Merge "default gateway regex: use exact match for iface name"
diff --git a/README.md b/README.rst
similarity index 88%
rename from README.md
rename to README.rst
index ff5598b..dfa68b9 100644
--- a/README.md
+++ b/README.rst
@@ -1,6 +1,7 @@
DevStack is a set of scripts and utilities to quickly deploy an OpenStack cloud.
-# Goals
+Goals
+=====
* To quickly build dev OpenStack environments in a clean Ubuntu or Fedora
environment
@@ -20,12 +21,13 @@
networking configuration. We strongly recommend that you run `stack.sh`
in a clean and disposable vm when you are first getting started.
-# Versions
+Versions
+========
The DevStack master branch generally points to trunk versions of OpenStack
components. For older, stable versions, look for branches named
stable/[release] in the DevStack repo. For example, you can do the
-following to create a Newton OpenStack cloud:
+following to create a Newton OpenStack cloud::
git checkout stable/newton
./stack.sh
@@ -38,7 +40,8 @@
GLANCE_REPO=git://git.openstack.org/openstack/glance.git
GLANCE_BRANCH=milestone-proposed
-# Start A Dev Cloud
+Start A Dev Cloud
+=================
Installing in a dedicated disposable VM is safer than installing on your
dev machine! Plus you can pick one of the supported Linux distros for
@@ -54,14 +57,15 @@
* Keystone: http://myhost:5000/v2.0/
We also provide an environment file that you can use to interact with your
-cloud via CLI:
+cloud via CLI::
# source openrc file to load your environment with OpenStack CLI creds
. openrc
# list instances
- nova list
+ openstack server list
-# DevStack Execution Environment
+DevStack Execution Environment
+==============================
DevStack runs rampant over the system it runs on, installing things and
uninstalling other things. Running this on a system you care about is a recipe
@@ -81,10 +85,12 @@
it runs under. Many people simply use their usual login (the default
'ubuntu' login on a UEC image for example).
-# Customizing
+Customizing
+===========
DevStack can be extensively configured via the configuration file
`local.conf`. It is likely that you will need to provide and modify
this file if you want anything other than the most basic setup. Start
-by reading the [configuration guide](doc/source/configuration.rst) for
-details of the configuration file and the many available options.
+by reading the `configuration guide
+<https://docs.openstack.org/developer/devstack/configuration.html>_`
+for details of the configuration file and the many available options.
diff --git a/clean.sh b/clean.sh
index 90b21eb..ef38fbf 100755
--- a/clean.sh
+++ b/clean.sh
@@ -64,13 +64,8 @@
done
fi
-# See if there is anything running...
-# need to adapt when run_service is merged
-SESSION=$(screen -ls | awk '/[0-9].stack/ { print $1 }')
-if [[ -n "$SESSION" ]]; then
- # Let unstack.sh do its thing first
- $TOP_DIR/unstack.sh --all
-fi
+# Let unstack.sh do its thing first
+$TOP_DIR/unstack.sh --all
# Run extras
# ==========
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 53ae82f..318e044 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -278,43 +278,22 @@
LOGDAYS=1
-The some of the project logs (Nova, Cinder, etc) will be colorized by
-default (if ``SYSLOG`` is not set below); this can be turned off by
-setting ``LOG_COLOR`` to ``False``.
-
- ::
+Some coloring is used during the DevStack runs to make it easier to
+see what is going on. This can be disabled with::
LOG_COLOR=False
Logging the Service Output
~~~~~~~~~~~~~~~~~~~~~~~~~~
-DevStack will log the ``stdout`` output of the services it starts.
-When using ``screen`` this logs the output in the screen windows to a
-file. Without ``screen`` this simply redirects stdout of the service
-process to a file in ``LOGDIR``.
+By default, services run under ``systemd`` and are natively logging to
+the systemd journal.
- ::
+To query the logs use the ``journalctl`` command, such as::
- LOGDIR=$DEST/logs
+ journalctl --unit devstack@*
-Note the use of ``DEST`` to locate the main install directory; this
-is why we suggest setting it in ``local.conf``.
-
-Enabling Syslog
-~~~~~~~~~~~~~~~
-
-Logging all services to a single syslog can be convenient. Enable
-syslogging by setting ``SYSLOG`` to ``True``. If the destination log
-host is not localhost ``SYSLOG_HOST`` and ``SYSLOG_PORT`` can be used
-to direct the message stream to the log host.
-
- ::
-
- SYSLOG=True
- SYSLOG_HOST=$HOST_IP
- SYSLOG_PORT=516
-
+More examples can be found in :ref:`journalctl-examples`.
Example Logging Configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -326,7 +305,6 @@
[[local|localrc]]
DEST=/opt/stack/
- LOGDIR=$DEST/logs
LOGFILE=$LOGDIR/stack.sh.log
LOG_COLOR=False
@@ -587,9 +565,7 @@
Swift is disabled by default. When enabled, it is configured with
only one replica to avoid being IO/memory intensive on a small
-VM. When running with only one replica the account, container and
-object services will run directly in screen. The others services like
-replicator, updaters or auditor runs in background.
+VM.
If you would like to enable Swift you can add this to your ``localrc``
section:
@@ -630,7 +606,7 @@
act as a S3 endpoint for Keystone so effectively replacing the
``nova-objectstore``.
-Only Swift proxy server is launched in the screen session all other
+Only Swift proxy server is launched in the systemd system all other
services are started in background and managed by ``swift-init`` tool.
Heat
diff --git a/doc/source/development.rst b/doc/source/development.rst
index 776ac6c..957de9b 100644
--- a/doc/source/development.rst
+++ b/doc/source/development.rst
@@ -8,56 +8,33 @@
Inspecting Services
===================
-By default most services in DevStack are running in a `screen
-<https://www.gnu.org/software/screen/manual/screen.html>`_
-session.
+By default most services in DevStack are running as `systemd` units
+named `devstack@$servicename.service`. You can see running services
+with.
.. code-block:: bash
- os3:~> screen -list
- There is a screen on:
- 28994.stack (08/10/2016 09:01:33 PM) (Detached)
- 1 Socket in /var/run/screen/S-sdague.
+ sudo systemctl status "devstack@*"
-You can attach to this screen session using ``screen -r`` which gives
-you a view of the services in action.
-
-.. image:: assets/images/screen_session_1.png
- :width: 100%
-
-Basic Screen Commands
----------------------
-
-The following minimal commands will be useful to using screen:
-
-* ``ctrl-a n`` - go to next window. Next is assumed to be right of
- current window.
-* ``ctrl-a p`` - go to previous window. Previous is assumed to be left
- of current window.
-* ``ctrl-a [`` - entry copy/scrollback mode. This allows you to
- navigate back through the logs with the up arrow.
-* ``ctrl-a d`` - detach from screen. Gets you back to a normal
- terminal, while leaving everything running.
-
-For more about using screen, see the excellent `screen manual
-<https://www.gnu.org/software/screen/manual/screen.html>`_.
+To learn more about the basics of systemd, see :doc:`/systemd`
Patching a Service
==================
If you want to make a quick change to a running service the easiest
-way to do this is:
+way to do that is to change the code directly in /opt/stack/$service
+and then restart the affected daemons.
-* attach to screen
-* navigate to the window in question
-* ``ctrl-c`` to kill the service
-* make appropriate changes to the code
-* ``up arrow`` in the screen window to display the command used to run
- that service
-* ``enter`` to restart the service
+.. code-block:: bash
-This works for services, except those running under Apache (currently
-just ``keystone`` by default).
+ sudo systemctl restart devstack@n-cpu.service
+
+If your change impacts more than one daemon you can restart by
+wildcard as well.
+
+.. code-block:: bash
+
+ sudo systemctl restart "devstack@n-*"
.. warning::
@@ -102,14 +79,6 @@
NOVA_BRANCH=refs/changes/10/353710/1
-Testing Changes to Apache Based Services
-========================================
-
-When testing changes to Apache based services, such as ``keystone``,
-you can either use the Testing a Patch Series approach above, or make
-changes in the code tree and issue an apache restart.
-
-
Testing Changes to Libraries
============================
@@ -132,9 +101,17 @@
OSLOPOLICY_REPO=/home/sdague/oslo.policy
OSLOPOLICY_BRANCH=better_exception
-Because libraries are used by many services, library changes really
-need to go through a full ``./unstack.sh && ./stack.sh`` to see your
-changes in action.
+As libraries are not installed `editable` by pip, after you make any
+local changes you will need to:
-To figure out the repo / branch names for every library that's
-supported, you'll need to read the devstack source.
+* cd to top of library path
+* sudo pip install -U .
+* restart all services you want to use the new library
+
+You can do that with wildcards such as
+
+.. code-block:: bash
+
+ sudo systemctl restart "devstack@n-*"
+
+which will restart all nova services.
diff --git a/doc/source/faq.rst b/doc/source/faq.rst
index f03304f..cb2f328 100644
--- a/doc/source/faq.rst
+++ b/doc/source/faq.rst
@@ -41,8 +41,9 @@
~~~~~~~~~~~~~~~~~~~~~
Unlike packages, DevStack leaves your cloud ready to develop -
-checkouts of the code and services running in screen. However, many
-people are doing the hard work of packaging and recipes for production
+checkouts of the code and services running locally under systemd,
+making it easy to hack on and test new patches. However, many people
+are doing the hard work of packaging and recipes for production
deployments.
Why isn't $MY\_FAVORITE\_DISTRO supported?
diff --git a/doc/source/overview.rst b/doc/source/overview.rst
index d245035..e648193 100644
--- a/doc/source/overview.rst
+++ b/doc/source/overview.rst
@@ -20,11 +20,11 @@
*The OpenStack Technical Committee (TC) has defined the current CI
strategy to include the latest Ubuntu release and the latest RHEL
-release (for Python 2.6 testing).*
+release.*
- Ubuntu: current LTS release plus current development release
- Fedora: current release plus previous release
-- RHEL: current major release
+- RHEL/Centos: current major release
- Other OS platforms may continue to be included but the maintenance of
those platforms shall not be assumed simply due to their presence.
Having a listed point-of-contact for each additional OS will greatly
@@ -38,7 +38,6 @@
*As packaged by the host OS*
- MySQL
-- PostgreSQL
Queues
------
@@ -46,7 +45,6 @@
*As packaged by the host OS*
- Rabbit
-- Qpid
Web Server
----------
@@ -58,9 +56,6 @@
OpenStack Network
-----------------
-*Defaults to nova network, optionally use neutron*
-
-- Nova Network: FlatDHCP
- Neutron: A basic configuration approximating the original FlatDHCP
mode using linuxbridge or OpenVSwitch.
@@ -68,9 +63,9 @@
--------
The default services configured by DevStack are Identity (keystone),
-Object Storage (swift), Image Service (glance), Block Storage (cinder),
-Compute (nova), Networking (nova), Dashboard (horizon), Orchestration
-(heat)
+Object Storage (swift), Image Service (glance), Block Storage
+(cinder), Compute (nova), Networking (neutron), Dashboard (horizon),
+Orchestration (heat)
Additional services not included directly in DevStack can be tied in to
``stack.sh`` using the :doc:`plugin mechanism <plugins>` to call
@@ -80,8 +75,7 @@
-------------------
- single node
-- multi-node is not tested regularly by the core team, and even then
- only minimal configurations are reviewed
+- multi-node configurations as are tested by the gate
Exercises
---------
diff --git a/doc/source/site-map.rst b/doc/source/site-map.rst
index 801fc66..022cc73 100644
--- a/doc/source/site-map.rst
+++ b/doc/source/site-map.rst
@@ -21,3 +21,4 @@
development
hacking
guides
+ systemd
diff --git a/SYSTEMD.rst b/doc/source/systemd.rst
similarity index 84%
rename from SYSTEMD.rst
rename to doc/source/systemd.rst
index 729fdf4..efe79e4 100644
--- a/SYSTEMD.rst
+++ b/doc/source/systemd.rst
@@ -2,12 +2,7 @@
Using Systemd in DevStack
===========================
-.. note::
-
- This is an in progress document as we work out the way forward here
- with DevStack and systemd.
-
-DevStack can be run with all the services as systemd unit
+By default DevStack is run with all the services as systemd unit
files. Systemd is now the default init system for nearly every Linux
distro, and systemd encodes and solves many of the problems related to
poorly running processes.
@@ -25,12 +20,6 @@
than one service, and needing to restart a bunch of services for that
to take effect.
-To enable this add the following to your local.conf::
-
- USE_SYSTEMD=True
-
-
-
Unit Structure
==============
@@ -42,8 +31,9 @@
code is left in place in case we can switch back later.
All DevStack user units are created as a part of the DevStack slice
-given the name ``devstack@$servicename.service``. This lets us do
-certain operations at the slice level.
+given the name ``devstack@$servicename.service``. This makes it easy
+to understand which services are part of the devstack run, and lets us
+disable / stop them in a single command.
Manipulating Units
==================
@@ -89,6 +79,8 @@
We'll eventually make the unit names a bit more meaningful so that
it's easier to understand what you are restarting.
+.. _journalctl-examples:
+
Querying Logs
=============
@@ -126,7 +118,7 @@
into the ``systemd`` namespace, which can cause some issues.
- ``systemd-python`` - this is the upstream maintained library, it has
- a version number like systemd itself (currently ``233``). This is
+ a version number like systemd itself (currently ``234``). This is
the one you want.
- ``systemd`` - a python 3 only library, not what you want.
- ``python-systemd`` - another library you don't want. Installing it
@@ -145,20 +137,6 @@
Future Work
===========
-oslo.log journald
------------------
-
-Journald has an extremely rich mechanism for direct logging including
-structured metadata. We should enhance oslo.log to take advantage of
-that. It would let us do things like::
-
- journalctl REQUEST_ID=......
-
- journalctl INSTANCE_ID=......
-
-And get all lines related to the request id or instance id. (Note:
-this work has been started at https://review.openstack.org/#/c/451525/)
-
log colorizing
--------------
diff --git a/files/debs/general b/files/debs/general
index 20490c6..1dde03b 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -17,6 +17,7 @@
libmysqlclient-dev # MySQL-python
libpq-dev # psycopg2
libssl-dev # for pyOpenSSL
+libsystemd-dev # for systemd-python
libxml2-dev # lxml
libxslt1-dev # lxml
libyaml-dev
@@ -26,10 +27,8 @@
pkg-config
psmisc
python2.7
-python3-systemd
python-dev
python-gdbm # needed for testr
-python-systemd
screen
tar
tcpdump
diff --git a/files/rpms/general b/files/rpms/general
index 106aa6a..1393d18 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -29,7 +29,7 @@
python-devel
redhat-rpm-config # missing dep for gcc hardening flags, see rhbz#1217376
screen
-systemd-python
+systemd-devel # for systemd-python
tar
tcpdump
unzip
diff --git a/functions b/functions
index c99e435..8968a18 100644
--- a/functions
+++ b/functions
@@ -606,13 +606,25 @@
function setup_systemd_logging {
local conf_file=$1
local conf_section="DEFAULT"
- iniset $conf_file $conf_section use_journal "True"
+ # NOTE(sdague): this is a nice to have, and means we're using the
+ # native systemd path, which provides for things like search on
+ # request-id. However, there may be an eventlet interaction here,
+ # so going off for now.
+ USE_JOURNAL=$(trueorfalse USE_JOURNAL False)
+ if [[ "$USE_JOURNAL" == "True" ]]; then
+ iniset $conf_file $conf_section use_journal "True"
+ # if we are using the journal directly, our process id is already correct
+ iniset $conf_file $conf_section logging_debug_format_suffix \
+ "{{%(funcName)s %(pathname)s:%(lineno)d}}"
+ else
+ iniset $conf_file $conf_section logging_debug_format_suffix \
+ "{{(pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d}}"
+ fi
+
iniset $conf_file $conf_section logging_context_format_string \
"%(levelname)s %(name)s [%(request_id)s %(project_name)s %(user_name)s] %(instance)s%(message)s"
iniset $conf_file $conf_section logging_default_format_string \
"%(levelname)s %(name)s [-] %(instance)s%(color)s%(message)s"
- iniset $conf_file $conf_section logging_debug_format_suffix \
- "from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d"
iniset $conf_file $conf_section logging_exception_prefix "ERROR %(name)s %(instance)s"
}
diff --git a/functions-common b/functions-common
index 35b4860..965f051 100644
--- a/functions-common
+++ b/functions-common
@@ -1463,6 +1463,7 @@
mkdir -p $SYSTEMD_DIR
iniset -sudo $unitfile "Unit" "Description" "Devstack $service"
+ iniset -sudo $unitfile "Service" "SyslogIdentifier" "$service"
iniset -sudo $unitfile "Service" "User" "$user"
iniset -sudo $unitfile "Service" "ExecStart" "$command"
iniset -sudo $unitfile "Service" "Type" "notify"
@@ -1480,10 +1481,41 @@
$SYSTEMCTL daemon-reload
}
+function _common_systemd_pitfalls {
+ local cmd=$1
+ # do some sanity checks on $cmd to see things we don't expect to work
+
+ if [[ "$cmd" =~ "sudo" ]]; then
+ local msg=<<EOF
+You are trying to use run_process with sudo, this is not going to work under systemd.
+
+If you need to run a service as a user other than $STACK_USER call it with:
+
+ run_process \$name \$cmd \$group \$user
+EOF
+ die $LINENO $msg
+ fi
+
+ if [[ ! "$cmd" =~ ^/ ]]; then
+ local msg=<<EOF
+The cmd="$cmd" does not start with an absolute path. It will fail to
+start under systemd.
+
+Please update your run_process stanza to have an absolute path.
+EOF
+ die $LINENO $msg
+ fi
+
+}
+
+# Helper function to build a basic unit file and run it under systemd.
function _run_under_systemd {
local service=$1
local command="$2"
local cmd=$command
+ # sanity check the command
+ _common_systemd_pitfalls "$cmd"
+
local systemd_service="devstack@$service.service"
local group=$3
local user=${4:-$STACK_USER}
@@ -1495,22 +1527,6 @@
$SYSTEMCTL enable $systemd_service
$SYSTEMCTL start $systemd_service
- _journal_log $service $systemd_service
-}
-
-function _journal_log {
- local service=$1
- local unit=$2
- local logfile="${service}.log.${CURRENT_LOG_TIME}"
- local real_logfile="${LOGDIR}/${logfile}"
- if [[ -n ${LOGDIR} ]]; then
- $JOURNALCTL_F $2 > "$real_logfile" &
- bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${service}.log"
- if [[ -n ${SCREEN_LOGDIR} ]]; then
- # Drop the backward-compat symlink
- ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log
- fi
- fi
}
# Helper to remove the ``*.failure`` files under ``$SERVICE_DIR/$SCREEN_NAME``.
@@ -1543,7 +1559,7 @@
# If an optional group is provided sg will be used to run the
# command as that group.
# Uses globals ``USE_SCREEN``
-# run_process service "command-line" [group]
+# run_process service "command-line" [group] [user]
function run_process {
local service=$1
local command="$2"
@@ -1695,11 +1711,10 @@
SERVICE_DIR=${SERVICE_DIR:-${DEST}/status}
if is_service_enabled $service; then
- # Kill via pid if we have one available
- if [[ "$USE_SYSTEMD" == "True" ]]; then
- # Only do this for units which appear enabled, this also
- # catches units that don't really exist for cases like
- # keystone without a failure.
+ # Only do this for units which appear enabled, this also
+ # catches units that don't really exist for cases like
+ # keystone without a failure.
+ if $SYSTEMCTL is-enabled devstack@$service.service; then
$SYSTEMCTL stop devstack@$service.service
$SYSTEMCTL disable devstack@$service.service
fi
diff --git a/lib/apache b/lib/apache
index afeac15..34ac660 100644
--- a/lib/apache
+++ b/lib/apache
@@ -218,11 +218,6 @@
restart_service $APACHE_NAME
}
-# reload_apache_server
-function reload_apache_server {
- reload_service $APACHE_NAME
-}
-
function write_uwsgi_config {
local file=$1
local wsgi=$2
@@ -267,7 +262,7 @@
apache_conf=$(apache_site_config_for $name)
echo "ProxyPass \"${url}\" \"unix:${socket}|uwsgi://uwsgi-uds-${name}/\" retry=0 " | sudo tee $apache_conf
enable_apache_site $name
- reload_apache_server
+ restart_apache_server
fi
}
diff --git a/lib/glance b/lib/glance
index 23a1cbf..d6438a6 100644
--- a/lib/glance
+++ b/lib/glance
@@ -43,6 +43,7 @@
GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache}
GLANCE_IMAGE_DIR=${GLANCE_IMAGE_DIR:=$DATA_DIR/glance/images}
+GLANCE_LOCK_DIR=${GLANCE_LOCK_DIR:=$DATA_DIR/glance/locks}
GLANCE_AUTH_CACHE_DIR=${GLANCE_AUTH_CACHE_DIR:-/var/cache/glance}
GLANCE_CONF_DIR=${GLANCE_CONF_DIR:-/etc/glance}
@@ -116,6 +117,7 @@
iniset $GLANCE_API_CONF database connection $dburl
iniset $GLANCE_API_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_API_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
+ iniset $GLANCE_API_CONF DEFAULT lock_path $GLANCE_LOCK_DIR
iniset $GLANCE_API_CONF paste_deploy flavor keystone+cachemanagement
configure_auth_token_middleware $GLANCE_API_CONF glance $GLANCE_AUTH_CACHE_DIR/api
iniset $GLANCE_API_CONF oslo_messaging_notifications driver messagingv2
@@ -205,7 +207,7 @@
iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG
iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_url
- iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI/v3
+ iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_AUTH_URI
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_tenant_name
iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME
iniuncomment $GLANCE_CACHE_CONF DEFAULT auth_user
diff --git a/lib/keystone b/lib/keystone
index a26ef8a..4bb6893 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -113,8 +113,9 @@
KEYSTONE_SERVICE_PROTOCOL="https"
fi
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_admin
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
+# for compat
+KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI
# V3 URIs
KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
@@ -140,15 +141,16 @@
# cleanup_keystone() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_keystone {
- if [[ "$WSGI_MODE" == "uwsgi" ]]; then
- remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
- remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
- sudo rm -f $(apache_site_config_for keystone-wsgi-public)
- sudo rm -f $(apache_site_config_for keystone-wsgi-admin)
- else
- disable_apache_site keystone
- sudo rm -f $(apache_site_config_for keystone)
- fi
+ # TODO: remove admin at pike-2
+ # These files will be created if we are running WSGI_MODE="uwsgi"
+ remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
+ remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
+ sudo rm -f $(apache_site_config_for keystone-wsgi-public)
+ sudo rm -f $(apache_site_config_for keystone-wsgi-admin)
+
+ # These files will be created if we are running WSGI_MODE="mod_wsgi"
+ disable_apache_site keystone
+ sudo rm -f $(apache_site_config_for keystone)
}
# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone
@@ -265,9 +267,7 @@
fi
# Format logging
- if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$KEYSTONE_DEPLOY" != "mod_wsgi" ] ; then
- setup_colorized_logging $KEYSTONE_CONF
- fi
+ setup_logging $KEYSTONE_CONF
iniset $KEYSTONE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
@@ -434,14 +434,13 @@
local section=${4:-keystone_authtoken}
iniset $conf_file $section auth_type password
- iniset $conf_file $section auth_url $KEYSTONE_AUTH_URI
+ iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI
iniset $conf_file $section username $admin_user
iniset $conf_file $section password $SERVICE_PASSWORD
iniset $conf_file $section user_domain_name "$SERVICE_DOMAIN_NAME"
iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
- iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
iniset $conf_file $section cafile $SSL_BUNDLE_FILE
iniset $conf_file $section signing_dir $signing_dir
iniset $conf_file $section memcached_servers $SERVICE_HOST:11211
@@ -544,11 +543,7 @@
tail_log key /var/log/$APACHE_NAME/keystone.log
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
else # uwsgi
- # TODO(sdague): we should really get down to a single keystone here
- enable_service key-p
- enable_service key-a
- run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
- run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" ""
+ run_process keystone "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
fi
echo "Waiting for keystone to start..."
@@ -579,9 +574,9 @@
disable_apache_site keystone
restart_apache_server
else
- stop_process key-p
- stop_process key-a
+ stop_process keystone
remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
+ # TODO(remove in at pike-2)
remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
fi
# Kill the Keystone screen window
diff --git a/lib/neutron b/lib/neutron
index 492a0ee..941a697 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -226,17 +226,12 @@
iniset $NEUTRON_META_CONF agent root_helper_daemon "$NEUTRON_ROOTWRAP_DAEMON_CMD"
# TODO(dtroyer): remove the v2.0 hard code below
- iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI/v2.0
+ iniset $NEUTRON_META_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI
configure_auth_token_middleware $NEUTRON_META_CONF neutron $NEUTRON_AUTH_CACHE_DIR DEFAULT
fi
# Format logging
- if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
- setup_colorized_logging $NEUTRON_CONF DEFAULT project_id
- else
- # Show user_name and project_name by default
- iniset $NEUTRON_CONF DEFAULT logging_context_format_string "%(asctime)s.%(msecs)03d %(levelname)s %(name)s [%(request_id)s %(user_name)s %(project_name)s] %(instance)s%(message)s"
- fi
+ setup_logging $NEUTRON_CONF
if is_service_enabled tls-proxy; then
# Set the service port for a proxy to take the original
@@ -284,7 +279,7 @@
function configure_neutron_nova_new {
iniset $NOVA_CONF DEFAULT use_neutron True
iniset $NOVA_CONF neutron auth_type "password"
- iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_URI/v3"
+ iniset $NOVA_CONF neutron auth_url "$KEYSTONE_SERVICE_URI"
iniset $NOVA_CONF neutron username neutron
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
iniset $NOVA_CONF neutron user_domain_name "Default"
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index a409164..67cf110 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -20,6 +20,7 @@
# - init_neutron_third_party
# - start_neutron_third_party
# - create_nova_conf_neutron
+# - configure_neutron_after_post_config
# - start_neutron_service_and_check
# - check_neutron_third_party_integration
# - start_neutron_agents
@@ -331,7 +332,6 @@
_configure_neutron_common
iniset_rpc_backend neutron $NEUTRON_CONF
- # goes before q-svc to init Q_SERVICE_PLUGIN_CLASSES
if is_service_enabled q-metering; then
_configure_neutron_metering
fi
@@ -368,7 +368,7 @@
function create_nova_conf_neutron {
iniset $NOVA_CONF DEFAULT use_neutron True
iniset $NOVA_CONF neutron auth_type "password"
- iniset $NOVA_CONF neutron auth_url "$KEYSTONE_AUTH_URI/v3"
+ iniset $NOVA_CONF neutron auth_url "$KEYSTONE_AUTH_URI"
iniset $NOVA_CONF neutron username "$Q_ADMIN_USERNAME"
iniset $NOVA_CONF neutron password "$SERVICE_PASSWORD"
iniset $NOVA_CONF neutron user_domain_name "$SERVICE_DOMAIN_NAME"
@@ -446,6 +446,13 @@
fi
}
+# Finish neutron configuration
+function configure_neutron_after_post_config {
+ if [[ $Q_SERVICE_PLUGIN_CLASSES != '' ]]; then
+ iniset $NEUTRON_CONF DEFAULT service_plugins $Q_SERVICE_PLUGIN_CLASSES
+ fi
+}
+
# Start running processes, including screen
function start_neutron_service_and_check {
local service_port=$Q_PORT
@@ -794,10 +801,6 @@
# Update either configuration file with plugin
iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS
- if [[ $Q_SERVICE_PLUGIN_CLASSES != '' ]]; then
- iniset $NEUTRON_CONF DEFAULT service_plugins $Q_SERVICE_PLUGIN_CLASSES
- fi
-
iniset $NEUTRON_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL
iniset $NEUTRON_CONF oslo_policy policy_file $Q_POLICY_FILE
iniset $NEUTRON_CONF DEFAULT allow_overlapping_ips $Q_ALLOW_OVERLAPPING_IP
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index c9544fe..7d47ef0 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -49,7 +49,7 @@
iniset $NOVA_CONF ironic auth_type password
iniset $NOVA_CONF ironic username admin
iniset $NOVA_CONF ironic password $ADMIN_PASSWORD
- iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI/v3
+ iniset $NOVA_CONF ironic auth_url $KEYSTONE_AUTH_URI
iniset $NOVA_CONF ironic project_domain_id default
iniset $NOVA_CONF ironic user_domain_id default
iniset $NOVA_CONF ironic project_name demo
diff --git a/lib/placement b/lib/placement
index 4755a58..ad12824 100644
--- a/lib/placement
+++ b/lib/placement
@@ -69,6 +69,7 @@
# cleanup_placement() - Remove residual data files, anything left over from previous
# runs that a clean run would need to clean up
function cleanup_placement {
+ sudo rm -f $(apache_site_config_for nova-placement-api)
sudo rm -f $(apache_site_config_for placement-api)
}
@@ -102,7 +103,7 @@
function configure_placement_nova_compute {
iniset $NOVA_CONF placement auth_type "password"
- iniset $NOVA_CONF placement auth_url "$KEYSTONE_SERVICE_URI/v3"
+ iniset $NOVA_CONF placement auth_url "$KEYSTONE_SERVICE_URI"
iniset $NOVA_CONF placement username placement
iniset $NOVA_CONF placement password "$SERVICE_PASSWORD"
iniset $NOVA_CONF placement user_domain_name "$SERVICE_DOMAIN_NAME"
diff --git a/lib/tempest b/lib/tempest
index f19686a..fd8e3e7 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -11,6 +11,7 @@
# - ``DEST``, ``FILES``
# - ``ADMIN_PASSWORD``
# - ``DEFAULT_IMAGE_NAME``
+# - ``DEFAULT_IMAGE_FILE_NAME``
# - ``S3_SERVICE_PORT``
# - ``SERVICE_HOST``
# - ``BASE_SQL_CONN`` ``lib/database`` declares
@@ -278,6 +279,10 @@
iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
fi
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
+ if [[ "$TEMPEST_AUTH_VERSION" != "v2.0" ]]; then
+ # we're going to disable v2 admin unless we're using v2.0 by default.
+ iniset $TEMPEST_CONFIG identity-feature-enabled api_v2_admin False
+ fi
if is_service_enabled tls-proxy; then
iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
@@ -415,7 +420,7 @@
iniset $TEMPEST_CONFIG scenario img_container_format ovf
else
SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES}
- SCENARIO_IMAGE_FILE=$DEFAULT_IMAGE_NAME
+ SCENARIO_IMAGE_FILE=$DEFAULT_IMAGE_FILE_NAME
fi
iniset $TEMPEST_CONFIG scenario img_dir $SCENARIO_IMAGE_DIR
iniset $TEMPEST_CONFIG scenario img_file $SCENARIO_IMAGE_FILE
diff --git a/lib/tls b/lib/tls
index 7a7b104..238687c 100644
--- a/lib/tls
+++ b/lib/tls
@@ -526,12 +526,7 @@
enable_apache_mod $mod
done
enable_apache_site $b_service
- # Only a reload is required to pull in new vhosts
- # Note that a restart reliably fails on centos7 and trusty
- # because apache can't open port 80 because the old apache
- # still has it open. Using reload fixes trusty but centos7
- # still doesn't work.
- reload_apache_server
+ restart_apache_server
}
# Follow TLS proxy
diff --git a/openrc b/openrc
index 4cdb50e..38f5c47 100644
--- a/openrc
+++ b/openrc
@@ -77,6 +77,9 @@
# Identity API version
export OS_IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-3}
+# Ask keystoneauth1 to use keystone
+export OS_AUTH_TYPE=password
+
# Authenticating against an OpenStack cloud using Keystone returns a **Token**
# and **Service Catalog**. The catalog contains the endpoints for all services
# the user/project has access to - including nova, glance, keystone, swift, ...
diff --git a/setup.cfg b/setup.cfg
index e4b2888..3487f65 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -2,7 +2,7 @@
name = DevStack
summary = OpenStack DevStack
description-file =
- README.md
+ README.rst
author = OpenStack
author-email = openstack-dev@lists.openstack.org
home-page = http://docs.openstack.org/developer/devstack
diff --git a/stack.sh b/stack.sh
index 31ea2e1..9fdb47e 100755
--- a/stack.sh
+++ b/stack.sh
@@ -746,6 +746,13 @@
# Do the ugly hacks for broken packages and distros
source $TOP_DIR/tools/fixup_stuff.sh
+if [[ "$USE_SYSTEMD" == "True" ]]; then
+ pip_install_gr systemd-python
+ # the default rate limit of 1000 messages / 30 seconds is not
+ # sufficient given how verbose our logging is.
+ iniset -sudo /etc/systemd/journald.conf "Journal" "RateLimitBurst" "0"
+ sudo systemctl restart systemd-journald
+fi
# Virtual Environment
# -------------------
@@ -1261,6 +1268,7 @@
start_neutron_api
elif is_service_enabled q-svc; then
echo_summary "Starting Neutron"
+ configure_neutron_after_post_config
start_neutron_service_and_check
elif is_service_enabled $DATABASE_BACKENDS && is_service_enabled n-net; then
NM_CONF=${NOVA_CONF}
@@ -1470,6 +1478,13 @@
echo_summary "WARNING: $DEPRECATED_TEXT"
fi
+# If USE_SYSTEMD is enabled, tell the user about using it.
+if [[ "$USE_SYSTEMD" == "True" ]]; then
+ echo "Services are running under systemd unit files."
+ echo "For more information see: "
+ echo "https://docs.openstack.org/developer/devstack/systemd.html"
+fi
+
# Indicate how long this took to run (bash maintained variable ``SECONDS``)
echo_summary "stack.sh completed in $SECONDS seconds."
diff --git a/stackrc b/stackrc
index ed1cf6e..1300f45 100644
--- a/stackrc
+++ b/stackrc
@@ -80,12 +80,19 @@
# Set the root URL for Horizon
HORIZON_APACHE_ROOT="/dashboard"
+# TODO(sdague): Queens
+#
+# All the non systemd paths should be removed in queens, they only
+# exist in Pike to support testing from grenade. Ensure that all this
+# is cleaned up and purged, which should dramatically simplify the
+# devstack codebase.
+
# Whether to use 'dev mode' for screen windows. Dev mode works by
# stuffing text into the screen windows so that a developer can use
# ctrl-c, up-arrow, enter to restart the service. Starting services
# this way is slightly unreliable, and a bit slower, so this can
# be disabled for automated testing by setting this value to False.
-USE_SCREEN=$(trueorfalse True USE_SCREEN)
+USE_SCREEN=$(trueorfalse False USE_SCREEN)
# Whether to use SYSTEMD to manage services
USE_SYSTEMD=$(trueorfalse False USE_SYSTEMD)
@@ -100,9 +107,6 @@
JOURNALCTL_F="journalctl -f -o short-precise --unit"
fi
-if [[ "$USE_SYSTEMD" == "True" ]]; then
- USE_SCREEN=False
-fi
# Whether or not to enable Kernel Samepage Merging (KSM) if available.
# This allows programs that mark their memory as mergeable to share
@@ -157,6 +161,19 @@
source $RC_DIR/.localrc.auto
fi
+# TODO(sdague): Delete all this in Queens.
+if [[ "$USE_SYSTEMD" == "True" ]]; then
+ USE_SCREEN=False
+fi
+# if we are forcing off USE_SCREEN (as we do in the gate), force on
+# systemd. This allows us to drop one of 3 paths through the code.
+if [[ "$USE_SCREEN" == "False" ]]; then
+ # Remove in Pike: this gets us through grenade upgrade
+ if [[ "$GRENADE_PHASE" != "target" ]]; then
+ USE_SYSTEMD="True"
+ fi
+fi
+
# Default for log coloring is based on interactive-or-not.
# Baseline assumption is that non-interactive invocations are for CI,
# where logs are to be presented as browsable text files; hence color
@@ -687,17 +704,21 @@
case "$LIBVIRT_TYPE" in
lxc) # the cirros root disk in the uec tarball is empty, so it will not work for lxc
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs}
- IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz";;
+ DEFAULT_IMAGE_FILE_NAME=${DEFAULT_IMAGE_FILE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz}
+ IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/${DEFAULT_IMAGE_FILE_NAME}";;
*) # otherwise, use the qcow image
- DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img}
- IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img";;
+ DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk}
+ DEFAULT_IMAGE_FILE_NAME=${DEFAULT_IMAGE_FILE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img}
+ IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/${DEFAULT_IMAGE_FILE_NAME}";;
esac
;;
vsphere)
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.2-i386-disk.vmdk}
- IMAGE_URLS+="http://partnerweb.vmware.com/programs/vmdkimage/cirros-0.3.2-i386-disk.vmdk";;
+ DEFAULT_IMAGE_FILE_NAME=${DEFAULT_IMAGE_FILE_NAME:-$DEFAULT_IMAGE_NAME}
+ IMAGE_URLS+="http://partnerweb.vmware.com/programs/vmdkimage/${DEFAULT_IMAGE_FILE_NAME}";;
xenserver)
DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.4-x86_64-disk}
+ DEFAULT_IMAGE_FILE_NAME=${DEFAULT_IMAGE_NAME:-cirros-0.3.4-x86_64-disk.vhd.tgz}
IMAGE_URLS+="http://ca.downloads.xensource.com/OpenStack/cirros-0.3.4-x86_64-disk.vhd.tgz"
IMAGE_URLS+=",http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-x86_64-uec.tar.gz";;
esac