From ff70dad892a89cc4cb09aebfcf72e2de5ab7d556 Mon Sep 17 00:00:00 2001 From: Jens Rosenboom Date: Wed, 1 Jul 2015 15:22:53 +0200 Subject: [PATCH 0001/2309] Make image_list.sh independent of host IP address We do not need the HOST_IP to be detected in order to be able to list our images. So just set that to some dummy value before sourcing functions. This will allow tools like disk-image-builder to work regardless of whether get_default_host_ip succeeds or not. Change-Id: I9c22d2066e34309e70e56076e3d17c5db6ecee06 --- tools/image_list.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/image_list.sh b/tools/image_list.sh index a27635effd..27b3d4612d 100755 --- a/tools/image_list.sh +++ b/tools/image_list.sh @@ -3,6 +3,12 @@ # Keep track of the DevStack directory TOP_DIR=$(cd $(dirname "$0")/.. && pwd) +# The following "source" implicitly calls get_default_host_ip() in +# stackrc and will die if the selected default IP happens to lie +# in the default ranges for FIXED_RANGE or FLOATING_RANGE. Since we +# do not really need HOST_IP to be properly set in the remainder of +# this script, just set it to some dummy value and make stackrc happy. +HOST_IP=SKIP source $TOP_DIR/functions # Possible virt drivers, if we have more, add them here. Always keep From 59c6377ae51c024c28a6fba72de567bc97edda10 Mon Sep 17 00:00:00 2001 From: Roxana Gherle Date: Wed, 9 Sep 2015 18:22:31 -0700 Subject: [PATCH 0002/2309] Assign admin role for admin user on default domain This patch adds an admin role assignment for the admin user on the default domain as part of the Keystone configuration stage. Closes-Bug: #1494081 Change-Id: I91c88917bd51be4572e4970c94e65d866798df26 --- functions-common | 32 ++++++++++++++++++++++++++++++++ lib/keystone | 1 + 2 files changed, 33 insertions(+) diff --git a/functions-common b/functions-common index 446de5374f..c38a77243e 100644 --- a/functions-common +++ b/functions-common @@ -803,6 +803,38 @@ function get_or_add_user_project_role { echo $user_role_id } +# Gets or adds user role to domain +# Usage: get_or_add_user_domain_role +function get_or_add_user_domain_role { + local user_role_id + # Gets user role id + user_role_id=$(openstack role list \ + --user $2 \ + --os-url=$KEYSTONE_SERVICE_URI_V3 \ + --os-identity-api-version=3 \ + --column "ID" \ + --domain $3 \ + --column "Name" \ + | grep " $1 " | get_field 1) + if [[ -z "$user_role_id" ]]; then + # Adds role to user and get it + openstack role add $1 \ + --user $2 \ + --domain $3 \ + --os-url=$KEYSTONE_SERVICE_URI_V3 \ + --os-identity-api-version=3 + user_role_id=$(openstack role list \ + --user $2 \ + --os-url=$KEYSTONE_SERVICE_URI_V3 \ + --os-identity-api-version=3 \ + --column "ID" \ + --domain $3 \ + --column "Name" \ + | grep " $1 " | get_field 1) + fi + echo $user_role_id +} + # Gets or adds group role to project # Usage: get_or_add_group_project_role function get_or_add_group_project_role { diff --git a/lib/keystone b/lib/keystone index e2448c9068..b15abe1cb5 100644 --- a/lib/keystone +++ b/lib/keystone @@ -364,6 +364,7 @@ function create_keystone_accounts { local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default) local admin_role=$(get_or_create_role "admin") get_or_add_user_project_role $admin_role $admin_user $admin_tenant + get_or_add_user_domain_role $admin_role $admin_user default # Create service project/role get_or_create_project "$SERVICE_TENANT_NAME" default From 8872545a0f98c5681147a08541e119813f0bdc01 Mon Sep 17 00:00:00 2001 From: Kashyap Chamarthy Date: Mon, 14 Sep 2015 13:17:56 +0200 Subject: [PATCH 0003/2309] worlddump: Use SIGUSR2 instead of SIGUSR1 The function guru_meditation_report() currently uses the User-defined signal SIGUSR1 to kill a Nova Compute process so that a Guru Meditation Report is generated. Testing locally, in a DevStack instance, manually attempting to kill a Nova compute process [kill -s USR1 `pgrep nova-compute`] does not result in process being terminated, and no error report generated. It turns out[1] that SIGUSR1 is used by Apache 'mod_wsgi'. Using the signal SIGUSR2 resolves this issue (i.e. 'nova-compute' process is terminated, and the Guru Meditation Report is generated). So, use USR2, instead of USR1. Corresponding oslo.reports related commit[2]. [1] https://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIRestrictSignal [2] 45b1c02d113051d147e54ef921ce8e94135542d8 -- guru_meditation_report: Use SIGUSR2 instead of SIGUSR1 [3] Original DevStack commit that brought in this change -- 2ebe993b25462919e8aeeb896c9f91b6be7aa573 Change-Id: I8a7eaf71b83edca3c80074d6bf2d471e3db6142b --- tools/worlddump.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/worlddump.py b/tools/worlddump.py index 1b337a9a83..33d5b8f620 100755 --- a/tools/worlddump.py +++ b/tools/worlddump.py @@ -131,7 +131,7 @@ def guru_meditation_report(): print "Skipping as nova-compute does not appear to be running" return - _dump_cmd("kill -s USR1 `pgrep nova-compute`") + _dump_cmd("kill -s USR2 `pgrep nova-compute`") print "guru meditation report in nova-compute log" From bb4654b869722feb400d65869350465d8ff5439c Mon Sep 17 00:00:00 2001 From: Ihar Hrachyshka Date: Tue, 6 Oct 2015 18:09:07 +0200 Subject: [PATCH 0004/2309] Don't configure neutron metadata agent for neutron API access Metadata agent now talks to neutron-server thru AMQP, so there is no use for API access configuration. Change-Id: I8f81eea91fe3448d5098e77312f64f2eaba68a68 Depends-On: I254c575c66214f50fb93a94c46c4c9caebfc2937 Closes-Bug: #1502947 --- lib/neutron-legacy | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/lib/neutron-legacy b/lib/neutron-legacy index e67bd4ae32..8b964a72c8 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -1050,11 +1050,6 @@ function _configure_neutron_metadata_agent { if [[ "$Q_USE_ROOTWRAP_DAEMON" == "True" ]]; then iniset $Q_META_CONF_FILE AGENT root_helper_daemon "$Q_RR_DAEMON_COMMAND" fi - - # Configures keystone for metadata_agent - # The third argument "True" sets auth_url needed to communicate with keystone - _neutron_setup_keystone $Q_META_CONF_FILE DEFAULT True - } function _configure_neutron_ceilometer_notifications { @@ -1212,17 +1207,10 @@ function _neutron_setup_rootwrap { fi } -# Configures keystone integration for neutron service and agents +# Configures keystone integration for neutron service function _neutron_setup_keystone { local conf_file=$1 local section=$2 - local use_auth_url=$3 - - # Configures keystone for metadata_agent - # metadata_agent needs auth_url to communicate with keystone - if [[ "$use_auth_url" == "True" ]]; then - iniset $conf_file $section auth_url $KEYSTONE_SERVICE_URI/v2.0 - fi create_neutron_cache_dir configure_auth_token_middleware $conf_file $Q_ADMIN_USERNAME $NEUTRON_AUTH_CACHE_DIR $section From c49917250f2dc5243d652e59d8c70c1437975dea Mon Sep 17 00:00:00 2001 From: Marian Horban Date: Thu, 22 Oct 2015 04:21:34 -0400 Subject: [PATCH 0005/2309] Removed starting of nova-ec2-api service Since nova-ec2-api service was removed from nova it is not needed in devstack. Change-Id: I91d4be02a1a9c2ca4d18256d9a37a5c2559f53b7 Closes-Bug: #1530798 --- files/apache-nova-ec2-api.template | 25 ----------------- lib/nova | 44 ------------------------------ 2 files changed, 69 deletions(-) delete mode 100644 files/apache-nova-ec2-api.template diff --git a/files/apache-nova-ec2-api.template b/files/apache-nova-ec2-api.template deleted file mode 100644 index 7b1d68b106..0000000000 --- a/files/apache-nova-ec2-api.template +++ /dev/null @@ -1,25 +0,0 @@ -Listen %PUBLICPORT% - - - WSGIDaemonProcess nova-ec2-api processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV% - WSGIProcessGroup nova-ec2-api - WSGIScriptAlias / %PUBLICWSGI% - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%M" - - ErrorLog /var/log/%APACHE_NAME%/nova-ec2-api.log - %SSLENGINE% - %SSLCERTFILE% - %SSLKEYFILE% - - -Alias /ec2 %PUBLICWSGI% - - SetHandler wsgi-script - Options +ExecCGI - WSGIProcessGroup nova-ec2-api - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - diff --git a/lib/nova b/lib/nova index 6337f875ef..c75623f7d6 100644 --- a/lib/nova +++ b/lib/nova @@ -242,7 +242,6 @@ function cleanup_nova { function _cleanup_nova_apache_wsgi { sudo rm -f $NOVA_WSGI_DIR/* sudo rm -f $(apache_site_config_for nova-api) - sudo rm -f $(apache_site_config_for nova-ec2-api) sudo rm -f $(apache_site_config_for nova-metadata) } @@ -252,15 +251,12 @@ function _config_nova_apache_wsgi { local nova_apache_conf nova_apache_conf=$(apache_site_config_for nova-api) - local nova_ec2_apache_conf - nova_ec2_apache_conf=$(apache_site_config_for nova-ec2-api) local nova_metadata_apache_conf nova_metadata_apache_conf=$(apache_site_config_for nova-metadata) local nova_ssl="" local nova_certfile="" local nova_keyfile="" local nova_api_port=$NOVA_SERVICE_PORT - local nova_ec2_api_port=$EC2_SERVICE_PORT local nova_metadata_port=$METADATA_SERVICE_PORT local venv_path="" @@ -275,7 +271,6 @@ function _config_nova_apache_wsgi { # copy proxy vhost and wsgi helper files sudo cp $NOVA_DIR/nova/wsgi/nova-api.py $NOVA_WSGI_DIR/nova-api - sudo cp $NOVA_DIR/nova/wsgi/nova-ec2-api.py $NOVA_WSGI_DIR/nova-ec2-api sudo cp $NOVA_DIR/nova/wsgi/nova-metadata.py $NOVA_WSGI_DIR/nova-metadata sudo cp $FILES/apache-nova-api.template $nova_apache_conf @@ -291,19 +286,6 @@ function _config_nova_apache_wsgi { s|%APIWORKERS%|$API_WORKERS|g " -i $nova_apache_conf - sudo cp $FILES/apache-nova-ec2-api.template $nova_ec2_apache_conf - sudo sed -e " - s|%PUBLICPORT%|$nova_ec2_api_port|g; - s|%APACHE_NAME%|$APACHE_NAME|g; - s|%PUBLICWSGI%|$NOVA_WSGI_DIR/nova-ec2-api|g; - s|%SSLENGINE%|$nova_ssl|g; - s|%SSLCERTFILE%|$nova_certfile|g; - s|%SSLKEYFILE%|$nova_keyfile|g; - s|%USER%|$STACK_USER|g; - s|%VIRTUALENV%|$venv_path|g - s|%APIWORKERS%|$API_WORKERS|g - " -i $nova_ec2_apache_conf - sudo cp $FILES/apache-nova-metadata.template $nova_metadata_apache_conf sudo sed -e " s|%PUBLICPORT%|$nova_metadata_port|g; @@ -461,22 +443,6 @@ function create_nova_accounts { # swift through the s3 api. get_or_add_user_project_role ResellerAdmin nova $SERVICE_TENANT_NAME fi - - # EC2 - if [[ "$KEYSTONE_CATALOG_BACKEND" = "sql" ]]; then - local nova_ec2_api_url - if [[ "$NOVA_USE_MOD_WSGI" == "False" ]]; then - nova_ec2_api_url="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST:$EC2_SERVICE_PORT/" - else - nova_ec2_api_url="$EC2_SERVICE_PROTOCOL://$SERVICE_HOST/ec2" - fi - get_or_create_service "ec2" "ec2" "EC2 Compatibility Layer" - get_or_create_endpoint "ec2" \ - "$REGION_NAME" \ - "$nova_ec2_api_url" \ - "$nova_ec2_api_url" \ - "$nova_ec2_api_url" - fi fi # S3 @@ -522,7 +488,6 @@ function create_nova_conf { iniset $NOVA_CONF api_database connection `database_connection_url nova_api` iniset $NOVA_CONF DEFAULT instance_name_template "${INSTANCE_NAME_PREFIX}%08x" iniset $NOVA_CONF DEFAULT osapi_compute_listen "$NOVA_SERVICE_LISTEN_ADDRESS" - iniset $NOVA_CONF DEFAULT ec2_listen "$NOVA_SERVICE_LISTEN_ADDRESS" iniset $NOVA_CONF DEFAULT metadata_listen "$NOVA_SERVICE_LISTEN_ADDRESS" iniset $NOVA_CONF DEFAULT s3_listen "$NOVA_SERVICE_LISTEN_ADDRESS" @@ -629,12 +594,10 @@ function create_nova_conf { fi iniset $NOVA_CONF DEFAULT ec2_dmz_host "$EC2_DMZ_HOST" - iniset $NOVA_CONF DEFAULT keystone_ec2_url $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens iniset_rpc_backend nova $NOVA_CONF iniset $NOVA_CONF glance api_servers "${GLANCE_SERVICE_PROTOCOL}://${GLANCE_HOSTPORT}" iniset $NOVA_CONF DEFAULT osapi_compute_workers "$API_WORKERS" - iniset $NOVA_CONF DEFAULT ec2_workers "$API_WORKERS" iniset $NOVA_CONF DEFAULT metadata_workers "$API_WORKERS" # don't let the conductor get out of control now that we're using a pure python db driver iniset $NOVA_CONF conductor workers "$API_WORKERS" @@ -660,10 +623,6 @@ function create_nova_conf { iniset $NOVA_CONF DEFAULT enabled_ssl_apis "$NOVA_ENABLED_APIS" fi - if is_service_enabled tls-proxy; then - iniset $NOVA_CONF DEFAULT ec2_listen_port $EC2_SERVICE_PORT_INT - fi - if is_service_enabled n-sproxy; then iniset $NOVA_CONF serial_console serialproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS" iniset $NOVA_CONF serial_console enabled True @@ -817,11 +776,9 @@ function start_nova_api { enabled_site_file=$(apache_site_config_for nova-api) if [ -f ${enabled_site_file} ] && [ "$NOVA_USE_MOD_WSGI" == "True" ]; then enable_apache_site nova-api - enable_apache_site nova-ec2-api enable_apache_site nova-metadata restart_apache_server tail_log nova-api /var/log/$APACHE_NAME/nova-api.log - tail_log nova-ec2-api /var/log/$APACHE_NAME/nova-ec2-api.log tail_log nova-metadata /var/log/$APACHE_NAME/nova-metadata.log else run_process n-api "$NOVA_BIN_DIR/nova-api" @@ -937,7 +894,6 @@ function stop_nova_compute { function stop_nova_rest { if [ "$NOVA_USE_MOD_WSGI" == "True" ]; then disable_apache_site nova-api - disable_apache_site nova-ec2-api disable_apache_site nova-metadata restart_apache_server else From c00df207eed1d4dec808824d8e9dcd238e7d4e08 Mon Sep 17 00:00:00 2001 From: Sirushti Murugesan Date: Wed, 7 Oct 2015 15:06:51 +0530 Subject: [PATCH 0006/2309] Add a more accurate expression for obtaining (IPV6_)ROUTER_GW_IP neutron port-list returns a dictionary that's of random order in python 3. This expression sometimes returns a NULL value thus failing devstack. Add an expression that always returns a consistent ROUTER_GW_IP. Change-Id: Id23d9afda275051ca68bcba2dfd1b6e30f02c628 --- lib/neutron-legacy | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/neutron-legacy b/lib/neutron-legacy index c244e5470a..a74da2ccb7 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -1318,7 +1318,7 @@ function _neutron_configure_router_v4 { sudo ip addr add $ext_gw_ip/$cidr_len dev $ext_gw_interface sudo ip link set $ext_gw_interface up fi - ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F '"' -v subnet_id=$PUB_SUBNET_ID '$4 == subnet_id { print $8; }'` + ROUTER_GW_IP=`neutron port-list -c fixed_ips -c device_owner | grep router_gateway | awk -F'ip_address' '{ print $2 }' | cut -f3 -d\" | tr '\n' ' '` die_if_not_set $LINENO ROUTER_GW_IP "Failure retrieving ROUTER_GW_IP" sudo ip route replace $FIXED_RANGE via $ROUTER_GW_IP fi @@ -1349,7 +1349,7 @@ function _neutron_configure_router_v6 { sudo sysctl -w net.ipv6.conf.all.forwarding=1 # Configure and enable public bridge # Override global IPV6_ROUTER_GW_IP with the true value from neutron - IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F '"' -v subnet_id=$ipv6_pub_subnet_id '$4 == subnet_id { print $8; }'` + IPV6_ROUTER_GW_IP=`neutron port-list -c fixed_ips | grep $ipv6_pub_subnet_id | awk -F'ip_address' '{ print $2 }' | cut -f3 -d\" | tr '\n' ' '` die_if_not_set $LINENO IPV6_ROUTER_GW_IP "Failure retrieving IPV6_ROUTER_GW_IP" if is_neutron_ovs_base_plugin; then From 65a028bf1c3685e16fafbc7c44adaeeeb6e9cf58 Mon Sep 17 00:00:00 2001 From: "Chung Chih, Hung" Date: Fri, 13 Nov 2015 11:10:48 +0000 Subject: [PATCH 0007/2309] [ceph] Deploy ceph failed at controller node for multiple node Controller node wouldn't install libvirt package. The package will only been installed at nodes which had enable nova-compute. We only need to configure libvirt secret if it had enable nova-compute. Change-Id: I9cd6baf1820ce9f71c276d7e8b670307833578a5 Closes-Bug: 1515960 --- extras.d/60-ceph.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extras.d/60-ceph.sh b/extras.d/60-ceph.sh index 38b901b767..cc90128176 100644 --- a/extras.d/60-ceph.sh +++ b/extras.d/60-ceph.sh @@ -32,7 +32,7 @@ if is_service_enabled ceph; then echo_summary "Configuring Cinder for Ceph" configure_ceph_cinder fi - if is_service_enabled cinder || is_service_enabled nova; then + if is_service_enabled n-cpu; then # NOTE (leseb): the part below is a requirement to attach Ceph block devices echo_summary "Configuring libvirt secret" import_libvirt_secret_ceph From 95a9ff0587adece32817b4f432588b1ab76a5972 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 12 Nov 2015 14:49:20 +1100 Subject: [PATCH 0008/2309] Add option to skip EPEL & other repo installs Add an option to skip the EPEL & other repo installs for rhel7 based platforms. This option can serve two purposes; firstly as described in I834f20e9ceae151788cec3649385da1274d7ba46 during platform bringup, a publically available EPEL might not be available. This will allow you to pre-configure a hand-built repo, etc. so you can continue testing. The other thing is that in a CI system you might be frequently building images and pre-installing EPEL/RDO etc. In that case this is just extra work. Change-Id: I9809449f4a43fa9b547c6e3ca92722c7f6e66d6a --- stack.sh | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/stack.sh b/stack.sh index 9b811b7b67..e31cd604c5 100755 --- a/stack.sh +++ b/stack.sh @@ -263,9 +263,7 @@ fi # Some distros need to add repos beyond the defaults provided by the vendor # to pick up required packages. -if is_fedora && [[ $DISTRO == "rhel7" ]]; then - # RHEL requires EPEL for many Open Stack dependencies - +function _install_epel_and_rdo { # NOTE: We always remove and install latest -- some environments # use snapshot images, and if EPEL version updates they break # unless we update them to latest version. @@ -295,18 +293,27 @@ EOF sudo yum-config-manager --enable epel-bootstrap yum_install epel-release || \ die $LINENO "Error installing EPEL repo, cannot continue" - # EPEL rpm has installed it's version sudo rm -f /etc/yum.repos.d/epel-bootstrap.repo # ... and also optional to be enabled sudo yum-config-manager --enable rhel-7-server-optional-rpms + # install the lastest RDO sudo yum install -y https://rdoproject.org/repos/rdo-release.rpm if is_oraclelinux; then sudo yum-config-manager --enable ol7_optional_latest ol7_addons ol7_MySQL56 fi +} + +# If you have all the repos installed above already setup (e.g. a CI +# situation where they are on your image) you may choose to skip this +# to speed things up +SKIP_EPEL_INSTALL=$(trueorfalse False SKIP_EPEL_INSTALL) +if is_fedora && [[ $DISTRO == "rhel7" ]] && \ + [[ ${SKIP_EPEL_INSTALL} != True ]]; then + _install_epel_and_rdo fi From cdba7b0e533b07d9ea896ced5085c5ce98ee2aaa Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 26 May 2015 15:33:45 -0400 Subject: [PATCH 0009/2309] Specify HTTPS URLs to fix tls-proxy mode A number of new settings are required for glance, cinder and keystone to be installable when the tls-proxy service is enabled. For cinder a new public_endpoint option was added and this needs to be set to the secure port. Keystone needs the admin_endpoint and public_endpoints defined otherwise during discovery the default, non-secure versions, will be returned. The keystone authtoken identity_uri was set at its default value in the glance registry and API configuration files. Change-Id: Ibb944ad7eb000edc6bccfcded765d1976d4d46d0 Closes-Bug: #1460807 --- lib/cinder | 2 ++ lib/glance | 3 +++ lib/keystone | 3 +++ 3 files changed, 8 insertions(+) diff --git a/lib/cinder b/lib/cinder index 1307c11f7a..cc203ad414 100644 --- a/lib/cinder +++ b/lib/cinder @@ -309,6 +309,8 @@ function configure_cinder { if is_service_enabled tls-proxy; then # Set the service port for a proxy to take the original iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT + + iniset $CINDER_CONF DEFAULT public_endpoint $CINDER_SERVICE_PROTOCOL://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT fi if [ "$SYSLOG" != "False" ]; then diff --git a/lib/glance b/lib/glance index 2eb93a46e6..5712943bca 100644 --- a/lib/glance +++ b/lib/glance @@ -167,6 +167,9 @@ function configure_glance { iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT iniset $GLANCE_API_CONF DEFAULT public_endpoint $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT iniset $GLANCE_REGISTRY_CONF DEFAULT bind_port $GLANCE_REGISTRY_PORT_INT + + iniset $GLANCE_API_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI + iniset $GLANCE_REGISTRY_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI fi # Register SSL certificates if provided diff --git a/lib/keystone b/lib/keystone index 5a2afbfe02..c484795c7e 100644 --- a/lib/keystone +++ b/lib/keystone @@ -233,6 +233,9 @@ function configure_keystone { # Set the service ports for a proxy to take the originals iniset $KEYSTONE_CONF eventlet_server public_port $KEYSTONE_SERVICE_PORT_INT iniset $KEYSTONE_CONF eventlet_server admin_port $KEYSTONE_AUTH_PORT_INT + + iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI + iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI fi iniset $KEYSTONE_CONF DEFAULT admin_token "$SERVICE_TOKEN" From bd4048a3c50e3cd215785e187e9e40b78bd064ae Mon Sep 17 00:00:00 2001 From: Steve Baker Date: Wed, 18 Nov 2015 10:55:22 +1300 Subject: [PATCH 0010/2309] Never uninstall python-pip on fedora Python in f23 and f22 depends on the python-pip package so removing it results in a nonfunctional system. pip on fedora installs to /usr so pip can safely override the system pip for all versions of Fedora. Change-Id: I336c7ffdf00784ca8deba7d6612a08b96a0ad098 Closes-Bug: #1467569 --- tools/install_pip.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tools/install_pip.sh b/tools/install_pip.sh index ab5efb2e77..1728816890 100755 --- a/tools/install_pip.sh +++ b/tools/install_pip.sh @@ -111,8 +111,10 @@ get_versions # Eradicate any and all system packages -# python in f23 depends on the python-pip package -if ! { is_fedora && [[ $DISTRO == "f23" ]]; }; then +# Python in f23 and f22 depends on the python-pip package so removing it +# results in a nonfunctional system. pip on fedora installs to /usr so pip +# can safely override the system pip for all versions of fedora +if ! is_fedora ; then uninstall_package python-pip fi From 2ba36cda7940d630514a7864132837191d8c561f Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 12 Nov 2015 13:52:36 +1100 Subject: [PATCH 0011/2309] Add vercmp function The existing vercmp_numbers function only handles, as the name says, numbers. I noticed that "sort" has had a version sort for a long time [1] and, rather than re-implement it badly, use this as a version of vercmp that works a bit more naturally. This is intended to be used in an "if" statement as in prog_ver=$(prog_ver --version | grep ...) if vercmp $prog_ver "<" 2.0; then ... fi A test-case is added to test the basic features and some edge-cases. [1] http://git.savannah.gnu.org/gitweb/?p=coreutils.git;a=commitdiff;h=4c9fae4e97d95a9f89d1399a8aeb03051f0fec96 Change-Id: Ie55283acdc40a095b80b2631a55310072883ad0d --- functions | 46 +++++++++++++++++++++++++++++++++++++++++++ tests/test_vercmp.sh | 47 ++++++++++++++++++++++++++++++++++++++++++++ tests/unittest.sh | 45 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+) create mode 100755 tests/test_vercmp.sh diff --git a/functions b/functions index 34da1ba733..e5e3400ff8 100644 --- a/functions +++ b/functions @@ -527,12 +527,58 @@ function vercmp_numbers { typeset v1=$1 v2=$2 sep typeset -a ver1 ver2 + deprecated "vercmp_numbers is deprecated for more generic vercmp" + IFS=. read -ra ver1 <<< "$v1" IFS=. read -ra ver2 <<< "$v2" _vercmp_r "${#ver1[@]}" "${ver1[@]}" "${ver2[@]}" } +# vercmp ver1 op ver2 +# Compare VER1 to VER2 +# - op is one of < <= == >= > +# - returns true if satisified +# e.g. +# if vercmp 1.0 "<" 2.0; then +# ... +# fi +function vercmp { + local v1=$1 + local op=$2 + local v2=$3 + local result + + # sort the two numbers with sort's "-V" argument. Based on if v2 + # swapped places with v1, we can determine ordering. + result=$(echo -e "$v1\n$v2" | sort -V | head -1) + + case $op in + "==") + [ "$v1" = "$v2" ] + return + ;; + ">") + [ "$v1" != "$v2" ] && [ "$result" = "$v2" ] + return + ;; + "<") + [ "$v1" != "$v2" ] && [ "$result" = "$v1" ] + return + ;; + ">=") + [ "$result" = "$v2" ] + return + ;; + "<=") + [ "$result" = "$v1" ] + return + ;; + *) + die $LINENO "unrecognised op: $op" + ;; + esac +} # This function sets log formatting options for colorizing log # output to stdout. It is meant to be called by lib modules. diff --git a/tests/test_vercmp.sh b/tests/test_vercmp.sh new file mode 100755 index 0000000000..c88bf86d7e --- /dev/null +++ b/tests/test_vercmp.sh @@ -0,0 +1,47 @@ +#!/usr/bin/env bash + +# Tests for DevStack vercmp functionality + +TOP=$(cd $(dirname "$0")/.. && pwd) + +# Import common functions +source $TOP/functions +source $TOP/tests/unittest.sh + +assert_true "numeric gt" vercmp 2.0 ">" 1.0 +assert_true "numeric gte" vercmp 2.0 ">=" 1.0 +assert_true "numeric gt" vercmp 1.0.1 ">" 1.0 +assert_true "numeric gte" vercmp 1.0.1 ">=" 1.0 +assert_true "alpha gt" vercmp 1.0.1b ">" 1.0.1a +assert_true "alpha gte" vercmp 1.0.1b ">=" 1.0.1a +assert_true "alpha gt" vercmp b ">" a +assert_true "alpha gte" vercmp b ">=" a +assert_true "alpha gt" vercmp 2.0-rc3 ">" 2.0-rc1 +assert_true "alpha gte" vercmp 2.0-rc3 ">=" 2.0-rc1 + +assert_false "numeric gt fail" vercmp 1.0 ">" 1.0 +assert_true "numeric gte" vercmp 1.0 ">=" 1.0 +assert_false "numeric gt fail" vercmp 0.9 ">" 1.0 +assert_false "numeric gte fail" vercmp 0.9 ">=" 1.0 +assert_false "numeric gt fail" vercmp 0.9.9 ">" 1.0 +assert_false "numeric gte fail" vercmp 0.9.9 ">=" 1.0 +assert_false "numeric gt fail" vercmp 0.9a.9 ">" 1.0.1 +assert_false "numeric gte fail" vercmp 0.9a.9 ">=" 1.0.1 + +assert_false "numeric lt" vercmp 1.0 "<" 1.0 +assert_true "numeric lte" vercmp 1.0 "<=" 1.0 +assert_true "numeric lt" vercmp 1.0 "<" 1.0.1 +assert_true "numeric lte" vercmp 1.0 "<=" 1.0.1 +assert_true "alpha lt" vercmp 1.0.1a "<" 1.0.1b +assert_true "alpha lte" vercmp 1.0.1a "<=" 1.0.1b +assert_true "alpha lt" vercmp a "<" b +assert_true "alpha lte" vercmp a "<=" b +assert_true "alpha lt" vercmp 2.0-rc1 "<" 2.0-rc3 +assert_true "alpha lte" vercmp 2.0-rc1 "<=" 2.0-rc3 + +assert_true "eq" vercmp 1.0 "==" 1.0 +assert_true "eq" vercmp 1.0.1 "==" 1.0.1 +assert_false "eq fail" vercmp 1.0.1 "==" 1.0.2 +assert_false "eq fail" vercmp 2.0-rc1 "==" 2.0-rc2 + +report_results diff --git a/tests/unittest.sh b/tests/unittest.sh index 2570319fbf..6c697d7925 100644 --- a/tests/unittest.sh +++ b/tests/unittest.sh @@ -92,6 +92,51 @@ function assert_empty { fi } +# assert the arguments evaluate to true +# assert_true "message" arg1 arg2 +function assert_true { + local lineno + lineno=`caller 0 | awk '{print $1}'` + local function + function=`caller 0 | awk '{print $2}'` + local msg=$1 + shift + + $@ + if [ $? -eq 0 ]; then + PASS=$((PASS+1)) + echo "PASS: $function:L$lineno - $msg" + else + FAILED_FUNCS+="$function:L$lineno\n" + echo "ERROR: test failed in $function:L$lineno!" + echo " $msg" + ERROR=$((ERROR+1)) + fi +} + +# assert the arguments evaluate to false +# assert_false "message" arg1 arg2 +function assert_false { + local lineno + lineno=`caller 0 | awk '{print $1}'` + local function + function=`caller 0 | awk '{print $2}'` + local msg=$1 + shift + + $@ + if [ $? -eq 0 ]; then + FAILED_FUNCS+="$function:L$lineno\n" + echo "ERROR: test failed in $function:L$lineno!" + echo " $msg" + ERROR=$((ERROR+1)) + else + PASS=$((PASS+1)) + echo "PASS: $function:L$lineno - $msg" + fi +} + + # Print a summary of passing and failing tests and exit # (with an error if we have failed tests) # usage: report_results From 255a58fec613b1304c8396cd969c72043073be30 Mon Sep 17 00:00:00 2001 From: Komei Shimamura Date: Fri, 20 Nov 2015 18:36:05 +0900 Subject: [PATCH 0012/2309] Add existing devstack plugins to the devstack plugin list Change-Id: I336a4c652a78e778e39652f1f16ff69be10ab065 --- doc/source/plugin-registry.rst | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index 49b3a7fc02..429f31af2d 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -76,16 +76,30 @@ Alternate Configs Additional Services =================== -+----------------+--------------------------------------------------+------------+ -| Plugin Name | URL | Comments | -| | | | -+----------------+--------------------------------------------------+------------+ -|ec2-api |git://git.openstack.org/openstack/ec2-api |[as1]_ | -+----------------+--------------------------------------------------+------------+ -|ironic-inspector|git://git.openstack.org/openstack/ironic-inspector| | -+----------------+--------------------------------------------------+------------+ -| | | | -+----------------+--------------------------------------------------+------------+ ++-----------------+------------------------------------------------------------+------------+ +| Plugin Name | URL | Comments | +| | | | ++-----------------+------------------------------------------------------------+------------+ +|amqp1 |git://git.openstack.org/openstack/devstack-plugin-amqp1 | | ++-----------------+------------------------------------------------------------+------------+ +|bdd |git://git.openstack.org/openstack/devstack-plugin-bdd | | ++-----------------+------------------------------------------------------------+------------+ +|ec2-api |git://git.openstack.org/openstack/ec2-api |[as1]_ | ++-----------------+------------------------------------------------------------+------------+ +|glusterfs |git://git.openstack.org/openstack/devstack-plugin-glusterfs | | ++-----------------+------------------------------------------------------------+------------+ +|hdfs |git://git.openstack.org/openstack/devstack-plugin-hdfs | | ++-----------------+------------------------------------------------------------+------------+ +|ironic-inspector |git://git.openstack.org/openstack/ironic-inspector | | ++-----------------+------------------------------------------------------------+------------+ +|pika |git://git.openstack.org/openstack/devstack-plugin-pika | | ++-----------------+------------------------------------------------------------+------------+ +|sheepdog |git://git.openstack.org/openstack/devstack-plugin-sheepdog | | ++-----------------+------------------------------------------------------------+------------+ +|zmq |git://git.openstack.org/openstack/devstack-plugin-zmq | | ++-----------------+------------------------------------------------------------+------------+ +| | | | ++-----------------+------------------------------------------------------------+------------+ .. [as1] first functional devstack plugin, hence why used in most of the examples. From f95315b6ea56b3f2cb18caeac734dd15e6704b93 Mon Sep 17 00:00:00 2001 From: Shinobu KINJO Date: Sat, 7 Nov 2015 10:21:08 +0900 Subject: [PATCH 0013/2309] Ensure link is set to up, when moving IP addresses across interfaces. - To add, initialize and set up a valiable named IP_UP - To bring up interface after moving IP to OVS bridge Change-Id: I70f5974c115be6f7e7422a9a325f36cf3b71455a Closes-Bug: #1469596 --- lib/neutron-legacy | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/neutron-legacy b/lib/neutron-legacy index c244e5470a..ecff3e5774 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -798,6 +798,7 @@ function _move_neutron_addresses_route { local IP_ADD="" local IP_DEL="" + local IP_UP="" local DEFAULT_ROUTE_GW DEFAULT_ROUTE_GW=$(ip r | awk "/default.+$from_intf/ { print \$3; exit }") local ADD_OVS_PORT="" @@ -821,9 +822,10 @@ function _move_neutron_addresses_route { if [[ "$IP_BRD" != "" ]]; then IP_DEL="sudo ip addr del $IP_BRD dev $from_intf" IP_ADD="sudo ip addr add $IP_BRD dev $to_intf" + IP_UP="sudo ip link set $to_intf up" fi - $IP_DEL; $IP_ADD; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE + $IP_DEL; $IP_ADD; $IP_UP; $ADD_OVS_PORT; $ADD_DEFAULT_ROUTE fi } From 1afc28bf6c33c792eb9d2fd1992534e82af29291 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Fri, 27 Nov 2015 14:15:56 +1100 Subject: [PATCH 0014/2309] Turn off tracing when outputting errors When outputting these error strings, turn off the tracing so the user can actually read it. Also reword the "not root" user message so it fits into a standard terminal window length. Change-Id: I466c60865bc1128f4edd219f831a9c6cffa67829 Parital-Bug: #1517199 --- stack.sh | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/stack.sh b/stack.sh index 8625b5aaeb..083c488fc1 100755 --- a/stack.sh +++ b/stack.sh @@ -75,6 +75,7 @@ fi # Check if run in POSIX shell if [[ "${POSIXLY_CORRECT}" == "y" ]]; then + set +o xtrace echo "You are running POSIX compatibility mode, DevStack requires bash 4.2 or newer." exit 1 fi @@ -85,11 +86,11 @@ fi # action to create a suitable user account. if [[ $EUID -eq 0 ]]; then - echo "You are running this script as root." - echo "Cut it out." - echo "Really." - echo "If you need an account to run DevStack, do this (as root, heh) to create a non-root account:" - echo "$TOP_DIR/tools/create-stack-user.sh" + set +o xtrace + echo "DevStack should be run as a user with sudo permissions, " + echo "not root." + echo "A \"stack\" user configured correctly can be created with:" + echo " $TOP_DIR/tools/create-stack-user.sh" exit 1 fi @@ -98,6 +99,7 @@ fi # virtual env, and will fail in really odd ways if you do this. Make # this explicit as it has come up on the mailing list. if [[ -n "$VIRTUAL_ENV" ]]; then + set +o xtrace echo "You appear to be running under a python virtualenv." echo "DevStack does not support this, as we may break the" echo "virtualenv you are currently in by modifying " @@ -111,6 +113,7 @@ fi # on a lot of different environments, you sometimes run it on the # wrong box. This makes there be a way to prevent that. if [[ -e $HOME/.no-devstack ]]; then + set +o xtrace echo "You've marked this host as a no-devstack host, to save yourself from" echo "running devstack accidentally. If this is in error, please remove the" echo "~/.no-devstack file" From 41d01104b16bf5d0d6d4d7d2a1e5883d34bff810 Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Thu, 3 Dec 2015 08:12:23 -0500 Subject: [PATCH 0015/2309] remove generic extras.d support This removes the generic extras.d support, which we said we'd do at Mitaka-1. In tree extras.d continues to function as before, though we need stories to get ceph and ironic into plugins, and a better solution for Tempest. Change-Id: I8b134446dc08a2c3852423ca71af2f469f85496e --- functions-common | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/functions-common b/functions-common index d68ae77971..91a148603b 100644 --- a/functions-common +++ b/functions-common @@ -1741,17 +1741,18 @@ function run_phase { if [[ -d $TOP_DIR/extras.d ]]; then local extra_plugin_file_name for extra_plugin_file_name in $TOP_DIR/extras.d/*.sh; do - [[ -r $extra_plugin_file_name ]] && source $extra_plugin_file_name $mode $phase - # NOTE(sdague): generate a big warning about using - # extras.d in an unsupported way which will let us track - # unsupported usage in the gate. + # NOTE(sdague): only process extras.d for the 3 explicitly + # white listed elements in tree. We want these to move out + # over time as well, but they are in tree, so we need to + # manage that. local exceptions="50-ironic.sh 60-ceph.sh 80-tempest.sh" local extra extra=$(basename $extra_plugin_file_name) if [[ ! ( $exceptions =~ "$extra" ) ]]; then - deprecated "extras.d support is being removed in Mitaka-1" - deprecated "jobs for project $extra will break after that point" - deprecated "please move project to a supported devstack plugin model" + warn "use of extras.d is no longer supported" + warn "processing of project $extra is skipped" + else + [[ -r $extra_plugin_file_name ]] && source $extra_plugin_file_name $mode $phase fi done fi From 2a688440132173d493dff7c7c3760681d41e11be Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Tue, 8 Dec 2015 13:26:29 +0000 Subject: [PATCH 0016/2309] Heat - revise keystone/trusts config to avoid deprecated options There are some inter-related changes required to avoid using legacy fallback/deprecated paths in heat, which result in warnings in the log, e.g because we fall-back to reusing keystone auth_token configuration instead of heat specific sections. To fix this: - Don't explicitly set deferred_auth_method=trusts, as this is now the default (since kilo) - Create a new "trustee" section containing configuration used for the password auth-plugin associated with deferred authentication via trusts (support for this was added during liberty to enable us to stop incorrectly using the keystone auth_token config) - Create a "clients_keystone" section to avoid falling back to the legacy behavior of stealing the uri from auth_token. This also means we can remove the FIXME and auth_token auth_uri mentioned by jamielennox. Change-Id: Ie34332a7aec3b9b271df0759dd6ab66b45302832 Related-Bug: #1300246 --- lib/heat | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/lib/heat b/lib/heat index fdcf5bcaad..3666776317 100644 --- a/lib/heat +++ b/lib/heat @@ -56,6 +56,10 @@ HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates HEAT_API_HOST=${HEAT_API_HOST:-$HOST_IP} HEAT_API_PORT=${HEAT_API_PORT:-8004} +HEAT_SERVICE_USER=${HEAT_SERVICE_USER:-heat} +HEAT_TRUSTEE_USER=${HEAT_TRUSTEE_USER:-$HEAT_SERVICE_USER} +HEAT_TRUSTEE_PASSWORD=${HEAT_TRUSTEE_PASSWORD:-$SERVICE_PASSWORD} +HEAT_TRUSTEE_DOMAIN=${HEAT_TRUSTEE_DOMAIN:-default} # Support entry points installation of console scripts HEAT_BIN_DIR=$(get_python_exec_prefix) @@ -73,7 +77,7 @@ if [[ "$HEAT_STANDALONE" = "True" ]]; then fi else HEAT_STACK_DOMAIN=$(trueorfalse True HEAT_STACK_DOMAIN) - HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts} + HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-} fi HEAT_PLUGIN_DIR=${HEAT_PLUGIN_DIR:-$DATA_DIR/heat/plugins} ENABLE_HEAT_PLUGINS=${ENABLE_HEAT_PLUGINS:-} @@ -134,30 +138,39 @@ function configure_heat { setup_colorized_logging $HEAT_CONF DEFAULT tenant user fi - iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH + if [ ! -z "$HEAT_DEFERRED_AUTH" ]; then + iniset $HEAT_CONF DEFAULT deferred_auth_method $HEAT_DEFERRED_AUTH + fi if [ "$HEAT_USE_MOD_WSGI" == "True" ]; then _config_heat_apache_wsgi fi - # NOTE(jamielennox): heat re-uses specific values from the - # keystone_authtoken middleware group and so currently fails when using the - # auth plugin setup. This should be fixed in heat. Heat is also the only - # service that requires the auth_uri to include a /v2.0. Remove this custom - # setup when bug #1300246 is resolved. - iniset $HEAT_CONF keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 if [[ "$HEAT_STANDALONE" = "True" ]]; then iniset $HEAT_CONF paste_deploy flavor standalone iniset $HEAT_CONF clients_heat url "http://$HEAT_API_HOST:$HEAT_API_PORT/v1/%(tenant_id)s" else iniset $HEAT_CONF keystone_authtoken identity_uri $KEYSTONE_AUTH_URI - iniset $HEAT_CONF keystone_authtoken admin_user heat + iniset $HEAT_CONF keystone_authtoken admin_user $HEAT_SERVICE_USER iniset $HEAT_CONF keystone_authtoken admin_password $SERVICE_PASSWORD iniset $HEAT_CONF keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME iniset $HEAT_CONF keystone_authtoken cafile $SSL_BUNDLE_FILE iniset $HEAT_CONF keystone_authtoken signing_dir $HEAT_AUTH_CACHE_DIR fi + # If HEAT_DEFERRED_AUTH is unset or explicitly set to trusts, configure + # the section for the client plugin associated with the trustee + if [ -z "$HEAT_DEFERRED_AUTH" -o "trusts" == "$HEAT_DEFERRED_AUTH" ]; then + iniset $HEAT_CONF trustee auth_plugin password + iniset $HEAT_CONF trustee auth_url $KEYSTONE_AUTH_URI + iniset $HEAT_CONF trustee username $HEAT_TRUSTEE_USER + iniset $HEAT_CONF trustee password $HEAT_TRUSTEE_PASSWORD + iniset $HEAT_CONF trustee user_domain_id $HEAT_TRUSTEE_DOMAIN + fi + + # clients_keystone + iniset $HEAT_CONF clients_keystone auth_uri $KEYSTONE_AUTH_URI + # ec2authtoken iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 From 642b07b930cf5f49d1ed9aa220021d45ca631b1a Mon Sep 17 00:00:00 2001 From: ghanshyam Date: Thu, 19 Nov 2015 10:01:14 +0900 Subject: [PATCH 0017/2309] Add compute microversions configuration on tempest Many projects like Nova, Ironic etc have implemented the microversions for versioning their APIs. Tempest is going to tests those microversions - I57b78b4c0543b6fb0533b556886a19a03297555e. For testing microversion in Tempest on gate, we need to set a valid range of microversion in Tempest config and based on that Tempest will run appropriate tests. This commit adds the below range options for compute microversion testing- - [None, 'latest'] - for master branch as default - [None, None] - for tests running on v2.0 - option to set the range. Depends-On: I81e86faca6f8c0ffb7da22154a62236ac25cf0c0 Partially implements blueprint api-microversions-testing-support Change-Id: I171b862d1bba1af467f5b9a76288216c39e2adda --- lib/tempest | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lib/tempest b/lib/tempest index 6adc449ad0..61351c0628 100644 --- a/lib/tempest +++ b/lib/tempest @@ -357,6 +357,30 @@ function configure_tempest { compute_api_extensions=$(remove_disabled_extensions $compute_api_extensions $DISABLE_COMPUTE_API_EXTENSIONS) fi + # Set the microversion range for compute tests. + # This is used to run the Nova microversions tests. + # Setting [None, latest] range of microversion which allow Tempest to run all microversions tests. + # NOTE- To avoid microversion tests failure on stable branch, we need to change "tempest_compute_max_microversion" + # for stable branch on each release which should be changed from "latest" to max supported version of that release. + local tempest_compute_min_microversion=${TEMPEST_COMPUTE_MIN_MICROVERSION:-None} + local tempest_compute_max_microversion=${TEMPEST_COMPUTE_MAX_MICROVERSION:-"latest"} + # Reset microversions to None where v2.0 is running which does not support microversion. + # Both "None" means no microversion testing. + if [[ "$TEMPEST_COMPUTE_TYPE" == "compute_legacy" ]]; then + tempest_compute_min_microversion=None + tempest_compute_max_microversion=None + fi + if [ "$tempest_compute_min_microversion" == "None" ]; then + inicomment $TEMPEST_CONFIG compute-feature-enabled min_microversion + else + iniset $TEMPEST_CONFIG compute-feature-enabled min_microversion $tempest_compute_min_microversion + fi + if [ "$tempest_compute_max_microversion" == "None" ]; then + inicomment $TEMPEST_CONFIG compute-feature-enabled max_microversion + else + iniset $TEMPEST_CONFIG compute-feature-enabled max_microversion $tempest_compute_max_microversion + fi + iniset $TEMPEST_CONFIG compute-feature-enabled resize True iniset $TEMPEST_CONFIG compute-feature-enabled live_migration ${LIVE_MIGRATION_AVAILABLE:-False} iniset $TEMPEST_CONFIG compute-feature-enabled change_password False From af0801de3c1b1c51cf1a995c2939e182d2ef4926 Mon Sep 17 00:00:00 2001 From: Philipp Marek Date: Wed, 9 Dec 2015 13:51:56 +0100 Subject: [PATCH 0018/2309] Make logfile symlinks with relative names. Using absolute names for the symlink breaks in quite a few ways; * when creating a tar file of the logs, * when serving via NFS, or any other case where the directory gets transferred to a different machine. So just create the symlink with relative names, then they'll work in any location. Change-Id: I432a69754985fc71feb0068b7adca01066d7bc1b --- functions-common | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/functions-common b/functions-common index d4099ffcfa..0c5e48cadf 100644 --- a/functions-common +++ b/functions-common @@ -1309,10 +1309,11 @@ function _run_process { exec 3>&- exec 6>&- - local real_logfile="${LOGDIR}/${service}.log.${CURRENT_LOG_TIME}" + local logfile="${service}.log.${CURRENT_LOG_TIME}" + local real_logfile="${LOGDIR}/${logfile}" if [[ -n ${LOGDIR} ]]; then exec 1>&"$real_logfile" 2>&1 - ln -sf "$real_logfile" ${LOGDIR}/${service}.log + bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${service}.log" if [[ -n ${SCREEN_LOGDIR} ]]; then # Drop the backward-compat symlink ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${service}.log @@ -1399,7 +1400,8 @@ function screen_process { screen -S $SCREEN_NAME -X screen -t $name - local real_logfile="${LOGDIR}/${name}.log.${CURRENT_LOG_TIME}" + local logfile="${name}.log.${CURRENT_LOG_TIME}" + local real_logfile="${LOGDIR}/${logfile}" echo "LOGDIR: $LOGDIR" echo "SCREEN_LOGDIR: $SCREEN_LOGDIR" echo "log: $real_logfile" @@ -1410,7 +1412,7 @@ function screen_process { fi # If logging isn't active then avoid a broken symlink touch "$real_logfile" - ln -sf "$real_logfile" ${LOGDIR}/${name}.log + bash -c "cd '$LOGDIR' && ln -sf '$logfile' ${name}.log" if [[ -n ${SCREEN_LOGDIR} ]]; then # Drop the backward-compat symlink ln -sf "$real_logfile" ${SCREEN_LOGDIR}/screen-${1}.log From 56632fc75ddd4af3239c44e27673854dd65f4628 Mon Sep 17 00:00:00 2001 From: Jim Rollenhagen Date: Thu, 10 Dec 2015 05:57:19 -0800 Subject: [PATCH 0019/2309] Fix override-defaults in plugin docs Docs specify that this file should be override_defaults, when really devstack looks for override-defaults. Change-Id: I3900ec4d16ffb48c6969dac5081ea2817536c246 --- doc/source/plugins.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst index b8da7e1237..83e5609efa 100644 --- a/doc/source/plugins.rst +++ b/doc/source/plugins.rst @@ -21,12 +21,12 @@ external repositories. The plugin interface assumes the following: An external git repository that includes a ``devstack/`` top level directory. Inside this directory there can be 3 files. -- ``override_defaults`` - a file containing global variables that +- ``override-defaults`` - a file containing global variables that will be sourced before the lib/* files. This allows the plugin to override the defaults that are otherwise set in the lib/* files. - For example, override_defaults may export CINDER_ENABLED_BACKENDS + For example, override-defaults may export CINDER_ENABLED_BACKENDS to include the plugin-specific storage backend and thus be able to override the default lvm only storage backend for Cinder. From 10bff0e9968d7a9c59ea7f09f49775973f8b5008 Mon Sep 17 00:00:00 2001 From: Martin Hickey Date: Thu, 3 Dec 2015 15:18:10 +0000 Subject: [PATCH 0020/2309] Neutron LBaaS: Use generated configuration files if available Generate the Neutron LBaaS sample config files by using the oslo generator. The files are generated with a .sample extension and replace the static example configuration files. Once the generation code is delivered, the static config files will be removed. Change-Id: Iae1e581ec2bea9c0ced700229effcc716d53fe4e Related-blueprint: autogen-neutron-conf-file Partial-bug: #1199963 Depends-On: I25507f3bc6e995580aa91a912c2cf4110757df15 --- lib/neutron-legacy | 11 +++++++++-- lib/neutron_plugins/services/loadbalancer | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/neutron-legacy b/lib/neutron-legacy index caf89e3d8c..628f6463d1 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -112,6 +112,9 @@ NEUTRON_CONF_DIR=/etc/neutron NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"} +# Default provider for load balancer service +DEFAULT_LB_PROVIDER=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default + # Agent binaries. Note, binary paths for other agents are set in per-service # scripts in lib/neutron_plugins/services/ AGENT_DHCP_BINARY="$NEUTRON_BIN_DIR/neutron-dhcp-agent" @@ -1058,8 +1061,12 @@ function _configure_neutron_ceilometer_notifications { } function _configure_neutron_lbaas { - if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf ]; then - cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf $NEUTRON_CONF_DIR + # Uses oslo config generator to generate LBaaS sample configuration files + (cd $NEUTRON_LBAAS_DIR && exec ./tools/generate_config_file_samples.sh) + + if [ -f $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf.sample ]; then + cp $NEUTRON_LBAAS_DIR/etc/neutron_lbaas.conf.sample $NEUTRON_CONF_DIR/neutron_lbaas.conf + iniset $NEUTRON_CONF_DIR/neutron_lbaas.conf service_providers service_provider $DEFAULT_LB_PROVIDER fi neutron_agent_lbaas_configure_common neutron_agent_lbaas_configure_agent diff --git a/lib/neutron_plugins/services/loadbalancer b/lib/neutron_plugins/services/loadbalancer index b07d06c32b..30e9480f2e 100644 --- a/lib/neutron_plugins/services/loadbalancer +++ b/lib/neutron_plugins/services/loadbalancer @@ -28,7 +28,7 @@ function neutron_agent_lbaas_configure_agent { LBAAS_AGENT_CONF_FILENAME="$LBAAS_AGENT_CONF_PATH/lbaas_agent.ini" - cp $NEUTRON_LBAAS_DIR/etc/lbaas_agent.ini $LBAAS_AGENT_CONF_FILENAME + cp $NEUTRON_LBAAS_DIR/etc/lbaas_agent.ini.sample $LBAAS_AGENT_CONF_FILENAME # ovs_use_veth needs to be set before the plugin configuration # occurs to allow plugins to override the setting. From 69431725eb526d9daf320d7a05cccf22d10eaafd Mon Sep 17 00:00:00 2001 From: Anusha Ramineni Date: Tue, 8 Dec 2015 12:04:27 +0530 Subject: [PATCH 0021/2309] Add congress to plugin registry Now congress supports devstack plugin model, hence including the same in plugin registry Change-Id: I1ac83c529a466e6a75a9b46ed9b56085140a63ed --- doc/source/plugin-registry.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index 49b3a7fc02..c68d926822 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -26,6 +26,8 @@ The following are plugins that exist for official OpenStack projects. +------------------+---------------------------------------------+--------------------+ |ceilometer |git://git.openstack.org/openstack/ceilometer | metering | +------------------+---------------------------------------------+--------------------+ +|congress |git://git.openstack.org/openstack/congress | governance | ++------------------+---------------------------------------------+--------------------+ |gnocchi |git://git.openstack.org/openstack/gnocchi | metric | +------------------+---------------------------------------------+--------------------+ |magnum |git://git.openstack.org/openstack/magnum | | From 357dff588ef63935a2a36e89b1aa96419ef09ece Mon Sep 17 00:00:00 2001 From: Sean McGinnis Date: Fri, 11 Dec 2015 13:51:24 -0600 Subject: [PATCH 0022/2309] Remove Cinder API version cap Cinder API was pinned to v1 due to openstackclient missing some of the v2 commands, as reported in osc bug 1475060. That bug has since been marked invalid, but its intent was covered by the blueprint: https://blueprints.launchpad.net/python-openstackclient/+spec/volume-v2 This removes the pinning to the v1 API now that osc supports v2. Also removing the enablement of v1 as it was deprecated three releases ago and we would like to get more coverage on v2. Change-Id: Ia4d97734738d026c8721791669110778ff5eb6e5 --- lib/cinder | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/lib/cinder b/lib/cinder index 2119858253..569f3ab0a3 100644 --- a/lib/cinder +++ b/lib/cinder @@ -270,10 +270,6 @@ function configure_cinder { iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH iniset $CINDER_CONF DEFAULT periodic_interval $CINDER_PERIODIC_INTERVAL - # NOTE(thingee): Cinder V1 API is deprecated and defaults to off as of - # Juno. Keep it enabled so we can continue testing while it's still - # supported. - iniset $CINDER_CONF DEFAULT enable_v1_api true iniset $CINDER_CONF DEFAULT os_region_name "$REGION_NAME" @@ -550,9 +546,7 @@ function create_volume_types { local be be_name for be in ${CINDER_ENABLED_BACKENDS//,/ }; do be_name=${be##*:} - # FIXME(jamielennox): Remove --os-volume-api-version pinning when - # osc supports volume type create on v2 api. bug #1475060 - openstack volume type create --os-volume-api-version 1 --property volume_backend_name="${be_name}" ${be_name} + openstack volume type create --property volume_backend_name="${be_name}" ${be_name} done fi } From cf4f76299f84135a03fe29e5eddc97490eba806a Mon Sep 17 00:00:00 2001 From: Mahito OGURA Date: Wed, 12 Aug 2015 10:21:27 +0900 Subject: [PATCH 0023/2309] Update the vnc config options group 'DEFAULT' to 'vnc' n-api log output WARNINGs that vnc config options group 'DEFAULT' is deprecated. New vnc config options group is 'vnc'. This is change of Nova.[1] This patch changes the vnc config options group 'DEFAULT' to 'vnc'. [1] https://bugs.launchpad.net/nova/+bug/1447528 Change-Id: If54f750bac83298e90bdca27b5992fe2e5fbb712 Closes-Bug: 1483583 --- lib/nova | 12 ++++++------ lib/nova_plugins/hypervisor-libvirt | 10 +++++----- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lib/nova b/lib/nova index 6337f875ef..3e3f0f49ac 100644 --- a/lib/nova +++ b/lib/nova @@ -594,9 +594,9 @@ function create_nova_conf { # These settings don't hurt anything if n-xvnc and n-novnc are disabled if is_service_enabled n-cpu; then NOVNCPROXY_URL=${NOVNCPROXY_URL:-"http://$SERVICE_HOST:6080/vnc_auto.html"} - iniset $NOVA_CONF DEFAULT novncproxy_base_url "$NOVNCPROXY_URL" + iniset $NOVA_CONF vnc novncproxy_base_url "$NOVNCPROXY_URL" XVPVNCPROXY_URL=${XVPVNCPROXY_URL:-"http://$SERVICE_HOST:6081/console"} - iniset $NOVA_CONF DEFAULT xvpvncproxy_base_url "$XVPVNCPROXY_URL" + iniset $NOVA_CONF vnc xvpvncproxy_base_url "$XVPVNCPROXY_URL" SPICEHTML5PROXY_URL=${SPICEHTML5PROXY_URL:-"http://$SERVICE_HOST:6082/spice_auto.html"} iniset $NOVA_CONF spice html5proxy_base_url "$SPICEHTML5PROXY_URL" fi @@ -606,13 +606,13 @@ function create_nova_conf { # For multi-host, this should be the management ip of the compute host. VNCSERVER_LISTEN=${VNCSERVER_LISTEN=$NOVA_SERVICE_LOCAL_HOST} VNCSERVER_PROXYCLIENT_ADDRESS=${VNCSERVER_PROXYCLIENT_ADDRESS=$NOVA_SERVICE_LOCAL_HOST} - iniset $NOVA_CONF DEFAULT vnc_enabled true - iniset $NOVA_CONF DEFAULT vncserver_listen "$VNCSERVER_LISTEN" - iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS" + iniset $NOVA_CONF vnc enabled true + iniset $NOVA_CONF vnc vncserver_listen "$VNCSERVER_LISTEN" + iniset $NOVA_CONF vnc vncserver_proxyclient_address "$VNCSERVER_PROXYCLIENT_ADDRESS" iniset $NOVA_CONF DEFAULT novncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS" iniset $NOVA_CONF DEFAULT xvpvncproxy_host "$NOVA_SERVICE_LISTEN_ADDRESS" else - iniset $NOVA_CONF DEFAULT vnc_enabled false + iniset $NOVA_CONF vnc enabled false fi if is_service_enabled n-spice; then diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt index 8bbaa2133d..1b4f7ae80a 100644 --- a/lib/nova_plugins/hypervisor-libvirt +++ b/lib/nova_plugins/hypervisor-libvirt @@ -48,13 +48,13 @@ function configure_nova_hypervisor { iniset $NOVA_CONF DEFAULT firewall_driver "$LIBVIRT_FIREWALL_DRIVER" # Power architecture currently does not support graphical consoles. if is_arch "ppc64"; then - iniset $NOVA_CONF DEFAULT vnc_enabled "false" + iniset $NOVA_CONF vnc enabled "false" fi # arm64-specific configuration if is_arch "aarch64"; then # arm64 architecture currently does not support graphical consoles. - iniset $NOVA_CONF DEFAULT vnc_enabled "false" + iniset $NOVA_CONF vnc enabled "false" fi # File injection is being disabled by default in the near future - @@ -65,9 +65,9 @@ function configure_nova_hypervisor { iniset $NOVA_CONF libvirt connection_uri "parallels+unix:///system" iniset $NOVA_CONF libvirt images_type "ploop" iniset $NOVA_CONF DEFAULT force_raw_images "False" - iniset $NOVA_CONF DEFAULT vncserver_proxyclient_address $HOST_IP - iniset $NOVA_CONF DEFAULT vncserver_listen $HOST_IP - iniset $NOVA_CONF DEFAULT vnc_keymap + iniset $NOVA_CONF vnc vncserver_proxyclient_address $HOST_IP + iniset $NOVA_CONF vnc vncserver_listen $HOST_IP + iniset $NOVA_CONF vnc keymap fi } From 76cbbe37aae5d54542d62a5c6deec428a8cdc75e Mon Sep 17 00:00:00 2001 From: Mark McLoughlin Date: Mon, 7 Dec 2015 05:05:04 -0500 Subject: [PATCH 0024/2309] libvirt: don't repeatedly configure libvirtd logging /etc/libvirt is not world-readable (at least on Fedora and RHEL) so use sudo with the grep that checks whether we have already configured libvirtd logging. Also, change the regex so we don't count commented out logging config. Change-Id: I67484b28aafd0fa828385321fa96d9141cb4cb59 Signed-off-by: Mark McLoughlin --- lib/nova_plugins/functions-libvirt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index dae55c6eba..4f9b239a1e 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -110,10 +110,10 @@ EOF local log_filters="1:libvirt 1:qemu 1:conf 1:security 3:object 3:event 3:json 3:file 1:util 1:qemu_monitor" fi local log_outputs="1:file:/var/log/libvirt/libvirtd.log" - if ! grep -q "log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then + if ! sudo grep -q "^log_filters=\"$log_filters\"" /etc/libvirt/libvirtd.conf; then echo "log_filters=\"$log_filters\"" | sudo tee -a /etc/libvirt/libvirtd.conf fi - if ! grep -q "log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then + if ! sudo grep -q "^log_outputs=\"$log_outputs\"" /etc/libvirt/libvirtd.conf; then echo "log_outputs=\"$log_outputs\"" | sudo tee -a /etc/libvirt/libvirtd.conf fi fi From 239a9788b3f73495efbdf586425a83d714be4412 Mon Sep 17 00:00:00 2001 From: YAMAMOTO Takashi Date: Mon, 7 Dec 2015 17:09:59 +0900 Subject: [PATCH 0025/2309] Remove a stale comment about SQLALCHEMY_DATABASE_DRIVER SQLALCHEMY_DATABASE_DRIVER is no longer used after If6d8d08e5b7b7c48ca012677b536d71058def6fd . Also, remove mysql connector packages from the install list. Closes-Bug: #1523377 Related-Bug: #1493304 Change-Id: I5ecbc3b0bac989faa5c46d3c2866558a505414d8 --- files/debs/keystone | 1 - files/debs/neutron | 1 - files/debs/nova | 1 - files/rpms/neutron | 1 - files/rpms/nova | 1 - stackrc | 12 ------------ 6 files changed, 17 deletions(-) diff --git a/files/debs/keystone b/files/debs/keystone index 0795167047..370e4aac51 100644 --- a/files/debs/keystone +++ b/files/debs/keystone @@ -1,6 +1,5 @@ libkrb5-dev libldap2-dev libsasl2-dev -python-mysql.connector python-mysqldb sqlite3 diff --git a/files/debs/neutron b/files/debs/neutron index 85145d3654..e53cc68ccf 100644 --- a/files/debs/neutron +++ b/files/debs/neutron @@ -8,7 +8,6 @@ iputils-ping libmysqlclient-dev mysql-server #NOPRIME postgresql-server-dev-all -python-mysql.connector python-mysqldb rabbitmq-server # NOPRIME radvd # NOPRIME diff --git a/files/debs/nova b/files/debs/nova index fe57fc4b2a..58dad411a8 100644 --- a/files/debs/nova +++ b/files/debs/nova @@ -15,7 +15,6 @@ libvirt-dev # NOPRIME mysql-server # NOPRIME parted pm-utils -python-mysql.connector python-mysqldb qemu # dist:wheezy,jessie NOPRIME qemu-kvm # NOPRIME diff --git a/files/rpms/neutron b/files/rpms/neutron index 9683475d29..2e49a0cf93 100644 --- a/files/rpms/neutron +++ b/files/rpms/neutron @@ -4,7 +4,6 @@ dnsmasq-utils # for dhcp_release ebtables iptables iputils -mysql-connector-python mysql-devel MySQL-python mysql-server # NOPRIME diff --git a/files/rpms/nova b/files/rpms/nova index 00e759636e..4db9a06d95 100644 --- a/files/rpms/nova +++ b/files/rpms/nova @@ -15,7 +15,6 @@ libvirt-devel # NOPRIME libvirt-python # NOPRIME libxml2-python m2crypto -mysql-connector-python mysql-devel MySQL-python mysql-server # NOPRIME diff --git a/stackrc b/stackrc index 5dd109c0a4..0c311ad65b 100644 --- a/stackrc +++ b/stackrc @@ -72,18 +72,6 @@ if ! isset ENABLED_SERVICES ; then ENABLED_SERVICES+=,rabbit,tempest,mysql,dstat fi -# SQLAlchemy supports multiple database drivers for each database server -# type. For example, deployer may use MySQLdb, MySQLConnector, or oursql -# to access MySQL database. -# -# When defined, the variable controls which database driver is used to -# connect to database server. Otherwise using default driver defined for -# each database type. -# -# You can find the list of currently supported drivers for each database -# type at: http://docs.sqlalchemy.org/en/rel_0_9/core/engines.html -# SQLALCHEMY_DATABASE_DRIVER="mysqldb" - # Global toggle for enabling services under mod_wsgi. If this is set to # ``True`` all services that use HTTPD + mod_wsgi as the preferred method of # deployment, will be deployed under Apache. If this is set to ``False`` all From 2b4d6d16211cc55794b7d96594394f5e8c40fa4b Mon Sep 17 00:00:00 2001 From: Martin Hickey Date: Fri, 4 Dec 2015 14:40:03 +0000 Subject: [PATCH 0026/2309] Neutron VPNaaS: Use generated configuration files if available Generate the Neutron VPNaaS sample config files by using the oslo generator. The files are generated with a .sample extension and replace the static example configuration files. Once the generation code is delivered, the static config files will be removed. Change-Id: Icef8f7e8f0e8e78bfffa7a5af3f9f2300376b115 Related-blueprint: autogen-neutron-conf-file Partial-bug: #1199963 Depends-On: I4a6094b8218dfd320d05bfb1e3bc121e8930c551 --- lib/neutron-legacy | 6 ++++-- lib/neutron_plugins/services/vpn | 4 +++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/neutron-legacy b/lib/neutron-legacy index caf89e3d8c..0089a0d4cf 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -1079,8 +1079,10 @@ function _configure_neutron_fwaas { } function _configure_neutron_vpn { - if [ -f $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf ]; then - cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf $NEUTRON_CONF_DIR + # Uses oslo config generator to generate VPNaaS sample configuration files + (cd $NEUTRON_VPNAAS_DIR && exec ./tools/generate_config_file_samples.sh) + if [ -f $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf.sample ]; then + cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf.sample $NEUTRON_CONF_DIR/neutron_vpnaas.conf fi neutron_vpn_install_agent_packages neutron_vpn_configure_common diff --git a/lib/neutron_plugins/services/vpn b/lib/neutron_plugins/services/vpn index 8a379f588c..e790913847 100644 --- a/lib/neutron_plugins/services/vpn +++ b/lib/neutron_plugins/services/vpn @@ -29,7 +29,9 @@ function neutron_vpn_configure_common { } function neutron_vpn_configure_agent { - cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini $Q_VPN_CONF_FILE + # Uses oslo config generator to generate LBaaS sample configuration files + (cd $NEUTRON_VPNAAS_DIR && exec ./tools/generate_config_file_samples.sh) + cp $NEUTRON_VPNAAS_DIR/etc/vpn_agent.ini.sample $Q_VPN_CONF_FILE if [[ "$IPSEC_PACKAGE" == "strongswan" ]]; then iniset_multiline $Q_VPN_CONF_FILE vpnagent vpn_device_driver neutron_vpnaas.services.vpn.device_drivers.strongswan_ipsec.StrongSwanDriver if is_fedora; then From 97b9e970b27f2303b8404aaa31a9f2e7d51ee787 Mon Sep 17 00:00:00 2001 From: Dave Chen Date: Tue, 15 Dec 2015 03:33:48 +0800 Subject: [PATCH 0027/2309] Remove the support for keystone extensions All keystone extensions have been moved into cores and are enabled by default, there is no need to configure the extension in devstack but configure it in devstack will block the install process. Change-Id: I7d21b122c641f601295ee7ece3583404b3874dbd Closes-Bug: #1526033 --- lib/keystone | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/lib/keystone b/lib/keystone index 6b4118de0b..336ad12cbb 100644 --- a/lib/keystone +++ b/lib/keystone @@ -52,10 +52,6 @@ KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone} KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf KEYSTONE_PASTE_INI=${KEYSTONE_PASTE_INI:-$KEYSTONE_CONF_DIR/keystone-paste.ini} -# Set up additional extensions, such as oauth1, federation -# Example of KEYSTONE_EXTENSIONS=oauth1,federation -KEYSTONE_EXTENSIONS=${KEYSTONE_EXTENSIONS:-} - # Toggle for deploying Keystone under HTTPD + mod_wsgi KEYSTONE_USE_MOD_WSGI=${KEYSTONE_USE_MOD_WSGI:-${ENABLE_HTTPD_MOD_WSGI_SERVICES}} @@ -192,8 +188,6 @@ function configure_keystone { inidelete $KEYSTONE_PASTE_INI composite:admin \\/v2.0 fi - configure_keystone_extensions - # Rewrite stock ``keystone.conf`` if is_service_enabled ldap; then @@ -305,25 +299,6 @@ function configure_keystone { iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/" } -function configure_keystone_extensions { - # Add keystone extension into keystone v3 application pipeline - local extension_value - local api_v3 - local extension - local api_v3_extension - for extension_value in ${KEYSTONE_EXTENSIONS//,/ }; do - if [[ -z "${extension_value}" ]]; then - continue - fi - api_v3=$(iniget $KEYSTONE_PASTE_INI pipeline:api_v3 pipeline) - extension=$(echo $api_v3 | sed -ne "/${extension_value}/ p;" ) - if [[ -z $extension ]]; then - api_v3_extension=$(echo $api_v3 | sed -ne "s/service_v3/${extension_value}_extension service_v3/p;" ) - iniset $KEYSTONE_PASTE_INI pipeline:api_v3 pipeline "$api_v3_extension" - fi - done -} - # create_keystone_accounts() - Sets up common required keystone accounts # Tenant User Roles @@ -468,14 +443,6 @@ function init_keystone { # Initialize keystone database $KEYSTONE_BIN_DIR/keystone-manage db_sync - local extension_value - for extension_value in ${KEYSTONE_EXTENSIONS//,/ }; do - if [[ -z "${extension_value}" ]]; then - continue - fi - $KEYSTONE_BIN_DIR/keystone-manage db_sync --extension "${extension_value}" - done - if [[ "$KEYSTONE_TOKEN_FORMAT" == "pki" || "$KEYSTONE_TOKEN_FORMAT" == "pkiz" ]]; then # Set up certificates rm -rf $KEYSTONE_CONF_DIR/ssl From 43f62c08499de004a964c3a2f90ce400a0f932ad Mon Sep 17 00:00:00 2001 From: Akihiro Motoki Date: Tue, 15 Dec 2015 16:44:41 +0900 Subject: [PATCH 0028/2309] Move horizon config and start to appropriate phase in stack.sh Previously horizon configuration and start are done too early and as a result horizon init and start need to be run twice after horizon plugins are enabled. - horizon config was done before "run_phase stack install" - horizon init and start were done before "run_phase stack post-config" This commit rearrange horizon setup to the appropriate phases defined in the devstack plugin interface. - Configuration of horizon settings is moved to configure_horizon. - horizon config is now called between run_phase stack install and post-config. - horizon init and start are now called between run_phase stack post-config and extra. Change-Id: I8bf2ceaf7734c4f7cec68bc05d7cdbae81ef311e --- lib/horizon | 8 +++++--- stack.sh | 14 ++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/lib/horizon b/lib/horizon index 67181fcf29..dca31116e2 100644 --- a/lib/horizon +++ b/lib/horizon @@ -83,10 +83,7 @@ function configure_horizon { # Message catalog compilation is handled by Django admin script, # so compiling them after the installation avoids Django installation twice. (cd $HORIZON_DIR; ./run_tests.sh -N --compilemessages) -} -# init_horizon() - Initialize databases, etc. -function init_horizon { # ``local_settings.py`` is used to override horizon default settings. local local_settings=$HORIZON_DIR/openstack_dashboard/local/local_settings.py cp $HORIZON_SETTINGS $local_settings @@ -113,6 +110,7 @@ function init_horizon { horizon_conf=$(apache_site_config_for horizon) # Configure apache to run horizon + # Set up the django horizon application to serve via apache/wsgi sudo sh -c "sed -e \" s,%USER%,$APACHE_USER,g; s,%GROUP%,$APACHE_GROUP,g; @@ -133,7 +131,10 @@ function init_horizon { exit_distro_not_supported "horizon apache configuration" fi enable_apache_site horizon +} +# init_horizon() - Initialize databases, etc. +function init_horizon { # Remove old log files that could mess with how DevStack detects whether Horizon # has been successfully started (see start_horizon() and functions::screen_it()) # and run_process @@ -147,6 +148,7 @@ function init_horizon { django_admin=django-admin.py fi + # These need to be run after horizon plugins are configured. DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin collectstatic --noinput DJANGO_SETTINGS_MODULE=openstack_dashboard.settings $django_admin compress --force diff --git a/stack.sh b/stack.sh index 19d05c904a..e65d22f114 100755 --- a/stack.sh +++ b/stack.sh @@ -840,7 +840,6 @@ if is_service_enabled horizon; then install_django_openstack_auth # dashboard stack_install_service horizon - configure_horizon fi if is_service_enabled heat; then @@ -1060,12 +1059,9 @@ write_clouds_yaml # Horizon # ------- -# Set up the django horizon application to serve via apache/wsgi - if is_service_enabled horizon; then - echo_summary "Configuring and starting Horizon" - init_horizon - start_horizon + echo_summary "Configuring Horizon" + configure_horizon fi @@ -1290,6 +1286,12 @@ if is_service_enabled heat; then fi fi +if is_service_enabled horizon; then + echo_summary "Starting Horizon" + init_horizon + start_horizon +fi + # Create account rc files # ======================= From 563a7e75b7d26275a7416eb4d6641fcfe867b45a Mon Sep 17 00:00:00 2001 From: Sean Dague Date: Tue, 15 Dec 2015 17:16:19 -0500 Subject: [PATCH 0029/2309] set the validation path to fixed for n-net See if using fixed IPs for connectivity to hosts is more reliable than floating ips, which really were not intended for these purposes (at least in nova-net). Change-Id: I251710ee9186a68bb3ddc58ca803c33b81c8ac49 --- lib/tempest | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/tempest b/lib/tempest index 6adc449ad0..e651dc30ed 100644 --- a/lib/tempest +++ b/lib/tempest @@ -329,6 +329,9 @@ function configure_tempest { iniset $TEMPEST_CONFIG compute flavor_ref $flavor_ref iniset $TEMPEST_CONFIG compute flavor_ref_alt $flavor_ref_alt iniset $TEMPEST_CONFIG compute ssh_connect_method $ssh_connect_method + # set the equiv validation option here as well to ensure they are + # in sync. They shouldn't be separate options. + iniset $TEMPEST_CONFIG validation connect_method $ssh_connect_method if [[ ! $(is_service_enabled n-cell) && ! $(is_service_enabled neutron) ]]; then iniset $TEMPEST_CONFIG compute fixed_network_name $PRIVATE_NETWORK_NAME fi From 2ca8af45a78226f29c3251cbef6449a0a51a4c1f Mon Sep 17 00:00:00 2001 From: Atsushi SAKAI Date: Tue, 8 Dec 2015 15:36:13 +0900 Subject: [PATCH 0030/2309] Add 5 time measurement points run_process process starting time test_with_retry process starting time (for neutron legacy) restart_apache_server Apache HTTPD restart time wait_for_service HTTP server waiting time git_timed git command execution time example ======================== DevStack Components Timed ======================== run_process - 52 secs test_with_retry - 3 secs apt-get-update - 8 secs pip_install - 76 secs restart_apache_server - 9 secs wait_for_service - 11 secs git_timed - 127 secs apt-get - 15 secs Change-Id: I66140726617450cd9fe9b702092cacf053a20065 --- functions | 2 ++ functions-common | 6 ++++++ lib/apache | 2 ++ 3 files changed, 10 insertions(+) diff --git a/functions b/functions index 762fc472c2..9495710e92 100644 --- a/functions +++ b/functions @@ -357,7 +357,9 @@ CURL_GET="${CURL_GET:-curl -g}" function wait_for_service { local timeout=$1 local url=$2 + time_start "wait_for_service" timeout $timeout sh -c "while ! $CURL_GET -k --noproxy '*' -s $url >/dev/null; do sleep 1; done" + time_stop "wait_for_service" } diff --git a/functions-common b/functions-common index 1b01eefaf9..023203d1fc 100644 --- a/functions-common +++ b/functions-common @@ -597,6 +597,7 @@ function git_timed { timeout=${GIT_TIMEOUT} fi + time_start "git_timed" until timeout -s SIGINT ${timeout} git "$@"; do # 124 is timeout(1)'s special return code when it reached the # timeout; otherwise assume fatal failure @@ -611,6 +612,7 @@ function git_timed { fi sleep 5 done + time_stop "git_timed" } # git update using reference as a branch. @@ -1373,6 +1375,7 @@ function run_process { local command="$2" local group=$3 + time_start "run_process" if is_service_enabled $service; then if [[ "$USE_SCREEN" = "True" ]]; then screen_process "$service" "$command" "$group" @@ -1381,6 +1384,7 @@ function run_process { _run_process "$service" "$command" "$group" & fi fi + time_stop "run_process" } # Helper to launch a process in a named screen @@ -2196,9 +2200,11 @@ function test_with_retry { local until=${3:-10} local sleep=${4:-0.5} + time_start "test_with_retry" if ! timeout $until sh -c "while ! $testcmd; do sleep $sleep; done"; then die $LINENO "$failmsg" fi + time_stop "test_with_retry" } # Timing infrastructure - figure out where large blocks of time are diff --git a/lib/apache b/lib/apache index c9e02a2b58..2c84c7a481 100644 --- a/lib/apache +++ b/lib/apache @@ -185,9 +185,11 @@ function restart_apache_server { # Apache can be slow to stop, doing an explicit stop, sleep, start helps # to mitigate issues where apache will claim a port it's listening on is # still in use and fail to start. + time_start "restart_apache_server" stop_service $APACHE_NAME sleep 3 start_service $APACHE_NAME + time_stop "restart_apache_server" } # Restore xtrace From 00b5f4af92a640a2507046cf76ee57caa166310b Mon Sep 17 00:00:00 2001 From: Mike Turek Date: Tue, 15 Dec 2015 18:16:35 +0000 Subject: [PATCH 0031/2309] Replace deprecated baremetal timeouts with new deploy_timeout See review 258670 for more information. The preceeding patch consolidates Ironic timeouts into one blanket timeout. This patch sets the new timeout via the BUILD_TIMEOUT variable and removes the deprecated timeouts. Change-Id: I320461b2b40aa2b68afc38a901a5933e39aac1b6 Related-Bug: #1526863 --- lib/tempest | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/tempest b/lib/tempest index 61351c0628..b9d9e80fc2 100644 --- a/lib/tempest +++ b/lib/tempest @@ -533,8 +533,7 @@ function configure_tempest { # Baremetal if [ "$VIRT_DRIVER" = "ironic" ] ; then iniset $TEMPEST_CONFIG baremetal driver_enabled True - iniset $TEMPEST_CONFIG baremetal unprovision_timeout $BUILD_TIMEOUT - iniset $TEMPEST_CONFIG baremetal active_timeout $BUILD_TIMEOUT + iniset $TEMPEST_CONFIG baremetal deploy_timeout $BUILD_TIMEOUT iniset $TEMPEST_CONFIG baremetal deploy_img_dir $FILES iniset $TEMPEST_CONFIG baremetal node_uuid $IRONIC_NODE_UUID iniset $TEMPEST_CONFIG compute-feature-enabled change_password False From 168be83597dcfc38b6d552ecbf20b5093580e2cb Mon Sep 17 00:00:00 2001 From: Davanum Srinivas Date: Thu, 8 Oct 2015 07:57:44 -0700 Subject: [PATCH 0032/2309] Nuke EC2 API service in defaults Tempest does not test EC2 by default anymore: Ib5e24e19bcba9808a9f49fe7f328668df77fe4f9 So we don't need to run nova ec2 API service by default. Change-Id: Ieec0ca1361baf0978d96e69e1134f699c1af3bb9 --- stackrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackrc b/stackrc index f949ccbad9..edf23ce997 100644 --- a/stackrc +++ b/stackrc @@ -91,7 +91,7 @@ fi ENABLE_HTTPD_MOD_WSGI_SERVICES=True # Set the default Nova APIs to enable -NOVA_ENABLED_APIS=ec2,osapi_compute,metadata +NOVA_ENABLED_APIS=osapi_compute,metadata # Set the root URL for Horizon HORIZON_APACHE_ROOT="/dashboard" From 47115b0314bcb9006d674fb0c7da6ac6eb94de29 Mon Sep 17 00:00:00 2001 From: Martin Hickey Date: Fri, 18 Dec 2015 11:08:38 +0000 Subject: [PATCH 0033/2309] Neutron VPNaaS: Set default service provider Default value needs to be set for service_provider config item in neutron_vpnaas.conf. This is to support backward compatability for using the enable_service q-vpn. It should be noted that the recommended way to use VPN is the devstack plugin. Change-Id: I0d5960c81c47a138087d480527eff2a8eef59445 Closes-bug: #1527483 --- lib/neutron-legacy | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/neutron-legacy b/lib/neutron-legacy index e0c4676297..6af44e6ab8 100644 --- a/lib/neutron-legacy +++ b/lib/neutron-legacy @@ -115,6 +115,9 @@ export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/d # Default provider for load balancer service DEFAULT_LB_PROVIDER=LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +# Default provider for VPN service +DEFAULT_VPN_PROVIDER=VPN:openswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default + # Agent binaries. Note, binary paths for other agents are set in per-service # scripts in lib/neutron_plugins/services/ AGENT_DHCP_BINARY="$NEUTRON_BIN_DIR/neutron-dhcp-agent" @@ -1092,6 +1095,7 @@ function _configure_neutron_vpn { (cd $NEUTRON_VPNAAS_DIR && exec ./tools/generate_config_file_samples.sh) if [ -f $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf.sample ]; then cp $NEUTRON_VPNAAS_DIR/etc/neutron_vpnaas.conf.sample $NEUTRON_CONF_DIR/neutron_vpnaas.conf + iniset $NEUTRON_CONF_DIR/neutron_vpnaas.conf service_providers service_provider $DEFAULT_VPN_PROVIDER fi neutron_vpn_install_agent_packages neutron_vpn_configure_common From 47367071cdc110c40ec5c92d12f4dbe50cc553d4 Mon Sep 17 00:00:00 2001 From: Jim Rollenhagen Date: Thu, 10 Dec 2015 14:24:00 +0000 Subject: [PATCH 0034/2309] Remove ironic code from tree This removes all of the ironic code from the devstack tree, in favor of the devstack plugin in Ironic's tree. Depends-On: I659e3de5c64df798441798ff48ba5c9c0506585a Depends-On: I2c52bc014f1b0dbc6b0ae22a4deb4132b4c28621 Change-Id: I5125fce295c79600781469c2f48bea80e7600081 --- clean.sh | 1 - doc/source/index.rst | 2 - doc/source/plugin-registry.rst | 2 + extras.d/50-ironic.sh | 50 -- files/apache-ironic.template | 12 - files/debs/ironic | 19 - files/rpms/ironic | 14 - functions-common | 12 +- lib/ironic | 874 ------------------- stackrc | 8 +- tools/ironic/scripts/cleanup-node | 25 - tools/ironic/scripts/configure-vm | 93 -- tools/ironic/scripts/create-node | 79 -- tools/ironic/scripts/setup-network | 28 - tools/ironic/templates/brbm.xml | 6 - tools/ironic/templates/tftpd-xinetd.template | 14 - tools/ironic/templates/vm.xml | 49 -- 17 files changed, 16 insertions(+), 1272 deletions(-) delete mode 100644 extras.d/50-ironic.sh delete mode 100644 files/apache-ironic.template delete mode 100644 files/debs/ironic delete mode 100644 files/rpms/ironic delete mode 100644 lib/ironic delete mode 100755 tools/ironic/scripts/cleanup-node delete mode 100755 tools/ironic/scripts/configure-vm delete mode 100755 tools/ironic/scripts/create-node delete mode 100755 tools/ironic/scripts/setup-network delete mode 100644 tools/ironic/templates/brbm.xml delete mode 100644 tools/ironic/templates/tftpd-xinetd.template delete mode 100644 tools/ironic/templates/vm.xml diff --git a/clean.sh b/clean.sh index ae28aa9ab7..fc6f80dad4 100755 --- a/clean.sh +++ b/clean.sh @@ -50,7 +50,6 @@ source $TOP_DIR/lib/cinder source $TOP_DIR/lib/swift source $TOP_DIR/lib/heat source $TOP_DIR/lib/neutron-legacy -source $TOP_DIR/lib/ironic # Extras Source diff --git a/doc/source/index.rst b/doc/source/index.rst index ec345c9f64..2622436820 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -174,7 +174,6 @@ Scripts * `lib/heat `__ * `lib/horizon `__ * `lib/infra `__ -* `lib/ironic `__ * `lib/keystone `__ * `lib/ldap `__ * `lib/neutron-legacy `__ @@ -189,7 +188,6 @@ Scripts * `clean.sh `__ * `run\_tests.sh `__ -* `extras.d/50-ironic.sh `__ * `extras.d/60-ceph.sh `__ * `extras.d/70-tuskar.sh `__ * `extras.d/80-tempest.sh `__ diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index c68d926822..7682defbed 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -30,6 +30,8 @@ The following are plugins that exist for official OpenStack projects. +------------------+---------------------------------------------+--------------------+ |gnocchi |git://git.openstack.org/openstack/gnocchi | metric | +------------------+---------------------------------------------+--------------------+ +|ironic |git://git.openstack.org/openstack/ironic | baremetal | ++------------------+---------------------------------------------+--------------------+ |magnum |git://git.openstack.org/openstack/magnum | | +------------------+---------------------------------------------+--------------------+ |manila |git://git.openstack.org/openstack/manila | file shares | diff --git a/extras.d/50-ironic.sh b/extras.d/50-ironic.sh deleted file mode 100644 index 0ee6a94758..0000000000 --- a/extras.d/50-ironic.sh +++ /dev/null @@ -1,50 +0,0 @@ -# ironic.sh - Devstack extras script to install ironic - -# NOTE(jroll) this is used for the transition to a devstack plugin in -# the ironic tree. -IRONIC_USING_PLUGIN=$(trueorfalse False IRONIC_USING_PLUGIN) -if [[ "$IRONIC_USING_PLUGIN" == "True" ]] ; then - return 0 -fi - -if is_service_enabled ir-api ir-cond; then - if [[ "$1" == "source" ]]; then - # Initial source - source $TOP_DIR/lib/ironic - elif [[ "$1" == "stack" && "$2" == "install" ]]; then - echo_summary "Installing Ironic" - install_ironic - install_ironicclient - cleanup_ironic - elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then - echo_summary "Configuring Ironic" - configure_ironic - - if is_service_enabled key; then - create_ironic_accounts - fi - - elif [[ "$1" == "stack" && "$2" == "extra" ]]; then - # Initialize ironic - init_ironic - - # Start the ironic API and ironic taskmgr components - echo_summary "Starting Ironic" - start_ironic - - if [[ "$IRONIC_BAREMETAL_BASIC_OPS" = "True" ]]; then - prepare_baremetal_basic_ops - fi - fi - - if [[ "$1" == "unstack" ]]; then - stop_ironic - if [[ "$IRONIC_BAREMETAL_BASIC_OPS" = "True" ]]; then - cleanup_baremetal_basic_ops - fi - fi - - if [[ "$1" == "clean" ]]; then - cleanup_ironic - fi -fi diff --git a/files/apache-ironic.template b/files/apache-ironic.template deleted file mode 100644 index 88641946f6..0000000000 --- a/files/apache-ironic.template +++ /dev/null @@ -1,12 +0,0 @@ -Listen %PUBLICPORT% - - - DocumentRoot "%HTTPROOT%" - - Options Indexes FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - Require all granted - - diff --git a/files/debs/ironic b/files/debs/ironic deleted file mode 100644 index 4d5a6aa6b7..0000000000 --- a/files/debs/ironic +++ /dev/null @@ -1,19 +0,0 @@ -docker.io -ipmitool -iptables -ipxe -libguestfs0 -libvirt-bin -open-iscsi -openssh-client -openvswitch-datapath-dkms -openvswitch-switch -python-libguestfs -python-libvirt -qemu -qemu-kvm -qemu-utils -sgabios -syslinux -tftpd-hpa -xinetd diff --git a/files/rpms/ironic b/files/rpms/ironic deleted file mode 100644 index 2bf8bb370e..0000000000 --- a/files/rpms/ironic +++ /dev/null @@ -1,14 +0,0 @@ -docker-io -ipmitool -iptables -ipxe-bootimgs -libguestfs -libvirt -libvirt-python -net-tools -openssh-clients -openvswitch -sgabios -syslinux -tftp-server -xinetd diff --git a/functions-common b/functions-common index 1b01eefaf9..c3eef469d3 100644 --- a/functions-common +++ b/functions-common @@ -954,6 +954,15 @@ function get_endpoint_url { -c URL -f value) } +# check if we are using ironic with hardware +# TODO(jroll) this is a kludge left behind when ripping ironic code +# out of tree, as it is used by nova and neutron. +# figure out a way to refactor nova/neutron code to eliminate this +function is_ironic_hardware { + is_service_enabled ironic && [[ -n "${IRONIC_DEPLOY_DRIVER##*_ssh}" ]] && return 0 + return 1 +} + # Package Functions # ================= @@ -1764,7 +1773,7 @@ function run_phase { # white listed elements in tree. We want these to move out # over time as well, but they are in tree, so we need to # manage that. - local exceptions="50-ironic.sh 60-ceph.sh 80-tempest.sh" + local exceptions="60-ceph.sh 80-tempest.sh" local extra extra=$(basename $extra_plugin_file_name) if [[ ! ( $exceptions =~ "$extra" ) ]]; then @@ -1952,7 +1961,6 @@ function is_service_enabled { [[ ${service} == n-cpu-* && ${ENABLED_SERVICES} =~ "n-cpu" ]] && enabled=0 [[ ${service} == "nova" && ${ENABLED_SERVICES} =~ "n-" ]] && enabled=0 [[ ${service} == "glance" && ${ENABLED_SERVICES} =~ "g-" ]] && enabled=0 - [[ ${service} == "ironic" && ${ENABLED_SERVICES} =~ "ir-" ]] && enabled=0 [[ ${service} == "neutron" && ${ENABLED_SERVICES} =~ "q-" ]] && enabled=0 [[ ${service} == "trove" && ${ENABLED_SERVICES} =~ "tr-" ]] && enabled=0 [[ ${service} == "swift" && ${ENABLED_SERVICES} =~ "s-" ]] && enabled=0 diff --git a/lib/ironic b/lib/ironic deleted file mode 100644 index dd4f8bf65f..0000000000 --- a/lib/ironic +++ /dev/null @@ -1,874 +0,0 @@ -#!/bin/bash -# -# lib/ironic -# Functions to control the configuration and operation of the **Ironic** service - -# Dependencies: -# -# - ``functions`` file -# - ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined -# - ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined -# - ``SERVICE_HOST`` -# - ``KEYSTONE_TOKEN_FORMAT`` must be defined - -# ``stack.sh`` calls the entry points in this order: -# -# - install_ironic -# - install_ironicclient -# - init_ironic -# - start_ironic -# - stop_ironic -# - cleanup_ironic - -# Save trace and pipefail settings -_XTRACE_IRONIC=$(set +o | grep xtrace) -_PIPEFAIL_IRONIC=$(set +o | grep pipefail) -set +o xtrace -set +o pipefail - -# NOTE(jroll) this is used for the transition to a devstack plugin in -# the ironic tree. -IRONIC_USING_PLUGIN=$(trueorfalse False IRONIC_USING_PLUGIN) -if [[ "$IRONIC_USING_PLUGIN" == "True" ]] ; then - return 0 -fi - -# Defaults -# -------- - -# Set up default directories -GITDIR["python-ironicclient"]=$DEST/python-ironicclient -GITDIR["ironic-lib"]=$DEST/ironic-lib - -IRONIC_DIR=$DEST/ironic -IRONIC_PYTHON_AGENT_DIR=$DEST/ironic-python-agent -IRONIC_DATA_DIR=$DATA_DIR/ironic -IRONIC_STATE_PATH=/var/lib/ironic -IRONIC_AUTH_CACHE_DIR=${IRONIC_AUTH_CACHE_DIR:-/var/cache/ironic} -IRONIC_CONF_DIR=${IRONIC_CONF_DIR:-/etc/ironic} -IRONIC_CONF_FILE=$IRONIC_CONF_DIR/ironic.conf -IRONIC_ROOTWRAP_CONF=$IRONIC_CONF_DIR/rootwrap.conf -IRONIC_POLICY_JSON=$IRONIC_CONF_DIR/policy.json - -# Deploy callback timeout can be changed from its default (1800), if required. -IRONIC_CALLBACK_TIMEOUT=${IRONIC_CALLBACK_TIMEOUT:-} - -# Deploy to hardware platform -IRONIC_HW_NODE_CPU=${IRONIC_HW_NODE_CPU:-1} -IRONIC_HW_NODE_RAM=${IRONIC_HW_NODE_RAM:-512} -IRONIC_HW_NODE_DISK=${IRONIC_HW_NODE_DISK:-10} -IRONIC_HW_EPHEMERAL_DISK=${IRONIC_HW_EPHEMERAL_DISK:-0} -# The file is composed of multiple lines, each line includes four field -# separated by white space: IPMI address, MAC address, IPMI username -# and IPMI password. -# -# 192.168.110.107 00:1e:67:57:50:4c root otc123 -IRONIC_IPMIINFO_FILE=${IRONIC_IPMIINFO_FILE:-$IRONIC_DATA_DIR/hardware_info} - -# Set up defaults for functional / integration testing -IRONIC_NODE_UUID=${IRONIC_NODE_UUID:-`uuidgen`} -IRONIC_SCRIPTS_DIR=${IRONIC_SCRIPTS_DIR:-$TOP_DIR/tools/ironic/scripts} -IRONIC_TEMPLATES_DIR=${IRONIC_TEMPLATES_DIR:-$TOP_DIR/tools/ironic/templates} -IRONIC_BAREMETAL_BASIC_OPS=$(trueorfalse False IRONIC_BAREMETAL_BASIC_OPS) -IRONIC_ENABLED_DRIVERS=${IRONIC_ENABLED_DRIVERS:-fake,pxe_ssh,pxe_ipmitool} -IRONIC_SSH_USERNAME=${IRONIC_SSH_USERNAME:-`whoami`} -IRONIC_SSH_TIMEOUT=${IRONIC_SSH_TIMEOUT:-15} -IRONIC_SSH_KEY_DIR=${IRONIC_SSH_KEY_DIR:-$IRONIC_DATA_DIR/ssh_keys} -IRONIC_SSH_KEY_FILENAME=${IRONIC_SSH_KEY_FILENAME:-ironic_key} -IRONIC_KEY_FILE=${IRONIC_KEY_FILE:-$IRONIC_SSH_KEY_DIR/$IRONIC_SSH_KEY_FILENAME} -IRONIC_SSH_VIRT_TYPE=${IRONIC_SSH_VIRT_TYPE:-virsh} -IRONIC_TFTPBOOT_DIR=${IRONIC_TFTPBOOT_DIR:-$IRONIC_DATA_DIR/tftpboot} -IRONIC_TFTPSERVER_IP=${IRONIC_TFTPSERVER_IP:-$HOST_IP} -IRONIC_VM_SSH_PORT=${IRONIC_VM_SSH_PORT:-22} -IRONIC_VM_SSH_ADDRESS=${IRONIC_VM_SSH_ADDRESS:-$HOST_IP} -IRONIC_VM_COUNT=${IRONIC_VM_COUNT:-1} -IRONIC_VM_SPECS_CPU=${IRONIC_VM_SPECS_CPU:-1} -IRONIC_VM_SPECS_RAM=${IRONIC_VM_SPECS_RAM:-512} -IRONIC_VM_SPECS_DISK=${IRONIC_VM_SPECS_DISK:-10} -IRONIC_VM_EPHEMERAL_DISK=${IRONIC_VM_EPHEMERAL_DISK:-0} -IRONIC_VM_EMULATOR=${IRONIC_VM_EMULATOR:-/usr/bin/qemu-system-x86_64} -IRONIC_VM_NETWORK_BRIDGE=${IRONIC_VM_NETWORK_BRIDGE:-brbm} -IRONIC_VM_NETWORK_RANGE=${IRONIC_VM_NETWORK_RANGE:-192.0.2.0/24} -IRONIC_VM_MACS_CSV_FILE=${IRONIC_VM_MACS_CSV_FILE:-$IRONIC_DATA_DIR/ironic_macs.csv} -IRONIC_AUTHORIZED_KEYS_FILE=${IRONIC_AUTHORIZED_KEYS_FILE:-$HOME/.ssh/authorized_keys} - -# By default, baremetal VMs will console output to file. -IRONIC_VM_LOG_CONSOLE=${IRONIC_VM_LOG_CONSOLE:-True} -IRONIC_VM_LOG_DIR=${IRONIC_VM_LOG_DIR:-$IRONIC_DATA_DIR/logs/} - -# Use DIB to create deploy ramdisk and kernel. -IRONIC_BUILD_DEPLOY_RAMDISK=$(trueorfalse True IRONIC_BUILD_DEPLOY_RAMDISK) -# If not use DIB, these files are used as deploy ramdisk/kernel. -# (The value must be an absolute path) -IRONIC_DEPLOY_RAMDISK=${IRONIC_DEPLOY_RAMDISK:-} -IRONIC_DEPLOY_KERNEL=${IRONIC_DEPLOY_KERNEL:-} -IRONIC_DEPLOY_ELEMENT=${IRONIC_DEPLOY_ELEMENT:-deploy-ironic} - -IRONIC_AGENT_KERNEL_URL=${IRONIC_AGENT_KERNEL_URL:-http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe.vmlinuz} -IRONIC_AGENT_RAMDISK_URL=${IRONIC_AGENT_RAMDISK_URL:-http://tarballs.openstack.org/ironic-python-agent/coreos/files/coreos_production_pxe_image-oem.cpio.gz} - -# Which deploy driver to use - valid choices right now -# are ``pxe_ssh``, ``pxe_ipmitool``, ``agent_ssh`` and ``agent_ipmitool``. -IRONIC_DEPLOY_DRIVER=${IRONIC_DEPLOY_DRIVER:-pxe_ssh} - -# TODO(agordeev): replace 'ubuntu' with host distro name getting -IRONIC_DEPLOY_FLAVOR=${IRONIC_DEPLOY_FLAVOR:-ubuntu $IRONIC_DEPLOY_ELEMENT} - -# Support entry points installation of console scripts -IRONIC_BIN_DIR=$(get_python_exec_prefix) - -# Ironic connection info. Note the port must be specified. -IRONIC_SERVICE_PROTOCOL=http -IRONIC_SERVICE_PORT=${IRONIC_SERVICE_PORT:-6385} -IRONIC_HOSTPORT=${IRONIC_HOSTPORT:-$SERVICE_HOST:$IRONIC_SERVICE_PORT} - -# Enable iPXE -IRONIC_IPXE_ENABLED=$(trueorfalse False IRONIC_IPXE_ENABLED) -IRONIC_HTTP_DIR=${IRONIC_HTTP_DIR:-$IRONIC_DATA_DIR/httpboot} -IRONIC_HTTP_SERVER=${IRONIC_HTTP_SERVER:-$HOST_IP} -IRONIC_HTTP_PORT=${IRONIC_HTTP_PORT:-8088} - -# NOTE(lucasagomes): This flag is used to differentiate the nodes that -# uses IPA as their deploy ramdisk from nodes that uses the agent_* drivers -# (which also uses IPA but depends on Swift Temp URLs to work). At present, -# all drivers that uses the iSCSI approach for their deployment supports -# using both, IPA or bash ramdisks for the deployment. In the future we -# want to remove the support for the bash ramdisk in favor of IPA, once -# we get there this flag can be removed, and all conditionals that uses -# it should just run by default. -IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA=$(trueorfalse False IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA) - -# get_pxe_boot_file() - Get the PXE/iPXE boot file path -function get_pxe_boot_file { - local relpath=syslinux/pxelinux.0 - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - relpath=ipxe/undionly.kpxe - fi - - local pxe_boot_file - if is_ubuntu; then - pxe_boot_file=/usr/lib/$relpath - elif is_fedora || is_suse; then - pxe_boot_file=/usr/share/$relpath - fi - - echo $pxe_boot_file -} - -# PXE boot image -IRONIC_PXE_BOOT_IMAGE=${IRONIC_PXE_BOOT_IMAGE:-$(get_pxe_boot_file)} - - -# Functions -# --------- - -# Test if any Ironic services are enabled -# is_ironic_enabled -function is_ironic_enabled { - [[ ,${ENABLED_SERVICES} =~ ,"ir-" ]] && return 0 - return 1 -} - -function is_ironic_hardware { - is_ironic_enabled && [[ -n "${IRONIC_DEPLOY_DRIVER##*_ssh}" ]] && return 0 - return 1 -} - -function is_deployed_by_agent { - [[ -z "${IRONIC_DEPLOY_DRIVER%%agent*}" ]] && return 0 - return 1 -} - -function is_deployed_with_ipa_ramdisk { - is_deployed_by_agent || [[ "$IRONIC_DEPLOY_DRIVER_ISCSI_WITH_IPA" == "True" ]] && return 0 - return 1 -} - -# install_ironic() - Collect source and prepare -function install_ironic { - # make sure all needed service were enabled - local req_services="key" - if [[ "$VIRT_DRIVER" == "ironic" ]]; then - req_services+=" nova glance neutron" - fi - for srv in $req_services; do - if ! is_service_enabled "$srv"; then - die $LINENO "$srv should be enabled for Ironic." - fi - done - - if use_library_from_git "ironic-lib"; then - git_clone_by_name "ironic-lib" - setup_dev_lib "ironic-lib" - fi - - git_clone $IRONIC_REPO $IRONIC_DIR $IRONIC_BRANCH - setup_develop $IRONIC_DIR - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - install_apache_wsgi - fi -} - -# install_ironicclient() - Collect sources and prepare -function install_ironicclient { - if use_library_from_git "python-ironicclient"; then - git_clone_by_name "python-ironicclient" - setup_dev_lib "python-ironicclient" - sudo install -D -m 0644 -o $STACK_USER {${GITDIR["python-ironicclient"]}/tools/,/etc/bash_completion.d/}ironic.bash_completion - else - # nothing actually "requires" ironicclient, so force instally from pypi - pip_install_gr python-ironicclient - fi -} - -# _cleanup_ironic_apache_wsgi() - Remove wsgi files, disable and remove apache vhost file -function _cleanup_ironic_apache_wsgi { - sudo rm -rf $IRONIC_HTTP_DIR - disable_apache_site ironic - sudo rm -f $(apache_site_config_for ironic) - restart_apache_server -} - -# _config_ironic_apache_wsgi() - Set WSGI config files of Ironic -function _config_ironic_apache_wsgi { - local ironic_apache_conf - ironic_apache_conf=$(apache_site_config_for ironic) - sudo cp $FILES/apache-ironic.template $ironic_apache_conf - sudo sed -e " - s|%PUBLICPORT%|$IRONIC_HTTP_PORT|g; - s|%HTTPROOT%|$IRONIC_HTTP_DIR|g; - " -i $ironic_apache_conf - enable_apache_site ironic -} - -# cleanup_ironic() - Remove residual data files, anything left over from previous -# runs that would need to clean up. -function cleanup_ironic { - sudo rm -rf $IRONIC_AUTH_CACHE_DIR $IRONIC_CONF_DIR -} - -# configure_ironic_dirs() - Create all directories required by Ironic and -# associated services. -function configure_ironic_dirs { - sudo install -d -o $STACK_USER $IRONIC_CONF_DIR $STACK_USER $IRONIC_DATA_DIR \ - $IRONIC_STATE_PATH $IRONIC_TFTPBOOT_DIR $IRONIC_TFTPBOOT_DIR/pxelinux.cfg - sudo chown -R $STACK_USER:$LIBVIRT_GROUP $IRONIC_TFTPBOOT_DIR - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - sudo install -d -o $STACK_USER -g $LIBVIRT_GROUP $IRONIC_HTTP_DIR - fi - - if [ ! -f $IRONIC_PXE_BOOT_IMAGE ]; then - die $LINENO "PXE boot file $IRONIC_PXE_BOOT_IMAGE not found." - fi - - # Copy PXE binary - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - cp $IRONIC_PXE_BOOT_IMAGE $IRONIC_TFTPBOOT_DIR - else - # Syslinux >= 5.00 pxelinux.0 binary is not "stand-alone" anymore, - # it depends on some c32 modules to work correctly. - # More info: http://www.syslinux.org/wiki/index.php/Library_modules - cp -aR $(dirname $IRONIC_PXE_BOOT_IMAGE)/*.{c32,0} $IRONIC_TFTPBOOT_DIR - fi -} - -# configure_ironic() - Set config files, create data dirs, etc -function configure_ironic { - configure_ironic_dirs - - # Copy over ironic configuration file and configure common parameters. - cp $IRONIC_DIR/etc/ironic/ironic.conf.sample $IRONIC_CONF_FILE - iniset $IRONIC_CONF_FILE DEFAULT debug True - inicomment $IRONIC_CONF_FILE DEFAULT log_file - iniset $IRONIC_CONF_FILE database connection `database_connection_url ironic` - iniset $IRONIC_CONF_FILE DEFAULT state_path $IRONIC_STATE_PATH - iniset $IRONIC_CONF_FILE DEFAULT use_syslog $SYSLOG - # Configure Ironic conductor, if it was enabled. - if is_service_enabled ir-cond; then - configure_ironic_conductor - fi - - # Configure Ironic API, if it was enabled. - if is_service_enabled ir-api; then - configure_ironic_api - fi - - # Format logging - if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then - setup_colorized_logging $IRONIC_CONF_FILE DEFAULT tenant user - fi - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]]; then - _config_ironic_apache_wsgi - fi -} - -# configure_ironic_api() - Is used by configure_ironic(). Performs -# API specific configuration. -function configure_ironic_api { - iniset $IRONIC_CONF_FILE DEFAULT auth_strategy keystone - iniset $IRONIC_CONF_FILE oslo_policy policy_file $IRONIC_POLICY_JSON - - # TODO(Yuki Nishiwaki): This is a temporary work-around until Ironic is fixed(bug#1422632). - # These codes need to be changed to use the function of configure_auth_token_middleware - # after Ironic conforms to the new auth plugin. - iniset $IRONIC_CONF_FILE keystone_authtoken identity_uri $KEYSTONE_AUTH_URI - iniset $IRONIC_CONF_FILE keystone_authtoken auth_uri $KEYSTONE_SERVICE_URI/v2.0 - iniset $IRONIC_CONF_FILE keystone_authtoken admin_user ironic - iniset $IRONIC_CONF_FILE keystone_authtoken admin_password $SERVICE_PASSWORD - iniset $IRONIC_CONF_FILE keystone_authtoken admin_tenant_name $SERVICE_TENANT_NAME - iniset $IRONIC_CONF_FILE keystone_authtoken cafile $SSL_BUNDLE_FILE - iniset $IRONIC_CONF_FILE keystone_authtoken signing_dir $IRONIC_AUTH_CACHE_DIR/api - - iniset_rpc_backend ironic $IRONIC_CONF_FILE - iniset $IRONIC_CONF_FILE api port $IRONIC_SERVICE_PORT - - cp -p $IRONIC_DIR/etc/ironic/policy.json $IRONIC_POLICY_JSON -} - -# configure_ironic_conductor() - Is used by configure_ironic(). -# Sets conductor specific settings. -function configure_ironic_conductor { - cp $IRONIC_DIR/etc/ironic/rootwrap.conf $IRONIC_ROOTWRAP_CONF - cp -r $IRONIC_DIR/etc/ironic/rootwrap.d $IRONIC_CONF_DIR - local ironic_rootwrap - ironic_rootwrap=$(get_rootwrap_location ironic) - local rootwrap_isudoer_cmd="$ironic_rootwrap $IRONIC_CONF_DIR/rootwrap.conf *" - - # Set up the rootwrap sudoers for ironic - local tempfile - tempfile=`mktemp` - echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_isudoer_cmd" >$tempfile - chmod 0440 $tempfile - sudo chown root:root $tempfile - sudo mv $tempfile /etc/sudoers.d/ironic-rootwrap - - iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF - iniset $IRONIC_CONF_FILE DEFAULT enabled_drivers $IRONIC_ENABLED_DRIVERS - iniset $IRONIC_CONF_FILE conductor api_url $IRONIC_SERVICE_PROTOCOL://$HOST_IP:$IRONIC_SERVICE_PORT - if [[ -n "$IRONIC_CALLBACK_TIMEOUT" ]]; then - iniset $IRONIC_CONF_FILE conductor deploy_callback_timeout $IRONIC_CALLBACK_TIMEOUT - fi - iniset $IRONIC_CONF_FILE pxe tftp_server $IRONIC_TFTPSERVER_IP - iniset $IRONIC_CONF_FILE pxe tftp_root $IRONIC_TFTPBOOT_DIR - iniset $IRONIC_CONF_FILE pxe tftp_master_path $IRONIC_TFTPBOOT_DIR/master_images - - local pxe_params="" - if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then - pxe_params+="nofb nomodeset vga=normal console=ttyS0" - if is_deployed_with_ipa_ramdisk; then - pxe_params+=" systemd.journald.forward_to_console=yes" - fi - fi - # When booting with less than 1GB, we need to switch from default tmpfs - # to ramfs for ramdisks to decompress successfully. - if (is_ironic_hardware && [[ "$IRONIC_HW_NODE_RAM" -lt 1024 ]]) || - (! is_ironic_hardware && [[ "$IRONIC_VM_SPECS_RAM" -lt 1024 ]]); then - pxe_params+=" rootfstype=ramfs" - fi - if [[ -n "$pxe_params" ]]; then - iniset $IRONIC_CONF_FILE pxe pxe_append_params "$pxe_params" - fi - - # Set these options for scenarios in which the agent fetches the image - # directly from glance, and don't set them where the image is pushed - # over iSCSI. - if is_deployed_by_agent; then - if [[ "$SWIFT_ENABLE_TEMPURLS" == "True" ]] ; then - iniset $IRONIC_CONF_FILE glance swift_temp_url_key $SWIFT_TEMPURL_KEY - else - die $LINENO "SWIFT_ENABLE_TEMPURLS must be True to use agent_ssh driver in Ironic." - fi - iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080} - iniset $IRONIC_CONF_FILE glance swift_api_version v1 - local tenant_id - tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME default) - iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id} - iniset $IRONIC_CONF_FILE glance swift_container glance - iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600 - iniset $IRONIC_CONF_FILE agent heartbeat_timeout 30 - fi - - # FIXME: this really needs to be tested in the gate. - # For now, any test using the agent ramdisk should skip cleaning - # because it is too slow to run in the gate. - iniset $IRONIC_CONF_FILE agent agent_erase_devices_priority 0 - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - local pxebin - pxebin=`basename $IRONIC_PXE_BOOT_IMAGE` - iniset $IRONIC_CONF_FILE pxe ipxe_enabled True - iniset $IRONIC_CONF_FILE pxe pxe_config_template '\$pybasedir/drivers/modules/ipxe_config.template' - iniset $IRONIC_CONF_FILE pxe pxe_bootfile_name $pxebin - iniset $IRONIC_CONF_FILE pxe http_root $IRONIC_HTTP_DIR - iniset $IRONIC_CONF_FILE pxe http_url "http://$IRONIC_HTTP_SERVER:$IRONIC_HTTP_PORT" - fi -} - -# create_ironic_cache_dir() - Part of the init_ironic() process -function create_ironic_cache_dir { - # Create cache dir - sudo mkdir -p $IRONIC_AUTH_CACHE_DIR/api - sudo chown $STACK_USER $IRONIC_AUTH_CACHE_DIR/api - rm -f $IRONIC_AUTH_CACHE_DIR/api/* - sudo mkdir -p $IRONIC_AUTH_CACHE_DIR/registry - sudo chown $STACK_USER $IRONIC_AUTH_CACHE_DIR/registry - rm -f $IRONIC_AUTH_CACHE_DIR/registry/* -} - -# create_ironic_accounts() - Set up common required ironic accounts - -# Tenant User Roles -# ------------------------------------------------------------------ -# service ironic admin # if enabled -function create_ironic_accounts { - - # Ironic - if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then - # Get ironic user if exists - - # NOTE(Shrews): This user MUST have admin level privileges! - create_service_user "ironic" "admin" - - if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - - get_or_create_service "ironic" "baremetal" "Ironic baremetal provisioning service" - get_or_create_endpoint "baremetal" \ - "$REGION_NAME" \ - "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ - "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" \ - "$IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT" - fi - fi -} - - -# init_ironic() - Initialize databases, etc. -function init_ironic { - # Save private network as cleaning network - local cleaning_network_uuid - cleaning_network_uuid=$(neutron net-list | grep private | get_field 1) - iniset $IRONIC_CONF_FILE neutron cleaning_network_uuid ${cleaning_network_uuid} - - # (Re)create ironic database - recreate_database ironic - - # Migrate ironic database - $IRONIC_BIN_DIR/ironic-dbsync --config-file=$IRONIC_CONF_FILE - - create_ironic_cache_dir -} - -# _ironic_bm_vm_names() - Generates list of names for baremetal VMs. -function _ironic_bm_vm_names { - local idx - local num_vms - num_vms=$(($IRONIC_VM_COUNT - 1)) - for idx in $(seq 0 $num_vms); do - echo "baremetal${IRONIC_VM_NETWORK_BRIDGE}_${idx}" - done -} - -# start_ironic() - Start running processes, including screen -function start_ironic { - # Start Ironic API server, if enabled. - if is_service_enabled ir-api; then - start_ironic_api - fi - - # Start Ironic conductor, if enabled. - if is_service_enabled ir-cond; then - start_ironic_conductor - fi - - # Start Apache if iPXE is enabled - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - restart_apache_server - fi -} - -# start_ironic_api() - Used by start_ironic(). -# Starts Ironic API server. -function start_ironic_api { - run_process ir-api "$IRONIC_BIN_DIR/ironic-api --config-file=$IRONIC_CONF_FILE" - echo "Waiting for ir-api ($IRONIC_HOSTPORT) to start..." - if ! timeout $SERVICE_TIMEOUT sh -c "while ! wget --no-proxy -q -O- $IRONIC_SERVICE_PROTOCOL://$IRONIC_HOSTPORT; do sleep 1; done"; then - die $LINENO "ir-api did not start" - fi -} - -# start_ironic_conductor() - Used by start_ironic(). -# Starts Ironic conductor. -function start_ironic_conductor { - run_process ir-cond "$IRONIC_BIN_DIR/ironic-conductor --config-file=$IRONIC_CONF_FILE" - # TODO(romcheg): Find a way to check whether the conductor has started. -} - -# stop_ironic() - Stop running processes -function stop_ironic { - stop_process ir-api - stop_process ir-cond - - # Cleanup the WSGI files - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - _cleanup_ironic_apache_wsgi - fi -} - -function create_ovs_taps { - local ironic_net_id - ironic_net_id=$(neutron net-list | grep private | get_field 1) - - # Work around: No netns exists on host until a Neutron port is created. We - # need to create one in Neutron to know what netns to tap into prior to the - # first node booting. - local port_id - port_id=$(neutron port-create private | grep " id " | get_field 2) - - # intentional sleep to make sure the tag has been set to port - sleep 10 - - local tapdev - tapdev=$(sudo ip netns exec qdhcp-${ironic_net_id} ip link list | grep " tap" | cut -d':' -f2 | cut -d'@' -f1 | cut -b2-) - local tag_id - tag_id=$(sudo ovs-vsctl show |grep ${tapdev} -A1 -m1 | grep tag | cut -d':' -f2 | cut -b2-) - - # make sure veth pair is not existing, otherwise delete its links - sudo ip link show ovs-tap1 && sudo ip link delete ovs-tap1 - sudo ip link show brbm-tap1 && sudo ip link delete brbm-tap1 - # create veth pair for future interconnection between br-int and brbm - sudo ip link add brbm-tap1 type veth peer name ovs-tap1 - sudo ip link set dev brbm-tap1 up - sudo ip link set dev ovs-tap1 up - - sudo ovs-vsctl -- --if-exists del-port ovs-tap1 -- add-port br-int ovs-tap1 tag=$tag_id - sudo ovs-vsctl -- --if-exists del-port brbm-tap1 -- add-port $IRONIC_VM_NETWORK_BRIDGE brbm-tap1 - - # Remove the port needed only for workaround. - neutron port-delete $port_id - - # Finally, share the fixed tenant network across all tenants. This allows the host - # to serve TFTP to a single network namespace via the tap device created above. - neutron net-update $ironic_net_id --shared true -} - -function create_bridge_and_vms { - # Call libvirt setup scripts in a new shell to ensure any new group membership - sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/setup-network" - if [[ "$IRONIC_VM_LOG_CONSOLE" == "True" ]] ; then - local log_arg="$IRONIC_VM_LOG_DIR" - else - local log_arg="" - fi - local vm_name - for vm_name in $(_ironic_bm_vm_names); do - sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/create-node $vm_name \ - $IRONIC_VM_SPECS_CPU $IRONIC_VM_SPECS_RAM $IRONIC_VM_SPECS_DISK \ - amd64 $IRONIC_VM_NETWORK_BRIDGE $IRONIC_VM_EMULATOR \ - $log_arg" >> $IRONIC_VM_MACS_CSV_FILE - done - create_ovs_taps -} - -function wait_for_nova_resources { - # After nodes have been enrolled, we need to wait for both ironic and - # nova's periodic tasks to populate the resource tracker with available - # nodes and resources. Wait up to 2 minutes for a given resource before - # timing out. - local resource=$1 - local expected_count=$2 - local i - echo_summary "Waiting 2 minutes for Nova resource tracker to pick up $resource >= $expected_count" - for i in $(seq 1 120); do - if [ $(nova hypervisor-stats | grep " $resource " | get_field 2) -ge $expected_count ]; then - return 0 - fi - sleep 1 - done - die $LINENO "Timed out waiting for Nova hypervisor-stats $resource >= $expected_count" -} - -function enroll_nodes { - local chassis_id - chassis_id=$(ironic chassis-create -d "ironic test chassis" | grep " uuid " | get_field 2) - - if ! is_ironic_hardware; then - local ironic_node_cpu=$IRONIC_VM_SPECS_CPU - local ironic_node_ram=$IRONIC_VM_SPECS_RAM - local ironic_node_disk=$IRONIC_VM_SPECS_DISK - local ironic_ephemeral_disk=$IRONIC_VM_EPHEMERAL_DISK - local ironic_hwinfo_file=$IRONIC_VM_MACS_CSV_FILE - local node_options="\ - -i deploy_kernel=$IRONIC_DEPLOY_KERNEL_ID \ - -i deploy_ramdisk=$IRONIC_DEPLOY_RAMDISK_ID \ - -i ssh_virt_type=$IRONIC_SSH_VIRT_TYPE \ - -i ssh_address=$IRONIC_VM_SSH_ADDRESS \ - -i ssh_port=$IRONIC_VM_SSH_PORT \ - -i ssh_username=$IRONIC_SSH_USERNAME \ - -i ssh_key_filename=$IRONIC_KEY_FILE" - else - local ironic_node_cpu=$IRONIC_HW_NODE_CPU - local ironic_node_ram=$IRONIC_HW_NODE_RAM - local ironic_node_disk=$IRONIC_HW_NODE_DISK - local ironic_ephemeral_disk=$IRONIC_HW_EPHEMERAL_DISK - if [[ -z "${IRONIC_DEPLOY_DRIVER##*_ipmitool}" ]]; then - local ironic_hwinfo_file=$IRONIC_IPMIINFO_FILE - fi - fi - - local total_nodes=0 - local total_cpus=0 - while read hardware_info; do - if ! is_ironic_hardware; then - local mac_address=$hardware_info - elif [[ -z "${IRONIC_DEPLOY_DRIVER##*_ipmitool}" ]]; then - local ipmi_address - ipmi_address=$(echo $hardware_info |awk '{print $1}') - local mac_address - mac_address=$(echo $hardware_info |awk '{print $2}') - local ironic_ipmi_username - ironic_ipmi_username=$(echo $hardware_info |awk '{print $3}') - local ironic_ipmi_passwd - ironic_ipmi_passwd=$(echo $hardware_info |awk '{print $4}') - # Currently we require all hardware platform have same CPU/RAM/DISK info - # in future, this can be enhanced to support different type, and then - # we create the bare metal flavor with minimum value - local node_options="-i ipmi_address=$ipmi_address -i ipmi_password=$ironic_ipmi_passwd\ - -i ipmi_username=$ironic_ipmi_username" - node_options+=" -i deploy_kernel=$IRONIC_DEPLOY_KERNEL_ID" - node_options+=" -i deploy_ramdisk=$IRONIC_DEPLOY_RAMDISK_ID" - fi - - # First node created will be used for testing in ironic w/o glance - # scenario, so we need to know its UUID. - local standalone_node_uuid="" - if [ $total_nodes -eq 0 ]; then - standalone_node_uuid="--uuid $IRONIC_NODE_UUID" - fi - - local node_id - node_id=$(ironic node-create $standalone_node_uuid\ - --chassis_uuid $chassis_id \ - --driver $IRONIC_DEPLOY_DRIVER \ - --name node-$total_nodes \ - -p cpus=$ironic_node_cpu\ - -p memory_mb=$ironic_node_ram\ - -p local_gb=$ironic_node_disk\ - -p cpu_arch=x86_64 \ - $node_options \ - | grep " uuid " | get_field 2) - - ironic port-create --address $mac_address --node $node_id - - total_nodes=$((total_nodes+1)) - total_cpus=$((total_cpus+$ironic_node_cpu)) - done < $ironic_hwinfo_file - - local adjusted_disk - adjusted_disk=$(($ironic_node_disk - $ironic_ephemeral_disk)) - nova flavor-create --ephemeral $ironic_ephemeral_disk baremetal auto $ironic_node_ram $adjusted_disk $ironic_node_cpu - - nova flavor-key baremetal set "cpu_arch"="x86_64" - - if [ "$VIRT_DRIVER" == "ironic" ]; then - wait_for_nova_resources "count" $total_nodes - wait_for_nova_resources "vcpus" $total_cpus - fi -} - -function configure_iptables { - # enable tftp natting for allowing connections to HOST_IP's tftp server - sudo modprobe nf_conntrack_tftp - sudo modprobe nf_nat_tftp - # explicitly allow DHCP - packets are occasionally being dropped here - sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true - # nodes boot from TFTP and callback to the API server listening on $HOST_IP - sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true - sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true - if is_deployed_by_agent; then - # agent ramdisk gets instance image from swift - sudo iptables -I INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true - fi - - if [[ "$IRONIC_IPXE_ENABLED" == "True" ]] ; then - sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_HTTP_PORT -j ACCEPT || true - fi -} - -function configure_tftpd { - # stop tftpd and setup serving via xinetd - stop_service tftpd-hpa || true - [ -f /etc/init/tftpd-hpa.conf ] && echo "manual" | sudo tee /etc/init/tftpd-hpa.override - sudo cp $IRONIC_TEMPLATES_DIR/tftpd-xinetd.template /etc/xinetd.d/tftp - sudo sed -e "s|%TFTPBOOT_DIR%|$IRONIC_TFTPBOOT_DIR|g" -i /etc/xinetd.d/tftp - - # setup tftp file mapping to satisfy requests at the root (booting) and - # /tftpboot/ sub-dir (as per deploy-ironic elements) - echo "r ^([^/]) $IRONIC_TFTPBOOT_DIR/\1" >$IRONIC_TFTPBOOT_DIR/map-file - echo "r ^(/tftpboot/) $IRONIC_TFTPBOOT_DIR/\2" >>$IRONIC_TFTPBOOT_DIR/map-file - - chmod -R 0755 $IRONIC_TFTPBOOT_DIR - restart_service xinetd -} - -function configure_ironic_ssh_keypair { - if [[ ! -d $HOME/.ssh ]]; then - mkdir -p $HOME/.ssh - chmod 700 $HOME/.ssh - fi - if [[ ! -e $IRONIC_KEY_FILE ]]; then - if [[ ! -d $(dirname $IRONIC_KEY_FILE) ]]; then - mkdir -p $(dirname $IRONIC_KEY_FILE) - fi - echo -e 'n\n' | ssh-keygen -q -t rsa -P '' -f $IRONIC_KEY_FILE - fi - cat $IRONIC_KEY_FILE.pub | tee -a $IRONIC_AUTHORIZED_KEYS_FILE -} - -function ironic_ssh_check { - local key_file=$1 - local floating_ip=$2 - local port=$3 - local default_instance_user=$4 - local active_timeout=$5 - if ! timeout $active_timeout sh -c "while ! ssh -p $port -o StrictHostKeyChecking=no -i $key_file ${default_instance_user}@$floating_ip echo success; do sleep 1; done"; then - die $LINENO "server didn't become ssh-able!" - fi -} - -function configure_ironic_auxiliary { - configure_ironic_ssh_keypair - ironic_ssh_check $IRONIC_KEY_FILE $IRONIC_VM_SSH_ADDRESS $IRONIC_VM_SSH_PORT $IRONIC_SSH_USERNAME $IRONIC_SSH_TIMEOUT -} - -function build_ipa_coreos_ramdisk { - echo "Building ironic-python-agent deploy ramdisk" - local kernel_path=$1 - local ramdisk_path=$2 - git_clone $IRONIC_PYTHON_AGENT_REPO $IRONIC_PYTHON_AGENT_DIR $IRONIC_PYTHON_AGENT_BRANCH - cd $IRONIC_PYTHON_AGENT_DIR - imagebuild/coreos/build_coreos_image.sh - cp imagebuild/coreos/UPLOAD/coreos_production_pxe_image-oem.cpio.gz $ramdisk_path - cp imagebuild/coreos/UPLOAD/coreos_production_pxe.vmlinuz $kernel_path - sudo rm -rf UPLOAD - cd - -} - -# build deploy kernel+ramdisk, then upload them to glance -# this function sets ``IRONIC_DEPLOY_KERNEL_ID``, ``IRONIC_DEPLOY_RAMDISK_ID`` -function upload_baremetal_ironic_deploy { - declare -g IRONIC_DEPLOY_KERNEL_ID IRONIC_DEPLOY_RAMDISK_ID - echo_summary "Creating and uploading baremetal images for ironic" - - # install diskimage-builder - if [[ $(type -P ramdisk-image-create) == "" ]]; then - pip_install_gr "diskimage-builder" - fi - - if [ -z "$IRONIC_DEPLOY_KERNEL" -o -z "$IRONIC_DEPLOY_RAMDISK" ]; then - local IRONIC_DEPLOY_KERNEL_PATH=$TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER.kernel - local IRONIC_DEPLOY_RAMDISK_PATH=$TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER.initramfs - else - local IRONIC_DEPLOY_KERNEL_PATH=$IRONIC_DEPLOY_KERNEL - local IRONIC_DEPLOY_RAMDISK_PATH=$IRONIC_DEPLOY_RAMDISK - fi - - if [ ! -e "$IRONIC_DEPLOY_RAMDISK_PATH" -o ! -e "$IRONIC_DEPLOY_KERNEL_PATH" ]; then - # files don't exist, need to build them - if [ "$IRONIC_BUILD_DEPLOY_RAMDISK" = "True" ]; then - # we can build them only if we're not offline - if [ "$OFFLINE" != "True" ]; then - if is_deployed_with_ipa_ramdisk; then - build_ipa_coreos_ramdisk $IRONIC_DEPLOY_KERNEL_PATH $IRONIC_DEPLOY_RAMDISK_PATH - else - ramdisk-image-create $IRONIC_DEPLOY_FLAVOR \ - -o $TOP_DIR/files/ir-deploy-$IRONIC_DEPLOY_DRIVER - fi - else - die $LINENO "Deploy kernel+ramdisk files don't exist and cannot be build in OFFLINE mode" - fi - else - if is_deployed_with_ipa_ramdisk; then - # download the agent image tarball - wget "$IRONIC_AGENT_KERNEL_URL" -O $IRONIC_DEPLOY_KERNEL_PATH - wget "$IRONIC_AGENT_RAMDISK_URL" -O $IRONIC_DEPLOY_RAMDISK_PATH - else - die $LINENO "Deploy kernel+ramdisk files don't exist and their building was disabled explicitly by IRONIC_BUILD_DEPLOY_RAMDISK" - fi - fi - fi - - local token - token=$(openstack token issue -c id -f value) - die_if_not_set $LINENO token "Keystone fail to get token" - - # load them into glance - IRONIC_DEPLOY_KERNEL_ID=$(openstack \ - --os-token $token \ - --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \ - image create \ - $(basename $IRONIC_DEPLOY_KERNEL_PATH) \ - --public --disk-format=aki \ - --container-format=aki \ - < $IRONIC_DEPLOY_KERNEL_PATH | grep ' id ' | get_field 2) - IRONIC_DEPLOY_RAMDISK_ID=$(openstack \ - --os-token $token \ - --os-url $GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT \ - image create \ - $(basename $IRONIC_DEPLOY_RAMDISK_PATH) \ - --public --disk-format=ari \ - --container-format=ari \ - < $IRONIC_DEPLOY_RAMDISK_PATH | grep ' id ' | get_field 2) -} - -function prepare_baremetal_basic_ops { - if ! is_ironic_hardware; then - configure_ironic_auxiliary - fi - upload_baremetal_ironic_deploy - if ! is_ironic_hardware; then - create_bridge_and_vms - fi - enroll_nodes - configure_tftpd - configure_iptables -} - -function cleanup_baremetal_basic_ops { - rm -f $IRONIC_VM_MACS_CSV_FILE - if [ -f $IRONIC_KEY_FILE ]; then - local key - key=$(cat $IRONIC_KEY_FILE.pub) - # remove public key from authorized_keys - grep -v "$key" $IRONIC_AUTHORIZED_KEYS_FILE > temp && mv temp $IRONIC_AUTHORIZED_KEYS_FILE - chmod 0600 $IRONIC_AUTHORIZED_KEYS_FILE - fi - sudo rm -rf $IRONIC_DATA_DIR $IRONIC_STATE_PATH - - local vm_name - for vm_name in $(_ironic_bm_vm_names); do - sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/cleanup-node $vm_name $IRONIC_VM_NETWORK_BRIDGE" - done - - sudo rm -rf /etc/xinetd.d/tftp /etc/init/tftpd-hpa.override - restart_service xinetd - sudo iptables -D INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true - sudo iptables -D INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true - if is_deployed_by_agent; then - # agent ramdisk gets instance image from swift - sudo iptables -D INPUT -d $HOST_IP -p tcp --dport ${SWIFT_DEFAULT_BIND_PORT:-8080} -j ACCEPT || true - fi - sudo rmmod nf_conntrack_tftp || true - sudo rmmod nf_nat_tftp || true -} - -# Restore xtrace + pipefail -$_XTRACE_IRONIC -$_PIPEFAIL_IRONIC - -# Tell emacs to use shell-script-mode -## Local variables: -## mode: shell-script -## End: diff --git a/stackrc b/stackrc index f949ccbad9..8e6ea42a00 100644 --- a/stackrc +++ b/stackrc @@ -225,10 +225,6 @@ HEAT_BRANCH=${HEAT_BRANCH:-master} HORIZON_REPO=${HORIZON_REPO:-${GIT_BASE}/openstack/horizon.git} HORIZON_BRANCH=${HORIZON_BRANCH:-master} -# baremetal provisioning service -IRONIC_REPO=${IRONIC_REPO:-${GIT_BASE}/openstack/ironic.git} -IRONIC_BRANCH=${IRONIC_BRANCH:-master} - # unified auth system (manages accounts/tokens) KEYSTONE_REPO=${KEYSTONE_REPO:-${GIT_BASE}/openstack/keystone.git} KEYSTONE_BRANCH=${KEYSTONE_BRANCH:-master} @@ -298,6 +294,8 @@ GITBRANCH["python-heatclient"]=${HEATCLIENT_BRANCH:-master} # ironic client GITREPO["python-ironicclient"]=${IRONICCLIENT_REPO:-${GIT_BASE}/openstack/python-ironicclient.git} GITBRANCH["python-ironicclient"]=${IRONICCLIENT_BRANCH:-master} +# ironic plugin is out of tree, but nova uses it. set GITDIR here. +GITDIR["python-ironicclient"]=$DEST/python-ironicclient # the base authentication plugins that clients use to authenticate GITREPO["keystoneauth"]=${KEYSTONEAUTH_REPO:-${GIT_BASE}/openstack/keystoneauth.git} @@ -484,6 +482,8 @@ GITBRANCH["os-brick"]=${OS_BRICK_BRANCH:-master} # ironic common lib GITREPO["ironic-lib"]=${IRONIC_LIB_REPO:-${GIT_BASE}/openstack/ironic-lib.git} GITBRANCH["ironic-lib"]=${IRONIC_LIB_BRANCH:-master} +# this doesn't exist in a lib file, so set it here +GITDIR["ironic-lib"]=$DEST/ironic-lib ################## diff --git a/tools/ironic/scripts/cleanup-node b/tools/ironic/scripts/cleanup-node deleted file mode 100755 index c4e4e706f4..0000000000 --- a/tools/ironic/scripts/cleanup-node +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/env bash - -# **cleanup-nodes** - -# Cleans up baremetal poseur nodes and volumes created during ironic setup -# Assumes calling user has proper libvirt group membership and access. - -set -exu - -LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"} -LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"} - -NAME=$1 -NETWORK_BRIDGE=$2 - -export VIRSH_DEFAULT_CONNECT_URI=$LIBVIRT_CONNECT_URI - -VOL_NAME="$NAME.qcow2" -virsh list | grep -q $NAME && virsh destroy $NAME -virsh list --inactive | grep -q $NAME && virsh undefine $NAME - -if virsh pool-list | grep -q $LIBVIRT_STORAGE_POOL ; then - virsh vol-list $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME && - virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL -fi diff --git a/tools/ironic/scripts/configure-vm b/tools/ironic/scripts/configure-vm deleted file mode 100755 index 378fcb85ad..0000000000 --- a/tools/ironic/scripts/configure-vm +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/env python - -import argparse -import os.path - -import libvirt - -templatedir = os.path.join(os.path.dirname(os.path.dirname(__file__)), - 'templates') - - -CONSOLE_LOG = """ - - - - - - - - - - - - - - - -""" - - -def main(): - parser = argparse.ArgumentParser( - description="Configure a kvm virtual machine for the seed image.") - parser.add_argument('--name', default='seed', - help='the name to give the machine in libvirt.') - parser.add_argument('--image', - help='Use a custom image file (must be qcow2).') - parser.add_argument('--engine', default='qemu', - help='The virtualization engine to use') - parser.add_argument('--arch', default='i686', - help='The architecture to use') - parser.add_argument('--memory', default='2097152', - help="Maximum memory for the VM in KB.") - parser.add_argument('--cpus', default='1', - help="CPU count for the VM.") - parser.add_argument('--bootdev', default='hd', - help="What boot device to use (hd/network).") - parser.add_argument('--network', default="brbm", - help='The libvirt network name to use') - parser.add_argument('--libvirt-nic-driver', default='e1000', - help='The libvirt network driver to use') - parser.add_argument('--console-log', - help='File to log console') - parser.add_argument('--emulator', default=None, - help='Path to emulator bin for vm template') - args = parser.parse_args() - with file(templatedir + '/vm.xml', 'rb') as f: - source_template = f.read() - params = { - 'name': args.name, - 'imagefile': args.image, - 'engine': args.engine, - 'arch': args.arch, - 'memory': args.memory, - 'cpus': args.cpus, - 'bootdev': args.bootdev, - 'network': args.network, - 'nicdriver': args.libvirt_nic_driver, - 'emulator': args.emulator, - } - - if args.emulator: - params['emulator'] = args.emulator - else: - if os.path.exists("/usr/bin/kvm"): # Debian - params['emulator'] = "/usr/bin/kvm" - elif os.path.exists("/usr/bin/qemu-kvm"): # Redhat - params['emulator'] = "/usr/bin/qemu-kvm" - - if args.console_log: - params['bios_serial'] = "" - params['console_log'] = CONSOLE_LOG % {'console_log': args.console_log} - else: - params['bios_serial'] = '' - params['console_log'] = '' - libvirt_template = source_template % params - conn = libvirt.open("qemu:///system") - - a = conn.defineXML(libvirt_template) - print ("Created machine %s with UUID %s" % (args.name, a.UUIDString())) - -if __name__ == '__main__': - main() diff --git a/tools/ironic/scripts/create-node b/tools/ironic/scripts/create-node deleted file mode 100755 index b018acddc9..0000000000 --- a/tools/ironic/scripts/create-node +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env bash - -# **create-nodes** - -# Creates baremetal poseur nodes for ironic testing purposes - -set -ex - -# Keep track of the DevStack directory -TOP_DIR=$(cd $(dirname "$0")/.. && pwd) - -NAME=$1 -CPU=$2 -MEM=$(( 1024 * $3 )) -# Extra G to allow fuzz for partition table : flavor size and registered size -# need to be different to actual size. -DISK=$(( $4 + 1)) - -case $5 in - i386) ARCH='i686' ;; - amd64) ARCH='x86_64' ;; - *) echo "Unsupported arch $4!" ; exit 1 ;; -esac - -BRIDGE=$6 -EMULATOR=$7 -LOGDIR=$8 - -LIBVIRT_NIC_DRIVER=${LIBVIRT_NIC_DRIVER:-"e1000"} -LIBVIRT_STORAGE_POOL=${LIBVIRT_STORAGE_POOL:-"default"} -LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"} - -export VIRSH_DEFAULT_CONNECT_URI=$LIBVIRT_CONNECT_URI - -if ! virsh pool-list --all | grep -q $LIBVIRT_STORAGE_POOL; then - virsh pool-define-as --name $LIBVIRT_STORAGE_POOL dir --target /var/lib/libvirt/images >&2 - virsh pool-autostart $LIBVIRT_STORAGE_POOL >&2 - virsh pool-start $LIBVIRT_STORAGE_POOL >&2 -fi - -pool_state=$(virsh pool-info $LIBVIRT_STORAGE_POOL | grep State | awk '{ print $2 }') -if [ "$pool_state" != "running" ] ; then - [ ! -d /var/lib/libvirt/images ] && sudo mkdir /var/lib/libvirt/images - virsh pool-start $LIBVIRT_STORAGE_POOL >&2 -fi - -if [ -n "$LOGDIR" ] ; then - mkdir -p "$LOGDIR" -fi - -PREALLOC= -if [ -f /etc/debian_version ]; then - PREALLOC="--prealloc-metadata" -fi - -if [ -n "$LOGDIR" ] ; then - VM_LOGGING="--console-log $LOGDIR/${NAME}_console.log" -else - VM_LOGGING="" -fi -VOL_NAME="${NAME}.qcow2" - -if ! virsh list --all | grep -q $NAME; then - virsh vol-list --pool $LIBVIRT_STORAGE_POOL | grep -q $VOL_NAME && - virsh vol-delete $VOL_NAME --pool $LIBVIRT_STORAGE_POOL >&2 - virsh vol-create-as $LIBVIRT_STORAGE_POOL ${VOL_NAME} ${DISK}G --format qcow2 $PREALLOC >&2 - volume_path=$(virsh vol-path --pool $LIBVIRT_STORAGE_POOL $VOL_NAME) - # Pre-touch the VM to set +C, as it can only be set on empty files. - sudo touch "$volume_path" - sudo chattr +C "$volume_path" || true - $TOP_DIR/scripts/configure-vm \ - --bootdev network --name $NAME --image "$volume_path" \ - --arch $ARCH --cpus $CPU --memory $MEM --libvirt-nic-driver $LIBVIRT_NIC_DRIVER \ - --emulator $EMULATOR --network $BRIDGE $VM_LOGGING >&2 - -fi - -# echo mac -virsh dumpxml $NAME | grep "mac address" | head -1 | cut -d\' -f2 diff --git a/tools/ironic/scripts/setup-network b/tools/ironic/scripts/setup-network deleted file mode 100755 index 83308ed416..0000000000 --- a/tools/ironic/scripts/setup-network +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash - -# **setup-network** - -# Setups openvswitch libvirt network suitable for -# running baremetal poseur nodes for ironic testing purposes - -set -exu - -LIBVIRT_CONNECT_URI=${LIBVIRT_CONNECT_URI:-"qemu:///system"} - -# Keep track of the DevStack directory -TOP_DIR=$(cd $(dirname "$0")/.. && pwd) -BRIDGE_SUFFIX=${1:-''} -BRIDGE_NAME=brbm$BRIDGE_SUFFIX - -export VIRSH_DEFAULT_CONNECT_URI="$LIBVIRT_CONNECT_URI" - -# Only add bridge if missing -(sudo ovs-vsctl list-br | grep ${BRIDGE_NAME}$) || sudo ovs-vsctl add-br ${BRIDGE_NAME} - -# Remove bridge before replacing it. -(virsh net-list | grep "${BRIDGE_NAME} ") && virsh net-destroy ${BRIDGE_NAME} -(virsh net-list --inactive | grep "${BRIDGE_NAME} ") && virsh net-undefine ${BRIDGE_NAME} - -virsh net-define <(sed s/brbm/$BRIDGE_NAME/ $TOP_DIR/templates/brbm.xml) -virsh net-autostart ${BRIDGE_NAME} -virsh net-start ${BRIDGE_NAME} diff --git a/tools/ironic/templates/brbm.xml b/tools/ironic/templates/brbm.xml deleted file mode 100644 index 0769d3f1d0..0000000000 --- a/tools/ironic/templates/brbm.xml +++ /dev/null @@ -1,6 +0,0 @@ - - brbm - - - - diff --git a/tools/ironic/templates/tftpd-xinetd.template b/tools/ironic/templates/tftpd-xinetd.template deleted file mode 100644 index 5f3d03f3bb..0000000000 --- a/tools/ironic/templates/tftpd-xinetd.template +++ /dev/null @@ -1,14 +0,0 @@ -service tftp -{ - protocol = udp - port = 69 - socket_type = dgram - wait = yes - user = root - server = /usr/sbin/in.tftpd - server_args = -v -v -v -v -v --map-file %TFTPBOOT_DIR%/map-file %TFTPBOOT_DIR% - disable = no - # This is a workaround for Fedora, where TFTP will listen only on - # IPv6 endpoint, if IPv4 flag is not used. - flags = IPv4 -} diff --git a/tools/ironic/templates/vm.xml b/tools/ironic/templates/vm.xml deleted file mode 100644 index ae7d685256..0000000000 --- a/tools/ironic/templates/vm.xml +++ /dev/null @@ -1,49 +0,0 @@ - - %(name)s - %(memory)s - %(cpus)s - - hvm - - - %(bios_serial)s - - - - - - - - destroy - restart - restart - - %(emulator)s - - - - -
- - -
- - - - - -
- - - -