diff --git a/.gitreview b/.gitreview index 570d31a987..ec70141113 100644 --- a/.gitreview +++ b/.gitreview @@ -2,3 +2,4 @@ host=review.openstack.org port=29418 project=openstack-dev/devstack.git +defaultbranch=stable/ocata diff --git a/files/rpms/nova b/files/rpms/nova index 45f1c94f1f..a368c552aa 100644 --- a/files/rpms/nova +++ b/files/rpms/nova @@ -9,10 +9,6 @@ iptables iputils kernel-modules # dist:f23,f24,f25 kpartx -kvm # NOPRIME -libvirt-bin # NOPRIME -libvirt-devel # NOPRIME -libvirt-python # NOPRIME libxml2-python m2crypto mysql-devel @@ -21,7 +17,6 @@ mysql-server # NOPRIME numpy # needed by websockify for spice console parted polkit -qemu-kvm # NOPRIME rabbitmq-server # NOPRIME sqlite sudo diff --git a/functions b/functions index 89ee3672d3..1aa7517a8a 100644 --- a/functions +++ b/functions @@ -12,7 +12,7 @@ # ensure we don't re-source this in the same environment [[ -z "$_DEVSTACK_FUNCTIONS" ]] || return 0 -declare -r _DEVSTACK_FUNCTIONS=1 +declare -r -g _DEVSTACK_FUNCTIONS=1 # Include the common functions FUNC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd) @@ -664,6 +664,16 @@ function set_mtu { } +# running_in_container - Returns true otherwise false +function running_in_container { + if grep -q lxc /proc/1/cgroup; then + return 0 + fi + + return 1 +} + + # enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling function enable_kernel_bridge_firewall { # Load bridge module. This module provides access to firewall for bridged diff --git a/functions-common b/functions-common index 8d32bb4148..6a30ba3eb0 100644 --- a/functions-common +++ b/functions-common @@ -37,12 +37,12 @@ set +o xtrace # ensure we don't re-source this in the same environment [[ -z "$_DEVSTACK_FUNCTIONS_COMMON" ]] || return 0 -declare -r _DEVSTACK_FUNCTIONS_COMMON=1 +declare -r -g _DEVSTACK_FUNCTIONS_COMMON=1 # Global Config Variables -declare -A GITREPO -declare -A GITBRANCH -declare -A GITDIR +declare -A -g GITREPO +declare -A -g GITBRANCH +declare -A -g GITDIR TRACK_DEPENDS=${TRACK_DEPENDS:-False} @@ -306,7 +306,7 @@ function warn { # ``os_PACKAGE`` - package type: ``deb`` or ``rpm`` # ``os_CODENAME`` - vendor's codename for release: ``trusty`` -declare os_VENDOR os_RELEASE os_PACKAGE os_CODENAME +declare -g os_VENDOR os_RELEASE os_PACKAGE os_CODENAME # Make a *best effort* attempt to install lsb_release packages for the # user if not available. Note can't use generic install_package* @@ -361,7 +361,7 @@ function GetOSVersion { # Translate the OS version values into common nomenclature # Sets global ``DISTRO`` from the ``os_*`` values -declare DISTRO +declare -g DISTRO function GetDistro { GetOSVersion @@ -2372,9 +2372,9 @@ function sudo_with_proxies { # Resolution is only in whole seconds, so should be used for long # running activities. -declare -A _TIME_TOTAL -declare -A _TIME_START -declare -r _TIME_BEGIN=$(date +%s) +declare -A -g _TIME_TOTAL +declare -A -g _TIME_START +declare -r -g _TIME_BEGIN=$(date +%s) # time_start $name # diff --git a/inc/python b/inc/python index 5afc07f636..d0e45df489 100644 --- a/inc/python +++ b/inc/python @@ -19,7 +19,7 @@ set +o xtrace # PROJECT_VENV contains the name of the virtual environment for each # project. A null value installs to the system Python directories. -declare -A PROJECT_VENV +declare -A -g PROJECT_VENV # Python Functions diff --git a/lib/neutron b/lib/neutron index 9b032b72e2..dc26441d10 100644 --- a/lib/neutron +++ b/lib/neutron @@ -74,7 +74,7 @@ NEUTRON_ROOTWRAP_DAEMON_CMD="sudo $NEUTRON_ROOTWRAP-daemon $NEUTRON_ROOTWRAP_CON NEUTRON_CONFIG_ARG=${NEUTRON_CONFIG_ARG:-""} # Additional neutron api config files -declare -a _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS +declare -a -g _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS # Functions # --------- @@ -188,7 +188,9 @@ function configure_neutron_new { iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP fi - enable_kernel_bridge_firewall + if ! running_in_container; then + enable_kernel_bridge_firewall + fi fi # DHCP Agent diff --git a/lib/neutron-legacy b/lib/neutron-legacy index af91470e65..7a1f38ed2f 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -141,10 +141,10 @@ _Q_PLUGIN_EXTRA_CONF_PATH=/etc/neutron # These config files are relative to ``/etc/neutron``. The above # example would specify ``--config-file /etc/neutron/file1`` for # neutron server. -declare -a Q_PLUGIN_EXTRA_CONF_FILES +declare -a -g Q_PLUGIN_EXTRA_CONF_FILES # same as Q_PLUGIN_EXTRA_CONF_FILES, but with absolute path. -declare -a _Q_PLUGIN_EXTRA_CONF_FILES_ABS +declare -a -g _Q_PLUGIN_EXTRA_CONF_FILES_ABS Q_RR_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent index 0c8ccb8718..f031fc7c59 100644 --- a/lib/neutron_plugins/linuxbridge_agent +++ b/lib/neutron_plugins/linuxbridge_agent @@ -71,7 +71,9 @@ function neutron_plugin_configure_plugin_agent { fi if [[ "$Q_USE_SECGROUP" == "True" ]]; then iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver - enable_kernel_bridge_firewall + if ! running_in_container; then + enable_kernel_bridge_firewall + fi else iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver fi diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base index 62a4d00bcd..733a5c13e2 100644 --- a/lib/neutron_plugins/ovs_base +++ b/lib/neutron_plugins/ovs_base @@ -88,7 +88,9 @@ function _neutron_ovs_base_configure_debug_command { function _neutron_ovs_base_configure_firewall_driver { if [[ "$Q_USE_SECGROUP" == "True" ]]; then iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid - enable_kernel_bridge_firewall + if ! running_in_container; then + enable_kernel_bridge_firewall + fi else iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop fi diff --git a/lib/nova b/lib/nova index 4d336f6271..d1c0d470a7 100644 --- a/lib/nova +++ b/lib/nova @@ -864,7 +864,9 @@ function start_nova_rest { run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf" if is_service_enabled n-net; then - enable_kernel_bridge_firewall + if ! running_in_container; then + enable_kernel_bridge_firewall + fi fi run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf" diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index 5e7695a2b2..56bb6bda1c 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -26,7 +26,7 @@ function install_libvirt { install_package qemu-system install_package libvirt-bin libvirt-dev pip_install_gr libvirt-python - if [[ "$EBTABLES_RACE_FIX" == "True" ]]; then + if [[ ${DISTRO} == "trusty" && ${EBTABLES_RACE_FIX} == "True" ]]; then # Work around for bug #1501558. We can remove this once we # get to a version of Ubuntu that has new enough libvirt. TOP_DIR=$TOP_DIR $TOP_DIR/tools/install_ebtables_workaround.sh @@ -34,18 +34,21 @@ function install_libvirt { #pip_install_gr elif is_fedora || is_suse; then # On "KVM for IBM z Systems", kvm does not have its own package - if [[ ! ${DISTRO} =~ "kvmibm1" ]]; then + if [[ ! ${DISTRO} =~ "kvmibm1" && ! ${DISTRO} =~ "rhel7" ]]; then install_package kvm fi - # there is a dependency issue with kvm (which is really just a - # wrapper to qemu-system-x86) that leaves some bios files out, - # so install qemu-kvm (which shouldn't strictly be needed, as - # everything has been merged into qemu-system-x86) to bring in - # the right packages. see - # https://bugzilla.redhat.com/show_bug.cgi?id=1235890 - install_package qemu-kvm + + if [[ ${DISTRO} =~ "rhel7" ]]; then + # This should install the latest qemu-kvm build, + # which is called qemu-kvm-ev in centos7 + # (as the default OS qemu-kvm package is usually rather old, + # and should be updated by above) + install_package qemu-kvm + fi + install_package libvirt libvirt-devel pip_install_gr libvirt-python + fi } diff --git a/lib/tempest b/lib/tempest index 2efaebc694..38f724c8de 100644 --- a/lib/tempest +++ b/lib/tempest @@ -60,7 +60,7 @@ BUILD_TIMEOUT=${BUILD_TIMEOUT:-196} # This must be False on stable branches, as master tempest # deps do not match stable branch deps. Set this to True to # have tempest installed in DevStack by default. -INSTALL_TEMPEST=${INSTALL_TEMPEST:-"True"} +INSTALL_TEMPEST=${INSTALL_TEMPEST:-"False"} # This variable is passed directly to pip install inside the common tox venv # that is created @@ -227,7 +227,7 @@ function configure_tempest { # Ensure ``flavor_ref`` and ``flavor_ref_alt`` have different values. # Some resize instance in tempest tests depends on this. for f in ${flavors[@]:1}; do - if [[ $f -ne $flavor_ref ]]; then + if [[ "$f" != "$flavor_ref" ]]; then flavor_ref_alt=$f break fi @@ -335,7 +335,7 @@ function configure_tempest { # NOTE- To avoid microversion tests failure on stable branch, we need to change "tempest_compute_max_microversion" # for stable branch on each release which should be changed from "latest" to max supported version of that release. local tempest_compute_min_microversion=${TEMPEST_COMPUTE_MIN_MICROVERSION:-None} - local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"latest"} + local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"2.42"} # Reset microversions to None where v2.0 is running which does not support microversion. # Both "None" means no microversion testing. if [[ "$TEMPEST_COMPUTE_TYPE" == "compute_legacy" ]]; then @@ -448,7 +448,7 @@ function configure_tempest { # TODO(ameade): Remove the api_v3 flag when Mitaka and Liberty are end of life. iniset $TEMPEST_CONFIG volume-feature-enabled api_v3 True local tempest_volume_min_microversion=${TEMPEST_VOLUME_MIN_MICROVERSION:-None} - local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"latest"} + local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"3.27"} if [ "$tempest_volume_min_microversion" == "None" ]; then inicomment $TEMPEST_CONFIG volume min_microversion else @@ -588,7 +588,17 @@ function configure_tempest { DISABLE_NETWORK_API_EXTENSIONS+=", metering" fi - local network_api_extensions=${NETWORK_API_EXTENSIONS:-"all"} + DEFAULT_NET_EXT="address-scope,agent,allowed-address-pairs,auto-allocated-topology" + DEFAULT_NET_EXT+=",availability_zone,binding,default-subnetpools,dhcp_agent_scheduler" + DEFAULT_NET_EXT+=",dvr,ext-gw-mode,external-net,extra_dhcp_opt,extraroute,flavors" + DEFAULT_NET_EXT+=",l3-flavors,l3-ha,l3_agent_scheduler,multi-provider,net-mtu" + DEFAULT_NET_EXT+=",network-ip-availability,network_availability_zone,pagination" + DEFAULT_NET_EXT+=",port-security,project-id,provider,quotas,rbac-policies,router" + DEFAULT_NET_EXT+=",router_availability_zone,security-group,service-type,sorting" + DEFAULT_NET_EXT+=",standard-attr-description,standard-attr-revisions,standard-attr-timestamp" + DEFAULT_NET_EXT+=",subnet-service-types,subnet_allocation,tag,tag-ext" + + local network_api_extensions=${NETWORK_API_EXTENSIONS:-$DEFAULT_NET_EXT} if [[ ! -z "$DISABLE_NETWORK_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint network_api_extensions=${NETWORK_API_EXTENSIONS:-$(iniget $tmp_cfg_file network-feature-enabled api_extensions | tr -d " ")} @@ -597,7 +607,11 @@ function configure_tempest { fi iniset $TEMPEST_CONFIG network-feature-enabled api_extensions $network_api_extensions # Swift API Extensions - local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-"all"} + DEFAULT_SWIFT_OPT="account_quotas,bulk_delete,bulk_upload,container_quotas" + DEFAULT_SWIFT_OPT+=",container_sync,crossdomain,formpost,ratelimit,slo" + DEFAULT_SWIFT_OPT+=",staticweb,tempauth,tempurl,versioned_writes" + + local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$DEFAULT_SWIFT_OPT} if [[ ! -z "$DISABLE_OBJECT_STORAGE_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$(iniget $tmp_cfg_file object-storage-feature-enabled discoverable_apis | tr -d " ")} @@ -606,7 +620,18 @@ function configure_tempest { fi iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis $object_storage_api_extensions # Cinder API Extensions - local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"} + DEFAULT_VOL_EXT="OS-SCH-HNT,backups,capabilities,cgsnapshots,consistencygroups" + DEFAULT_VOL_EXT+=",encryption,os-admin-actions,os-availability-zone" + DEFAULT_VOL_EXT+=",os-extended-services,os-extended-snapshot-attributes" + DEFAULT_VOL_EXT+=",os-hosts,os-image-create,os-quota-class-sets,os-quota-sets" + DEFAULT_VOL_EXT+=",os-services,os-snapshot-actions,os-snapshot-manage" + DEFAULT_VOL_EXT+=",os-snapshot-unmanage,os-types-extra-specs,os-types-manage" + DEFAULT_VOL_EXT+=",os-used-limits,os-vol-host-attr,os-vol-image-meta" + DEFAULT_VOL_EXT+=",os-vol-mig-status-attr,os-vol-tenant-attr,os-volume-actions" + DEFAULT_VOL_EXT+=",os-volume-encryption-metadata,os-volume-manage" + DEFAULT_VOL_EXT+=",os-volume-transfer,os-volume-type-access" + DEFAULT_VOL_EXT+=",os-volume-unmanage,qos-specs,scheduler-stats" + local volume_api_extensions=${VOLUME_API_EXTENSIONS:-$DEFAULT_VOL_EXT} if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint volume_api_extensions=${VOLUME_API_EXTENSIONS:-$(iniget $tmp_cfg_file volume-feature-enabled api_extensions | tr -d " ")} diff --git a/lib/tls b/lib/tls index 57b5e525ac..f9ef554a6c 100644 --- a/lib/tls +++ b/lib/tls @@ -519,6 +519,10 @@ $listen_string SSLEngine On SSLCertificateFile $DEVSTACK_CERT + # Disable KeepAlive to fix bug #1630664 a.k.a the + # ('Connection aborted.', BadStatusLine("''",)) error + KeepAlive Off + ProxyPass http://$b_host:$b_port/ retry=5 nocanon ProxyPassReverse http://$b_host:$b_port/ diff --git a/stack.sh b/stack.sh index 7d440a7c20..9a0cec601f 100755 --- a/stack.sh +++ b/stack.sh @@ -872,7 +872,7 @@ fi # if placement-api or placement-client is active, and n-cpu on the # same box. if is_service_enabled placement placement-client; then - if is_service_enabled n-cpu; then + if is_service_enabled n-cpu || is_service_enabled n-sch; then configure_placement_nova_compute fi fi diff --git a/stackrc b/stackrc index d8d0ee4b3e..c816447132 100644 --- a/stackrc +++ b/stackrc @@ -5,7 +5,7 @@ # ensure we don't re-source this in the same environment [[ -z "$_DEVSTACK_STACKRC" ]] || return 0 -declare -r _DEVSTACK_STACKRC=1 +declare -r -g _DEVSTACK_STACKRC=1 # Find the other rc files RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd) @@ -225,35 +225,35 @@ REQUIREMENTS_DIR=$DEST/requirements # block storage service CINDER_REPO=${CINDER_REPO:-${GIT_BASE}/openstack/cinder.git} -CINDER_BRANCH=${CINDER_BRANCH:-master} +CINDER_BRANCH=${CINDER_BRANCH:-stable/ocata} # image catalog service GLANCE_REPO=${GLANCE_REPO:-${GIT_BASE}/openstack/glance.git} -GLANCE_BRANCH=${GLANCE_BRANCH:-master} +GLANCE_BRANCH=${GLANCE_BRANCH:-stable/ocata} # django powered web control panel for openstack HORIZON_REPO=${HORIZON_REPO:-${GIT_BASE}/openstack/horizon.git} -HORIZON_BRANCH=${HORIZON_BRANCH:-master} +HORIZON_BRANCH=${HORIZON_BRANCH:-stable/ocata} # unified auth system (manages accounts/tokens) KEYSTONE_REPO=${KEYSTONE_REPO:-${GIT_BASE}/openstack/keystone.git} -KEYSTONE_BRANCH=${KEYSTONE_BRANCH:-master} +KEYSTONE_BRANCH=${KEYSTONE_BRANCH:-stable/ocata} # neutron service NEUTRON_REPO=${NEUTRON_REPO:-${GIT_BASE}/openstack/neutron.git} -NEUTRON_BRANCH=${NEUTRON_BRANCH:-master} +NEUTRON_BRANCH=${NEUTRON_BRANCH:-stable/ocata} # neutron fwaas service NEUTRON_FWAAS_REPO=${NEUTRON_FWAAS_REPO:-${GIT_BASE}/openstack/neutron-fwaas.git} -NEUTRON_FWAAS_BRANCH=${NEUTRON_FWAAS_BRANCH:-master} +NEUTRON_FWAAS_BRANCH=${NEUTRON_FWAAS_BRANCH:-stable/ocata} # compute service NOVA_REPO=${NOVA_REPO:-${GIT_BASE}/openstack/nova.git} -NOVA_BRANCH=${NOVA_BRANCH:-master} +NOVA_BRANCH=${NOVA_BRANCH:-stable/ocata} # object storage service SWIFT_REPO=${SWIFT_REPO:-${GIT_BASE}/openstack/swift.git} -SWIFT_BRANCH=${SWIFT_BRANCH:-master} +SWIFT_BRANCH=${SWIFT_BRANCH:-stable/ocata} ############## # @@ -263,7 +263,7 @@ SWIFT_BRANCH=${SWIFT_BRANCH:-master} # consolidated openstack requirements REQUIREMENTS_REPO=${REQUIREMENTS_REPO:-${GIT_BASE}/openstack/requirements.git} -REQUIREMENTS_BRANCH=${REQUIREMENTS_BRANCH:-master} +REQUIREMENTS_BRANCH=${REQUIREMENTS_BRANCH:-stable/ocata} # Tempest test suite TEMPEST_REPO=${TEMPEST_REPO:-${GIT_BASE}/openstack/tempest.git} @@ -607,7 +607,7 @@ esac # glance as a disk image. If it ends in .gz, it is uncompressed first. # example: # http://cloud-images.ubuntu.com/releases/precise/release/ubuntu-12.04-server-cloudimg-armel-disk1.img -# http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz +# http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${H}-rootfs.img.gz # * OpenVZ image: # OpenVZ uses its own format of image, and does not support UEC style images @@ -615,7 +615,7 @@ esac #IMAGE_URLS="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" # cirros full disk image CIRROS_VERSION=${CIRROS_VERSION:-"0.3.4"} -CIRROS_ARCH=${CIRROS_ARCH:-"x86_64"} +CIRROS_ARCH=${CIRROS_ARCH:-"arm"} # Set default image based on ``VIRT_DRIVER`` and ``LIBVIRT_TYPE``, either of # which may be set in ``local.conf``. Also allow ``DEFAULT_IMAGE_NAME`` and diff --git a/tests/test_refs.sh b/tests/test_refs.sh index bccca5dff7..7efe64c5a6 100755 --- a/tests/test_refs.sh +++ b/tests/test_refs.sh @@ -15,7 +15,7 @@ echo "Ensuring we don't have crazy refs" -REFS=`grep BRANCH stackrc | grep -v -- '-master'` +REFS=`grep BRANCH stackrc | grep -v -- '-master' | grep -v -- '-stable/ocata'` rc=$? if [[ $rc -eq 0 ]]; then echo "Branch defaults must be master. Found:" diff --git a/tools/install_pip.sh b/tools/install_pip.sh index a5ccb19399..dbe52782a4 100755 --- a/tools/install_pip.sh +++ b/tools/install_pip.sh @@ -144,6 +144,9 @@ if [[ -n $PYPI_ALTERNATIVE_URL ]]; then fi set -x -pip_install -U setuptools + +# Note setuptools is part of requirements.txt and we want to make sure +# we obey any versioning as described there. +pip_install_gr setuptools get_versions