From b8f228620f6ad038ab8f31db861580f5e664a280 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Ribaud?= Date: Mon, 24 Apr 2023 14:22:01 +0200 Subject: [PATCH 001/149] Add manila service to configuration Manila is a service in OpenStack that enables shared filesystems. The modifications add the manila section in nova configuration files enabling the virtiofs feature. Implements: blueprint libvirt-virtiofs-attach-manila-shares Change-Id: Ia17c7a136cbe83efa1ef4e302d1c404034a50cda --- lib/nova | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/lib/nova b/lib/nova index f34e823074..f5f002dd10 100644 --- a/lib/nova +++ b/lib/nova @@ -507,6 +507,10 @@ function create_nova_conf { configure_cinder_access fi + if is_service_enabled manila; then + configure_manila_access + fi + if [ -n "$NOVA_STATE_PATH" ]; then iniset $NOVA_CONF DEFAULT state_path "$NOVA_STATE_PATH" iniset $NOVA_CONF oslo_concurrency lock_path "$NOVA_STATE_PATH" @@ -652,6 +656,18 @@ function configure_cinder_access { fi } +# Configure access to manila. +function configure_manila_access { + iniset $NOVA_CONF manila os_region_name "$REGION_NAME" + iniset $NOVA_CONF manila auth_type "password" + iniset $NOVA_CONF manila auth_url "$KEYSTONE_SERVICE_URI" + iniset $NOVA_CONF manila username nova + iniset $NOVA_CONF manila password "$SERVICE_PASSWORD" + iniset $NOVA_CONF manila user_domain_name "$SERVICE_DOMAIN_NAME" + iniset $NOVA_CONF manila project_name "$SERVICE_TENANT_NAME" + iniset $NOVA_CONF manila project_domain_name "$SERVICE_DOMAIN_NAME" +} + function configure_console_compute { # If we are running multiple cells (and thus multiple console proxies) on a # single host, we offset the ports to avoid collisions. We need to From e825ba07a1b88ab0570053f92123aa451e4b2ec8 Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Wed, 26 Jun 2024 18:10:43 +0200 Subject: [PATCH 002/149] Create parent directory in merge_config_file The code accounts for the config file not existing but it does not account for the parent directory missing. This is currently breaking any Ironic jobs that disable Nova. Change-Id: Ia5fcfe6c63f5cc40b11f7e1f3be244d7897f26f6 --- inc/meta-config | 1 + 1 file changed, 1 insertion(+) diff --git a/inc/meta-config b/inc/meta-config index be73b60800..b9d9649e4b 100644 --- a/inc/meta-config +++ b/inc/meta-config @@ -90,6 +90,7 @@ function merge_config_file { local real_configfile real_configfile=$(eval echo $configfile) if [ ! -f $real_configfile ]; then + mkdir -p $(dirname $real_configfile) || die $LINENO "could not create the directory of $real_configfile ($configfile)" touch $real_configfile || die $LINENO "could not create config file $real_configfile ($configfile)" fi From 31980e436b73db18297a295969069cf00bd43754 Mon Sep 17 00:00:00 2001 From: Jan Hartkopf Date: Mon, 10 Oct 2022 10:40:38 +0200 Subject: [PATCH 003/149] Configure option backup_ceph_max_snapshots in Cinder backup Sets the config option backup_ceph_max_snapshots for the Cinder Ceph backup driver to the specified value. Depends-On: https://review.opendev.org/c/openstack/cinder/+/810457 Signed-off-by: Jan Hartkopf Change-Id: I9e12e395288db1fe59490b4075bb2d933ccd4d78 --- lib/cinder_backups/ceph | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/cinder_backups/ceph b/lib/cinder_backups/ceph index 4b180490d7..ea9b44fe8c 100644 --- a/lib/cinder_backups/ceph +++ b/lib/cinder_backups/ceph @@ -19,6 +19,7 @@ set +o xtrace # Defaults # -------- +CINDER_BAK_CEPH_MAX_SNAPSHOTS=${CINDER_BAK_CEPH_MAX_SNAPSHOTS:-0} CINDER_BAK_CEPH_POOL=${CINDER_BAK_CEPH_POOL:-backups} CINDER_BAK_CEPH_POOL_PG=${CINDER_BAK_CEPH_POOL_PG:-8} CINDER_BAK_CEPH_POOL_PGP=${CINDER_BAK_CEPH_POOL_PGP:-8} @@ -38,6 +39,7 @@ function configure_cinder_backup_ceph { iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.ceph.CephBackupDriver" iniset $CINDER_CONF DEFAULT backup_ceph_conf "$CEPH_CONF_FILE" + iniset $CINDER_CONF DEFAULT backup_ceph_max_snapshots "$CINDER_BAK_CEPH_MAX_SNAPSHOTS" iniset $CINDER_CONF DEFAULT backup_ceph_pool "$CINDER_BAK_CEPH_POOL" iniset $CINDER_CONF DEFAULT backup_ceph_user "$CINDER_BAK_CEPH_USER" iniset $CINDER_CONF DEFAULT backup_ceph_stripe_unit 0 From 9f9dccd608d5415e0de988a2aa0e74d049038e2a Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Mon, 7 Oct 2024 11:57:58 -0700 Subject: [PATCH 004/149] Switch devstack nodeset to Ubuntu 24.04 (Noble) Ref: https://governance.openstack.org/tc/goals/selected/migrate-ci-jobs-to-ubuntu-noble.html Change-Id: I7ac8f9443c386e56c4ca45a171e104f0b350bc7f --- .zuul.yaml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index a1c251a398..6a6b686ac1 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -439,7 +439,7 @@ description: | Minimal devstack base job, intended for use by jobs that need less than the normal minimum set of required-projects. - nodeset: openstack-single-node-jammy + nodeset: openstack-single-node-noble required-projects: - opendev.org/openstack/requirements vars: @@ -686,7 +686,7 @@ - job: name: devstack-multinode parent: devstack - nodeset: openstack-two-node-jammy + nodeset: openstack-two-node-noble description: | Simple multinode test to verify multinode functionality on devstack side. This is not meant to be used as a parent job. @@ -727,18 +727,18 @@ configure_swap_size: 4096 - job: - name: devstack-platform-ubuntu-noble + name: devstack-platform-ubuntu-jammy parent: tempest-full-py3 - description: Ubuntu 24.04 LTS (noble) platform test - nodeset: openstack-single-node-noble + description: Ubuntu 22.04 LTS (Jammy) platform test + nodeset: openstack-single-node-jammy timeout: 9000 vars: configure_swap_size: 8192 - job: - name: devstack-platform-ubuntu-jammy-ovn-source - parent: devstack-platform-ubuntu-jammy - description: Ubuntu 22.04 LTS (jammy) platform test (OVN from source) + name: devstack-platform-ubuntu-noble-ovn-source + parent: devstack-platform-ubuntu-noble + description: Ubuntu 24.04 LTS (noble) platform test (OVN from source) voting: false vars: devstack_localrc: @@ -748,10 +748,10 @@ OVS_SYSCONFDIR: "/usr/local/etc/openvswitch" - job: - name: devstack-platform-ubuntu-jammy-ovs + name: devstack-platform-ubuntu-noble-ovs parent: tempest-full-py3 - description: Ubuntu 22.04 LTS (jammy) platform test (OVS) - nodeset: openstack-single-node-jammy + description: Ubuntu 24.04 LTS (noble) platform test (OVS) + nodeset: openstack-single-node-noble voting: false timeout: 9000 vars: @@ -853,7 +853,7 @@ - job: name: devstack-unit-tests - nodeset: ubuntu-jammy + nodeset: ubuntu-noble description: | Runs unit tests on devstack project. @@ -873,9 +873,9 @@ - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm - devstack-platform-rocky-blue-onyx - - devstack-platform-ubuntu-jammy-ovn-source - - devstack-platform-ubuntu-jammy-ovs - - devstack-platform-ubuntu-noble + - devstack-platform-ubuntu-noble-ovn-source + - devstack-platform-ubuntu-noble-ovs + - devstack-platform-ubuntu-jammy - devstack-multinode - devstack-unit-tests - openstack-tox-bashate @@ -1002,6 +1002,6 @@ - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm - devstack-platform-rocky-blue-onyx - - devstack-platform-ubuntu-jammy-ovn-source - - devstack-platform-ubuntu-jammy-ovs - - devstack-platform-ubuntu-noble + - devstack-platform-ubuntu-noble-ovn-source + - devstack-platform-ubuntu-noble-ovs + - devstack-platform-ubuntu-jammy From e1465f1d73ad146c820d047932af1410dbc18675 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Fri, 11 Oct 2024 15:38:42 +0100 Subject: [PATCH 005/149] lib/placement: Remove support for deploying with mod_wsgi Change-Id: If17deabc35d35dca1d94b0d15d258769f347b130 Signed-off-by: Stephen Finucane --- files/apache-placement-api.template | 27 ----------------- lib/placement | 47 ++--------------------------- 2 files changed, 3 insertions(+), 71 deletions(-) delete mode 100644 files/apache-placement-api.template diff --git a/files/apache-placement-api.template b/files/apache-placement-api.template deleted file mode 100644 index 011abb95fc..0000000000 --- a/files/apache-placement-api.template +++ /dev/null @@ -1,27 +0,0 @@ -# NOTE(sbauza): This virtualhost is only here because some directives can -# only be set by a virtualhost or server context, so that's why the port is not bound. -# TODO(sbauza): Find a better way to identify a free port that is not corresponding to an existing -# vhost. - - WSGIDaemonProcess placement-api processes=%APIWORKERS% threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV% - WSGIProcessGroup placement-api - WSGIScriptAlias / %PUBLICWSGI% - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%M" - - ErrorLog /var/log/%APACHE_NAME%/placement-api.log - %SSLENGINE% - %SSLCERTFILE% - %SSLKEYFILE% - - -Alias /placement %PUBLICWSGI% - - SetHandler wsgi-script - Options +ExecCGI - WSGIProcessGroup placement-api - WSGIApplicationGroup %{GLOBAL} - WSGIPassAuthorization On - diff --git a/lib/placement b/lib/placement index 63fdfb6c1a..6297ab24fe 100644 --- a/lib/placement +++ b/lib/placement @@ -71,32 +71,6 @@ function cleanup_placement { remove_uwsgi_config "$PLACEMENT_UWSGI_CONF" "placement-api" } -# _config_placement_apache_wsgi() - Set WSGI config files -function _config_placement_apache_wsgi { - local placement_api_apache_conf - local venv_path="" - local placement_bin_dir="" - placement_bin_dir=$(get_python_exec_prefix) - placement_api_apache_conf=$(apache_site_config_for placement-api) - - if [[ ${USE_VENV} = True ]]; then - venv_path="python-path=${PROJECT_VENV["placement"]}/lib/$(python_version)/site-packages" - placement_bin_dir=${PROJECT_VENV["placement"]}/bin - fi - - sudo cp $FILES/apache-placement-api.template $placement_api_apache_conf - sudo sed -e " - s|%APACHE_NAME%|$APACHE_NAME|g; - s|%PUBLICWSGI%|$placement_bin_dir/placement-api|g; - s|%SSLENGINE%|$placement_ssl|g; - s|%SSLCERTFILE%|$placement_certfile|g; - s|%SSLKEYFILE%|$placement_keyfile|g; - s|%USER%|$STACK_USER|g; - s|%VIRTUALENV%|$venv_path|g - s|%APIWORKERS%|$API_WORKERS|g - " -i $placement_api_apache_conf -} - # create_placement_conf() - Write config function create_placement_conf { rm -f $PLACEMENT_CONF @@ -112,11 +86,7 @@ function configure_placement { sudo install -d -o $STACK_USER $PLACEMENT_CONF_DIR create_placement_conf - if [[ "$WSGI_MODE" == "uwsgi" ]]; then - write_uwsgi_config "$PLACEMENT_UWSGI_CONF" "$PLACEMENT_UWSGI" "/placement" - else - _config_placement_apache_wsgi - fi + write_uwsgi_config "$PLACEMENT_UWSGI_CONF" "$PLACEMENT_UWSGI" "/placement" if [[ "$PLACEMENT_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == "True" ]]; then iniset $PLACEMENT_CONF oslo_policy enforce_new_defaults True iniset $PLACEMENT_CONF oslo_policy enforce_scope True @@ -147,7 +117,6 @@ function init_placement { # install_placement() - Collect source and prepare function install_placement { - install_apache_wsgi # Install the openstackclient placement client plugin for CLI pip_install_gr osc-placement git_clone $PLACEMENT_REPO $PLACEMENT_DIR $PLACEMENT_BRANCH @@ -156,12 +125,7 @@ function install_placement { # start_placement_api() - Start the API processes ahead of other things function start_placement_api { - if [[ "$WSGI_MODE" == "uwsgi" ]]; then - run_process "placement-api" "$(which uwsgi) --procname-prefix placement --ini $PLACEMENT_UWSGI_CONF" - else - enable_apache_site placement-api - restart_apache_server - fi + run_process "placement-api" "$(which uwsgi) --procname-prefix placement --ini $PLACEMENT_UWSGI_CONF" echo "Waiting for placement-api to start..." if ! wait_for_service $SERVICE_TIMEOUT $PLACEMENT_SERVICE_PROTOCOL://$PLACEMENT_SERVICE_HOST/placement; then @@ -175,12 +139,7 @@ function start_placement { # stop_placement() - Disable the api service and stop it. function stop_placement { - if [[ "$WSGI_MODE" == "uwsgi" ]]; then - stop_process "placement-api" - else - disable_apache_site placement-api - restart_apache_server - fi + stop_process "placement-api" } # Restore xtrace From 169be464c2ac1c5fc16396e1c320465c4ce6a658 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Fri, 11 Oct 2024 15:42:10 +0100 Subject: [PATCH 006/149] lib/keystone: Remove support for deploying with mod_wsgi Change-Id: I2409385a87ee7cc7869bba9711bf95ab5fe77dc7 Signed-off-by: Stephen Finucane --- lib/keystone | 46 ++++++---------------------------------------- 1 file changed, 6 insertions(+), 40 deletions(-) diff --git a/lib/keystone b/lib/keystone index 7d6b05fd41..8f4f4b1366 100644 --- a/lib/keystone +++ b/lib/keystone @@ -51,15 +51,6 @@ KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public -# KEYSTONE_DEPLOY defines how keystone is deployed, allowed values: -# - mod_wsgi : Run keystone under Apache HTTPd mod_wsgi -# - uwsgi : Run keystone under uwsgi -if [[ "$WSGI_MODE" == "uwsgi" ]]; then - KEYSTONE_DEPLOY=uwsgi -else - KEYSTONE_DEPLOY=mod_wsgi -fi - # Select the Identity backend driver KEYSTONE_IDENTITY_BACKEND=${KEYSTONE_IDENTITY_BACKEND:-sql} @@ -144,15 +135,9 @@ function is_keystone_enabled { # cleanup_keystone() - Remove residual data files, anything left over from previous # runs that a clean run would need to clean up function cleanup_keystone { - if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then - # These files will be created if we are running WSGI_MODE="mod_wsgi" - disable_apache_site keystone - sudo rm -f $(apache_site_config_for keystone) - else - stop_process "keystone" - remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "keystone-wsgi-public" - sudo rm -f $(apache_site_config_for keystone-wsgi-public) - fi + stop_process "keystone" + remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "keystone-wsgi-public" + sudo rm -f $(apache_site_config_for keystone-wsgi-public) } # _config_keystone_apache_wsgi() - Set WSGI config files of Keystone @@ -241,12 +226,7 @@ function configure_keystone { iniset $KEYSTONE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL - if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then - iniset $KEYSTONE_CONF DEFAULT logging_exception_prefix "%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s" - _config_keystone_apache_wsgi - else # uwsgi - write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" - fi + write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" iniset $KEYSTONE_CONF DEFAULT max_token_size 16384 @@ -543,10 +523,6 @@ function install_keystone { if is_service_enabled ldap; then setup_develop $KEYSTONE_DIR ldap fi - - if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then - install_apache_wsgi - fi } # start_keystone() - Start running processes @@ -559,12 +535,7 @@ function start_keystone { auth_protocol="http" fi - if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then - enable_apache_site keystone - restart_apache_server - else # uwsgi - run_process keystone "$(which uwsgi) --procname-prefix keystone --ini $KEYSTONE_PUBLIC_UWSGI_CONF" "" - fi + run_process keystone "$(which uwsgi) --procname-prefix keystone --ini $KEYSTONE_PUBLIC_UWSGI_CONF" "" echo "Waiting for keystone to start..." # Check that the keystone service is running. Even if the tls tunnel @@ -589,12 +560,7 @@ function start_keystone { # stop_keystone() - Stop running processes function stop_keystone { - if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then - disable_apache_site keystone - restart_apache_server - else - stop_process keystone - fi + stop_process keystone } # bootstrap_keystone() - Initialize user, role and project From 2fdb729e04e8227ac5bfe619df20c1854bf255bc Mon Sep 17 00:00:00 2001 From: Jay Faulkner Date: Tue, 12 Nov 2024 15:02:15 -0800 Subject: [PATCH 007/149] Use venv module for PROJECT_VENV building Currently, if USE_VENV=True, PROJECT_VENVs are initialized using the tools/build_venv.sh script; this script depends on the virtualenv module, which is much less commonly available than the built-in venv module which we already use many places. This changes the build_venv.sh script to use `python -m venv` instead. Needed-By: https://review.opendev.org/c/openstack/ironic/+/930776 Change-Id: I89fa2c0c4261e715064e77a766d98a34299532b3 --- tools/build_venv.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/build_venv.sh b/tools/build_venv.sh index cfa39a82e0..a439163b5d 100755 --- a/tools/build_venv.sh +++ b/tools/build_venv.sh @@ -38,7 +38,7 @@ if [[ -z "$TOP_DIR" ]]; then fi # Build new venv -virtualenv $VENV_DEST +python$PYTHON3_VERSION -m venv --system-site-packages $VENV_DEST # Install modern pip PIP_VIRTUAL_ENV=$VENV_DEST pip_install -U pip From f41479f370e75c7ea7f17a62135f3af99b91c781 Mon Sep 17 00:00:00 2001 From: Joel Capitao Date: Mon, 30 Sep 2024 15:14:20 +0200 Subject: [PATCH 008/149] Pull RDO Trunk repos when CentOS Stream official RPM not available The RDO project releases centos-release-openstack-* RPM a couple of weeks after the OpenStack upstream project cut master branch. In order to fill the gap in the meantime, we have to pull the repos from RDO Trunk. Change-Id: If95a687f2d7579779129eeb689cfa46b92450dc5 --- stack.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/stack.sh b/stack.sh index dcfd398c01..bfa0573f21 100755 --- a/stack.sh +++ b/stack.sh @@ -308,8 +308,11 @@ function _install_rdo { # adding delorean-deps repo to provide current master rpms sudo wget https://trunk.rdoproject.org/centos9-master/delorean-deps.repo -O /etc/yum.repos.d/delorean-deps.repo else - # For stable/unmaintained branches use corresponding release rpm - sudo dnf -y install centos-release-openstack-${rdo_release} + if sudo dnf provides centos-release-openstack-${rdo_release} >/dev/null 2>&1; then + sudo dnf -y install centos-release-openstack-${rdo_release} + else + sudo wget https://trunk.rdoproject.org/centos9-${rdo_release}/delorean-deps.repo -O /etc/yum.repos.d/delorean-deps.repo + fi fi fi sudo dnf -y update From c6c5e12f6b1b5f7dac3d9f942c5ab8135618112d Mon Sep 17 00:00:00 2001 From: Joel Capitao Date: Wed, 13 Nov 2024 10:33:28 +0100 Subject: [PATCH 009/149] Revert "Use SETUPTOOLS_USE_DISTUTILS=stdlib for global pip installs" This partially reverts commit 18b4251bf4f689923a19bf7fbc50d5c2ea422b21. Support for loading distutils from the standard library is now deprecated since v70.3.0 [1]. It was needed initially to ease the transition and can be removed now. [1] https://setuptools.pypa.io/en/latest/history.html#v70-3-0 Change-Id: Ib929219ae81b802a4632963ef71a258edf4deee5 --- inc/python | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/inc/python b/inc/python index 2083b74dc1..c94e5a4952 100644 --- a/inc/python +++ b/inc/python @@ -199,13 +199,7 @@ function pip_install { echo "Using python $PYTHON3_VERSION to install $package_dir" else local cmd_pip="python$PYTHON3_VERSION -m pip" - # See - # https://github.com/pypa/setuptools/issues/2232 - # http://lists.openstack.org/pipermail/openstack-discuss/2020-August/016905.html - # this makes setuptools >=50 use the platform distutils. - # We only want to do this on global pip installs, not if - # installing in a virtualenv - local sudo_pip="sudo -H LC_ALL=en_US.UTF-8 SETUPTOOLS_USE_DISTUTILS=stdlib " + local sudo_pip="sudo -H LC_ALL=en_US.UTF-8" echo "Using python $PYTHON3_VERSION to install $package_dir" fi From b8cd9d11730206eb81c08b6d181503068b93c1d5 Mon Sep 17 00:00:00 2001 From: Abhishek Kekane Date: Thu, 7 Nov 2024 08:27:13 +0000 Subject: [PATCH 010/149] Support for s3 backend of glance This commit introduces support for s3 backend for glance. You can enabled it in your deployment by adding below options in your local.conf file. For single store support: enable_service s3api s-proxy s-account s-container disable_service tls-proxy GLANCE_USE_S3 = True For multistore support: enable_service s3api s-proxy s-account s-container disable_service tls-proxy GLANCE_USE_S3 = True GLANCE_ENABLE_MULTIPLE_STORES: True NOTE: At the moment devstack does not support tls with s3, this support will be added soon. Needed-By: https://review.opendev.org/c/openstack/glance/+/934311 Change-Id: Ic7264dc7faccb5e68c8df3b929eaa6d04149c6a2 --- lib/glance | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 57 insertions(+), 4 deletions(-) diff --git a/lib/glance b/lib/glance index 2eb4954f4a..5c3643d008 100644 --- a/lib/glance +++ b/lib/glance @@ -41,6 +41,12 @@ else GLANCE_BIN_DIR=$(get_python_exec_prefix) fi +#S3 for Glance +GLANCE_USE_S3=$(trueorfalse False GLANCE_USE_S3) +GLANCE_S3_DEFAULT_BACKEND=${GLANCE_S3_DEFAULT_BACKEND:-s3_fast} +GLANCE_S3_BUCKET_ON_PUT=$(trueorfalse True GLANCE_S3_BUCKET_ON_PUT) +GLANCE_S3_BUCKET_NAME=${GLANCE_S3_BUCKET_NAME:-images} + # Cinder for Glance USE_CINDER_FOR_GLANCE=$(trueorfalse False USE_CINDER_FOR_GLANCE) # GLANCE_CINDER_DEFAULT_BACKEND should be one of the values @@ -174,6 +180,34 @@ function cleanup_glance { remove_uwsgi_config "$GLANCE_UWSGI_CONF" "glance-wsgi-api" } +# Set multiple s3 store related config options +# +function configure_multiple_s3_stores { + enabled_backends="${GLANCE_S3_DEFAULT_BACKEND}:s3" + + iniset $GLANCE_API_CONF DEFAULT enabled_backends ${enabled_backends} + iniset $GLANCE_API_CONF glance_store default_backend $GLANCE_S3_DEFAULT_BACKEND +} + +# Set common S3 store options to given config section +# +# Arguments: +# config_section +# +function set_common_s3_store_params { + local config_section="$1" + openstack ec2 credential create + iniset $GLANCE_API_CONF $config_section s3_store_host "$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:$S3_SERVICE_PORT" + iniset $GLANCE_API_CONF $config_section s3_store_access_key "$(openstack ec2 credential list -c Access -f value)" + iniset $GLANCE_API_CONF $config_section s3_store_secret_key "$(openstack ec2 credential list -c Secret -f value)" + iniset $GLANCE_API_CONF $config_section s3_store_create_bucket_on_put $GLANCE_S3_BUCKET_ON_PUT + iniset $GLANCE_API_CONF $config_section s3_store_bucket $GLANCE_S3_BUCKET_NAME + iniset $GLANCE_API_CONF $config_section s3_store_bucket_url_format "path" + if is_service_enabled tls-proxy; then + iniset $GLANCE_API_CONF $config_section s3_store_cacert $SSL_BUNDLE_FILE + fi +} + # Set multiple cinder store related config options for each of the cinder store # function configure_multiple_cinder_stores { @@ -258,7 +292,6 @@ function configure_glance_store { local be if [[ "$glance_enable_multiple_stores" == "False" ]]; then - # Configure traditional glance_store if [[ "$use_cinder_for_glance" == "True" ]]; then # set common glance_store parameters iniset $GLANCE_API_CONF glance_store stores "cinder,file,http" @@ -281,7 +314,7 @@ function configure_glance_store { if [[ "$use_cinder_for_glance" == "True" ]]; then # Configure multiple cinder stores for glance configure_multiple_cinder_stores - else + elif ! is_service_enabled s-proxy && [[ "$GLANCE_USE_S3" == "False" ]]; then # Configure multiple file stores for glance configure_multiple_file_stores fi @@ -360,8 +393,15 @@ function configure_glance { # No multiple stores for swift yet if [[ "$GLANCE_ENABLE_MULTIPLE_STORES" == "False" ]]; then - # Store the images in swift if enabled. - if is_service_enabled s-proxy; then + # Return if s3api is enabled for glance + if [[ "$GLANCE_USE_S3" == "True" ]]; then + if is_service_enabled s3api; then + # set common glance_store parameters + iniset $GLANCE_API_CONF glance_store stores "s3,file,http" + iniset $GLANCE_API_CONF glance_store default_store s3 + fi + elif is_service_enabled s-proxy; then + # Store the images in swift if enabled. iniset $GLANCE_API_CONF glance_store default_store swift iniset $GLANCE_API_CONF glance_store swift_store_create_container_on_put True @@ -379,6 +419,12 @@ function configure_glance { iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_address $KEYSTONE_SERVICE_URI/v3 iniset $GLANCE_SWIFT_STORE_CONF ref1 auth_version 3 fi + else + if [[ "$GLANCE_USE_S3" == "True" ]]; then + if is_service_enabled s3api; then + configure_multiple_s3_stores + fi + fi fi # We need to tell glance what it's public endpoint is so that the version @@ -484,6 +530,13 @@ function create_glance_accounts { configure_glance_quotas fi + if is_service_enabled s3api && [[ "$GLANCE_USE_S3" == "True" ]]; then + if [[ "$GLANCE_ENABLE_MULTIPLE_STORES" == "False" ]]; then + set_common_s3_store_params glance_store + else + set_common_s3_store_params $GLANCE_S3_DEFAULT_BACKEND + fi + fi fi } From 3f1cd9b076b1338d42031e3801cb6316d169c51e Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Tue, 19 Nov 2024 10:50:05 +0000 Subject: [PATCH 011/149] Remove the Neutron WSGI experimental jobs Neutron is moving all the jobs to use the Neutron API WSGI module, thus this module is no longer an experimental configuration. Change-Id: Iaf708cd5e6ab414b262a0daecb3909ace2376f68 --- .zuul.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index b5477d1a8f..3632dc03e8 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -956,15 +956,6 @@ # things, this job is not experimental but often is used to test # things that are not yet production ready or to test what will be # the new default after a deprecation period has ended. - # * neutron-fullstack-with-uwsgi: maintained by neutron for fullstack test - # when neutron-api is served by uwsgi, it's in exprimental for testing. - # the next cycle we can remove this job if things turn out to be - # stable enough. - # * neutron-functional-with-uwsgi: maintained by neutron for functional - # test. Next cycle we can remove this one if things turn out to be - # stable engouh with uwsgi. - # * neutron-ovn-tempest-with-uwsgi: maintained by neutron for tempest test. - # Next cycle we can remove this if everything run out stable enough. # * nova-multi-cell: maintained by nova and now is voting in the # check queue for nova changes but relies on devstack configuration @@ -972,9 +963,6 @@ jobs: - nova-multi-cell - nova-next - - neutron-fullstack-with-uwsgi - - neutron-functional-with-uwsgi - - neutron-ovn-tempest-with-uwsgi - devstack-plugin-ceph-tempest-py3: irrelevant-files: - ^.*\.rst$ From df0bfe4d5c3519d5c4deb5033bec2217c90c9425 Mon Sep 17 00:00:00 2001 From: 0weng Date: Tue, 12 Nov 2024 11:44:13 -0800 Subject: [PATCH 012/149] Doc: Fix variable name in logging config example $LOGDIR --> $DEST Change-Id: I461422f48525edf4ecb388b2f962edb03795db50 --- doc/source/configuration.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index 9a1fd4e179..3cfba716ca 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -323,7 +323,7 @@ a file, keep service logs and disable color in the stored files. [[local|localrc]] DEST=/opt/stack/ - LOGFILE=$LOGDIR/stack.sh.log + LOGFILE=$DEST/stack.sh.log LOG_COLOR=False Database Backend From c1eeb773a85b0485b6329e325ac1685d8e3b2dc4 Mon Sep 17 00:00:00 2001 From: Artem Goncharov Date: Thu, 10 Oct 2024 15:26:52 +0200 Subject: [PATCH 013/149] lib/keystone: Migrate Keystone to WSGI module path Depends-on: https://review.opendev.org/c/openstack/keystone/+/932060 Change-Id: I10bea74fb0bce1888d324a61f23c25b8f7082e97 --- lib/keystone | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/keystone b/lib/keystone index 8f4f4b1366..76e2598ba3 100644 --- a/lib/keystone +++ b/lib/keystone @@ -49,7 +49,7 @@ fi KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone} KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf KEYSTONE_PUBLIC_UWSGI_CONF=$KEYSTONE_CONF_DIR/keystone-uwsgi-public.ini -KEYSTONE_PUBLIC_UWSGI=$KEYSTONE_BIN_DIR/keystone-wsgi-public +KEYSTONE_PUBLIC_UWSGI=keystone.wsgi.api:application # Select the Identity backend driver KEYSTONE_IDENTITY_BACKEND=${KEYSTONE_IDENTITY_BACKEND:-sql} @@ -226,7 +226,7 @@ function configure_keystone { iniset $KEYSTONE_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL - write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" + write_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI" "/identity" "" "keystone-api" iniset $KEYSTONE_CONF DEFAULT max_token_size 16384 From 6578d6ad27f04bdbfd1c30a13a7fc7ae47c2fb49 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sat, 23 Nov 2024 21:44:17 +0900 Subject: [PATCH 014/149] Remove unused python-etcd3 python-etcd3 can't be used since etcd3 driver was removed from tooz in tooz 5.0.0 [1]. [1] 6bc02cda5b452bbf4821621eafc031bd676f8a2f Change-Id: I30b895b4473e2676085e27969a43b91be9b1e413 --- lib/libraries | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/libraries b/lib/libraries index 9ea32304fc..fa418785dd 100755 --- a/lib/libraries +++ b/lib/libraries @@ -131,12 +131,7 @@ function install_libs { # python client libraries we might need from git can go here _install_lib_from_source "python-barbicanclient" - # etcd (because tooz does not have a hard dependency on these) - # - # NOTE(sdague): this is currently a work around because tooz - # doesn't pull in etcd3. - pip_install etcd3 pip_install etcd3gw } From ef63c690f119e3d9a7890215ee8832da4f5fb4dc Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 24 Nov 2024 22:48:08 +0900 Subject: [PATCH 015/149] Drop redundant lib/oslo It was kept for compatibility in renaming which was merged long ago[1], and is no longer necessary. [1] 3ed99c0b27122ff00e2d236086ab16b0cc1887c1 Depends-on: https://review.opendev.org/c/openstack/grenade/+/936095 Change-Id: I6a66359c19d0385beafb4c5e57b6ec3cd6d9cc54 --- clean.sh | 2 +- lib/libraries | 2 +- lib/oslo | 11 ----------- 3 files changed, 2 insertions(+), 13 deletions(-) delete mode 100644 lib/oslo diff --git a/clean.sh b/clean.sh index 6a31cc624a..092f557a88 100755 --- a/clean.sh +++ b/clean.sh @@ -40,7 +40,7 @@ source $TOP_DIR/lib/rpc_backend source $TOP_DIR/lib/tls -source $TOP_DIR/lib/oslo +source $TOP_DIR/lib/libraries source $TOP_DIR/lib/lvm source $TOP_DIR/lib/horizon source $TOP_DIR/lib/keystone diff --git a/lib/libraries b/lib/libraries index 9ea32304fc..9d5d65532e 100755 --- a/lib/libraries +++ b/lib/libraries @@ -1,6 +1,6 @@ #!/bin/bash # -# lib/oslo +# lib/libraries # # Functions to install libraries from git # diff --git a/lib/oslo b/lib/oslo deleted file mode 100644 index 3ae64c8210..0000000000 --- a/lib/oslo +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# -# lib/oslo -# -# Functions to install **Oslo** libraries from git -# -# We need this to handle the fact that projects would like to use -# pre-released versions of oslo libraries. -# -# Included for compatibility with grenade, remove in Queens -source $TOP_DIR/lib/libraries From ec49b3e1672ef47d59509132e95f94d6be13abfe Mon Sep 17 00:00:00 2001 From: OpenStack Proposal Bot Date: Wed, 27 Nov 2024 02:42:01 +0000 Subject: [PATCH 016/149] Updated from generate-devstack-plugins-list Change-Id: I344c3492159d53c68002b78ac3c385c1beca0e61 --- doc/source/plugin-registry.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index 8b9d1f2b96..2984a5c15f 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -31,6 +31,7 @@ openstack/ceilometer `https://opendev.org/openstack/ceilomet openstack/cloudkitty `https://opendev.org/openstack/cloudkitty `__ openstack/cyborg `https://opendev.org/openstack/cyborg `__ openstack/designate `https://opendev.org/openstack/designate `__ +openstack/designate-tempest-plugin `https://opendev.org/openstack/designate-tempest-plugin `__ openstack/devstack-plugin-amqp1 `https://opendev.org/openstack/devstack-plugin-amqp1 `__ openstack/devstack-plugin-ceph `https://opendev.org/openstack/devstack-plugin-ceph `__ openstack/devstack-plugin-container `https://opendev.org/openstack/devstack-plugin-container `__ From 451236381d4f6af0072b60fc65743b55ee33ab95 Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Fri, 29 Nov 2024 07:39:37 +0000 Subject: [PATCH 017/149] Add start time (in seconds) to the WSGI configuration file This new variable "start-time" is initialized when the WSGI starts and is the timestamp in seconds. Related-Bug: #2083570 Change-Id: I1b984b93d1352683097c1417b22d64341a68f72a --- lib/apache | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/apache b/lib/apache index 1420f76ff2..1c034d3c7e 100644 --- a/lib/apache +++ b/lib/apache @@ -293,6 +293,8 @@ function write_uwsgi_config { iniset "$conf" uwsgi add-header "Connection: close" # This ensures that file descriptors aren't shared between processes. iniset "$conf" uwsgi lazy-apps true + # Starting time of the WSGi server + iniset "$conf" uwsgi start-time %t # If we said bind directly to http, then do that and don't start the apache proxy if [[ -n "$http" ]]; then @@ -367,6 +369,8 @@ function write_local_uwsgi_http_config { iniset "$conf" uwsgi http-keepalive false # Increase socket timeout for slow chunked uploads iniset "$conf" uwsgi socket-timeout 30 + # Starting time of the WSGi server + iniset "$conf" uwsgi start-time %t enable_apache_mod proxy enable_apache_mod proxy_http From 97ea68ec4611391de2e245a1def655cbebc7649d Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Mon, 2 Dec 2024 17:46:42 +0530 Subject: [PATCH 018/149] Fix the db user for mariadb in ubuntu 24.04 It was fixed in past for ubuntu 22.04 with [1], removing the check for jammy so it applies to all ubuntu versions since jammy. The checks now only refer debian distros so those can be adjusted with new debian releases. [1] https://review.opendev.org/c/openstack/devstack/+/866944 Related-Bug: #1999090 Closes-Bug: #2090835 Change-Id: Iff843c5c3f9c081aa1cec6c399a6ed8c05e06abe --- lib/databases/mysql | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/lib/databases/mysql b/lib/databases/mysql index e069e128e9..629014c1d8 100644 --- a/lib/databases/mysql +++ b/lib/databases/mysql @@ -104,10 +104,10 @@ function configure_database_mysql { # Set the root password - only works the first time. For Ubuntu, we already # did that with debconf before installing the package, but we still try, # because the package might have been installed already. We don't do this - # for Ubuntu 22.04 (jammy) because the authorization model change in + # for Ubuntu 22.04+ because the authorization model change in # version 10.4 of mariadb. See # https://mariadb.org/authentication-in-mariadb-10-4/ - if ! (is_ubuntu && [[ "$DISTRO" == "jammy" ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then + if ! (is_ubuntu && [[ ! "$DISTRO" =~ bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then sudo mysqladmin -u root password $DATABASE_PASSWORD || true fi @@ -124,16 +124,11 @@ function configure_database_mysql { # we need to change auth plugin for root user # TODO(frickler): simplify this logic if is_ubuntu && [[ ! "$DISTRO" =~ bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then - if [[ "$DISTRO" == "jammy" ]]; then - # For Ubuntu 22.04 (jammy) we follow the model outlined in - # https://mariadb.org/authentication-in-mariadb-10-4/ - sudo mysql -e "ALTER USER $DATABASE_USER@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('$DATABASE_PASSWORD');" - else - sudo mysql $cmd_args -e "UPDATE mysql.user SET plugin='' WHERE user='$DATABASE_USER' AND host='localhost';" - sudo mysql $cmd_args -e "FLUSH PRIVILEGES;" - fi + # For Ubuntu 22.04+ we follow the model outlined in + # https://mariadb.org/authentication-in-mariadb-10-4/ + sudo mysql -e "ALTER USER $DATABASE_USER@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('$DATABASE_PASSWORD');" fi - if ! (is_ubuntu && [[ "$DISTRO" == "jammy" ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then + if ! (is_ubuntu && [[ ! "$DISTRO" =~ bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then # Create DB user if it does not already exist sudo mysql $cmd_args -e "CREATE USER IF NOT EXISTS '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';" # Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases: From 320c2bf42ae41d751c72d80a6c85b26f3f6951bd Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Tue, 3 Dec 2024 17:04:39 +0000 Subject: [PATCH 019/149] Install setuptools 'core' extra Under as-yet-unidentified conditions, we can end up with a version of packaging that is too old for the version of latest version of setuptools. This is a known issue and expected behavior and per [1] $subject is the preferred resolution. [1] https://github.com/pypa/setuptools/issues/4483#issuecomment-2237219597 Change-Id: I9232f3fae1598297e83c4ea37339896f7dcbd44f Signed-off-by: Stephen Finucane --- inc/python | 4 ++-- lib/infra | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/inc/python b/inc/python index c94e5a4952..857f1f2d06 100644 --- a/inc/python +++ b/inc/python @@ -40,8 +40,8 @@ function setup_devstack_virtualenv { # Using system site packages to enable nova to use libguestfs. # This package is currently installed via the distro and not # available on pypi. - python$PYTHON3_VERSION -m venv --system-site-packages $DEVSTACK_VENV - pip_install -U pip setuptools + $PYTHON -m venv --system-site-packages "${DEVSTACK_VENV}" + pip_install -U pip setuptools[core] #NOTE(rpittau): workaround for simplejson removal in osc # https://review.opendev.org/c/openstack/python-openstackclient/+/920001 pip_install -U simplejson diff --git a/lib/infra b/lib/infra index 2aad00354a..f4760c352c 100644 --- a/lib/infra +++ b/lib/infra @@ -31,7 +31,7 @@ function install_infra { local PIP_VIRTUAL_ENV="$REQUIREMENTS_DIR/.venv" [ ! -d $PIP_VIRTUAL_ENV ] && ${VIRTUALENV_CMD} $PIP_VIRTUAL_ENV # We don't care about testing git pbr in the requirements venv. - PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr setuptools + PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install -U pbr setuptools[core] PIP_VIRTUAL_ENV=$PIP_VIRTUAL_ENV pip_install $REQUIREMENTS_DIR # Unset the PIP_VIRTUAL_ENV so that PBR does not end up trapped From 9486709dc5e6f156dc5beb051f1861ea362ae10c Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Tue, 3 Dec 2024 17:07:57 +0000 Subject: [PATCH 020/149] Revert "Install simplejson in devstack venv" This reverts commit 6990b06cd321930f69907ba42ee744755f8029fe. This should no longer be necessary as packages are requiring simplejson. Change-Id: I74b0f93457f91e7d53d54737d52f67075088faca Signed-off-by: Stephen Finucane --- inc/python | 3 --- 1 file changed, 3 deletions(-) diff --git a/inc/python b/inc/python index 857f1f2d06..bd58905e9e 100644 --- a/inc/python +++ b/inc/python @@ -42,9 +42,6 @@ function setup_devstack_virtualenv { # available on pypi. $PYTHON -m venv --system-site-packages "${DEVSTACK_VENV}" pip_install -U pip setuptools[core] - #NOTE(rpittau): workaround for simplejson removal in osc - # https://review.opendev.org/c/openstack/python-openstackclient/+/920001 - pip_install -U simplejson fi if [[ ":$PATH:" != *":$DEVSTACK_VENV/bin:"* ]] ; then export PATH="$DEVSTACK_VENV/bin:$PATH" From 5bf9d13f2737ca9c8a15b7d250a48ef8be935a05 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Mon, 9 Dec 2024 14:03:44 +0000 Subject: [PATCH 021/149] lib/placement: Migrate placement to WSGI module path Change-Id: If9e2cc9247d707a451ef394615e547515115f9e0 Signed-off-by: Stephen Finucane Depends-on: https://review.opendev.org/c/openstack/placement/+/919569 --- lib/placement | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/placement b/lib/placement index 6297ab24fe..03aaa0344b 100644 --- a/lib/placement +++ b/lib/placement @@ -37,7 +37,7 @@ if [[ ${USE_VENV} = True ]]; then else PLACEMENT_BIN_DIR=$(get_python_exec_prefix) fi -PLACEMENT_UWSGI=$PLACEMENT_BIN_DIR/placement-api +PLACEMENT_UWSGI=placement.wsgi.api:application PLACEMENT_UWSGI_CONF=$PLACEMENT_CONF_DIR/placement-uwsgi.ini if is_service_enabled tls-proxy; then @@ -86,7 +86,7 @@ function configure_placement { sudo install -d -o $STACK_USER $PLACEMENT_CONF_DIR create_placement_conf - write_uwsgi_config "$PLACEMENT_UWSGI_CONF" "$PLACEMENT_UWSGI" "/placement" + write_uwsgi_config "$PLACEMENT_UWSGI_CONF" "$PLACEMENT_UWSGI" "/placement" "" "placement-api" if [[ "$PLACEMENT_ENFORCE_SCOPE" == "True" || "$ENFORCE_SCOPE" == "True" ]]; then iniset $PLACEMENT_CONF oslo_policy enforce_new_defaults True iniset $PLACEMENT_CONF oslo_policy enforce_scope True From 05f7d302cfa2da73b2887afcde92ef65b1001194 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Thu, 7 Dec 2023 10:48:10 +0000 Subject: [PATCH 022/149] lib/cinder: Migrate cinder to WSGI module path Change-Id: I494dae51c65318299d4fe2ff5887c97ac2be3224 Signed-off-by: Stephen Finucane Depends-on: https://review.opendev.org/c/openstack/cinder/+/902876 --- lib/cinder | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/cinder b/lib/cinder index 259018e7ab..b557d4b10b 100644 --- a/lib/cinder +++ b/lib/cinder @@ -62,7 +62,7 @@ CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder} CINDER_CONF_DIR=/etc/cinder CINDER_CONF=$CINDER_CONF_DIR/cinder.conf -CINDER_UWSGI=$CINDER_BIN_DIR/cinder-wsgi +CINDER_UWSGI=cinder.wsgi.api:application CINDER_UWSGI_CONF=$CINDER_CONF_DIR/cinder-api-uwsgi.ini CINDER_API_PASTE_INI=$CINDER_CONF_DIR/api-paste.ini @@ -404,7 +404,7 @@ function configure_cinder { setup_logging $CINDER_CONF if is_service_enabled c-api; then - write_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI" "/volume" + write_uwsgi_config "$CINDER_UWSGI_CONF" "$CINDER_UWSGI" "/volume" "" "cinder-api" fi if [[ -r $CINDER_PLUGINS/$CINDER_DRIVER ]]; then From b8cbcff693f3f1ddfa9c60c7c826629987a2d23e Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 25 Mar 2024 20:00:10 +0900 Subject: [PATCH 023/149] Drop removed glance-cache.conf options These were removed when glance-registry was removed[1]. [1] 30680961994b36ed12713c0f106b661535ce41c6 Change-Id: Iaa4a35fddcd4763e12e5140b71e4022421c476fc --- lib/glance | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/glance b/lib/glance index 5c3643d008..6d6b158e74 100644 --- a/lib/glance +++ b/lib/glance @@ -446,10 +446,6 @@ function configure_glance { iniset $GLANCE_CACHE_CONF DEFAULT use_syslog $SYSLOG iniset $GLANCE_CACHE_CONF DEFAULT image_cache_dir $GLANCE_CACHE_DIR/ iniset $GLANCE_CACHE_CONF DEFAULT image_cache_driver $GLANCE_CACHE_DRIVER - iniset $GLANCE_CACHE_CONF DEFAULT auth_url $KEYSTONE_SERVICE_URI - iniset $GLANCE_CACHE_CONF DEFAULT admin_tenant_name $SERVICE_PROJECT_NAME - iniset $GLANCE_CACHE_CONF DEFAULT admin_user glance - iniset $GLANCE_CACHE_CONF DEFAULT admin_password $SERVICE_PASSWORD # Store specific confs iniset $GLANCE_CACHE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/ From c9a4454450429491c34184d0ceb85eaba62cc525 Mon Sep 17 00:00:00 2001 From: Fernando Royo Date: Thu, 12 Dec 2024 11:01:36 +0100 Subject: [PATCH 024/149] Removing start_ovn_services call The function _start_ovn is responsible for starting the OVS/OVN services. However, its final action is a call to _start_ovn_services, which restarts all OVS/OVN services without any justified reason. This patch removes that call to avoid unnecessarily restarting all OVS/OVN services immediately after they have been started. Closes-Bug: #2091614 Change-Id: Ia791ecb734531fa933c570d687ac9224ed6b27e4 --- lib/neutron_plugins/ovn_agent | 26 -------------------------- 1 file changed, 26 deletions(-) diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index be3a9e78b2..b7633c8c17 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -704,30 +704,6 @@ function _start_ovs { fi } -function _start_ovn_services { - _start_process "$OVSDB_SERVER_SERVICE" - _start_process "$OVS_VSWITCHD_SERVICE" - - if is_service_enabled ovn-northd ; then - _start_process "$OVN_NORTHD_SERVICE" - fi - if is_service_enabled ovn-controller ; then - _start_process "$OVN_CONTROLLER_SERVICE" - fi - if is_service_enabled ovn-controller-vtep ; then - _start_process "$OVN_CONTROLLER_VTEP_SERVICE" - fi - if is_service_enabled ovs-vtep ; then - _start_process "devstack@ovs-vtep.service" - fi - if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent ; then - _start_process "devstack@q-ovn-metadata-agent.service" - fi - if is_service_enabled q-ovn-agent neutron-ovn-agent ; then - _start_process "devstack@q-ovn-agent.service" - fi -} - # start_ovn() - Start running processes, including screen function start_ovn { echo "Starting OVN" @@ -797,8 +773,6 @@ function start_ovn { # Format logging setup_logging $OVN_AGENT_CONF fi - - _start_ovn_services } function _stop_ovs_dp { From bf04bf517b839fa495384f636b7f8d4f05c6fa0e Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Fri, 27 Dec 2024 13:01:16 +0530 Subject: [PATCH 025/149] Switch to OVS/OVN LTS branches As discussed in Epoxy PTG[1] switching jobs to run with latest OVS/OVN LTS branches. Ubuntu noble and CentOS 9-stream also including these LTS versions. [1] https://etherpad.opendev.org/p/oct2024-ptg-neutron Change-Id: Iecb33628641cd33b6e46d09759e3180cc0bd55e9 --- .zuul.yaml | 4 ++-- lib/neutron_plugins/ovn_agent | 2 +- lib/neutron_plugins/ovs_source | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 2fbfa0417c..74ce39cdfa 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -745,8 +745,8 @@ vars: devstack_localrc: OVN_BUILD_FROM_SOURCE: True - OVN_BRANCH: "v21.06.0" - OVS_BRANCH: "a4b04276ab5934d087669ff2d191a23931335c87" + OVN_BRANCH: "branch-24.03" + OVS_BRANCH: "branch-3.3" OVS_SYSCONFDIR: "/usr/local/etc/openvswitch" - job: diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index be3a9e78b2..ad5c1f3003 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -28,7 +28,7 @@ source ${TOP_DIR}/lib/neutron_plugins/ovs_source OVN_REPO=${OVN_REPO:-https://github.com/ovn-org/ovn.git} OVN_REPO_NAME=$(basename ${OVN_REPO} | cut -f1 -d'.') OVN_REPO_NAME=${OVN_REPO_NAME:-ovn} -OVN_BRANCH=${OVN_BRANCH:-v20.06.1} +OVN_BRANCH=${OVN_BRANCH:-branch-24.03} # The commit removing OVN bits from the OVS tree, it is the commit that is not # present in OVN tree and is used to distinguish if OVN is part of OVS or not. # https://github.com/openvswitch/ovs/commit/05bf1dbb98b0635a51f75e268ef8aed27601401d diff --git a/lib/neutron_plugins/ovs_source b/lib/neutron_plugins/ovs_source index 75e7d7cb36..6b6f531a01 100644 --- a/lib/neutron_plugins/ovs_source +++ b/lib/neutron_plugins/ovs_source @@ -20,7 +20,7 @@ Q_BUILD_OVS_FROM_GIT=$(trueorfalse False Q_BUILD_OVS_FROM_GIT) OVS_REPO=${OVS_REPO:-https://github.com/openvswitch/ovs.git} OVS_REPO_NAME=$(basename ${OVS_REPO} | cut -f1 -d'.') OVS_REPO_NAME=${OVS_REPO_NAME:-ovs} -OVS_BRANCH=${OVS_BRANCH:-0047ca3a0290f1ef954f2c76b31477cf4b9755f5} +OVS_BRANCH=${OVS_BRANCH:-branch-3.3} # Functions From b609c80a36f7ac77c1eb7ec256e6808ab483440b Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 7 Jan 2025 10:51:03 +0900 Subject: [PATCH 026/149] doc: Use dnf instead of yum The yum command has been replaced by the dnf command in recent releases of Fedora-based distributions. Use the native command instead of the alias kept for compatibility. Change-Id: I0a1dfdaca91164eff2c25795f66976ec70356574 --- doc/source/guides/multinode-lab.rst | 2 +- doc/source/guides/single-machine.rst | 4 ++-- doc/source/guides/single-vm.rst | 4 ++-- doc/source/networking.rst | 2 +- doc/source/plugins.rst | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst index 658422b0af..4b50b2c4ae 100644 --- a/doc/source/guides/multinode-lab.rst +++ b/doc/source/guides/multinode-lab.rst @@ -24,7 +24,7 @@ Install a couple of packages to bootstrap configuration: :: - apt-get install -y git sudo || yum install -y git sudo + apt-get install -y git sudo || dnf install -y git sudo Network Configuration --------------------- diff --git a/doc/source/guides/single-machine.rst b/doc/source/guides/single-machine.rst index a4385b5b4b..263fbb9d6f 100644 --- a/doc/source/guides/single-machine.rst +++ b/doc/source/guides/single-machine.rst @@ -62,7 +62,7 @@ to have sudo privileges: .. code-block:: console - $ apt-get install sudo -y || yum install -y sudo + $ apt-get install sudo -y || dnf install -y sudo $ echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack .. note:: On some systems you may need to use ``sudo visudo``. @@ -81,7 +81,7 @@ We'll grab the latest version of DevStack via https: .. code-block:: console - $ sudo apt-get install git -y || sudo yum install -y git + $ sudo apt-get install git -y || sudo dnf install -y git $ git clone https://opendev.org/openstack/devstack $ cd devstack diff --git a/doc/source/guides/single-vm.rst b/doc/source/guides/single-vm.rst index 7dac18b333..4272a4b180 100644 --- a/doc/source/guides/single-vm.rst +++ b/doc/source/guides/single-vm.rst @@ -56,8 +56,8 @@ passed as the user-data file when booting the VM. write_files: - content: | #!/bin/sh - DEBIAN_FRONTEND=noninteractive sudo apt-get -qqy update || sudo yum update -qy - DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo yum install -qy git + DEBIAN_FRONTEND=noninteractive sudo apt-get -qqy update || sudo dnf update -qy + DEBIAN_FRONTEND=noninteractive sudo apt-get install -qqy git || sudo dnf install -qy git sudo chown stack:stack /home/stack cd /home/stack git clone https://opendev.org/openstack/devstack diff --git a/doc/source/networking.rst b/doc/source/networking.rst index 05b4f34164..10e1c3ff2c 100644 --- a/doc/source/networking.rst +++ b/doc/source/networking.rst @@ -213,7 +213,7 @@ install ``sshuttle`` on your localhost: .. code-block:: bash - sudo apt-get install sshuttle || yum install sshuttle + sudo apt-get install sshuttle || dnf install sshuttle Finally, start ``sshuttle`` on your localhost using the floating IP address range. For example, assuming you are using the default value for diff --git a/doc/source/plugins.rst b/doc/source/plugins.rst index dd75b5a22d..fe567e2277 100644 --- a/doc/source/plugins.rst +++ b/doc/source/plugins.rst @@ -232,7 +232,7 @@ an early phase of its execution. These packages may be defined in a plugin as files that contain new-line separated lists of packages required by the plugin -Supported packaging systems include apt and yum across multiple +Supported packaging systems include apt and dnf across multiple distributions. To enable a plugin to hook into this and install package dependencies, packages may be listed at the following locations in the top-level of the plugin repository: From 9a1cdbc3c809f785ad01a3bbdfef8f552eafce30 Mon Sep 17 00:00:00 2001 From: Rajat Dhasmana Date: Wed, 8 Jan 2025 18:43:40 +0530 Subject: [PATCH 027/149] Update glance image size limit The image size limit for glance using the unified limits is set to 1000MB (~1GB). This is pretty low given that a volume's minimum size is 1GB and when uploaded to glance fills out the whole limit. The limit issue can also be seen by a recent tempest change[1] where uploading two volumes failed[2] across various jobs due to this limit. We do have a config option in devstack ``GLANCE_LIMIT_IMAGE_SIZE_TOTAL`` but that will need to be configured for various jobs and a 2GB seems to be a sensible default which this patch configures. [1] https://review.opendev.org/c/openstack/tempest/+/938592 [2] Jan 07 23:05:33 devstack-ceph cinder-volume[909965]: ERROR oslo_messaging.rpc.server cinder.exception.ImageLimitExceeded: HTTP 413 Request Entity Too Large: The request returned a 413 Request Entity Too Large. This generally means that rate limiting or a quota threshold was breached.: The response body:: Project dfe8648c188d46409349eac2c449c0b4 is over a limit for [Resource image_size_total is over limit of 1000 due to current usage 1024 and delta 0] Change-Id: I533b7444e5f71275ea3d5c18914e306b1dbbc5cb --- lib/glance | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/glance b/lib/glance index 5c3643d008..9655cc4103 100644 --- a/lib/glance +++ b/lib/glance @@ -137,7 +137,7 @@ GLANCE_UWSGI=$GLANCE_BIN_DIR/glance-wsgi-api GLANCE_UWSGI_CONF=$GLANCE_CONF_DIR/glance-uwsgi.ini # Glance default limit for Devstack -GLANCE_LIMIT_IMAGE_SIZE_TOTAL=${GLANCE_LIMIT_IMAGE_SIZE_TOTAL:-1000} +GLANCE_LIMIT_IMAGE_SIZE_TOTAL=${GLANCE_LIMIT_IMAGE_SIZE_TOTAL:-2000} # If wsgi mode is uwsgi run glance under uwsgi, else default to eventlet # TODO(mtreinish): Remove the eventlet path here and in all the similar From ad698f0b8c658fcdddb11d5edae1e77f08b5d0b5 Mon Sep 17 00:00:00 2001 From: Jakub Libosvar Date: Wed, 8 Jan 2025 15:26:41 -0500 Subject: [PATCH 028/149] Introduce SERVICES_FOR_TEMPEST variable for localrc This variable overrides the `ENABLED_SERVICES` global variable only for the `configure_tempest()` function from `lib/tempest`. If the `SERVICES_FOR_TEMPEST` variable is not defined then `ENABLED_SERVICES` is used as it had used it before. This is useful for cases where Tempest is executed from a remote node. Change-Id: Ic62e48f2f1eb861ec64f51e03353868076cbcc04 --- doc/source/guides/multinode-lab.rst | 42 +++++++++++++++++++++++++++++ lib/tempest | 2 ++ 2 files changed, 44 insertions(+) diff --git a/doc/source/guides/multinode-lab.rst b/doc/source/guides/multinode-lab.rst index 658422b0af..e6b0b96eb4 100644 --- a/doc/source/guides/multinode-lab.rst +++ b/doc/source/guides/multinode-lab.rst @@ -210,6 +210,48 @@ only needs to be performed for subnodes. .. _Cells v2: https://docs.openstack.org/nova/latest/user/cells.html +Configure Tempest Node to run the Tempest tests +----------------------------------------------- + +If there is a need to execute Tempest tests against different Cluster +Controller node then it can be done by re-using the ``local.conf`` file from +the Cluster Controller node but with not enabled Controller services in +``ENABLED_SERVICES`` variable. This variable needs to contain only ``tempest`` +as a configured service. Then variable ``SERVICES_FOR_TEMPEST`` must be +configured to contain those services that were enabled on the Cluster +Controller node in the ``ENABLED_SERVICES`` variable. For example the +``local.conf`` file could look as follows: + +:: + + [[local|localrc]] + HOST_IP=192.168.42.12 # change this per compute node + FIXED_RANGE=10.4.128.0/20 + FLOATING_RANGE=192.168.42.128/25 + LOGFILE=/opt/stack/logs/stack.sh.log + ADMIN_PASSWORD=labstack + DATABASE_PASSWORD=supersecret + RABBIT_PASSWORD=supersecret + SERVICE_PASSWORD=supersecret + DATABASE_TYPE=mysql + SERVICE_HOST=192.168.42.11 + MYSQL_HOST=$SERVICE_HOST + RABBIT_HOST=$SERVICE_HOST + GLANCE_HOSTPORT=$SERVICE_HOST:9292 + NOVA_VNC_ENABLED=True + NOVNCPROXY_URL="http://$SERVICE_HOST:6080/vnc_lite.html" + VNCSERVER_LISTEN=$HOST_IP + VNCSERVER_PROXYCLIENT_ADDRESS=$VNCSERVER_LISTEN + ENABLED_SERVICES=tempest + SERVICES_FOR_TEMPEST=keystone,nova,neutron,glance + +Then just execute the devstack: + +:: + + ./stack.sh + + Cleaning Up After DevStack -------------------------- diff --git a/lib/tempest b/lib/tempest index eeeef67a8b..b8f9915a87 100644 --- a/lib/tempest +++ b/lib/tempest @@ -197,6 +197,8 @@ function configure_tempest { pip_install_gr testrepository fi + local ENABLED_SERVICES=${SERVICES_FOR_TEMPEST:=$ENABLED_SERVICES} + local image_lines local images local num_images From a976168235bd79c9a8c960aa4889fe9ab03570c0 Mon Sep 17 00:00:00 2001 From: Fernando Royo Date: Wed, 4 Dec 2024 16:44:52 +0100 Subject: [PATCH 029/149] Refactor readiness and custom config for ovn-nortd Initially, this patch ensured that the custom configuration and readiness checks were applied after every restart of the OVN North services. However, after removing the call that triggered the restarting of the OVN/OVS services in [1], this patch now serves as a refactor, separating the readiness checks and custom configuration into a dedicated function. [1] https://review.opendev.org/c/openstack/devstack/+/937606 Related-bug: #2091614 Related-bug: #2091019 Change-Id: Icba271292830204da94aa3353e93d52088d82eec --- lib/neutron_plugins/ovn_agent | 34 ++++++++++++++++++++-------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index b7633c8c17..8c5d82d3f0 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -704,6 +704,25 @@ function _start_ovs { fi } +function _wait_for_ovn_and_set_custom_config { + # Wait for the service to be ready + # Check for socket and db files for both OVN NB and SB + wait_for_sock_file $OVN_RUNDIR/ovnnb_db.sock + wait_for_sock_file $OVN_RUNDIR/ovnsb_db.sock + wait_for_db_file $OVN_DATADIR/ovnnb_db.db + wait_for_db_file $OVN_DATADIR/ovnsb_db.db + + if is_service_enabled tls-proxy; then + sudo ovn-nbctl --db=unix:$OVN_RUNDIR/ovnnb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem + sudo ovn-sbctl --db=unix:$OVN_RUNDIR/ovnsb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem + fi + + sudo ovn-nbctl --db=unix:$OVN_RUNDIR/ovnnb_db.sock set-connection p${OVN_PROTO}:6641:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000 + sudo ovn-sbctl --db=unix:$OVN_RUNDIR/ovnsb_db.sock set-connection p${OVN_PROTO}:6642:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000 + sudo ovs-appctl -t $OVN_RUNDIR/ovnnb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL + sudo ovs-appctl -t $OVN_RUNDIR/ovnsb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL +} + # start_ovn() - Start running processes, including screen function start_ovn { echo "Starting OVN" @@ -725,21 +744,8 @@ function start_ovn { _start_process "$OVN_NORTHD_SERVICE" fi - # Wait for the service to be ready - # Check for socket and db files for both OVN NB and SB - wait_for_sock_file $OVN_RUNDIR/ovnnb_db.sock - wait_for_sock_file $OVN_RUNDIR/ovnsb_db.sock - wait_for_db_file $OVN_DATADIR/ovnnb_db.db - wait_for_db_file $OVN_DATADIR/ovnsb_db.db + _wait_for_ovn_and_set_custom_config - if is_service_enabled tls-proxy; then - sudo ovn-nbctl --db=unix:$OVN_RUNDIR/ovnnb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem - sudo ovn-sbctl --db=unix:$OVN_RUNDIR/ovnsb_db.sock set-ssl $INT_CA_DIR/private/$DEVSTACK_CERT_NAME.key $INT_CA_DIR/$DEVSTACK_CERT_NAME.crt $INT_CA_DIR/ca-chain.pem - fi - sudo ovn-nbctl --db=unix:$OVN_RUNDIR/ovnnb_db.sock set-connection p${OVN_PROTO}:6641:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000 - sudo ovn-sbctl --db=unix:$OVN_RUNDIR/ovnsb_db.sock set-connection p${OVN_PROTO}:6642:$SERVICE_LISTEN_ADDRESS -- set connection . inactivity_probe=60000 - sudo ovs-appctl -t $OVN_RUNDIR/ovnnb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL - sudo ovs-appctl -t $OVN_RUNDIR/ovnsb_db.ctl vlog/set console:off syslog:$OVN_DBS_LOG_LEVEL file:$OVN_DBS_LOG_LEVEL fi if is_service_enabled ovn-controller ; then From 7129f3a45e66060d19a250e31fd35156e45a8af8 Mon Sep 17 00:00:00 2001 From: Eric Harney Date: Fri, 10 Jan 2025 11:02:35 -0500 Subject: [PATCH 030/149] Quiet regex SyntaxWarning in mlock_report Use a raw string to avoid SyntaxWarnings being issued by this script. Change-Id: I81557158013aa36fe27235c461486dfbc37c9f27 --- tools/mlock_report.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/mlock_report.py b/tools/mlock_report.py index 1b081bbe6f..8cbda15895 100644 --- a/tools/mlock_report.py +++ b/tools/mlock_report.py @@ -6,7 +6,7 @@ LCK_SUMMARY_REGEX = re.compile( - "^VmLck:\s+(?P[\d]+)\s+kB", re.MULTILINE) + r"^VmLck:\s+(?P[\d]+)\s+kB", re.MULTILINE) def main(): From 497b4fdf97d8b4e5f1ea1130f4e145014bbb462c Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Fri, 18 Oct 2024 13:47:55 +0100 Subject: [PATCH 031/149] lib/glance: Migrate Glance to WSGI module path We also remove an out-of-date note from the called method. Change-Id: I7cc9fd6a568246342395388c31ae0a0918a2c79a Signed-off-by: Stephen Finucane Depends-on: https://review.opendev.org/c/openstack/glance/+/932701 --- lib/apache | 4 +--- lib/glance | 7 +++---- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/lib/apache b/lib/apache index 1c034d3c7e..fc174f3901 100644 --- a/lib/apache +++ b/lib/apache @@ -313,9 +313,7 @@ function write_uwsgi_config { # For services using chunked encoding, the only services known to use this # currently are Glance and Swift, we need to use an http proxy instead of # mod_proxy_uwsgi because the chunked encoding gets dropped. See: -# https://github.com/unbit/uwsgi/issues/1540 You can workaround this on python2 -# but that involves having apache buffer the request before sending it to -# uwsgi. +# https://github.com/unbit/uwsgi/issues/1540. function write_local_uwsgi_http_config { local conf=$1 local wsgi=$2 diff --git a/lib/glance b/lib/glance index 9655cc4103..4e519102ec 100644 --- a/lib/glance +++ b/lib/glance @@ -133,7 +133,7 @@ GLANCE_SERVICE_PORT=${GLANCE_SERVICE_PORT:-9292} GLANCE_SERVICE_PORT_INT=${GLANCE_SERVICE_PORT_INT:-19292} GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT} GLANCE_SERVICE_PROTOCOL=${GLANCE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL} -GLANCE_UWSGI=$GLANCE_BIN_DIR/glance-wsgi-api +GLANCE_UWSGI=glance.wsgi.api:application GLANCE_UWSGI_CONF=$GLANCE_CONF_DIR/glance-uwsgi.ini # Glance default limit for Devstack @@ -472,12 +472,11 @@ function configure_glance { fi if [[ "$GLANCE_STANDALONE" == False ]]; then - write_local_uwsgi_http_config "$GLANCE_UWSGI_CONF" "$GLANCE_UWSGI" "/image" + write_local_uwsgi_http_config "$GLANCE_UWSGI_CONF" "$GLANCE_UWSGI" "/image" "glance-api" # Grab our uwsgi listen address and use that to fill out our # worker_self_reference_url config iniset $GLANCE_API_CONF DEFAULT worker_self_reference_url \ - $(awk '-F= ' '/^http-socket/ { print "http://"$2}' \ - $GLANCE_UWSGI_CONF) + $(awk '-F= ' '/^http-socket/ { print "http://"$2}' $GLANCE_UWSGI_CONF) else write_local_proxy_http_config glance "http://$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT_INT" "/image" iniset $GLANCE_API_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS From d84761e18676a04fc9d1b9e68dff9c573fdd3ba1 Mon Sep 17 00:00:00 2001 From: OpenStack Proposal Bot Date: Tue, 28 Jan 2025 02:20:15 +0000 Subject: [PATCH 032/149] Updated from generate-devstack-plugins-list Change-Id: Ic2239e12306226943c645b7c439d5636f8c3df0e --- doc/source/plugin-registry.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index 2984a5c15f..f7873c962d 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -38,6 +38,7 @@ openstack/devstack-plugin-container `https://opendev.org/openstack/devstack openstack/devstack-plugin-kafka `https://opendev.org/openstack/devstack-plugin-kafka `__ openstack/devstack-plugin-nfs `https://opendev.org/openstack/devstack-plugin-nfs `__ openstack/devstack-plugin-open-cas `https://opendev.org/openstack/devstack-plugin-open-cas `__ +openstack/devstack-plugin-prometheus `https://opendev.org/openstack/devstack-plugin-prometheus `__ openstack/freezer `https://opendev.org/openstack/freezer `__ openstack/freezer-api `https://opendev.org/openstack/freezer-api `__ openstack/freezer-tempest-plugin `https://opendev.org/openstack/freezer-tempest-plugin `__ @@ -169,7 +170,6 @@ x/rsd-virt-for-nova `https://opendev.org/x/rsd-virt-for-nov x/scalpels `https://opendev.org/x/scalpels `__ x/slogging `https://opendev.org/x/slogging `__ x/stackube `https://opendev.org/x/stackube `__ -x/tap-as-a-service-dashboard `https://opendev.org/x/tap-as-a-service-dashboard `__ x/tatu `https://opendev.org/x/tatu `__ x/trio2o `https://opendev.org/x/trio2o `__ x/valet `https://opendev.org/x/valet `__ From a08a53de424e3ed8cad4cbaf566d0b08f8ad5199 Mon Sep 17 00:00:00 2001 From: Slawek Kaplonski Date: Thu, 30 Jan 2025 12:43:30 +0100 Subject: [PATCH 033/149] Remove leftover from the usage of the removed lib/neutron module In the patch [1] lib/neutron module was removed completely but it left call to the non existing currently function 'start_neutron_api' when the neutron-api service is enabled. Devstack should start neutron in the same way in case when q-svc or neutron-api service is enabled and this patch is removing that leftover call to the 'start_neutron_api' function and make it behave the same way for both service names. Additionally this patch adds service "neutron-api" to be checked when initial networks are going to be created. It is like that as just one of the services "q-svc" or "neutron-api" is enough to create those initial networks. [1] https://review.opendev.org/c/openstack/devstack/+/865014 Related-bug: #2096912 Change-Id: I1287af6a31f60b4e522f0ce3ea525e3336ffd8ba --- stack.sh | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/stack.sh b/stack.sh index bfa0573f21..b1c7df5d73 100755 --- a/stack.sh +++ b/stack.sh @@ -1307,10 +1307,7 @@ if is_service_enabled ovn-controller ovn-controller-vtep; then start_ovn_services fi -if is_service_enabled neutron-api; then - echo_summary "Starting Neutron" - start_neutron_api -elif is_service_enabled q-svc; then +if is_service_enabled q-svc neutron-api; then echo_summary "Starting Neutron" configure_neutron_after_post_config start_neutron_service_and_check @@ -1327,7 +1324,7 @@ if is_service_enabled neutron; then start_neutron fi # Once neutron agents are started setup initial network elements -if is_service_enabled q-svc && [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]]; then +if is_service_enabled q-svc neutron-api && [[ "$NEUTRON_CREATE_INITIAL_NETWORKS" == "True" ]]; then echo_summary "Creating initial neutron network elements" # Here's where plugins can wire up their own networks instead # of the code in lib/neutron_plugins/services/l3 From 12abc726e68b547258978c7fbe3630d133f72943 Mon Sep 17 00:00:00 2001 From: Brian Haley Date: Mon, 10 Feb 2025 13:48:37 -0500 Subject: [PATCH 034/149] Remove Neutron Linux Bridge agent code Linux Bridge agent support was removed in the Neutron master branch in [0], let's remove any code here now as well since it will just fail. [0] https://review.opendev.org/c/openstack/neutron/+/927216 Change-Id: Idffa6579000322acfeb860189fb83a317d56bb4e --- doc/source/guides/neutron.rst | 40 +--------- doc/source/overview.rst | 2 +- lib/neutron | 19 +---- lib/neutron_plugins/linuxbridge_agent | 104 -------------------------- lib/neutron_plugins/ml2 | 3 - lib/neutron_plugins/services/l3 | 10 --- tools/worlddump.py | 1 - 7 files changed, 3 insertions(+), 176 deletions(-) delete mode 100644 lib/neutron_plugins/linuxbridge_agent diff --git a/doc/source/guides/neutron.rst b/doc/source/guides/neutron.rst index fb36b3ec5b..a7adeeff73 100644 --- a/doc/source/guides/neutron.rst +++ b/doc/source/guides/neutron.rst @@ -451,44 +451,6 @@ by default. If you want to remove all the extension drivers (even 'port_security'), set ``Q_ML2_PLUGIN_EXT_DRIVERS`` to blank. -Using Linux Bridge instead of Open vSwitch ------------------------------------------- - -The configuration for using the Linux Bridge ML2 driver is fairly -straight forward. The Linux Bridge configuration for DevStack is similar -to the :ref:`Open vSwitch based single interface ` -setup, with small modifications for the interface mappings. - - -:: - - [[local|localrc]] - HOST_IP=172.18.161.6 - SERVICE_HOST=172.18.161.6 - MYSQL_HOST=172.18.161.6 - RABBIT_HOST=172.18.161.6 - GLANCE_HOSTPORT=172.18.161.6:9292 - ADMIN_PASSWORD=secret - DATABASE_PASSWORD=secret - RABBIT_PASSWORD=secret - SERVICE_PASSWORD=secret - - ## Neutron options - Q_USE_SECGROUP=True - FLOATING_RANGE="172.18.161.0/24" - IPV4_ADDRS_SAFE_TO_USE="10.0.0.0/24" - Q_FLOATING_ALLOCATION_POOL=start=172.18.161.250,end=172.18.161.254 - PUBLIC_NETWORK_GATEWAY="172.18.161.1" - PUBLIC_INTERFACE=eth0 - - Q_USE_PROVIDERNET_FOR_PUBLIC=True - - # Linuxbridge Settings - Q_AGENT=linuxbridge - LB_PHYSICAL_INTERFACE=eth0 - PUBLIC_PHYSICAL_NETWORK=default - LB_INTERFACE_MAPPINGS=default:eth0 - Using MacVTap instead of Open vSwitch ------------------------------------------ @@ -556,7 +518,7 @@ the MacVTap mechanism driver: [[local|localrc]] ... - Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,linuxbridge,macvtap + Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,macvtap ... For the MacVTap compute node, use this local.conf: diff --git a/doc/source/overview.rst b/doc/source/overview.rst index 4384081769..81e58a341e 100644 --- a/doc/source/overview.rst +++ b/doc/source/overview.rst @@ -56,7 +56,7 @@ OpenStack Network ----------------- - Neutron: A basic configuration approximating the original FlatDHCP - mode using linuxbridge or OpenVSwitch. + mode using OpenVSwitch. Services -------- diff --git a/lib/neutron b/lib/neutron index bcef8a5042..69ff212991 100644 --- a/lib/neutron +++ b/lib/neutron @@ -241,8 +241,7 @@ TENANT_VLAN_RANGE=${TENANT_VLAN_RANGE:-} # If using VLANs for tenant networks, or if using flat or VLAN # provider networks, set in ``localrc`` to the name of the physical # network, and also configure ``OVS_PHYSICAL_BRIDGE`` for the -# openvswitch agent or ``LB_PHYSICAL_INTERFACE`` for the linuxbridge -# agent, as described below. +# openvswitch agent, as described below. # # Example: ``PHYSICAL_NETWORK=default`` PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-public} @@ -257,18 +256,6 @@ PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-public} # Example: ``OVS_PHYSICAL_BRIDGE=br-eth1`` OVS_PHYSICAL_BRIDGE=${OVS_PHYSICAL_BRIDGE:-br-ex} -# With the linuxbridge agent, if using VLANs for tenant networks, -# or if using flat or VLAN provider networks, set in ``localrc`` to -# the name of the network interface to use for the physical -# network. -# -# Example: ``LB_PHYSICAL_INTERFACE=eth1`` -if [[ $Q_AGENT == "linuxbridge" && -z ${LB_PHYSICAL_INTERFACE} ]]; then - default_route_dev=$( (ip route; ip -6 route) | grep ^default | head -n 1 | awk '{print $5}') - die_if_not_set $LINENO default_route_dev "Failure retrieving default route device" - LB_PHYSICAL_INTERFACE=$default_route_dev -fi - # With the openvswitch plugin, set to True in ``localrc`` to enable # provider GRE tunnels when ``ENABLE_TENANT_TUNNELS`` is False. # @@ -889,10 +876,6 @@ function cleanup_neutron { neutron_ovs_base_cleanup fi - if [[ $Q_AGENT == "linuxbridge" ]]; then - neutron_lb_cleanup - fi - # delete all namespaces created by neutron for ns in $(sudo ip netns list | grep -o -E '(qdhcp|qrouter|fip|snat)-[0-9a-f-]*'); do sudo ip netns delete ${ns} diff --git a/lib/neutron_plugins/linuxbridge_agent b/lib/neutron_plugins/linuxbridge_agent deleted file mode 100644 index a392bd0baf..0000000000 --- a/lib/neutron_plugins/linuxbridge_agent +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash -# -# Neutron Linux Bridge L2 agent -# ----------------------------- - -# Save trace setting -_XTRACE_NEUTRON_LB=$(set +o | grep xtrace) -set +o xtrace - -function neutron_lb_cleanup { - sudo ip link delete $PUBLIC_BRIDGE - - bridge_list=`ls /sys/class/net/*/bridge/bridge_id 2>/dev/null | cut -f5 -d/` - if [[ -z "$bridge_list" ]]; then - return - fi - if [[ "$Q_ML2_TENANT_NETWORK_TYPE" = "vxlan" ]]; then - for port in $(echo $bridge_list | grep -o -e [a-zA-Z\-]*tap[0-9a-f\-]* -e vxlan-[0-9a-f\-]*); do - sudo ip link delete $port - done - elif [[ "$Q_ML2_TENANT_NETWORK_TYPE" = "vlan" ]]; then - for port in $(echo $bridge_list | grep -o -e [a-zA-Z\-]*tap[0-9a-f\-]* -e ${LB_PHYSICAL_INTERFACE}\.[0-9a-f\-]*); do - sudo ip link delete $port - done - fi - for bridge in $(echo $bridge_list |grep -o -e brq[0-9a-f\-]*); do - sudo ip link delete $bridge - done -} - -function is_neutron_ovs_base_plugin { - # linuxbridge doesn't use OVS - return 1 -} - -function neutron_plugin_create_nova_conf { - : -} - -function neutron_plugin_install_agent_packages { - : -} - -function neutron_plugin_configure_dhcp_agent { - local conf_file=$1 - : -} - -function neutron_plugin_configure_l3_agent { - local conf_file=$1 - sudo ip link add $PUBLIC_BRIDGE type bridge - set_mtu $PUBLIC_BRIDGE $PUBLIC_BRIDGE_MTU -} - -function neutron_plugin_configure_plugin_agent { - # Setup physical network interface mappings. Override - # ``LB_VLAN_RANGES`` and ``LB_INTERFACE_MAPPINGS`` in ``localrc`` for more - # complex physical network configurations. - if [[ "$LB_INTERFACE_MAPPINGS" == "" ]] && [[ "$PHYSICAL_NETWORK" != "" ]] && [[ "$LB_PHYSICAL_INTERFACE" != "" ]]; then - LB_INTERFACE_MAPPINGS=$PHYSICAL_NETWORK:$LB_PHYSICAL_INTERFACE - fi - if [[ "$PUBLIC_BRIDGE" != "" ]] && [[ "$PUBLIC_PHYSICAL_NETWORK" != "" ]]; then - if is_service_enabled q-l3 || is_service_enabled neutron-l3; then - iniset /$Q_PLUGIN_CONF_FILE linux_bridge bridge_mappings "$PUBLIC_PHYSICAL_NETWORK:$PUBLIC_BRIDGE" - fi - fi - if [[ "$LB_INTERFACE_MAPPINGS" != "" ]]; then - iniset /$Q_PLUGIN_CONF_FILE linux_bridge physical_interface_mappings $LB_INTERFACE_MAPPINGS - fi - if [[ "$Q_USE_SECGROUP" == "True" ]]; then - iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver - if ! running_in_container; then - enable_kernel_bridge_firewall - fi - else - iniset /$Q_PLUGIN_CONF_FILE securitygroup firewall_driver neutron.agent.firewall.NoopFirewallDriver - fi - AGENT_BINARY="$NEUTRON_BIN_DIR/neutron-linuxbridge-agent" - iniset /$Q_PLUGIN_CONF_FILE agent tunnel_types $Q_TUNNEL_TYPES - - # Configure vxlan tunneling - if [[ "$ENABLE_TENANT_TUNNELS" == "True" ]]; then - if [[ "$Q_ML2_TENANT_NETWORK_TYPE" == "vxlan" ]]; then - iniset /$Q_PLUGIN_CONF_FILE vxlan enable_vxlan "True" - iniset /$Q_PLUGIN_CONF_FILE vxlan local_ip $TUNNEL_ENDPOINT_IP - else - iniset /$Q_PLUGIN_CONF_FILE vxlan enable_vxlan "False" - fi - else - iniset /$Q_PLUGIN_CONF_FILE vxlan enable_vxlan "False" - fi -} - -function neutron_plugin_setup_interface_driver { - local conf_file=$1 - iniset $conf_file DEFAULT interface_driver linuxbridge -} - -function neutron_plugin_check_adv_test_requirements { - is_service_enabled q-agt neutron-agent && is_service_enabled q-dhcp neutron-dhcp && return 0 -} - -# Restore xtrace -$_XTRACE_NEUTRON_LB diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2 index c2e78c65cc..687167bf79 100644 --- a/lib/neutron_plugins/ml2 +++ b/lib/neutron_plugins/ml2 @@ -114,9 +114,6 @@ function neutron_plugin_configure_service { populate_ml2_config /$Q_PLUGIN_CONF_FILE securitygroup enable_security_group=$Q_USE_SECGROUP populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 mechanism_drivers=$Q_ML2_PLUGIN_MECHANISM_DRIVERS - if [[ "$Q_ML2_PLUGIN_MECHANISM_DRIVERS" == *"linuxbridge"* ]]; then - iniset $NEUTRON_CONF experimental linuxbridge True - fi populate_ml2_config /$Q_PLUGIN_CONF_FILE ml2 overlay_ip_version=$TUNNEL_IP_VERSION if [[ -n "$Q_ML2_PLUGIN_TYPE_DRIVERS" ]]; then diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3 index c6d4663114..bbedc57a44 100644 --- a/lib/neutron_plugins/services/l3 +++ b/lib/neutron_plugins/services/l3 @@ -334,16 +334,6 @@ function _neutron_configure_router_v4 { local ext_gw_interface="none" if is_neutron_ovs_base_plugin; then ext_gw_interface=$(_neutron_get_ext_gw_interface) - elif [[ "$Q_AGENT" = "linuxbridge" ]]; then - # Get the device the neutron router and network for $FIXED_RANGE - # will be using. - if [ "$Q_USE_PROVIDERNET_FOR_PUBLIC" = "True" ]; then - # in provider nets a bridge mapping uses the public bridge directly - ext_gw_interface=$PUBLIC_BRIDGE - else - # e.x. brq3592e767-da for NET_ID 3592e767-da66-4bcb-9bec-cdb03cd96102 - ext_gw_interface=brq${EXT_NET_ID:0:11} - fi fi if [[ "$ext_gw_interface" != "none" ]]; then local cidr_len=${FLOATING_RANGE#*/} diff --git a/tools/worlddump.py b/tools/worlddump.py index edbfa268db..26ced3f653 100755 --- a/tools/worlddump.py +++ b/tools/worlddump.py @@ -31,7 +31,6 @@ 'nova-compute', 'neutron-dhcp-agent', 'neutron-l3-agent', - 'neutron-linuxbridge-agent', 'neutron-metadata-agent', 'neutron-openvswitch-agent', 'cinder-volume', From 4a1d242a1a274e6d5d93c3d06055d313f4170a88 Mon Sep 17 00:00:00 2001 From: Sean Mooney Date: Wed, 5 Feb 2025 20:50:05 +0000 Subject: [PATCH 035/149] enable multinode supprot for spice and serial proxy This change mirrors change Ie02734bb598d27560cf5d674c9e1d9b8dca3801f which ensure that its posible to enable vnc for vms on compute nodes without deploying the vnc proxy. In this change two new flags are added NOVA_SPICE_ENABLED and NOVA_SERIAL_ENABLED to enable configuration of the relevent console create_nova_conf is also modifed to include the db url if the console proxies are deployed on a host. As spice supprot is nolonger avaible in qemu as packged by ubuntu 24.04 and centos 9 a devstack-two-node-debian-bookworm to allow testing with spice in a multinode job. Change-Id: Ie944e518122f2b0059f28acbf68fb7ad0a560ca4 --- .zuul.yaml | 30 ++++++++++++++++++++++++++++++ lib/nova | 9 ++++++--- lib/tempest | 8 +++++++- 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 74ce39cdfa..6cf79f5f03 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -311,6 +311,36 @@ - compute1 - compute2 +- nodeset: + name: devstack-two-node-debian-bookworm + nodes: + - name: controller + label: debian-bookworm + - name: compute1 + label: debian-bookworm + groups: + # Node where tests are executed and test results collected + - name: tempest + nodes: + - controller + # Nodes running the compute service + - name: compute + nodes: + - controller + - compute1 + # Nodes that are not the controller + - name: subnode + nodes: + - compute1 + # Switch node for multinode networking setup + - name: switch + nodes: + - controller + # Peer nodes for multinode networking setup + - name: peers + nodes: + - compute1 + - job: name: devstack-base parent: openstack-multinode-fips diff --git a/lib/nova b/lib/nova index 95ed4d035c..810a3d9554 100644 --- a/lib/nova +++ b/lib/nova @@ -127,6 +127,9 @@ QEMU_CONF=/etc/libvirt/qemu.conf # ``NOVA_VNC_ENABLED`` can be used to forcibly enable VNC configuration. # In multi-node setups allows compute hosts to not run ``n-novnc``. NOVA_VNC_ENABLED=$(trueorfalse False NOVA_VNC_ENABLED) +# same as ``NOVA_VNC_ENABLED`` but for Spice and serial console respectively. +NOVA_SPICE_ENABLED=$(trueorfalse False NOVA_SPICE_ENABLED) +NOVA_SERIAL_ENABLED=$(trueorfalse False NOVA_SERIAL_ENABLED) # Get hypervisor configuration # ---------------------------- @@ -464,7 +467,7 @@ function create_nova_conf { # only setup database connections and cache backend if there are services # that require them running on the host. The ensures that n-cpu doesn't # leak a need to use the db in a multinode scenario. - if is_service_enabled n-api n-cond n-sched; then + if is_service_enabled n-api n-cond n-sched n-spice n-novnc n-sproxy; then # If we're in multi-tier cells mode, we want our control services pointing # at cell0 instead of cell1 to ensure isolation. If not, we point everything # at the main database like normal. @@ -716,7 +719,7 @@ function configure_console_compute { iniset $NOVA_CPU_CONF vnc enabled false fi - if is_service_enabled n-spice; then + if is_service_enabled n-spice || [ "$NOVA_SPICE_ENABLED" != False ]; then # Address on which instance spiceservers will listen on compute hosts. # For multi-host, this should be the management ip of the compute host. SPICESERVER_PROXYCLIENT_ADDRESS=${SPICESERVER_PROXYCLIENT_ADDRESS:-$default_proxyclient_addr} @@ -726,7 +729,7 @@ function configure_console_compute { iniset $NOVA_CPU_CONF spice server_proxyclient_address "$SPICESERVER_PROXYCLIENT_ADDRESS" fi - if is_service_enabled n-sproxy; then + if is_service_enabled n-sproxy || [ "$NOVA_SERIAL_ENABLED" != False ]; then iniset $NOVA_CPU_CONF serial_console enabled True iniset $NOVA_CPU_CONF serial_console base_url "ws://$SERVICE_HOST:$((6082 + offset))/" fi diff --git a/lib/tempest b/lib/tempest index b8f9915a87..29b01f186f 100644 --- a/lib/tempest +++ b/lib/tempest @@ -514,9 +514,15 @@ function configure_tempest { iniset $TEMPEST_CONFIG compute-feature-enabled volume_multiattach True fi - if is_service_enabled n-novnc; then + if is_service_enabled n-novnc || [ "$NOVA_VNC_ENABLED" != False ]; then iniset $TEMPEST_CONFIG compute-feature-enabled vnc_console True fi + if is_service_enabled n-spice || [ "$NOVA_SPICE_ENABLED" != False ]; then + iniset $TEMPEST_CONFIG compute-feature-enabled spice_console True + fi + if is_service_enabled n-sproxy || [ "$NOVA_SERIAL_ENABLED" != False ]; then + iniset $TEMPEST_CONFIG compute-feature-enabled serial_console True + fi # Network iniset $TEMPEST_CONFIG network project_networks_reachable false From 754f1c66f53240e3ebda53fbb95bfdeee05b5796 Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Thu, 13 Feb 2025 08:39:24 +0000 Subject: [PATCH 036/149] [eventlet-removal] Remove "logger" mechanism from ML2/OVN CI jobs The "logger" mechanism is a testing class that is still calling monkey_patch. This mechanism driver is not relevant nor neccessary for the ML2/OVN CI jobs. Change-Id: I539b202ca81f62f4ae26b5275fd6b245d2066fe7 --- lib/neutron_plugins/ovn_agent | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index 01dc1edfdd..71b5e3350d 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -161,8 +161,10 @@ fi # Defaults Overwrite # ------------------ - -Q_ML2_PLUGIN_MECHANISM_DRIVERS=${Q_ML2_PLUGIN_MECHANISM_DRIVERS:-ovn,logger} +# NOTE(ralonsoh): during the eventlet removal, the "logger" mech +# driver has been removed from this list. Re-add it once the removal +# is finished or the mech driver does not call monkey_patch(). +Q_ML2_PLUGIN_MECHANISM_DRIVERS=${Q_ML2_PLUGIN_MECHANISM_DRIVERS:-ovn} Q_ML2_PLUGIN_TYPE_DRIVERS=${Q_ML2_PLUGIN_TYPE_DRIVERS:-local,flat,vlan,geneve} Q_ML2_TENANT_NETWORK_TYPE=${Q_ML2_TENANT_NETWORK_TYPE:-"geneve"} Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS=${Q_ML2_PLUGIN_GENEVE_TYPE_OPTIONS:-"vni_ranges=1:65536"} From 1aac81ee881534276fd7d6540ed356a85d064a13 Mon Sep 17 00:00:00 2001 From: Vasyl Saienko Date: Sat, 18 Jan 2025 08:40:51 +0000 Subject: [PATCH 037/149] Allow to enable atop It may be required to troubleshoot performance related bugs during tests exection, to have ability to inspect environment processes and theirs status during test run this patch installs atop by default if not explicitly disabled. Related-Bug: #2095224 Change-Id: Iedbd61f3ce3cd2255ea5f2a7a93ba2f39ad28ff2 --- .zuul.yaml | 1 + lib/atop | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ stack.sh | 7 +++++++ unstack.sh | 5 +++++ 4 files changed, 61 insertions(+) create mode 100644 lib/atop diff --git a/.zuul.yaml b/.zuul.yaml index 74ce39cdfa..aec7113ab4 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -357,6 +357,7 @@ '{{ devstack_conf_dir }}/.localrc.auto': logs '{{ devstack_conf_dir }}/.stackenv': logs '{{ devstack_log_dir }}/dstat-csv.log': logs + '{{ devstack_log_dir }}/atop': logs '{{ devstack_log_dir }}/devstacklog.txt': logs '{{ devstack_log_dir }}/devstacklog.txt.summary': logs '{{ devstack_log_dir }}/tcpdump.pcap': logs diff --git a/lib/atop b/lib/atop new file mode 100644 index 0000000000..e0b14cb039 --- /dev/null +++ b/lib/atop @@ -0,0 +1,48 @@ +#!/bin/bash +# +# lib/atop +# Functions to start and stop atop + +# Dependencies: +# +# - ``functions`` file + +# ``stack.sh`` calls the entry points in this order: +# +# - configure_atop +# - install_atop +# - start_atop +# - stop_atop + +# Save trace setting +_XTRACE_ATOP=$(set +o | grep xtrace) +set +o xtrace + +function configure_atop { + cat </dev/null +# /etc/default/atop +# see man atoprc for more possibilities to configure atop execution + +LOGOPTS="-R" +LOGINTERVAL=${ATOP_LOGINTERVAL:-"30"} +LOGGENERATIONS=${ATOP_LOGGENERATIONS:-"1"} +LOGPATH=$LOGDIR/atop +EOF +} + +function install_atop { + install_package atop +} + +# start_() - Start running processes +function start_atop { + start_service atop +} + +# stop_atop() stop atop process +function stop_atop { + stop_service atop +} + +# Restore xtrace +$_XTRACE_ATOP diff --git a/stack.sh b/stack.sh index bfa0573f21..c2a4b5dc9a 100755 --- a/stack.sh +++ b/stack.sh @@ -641,6 +641,7 @@ source $TOP_DIR/lib/swift source $TOP_DIR/lib/neutron source $TOP_DIR/lib/ldap source $TOP_DIR/lib/dstat +source $TOP_DIR/lib/atop source $TOP_DIR/lib/tcpdump source $TOP_DIR/lib/etcd3 source $TOP_DIR/lib/os-vif @@ -1093,6 +1094,12 @@ save_stackenv $LINENO # A better kind of sysstat, with the top process per time slice start_dstat +if is_service_enabled atop; then + configure_atop + install_atop + start_atop +fi + # Run a background tcpdump for debugging # Note: must set TCPDUMP_ARGS with the enabled service if is_service_enabled tcpdump; then diff --git a/unstack.sh b/unstack.sh index 1b2d8dd62a..29c80718f8 100755 --- a/unstack.sh +++ b/unstack.sh @@ -73,6 +73,7 @@ source $TOP_DIR/lib/swift source $TOP_DIR/lib/neutron source $TOP_DIR/lib/ldap source $TOP_DIR/lib/dstat +source $TOP_DIR/lib/atop source $TOP_DIR/lib/etcd3 # Extras Source @@ -174,6 +175,10 @@ fi stop_dstat +if is_service_enabled atop; then + stop_atop +fi + # NOTE: Cinder automatically installs the lvm2 package, independently of the # enabled backends. So if Cinder is enabled, and installed successfully we are # sure lvm2 (lvremove, /etc/lvm/lvm.conf, etc.) is here. From 4ed29f85911642fb5d01f919703697746be19d7c Mon Sep 17 00:00:00 2001 From: Christian Schwede Date: Wed, 26 Feb 2025 11:40:10 +0100 Subject: [PATCH 038/149] Fix Swift rsync/replication configuration Swift rsync and replication services are up and running, however they fail to replicate any data if needed and if used with more than one replica. This patch removes a deprecated option setting[1] and replaces it with the required setting to use the correct rsync module suffix. Additionally it removes an outdated subdirectory suffix in the rsyncd configuration that has been removed as well[2]. Closes-Bug: #2100272 [1] https://opendev.org/openstack/swift/commit/675145ef4a131d548cc1122689732b9b65e5def4 [2] https://opendev.org/openstack/devstack/commit/0e58d22897457831b9dbf02d66a2f29d43803597 Change-Id: I5283405d00883a4dd11b7c001b1bba3776e576b8 --- files/swift/rsyncd.conf | 24 ++++++++++++------------ lib/swift | 4 ++-- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/files/swift/rsyncd.conf b/files/swift/rsyncd.conf index c49f716fa7..937d6c4b9a 100644 --- a/files/swift/rsyncd.conf +++ b/files/swift/rsyncd.conf @@ -6,74 +6,74 @@ address = 127.0.0.1 [account6612] max connections = 25 -path = %SWIFT_DATA_DIR%/1/node/ +path = %SWIFT_DATA_DIR%/1/ read only = false lock file = %SWIFT_DATA_DIR%/run/account6612.lock [account6622] max connections = 25 -path = %SWIFT_DATA_DIR%/2/node/ +path = %SWIFT_DATA_DIR%/2/ read only = false lock file = %SWIFT_DATA_DIR%/run/account6622.lock [account6632] max connections = 25 -path = %SWIFT_DATA_DIR%/3/node/ +path = %SWIFT_DATA_DIR%/3/ read only = false lock file = %SWIFT_DATA_DIR%/run/account6632.lock [account6642] max connections = 25 -path = %SWIFT_DATA_DIR%/4/node/ +path = %SWIFT_DATA_DIR%/4/ read only = false lock file = %SWIFT_DATA_DIR%/run/account6642.lock [container6611] max connections = 25 -path = %SWIFT_DATA_DIR%/1/node/ +path = %SWIFT_DATA_DIR%/1/ read only = false lock file = %SWIFT_DATA_DIR%/run/container6611.lock [container6621] max connections = 25 -path = %SWIFT_DATA_DIR%/2/node/ +path = %SWIFT_DATA_DIR%/2/ read only = false lock file = %SWIFT_DATA_DIR%/run/container6621.lock [container6631] max connections = 25 -path = %SWIFT_DATA_DIR%/3/node/ +path = %SWIFT_DATA_DIR%/3/ read only = false lock file = %SWIFT_DATA_DIR%/run/container6631.lock [container6641] max connections = 25 -path = %SWIFT_DATA_DIR%/4/node/ +path = %SWIFT_DATA_DIR%/4/ read only = false lock file = %SWIFT_DATA_DIR%/run/container6641.lock [object6613] max connections = 25 -path = %SWIFT_DATA_DIR%/1/node/ +path = %SWIFT_DATA_DIR%/1/ read only = false lock file = %SWIFT_DATA_DIR%/run/object6613.lock [object6623] max connections = 25 -path = %SWIFT_DATA_DIR%/2/node/ +path = %SWIFT_DATA_DIR%/2/ read only = false lock file = %SWIFT_DATA_DIR%/run/object6623.lock [object6633] max connections = 25 -path = %SWIFT_DATA_DIR%/3/node/ +path = %SWIFT_DATA_DIR%/3/ read only = false lock file = %SWIFT_DATA_DIR%/run/object6633.lock [object6643] max connections = 25 -path = %SWIFT_DATA_DIR%/4/node/ +path = %SWIFT_DATA_DIR%/4/ read only = false lock file = %SWIFT_DATA_DIR%/run/object6643.lock diff --git a/lib/swift b/lib/swift index 3659624d5b..862927437d 100644 --- a/lib/swift +++ b/lib/swift @@ -318,8 +318,8 @@ function generate_swift_config_services { iniuncomment ${swift_node_config} DEFAULT mount_check iniset ${swift_node_config} DEFAULT mount_check false - iniuncomment ${swift_node_config} ${server_type}-replicator vm_test_mode - iniset ${swift_node_config} ${server_type}-replicator vm_test_mode yes + iniuncomment ${swift_node_config} ${server_type}-replicator rsync_module + iniset ${swift_node_config} ${server_type}-replicator rsync_module "{replication_ip}::${server_type}{replication_port}" # Using a sed and not iniset/iniuncomment because we want to a global # modification and make sure it works for new sections. From e650b827904fe8835800a96332937bb1c8f4516e Mon Sep 17 00:00:00 2001 From: Rajat Dhasmana Date: Wed, 26 Feb 2025 00:38:26 +0530 Subject: [PATCH 039/149] Tempest: Add support for extend attached encrypted volumes tests We've LUKSv1 and LUKSv2 tests[1] in tempest that requires the ``extend_attached_encrypted_volume`` option to be True but currently there is no way to set it in devstack. This patch adds the parameter ``TEMPEST_EXTEND_ATTACHED_ENCRYPTED_VOLUME`` to enable the tests. [1] https://github.com/openstack/tempest/blob/cb03598a65f47c51406fc86c9c1503fe42424848/tempest/api/volume/admin/test_encrypted_volumes_extend.py Change-Id: Id3a3483629794ac38cb314812eeff84b677f35cd --- lib/tempest | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/tempest b/lib/tempest index 29b01f186f..c9486f6310 100644 --- a/lib/tempest +++ b/lib/tempest @@ -586,6 +586,7 @@ function configure_tempest { TEMPEST_VOLUME_REVERT_TO_SNAPSHOT=${TEMPEST_VOLUME_REVERT_TO_SNAPSHOT:-True} fi iniset $TEMPEST_CONFIG volume-feature-enabled volume_revert $(trueorfalse False TEMPEST_VOLUME_REVERT_TO_SNAPSHOT) + iniset $TEMPEST_CONFIG volume-feature-enabled extend_attached_encrypted_volume ${TEMPEST_EXTEND_ATTACHED_ENCRYPTED_VOLUME:-False} if [[ "$CINDER_BACKUP_DRIVER" == *"swift"* ]]; then iniset $TEMPEST_CONFIG volume backup_driver swift fi From 85576bbfd430a9f419fbd837dfa20a2ef687da94 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Wed, 26 Feb 2025 18:04:09 +0000 Subject: [PATCH 040/149] tools: Set user_domain_id in generated clouds.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If you specify a username, you also need to specify a domain that the user exists in. Failure to do so results in the following error: Expecting to find domain in user. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error. (HTTP 400)␏ This was mostly being masked for us in python-openstackclient by this little helper in osc-lib [1], but we can't rely on that for openstacksdk (and shouldn't really rely on it elsewhere either). We also deprecate the '--os-identity-api-version' and '--os-volume-api-version' options and will remove them shortly: both services only have v3 APIs nowadays. [1] https://github.com/openstack/osc-lib/blob/3.2.0/osc_lib/cli/client_config.py#L136-L147 Change-Id: I5537b0a7d58efb8a325ed61bad358f677f7a3cdf Signed-off-by: Stephen Finucane --- lib/keystone | 2 +- tools/update_clouds_yaml.py | 29 ++++++++++++++++++++--------- 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/lib/keystone b/lib/keystone index 76e2598ba3..8371045026 100644 --- a/lib/keystone +++ b/lib/keystone @@ -592,7 +592,7 @@ function bootstrap_keystone { # create_ldap_domain() - Create domain file and initialize domain with a user function create_ldap_domain { # Creates domain Users - openstack --os-identity-api-version=3 domain create --description "LDAP domain" Users + openstack domain create --description "LDAP domain" Users # Create domain file inside etc/keystone/domains KEYSTONE_LDAP_DOMAIN_FILE=$KEYSTONE_CONF_DIR/domains/keystone.Users.conf diff --git a/tools/update_clouds_yaml.py b/tools/update_clouds_yaml.py index 74dcdb2a07..c0a54838cc 100755 --- a/tools/update_clouds_yaml.py +++ b/tools/update_clouds_yaml.py @@ -14,14 +14,14 @@ # Update the clouds.yaml file. - import argparse import os.path +import sys import yaml -class UpdateCloudsYaml(object): +class UpdateCloudsYaml: def __init__(self, args): if args.file: self._clouds_path = args.file @@ -32,6 +32,14 @@ def __init__(self, args): self._create_directory = True self._clouds = {} + if args.os_identity_api_version != '3': + print("ERROR: Only identity API v3 is supported") + sys.exit(1) + + if args.os_volume_api_version != '3': + print("ERROR: Only block storage API v3 is supported") + sys.exit(1) + self._cloud = args.os_cloud self._cloud_data = { 'region_name': args.os_region_name, @@ -40,20 +48,23 @@ def __init__(self, args): 'auth': { 'auth_url': args.os_auth_url, 'username': args.os_username, + 'user_domain_id': 'default', 'password': args.os_password, }, } + if args.os_project_name and args.os_system_scope: print( - "WARNING: os_project_name and os_system_scope were both" - " given. os_system_scope will take priority.") - if args.os_project_name and not args.os_system_scope: + "WARNING: os_project_name and os_system_scope were both " + "given. os_system_scope will take priority." + ) + + if args.os_system_scope: # system-scoped + self._cloud_data['auth']['system_scope'] = args.os_system_scope + elif args.os_project_name: # project-scoped self._cloud_data['auth']['project_name'] = args.os_project_name - if args.os_identity_api_version == '3' and not args.os_system_scope: - self._cloud_data['auth']['user_domain_id'] = 'default' self._cloud_data['auth']['project_domain_id'] = 'default' - if args.os_system_scope: - self._cloud_data['auth']['system_scope'] = args.os_system_scope + if args.os_cacert: self._cloud_data['cacert'] = args.os_cacert From 1c96b4ef5fbe5425d9c6e80b34bbb805a31a0808 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Wed, 26 Feb 2025 18:12:23 +0000 Subject: [PATCH 041/149] openrc: Stop setting OS_VOLUME_API_VERSION, CINDER_VERSION We have not needed these in years. Change-Id: I4d76a7d3a8513ce5a927d533b34fb609e5dacdfa Signed-off-by: Stephen Finucane --- openrc | 5 ----- 1 file changed, 5 deletions(-) diff --git a/openrc b/openrc index 5ec7634638..e800abeb3d 100644 --- a/openrc +++ b/openrc @@ -72,8 +72,3 @@ if [[ ! -v OS_CACERT ]] ; then export OS_CACERT=$DEFAULT_OS_CACERT fi fi - -# Currently cinderclient needs you to specify the *volume api* version. This -# needs to match the config of your catalog returned by Keystone. -export CINDER_VERSION=${CINDER_VERSION:-3} -export OS_VOLUME_API_VERSION=${OS_VOLUME_API_VERSION:-$CINDER_VERSION} From ca15453625638d2660b7fd2fce261096f9f15dd0 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Thu, 27 Feb 2025 13:24:31 +0000 Subject: [PATCH 042/149] tools: Remove --os-identity-api-version, --os-volume-api-version opts There is only one volume API and one identity API, and their collective number is 3. Change-Id: Ie269817c5bb0eddd8cfcf279a46cffe4a56377b2 Signed-off-by: Stephen Finucane Depends-on: https://review.opendev.org/c/openstack/openstacksdk/+/942898 --- tools/update_clouds_yaml.py | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/tools/update_clouds_yaml.py b/tools/update_clouds_yaml.py index c0a54838cc..87312d9469 100755 --- a/tools/update_clouds_yaml.py +++ b/tools/update_clouds_yaml.py @@ -32,19 +32,9 @@ def __init__(self, args): self._create_directory = True self._clouds = {} - if args.os_identity_api_version != '3': - print("ERROR: Only identity API v3 is supported") - sys.exit(1) - - if args.os_volume_api_version != '3': - print("ERROR: Only block storage API v3 is supported") - sys.exit(1) - self._cloud = args.os_cloud self._cloud_data = { 'region_name': args.os_region_name, - 'identity_api_version': args.os_identity_api_version, - 'volume_api_version': args.os_volume_api_version, 'auth': { 'auth_url': args.os_auth_url, 'username': args.os_username, @@ -100,8 +90,6 @@ def main(): parser.add_argument('--file') parser.add_argument('--os-cloud', required=True) parser.add_argument('--os-region-name', default='RegionOne') - parser.add_argument('--os-identity-api-version', default='3') - parser.add_argument('--os-volume-api-version', default='3') parser.add_argument('--os-cacert') parser.add_argument('--os-auth-url', required=True) parser.add_argument('--os-username', required=True) From a0938e6dcf93d77530685391b7850d34ffa206fc Mon Sep 17 00:00:00 2001 From: Ivan Anfimov Date: Sat, 1 Mar 2025 20:46:26 +0000 Subject: [PATCH 043/149] Fix for CSS problems in Horizon After installation DevStack icons are not displayed. Change-Id: I1bedf97e4d2b7f13b4a0c5b98e29ac53cf502e96 Closes-Bug: #2093844 --- files/apache-horizon.template | 1 + 1 file changed, 1 insertion(+) diff --git a/files/apache-horizon.template b/files/apache-horizon.template index da7a7d26c3..98d02e168e 100644 --- a/files/apache-horizon.template +++ b/files/apache-horizon.template @@ -10,6 +10,7 @@ DocumentRoot %HORIZON_DIR%/.blackhole/ Alias %WEBROOT%/media %HORIZON_DIR%/openstack_dashboard/static Alias %WEBROOT%/static %HORIZON_DIR%/static + Alias /static %HORIZON_DIR%/static RedirectMatch "^/$" "%WEBROOT%/" From 9f2f499ded039dc2545c4e8860204f013f460350 Mon Sep 17 00:00:00 2001 From: Vasyl Saienko Date: Fri, 28 Feb 2025 07:47:11 +0000 Subject: [PATCH 044/149] Pre create logs directory for atop The race may happen and atop can't start due to missing logs directory. This patch pre-creates directory before starting atop process. Closes-Bug: #2100871 Change-Id: I89e3100dc86d60266913b5c5776db65e8882847c --- lib/atop | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/atop b/lib/atop index e0b14cb039..25c8e9a83f 100644 --- a/lib/atop +++ b/lib/atop @@ -19,7 +19,8 @@ _XTRACE_ATOP=$(set +o | grep xtrace) set +o xtrace function configure_atop { - cat </dev/null + mkdir -p $LOGDIR/atop + cat </dev/null # /etc/default/atop # see man atoprc for more possibilities to configure atop execution From ab9fb4eb8732b1cc5505b8c9e722a7310038efdf Mon Sep 17 00:00:00 2001 From: Brian Haley Date: Wed, 5 Mar 2025 09:34:25 -0500 Subject: [PATCH 045/149] Remove openstack network section from overview This section is old and doesn't make much sense anymore, let's remove it. Neutron is already mentioned as a default service and has its own config guide. TrivialFix Change-Id: I2a2ed574f9eca7b87fb9bb6422568ed4fc55f057 --- doc/source/overview.rst | 6 ------ 1 file changed, 6 deletions(-) diff --git a/doc/source/overview.rst b/doc/source/overview.rst index 81e58a341e..c978e8d2cf 100644 --- a/doc/source/overview.rst +++ b/doc/source/overview.rst @@ -52,12 +52,6 @@ Web Server - Apache -OpenStack Network ------------------ - -- Neutron: A basic configuration approximating the original FlatDHCP - mode using OpenVSwitch. - Services -------- From 0572e59775c91494fb6009ac4be539fb892226c7 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sat, 15 Mar 2025 10:44:05 +0900 Subject: [PATCH 046/149] Skip functional tests for .gitreview update ... because the file does not affect any functionality. Also apply the consistent irrelevant files to skip functional tests to avoid unnecessary jobs. Change-Id: Ibce79d6b7627c26aa69989ed17ae32d7c3b63d19 --- .zuul.yaml | 72 +++++++++++++++--------------------------------------- 1 file changed, 20 insertions(+), 52 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 7d72ab101a..48dd55e2d2 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -455,7 +455,7 @@ pre-run: playbooks/pre.yaml run: playbooks/devstack.yaml post-run: playbooks/post.yaml - irrelevant-files: + irrelevant-files: &common-irrelevant-files # Documentation related - ^.*\.rst$ - ^api-ref/.*$ @@ -465,6 +465,8 @@ - ^.*/locale/.*po$ # pre-commit config - ^.pre-commit-config.yaml$ + # gitreview config + - ^.gitreview$ - job: name: devstack-minimal @@ -915,35 +917,21 @@ - ironic-tempest-bios-ipmi-direct-tinyipa - swift-dsvm-functional - grenade: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - neutron-ovs-grenade-multinode: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - neutron-ovn-tempest-ovs-release: voting: false - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - tempest-multinode-full-py3: voting: false - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - openstacksdk-functional-devstack: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - tempest-ipv6-only: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - nova-ceph-multistore: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files gate: jobs: - devstack @@ -958,27 +946,17 @@ - devstack-unit-tests - openstack-tox-bashate - neutron-ovs-grenade-multinode: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - ironic-tempest-bios-ipmi-direct-tinyipa - swift-dsvm-functional - grenade: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - openstacksdk-functional-devstack: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - tempest-ipv6-only: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - nova-ceph-multistore: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files # Please add a note on each job and conditions for the job not # being experimental any more, so we can keep this list somewhat # pruned. @@ -995,25 +973,15 @@ - nova-multi-cell - nova-next - devstack-plugin-ceph-tempest-py3: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - neutron-ovs-tempest-dvr: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - neutron-ovs-tempest-dvr-ha-multinode-full: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - cinder-tempest-lvm-multibackend: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - tempest-pg-full: - irrelevant-files: - - ^.*\.rst$ - - ^doc/.*$ + irrelevant-files: *common-irrelevant-files - devstack-no-tls-proxy periodic: jobs: From da40accd158ed55200de93a4191dbe334c82db22 Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Fri, 21 Mar 2025 10:33:51 -0700 Subject: [PATCH 047/149] Update DEVSTACK_SERIES to 2025.2 stable/2025.1 branch has been created now and current master is for 2025.2. Change-Id: Iba81d280ebf1bd488bd590bdc4e31c49782c7099 --- stackrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackrc b/stackrc index c05d4e2d98..0319fc8a50 100644 --- a/stackrc +++ b/stackrc @@ -252,7 +252,7 @@ REQUIREMENTS_DIR=${REQUIREMENTS_DIR:-$DEST/requirements} # Setting the variable to 'ALL' will activate the download for all # libraries. -DEVSTACK_SERIES="2025.1" +DEVSTACK_SERIES="2025.2" ############## # From b9be941b9b96478e6bfcceb1e75ae5c66d467f07 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Wed, 26 Mar 2025 10:09:38 -0700 Subject: [PATCH 048/149] Reduce unnecessary apache restarts Systemd limits the total number of restarts that a service can undergo in a short period of time. On faster nodes all of our apache restarts hit that limit and we eventually fail. Mitigate this by removing unnecessary restarts. Change-Id: I425bb9eec525d82372f05edc63e4fb931e5a4887 --- lib/apache | 16 +++++++++++----- lib/tls | 15 ++++++++++++--- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/lib/apache b/lib/apache index fc174f3901..15b4297809 100644 --- a/lib/apache +++ b/lib/apache @@ -53,13 +53,16 @@ APACHE_LOG_DIR="/var/log/${APACHE_NAME}" # Enable apache mod and restart apache if it isn't already enabled. function enable_apache_mod { local mod=$1 + local should_restart=$2 # Apache installation, because we mark it NOPRIME if is_ubuntu; then # Skip mod_version as it is not a valid mod to enable # on debuntu, instead it is built in. if [[ "$mod" != "version" ]] && ! a2query -m $mod ; then sudo a2enmod $mod - restart_apache_server + if [[ "$should_restart" != "norestart" ]] ; then + restart_apache_server + fi fi elif is_fedora; then # pass @@ -113,15 +116,18 @@ function install_apache_uwsgi { fi if is_ubuntu; then - # we've got to enable proxy and proxy_uwsgi for this to work - sudo a2enmod proxy - sudo a2enmod proxy_uwsgi + if ! a2query -m proxy || ! a2query -m proxy_uwsgi ; then + # we've got to enable proxy and proxy_uwsgi for this to work + sudo a2enmod proxy + sudo a2enmod proxy_uwsgi + restart_apache_server + fi elif is_fedora; then # redhat is missing a nice way to turn on/off modules echo "LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so" \ | sudo tee /etc/httpd/conf.modules.d/02-proxy-uwsgi.conf + restart_apache_server fi - restart_apache_server } # install_apache_wsgi() - Install Apache server and wsgi module diff --git a/lib/tls b/lib/tls index 0a598e14f7..cff5c630a5 100644 --- a/lib/tls +++ b/lib/tls @@ -452,6 +452,7 @@ function enable_mod_ssl { # =============== function tune_apache_connections { + local should_restart=$1 local tuning_file=$APACHE_SETTINGS_DIR/connection-tuning.conf if ! [ -f $tuning_file ] ; then sudo bash -c "cat > $tuning_file" << EOF @@ -494,7 +495,12 @@ ThreadLimit 64 MaxRequestsPerChild 0 EOF - restart_apache_server + if [ "$should_restart" != "norestart" ] ; then + # Only restart the apache server if we know we really want to + # do so. Too many restarts in a short period of time is treated + # as an error by systemd. + restart_apache_server + fi fi } @@ -509,7 +515,8 @@ function start_tls_proxy { # 8190 is the default apache size. local f_header_size=${6:-8190} - tune_apache_connections + # We don't restart apache here as we'll do it at the end of the function. + tune_apache_connections norestart local config_file config_file=$(apache_site_config_for $b_service) @@ -558,7 +565,9 @@ $listen_string EOF for mod in headers ssl proxy proxy_http; do - enable_apache_mod $mod + # We don't need to restart here as we will restart once at the end + # of the function. + enable_apache_mod $mod norestart done enable_apache_site $b_service restart_apache_server From cb177ba84bd90f70a02fbac8b60549e7323ec7d2 Mon Sep 17 00:00:00 2001 From: Ivan Anfimov Date: Sat, 1 Mar 2025 22:15:04 +0000 Subject: [PATCH 049/149] Fix for module proxy_uwsgi_module is already loaded Rocky Linux 9.5 64 bit httpd -t [Sun Mar 02 01:10:49.272260 2025] [so:warn] [pid 201497:tid 201497] AH01574: module proxy_uwsgi_module is already loaded, skipping Change-Id: Id6a88c2b7958789f7d4947d3259276f120f5f44e --- lib/apache | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/apache b/lib/apache index 15b4297809..744c0f10b6 100644 --- a/lib/apache +++ b/lib/apache @@ -122,11 +122,6 @@ function install_apache_uwsgi { sudo a2enmod proxy_uwsgi restart_apache_server fi - elif is_fedora; then - # redhat is missing a nice way to turn on/off modules - echo "LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so" \ - | sudo tee /etc/httpd/conf.modules.d/02-proxy-uwsgi.conf - restart_apache_server fi } From f41a16c11801f986a6e799e02b5340adf6b04fbb Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Wed, 9 Apr 2025 18:14:00 +0530 Subject: [PATCH 050/149] Fix python3 version for rpm distros pythonX.Y version is virtually provided since long[1], and pythonXY-devel no longer provided in latest CentOS and Fedora releases. So switching to use pythonX.Y-devel as that will also pull pythonX.Y as a dependency. Additionally install pythonX.Y-pip as for rpm distros it don't install pip via source. [1] https://src.fedoraproject.org/rpms/python3/c/75005c20f68f3b4ceb734e876b37009c8c3b99f3 Change-Id: I990586cce876533c67e3da4c97d9e5995c762340 --- inc/python | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/inc/python b/inc/python index bd58905e9e..cd90ac82c6 100644 --- a/inc/python +++ b/inc/python @@ -489,11 +489,7 @@ function install_python3 { if is_ubuntu; then apt_get install python${PYTHON3_VERSION} python${PYTHON3_VERSION}-dev elif is_fedora; then - if [ "$os_VENDOR" = "Fedora" ]; then - install_package python${PYTHON3_VERSION//.} - else - install_package python${PYTHON3_VERSION//.} python${PYTHON3_VERSION//.}-devel - fi + install_package python${PYTHON3_VERSION}-devel python${PYTHON3_VERSION}-pip fi } From c4340a64ee35b2b8b5395461b6702ef765786465 Mon Sep 17 00:00:00 2001 From: Gorka Eguileor Date: Fri, 8 Jul 2022 14:08:03 +0200 Subject: [PATCH 051/149] Add support for shared os_brick file lock path There can be problems with some os-brick connectors if nova and cinder run on the same host with different lock path locations, which we currently do, or if Cinder and Glance with cinder store run on the same host, and a recent os-brick change (Ic52338278eb5bb3d90ce582fe6b23f37eb5568c4) allows for an os-brick specific lock_path to facilitate these kind of deployment. This patch adds the ``lock_path`` configuration option in the ``[os_brick]`` section of the nova, cinder, and glance config files. If the os-brick, cinder, nova, or glance-store changes are not present then the new config option is be ignored in the respective service, and it will be used otherwise, so there's no need to make this patch dependent on any other since we won't be worse off than we are now. Change-Id: Ibe7da160460151734224863cddec5e0d549b4938 --- lib/cinder | 16 ++++++++++++++++ stack.sh | 5 +++++ 2 files changed, 21 insertions(+) diff --git a/lib/cinder b/lib/cinder index b557d4b10b..2b565c9535 100644 --- a/lib/cinder +++ b/lib/cinder @@ -59,6 +59,7 @@ else fi CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder} +OS_BRICK_LOCK_PATH=${OS_BRICK_LOCK_PATH:=$DATA_DIR/os_brick} CINDER_CONF_DIR=/etc/cinder CINDER_CONF=$CINDER_CONF_DIR/cinder.conf @@ -511,6 +512,21 @@ function init_cinder { mkdir -p $CINDER_STATE_PATH/volumes } + +function init_os_brick { + mkdir -p $OS_BRICK_LOCK_PATH + if is_service_enabled cinder; then + iniset $CINDER_CONF os_brick lock_path $OS_BRICK_LOCK_PATH + fi + if is_service_enabled nova; then + iniset $NOVA_CONF os_brick lock_path $OS_BRICK_LOCK_PATH + fi + if is_service_enabled glance; then + iniset $GLANCE_API_CONF os_brick lock_path $OS_BRICK_LOCK_PATH + iniset $GLANCE_CACHE_CONF os_brick lock_path $OS_BRICK_LOCK_PATH + fi +} + # install_cinder() - Collect source and prepare function install_cinder { git_clone $CINDER_REPO $CINDER_DIR $CINDER_BRANCH diff --git a/stack.sh b/stack.sh index 04b5f4ca6a..afca5250d5 100755 --- a/stack.sh +++ b/stack.sh @@ -1005,6 +1005,11 @@ if is_service_enabled tls-proxy; then fix_system_ca_bundle_path fi +if is_service_enabled cinder || [[ "$USE_CINDER_FOR_GLANCE" == "True" ]]; then + # os-brick setup required by glance, cinder, and nova + init_os_brick +fi + # Extras Install # -------------- From 3fe8873a15db27d2d8b7df4e708210ee3ca1465d Mon Sep 17 00:00:00 2001 From: OpenStack Proposal Bot Date: Sat, 26 Apr 2025 02:19:56 +0000 Subject: [PATCH 052/149] Updated from generate-devstack-plugins-list Change-Id: I7932dc96301cb2a52607007aa6935bbf6aa66397 --- doc/source/plugin-registry.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index f7873c962d..e84c946287 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -24,6 +24,7 @@ official OpenStack projects. ======================================== === Plugin Name URL ======================================== === +openstack/aetos `https://opendev.org/openstack/aetos `__ openstack/aodh `https://opendev.org/openstack/aodh `__ openstack/barbican `https://opendev.org/openstack/barbican `__ openstack/blazar `https://opendev.org/openstack/blazar `__ From ea23079321231c63e78e84cd58088663e92134a8 Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Wed, 30 Apr 2025 21:41:37 +0530 Subject: [PATCH 053/149] Fix cert detection with custom PYTHON3_VERSION PYTHON3_VERSION was not considered for detecting ca path with GLOBAL_VENV=False, this patch fixes it. Related-Bug: #2109591 Change-Id: Ie597494a2a11293cbd20e6d0b23dcb31bf343957 --- lib/tls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tls b/lib/tls index cff5c630a5..fa0a448d7d 100644 --- a/lib/tls +++ b/lib/tls @@ -367,7 +367,7 @@ function fix_system_ca_bundle_path { if [[ "$GLOBAL_VENV" == "True" ]] ; then capath=$($DEVSTACK_VENV/bin/python3 -c $'try:\n from requests import certs\n print (certs.where())\nexcept ImportError: pass') else - capath=$(python3 -c $'try:\n from requests import certs\n print (certs.where())\nexcept ImportError: pass') + capath=$(python$PYTHON3_VERSION -c $'try:\n from requests import certs\n print (certs.where())\nexcept ImportError: pass') fi if [[ ! $capath == "" && ! $capath =~ ^/etc/.* && ! -L $capath ]]; then if is_fedora; then From 24870ec45a9486a31239218d74d0fd3fa3e5f118 Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Mon, 5 May 2025 14:13:06 +0530 Subject: [PATCH 054/149] Pass PYTHON env var to memory tracker It was not honoring PYTHON3_VERSION when running with GLOBAL_VENV=false, this patch fixes it. Related-Bug: #2109591 Change-Id: Ib34c099b897e59fce24cab6e98dc31a505e4922e --- lib/dstat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/dstat b/lib/dstat index 870c901d2a..9bd0370847 100644 --- a/lib/dstat +++ b/lib/dstat @@ -33,7 +33,7 @@ function start_dstat { # To enable memory_tracker add: # enable_service memory_tracker # to your localrc - run_process memory_tracker "$TOP_DIR/tools/memory_tracker.sh" "" "root" + run_process memory_tracker "$TOP_DIR/tools/memory_tracker.sh" "" "root" "PYTHON=python${PYTHON3_VERSION}" # TODO(jh): Fail when using the old service name otherwise consumers might # never notice that is has been removed. From bf1ef3278c30572f5b958c5f1d2f59839e3d2b87 Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Mon, 5 May 2025 18:08:12 +0530 Subject: [PATCH 055/149] Honor PYTHON3_VERSION for mod_wsgi rpm installation Different variants of mod_wsgi are provided like:- python3-mod_wsgi.x86_64 python3.11-mod_wsgi.x86_64 python3.12-mod_wsgi.x86_64 Adjust script to also consider PYTHON3_VERSION var to correctly install the package. Related-Bug: #2109591 Change-Id: I6bbfd92ef727ef9b343cd5778bb78f43c13165ad --- lib/apache | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/apache b/lib/apache index 744c0f10b6..5ab74b7087 100644 --- a/lib/apache +++ b/lib/apache @@ -137,7 +137,7 @@ function install_apache_wsgi { install_package libapache2-mod-wsgi-py3 elif is_fedora; then sudo rm -f /etc/httpd/conf.d/000-* - install_package httpd python3-mod_wsgi + install_package httpd python${PYTHON3_VERSION}-mod_wsgi # rpm distros dont enable httpd by default so enable it to support reboots. sudo systemctl enable httpd # For consistency with Ubuntu, switch to the worker mpm, as From 74837e0b30ea782b073eb6d23b0aa3060068a3a1 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Fri, 11 Oct 2024 16:15:47 +0100 Subject: [PATCH 056/149] lib/neutron: Deploy under uWSGI by default Change-Id: I6256ca1725c56859947d957156d865949879b130 Signed-off-by: Stephen Finucane Depends-on: https://review.opendev.org/c/openstack/grenade/+/949166 --- lib/neutron | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/lib/neutron b/lib/neutron index 69ff212991..78ff6cfb24 100644 --- a/lib/neutron +++ b/lib/neutron @@ -82,11 +82,9 @@ NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"} # NEUTRON_DEPLOY_MOD_WSGI defines how neutron is deployed, allowed values: -# - False (default) : Run neutron under Eventlet -# - True : Run neutron under uwsgi -# TODO(annp): Switching to uwsgi in next cycle if things turn out to be stable -# enough -NEUTRON_DEPLOY_MOD_WSGI=$(trueorfalse False NEUTRON_DEPLOY_MOD_WSGI) +# - False : Run neutron under Eventlet +# - True (default) : Run neutron under uwsgi +NEUTRON_DEPLOY_MOD_WSGI=$(trueorfalse True NEUTRON_DEPLOY_MOD_WSGI) NEUTRON_UWSGI=neutron.wsgi.api:application NEUTRON_UWSGI_CONF=$NEUTRON_CONF_DIR/neutron-api-uwsgi.ini From d040e15961050f6e3fe538d8d65f13df554870f7 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Fri, 11 Oct 2024 16:18:19 +0100 Subject: [PATCH 057/149] lib/neutron: Remove NEUTRON_DEPLOY_MOD_WSGI neutron no longer supports running under eventlet, so this option is a no-op. Change-Id: Ib2767c0e2bb5aad5d8173dc5653e44a42c2bd499 Signed-off-by: Stephen Finucane --- lib/neutron | 111 +++++++++++++++------------------------------------- 1 file changed, 32 insertions(+), 79 deletions(-) diff --git a/lib/neutron b/lib/neutron index 78ff6cfb24..ea2d8e728a 100644 --- a/lib/neutron +++ b/lib/neutron @@ -62,11 +62,9 @@ if is_service_enabled tls-proxy; then Q_PROTOCOL="https" fi - # Set up default directories GITDIR["python-neutronclient"]=$DEST/python-neutronclient - NEUTRON_DIR=$DEST/neutron NEUTRON_FWAAS_DIR=$DEST/neutron-fwaas @@ -81,11 +79,6 @@ NEUTRON_CONF_DIR=/etc/neutron NEUTRON_CONF=$NEUTRON_CONF_DIR/neutron.conf export NEUTRON_TEST_CONFIG_FILE=${NEUTRON_TEST_CONFIG_FILE:-"$NEUTRON_CONF_DIR/debug.ini"} -# NEUTRON_DEPLOY_MOD_WSGI defines how neutron is deployed, allowed values: -# - False : Run neutron under Eventlet -# - True (default) : Run neutron under uwsgi -NEUTRON_DEPLOY_MOD_WSGI=$(trueorfalse True NEUTRON_DEPLOY_MOD_WSGI) - NEUTRON_UWSGI=neutron.wsgi.api:application NEUTRON_UWSGI_CONF=$NEUTRON_CONF_DIR/neutron-api-uwsgi.ini @@ -153,7 +146,7 @@ _Q_PLUGIN_EXTRA_CONF_PATH=/etc/neutron # The name of the service in the endpoint URL NEUTRON_ENDPOINT_SERVICE_NAME=${NEUTRON_ENDPOINT_SERVICE_NAME-"networking"} -if [[ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" && -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]]; then +if [[ -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]]; then NEUTRON_ENDPOINT_SERVICE_NAME="networking" fi @@ -451,9 +444,7 @@ function configure_neutron { # for state reports is more than adequate. iniset $NEUTRON_CONF DEFAULT rpc_state_report_workers 0 - if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then - write_uwsgi_config "$NEUTRON_UWSGI_CONF" "$NEUTRON_UWSGI" "/networking" "" "neutron-api" - fi + write_uwsgi_config "$NEUTRON_UWSGI_CONF" "$NEUTRON_UWSGI" "/networking" "" "neutron-api" } function configure_neutron_nova { @@ -499,11 +490,7 @@ function create_nova_conf_neutron { # Migrated from keystone_data.sh function create_neutron_accounts { local neutron_url - if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then - neutron_url=$Q_PROTOCOL://$SERVICE_HOST/ - else - neutron_url=$Q_PROTOCOL://$SERVICE_HOST:$Q_PORT/ - fi + neutron_url=$Q_PROTOCOL://$SERVICE_HOST/ if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME fi @@ -634,34 +621,25 @@ function start_neutron_service_and_check { fi # Start the Neutron service - if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then - # The default value of "rpc_workers" is None (not defined). If - # "rpc_workers" is explicitly set to 0, the RPC workers process - # should not be executed. - local rpc_workers - rpc_workers=$(iniget_multiline $NEUTRON_CONF DEFAULT rpc_workers) - - enable_service neutron-api - run_process neutron-api "$(which uwsgi) --procname-prefix neutron-api --ini $NEUTRON_UWSGI_CONF" - neutron_url=$Q_PROTOCOL://$Q_HOST/ - if [ "$rpc_workers" != "0" ]; then - enable_service neutron-rpc-server - fi - enable_service neutron-periodic-workers - _enable_ovn_maintenance - if [ "$rpc_workers" != "0" ]; then - run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $cfg_file_options" - fi - run_process neutron-periodic-workers "$NEUTRON_BIN_DIR/neutron-periodic-workers $cfg_file_options" - _run_ovn_maintenance - else - run_process q-svc "$NEUTRON_BIN_DIR/neutron-server $cfg_file_options" - neutron_url=$service_protocol://$Q_HOST:$service_port/ - # Start proxy if enabled - if is_service_enabled tls-proxy; then - start_tls_proxy neutron '*' $Q_PORT $Q_HOST $Q_PORT_INT - fi - fi + # The default value of "rpc_workers" is None (not defined). If + # "rpc_workers" is explicitly set to 0, the RPC workers process + # should not be executed. + local rpc_workers + rpc_workers=$(iniget_multiline $NEUTRON_CONF DEFAULT rpc_workers) + + enable_service neutron-api + run_process neutron-api "$(which uwsgi) --procname-prefix neutron-api --ini $NEUTRON_UWSGI_CONF" + neutron_url=$Q_PROTOCOL://$Q_HOST/ + if [ "$rpc_workers" != "0" ]; then + enable_service neutron-rpc-server + fi + enable_service neutron-periodic-workers + _enable_ovn_maintenance + if [ "$rpc_workers" != "0" ]; then + run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $cfg_file_options" + fi + run_process neutron-periodic-workers "$NEUTRON_BIN_DIR/neutron-periodic-workers $cfg_file_options" + _run_ovn_maintenance if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then neutron_url=$neutron_url$NEUTRON_ENDPOINT_SERVICE_NAME fi @@ -723,14 +701,10 @@ function stop_other { [ ! -z "$pid" ] && sudo kill -9 $pid fi - if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then - stop_process neutron-rpc-server - stop_process neutron-periodic-workers - stop_process neutron-api - _stop_ovn_maintenance - else - stop_process q-svc - fi + stop_process neutron-rpc-server + stop_process neutron-periodic-workers + stop_process neutron-api + _stop_ovn_maintenance if is_service_enabled q-l3 neutron-l3; then sudo pkill -f "radvd -C $DATA_DIR/neutron/ra" @@ -841,14 +815,12 @@ function _configure_public_network_connectivity { # cleanup_neutron() - Remove residual data files, anything left over from previous # runs that a clean run would need to clean up function cleanup_neutron { - if [ "$NEUTRON_DEPLOY_MOD_WSGI" == "True" ]; then - stop_process neutron-api - stop_process neutron-rpc-server - stop_process neutron-periodic-workers - _stop_ovn_maintenance - remove_uwsgi_config "$NEUTRON_UWSGI_CONF" "neutron-api" - sudo rm -f $(apache_site_config_for neutron-api) - fi + stop_process neutron-api + stop_process neutron-rpc-server + stop_process neutron-periodic-workers + _stop_ovn_maintenance + remove_uwsgi_config "$NEUTRON_UWSGI_CONF" "neutron-api" + sudo rm -f $(apache_site_config_for neutron-api) if [[ -n "$OVS_PHYSICAL_BRIDGE" ]]; then _move_neutron_addresses_route "$OVS_PHYSICAL_BRIDGE" "$PUBLIC_INTERFACE" False True "inet" @@ -955,12 +927,6 @@ function _configure_neutron_common { # Format logging setup_logging $NEUTRON_CONF - if is_service_enabled tls-proxy && [ "$NEUTRON_DEPLOY_MOD_WSGI" == "False" ]; then - # Set the service port for a proxy to take the original - iniset $NEUTRON_CONF DEFAULT bind_port "$Q_PORT_INT" - iniset $NEUTRON_CONF oslo_middleware enable_proxy_headers_parsing True - fi - _neutron_setup_rootwrap } @@ -1026,25 +992,12 @@ function _configure_neutron_plugin_agent { neutron_plugin_configure_plugin_agent } -function _replace_api_paste_composite { - local sep - sep=$(echo -ne "\x01") - # Replace it - $sudo sed -i -e "s/\/\: neutronversions_composite/\/"${NEUTRON_ENDPOINT_SERVICE_NAME}"\/\: neutronversions_composite/" "$Q_API_PASTE_FILE" - $sudo sed -i -e "s/\/healthcheck\: healthcheck/\/"${NEUTRON_ENDPOINT_SERVICE_NAME}"\/healthcheck\: healthcheck/" "$Q_API_PASTE_FILE" - $sudo sed -i -e "s/\/v2.0\: neutronapi_v2_0/\/"${NEUTRON_ENDPOINT_SERVICE_NAME}"\/v2.0\: neutronapi_v2_0/" "$Q_API_PASTE_FILE" -} - # _configure_neutron_service() - Set config files for neutron service # It is called when q-svc is enabled. function _configure_neutron_service { Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE - if [[ "$NEUTRON_DEPLOY_MOD_WSGI" == "False" && -n "$NEUTRON_ENDPOINT_SERVICE_NAME" ]]; then - _replace_api_paste_composite - fi - # Update either configuration file with plugin iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS From 5cb2abf79ef103838ab0f922643f4a62ddf16cfb Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Tue, 25 Feb 2025 22:54:05 -0500 Subject: [PATCH 058/149] Switch ZSWAP_ZPOOL to zsmalloc The z3fold compressed pages allocator is on it's way out of the Linux kernel and running this on newer systems will give you an error: + lib/host:configure_zswap:45 : echo z3fold z3fold tee: /sys/module/zswap/parameters/zpool: No such file or directory So, get ahead of things and move to the much faster recommended by the kernel developers alternative. [1]: https://lore.kernel.org/all/20240904233343.933462-1-yosryahmed@google.com/T/#u Change-Id: I7c137114dd7585d3179a8d5dee818bb379bbcb1f --- lib/host | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/host b/lib/host index a812c39612..58062eff6b 100644 --- a/lib/host +++ b/lib/host @@ -35,7 +35,7 @@ ENABLE_ZSWAP=$(trueorfalse False ENABLE_ZSWAP) # lz4 is very fast although it does not have the best compression # zstd has much better compression but more latency ZSWAP_COMPRESSOR=${ZSWAP_COMPRESSOR:="lz4"} -ZSWAP_ZPOOL=${ZSWAP_ZPOOL:="z3fold"} +ZSWAP_ZPOOL=${ZSWAP_ZPOOL:="zsmalloc"} function configure_zswap { if [[ $ENABLE_ZSWAP == "True" ]] ; then # Centos 9 stream seems to only support enabling but not run time From cbae98949193085f0ef5cfc250d5e8cc7530de5f Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Mon, 12 May 2025 15:17:42 +0100 Subject: [PATCH 059/149] Remove libvirt apparmor workaround This is triggering bug #2065685 [1] on Ubuntu 24.04 (Noble) if podman is installed (since that brings in the broken paast and pasta packages). Given the workaround is nearly 10 years old [2], it should not be necessary anymore. [1] https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065685 [2] https://bugs.launchpad.net/networking-ovn/+bug/1466631 Change-Id: I525b1f30bca7093791f927ff647db7745d25df22 Signed-off-by: Stephen Finucane Related-bug: #2065685 Related-bug: #1466631 --- lib/neutron_plugins/ovn_agent | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index 71b5e3350d..e58cd4fb38 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -300,18 +300,6 @@ function create_public_bridge { _configure_public_network_connectivity } -function _disable_libvirt_apparmor { - if ! sudo aa-status --enabled ; then - return 0 - fi - # NOTE(arosen): This is used as a work around to allow newer versions - # of libvirt to work with ovs configured ports. See LP#1466631. - # requires the apparmor-utils - install_package apparmor-utils - # disables apparmor for libvirtd - sudo aa-complain /etc/apparmor.d/usr.sbin.libvirtd -} - # OVN compilation functions # ------------------------- @@ -614,7 +602,6 @@ function init_ovn { # in the ovn, ovn-nb, or ovs databases. We're going to trash them and # create new ones on each devstack run. - _disable_libvirt_apparmor local mkdir_cmd="mkdir -p ${OVN_DATADIR}" if [[ "$OVN_BUILD_FROM_SOURCE" == "False" ]]; then From f5b9596f24c03079c6ea2bcac29b1973bf5fe589 Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Fri, 2 May 2025 15:51:01 +0530 Subject: [PATCH 060/149] Temporary fixes rhel 9 distros With [1] py39 constraints drop can't run fips jobs on centos 9-stream or rocky9. As a workaround can run with PYTHON3_VERSION: 3.11 in affected jobs. Until centos 10-stream support is ready[1] we also need to install libvirt-python and uwsgi from source as uwsgi and libvirt rpms are bundled with python3. [1] https://review.opendev.org/c/openstack/requirements/+/948285 [2] https://review.opendev.org/c/openstack/devstack/+/937251 Depends-On: https://review.opendev.org/c/openstack/devstack/+/946763 Depends-On: https://review.opendev.org/c/openstack/devstack/+/948558 Depends-On: https://review.opendev.org/c/openstack/devstack/+/948786 Depends-On: https://review.opendev.org/c/openstack/devstack/+/948797 Related-Bug: #2109591 Change-Id: I80d4c65ba0728c3e4b18738c6b0d539409f19976 --- .zuul.yaml | 7 +++++++ lib/apache | 2 +- lib/nova_plugins/functions-libvirt | 8 +++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 48dd55e2d2..9552fa3b47 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -735,6 +735,10 @@ parent: tempest-full-py3 description: CentOS 9 Stream platform test nodeset: devstack-single-node-centos-9-stream + vars: + devstack_localrc: + # TODO(ykarel) Remove this when moving to 10-stream + PYTHON3_VERSION: 3.11 timeout: 9000 voting: false @@ -760,6 +764,9 @@ voting: false vars: configure_swap_size: 4096 + devstack_localrc: + # TODO(ykarel) Remove this when moving to rocky10 + PYTHON3_VERSION: 3.11 - job: name: devstack-platform-ubuntu-jammy diff --git a/lib/apache b/lib/apache index 744c0f10b6..b971ecf8cd 100644 --- a/lib/apache +++ b/lib/apache @@ -89,7 +89,7 @@ function install_apache_uwsgi { # didn't fix Python 3.10 compatibility before release. Should be # fixed in uwsgi 4.9.0; can remove this when packages available # or we drop this release - elif is_fedora && ! is_openeuler && ! [[ $DISTRO =~ f36 ]]; then + elif is_fedora && ! is_openeuler && ! [[ $DISTRO =~ f36|rhel9 ]]; then # Note httpd comes with mod_proxy_uwsgi and it is loaded by # default; the mod_proxy_uwsgi package actually conflicts now. # See: diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index ba2e98e304..35840539da 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -93,7 +93,13 @@ function install_libvirt { # as the base system version is too old. We should have # pre-installed these install_package $qemu_package - install_package libvirt libvirt-devel python3-libvirt + install_package libvirt libvirt-devel + + if [[ $DISTRO =~ rhel9 ]]; then + pip_install_gr libvirt-python + else + install_package python3-libvirt + fi if is_arch "aarch64"; then install_package edk2-aarch64 From 7fedf7f78764542a05429a22e980de4a1486faa1 Mon Sep 17 00:00:00 2001 From: Ivan Anfimov Date: Wed, 7 May 2025 18:17:40 +0000 Subject: [PATCH 061/149] Remove temporary fix for problems with CSS styles Fixed by Horizon side: https://review.opendev.org/c/openstack/horizon/+/949036 Change-Id: I8acb029b0562381cdbe28f0ee32f3aed07de5784 --- files/apache-horizon.template | 1 - 1 file changed, 1 deletion(-) diff --git a/files/apache-horizon.template b/files/apache-horizon.template index 98d02e168e..da7a7d26c3 100644 --- a/files/apache-horizon.template +++ b/files/apache-horizon.template @@ -10,7 +10,6 @@ DocumentRoot %HORIZON_DIR%/.blackhole/ Alias %WEBROOT%/media %HORIZON_DIR%/openstack_dashboard/static Alias %WEBROOT%/static %HORIZON_DIR%/static - Alias /static %HORIZON_DIR%/static RedirectMatch "^/$" "%WEBROOT%/" From 46e14fb1f70e25aada290f6f5648800ec7a147b3 Mon Sep 17 00:00:00 2001 From: Jay Faulkner Date: Sun, 18 May 2025 16:59:13 -0700 Subject: [PATCH 062/149] Bubble up image download failures Currently, we're still returning 0 out of the upload_image method despite the download failing. This changes behavior such that if the image download fails, it returns an exit code of 1 to the caller to be handled (or fail early) accordingly. Change-Id: I901dc065b51946f363145ae888cca602946ceeea --- functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/functions b/functions index 42d08d7c4a..829fc86c55 100644 --- a/functions +++ b/functions @@ -147,7 +147,8 @@ function upload_image { if [[ $rc -ne 0 ]]; then if [[ "$attempt" -eq "$max_attempts" ]]; then echo "Not found: $image_url" - return + # Signal failure to download to the caller, so they can fail early + return 1 fi echo "Download failed, retrying in $attempt second, attempt: $attempt" sleep $attempt From 5d41cb1f51cccdbecf375cf84f9893b29f8c3ffc Mon Sep 17 00:00:00 2001 From: Eric Harney Date: Tue, 20 May 2025 13:17:49 -0400 Subject: [PATCH 063/149] Silence SyntaxWarnings in outfilter.py Use raw strings for these regexes. Change-Id: If5d35fa527b464f34a0d2335e5c6b388be726a54 --- tools/outfilter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/outfilter.py b/tools/outfilter.py index 55f9ee1487..c9907b072a 100644 --- a/tools/outfilter.py +++ b/tools/outfilter.py @@ -26,8 +26,8 @@ import re import sys -IGNORE_LINES = re.compile('(set \+o|xtrace)') -HAS_DATE = re.compile('^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \|') +IGNORE_LINES = re.compile(r'(set \+o|xtrace)') +HAS_DATE = re.compile(r'^\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}.\d{3} \|') def get_options(): From 6ebe6f1b26b371b11ecd9cb6d0d154839ba6941e Mon Sep 17 00:00:00 2001 From: OpenStack Proposal Bot Date: Thu, 22 May 2025 02:13:55 +0000 Subject: [PATCH 064/149] Updated from generate-devstack-plugins-list Change-Id: I443a7715aa85e4ffe65994dc77f7091c7f441876 --- doc/source/plugin-registry.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index e84c946287..f3f11cfe16 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -44,6 +44,7 @@ openstack/freezer `https://opendev.org/openstack/freezer openstack/freezer-api `https://opendev.org/openstack/freezer-api `__ openstack/freezer-tempest-plugin `https://opendev.org/openstack/freezer-tempest-plugin `__ openstack/freezer-web-ui `https://opendev.org/openstack/freezer-web-ui `__ +openstack/grian-ui `https://opendev.org/openstack/grian-ui `__ openstack/heat `https://opendev.org/openstack/heat `__ openstack/heat-dashboard `https://opendev.org/openstack/heat-dashboard `__ openstack/ironic `https://opendev.org/openstack/ironic `__ From 0e8042deff33bffbab732f70a66ece162aa470f7 Mon Sep 17 00:00:00 2001 From: Balazs Gibizer Date: Tue, 29 Apr 2025 15:36:28 +0200 Subject: [PATCH 065/149] Add SYSTEMD_ENV_VARS dictionary This will allow to pass env variables from zuul job definitions to to systemd service files via the local conf. The first use case of this is to pass OS_NOVA_DISABLE_EVENTLET_PATCHING=true to nova services that already supports running in native threading mode instead of with Eventlet. During the Eventlet removal effort this will allow us to have separate jobs testing the same service in different concurrency mode. Change-Id: I675043e42006286bb7e1190ea9462fb8d8daa38c --- functions-common | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/functions-common b/functions-common index e265256ccf..db2367cef6 100644 --- a/functions-common +++ b/functions-common @@ -43,6 +43,9 @@ declare -A -g GITREPO declare -A -g GITBRANCH declare -A -g GITDIR +# Systemd service file environment variables per service +declare -A -g SYSTEMD_ENV_VARS + KILL_PATH="$(which kill)" # Save these variables to .stackenv @@ -1642,6 +1645,9 @@ function _run_under_systemd { user=$STACK_USER fi local env_vars="$5" + if [[ -v SYSTEMD_ENV_VARS[$service] ]]; then + env_vars="${SYSTEMD_ENV_VARS[$service]} $env_vars" + fi if [[ "$command" =~ "uwsgi" ]] ; then if [[ "$GLOBAL_VENV" == "True" ]] ; then cmd="$cmd --venv $DEVSTACK_VENV" From df3fa124689402831543a24fc036f55e9e0bab33 Mon Sep 17 00:00:00 2001 From: OpenStack Proposal Bot Date: Thu, 29 May 2025 02:49:43 +0000 Subject: [PATCH 066/149] Updated from generate-devstack-plugins-list Change-Id: Ibebfa75ae6b233d6a913ffb3f8dced4290a8ab1b --- doc/source/plugin-registry.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index f3f11cfe16..9185263443 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -114,7 +114,6 @@ starlingx/nfv `https://opendev.org/starlingx/nfv `__ vexxhost/openstack-operator `https://opendev.org/vexxhost/openstack-operator `__ x/almanach `https://opendev.org/x/almanach `__ -x/apmec `https://opendev.org/x/apmec `__ x/bilean `https://opendev.org/x/bilean `__ x/broadview-collector `https://opendev.org/x/broadview-collector `__ x/collectd-openstack-plugins `https://opendev.org/x/collectd-openstack-plugins `__ From d2e309f0481f2e8577737bc2e5d6761a70b93dca Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 17 Jun 2025 21:15:16 +0900 Subject: [PATCH 067/149] Bump etcd to 3.25.x The etcd project maintains release branches for the current version and pevious release[1]. Because 3.26.0 was already released, 3.24.x is no longer supported. Bump it to the latest bug fix release of 3.25.x . Also, the binary for s390x has been restored upstream so add it back. [1] https://etcd.io/docs/v3.6/op-guide/versioning/ Change-Id: I108466c65bd1ebd1e42c75dfbe9b2173d04ba122 --- stackrc | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/stackrc b/stackrc index 0319fc8a50..817b445c7f 100644 --- a/stackrc +++ b/stackrc @@ -705,12 +705,11 @@ fi EXTRA_CACHE_URLS="" # etcd3 defaults -ETCD_VERSION=${ETCD_VERSION:-v3.4.27} -ETCD_SHA256_AMD64=${ETCD_SHA256_AMD64:-"a32d21e006252dbc3405b0645ba8468021ed41376974b573285927bf39b39eb9"} -ETCD_SHA256_ARM64=${ETCD_SHA256_ARM64:-"ed7e257c225b9b9545fac22246b97f4074a4b5109676e92dbaebfb9315b69cc0"} -ETCD_SHA256_PPC64=${ETCD_SHA256_PPC64:-"eb8825e0bc2cbaf9e55947f5ee373ebc9ca43b6a2ea5ced3b992c81855fff37e"} -# etcd v3.2.x and later doesn't have anything for s390x -ETCD_SHA256_S390X=${ETCD_SHA256_S390X:-""} +ETCD_VERSION=${ETCD_VERSION:-v3.5.21} +ETCD_SHA256_AMD64=${ETCD_SHA256_AMD64:-"adddda4b06718e68671ffabff2f8cee48488ba61ad82900e639d108f2148501c"} +ETCD_SHA256_ARM64=${ETCD_SHA256_ARM64:-"95bf6918623a097c0385b96f139d90248614485e781ec9bee4768dbb6c79c53f"} +ETCD_SHA256_PPC64=${ETCD_SHA256_PPC64:-"6fb6ecb3d1b331eb177dc610a8efad3aceb1f836d6aeb439ba0bfac5d5c2a38c"} +ETCD_SHA256_S390X=${ETCD_SHA256_S390X:-"a211a83961ba8a7e94f7d6343ad769e699db21a715ba4f3b68cf31ea28f9c951"} # Make sure etcd3 downloads the correct architecture if is_arch "x86_64"; then ETCD_ARCH="amd64" @@ -722,15 +721,8 @@ elif is_arch "ppc64le"; then ETCD_ARCH="ppc64le" ETCD_SHA256=${ETCD_SHA256:-$ETCD_SHA256_PPC64} elif is_arch "s390x"; then - # An etcd3 binary for s390x is not available on github like it is - # for other arches. Only continue if a custom download URL was - # provided. - if [[ -n "${ETCD_DOWNLOAD_URL}" ]]; then - ETCD_ARCH="s390x" - ETCD_SHA256=${ETCD_SHA256:-$ETCD_SHA256_S390X} - else - exit_distro_not_supported "etcd3. No custom ETCD_DOWNLOAD_URL provided." - fi + ETCD_ARCH="s390x" + ETCD_SHA256=${ETCD_SHA256:-$ETCD_SHA256_S390X} else exit_distro_not_supported "invalid hardware type - $ETCD_ARCH" fi From 5822439d95b02a7033f6333cda1dfafdc342b852 Mon Sep 17 00:00:00 2001 From: Jay Faulkner Date: Wed, 18 Jun 2025 08:20:50 -0700 Subject: [PATCH 068/149] Update base OS recommendation to 24.04 This is what all of OpenStack tests on now, it's likely a better choice for a default. Worth noting 22.04 doesn't work for latest-ironic (at least). Change-Id: Ibe4c1d4416dded4ac3280cb6ef423b0792b584ab --- doc/source/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/index.rst b/doc/source/index.rst index 70871ef876..a07bb84922 100644 --- a/doc/source/index.rst +++ b/doc/source/index.rst @@ -40,7 +40,7 @@ Start with a clean and minimal install of a Linux system. DevStack attempts to support the two latest LTS releases of Ubuntu, Rocky Linux 9 and openEuler. -If you do not have a preference, Ubuntu 22.04 (Jammy) is the +If you do not have a preference, Ubuntu 24.04 (Noble) is the most tested, and will probably go the smoothest. Add Stack User (optional) From 37c755e70721fa49d9c344158592761a75b124d3 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 23 Jun 2025 22:32:56 +0900 Subject: [PATCH 069/149] Drop logic for Python < 3 Python 2 support was removed globally multiple cycles ago. Change-Id: I503ef9be68e59c8983d245f1fbb689651eb564ff --- tools/outfilter.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/tools/outfilter.py b/tools/outfilter.py index 55f9ee1487..df03a779b5 100644 --- a/tools/outfilter.py +++ b/tools/outfilter.py @@ -90,13 +90,10 @@ def main(): if outfile: # We've opened outfile as a binary file to get the - # non-buffered behaviour. on python3, sys.stdin was + # non-buffered behaviour. on python3, sys.stdin was # opened with the system encoding and made the line into # utf-8, so write the logfile out in utf-8 bytes. - if sys.version_info < (3,): - outfile.write(ts_line) - else: - outfile.write(ts_line.encode('utf-8')) + outfile.write(ts_line.encode('utf-8')) outfile.flush() From a8aecbad4f7f4cd4b6ddc57b78844cede5325d4d Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sat, 23 Nov 2024 21:50:13 +0900 Subject: [PATCH 070/149] Allow installing etcd3gw from source ... to enable forward testing in etcd3gw. Change-Id: I249243fc913a82c28d096ef48aacecd07f2c2694 --- lib/libraries | 9 +++++++-- stackrc | 4 ++++ tests/test_libs_from_pypi.sh | 2 +- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/lib/libraries b/lib/libraries index fa418785dd..c3248f11b2 100755 --- a/lib/libraries +++ b/lib/libraries @@ -27,6 +27,7 @@ GITDIR["castellan"]=$DEST/castellan GITDIR["cliff"]=$DEST/cliff GITDIR["cursive"]=$DEST/cursive GITDIR["debtcollector"]=$DEST/debtcollector +GITDIR["etcd3gw"]=$DEST/etcd3gw GITDIR["futurist"]=$DEST/futurist GITDIR["openstacksdk"]=$DEST/openstacksdk GITDIR["os-client-config"]=$DEST/os-client-config @@ -131,8 +132,12 @@ function install_libs { # python client libraries we might need from git can go here _install_lib_from_source "python-barbicanclient" - # etcd (because tooz does not have a hard dependency on these) - pip_install etcd3gw + if use_library_from_git etcd3gw ; then + _install_lib_from_source "etcd3gw" + else + # etcd (because tooz does not have a hard dependency on these) + pip_install etcd3gw + fi } # Restore xtrace diff --git a/stackrc b/stackrc index c05d4e2d98..ddd623fc06 100644 --- a/stackrc +++ b/stackrc @@ -395,6 +395,10 @@ GITBRANCH["futurist"]=${FUTURIST_BRANCH:-$TARGET_BRANCH} GITREPO["debtcollector"]=${DEBTCOLLECTOR_REPO:-${GIT_BASE}/openstack/debtcollector.git} GITBRANCH["debtcollector"]=${DEBTCOLLECTOR_BRANCH:-$TARGET_BRANCH} +# etcd3gw library +GITREPO["etcd3gw"]=${ETCD3GW_REPO:-${GIT_BASE}/openstack/etcd3gw.git} +GITBRANCH["etcd3gw"]=${ETCD3GW_BRANCH:-$BRANCHLESS_TARGET_BRANCH} + # helpful state machines GITREPO["automaton"]=${AUTOMATON_REPO:-${GIT_BASE}/openstack/automaton.git} GITBRANCH["automaton"]=${AUTOMATON_BRANCH:-$TARGET_BRANCH} diff --git a/tests/test_libs_from_pypi.sh b/tests/test_libs_from_pypi.sh index 839e3a1328..9552c93c4f 100755 --- a/tests/test_libs_from_pypi.sh +++ b/tests/test_libs_from_pypi.sh @@ -45,7 +45,7 @@ ALL_LIBS+=" oslo.cache oslo.reports osprofiler cursive" ALL_LIBS+=" keystoneauth ironic-lib neutron-lib oslo.privsep" ALL_LIBS+=" diskimage-builder os-vif python-brick-cinderclient-ext" ALL_LIBS+=" castellan python-barbicanclient ovsdbapp os-ken os-resource-classes" -ALL_LIBS+=" oslo.limit" +ALL_LIBS+=" oslo.limit etcd3gw" # Generate the above list with # echo ${!GITREPO[@]} From 06633c6c3033cc92329e1849266f4f2ed33d2124 Mon Sep 17 00:00:00 2001 From: Artem Goncharov Date: Fri, 27 Jun 2025 15:05:51 +0200 Subject: [PATCH 071/149] Restart slapd after cleanup A bug in openldap mdb (memory database) causes it to crash in an attempt to delete nonexisting tree, which is exactly what we do in the cleanup. After the coredump it does not start automatically (what maybe make sense to change). The fix is merged in https://bugs.openldap.org/show_bug.cgi?id=10336 but we do not have this fix in Noble. For now try simply to restart the process. Change-Id: Iae597aae345d12a2c82f66342ff40ac0a387eddf Signed-off-by: Artem Goncharov --- lib/ldap | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/ldap b/lib/ldap index b0195db258..66c2afc4d5 100644 --- a/lib/ldap +++ b/lib/ldap @@ -82,6 +82,14 @@ function init_ldap { # Remove data but not schemas clear_ldap_state + if is_ubuntu; then + # a bug in OpenLDAP 2.6.7+ + # (https://bugs.openldap.org/show_bug.cgi?id=10336) causes slapd crash + # after deleting nonexisting tree. It is fixed upstream, but Ubuntu is + # still not having a fix in Noble. Try temporarily simly restarting the + # process. + sudo service $LDAP_SERVICE_NAME restart + fi # Add our top level ldap nodes if ldapsearch -x -w $LDAP_PASSWORD -D "$LDAP_MANAGER_DN" -H $LDAP_URL -b "$LDAP_BASE_DN" | grep -q "Success"; then From 47aa8d1744dad23c4ace34a7edbff78360fb0079 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sat, 12 Jul 2025 00:25:42 +0900 Subject: [PATCH 072/149] Drop unused [service_user] auth_strategy The option does not actually exist. Change-Id: I659bba38ca038fa370a411ae43ca942b6390c779 Signed-off-by: Takashi Kajinami --- lib/cinder | 1 - lib/nova | 1 - 2 files changed, 2 deletions(-) diff --git a/lib/cinder b/lib/cinder index b557d4b10b..eb8a63dbfc 100644 --- a/lib/cinder +++ b/lib/cinder @@ -732,7 +732,6 @@ function configure_cinder_volume_upload { function init_cinder_service_user_conf { configure_keystone_authtoken_middleware $CINDER_CONF cinder service_user iniset $CINDER_CONF service_user send_service_user_token True - iniset $CINDER_CONF service_user auth_strategy keystone } # Restore xtrace diff --git a/lib/nova b/lib/nova index 810a3d9554..2357d87ee3 100644 --- a/lib/nova +++ b/lib/nova @@ -843,7 +843,6 @@ function init_nova_service_user_conf { iniset $NOVA_CONF service_user user_domain_name "$SERVICE_DOMAIN_NAME" iniset $NOVA_CONF service_user project_name "$SERVICE_PROJECT_NAME" iniset $NOVA_CONF service_user project_domain_name "$SERVICE_DOMAIN_NAME" - iniset $NOVA_CONF service_user auth_strategy keystone } function conductor_conf { From e221349e56414e1cb89c75311bf659bd869e16a7 Mon Sep 17 00:00:00 2001 From: Grzegorz Grasza Date: Mon, 14 Jul 2025 12:37:23 +0200 Subject: [PATCH 073/149] keystone: Set user_enabled_default for LDAP domain When using the LDAP identity backend, stack.sh fails during the create_keystone_accounts phase when trying to verify the newly created demo user. This is caused by a BadRequestException from the Keystone API with the error, 'enabled' is a required property. The error occurs because the default LDAP user object created by the DevStack scripts does not contain an attribute that Keystone can map to its mandatory enabled property. This change fixes the issue by adding user_enabled_emulation = True to the domain-specific LDAP configuration in the create_ldap_domain function. This tells Keystone to assume a user is enabled if the attribute is not explicitly defined in their LDAP entry, which resolves the schema incompatibility and allows the script to complete successfully. Signed-off-by: Grzegorz Grasza Change-Id: I15ddf0b88ee93615c318d4845a026ca1e25c3e69 --- lib/keystone | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/keystone b/lib/keystone index 8371045026..0311e24c67 100644 --- a/lib/keystone +++ b/lib/keystone @@ -608,6 +608,7 @@ function create_ldap_domain { iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_name_attribute "cn" iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_mail_attribute "mail" iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_id_attribute "uid" + iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user_enabled_emulation "True" iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap user "cn=Manager,dc=openstack,dc=org" iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap url "ldap://localhost" iniset $KEYSTONE_LDAP_DOMAIN_FILE ldap suffix $LDAP_BASE_DN From 9c180f2f060bfed65bc1b24c16010466b48dc0da Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Fri, 4 Jul 2025 11:40:38 -0700 Subject: [PATCH 074/149] Configure 'manager' role in tempest In this release, nova is implementing the manager role in policy[depends-on], and Tempest added (depends-on) a new config option to decide if new defaults are present in testing env. Setting the manager role availability in Tempest so that test can use manager role user to perform the required operation in nova. Depends-On: https://review.opendev.org/c/openstack/nova/+/953063 Depends-On: https://review.opendev.org/c/openstack/tempest/+/953265 Change-Id: I69e32c7de5a63df1c21979f748b77e512068eeec Signed-off-by: Ghanshyam Mann --- lib/tempest | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/tempest b/lib/tempest index c9486f6310..286cb56d41 100644 --- a/lib/tempest +++ b/lib/tempest @@ -524,6 +524,10 @@ function configure_tempest { iniset $TEMPEST_CONFIG compute-feature-enabled serial_console True fi + # NOTE(gmaan): Since 2025.2, 'manager' role is available in nova. + local nova_policy_roles="admin,manager,member,reader" + iniset $TEMPEST_CONFIG compute-feature-enabled nova_policy_roles $nova_policy_roles + # Network iniset $TEMPEST_CONFIG network project_networks_reachable false iniset $TEMPEST_CONFIG network public_network_id "$public_network_id" From 6180e73702cfef2011c32f315cde97128a4b7eec Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Thu, 26 Jun 2025 07:56:44 +0000 Subject: [PATCH 075/149] Replace the OVN Metadata agent with the OVN agent The OVN Metadata agent is replaced in any CI job with the OVN agent. This is an incremental step on the deprecation of the OVN Metadata agent. Related-Bug: #2112313 Signed-off-by: Rodolfo Alonso Hernandez Change-Id: I4e8d12762099c91d773c4f5e5699bc9fed43a9c9 --- .zuul.yaml | 4 ++-- lib/neutron_plugins/ovn_agent | 3 ++- stackrc | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 9552fa3b47..9f9c69c925 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -620,7 +620,7 @@ ovsdb-server: true # Neutron services q-svc: true - q-ovn-metadata-agent: true + q-ovn-agent: true # Swift services s-account: true s-container: true @@ -657,7 +657,7 @@ ovs-vswitchd: true ovsdb-server: true # Neutron services - q-ovn-metadata-agent: true + q-ovn-agent: true # Cinder services c-bak: true c-vol: true diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index e58cd4fb38..b128fde2b6 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -96,8 +96,9 @@ OVN_META_CONF=$NEUTRON_CONF_DIR/neutron_ovn_metadata_agent.ini OVN_META_DATA_HOST=${OVN_META_DATA_HOST:-$(ipv6_unquote $SERVICE_HOST)} # OVN agent configuration +# The OVN agent is configured, by default, with the "metadata" extension. OVN_AGENT_CONF=$NEUTRON_CONF_DIR/plugins/ml2/ovn_agent.ini -OVN_AGENT_EXTENSIONS=${OVN_AGENT_EXTENSIONS:-} +OVN_AGENT_EXTENSIONS=${OVN_AGENT_EXTENSIONS:-metadata} # If True (default) the node will be considered a gateway node. ENABLE_CHASSIS_AS_GW=$(trueorfalse True ENABLE_CHASSIS_AS_GW) diff --git a/stackrc b/stackrc index 0319fc8a50..325af580ad 100644 --- a/stackrc +++ b/stackrc @@ -75,7 +75,7 @@ if ! isset ENABLED_SERVICES ; then # OVN ENABLED_SERVICES+=,ovn-controller,ovn-northd,ovs-vswitchd,ovsdb-server # Neutron - ENABLED_SERVICES+=,q-svc,q-ovn-metadata-agent + ENABLED_SERVICES+=,q-svc,q-ovn-agent # Dashboard ENABLED_SERVICES+=,horizon # Additional services From a8f98073b97a2485a7505ebe36dba9cad1e0a7e1 Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Thu, 17 Jul 2025 10:20:27 +0000 Subject: [PATCH 076/149] Fix the nodeset "devstack-single-node-opensuse-15" The label "opensuse-15" is no longer available since [1]. Since there are pending references to this nodeset from older branches, use an empty node list for it to fix the zuul config until all references can be dropped. [1]https://review.opendev.org/c/openstack/project-config/+/955214 Signed-off-by: Rodolfo Alonso Hernandez Change-Id: I2f5105178482402aa108910d1bd1ec2f2c7c8933 --- .zuul.yaml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 9552fa3b47..693edffe6e 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -48,15 +48,10 @@ nodes: - controller +# TODO(frickler): drop this dummy nodeset once all references have been removed - nodeset: name: devstack-single-node-opensuse-15 - nodes: - - name: controller - label: opensuse-15 - groups: - - name: tempest - nodes: - - controller + nodes: [] - nodeset: name: devstack-single-node-debian-bookworm From bab34bbade0da8f6b7f3fd23628522ec24688807 Mon Sep 17 00:00:00 2001 From: Christian Schwede Date: Mon, 21 Jul 2025 14:47:30 +0200 Subject: [PATCH 077/149] Add Swift storage policy to extend testing Swift supports storage policies for a long time, making it possible to store specific objects on different devices[1]. This patch adds a second storage policy to support testing API features that rely on storage policies, eg. per-policy quotas[2]. There are no additional Swift devices created and the existing ones are re-used to keep the overhead to the minimum. [1] https://docs.openstack.org/swift/latest/overview_policies.html [2] https://github.com/openstack/swift/commit/cbba65ac Signed-off-by: Christian Schwede Change-Id: I6b1a35dbf1490b25e103f008eb058f406f0a24ea --- lib/swift | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/swift b/lib/swift index 862927437d..9532efb45c 100644 --- a/lib/swift +++ b/lib/swift @@ -477,6 +477,9 @@ function configure_swift { iniset ${SWIFT_CONF_DIR}/swift.conf swift-constraints max_header_size ${SWIFT_MAX_HEADER_SIZE} iniset ${SWIFT_CONF_DIR}/swift.conf swift-constraints max_file_size ${SWIFT_MAX_FILE_SIZE} + # Create an additional storage policy + iniset ${SWIFT_CONF_DIR}/swift.conf storage-policy:1 name silver + local node_number for node_number in ${SWIFT_REPLICAS_SEQ}; do local swift_node_config=${SWIFT_CONF_DIR}/object-server/${node_number}.conf @@ -713,6 +716,10 @@ function init_swift { $SWIFT_BIN_DIR/swift-ring-builder object.builder rebalance 42 $SWIFT_BIN_DIR/swift-ring-builder container.builder rebalance 42 $SWIFT_BIN_DIR/swift-ring-builder account.builder rebalance 42 + + # An additional storage policy requires an object ring as well. + # Re-using the previously created one to use the same devices. + cp object.ring.gz object-1.ring.gz } && popd >/dev/null } From bfa9e547a901df5dd74926385010421157b6fca7 Mon Sep 17 00:00:00 2001 From: Ghanshyam Maan Date: Sat, 26 Jul 2025 00:58:51 +0000 Subject: [PATCH 078/149] Avoid setting iso image in tempest config Tempest use image_ref and image_ref_alt as their base image to run test against and perform ssh etc. Most of the iso image require ssh to be enabled explicitly so avoid setting them as image_ref and image_ref_alt unless it is explicitly requested. One example that how setting iso image in tempest can fail tests- https://review.opendev.org/c/openstack/tempest/+/954404 Needed-By: https://review.opendev.org/c/openstack/whitebox-tempest-plugin/+/955950 Change-Id: Ic385a702758d9d38880ec92cfdce2528766fc95d Signed-off-by: Ghanshyam Maan --- lib/tempest | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/tempest b/lib/tempest index c9486f6310..cac2633324 100644 --- a/lib/tempest +++ b/lib/tempest @@ -105,6 +105,8 @@ TEMPEST_CONCURRENCY=${TEMPEST_CONCURRENCY:-$(nproc)} TEMPEST_FLAVOR_RAM=${TEMPEST_FLAVOR_RAM:-192} TEMPEST_FLAVOR_ALT_RAM=${TEMPEST_FLAVOR_ALT_RAM:-256} +TEMPEST_USE_ISO_IMAGE=$(trueorfalse False TEMPEST_USE_ISO_IMAGE) + # Functions # --------- @@ -161,12 +163,20 @@ function get_active_images { # start with a fresh array in case we are called multiple times img_array=() - while read -r IMAGE_NAME IMAGE_UUID; do + # NOTE(gmaan): Most of the iso image require ssh to be enabled explicitly + # and if we set those iso images in image_ref and image_ref_alt that can + # cause test to fail because many tests using image_ref and image_ref_alt + # to boot server also perform ssh. We skip to set iso image in tempest + # unless it is requested via TEMPEST_USE_ISO_IMAGE. + while read -r IMAGE_NAME IMAGE_UUID DISK_FORMAT; do + if [[ "$DISK_FORMAT" == "iso" ]] && [[ "$TEMPEST_USE_ISO_IMAGE" == False ]]; then + continue + fi if [ "$IMAGE_NAME" = "$DEFAULT_IMAGE_NAME" ]; then img_id="$IMAGE_UUID" fi img_array+=($IMAGE_UUID) - done < <(openstack --os-cloud devstack-admin image list --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2 }') + done < <(openstack --os-cloud devstack-admin image list --long --property status=active | awk -F'|' '!/^(+--)|ID|aki|ari/ { print $3,$2,$4 }') } function poll_glance_images { From 5c338f47d57fe849215d6b9f5c1f4eb53c193ab1 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 4 Aug 2025 23:31:17 +0900 Subject: [PATCH 079/149] Fix uninialized os_VENDOR ... to fix the wrong libvirt group name detected. Closes-Bug: #2119496 Change-Id: I2988fcb5010f333eab5a88b83ff14aab1cb15ebd Signed-off-by: Takashi Kajinami --- stackrc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/stackrc b/stackrc index 0319fc8a50..44bc6b321d 100644 --- a/stackrc +++ b/stackrc @@ -615,6 +615,11 @@ case "$VIRT_DRIVER" in LIBVIRT_TYPE=${LIBVIRT_TYPE:-kvm} LIBVIRT_CPU_MODE=${LIBVIRT_CPU_MODE:-custom} LIBVIRT_CPU_MODEL=${LIBVIRT_CPU_MODEL:-Nehalem} + + if [[ -z "$os_VENDOR" ]]; then + GetOSVersion + fi + if [[ "$os_VENDOR" =~ (Debian|Ubuntu) ]]; then # The groups change with newer libvirt. Older Ubuntu used # 'libvirtd', but now uses libvirt like Debian. Do a quick check From 90b0a6760ba95e8b2fa4a43dda1d0eeb56c00f2d Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 5 Aug 2025 12:55:21 +0900 Subject: [PATCH 080/149] Drop old libvirt group detection for Ubuntu/Debian The "libvirtd" group was used in quite old Ubuntu such as Xenial, and the "libvirt" group is used instead in recent versions. Change-Id: I2df747d54d3cb395c245ecc2aa24dcbf395e7a46 Signed-off-by: Takashi Kajinami --- stackrc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/stackrc b/stackrc index 44bc6b321d..811a285d19 100644 --- a/stackrc +++ b/stackrc @@ -621,11 +621,7 @@ case "$VIRT_DRIVER" in fi if [[ "$os_VENDOR" =~ (Debian|Ubuntu) ]]; then - # The groups change with newer libvirt. Older Ubuntu used - # 'libvirtd', but now uses libvirt like Debian. Do a quick check - # to see if libvirtd group already exists to handle grenade's case. - LIBVIRT_GROUP=$(cut -d ':' -f 1 /etc/group | grep 'libvirtd$' || true) - LIBVIRT_GROUP=${LIBVIRT_GROUP:-libvirt} + LIBVIRT_GROUP=libvirt else LIBVIRT_GROUP=libvirtd fi From ec96b1a067684bf729f4dbd84dce9db02171b234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Din=C3=A7er=20=C3=87elik?= Date: Wed, 6 Aug 2025 12:27:15 +0300 Subject: [PATCH 081/149] Fix default settings for Ubuntu aarch64 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes-Bug: #2080957 Change-Id: I441897937253f8d44144fa7f5f4622f42bf74a5f Signed-off-by: Dinçer Çelik --- lib/nova_plugins/functions-libvirt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index 35840539da..c0713f9953 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -71,7 +71,7 @@ function install_libvirt { if is_ubuntu; then install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt systemd-coredump if is_arch "aarch64"; then - install_package qemu-efi + install_package qemu-efi-aarch64 fi #pip_install_gr elif is_fedora; then From 4f065ca80e4589513ca639cb39d3899943698b41 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Tue, 13 May 2025 14:56:44 +0100 Subject: [PATCH 082/149] Replace use of fgrep It is deprecated. Change-Id: Iad071865361d51c148fc157d715bdf517ec5b94b Signed-off-by: Stephen Finucane --- stack.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack.sh b/stack.sh index 04b5f4ca6a..a06c7be9a7 100755 --- a/stack.sh +++ b/stack.sh @@ -356,7 +356,7 @@ async_init # Certain services such as rabbitmq require that the local hostname resolves # correctly. Make sure it exists in /etc/hosts so that is always true. LOCAL_HOSTNAME=`hostname -s` -if ! fgrep -qwe "$LOCAL_HOSTNAME" /etc/hosts; then +if ! grep -Fqwe "$LOCAL_HOSTNAME" /etc/hosts; then sudo sed -i "s/\(^127.0.0.1.*\)/\1 $LOCAL_HOSTNAME/" /etc/hosts fi From 67fa02fc5fd6a8786baff61695a578338462b3d3 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Wed, 6 Aug 2025 10:53:32 +0100 Subject: [PATCH 083/149] Remove requirement on system oslo.utils This was only working because the noVNC package on Ubuntu pulls in oslo.utils. Change-Id: I3733df3e2667f16082b3ff57d39cf086d81fbe02 Signed-off-by: Stephen Finucane --- tools/verify-ipv6-address.py | 41 +++++++++++++++++++++++++++ tools/verify-ipv6-only-deployments.sh | 24 ++++++---------- 2 files changed, 49 insertions(+), 16 deletions(-) create mode 100644 tools/verify-ipv6-address.py diff --git a/tools/verify-ipv6-address.py b/tools/verify-ipv6-address.py new file mode 100644 index 0000000000..dc18fa6d8a --- /dev/null +++ b/tools/verify-ipv6-address.py @@ -0,0 +1,41 @@ +#!/usr/bin/env python3 + +import argparse +import ipaddress +import sys + +def main(): + parser = argparse.ArgumentParser( + description="Check if a given string is a valid IPv6 address.", + formatter_class=argparse.RawTextHelpFormatter, + ) + parser.add_argument( + "address", + help=( + "The IPv6 address string to validate.\n" + "Examples:\n" + " 2001:0db8:85a3:0000:0000:8a2e:0370:7334\n" + " 2001:db8::1\n" + " ::1\n" + " fe80::1%eth0 (scope IDs are handled)" + ), + ) + args = parser.parse_args() + + try: + # try to create a IPv6Address: if we fail to parse or get an + # IPv4Address then die + ip_obj = ipaddress.ip_address(args.address.strip('[]')) + if isinstance(ip_obj, ipaddress.IPv6Address): + sys.exit(0) + else: + sys.exit(1) + except ValueError: + sys.exit(1) + except Exception as e: + print(f"An unexpected error occurred during validation: {e}", file=sys.stderr) + sys.exit(1) + + +if __name__ == "__main__": + main() diff --git a/tools/verify-ipv6-only-deployments.sh b/tools/verify-ipv6-only-deployments.sh index 0f0cba8afe..a1acecbb3f 100755 --- a/tools/verify-ipv6-only-deployments.sh +++ b/tools/verify-ipv6-only-deployments.sh @@ -33,28 +33,23 @@ function verify_devstack_ipv6_setting { echo $TUNNEL_IP_VERSION "TUNNEL_IP_VERSION is not set to 6 so TUNNEL_ENDPOINT_IP cannot be an IPv6 address." exit 1 fi - is_service_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_host'"))') - if [[ "$is_service_host_ipv6" != "True" ]]; then + if ! python3 ${TOP_DIR}/tools/verify-ipv6-address.py "$_service_host"; then echo $SERVICE_HOST "SERVICE_HOST is not IPv6 which means devstack cannot deploy services on IPv6 addresses." exit 1 fi - is_host_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_host_ipv6'"))') - if [[ "$is_host_ipv6" != "True" ]]; then + if ! python3 ${TOP_DIR}/tools/verify-ipv6-address.py "$_host_ipv6"; then echo $HOST_IPV6 "HOST_IPV6 is not IPv6 which means devstack cannot deploy services on IPv6 addresses." exit 1 fi - is_service_listen_address=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_listen_address'"))') - if [[ "$is_service_listen_address" != "True" ]]; then + if ! python3 ${TOP_DIR}/tools/verify-ipv6-address.py "$_service_listen_address"; then echo $SERVICE_LISTEN_ADDRESS "SERVICE_LISTEN_ADDRESS is not IPv6 which means devstack cannot deploy services on IPv6 addresses." exit 1 fi - is_service_local_host=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_service_local_host'"))') - if [[ "$is_service_local_host" != "True" ]]; then + if ! python3 ${TOP_DIR}/tools/verify-ipv6-address.py "$_service_local_host"; then echo $SERVICE_LOCAL_HOST "SERVICE_LOCAL_HOST is not IPv6 which means devstack cannot deploy services on IPv6 addresses." exit 1 fi - is_tunnel_endpoint_ip=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$_tunnel_endpoint_ip'"))') - if [[ "$is_tunnel_endpoint_ip" != "True" ]]; then + if ! python3 ${TOP_DIR}/tools/verify-ipv6-address.py "$_tunnel_endpoint_ip"; then echo $TUNNEL_ENDPOINT_IP "TUNNEL_ENDPOINT_IP is not IPv6 which means devstack will not deploy with an IPv6 endpoint address." exit 1 fi @@ -63,8 +58,7 @@ function verify_devstack_ipv6_setting { } function sanity_check_system_ipv6_enabled { - system_ipv6_enabled=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_ipv6_enabled())') - if [[ $system_ipv6_enabled != "True" ]]; then + if [ ! -f "/proc/sys/net/ipv6/conf/default/disable_ipv6" ] || [ "$(cat /proc/sys/net/ipv6/conf/default/disable_ipv6)" -ne "0" ]; then echo "IPv6 is disabled in system" exit 1 fi @@ -78,10 +72,8 @@ function verify_service_listen_address_is_ipv6 { for endpoint in ${endpoints}; do local endpoint_address='' endpoint_address=$(echo "$endpoint" | awk -F/ '{print $3}' | awk -F] '{print $1}') - endpoint_address=$(echo $endpoint_address | tr -d []) - local is_endpoint_ipv6='' - is_endpoint_ipv6=$(python3 -c 'import oslo_utils.netutils as nutils; print(nutils.is_valid_ipv6("'$endpoint_address'"))') - if [[ "$is_endpoint_ipv6" != "True" ]]; then + endpoint_address=$(echo $endpoint_address | tr -d '[]') + if ! python3 ${TOP_DIR}/tools/verify-ipv6-address.py "$endpoint_address"; then all_ipv6=False echo $endpoint ": This is not an IPv6 endpoint which means corresponding service is not listening on an IPv6 address." continue From b6bf0b126b46042341cc3d47a92ad9b0d9b9a523 Mon Sep 17 00:00:00 2001 From: Sean Mooney Date: Tue, 5 Aug 2025 16:44:26 +0000 Subject: [PATCH 084/149] Use novnc from source by default This change restores the default devstack behavior in the zuul jobs by removing the override of NOVNC_FROM_PACKAGE from devstack-base. When installed locally, devstack defaults to installing novnc from git. As reported in bug #2109592, Ubuntu and possibly other distros have a packaging bug where the python3-novnc package 1) exists and 2) depends on `oslo.config` and, as a result, `oslo.utils`. The reason python3-novnc existing is a bug is that novnc has not had any Python deliverable since the 0.6.0 release around 2016. So this package is no longer used and is effectively empty since novnc fully moved to using JavaScript. For unrelated reasons, devstack creates the global venv with --site-packages to install `libvirt-python`, which also means that any other Python dependencies installed at the system level also infect the devstack venv. In the past, this was not a problem, but as of epoxy, Nova requires a newer version of oslo than Ubuntu provides in the distro package. This is where the python3-novnc package and its incorrect dependency on oslo breaks CI. This is not seen locally, as devstack uses novnc from git. This change makes CI do that also. Closes-Bug: #2109592 Change-Id: I8f018e1e57e3f54997d2cf55b1b3aa728e82899b Signed-off-by: Sean Mooney --- .zuul.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index b42c800068..eee450a6ad 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -352,6 +352,12 @@ nodes (everything but the controller). required-projects: - opendev.org/openstack/devstack + # this is a workaround for a packaging bug in ubuntu + # remove when https://bugs.launchpad.net/nova/+bug/2109592 + # is resolved and oslo.config is not a dep of the novnc deb + # via the defunct python3-novnc package. + - novnc/novnc + roles: - zuul: opendev.org/openstack/openstack-zuul-jobs vars: @@ -369,7 +375,6 @@ LOG_COLOR: false VERBOSE: true VERBOSE_NO_TIMESTAMP: true - NOVNC_FROM_PACKAGE: true ERROR_ON_CLONE: true # Gate jobs can't deal with nested virt. Disable it by default. LIBVIRT_TYPE: '{{ devstack_libvirt_type | default("qemu") }}' @@ -442,7 +447,6 @@ LOG_COLOR: false VERBOSE: true VERBOSE_NO_TIMESTAMP: true - NOVNC_FROM_PACKAGE: true ERROR_ON_CLONE: true LIBVIRT_TYPE: qemu devstack_services: From 3b3aab52646e7a7ed737716efbfbe7fbef170911 Mon Sep 17 00:00:00 2001 From: Joel Capitao Date: Fri, 8 Nov 2024 16:11:06 +0000 Subject: [PATCH 085/149] Support CentOS Stream 10 This patch includes changes required to run devstack on CentOS Stream 10 which has been already published in official repos by CentOS team [1]: - Add RDO deps repository for CS10. - remove xinetd package from installation for swift. Note that rsync-daemon is installed which should work fine. - Use python3-distro to identify the distro - Add devstack-single-node-centos-10-stream nodeset - Add devstack-platform-centos-10-stream job to the check pipeline. Closes https://issues.redhat.com/browse/RDO-379 [1] https://mirror.stream.centos.org/10-stream/ Change-Id: I33a6c5530482c28a24f2043cd4195e7bcd46427d Signed-off-by: Cyril Roelandt Signed-off-by: Sean Mooney --- .zuul.yaml | 50 ++++++++++++++++++++++++++++++++++++++++++++ files/rpms/general | 8 ++++--- files/rpms/n-cpu | 2 +- files/rpms/nova | 2 +- files/rpms/swift | 2 +- functions-common | 11 +++++----- stack.sh | 14 +++++++++---- tools/install_pip.sh | 2 +- 8 files changed, 74 insertions(+), 17 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index eee450a6ad..3deab35e87 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -38,6 +38,16 @@ nodes: - controller +- nodeset: + name: devstack-single-node-centos-10-stream + nodes: + - name: controller + label: centos-10-stream-8GB + groups: + - name: tempest + nodes: + - controller + - nodeset: name: devstack-single-node-centos-9-stream nodes: @@ -86,6 +96,36 @@ nodes: - controller +- nodeset: + name: openstack-two-node-centos-10-stream + nodes: + - name: controller + label: centos-10-stream-8GB + - name: compute1 + label: centos-10-stream-8GB + groups: + # Node where tests are executed and test results collected + - name: tempest + nodes: + - controller + # Nodes running the compute service + - name: compute + nodes: + - controller + - compute1 + # Nodes that are not the controller + - name: subnode + nodes: + - compute1 + # Switch node for multinode networking setup + - name: switch + nodes: + - controller + # Peer nodes for multinode networking setup + - name: peers + nodes: + - compute1 + - nodeset: name: openstack-two-node-centos-9-stream nodes: @@ -729,6 +769,14 @@ # we often have to rush things through devstack to stabilise the gate, # and these platforms don't have the round-the-clock support to avoid # becoming blockers in that situation. +- job: + name: devstack-platform-centos-10-stream + parent: tempest-full-py3 + description: CentOS 10 Stream platform test + nodeset: devstack-single-node-centos-10-stream + timeout: 9000 + voting: false + - job: name: devstack-platform-centos-9-stream parent: tempest-full-py3 @@ -911,6 +959,7 @@ - devstack - devstack-ipv6 - devstack-enforce-scope + - devstack-platform-centos-10-stream - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm - devstack-platform-rocky-blue-onyx @@ -994,6 +1043,7 @@ - devstack-no-tls-proxy periodic-weekly: jobs: + - devstack-platform-centos-10-stream - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm - devstack-platform-rocky-blue-onyx diff --git a/files/rpms/general b/files/rpms/general index 8a5755cc37..6f4572c708 100644 --- a/files/rpms/general +++ b/files/rpms/general @@ -10,9 +10,10 @@ glibc-langpack-en # dist:rhel9 graphviz # needed only for docs httpd httpd-devel -iptables-nft # dist:rhel9 +iptables-nft # dist:rhel9,rhel10 iptables-services -java-1.8.0-openjdk-headless +java-1.8.0-openjdk-headless # not:rhel10 +java-21-openjdk-headless # dist:rhel10 libffi-devel libjpeg-turbo-devel # Pillow 3.0.0 libxml2-devel # lxml @@ -23,7 +24,8 @@ net-tools openssh-server openssl openssl-devel # to rebuild pyOpenSSL if needed -pcre-devel # for python-pcre +pcre2-devel # dist:rhel10 for python-pcre2 +pcre-devel # not:rhel10 for python-pcre pkgconfig postgresql-devel # psycopg2 psmisc diff --git a/files/rpms/n-cpu b/files/rpms/n-cpu index 7ce5a72d6b..5683862ee0 100644 --- a/files/rpms/n-cpu +++ b/files/rpms/n-cpu @@ -1,6 +1,6 @@ cryptsetup dosfstools -genisoimage # not:rhel9 +genisoimage # not:rhel9,rhel10 iscsi-initiator-utils libosinfo lvm2 diff --git a/files/rpms/nova b/files/rpms/nova index e0f13b854a..3ed2943c1d 100644 --- a/files/rpms/nova +++ b/files/rpms/nova @@ -1,7 +1,7 @@ conntrack-tools curl ebtables -genisoimage # not:rhel9 required for config_drive +genisoimage # not:rhel9,rhel10 required for config_drive iptables iputils kernel-modules # not:openEuler-22.03 diff --git a/files/rpms/swift b/files/rpms/swift index 49a1833dc4..cf614335c1 100644 --- a/files/rpms/swift +++ b/files/rpms/swift @@ -4,4 +4,4 @@ memcached rsync-daemon sqlite xfsprogs -xinetd # not:f36,rhel9 +xinetd # not:f36,rhel9,rhel10 diff --git a/functions-common b/functions-common index db2367cef6..85ee294afa 100644 --- a/functions-common +++ b/functions-common @@ -423,7 +423,7 @@ function _ensure_lsb_release { elif [[ -x $(command -v zypper 2>/dev/null) ]]; then sudo zypper -n install lsb-release elif [[ -x $(command -v dnf 2>/dev/null) ]]; then - sudo dnf install -y redhat-lsb-core || sudo dnf install -y openeuler-lsb + sudo dnf install -y python3-distro || sudo dnf install -y openeuler-lsb else die $LINENO "Unable to find or auto-install lsb_release" fi @@ -436,9 +436,9 @@ function _ensure_lsb_release { # - os_VENDOR # - os_PACKAGE function GetOSVersion { - # CentOS Stream 9 and RHEL 9 do not provide lsb_release + # CentOS Stream 9 or later and RHEL 9 or later do not provide lsb_release source /etc/os-release - if [[ "${ID}${VERSION}" == "centos9" ]] || [[ "${ID}${VERSION}" =~ "rhel9" ]]; then + if [[ "${ID}${VERSION}" =~ "centos" ]] || [[ "${ID}${VERSION}" =~ "rhel" ]]; then os_RELEASE=${VERSION_ID} os_CODENAME="n/a" os_VENDOR=$(echo $NAME | tr -d '[:space:]') @@ -485,9 +485,8 @@ function GetDistro { "$os_VENDOR" =~ (OracleServer) || \ "$os_VENDOR" =~ (Rocky) || \ "$os_VENDOR" =~ (Virtuozzo) ]]; then - # Drop the . release as we assume it's compatible - # XXX re-evaluate when we get RHEL10 - DISTRO="rhel${os_RELEASE::1}" + MAJOR_VERSION=$(echo $os_RELEASE | cut -d. -f1) + DISTRO="rhel${MAJOR_VERSION}" elif [[ "$os_VENDOR" =~ (openEuler) ]]; then DISTRO="openEuler-$os_RELEASE" else diff --git a/stack.sh b/stack.sh index 04b5f4ca6a..2e130aec58 100755 --- a/stack.sh +++ b/stack.sh @@ -230,7 +230,7 @@ write_devstack_version # Warn users who aren't on an explicitly supported distro, but allow them to # override check and attempt installation with ``FORCE=yes ./stack`` -SUPPORTED_DISTROS="bookworm|jammy|noble|rhel9" +SUPPORTED_DISTROS="bookworm|jammy|noble|rhel9|rhel10" if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then echo "WARNING: this script has not been tested on $DISTRO" @@ -302,16 +302,17 @@ function _install_epel { } function _install_rdo { - if [[ $DISTRO == "rhel9" ]]; then + if [[ $DISTRO =~ "rhel" ]]; then + VERSION=${DISTRO:4:2} rdo_release=${TARGET_BRANCH#*/} if [[ "$TARGET_BRANCH" == "master" ]]; then # adding delorean-deps repo to provide current master rpms - sudo wget https://trunk.rdoproject.org/centos9-master/delorean-deps.repo -O /etc/yum.repos.d/delorean-deps.repo + sudo wget https://trunk.rdoproject.org/centos${VERSION}-master/delorean-deps.repo -O /etc/yum.repos.d/delorean-deps.repo else if sudo dnf provides centos-release-openstack-${rdo_release} >/dev/null 2>&1; then sudo dnf -y install centos-release-openstack-${rdo_release} else - sudo wget https://trunk.rdoproject.org/centos9-${rdo_release}/delorean-deps.repo -O /etc/yum.repos.d/delorean-deps.repo + sudo wget https://trunk.rdoproject.org/centos${VERSION}-${rdo_release}/delorean-deps.repo -O /etc/yum.repos.d/delorean-deps.repo fi fi fi @@ -408,6 +409,11 @@ elif [[ $DISTRO == "rhel9" ]]; then if is_package_installed curl-minimal; then sudo dnf swap -y curl-minimal curl fi +elif [[ $DISTRO == "rhel10" ]]; then + # for CentOS Stream 10 repository + sudo dnf config-manager --set-enabled crb + # rabbitmq and other packages are provided by RDO repositories. + _install_rdo elif [[ $DISTRO == "openEuler-22.03" ]]; then # There are some problem in openEuler. We should fix it first. Some required # package/action runs before fixup script. So we can't fix there. diff --git a/tools/install_pip.sh b/tools/install_pip.sh index 91b180c06f..79f97c5f7a 100755 --- a/tools/install_pip.sh +++ b/tools/install_pip.sh @@ -127,7 +127,7 @@ if [[ -n $PYPI_ALTERNATIVE_URL ]]; then configure_pypi_alternative_url fi -if is_fedora && [[ ${DISTRO} == f* || ${DISTRO} == rhel9 ]]; then +if is_fedora && [[ ${DISTRO} == f* || ${DISTRO} == rhel* ]]; then # get-pip.py will not install over the python3-pip package in # Fedora 34 any more. # https://bugzilla.redhat.com/show_bug.cgi?id=1988935 From 9c295d0da30b8e4d0809623e886dc9aaf6f52c25 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Thu, 7 Aug 2025 10:53:59 +0100 Subject: [PATCH 086/149] Remove dead checks for Python 3.6 Change-Id: I9fab7209955ebdfda0f309aa0160749bd0f962e6 Signed-off-by: Stephen Finucane --- tools/install_pip.sh | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/tools/install_pip.sh b/tools/install_pip.sh index 79f97c5f7a..027693fc0a 100755 --- a/tools/install_pip.sh +++ b/tools/install_pip.sh @@ -38,7 +38,6 @@ FILES=$TOP_DIR/files # [1] https://opendev.org/openstack/project-config/src/branch/master/nodepool/elements/cache-devstack/source-repository-pip PIP_GET_PIP_URL=${PIP_GET_PIP_URL:-"https://bootstrap.pypa.io/get-pip.py"} -PIP_GET_PIP36_URL=${PIP_GET_PIP36_URL:-"https://bootstrap.pypa.io/pip/3.6/get-pip.py"} GetDistro echo "Distro: $DISTRO" @@ -57,14 +56,8 @@ function get_versions { function install_get_pip { - if [[ "$PYTHON3_VERSION" = "3.6" ]]; then - _pip_url=$PIP_GET_PIP36_URL - _local_pip="$FILES/$(basename $_pip_url)-py36" - else - _pip_url=$PIP_GET_PIP_URL - _local_pip="$FILES/$(basename $_pip_url)" - fi - + _pip_url=$PIP_GET_PIP_URL + _local_pip="$FILES/$(basename $_pip_url)" # If get-pip.py isn't python, delete it. This was probably an # outage on the server. From fdc41d76abf353b6a9b206bf92c6b9adb90b253a Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Thu, 7 Aug 2025 10:54:45 +0100 Subject: [PATCH 087/149] Remove dead checks for Fedora 36 It is EOL. Change-Id: I609cfce8a98f9933380ddbc719ed22e6fcda4785 Signed-off-by: Stephen Finucane --- files/rpms/swift | 1 - lib/apache | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/files/rpms/swift b/files/rpms/swift index cf614335c1..c3921a47d4 100644 --- a/files/rpms/swift +++ b/files/rpms/swift @@ -4,4 +4,3 @@ memcached rsync-daemon sqlite xfsprogs -xinetd # not:f36,rhel9,rhel10 diff --git a/lib/apache b/lib/apache index 449d2e70d4..c49da711e1 100644 --- a/lib/apache +++ b/lib/apache @@ -89,7 +89,7 @@ function install_apache_uwsgi { # didn't fix Python 3.10 compatibility before release. Should be # fixed in uwsgi 4.9.0; can remove this when packages available # or we drop this release - elif is_fedora && ! is_openeuler && ! [[ $DISTRO =~ f36|rhel9 ]]; then + elif is_fedora && ! is_openeuler && ! [[ $DISTRO =~ rhel9 ]]; then # Note httpd comes with mod_proxy_uwsgi and it is loaded by # default; the mod_proxy_uwsgi package actually conflicts now. # See: From 1a74605eb4c30e28a99edd2e824c2ce38d6315ad Mon Sep 17 00:00:00 2001 From: Douglas Mendizabal Date: Fri, 8 Aug 2025 10:44:41 -0400 Subject: [PATCH 088/149] Fix iniset to escape backslash characters MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch fixes an issue in iniset where backslash (\) characters are removed from the config value. This patch ensures that backslash characters (\) are escaped in addition to the ampersand (&) character that was already being escaped. Closes-Bug: #2120180 Signed-off-by: Douglas Mendizábal Change-Id: Ica53ed42269931d151daf815d2e2c10c1f9e29a8 --- inc/ini-config | 6 ++++-- tests/test_ini_config.sh | 15 ++++++++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/inc/ini-config b/inc/ini-config index f65e42d3a5..920d4775fa 100644 --- a/inc/ini-config +++ b/inc/ini-config @@ -189,8 +189,10 @@ function iniset { local option=$3 local value=$4 - # Escape the ampersand character (&) - value=$(echo $value | sed -e 's/&/\\&/g') + # Escape the ampersand (&) and backslash (\) characters for sed + # Order of substitution matters: we escape backslashes first before + # adding more backslashes to escape ampersands + value=$(echo $value | sed -e 's/\\/\\\\/g' -e 's/&/\\&/g') if [[ -z $section || -z $option ]]; then $xtrace diff --git a/tests/test_ini_config.sh b/tests/test_ini_config.sh index 6367cde441..fd3896d6ba 100755 --- a/tests/test_ini_config.sh +++ b/tests/test_ini_config.sh @@ -47,6 +47,9 @@ multi = foo2 [fff] ampersand = +[ggg] +backslash = + [key_with_spaces] rgw special key = something @@ -88,7 +91,7 @@ fi # test iniget_sections VAL=$(iniget_sections "${TEST_INI}") -assert_equal "$VAL" "default aaa bbb ccc ddd eee fff key_with_spaces \ +assert_equal "$VAL" "default aaa bbb ccc ddd eee fff ggg key_with_spaces \ del_separate_options del_same_option del_missing_option \ del_missing_option_multi del_no_options" @@ -134,6 +137,16 @@ done VAL=$(iniget ${TEST_INI} fff ampersand) assert_equal "$VAL" "&y" "iniset ampersands in option" +# Test with backslash in value +iniset ${TEST_INI} ggg backslash 'foo\bar' +VAL=$(iniget ${TEST_INI} ggg backslash) +assert_equal "$VAL" 'foo\bar' "iniset backslash in value" + +# Test with both ampersand and backslash +iniset ${TEST_INI} ggg backslash 'foo\bar&baz' +VAL=$(iniget ${TEST_INI} ggg backslash) +assert_equal "$VAL" 'foo\bar&baz' "iniset ampersand and backslash in value" + # test empty option if ini_has_option ${SUDO_ARG} ${TEST_INI} ddd empty; then passed "ini_has_option: ddd.empty present" From 34689f587966f9fd512a03c85762bd79dd4a4e9d Mon Sep 17 00:00:00 2001 From: Ghanshyam Maan Date: Wed, 27 Aug 2025 02:40:21 +0000 Subject: [PATCH 089/149] Configure nova 'service' role in tempest In this release, nova is implementing the service role in policy[depends-on], and Tempest being branchless needs to decide if service defaults are present in testing release/ env (Needed-By). Setting the service role availability in Tempest so that from this release onward, tests can use service role user to perform the required operation in nova. Depends-On: https://review.opendev.org/c/openstack/nova/+/957578 Needed-By: https://review.opendev.org/c/openstack/tempest/+/892639 Change-Id: I463cb85f3fcb9f2fdd7aa4a0a5f2ae49782e3fc1 Signed-off-by: Ghanshyam Maan --- lib/tempest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tempest b/lib/tempest index 53851209d2..1ebe9c5f1f 100644 --- a/lib/tempest +++ b/lib/tempest @@ -535,7 +535,7 @@ function configure_tempest { fi # NOTE(gmaan): Since 2025.2, 'manager' role is available in nova. - local nova_policy_roles="admin,manager,member,reader" + local nova_policy_roles="admin,manager,member,reader,service" iniset $TEMPEST_CONFIG compute-feature-enabled nova_policy_roles $nova_policy_roles # Network From 2aae15c93f4383c0a38dff276700c762e56a7134 Mon Sep 17 00:00:00 2001 From: Tobias Urdin Date: Tue, 6 May 2025 08:54:39 +0200 Subject: [PATCH 090/149] Use profile rbd for Ceph authx for cinder-backup Use the RBD profile instead of setting explicit permissions. Change-Id: Idc2258e3b69df3df57894c17018a2a35043c8fa9 Signed-off-by: Tobias Urdin --- lib/cinder_backups/ceph | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cinder_backups/ceph b/lib/cinder_backups/ceph index 4b180490d7..c46b90c5b9 100644 --- a/lib/cinder_backups/ceph +++ b/lib/cinder_backups/ceph @@ -32,7 +32,7 @@ function configure_cinder_backup_ceph { if [[ "$REMOTE_CEPH" = "False" && "$CEPH_REPLICAS" -ne 1 ]]; then sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID} fi - sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "allow r" osd "allow class-read object_prefix rbd_children, allow rwx pool=${CINDER_BAK_CEPH_POOL}, allow rwx pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring + sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "profile rbd" osd "profile rbd pool=${CINDER_BAK_CEPH_POOL}, profile rbd pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring fi From 2d7ff93390ca3c0f47a8b37c5f4912de69ab5b2f Mon Sep 17 00:00:00 2001 From: Jan Jasek Date: Mon, 1 Sep 2025 12:08:48 +0200 Subject: [PATCH 091/149] Remove debian-bullseye nodeset Horizon no longer use debian-bullseye nodeset Change-Id: I78094a9dd7e51641dfb9b1a851b46744184df702 Signed-off-by: Jan Jasek --- .zuul.yaml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 3deab35e87..7bfd3e33b6 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -73,19 +73,6 @@ nodes: - controller -# Note(sean-k-mooney): this is still used by horizon for -# horizon-integration-tests, horizon-integration-pytest and -# horizon-ui-pytest, remove when horizon is updated. -- nodeset: - name: devstack-single-node-debian-bullseye - nodes: - - name: controller - label: debian-bullseye - groups: - - name: tempest - nodes: - - controller - - nodeset: name: devstack-single-node-rockylinux-9 nodes: From f6d8dab0e885b8de8c0f44388d538da7d4f9b7ec Mon Sep 17 00:00:00 2001 From: Saikumar Pulluri Date: Thu, 4 Sep 2025 08:48:42 -0400 Subject: [PATCH 092/149] Add service type to keystone authtoken middleware Configuring devstack's configure_keystone_authtoken_middleware to set service_type as an additional option. Needed-By: https://review.opendev.org/c/openstack/barbican/+/958845 Needed-By: https://review.opendev.org/c/openstack/manila/+/955393 Change-Id: I140c8392465965d68f52489b5e5bf3e47ae979be Signed-off-by: Saikumar Pulluri --- lib/keystone | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/keystone b/lib/keystone index 0311e24c67..241909cb9d 100644 --- a/lib/keystone +++ b/lib/keystone @@ -432,6 +432,7 @@ function configure_keystone_authtoken_middleware { local conf_file=$1 local admin_user=$2 local section=${3:-keystone_authtoken} + local service_type=$4 iniset $conf_file $section auth_type password iniset $conf_file $section interface public @@ -444,6 +445,9 @@ function configure_keystone_authtoken_middleware { iniset $conf_file $section cafile $SSL_BUNDLE_FILE iniset $conf_file $section memcached_servers $MEMCACHE_SERVERS + if [[ -n "$service_type" ]]; then + iniset $conf_file $section service_type $service_type + fi } # configure_auth_token_middleware conf_file admin_user IGNORED [section] From 2145b0a0031977ef2809a3eaa9abe6937e4777e6 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Wed, 10 Sep 2025 10:24:17 +0200 Subject: [PATCH 093/149] Add Rocky Linux Red Quartz singlenode job (10) Change-Id: Iaad9eb034348d559809108d254601d51719ff3e0 Signed-off-by: Michal Nasiadka --- .zuul.yaml | 21 +++++++++++++++++++++ functions-common | 11 ++++------- 2 files changed, 25 insertions(+), 7 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 3deab35e87..0a81dd82c2 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -96,6 +96,16 @@ nodes: - controller +- nodeset: + name: devstack-single-node-rockylinux-10 + nodes: + - name: controller + label: rockylinux-10-8GB + groups: + - name: tempest + nodes: + - controller + - nodeset: name: openstack-two-node-centos-10-stream nodes: @@ -815,6 +825,16 @@ # TODO(ykarel) Remove this when moving to rocky10 PYTHON3_VERSION: 3.11 +- job: + name: devstack-platform-rocky-red-quartz + parent: tempest-full-py3 + description: Rocky Linux Red Quartz platform test + nodeset: devstack-single-node-rockylinux-10 + timeout: 9000 + voting: false + vars: + configure_swap_size: 4096 + - job: name: devstack-platform-ubuntu-jammy parent: tempest-full-py3 @@ -963,6 +983,7 @@ - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm - devstack-platform-rocky-blue-onyx + - devstack-platform-rocky-red-quartz - devstack-platform-ubuntu-noble-ovn-source - devstack-platform-ubuntu-noble-ovs - devstack-platform-ubuntu-jammy diff --git a/functions-common b/functions-common index 85ee294afa..37c1862c28 100644 --- a/functions-common +++ b/functions-common @@ -438,13 +438,10 @@ function _ensure_lsb_release { function GetOSVersion { # CentOS Stream 9 or later and RHEL 9 or later do not provide lsb_release source /etc/os-release - if [[ "${ID}${VERSION}" =~ "centos" ]] || [[ "${ID}${VERSION}" =~ "rhel" ]]; then + if [[ "${ID}" =~ (centos|rocky|rhel) ]]; then os_RELEASE=${VERSION_ID} - os_CODENAME="n/a" + os_CODENAME=$(echo $VERSION | grep -oP '(?<=[(])[^)]*') os_VENDOR=$(echo $NAME | tr -d '[:space:]') - elif [[ "${ID}${VERSION}" =~ "rocky9" ]]; then - os_VENDOR="Rocky" - os_RELEASE=${VERSION_ID} else _ensure_lsb_release @@ -483,7 +480,7 @@ function GetDistro { "$os_VENDOR" =~ (AlmaLinux) || \ "$os_VENDOR" =~ (Scientific) || \ "$os_VENDOR" =~ (OracleServer) || \ - "$os_VENDOR" =~ (Rocky) || \ + "$os_VENDOR" =~ (RockyLinux) || \ "$os_VENDOR" =~ (Virtuozzo) ]]; then MAJOR_VERSION=$(echo $os_RELEASE | cut -d. -f1) DISTRO="rhel${MAJOR_VERSION}" @@ -544,7 +541,7 @@ function is_fedora { [ "$os_VENDOR" = "RedHatEnterpriseServer" ] || \ [ "$os_VENDOR" = "RedHatEnterprise" ] || \ [ "$os_VENDOR" = "RedHatEnterpriseLinux" ] || \ - [ "$os_VENDOR" = "Rocky" ] || \ + [ "$os_VENDOR" = "RockyLinux" ] || \ [ "$os_VENDOR" = "CentOS" ] || [ "$os_VENDOR" = "CentOSStream" ] || \ [ "$os_VENDOR" = "AlmaLinux" ] || \ [ "$os_VENDOR" = "OracleServer" ] || [ "$os_VENDOR" = "Virtuozzo" ] From 1aa22aa6d4b8dac710b50b6aabd3ce9ce8280a98 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Tue, 6 May 2025 17:28:37 +0100 Subject: [PATCH 094/149] lib/glance: Remove support for deploying in standalone mode Change-Id: Ia70accd3e04bf9bea7fa50c18541fc71cff75f5f Signed-off-by: Stephen Finucane Depends-on: https://review.opendev.org/c/openstack/glance/+/933614 --- lib/glance | 52 ++++++++++++---------------------------------------- 1 file changed, 12 insertions(+), 40 deletions(-) diff --git a/lib/glance b/lib/glance index b596b53271..4dade5142d 100644 --- a/lib/glance +++ b/lib/glance @@ -83,13 +83,6 @@ GLANCE_DEFAULT_BACKEND=${GLANCE_DEFAULT_BACKEND:-fast} GLANCE_CACHE_DIR=${GLANCE_CACHE_DIR:=$DATA_DIR/glance/cache} GLANCE_CACHE_DRIVER=${GLANCE_CACHE_DRIVER:-centralized_db} -# Full Glance functionality requires running in standalone mode. If we are -# not in uwsgi mode, then we are standalone, otherwise allow separate control. -if [[ "$WSGI_MODE" != "uwsgi" ]]; then - GLANCE_STANDALONE=True -fi -GLANCE_STANDALONE=${GLANCE_STANDALONE:-False} - # File path for each store specified in GLANCE_MULTIPLE_FILE_STORES, the store # identifier will be appended to this path at runtime. If GLANCE_MULTIPLE_FILE_STORES # has fast,cheap specified then filepath will be generated like $DATA_DIR/glance/fast @@ -139,14 +132,7 @@ GLANCE_UWSGI_CONF=$GLANCE_CONF_DIR/glance-uwsgi.ini # Glance default limit for Devstack GLANCE_LIMIT_IMAGE_SIZE_TOTAL=${GLANCE_LIMIT_IMAGE_SIZE_TOTAL:-2000} -# If wsgi mode is uwsgi run glance under uwsgi, else default to eventlet -# TODO(mtreinish): Remove the eventlet path here and in all the similar -# conditionals below after the Pike release -if [[ "$WSGI_MODE" == "uwsgi" ]]; then - GLANCE_URL="$GLANCE_SERVICE_PROTOCOL://$GLANCE_SERVICE_HOST/image" -else - GLANCE_URL="$GLANCE_SERVICE_PROTOCOL://$GLANCE_HOSTPORT" -fi +GLANCE_URL="$GLANCE_SERVICE_PROTOCOL://$GLANCE_SERVICE_HOST/image" # Functions # --------- @@ -451,12 +437,11 @@ function configure_glance { iniset $GLANCE_CACHE_CONF glance_store filesystem_store_datadir $GLANCE_IMAGE_DIR/ # Set default configuration options for the glance-image-import - iniset $GLANCE_IMAGE_IMPORT_CONF image_import_opts image_import_plugins [] + iniset $GLANCE_IMAGE_IMPORT_CONF image_import_opts image_import_plugins "[]" iniset $GLANCE_IMAGE_IMPORT_CONF inject_metadata_properties ignore_user_roles admin iniset $GLANCE_IMAGE_IMPORT_CONF inject_metadata_properties inject cp -p $GLANCE_DIR/etc/schema-image.json $GLANCE_SCHEMA_JSON - cp -p $GLANCE_DIR/etc/metadefs/*.json $GLANCE_METADEF_DIR if is_service_enabled tls-proxy; then @@ -467,19 +452,15 @@ function configure_glance { iniset $GLANCE_CACHE_CONF DEFAULT cinder_endpoint_template "https://$CINDER_SERVICE_HOST:$CINDER_SERVICE_PORT/v3/%(project_id)s" fi - if [[ "$GLANCE_STANDALONE" == False ]]; then - write_local_uwsgi_http_config "$GLANCE_UWSGI_CONF" "$GLANCE_UWSGI" "/image" "glance-api" - # Grab our uwsgi listen address and use that to fill out our - # worker_self_reference_url config - iniset $GLANCE_API_CONF DEFAULT worker_self_reference_url \ - $(awk '-F= ' '/^http-socket/ { print "http://"$2}' $GLANCE_UWSGI_CONF) - else - write_local_proxy_http_config glance "http://$GLANCE_SERVICE_HOST:$GLANCE_SERVICE_PORT_INT" "/image" - iniset $GLANCE_API_CONF DEFAULT bind_host $GLANCE_SERVICE_LISTEN_ADDRESS - iniset $GLANCE_API_CONF DEFAULT bind_port $GLANCE_SERVICE_PORT_INT - iniset $GLANCE_API_CONF DEFAULT workers "$API_WORKERS" - iniset $GLANCE_API_CONF DEFAULT worker_self_reference_url $GLANCE_URL - fi + write_local_uwsgi_http_config "$GLANCE_UWSGI_CONF" "$GLANCE_UWSGI" "/image" "glance-api" + + # Grab our uwsgi listen address and use that to fill out our + # worker_self_reference_url config + iniset $GLANCE_API_CONF DEFAULT worker_self_reference_url $(awk '-F= ' '/^http-socket/ { print "http://"$2}' $GLANCE_UWSGI_CONF) + + # Configure the Python binary used for "import" plugins. If unset, these + # will attempt the uwsgi binary instead. + iniset $GLANCE_API_CONF wsgi python_interpreter $PYTHON if [[ "$GLANCE_ENFORCE_SCOPE" == True || "$ENFORCE_SCOPE" == True ]] ; then iniset $GLANCE_API_CONF oslo_policy enforce_scope true @@ -664,17 +645,8 @@ function start_glance_remote_clone { # start_glance() - Start running processes function start_glance { local service_protocol=$GLANCE_SERVICE_PROTOCOL - if is_service_enabled tls-proxy; then - if [[ "$WSGI_MODE" != "uwsgi" ]]; then - start_tls_proxy glance-service '*' $GLANCE_SERVICE_PORT $GLANCE_SERVICE_HOST $GLANCE_SERVICE_PORT_INT - fi - fi - if [[ "$GLANCE_STANDALONE" == False ]]; then - run_process g-api "$(which uwsgi) --procname-prefix glance-api --ini $GLANCE_UWSGI_CONF" - else - run_process g-api "$GLANCE_BIN_DIR/glance-api --config-dir=$GLANCE_CONF_DIR" - fi + run_process g-api "$(which uwsgi) --procname-prefix glance-api --ini $GLANCE_UWSGI_CONF" if is_service_enabled g-api-r; then echo "Starting the g-api-r clone service..." From 2df0d7ab8230a0cc7ca1c5a90c254717c9ff2dc6 Mon Sep 17 00:00:00 2001 From: Ghanshyam Maan Date: Thu, 28 Aug 2025 03:39:25 +0000 Subject: [PATCH 095/149] Configure glance user in cinder conf Cinder talk to glance for new image location APIs which are default to 'service' role[1]. That needs cinder to have the glance service user configured. We need to assign admin role also to service user so that it can access images from glance. Needed-By: https://review.opendev.org/c/openstack/glance/+/958715 [1] https://review.opendev.org/c/openstack/glance/+/958715 Change-Id: I52d118672c053b9d6890bc6289bf12dcf5d7dce3 Signed-off-by: Ghanshyam Maan --- lib/cinder | 3 +++ lib/glance | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/cinder b/lib/cinder index eb8a63dbfc..aef6854062 100644 --- a/lib/cinder +++ b/lib/cinder @@ -419,6 +419,9 @@ function configure_cinder { iniset $CINDER_CONF DEFAULT glance_ca_certificates_file $SSL_BUNDLE_FILE fi + # Set glance credentials (used for location APIs) + configure_keystone_authtoken_middleware $CINDER_CONF glance glance + # Set nova credentials (used for os-assisted-snapshots) configure_keystone_authtoken_middleware $CINDER_CONF nova nova iniset $CINDER_CONF nova region_name "$REGION_NAME" diff --git a/lib/glance b/lib/glance index b596b53271..31a9ae9745 100644 --- a/lib/glance +++ b/lib/glance @@ -503,7 +503,9 @@ function configure_glance { function create_glance_accounts { if is_service_enabled g-api; then - create_service_user "glance" + # When cinder talk to glance service APIs user needs service + # role for RBAC checks and admin role for cinder to access images. + create_service_user "glance" "admin" # required for swift access if is_service_enabled s-proxy; then From f09da620cb5973f9a77233a700b06612462678e5 Mon Sep 17 00:00:00 2001 From: Yatin Karel Date: Mon, 15 Sep 2025 17:16:50 +0530 Subject: [PATCH 096/149] Restore os_CODENAME for old rhel distros With [1] fips based jobs which runs on 9-stream started to fail as os_CODENAME not applicable on those. This patch adds fallback as before. Moving fips jobs to 10-stream/rocky requires some more work due to [2] [1] https://review.opendev.org/c/openstack/devstack/+/960342 [2] https://fedoraproject.org/wiki/Changes/RemoveFipsModeSetup Change-Id: I6d7ba4f5698e9b4837b29662b0b7f883b3c5de35 Signed-off-by: Yatin Karel --- functions-common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions-common b/functions-common index 37c1862c28..0ae51e3df1 100644 --- a/functions-common +++ b/functions-common @@ -440,7 +440,7 @@ function GetOSVersion { source /etc/os-release if [[ "${ID}" =~ (centos|rocky|rhel) ]]; then os_RELEASE=${VERSION_ID} - os_CODENAME=$(echo $VERSION | grep -oP '(?<=[(])[^)]*') + os_CODENAME=$(echo $VERSION | grep -oP '(?<=[(])[^)]*' || echo 'n/a') os_VENDOR=$(echo $NAME | tr -d '[:space:]') else _ensure_lsb_release From f72801c1081e9f63bb1a98a66950d65ee8cf6ecb Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Mon, 15 Sep 2025 12:54:09 +0100 Subject: [PATCH 097/149] lib/neutron: Prepare for move of api-paste, rootwrap conf Change-Id: I70ba357f9af668fb7a7cb737d13fe24e572eb0ff Signed-off-by: Stephen Finucane --- lib/neutron | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/neutron b/lib/neutron index ea2d8e728a..dec15fb782 100644 --- a/lib/neutron +++ b/lib/neutron @@ -996,7 +996,13 @@ function _configure_neutron_plugin_agent { # It is called when q-svc is enabled. function _configure_neutron_service { Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini - cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE + if test -r $NEUTRON_DIR/etc/neutron/api-paste.ini; then + cp $NEUTRON_DIR/etc/neutron/api-paste.ini $Q_API_PASTE_FILE + else + # TODO(stephenfin): Remove this branch once [1] merges + # [1] https://review.opendev.org/c/openstack/neutron/+/961130 + cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE + fi # Update either configuration file with plugin iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS @@ -1076,6 +1082,8 @@ function _neutron_setup_rootwrap { if test -r $NEUTRON_DIR/etc/neutron/rootwrap.conf; then sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/neutron/rootwrap.conf $Q_RR_CONF_FILE else + # TODO(stephenfin): Remove this branch once [1] merges + # [1] https://review.opendev.org/c/openstack/neutron/+/961130 sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE fi sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE From e4cb49c690677b437d817ad8c736edcb96b674e3 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 21 Sep 2025 03:12:55 +0900 Subject: [PATCH 098/149] Remove option for apache < 2.4 apache 2.4 was released long time ago and is now available in recent operating systems. Change-Id: If367869e8490159f31c7d6c0207e182dd7ecb164 Signed-off-by: Takashi Kajinami --- files/apache-cinder-api.template | 12 ++---------- files/apache-horizon.template | 14 ++------------ files/apache-nova-api.template | 4 +--- files/apache-nova-metadata.template | 4 +--- 4 files changed, 6 insertions(+), 28 deletions(-) diff --git a/files/apache-cinder-api.template b/files/apache-cinder-api.template index e1246f11b6..e401803abc 100644 --- a/files/apache-cinder-api.template +++ b/files/apache-cinder-api.template @@ -6,21 +6,13 @@ Listen %PUBLICPORT% WSGIScriptAlias / %CINDER_BIN_DIR%/cinder-wsgi WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%{cu}t %M" - + ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/%APACHE_NAME%/c-api.log %SSLENGINE% %SSLCERTFILE% %SSLKEYFILE% - = 2.4> - Require all granted - - - Order allow,deny - Allow from all - + Require all granted diff --git a/files/apache-horizon.template b/files/apache-horizon.template index da7a7d26c3..c6c55ecf27 100644 --- a/files/apache-horizon.template +++ b/files/apache-horizon.template @@ -21,19 +21,9 @@ Options Indexes FollowSymLinks MultiViews AllowOverride None - # Apache 2.4 uses mod_authz_host for access control now (instead of - # "Allow") - - Order allow,deny - Allow from all - - = 2.4> - Require all granted - + Require all granted - = 2.4> - ErrorLogFormat "%{cu}t %M" - + ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/%APACHE_NAME%/horizon_error.log LogLevel warn CustomLog /var/log/%APACHE_NAME%/horizon_access.log combined diff --git a/files/apache-nova-api.template b/files/apache-nova-api.template index bcf406edf3..66fcf73cf2 100644 --- a/files/apache-nova-api.template +++ b/files/apache-nova-api.template @@ -6,9 +6,7 @@ Listen %PUBLICPORT% WSGIScriptAlias / %PUBLICWSGI% WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%M" - + ErrorLogFormat "%M" ErrorLog /var/log/%APACHE_NAME%/nova-api.log %SSLENGINE% %SSLCERTFILE% diff --git a/files/apache-nova-metadata.template b/files/apache-nova-metadata.template index 6231c1ced8..64be03166e 100644 --- a/files/apache-nova-metadata.template +++ b/files/apache-nova-metadata.template @@ -6,9 +6,7 @@ Listen %PUBLICPORT% WSGIScriptAlias / %PUBLICWSGI% WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On - = 2.4> - ErrorLogFormat "%M" - + ErrorLogFormat "%M" ErrorLog /var/log/%APACHE_NAME%/nova-metadata.log %SSLENGINE% %SSLCERTFILE% From a3e37c86cab4ec43a4a6d1c1386abf12bc034db7 Mon Sep 17 00:00:00 2001 From: Ghanshyam Maan Date: Mon, 22 Sep 2025 06:04:42 +0000 Subject: [PATCH 099/149] Update DEVSTACK_SERIES to 2026.1 stable/2025.2 branch has been created now and current master is for 2026.1 Change-Id: Ibec78664417207ca7784c548ab15c1c6ef0e0663 Signed-off-by: Ghanshyam Maan --- stackrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackrc b/stackrc index 1e306cc685..93f8b1cd6d 100644 --- a/stackrc +++ b/stackrc @@ -252,7 +252,7 @@ REQUIREMENTS_DIR=${REQUIREMENTS_DIR:-$DEST/requirements} # Setting the variable to 'ALL' will activate the download for all # libraries. -DEVSTACK_SERIES="2025.2" +DEVSTACK_SERIES="2026.1" ############## # From 093bc57518a72b63a59389df63491d476069fc5c Mon Sep 17 00:00:00 2001 From: Ghanshyam Maan Date: Mon, 22 Sep 2025 06:56:25 +0000 Subject: [PATCH 100/149] Cap stable/2025.2 network, swift, volume api_extensions for tempest This commit cap the network, volume and swift extensions on Tempest's config option api_extensions. In 2025.2, no new extension in neutron. and no new extensions in swift and cinder. Change-Id: I1f9a2f53fa1e513f58d7dd8706d57f2481ab3d47 Signed-off-by: Ghanshyam Maan --- lib/tempest | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 58 insertions(+), 3 deletions(-) diff --git a/lib/tempest b/lib/tempest index 1ebe9c5f1f..892e7fd72a 100644 --- a/lib/tempest +++ b/lib/tempest @@ -805,7 +805,48 @@ function configure_tempest { DISABLE_NETWORK_API_EXTENSIONS+=", l3_agent_scheduler" fi - local network_api_extensions=${NETWORK_API_EXTENSIONS:-"all"} + DEFAULT_NET_EXT="address-scope,agent,allowed-address-pairs,auto-allocated-topology" + DEFAULT_NET_EXT+=",availability_zone,binding,default-subnetpools,dhcp_agent_scheduler" + DEFAULT_NET_EXT+=",dvr,ext-gw-mode,external-net,extra_dhcp_opt,extraroute,flavors" + DEFAULT_NET_EXT+=",l3-flavors,l3-ha,l3_agent_scheduler,multi-provider,net-mtu" + DEFAULT_NET_EXT+=",network-ip-availability,network_availability_zone,pagination" + DEFAULT_NET_EXT+=",port-security,project-id,provider,quotas,quota_details,rbac-policies" + DEFAULT_NET_EXT+=",revision-if-match,router,router_availability_zone,security-group,service-type,sorting" + DEFAULT_NET_EXT+=",standard-attr-description,standard-attr-revisions,standard-attr-tag,standard-attr-timestamp" + DEFAULT_NET_EXT+=",subnet-service-types,subnet_allocation,net-mtu-writable,ip-substring-filtering" + DEFAULT_NET_EXT+=",availability_zone_filter,filter-validation,empty-string-filtering,port-mac-address-regenerate" + DEFAULT_NET_EXT+=",port-security-groups-filtering,fip-port-details,binding-extended" + DEFAULT_NET_EXT+=",subnet_onboard,l3-port-ip-change-not-allowed,agent-resources-synced" + DEFAULT_NET_EXT+=",floatingip-pools,rbac-security-groups,subnetpool-prefix-ops,router-admin-state-down-before-update" + DEFAULT_NET_EXT+=",rbac-subnetpool,tag-ports-during-bulk-creation,stateful-security-group,address-group,extraroute-atomic" + DEFAULT_NET_EXT+=",port-numa-affinity-policy,rbac-address-scope,security-groups-remote-address-group,trunk,trunk-details" + DEFAULT_NET_EXT+=",rbac-address-group,port-device-profile" + DEFAULT_NET_EXT+=",multiple-external-gateways,qos-pps-minimum,l3-ext-ndp-proxy,rbac-bgpvpn" + DEFAULT_NET_EXT+=",qos-pps,ecmp_routes,bgp,floating-ip-port-forwarding-port-ranges" + # New in Yoga + DEFAULT_NET_EXT+=",security-groups-shared-filtering,security-groups-normalized-cidr,quota-check-limit" + DEFAULT_NET_EXT+=",port-resource-request-groups" + # New in Zed + DEFAULT_NET_EXT+=",port-mac-override,floating-ip-port-forwarding-detail,network-cascade-delete" + # New in 2023.1 + DEFAULT_NET_EXT+=",port-hints,floating-ip-distributed" + # New in 2023.2 + DEFAULT_NET_EXT+=",port-hint-ovs-tx-steering,enable-default-route-bfd" + DEFAULT_NET_EXT+=",enable-default-route-ecmp,standard-attr-fwaas-v2" + DEFAULT_NET_EXT+=",allowed-address-pairs-atomic,network_ha" + DEFAULT_NET_EXT+=",security-groups-rules-belongs-to-default-sg" + DEFAULT_NET_EXT+=",port-hardware-offload-type" + # New in 2024.1 + DEFAULT_NET_EXT+=",vpn-aes-ccm-gcm,tap-mirror,subnet-external-network" + DEFAULT_NET_EXT+=",port-numa-affinity-policy-socket" + # New in 2024.2 + DEFAULT_NET_EXT+=",tag-creation,quota-check-limit-default,port-trusted-vif" + DEFAULT_NET_EXT+=",uplink-status-propagation-updatable" + # New in 2025.1 + DEFAULT_NET_EXT+=",qing,vpn-aes-ctr" + # New in 2025.2: None + local network_api_extensions=${NETWORK_API_EXTENSIONS:-$DEFAULT_NET_EXT} + if [[ ! -z "$DISABLE_NETWORK_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint network_api_extensions=${NETWORK_API_EXTENSIONS:-$(iniget $tmp_cfg_file network-feature-enabled api_extensions | tr -d " ")} @@ -817,7 +858,10 @@ function configure_tempest { fi iniset $TEMPEST_CONFIG network-feature-enabled api_extensions $network_api_extensions # Swift API Extensions - local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-"all"} + DEFAULT_SWIFT_OPT="account_quotas,bulk_delete,bulk_upload,container_quotas" + DEFAULT_SWIFT_OPT+=",container_sync,crossdomain,formpost,ratelimit,slo" + DEFAULT_SWIFT_OPT+=",staticweb,tempauth,tempurl,versioned_writes" + local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$DEFAULT_SWIFT_OPT} if [[ ! -z "$DISABLE_OBJECT_STORAGE_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$(iniget $tmp_cfg_file object-storage-feature-enabled discoverable_apis | tr -d " ")} @@ -826,7 +870,18 @@ function configure_tempest { fi iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis $object_storage_api_extensions # Cinder API Extensions - local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"} + DEFAULT_VOL_EXT="OS-SCH-HNT,backups,capabilities,cgsnapshots,consistencygroups" + DEFAULT_VOL_EXT+=",encryption,os-admin-actions,os-availability-zone" + DEFAULT_VOL_EXT+=",os-extended-services,os-extended-snapshot-attributes" + DEFAULT_VOL_EXT+=",os-hosts,os-quota-class-sets,os-quota-sets" + DEFAULT_VOL_EXT+=",os-services,os-snapshot-actions,os-snapshot-manage" + DEFAULT_VOL_EXT+=",os-snapshot-unmanage,os-types-extra-specs,os-types-manage" + DEFAULT_VOL_EXT+=",os-used-limits,os-vol-host-attr,os-vol-image-meta" + DEFAULT_VOL_EXT+=",os-vol-mig-status-attr,os-vol-tenant-attr,os-volume-actions" + DEFAULT_VOL_EXT+=",os-volume-encryption-metadata,os-volume-manage" + DEFAULT_VOL_EXT+=",os-volume-transfer,os-volume-type-access" + DEFAULT_VOL_EXT+=",os-volume-unmanage,qos-specs,scheduler-stats" + local volume_api_extensions=${VOLUME_API_EXTENSIONS:-$DEFAULT_VOL_EXT} if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint volume_api_extensions=${VOLUME_API_EXTENSIONS:-$(iniget $tmp_cfg_file volume-feature-enabled api_extensions | tr -d " ")} From a8fc640b674a744e887e641ca9addc85ac46e480 Mon Sep 17 00:00:00 2001 From: Fernando Ferraz Date: Fri, 19 Sep 2025 12:10:50 -0300 Subject: [PATCH 101/149] Avoid timeout in capture-system-logs due to df command The `df` command can stall indefinitely on stale NFS mounts, causing the playbook to time out. This leads to the entire job failing with POST_FAILURE status, discarding controller logs and impacting troubleshooting. This patch changes `capture-system-logs` to run `df` with a 60s timeout to prevent hangs from stale NFS mounts. If 'df' times out, the mount output may help debug which NFS share is unresponsive. Change-Id: Ife3945802c93bd77d60b60e433ea09aade38a522 Signed-off-by: Fernando Ferraz --- .zuul.yaml | 1 + roles/capture-system-logs/tasks/main.yaml | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.zuul.yaml b/.zuul.yaml index 3b0e5dbde0..d81da3d8f5 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -446,6 +446,7 @@ /etc/sudoers.d: logs '{{ stage_dir }}/iptables.txt': logs '{{ stage_dir }}/df.txt': logs + '{{ stage_dir }}/mount.txt': logs '{{ stage_dir }}/pip2-freeze.txt': logs '{{ stage_dir }}/pip3-freeze.txt': logs '{{ stage_dir }}/dpkg-l.txt': logs diff --git a/roles/capture-system-logs/tasks/main.yaml b/roles/capture-system-logs/tasks/main.yaml index 77b5ec5098..4b5ec4836b 100644 --- a/roles/capture-system-logs/tasks/main.yaml +++ b/roles/capture-system-logs/tasks/main.yaml @@ -4,7 +4,13 @@ executable: /bin/bash cmd: | sudo iptables-save > {{ stage_dir }}/iptables.txt - df -h > {{ stage_dir }}/df.txt + + # NOTE(sfernand): Run 'df' with a 60s timeout to prevent hangs from + # stale NFS mounts. + timeout -s 9 60s df -h > {{ stage_dir }}/df.txt || true + # If 'df' times out, the mount output helps debug which NFS share + # is unresponsive. + mount > {{ stage_dir }}/mount.txt for py_ver in 2 3; do if [[ `which python${py_ver}` ]]; then From f8b3c902bef911938e03d4fc4f13fc9851a843f5 Mon Sep 17 00:00:00 2001 From: Balazs Gibizer Date: Thu, 25 Sep 2025 19:39:26 +0200 Subject: [PATCH 102/149] [nova-fake-virt]Restore compute restartability Since the stable-compute-uuid nova feature the compute nodes created via VIRT_DRIVER=fake cannot be restarted as these computes are not writing the compute_id file to disk at first startup. Therefore any subsequent restart will fail as nova-compute will refuse to start due to the missing compute_id file but having a service already in the DB. After this patch fake-virt uses a variant of the fake virt driver that actually writes compute_id file to disk. To allow multiple fake computes running on the same machine each compute now has a separate state_path created so each can store a separate compute_id file. Signed-off-by: Balazs Gibizer Change-Id: I813cab3c89554d1e319b2b3e5c3affd8ec5d887e --- lib/nova | 9 +++++++++ lib/nova_plugins/hypervisor-fake | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/nova b/lib/nova index 2357d87ee3..b289ec6d6d 100644 --- a/lib/nova +++ b/lib/nova @@ -1085,6 +1085,15 @@ function start_nova_compute { # gets its own configuration and own log file. local fake_conf="${NOVA_FAKE_CONF}-${i}" iniset $fake_conf DEFAULT host "${HOSTNAME}${i}" + # Ensure that each fake compute has its own state path so that it + # can have its own compute_id file + local state_path + state_path="$NOVA_STATE_PATH/${HOSTNAME}${i}" + COMPUTE_ID=$(uuidgen) + sudo mkdir -p "$state_path" + iniset $fake_conf DEFAULT state_path "$state_path" + # use the generated UUID as the stable compute node UUID + echo "$COMPUTE_ID" | sudo tee "$state_path/compute_id" run_process "n-cpu-${i}" "$NOVA_BIN_DIR/nova-compute --config-file $NOVA_CPU_CONF --config-file $fake_conf" done else diff --git a/lib/nova_plugins/hypervisor-fake b/lib/nova_plugins/hypervisor-fake index 87ee49fa4b..39cb45ca67 100644 --- a/lib/nova_plugins/hypervisor-fake +++ b/lib/nova_plugins/hypervisor-fake @@ -36,7 +36,7 @@ function cleanup_nova_hypervisor { # configure_nova_hypervisor - Set config files, create data dirs, etc function configure_nova_hypervisor { - iniset $NOVA_CONF DEFAULT compute_driver "fake.FakeDriver" + iniset $NOVA_CONF DEFAULT compute_driver "fake.FakeDriverWithoutFakeNodes" # Disable arbitrary limits iniset $NOVA_CONF quota driver nova.quota.NoopQuotaDriver } From 581d0a1d607538ffea0f41548fae25b4c6529cff Mon Sep 17 00:00:00 2001 From: Yatin Karel Date: Mon, 29 Sep 2025 17:03:48 +0530 Subject: [PATCH 103/149] [subnode setup] Fail the playbook when any node setup fails Currently on the multinode jobs, job continue to run even if devstack setup fails on any of the subnode and then fails later when required conditions are not met. This patch changes it to fail if any of the node setup fails using any_errors_fatal: true. Change-Id: I2acd8a1fe0802ee1880df2ef794f8e7d7478b67b Signed-off-by: Yatin Karel --- roles/orchestrate-devstack/tasks/main.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/orchestrate-devstack/tasks/main.yaml b/roles/orchestrate-devstack/tasks/main.yaml index 2b8ae01a62..b8ee7e35a7 100644 --- a/roles/orchestrate-devstack/tasks/main.yaml +++ b/roles/orchestrate-devstack/tasks/main.yaml @@ -4,6 +4,7 @@ when: inventory_hostname == 'controller' - name: Setup devstack on sub-nodes + any_errors_fatal: true block: - name: Distribute the build sshkey for the user "stack" From b20eaa6e142f2716eb1b85ed8eabd5bd71515a02 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Fri, 3 Oct 2025 09:40:46 +0200 Subject: [PATCH 104/149] Add AlmaLinux 10 platform job AlmaLinux 10 has been introduced in OpenDev to increase hardware coverage - it supports x86-64-v2 (compared to v3 required by CentOS Stream 10 and Rocky Linux 10) Change-Id: I5c91f2166bfce51cadef9c22a22a6031223604c7 Signed-off-by: Michal Nasiadka --- .zuul.yaml | 33 ++++++++++++++++++++++++++++----- functions-common | 2 +- 2 files changed, 29 insertions(+), 6 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 3b0e5dbde0..927945d8f0 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -39,10 +39,10 @@ - controller - nodeset: - name: devstack-single-node-centos-10-stream + name: devstack-single-node-almalinux-10 nodes: - name: controller - label: centos-10-stream-8GB + label: almalinux-10-8GB groups: - name: tempest nodes: @@ -58,10 +58,15 @@ nodes: - controller -# TODO(frickler): drop this dummy nodeset once all references have been removed - nodeset: - name: devstack-single-node-opensuse-15 - nodes: [] + name: devstack-single-node-centos-10-stream + nodes: + - name: controller + label: centos-10-stream-8GB + groups: + - name: tempest + nodes: + - controller - nodeset: name: devstack-single-node-debian-bookworm @@ -73,6 +78,11 @@ nodes: - controller +# TODO(frickler): drop this dummy nodeset once all references have been removed +- nodeset: + name: devstack-single-node-opensuse-15 + nodes: [] + - nodeset: name: devstack-single-node-rockylinux-9 nodes: @@ -766,6 +776,16 @@ # we often have to rush things through devstack to stabilise the gate, # and these platforms don't have the round-the-clock support to avoid # becoming blockers in that situation. +- job: + name: devstack-platform-almalinux-purple-lion + parent: tempest-full-py3 + description: AlmaLinux 10 platform test + nodeset: devstack-single-node-almalinux-10 + timeout: 9000 + voting: false + vars: + configure_swap_size: 4096 + - job: name: devstack-platform-centos-10-stream parent: tempest-full-py3 @@ -966,6 +986,7 @@ - devstack - devstack-ipv6 - devstack-enforce-scope + - devstack-platform-almalinux-purple-lion - devstack-platform-centos-10-stream - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm @@ -1051,10 +1072,12 @@ - devstack-no-tls-proxy periodic-weekly: jobs: + - devstack-platform-almalinux-purple-lion - devstack-platform-centos-10-stream - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm - devstack-platform-rocky-blue-onyx + - devstack-platform-rocky-red-quartz - devstack-platform-ubuntu-noble-ovn-source - devstack-platform-ubuntu-noble-ovs - devstack-platform-ubuntu-jammy diff --git a/functions-common b/functions-common index 0ae51e3df1..c2042c4fef 100644 --- a/functions-common +++ b/functions-common @@ -438,7 +438,7 @@ function _ensure_lsb_release { function GetOSVersion { # CentOS Stream 9 or later and RHEL 9 or later do not provide lsb_release source /etc/os-release - if [[ "${ID}" =~ (centos|rocky|rhel) ]]; then + if [[ "${ID}" =~ (almalinux|centos|rocky|rhel) ]]; then os_RELEASE=${VERSION_ID} os_CODENAME=$(echo $VERSION | grep -oP '(?<=[(])[^)]*' || echo 'n/a') os_VENDOR=$(echo $NAME | tr -d '[:space:]') From fe4d1e605935c61286d9bea14c2e432a079363d6 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sat, 12 Jul 2025 00:36:21 +0900 Subject: [PATCH 105/149] Create dedicated function to manage only keystoneauth options Using the common function to configure keystoneauth middleware leaves some options not actually used for service-to-service communication. Create a dedicated function, which configures only options loaded by keystoneauth library, to drop unnecessary options. Change-Id: Idafdd4a3925d09f155d8ec651786ccbcd6a5f2e4 Signed-off-by: Takashi Kajinami --- lib/cinder | 13 ++----------- lib/keystone | 28 +++++++++++++++++++--------- lib/neutron | 13 +++---------- lib/nova | 34 ++++------------------------------ 4 files changed, 28 insertions(+), 60 deletions(-) diff --git a/lib/cinder b/lib/cinder index aef6854062..aafd837c95 100644 --- a/lib/cinder +++ b/lib/cinder @@ -303,15 +303,6 @@ function configure_cinder { cp $CINDER_DIR/etc/cinder/api-paste.ini $CINDER_API_PASTE_INI - inicomment $CINDER_API_PASTE_INI filter:authtoken auth_host - inicomment $CINDER_API_PASTE_INI filter:authtoken auth_port - inicomment $CINDER_API_PASTE_INI filter:authtoken auth_protocol - inicomment $CINDER_API_PASTE_INI filter:authtoken cafile - inicomment $CINDER_API_PASTE_INI filter:authtoken admin_tenant_name - inicomment $CINDER_API_PASTE_INI filter:authtoken admin_user - inicomment $CINDER_API_PASTE_INI filter:authtoken admin_password - inicomment $CINDER_API_PASTE_INI filter:authtoken signing_dir - configure_keystone_authtoken_middleware $CINDER_CONF cinder iniset $CINDER_CONF DEFAULT debug $ENABLE_DEBUG_LOG_LEVEL @@ -423,7 +414,7 @@ function configure_cinder { configure_keystone_authtoken_middleware $CINDER_CONF glance glance # Set nova credentials (used for os-assisted-snapshots) - configure_keystone_authtoken_middleware $CINDER_CONF nova nova + configure_keystoneauth $CINDER_CONF nova nova iniset $CINDER_CONF nova region_name "$REGION_NAME" iniset $CINDER_CONF DEFAULT graceful_shutdown_timeout "$SERVICE_GRACEFUL_SHUTDOWN_TIMEOUT" @@ -733,8 +724,8 @@ function configure_cinder_volume_upload { } function init_cinder_service_user_conf { - configure_keystone_authtoken_middleware $CINDER_CONF cinder service_user iniset $CINDER_CONF service_user send_service_user_token True + configure_keystoneauth $CINDER_CONF cinder service_user } # Restore xtrace diff --git a/lib/keystone b/lib/keystone index 241909cb9d..4a2d7a9f6c 100644 --- a/lib/keystone +++ b/lib/keystone @@ -421,18 +421,13 @@ function create_service_user { fi } -# Configure a service to use the auth token middleware. -# -# configure_keystone_authtoken_middleware conf_file admin_user IGNORED [section] +# Configure options for keystoneauth # -# section defaults to keystone_authtoken, which is where auth_token looks in -# the .conf file. If the paste config file is used (api-paste.ini) then -# provide the section name for the auth_token filter. -function configure_keystone_authtoken_middleware { +# configure_keystoneauth conf_file admin_user section +function configure_keystoneauth { local conf_file=$1 local admin_user=$2 - local section=${3:-keystone_authtoken} - local service_type=$4 + local section=$3 iniset $conf_file $section auth_type password iniset $conf_file $section interface public @@ -442,7 +437,22 @@ function configure_keystone_authtoken_middleware { iniset $conf_file $section user_domain_name "$SERVICE_DOMAIN_NAME" iniset $conf_file $section project_name $SERVICE_PROJECT_NAME iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME" +} + +# Configure a service to use the auth token middleware. +# +# configure_keystone_authtoken_middleware conf_file admin_user [section] +# +# section defaults to keystone_authtoken, which is where auth_token looks in +# the .conf file. If the paste config file is used (api-paste.ini) then +# provide the section name for the auth_token filter. +function configure_keystone_authtoken_middleware { + local conf_file=$1 + local admin_user=$2 + local section=${3:-keystone_authtoken} + local service_type=$4 + configure_keystoneauth $conf_file $admin_user $section iniset $conf_file $section cafile $SSL_BUNDLE_FILE iniset $conf_file $section memcached_servers $MEMCACHE_SERVERS if [[ -n "$service_type" ]]; then diff --git a/lib/neutron b/lib/neutron index ea2d8e728a..44cd249fa1 100644 --- a/lib/neutron +++ b/lib/neutron @@ -460,14 +460,7 @@ function configure_neutron_nova { function create_nova_conf_neutron { local conf=${1:-$NOVA_CONF} - iniset $conf neutron auth_type "password" - iniset $conf neutron auth_url "$KEYSTONE_SERVICE_URI" - iniset $conf neutron username nova - iniset $conf neutron password "$SERVICE_PASSWORD" - iniset $conf neutron user_domain_name "$SERVICE_DOMAIN_NAME" - iniset $conf neutron project_name "$SERVICE_PROJECT_NAME" - iniset $conf neutron project_domain_name "$SERVICE_DOMAIN_NAME" - iniset $conf neutron auth_strategy "$Q_AUTH_STRATEGY" + configure_keystoneauth $conf nova neutron iniset $conf neutron region_name "$REGION_NAME" # optionally set options in nova_conf @@ -1011,10 +1004,10 @@ function _configure_neutron_service { iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_status_changes $Q_NOTIFY_NOVA_PORT_STATUS_CHANGES iniset $NEUTRON_CONF DEFAULT notify_nova_on_port_data_changes $Q_NOTIFY_NOVA_PORT_DATA_CHANGES - configure_keystone_authtoken_middleware $NEUTRON_CONF nova nova + configure_keystoneauth $NEUTRON_CONF nova nova # Configuration for placement client - configure_keystone_authtoken_middleware $NEUTRON_CONF placement placement + configure_keystoneauth $NEUTRON_CONF placement placement # Configure plugin neutron_plugin_configure_service diff --git a/lib/nova b/lib/nova index 2357d87ee3..a7222cec81 100644 --- a/lib/nova +++ b/lib/nova @@ -628,32 +628,19 @@ function create_nova_conf { function configure_placement_nova_compute { # Use the provided config file path or default to $NOVA_CONF. local conf=${1:-$NOVA_CONF} - iniset $conf placement auth_type "password" - iniset $conf placement auth_url "$KEYSTONE_SERVICE_URI" - iniset $conf placement username nova - iniset $conf placement password "$SERVICE_PASSWORD" - iniset $conf placement user_domain_name "$SERVICE_DOMAIN_NAME" - iniset $conf placement project_name "$SERVICE_TENANT_NAME" - iniset $conf placement project_domain_name "$SERVICE_DOMAIN_NAME" - iniset $conf placement region_name "$REGION_NAME" + configure_keystoneauth $conf nova placement } # Configure access to cinder. function configure_cinder_access { iniset $NOVA_CONF cinder os_region_name "$REGION_NAME" - iniset $NOVA_CONF cinder auth_type "password" - iniset $NOVA_CONF cinder auth_url "$KEYSTONE_SERVICE_URI" # NOTE(mriedem): This looks a bit weird but we use the nova user here # since it has the admin role and the cinder user does not. This is # similar to using the nova user in init_nova_service_user_conf. We need # to use a user with the admin role for background tasks in nova to # be able to GET block-storage API resources owned by another project # since cinder has low-level "is_admin" checks in its DB API. - iniset $NOVA_CONF cinder username nova - iniset $NOVA_CONF cinder password "$SERVICE_PASSWORD" - iniset $NOVA_CONF cinder user_domain_name "$SERVICE_DOMAIN_NAME" - iniset $NOVA_CONF cinder project_name "$SERVICE_TENANT_NAME" - iniset $NOVA_CONF cinder project_domain_name "$SERVICE_DOMAIN_NAME" + configure_keystoneauth $conf nova cinder if is_service_enabled tls-proxy; then CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST} CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776} @@ -663,14 +650,7 @@ function configure_cinder_access { # Configure access to manila. function configure_manila_access { - iniset $NOVA_CONF manila os_region_name "$REGION_NAME" - iniset $NOVA_CONF manila auth_type "password" - iniset $NOVA_CONF manila auth_url "$KEYSTONE_SERVICE_URI" - iniset $NOVA_CONF manila username nova - iniset $NOVA_CONF manila password "$SERVICE_PASSWORD" - iniset $NOVA_CONF manila user_domain_name "$SERVICE_DOMAIN_NAME" - iniset $NOVA_CONF manila project_name "$SERVICE_TENANT_NAME" - iniset $NOVA_CONF manila project_domain_name "$SERVICE_DOMAIN_NAME" + configure_keystoneauth $conf nova manila } function configure_console_compute { @@ -836,13 +816,7 @@ function configure_nova_unified_limits { function init_nova_service_user_conf { iniset $NOVA_CONF service_user send_service_user_token True - iniset $NOVA_CONF service_user auth_type password - iniset $NOVA_CONF service_user auth_url "$KEYSTONE_SERVICE_URI" - iniset $NOVA_CONF service_user username nova - iniset $NOVA_CONF service_user password "$SERVICE_PASSWORD" - iniset $NOVA_CONF service_user user_domain_name "$SERVICE_DOMAIN_NAME" - iniset $NOVA_CONF service_user project_name "$SERVICE_PROJECT_NAME" - iniset $NOVA_CONF service_user project_domain_name "$SERVICE_DOMAIN_NAME" + configure_keystoneauth $NOVA_CONF nova service_user } function conductor_conf { From 5a32609b04aa3df31a128c73cc052d41457db390 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 15 Jul 2025 00:22:18 +0900 Subject: [PATCH 106/149] Add www_authenticate_uri ... to suppress the following warning from keystonemiddleware. Configuring www_authenticate_uri to point to the public identity endpoint is required; clients may not be able to authenticate against an admin endpoint Change-Id: I3f1a6b2c5d2e7d3dce6fd1ee6694f8146ae06437 Signed-off-by: Takashi Kajinami --- lib/keystone | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/keystone b/lib/keystone index 4a2d7a9f6c..7e7cd2526b 100644 --- a/lib/keystone +++ b/lib/keystone @@ -453,6 +453,7 @@ function configure_keystone_authtoken_middleware { local service_type=$4 configure_keystoneauth $conf_file $admin_user $section + iniset $conf_file $section www_authenticate_uri $KEYSTONE_SERVICE_URI iniset $conf_file $section cafile $SSL_BUNDLE_FILE iniset $conf_file $section memcached_servers $MEMCACHE_SERVERS if [[ -n "$service_type" ]]; then From 8060e12a7bddf16179098e611f7052291eafa1e3 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 12 Oct 2025 13:41:57 +0900 Subject: [PATCH 107/149] Drop logic for CentOS (Stream) 8 Change-Id: I528652ced464fadd565e16e89a7e0ef826d42611 Signed-off-by: Takashi Kajinami --- files/rpms/n-cpu | 3 +-- files/rpms/nova | 3 +-- lib/neutron_plugins/ovn_agent | 3 --- stack.sh | 31 +------------------------------ tools/fixup_stuff.sh | 13 ------------- 5 files changed, 3 insertions(+), 50 deletions(-) diff --git a/files/rpms/n-cpu b/files/rpms/n-cpu index 5683862ee0..3d50f3a062 100644 --- a/files/rpms/n-cpu +++ b/files/rpms/n-cpu @@ -1,10 +1,9 @@ cryptsetup dosfstools -genisoimage # not:rhel9,rhel10 iscsi-initiator-utils libosinfo lvm2 sg3_utils # Stuff for diablo volumes sysfsutils -xorriso # not:rhel8 +xorriso diff --git a/files/rpms/nova b/files/rpms/nova index 3ed2943c1d..c323224279 100644 --- a/files/rpms/nova +++ b/files/rpms/nova @@ -1,7 +1,7 @@ conntrack-tools curl ebtables -genisoimage # not:rhel9,rhel10 required for config_drive +genisoimage iptables iputils kernel-modules # not:openEuler-22.03 @@ -11,4 +11,3 @@ polkit rabbitmq-server # NOPRIME sqlite sudo -xorriso # not:rhel8 diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index b128fde2b6..e346f4d1cd 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -407,9 +407,6 @@ function install_ovn { sudo mkdir -p $OVS_PREFIX/var/log/ovn sudo chown $(whoami) $OVS_PREFIX/var/log/ovn else - # Load fixup_ovn_centos - source ${TOP_DIR}/tools/fixup_stuff.sh - fixup_ovn_centos install_package $(get_packages openvswitch) install_package $(get_packages ovn) fi diff --git a/stack.sh b/stack.sh index c8be7fa216..67c7a74de9 100755 --- a/stack.sh +++ b/stack.sh @@ -366,36 +366,7 @@ fi # to speed things up SKIP_EPEL_INSTALL=$(trueorfalse False SKIP_EPEL_INSTALL) -if [[ $DISTRO == "rhel8" ]]; then - # If we have /etc/ci/mirror_info.sh assume we're on a OpenStack CI - # node, where EPEL is installed (but disabled) and already - # pointing at our internal mirror - if [[ -f /etc/ci/mirror_info.sh ]]; then - SKIP_EPEL_INSTALL=True - sudo dnf config-manager --set-enabled epel - fi - - # PowerTools repo provides libyaml-devel required by devstack itself and - # EPEL packages assume that the PowerTools repository is enable. - sudo dnf config-manager --set-enabled PowerTools - - # CentOS 8.3 changed the repository name to lower case. - sudo dnf config-manager --set-enabled powertools - - if [[ ${SKIP_EPEL_INSTALL} != True ]]; then - _install_epel - fi - # Along with EPEL, CentOS (and a-likes) require some packages only - # available in RDO repositories (e.g. OVS, or later versions of - # kvm) to run. - _install_rdo - - # NOTE(cgoncalves): workaround RHBZ#1154272 - # dnf fails for non-privileged users when expired_repos.json doesn't exist. - # RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1154272 - # Patch: https://github.com/rpm-software-management/dnf/pull/1448 - echo "[]" | sudo tee /var/cache/dnf/expired_repos.json -elif [[ $DISTRO == "rhel9" ]]; then +if [[ $DISTRO == "rhel9" ]]; then # for CentOS Stream 9 repository sudo dnf config-manager --set-enabled crb # for RHEL 9 repository diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh index faea44f1e0..fbac5ad2f1 100755 --- a/tools/fixup_stuff.sh +++ b/tools/fixup_stuff.sh @@ -89,19 +89,6 @@ EOF if is_package_installed python3-setuptools; then sudo dnf reinstall -y python3-setuptools fi - # Workaround CentOS 8-stream iputils and systemd Bug - # https://bugzilla.redhat.com/show_bug.cgi?id=2037807 - if [[ $os_VENDOR == "CentOSStream" && $os_RELEASE -eq 8 ]]; then - sudo sysctl -w net.ipv4.ping_group_range='0 2147483647' - fi -} - -function fixup_ovn_centos { - if [[ $os_VENDOR != "CentOS" ]]; then - return - fi - # OVN packages are part of this release for CentOS - yum_install centos-release-openstack-victoria } function fixup_ubuntu { From 84652d3cb8022f20cbcfaef747306c95763b8039 Mon Sep 17 00:00:00 2001 From: Balazs Gibizer Date: Wed, 22 Jan 2025 17:00:59 +0100 Subject: [PATCH 108/149] Follow up for creating parent dir for config files The commit Ia5fcfe6c63f5cc40b11f7e1f3be244d7897f26f6 wanted to enable config file creation even if its parent dir not exists. But missed that the caller of merge_config_file, merge_config_group already checks for hte missing directory. So creating the missing dir in merge_config_file is too late. This patch moves the dir creation to the caller. Change-Id: Ied0f321f31bf8888dce71cc18749f35dde303390 Signed-off-by: Balazs Gibizer --- inc/meta-config | 13 ++++++++----- tests/test_meta_config.sh | 24 +++++++++++++++++++----- 2 files changed, 27 insertions(+), 10 deletions(-) diff --git a/inc/meta-config b/inc/meta-config index b9d9649e4b..1215bb8307 100644 --- a/inc/meta-config +++ b/inc/meta-config @@ -90,7 +90,6 @@ function merge_config_file { local real_configfile real_configfile=$(eval echo $configfile) if [ ! -f $real_configfile ]; then - mkdir -p $(dirname $real_configfile) || die $LINENO "could not create the directory of $real_configfile ($configfile)" touch $real_configfile || die $LINENO "could not create config file $real_configfile ($configfile)" fi @@ -186,11 +185,15 @@ function merge_config_group { break fi dir=$(dirname $realconfigfile) - if [[ -d $dir ]]; then - merge_config_file $localfile $group $configfile - else - die $LINENO "bogus config file specification $configfile ($configfile=$realconfigfile, $dir is not a directory)" + + test -e $dir && ! test -d $dir && die $LINENO "bogus config file specification $configfile ($configfile=$realconfigfile, $dir exists but it is not a directory)" + + if ! [[ -e $dir ]] ; then + sudo mkdir -p $dir || die $LINENO "could not create the directory of $real_configfile ($configfile)" + sudo chown ${STACK_USER} $dir fi + + merge_config_file $localfile $group $configfile done done } diff --git a/tests/test_meta_config.sh b/tests/test_meta_config.sh index 087aaf468b..30479f245a 100755 --- a/tests/test_meta_config.sh +++ b/tests/test_meta_config.sh @@ -137,6 +137,9 @@ foo=bar [some] random=config +[[test12|run_tests.sh/test.conf]] +foo=bar + [[test-multi-sections|test-multi-sections.conf]] [sec-1] cfg_item1 = abcd @@ -389,13 +392,12 @@ EXPECT_VAL=0 check_result "$VAL" "$EXPECT_VAL" set -e -echo -n "merge_config_group test10 not directory: " +echo -n "merge_config_group test10 create directory: " set +e -# function is expected to fail and exit, running it -# in a subprocess to let this script proceed -(merge_config_group test.conf test10) +STACK_USER=$(id -u -n) +merge_config_group test.conf test10 VAL=$? -EXPECT_VAL=255 +EXPECT_VAL=0 check_result "$VAL" "$EXPECT_VAL" set -e @@ -414,9 +416,21 @@ random = config non = sense' check_result "$VAL" "$EXPECT_VAL" +echo -n "merge_config_group test12 directory as file: " +set +e +# function is expected to fail and exit, running it +# in a subprocess to let this script proceed +(merge_config_group test.conf test12) +VAL=$? +EXPECT_VAL=255 +check_result "$VAL" "$EXPECT_VAL" +set -e + rm -f test.conf test1c.conf test2a.conf \ test-space.conf test-equals.conf test-strip.conf \ test-colon.conf test-env.conf test-multiline.conf \ test-multi-sections.conf test-same.conf rm -rf test-etc +rm -rf does-not-exist-dir + From eee708742af669833d6a85d4c7289accb49c18a2 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Fri, 31 Oct 2025 17:09:11 +0000 Subject: [PATCH 109/149] Remove use of pkg_resources Change-Id: I5d0697f39bab0a5ff956c3cc41c26ffe601ef6b9 Signed-off-by: Stephen Finucane --- inc/python | 3 +-- tools/fixup_stuff.sh | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/inc/python b/inc/python index cd90ac82c6..3969c1fa82 100644 --- a/inc/python +++ b/inc/python @@ -273,8 +273,7 @@ function use_library_from_git { function lib_installed_from_git { local name=$1 local safe_name - safe_name=$(python -c "from pkg_resources import safe_name; \ - print(safe_name('${name}'))") + safe_name=$(python -c "from packaging import canonicalize_name; print(canonicalize_name('${name}'))") # Note "pip freeze" doesn't always work here, because it tries to # be smart about finding the remote of the git repo the package # was installed from. This doesn't work with zuul which clones diff --git a/tools/fixup_stuff.sh b/tools/fixup_stuff.sh index faea44f1e0..d8283b2591 100755 --- a/tools/fixup_stuff.sh +++ b/tools/fixup_stuff.sh @@ -84,7 +84,7 @@ EOF # python3-setuptools RPM are deleted, it breaks some tools such as semanage # (used in diskimage-builder) that use the -s flag of the python # interpreter, enforcing the use of the packages from /usr/lib. - # Importing setuptools/pkg_resources in a such environment fails. + # Importing setuptools in a such environment fails. # Enforce the package re-installation to fix those applications. if is_package_installed python3-setuptools; then sudo dnf reinstall -y python3-setuptools From df74bcda897ad9fc4a2f2c1f7a17ee8a4689c217 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Thu, 6 Nov 2025 13:53:00 +0900 Subject: [PATCH 110/149] Install OVMF package OVMF package is required to enable UEFI boot support. Change-Id: Ib1c3ab57740488a3ab8650ef033e1e6ec398f108 Signed-off-by: Takashi Kajinami --- lib/nova_plugins/functions-libvirt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index c0713f9953..7175931384 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -70,6 +70,7 @@ function install_libvirt { if is_ubuntu; then install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt systemd-coredump + install_package ovmf if is_arch "aarch64"; then install_package qemu-efi-aarch64 fi @@ -94,6 +95,7 @@ function install_libvirt { # pre-installed these install_package $qemu_package install_package libvirt libvirt-devel + install_package edk2-ovmf if [[ $DISTRO =~ rhel9 ]]; then pip_install_gr libvirt-python From 1c86258e6b0ccf95e6119d3a6271afa38e05d0a3 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Thu, 2 Oct 2025 17:48:03 +0100 Subject: [PATCH 111/149] Enable response validation in Keystone Unlike other projects, Keystone was previously enabling validation for all responses. This is a bad idea (TM). Quoting from the Keystone docs for the new '[api] response_validation' option added in [1]: 'warn' is the current recommendation for production environments. If you find it necessary to enable the 'ignore' option, please report the issues you are seeing to the Keystone team so we can improve our schemas. 'error' should not be used in a production environment. This is because schema validation happens *after* the response body has been generated, meaning any side effects will still happen and the call may be non-idempotent despite the user receiving a HTTP 500 error. DevStack is not used for production environments and is instead the test harness used for the bulk of our integration testing. We *do* want failed response validation to result in an error, since it will highlight bugs in our schemas. Thus, we should override the default value for this option. [1] https://review.opendev.org/c/openstack/keystone/+/962851 Change-Id: I9fc2c5dce9511165ad2c1ab18db5eb439d357d9b Signed-off-by: Stephen Finucane Related-bug: #2126676 --- lib/keystone | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/keystone b/lib/keystone index 241909cb9d..840103b9f4 100644 --- a/lib/keystone +++ b/lib/keystone @@ -195,6 +195,10 @@ function configure_keystone { iniset $KEYSTONE_CONF cache backend $CACHE_BACKEND iniset $KEYSTONE_CONF cache memcache_servers $MEMCACHE_SERVERS + # Enable errors if response validation fails. We want this enabled in CI + # and development contexts to highlights bugs in our response schemas. + iniset $KEYSTONE_CONF api response_validation error + iniset_rpc_backend keystone $KEYSTONE_CONF oslo_messaging_notifications local service_port=$KEYSTONE_SERVICE_PORT From 3566a15b8eeebb0dfc36e47f87129b108d2980e1 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Thu, 2 Oct 2025 17:46:42 +0100 Subject: [PATCH 112/149] Enable response validation in Nova Per inline description Change-Id: I85c959461e4e96b69d252e06fc697a1c61488411 Signed-off-by: Stephen Finucane --- lib/nova | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/nova b/lib/nova index b289ec6d6d..460b4adc85 100644 --- a/lib/nova +++ b/lib/nova @@ -453,6 +453,10 @@ function create_nova_conf { iniset $NOVA_CONF DEFAULT metadata_listen "$NOVA_SERVICE_LISTEN_ADDRESS" iniset $NOVA_CONF DEFAULT shutdown_timeout $NOVA_SHUTDOWN_TIMEOUT + # Enable errors if response validation fails. We want this enabled in CI + # and development contexts to highlights bugs in our response schemas. + iniset $NOVA_CONF api response_validation error + iniset $NOVA_CONF key_manager backend nova.keymgr.conf_key_mgr.ConfKeyManager iniset $NOVA_CONF DEFAULT report_interval $NOVA_SERVICE_REPORT_INTERVAL From a041a7fc66453958ce1d34421330fd27393bbd65 Mon Sep 17 00:00:00 2001 From: Ghanshyam Maan Date: Thu, 6 Nov 2025 18:39:36 +0000 Subject: [PATCH 113/149] Re-add the ironic job in gate Ironic job ironic-tempest-bios-ipmi-direct-tinyipa has been renamed to ironic-tempest-bios-ipmi-direct - https://review.opendev.org/c/openstack/ironic/+/950192 Zuul did not give any error or warning when this jobs was ignored to run and it went unnotice until I manually checked the gate jobs. Change-Id: I9b6bb94456ccfd17c2e38cdaa772aef372d169d0 Signed-off-by: Ghanshyam Maan --- .zuul.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 927945d8f0..a751c70a6a 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -998,7 +998,7 @@ - devstack-multinode - devstack-unit-tests - openstack-tox-bashate - - ironic-tempest-bios-ipmi-direct-tinyipa + - ironic-tempest-bios-ipmi-direct - swift-dsvm-functional - grenade: irrelevant-files: *common-irrelevant-files @@ -1031,7 +1031,7 @@ - openstack-tox-bashate - neutron-ovs-grenade-multinode: irrelevant-files: *common-irrelevant-files - - ironic-tempest-bios-ipmi-direct-tinyipa + - ironic-tempest-bios-ipmi-direct - swift-dsvm-functional - grenade: irrelevant-files: *common-irrelevant-files From f8ebb4939c46eed2f69bece7a7d9c8ff31b61353 Mon Sep 17 00:00:00 2001 From: "Dr. Jens Harbott" Date: Thu, 10 Jul 2025 21:15:21 +0200 Subject: [PATCH 114/149] Add support for trixie and platform job Dropping libapache2-mod-proxy-uwsgi package for debuntu, which is no longer needed for Jammy, Bookworm and beyond. libpcre3-dev is removed form the set of packages pre installed for debian systems. This change adds both single and two node nodesets for trixie. Signed-off-by: Dr. Jens Harbott Signed-off-by: Sean Mooney Change-Id: Ib056d2ad64b31657ea8ef9359fed78e589b01b88 --- .zuul.yaml | 51 +++++++++++++++++++++++++++++++++++++++++++++ files/debs/general | 2 -- lib/apache | 2 +- lib/databases/mysql | 14 +++++++++++-- stack.sh | 3 +-- 5 files changed, 65 insertions(+), 7 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 927945d8f0..357c085fe9 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -68,6 +68,16 @@ nodes: - controller +- nodeset: + name: devstack-single-node-debian-trixie + nodes: + - name: controller + label: debian-trixie-8GB + groups: + - name: tempest + nodes: + - controller + - nodeset: name: devstack-single-node-debian-bookworm nodes: @@ -383,6 +393,36 @@ nodes: - compute1 +- nodeset: + name: devstack-two-node-debian-trixie + nodes: + - name: controller + label: debian-trixie-8GB + - name: compute1 + label: debian-trixie-8GB + groups: + # Node where tests are executed and test results collected + - name: tempest + nodes: + - controller + # Nodes running the compute service + - name: compute + nodes: + - controller + - compute1 + # Nodes that are not the controller + - name: subnode + nodes: + - compute1 + # Switch node for multinode networking setup + - name: switch + nodes: + - controller + # Peer nodes for multinode networking setup + - name: peers + nodes: + - compute1 + - job: name: devstack-base parent: openstack-multinode-fips @@ -806,6 +846,15 @@ timeout: 9000 voting: false +- job: + name: devstack-platform-debian-trixie + parent: tempest-full-py3 + description: Debian Trixie platform test + nodeset: devstack-single-node-debian-trixie + timeout: 9000 + vars: + configure_swap_size: 4096 + - job: name: devstack-platform-debian-bookworm parent: tempest-full-py3 @@ -990,6 +1039,7 @@ - devstack-platform-centos-10-stream - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm + - devstack-platform-debian-trixie - devstack-platform-rocky-blue-onyx - devstack-platform-rocky-red-quartz - devstack-platform-ubuntu-noble-ovn-source @@ -1021,6 +1071,7 @@ - devstack - devstack-ipv6 - devstack-platform-debian-bookworm + - devstack-platform-debian-trixie - devstack-platform-ubuntu-noble # NOTE(danms): Disabled due to instability, see comment in the job # definition above. diff --git a/files/debs/general b/files/debs/general index 364f3cc6e2..1e63e4f582 100644 --- a/files/debs/general +++ b/files/debs/general @@ -11,10 +11,8 @@ gettext # used for compiling message catalogs git graphviz # needed for docs iputils-ping -libapache2-mod-proxy-uwsgi libffi-dev # for pyOpenSSL libjpeg-dev # Pillow 3.0.0 -libpcre3-dev # for python-pcre libpq-dev # psycopg2 libssl-dev # for pyOpenSSL libsystemd-dev # for systemd-python diff --git a/lib/apache b/lib/apache index c49da711e1..b3379a7cde 100644 --- a/lib/apache +++ b/lib/apache @@ -82,7 +82,7 @@ function install_apache_uwsgi { fi if is_ubuntu; then - local pkg_list="uwsgi uwsgi-plugin-python3 libapache2-mod-proxy-uwsgi" + local pkg_list="uwsgi uwsgi-plugin-python3" install_package ${pkg_list} # NOTE(ianw) 2022-02-03 : Fedora 35 needs to skip this and fall # into the install-from-source because the upstream packages diff --git a/lib/databases/mysql b/lib/databases/mysql index 629014c1d8..a47580ca3d 100644 --- a/lib/databases/mysql +++ b/lib/databases/mysql @@ -20,7 +20,7 @@ if [[ -z "$MYSQL_SERVICE_NAME" ]]; then MYSQL_SERVICE_NAME=mysql if is_fedora && ! is_oraclelinux; then MYSQL_SERVICE_NAME=mariadb - elif [[ "$DISTRO" =~ bookworm|bullseye ]]; then + elif [[ "$DISTRO" =~ trixie|bookworm|bullseye ]]; then MYSQL_SERVICE_NAME=mariadb fi fi @@ -107,7 +107,7 @@ function configure_database_mysql { # for Ubuntu 22.04+ because the authorization model change in # version 10.4 of mariadb. See # https://mariadb.org/authentication-in-mariadb-10-4/ - if ! (is_ubuntu && [[ ! "$DISTRO" =~ bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then + if ! (is_ubuntu && [[ ! "$DISTRO" =~ trixie|bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then sudo mysqladmin -u root password $DATABASE_PASSWORD || true fi @@ -119,6 +119,16 @@ function configure_database_mysql { local cmd_args="-uroot -p$DATABASE_PASSWORD -h$SERVICE_LOCAL_HOST " fi + # Workaround for mariadb > 11.6.2, + # see https://bugs.launchpad.net/nova/+bug/2116186/comments/3 + min_db_ver="11.6.2" + db_version=$(sudo mysql ${cmd_args} -e "select version();" -sN | cut -d '-' -f 1) + max_db_ver=$(printf '%s\n' ${min_db_ver} ${db_version} | sort -V | tail -n 1) + if [[ "${min_db_ver}" != "${max_db_ver}" ]]; then + iniset -sudo $my_conf mysqld innodb_snapshot_isolation OFF + restart_service $MYSQL_SERVICE_NAME + fi + # In mariadb e.g. on Ubuntu socket plugin is used for authentication # as root so it works only as sudo. To restore old "mysql like" behaviour, # we need to change auth plugin for root user diff --git a/stack.sh b/stack.sh index a7f6a5e903..5ef98eb7b7 100755 --- a/stack.sh +++ b/stack.sh @@ -1,6 +1,5 @@ #!/usr/bin/env bash - # ``stack.sh`` is an opinionated OpenStack developer installation. It # installs and configures various combinations of **Cinder**, **Glance**, # **Horizon**, **Keystone**, **Nova**, **Neutron**, and **Swift** @@ -230,7 +229,7 @@ write_devstack_version # Warn users who aren't on an explicitly supported distro, but allow them to # override check and attempt installation with ``FORCE=yes ./stack`` -SUPPORTED_DISTROS="bookworm|jammy|noble|rhel9|rhel10" +SUPPORTED_DISTROS="trixie|bookworm|jammy|noble|rhel9|rhel10" if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then echo "WARNING: this script has not been tested on $DISTRO" From 9a0db4f4999e2aa5923ed32452f1d2e41ae4ea55 Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Wed, 16 Jul 2025 11:38:12 +0000 Subject: [PATCH 115/149] [Neutron] Add TARGET_ENABLE_OVN_AGENT variable to enable OVN agent The new flag ``TARGET_ENABLE_OVN_AGENT`` will be disabled by default. If enabled: * The OVN agent will be enabled, regardless of not being configured. * The OVN Metadata agent will be disabled, regardless of being configured. This variable will be used, initially, in the grenade jobs. It will be used to test the migration from the OVN Metadata agent to the OVN agent. This variable will be removed in 2026.2, along with the OVN Metadata agent, that is set as deprecated and marked for removal. Related-Bug: #2112313 Signed-off-by: Rodolfo Alonso Hernandez Change-Id: I8f91e1cb8543da489f495b8cf5196e606a0f5eea --- lib/neutron_plugins/ovn_agent | 44 ++++++++++++++++++++++++++++------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index b128fde2b6..0e87b473e9 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -99,6 +99,13 @@ OVN_META_DATA_HOST=${OVN_META_DATA_HOST:-$(ipv6_unquote $SERVICE_HOST)} # The OVN agent is configured, by default, with the "metadata" extension. OVN_AGENT_CONF=$NEUTRON_CONF_DIR/plugins/ml2/ovn_agent.ini OVN_AGENT_EXTENSIONS=${OVN_AGENT_EXTENSIONS:-metadata} +# The variable TARGET_ENABLE_OVN_AGENT, if True, overrides the OVN Metadata +# agent service (q-ovn-metadata-agent neutron-ovn-metadata-agent) and the OVN +# agent service (q-ovn-agent neutron-ovn-agent) configuration, always disabling +# the first one (OVN Metadata agent) and enabling the second (OVN agent). +# This variable will be removed in 2026.2, along with the OVN Metadata agent +# removal. +TARGET_ENABLE_OVN_AGENT=$(trueorfalse False TARGET_ENABLE_OVN_AGENT) # If True (default) the node will be considered a gateway node. ENABLE_CHASSIS_AS_GW=$(trueorfalse True ENABLE_CHASSIS_AS_GW) @@ -301,6 +308,21 @@ function create_public_bridge { _configure_public_network_connectivity } +function is_ovn_metadata_agent_enabled { + if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent && [[ "$TARGET_ENABLE_OVN_AGENT" == "False" ]]; then + return 0 + fi + return 1 +} + +function is_ovn_agent_enabled { + if is_service_enabled q-ovn-agent neutron-ovn-agent || [[ "$TARGET_ENABLE_OVN_AGENT" == "True" ]]; then + enable_service q-ovn-agent + return 0 + fi + return 1 + +} # OVN compilation functions # ------------------------- @@ -498,9 +520,9 @@ function configure_ovn_plugin { inicomment /$Q_PLUGIN_CONF_FILE network_log local_output_log_base="$Q_LOG_DRIVER_LOG_BASE" fi - if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent; then + if is_ovn_metadata_agent_enabled; then populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=True - elif is_service_enabled q-ovn-agent neutron-ovn-agent && [[ "$OVN_AGENT_EXTENSIONS" =~ 'metadata' ]]; then + elif is_ovn_agent_enabled && [[ "$OVN_AGENT_EXTENSIONS" =~ 'metadata' ]]; then populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=True else populate_ml2_config /$Q_PLUGIN_CONF_FILE ovn ovn_metadata_enabled=False @@ -521,9 +543,9 @@ function configure_ovn_plugin { fi if is_service_enabled n-api-meta ; then - if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent; then + if is_ovn_metadata_agent_enabled; then iniset $NOVA_CONF neutron service_metadata_proxy True - elif is_service_enabled q-ovn-agent neutron-ovn-agent && [[ "$OVN_AGENT_EXTENSIONS" =~ 'metadata' ]]; then + elif is_ovn_agent_enabled && [[ "$OVN_AGENT_EXTENSIONS" =~ 'metadata' ]]; then iniset $NOVA_CONF neutron service_metadata_proxy True fi fi @@ -558,10 +580,10 @@ function configure_ovn { # Metadata local sample_file="" local config_file="" - if is_service_enabled q-ovn-agent neutron-ovn-agent && [[ "$OVN_AGENT_EXTENSIONS" =~ 'metadata' ]] && is_service_enabled ovn-controller; then + if is_ovn_agent_enabled && [[ "$OVN_AGENT_EXTENSIONS" =~ 'metadata' ]] && is_service_enabled ovn-controller; then sample_file=$NEUTRON_DIR/etc/neutron/plugins/ml2/ovn_agent.ini.sample config_file=$OVN_AGENT_CONF - elif is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent && is_service_enabled ovn-controller; then + elif is_ovn_metadata_agent_enabled && is_service_enabled ovn-controller; then sample_file=$NEUTRON_DIR/etc/neutron_ovn_metadata_agent.ini.sample config_file=$OVN_META_CONF fi @@ -758,13 +780,13 @@ function start_ovn { fi fi - if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent; then + if is_ovn_metadata_agent_enabled; then run_process q-ovn-metadata-agent "$NEUTRON_OVN_BIN_DIR/$NEUTRON_OVN_METADATA_BINARY --config-file $OVN_META_CONF" # Format logging setup_logging $OVN_META_CONF fi - if is_service_enabled q-ovn-agent neutron-ovn-agent; then + if is_ovn_agent_enabled; then run_process q-ovn-agent "$NEUTRON_OVN_BIN_DIR/$NEUTRON_OVN_AGENT_BINARY --config-file $OVN_AGENT_CONF" # Format logging setup_logging $OVN_AGENT_CONF @@ -786,13 +808,17 @@ function _stop_process { } function stop_ovn { + # NOTE(ralonsoh): this check doesn't use "is_ovn_metadata_agent_enabled", + # instead it relies only in the configured services, disregarding the + # flag "TARGET_ENABLE_OVN_AGENT". It is needed to force the OVN Metadata + # agent stop in case the flag "TARGET_ENABLE_OVN_AGENT" is set. if is_service_enabled q-ovn-metadata-agent neutron-ovn-metadata-agent; then # pkill takes care not to kill itself, but it may kill its parent # sudo unless we use the "ps | grep [f]oo" trick sudo pkill -9 -f "[h]aproxy" || : _stop_process "devstack@q-ovn-metadata-agent.service" fi - if is_service_enabled q-ovn-agent neutron-ovn-agent; then + if is_ovn_agent_enabled; then # pkill takes care not to kill itself, but it may kill its parent # sudo unless we use the "ps | grep [f]oo" trick sudo pkill -9 -f "[h]aproxy" || : From e8a11f5070fef8b9d757155b51da16481bac9aed Mon Sep 17 00:00:00 2001 From: "Dr. Jens Harbott" Date: Fri, 21 Nov 2025 21:01:50 +0100 Subject: [PATCH 116/149] Drop lib/oslo from unstack.sh This was missed in [0]. [0] I6a66359c19d0385beafb4c5e57b6ec3cd6d9cc54 Signed-off-by: Dr. Jens Harbott Change-Id: Idaee45beb63b2badc72c4a70442c5b9aa7fb19fe --- unstack.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/unstack.sh b/unstack.sh index 29c80718f8..8e8996c63b 100755 --- a/unstack.sh +++ b/unstack.sh @@ -61,7 +61,6 @@ source $TOP_DIR/lib/tls # Source project function libraries source $TOP_DIR/lib/infra -source $TOP_DIR/lib/oslo source $TOP_DIR/lib/lvm source $TOP_DIR/lib/horizon source $TOP_DIR/lib/keystone From 5d602fef2a7f3ac153c907304a8f43b38c0c1a50 Mon Sep 17 00:00:00 2001 From: Ghanshyam Date: Fri, 21 Nov 2025 20:40:07 +0000 Subject: [PATCH 117/149] Revert "Cap stable/2025.2 network, swift, volume api_extensions for tempest" This reverts commit 093bc57518a72b63a59389df63491d476069fc5c. Reason for revert: This is done by mistake on master. It needs to be done on stable/2025.2 https://review.opendev.org/c/openstack/devstack/+/968073 Change-Id: I8bd7b732c181f3abb015a57b4445332614f8c6c9 Signed-off-by: Ghanshyam --- lib/tempest | 61 +++-------------------------------------------------- 1 file changed, 3 insertions(+), 58 deletions(-) diff --git a/lib/tempest b/lib/tempest index 892e7fd72a..1ebe9c5f1f 100644 --- a/lib/tempest +++ b/lib/tempest @@ -805,48 +805,7 @@ function configure_tempest { DISABLE_NETWORK_API_EXTENSIONS+=", l3_agent_scheduler" fi - DEFAULT_NET_EXT="address-scope,agent,allowed-address-pairs,auto-allocated-topology" - DEFAULT_NET_EXT+=",availability_zone,binding,default-subnetpools,dhcp_agent_scheduler" - DEFAULT_NET_EXT+=",dvr,ext-gw-mode,external-net,extra_dhcp_opt,extraroute,flavors" - DEFAULT_NET_EXT+=",l3-flavors,l3-ha,l3_agent_scheduler,multi-provider,net-mtu" - DEFAULT_NET_EXT+=",network-ip-availability,network_availability_zone,pagination" - DEFAULT_NET_EXT+=",port-security,project-id,provider,quotas,quota_details,rbac-policies" - DEFAULT_NET_EXT+=",revision-if-match,router,router_availability_zone,security-group,service-type,sorting" - DEFAULT_NET_EXT+=",standard-attr-description,standard-attr-revisions,standard-attr-tag,standard-attr-timestamp" - DEFAULT_NET_EXT+=",subnet-service-types,subnet_allocation,net-mtu-writable,ip-substring-filtering" - DEFAULT_NET_EXT+=",availability_zone_filter,filter-validation,empty-string-filtering,port-mac-address-regenerate" - DEFAULT_NET_EXT+=",port-security-groups-filtering,fip-port-details,binding-extended" - DEFAULT_NET_EXT+=",subnet_onboard,l3-port-ip-change-not-allowed,agent-resources-synced" - DEFAULT_NET_EXT+=",floatingip-pools,rbac-security-groups,subnetpool-prefix-ops,router-admin-state-down-before-update" - DEFAULT_NET_EXT+=",rbac-subnetpool,tag-ports-during-bulk-creation,stateful-security-group,address-group,extraroute-atomic" - DEFAULT_NET_EXT+=",port-numa-affinity-policy,rbac-address-scope,security-groups-remote-address-group,trunk,trunk-details" - DEFAULT_NET_EXT+=",rbac-address-group,port-device-profile" - DEFAULT_NET_EXT+=",multiple-external-gateways,qos-pps-minimum,l3-ext-ndp-proxy,rbac-bgpvpn" - DEFAULT_NET_EXT+=",qos-pps,ecmp_routes,bgp,floating-ip-port-forwarding-port-ranges" - # New in Yoga - DEFAULT_NET_EXT+=",security-groups-shared-filtering,security-groups-normalized-cidr,quota-check-limit" - DEFAULT_NET_EXT+=",port-resource-request-groups" - # New in Zed - DEFAULT_NET_EXT+=",port-mac-override,floating-ip-port-forwarding-detail,network-cascade-delete" - # New in 2023.1 - DEFAULT_NET_EXT+=",port-hints,floating-ip-distributed" - # New in 2023.2 - DEFAULT_NET_EXT+=",port-hint-ovs-tx-steering,enable-default-route-bfd" - DEFAULT_NET_EXT+=",enable-default-route-ecmp,standard-attr-fwaas-v2" - DEFAULT_NET_EXT+=",allowed-address-pairs-atomic,network_ha" - DEFAULT_NET_EXT+=",security-groups-rules-belongs-to-default-sg" - DEFAULT_NET_EXT+=",port-hardware-offload-type" - # New in 2024.1 - DEFAULT_NET_EXT+=",vpn-aes-ccm-gcm,tap-mirror,subnet-external-network" - DEFAULT_NET_EXT+=",port-numa-affinity-policy-socket" - # New in 2024.2 - DEFAULT_NET_EXT+=",tag-creation,quota-check-limit-default,port-trusted-vif" - DEFAULT_NET_EXT+=",uplink-status-propagation-updatable" - # New in 2025.1 - DEFAULT_NET_EXT+=",qing,vpn-aes-ctr" - # New in 2025.2: None - local network_api_extensions=${NETWORK_API_EXTENSIONS:-$DEFAULT_NET_EXT} - + local network_api_extensions=${NETWORK_API_EXTENSIONS:-"all"} if [[ ! -z "$DISABLE_NETWORK_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint network_api_extensions=${NETWORK_API_EXTENSIONS:-$(iniget $tmp_cfg_file network-feature-enabled api_extensions | tr -d " ")} @@ -858,10 +817,7 @@ function configure_tempest { fi iniset $TEMPEST_CONFIG network-feature-enabled api_extensions $network_api_extensions # Swift API Extensions - DEFAULT_SWIFT_OPT="account_quotas,bulk_delete,bulk_upload,container_quotas" - DEFAULT_SWIFT_OPT+=",container_sync,crossdomain,formpost,ratelimit,slo" - DEFAULT_SWIFT_OPT+=",staticweb,tempauth,tempurl,versioned_writes" - local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$DEFAULT_SWIFT_OPT} + local object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-"all"} if [[ ! -z "$DISABLE_OBJECT_STORAGE_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint object_storage_api_extensions=${OBJECT_STORAGE_API_EXTENSIONS:-$(iniget $tmp_cfg_file object-storage-feature-enabled discoverable_apis | tr -d " ")} @@ -870,18 +826,7 @@ function configure_tempest { fi iniset $TEMPEST_CONFIG object-storage-feature-enabled discoverable_apis $object_storage_api_extensions # Cinder API Extensions - DEFAULT_VOL_EXT="OS-SCH-HNT,backups,capabilities,cgsnapshots,consistencygroups" - DEFAULT_VOL_EXT+=",encryption,os-admin-actions,os-availability-zone" - DEFAULT_VOL_EXT+=",os-extended-services,os-extended-snapshot-attributes" - DEFAULT_VOL_EXT+=",os-hosts,os-quota-class-sets,os-quota-sets" - DEFAULT_VOL_EXT+=",os-services,os-snapshot-actions,os-snapshot-manage" - DEFAULT_VOL_EXT+=",os-snapshot-unmanage,os-types-extra-specs,os-types-manage" - DEFAULT_VOL_EXT+=",os-used-limits,os-vol-host-attr,os-vol-image-meta" - DEFAULT_VOL_EXT+=",os-vol-mig-status-attr,os-vol-tenant-attr,os-volume-actions" - DEFAULT_VOL_EXT+=",os-volume-encryption-metadata,os-volume-manage" - DEFAULT_VOL_EXT+=",os-volume-transfer,os-volume-type-access" - DEFAULT_VOL_EXT+=",os-volume-unmanage,qos-specs,scheduler-stats" - local volume_api_extensions=${VOLUME_API_EXTENSIONS:-$DEFAULT_VOL_EXT} + local volume_api_extensions=${VOLUME_API_EXTENSIONS:-"all"} if [[ ! -z "$DISABLE_VOLUME_API_EXTENSIONS" ]]; then # Enabled extensions are either the ones explicitly specified or those available on the API endpoint volume_api_extensions=${VOLUME_API_EXTENSIONS:-$(iniget $tmp_cfg_file volume-feature-enabled api_extensions | tr -d " ")} From c2a5090c2f6ab70cf8d3026e9af26af84cca3a3a Mon Sep 17 00:00:00 2001 From: Sean Mooney Date: Mon, 24 Nov 2025 18:25:57 +0000 Subject: [PATCH 118/149] allow get_extra_files to retry on common errors This change add 4 new varibles to devstack to allow controlling the behvaior fo downloadign files via get_extra_files EXTRA_FILES_RETRY=${EXTRA_FILES_RETRY:-3} EXTRA_FILES_RETRY_ERRORS=${EXTRA_FILES_RETRY_ERRORS:-"500,503"} EXTRA_FILES_DOWNLOAD_TIMEOUT=${EXTRA_FILES_DOWNLOAD_TIMEOUT:-2} EXTRA_FILES_RETRY_TIMEOUT=${EXTRA_FILES_RETRY_TIMEOUT:-10} get_extra_files checks if a file is precached and downlaods it if not present The new fucntionaltiy modifes the wget invocation to retry up to 3 times if there are dns name issues, connection refused or the server return a 500 or 503 This change will not retry on 403 or 429 error codes which are often used to indicate rate limits. The download timeout remains at 2 seconds but can now be set if required. A 10 second over all retry wait timeout is added matching wgets default. finally the use of sed to strip the file:// prefix if present is replace with usign bash parmater expansion echo "${file_url#file://}" Assisted-By: gemini pro 3 Change-Id: Iedbb8974dce34a3d1c89f2a2561df76e696afae6 Signed-off-by: Sean Mooney --- functions | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/functions b/functions index 829fc86c55..63c6318c2e 100644 --- a/functions +++ b/functions @@ -47,6 +47,10 @@ function short_source { # export it so child shells have access to the 'short_source' function also. export -f short_source +EXTRA_FILES_RETRY=${EXTRA_FILES_RETRY:-3} +EXTRA_FILES_RETRY_ERRORS=${EXTRA_FILES_RETRY_ERRORS:-"500,503"} +EXTRA_FILES_DOWNLOAD_TIMEOUT=${EXTRA_FILES_DOWNLOAD_TIMEOUT:-2} +EXTRA_FILES_RETRY_TIMEOUT=${EXTRA_FILES_RETRY_TIMEOUT:-10} # Download a file from a URL # # Will check cache (in $FILES) or download given URL. @@ -55,17 +59,20 @@ export -f short_source # # Will echo the local path to the file as the output. Will die on # failure to download. -# + # Files can be pre-cached for CI environments, see EXTRA_CACHE_URLS # and tools/image_list.sh function get_extra_file { local file_url=$1 - - file_name=$(basename "$file_url") + local retry_args="--retry-on-host-error --retry-on-http-error=${EXTRA_FILES_RETRY_ERRORS} " + retry_args+="-t ${EXTRA_FILES_DOWNLOAD_TIMEOUT} --waitretry=${EXTRA_FILES_RETRY_TIMEOUT} " + retry_args+="--tries=${EXTRA_FILES_RETRY} --retry-connrefused" + # Using Bash parameter expansion (##*/) instead of external 'basename' + local file_name="${file_url##*/}" if [[ $file_url != file* ]]; then # If the file isn't cache, download it if [[ ! -f $FILES/$file_name ]]; then - wget --progress=dot:giga -t 2 -c $file_url -O $FILES/$file_name + wget --progress=dot:giga ${retry_args} -c $file_url -O $FILES/$file_name if [[ $? -ne 0 ]]; then die "$file_url could not be downloaded" fi @@ -74,7 +81,7 @@ function get_extra_file { return else # just strip the file:// bit and that's the path to the file - echo $file_url | sed 's/$file:\/\///g' + echo "${file_url#file://}" fi } From fc31d8a37e59d6811b208b5dba6c312365abd2d8 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Tue, 9 Dec 2025 17:49:41 +0100 Subject: [PATCH 119/149] almalinux: Switch to build OVS from source Since almalinux-10 label in OpenDev runs on both x86-64-v2 and v3, and CentOS NFV SIG OVS packages are only build for v3, these jobs have been only successful when spawned on v3 hardware. In order to make the job passable on v2 hardware - we should be building OVS from source. Rename the jobs to reflect the change Change-Id: I67b19c18b45af23cda7899f7c2edab21b8ed1ede Signed-off-by: Michal Nasiadka --- .zuul.yaml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 0aa2530d77..2227f185dd 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -818,7 +818,7 @@ # and these platforms don't have the round-the-clock support to avoid # becoming blockers in that situation. - job: - name: devstack-platform-almalinux-purple-lion + name: devstack-platform-almalinux-purple-lion-ovn-source parent: tempest-full-py3 description: AlmaLinux 10 platform test nodeset: devstack-single-node-almalinux-10 @@ -826,6 +826,11 @@ voting: false vars: configure_swap_size: 4096 + devstack_localrc: + OVN_BUILD_FROM_SOURCE: True + OVN_BRANCH: "branch-24.03" + OVS_BRANCH: "branch-3.3" + OVS_SYSCONFDIR: "/usr/local/etc/openvswitch" - job: name: devstack-platform-centos-10-stream @@ -1036,7 +1041,7 @@ - devstack - devstack-ipv6 - devstack-enforce-scope - - devstack-platform-almalinux-purple-lion + - devstack-platform-almalinux-purple-lion-ovn-source - devstack-platform-centos-10-stream - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm @@ -1124,7 +1129,7 @@ - devstack-no-tls-proxy periodic-weekly: jobs: - - devstack-platform-almalinux-purple-lion + - devstack-platform-almalinux-purple-lion-ovn-source - devstack-platform-centos-10-stream - devstack-platform-centos-9-stream - devstack-platform-debian-bookworm From c11b16b44de613a15833e610ebf77d539e488856 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 13 Aug 2025 01:02:34 +0900 Subject: [PATCH 120/149] Fix ownership of keyring file The file should be owned by the user(STACK_USER) to run the process. Note that STACK_USER may not match the current user in case stack.sh is run by root. Also we should not assume that the group name always matches the user name. Change-Id: Iec300311cab1b1a2fa124879aa3dc6a57a6a706b Signed-off-by: Takashi Kajinami --- lib/cinder_backups/ceph | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cinder_backups/ceph b/lib/cinder_backups/ceph index e60efbb632..e4d6b96407 100644 --- a/lib/cinder_backups/ceph +++ b/lib/cinder_backups/ceph @@ -34,7 +34,7 @@ function configure_cinder_backup_ceph { sudo ceph -c ${CEPH_CONF_FILE} osd pool set ${CINDER_BAK_CEPH_POOL} crush_ruleset ${RULE_ID} fi sudo ceph -c ${CEPH_CONF_FILE} auth get-or-create client.${CINDER_BAK_CEPH_USER} mon "profile rbd" osd "profile rbd pool=${CINDER_BAK_CEPH_POOL}, profile rbd pool=${CINDER_CEPH_POOL}" | sudo tee ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring - sudo chown $(whoami):$(whoami) ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring + sudo chown $STACK_USER ${CEPH_CONF_DIR}/ceph.client.${CINDER_BAK_CEPH_USER}.keyring fi iniset $CINDER_CONF DEFAULT backup_driver "cinder.backup.drivers.ceph.CephBackupDriver" From 0b200dd617e4bec34d797e5ecb82382d8ffe21ea Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Fri, 2 Jan 2026 09:39:25 +0100 Subject: [PATCH 121/149] lib/neutron: read api-paste and rootwrap from $NEUTRON_DIR/etc/neutron Related patches: * https://review.opendev.org/c/openstack/devstack/+/961224 * https://review.opendev.org/c/openstack/neutron/+/961130 Signed-off-by: Rodolfo Alonso Hernandez Change-Id: I7cf4483d533f9536d2450088a97e95dfb4f22e3a --- lib/neutron | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/lib/neutron b/lib/neutron index dec15fb782..532945f6d5 100644 --- a/lib/neutron +++ b/lib/neutron @@ -996,13 +996,7 @@ function _configure_neutron_plugin_agent { # It is called when q-svc is enabled. function _configure_neutron_service { Q_API_PASTE_FILE=$NEUTRON_CONF_DIR/api-paste.ini - if test -r $NEUTRON_DIR/etc/neutron/api-paste.ini; then - cp $NEUTRON_DIR/etc/neutron/api-paste.ini $Q_API_PASTE_FILE - else - # TODO(stephenfin): Remove this branch once [1] merges - # [1] https://review.opendev.org/c/openstack/neutron/+/961130 - cp $NEUTRON_DIR/etc/api-paste.ini $Q_API_PASTE_FILE - fi + cp $NEUTRON_DIR/etc/neutron/api-paste.ini $Q_API_PASTE_FILE # Update either configuration file with plugin iniset $NEUTRON_CONF DEFAULT core_plugin $Q_PLUGIN_CLASS @@ -1079,13 +1073,7 @@ function _neutron_setup_rootwrap { # Set up ``rootwrap.conf``, pointing to ``$NEUTRON_CONF_DIR/rootwrap.d`` # location moved in newer versions, prefer new location - if test -r $NEUTRON_DIR/etc/neutron/rootwrap.conf; then - sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/neutron/rootwrap.conf $Q_RR_CONF_FILE - else - # TODO(stephenfin): Remove this branch once [1] merges - # [1] https://review.opendev.org/c/openstack/neutron/+/961130 - sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE - fi + sudo install -o root -g root -m 644 $NEUTRON_DIR/etc/neutron/rootwrap.conf $Q_RR_CONF_FILE sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE # Rely on $PATH set by devstack to determine what is safe to execute # by rootwrap rather than use explicit whitelist of paths in From 92a70ba9dda1669f7af00cacd6cc7f41b764f5da Mon Sep 17 00:00:00 2001 From: Gregory Thiemonge Date: Tue, 6 Jan 2026 08:52:41 +0100 Subject: [PATCH 122/149] Fix centos/rhel 9/10 dependencies An error was introduced in [0], it added an incorrect dependency on genisoimage for nova, and kept a valid dependency on xorriso in n-cpu. It breaks centos 10 deployments, the expected behavior is to use xorriso on modern rhel/centos. [0] https://review.opendev.org/c/openstack/devstack/+/963799 Change-Id: I0057f934c453ded198f8b5e58f4924260a3d2508 Signed-off-by: Gregory Thiemonge --- files/rpms/nova | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/rpms/nova b/files/rpms/nova index c323224279..d0f843bb60 100644 --- a/files/rpms/nova +++ b/files/rpms/nova @@ -1,7 +1,6 @@ conntrack-tools curl ebtables -genisoimage iptables iputils kernel-modules # not:openEuler-22.03 @@ -11,3 +10,4 @@ polkit rabbitmq-server # NOPRIME sqlite sudo +xorriso From 03db96dc9e8c17e284e201d2350627a2ebfd4a1a Mon Sep 17 00:00:00 2001 From: Brian Haley Date: Wed, 7 Jan 2026 17:43:59 -0500 Subject: [PATCH 123/149] Start using project_network_types for neutron ML2 Change neutron to configure project_network_types instead of tenant_network_types, which is being deprecated. Changed some other text as appropriate. Blueprint: https://blueprints.launchpad.net/neutron/+spec/keystone-v3` Depends-on: https://review.opendev.org/c/openstack/neutron/+/972591 Change-Id: I264dc7bbc3d3550120092297a775d04e43514d4a Signed-off-by: Brian Haley --- lib/neutron | 20 ++++++++++---------- lib/neutron_plugins/ml2 | 8 ++++---- lib/neutron_plugins/openvswitch | 6 +++--- lib/neutron_plugins/services/l3 | 6 +++--- tools/ping_neutron.sh | 4 ++-- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/lib/neutron b/lib/neutron index dec15fb782..52002ac79f 100644 --- a/lib/neutron +++ b/lib/neutron @@ -201,35 +201,35 @@ fi # -------------------------------- # The following variables control the Neutron ML2 plugins' allocation -# of tenant networks and availability of provider networks. If these -# are not configured in ``localrc``, tenant networks will be local to +# of project networks and availability of provider networks. If these +# are not configured in ``localrc``, project networks will be local to # the host (with no remote connectivity), and no physical resources # will be available for the allocation of provider networks. -# To disable tunnels (GRE or VXLAN) for tenant networks, +# To disable tunnels (GRE or VXLAN) for project networks, # set to False in ``local.conf``. # GRE tunnels are only supported by the openvswitch. ENABLE_TENANT_TUNNELS=${ENABLE_TENANT_TUNNELS:-True} -# If using GRE, VXLAN or GENEVE tunnels for tenant networks, -# specify the range of IDs from which tenant networks are +# If using GRE, VXLAN or GENEVE tunnels for project networks, +# specify the range of IDs from which project networks are # allocated. Can be overridden in ``localrc`` if necessary. TENANT_TUNNEL_RANGES=${TENANT_TUNNEL_RANGES:-1:1000} -# To use VLANs for tenant networks, set to True in localrc. VLANs +# To use VLANs for project networks, set to True in localrc. VLANs # are supported by the ML2 plugins, requiring additional configuration # described below. ENABLE_TENANT_VLANS=${ENABLE_TENANT_VLANS:-False} -# If using VLANs for tenant networks, set in ``localrc`` to specify -# the range of VLAN VIDs from which tenant networks are +# If using VLANs for project networks, set in ``localrc`` to specify +# the range of VLAN VIDs from which project networks are # allocated. An external network switch must be configured to # trunk these VLANs between hosts for multi-host connectivity. # # Example: ``TENANT_VLAN_RANGE=1000:1999`` TENANT_VLAN_RANGE=${TENANT_VLAN_RANGE:-} -# If using VLANs for tenant networks, or if using flat or VLAN +# If using VLANs for project networks, or if using flat or VLAN # provider networks, set in ``localrc`` to the name of the physical # network, and also configure ``OVS_PHYSICAL_BRIDGE`` for the # openvswitch agent, as described below. @@ -237,7 +237,7 @@ TENANT_VLAN_RANGE=${TENANT_VLAN_RANGE:-} # Example: ``PHYSICAL_NETWORK=default`` PHYSICAL_NETWORK=${PHYSICAL_NETWORK:-public} -# With the openvswitch agent, if using VLANs for tenant networks, +# With the openvswitch agent, if using VLANs for project networks, # or if using flat or VLAN provider networks, set in ``localrc`` to # the name of the OVS bridge to use for the physical network. The # bridge will be created if it does not already exist, but a diff --git a/lib/neutron_plugins/ml2 b/lib/neutron_plugins/ml2 index 687167bf79..71bede842e 100644 --- a/lib/neutron_plugins/ml2 +++ b/lib/neutron_plugins/ml2 @@ -72,16 +72,16 @@ function neutron_plugin_configure_common { function neutron_plugin_configure_service { if [[ "$Q_ML2_TENANT_NETWORK_TYPE" != "local" ]]; then - Q_SRV_EXTRA_OPTS+=(tenant_network_types=$Q_ML2_TENANT_NETWORK_TYPE) + Q_SRV_EXTRA_OPTS+=(project_network_types=$Q_ML2_TENANT_NETWORK_TYPE) elif [[ "$ENABLE_TENANT_TUNNELS" == "True" ]]; then # This assumes you want a simple configuration, and will overwrite # Q_SRV_EXTRA_OPTS if set in addition to ENABLE_TENANT_TUNNELS. - Q_SRV_EXTRA_OPTS+=(tenant_network_types=gre) + Q_SRV_EXTRA_OPTS+=(project_network_types=gre) Q_ML2_PLUGIN_GRE_TYPE_OPTIONS=(tunnel_id_ranges=$TENANT_TUNNEL_RANGES) elif [[ "$ENABLE_TENANT_VLANS" == "True" ]]; then - Q_SRV_EXTRA_OPTS+=(tenant_network_types=vlan) + Q_SRV_EXTRA_OPTS+=(project_network_types=vlan) else - echo "WARNING - The ml2 plugin is using local tenant networks, with no connectivity between hosts." + echo "WARNING - The ml2 plugin is using local project networks, with no connectivity between hosts." fi # Allow for overrding VLAN configuration (for example, to configure provider diff --git a/lib/neutron_plugins/openvswitch b/lib/neutron_plugins/openvswitch index 130eaacab3..c661a1a600 100644 --- a/lib/neutron_plugins/openvswitch +++ b/lib/neutron_plugins/openvswitch @@ -20,12 +20,12 @@ function neutron_plugin_configure_common { function neutron_plugin_configure_service { if [[ "$ENABLE_TENANT_TUNNELS" == "True" ]]; then - iniset /$Q_PLUGIN_CONF_FILE ovs tenant_network_type gre + iniset /$Q_PLUGIN_CONF_FILE ovs project_network_type gre iniset /$Q_PLUGIN_CONF_FILE ovs tunnel_id_ranges $TENANT_TUNNEL_RANGES elif [[ "$ENABLE_TENANT_VLANS" == "True" ]]; then - iniset /$Q_PLUGIN_CONF_FILE ovs tenant_network_type vlan + iniset /$Q_PLUGIN_CONF_FILE ovs project_network_type vlan else - echo "WARNING - The openvswitch plugin is using local tenant networks, with no connectivity between hosts." + echo "WARNING - The openvswitch plugin is using local project networks, with no connectivity between hosts." fi # Override ``OVS_VLAN_RANGES`` and ``OVS_BRIDGE_MAPPINGS`` in ``localrc`` diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3 index bbedc57a44..238dd34b56 100644 --- a/lib/neutron_plugins/services/l3 +++ b/lib/neutron_plugins/services/l3 @@ -35,7 +35,7 @@ Q_PUBLIC_VETH_INT=${Q_PUBLIC_VETH_INT:-veth-pub-int} # The next variable is configured by plugin # e.g. _configure_neutron_l3_agent or lib/neutron_plugins/* # -# L3 routers exist per tenant +# L3 routers exist per project Q_L3_ROUTER_PER_TENANT=${Q_L3_ROUTER_PER_TENANT:-True} @@ -216,7 +216,7 @@ function create_neutron_initial_network { if is_networking_extension_supported "router" && is_networking_extension_supported "external-net"; then # Create a router, and add the private subnet as one of its interfaces if [[ "$Q_L3_ROUTER_PER_TENANT" == "True" ]]; then - # create a tenant-owned router. + # create a project-owned router. ROUTER_ID=$(openstack --os-cloud devstack --os-region "$REGION_NAME" router create $Q_ROUTER_NAME -f value -c id) die_if_not_set $LINENO ROUTER_ID "Failure creating router $Q_ROUTER_NAME" else @@ -387,7 +387,7 @@ function _neutron_configure_router_v6 { # Override global IPV6_ROUTER_GW_IP with the true value from neutron # NOTE(slaweq): when enforce scopes is enabled in Neutron, router's # gateway ports aren't visible in API because such ports don't belongs - # to any tenant. Because of that, at least temporary we need to find + # to any project. Because of that, at least temporary we need to find # IPv6 address of the router's gateway in a bit different way. # It can be reverted when bug # https://bugs.launchpad.net/neutron/+bug/1959332 will be fixed diff --git a/tools/ping_neutron.sh b/tools/ping_neutron.sh index ab8e8dfca8..2b65fd0fb3 100755 --- a/tools/ping_neutron.sh +++ b/tools/ping_neutron.sh @@ -21,7 +21,7 @@ set -o pipefail TOP_DIR=$(cd $(dirname "$0")/.. && pwd) -# This *must* be run as the admin tenant +# This *must* be run as the admin project source $TOP_DIR/openrc admin admin function usage { @@ -29,7 +29,7 @@ function usage { ping_neutron.sh [ping args] This provides a wrapper to ping neutron guests that are on isolated -tenant networks that the caller can't normally reach. It does so by +project networks that the caller can't normally reach. It does so by using either the DHCP or Metadata network namespace to support both ML2/OVS and OVN. From efb34cacc71d4c80a4a62655f271526981a61a48 Mon Sep 17 00:00:00 2001 From: Sean Mooney Date: Fri, 9 Jan 2026 19:02:39 +0000 Subject: [PATCH 124/149] Fix neutron service detection in unstack.sh Neutron services (neutron-api, neutron-rpc-server, and neutron-periodic-workers) were not being stopped during unstack because they were not detected as enabled in ENABLED_SERVICES. The root cause was that these services were dynamically enabled during stack.sh execution via inline enable_service calls in start_neutron_service_and_check(), but this logic was not replicated in unstack.sh. When unstack.sh called stop_process for these services, the is_service_enabled check failed because the services were not in ENABLED_SERVICES. This fix creates a shared enable_neutron_server_services() function that encapsulates the service enabling logic, reading neutron.conf to determine which services should be enabled (including conditional RPC worker enablement based on the rpc_workers configuration). This function is now called from both the stack.sh path (in start_neutron_service_and_check) and the unstack.sh path (after loading plugin settings). This ensures both stack and unstack use identical logic to determine enabled services, allowing stop_process to properly detect and stop all neutron server services. Generated-By: Cursor claude-sonnet-4.5 Change-Id: I6179f3a861401ff12178aaee8b82ba7bf71dd765 Signed-off-by: Sean Mooney --- lib/neutron | 60 ++++++++++++++++++++++++++++++++++------------------- unstack.sh | 6 ++++++ 2 files changed, 45 insertions(+), 21 deletions(-) diff --git a/lib/neutron b/lib/neutron index dec15fb782..dbdac5c7da 100644 --- a/lib/neutron +++ b/lib/neutron @@ -348,12 +348,6 @@ function _determine_config_l3 { echo "$opts" } -function _enable_ovn_maintenance { - if [[ $Q_AGENT == "ovn" ]]; then - enable_service neutron-ovn-maintenance-worker - fi -} - function _run_ovn_maintenance { if [[ $Q_AGENT == "ovn" ]]; then run_process neutron-ovn-maintenance-worker "$NEUTRON_BIN_DIR/neutron-ovn-maintenance-worker $cfg_file_options" @@ -606,6 +600,39 @@ function start_ovn_services { fi } +# Enable neutron server services based on configuration +# This function determines which neutron services should be enabled +# and adds them to ENABLED_SERVICES. It reads the neutron configuration +# to determine if RPC workers should be enabled. +# This must be called after configure_neutron has created the config files. +function enable_neutron_server_services { + local rpc_workers + + # The default value of "rpc_workers" is None (not defined). If + # "rpc_workers" is explicitly set to 0, the RPC workers process + # should not be executed. + if [[ -f $NEUTRON_CONF ]]; then + rpc_workers=$(iniget_multiline $NEUTRON_CONF DEFAULT rpc_workers) + else + # If config doesn't exist yet, assume default behavior (enable rpc workers) + rpc_workers="" + fi + + # Always enable these core services + enable_service neutron-api + enable_service neutron-periodic-workers + + # Conditionally enable RPC server based on configuration + if [[ "$rpc_workers" != "0" ]]; then + enable_service neutron-rpc-server + fi + + # Enable OVN maintenance worker if using OVN + if [[ $Q_AGENT == "ovn" ]]; then + enable_service neutron-ovn-maintenance-worker + fi +} + # Start running processes function start_neutron_service_and_check { local service_port=$Q_PORT @@ -620,24 +647,15 @@ function start_neutron_service_and_check { service_protocol="http" fi - # Start the Neutron service - # The default value of "rpc_workers" is None (not defined). If - # "rpc_workers" is explicitly set to 0, the RPC workers process - # should not be executed. - local rpc_workers - rpc_workers=$(iniget_multiline $NEUTRON_CONF DEFAULT rpc_workers) + # Enable neutron server services based on configuration + enable_neutron_server_services - enable_service neutron-api + # Start the Neutron service processes run_process neutron-api "$(which uwsgi) --procname-prefix neutron-api --ini $NEUTRON_UWSGI_CONF" neutron_url=$Q_PROTOCOL://$Q_HOST/ - if [ "$rpc_workers" != "0" ]; then - enable_service neutron-rpc-server - fi - enable_service neutron-periodic-workers - _enable_ovn_maintenance - if [ "$rpc_workers" != "0" ]; then - run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $cfg_file_options" - fi + + # Start RPC server if enabled (run_process checks is_service_enabled internally) + run_process neutron-rpc-server "$NEUTRON_BIN_DIR/neutron-rpc-server $cfg_file_options" run_process neutron-periodic-workers "$NEUTRON_BIN_DIR/neutron-periodic-workers $cfg_file_options" _run_ovn_maintenance if [ ! -z "$NEUTRON_ENDPOINT_SERVICE_NAME" ]; then diff --git a/unstack.sh b/unstack.sh index 8e8996c63b..48626419da 100755 --- a/unstack.sh +++ b/unstack.sh @@ -87,6 +87,12 @@ fi load_plugin_settings +# Enable neutron server services so they can be properly stopped +# This replicates the service enabling logic from stack.sh +if is_service_enabled neutron; then + enable_neutron_server_services +fi + set -o xtrace # Run extras From 2df8cce816641d1b3ab720f04e1e38382987e526 Mon Sep 17 00:00:00 2001 From: Sean Mooney Date: Fri, 9 Jan 2026 19:22:10 +0000 Subject: [PATCH 125/149] Fix missing service stops in unstack.sh Several services started by stack.sh were not properly stopped in unstack.sh, which could leave processes running and prevent clean restacking: - tcpdump: lib/tcpdump was not sourced, so stop_tcpdump was unavailable. Added source and stop call when tcpdump service is enabled. - s-container-sync: Swift's container-sync daemon was started via run_process but not explicitly stopped. Added stop_process call in stop_swift function. - ldap: The stop_ldap function existed but was never called. Added stop call in UNSTACK_ALL section, consistent with mysql/rabbit handling. These fixes ensure all services started by stack.sh are properly stopped by unstack.sh, allowing clean restacking. Generated-By: Cursor claude-opus-4.5 Change-Id: I8bcc6fe82264bb35a616dae39f4216ba6200b547 Signed-off-by: Sean Mooney --- lib/swift | 2 ++ unstack.sh | 10 ++++++++++ 2 files changed, 12 insertions(+) diff --git a/lib/swift b/lib/swift index 862927437d..d4ff8cc196 100644 --- a/lib/swift +++ b/lib/swift @@ -838,6 +838,8 @@ function stop_swift { for type in proxy object container account; do stop_process s-${type} done + # Stop the container-sync daemon if it was started + stop_process s-container-sync # Blast out any stragglers pkill -f swift- || true } diff --git a/unstack.sh b/unstack.sh index 48626419da..1919ef8ad7 100755 --- a/unstack.sh +++ b/unstack.sh @@ -73,6 +73,7 @@ source $TOP_DIR/lib/neutron source $TOP_DIR/lib/ldap source $TOP_DIR/lib/dstat source $TOP_DIR/lib/atop +source $TOP_DIR/lib/tcpdump source $TOP_DIR/lib/etcd3 # Extras Source @@ -162,6 +163,11 @@ if [[ -n "$UNSTACK_ALL" ]]; then if is_service_enabled rabbit; then stop_service rabbitmq-server fi + + # Stop LDAP server + if is_service_enabled ldap; then + stop_ldap + fi fi if is_service_enabled neutron; then @@ -178,6 +184,10 @@ if is_service_enabled openstack-cli-server; then stop_service devstack@openstack-cli-server fi +if is_service_enabled tcpdump; then + stop_tcpdump +fi + stop_dstat if is_service_enabled atop; then From 5e21304153df15db80287efd34f4cf73a04d4ced Mon Sep 17 00:00:00 2001 From: Sean Mooney Date: Fri, 9 Jan 2026 23:07:10 +0000 Subject: [PATCH 126/149] Refactor MySQL auth to support restacking This change refactors the MySQL/MariaDB configuration to: - Allow both unix_socket and mysql_native_password authentication using the MariaDB 'IDENTIFIED VIA ... OR ...' syntax. This enables restacking without needing to reset authentication in unstack.sh. - Add use_mariadb_socket_auth helper variable to simplify the complex conditional logic (addresses TODO comment). - Fix missing DATABASE_USER@'%' creation for modern Debian/Ubuntu with MariaDB socket auth. - Fix inconsistent distro checks that were missing trixie. - Remove dead Oracle Linux code since it's not in SUPPORTED_DISTROS. Oracle Linux is still handled as RHEL-like via is_fedora(). Generated-By: Cursor claude-opus-4.5 Change-Id: I4becbfe6325bcb29deef8e50e9a9f05678f47802 Signed-off-by: Sean Mooney --- functions-common | 11 ---------- lib/databases/mysql | 52 ++++++++++++++++++++++----------------------- 2 files changed, 25 insertions(+), 38 deletions(-) diff --git a/functions-common b/functions-common index c2042c4fef..39424e3352 100644 --- a/functions-common +++ b/functions-common @@ -517,17 +517,6 @@ function is_arch { [[ "$(uname -m)" == "$1" ]] } -# Determine if current distribution is an Oracle distribution -# is_oraclelinux -function is_oraclelinux { - if [[ -z "$os_VENDOR" ]]; then - GetOSVersion - fi - - [ "$os_VENDOR" = "OracleServer" ] -} - - # Determine if current distribution is a Fedora-based distribution # (Fedora, RHEL, CentOS, Rocky, etc). # is_fedora diff --git a/lib/databases/mysql b/lib/databases/mysql index a47580ca3d..4def1842a7 100644 --- a/lib/databases/mysql +++ b/lib/databases/mysql @@ -18,7 +18,7 @@ register_database mysql if [[ -z "$MYSQL_SERVICE_NAME" ]]; then MYSQL_SERVICE_NAME=mysql - if is_fedora && ! is_oraclelinux; then + if is_fedora; then MYSQL_SERVICE_NAME=mariadb elif [[ "$DISTRO" =~ trixie|bookworm|bullseye ]]; then MYSQL_SERVICE_NAME=mariadb @@ -44,15 +44,9 @@ function cleanup_database_mysql { apt_get purge -y mysql* mariadb* sudo rm -rf /var/lib/mysql sudo rm -rf /etc/mysql - return - elif is_oraclelinux; then - uninstall_package mysql-community-server - sudo rm -rf /var/lib/mysql elif is_fedora; then uninstall_package mariadb-server sudo rm -rf /var/lib/mysql - else - return fi } @@ -68,8 +62,6 @@ function configure_database_mysql { if is_ubuntu; then my_conf=/etc/mysql/my.cnf - elif is_oraclelinux; then - my_conf=/etc/my.cnf elif is_fedora; then my_conf=/etc/my.cnf local cracklib_conf=/etc/my.cnf.d/cracklib_password_check.cnf @@ -101,13 +93,20 @@ function configure_database_mysql { restart_service $MYSQL_SERVICE_NAME fi + # MariaDB 10.4+ on modern Debian/Ubuntu uses unix_socket auth by default + # See https://mariadb.org/authentication-in-mariadb-10-4/ + local use_mariadb_socket_auth=False + if is_ubuntu && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then + if [[ ! "$DISTRO" =~ bookworm|bullseye ]]; then + use_mariadb_socket_auth=True + fi + fi + # Set the root password - only works the first time. For Ubuntu, we already # did that with debconf before installing the package, but we still try, # because the package might have been installed already. We don't do this - # for Ubuntu 22.04+ because the authorization model change in - # version 10.4 of mariadb. See - # https://mariadb.org/authentication-in-mariadb-10-4/ - if ! (is_ubuntu && [[ ! "$DISTRO" =~ trixie|bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then + # for MariaDB with socket auth because the root password is managed differently. + if [[ "$use_mariadb_socket_auth" != "True" ]]; then sudo mysqladmin -u root password $DATABASE_PASSWORD || true fi @@ -129,19 +128,20 @@ function configure_database_mysql { restart_service $MYSQL_SERVICE_NAME fi - # In mariadb e.g. on Ubuntu socket plugin is used for authentication - # as root so it works only as sudo. To restore old "mysql like" behaviour, - # we need to change auth plugin for root user - # TODO(frickler): simplify this logic - if is_ubuntu && [[ ! "$DISTRO" =~ bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]; then - # For Ubuntu 22.04+ we follow the model outlined in - # https://mariadb.org/authentication-in-mariadb-10-4/ - sudo mysql -e "ALTER USER $DATABASE_USER@localhost IDENTIFIED VIA mysql_native_password USING PASSWORD('$DATABASE_PASSWORD');" + # Configure database user authentication + if [[ "$use_mariadb_socket_auth" == "True" ]]; then + # Allow both unix_socket (for sudo mysql) and password auth + # Using OR allows restacking without needing to reset auth in unstack + sudo mysql -e "ALTER USER $DATABASE_USER@localhost IDENTIFIED VIA unix_socket OR mysql_native_password USING PASSWORD('$DATABASE_PASSWORD');" fi - if ! (is_ubuntu && [[ ! "$DISTRO" =~ bookworm|bullseye ]] && [ "$MYSQL_SERVICE_NAME" == "mariadb" ]); then - # Create DB user if it does not already exist + + # Create remote access user and grant privileges (needed for all distros) + if [[ "$use_mariadb_socket_auth" == "True" ]]; then + # Use sudo mysql since we have socket auth + sudo mysql -e "CREATE USER IF NOT EXISTS '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';" + sudo mysql -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%';" + else sudo mysql $cmd_args -e "CREATE USER IF NOT EXISTS '$DATABASE_USER'@'%' identified by '$DATABASE_PASSWORD';" - # Update the DB to give user '$DATABASE_USER'@'%' full control of the all databases: sudo mysql $cmd_args -e "GRANT ALL PRIVILEGES ON *.* TO '$DATABASE_USER'@'%';" fi @@ -226,9 +226,7 @@ EOF fi # Install mysql-server if [[ "$INSTALL_DATABASE_SERVER_PACKAGES" == "True" ]]; then - if is_oraclelinux; then - install_package mysql-community-server - elif is_fedora; then + if is_fedora; then install_package mariadb-server mariadb-devel mariadb sudo systemctl enable $MYSQL_SERVICE_NAME elif is_ubuntu; then From 20ed3c5f11295a02ff4d74f8cf95fab1414d9ba8 Mon Sep 17 00:00:00 2001 From: Sean Mooney Date: Fri, 9 Jan 2026 19:41:29 +0000 Subject: [PATCH 127/149] Improve OVS/OVN stop robustness for restacking The stop_ovn function stops services but leaves behind runtime files and stale configuration that can cause restacking failures. This change improves robustness by: - Making _stop_process check is-active in addition to is-enabled, so services are stopped even if they are running but not enabled. - Clearing OVS external-ids before stopping to prevent stale config (ovn-remote, ovn-bridge, etc.) from persisting across restacks. - Cleaning up runtime files (*.sock, *.pid, *.ctl) in both OVS_RUNDIR and OVN_RUNDIR after stopping services, as stale sockets can prevent ovsdb-server from binding on restart. - Removing database lock files (.*.db.~lock~) which can block database access if services crash or stop uncleanly. These changes allow stack.sh to run successfully after unstack.sh without requiring a full clean.sh. Generated-By: Cursor claude-opus-4.5 Change-Id: I8736f19a8892200948ee74854f99fd99eed5110b Signed-off-by: Sean Mooney --- lib/neutron_plugins/ovn_agent | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index 48e92a1782..5404cfdd0d 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -798,8 +798,11 @@ function _stop_ovs_dp { function _stop_process { local service=$1 echo "Stopping process $service" - if $SYSTEMCTL is-enabled $service; then + # Stop if running, regardless of enabled state + if $SYSTEMCTL is-active $service; then $SYSTEMCTL stop $service + fi + if $SYSTEMCTL is-enabled $service; then $SYSTEMCTL disable $service fi } @@ -834,10 +837,22 @@ function stop_ovn { _stop_process "devstack@ovs-vtep.service" fi + # Clear OVS external-ids before stopping to prevent stale config on restack + if sudo ovs-vsctl show &>/dev/null; then + sudo ovs-vsctl --if-exists clear open_vswitch . external-ids + fi + _stop_process "$OVS_VSWITCHD_SERVICE" _stop_process "$OVSDB_SERVER_SERVICE" _stop_ovs_dp + + # Clean up runtime files that can prevent restart + sudo rm -f $OVS_RUNDIR/*.sock $OVS_RUNDIR/*.pid $OVS_RUNDIR/*.ctl + sudo rm -f $OVN_RUNDIR/*.sock $OVN_RUNDIR/*.pid $OVN_RUNDIR/*.ctl + # Clean up database lock files + sudo rm -f $OVS_DATADIR/.*.db.~lock~ + sudo rm -f $OVN_DATADIR/.*.db.~lock~ } function _cleanup { From 64dc60a11b2fba795a1f87a2a3a7e4d06c379074 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sat, 24 Jan 2026 21:35:42 +0900 Subject: [PATCH 128/149] Fix duplicated wget package Trivial-Fix Change-Id: I061c5dcdd88cb1514b9f4e449d8317e2e1f48b81 Signed-off-by: Takashi Kajinami --- files/debs/general | 1 - 1 file changed, 1 deletion(-) diff --git a/files/debs/general b/files/debs/general index 1e63e4f582..0cddcf05f4 100644 --- a/files/debs/general +++ b/files/debs/general @@ -33,5 +33,4 @@ tcpdump unzip uuid-runtime wget -wget zlib1g-dev From 2daa2f1acbcbbb9755e25de410337cb8d9458d3c Mon Sep 17 00:00:00 2001 From: melanie witt Date: Mon, 26 Jan 2026 14:22:13 -0800 Subject: [PATCH 129/149] lib/nova: Update configuration of [oslo_limit] As of oslo.limit 2.9.2 service endpoint discovery is available [1], so this configures Nova to use them. Also as of Keystone 2023.1 (Antelope) system scope is no longer required for the GET /v3/limits [2], so remove that configuration and role assignment as well. [1] https://review.opendev.org/c/openstack/releases/+/971039 [2] https://review.opendev.org/c/openstack/keystone/+/902730 Change-Id: Ic95d4c692f7ce68d580935c455b5a477273e37b6 Signed-off-by: melanie witt --- lib/nova | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/lib/nova b/lib/nova index 460b4adc85..445a1ea572 100644 --- a/lib/nova +++ b/lib/nova @@ -829,13 +829,11 @@ function configure_nova_unified_limits { iniset $NOVA_CONF oslo_limit username nova iniset $NOVA_CONF oslo_limit auth_type password iniset $NOVA_CONF oslo_limit auth_url $KEYSTONE_SERVICE_URI - iniset $NOVA_CONF oslo_limit system_scope all - iniset $NOVA_CONF oslo_limit endpoint_id \ - $(openstack endpoint list --service nova -f value -c ID) - - # Allow the nova service user to read quotas - openstack --os-cloud devstack-system-admin role add --user nova \ - --user-domain $SERVICE_DOMAIN_NAME --system all reader + iniset $NOVA_CONF oslo_limit project_name service + iniset $NOVA_CONF oslo_limit project_domain_name $SERVICE_DOMAIN_NAME + iniset $NOVA_CONF oslo_limit endpoint_interface public + iniset $NOVA_CONF oslo_limit endpoint_service_type compute + iniset $NOVA_CONF oslo_limit endpoint_region_name $REGION_NAME } function init_nova_service_user_conf { From 01f574d501dbdcb6a00006c3fd43e62872af7882 Mon Sep 17 00:00:00 2001 From: Christian Schwede Date: Fri, 30 Jan 2026 09:09:55 +0100 Subject: [PATCH 130/149] Fix S3 API authentication failures This change is required as a follow up to [1] and [2]. Recent versions of Keystone require auth tokens when accessing the /v3/s3tokens Keystone endpoint. [1] https://review.opendev.org/c/openstack/keystone/+/966069 [2] https://review.opendev.org/c/openstack/swift/+/966062 Closes-Bug: #2139405 Signed-off-by: Christian Schwede Change-Id: I55f6e2c68ae7d76b94919ed47df0a2251287e67b --- lib/swift | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/swift b/lib/swift index d4ff8cc196..32aa6d74e1 100644 --- a/lib/swift +++ b/lib/swift @@ -434,6 +434,13 @@ function configure_swift { swift_pipeline+=" s3token" iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token auth_uri ${KEYSTONE_SERVICE_URI_V3} iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token delay_auth_decision true + iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token secret_cache_duration 900 + iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token auth_url ${KEYSTONE_SERVICE_URI} + iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token project_name 'service' + iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token project_domain_name ${SERVICE_DOMAIN_NAME} + iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token username 'swift' + iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token user_domain_name ${SERVICE_DOMAIN_NAME} + iniset ${SWIFT_CONFIG_PROXY_SERVER} filter:s3token password ${SERVICE_PASSWORD} fi swift_pipeline+=" keystoneauth" fi From 8e35ff33e2f843a52dbdd71719971f997571c4ed Mon Sep 17 00:00:00 2001 From: melanie witt Date: Fri, 22 Aug 2025 00:25:48 +0000 Subject: [PATCH 131/149] Install swtpm swtpm-tools mdevctl for libvirt Change-Id: I13a5fa91eeb77b5574d8816b88b92cf7c419bfb1 Signed-off-by: melanie witt --- lib/nova_plugins/functions-libvirt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index 7175931384..5575913458 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -70,7 +70,7 @@ function install_libvirt { if is_ubuntu; then install_package qemu-system libvirt-clients libvirt-daemon-system libvirt-dev python3-libvirt systemd-coredump - install_package ovmf + install_package ovmf swtpm swtpm-tools mdevctl if is_arch "aarch64"; then install_package qemu-efi-aarch64 fi @@ -106,6 +106,8 @@ function install_libvirt { if is_arch "aarch64"; then install_package edk2-aarch64 fi + + install_package swtpm swtpm-tools mdevctl fi if [[ $DEBUG_LIBVIRT_COREDUMPS == True ]]; then From c0f6cb5eb27ed3ab0d4d882f62a3ea5283bd71a0 Mon Sep 17 00:00:00 2001 From: Sean Mooney Date: Tue, 25 Nov 2025 17:28:43 +0000 Subject: [PATCH 132/149] use qemu/libvirt from backport repos on debian 12 This change installs qemu and livbirt form the debian backport repos on bookworm to provide a newer qemu-img package. This is required to workaround a race condtion internal to qemu-img That manifest intermitently when qemu-img is run on fast cpus. https://gitlab.com/qemu-project/qemu/-/commit/145f12e Related-Bug: #2121941 Related-Bug: #2116852 Change-Id: I17311867efa8c902ab8fbb937c5154ee26fabb25 Signed-off-by: Sean Mooney Assisted-by: Cursor opus 4.6 --- lib/nova_plugins/functions-libvirt | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index c0713f9953..46fe85a478 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -53,9 +53,33 @@ EOF sudo systemctl daemon-reload } +function enable_debian_12_backports { + # we are using debian backport repos to work around a qemu-img bug + # related to luks encrypted volumes, this requires us to use newer + # versions of qemu libvirt and the supporting packages for vm firmware + # This is related to https://bugs.launchpad.net/ceph/+bug/2116852 + # and https://gitlab.com/qemu-project/qemu/-/commit/145f12e + if ! grep -qr "bookworm-backports" /etc/apt/sources.list /etc/apt/sources.list.d/ 2>/dev/null; then + echo "deb http://deb.debian.org/debian bookworm-backports main" | \ + sudo tee /etc/apt/sources.list.d/bookworm-backports.list + fi + + sudo tee /etc/apt/preferences.d/99-nova-backports < Date: Mon, 16 Feb 2026 07:53:08 +0100 Subject: [PATCH 133/149] Drop platform job for Ubuntu Jammy The job stopped working recently, the reason is unclear, but since Jammy is no longer included as required platform, let's just stop testing it. Signed-off-by: Dr. Jens Harbott Change-Id: I796eddac96313584f4aa5225a9b9803bb2ad19b5 --- .zuul.yaml | 11 ----------- stack.sh | 2 +- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 2227f185dd..e1dec5b3fd 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -897,15 +897,6 @@ vars: configure_swap_size: 4096 -- job: - name: devstack-platform-ubuntu-jammy - parent: tempest-full-py3 - description: Ubuntu 22.04 LTS (Jammy) platform test - nodeset: openstack-single-node-jammy - timeout: 9000 - vars: - configure_swap_size: 8192 - - job: name: devstack-platform-ubuntu-noble-ovn-source parent: devstack-platform-ubuntu-noble @@ -1050,7 +1041,6 @@ - devstack-platform-rocky-red-quartz - devstack-platform-ubuntu-noble-ovn-source - devstack-platform-ubuntu-noble-ovs - - devstack-platform-ubuntu-jammy - devstack-multinode - devstack-unit-tests - openstack-tox-bashate @@ -1137,4 +1127,3 @@ - devstack-platform-rocky-red-quartz - devstack-platform-ubuntu-noble-ovn-source - devstack-platform-ubuntu-noble-ovs - - devstack-platform-ubuntu-jammy diff --git a/stack.sh b/stack.sh index 965f58007d..c6d37611c9 100755 --- a/stack.sh +++ b/stack.sh @@ -229,7 +229,7 @@ write_devstack_version # Warn users who aren't on an explicitly supported distro, but allow them to # override check and attempt installation with ``FORCE=yes ./stack`` -SUPPORTED_DISTROS="trixie|bookworm|jammy|noble|rhel9|rhel10" +SUPPORTED_DISTROS="trixie|bookworm|noble|rhel9|rhel10" if [[ ! ${DISTRO} =~ $SUPPORTED_DISTROS ]]; then echo "WARNING: this script has not been tested on $DISTRO" From d06745fbf24ee7c390d59d9a5a8852f949a438a8 Mon Sep 17 00:00:00 2001 From: "Dr. Jens Harbott" Date: Mon, 16 Feb 2026 08:00:09 +0100 Subject: [PATCH 134/149] Clean up old nodeset definitions for bionic The ubuntu-bionic label is going to go away soon, drop it from our zuul configuration to avoid future config errors. Signed-off-by: Dr. Jens Harbott Change-Id: I31502fbc3083cd4a950678829646ef3740c6e04b --- .zuul.yaml | 74 ++++++------------------------------------------------ 1 file changed, 8 insertions(+), 66 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index e1dec5b3fd..0af69d0587 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -28,15 +28,11 @@ nodes: - controller + +# TODO(frickler): drop this dummy nodeset once all references have been removed - nodeset: name: openstack-single-node-bionic - nodes: - - name: controller - label: ubuntu-bionic - groups: - - name: tempest - nodes: - - controller + nodes: [] - nodeset: name: devstack-single-node-almalinux-10 @@ -263,35 +259,11 @@ nodes: - compute1 + +# TODO(frickler): drop this dummy nodeset once all references have been removed - nodeset: name: openstack-two-node-bionic - nodes: - - name: controller - label: ubuntu-bionic - - name: compute1 - label: ubuntu-bionic - groups: - # Node where tests are executed and test results collected - - name: tempest - nodes: - - controller - # Nodes running the compute service - - name: compute - nodes: - - controller - - compute1 - # Nodes that are not the controller - - name: subnode - nodes: - - compute1 - # Switch node for multinode networking setup - - name: switch - nodes: - - controller - # Peer nodes for multinode networking setup - - name: peers - nodes: - - compute1 + nodes: [] - nodeset: name: openstack-three-node-focal @@ -328,40 +300,10 @@ - compute1 - compute2 +# TODO(frickler): drop this dummy nodeset once all references have been removed - nodeset: name: openstack-three-node-bionic - nodes: - - name: controller - label: ubuntu-bionic - - name: compute1 - label: ubuntu-bionic - - name: compute2 - label: ubuntu-bionic - groups: - # Node where tests are executed and test results collected - - name: tempest - nodes: - - controller - # Nodes running the compute service - - name: compute - nodes: - - controller - - compute1 - - compute2 - # Nodes that are not the controller - - name: subnode - nodes: - - compute1 - - compute2 - # Switch node for multinode networking setup - - name: switch - nodes: - - controller - # Peer nodes for multinode networking setup - - name: peers - nodes: - - compute1 - - compute2 + nodes: [] - nodeset: name: devstack-two-node-debian-bookworm From cc82266a57c97910ef26305f92ea51d358eb015c Mon Sep 17 00:00:00 2001 From: Abhishek Bongale Date: Thu, 5 Feb 2026 13:39:40 +0000 Subject: [PATCH 135/149] Add venv for plugin list generation Isolate dependencies for generate-devstack-plugins-list.sh by creating a dedicated Python virtual environment with required packages. This ensures the script uses the correct version of dependencies regardless of system Python configuration. Closes-Bug: #2138869 Change-Id: I8a7e49b0b908aec7c95b7fbfb6c9a16375f267a6 Signed-off-by: Abhishek Bongale --- tools/generate-devstack-plugins-list.sh | 13 ++++++++++++- tools/requirements.txt | 1 + 2 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 tools/requirements.txt diff --git a/tools/generate-devstack-plugins-list.sh b/tools/generate-devstack-plugins-list.sh index 3307943df9..45a926392e 100755 --- a/tools/generate-devstack-plugins-list.sh +++ b/tools/generate-devstack-plugins-list.sh @@ -38,6 +38,17 @@ # current working directory, it will be prepended or appended to # the generated reStructuredText plugins table respectively. +# Setup virtual environment +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +VENV_DIR="${SCRIPT_DIR}/.venv" + +if [[ ! -d "${VENV_DIR}" ]]; then + python3 -m venv "${VENV_DIR}" +fi + +source "${VENV_DIR}/bin/activate" +pip install -q -r "${SCRIPT_DIR}/requirements.txt" + # Print the title underline for a RST table. Argument is the length # of the first column, second column is assumed to be "URL" function title_underline { @@ -54,7 +65,7 @@ if [[ -r data/devstack-plugins-registry.header ]]; then cat data/devstack-plugins-registry.header fi -sorted_plugins=$(python3 tools/generate-devstack-plugins-list.py) +sorted_plugins=$("${VENV_DIR}/bin/python3" tools/generate-devstack-plugins-list.py) # find the length of the name column & pad name_col_len=$(echo "${sorted_plugins}" | wc -L) diff --git a/tools/requirements.txt b/tools/requirements.txt new file mode 100644 index 0000000000..f2293605cf --- /dev/null +++ b/tools/requirements.txt @@ -0,0 +1 @@ +requests From e9cf8cf3ed9ef5fdaf57f7707880e45ce1fbe2c0 Mon Sep 17 00:00:00 2001 From: OpenStack Proposal Bot Date: Wed, 18 Feb 2026 03:03:08 +0000 Subject: [PATCH 136/149] Updated from generate-devstack-plugins-list Change-Id: I440ae4bfbb97202f3b6ddca99d58fb3ff4604352 Signed-off-by: OpenStack Proposal Bot Generated-By: openstack/project-config:playbooks/proposal/propose_update.sh --- doc/source/plugin-registry.rst | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/doc/source/plugin-registry.rst b/doc/source/plugin-registry.rst index 9185263443..560668f2a0 100644 --- a/doc/source/plugin-registry.rst +++ b/doc/source/plugin-registry.rst @@ -48,7 +48,6 @@ openstack/grian-ui `https://opendev.org/openstack/grian-ui openstack/heat `https://opendev.org/openstack/heat `__ openstack/heat-dashboard `https://opendev.org/openstack/heat-dashboard `__ openstack/ironic `https://opendev.org/openstack/ironic `__ -openstack/ironic-inspector `https://opendev.org/openstack/ironic-inspector `__ openstack/ironic-prometheus-exporter `https://opendev.org/openstack/ironic-prometheus-exporter `__ openstack/ironic-ui `https://opendev.org/openstack/ironic-ui `__ openstack/keystone `https://opendev.org/openstack/keystone `__ @@ -60,9 +59,6 @@ openstack/manila-tempest-plugin `https://opendev.org/openstack/manila-t openstack/manila-ui `https://opendev.org/openstack/manila-ui `__ openstack/masakari `https://opendev.org/openstack/masakari `__ openstack/mistral `https://opendev.org/openstack/mistral `__ -openstack/monasca-api `https://opendev.org/openstack/monasca-api `__ -openstack/monasca-events-api `https://opendev.org/openstack/monasca-events-api `__ -openstack/monasca-tempest-plugin `https://opendev.org/openstack/monasca-tempest-plugin `__ openstack/networking-bagpipe `https://opendev.org/openstack/networking-bagpipe `__ openstack/networking-baremetal `https://opendev.org/openstack/networking-baremetal `__ openstack/networking-bgpvpn `https://opendev.org/openstack/networking-bgpvpn `__ @@ -84,7 +80,6 @@ openstack/osprofiler `https://opendev.org/openstack/osprofil openstack/ovn-bgp-agent `https://opendev.org/openstack/ovn-bgp-agent `__ openstack/ovn-octavia-provider `https://opendev.org/openstack/ovn-octavia-provider `__ openstack/rally-openstack `https://opendev.org/openstack/rally-openstack `__ -openstack/shade `https://opendev.org/openstack/shade `__ openstack/skyline-apiserver `https://opendev.org/openstack/skyline-apiserver `__ openstack/storlets `https://opendev.org/openstack/storlets `__ openstack/tacker `https://opendev.org/openstack/tacker `__ @@ -114,6 +109,7 @@ starlingx/nfv `https://opendev.org/starlingx/nfv `__ vexxhost/openstack-operator `https://opendev.org/vexxhost/openstack-operator `__ x/almanach `https://opendev.org/x/almanach `__ +x/apmec `https://opendev.org/x/apmec `__ x/bilean `https://opendev.org/x/bilean `__ x/broadview-collector `https://opendev.org/x/broadview-collector `__ x/collectd-openstack-plugins `https://opendev.org/x/collectd-openstack-plugins `__ From 55c045539dd2e47ee34154cadd9f9e280f90d042 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Wed, 25 Feb 2026 23:40:08 +0900 Subject: [PATCH 137/149] Drop installation of tox The comment indicates that tox is used to generate config files, but it's actually not. Change-Id: Iddd45e084641bb3711985484e988ed533965f4f4 Signed-off-by: Takashi Kajinami --- lib/neutron_plugins/ovn_agent | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index 5404cfdd0d..8e3ca4ab89 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -401,9 +401,6 @@ function install_ovn { # Check the OVN configuration ovn_sanity_check - # Install tox, used to generate the config (see devstack/override-defaults) - pip_install tox - sudo mkdir -p $OVS_RUNDIR sudo chown $(whoami) $OVS_RUNDIR From 98f61116068b0fa73a3eb5c05f0670723ecd887d Mon Sep 17 00:00:00 2001 From: Yatin Karel Date: Mon, 2 Mar 2026 14:20:18 +0530 Subject: [PATCH 138/149] Honor PYTHON3_VERSION while venv prepare Currently PYTHON3_VERSION was not honored while preparing venv, this patch fixes it. Change-Id: I3f9db8cfa38572cdc80d4973ed3b5908335ef6e8 Signed-off-by: Yatin Karel --- stackrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackrc b/stackrc index 93f8b1cd6d..a16080600b 100644 --- a/stackrc +++ b/stackrc @@ -133,7 +133,7 @@ export PYTHON3_VERSION=${PYTHON3_VERSION:-${_DEFAULT_PYTHON3_VERSION:-3}} # Create a virtualenv with this # Use the built-in venv to avoid more dependencies -export VIRTUALENV_CMD="python3 -m venv" +export VIRTUALENV_CMD="python$PYTHON3_VERSION -m venv" # Default for log coloring is based on interactive-or-not. # Baseline assumption is that non-interactive invocations are for CI, From ac00fcf90db8e367587959890352d08c7a52a2d5 Mon Sep 17 00:00:00 2001 From: Ivan Anfimov Date: Tue, 24 Feb 2026 16:23:54 +0000 Subject: [PATCH 139/149] Remove deprecated glance_api_version Depends-On: https://review.opendev.org/c/openstack/cinder/+/502190 Change-Id: I8a04f7fa8b0af1f38774e8d14a52c2adc0bc988f Signed-off-by: Ivan Anfimov --- lib/cinder_backends/ceph | 1 - lib/cinder_backends/ceph_iscsi | 1 - 2 files changed, 2 deletions(-) diff --git a/lib/cinder_backends/ceph b/lib/cinder_backends/ceph index 0b465730c0..adcff1883b 100644 --- a/lib/cinder_backends/ceph +++ b/lib/cinder_backends/ceph @@ -40,7 +40,6 @@ function configure_cinder_backend_ceph { iniset $CINDER_CONF $be_name rbd_secret_uuid "$CINDER_CEPH_UUID" iniset $CINDER_CONF $be_name rbd_flatten_volume_from_snapshot False iniset $CINDER_CONF $be_name rbd_max_clone_depth 5 - iniset $CINDER_CONF DEFAULT glance_api_version 2 } # Restore xtrace diff --git a/lib/cinder_backends/ceph_iscsi b/lib/cinder_backends/ceph_iscsi index 94412e0da6..10806f26e0 100644 --- a/lib/cinder_backends/ceph_iscsi +++ b/lib/cinder_backends/ceph_iscsi @@ -43,7 +43,6 @@ function configure_cinder_backend_ceph_iscsi { iniset $CINDER_CONF $be_name rbd_iscsi_target_iqn "$CEPH_ISCSI_TARGET_IQN" iniset $CINDER_CONF $be_name rbd_flatten_volume_from_snapshot False iniset $CINDER_CONF $be_name rbd_max_clone_depth 5 - iniset $CINDER_CONF DEFAULT glance_api_version 2 pip_install rbd-iscsi-client } From 5c041cf96710e9ed1e943e2449dd6f29d5ad5d99 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 9 Mar 2026 19:23:30 +0900 Subject: [PATCH 140/149] Skip functional tests for .gitignore update The file itself has no functional impact. Also add appropriate escape so that '.' is treated as a real period strictly. Change-Id: I9a8a7cb1e4719f6a39b70d4b3889aa0ac019650e Signed-off-by: Takashi Kajinami --- .zuul.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index e1dec5b3fd..5c8e4c65f4 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -551,9 +551,11 @@ # Translations - ^.*/locale/.*po$ # pre-commit config - - ^.pre-commit-config.yaml$ + - ^\.pre-commit-config\.yaml$ + # gitignore config + - ^\.gitignore$ # gitreview config - - ^.gitreview$ + - ^\.gitreview$ - job: name: devstack-minimal From 416d27e89e0c1891921fee2a692086eb8fcd0307 Mon Sep 17 00:00:00 2001 From: Rodolfo Alonso Hernandez Date: Wed, 11 Mar 2026 17:05:13 +0100 Subject: [PATCH 141/149] Add the config file reference argument to ``configure_keystoneauth`` In the nova library, some calls to ``configure_keystoneauth`` are called using a non existing local variable $conf. This should be the $NOVA_CONF variable instead. Closes-Bug: #2143929 Signed-off-by: Rodolfo Alonso Hernandez Change-Id: I7844237d511154f917f236b8f122bc2bf514991d --- lib/nova | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/nova b/lib/nova index 8e0ea1756f..bf990132dc 100644 --- a/lib/nova +++ b/lib/nova @@ -644,7 +644,7 @@ function configure_cinder_access { # to use a user with the admin role for background tasks in nova to # be able to GET block-storage API resources owned by another project # since cinder has low-level "is_admin" checks in its DB API. - configure_keystoneauth $conf nova cinder + configure_keystoneauth $NOVA_CONF nova cinder if is_service_enabled tls-proxy; then CINDER_SERVICE_HOST=${CINDER_SERVICE_HOST:-$SERVICE_HOST} CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776} @@ -654,7 +654,7 @@ function configure_cinder_access { # Configure access to manila. function configure_manila_access { - configure_keystoneauth $conf nova manila + configure_keystoneauth $NOVA_CONF nova manila } function configure_console_compute { From e9d28745983ed7becd3915f21899504ebaa1528b Mon Sep 17 00:00:00 2001 From: Ghanshyam Maan Date: Fri, 20 Mar 2026 23:26:33 +0000 Subject: [PATCH 142/149] Update master DEVSTACK_SERIES to 2026.2 stable/2026.1 branch has been created now and current master is 2026.2. Change-Id: Ie6dbbea7c423819cbfda1964593ab56aebc6a286 Signed-off-by: Ghanshyam Maan --- stackrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stackrc b/stackrc index a16080600b..ac9b7ee8ce 100644 --- a/stackrc +++ b/stackrc @@ -252,7 +252,7 @@ REQUIREMENTS_DIR=${REQUIREMENTS_DIR:-$DEST/requirements} # Setting the variable to 'ALL' will activate the download for all # libraries. -DEVSTACK_SERIES="2026.1" +DEVSTACK_SERIES="2026.2" ############## # From 8c4cb6873fe25497ebf3b7d1344f2c743ccde874 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 31 Mar 2026 01:04:07 +0900 Subject: [PATCH 143/149] Clean up /etc/placement Placement was split from nova long time ago and maintains its own config directory. Remove the directory during clean up, following what is done for /etc/nova. Change-Id: I366ace7d8186eda4062253c75dbd2097c1b89958 Signed-off-by: Takashi Kajinami --- clean.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clean.sh b/clean.sh index 092f557a88..d119c93273 100755 --- a/clean.sh +++ b/clean.sh @@ -102,7 +102,7 @@ if is_service_enabled nova && [[ -r $NOVA_PLUGINS/hypervisor-$VIRT_DRIVER ]]; th fi # Clean out /etc -sudo rm -rf /etc/keystone /etc/glance /etc/nova /etc/cinder /etc/swift /etc/neutron /etc/openstack/ +sudo rm -rf /etc/keystone /etc/glance /etc/nova /etc/placement /etc/cinder /etc/swift /etc/neutron /etc/openstack/ # Clean out tgt sudo rm -f /etc/tgt/conf.d/* From 9c12fb4d1a95dda1581913af1d03466a5409290d Mon Sep 17 00:00:00 2001 From: Ghanshyam Maan Date: Wed, 1 Apr 2026 15:19:57 +0000 Subject: [PATCH 144/149] Fix running renamed ironic job Ironic renamed the ironic-tempest-bios-ipmi-direct job and zuul stop running it in this repo gate without any notice. - https://review.opendev.org/c/openstack/ironic/+/974260 Fixing the job name to run it again. Change-Id: Ic2e194c2cbcf049fe3bee223f1f520764f0d6b02 Signed-off-by: Ghanshyam Maan --- .zuul.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 5c8e4c65f4..ad318e03a0 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -1046,7 +1046,7 @@ - devstack-multinode - devstack-unit-tests - openstack-tox-bashate - - ironic-tempest-bios-ipmi-direct + - ironic-tempest-bios-ipmi-autodetect - swift-dsvm-functional - grenade: irrelevant-files: *common-irrelevant-files @@ -1080,7 +1080,7 @@ - openstack-tox-bashate - neutron-ovs-grenade-multinode: irrelevant-files: *common-irrelevant-files - - ironic-tempest-bios-ipmi-direct + - ironic-tempest-bios-ipmi-autodetect - swift-dsvm-functional - grenade: irrelevant-files: *common-irrelevant-files From b3873485b00d0f6d3f0c95dec73dd43a9f3bce03 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 31 Mar 2026 01:08:16 +0900 Subject: [PATCH 145/149] Use variables to identity config directories Some of the services (eg. glance) supports customizing the directory. Make sure we use the one actually used during installation. Also use a variable for /etc/openstack (where the clouds.yaml is created) for consistency. Change-Id: I0ca5083a773e8a47c72c09a7819d286f4e0873b7 Signed-off-by: Takashi Kajinami --- clean.sh | 2 +- functions-common | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/clean.sh b/clean.sh index d119c93273..6dbcb053bc 100755 --- a/clean.sh +++ b/clean.sh @@ -102,7 +102,7 @@ if is_service_enabled nova && [[ -r $NOVA_PLUGINS/hypervisor-$VIRT_DRIVER ]]; th fi # Clean out /etc -sudo rm -rf /etc/keystone /etc/glance /etc/nova /etc/placement /etc/cinder /etc/swift /etc/neutron /etc/openstack/ +sudo rm -rf $KEYSTONE_CONF_DIR $GLANCE_CONF_DIR $NOVA_CONF_DIR $PLACEMENT_CONF_DIR $CINDER_CONF_DIR $SWIFT_CONF_DIR $NEUTRON_CONF_DIR $OPENSTACKCLIENT_CONF_DIR # Clean out tgt sudo rm -f /etc/tgt/conf.d/* diff --git a/functions-common b/functions-common index 39424e3352..b3a4b57f01 100644 --- a/functions-common +++ b/functions-common @@ -54,6 +54,8 @@ STACK_ENV_VARS="BASE_SQL_CONN DATA_DIR DEST ENABLED_SERVICES HOST_IP \ LOGFILE OS_CACERT SERVICE_HOST STACK_USER TLS_IP \ HOST_IPV6 SERVICE_IP_VERSION TUNNEL_ENDPOINT_IP TUNNEL_IP_VERSION" +OPENSTACKCLIENT_CONF_DIR=/etc/openstack + # Saves significant environment variables to .stackenv for later use # Refers to a lot of globals, only TOP_DIR and STACK_ENV_VARS are required to @@ -79,10 +81,10 @@ function write_clouds_yaml { # overridable. There is currently no usecase where doing so makes sense, so # it's not currently configurable. - CLOUDS_YAML=/etc/openstack/clouds.yaml + CLOUDS_YAML=${OPENSTACKCLIENT_CONF_DIR}/clouds.yaml - sudo mkdir -p $(dirname $CLOUDS_YAML) - sudo chown -R $STACK_USER /etc/openstack + sudo mkdir -p $OPENSTACKCLIENT_CONF_DIR + sudo chown -R $STACK_USER $OPENSTACKCLIENT_CONF_DIR CA_CERT_ARG='' if [ -f "$SSL_BUNDLE_FILE" ]; then From c622e52b0f46d6022f913fc6ae52137d1b4464ba Mon Sep 17 00:00:00 2001 From: Eduardo Olivares Date: Mon, 6 Oct 2025 17:23:11 +0200 Subject: [PATCH 146/149] [neutron] Configure ovn-bgp service-plugin Related-Bug: #2111276 Co-Authored-By: Jakub Libosvar Change-Id: I71f95a2fab89dcb04fe99795da5d85d295b8cb82 Signed-off-by: Eduardo Olivares --- lib/neutron | 4 ++++ lib/neutron_plugins/ovn_agent | 13 ++++++++++++- lib/neutron_plugins/services/l3 | 13 +++++++++++-- lib/neutron_plugins/services/ovn-bgp | 5 +++++ 4 files changed, 32 insertions(+), 3 deletions(-) create mode 100644 lib/neutron_plugins/services/ovn-bgp diff --git a/lib/neutron b/lib/neutron index f28ec9a6fe..45541cc2dc 100644 --- a/lib/neutron +++ b/lib/neutron @@ -283,6 +283,7 @@ source $TOP_DIR/lib/neutron_plugins/services/placement source $TOP_DIR/lib/neutron_plugins/services/trunk source $TOP_DIR/lib/neutron_plugins/services/qos source $TOP_DIR/lib/neutron_plugins/services/segments +source $TOP_DIR/lib/neutron_plugins/services/ovn-bgp # Use security group or not if has_neutron_plugin_security_group; then @@ -426,6 +427,9 @@ function configure_neutron { configure_placement_neutron configure_segments_extension fi + if is_service_enabled q-ovn-bgp; then + configure_ovn_bgp_service_plugin + fi # Finally configure Neutron server and core plugin if is_service_enabled q-agt neutron-agent q-svc neutron-api; then diff --git a/lib/neutron_plugins/ovn_agent b/lib/neutron_plugins/ovn_agent index 8e3ca4ab89..3f1d6d8b6b 100644 --- a/lib/neutron_plugins/ovn_agent +++ b/lib/neutron_plugins/ovn_agent @@ -111,6 +111,11 @@ TARGET_ENABLE_OVN_AGENT=$(trueorfalse False TARGET_ENABLE_OVN_AGENT) ENABLE_CHASSIS_AS_GW=$(trueorfalse True ENABLE_CHASSIS_AS_GW) OVN_L3_CREATE_PUBLIC_NETWORK=$(trueorfalse True OVN_L3_CREATE_PUBLIC_NETWORK) +# The variable NEUTRON_BGP_PEER_BRIDGES only applies when OVN_AGENT_EXTENSIONS +# includes "ovn-bgp". When the "ovn-bgp" extension is configured, it should be +# set to some non-empty value. +NEUTRON_BGP_PEER_BRIDGES=${NEUTRON_BGP_PEER_BRIDGES:-} + export OVSDB_SERVER_LOCAL_HOST=$SERVICE_LOCAL_HOST TUNNEL_IP=$TUNNEL_ENDPOINT_IP if [[ "$SERVICE_IP_VERSION" == 6 ]]; then @@ -691,7 +696,13 @@ function _start_ovs { sudo ovs-vsctl --no-wait set open_vswitch . external-ids:ovn-cms-options="enable-chassis-as-gw" fi - if is_provider_network || [[ $Q_USE_PROVIDERNET_FOR_PUBLIC == "True" ]]; then + if [[ "$OVN_AGENT_EXTENSIONS" =~ 'ovn-bgp' ]]; then + if [[ -z "$NEUTRON_BGP_PEER_BRIDGES" ]]; then + echo "NEUTRON_BGP_PEER_BRIDGES must be set when ovn-bgp extension is enabled" + return 1 + fi + sudo ovs-vsctl --no-wait -- set Open_vSwitch . external-ids:neutron-bgp-peer-bridges=$NEUTRON_BGP_PEER_BRIDGES + elif is_provider_network || [[ $Q_USE_PROVIDERNET_FOR_PUBLIC == "True" ]]; then ovn_base_setup_bridge $OVS_PHYSICAL_BRIDGE sudo ovs-vsctl set open . external-ids:ovn-bridge-mappings=${PHYSICAL_NETWORK}:${OVS_PHYSICAL_BRIDGE} fi diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3 index 238dd34b56..d0a5d6b8c2 100644 --- a/lib/neutron_plugins/services/l3 +++ b/lib/neutron_plugins/services/l3 @@ -94,6 +94,7 @@ NETWORK_GATEWAY=${NETWORK_GATEWAY:-} PUBLIC_NETWORK_GATEWAY=${PUBLIC_NETWORK_GATEWAY:-} PRIVATE_SUBNET_NAME=${PRIVATE_SUBNET_NAME:-"private-subnet"} PUBLIC_SUBNET_NAME=${PUBLIC_SUBNET_NAME:-"public-subnet"} +PUBLIC_SUBNET_ENABLE_DHCP=${PUBLIC_SUBNET_ENABLE_DHCP:-False} # Subnetpool defaults USE_SUBNETPOOL=${USE_SUBNETPOOL:-True} @@ -291,12 +292,16 @@ function _neutron_create_private_subnet_v6 { # Create public IPv4 subnet function _neutron_create_public_subnet_v4 { + local dhcp_param="--no-dhcp" + if [[ "$PUBLIC_SUBNET_ENABLE_DHCP" == "True" ]]; then + dhcp_param="--dhcp" + fi local subnet_params="--ip-version 4 " subnet_params+="${Q_FLOATING_ALLOCATION_POOL:+--allocation-pool $Q_FLOATING_ALLOCATION_POOL} " if [[ -n "$PUBLIC_NETWORK_GATEWAY" ]]; then subnet_params+="--gateway $PUBLIC_NETWORK_GATEWAY " fi - subnet_params+="--network $EXT_NET_ID --subnet-range $FLOATING_RANGE --no-dhcp " + subnet_params+="--network $EXT_NET_ID --subnet-range $FLOATING_RANGE $dhcp_param " subnet_params+="$PUBLIC_SUBNET_NAME" local id_and_ext_gw_ip id_and_ext_gw_ip=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep -e 'gateway_ip' -e ' id ') @@ -306,9 +311,13 @@ function _neutron_create_public_subnet_v4 { # Create public IPv6 subnet function _neutron_create_public_subnet_v6 { + local dhcp_param="--no-dhcp" + if [[ "$PUBLIC_SUBNET_ENABLE_DHCP" == "True" ]]; then + dhcp_param="--dhcp" + fi local subnet_params="--ip-version 6 " subnet_params+="--gateway $IPV6_PUBLIC_NETWORK_GATEWAY " - subnet_params+="--network $EXT_NET_ID --subnet-range $IPV6_PUBLIC_RANGE --no-dhcp " + subnet_params+="--network $EXT_NET_ID --subnet-range $IPV6_PUBLIC_RANGE $dhcp_param " subnet_params+="$IPV6_PUBLIC_SUBNET_NAME" local ipv6_id_and_ext_gw_ip ipv6_id_and_ext_gw_ip=$(openstack --os-cloud devstack-admin --os-region "$REGION_NAME" subnet create $subnet_params | grep -e 'gateway_ip' -e ' id ') diff --git a/lib/neutron_plugins/services/ovn-bgp b/lib/neutron_plugins/services/ovn-bgp new file mode 100644 index 0000000000..dc6a2c58fc --- /dev/null +++ b/lib/neutron_plugins/services/ovn-bgp @@ -0,0 +1,5 @@ +#!/bin/bash + +function configure_ovn_bgp_service_plugin { + neutron_service_plugin_class_add "ovn-bgp" +} From b13267dd4444001bccda8fb21412128b22604c84 Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Tue, 10 Jun 2025 19:30:13 +0100 Subject: [PATCH 147/149] Remove unused protocol, port configuration These were all predominantly used for configuring the eventlet servers and as such are no longer necessary. We also remove a function, '_config_keystone_apache_wsgi', which should have been removed in change I2409385a87ee7cc7869bba9711bf95ab5fe77dc7, some cinder configuration that only applies to the eventlet server ( which is no longer supported as a deployment mechanism is devstack and, eventually, Cinder itself), and finally an 'ssl_ca' option that should have been removed in change Ibf1c8b2ee6b6618f77cd8486e9c687993d7cb4a0. Change-Id: I534c50ec2c7dfa188920a7e3ee6d684316ec5ef2 Signed-off-by: Stephen Finucane --- lib/cinder | 17 +++++----------- lib/keystone | 55 ++-------------------------------------------------- lib/neutron | 13 +------------ lib/nova | 15 ++++---------- 4 files changed, 12 insertions(+), 88 deletions(-) diff --git a/lib/cinder b/lib/cinder index 80ffcd0df4..ca641c2949 100644 --- a/lib/cinder +++ b/lib/cinder @@ -313,7 +313,6 @@ function configure_cinder { iniset $CINDER_CONF DEFAULT api_paste_config $CINDER_API_PASTE_INI iniset $CINDER_CONF DEFAULT rootwrap_config "$CINDER_CONF_DIR/rootwrap.conf" iniset $CINDER_CONF DEFAULT osapi_volume_extension cinder.api.contrib.standard_extensions - iniset $CINDER_CONF DEFAULT osapi_volume_listen $CINDER_SERVICE_LISTEN_ADDRESS iniset $CINDER_CONF DEFAULT state_path $CINDER_STATE_PATH iniset $CINDER_CONF oslo_concurrency lock_path $CINDER_STATE_PATH iniset $CINDER_CONF DEFAULT my_ip "$CINDER_MY_IP" @@ -381,7 +380,6 @@ function configure_cinder { if is_service_enabled tls-proxy; then if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then # Set the service port for a proxy to take the original - iniset $CINDER_CONF DEFAULT osapi_volume_listen_port $CINDER_SERVICE_PORT_INT iniset $CINDER_CONF oslo_middleware enable_proxy_headers_parsing True fi fi @@ -403,8 +401,6 @@ function configure_cinder { configure_cinder_driver fi - iniset $CINDER_CONF DEFAULT osapi_volume_workers "$API_WORKERS" - iniset $CINDER_CONF DEFAULT glance_api_servers "$GLANCE_URL" if is_service_enabled tls-proxy; then iniset $CINDER_CONF DEFAULT glance_protocol https @@ -602,9 +598,6 @@ function _configure_tgt_for_config_d { # start_cinder() - Start running processes function start_cinder { - local service_port=$CINDER_SERVICE_PORT - local service_protocol=$CINDER_SERVICE_PROTOCOL - local cinder_url if [ "$CINDER_TARGET_HELPER" = "tgtadm" ]; then if is_service_enabled c-vol; then # Delete any old stack.conf @@ -620,12 +613,12 @@ function start_cinder { fi fi - if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then - run_process "c-api" "$(which uwsgi) --procname-prefix cinder-api --ini $CINDER_UWSGI_CONF" - cinder_url=$service_protocol://$SERVICE_HOST/volume/v3 - fi + run_process "c-api" "$(which uwsgi) --procname-prefix cinder-api --ini $CINDER_UWSGI_CONF" echo "Waiting for Cinder API to start..." + # Check that the cinder API service is running, + local cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST/volume/v3/ + if ! wait_for_service $SERVICE_TIMEOUT $cinder_url; then die $LINENO "c-api did not start" fi @@ -663,7 +656,7 @@ function create_one_type { # TODO (e0ne): use openstack client once it will support cinder in noauth mode: # https://bugs.launchpad.net/python-cinderclient/+bug/1755279 local cinder_url - cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST:$CINDER_SERVICE_PORT/v3 + cinder_url=$CINDER_SERVICE_PROTOCOL://$SERVICE_HOST/volume/v3 OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-create $type_name OS_USER_ID=$OS_USERNAME OS_PROJECT_ID=$OS_PROJECT_NAME cinder --os-auth-type noauth --os-endpoint=$cinder_url type-key $type_name set $property_key="$property_value" fi diff --git a/lib/keystone b/lib/keystone index 2077916d80..791abeb0d7 100644 --- a/lib/keystone +++ b/lib/keystone @@ -11,13 +11,11 @@ # - ``FILES`` # - ``BASE_SQL_CONN`` # - ``SERVICE_HOST``, ``SERVICE_PROTOCOL`` -# - ``S3_SERVICE_PORT`` (template backend only) # ``stack.sh`` calls the entry points in this order: # # - install_keystone # - configure_keystone -# - _config_keystone_apache_wsgi # - init_keystone # - start_keystone # - bootstrap_keystone @@ -140,38 +138,6 @@ function cleanup_keystone { sudo rm -f $(apache_site_config_for keystone-wsgi-public) } -# _config_keystone_apache_wsgi() - Set WSGI config files of Keystone -function _config_keystone_apache_wsgi { - local keystone_apache_conf - keystone_apache_conf=$(apache_site_config_for keystone) - keystone_ssl_listen="#" - local keystone_ssl="" - local keystone_certfile="" - local keystone_keyfile="" - local keystone_service_port=$KEYSTONE_SERVICE_PORT - local venv_path="" - - if is_service_enabled tls-proxy; then - keystone_service_port=$KEYSTONE_SERVICE_PORT_INT - fi - if [[ ${USE_VENV} = True ]]; then - venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages" - fi - - sudo cp $FILES/apache-keystone.template $keystone_apache_conf - sudo sed -e " - s|%PUBLICPORT%|$keystone_service_port|g; - s|%APACHE_NAME%|$APACHE_NAME|g; - s|%SSLLISTEN%|$keystone_ssl_listen|g; - s|%SSLENGINE%|$keystone_ssl|g; - s|%SSLCERTFILE%|$keystone_certfile|g; - s|%SSLKEYFILE%|$keystone_keyfile|g; - s|%USER%|$STACK_USER|g; - s|%VIRTUALENV%|$venv_path|g - s|%KEYSTONE_BIN%|$KEYSTONE_BIN_DIR|g - " -i $keystone_apache_conf -} - # configure_keystone() - Set config files, create data dirs, etc function configure_keystone { sudo install -d -o $STACK_USER $KEYSTONE_CONF_DIR @@ -201,13 +167,6 @@ function configure_keystone { iniset_rpc_backend keystone $KEYSTONE_CONF oslo_messaging_notifications - local service_port=$KEYSTONE_SERVICE_PORT - - if is_service_enabled tls-proxy; then - # Set the service ports for a proxy to take the originals - service_port=$KEYSTONE_SERVICE_PORT_INT - fi - # Override the endpoints advertised by keystone so that clients use the correct # endpoint. By default, the keystone server uses the public_port which isn't # going to work when you want to use a different port (in the case of proxy), @@ -546,23 +505,13 @@ function install_keystone { # start_keystone() - Start running processes function start_keystone { - # Get right service port for testing - local service_port=$KEYSTONE_SERVICE_PORT - local auth_protocol=$KEYSTONE_SERVICE_PROTOCOL - if is_service_enabled tls-proxy; then - service_port=$KEYSTONE_SERVICE_PORT_INT - auth_protocol="http" - fi - run_process keystone "$(which uwsgi) --procname-prefix keystone --ini $KEYSTONE_PUBLIC_UWSGI_CONF" "" echo "Waiting for keystone to start..." # Check that the keystone service is running. Even if the tls tunnel # should be enabled, make sure the internal port is checked using - # unencryted traffic at this point. - # If running in Apache, use the path rather than port. - - local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v3/ + # unencryted traffic at this point (ignore KEYSTONE_SERVICE_PROTOCOL). + local service_uri=http://$KEYSTONE_SERVICE_HOST/identity/v3/ if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then die $LINENO "keystone did not start" diff --git a/lib/neutron b/lib/neutron index 45541cc2dc..6a7f057ad7 100644 --- a/lib/neutron +++ b/lib/neutron @@ -110,10 +110,6 @@ Q_META_CONF_FILE=$NEUTRON_CONF_DIR/metadata_agent.ini Q_DB_NAME=${Q_DB_NAME:-neutron} # Default Neutron Plugin Q_PLUGIN=${Q_PLUGIN:-ml2} -# Default Neutron Port -Q_PORT=${Q_PORT:-9696} -# Default Neutron Internal Port when using TLS proxy -Q_PORT_INT=${Q_PORT_INT:-19696} # Default Neutron Host Q_HOST=${Q_HOST:-$SERVICE_HOST} # Default protocol @@ -632,18 +628,11 @@ function enable_neutron_server_services { # Start running processes function start_neutron_service_and_check { - local service_port=$Q_PORT - local service_protocol=$Q_PROTOCOL local cfg_file_options local neutron_url cfg_file_options="$(determine_config_files neutron-server)" - if is_service_enabled tls-proxy; then - service_port=$Q_PORT_INT - service_protocol="http" - fi - # Enable neutron server services based on configuration enable_neutron_server_services @@ -660,7 +649,7 @@ function start_neutron_service_and_check { fi echo "Waiting for Neutron to start..." - local testcmd="wget ${ssl_ca} --no-proxy -q -O- $neutron_url" + local testcmd="wget --no-proxy -q -O- $neutron_url" test_with_retry "$testcmd" "Neutron did not start" $SERVICE_TIMEOUT } diff --git a/lib/nova b/lib/nova index bf990132dc..2f4ae27375 100644 --- a/lib/nova +++ b/lib/nova @@ -964,24 +964,17 @@ function install_nova { # start_nova_api() - Start the API process ahead of other things function start_nova_api { - # Get right service port for testing - local service_port=$NOVA_SERVICE_PORT - local service_protocol=$NOVA_SERVICE_PROTOCOL - local nova_url - if is_service_enabled tls-proxy; then - service_port=$NOVA_SERVICE_PORT_INT - service_protocol="http" - fi - # Hack to set the path for rootwrap local old_path=$PATH export PATH=$NOVA_BIN_DIR:$PATH run_process "n-api" "$(which uwsgi) --procname-prefix nova-api --ini $NOVA_UWSGI_CONF" - nova_url=$service_protocol://$SERVICE_HOST/compute/v2.1/ echo "Waiting for nova-api to start..." - if ! wait_for_service $SERVICE_TIMEOUT $nova_url; then + # Check that the nova API service is running. + local service_url=$NOVA_SERVICE_PROTOCOL://$SERVICE_HOST/compute/v2.1/ + + if ! wait_for_service $SERVICE_TIMEOUT $service_url; then die $LINENO "nova-api did not start" fi From 4638c2f85f5f41110761f4bf8f7514493dcf3fd2 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Sun, 3 May 2026 13:52:59 +0900 Subject: [PATCH 148/149] nova: Replace deprecated [libvirt] cpu_model It was deprecated in favor of the cpu_models option. Change-Id: I2cbbbf95f132b3279a24f120a7d0d756ba550542 Signed-off-by: Takashi Kajinami --- lib/nova_plugins/hypervisor-libvirt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt index 4b44c1f86f..163688f7f2 100644 --- a/lib/nova_plugins/hypervisor-libvirt +++ b/lib/nova_plugins/hypervisor-libvirt @@ -41,7 +41,7 @@ function configure_nova_hypervisor { iniset $NOVA_CONF libvirt virt_type "$LIBVIRT_TYPE" iniset $NOVA_CONF libvirt cpu_mode "$LIBVIRT_CPU_MODE" if [ "$LIBVIRT_CPU_MODE" == "custom" ] ; then - iniset $NOVA_CONF libvirt cpu_model "$LIBVIRT_CPU_MODEL" + iniset $NOVA_CONF libvirt cpu_models "$LIBVIRT_CPU_MODEL" fi # Do not enable USB tablet input devices to avoid QEMU CPU overhead. iniset $NOVA_CONF DEFAULT pointer_model "ps2mouse" @@ -56,10 +56,10 @@ function configure_nova_hypervisor { # arm64-specific configuration if is_arch "aarch64"; then iniset $NOVA_CONF libvirt cpu_mode "host-passthrough" - # NOTE(mnaser): We cannot have `cpu_model` set if the `cpu_mode` is + # NOTE(mnaser): We cannot have `cpu_models` set if the `cpu_mode` is # set to `host-passthrough`, or `nova-compute` refuses to # start. - inidelete $NOVA_CONF libvirt cpu_model + inidelete $NOVA_CONF libvirt cpu_models fi if isset ENABLE_FILE_INJECTION; then From ffe58c9273d19f2d798ae46e7465e31f9d9dc44d Mon Sep 17 00:00:00 2001 From: Balazs Gibizer Date: Tue, 12 May 2026 09:58:47 +0200 Subject: [PATCH 149/149] Support spice with debian 12+ Since c0f6cb5eb27ed3ab0d4d882f62a3ea5283bd71a0 devstack enable debian 12 backports in bookworm. As a consequence we need to explicitly install the qemu-system-modules-spice package to keep supporting spice in qemu. The same is true for debian 13 as well. Related-Bug: #2121941 Signed-off-by: Balazs Gibizer Change-Id: I05df50bb6dcf263eb387daaaf277cae1c80438b9 --- lib/nova_plugins/functions-libvirt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/nova_plugins/functions-libvirt b/lib/nova_plugins/functions-libvirt index ac6bef2f4e..e421c5bac0 100644 --- a/lib/nova_plugins/functions-libvirt +++ b/lib/nova_plugins/functions-libvirt @@ -99,6 +99,14 @@ function install_libvirt { install_package qemu-efi-aarch64 fi #pip_install_gr + + if [[ ${DISTRO} =~ "bookworm" ]] || [[ ${DISTRO} =~ "trixie" ]]; then + # Since debian 13 spice is supported in qemu through an additional + # package. We also enabled backports on debian 12 which makes the + # same change. + install_package qemu-system-modules-spice + fi + elif is_fedora; then # Optionally enable the virt-preview repo when on Fedora