Merge "Centralize and configure nova with cinder service user access"
diff --git a/.zuul.yaml b/.zuul.yaml
index f7594d4..531a1e5 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -219,8 +219,8 @@
VERBOSE_NO_TIMESTAMP: true
NOVNC_FROM_PACKAGE: true
ERROR_ON_CLONE: true
- # Gate jobs can't deal with nested virt. Disable it.
- LIBVIRT_TYPE: qemu
+ # Gate jobs can't deal with nested virt. Disable it by default.
+ LIBVIRT_TYPE: '{{ devstack_libvirt_type | default("qemu") }}'
devstack_services:
# Ignore any default set by devstack. Emit a "disable_all_services".
base: false
@@ -521,13 +521,6 @@
# and these platforms don't have the round-the-clock support to avoid
# becoming blockers in that situation.
- job:
- name: devstack-platform-centos-7
- parent: tempest-full
- description: Centos 7 platform test
- nodeset: devstack-single-node-centos-7
- voting: false
-
-- job:
name: devstack-platform-opensuse-15
parent: tempest-full-py3
description: openSUSE 15.x platform test
@@ -621,7 +614,6 @@
- devstack
- devstack-xenial
- devstack-ipv6
- - devstack-platform-centos-7
- devstack-platform-opensuse-15
- devstack-platform-fedora-latest
- devstack-platform-xenial
@@ -636,7 +628,7 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- - neutron-grenade:
+ - grenade-py3:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
@@ -678,7 +670,7 @@
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
- - neutron-grenade:
+ - grenade-py3:
irrelevant-files:
- ^.*\.rst$
- ^doc/.*$
diff --git a/inc/python b/inc/python
index ea8ff67..81b6a96 100644
--- a/inc/python
+++ b/inc/python
@@ -380,16 +380,6 @@
fi
local name=$1
local dir=${GITDIR[$name]}
- if python3_enabled; then
- # Turn off Python 3 mode and install the package again,
- # forcing a Python 2 installation. This ensures that all libs
- # being used for development are installed under both versions
- # of Python.
- echo "Installing $name again without Python 3 enabled"
- USE_PYTHON3=False
- setup_develop $bindep $dir
- USE_PYTHON3=True
- fi
setup_develop $bindep $dir
}
diff --git a/lib/horizon b/lib/horizon
index 293a627..b2bf7bc 100644
--- a/lib/horizon
+++ b/lib/horizon
@@ -43,8 +43,8 @@
local value=$4
if [ -z "$section" ]; then
- sed -e "/^$option/d" -i $local_settings
- echo -e "\n$option=$value" >> $file
+ sed -e "/^$option/d" -i $file
+ echo "$option = $value" >> $file
elif grep -q "^$section" $file; then
local line
line=$(sed -ne "/^$section/,/^}/ { /^ *'$option':/ p; }" $file)
@@ -84,6 +84,9 @@
local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py
cp $HORIZON_SETTINGS $local_settings
+ # Ensure local_setting.py file ends with EOL (newline)
+ echo >> $local_settings
+
_horizon_config_set $local_settings "" WEBROOT \"$HORIZON_APACHE_ROOT/\"
_horizon_config_set $local_settings "" COMPRESS_OFFLINE True
@@ -91,7 +94,6 @@
_horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
- _horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":3}
_horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_URI}/v3\""
# note(trebskit): if HOST_IP points at non-localhost ip address, horizon cannot be accessed
diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent
index fa3f862..1f1b0e8 100644
--- a/lib/neutron_plugins/linuxbridge_agent
+++ b/lib/neutron_plugins/linuxbridge_agent
@@ -48,7 +48,7 @@
function neutron_plugin_configure_l3_agent {
local conf_file=$1
- sudo brctl addbr $PUBLIC_BRIDGE
+ sudo ip link add $PUBLIC_BRIDGE type bridge
set_mtu $PUBLIC_BRIDGE $PUBLIC_BRIDGE_MTU
}
diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt
index 4639869..914ee7b 100644
--- a/lib/nova_plugins/functions-libvirt
+++ b/lib/nova_plugins/functions-libvirt
@@ -150,21 +150,19 @@
fi
if is_nova_console_proxy_compute_tls_enabled ; then
- if is_service_enabled n-novnc ; then
- echo "vnc_tls = 1" | sudo tee -a $QEMU_CONF
- echo "vnc_tls_x509_verify = 1" | sudo tee -a $QEMU_CONF
+ echo "vnc_tls = 1" | sudo tee -a $QEMU_CONF
+ echo "vnc_tls_x509_verify = 1" | sudo tee -a $QEMU_CONF
- sudo mkdir -p /etc/pki/libvirt-vnc
- deploy_int_CA /etc/pki/libvirt-vnc/ca-cert.pem
- deploy_int_cert /etc/pki/libvirt-vnc/server-cert.pem /etc/pki/libvirt-vnc/server-key.pem
- # OpenSSL 1.1.0 generates the key file with permissions: 600, by
- # default and the deploy_int* methods use 'sudo cp' to copy the
- # files, making them owned by root:root.
- # Change ownership of everything under /etc/pki/libvirt-vnc to
- # libvirt-qemu:libvirt-qemu so that libvirt-qemu can read the key
- # file.
- sudo chown -R libvirt-qemu:libvirt-qemu /etc/pki/libvirt-vnc
- fi
+ sudo mkdir -p /etc/pki/libvirt-vnc
+ deploy_int_CA /etc/pki/libvirt-vnc/ca-cert.pem
+ deploy_int_cert /etc/pki/libvirt-vnc/server-cert.pem /etc/pki/libvirt-vnc/server-key.pem
+ # OpenSSL 1.1.0 generates the key file with permissions: 600, by
+ # default and the deploy_int* methods use 'sudo cp' to copy the
+ # files, making them owned by root:root.
+ # Change ownership of everything under /etc/pki/libvirt-vnc to
+ # libvirt-qemu:libvirt-qemu so that libvirt-qemu can read the key
+ # file.
+ sudo chown -R libvirt-qemu:libvirt-qemu /etc/pki/libvirt-vnc
fi
# Service needs to be started on redhat/fedora -- do a restart for
diff --git a/lib/rpc_backend b/lib/rpc_backend
index 1c7c82f..743b4ae 100644
--- a/lib/rpc_backend
+++ b/lib/rpc_backend
@@ -66,7 +66,12 @@
sudo systemctl restart epmd.socket epmd.service
fi
if is_fedora || is_suse; then
- sudo systemctl enable rabbitmq-server
+ # NOTE(jangutter): If rabbitmq is not running (as in a fresh
+ # install) then rabbit_setuser triggers epmd@0.0.0.0.socket with
+ # socket activation. This fails the first time and does not get
+ # cleared. It is benign, but the workaround is to start rabbitmq a
+ # bit earlier for RPM based distros.
+ sudo systemctl --now enable rabbitmq-server
fi
fi
}
diff --git a/playbooks/pre.yaml b/playbooks/pre.yaml
index 4689a63..60f365a 100644
--- a/playbooks/pre.yaml
+++ b/playbooks/pre.yaml
@@ -1,5 +1,12 @@
- hosts: all
pre_tasks:
+ - name: Fix the permissions of the zuul home directory
+ # Make sure that the zuul home can be traversed,
+ # so that all users can access the sources placed there.
+ # Some distributions create it with 700 by default.
+ file:
+ path: "{{ ansible_user_dir }}"
+ mode: a+x
- name: Gather minimum local MTU
set_fact:
local_mtu: >
diff --git a/stack.sh b/stack.sh
index 11783fd..b7b37e2 100755
--- a/stack.sh
+++ b/stack.sh
@@ -796,9 +796,6 @@
PYPI_ALTERNATIVE_URL=${PYPI_ALTERNATIVE_URL:-""} $TOP_DIR/tools/install_pip.sh
fi
-# Install subunit for the subunit output stream
-pip_install -U os-testr
-
TRACK_DEPENDS=${TRACK_DEPENDS:-False}
# Install Python packages into a virtualenv so that we can track them
@@ -816,6 +813,9 @@
source $TOP_DIR/tools/fixup_stuff.sh
fixup_all
+# Install subunit for the subunit output stream
+pip_install -U os-testr
+
if [[ "$USE_SYSTEMD" == "True" ]]; then
pip_install_gr systemd-python
# the default rate limit of 1000 messages / 30 seconds is not
diff --git a/stackrc b/stackrc
index 10117f2..d69c737 100644
--- a/stackrc
+++ b/stackrc
@@ -89,6 +89,15 @@
# Set the default Nova APIs to enable
NOVA_ENABLED_APIS=osapi_compute,metadata
+# allow local overrides of env variables, including repo config
+if [[ -f $RC_DIR/localrc ]]; then
+ # Old-style user-supplied config
+ source $RC_DIR/localrc
+elif [[ -f $RC_DIR/.localrc.auto ]]; then
+ # New-style user-supplied config extracted from local.conf
+ source $RC_DIR/.localrc.auto
+fi
+
# CELLSV2_SETUP - how we should configure services with cells v2
#
# - superconductor - this is one conductor for the api services, and
@@ -127,7 +136,7 @@
fi
# Control whether Python 3 should be used at all.
-export USE_PYTHON3=$(trueorfalse False USE_PYTHON3)
+export USE_PYTHON3=$(trueorfalse True USE_PYTHON3)
# Explicitly list services not to run under Python 3. See
# disable_python3_package to edit this variable.
@@ -145,20 +154,11 @@
# Create a virtualenv with this
if [[ ${USE_PYTHON3} == True ]]; then
- export VIRTUALENV_CMD="python3 -m venv"
+ export VIRTUALENV_CMD="virtualenv -p python3"
else
export VIRTUALENV_CMD="virtualenv "
fi
-# allow local overrides of env variables, including repo config
-if [[ -f $RC_DIR/localrc ]]; then
- # Old-style user-supplied config
- source $RC_DIR/localrc
-elif [[ -f $RC_DIR/.localrc.auto ]]; then
- # New-style user-supplied config extracted from local.conf
- source $RC_DIR/.localrc.auto
-fi
-
# Default for log coloring is based on interactive-or-not.
# Baseline assumption is that non-interactive invocations are for CI,
# where logs are to be presented as browsable text files; hence color
@@ -240,7 +240,7 @@
GIT_BASE=${GIT_BASE:-https://opendev.org}
# The location of REQUIREMENTS once cloned
-REQUIREMENTS_DIR=$DEST/requirements
+REQUIREMENTS_DIR=${REQUIREMENTS_DIR:-$DEST/requirements}
# Which libraries should we install from git instead of using released
# versions on pypi?
@@ -258,7 +258,7 @@
# Setting the variable to 'ALL' will activate the download for all
# libraries.
-DEVSTACK_SERIES="train"
+DEVSTACK_SERIES="ussuri"
##############
#
@@ -499,7 +499,7 @@
# pbr drives the setuptools configs
GITREPO["pbr"]=${PBR_REPO:-${GIT_BASE}/openstack/pbr.git}
-GITBRANCH["pbr"]=${PBR_BRANCH:-$TARGET_BRANCH}
+GITBRANCH["pbr"]=${PBR_BRANCH:-$BRANCHLESS_TARGET_BRANCH}
##################
@@ -554,7 +554,7 @@
# diskimage-builder tool
GITREPO["diskimage-builder"]=${DIB_REPO:-${GIT_BASE}/openstack/diskimage-builder.git}
-GITBRANCH["diskimage-builder"]=${DIB_BRANCH:-$TARGET_BRANCH}
+GITBRANCH["diskimage-builder"]=${DIB_BRANCH:-$BRANCHLESS_TARGET_BRANCH}
GITDIR["diskimage-builder"]=$DEST/diskimage-builder
# neutron-lib library containing neutron stable non-REST interfaces
diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh
index d7b824c..d298937 100755
--- a/tools/fixup_stuff.sh
+++ b/tools/fixup_stuff.sh
@@ -256,6 +256,7 @@
# overwriting works. So this hacks around those packages that
# have been dragged in by some other system dependency
sudo rm -rf /usr/lib/python3.6/site-packages/ply-*.egg-info
+ sudo rm -rf /usr/lib/python3.6/site-packages/six-*.egg-info
}
# The version of pip(1.5.4) supported by python-virtualenv(1.11.4) has
diff --git a/tools/generate-devstack-plugins-list.py b/tools/generate-devstack-plugins-list.py
index 11062ea..d39b801 100644
--- a/tools/generate-devstack-plugins-list.py
+++ b/tools/generate-devstack-plugins-list.py
@@ -28,6 +28,9 @@
import json
import requests
+from requests.adapters import HTTPAdapter
+from requests.packages.urllib3.util.retry import Retry
+
logging.basicConfig(level=logging.DEBUG)
url = 'https://review.opendev.org/projects/'
@@ -63,6 +66,12 @@
logging.debug("Found %d projects" % len(projects))
s = requests.Session()
+# sometimes gitea gives us a 500 error; retry sanely
+# https://stackoverflow.com/a/35636367
+retries = Retry(total=3, backoff_factor=1,
+ status_forcelist=[ 500 ])
+s.mount('https://', HTTPAdapter(max_retries=retries))
+
found_plugins = filter(functools.partial(has_devstack_plugin, s), projects)
for project in found_plugins:
diff --git a/tools/worlddump.py b/tools/worlddump.py
index d1453ca..d5ff5d1 100755
--- a/tools/worlddump.py
+++ b/tools/worlddump.py
@@ -165,7 +165,8 @@
_header("Network Dump")
_dump_cmd("bridge link")
- _dump_cmd("brctl show")
+ if _find_cmd("brctl"):
+ _dump_cmd("brctl show")
_dump_cmd("ip link show type bridge")
ip_cmds = ["neigh", "addr", "link", "route"]
for cmd in ip_cmds + ['netns']: