Merge "Don't reinstall python-virtualenv on infra nodes"
diff --git a/doc/source/conf.py b/doc/source/conf.py
index 6e3ec02..780237f 100644
--- a/doc/source/conf.py
+++ b/doc/source/conf.py
@@ -26,7 +26,13 @@
# Add any Sphinx extension module names here, as strings. They can be extensions
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
-extensions = [ 'oslosphinx', 'sphinxcontrib.blockdiag', 'sphinxcontrib.nwdiag' ]
+extensions = [ 'openstackdocstheme', 'sphinxcontrib.blockdiag', 'sphinxcontrib.nwdiag' ]
+
+# openstackdocstheme options
+repository_name = 'openstack-dev/devstack'
+bug_project = 'devstack'
+bug_tag = ''
+html_last_updated_fmt = '%Y-%m-%d %H:%M'
todo_include_todos = True
@@ -87,7 +93,7 @@
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
-html_theme = 'nature'
+html_theme = 'openstackdocs'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 1a8ddbc..b4e2891 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -197,6 +197,22 @@
to poke at your shiny new OpenStack. The most recent log file is
available in ``stack.sh.log``.
+Starting in the Ocata release, Nova requires a `Cells v2`_ deployment. Compute
+node services must be mapped to a cell before they can be used.
+
+After each compute node is stacked, verify it shows up in the
+``nova service-list --binary nova-compute`` output. The compute service is
+registered in the cell database asynchronously so this may require polling.
+
+Once the compute node services shows up, run the ``./tools/discover_hosts.sh``
+script from the control node to map compute hosts to the single cell.
+
+The compute service running on the primary control node will be
+discovered automatically when the control node is stacked so this really
+only needs to be performed for subnodes.
+
+.. _Cells v2: https://docs.openstack.org/nova/latest/user/cells.html
+
Cleaning Up After DevStack
--------------------------
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index f9ca055..35b78da 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -99,6 +99,7 @@
networking-6wind `git://git.openstack.org/openstack/networking-6wind <https://git.openstack.org/cgit/openstack/networking-6wind>`__
networking-arista `git://git.openstack.org/openstack/networking-arista <https://git.openstack.org/cgit/openstack/networking-arista>`__
networking-bagpipe `git://git.openstack.org/openstack/networking-bagpipe <https://git.openstack.org/cgit/openstack/networking-bagpipe>`__
+networking-baremetal `git://git.openstack.org/openstack/networking-baremetal <https://git.openstack.org/cgit/openstack/networking-baremetal>`__
networking-bgpvpn `git://git.openstack.org/openstack/networking-bgpvpn <https://git.openstack.org/cgit/openstack/networking-bgpvpn>`__
networking-brocade `git://git.openstack.org/openstack/networking-brocade <https://git.openstack.org/cgit/openstack/networking-brocade>`__
networking-calico `git://git.openstack.org/openstack/networking-calico <https://git.openstack.org/cgit/openstack/networking-calico>`__
@@ -109,6 +110,7 @@
networking-generic-switch `git://git.openstack.org/openstack/networking-generic-switch <https://git.openstack.org/cgit/openstack/networking-generic-switch>`__
networking-hpe `git://git.openstack.org/openstack/networking-hpe <https://git.openstack.org/cgit/openstack/networking-hpe>`__
networking-huawei `git://git.openstack.org/openstack/networking-huawei <https://git.openstack.org/cgit/openstack/networking-huawei>`__
+networking-hyperv `git://git.openstack.org/openstack/networking-hyperv <https://git.openstack.org/cgit/openstack/networking-hyperv>`__
networking-infoblox `git://git.openstack.org/openstack/networking-infoblox <https://git.openstack.org/cgit/openstack/networking-infoblox>`__
networking-l2gw `git://git.openstack.org/openstack/networking-l2gw <https://git.openstack.org/cgit/openstack/networking-l2gw>`__
networking-midonet `git://git.openstack.org/openstack/networking-midonet <https://git.openstack.org/cgit/openstack/networking-midonet>`__
@@ -116,6 +118,7 @@
networking-nec `git://git.openstack.org/openstack/networking-nec <https://git.openstack.org/cgit/openstack/networking-nec>`__
networking-odl `git://git.openstack.org/openstack/networking-odl <https://git.openstack.org/cgit/openstack/networking-odl>`__
networking-onos `git://git.openstack.org/openstack/networking-onos <https://git.openstack.org/cgit/openstack/networking-onos>`__
+networking-opencontrail `git://git.openstack.org/openstack/networking-opencontrail <https://git.openstack.org/cgit/openstack/networking-opencontrail>`__
networking-ovn `git://git.openstack.org/openstack/networking-ovn <https://git.openstack.org/cgit/openstack/networking-ovn>`__
networking-ovs-dpdk `git://git.openstack.org/openstack/networking-ovs-dpdk <https://git.openstack.org/cgit/openstack/networking-ovs-dpdk>`__
networking-plumgrid `git://git.openstack.org/openstack/networking-plumgrid <https://git.openstack.org/cgit/openstack/networking-plumgrid>`__
@@ -138,6 +141,7 @@
oaktree `git://git.openstack.org/openstack/oaktree <https://git.openstack.org/cgit/openstack/oaktree>`__
octavia `git://git.openstack.org/openstack/octavia <https://git.openstack.org/cgit/openstack/octavia>`__
octavia-dashboard `git://git.openstack.org/openstack/octavia-dashboard <https://git.openstack.org/cgit/openstack/octavia-dashboard>`__
+omni `git://git.openstack.org/openstack/omni <https://git.openstack.org/cgit/openstack/omni>`__
os-xenapi `git://git.openstack.org/openstack/os-xenapi <https://git.openstack.org/cgit/openstack/os-xenapi>`__
osprofiler `git://git.openstack.org/openstack/osprofiler <https://git.openstack.org/cgit/openstack/osprofiler>`__
panko `git://git.openstack.org/openstack/panko <https://git.openstack.org/cgit/openstack/panko>`__
diff --git a/files/debs/dstat b/files/debs/dstat
index 2b643b8..0d9da44 100644
--- a/files/debs/dstat
+++ b/files/debs/dstat
@@ -1 +1,2 @@
dstat
+python-psutil
diff --git a/files/ldap/user.ldif.in b/files/ldap/user.ldif.in
new file mode 100644
index 0000000..16a9807
--- /dev/null
+++ b/files/ldap/user.ldif.in
@@ -0,0 +1,23 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+
+# Demo LDAP user
+dn: cn=demo,ou=Users,${BASE_DN}
+cn: demo
+displayName: demo
+givenName: demo
+mail: demo@openstack.org
+objectClass: inetOrgPerson
+objectClass: top
+sn: demo
+uid: demo
+userPassword: demo
diff --git a/files/rpms/dstat b/files/rpms/dstat
index 2b643b8..0d9da44 100644
--- a/files/rpms/dstat
+++ b/files/rpms/dstat
@@ -1 +1,2 @@
dstat
+python-psutil
diff --git a/functions b/functions
index faa6b76..6f2164a 100644
--- a/functions
+++ b/functions
@@ -407,20 +407,6 @@
return $rval
}
-function wait_for_compute {
- local timeout=$1
- time_start "wait_for_service"
- timeout $timeout bash -x <<EOF || rval=$?
- ID=""
- while [[ "\$ID" == "" ]]; do
- sleep 1
- ID=\$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" compute service list --host `hostname` --service nova-compute -c ID -f value)
- done
-EOF
- time_stop "wait_for_service"
- return $rval
-}
-
# ping check
# Uses globals ``ENABLED_SERVICES``, ``TOP_DIR``, ``MULTI_HOST``, ``PRIVATE_NETWORK``
diff --git a/inc/python b/inc/python
index f388f48..5e7f742 100644
--- a/inc/python
+++ b/inc/python
@@ -346,6 +346,9 @@
}
function pip_uninstall {
+ # Skip uninstall if offline
+ [[ "${OFFLINE}" = "True" ]] && return
+
local name=$1
if [[ -n ${PIP_VIRTUAL_ENV:=} && -d ${PIP_VIRTUAL_ENV} ]]; then
local cmd_pip=$PIP_VIRTUAL_ENV/bin/pip
diff --git a/lib/apache b/lib/apache
index ffd7966..dfca25a 100644
--- a/lib/apache
+++ b/lib/apache
@@ -132,6 +132,10 @@
elif is_fedora; then
sudo rm -f /etc/httpd/conf.d/000-*
install_package httpd mod_wsgi
+ # For consistency with Ubuntu, switch to the worker mpm, as
+ # the default is prefork
+ sudo sed -i '/mod_mpm_prefork.so/s/^/#/g' /etc/httpd/conf.modules.d/00-mpm.conf
+ sudo sed -i '/mod_mpm_worker.so/s/^#//g' /etc/httpd/conf.modules.d/00-mpm.conf
elif is_suse; then
install_package apache2 apache2-mod_wsgi
else
diff --git a/lib/cinder b/lib/cinder
index 4274be7..03328f3 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -478,7 +478,7 @@
local service_port=$CINDER_SERVICE_PORT
local service_protocol=$CINDER_SERVICE_PROTOCOL
local cinder_url
- if is_service_enabled tls-proxy && ["$CINDER_USE_MOD_WSGI" == "False"]; then
+ if is_service_enabled tls-proxy && [ "$CINDER_USE_MOD_WSGI" == "False" ]; then
service_port=$CINDER_SERVICE_PORT_INT
service_protocol="http"
fi
diff --git a/lib/etcd3 b/lib/etcd3
index 0e1fbd5..bc24790 100644
--- a/lib/etcd3
+++ b/lib/etcd3
@@ -57,6 +57,9 @@
iniset -sudo $unitfile "Service" "Type" "notify"
iniset -sudo $unitfile "Service" "Restart" "on-failure"
iniset -sudo $unitfile "Service" "LimitNOFILE" "65536"
+ if is_arch "aarch64"; then
+ iniset -sudo $unitfile "Service" "Environment" "ETCD_UNSUPPORTED_ARCH=arm64"
+ fi
$SYSTEMCTL daemon-reload
$SYSTEMCTL enable $ETCD_SYSTEMD_SERVICE
diff --git a/lib/horizon b/lib/horizon
index 9c7ec00..becc5a0 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -106,6 +106,10 @@
_horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\"
fi
+ if is_service_enabled ldap; then
+ _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT "True"
+ fi
+
# Create an empty directory that apache uses as docroot
sudo mkdir -p $HORIZON_DIR/.blackhole
diff --git a/lib/keystone b/lib/keystone
index eb46526..749e219 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -219,17 +219,10 @@
fi
# Rewrite stock ``keystone.conf``
-
if is_service_enabled ldap; then
- #Set all needed ldap values
- iniset $KEYSTONE_CONF ldap password $LDAP_PASSWORD
- iniset $KEYSTONE_CONF ldap user $LDAP_MANAGER_DN
- iniset $KEYSTONE_CONF ldap suffix $LDAP_BASE_DN
- iniset $KEYSTONE_CONF ldap user_tree_dn "ou=Users,$LDAP_BASE_DN"
- iniset $KEYSTONE_CONF DEFAULT member_role_id "9fe2ff9ee4384b1894a90878d3e92bab"
- iniset $KEYSTONE_CONF DEFAULT member_role_name "_member_"
+ iniset $KEYSTONE_CONF identity domain_config_dir "$KEYSTONE_CONF_DIR/domains"
+ iniset $KEYSTONE_CONF identity domain_specific_drivers_enabled "True"
fi
-
iniset $KEYSTONE_CONF identity driver "$KEYSTONE_IDENTITY_BACKEND"
iniset $KEYSTONE_CONF identity password_hash_rounds $KEYSTONE_PASSWORD_HASH_ROUNDS
iniset $KEYSTONE_CONF assignment driver "$KEYSTONE_ASSIGNMENT_BACKEND"
@@ -357,7 +350,7 @@
# The Member role is used by Horizon and Swift so we need to keep it:
local member_role="member"
- # Captial Member role is legacy hard coded in Horizon / Swift
+ # Capital Member role is legacy hard coded in Horizon / Swift
# configs. Keep it around.
get_or_create_role "Member"
@@ -410,6 +403,10 @@
get_or_add_group_project_role $member_role $non_admin_group $alt_demo_project
get_or_add_group_project_role $another_role $non_admin_group $alt_demo_project
get_or_add_group_project_role $admin_role $admin_group $admin_project
+
+ if is_service_enabled ldap; then
+ create_ldap_domain
+ fi
}
# Create a user that is capable of verifying keystone tokens for use with auth_token middleware.
@@ -615,6 +612,63 @@
--bootstrap-public-url "$KEYSTONE_SERVICE_URI"
}
+# create_ldap_domain() - Create domain file and initialize domain with a user
+function create_ldap_domain {
+ # Creates domain Users
+ openstack --os-identity-api-version=3 domain create --description "LDAP domain" Users
+
+ # Create domain file inside etc/keystone/domains
+ KEYSTONE_LDAP_DOMAIN_FILE=$KEYSTONE_CONF_DIR/domains/keystone.Users.conf
+ mkdir -p "$KEYSTONE_CONF_DIR/domains"
+ touch "$KEYSTONE_LDAP_DOMAIN_FILE"
+
+ # Set identity driver 'ldap'
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE identity driver "ldap"
+
+ # LDAP settings for Users domain
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap group_allow_delete "False"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap group_allow_update "False"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap group_allow_create "False"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_allow_delete "False"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_allow_update "False"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_allow_create "False"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_tree_dn "ou=Users,$LDAP_BASE_DN"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_objectclass "inetOrgPerson"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_name_attribute "cn"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_mail_attribute "mail"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_id_attribute "uid"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user "cn=Manager,dc=openstack,dc=org"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap url "ldap://localhost"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap suffix $LDAP_BASE_DN
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap password $LDAP_PASSWORD
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap group_tree_dn "ou=Groups,$LDAP_BASE_DN"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap group_objectclass "groupOfNames"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap group_name_attribute "cn"
+ iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap group_id_attribute "cn"
+
+ # Restart apache and identity services to associate domain and conf file
+ sudo service apache2 reload
+ sudo systemctl restart devstack@keystone
+
+ # Create LDAP user.ldif and add user to LDAP backend
+ local tmp_ldap_dir
+ tmp_ldap_dir=$(mktemp -d -t ldap.$$.XXXXXXXXXX)
+
+ _ldap_varsubst $FILES/ldap/user.ldif.in $slappass >$tmp_ldap_dir/user.ldif
+ sudo ldapadd -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -c -f $tmp_ldap_dir/user.ldif
+ rm -rf $tmp_ldap_dir
+
+ local admin_project
+ admin_project=$(get_or_create_project "admin" default)
+ local ldap_user
+ ldap_user=$(openstack user show --domain=Users demo -f value -c id)
+ local admin_role="admin"
+ get_or_create_role $admin_role
+
+ # Grant demo LDAP user access to project and role
+ get_or_add_user_project_role $admin_role $ldap_user $admin_project
+}
+
# Restore xtrace
$_XTRACE_KEYSTONE
diff --git a/lib/ldap b/lib/ldap
index 4cea812..5a53d0e 100644
--- a/lib/ldap
+++ b/lib/ldap
@@ -119,8 +119,7 @@
printf "installing OpenLDAP"
if is_ubuntu; then
- # Ubuntu automatically starts LDAP so no need to call start_ldap()
- :
+ configure_ldap
elif is_fedora; then
start_ldap
elif is_suse; then
@@ -148,6 +147,27 @@
rm -rf $tmp_ldap_dir
}
+# configure_ldap() - Configure LDAP - reconfigure slapd
+function configure_ldap {
+ sudo debconf-set-selections <<EOF
+ slapd slapd/internal/generated_adminpw password $LDAP_PASSWORD
+ slapd slapd/internal/adminpw password $LDAP_PASSWORD
+ slapd slapd/password2 password $LDAP_PASSWORD
+ slapd slapd/password1 password $LDAP_PASSWORD
+ slapd slapd/dump_database_destdir string /var/backups/slapd-VERSION
+ slapd slapd/domain string Users
+ slapd shared/organization string $LDAP_DOMAIN
+ slapd slapd/backend string HDB
+ slapd slapd/purge_database boolean true
+ slapd slapd/move_old_database boolean true
+ slapd slapd/allow_ldap_v2 boolean false
+ slapd slapd/no_configuration boolean false
+ slapd slapd/dump_database select when needed
+EOF
+ sudo apt-get install -y slapd ldap-utils
+ sudo dpkg-reconfigure -f noninteractive $LDAP_SERVICE_NAME
+}
+
# start_ldap() - Start LDAP
function start_ldap {
sudo service $LDAP_SERVICE_NAME restart
diff --git a/lib/nova b/lib/nova
index 843c43a..fa09fd8 100644
--- a/lib/nova
+++ b/lib/nova
@@ -101,7 +101,7 @@
# The following FILTERS contains SameHostFilter and DifferentHostFilter with
# the default filters.
-FILTERS="RetryFilter,AvailabilityZoneFilter,RamFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter"
+FILTERS="RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,SameHostFilter,DifferentHostFilter"
QEMU_CONF=/etc/libvirt/qemu.conf
@@ -221,7 +221,10 @@
instances=`sudo virsh list --all | grep $INSTANCE_NAME_PREFIX | sed "s/.*\($INSTANCE_NAME_PREFIX[0-9a-fA-F]*\).*/\1/g"`
if [ ! "$instances" = "" ]; then
echo $instances | xargs -n1 sudo virsh destroy || true
- echo $instances | xargs -n1 sudo virsh undefine --managed-save || true
+ if ! xargs -n1 sudo virsh undefine --managed-save --nvram <<< $instances; then
+ # Can't delete with nvram flags, then just try without this flag
+ xargs -n1 sudo virsh undefine --managed-save <<< $instances
+ fi
fi
# Logout and delete iscsi sessions
@@ -440,6 +443,9 @@
local db="nova_cell1"
else
local db="nova_cell0"
+ # When in superconductor mode, nova-compute can't send instance
+ # info updates to the scheduler, so just disable it.
+ iniset $NOVA_CONF filter_scheduler track_instance_changes False
fi
iniset $NOVA_CONF database connection `database_connection_url $db`
@@ -843,6 +849,9 @@
cp $compute_cell_conf $NOVA_CPU_CONF
# FIXME(danms): Should this be configurable?
iniset $NOVA_CPU_CONF workarounds disable_group_policy_check_upcall True
+ # Since the nova-compute service cannot reach nova-scheduler over
+ # RPC, we also disable track_instance_changes.
+ iniset $NOVA_CPU_CONF filter_scheduler track_instance_changes False
iniset_rpc_backend nova $NOVA_CPU_CONF DEFAULT "nova_cell${NOVA_CPU_CELL}"
fi
@@ -871,13 +880,6 @@
fi
run_process n-cpu "$NOVA_BIN_DIR/nova-compute --config-file $NOVA_CPU_CONF"
fi
- # NOTE(sdague): with cells v2 all the compute services must be up
- # and checked into the database before discover_hosts is run. This
- # happens in all in one installs by accident, because > 30 seconds
- # happen between here and the script ending. However, in multinode
- # tests this can very often not be the case. So ensure that the
- # compute is up before we move on.
- wait_for_compute 60
export PATH=$old_path
}
@@ -986,6 +988,11 @@
}
function stop_nova_conductor {
+ if [[ "${CELLSV2_SETUP}" == "singleconductor" ]]; then
+ stop_process n-cond
+ return
+ fi
+
enable_nova_fleet
for srv in n-super-cond $(seq -f n-cond-cell%0.f 1 $NOVA_NUM_CELLS); do
if is_service_enabled $srv; then
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index 7d47ef0..062afb7 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -42,7 +42,13 @@
iniset $NOVA_CONF DEFAULT compute_driver ironic.IronicDriver
iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
iniset $NOVA_CONF DEFAULT scheduler_host_manager ironic_host_manager
- iniset $NOVA_CONF filter_scheduler use_baremetal_filters True
+
+ if [[ "$IRONIC_USE_RESOURCE_CLASSES" == "False" ]]; then
+ iniset $NOVA_CONF filter_scheduler use_baremetal_filters True
+ fi
+
+ iniset $NOVA_CONF filter_scheduler host_subset_size 999
+
iniset $NOVA_CONF DEFAULT ram_allocation_ratio 1.0
iniset $NOVA_CONF DEFAULT reserved_host_memory_mb 0
# ironic section
diff --git a/lib/tls b/lib/tls
index 6a3d260..7bde5e6 100644
--- a/lib/tls
+++ b/lib/tls
@@ -533,10 +533,9 @@
ProxyPassReverse http://$b_host:$b_port/
</Location>
ErrorLog $APACHE_LOG_DIR/tls-proxy_error.log
- ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] [frontend\ %A] %M% ,\ referer\ %{Referer}i"
+ ErrorLogFormat "%{cu}t [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] [frontend\ %A] %M% ,\ referer\ %{Referer}i"
LogLevel info
- CustomLog $APACHE_LOG_DIR/tls-proxy_access.log common
- LogFormat "%v %h %l %u %t \"%r\" %>s %b"
+ CustomLog $APACHE_LOG_DIR/tls-proxy_access.log "%{%Y-%m-%d}t %{%T}t.%{msec_frac}t [%l] %a \"%r\" %>s %b"
</VirtualHost>
EOF
if is_suse ; then
diff --git a/openrc b/openrc
index 23c173c..37724c5 100644
--- a/openrc
+++ b/openrc
@@ -84,7 +84,7 @@
# We currently recommend using the version 3 *identity api*.
#
-# If you don't have a working .stackenv, this is the backup possition
+# If you don't have a working .stackenv, this is the backup position
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000
KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_URI:-$KEYSTONE_BACKUP}
diff --git a/stack.sh b/stack.sh
index 015ee6e..e924182 100755
--- a/stack.sh
+++ b/stack.sh
@@ -30,7 +30,7 @@
# NOTE(sdague): why do we explicitly set locale when running stack.sh?
#
# Devstack is written in bash, and many functions used throughout
-# devstack process text comming off a command (like the ip command)
+# devstack process text coming off a command (like the ip command)
# and do transforms using grep, sed, cut, awk on the strings that are
# returned. Many of these programs are interationalized, which is
# great for end users, but means that the strings that devstack
diff --git a/stackrc b/stackrc
index 877da82..b123d8a 100644
--- a/stackrc
+++ b/stackrc
@@ -80,7 +80,7 @@
# CELLSV2_SETUP - how we should configure services with cells v2
#
# - superconductor - this is one conductor for the api services, and
-# one per cell managing the compute services. This is prefered
+# one per cell managing the compute services. This is preferred
# - singleconductor - this is one conductor for the whole deployment,
# this is not recommended, and will be removed in the future.
CELLSV2_SETUP=${CELLSV2_SETUP:-"superconductor"}
@@ -117,7 +117,7 @@
# Whether or not to enable Kernel Samepage Merging (KSM) if available.
# This allows programs that mark their memory as mergeable to share
# memory pages if they are identical. This is particularly useful with
-# libvirt backends. This reduces memory useage at the cost of CPU overhead
+# libvirt backends. This reduces memory usage at the cost of CPU overhead
# to scan memory. We default to enabling it because we tend to be more
# memory constrained than CPU bound.
ENABLE_KSM=$(trueorfalse True ENABLE_KSM)
@@ -174,10 +174,7 @@
# if we are forcing off USE_SCREEN (as we do in the gate), force on
# systemd. This allows us to drop one of 3 paths through the code.
if [[ "$USE_SCREEN" == "False" ]]; then
- # Remove in Pike: this gets us through grenade upgrade
- if [[ "$GRENADE_PHASE" != "target" ]]; then
- USE_SYSTEMD="True"
- fi
+ USE_SYSTEMD="True"
fi
# Default for log coloring is based on interactive-or-not.
diff --git a/tools/install_prereqs.sh b/tools/install_prereqs.sh
index 9334910..6189085 100755
--- a/tools/install_prereqs.sh
+++ b/tools/install_prereqs.sh
@@ -89,17 +89,10 @@
fi
if is_suse; then
- # novnc has an extraneous dependency on pyOpenSSL, which causes symbol conflicts
- # in the bundled libssl of python-cryptography. when both are loaded into the same
- # process, they start hanging or segfaulting.
- install_package novnc
- # deinstall the extra but irrelevant dependencies
- sudo rpm -e --nodeps python-cffi python-cryptography python-pyOpenSSL
- # reinstall cffi which got overwriten by the package.
- sudo pip install -I cffi
# now reinstall cryptography from source, in order to rebuilt it against the
# system libssl rather than the bundled openSSL 1.1, which segfaults when combined
- # with the system provided (which libpython links against) openSSL 1.0
+ # with a system provided openSSL 1.0
+ # see https://github.com/pyca/cryptography/issues/3804 and followup issues
sudo pip install cryptography --no-binary :all:
fi
diff --git a/tools/memory_tracker.sh b/tools/memory_tracker.sh
index cbdeb8f..63f25ca 100755
--- a/tools/memory_tracker.sh
+++ b/tools/memory_tracker.sh
@@ -88,7 +88,7 @@
# list processes that lock memory from swap
if [[ $unevictable -ne $unevictable_point ]]; then
unevictable_point=$unevictable
- ${PYTHON} ./tools/mlock_report.py
+ ${PYTHON} $(dirname $0)/mlock_report.py
fi
echo "]]]"
diff --git a/tox.ini b/tox.ini
index cc7c544..46b15f4 100644
--- a/tox.ini
+++ b/tox.ini
@@ -37,9 +37,9 @@
deps =
Pygments
docutils
- sphinx>=1.5.1,<1.6.1
+ sphinx>=1.6.2
pbr>=2.0.0,!=2.1.0
- oslosphinx
+ openstackdocstheme>=1.11.0
nwdiag
blockdiag
sphinxcontrib-blockdiag
@@ -53,8 +53,8 @@
[testenv:venv]
deps =
pbr>=2.0.0,!=2.1.0
- sphinx>=1.5.1,<1.6.1
- oslosphinx
+ sphinx>=1.6.2
+ openstackdocstheme>=1.11.0
blockdiag
sphinxcontrib-blockdiag
sphinxcontrib-nwdiag