
image_uuid=${images[0]}
- image_uuid_alt=${images[0]}
fi
+ image_uuid_alt=$image_uuid
;;
*)
if [ -z "$image_uuid" ]; then
image_uuid=${images[0]}
- image_uuid_alt=${images[1]}
+ if [ -z "$image_uuid_alt" ]; then
+ image_uuid_alt=${images[1]}
+ fi
+ elif [ -z "$image_uuid_alt" ]; then
+ for image in ${images[@]}; do
+ if [[ "$image" != "$image_uuid" ]]; then
+ image_uuid_alt=$image
+ break
+ fi
+ done
fi
;;
esac
@@ -517,8 +523,19 @@
# Scenario
SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES}
SCENARIO_IMAGE_FILE=$DEFAULT_IMAGE_FILE_NAME
+ SCENARIO_IMAGE_TYPE=${SCENARIO_IMAGE_TYPE:-cirros}
iniset $TEMPEST_CONFIG scenario img_file $SCENARIO_IMAGE_DIR/$SCENARIO_IMAGE_FILE
+ # since version 0.6.0 cirros uses dhcpcd dhcp client by default, however, cirros, prior to the
+ # version 0.6.0, used udhcpc (the only available client at that time) which is also tempest's default
+ if [[ "$SCENARIO_IMAGE_TYPE" == "cirros" ]]; then
+ # the image is a cirros image
+ # use dhcpcd client when version greater or equal 0.6.0
+ if [[ $(echo $CIRROS_VERSION | tr -d '.') -ge 060 ]]; then
+ iniset $TEMPEST_CONFIG scenario dhcp_client dhcpcd
+ fi
+ fi
+
# If using provider networking, use the physical network for validation rather than private
TEMPEST_SSH_NETWORK_NAME=$PRIVATE_NETWORK_NAME
if is_provider_network; then
diff --git a/lib/tls b/lib/tls
index b8758cd..a1e162d 100644
--- a/lib/tls
+++ b/lib/tls
@@ -212,9 +212,6 @@
if is_fedora; then
sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/ca-trust-source/anchors/devstack-chain.pem
sudo update-ca-trust
- elif is_suse; then
- sudo cp $INT_CA_DIR/ca-chain.pem /usr/share/pki/trust/anchors/devstack-chain.pem
- sudo update-ca-certificates
elif is_ubuntu; then
sudo cp $INT_CA_DIR/ca-chain.pem /usr/local/share/ca-certificates/devstack-int.crt
sudo cp $ROOT_CA_DIR/cacert.pem /usr/local/share/ca-certificates/devstack-root.crt
@@ -376,9 +373,6 @@
elif is_ubuntu; then
sudo rm -f $capath
sudo ln -s /etc/ssl/certs/ca-certificates.crt $capath
- elif is_suse; then
- sudo rm -f $capath
- sudo ln -s /etc/ssl/ca-bundle.pem $capath
else
echo "Don't know how to set the CA bundle, expect the install to fail."
fi
@@ -441,9 +435,6 @@
if is_ubuntu; then
sudo a2enmod ssl
- elif is_suse; then
- sudo a2enmod ssl
- sudo a2enflag SSL
elif is_fedora; then
# Fedora enables mod_ssl by default
:
@@ -536,6 +527,7 @@
<VirtualHost $f_host:$f_port>
SSLEngine On
SSLCertificateFile $DEVSTACK_CERT
+ SSLProtocol -all +TLSv1.3 +TLSv1.2
# Disable KeepAlive to fix bug #1630664 a.k.a the
# ('Connection aborted.', BadStatusLine("''",)) error
@@ -560,9 +552,6 @@
CustomLog $APACHE_LOG_DIR/tls-proxy_access.log combined
</VirtualHost>
EOF
- if is_suse ; then
- sudo a2enflag SSL
- fi
for mod in headers ssl proxy proxy_http; do
enable_apache_mod $mod
done
diff --git a/stack.sh b/stack.sh
index ccd2d16..5a946ab 100755
--- a/stack.sh
+++ b/stack.sh
@@ -229,7 +229,7 @@
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
-SUPPORTED_DISTROS="bullseye|focal|jammy|f36|opensuse-15.2|opensuse-tumbleweed|rhel8|rhel9|openEuler-22.03"
+SUPPORTED_DISTROS="bullseye|focal|jammy|f36|rhel8|rhel9|openEuler-22.03"
if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
@@ -311,7 +311,22 @@
sudo dnf -y install https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el8.rpm
fi
elif [[ $DISTRO == "rhel9" ]]; then
- sudo curl -L -o /etc/yum.repos.d/delorean-deps.repo http://trunk.rdoproject.org/centos9-master/delorean-deps.repo
+ install_package wget
+ # We need to download rdo-release package using wget as installing with dnf from repo.fedoraproject.org fails in
+ # FIPS enabled systems after https://bugzilla.redhat.com/show_bug.cgi?id=2157951
+ # Until we can pull rdo-release from a server which supports EMS, this workaround is doing wget, which does
+ # not relies on openssl but on gnutls, and then install it locally using rpm
+ TEMPRDODIR=$(mktemp -d)
+ if [[ "$TARGET_BRANCH" == "master" ]]; then
+ # rdo-release.el9.rpm points to latest RDO release, use that for master
+ wget -P $TEMPRDODIR https://rdoproject.org/repos/rdo-release.el9.rpm
+ else
+ # For stable branches use corresponding release rpm
+ rdo_release=$(echo $TARGET_BRANCH | sed "s|stable/||g")
+ wget -P $TEMPRDODIR https://rdoproject.org/repos/openstack-${rdo_release}/rdo-release-${rdo_release}.el9.rpm
+ fi
+ sudo rpm -ivh $TEMPRDODIR/rdo-release*rpm
+ rm -rf $TEMPRDODIR
fi
sudo dnf -y update
}
@@ -391,7 +406,10 @@
# Patch: https://github.com/rpm-software-management/dnf/pull/1448
echo "[]" | sudo tee /var/cache/dnf/expired_repos.json
elif [[ $DISTRO == "rhel9" ]]; then
+ # for CentOS Stream 9 repository
sudo dnf config-manager --set-enabled crb
+ # for RHEL 9 repository
+ sudo dnf config-manager --set-enabled codeready-builder-for-rhel-9-x86_64-rpms
# rabbitmq and other packages are provided by RDO repositories.
_install_rdo
diff --git a/stackrc b/stackrc
index b7ce238..dcc0ce4 100644
--- a/stackrc
+++ b/stackrc
@@ -204,7 +204,7 @@
# This can be used to reduce the amount of memory mysqld uses while running.
# These are unscientifically determined, and could reduce performance or
# cause other issues.
-MYSQL_REDUCE_MEMORY=$(trueorfalse False MYSQL_REDUCE_MEMORY)
+MYSQL_REDUCE_MEMORY=$(trueorfalse True MYSQL_REDUCE_MEMORY)
# Set a timeout for git operations. If git is still running when the
# timeout expires, the command will be retried up to 3 times. This is
@@ -662,20 +662,19 @@
# If the file ends in .tar.gz, uncompress the tarball and and select the first
# .img file inside it as the image. If present, use "*-vmlinuz*" as the kernel
# and "*-initrd*" as the ramdisk
-# example: http://cloud-images.ubuntu.com/releases/precise/release/ubuntu-12.04-server-cloudimg-amd64.tar.gz
+# example: https://cloud-images.ubuntu.com/releases/jammy/release/ubuntu-22.04-server-cloudimg-amd64.tar.gz
# * disk image (*.img,*.img.gz)
# if file ends in .img, then it will be uploaded and registered as a to
# glance as a disk image. If it ends in .gz, it is uncompressed first.
# example:
-# http://cloud-images.ubuntu.com/releases/precise/release/ubuntu-12.04-server-cloudimg-armel-disk1.img
-# http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz
+# https://cloud-images.ubuntu.com/releases/jammy/release/ubuntu-22.04-server-cloudimg-amd64.img
+# https://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz
# * OpenVZ image:
# OpenVZ uses its own format of image, and does not support UEC style images
-#IMAGE_URLS="http://smoser.brickies.net/ubuntu/ttylinux-uec/ttylinux-uec-amd64-11.2_2.6.35-15_1.tar.gz" # old ttylinux-uec image
-#IMAGE_URLS="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" # cirros full disk image
+#IMAGE_URLS="https://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" # cirros full disk image
-CIRROS_VERSION=${CIRROS_VERSION:-"0.5.2"}
+CIRROS_VERSION=${CIRROS_VERSION:-"0.6.2"}
CIRROS_ARCH=${CIRROS_ARCH:-$(uname -m)}
# Set default image based on ``VIRT_DRIVER`` and ``LIBVIRT_TYPE``, either of
@@ -692,11 +691,11 @@
lxc) # the cirros root disk in the uec tarball is empty, so it will not work for lxc
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs}
DEFAULT_IMAGE_FILE_NAME=${DEFAULT_IMAGE_FILE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz}
- IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/${DEFAULT_IMAGE_FILE_NAME}";;
+ IMAGE_URLS+="https://download.cirros-cloud.net/${CIRROS_VERSION}/${DEFAULT_IMAGE_FILE_NAME}";;
*) # otherwise, use the qcow image
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk}
DEFAULT_IMAGE_FILE_NAME=${DEFAULT_IMAGE_FILE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img}
- IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/${DEFAULT_IMAGE_FILE_NAME}";;
+ IMAGE_URLS+="https://download.cirros-cloud.net/${CIRROS_VERSION}/${DEFAULT_IMAGE_FILE_NAME}";;
esac
;;
vsphere)
@@ -805,7 +804,7 @@
SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT=${SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT:-5}
# Service graceful shutdown timeout
-WORKER_TIMEOUT=${WORKER_TIMEOUT:-90}
+WORKER_TIMEOUT=${WORKER_TIMEOUT:-80}
# Common Configuration
# --------------------
diff --git a/tests/test_package_ordering.sh b/tests/test_package_ordering.sh
index bfc2a19..f221c82 100755
--- a/tests/test_package_ordering.sh
+++ b/tests/test_package_ordering.sh
@@ -8,7 +8,7 @@
source $TOP/tests/unittest.sh
export LC_ALL=en_US.UTF-8
-PKG_FILES=$(find $TOP/files/debs $TOP/files/rpms $TOP/files/rpms-suse -type f)
+PKG_FILES=$(find $TOP/files/debs $TOP/files/rpms -type f)
TMPDIR=$(mktemp -d)
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index fef4726..faea44f 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -96,45 +96,6 @@
fi
}
-function fixup_suse {
- if ! is_suse; then
- return
- fi
-
- # Deactivate and disable apparmor profiles in openSUSE and SLE
- # distros to avoid issues with haproxy and dnsmasq. In newer
- # releases, systemctl stop apparmor is actually a no-op, so we
- # have to use aa-teardown to make sure we've deactivated the
- # profiles:
- #
- # https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#fate-325343
- # https://gitlab.com/apparmor/apparmor/merge_requests/81
- # https://build.opensuse.org/package/view_file/openSUSE:Leap:15.2/apparmor/apparmor.service?expand=1
- if sudo systemctl is-active -q apparmor; then
- sudo systemctl stop apparmor
- fi
- if [ -x /usr/sbin/aa-teardown ]; then
- sudo /usr/sbin/aa-teardown
- fi
- if sudo systemctl is-enabled -q apparmor; then
- sudo systemctl disable apparmor
- fi
-
- # Since pip10, pip will refuse to uninstall files from packages
- # that were created with distutils (rather than more modern
- # setuptools). This is because it technically doesn't have a
- # manifest of what to remove. However, in most cases, simply
- # overwriting works. So this hacks around those packages that
- # have been dragged in by some other system dependency
- sudo rm -rf /usr/lib/python3.6/site-packages/ply-*.egg-info
- sudo rm -rf /usr/lib/python3.6/site-packages/six-*.egg-info
-
- # Ensure trusted CA certificates are up to date
- # See https://bugzilla.suse.com/show_bug.cgi?id=1154871
- # May be removed once a new opensuse-15 image is available in nodepool
- sudo zypper up -y p11-kit ca-certificates-mozilla
-}
-
function fixup_ovn_centos {
if [[ $os_VENDOR != "CentOS" ]]; then
return
@@ -162,5 +123,4 @@
function fixup_all {
fixup_ubuntu
fixup_fedora
- fixup_suse
}
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index a7c03d2..f2d57c8 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -74,8 +74,6 @@
if [[ -n "$SYSLOG" && "$SYSLOG" != "False" ]]; then
if is_ubuntu || is_fedora; then
install_package rsyslog-relp
- elif is_suse; then
- install_package rsyslog-module-relp
else
exit_distro_not_supported "rsyslog-relp installation"
fi
diff --git a/tools/ping_neutron.sh b/tools/ping_neutron.sh
index 73fe3f3..ab8e8df 100755
--- a/tools/ping_neutron.sh
+++ b/tools/ping_neutron.sh
@@ -30,7 +30,8 @@
This provides a wrapper to ping neutron guests that are on isolated
tenant networks that the caller can't normally reach. It does so by
-creating a network namespace probe.
+using either the DHCP or Metadata network namespace to support both
+ML2/OVS and OVN.
It takes arguments like ping, except the first arg must be the network
name.
@@ -44,6 +45,12 @@
exit 1
}
+# BUG: with duplicate network names, this fails pretty hard since it
+# will just pick the first match.
+function _get_net_id {
+ openstack --os-cloud devstack-admin --os-region-name="$REGION_NAME" --os-project-name admin --os-username admin --os-password $ADMIN_PASSWORD network list | grep $1 | head -n 1 | awk '{print $2}'
+}
+
NET_NAME=$1
if [[ -z "$NET_NAME" ]]; then
@@ -53,12 +60,11 @@
REMAINING_ARGS="${@:2}"
-# BUG: with duplicate network names, this fails pretty hard.
-NET_ID=$(openstack network show -f value -c id "$NET_NAME")
-PROBE_ID=$(neutron-debug probe-list -c id -c network_id | grep "$NET_ID" | awk '{print $2}' | head -n 1)
+NET_ID=`_get_net_id $NET_NAME`
+NET_NS=$(ip netns list | grep "$NET_ID" | head -n 1)
# This runs a command inside the specific netns
-NET_NS_CMD="ip netns exec qprobe-$PROBE_ID"
+NET_NS_CMD="ip netns exec $NET_NS"
PING_CMD="sudo $NET_NS_CMD ping $REMAINING_ARGS"
echo "Running $PING_CMD"
diff --git a/tools/worlddump.py b/tools/worlddump.py
index e292173..aadd33b 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -19,7 +19,6 @@
import argparse
import datetime
-from distutils import spawn
import fnmatch
import io
import os
@@ -76,7 +75,7 @@
def _find_cmd(cmd):
- if not spawn.find_executable(cmd):
+ if not shutil.which(cmd):
print("*** %s not found: skipping" % cmd)
return False
return True