Merge "rebuild the tempest tox env during install"
diff --git a/SYSTEMD.rst b/SYSTEMD.rst
new file mode 100644
index 0000000..729fdf4
--- /dev/null
+++ b/SYSTEMD.rst
@@ -0,0 +1,189 @@
+===========================
+ Using Systemd in DevStack
+===========================
+
+.. note::
+
+ This is an in progress document as we work out the way forward here
+ with DevStack and systemd.
+
+DevStack can be run with all the services as systemd unit
+files. Systemd is now the default init system for nearly every Linux
+distro, and systemd encodes and solves many of the problems related to
+poorly running processes.
+
+Why this instead of screen?
+===========================
+
+The screen model for DevStack was invented when the number of services
+that a DevStack user was going to run was typically < 10. This made
+screen hot keys to jump around very easy. However, the landscape has
+changed (not all services are stoppable in screen as some are under
+Apache, there are typically at least 20 items)
+
+There is also a common developer workflow of changing code in more
+than one service, and needing to restart a bunch of services for that
+to take effect.
+
+To enable this add the following to your local.conf::
+
+ USE_SYSTEMD=True
+
+
+
+Unit Structure
+==============
+
+.. note::
+
+ Originally we actually wanted to do this as user units, however
+ there are issues with running this under non interactive
+ shells. For now, we'll be running as system units. Some user unit
+ code is left in place in case we can switch back later.
+
+All DevStack user units are created as a part of the DevStack slice
+given the name ``devstack@$servicename.service``. This lets us do
+certain operations at the slice level.
+
+Manipulating Units
+==================
+
+Assuming the unit ``n-cpu`` to make the examples more clear.
+
+Enable a unit (allows it to be started)::
+
+ sudo systemctl enable devstack@n-cpu.service
+
+Disable a unit::
+
+ sudo systemctl disable devstack@n-cpu.service
+
+Start a unit::
+
+ sudo systemctl start devstack@n-cpu.service
+
+Stop a unit::
+
+ sudo systemctl stop devstack@n-cpu.service
+
+Restart a unit::
+
+ sudo systemctl restart devstack@n-cpu.service
+
+See status of a unit::
+
+ sudo systemctl status devstack@n-cpu.service
+
+Operating on more than one unit at a time
+-----------------------------------------
+
+Systemd supports wildcarding for unit operations. To restart every
+service in devstack you can do that following::
+
+ sudo systemctl restart devstack@*
+
+Or to see the status of all Nova processes you can do::
+
+ sudo systemctl status devstack@n-*
+
+We'll eventually make the unit names a bit more meaningful so that
+it's easier to understand what you are restarting.
+
+Querying Logs
+=============
+
+One of the other major things that comes with systemd is journald, a
+consolidated way to access logs (including querying through structured
+metadata). This is accessed by the user via ``journalctl`` command.
+
+
+Logs can be accessed through ``journalctl``. journalctl has powerful
+query facilities. We'll start with some common options.
+
+Follow logs for a specific service::
+
+ journalctl -f --unit devstack@n-cpu.service
+
+Following logs for multiple services simultaneously::
+
+ journalctl -f --unit devstack@n-cpu.service --unit
+ devstack@n-cond.service
+
+or you can even do wild cards to follow all the nova services::
+
+ journalctl -f --unit devstack@n-*
+
+Use higher precision time stamps::
+
+ journalctl -f -o short-precise --unit devstack@n-cpu.service
+
+
+Known Issues
+============
+
+Be careful about systemd python libraries. There are 3 of them on
+pypi, and they are all very different. They unfortunately all install
+into the ``systemd`` namespace, which can cause some issues.
+
+- ``systemd-python`` - this is the upstream maintained library, it has
+ a version number like systemd itself (currently ``233``). This is
+ the one you want.
+- ``systemd`` - a python 3 only library, not what you want.
+- ``python-systemd`` - another library you don't want. Installing it
+ on a system will break ansible's ability to run.
+
+
+If we were using user units, the ``[Service]`` - ``Group=`` parameter
+doesn't seem to work with user units, even though the documentation
+says that it should. This means that we will need to do an explicit
+``/usr/bin/sg``. This has the downside of making the SYSLOG_IDENTIFIER
+be ``sg``. We can explicitly set that with ``SyslogIdentifier=``, but
+it's really unfortunate that we're going to need this work
+around. This is currently not a problem because we're only using
+system units.
+
+Future Work
+===========
+
+oslo.log journald
+-----------------
+
+Journald has an extremely rich mechanism for direct logging including
+structured metadata. We should enhance oslo.log to take advantage of
+that. It would let us do things like::
+
+ journalctl REQUEST_ID=......
+
+ journalctl INSTANCE_ID=......
+
+And get all lines related to the request id or instance id. (Note:
+this work has been started at https://review.openstack.org/#/c/451525/)
+
+log colorizing
+--------------
+
+We lose log colorization through this process. We might want to build
+a custom colorizer that we could run journalctl output through
+optionally for people.
+
+user units
+----------
+
+It would be great if we could do services as user units, so that there
+is a clear separation of code being run as not root, to ensure running
+as root never accidentally gets baked in as an assumption to
+services. However, user units interact poorly with devstack-gate and
+the way that commands are run as users with ansible and su.
+
+Maybe someday we can figure that out.
+
+References
+==========
+
+- Arch Linux Wiki - https://wiki.archlinux.org/index.php/Systemd/User
+- Python interface to journald -
+ https://www.freedesktop.org/software/systemd/python-systemd/journal.html
+- Systemd documentation on service files -
+ https://www.freedesktop.org/software/systemd/man/systemd.service.html
+- Systemd documentation on exec (can be used to impact service runs) -
+ https://www.freedesktop.org/software/systemd/man/systemd.exec.html
diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst
index 1b7f4cd..484ebba 100644
--- a/doc/source/guides/multinode-lab.rst
+++ b/doc/source/guides/multinode-lab.rst
@@ -73,8 +73,7 @@
::
- groupadd stack
- useradd -g stack -s /bin/bash -d /opt/stack -m stack
+ useradd -s /bin/bash -d /opt/stack -m stack
This user will be making many changes to your system during installation
and operation so it needs to have sudo privileges to root without a
diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst
index 011c41f..48a4fa8 100644
--- a/doc/source/guides/single-machine.rst
+++ b/doc/source/guides/single-machine.rst
@@ -47,7 +47,7 @@
::
- adduser stack
+ useradd -s /bin/bash -d /opt/stack -m stack
Since this user will be making many changes to your system, it will need
to have sudo privileges:
diff --git a/doc/source/index.rst b/doc/source/index.rst
index edd6595..c3bac9d 100644
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@@ -39,7 +39,7 @@
-------------
Start with a clean and minimal install of a Linux system. Devstack
-attempts to support Ubuntu 14.04/16.04, Fedora 23/24, CentOS/RHEL 7,
+attempts to support Ubuntu 16.04/17.04, Fedora 24/25, CentOS/RHEL 7,
as well as Debian and OpenSUSE.
If you do not have a preference, Ubuntu 16.04 is the most tested, and
@@ -56,7 +56,7 @@
::
- $ sudo adduser stack
+ $ sudo useradd -s /bin/bash -d /opt/stack -m stack
Since this user will be making many changes to your system, it should
have sudo privileges:
diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst
index cc55c0b..beb6abb 100644
--- a/doc/source/plugin-registry.rst
+++ b/doc/source/plugin-registry.rst
@@ -68,6 +68,8 @@
ironic `git://git.openstack.org/openstack/ironic <https://git.openstack.org/cgit/openstack/ironic>`__
ironic-inspector `git://git.openstack.org/openstack/ironic-inspector <https://git.openstack.org/cgit/openstack/ironic-inspector>`__
ironic-staging-drivers `git://git.openstack.org/openstack/ironic-staging-drivers <https://git.openstack.org/cgit/openstack/ironic-staging-drivers>`__
+ironic-ui `git://git.openstack.org/openstack/ironic-ui <https://git.openstack.org/cgit/openstack/ironic-ui>`__
+k8s-cloud-provider `git://git.openstack.org/openstack/k8s-cloud-provider <https://git.openstack.org/cgit/openstack/k8s-cloud-provider>`__
karbor `git://git.openstack.org/openstack/karbor <https://git.openstack.org/cgit/openstack/karbor>`__
karbor-dashboard `git://git.openstack.org/openstack/karbor-dashboard <https://git.openstack.org/cgit/openstack/karbor-dashboard>`__
keystone `git://git.openstack.org/openstack/keystone <https://git.openstack.org/cgit/openstack/keystone>`__
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 84dc273..1284360 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template
@@ -7,7 +7,7 @@
</Directory>
<VirtualHost *:%PUBLICPORT%>
- WSGIDaemonProcess keystone-public processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+ WSGIDaemonProcess keystone-public processes=3 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup keystone-public
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
@@ -21,7 +21,7 @@
</VirtualHost>
<VirtualHost *:%ADMINPORT%>
- WSGIDaemonProcess keystone-admin processes=5 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+ WSGIDaemonProcess keystone-admin processes=3 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
WSGIProcessGroup keystone-admin
WSGIScriptAlias / %KEYSTONE_BIN%/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
diff --git a/files/debs/general b/files/debs/general
index c121770..3a0e241 100644
--- a/files/debs/general
+++ b/files/debs/general
@@ -25,6 +25,7 @@
python2.7
python-dev
python-gdbm # needed for testr
+python-systemd
screen
tar
tcpdump
diff --git a/files/debs/nova b/files/debs/nova
index 58dad41..5e14aec 100644
--- a/files/debs/nova
+++ b/files/debs/nova
@@ -10,7 +10,9 @@
kpartx
libjs-jquery-tablesorter # Needed for coverage html reports
libmysqlclient-dev
-libvirt-bin # NOPRIME
+libvirt-bin # dist:xenial NOPRIME
+libvirt-clients # not:xenial NOPRIME
+libvirt-daemon-system # not:xenial NOPRIME
libvirt-dev # NOPRIME
mysql-server # NOPRIME
parted
diff --git a/files/ebtables.workaround b/files/ebtables.workaround
deleted file mode 100644
index c8af51f..0000000
--- a/files/ebtables.workaround
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-#
-# Copyright 2015 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-#
-# This is a terrible, terrible, truly terrible work around for
-# environments that have libvirt < 1.2.11. ebtables requires that you
-# specifically tell it you would like to not race and get punched in
-# the face when 2 run at the same time with a --concurrent flag.
-
-flock -w 300 /var/lock/ebtables.nova /sbin/ebtables.real $@
diff --git a/files/rpms/general b/files/rpms/general
index 77d2fa5..baba06b 100644
--- a/files/rpms/general
+++ b/files/rpms/general
@@ -27,6 +27,7 @@
python-devel
redhat-rpm-config # missing dep for gcc hardening flags, see rhbz#1217376
screen
+systemd-python
tar
tcpdump
unzip
diff --git a/functions b/functions
index 1aa7517..c99e435 100644
--- a/functions
+++ b/functions
@@ -575,7 +575,9 @@
function setup_logging {
local conf_file=$1
local other_cond=${2:-"False"}
- if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$other_cond" == "False" ]; then
+ if [[ "$USE_SYSTEMD" == "True" ]]; then
+ setup_systemd_logging $conf_file
+ elif [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ] && [ "$other_cond" == "False" ]; then
setup_colorized_logging $conf_file
else
setup_standard_logging_identity $conf_file
@@ -601,6 +603,19 @@
iniset $conf_file $conf_section logging_exception_prefix "%(color)s%(asctime)s.%(msecs)03d TRACE %(name)s �[01;35m%(instance)s�[00m"
}
+function setup_systemd_logging {
+ local conf_file=$1
+ local conf_section="DEFAULT"
+ iniset $conf_file $conf_section use_journal "True"
+ iniset $conf_file $conf_section logging_context_format_string \
+ "%(levelname)s %(name)s [%(request_id)s %(project_name)s %(user_name)s] %(instance)s%(message)s"
+ iniset $conf_file $conf_section logging_default_format_string \
+ "%(levelname)s %(name)s [-] %(instance)s%(color)s%(message)s"
+ iniset $conf_file $conf_section logging_debug_format_suffix \
+ "from (pid=%(process)d) %(funcName)s %(pathname)s:%(lineno)d"
+ iniset $conf_file $conf_section logging_exception_prefix "ERROR %(name)s %(instance)s"
+}
+
function setup_standard_logging_identity {
local conf_file=$1
iniset $conf_file DEFAULT logging_user_identity_format "%(project_name)s %(user_name)s"
@@ -666,11 +681,7 @@
# running_in_container - Returns true otherwise false
function running_in_container {
- if grep -q lxc /proc/1/cgroup; then
- return 0
- fi
-
- return 1
+ [[ $(systemd-detect-virt --container) != 'none' ]]
}
diff --git a/functions-common b/functions-common
index a86cfd8..90c9200 100644
--- a/functions-common
+++ b/functions-common
@@ -1148,6 +1148,19 @@
fi
fi
+ # Look for # not:xxx in comment
+ if [[ $line =~ (.*)#.*not:([^ ]*) ]]; then
+ # We are using BASH regexp matching feature.
+ package=${BASH_REMATCH[1]}
+ distros=${BASH_REMATCH[2]}
+ # In bash ${VAR,,} will lowercase VAR
+ # Look for a match in the distro list
+ if [[ ${distros,,} =~ ${DISTRO,,} ]]; then
+ # If match then skip this package
+ inst_pkg=0
+ fi
+ fi
+
if [[ $inst_pkg = 1 ]]; then
echo $package
fi
@@ -1166,6 +1179,8 @@
# - ``# NOPRIME`` defers installation to be performed later in `stack.sh`
# - ``# dist:DISTRO`` or ``dist:DISTRO1,DISTRO2`` limits the selection
# of the package to the distros listed. The distro names are case insensitive.
+# - ``# not:DISTRO`` or ``not:DISTRO1,DISTRO2`` limits the selection
+# of the package to the distros not listed. The distro names are case insensitive.
function get_packages {
local xtrace
xtrace=$(set +o | grep xtrace)
@@ -1443,6 +1458,89 @@
exit 0
}
+function write_user_unit_file {
+ local service=$1
+ local command="$2"
+ local group=$3
+ local user=$4
+ local extra=""
+ if [[ -n "$group" ]]; then
+ extra="Group=$group"
+ fi
+ local unitfile="$SYSTEMD_DIR/$service"
+ mkdir -p $SYSTEMD_DIR
+
+ iniset -sudo $unitfile "Unit" "Description" "Devstack $service"
+ iniset -sudo $unitfile "Service" "User" "$user"
+ iniset -sudo $unitfile "Service" "ExecStart" "$command"
+ if [[ -n "$group" ]]; then
+ iniset -sudo $unitfile "Service" "Group" "$group"
+ fi
+ iniset -sudo $unitfile "Install" "WantedBy" "multi-user.target"
+
+ # changes to existing units sometimes need a refresh
+ $SYSTEMCTL daemon-reload
+}
+
+function write_uwsgi_user_unit_file {
+ local service=$1
+ local command="$2"
+ local group=$3
+ local user=$4
+ local unitfile="$SYSTEMD_DIR/$service"
+ mkdir -p $SYSTEMD_DIR
+
+ iniset -sudo $unitfile "Unit" "Description" "Devstack $service"
+ iniset -sudo $unitfile "Service" "User" "$user"
+ iniset -sudo $unitfile "Service" "ExecStart" "$command"
+ iniset -sudo $unitfile "Service" "Type" "notify"
+ iniset -sudo $unitfile "Service" "KillSignal" "SIGQUIT"
+ iniset -sudo $unitfile "Service" "Restart" "Always"
+ iniset -sudo $unitfile "Service" "NotifyAccess" "all"
+ iniset -sudo $unitfile "Service" "RestartForceExitStatus" "100"
+
+ if [[ -n "$group" ]]; then
+ iniset -sudo $unitfile "Service" "Group" "$group"
+ fi
+ iniset -sudo $unitfile "Install" "WantedBy" "multi-user.target"
+
+ # changes to existing units sometimes need a refresh
+ $SYSTEMCTL daemon-reload
+}
+
+function _run_under_systemd {
+ local service=$1
+ local command="$2"
+ local cmd=$command
+ local systemd_service="devstack@$service.service"
+ local group=$3
+ local user=${4:-$STACK_USER}
+ if [[ "$command" =~ "uwsgi" ]] ; then
+ write_uwsgi_user_unit_file $systemd_service "$cmd" "$group" "$user"
+ else
+ write_user_unit_file $systemd_service "$cmd" "$group" "$user"
+ fi
+
+ $SYSTEMCTL enable $systemd_service
+ $SYSTEMCTL start $systemd_service
+ _journal_log $service $systemd_service
+}
+
+function _journal_log {
+ local service=$1
+ local unit=$2
+ local logfile="${service}.log.${CURRENT_LOG_TIME}"
+ local real_logfile="${LOGDIR}/${logfile}"
+ if [[ -n ${LOGDIR} ]]; then
+ $JOURNALCTL_F $2 > "$real_logfile" &
+ bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${service}.log"
+ if [[ -n ${SCREEN_LOGDIR} ]]; then
+ # Drop the backward-compat symlink
+ ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log
+ fi
+ fi
+}
+
# Helper to remove the ``*.failure`` files under ``$SERVICE_DIR/$SCREEN_NAME``.
# This is used for ``service_check`` when all the ``screen_it`` are called finished
# Uses globals ``SCREEN_NAME``, ``SERVICE_DIR``
@@ -1478,16 +1576,24 @@
local service=$1
local command="$2"
local group=$3
- local subservice=$4
+ local user=$4
- local name=${subservice:-$service}
+ local name=$service
time_start "run_process"
if is_service_enabled $service; then
- if [[ "$USE_SCREEN" = "True" ]]; then
+ if [[ "$USE_SYSTEMD" = "True" ]]; then
+ _run_under_systemd "$name" "$command" "$group" "$user"
+ elif [[ "$USE_SCREEN" = "True" ]]; then
+ if [[ "$user" == "root" ]]; then
+ command="sudo $command"
+ fi
screen_process "$name" "$command" "$group"
else
# Spawn directly without screen
+ if [[ "$user" == "root" ]]; then
+ command="sudo $command"
+ fi
_run_process "$name" "$command" "$group" &
fi
fi
@@ -1618,6 +1724,14 @@
if is_service_enabled $service; then
# Kill via pid if we have one available
+ if [[ "$USE_SYSTEMD" == "True" ]]; then
+ # Only do this for units which appear enabled, this also
+ # catches units that don't really exist for cases like
+ # keystone without a failure.
+ $SYSTEMCTL stop devstack@$service.service
+ $SYSTEMCTL disable devstack@$service.service
+ fi
+
if [[ -r $SERVICE_DIR/$SCREEN_NAME/$service.pid ]]; then
pkill -g $(cat $SERVICE_DIR/$SCREEN_NAME/$service.pid)
# oslo.service tends to stop actually shutting down
diff --git a/inc/python b/inc/python
index a4819c2..2443c4d 100644
--- a/inc/python
+++ b/inc/python
@@ -553,6 +553,8 @@
function install_python3 {
if is_ubuntu; then
apt_get install python${PYTHON3_VERSION} python${PYTHON3_VERSION}-dev
+ elif is_suse; then
+ install_package python3-devel python3-dbm
fi
}
diff --git a/lib/dstat b/lib/dstat
index 62795f5..982b703 100644
--- a/lib/dstat
+++ b/lib/dstat
@@ -24,12 +24,12 @@
# To enable memory_tracker add:
# enable_service memory_tracker
# to your localrc
- run_process memory_tracker "$TOP_DIR/tools/memory_tracker.sh"
+ run_process memory_tracker "$TOP_DIR/tools/memory_tracker.sh" "" "root"
# remove support for the old name when it's no longer used (sometime in Queens)
if is_service_enabled peakmem_tracker; then
deprecated "Use of peakmem_tracker in devstack is deprecated, use memory_tracker instead"
- run_process peakmem_tracker "$TOP_DIR/tools/memory_tracker.sh"
+ run_process peakmem_tracker "$TOP_DIR/tools/memory_tracker.sh" "" "root"
fi
}
diff --git a/lib/keystone b/lib/keystone
index 530f3b4..3db3c8d 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -202,7 +202,6 @@
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
install -m 600 $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
- cp -p $KEYSTONE_DIR/etc/policy.json $KEYSTONE_CONF_DIR
if [[ -f "$KEYSTONE_DIR/etc/keystone-paste.ini" ]]; then
cp -p "$KEYSTONE_DIR/etc/keystone-paste.ini" "$KEYSTONE_PASTE_INI"
fi
@@ -602,8 +601,11 @@
tail_log key /var/log/$APACHE_NAME/keystone.log
tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
else # uwsgi
- run_process key "$KEYSTONE_BIN_DIR/uwsgi $KEYSTONE_PUBLIC_UWSGI_FILE" "" "key-p"
- run_process key "$KEYSTONE_BIN_DIR/uwsgi $KEYSTONE_ADMIN_UWSGI_FILE" "" "key-a"
+ # TODO(sdague): we should really get down to a single keystone here
+ enable_service key-p
+ enable_service key-a
+ run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_FILE" ""
+ run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_FILE" ""
fi
echo "Waiting for keystone to start..."
@@ -636,6 +638,9 @@
if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
disable_apache_site keystone
restart_apache_server
+ else
+ stop_process key-p
+ stop_process key-a
fi
# Kill the Keystone screen window
stop_process key
diff --git a/lib/neutron b/lib/neutron
index 9a2a75a..dd91466 100644
--- a/lib/neutron
+++ b/lib/neutron
@@ -171,7 +171,7 @@
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_vxlan vni_ranges 1001:2000
iniset $NEUTRON_CORE_PLUGIN_CONF ml2_type_flat flat_networks public
if [[ "$NEUTRON_PORT_SECURITY" = "True" ]]; then
- iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers port_security
+ neutron_ml2_extension_driver_add port_security
fi
fi
@@ -489,6 +489,18 @@
iniset $NEUTRON_CONF DEFAULT service_plugins $plugins
}
+function _neutron_ml2_extension_driver_add {
+ local driver=$1
+ local drivers=""
+
+ drivers=$(iniget $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers)
+ if [ $drivers ]; then
+ drivers+=","
+ fi
+ drivers+="${driver}"
+ iniset $NEUTRON_CORE_PLUGIN_CONF ml2 extension_drivers $drivers
+}
+
function neutron_server_config_add_new {
_NEUTRON_SERVER_EXTRA_CONF_FILES_ABS+=($1)
}
@@ -561,6 +573,15 @@
fi
}
+function neutron_ml2_extension_driver_add {
+ if is_neutron_legacy_enabled; then
+ # Call back to old function
+ _neutron_ml2_extension_driver_add_old "$@"
+ else
+ _neutron_ml2_extension_driver_add "$@"
+ fi
+}
+
function install_neutron_agent_packages {
if is_neutron_legacy_enabled; then
# Call back to old function
diff --git a/lib/neutron-legacy b/lib/neutron-legacy
index ccab527..74f36e0 100644
--- a/lib/neutron-legacy
+++ b/lib/neutron-legacy
@@ -432,24 +432,6 @@
git_clone $NEUTRON_REPO $NEUTRON_DIR $NEUTRON_BRANCH
setup_develop $NEUTRON_DIR
-
- if [ "$VIRT_DRIVER" == 'xenserver' ]; then
- local dom0_ip
- dom0_ip=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3-)
-
- local ssh_dom0
- ssh_dom0="sudo -u $DOMZERO_USER ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@$dom0_ip"
-
- # Find where the plugins should go in dom0
- local xen_functions
- xen_functions=$(cat $TOP_DIR/tools/xen/functions)
- local plugin_dir
- plugin_dir=$($ssh_dom0 "$xen_functions; set -eux; xapi_plugin_location")
-
- # install neutron plugins to dom0
- tar -czf - -C $NEUTRON_DIR/neutron/plugins/ml2/drivers/openvswitch/agent/xenapi/etc/xapi.d/plugins/ ./ |
- $ssh_dom0 "tar -xzf - -C $plugin_dir && chmod a+x $plugin_dir/*"
- fi
}
# install_neutron_agent_packages() - Collect source and prepare
@@ -523,11 +505,6 @@
run_process q-meta "$AGENT_META_BINARY --config-file $NEUTRON_CONF --config-file $Q_META_CONF_FILE"
run_process q-metering "$AGENT_METERING_BINARY --config-file $NEUTRON_CONF --config-file $METERING_AGENT_CONF_FILENAME"
-
- if [ "$VIRT_DRIVER" = 'xenserver' ]; then
- # For XenServer, start an agent for the domU openvswitch
- run_process q-domua "$AGENT_BINARY --config-file $NEUTRON_CONF --config-file /$Q_PLUGIN_CONF_FILE.domU"
- fi
}
# Start running processes, including screen
@@ -539,10 +516,6 @@
function stop_mutnauq_l2_agent {
stop_process q-agt
-
- if [ "$VIRT_DRIVER" = 'xenserver' ]; then
- stop_process q-domua
- fi
}
# stop_mutnauq_other() - Stop running processes (non-screen)
@@ -870,6 +843,16 @@
fi
}
+# _neutron_ml2_extension_driver_add_old() - add ML2 extension driver
+function _neutron_ml2_extension_driver_add_old {
+ local extension=$1
+ if [[ $Q_ML2_PLUGIN_EXT_DRIVERS == '' ]]; then
+ Q_ML2_PLUGIN_EXT_DRIVERS=$extension
+ elif [[ ! ,${Q_ML2_PLUGIN_EXT_DRIVERS}, =~ ,${extension}, ]]; then
+ Q_ML2_PLUGIN_EXT_DRIVERS="$Q_ML2_PLUGIN_EXT_DRIVERS,$extension"
+ fi
+}
+
# mutnauq_server_config_add() - add server config file
function mutnauq_server_config_add {
_Q_PLUGIN_EXTRA_CONF_FILES_ABS+=($1)
diff --git a/lib/neutron_plugins/openvswitch_agent b/lib/neutron_plugins/openvswitch_agent
index acab582..b65a258 100644
--- a/lib/neutron_plugins/openvswitch_agent
+++ b/lib/neutron_plugins/openvswitch_agent
@@ -11,12 +11,6 @@
function neutron_plugin_create_nova_conf {
_neutron_ovs_base_configure_nova_vif_driver
- if [ "$VIRT_DRIVER" == 'xenserver' ]; then
- iniset $NOVA_CONF xenserver vif_driver nova.virt.xenapi.vif.XenAPIOpenVswitchDriver
- iniset $NOVA_CONF xenserver ovs_integration_bridge $XEN_INTEGRATION_BRIDGE
- # Disable nova's firewall so that it does not conflict with neutron
- iniset $NOVA_CONF DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
- fi
}
function neutron_plugin_install_agent_packages {
@@ -58,65 +52,6 @@
fi
AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-openvswitch-agent"
- if [ "$VIRT_DRIVER" == 'xenserver' ]; then
- # Make a copy of our config for domU
- sudo cp /$Q_PLUGIN_CONF_FILE "/$Q_PLUGIN_CONF_FILE.domU"
-
- # change domU's config file to STACK_USER
- sudo chown $STACK_USER:$STACK_USER /$Q_PLUGIN_CONF_FILE.domU
-
- # Deal with Dom0's L2 Agent:
- Q_RR_DOM0_COMMAND="$NEUTRON_BIN_DIR/neutron-rootwrap-xen-dom0 $Q_RR_CONF_FILE"
-
- # For now, duplicate the xen configuration already found in nova.conf
- iniset $Q_RR_CONF_FILE xenapi xenapi_connection_url "$XENAPI_CONNECTION_URL"
- iniset $Q_RR_CONF_FILE xenapi xenapi_connection_username "$XENAPI_USER"
- iniset $Q_RR_CONF_FILE xenapi xenapi_connection_password "$XENAPI_PASSWORD"
-
- # Under XS/XCP, the ovs agent needs to target the dom0
- # integration bridge. This is enabled by using a root wrapper
- # that executes commands on dom0 via a XenAPI plugin.
- # XenAPI does not support daemon rootwrap now, so set root_helper_daemon empty
- iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper ""
- iniset "/$Q_PLUGIN_CONF_FILE.domU" agent root_helper_daemon "xenapi_root_helper"
- iniset "/$Q_PLUGIN_CONF_FILE.domU" xenapi connection_url "$XENAPI_CONNECTION_URL"
- iniset "/$Q_PLUGIN_CONF_FILE.domU" xenapi connection_username "$XENAPI_USER"
- iniset "/$Q_PLUGIN_CONF_FILE.domU" xenapi connection_password "$XENAPI_PASSWORD"
-
- # Disable minimize polling, so that it can always detect OVS and Port changes
- # This is a problem of xenserver + neutron, bug has been reported
- # https://bugs.launchpad.net/neutron/+bug/1495423
- iniset "/$Q_PLUGIN_CONF_FILE.domU" agent minimize_polling False
-
- # Set "physical" mapping
- iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs bridge_mappings "physnet1:$FLAT_NETWORK_BRIDGE"
-
- # XEN_INTEGRATION_BRIDGE is the integration bridge in dom0
- iniset "/$Q_PLUGIN_CONF_FILE.domU" ovs integration_bridge $XEN_INTEGRATION_BRIDGE
-
- # Set OVS native interface for ovs-agent in compute node
- XEN_DOM0_IP=$(echo "$XENAPI_CONNECTION_URL" | cut -d "/" -f 3)
- iniset /$Q_PLUGIN_CONF_FILE.domU ovs ovsdb_connection tcp:$XEN_DOM0_IP:6640
- iniset /$Q_PLUGIN_CONF_FILE.domU ovs of_listen_address $HOST_IP
-
- # Set up domU's L2 agent:
-
- # Create a bridge "br-$VLAN_INTERFACE"
- _neutron_ovs_base_add_bridge "br-$VLAN_INTERFACE"
- # Add $VLAN_INTERFACE to that bridge
- sudo ovs-vsctl -- --may-exist add-port "br-$VLAN_INTERFACE" $VLAN_INTERFACE
-
- # Create external bridge and add port
- _neutron_ovs_base_add_public_bridge
- sudo ovs-vsctl -- --may-exist add-port $PUBLIC_BRIDGE $PUBLIC_INTERFACE
-
- # Set bridge mappings to "physnet1:br-$GUEST_INTERFACE_DEFAULT"
- iniset /$Q_PLUGIN_CONF_FILE ovs bridge_mappings "physnet1:br-$VLAN_INTERFACE,physnet-ex:$PUBLIC_BRIDGE"
- # Set integration bridge to domU's
- iniset /$Q_PLUGIN_CONF_FILE ovs integration_bridge $OVS_BRIDGE
- # Set root wrap
- iniset /$Q_PLUGIN_CONF_FILE agent root_helper "$Q_RR_COMMAND"
- fi
iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES
iniset /$Q_PLUGIN_CONF_FILE ovs datapath_type $OVS_DATAPATH_TYPE
}
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 56bb6bd..47605af 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -20,17 +20,54 @@
# extremely verbose.)
DEBUG_LIBVIRT=$(trueorfalse True DEBUG_LIBVIRT)
+# Try to enable coredumps for libvirt
+# Currently fairly specific to OpenStackCI hosts
+DEBUG_LIBVIRT_COREDUMPS=$(trueorfalse False DEBUG_LIBVIRT_COREDUMPS)
+
+# Only Xenial is left with libvirt-bin. Everywhere else is libvirtd
+if is_ubuntu && [ ! -f /etc/init.d/libvirtd ]; then
+ LIBVIRT_DAEMON=libvirt-bin
+else
+ LIBVIRT_DAEMON=libvirtd
+fi
+
+# Enable coredumps for libvirt
+# Bug: https://bugs.launchpad.net/nova/+bug/1643911
+function _enable_coredump {
+ local confdir=/etc/systemd/system/${LIBVIRT_DAEMON}.service.d
+ local conffile=${confdir}/coredump.conf
+
+ # Create a coredump directory, and instruct the kernel to save to
+ # here
+ sudo mkdir -p /var/core
+ sudo chmod a+wrx /var/core
+ echo '/var/core/core.%e.%p.%h.%t' | \
+ sudo tee /proc/sys/kernel/core_pattern
+
+ # Drop a config file to up the core ulimit
+ sudo mkdir -p ${confdir}
+ sudo tee ${conffile} <<EOF
+[Service]
+LimitCORE=infinity
+EOF
+
+ # Tell systemd to reload the unit (service restarts later after
+ # config anyway)
+ sudo systemctl daemon-reload
+}
+
+
# Installs required distro-specific libvirt packages.
function install_libvirt {
+
if is_ubuntu; then
install_package qemu-system
- install_package libvirt-bin libvirt-dev
- pip_install_gr libvirt-python
- if [[ ${DISTRO} == "trusty" && ${EBTABLES_RACE_FIX} == "True" ]]; then
- # Work around for bug #1501558. We can remove this once we
- # get to a version of Ubuntu that has new enough libvirt.
- TOP_DIR=$TOP_DIR $TOP_DIR/tools/install_ebtables_workaround.sh
+ if [[ ${DISTRO} == "xenial" ]]; then
+ install_package libvirt-bin libvirt-dev
+ else
+ install_package libvirt-clients libvirt-daemon-system libvirt-dev
fi
+ pip_install_gr libvirt-python
#pip_install_gr <there-si-no-guestfs-in-pypi>
elif is_fedora || is_suse; then
# On "KVM for IBM z Systems", kvm does not have its own package
@@ -48,7 +85,10 @@
install_package libvirt libvirt-devel
pip_install_gr libvirt-python
+ fi
+ if [[ $DEBUG_LIBVIRT_COREDUMPS == True ]]; then
+ _enable_coredump
fi
}
@@ -68,14 +108,6 @@
EOF
fi
- # Since the release of Debian Wheezy the libvirt init script is libvirtd
- # and not libvirtd-bin anymore.
- if is_ubuntu && [ ! -f /etc/init.d/libvirtd ]; then
- LIBVIRT_DAEMON=libvirt-bin
- else
- LIBVIRT_DAEMON=libvirtd
- fi
-
if is_fedora || is_suse; then
# Starting with fedora 18 and opensuse-12.3 enable stack-user to
# virsh -c qemu:///system by creating a policy-kit rule for
diff --git a/lib/nova_plugins/hypervisor-ironic b/lib/nova_plugins/hypervisor-ironic
index 7ffd14d..c9544fe 100644
--- a/lib/nova_plugins/hypervisor-ironic
+++ b/lib/nova_plugins/hypervisor-ironic
@@ -42,6 +42,7 @@
iniset $NOVA_CONF DEFAULT compute_driver ironic.IronicDriver
iniset $NOVA_CONF DEFAULT firewall_driver $LIBVIRT_FIREWALL_DRIVER
iniset $NOVA_CONF DEFAULT scheduler_host_manager ironic_host_manager
+ iniset $NOVA_CONF filter_scheduler use_baremetal_filters True
iniset $NOVA_CONF DEFAULT ram_allocation_ratio 1.0
iniset $NOVA_CONF DEFAULT reserved_host_memory_mb 0
# ironic section
diff --git a/lib/nova_plugins/hypervisor-xenserver b/lib/nova_plugins/hypervisor-xenserver
index 0046a36..880b87f 100644
--- a/lib/nova_plugins/hypervisor-xenserver
+++ b/lib/nova_plugins/hypervisor-xenserver
@@ -26,10 +26,6 @@
# Allow ``build_domU.sh`` to specify the flat network bridge via kernel args
FLAT_NETWORK_BRIDGE_DEFAULT=$(sed -e 's/.* flat_network_bridge=\([[:alnum:]]*\).*$/\1/g' /proc/cmdline)
-if is_service_enabled neutron; then
- XEN_INTEGRATION_BRIDGE_DEFAULT=$(sed -e 's/.* xen_integration_bridge=\([[:alnum:]]*\).*$/\1/g' /proc/cmdline)
- XEN_INTEGRATION_BRIDGE=${XEN_INTEGRATION_BRIDGE:-$XEN_INTEGRATION_BRIDGE_DEFAULT}
-fi
VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=169.254.0.1}
@@ -96,20 +92,6 @@
echo "create_directory_for_kernels"
echo "install_conntrack_tools"
} | $ssh_dom0
-
- if is_service_enabled neutron; then
- # Remove restriction on linux bridge in Dom0 when neutron is enabled
- $ssh_dom0 "rm -f /etc/modprobe.d/blacklist-bridge*"
-
- count=`$ssh_dom0 "iptables -t filter -L XenServerDevstack |wc -l"`
- if [ "$count" = "0" ]; then
- {
- echo "iptables -t filter --new XenServerDevstack"
- echo "iptables -t filter -I INPUT -j XenServerDevstack"
- echo "iptables -t filter -I XenServerDevstack -p tcp --dport 6640 -j ACCEPT"
- } | $ssh_dom0
- fi
- fi
}
# install_nova_hypervisor() - Install external components
diff --git a/lib/oslo b/lib/oslo
index e34e48a..1a78bdf 100644
--- a/lib/oslo
+++ b/lib/oslo
@@ -48,6 +48,7 @@
GITDIR["oslo.vmware"]=$DEST/oslo.vmware
GITDIR["osprofiler"]=$DEST/osprofiler
GITDIR["pycadf"]=$DEST/pycadf
+GITDIR["python-openstacksdk"]=$DEST/python-openstacksdk
GITDIR["stevedore"]=$DEST/stevedore
GITDIR["taskflow"]=$DEST/taskflow
GITDIR["tooz"]=$DEST/tooz
@@ -95,6 +96,7 @@
_do_install_oslo_lib "oslo.vmware"
_do_install_oslo_lib "osprofiler"
_do_install_oslo_lib "pycadf"
+ _do_install_oslo_lib "python-openstacksdk"
_do_install_oslo_lib "stevedore"
_do_install_oslo_lib "taskflow"
_do_install_oslo_lib "tooz"
diff --git a/lib/swift b/lib/swift
index 5b510e5..96e2f03 100644
--- a/lib/swift
+++ b/lib/swift
@@ -38,6 +38,15 @@
# Set up default directories
GITDIR["python-swiftclient"]=$DEST/python-swiftclient
+# Swift virtual environment
+if [[ ${USE_VENV} = True ]]; then
+ PROJECT_VENV["swift"]=${SWIFT_DIR}.venv
+ SWIFT_BIN_DIR=${PROJECT_VENV["swift"]}/bin
+else
+ SWIFT_BIN_DIR=$(get_python_exec_prefix)
+fi
+
+
SWIFT_DIR=$DEST/swift
SWIFT_AUTH_CACHE_DIR=${SWIFT_AUTH_CACHE_DIR:-/var/cache/swift}
SWIFT_APACHE_WSGI_DIR=${SWIFT_APACHE_WSGI_DIR:-/var/www/swift}
@@ -119,6 +128,11 @@
SWIFT_REPLICAS=${SWIFT_REPLICAS:-1}
SWIFT_REPLICAS_SEQ=$(seq ${SWIFT_REPLICAS})
+# Set ``SWIFT_START_ALL_SERVICES`` to control whether all Swift
+# services (including the *-auditor, *-replicator, *-reconstructor, etc.
+# daemons) should be started.
+SWIFT_START_ALL_SERVICES=$(trueorfalse True SWIFT_START_ALL_SERVICES)
+
# Set ``SWIFT_LOG_TOKEN_LENGTH`` to configure how many characters of an auth
# token should be placed in the logs. When keystone is used with PKI tokens,
# the token values can be huge, seemingly larger the 2K, at the least. We
@@ -777,8 +791,11 @@
fi
if [ "$SWIFT_USE_MOD_WSGI" == "True" ]; then
+ # Apache should serve the "PACO" a.k.a "main" services
restart_apache_server
+ # The rest of the services should be started in backgroud
swift-init --run-dir=${SWIFT_DATA_DIR}/run rest start
+ # Be we still want the logs of Swift Proxy in our screen session
tail_log s-proxy /var/log/$APACHE_NAME/proxy-server
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
for type in object container account; do
@@ -788,31 +805,42 @@
return 0
fi
- # By default with only one replica we are launching the proxy,
- # container, account and object server in screen in foreground and
- # other services in background. If we have ``SWIFT_REPLICAS`` set to something
- # greater than one we first spawn all the Swift services then kill the proxy
- # service so we can run it in foreground in screen. ``swift-init ...
- # {stop|restart}`` exits with '1' if no servers are running, ignore it just
- # in case
- local todo type
- swift-init --run-dir=${SWIFT_DATA_DIR}/run all restart || true
+
+ # By default with only one replica we are launching the proxy, container
+ # account and object server in screen in foreground. Then, the rest of
+ # the services is optionally started.
+ #
+ # If we have ``SWIFT_REPLICAS`` set to something greater than one
+ # we first spawn *all* the Swift services then kill the proxy service
+ # so we can run it in foreground in screen.
+ #
+ # ``swift-init ... {stop|restart}`` exits with '1' if no servers are
+ # running, ignore it just in case
if [[ ${SWIFT_REPLICAS} == 1 ]]; then
- todo="object container account"
+ local foreground_services type
+
+ foreground_services="object container account"
+ for type in ${foreground_services}; do
+ run_process s-${type} "$SWIFT_BIN_DIR/swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
+ done
+
+ if [[ "$SWIFT_START_ALL_SERVICES" == "True" ]]; then
+ swift-init --run-dir=${SWIFT_DATA_DIR}/run rest start
+ else
+ # The container-sync daemon is strictly needed to pass the container
+ # sync Tempest tests.
+ swift-init --run-dir=${SWIFT_DATA_DIR}/run container-sync start
+ fi
+ else
+ swift-init --run-dir=${SWIFT_DATA_DIR}/run all restart || true
+ swift-init --run-dir=${SWIFT_DATA_DIR}/run proxy stop || true
fi
- for type in proxy ${todo}; do
- swift-init --run-dir=${SWIFT_DATA_DIR}/run ${type} stop || true
- done
+
if is_service_enabled tls-proxy; then
local proxy_port=${SWIFT_DEFAULT_BIND_PORT}
start_tls_proxy swift '*' $proxy_port $SERVICE_HOST $SWIFT_DEFAULT_BIND_PORT_INT
fi
- run_process s-proxy "swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
- if [[ ${SWIFT_REPLICAS} == 1 ]]; then
- for type in object container account; do
- run_process s-${type} "swift-${type}-server ${SWIFT_CONF_DIR}/${type}-server/1.conf -v"
- done
- fi
+ run_process s-proxy "$SWIFT_BIN_DIR/swift-proxy-server ${SWIFT_CONF_DIR}/proxy-server.conf -v"
if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]]; then
swift_configure_tempurls
diff --git a/lib/tempest b/lib/tempest
index 1160ee7..f6fc57d 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -437,7 +437,11 @@
TEMPEST_VOLUME_MANAGE_SNAPSHOT=${TEMPEST_VOLUME_MANAGE_SNAPSHOT:-True}
fi
iniset $TEMPEST_CONFIG volume-feature-enabled manage_snapshot $(trueorfalse False TEMPEST_VOLUME_MANAGE_SNAPSHOT)
-
+ # Only turn on TEMPEST_VOLUME_MANAGE_VOLUME by default for "lvm" backends
+ if [[ "$CINDER_ENABLED_BACKENDS" == *"lvm"* ]]; then
+ TEMPEST_VOLUME_MANAGE_VOLUME=${TEMPEST_VOLUME_MANAGE_VOLUME:-True}
+ fi
+ iniset $TEMPEST_CONFIG volume-feature-enabled manage_volume $(trueorfalse False TEMPEST_VOLUME_MANAGE_VOLUME)
# TODO(ameade): Remove the api_v3 flag when Mitaka and Liberty are end of life.
iniset $TEMPEST_CONFIG volume-feature-enabled api_v3 True
iniset $TEMPEST_CONFIG volume-feature-enabled api_v1 $(trueorfalse False TEMPEST_VOLUME_API_V1)
diff --git a/stack.sh b/stack.sh
index f08d56f..759a8db 100755
--- a/stack.sh
+++ b/stack.sh
@@ -161,16 +161,16 @@
extract_localrc_section $TOP_DIR/local.conf $TOP_DIR/localrc $TOP_DIR/.localrc.auto
# ``stack.sh`` is customizable by setting environment variables. Override a
-# default setting via export::
+# default setting via export:
#
# export DATABASE_PASSWORD=anothersecret
# ./stack.sh
#
-# or by setting the variable on the command line::
+# or by setting the variable on the command line:
#
# DATABASE_PASSWORD=simple ./stack.sh
#
-# Persistent variables can be placed in a ``local.conf`` file::
+# Persistent variables can be placed in a ``local.conf`` file:
#
# [[local|localrc]]
# DATABASE_PASSWORD=anothersecret
@@ -192,7 +192,7 @@
# Warn users who aren't on an explicitly supported distro, but allow them to
# override check and attempt installation with ``FORCE=yes ./stack``
-if [[ ! ${DISTRO} =~ (xenial|yakkety|zesty|sid|testing|jessie|f24|f25|rhel7|kvmibm1) ]]; then
+if [[ ! ${DISTRO} =~ (xenial|yakkety|zesty|stretch|jessie|f24|f25|rhel7|kvmibm1) ]]; then
echo "WARNING: this script has not been tested on $DISTRO"
if [[ "$FORCE" != "yes" ]]; then
die $LINENO "If you wish to run this script anyway run with FORCE=yes"
@@ -328,6 +328,7 @@
DATA_DIR=${DATA_DIR:-${DEST}/data}
sudo mkdir -p $DATA_DIR
safe_chown -R $STACK_USER $DATA_DIR
+safe_chmod 0755 $DATA_DIR
# Configure proper hostname
# Certain services such as rabbitmq require that the local hostname resolves
@@ -1006,6 +1007,22 @@
# Save configuration values
save_stackenv $LINENO
+# Kernel Samepage Merging (KSM)
+# -----------------------------
+
+# Processes that mark their memory as mergeable can share identical memory
+# pages if KSM is enabled. This is particularly useful for nova + libvirt
+# backends but any other setup that marks its memory as mergeable can take
+# advantage. The drawback is there is higher cpu load; however, we tend to
+# be memory bound not cpu bound so enable KSM by default but allow people
+# to opt out if the CPU time is more important to them.
+
+if [[ "ENABLE_KSM" == "True" ]] ; then
+ if [[ -f /sys/kernel/mm/ksm/run ]] ; then
+ sudo sh -c "echo 1 > /sys/kernel/mm/ksm/run"
+ fi
+fi
+
# Start Services
# ==============
diff --git a/stackrc b/stackrc
index c3b94d0..00aab8d 100644
--- a/stackrc
+++ b/stackrc
@@ -87,6 +87,31 @@
# be disabled for automated testing by setting this value to False.
USE_SCREEN=$(trueorfalse True USE_SCREEN)
+# Whether to use SYSTEMD to manage services
+USE_SYSTEMD=$(trueorfalse False USE_SYSTEMD)
+USER_UNITS=$(trueorfalse False USER_UNITS)
+if [[ "$USER_UNITS" == "True" ]]; then
+ SYSTEMD_DIR="$HOME/.local/share/systemd/user"
+ SYSTEMCTL="systemctl --user"
+ JOURNALCTL_F="journalctl -f -o short-precise --user-unit"
+else
+ SYSTEMD_DIR="/etc/systemd/system"
+ SYSTEMCTL="sudo systemctl"
+ JOURNALCTL_F="journalctl -f -o short-precise --unit"
+fi
+
+if [[ "$USE_SYSTEMD" == "True" ]]; then
+ USE_SCREEN=False
+fi
+
+# Whether or not to enable Kernel Samepage Merging (KSM) if available.
+# This allows programs that mark their memory as mergeable to share
+# memory pages if they are identical. This is particularly useful with
+# libvirt backends. This reduces memory useage at the cost of CPU overhead
+# to scan memory. We default to enabling it because we tend to be more
+# memory constrained than CPU bound.
+ENABLE_KSM=$(trueorfalse True ENABLE_KSM)
+
# When using screen, should we keep a log file on disk? You might
# want this False if you have a long-running setup where verbose logs
# can fill-up the host.
@@ -504,6 +529,10 @@
GITREPO["osc-lib"]=${OSC_LIB_REPO:-${GIT_BASE}/openstack/osc-lib.git}
GITBRANCH["osc-lib"]=${OSC_LIB_BRANCH:-master}
+# python-openstacksdk OpenStack Python SDK
+GITREPO["python-openstacksdk"]=${OPENSTACKSDK_REPO:-${GIT_BASE}/openstack/python-openstacksdk.git}
+GITBRANCH["python-openstacksdk"]=${OPENSTACKSDK_BRANCH:-master}
+
# ironic common lib
GITREPO["ironic-lib"]=${IRONIC_LIB_REPO:-${GIT_BASE}/openstack/ironic-lib.git}
GITBRANCH["ironic-lib"]=${IRONIC_LIB_BRANCH:-master}
@@ -820,17 +849,6 @@
# sharing the same database. It would be useful for multinode Grenade tests.
RECREATE_KEYSTONE_DB=$(trueorfalse True RECREATE_KEYSTONE_DB)
-# ebtables is inherently racey. If you run it by two or more processes
-# simultaneously it will collide, badly, in the kernel and produce
-# failures or corruption of ebtables. The only way around it is for
-# all tools running ebtables to only ever do so with the --concurrent
-# flag. This requires libvirt >= 1.2.11.
-#
-# If you don't have this then the following work around will replace
-# ebtables with a wrapper script so that it is safe to run without
-# that flag.
-EBTABLES_RACE_FIX=$(trueorfalse False EBTABLES_RACE_FIX)
-
# Following entries need to be last items in file
# Compatibility bits required by other callers like Grenade
diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh
index 415fec5..3d4bcd2 100755
--- a/tests/test_libs_from_pypi.sh
+++ b/tests/test_libs_from_pypi.sh
@@ -37,7 +37,7 @@
ALL_LIBS+=" oslo.versionedobjects oslo.vmware keystonemiddleware"
ALL_LIBS+=" oslo.serialization django_openstack_auth"
ALL_LIBS+=" python-openstackclient osc-lib os-client-config oslo.rootwrap"
-ALL_LIBS+=" oslo.i18n oslo.utils python-swiftclient"
+ALL_LIBS+=" oslo.i18n oslo.utils python-openstacksdk python-swiftclient"
ALL_LIBS+=" python-neutronclient tooz ceilometermiddleware oslo.policy"
ALL_LIBS+=" debtcollector os-brick automaton futurist oslo.service"
ALL_LIBS+=" oslo.cache oslo.reports osprofiler"
diff --git a/tools/install_ebtables_workaround.sh b/tools/install_ebtables_workaround.sh
deleted file mode 100755
index 45ced87..0000000
--- a/tools/install_ebtables_workaround.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash -eu
-#
-# Copyright 2015 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-#
-# This replaces the ebtables on your system with a wrapper script that
-# does implicit locking. This is needed if libvirt < 1.2.11 on your platform.
-
-EBTABLES=/sbin/ebtables
-EBTABLESREAL=/sbin/ebtables.real
-FILES=$TOP_DIR/files
-
-if [[ -f "$EBTABLES" ]]; then
- if file $EBTABLES | grep ELF; then
- sudo mv $EBTABLES $EBTABLESREAL
- sudo install -m 0755 $FILES/ebtables.workaround $EBTABLES
- echo "Replaced ebtables with locking workaround"
- fi
-fi
diff --git a/tools/memory_tracker.sh b/tools/memory_tracker.sh
index dac0267..cbdeb8f 100755
--- a/tools/memory_tracker.sh
+++ b/tools/memory_tracker.sh
@@ -14,6 +14,8 @@
set -o errexit
+PYTHON=${PYTHON:-python}
+
# time to sleep between checks
SLEEP_TIME=20
@@ -86,7 +88,7 @@
# list processes that lock memory from swap
if [[ $unevictable -ne $unevictable_point ]]; then
unevictable_point=$unevictable
- sudo ./tools/mlock_report.py
+ ${PYTHON} ./tools/mlock_report.py
fi
echo "]]]"
diff --git a/tools/mlock_report.py b/tools/mlock_report.py
index 1d23af9..2169cc2 100755
--- a/tools/mlock_report.py
+++ b/tools/mlock_report.py
@@ -8,14 +8,15 @@
import psutil
-SUMMARY_REGEX = re.compile(r".*\s+(?P<locked>[\d]+)\s+KB")
+SUMMARY_REGEX = re.compile(b".*\s+(?P<locked>[\d]+)\s+KB")
def main():
try:
- print _get_report()
+ print(_get_report())
except Exception as e:
- print "Failure listing processes locking memory: %s" % str(e)
+ print("Failure listing processes locking memory: %s" % str(e))
+ raise
def _get_report():
diff --git a/tools/worlddump.py b/tools/worlddump.py
index eb109b9..6fff149 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -223,6 +223,14 @@
print("guru meditation report in %s log" % service)
+def var_core():
+ if os.path.exists('/var/core'):
+ _header("/var/core dumps")
+ # NOTE(ianw) : see DEBUG_LIBVIRT_COREDUMPS. We could think
+ # about getting backtraces out of these. There are other
+ # tools out there that can do that sort of thing though.
+ _dump_cmd("ls -ltrah /var/core")
+
def main():
opts = get_options()
fname = filename(opts.dir, opts.name)
@@ -238,6 +246,7 @@
ebtables_dump()
compute_consoles()
guru_meditation_reports()
+ var_core()
if __name__ == '__main__':
diff --git a/tools/xen/README.md b/tools/xen/README.md
index 7062ecb..9559e77 100644
--- a/tools/xen/README.md
+++ b/tools/xen/README.md
@@ -171,8 +171,3 @@
umount "$mountdir"
rm -rf "$mountdir"
-### Migrate OpenStack DomU to another host
-
-Given you need to migrate your DomU with OpenStack installed to another host,
-you need to set `XEN_INTEGRATION_BRIDGE` in localrc if neutron network is used.
-It is the bridge for `XEN_INT_BRIDGE_OR_NET_NAME` network created in Dom0
diff --git a/tools/xen/install_os_domU.sh b/tools/xen/install_os_domU.sh
index d2e2c57..ac7af0d 100755
--- a/tools/xen/install_os_domU.sh
+++ b/tools/xen/install_os_domU.sh
@@ -66,10 +66,6 @@
setup_network "$MGT_BRIDGE_OR_NET_NAME"
setup_network "$PUB_BRIDGE_OR_NET_NAME"
-# With neutron, one more network is required, which is internal to the
-# hypervisor, and used by the VMs
-setup_network "$XEN_INT_BRIDGE_OR_NET_NAME"
-
if parameter_is_specified "FLAT_NETWORK_BRIDGE"; then
if [ "$(bridge_for "$VM_BRIDGE_OR_NET_NAME")" != "$(bridge_for "$FLAT_NETWORK_BRIDGE")" ]; then
cat >&2 << EOF
@@ -292,15 +288,9 @@
#
$THIS_DIR/build_xva.sh "$GUEST_NAME"
-# Attach a network interface for the integration network (so that the bridge
-# is created by XenServer). This is required for Neutron. Also pass that as a
-# kernel parameter for DomU
-attach_network "$XEN_INT_BRIDGE_OR_NET_NAME"
-
XEN_INTEGRATION_BRIDGE_DEFAULT=$(bridge_for "$XEN_INT_BRIDGE_OR_NET_NAME")
append_kernel_cmdline \
- "$GUEST_NAME" \
- "xen_integration_bridge=${XEN_INTEGRATION_BRIDGE_DEFAULT}"
+ "$GUEST_NAME"
FLAT_NETWORK_BRIDGE="${FLAT_NETWORK_BRIDGE:-$(bridge_for "$VM_BRIDGE_OR_NET_NAME")}"
append_kernel_cmdline "$GUEST_NAME" "flat_network_bridge=${FLAT_NETWORK_BRIDGE}"
diff --git a/tools/xen/xenrc b/tools/xen/xenrc
index 60be02f..169e042 100644
--- a/tools/xen/xenrc
+++ b/tools/xen/xenrc
@@ -29,7 +29,6 @@
# Get the management network from the XS installation
VM_BRIDGE_OR_NET_NAME="OpenStack VM Network"
PUB_BRIDGE_OR_NET_NAME="OpenStack Public Network"
-XEN_INT_BRIDGE_OR_NET_NAME="OpenStack VM Integration Network"
# VM Password
GUEST_PASSWORD=${GUEST_PASSWORD:-secret}