Merge "Don't mix declaration and set of locals"
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 7ca82c7..aae4f33 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -408,6 +408,28 @@
IMAGE_URLS="http://foo.bar.com/image.qcow,"
IMAGE_URLS+="http://foo.bar.com/image2.qcow"
+
+Instance Type
+-------------
+
+``DEFAULT_INSTANCE_TYPE`` can be used to configure the default instance
+type. When this parameter is not specified, Devstack creates additional
+micro & nano flavors for really small instances to run Tempest tests.
+
+For guests with larger memory requirements, ``DEFAULT_INSTANCE_TYPE``
+should be specified in the configuration file so Tempest selects the
+default flavors instead.
+
+KVM on Power with QEMU 2.4 requires 512 MB to load the firmware -
+`QEMU 2.4 - PowerPC <http://wiki.qemu.org/ChangeLog/2.4>`__ so users
+running instances on ppc64/ppc64le can choose one of the default
+created flavors as follows:
+
+ ::
+
+ DEFAULT_INSTANCE_TYPE=m1.tiny
+
+
IP Version
----------
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 1530a84..5660bc5 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -128,7 +128,7 @@
MULTI_HOST=1
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=labstack
- MYSQL_PASSWORD=supersecret
+ DATABASE_PASSWORD=supersecret
RABBIT_PASSWORD=supersecrete
SERVICE_PASSWORD=supersecrete
SERVICE_TOKEN=xyzpdqlazydog
@@ -169,7 +169,7 @@
MULTI_HOST=1
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=labstack
- MYSQL_PASSWORD=supersecret
+ DATABASE_PASSWORD=supersecret
RABBIT_PASSWORD=supersecrete
SERVICE_PASSWORD=supersecrete
SERVICE_TOKEN=xyzpdqlazydog
diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst
index 2973eb6..5891f68 100644
--- a/doc/source/guides/neutron.rst
+++ b/doc/source/guides/neutron.rst
@@ -52,7 +52,7 @@
RABBIT_HOST=172.18.161.6
GLANCE_HOSTPORT=172.18.161.6:9292
ADMIN_PASSWORD=secrete
- MYSQL_PASSWORD=secrete
+ DATABASE_PASSWORD=secrete
RABBIT_PASSWORD=secrete
SERVICE_PASSWORD=secrete
SERVICE_TOKEN=secrete
@@ -72,20 +72,57 @@
+Neutron Networking with Open vSwitch and Provider Networks
+==========================================================
+
+In some instances, it is desirable to use neutron's provider
+networking extension, so that networks that are configured on an
+external router can be utilized by neutron, and instances created via
+Nova can attach to the network managed by the external router.
+
+For example, in some lab environments, a hardware router has been
+pre-configured by another party, and an OpenStack developer has been
+given a VLAN tag and IP address range, so that instances created via
+DevStack will use the external router for L3 connectivity, as opposed
+to the neutron L3 service.
+
+Physical Network Setup
+----------------------
+
+.. nwdiag::
+
+ nwdiag {
+ inet [ shape = cloud ];
+ router;
+ inet -- router;
+
+ network provider_net {
+ address = "203.0.113.0/24"
+ router [ address = "203.0.113.1" ];
+ controller;
+ compute1;
+ compute2;
+ }
+
+ network control_plane {
+ router [ address = "10.0.0.1" ]
+ address = "10.0.0.0/24"
+ controller [ address = "10.0.0.2" ]
+ compute1 [ address = "10.0.0.3" ]
+ compute2 [ address = "10.0.0.4" ]
+ }
+ }
-Using Neutron with Multiple Interfaces
-======================================
-
-The first interface, eth0 is used for the OpenStack management (API,
-message bus, etc) as well as for ssh for an administrator to access
-the machine.
+On a compute node, the first interface, eth0 is used for the OpenStack
+management (API, message bus, etc) as well as for ssh for an
+administrator to access the machine.
::
stack@compute:~$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr bc:16:65:20:af:fc
- inet addr:192.168.1.18
+ inet addr:10.0.0.3
eth1 is manually configured at boot to not have an IP address.
Consult your operating system documentation for the appropriate
@@ -101,9 +138,6 @@
The second physical interface, eth1 is added to a bridge (in this case
named br-ex), which is used to forward network traffic from guest VMs.
-Network traffic from eth1 on the compute nodes is then NAT'd by the
-controller node that runs Neutron's `neutron-l3-agent` and provides L3
-connectivity.
::
@@ -123,100 +157,6 @@
Interface "eth1"
-
-
-Disabling Next Generation Firewall Tools
-========================================
-
-DevStack does not properly operate with modern firewall tools. Specifically
-it will appear as if the guest VM can access the external network via ICMP,
-but UDP and TCP packets will not be delivered to the guest VM. The root cause
-of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
-firewall manager) apply firewall rules to all interfaces in the system, rather
-then per-device. One solution to this problem is to revert to iptables
-functionality.
-
-To get a functional firewall configuration for Fedora do the following:
-
-::
-
- sudo service iptables save
- sudo systemctl disable firewalld
- sudo systemctl enable iptables
- sudo systemctl stop firewalld
- sudo systemctl start iptables
-
-
-To get a functional firewall configuration for distributions containing ufw,
-disable ufw. Note ufw is generally not enabled by default in Ubuntu. To
-disable ufw if it was enabled, do the following:
-
-::
-
- sudo service iptables save
- sudo ufw disable
-
-
-
-
-Neutron Networking with Open vSwitch
-====================================
-
-Configuring neutron, OpenStack Networking in DevStack is very similar to
-configuring `nova-network` - many of the same configuration variables
-(like `FIXED_RANGE` and `FLOATING_RANGE`) used by `nova-network` are
-used by neutron, which is intentional.
-
-The only difference is the disabling of `nova-network` in your
-local.conf, and the enabling of the neutron components.
-
-
-Configuration
--------------
-
-::
-
- FIXED_RANGE=10.0.0.0/24
- FLOATING_RANGE=192.168.27.0/24
- PUBLIC_NETWORK_GATEWAY=192.168.27.2
-
- disable_service n-net
- enable_service q-svc
- enable_service q-agt
- enable_service q-dhcp
- enable_service q-meta
- enable_service q-l3
-
- Q_USE_SECGROUP=True
- ENABLE_TENANT_VLANS=True
- TENANT_VLAN_RANGE=1000:1999
- PHYSICAL_NETWORK=default
- OVS_PHYSICAL_BRIDGE=br-ex
-
-In this configuration we are defining FLOATING_RANGE to be a
-subnet that exists in the private RFC1918 address space - however in
-in a real setup FLOATING_RANGE would be a public IP address range.
-
-Note that extension drivers for the ML2 plugin is set by
-`Q_ML2_PLUGIN_EXT_DRIVERS`, and it includes 'port_security' by default. If you
-want to remove all the extension drivers (even 'port_security'), set
-`Q_ML2_PLUGIN_EXT_DRIVERS` to blank.
-
-Neutron Networking with Open vSwitch and Provider Networks
-==========================================================
-
-In some instances, it is desirable to use neutron's provider
-networking extension, so that networks that are configured on an
-external router can be utilized by neutron, and instances created via
-Nova can attach to the network managed by the external router.
-
-For example, in some lab environments, a hardware router has been
-pre-configured by another party, and an OpenStack developer has been
-given a VLAN tag and IP address range, so that instances created via
-DevStack will use the external router for L3 connectivity, as opposed
-to the neutron L3 service.
-
-
Service Configuration
---------------------
@@ -241,8 +181,21 @@
::
+ HOST_IP=10.0.0.2
+ SERVICE_HOST=10.0.0.2
+ MYSQL_HOST=10.0.0.2
+ SERVICE_HOST=10.0.0.2
+ MYSQL_HOST=10.0.0.2
+ RABBIT_HOST=10.0.0.2
+ GLANCE_HOSTPORT=10.0.0.2:9292
PUBLIC_INTERFACE=eth1
+ ADMIN_PASSWORD=secrete
+ MYSQL_PASSWORD=secrete
+ RABBIT_PASSWORD=secrete
+ SERVICE_PASSWORD=secrete
+ SERVICE_TOKEN=secrete
+
## Neutron options
Q_USE_SECGROUP=True
ENABLE_TENANT_VLANS=True
@@ -274,24 +227,37 @@
allocated to you, so that you could access your instances from the
public internet.
-The following is a snippet of the DevStack configuration on the
-compute node.
+The following is the DevStack configuration on
+compute node 1.
::
+ HOST_IP=10.0.0.3
+ SERVICE_HOST=10.0.0.2
+ MYSQL_HOST=10.0.0.2
+ SERVICE_HOST=10.0.0.2
+ MYSQL_HOST=10.0.0.2
+ RABBIT_HOST=10.0.0.2
+ GLANCE_HOSTPORT=10.0.0.2:9292
+ ADMIN_PASSWORD=secrete
+ MYSQL_PASSWORD=secrete
+ RABBIT_PASSWORD=secrete
+ SERVICE_PASSWORD=secrete
+ SERVICE_TOKEN=secrete
+
# Services that a compute node runs
ENABLED_SERVICES=n-cpu,rabbit,q-agt
## Neutron options
- Q_USE_SECGROUP=True
- ENABLE_TENANT_VLANS=True
- TENANT_VLAN_RANGE=3001:4000
PHYSICAL_NETWORK=default
OVS_PHYSICAL_BRIDGE=br-ex
PUBLIC_INTERFACE=eth1
Q_USE_PROVIDER_NETWORKING=True
Q_L3_ENABLED=False
+Compute node 2's configuration will be exactly the same, except
+`HOST_IP` will be `10.0.0.4`
+
When DevStack is configured to use provider networking (via
`Q_USE_PROVIDER_NETWORKING` is True and `Q_L3_ENABLED` is False) -
DevStack will automatically add the network interface defined in
@@ -301,3 +267,47 @@
created, named `br-ex` which is managed by Open vSwitch, and the
second interface on the compute node, `eth1` is attached to the
bridge, to forward traffic sent by guest VMs.
+
+Miscellaneous Tips
+==================
+
+
+Disabling Next Generation Firewall Tools
+----------------------------------------
+
+DevStack does not properly operate with modern firewall tools. Specifically
+it will appear as if the guest VM can access the external network via ICMP,
+but UDP and TCP packets will not be delivered to the guest VM. The root cause
+of the issue is that both ufw (Uncomplicated Firewall) and firewalld (Fedora's
+firewall manager) apply firewall rules to all interfaces in the system, rather
+then per-device. One solution to this problem is to revert to iptables
+functionality.
+
+To get a functional firewall configuration for Fedora do the following:
+
+::
+
+ sudo service iptables save
+ sudo systemctl disable firewalld
+ sudo systemctl enable iptables
+ sudo systemctl stop firewalld
+ sudo systemctl start iptables
+
+
+To get a functional firewall configuration for distributions containing ufw,
+disable ufw. Note ufw is generally not enabled by default in Ubuntu. To
+disable ufw if it was enabled, do the following:
+
+::
+
+ sudo service iptables save
+ sudo ufw disable
+
+Configuring Extension Drivers for the ML2 Plugin
+------------------------------------------------
+
+Extension drivers for the ML2 plugin are set with the variable
+`Q_ML2_PLUGIN_EXT_DRIVERS`, and includes the 'port_security' extension
+by default. If you want to remove all the extension drivers (even
+'port_security'), set `Q_ML2_PLUGIN_EXT_DRIVERS` to blank.
+
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 236ece9..a01c368 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -105,7 +105,7 @@
FIXED_NETWORK_SIZE=256
FLAT_INTERFACE=eth0
ADMIN_PASSWORD=supersecret
- MYSQL_PASSWORD=iheartdatabases
+ DATABASE_PASSWORD=iheartdatabases
RABBIT_PASSWORD=flopsymopsy
SERVICE_PASSWORD=iheartksl
SERVICE_TOKEN=xyzpdqlazydog
diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst
index 515cd50..53c3fa9 100644
--- a/doc/source/guides/single-vm.rst
+++ b/doc/source/guides/single-vm.rst
@@ -64,7 +64,7 @@
cd devstack
echo '[[local|localrc]]' > local.conf
echo ADMIN_PASSWORD=password >> local.conf
- echo MYSQL_PASSWORD=password >> local.conf
+ echo DATABASE_PASSWORD=password >> local.conf
echo RABBIT_PASSWORD=password >> local.conf
echo SERVICE_PASSWORD=password >> local.conf
echo SERVICE_TOKEN=tokentoken >> local.conf
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index 85fd7cc..eb09988 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -22,6 +22,8 @@
+------------------+---------------------------------------------+--------------------+
|aodh |git://git.openstack.org/openstack/aodh | alarming |
+------------------+---------------------------------------------+--------------------+
+|barbican |git://git.openstack.org/openstack/barbican | key management |
++------------------+---------------------------------------------+--------------------+
|ceilometer |git://git.openstack.org/openstack/ceilometer | metering |
+------------------+---------------------------------------------+--------------------+
|gnocchi |git://git.openstack.org/openstack/gnocchi | metric |
diff --git a/functions b/functions
index 8cf7a25..ca5955e 100644
--- a/functions
+++ b/functions
@@ -342,7 +342,7 @@
# No backends registered means this is likely called from ``localrc``
# This is now deprecated usage
DATABASE_TYPE=$1
- DEPRECATED_TEXT="$DEPRECATED_TEXT\nThe database backend needs to be properly set in ENABLED_SERVICES; use_database is deprecated localrc\n"
+ deprecated "The database backend needs to be properly set in ENABLED_SERVICES; use_database is deprecated localrc"
else
# This should no longer get called...here for posterity
use_exclusive_service DATABASE_BACKENDS DATABASE_TYPE $1
diff --git a/functions-common b/functions-common
index c831b26..be3f81c 100644
--- a/functions-common
+++ b/functions-common
@@ -88,9 +88,9 @@
--file $CLOUDS_YAML \
--os-cloud devstack \
--os-region-name $REGION_NAME \
- --os-identity-api-version $IDENTITY_API_VERSION \
+ --os-identity-api-version 3 \
$CA_CERT_ARG \
- --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+ --os-auth-url $KEYSTONE_AUTH_URI \
--os-username demo \
--os-password $ADMIN_PASSWORD \
--os-project-name demo
@@ -98,9 +98,9 @@
--file $CLOUDS_YAML \
--os-cloud devstack-admin \
--os-region-name $REGION_NAME \
- --os-identity-api-version $IDENTITY_API_VERSION \
+ --os-identity-api-version 3 \
$CA_CERT_ARG \
- --os-auth-url $KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
+ --os-auth-url $KEYSTONE_AUTH_URI \
--os-username admin \
--os-password $ADMIN_PASSWORD \
--os-project-name admin
@@ -182,6 +182,12 @@
$xtrace
}
+function deprecated {
+ local text=$1
+ DEPRECATED_TEXT+="\n$text"
+ echo "WARNING: $text"
+}
+
# Prints line number and "message" in error format
# err $LINENO "message"
function err {
@@ -745,16 +751,13 @@
# Usage: get_or_create_domain <name> <description>
function get_or_create_domain {
local domain_id
- local os_url="$KEYSTONE_SERVICE_URI_V3"
# Gets domain id
domain_id=$(
# Gets domain id
- openstack --os-token=$OS_TOKEN --os-url=$os_url \
- --os-identity-api-version=3 domain show $1 \
+ openstack domain show $1 \
-f value -c id 2>/dev/null ||
# Creates new domain
- openstack --os-token=$OS_TOKEN --os-url=$os_url \
- --os-identity-api-version=3 domain create $1 \
+ openstack domain create $1 \
--description "$2" \
-f value -c id
)
@@ -765,13 +768,11 @@
# Usage: get_or_create_group <groupname> <domain> [<description>]
function get_or_create_group {
local desc="${3:-}"
- local os_url="$KEYSTONE_SERVICE_URI_V3"
local group_id
# Gets group id
group_id=$(
# Creates new group with --or-show
- openstack --os-token=$OS_TOKEN --os-url=$os_url \
- --os-identity-api-version=3 group create $1 \
+ openstack group create $1 \
--domain $2 --description "$desc" --or-show \
-f value -c id
)
@@ -793,8 +794,6 @@
openstack user create \
$1 \
--password "$2" \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--domain=$3 \
$email \
--or-show \
@@ -809,9 +808,7 @@
local project_id
project_id=$(
# Creates new project with --or-show
- openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
- project create $1 \
+ openstack project create $1 \
--domain=$2 \
--or-show -f value -c id
)
@@ -825,8 +822,6 @@
role_id=$(
# Creates role with --or-show
openstack role create $1 \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--or-show -f value -c id
)
echo $role_id
@@ -839,8 +834,6 @@
# Gets user role id
user_role_id=$(openstack role list \
--user $2 \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--column "ID" \
--project $3 \
--column "Name" \
@@ -849,13 +842,9 @@
# Adds role to user and get it
openstack role add $1 \
--user $2 \
- --project $3 \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3
+ --project $3
user_role_id=$(openstack role list \
--user $2 \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--column "ID" \
--project $3 \
--column "Name" \
@@ -870,21 +859,15 @@
local group_role_id
# Gets group role id
group_role_id=$(openstack role list \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--group $2 \
--project $3 \
-c "ID" -f value)
if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it
openstack role add $1 \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--group $2 \
--project $3
group_role_id=$(openstack role list \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--group $2 \
--project $3 \
-c "ID" -f value)
@@ -902,8 +885,6 @@
openstack service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists
openstack service create \
- --os-url $KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
$2 \
--name $1 \
--description="$3" \
@@ -922,8 +903,6 @@
# gets support for this, the check for the region name can be removed.
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
endpoint_id=$(openstack endpoint list \
- --os-url $KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--service $1 \
--interface $2 \
--region $4 \
@@ -931,8 +910,6 @@
if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint
endpoint_id=$(openstack endpoint create \
- --os-url $KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
$1 $2 $3 --region $4 -f value -c id)
fi
@@ -1005,12 +982,18 @@
local sudo="sudo"
[[ "$(id -u)" = "0" ]] && sudo="env"
+ # time all the apt operations
+ time_start "apt-get"
+
$xtrace
$sudo DEBIAN_FRONTEND=noninteractive \
http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
no_proxy=${no_proxy:-} \
apt-get --option "Dpkg::Options::=--force-confold" --assume-yes "$@"
+
+ # stop the clock
+ time_stop "apt-get"
}
function _parse_package_files {
@@ -1742,13 +1725,25 @@
local mode=$1
local phase=$2
if [[ -d $TOP_DIR/extras.d ]]; then
- for i in $TOP_DIR/extras.d/*.sh; do
- [[ -r $i ]] && source $i $mode $phase
+ local extra_plugin_file_name
+ for extra_plugin_file_name in $TOP_DIR/extras.d/*.sh; do
+ [[ -r $extra_plugin_file_name ]] && source $extra_plugin_file_name $mode $phase
+ # NOTE(sdague): generate a big warning about using
+ # extras.d in an unsupported way which will let us track
+ # unsupported usage in the gate.
+ local exceptions="50-ironic.sh 60-ceph.sh 80-tempest.sh"
+ local extra=$(basename $extra_plugin_file_name)
+ if [[ ! ( $exceptions =~ "$extra" ) ]]; then
+ deprecated "extras.d support is being removed in Mitaka-1"
+ deprecated "jobs for project $extra will break after that point"
+ deprecated "please move project to a supported devstack plugin model"
+ fi
done
fi
# the source phase corresponds to settings loading in plugins
if [[ "$mode" == "source" ]]; then
load_plugin_settings
+ verify_disabled_services
elif [[ "$mode" == "override_defaults" ]]; then
plugin_override_defaults
else
@@ -1804,25 +1799,26 @@
ENABLED_SERVICES=$(remove_disabled_services "$remaining" "$to_remove")
}
-# disable_service() removes the services passed as argument to the
-# ``ENABLED_SERVICES`` list, if they are present.
+# disable_service() prepares the services passed as argument to be
+# removed from the ``ENABLED_SERVICES`` list, if they are present.
#
# For example:
# disable_service rabbit
#
-# This function does not know about the special cases
-# for nova, glance, and neutron built into is_service_enabled().
-# Uses global ``ENABLED_SERVICES``
+# Uses global ``DISABLED_SERVICES``
# disable_service service [service ...]
function disable_service {
- local tmpsvcs=",${ENABLED_SERVICES},"
+ local disabled_svcs="${DISABLED_SERVICES}"
+ local enabled_svcs=",${ENABLED_SERVICES},"
local service
for service in $@; do
+ disabled_svcs+=",$service"
if is_service_enabled $service; then
- tmpsvcs=${tmpsvcs//,$service,/,}
+ enabled_svcs=${enabled_svcs//,$service,/,}
fi
done
- ENABLED_SERVICES=$(_cleanup_service_list "$tmpsvcs")
+ DISABLED_SERVICES=$(_cleanup_service_list "$disabled_svcs")
+ ENABLED_SERVICES=$(_cleanup_service_list "$enabled_svcs")
}
# enable_service() adds the services passed as argument to the
@@ -1839,6 +1835,10 @@
local tmpsvcs="${ENABLED_SERVICES}"
local service
for service in $@; do
+ if [[ ,${DISABLED_SERVICES}, =~ ,${service}, ]]; then
+ warn $LINENO "Attempt to enable_service ${service} when it has been disabled"
+ continue
+ fi
if ! is_service_enabled $service; then
tmpsvcs+=",$service"
fi
@@ -1943,6 +1943,18 @@
return 0
}
+# Make sure that nothing has manipulated ENABLED_SERVICES in a way
+# that conflicts with prior calls to disable_service.
+# Uses global ``ENABLED_SERVICES``
+function verify_disabled_services {
+ local service
+ for service in ${ENABLED_SERVICES//,/ }; do
+ if [[ ,${DISABLED_SERVICES}, =~ ,${service}, ]]; then
+ die $LINENO "ENABLED_SERVICES directly modified to overcome 'disable_service ${service}'"
+ fi
+ done
+}
+
# System Functions
# ================
@@ -2121,6 +2133,70 @@
fi
}
+# Timing infrastructure - figure out where large blocks of time are
+# used in DevStack
+#
+# The timing infrastructure for DevStack is about collecting buckets
+# of time that are spend in some subtask. For instance, that might be
+# 'apt', 'pip', 'osc', even database migrations. We do this by a pair
+# of functions: time_start / time_stop.
+#
+# These take a single parameter: $name - which specifies the name of
+# the bucket to be accounted against. time_totals function spits out
+# the results.
+#
+# Resolution is only in whole seconds, so should be used for long
+# running activities.
+
+declare -A TOTAL_TIME
+declare -A START_TIME
+
+# time_start $name
+#
+# starts the clock for a timer by name. Errors if that clock is
+# already started.
+function time_start {
+ local name=$1
+ local start_time=${START_TIME[$name]}
+ if [[ -n "$start_time" ]]; then
+ die $LINENO "Trying to start the clock on $name, but it's already been started"
+ fi
+ START_TIME[$name]=$(date +%s)
+}
+
+# time_stop $name
+#
+# stops the clock for a timer by name, and accumulate that time in the
+# global counter for that name. Errors if that clock had not
+# previously been started.
+function time_stop {
+ local name=$1
+ local start_time=${START_TIME[$name]}
+ if [[ -z "$start_time" ]]; then
+ die $LINENO "Trying to stop the clock on $name, but it was never started"
+ fi
+ local end_time=$(date +%s)
+ local elapsed_time=$(($end_time - $start_time))
+ local total=${TOTAL_TIME[$name]:-0}
+ # reset the clock so we can start it in the future
+ START_TIME[$name]=""
+ TOTAL_TIME[$name]=$(($total + $elapsed_time))
+}
+
+# time_totals
+#
+# prints out total time
+function time_totals {
+ echo
+ echo "========================"
+ echo "DevStack Components Timed"
+ echo "========================"
+ echo
+ for t in ${!TOTAL_TIME[*]}; do
+ local v=${TOTAL_TIME[$t]}
+ echo "$t - $v secs"
+ done
+}
# Restore xtrace
$XTRACE
diff --git a/inc/python b/inc/python
index c7ba51a..91ceb44 100644
--- a/inc/python
+++ b/inc/python
@@ -81,6 +81,8 @@
return
fi
+ time_start "pip_install"
+
PIP_UPGRADE=$(trueorfalse False PIP_UPGRADE)
if [[ "$PIP_UPGRADE" = "True" ]] ; then
upgrade="--upgrade"
@@ -140,6 +142,8 @@
$cmd_pip $upgrade \
-r $test_req
fi
+
+ time_stop "pip_install"
}
# get version of a package from global requirements file
diff --git a/lib/cinder b/lib/cinder
index 73941c6..2c9c94a 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -93,7 +93,7 @@
if [[ $CINDER_SECURE_DELETE == "False" ]]; then
CINDER_VOLUME_CLEAR_DEFAULT="none"
fi
- DEPRECATED_TEXT="$DEPRECATED_TEXT\nConfigure secure Cinder volume deletion using CINDER_VOLUME_CLEAR instead of CINDER_SECURE_DELETE.\n"
+ deprecated "Configure secure Cinder volume deletion using CINDER_VOLUME_CLEAR instead of CINDER_SECURE_DELETE."
fi
CINDER_VOLUME_CLEAR=${CINDER_VOLUME_CLEAR:-${CINDER_VOLUME_CLEAR_DEFAULT:-zero}}
CINDER_VOLUME_CLEAR=$(echo ${CINDER_VOLUME_CLEAR} | tr '[:upper:]' '[:lower:]')
diff --git a/lib/dstat b/lib/dstat
index f11bfa5..fe4790b 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -19,8 +19,7 @@
# start_dstat() - Start running processes, including screen
function start_dstat {
# A better kind of sysstat, with the top process per time slice
- DSTAT_OPTS="-tcmndrylpg --top-cpu-adv --top-io-adv"
- run_process dstat "dstat $DSTAT_OPTS"
+ run_process dstat "$TOP_DIR/tools/dstat.sh $LOGDIR"
# To enable peakmem_tracker add:
# enable_service peakmem_tracker
diff --git a/lib/ironic b/lib/ironic
index 8eb0d80..61eba6f 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -570,6 +570,7 @@
# timing out.
local resource=$1
local expected_count=$2
+ local i
echo_summary "Waiting 2 minutes for Nova resource tracker to pick up $resource >= $expected_count"
for i in $(seq 1 120); do
if [ $(nova hypervisor-stats | grep " $resource " | get_field 2) -ge $expected_count ]; then
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index e9f88fb..667aa1e 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -1166,6 +1166,9 @@
# _neutron_deploy_rootwrap_filters() - deploy rootwrap filters to $Q_CONF_ROOTWRAP_D (owned by root).
function _neutron_deploy_rootwrap_filters {
+ if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
+ return
+ fi
local srcdir=$1
sudo install -d -o root -m 755 $Q_CONF_ROOTWRAP_D
sudo install -o root -m 644 $srcdir/etc/neutron/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
diff --git a/lib/neutron_plugins/oneconvergence b/lib/neutron_plugins/oneconvergence
deleted file mode 100644
index 0c570e5..0000000
--- a/lib/neutron_plugins/oneconvergence
+++ /dev/null
@@ -1,77 +0,0 @@
-#!/bin/bash
-#
-# Neutron One Convergence plugin
-# ------------------------------
-
-# Save trace setting
-OC_XTRACE=$(set +o | grep xtrace)
-set +o xtrace
-
-source $TOP_DIR/lib/neutron_plugins/ovs_base
-
-Q_L3_ENABLED=true
-Q_L3_ROUTER_PER_TENANT=true
-Q_USE_NAMESPACE=true
-
-function neutron_plugin_install_agent_packages {
- _neutron_ovs_base_install_agent_packages
-}
-# Configure common parameters
-function neutron_plugin_configure_common {
-
- Q_PLUGIN_CONF_PATH=etc/neutron/plugins/oneconvergence
- Q_PLUGIN_CONF_FILENAME=nvsdplugin.ini
- Q_PLUGIN_CLASS="neutron.plugins.oneconvergence.plugin.OneConvergencePluginV2"
-}
-
-# Configure plugin specific information
-function neutron_plugin_configure_service {
- iniset /$Q_PLUGIN_CONF_FILE nvsd nvsd_ip $NVSD_IP
- iniset /$Q_PLUGIN_CONF_FILE nvsd nvsd_port $NVSD_PORT
- iniset /$Q_PLUGIN_CONF_FILE nvsd nvsd_user $NVSD_USER
- iniset /$Q_PLUGIN_CONF_FILE nvsd nvsd_passwd $NVSD_PASSWD
-}
-
-function neutron_plugin_configure_debug_command {
- _neutron_ovs_base_configure_debug_command
-}
-
-function neutron_plugin_setup_interface_driver {
- local conf_file=$1
- iniset $conf_file DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
-}
-
-function has_neutron_plugin_security_group {
- # 1 means False here
- return 0
-}
-
-function setup_integration_bridge {
- _neutron_ovs_base_setup_bridge $OVS_BRIDGE
-}
-
-function neutron_plugin_configure_dhcp_agent {
- setup_integration_bridge
- iniset $Q_DHCP_CONF_FILE DEFAULT dhcp_agent_manager neutron.agent.dhcp_agent.DhcpAgentWithStateReport
-}
-
-function neutron_plugin_configure_l3_agent {
- _neutron_ovs_base_configure_l3_agent
- iniset $Q_L3_CONF_FILE DEFAULT l3_agent_manager neutron.agent.l3_agent.L3NATAgentWithStateReport
-}
-
-function neutron_plugin_configure_plugin_agent {
-
- AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-nvsd-agent"
-
- _neutron_ovs_base_configure_firewall_driver
-}
-
-function neutron_plugin_create_nova_conf {
- if ( is_service_enabled n-cpu && ! ( is_service_enabled q-dhcp )) ; then
- setup_integration_bridge
- fi
-}
-
-# Restore xtrace
-$OC_XTRACE
diff --git a/lib/swift b/lib/swift
index 62f47dc..27832dc 100644
--- a/lib/swift
+++ b/lib/swift
@@ -130,9 +130,9 @@
# Port bases used in port number calclution for the service "nodes"
# The specified port number will be used, the additinal ports calculated by
# base_port + node_num * 10
-OBJECT_PORT_BASE=${OBJECT_PORT_BASE:-6013}
-CONTAINER_PORT_BASE=${CONTAINER_PORT_BASE:-6011}
-ACCOUNT_PORT_BASE=${ACCOUNT_PORT_BASE:-6012}
+OBJECT_PORT_BASE=${OBJECT_PORT_BASE:-6613}
+CONTAINER_PORT_BASE=${CONTAINER_PORT_BASE:-6611}
+ACCOUNT_PORT_BASE=${ACCOUNT_PORT_BASE:-6612}
# Enable tempurl feature
SWIFT_ENABLE_TEMPURLS=${SWIFT_ENABLE_TEMPURLS:-False}
@@ -813,10 +813,10 @@
function swift_configure_tempurls {
OS_USERNAME=swift \
- OS_TENANT_NAME=$SERVICE_TENANT_NAME \
+ OS_PROJECT_NAME=$SERVICE_TENANT_NAME \
OS_PASSWORD=$SERVICE_PASSWORD \
- OS_AUTH_URL=$KEYSTONE_AUTH_URI/v$IDENTITY_API_VERSION \
- swift post -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
+ OS_AUTH_URL=$SERVICE_ENDPOINT \
+ swift post --auth-version 3 -m "Temp-URL-Key: $SWIFT_TEMPURL_KEY"
}
# Restore xtrace
diff --git a/lib/tempest b/lib/tempest
index e7ea429..152d299 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -205,21 +205,12 @@
if [[ -z "$DEFAULT_INSTANCE_TYPE" ]]; then
available_flavors=$(nova flavor-list)
if [[ ! ( $available_flavors =~ 'm1.nano' ) ]]; then
- if is_arch "ppc64"; then
- # Qemu needs at least 128MB of memory to boot on ppc64
- nova flavor-create m1.nano 42 128 0 1
- else
- nova flavor-create m1.nano 42 64 0 1
- fi
+ nova flavor-create m1.nano 42 64 0 1
fi
flavor_ref=42
boto_instance_type=m1.nano
if [[ ! ( $available_flavors =~ 'm1.micro' ) ]]; then
- if is_arch "ppc64"; then
- nova flavor-create m1.micro 84 256 0 1
- else
- nova flavor-create m1.micro 84 128 0 1
- fi
+ nova flavor-create m1.micro 84 128 0 1
fi
flavor_ref_alt=84
else
diff --git a/samples/local.conf b/samples/local.conf
index ce70073..cb293b6 100644
--- a/samples/local.conf
+++ b/samples/local.conf
@@ -28,7 +28,7 @@
# and they will be added to ``local.conf``.
SERVICE_TOKEN=azertytoken
ADMIN_PASSWORD=nomoresecrete
-MYSQL_PASSWORD=stackdb
+DATABASE_PASSWORD=stackdb
RABBIT_PASSWORD=stackqueue
SERVICE_PASSWORD=$ADMIN_PASSWORD
diff --git a/stack.sh b/stack.sh
index c2eeaee..1976dff 100755
--- a/stack.sh
+++ b/stack.sh
@@ -93,6 +93,15 @@
exit 1
fi
+# Provide a safety switch for devstack. If you do a lot of devstack,
+# on a lot of different environments, you sometimes run it on the
+# wrong box. This makes there be a way to prevent that.
+if [[ -e $HOME/.no-devstack ]]; then
+ echo "You've marked this host as a no-devstack host, to save yourself from"
+ echo "running devstack accidentally. If this is in error, please remove the"
+ echo "~/.no-devstack file"
+ exit 1
+fi
# Prepare the environment
# -----------------------
@@ -306,9 +315,6 @@
safe_chown -R $STACK_USER $DEST
safe_chmod 0755 $DEST
-# Basic test for ``$DEST`` path permissions (fatal on error unless skipped)
-check_path_perm_sanity ${DEST}
-
# Destination path for service data
DATA_DIR=${DATA_DIR:-${DEST}/data}
sudo mkdir -p $DATA_DIR
@@ -443,6 +449,8 @@
fi
fi
+# Basic test for ``$DEST`` path permissions (fatal on error unless skipped)
+check_path_perm_sanity ${DEST}
# Configure Error Traps
# ---------------------
@@ -545,6 +553,7 @@
# Phase: source
run_phase source
+
# Interactive Configuration
# -------------------------
@@ -975,13 +984,15 @@
start_keystone
fi
+ export OS_IDENTITY_API_VERSION=3
+
# Set up a temporary admin URI for Keystone
- SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
+ SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
if is_service_enabled tls-proxy; then
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
# Until the client support is fixed, just use the internal endpoint
- SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
+ SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
fi
# Setup OpenStackClient token-endpoint auth
@@ -1005,14 +1016,13 @@
# Begone token auth
unset OS_TOKEN OS_URL
- # force set to use v2 identity authentication even with v3 commands
- export OS_AUTH_TYPE=v2password
-
# Set up password auth credentials now that Keystone is bootstrapped
- export OS_AUTH_URL=$SERVICE_ENDPOINT
- export OS_TENANT_NAME=admin
+ export OS_AUTH_URL=$KEYSTONE_AUTH_URI
export OS_USERNAME=admin
+ export OS_USER_DOMAIN_ID=default
export OS_PASSWORD=$ADMIN_PASSWORD
+ export OS_PROJECT_NAME=admin
+ export OS_PROJECT_DOMAIN_ID=default
export OS_REGION_NAME=$REGION_NAME
fi
@@ -1356,6 +1366,8 @@
exec 1>&3
fi
+# Dump out the time totals
+time_totals
# Using the cloud
# ===============
diff --git a/tools/build_docs.sh b/tools/build_docs.sh
index fa84343..7dc492e 100755
--- a/tools/build_docs.sh
+++ b/tools/build_docs.sh
@@ -81,7 +81,7 @@
mkdir -p $FQ_HTML_BUILD/`dirname $f`;
$SHOCCO $f > $FQ_HTML_BUILD/$f.html
done
-for f in $(find functions functions-common inc lib pkg samples -type f -name \*); do
+for f in $(find functions functions-common inc lib pkg samples -type f -name \* ! -name *.md ! -name *.conf); do
echo $f
FILES+="$f "
mkdir -p $FQ_HTML_BUILD/`dirname $f`;
diff --git a/tools/dstat.sh b/tools/dstat.sh
new file mode 100755
index 0000000..6ba4515
--- /dev/null
+++ b/tools/dstat.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# **tools/dstat.sh** - Execute instances of DStat to log system load info
+#
+# Multiple instances of DStat are executed in order to take advantage of
+# incompatible features, particularly CSV output and the "top-cpu-adv" and
+# "top-io-adv" flags.
+#
+# Assumes:
+# - dstat command is installed
+
+# Retreive log directory as argument from calling script.
+LOGDIR=$1
+
+# Command line arguments for primary DStat process.
+DSTAT_OPTS="-tcmndrylpg --top-cpu-adv --top-io-adv"
+
+# Command-line arguments for secondary background DStat process.
+DSTAT_CSV_OPTS="-tcmndrylpg --output $LOGDIR/dstat-csv.log"
+
+# Execute and background the secondary dstat process and discard its output.
+dstat $DSTAT_CSV_OPTS >& /dev/null &
+
+# Execute and background the primary dstat process, but keep its output in this
+# TTY.
+dstat $DSTAT_OPTS &
+
+# Catch any exit signals, making sure to also terminate any child processes.
+trap "kill -- -$$" EXIT
+
+# Keep this script running as long as child dstat processes are alive.
+wait
diff --git a/tools/install_pip.sh b/tools/install_pip.sh
index 7b42c8c..13c1786 100755
--- a/tools/install_pip.sh
+++ b/tools/install_pip.sh
@@ -42,6 +42,15 @@
function install_get_pip {
+ # If get-pip.py isn't python, delete it. This was probably an
+ # outage on the server.
+ if [[ -r $LOCAL_PIP ]]; then
+ if ! head -1 $LOCAL_PIP | grep -q '#!/usr/bin/env python'; then
+ echo "WARNING: Corrupt $LOCAL_PIP found removing"
+ rm $LOCAL_PIP
+ fi
+ fi
+
# The OpenStack gate and others put a cached version of get-pip.py
# for this to find, explicitly to avoid download issues.
#
@@ -53,8 +62,15 @@
# since and only download if a new version is out -- but only if
# it seems we downloaded the file originally.
if [[ ! -r $LOCAL_PIP || -r $LOCAL_PIP.downloaded ]]; then
- curl --retry 6 --retry-delay 5 \
- -z $LOCAL_PIP -o $LOCAL_PIP $PIP_GET_PIP_URL || \
+ # only test freshness if LOCAL_PIP is actually there,
+ # otherwise we generate a scary warning.
+ local timecond=""
+ if [[ -r $LOCAL_PIP ]]; then
+ timecond="-z $LOCAL_PIP"
+ fi
+
+ curl -f --retry 6 --retry-delay 5 \
+ $timecond -o $LOCAL_PIP $PIP_GET_PIP_URL || \
die $LINENO "Download of get-pip.py failed"
touch $LOCAL_PIP.downloaded
fi
diff --git a/tools/xen/README.md b/tools/xen/README.md
index 6212cc5..a1adf59 100644
--- a/tools/xen/README.md
+++ b/tools/xen/README.md
@@ -77,7 +77,7 @@
# NOTE: these need to be specified, otherwise devstack will try
# to prompt for these passwords, blocking the install process.
- MYSQL_PASSWORD=my_super_secret
+ DATABASE_PASSWORD=my_super_secret
SERVICE_TOKEN=my_super_secret
ADMIN_PASSWORD=my_super_secret
SERVICE_PASSWORD=my_super_secret
diff --git a/tox.ini b/tox.ini
index 788fea9..1c238ad 100644
--- a/tox.ini
+++ b/tox.ini
@@ -24,7 +24,7 @@
-wholename \*/inc/\* -or \ # /inc files and
-wholename \*/lib/\* \ # /lib files are shell, but
\) \ # have no extension
- -print0 | xargs -0 bashate -v"
+ -print0 | xargs -0 bashate -v -iE006"
[testenv:docs]
deps =