Merge "Make nova only use the nova account"
diff --git a/.zuul.yaml b/.zuul.yaml
index 3e6c42e..af7e74b 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -725,7 +725,6 @@
vars:
configure_swap_size: 4096
-
- job:
name: devstack-platform-ubuntu-noble
parent: tempest-full-py3
@@ -1004,3 +1003,4 @@
- devstack-platform-rocky-blue-onyx
- devstack-platform-ubuntu-jammy-ovn-source
- devstack-platform-ubuntu-jammy-ovs
+ - devstack-platform-ubuntu-noble
diff --git a/doc/source/tempest.rst b/doc/source/tempest.rst
new file mode 100644
index 0000000..65dd5b1
--- /dev/null
+++ b/doc/source/tempest.rst
@@ -0,0 +1,25 @@
+=======
+Tempest
+=======
+
+`Tempest`_ is the OpenStack Integration test suite. It is installed by default
+and is used to provide integration testing for many of the OpenStack services.
+Just like DevStack itself, it is possible to extend Tempest with plugins. In
+fact, many Tempest plugin packages also include DevStack plugin to do things
+like pre-create required static resources.
+
+The `Tempest documentation <Tempest>`_ provides a thorough guide to using
+Tempest. However, if you simply wish to run the standard set of Tempest tests
+against an existing deployment, you can do the following:
+
+.. code-block:: shell
+
+ cd /opt/stack/tempest
+ /opt/stack/data/venv/bin/tempest run ...
+
+The above assumes you have installed DevStack in the default location
+(configured via the ``DEST`` configuration variable) and have enabled
+virtualenv-based installation in the standard location (configured via the
+``USE_VENV`` and ``VENV_DEST`` configuration variables, respectively).
+
+.. _Tempest: https://docs.openstack.org/tempest/latest/
diff --git a/files/openstack-cli-server/openstack b/files/openstack-cli-server/openstack
index ef05f1b..47fbfc5 100755
--- a/files/openstack-cli-server/openstack
+++ b/files/openstack-cli-server/openstack
@@ -68,7 +68,6 @@
env = {}
passenv = ["CINDER_VERSION",
"OS_AUTH_URL",
- "OS_IDENTITY_API_VERSION",
"OS_NO_CACHE",
"OS_PASSWORD",
"OS_PROJECT_NAME",
diff --git a/lib/neutron b/lib/neutron
index da21d46..2325188 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -88,6 +88,7 @@
# enough
NEUTRON_DEPLOY_MOD_WSGI=$(trueorfalse False NEUTRON_DEPLOY_MOD_WSGI)
+NEUTRON_UWSGI=neutron.wsgi.api:application
NEUTRON_UWSGI_CONF=$NEUTRON_CONF_DIR/neutron-api-uwsgi.ini
# If NEUTRON_ENFORCE_SCOPE == True, it will set "enforce_scope"
@@ -142,6 +143,7 @@
Q_ALLOW_OVERLAPPING_IP=${Q_ALLOW_OVERLAPPING_IP:-True}
Q_NOTIFY_NOVA_PORT_STATUS_CHANGES=${Q_NOTIFY_NOVA_PORT_STATUS_CHANGES:-True}
Q_NOTIFY_NOVA_PORT_DATA_CHANGES=${Q_NOTIFY_NOVA_PORT_DATA_CHANGES:-True}
+_Q_RUN_RPC_SERVER=True
VIF_PLUGGING_IS_FATAL=${VIF_PLUGGING_IS_FATAL:-True}
VIF_PLUGGING_TIMEOUT=${VIF_PLUGGING_TIMEOUT:-300}
@@ -464,9 +466,18 @@
# clouds, therefore running without a dedicated RPC worker
# for state reports is more than adequate.
iniset $NEUTRON_CONF DEFAULT rpc_state_report_workers 0
+ # The default value of "rpc_workers" is None (not defined). If
+ # "rpc_workers" is explicitly set to 0, the RPC workers process should not
+ # be executed. NOTE: this service is only executed when WSGI is enabled
+ # (NEUTRON_DEPLOY_MOD_WSGI=True) for the Neutron server.
+ local rpc_workers
+ rpc_workers=$(iniget_multiline /etc/neutron/neutron.conf DEFAULT rpc_workers)
+ if [ "$rpc_workers" == "0" ]; then
+ _Q_RUN_RPC_SERVER=False
+ fi
if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then
- write_uwsgi_config "$NEUTRON_UWSGI_CONF" "$NEUTRON_BIN_DIR/neutron-api" "/networking"
+ write_uwsgi_config "$NEUTRON_UWSGI_CONF" "$NEUTRON_UWSGI" "/networking" "" "neutron-api"
fi
}
@@ -651,10 +662,14 @@
enable_service neutron-api
run_process neutron-api "$(which uwsgi) --procname-prefix neutron-api --ini $NEUTRON_UWSGI_CONF"
neutron_url=$Q_PROTOCOL://$Q_HOST/
- enable_service neutron-rpc-server
+ if [[ "$_Q_RUN_RPC_SERVER" = True ]]; then
+ enable_service neutron-rpc-server
+ fi
enable_service neutron-periodic-workers
_enable_ovn_maintenance
- run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $cfg_file_options"
+ if [[ "$_Q_RUN_RPC_SERVER" = True ]]; then
+ run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $cfg_file_options"
+ fi
run_process neutron-periodic-workers "$NEUTRON_BIN_DIR/neutron-periodic-workers $cfg_file_options"
_run_ovn_maintenance
else
diff --git a/lib/tempest b/lib/tempest
index 6bd203e..a14ed1a 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -18,7 +18,7 @@
# - ``PUBLIC_NETWORK_NAME``
# - ``VIRT_DRIVER``
# - ``LIBVIRT_TYPE``
-# - ``KEYSTONE_SERVICE_URI``, ``KEYSTONE_SERVICE_URI_V3`` from lib/keystone
+# - ``KEYSTONE_SERVICE_URI_V3`` from lib/keystone
#
# Optional Dependencies:
#
@@ -102,6 +102,9 @@
# it will run tempest with
TEMPEST_CONCURRENCY=${TEMPEST_CONCURRENCY:-$(nproc)}
+TEMPEST_FLAVOR_RAM=${TEMPEST_FLAVOR_RAM:-192}
+TEMPEST_FLAVOR_ALT_RAM=${TEMPEST_FLAVOR_ALT_RAM:-256}
+
# Functions
# ---------
@@ -295,13 +298,15 @@
if [[ ! ( $available_flavors =~ 'm1.nano' ) ]]; then
# Determine the flavor disk size based on the image size.
disk=$(image_size_in_gib $image_uuid)
- openstack --os-cloud devstack-admin flavor create --id 42 --ram 128 --disk $disk --vcpus 1 --property hw_rng:allowed=True m1.nano
+ ram=${TEMPEST_FLAVOR_RAM}
+ openstack --os-cloud devstack-admin flavor create --id 42 --ram ${ram} --disk $disk --vcpus 1 --property hw_rng:allowed=True m1.nano
fi
flavor_ref=42
if [[ ! ( $available_flavors =~ 'm1.micro' ) ]]; then
# Determine the alt flavor disk size based on the alt image size.
disk=$(image_size_in_gib $image_uuid_alt)
- openstack --os-cloud devstack-admin flavor create --id 84 --ram 192 --disk $disk --vcpus 1 --property hw_rng:allowed=True m1.micro
+ ram=${TEMPEST_FLAVOR_ALT_RAM}
+ openstack --os-cloud devstack-admin flavor create --id 84 --ram ${ram} --disk $disk --vcpus 1 --property hw_rng:allowed=True m1.micro
fi
flavor_ref_alt=84
else
@@ -381,7 +386,6 @@
iniset $TEMPEST_CONFIG volume build_timeout $BUILD_TIMEOUT
# Identity
- iniset $TEMPEST_CONFIG identity uri "$KEYSTONE_SERVICE_URI/v2.0/"
iniset $TEMPEST_CONFIG identity uri_v3 "$KEYSTONE_SERVICE_URI_V3"
iniset $TEMPEST_CONFIG identity user_lockout_failure_attempts $KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS
iniset $TEMPEST_CONFIG identity user_lockout_duration $KEYSTONE_LOCKOUT_DURATION
@@ -392,19 +396,7 @@
iniset $TEMPEST_CONFIG auth admin_project_name $admin_project_name
iniset $TEMPEST_CONFIG auth admin_domain_name $admin_domain_name
fi
- if [ "$ENABLE_IDENTITY_V2" == "True" ]; then
- # Run Identity API v2 tests ONLY if needed
- iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 True
- else
- # Skip Identity API v2 tests by default
- iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
- fi
iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
- if [[ "$TEMPEST_AUTH_VERSION" != "v2" ]]; then
- # we're going to disable v2 admin unless we're using v2 by default.
- iniset $TEMPEST_CONFIG identity-feature-enabled api_v2_admin False
- fi
-
if is_service_enabled tls-proxy; then
iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE
fi
diff --git a/openrc b/openrc
index e20a5a5..5ec7634 100644
--- a/openrc
+++ b/openrc
@@ -55,27 +55,14 @@
GLANCE_HOST=${GLANCE_HOST:-$HOST_IP}
fi
-# Identity API version
-export OS_IDENTITY_API_VERSION=3
-
-# Authenticating against an OpenStack cloud using Keystone returns a **Token**
-# and **Service Catalog**. The catalog contains the endpoints for all services
-# the user/project has access to - including nova, glance, keystone, swift, ...
-# We currently recommend using the version 3 *identity api*.
-#
-
# If you don't have a working .stackenv, this is the backup position
KEYSTONE_BACKUP=$SERVICE_PROTOCOL://$SERVICE_HOST:5000
KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_URI:-$KEYSTONE_BACKUP}
export OS_AUTH_URL=${OS_AUTH_URL:-$KEYSTONE_SERVICE_URI}
-# Currently, in order to use openstackclient with Identity API v3,
-# we need to set the domain which the user and project belong to.
-if [ "$OS_IDENTITY_API_VERSION" = "3" ]; then
- export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
- export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
-fi
+export OS_USER_DOMAIN_ID=${OS_USER_DOMAIN_ID:-"default"}
+export OS_PROJECT_DOMAIN_ID=${OS_PROJECT_DOMAIN_ID:-"default"}
# Set OS_CACERT to a default CA certificate chain if it exists.
if [[ ! -v OS_CACERT ]] ; then
diff --git a/stackrc b/stackrc
index b379597..0492c73 100644
--- a/stackrc
+++ b/stackrc
@@ -162,10 +162,6 @@
export PS4='+ $(short_source): '
fi
-# Configure Identity API version
-# TODO(frickler): Drop this when plugins no longer need it
-IDENTITY_API_VERSION=3
-
# Global option for enforcing scope. If enabled, ENFORCE_SCOPE overrides
# each services ${SERVICE}_ENFORCE_SCOPE variables
ENFORCE_SCOPE=$(trueorfalse False ENFORCE_SCOPE)