From 572815e7dc698faf48ed56711288042fa5598ad7 Mon Sep 17 00:00:00 2001 From: Doug Hellmann Date: Wed, 8 Feb 2017 08:13:32 -0500 Subject: [PATCH 01/16] Update .gitreview for stable/ocata Change-Id: I7dbf2c62bdbb8d372aea5d2bfd0d9b5f55e8cbf6 --- .gitreview | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitreview b/.gitreview index 570d31a987..ec70141113 100644 --- a/.gitreview +++ b/.gitreview @@ -2,3 +2,4 @@ host=review.openstack.org port=29418 project=openstack-dev/devstack.git +defaultbranch=stable/ocata From 58de94f277687063b0a0d30bcbd2828c2cc4b154 Mon Sep 17 00:00:00 2001 From: Matthew Treinish Date: Wed, 8 Feb 2017 10:15:51 -0500 Subject: [PATCH 02/16] Set max microversions for ocata This commit sets the max microversions on the ocata branch so that tempest doesn't try to run tests that require a newer api version. Change-Id: Id033dde91b6a7aa09aca2332fe815fd72be90438 --- lib/tempest | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/tempest b/lib/tempest index 2efaebc694..596bd1e5ff 100644 --- a/lib/tempest +++ b/lib/tempest @@ -335,7 +335,7 @@ function configure_tempest { # NOTE- To avoid microversion tests failure on stable branch, we need to change "tempest_compute_max_microversion" # for stable branch on each release which should be changed from "latest" to max supported version of that release. local tempest_compute_min_microversion=${TEMPEST_COMPUTE_MIN_MICROVERSION:-None} - local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"latest"} + local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"2.42"} # Reset microversions to None where v2.0 is running which does not support microversion. # Both "None" means no microversion testing. if [[ "$TEMPEST_COMPUTE_TYPE" == "compute_legacy" ]]; then @@ -448,7 +448,7 @@ function configure_tempest { # TODO(ameade): Remove the api_v3 flag when Mitaka and Liberty are end of life. iniset $TEMPEST_CONFIG volume-feature-enabled api_v3 True local tempest_volume_min_microversion=${TEMPEST_VOLUME_MIN_MICROVERSION:-None} - local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"latest"} + local tempest_volume_max_microversion=${TEMPEST_VOLUME_MAX_MICROVERSION:-"3.27"} if [ "$tempest_volume_min_microversion" == "None" ]; then inicomment $TEMPEST_CONFIG volume min_microversion else From cead7a1ba9a8d33b49e8dfae99a5d853741bcacc Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Thu, 9 Feb 2017 17:56:40 -0500 Subject: [PATCH 03/16] only apply ebtables race fix on trusty Change-Id: Ifc83e7301d9d921ce9ceed349f116584ce03842b --- lib/nova_plugins/functions-libvirt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index 5e7695a2b2..47b054bc58 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -26,7 +26,7 @@ function install_libvirt { install_package qemu-system install_package libvirt-bin libvirt-dev pip_install_gr libvirt-python - if [[ "$EBTABLES_RACE_FIX" == "True" ]]; then + if [[ ${DISTRO} == "trusty" && ${EBTABLES_RACE_FIX} == "True" ]]; then # Work around for bug #1501558. We can remove this once we # get to a version of Ubuntu that has new enough libvirt. TOP_DIR=$TOP_DIR $TOP_DIR/tools/install_ebtables_workaround.sh From c1921f75b19ec56fcf9ba7d743683b9f20d0b133 Mon Sep 17 00:00:00 2001 From: Matthew Treinish Date: Tue, 14 Feb 2017 12:10:34 -0500 Subject: [PATCH 04/16] Update branch references for stable/ocata Change-Id: Id7400d5222a7608b992d6e0f629204265fe458c6 --- stackrc | 18 +++++++++--------- tests/test_refs.sh | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/stackrc b/stackrc index d8d0ee4b3e..3929711b5c 100644 --- a/stackrc +++ b/stackrc @@ -225,35 +225,35 @@ REQUIREMENTS_DIR=$DEST/requirements # block storage service CINDER_REPO=${CINDER_REPO:-${GIT_BASE}/openstack/cinder.git} -CINDER_BRANCH=${CINDER_BRANCH:-master} +CINDER_BRANCH=${CINDER_BRANCH:-stable/ocata} # image catalog service GLANCE_REPO=${GLANCE_REPO:-${GIT_BASE}/openstack/glance.git} -GLANCE_BRANCH=${GLANCE_BRANCH:-master} +GLANCE_BRANCH=${GLANCE_BRANCH:-stable/ocata} # django powered web control panel for openstack HORIZON_REPO=${HORIZON_REPO:-${GIT_BASE}/openstack/horizon.git} -HORIZON_BRANCH=${HORIZON_BRANCH:-master} +HORIZON_BRANCH=${HORIZON_BRANCH:-stable/ocata} # unified auth system (manages accounts/tokens) KEYSTONE_REPO=${KEYSTONE_REPO:-${GIT_BASE}/openstack/keystone.git} -KEYSTONE_BRANCH=${KEYSTONE_BRANCH:-master} +KEYSTONE_BRANCH=${KEYSTONE_BRANCH:-stable/ocata} # neutron service NEUTRON_REPO=${NEUTRON_REPO:-${GIT_BASE}/openstack/neutron.git} -NEUTRON_BRANCH=${NEUTRON_BRANCH:-master} +NEUTRON_BRANCH=${NEUTRON_BRANCH:-stable/ocata} # neutron fwaas service NEUTRON_FWAAS_REPO=${NEUTRON_FWAAS_REPO:-${GIT_BASE}/openstack/neutron-fwaas.git} -NEUTRON_FWAAS_BRANCH=${NEUTRON_FWAAS_BRANCH:-master} +NEUTRON_FWAAS_BRANCH=${NEUTRON_FWAAS_BRANCH:-stable/ocata} # compute service NOVA_REPO=${NOVA_REPO:-${GIT_BASE}/openstack/nova.git} -NOVA_BRANCH=${NOVA_BRANCH:-master} +NOVA_BRANCH=${NOVA_BRANCH:-stable/ocata} # object storage service SWIFT_REPO=${SWIFT_REPO:-${GIT_BASE}/openstack/swift.git} -SWIFT_BRANCH=${SWIFT_BRANCH:-master} +SWIFT_BRANCH=${SWIFT_BRANCH:-stable/ocata} ############## # @@ -263,7 +263,7 @@ SWIFT_BRANCH=${SWIFT_BRANCH:-master} # consolidated openstack requirements REQUIREMENTS_REPO=${REQUIREMENTS_REPO:-${GIT_BASE}/openstack/requirements.git} -REQUIREMENTS_BRANCH=${REQUIREMENTS_BRANCH:-master} +REQUIREMENTS_BRANCH=${REQUIREMENTS_BRANCH:-stable/ocata} # Tempest test suite TEMPEST_REPO=${TEMPEST_REPO:-${GIT_BASE}/openstack/tempest.git} diff --git a/tests/test_refs.sh b/tests/test_refs.sh index bccca5dff7..7efe64c5a6 100755 --- a/tests/test_refs.sh +++ b/tests/test_refs.sh @@ -15,7 +15,7 @@ echo "Ensuring we don't have crazy refs" -REFS=`grep BRANCH stackrc | grep -v -- '-master'` +REFS=`grep BRANCH stackrc | grep -v -- '-master' | grep -v -- '-stable/ocata'` rc=$? if [[ $rc -eq 0 ]]; then echo "Branch defaults must be master. Found:" From 00edb2f3808afe7a6f00eef4909ee262c18af8b2 Mon Sep 17 00:00:00 2001 From: Jordan Pittier Date: Tue, 14 Feb 2017 16:48:20 +0100 Subject: [PATCH 05/16] TLS proxy: disable HTTP KeepAlive There's a race condition when a client makes a request "at the same time" the HTTP connection is being closed by Apache because the `KeepAliveTimeout` is expired. This is explained in detail and can be reproduce using https://github.com/mikem23/keepalive-race or https://github.com/JordanP/openstack-snippets/blob/master/keepalive-race/keep-alive-race.py Just disable KeepAlive to fix the ('Connection aborted.', BadStatusLine("''",)) error we are seeing. Change-Id: I46e9f70ee740ec7996c98d386d5289c1491e9436 (cherry picked from commit 437092518172770c549dabafaf9f81e3766719ce) --- lib/tls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/tls b/lib/tls index 57b5e525ac..f9ef554a6c 100644 --- a/lib/tls +++ b/lib/tls @@ -519,6 +519,10 @@ $listen_string SSLEngine On SSLCertificateFile $DEVSTACK_CERT + # Disable KeepAlive to fix bug #1630664 a.k.a the + # ('Connection aborted.', BadStatusLine("''",)) error + KeepAlive Off + ProxyPass http://$b_host:$b_port/ retry=5 nocanon ProxyPassReverse http://$b_host:$b_port/ From f61ca5fd61228241b168678a7a53462c158073d6 Mon Sep 17 00:00:00 2001 From: Matthew Treinish Date: Wed, 6 Jul 2016 13:44:55 -0400 Subject: [PATCH 06/16] Switch devstack to use qcow cirros img This commit switches devstack to use the published qcow2 cirros image instead of the AMI version. Using AMI was mostly a historical artifact dating pretty far back, but in the real world no one really uses AMI images with openstack clouds. This change reflects that and also enables tempest ro remove its deprecated config options for using AMI as a fallback on misconfiguration (which was just there to support devstack's defaults) Change-Id: Id65ebae73b28da7185cb349b714b659af51ef77f (cherry picked from commit 6fc332d85279865c32f50b081efb25ba7b671a9a) --- lib/tempest | 7 ++----- stackrc | 12 ++++++------ 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/lib/tempest b/lib/tempest index 596bd1e5ff..c61f5b3a33 100644 --- a/lib/tempest +++ b/lib/tempest @@ -416,14 +416,11 @@ function configure_tempest { iniset $TEMPEST_CONFIG scenario img_disk_format vhd iniset $TEMPEST_CONFIG scenario img_container_format ovf else - SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES/images/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec} - SCENARIO_IMAGE_FILE="cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" + SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES} + SCENARIO_IMAGE_FILE=$DEFAULT_IMAGE_NAME fi iniset $TEMPEST_CONFIG scenario img_dir $SCENARIO_IMAGE_DIR iniset $TEMPEST_CONFIG scenario img_file $SCENARIO_IMAGE_FILE - iniset $TEMPEST_CONFIG scenario ami_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-blank.img" - iniset $TEMPEST_CONFIG scenario ari_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-initrd" - iniset $TEMPEST_CONFIG scenario aki_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-vmlinuz" # If using provider networking, use the physical network for validation rather than private TEMPEST_SSH_NETWORK_NAME=$PRIVATE_NETWORK_NAME diff --git a/stackrc b/stackrc index 3929711b5c..36b6778904 100644 --- a/stackrc +++ b/stackrc @@ -634,9 +634,9 @@ if [[ "$DOWNLOAD_DEFAULT_IMAGES" == "True" ]]; then lxc) # the cirros root disk in the uec tarball is empty, so it will not work for lxc DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs} IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz";; - *) # otherwise, use the uec style image (with kernel, ramdisk, disk) - DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec} - IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz";; + *) # otherwise, use the qcow image + DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img} + IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img";; esac ;; vsphere) @@ -650,9 +650,9 @@ if [[ "$DOWNLOAD_DEFAULT_IMAGES" == "True" ]]; then # NOTE(lucasagomes): The logic setting the default image # now lives in the Ironic tree ;; - *) # Default to Cirros with kernel, ramdisk and disk image - DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec} - IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz";; + *) # Default to Cirros qcow2 image file + DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img} + IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img";; esac DOWNLOAD_DEFAULT_IMAGES=False fi From 770f0432a94cdf59bd6e4e76474eb61d57d26688 Mon Sep 17 00:00:00 2001 From: Prashant Shetty Date: Thu, 23 Feb 2017 13:48:12 +0000 Subject: [PATCH 07/16] Enable placement section on controller in multinode setup Currently placement api section will be configured on controller only if service n-cpu is running. It breaks multi node setup. Closes-Bug: #1667219 Change-Id: I8b0f60f253859f704bb9831d7dac8f55df353ac7 (cherry picked from commit f58b37356323262d9ce22815a4cf4e129195c679) --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 7d440a7c20..9a0cec601f 100755 --- a/stack.sh +++ b/stack.sh @@ -872,7 +872,7 @@ fi # if placement-api or placement-client is active, and n-cpu on the # same box. if is_service_enabled placement placement-client; then - if is_service_enabled n-cpu; then + if is_service_enabled n-cpu || is_service_enabled n-sch; then configure_placement_nova_compute fi fi From d26bcdfa419ac8b9811ba01a260fb3604d6f4666 Mon Sep 17 00:00:00 2001 From: Luz Cazares Date: Mon, 27 Feb 2017 22:53:58 +0000 Subject: [PATCH 08/16] Fix api extension settings in tempest for Ocata On stable branches, we are supposed to hard code the extension list of what API extensions are available when we branch the project so that test cases against new features will be skipped. However, we didn't do this on Ocata release. Change-Id: I1a4d1ea8c8d34b8cd1020e76597db6c67f85f6ec --- lib/tempest | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/lib/tempest b/lib/tempest index 596bd1e5ff..b88e28607d 100644 --- a/lib/tempest +++ b/lib/tempest @@ -60,7 +60,7 @@ BUILD_TIMEOUT=${BUILD_TIMEOUT:-196} # This must be False on stable branches, as master tempest # deps do not match stable branch deps. Set this to True to # have tempest installed in DevStack by default. -INSTALL_TEMPEST=${INSTALL_TEMPEST:-"True"} +INSTALL_TEMPEST=${INSTALL_TEMPEST:-"False"} # This variable is passed directly to pip install inside the common tox venv # that is created @@ -588,7 +588,17 @@ function configure_tempest { DISABLE_NETWORK_API_EXTENSIONS+=", metering" fi - local network_api_extensions=${NETWORK_API_EXTENSIONS:-"all"} + DEFAULT_NET_EXT="address-scope,agent,allowed-address-pairs,auto-allocated-topology" + DEFAULT_NET_EXT+=",availability_zone,binding,default-subnetpools,dhcp_agent_scheduler" + DEFAULT_NET_EXT+=",dvr,ext-gw-mode,external-net,extra_dhcp_opt,extraroute,flavors" + DEFAULT_NET_EXT+=",l3-flavors,l3-ha,l3_agent_scheduler,multi-provider,net-mtu" + DEFAULT_NET_EXT+=",network-ip-availability,network_availability_zone,pagination" + DEFAULT_NET_EXT+=",port-security,project-id,provider,quotas,rbac-policies,router" + DEFAULT_NET_EXT+=",router_availability_zone,security-group,service-type,sorting" + DEFAULT_NET_EXT+=",standard-attr-description,standard-attr-revisions,standard-attr-timestamp" + DEFAULT_NET_EXT+=",subnet-service-types,subnet_allocation,tag,tag-ext" + + local network_api_extensions=${NETWORK_API_EXTENSIONS:-$DEFAULT_NET_EXT} if [[ ! -z "$DISABLE_NETWORK_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint network_api_extensions=${NETWORK_API_EXTENSIONS:-$(iniget $tmp_cfg_file network-feature-enabled api_extensions | tr -d " ")} @@ -597,7 +607,11 @@ function configure_tempest { fi iniset $TEMPEST_CONFIG network-feature-enabled api_extensions $network_api_extensions # Swift API Extensions - local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-"all"} + DEFAULT_SWIFT_OPT="account_quotas,bulk_delete,bulk_upload,container_quotas" + DEFAULT_SWIFT_OPT+=",container_sync,crossdomain,formpost,ratelimit,slo" + DEFAULT_SWIFT_OPT+=",staticweb,tempauth,tempurl,versioned_writes" + + local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$DEFAULT_SWIFT_OPT} if [[ ! -z "$DISABLE_OBJECT_STORAGE_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$(iniget $tmp_cfg_file object-storage-feature-enabled discoverable_apis | tr -d " ")} @@ -606,7 +620,18 @@ function configure_tempest { fi iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis $object_storage_api_extensions # Cinder API Extensions - local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"} + DEFAULT_VOL_EXT="OS-SCH-HNT,backups,capabilities,cgsnapshots,consistencygroups" + DEFAULT_VOL_EXT+=",encryption,os-admin-actions,os-availability-zone" + DEFAULT_VOL_EXT+=",os-extended-services,os-extended-snapshot-attributes" + DEFAULT_VOL_EXT+=",os-hosts,os-image-create,os-quota-class-sets,os-quota-sets" + DEFAULT_VOL_EXT+=",os-services,os-snapshot-actions,os-snapshot-manage" + DEFAULT_VOL_EXT+=",os-snapshot-unmanage,os-types-extra-specs,os-types-manage" + DEFAULT_VOL_EXT+=",os-used-limits,os-vol-host-attr,os-vol-image-meta" + DEFAULT_VOL_EXT+=",os-vol-mig-status-attr,os-vol-tenant-attr,os-volume-actions" + DEFAULT_VOL_EXT+=",os-volume-encryption-metadata,os-volume-manage" + DEFAULT_VOL_EXT+=",os-volume-transfer,os-volume-type-access" + DEFAULT_VOL_EXT+=",os-volume-unmanage,qos-specs,scheduler-stats" + local volume_api_extensions=${VOLUME_API_EXTENSIONS:-$DEFAULT_VOL_EXT} if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint volume_api_extensions=${VOLUME_API_EXTENSIONS:-$(iniget $tmp_cfg_file volume-feature-enabled api_extensions | tr -d " ")} From 9379c9572750a70e852ff7a2b6ed61c6cb1e3d7c Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Mon, 27 Feb 2017 11:19:40 +1100 Subject: [PATCH 09/16] Ensure we install setuptools from requirements Use pip_install_gr so we get the version pinned by requirements. The depends-on is an example of where we're trying to pin to workaround issues. Depends-On: I9c57c08a150571c5bb62235d502839394d53a4c1 Change-Id: I780cca681b12a3e9d228dbf2fd9fa6e8ab1a82e1 (cherry picked from commit 1e7f738f284b85ed95d514fb13fbc1afb6b31087) --- tools/install_pip.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/install_pip.sh b/tools/install_pip.sh index a5ccb19399..dbe52782a4 100755 --- a/tools/install_pip.sh +++ b/tools/install_pip.sh @@ -144,6 +144,9 @@ if [[ -n $PYPI_ALTERNATIVE_URL ]]; then fi set -x -pip_install -U setuptools + +# Note setuptools is part of requirements.txt and we want to make sure +# we obey any versioning as described there. +pip_install_gr setuptools get_versions From 28b034fc958f4c30b78d5cb578efcb139dce7db2 Mon Sep 17 00:00:00 2001 From: Denis Buliga Date: Mon, 6 Feb 2017 16:56:46 +0200 Subject: [PATCH 10/16] Skips enabling kernel bridge firewall in container Calling enable_kernel_bridge_firewall inside a container, devstack will crash because it tries to load a kernel module by calling 'sudo modprobe' on net.bridge. Change-Id: Id4718c065d5a8c507d49f38e19c2796a64221aa4 Closes-Bug: #1662194 (cherry picked from commit 0bf75a471ecce8c05718644e7e070b4d5a8657d6) --- functions | 10 ++++++++++ lib/neutron | 4 +++- lib/neutron_plugins/linuxbridge_agent | 4 +++- lib/neutron_plugins/ovs_base | 4 +++- lib/nova | 4 +++- 5 files changed, 22 insertions(+), 4 deletions(-) diff --git a/functions b/functions index 89ee3672d3..f262fbccc4 100644 --- a/functions +++ b/functions @@ -664,6 +664,16 @@ function set_mtu { } +# running_in_container - Returns true otherwise false +function running_in_container { + if grep -q lxc /proc/1/cgroup; then + return 0 + fi + + return 1 +} + + # enable_kernel_bridge_firewall - Enable kernel support for bridge firewalling function enable_kernel_bridge_firewall { # Load bridge module. This module provides access to firewall for bridged diff --git a/lib/neutron b/lib/neutron index 9b032b72e2..8c46a80c0b 100644 --- a/lib/neutron +++ b/lib/neutron @@ -188,7 +188,9 @@ function configure_neutron_new { iniset $NEUTRON_CORE_PLUGIN_CONF ovs local_ip $HOST_IP fi - enable_kernel_bridge_firewall + if ! running_in_container; then + enable_kernel_bridge_firewall + fi fi # DHCP Agent diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent index 0c8ccb8718..f031fc7c59 100644 --- a/lib/neutron_plugins/linuxbridge_agent +++ b/lib/neutron_plugins/linuxbridge_agent @@ -71,7 +71,9 @@ function neutron_plugin_configure_plugin_agent { fi if [[ "$Q_USE_SECGROUP" == "True" ]]; then iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver - enable_kernel_bridge_firewall + if ! running_in_container; then + enable_kernel_bridge_firewall + fi else iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver fi diff --git a/lib/neutron_plugins/ovs_base b/lib/neutron_plugins/ovs_base index 62a4d00bcd..733a5c13e2 100644 --- a/lib/neutron_plugins/ovs_base +++ b/lib/neutron_plugins/ovs_base @@ -88,7 +88,9 @@ function _neutron_ovs_base_configure_debug_command { function _neutron_ovs_base_configure_firewall_driver { if [[ "$Q_USE_SECGROUP" == "True" ]]; then iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver iptables_hybrid - enable_kernel_bridge_firewall + if ! running_in_container; then + enable_kernel_bridge_firewall + fi else iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver noop fi diff --git a/lib/nova b/lib/nova index 4d336f6271..d1c0d470a7 100644 --- a/lib/nova +++ b/lib/nova @@ -864,7 +864,9 @@ function start_nova_rest { run_process n-crt "$NOVA_BIN_DIR/nova-cert --config-file $api_cell_conf" if is_service_enabled n-net; then - enable_kernel_bridge_firewall + if ! running_in_container; then + enable_kernel_bridge_firewall + fi fi run_process n-net "$NOVA_BIN_DIR/nova-network --config-file $compute_cell_conf" From 14b3b96cfda213f4e36200a3b4d8818cbdfcc84c Mon Sep 17 00:00:00 2001 From: Matthew Treinish Date: Sun, 5 Mar 2017 14:24:27 +0000 Subject: [PATCH 11/16] Revert "Switch devstack to use qcow cirros img" This was not supposed to be merged yet, it breaks grenade. There needs to be a fix applied to master and then included in this backport. This reverts commit f61ca5fd61228241b168678a7a53462c158073d6. Change-Id: I6321039117dcff80bb87e43f0e49082071018936 --- lib/tempest | 7 +++++-- stackrc | 12 ++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/lib/tempest b/lib/tempest index c61f5b3a33..596bd1e5ff 100644 --- a/lib/tempest +++ b/lib/tempest @@ -416,11 +416,14 @@ function configure_tempest { iniset $TEMPEST_CONFIG scenario img_disk_format vhd iniset $TEMPEST_CONFIG scenario img_container_format ovf else - SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES} - SCENARIO_IMAGE_FILE=$DEFAULT_IMAGE_NAME + SCENARIO_IMAGE_DIR=${SCENARIO_IMAGE_DIR:-$FILES/images/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec} + SCENARIO_IMAGE_FILE="cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" fi iniset $TEMPEST_CONFIG scenario img_dir $SCENARIO_IMAGE_DIR iniset $TEMPEST_CONFIG scenario img_file $SCENARIO_IMAGE_FILE + iniset $TEMPEST_CONFIG scenario ami_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-blank.img" + iniset $TEMPEST_CONFIG scenario ari_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-initrd" + iniset $TEMPEST_CONFIG scenario aki_img_file "cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-vmlinuz" # If using provider networking, use the physical network for validation rather than private TEMPEST_SSH_NETWORK_NAME=$PRIVATE_NETWORK_NAME diff --git a/stackrc b/stackrc index 36b6778904..3929711b5c 100644 --- a/stackrc +++ b/stackrc @@ -634,9 +634,9 @@ if [[ "$DOWNLOAD_DEFAULT_IMAGES" == "True" ]]; then lxc) # the cirros root disk in the uec tarball is empty, so it will not work for lxc DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs} IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz";; - *) # otherwise, use the qcow image - DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img} - IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img";; + *) # otherwise, use the uec style image (with kernel, ramdisk, disk) + DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec} + IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz";; esac ;; vsphere) @@ -650,9 +650,9 @@ if [[ "$DOWNLOAD_DEFAULT_IMAGES" == "True" ]]; then # NOTE(lucasagomes): The logic setting the default image # now lives in the Ironic tree ;; - *) # Default to Cirros qcow2 image file - DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img} - IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img";; + *) # Default to Cirros with kernel, ramdisk and disk image + DEFAULT_IMAGE_NAME=${DEFAULT_IMAGE_NAME:-cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec} + IMAGE_URLS+="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-uec.tar.gz";; esac DOWNLOAD_DEFAULT_IMAGES=False fi From 49f5b9f5ecf8df16ad8bd906d169ca682ee9e547 Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Mon, 6 Mar 2017 14:07:23 -0500 Subject: [PATCH 12/16] Make declared variables global When variables use the 'declare' directive, it is by default a local variable. While other variables have global scope. For example: declare -A AN_ARRAY # local in scope foo=1 # global in scope This causes errors to occur as some of the variables will be local only and others will be global. Update the code, as appropriate, so that variables using the 'declare' directive also include the '-g' flag to have them also be global. Not every instance of a declared variable has been updated. Closes-Bug: #1669509 Co-Authored-By: John L. Villalovos Change-Id: I2180b68fe861ad19c6d4ec0df0f9f8a528347862 (cherry picked from commit afef8bf097356d7bb37c57d0daa44653c7905c17) --- functions | 2 +- functions-common | 18 +++++++++--------- inc/python | 2 +- lib/neutron | 2 +- lib/neutron-legacy | 4 ++-- stackrc | 2 +- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/functions b/functions index f262fbccc4..1aa7517a8a 100644 --- a/functions +++ b/functions @@ -12,7 +12,7 @@ # ensure we don't re-source this in the same environment [[ -z "$_DEVSTACK_FUNCTIONS" ]] || return 0 -declare -r _DEVSTACK_FUNCTIONS=1 +declare -r -g _DEVSTACK_FUNCTIONS=1 # Include the common functions FUNC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd) diff --git a/functions-common b/functions-common index 8d32bb4148..6a30ba3eb0 100644 --- a/functions-common +++ b/functions-common @@ -37,12 +37,12 @@ set +o xtrace # ensure we don't re-source this in the same environment [[ -z "$_DEVSTACK_FUNCTIONS_COMMON" ]] || return 0 -declare -r _DEVSTACK_FUNCTIONS_COMMON=1 +declare -r -g _DEVSTACK_FUNCTIONS_COMMON=1 # Global Config Variables -declare -A GITREPO -declare -A GITBRANCH -declare -A GITDIR +declare -A -g GITREPO +declare -A -g GITBRANCH +declare -A -g GITDIR TRACK_DEPENDS=${TRACK_DEPENDS:-False} @@ -306,7 +306,7 @@ function warn { # ``os_PACKAGE`` - package type: ``deb`` or ``rpm`` # ``os_CODENAME`` - vendor's codename for release: ``trusty`` -declare os_VENDOR os_RELEASE os_PACKAGE os_CODENAME +declare -g os_VENDOR os_RELEASE os_PACKAGE os_CODENAME # Make a *best effort* attempt to install lsb_release packages for the # user if not available. Note can't use generic install_package* @@ -361,7 +361,7 @@ function GetOSVersion { # Translate the OS version values into common nomenclature # Sets global ``DISTRO`` from the ``os_*`` values -declare DISTRO +declare -g DISTRO function GetDistro { GetOSVersion @@ -2372,9 +2372,9 @@ function sudo_with_proxies { # Resolution is only in whole seconds, so should be used for long # running activities. -declare -A _TIME_TOTAL -declare -A _TIME_START -declare -r _TIME_BEGIN=$(date +%s) +declare -A -g _TIME_TOTAL +declare -A -g _TIME_START +declare -r -g _TIME_BEGIN=$(date +%s) # time_start $name # diff --git a/inc/python b/inc/python index 5afc07f636..d0e45df489 100644 --- a/inc/python +++ b/inc/python @@ -19,7 +19,7 @@ set +o xtrace # PROJECT_VENV contains the name of the virtual environment for each # project. A null value installs to the system Python directories. -declare -A PROJECT_VENV +declare -A -g PROJECT_VENV # Python Functions diff --git a/lib/neutron b/lib/neutron index 8c46a80c0b..dc26441d10 100644 --- a/lib/neutron +++ b/lib/neutron @@ -74,7 +74,7 @@ NEUTRON_ROOTWRAP_DAEMON_CMD="sudo $NEUTRON_ROOTWRAP-daemon $NEUTRON_ROOTWRAP_CON NEUTRON_CONFIG_ARG=${NEUTRON_CONFIG_ARG:-""} # Additional neutron api config files -declare -a _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS +declare -a -g _NEUTRON_SERVER_EXTRA_CONF_FILES_ABS # Functions # --------- diff --git a/lib/neutron-legacy b/lib/neutron-legacy index af91470e65..7a1f38ed2f 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -141,10 +141,10 @@ _Q_PLUGIN_EXTRA_CONF_PATH=/etc/neutron # These config files are relative to ``/etc/neutron``. The above # example would specify ``--config-file /etc/neutron/file1`` for # neutron server. -declare -a Q_PLUGIN_EXTRA_CONF_FILES +declare -a -g Q_PLUGIN_EXTRA_CONF_FILES # same as Q_PLUGIN_EXTRA_CONF_FILES, but with absolute path. -declare -a _Q_PLUGIN_EXTRA_CONF_FILES_ABS +declare -a -g _Q_PLUGIN_EXTRA_CONF_FILES_ABS Q_RR_CONF_FILE=$NEUTRON_CONF_DIR/rootwrap.conf diff --git a/stackrc b/stackrc index 3929711b5c..d7727517e0 100644 --- a/stackrc +++ b/stackrc @@ -5,7 +5,7 @@ # ensure we don't re-source this in the same environment [[ -z "$_DEVSTACK_STACKRC" ]] || return 0 -declare -r _DEVSTACK_STACKRC=1 +declare -r -g _DEVSTACK_STACKRC=1 # Find the other rc files RC_DIR=$(cd $(dirname "${BASH_SOURCE:-$0}") && pwd) From eec5c1a5a9ae4acc0c25a639011883d026c8a521 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Mon, 27 Feb 2017 15:11:11 +1100 Subject: [PATCH 13/16] Use qemu-kvm-ev package on centos For the latest qemu-kvm, you have to use the qemu-kvm-ev package, which is based off the qemu-kvm-rhev package, which is explained in [1] but you probably can't read it. The gist is, that qemu-kvm-rhev is a later build of kvm that is incompatible with the base version provided. qemu-kvm-rhev is only provided with the RHV (ovirt) and RHOS (openstack) products. CentOS rebuilds this package as qemu-kvm-ev as part of it's virtualisation SIG. I9a972e3fde2e4e552f6fc98350820c07873c3de3 has bumped up the minimum qemu version to 2.1.0. It seems there is a an issue (bug #1668164) where having the qemu-system package installed gets picked up if installed, and reports the incorrect version to nova, causing failure. This removes the installs from files/rpms/nova as it is all being done in function-libvirt. We only install the qemu-kvm-ev package on centos and remove the old work-around. [1] https://access.redhat.com/solutions/629513 [2] https://wiki.centos.org/SpecialInterestGroup/Virtualization Change-Id: Ide91b261f35fb19d8bd7155ca016fa3b76a45ea1 (cherry picked from commit 52bb64105fd559ee69a8ec1c0733e1f7448401a5) --- files/rpms/nova | 5 ----- lib/nova_plugins/functions-libvirt | 21 +++++++++++++-------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/files/rpms/nova b/files/rpms/nova index 45f1c94f1f..a368c552aa 100644 --- a/files/rpms/nova +++ b/files/rpms/nova @@ -9,10 +9,6 @@ iptables iputils kernel-modules # dist:f23,f24,f25 kpartx -kvm # NOPRIME -libvirt-bin # NOPRIME -libvirt-devel # NOPRIME -libvirt-python # NOPRIME libxml2-python m2crypto mysql-devel @@ -21,7 +17,6 @@ mysql-server # NOPRIME numpy # needed by websockify for spice console parted polkit -qemu-kvm # NOPRIME rabbitmq-server # NOPRIME sqlite sudo diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index 47b054bc58..d225ef84fb 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -34,18 +34,23 @@ function install_libvirt { #pip_install_gr elif is_fedora || is_suse; then # On "KVM for IBM z Systems", kvm does not have its own package - if [[ ! ${DISTRO} =~ "kvmibm1" ]]; then + if [[ ! ${DISTRO} =~ "kvmibm1" && ! ${DISTRO} =~ "rhel7" ]]; then install_package kvm fi - # there is a dependency issue with kvm (which is really just a - # wrapper to qemu-system-x86) that leaves some bios files out, - # so install qemu-kvm (which shouldn't strictly be needed, as - # everything has been merged into qemu-system-x86) to bring in - # the right packages. see - # https://bugzilla.redhat.com/show_bug.cgi?id=1235890 - install_package qemu-kvm + + if [[ ${DISTRO} =~ "rhel7" ]]; then + # On centos7 install the qemu-kvm-ev package, which is a + # later version of qemu-kvm rebuilt from the qemu-kvm-rhev + # package by the virt SIG (as required by nova). This + # package is only provided for RHOS (openstack) or RHV + # (ovirt) in RHEL. We have already insalled the RDO + # repositories which provide this. + install_package qemu-kvm-ev + fi + install_package libvirt libvirt-devel pip_install_gr libvirt-python + fi } From 53bc172448d1c2ae1358c5a759fd3574bbd7663d Mon Sep 17 00:00:00 2001 From: Evgeny Antyshev Date: Thu, 2 Mar 2017 11:14:25 +0000 Subject: [PATCH 14/16] Fix install_libvirt for other RHEL-based distros Since https://review.openstack.org/#/c/438325 landed it only works for Centos 7, but not for other RHEL-based distributions: Virtuozzo and, probably, RHEV. Both of above have own version for qemu-kvm package: qemu-kvm-vz and qemu-kvm-rhev, accordingly. These packages provide "qemu-kvm", like qemu-kvm-ev, and, when you call "yum install qemu-kvm", they replace the default OS package. Change-Id: I46da627c0da8925064862fdc283db81591979285 (cherry picked from 008aa3e095904130e191f5867ec47d4cf53353da) --- lib/nova_plugins/functions-libvirt | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index d225ef84fb..56bb6bda1c 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -39,13 +39,11 @@ function install_libvirt { fi if [[ ${DISTRO} =~ "rhel7" ]]; then - # On centos7 install the qemu-kvm-ev package, which is a - # later version of qemu-kvm rebuilt from the qemu-kvm-rhev - # package by the virt SIG (as required by nova). This - # package is only provided for RHOS (openstack) or RHV - # (ovirt) in RHEL. We have already insalled the RDO - # repositories which provide this. - install_package qemu-kvm-ev + # This should install the latest qemu-kvm build, + # which is called qemu-kvm-ev in centos7 + # (as the default OS qemu-kvm package is usually rather old, + # and should be updated by above) + install_package qemu-kvm fi install_package libvirt libvirt-devel From 2c45d94e46639315e929c9a71b3b8f3527c13aba Mon Sep 17 00:00:00 2001 From: "John L. Villalovos" Date: Mon, 13 Mar 2017 13:47:34 -0700 Subject: [PATCH 15/16] Use string comparison to compare UUID values Was using the '-ne' integer comparison operator to compare UUID values. This caused error messages like: /opt/stack/new/devstack/lib/tempest: line 226: [[: dfae26ac-1780-4677-902d: value too great for base (error token is "902d") Change it to use '!=' string comparison operator Change-Id: Ib7c9197dd0fe58addf33b4f82beea6de64f6b10b (cherry picked from commit 3345a6d316bd50f005d22bfd231a4f9c0a5b7d62) --- lib/tempest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tempest b/lib/tempest index b88e28607d..38f724c8de 100644 --- a/lib/tempest +++ b/lib/tempest @@ -227,7 +227,7 @@ function configure_tempest { # Ensure ``flavor_ref`` and ``flavor_ref_alt`` have different values. # Some resize instance in tempest tests depends on this. for f in ${flavors[@]:1}; do - if [[ $f -ne $flavor_ref ]]; then + if [[ "$f" != "$flavor_ref" ]]; then flavor_ref_alt=$f break fi From 784411292a5063ec57e1a285fe16340d5b114f2c Mon Sep 17 00:00:00 2001 From: beenum22 Date: Sat, 4 Feb 2017 15:51:11 +0500 Subject: [PATCH 16/16] Replaced cirros_arch from x86_64 to arm --- stackrc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/stackrc b/stackrc index d7727517e0..c816447132 100644 --- a/stackrc +++ b/stackrc @@ -607,7 +607,7 @@ esac # glance as a disk image. If it ends in .gz, it is uncompressed first. # example: # http://cloud-images.ubuntu.com/releases/precise/release/ubuntu-12.04-server-cloudimg-armel-disk1.img -# http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-rootfs.img.gz +# http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${H}-rootfs.img.gz # * OpenVZ image: # OpenVZ uses its own format of image, and does not support UEC style images @@ -615,7 +615,7 @@ esac #IMAGE_URLS="http://download.cirros-cloud.net/${CIRROS_VERSION}/cirros-${CIRROS_VERSION}-${CIRROS_ARCH}-disk.img" # cirros full disk image CIRROS_VERSION=${CIRROS_VERSION:-"0.3.4"} -CIRROS_ARCH=${CIRROS_ARCH:-"x86_64"} +CIRROS_ARCH=${CIRROS_ARCH:-"arm"} # Set default image based on ``VIRT_DRIVER`` and ``LIBVIRT_TYPE``, either of # which may be set in ``local.conf``. Also allow ``DEFAULT_IMAGE_NAME`` and