Going forward, nova will have another database at the API level (similar to how
current cells has an api-level cell, with its own database). This patch creates
and initializes it so that we can start testing the migrations with grenade.
Change-Id: I0dfae32102aeda9c5d17e134527b6a18f4b88014
Retrieving the root page in the nova and glance APIs include
URLs for the various versions supported. These are by default
reported using unsecure URLs. Configure the services to report
a SSL-based URL instead.
Change-Id: I220757e53b94a5f6d19291371407220fdf54c645
We can infer the binary and configuration paths just from the project
name and expanding this to the known *_DIR & *_BIN_DIR variables. A
similar thing is done for policyd settings
Change-Id: I7c6a9fa106948ae5cbcf52555ade6154623798f1
This makes it possible to list virtual site-package directories
without statically stating the python version, which is a bit ugly.
Change-Id: I3e7ac39eb43cdc4f656e0c90f3bfb23545722aef
Nova commit 9b224641295af3763d011816d6399565ac7b98de removed the option
in Liberty so we can remove it's usage in devstack.
Related-Bug: #1364851
Change-Id: If051f43fb75d57c118db4e8e97895ff06fbb54e2
Inspired by keystone and rcbops-cookbooks's nova scripts,
this review adds apache2 templates for two of the Nova
services. Also add code in lib/nova to switch between
the old and new ways to these two services. The patch
depends on the Nova review mentioned below as the two
scripts that are needed will be in Nova's repository.
TODO for later would be to switch on NOVA_USE_MOD_WSGI
when ENABLE_HTTPD_MOD_WSGI_SERVICES is switched on.
Related Nova blueprint:
https://blueprints.launchpad.net/nova/+spec/run-nova-services-under-apache2
Depends-On: Idd7d3d1b3cc5770cdecea7afe6db3c89d5b2c0d0
Change-Id: I9fc0c601db2776d3e9084be84065e728e3f5d414
Rootwrap shouldn't be a unique snowflake. Plus the binaries tend
to be called assuming PATH will find them. Not so with venvs
so we need to work around that brokenness.
Configure Cinder and Nova to use configure_rootwrap().
Change-Id: I8ee1f66014875caf20a2d14ff6ef3672673ba85a
Install a couple of optional feature prereqs in hypervisor plugins.
rootwrap is horribly called indirectly via PATH. The choice, other than fixing
such nonsense, is to force the path in sudo.
TODO:
* python guestfs isn't in pypi, need to specifically install it to not
use the distro package
Change-Id: Iad9a66d8a937fd0b0d1874005588c702e3d75e04
Commit c12a78b35dc910fa97df888960ef2b9a64557254 has set the
"always" flag to be deprecated in liberty. This moves to using
"True" instead.
Change-Id: Idecf7966968369d2f372abffcab85fbf9aa097c7
Recent versions of oslo policy allow the use of a policy.d to break up
policy in a more user understandable way. Nova is going to use this in
Kilo to break out v2 and v2.1 API policy definitions.
This provides a unified helper for installing sample policies. It
makes some assumptions on project directory structure. Porting other
projects to use this can happen in the future.
Change-Id: Iec23b095176332414faf76a9c329f8bb5f3aa6c3
This eliminated a number of sudo calls by doing the copy/chown/chmod in
a single step and sets a common pattern.
Change-Id: I9c8f48854d5bc443cc187df0948c28b82c4d2838
iniset_rpc_backend should know what section it needs to set the
config options in better than the callers. The config options
have actually been moved to different sections and the options
in the DEFAULT section are deprecated.
Change-Id: I0e07fe03c7812ef8df49e126bf71c57588635639
As per the logs:
Option "lock_path" from group "DEFAULT" is deprecated. Use option "lock_path" from group
"oslo_concurrency".
Option "sql_connection" from group "DEFAULT" is deprecated. Use option
"connection" from group "database".
Change-Id: I2109cec07ebee916c9ce0ccd24bd9a47d8d3c688
Region name should be set to nova.conf and cinder.conf so that
cinder volume can work in multiregion env.
Closes-Bug: #1429738
Change-Id: Ib20911c24d8daabc07e6515f4a23a745d77593ff
Nova has the ability to do remote interactive consoles but there is no
easy way to enable this in devstack. This change defines a service
called n-serial to enable the service. Documentation is added to a
new guide on nova, describing how to set further options in local.conf
Change-Id: I401d94b2413c62bfae9b90d2214d77bd4cfc15d5
get_or_add_user_role is specific to adding a role on a project.
Rename it to get_or_add_user_project_role to allow room for adding a
domain specific role function.
Change-Id: I999308098d22be9800578ae67144a3b687fbc3be
Most of the services create the service user with the admin permission.
This is unnecessary for token validation and they should be restricted
to only having the service role.
Change-Id: Id7a9366d2c6a36139240f64371002362dc2d8d3b
The code for creating service users is almost exactly the same. Abstract
this into a function that can be reused and standardized.
Change-Id: I3a4edbff0a928da7ef9b0097a5a8d508fdfab7ff
Nova listens for EC2 calls now at the URL without path -
http://some.server.com:8773/
I was made in review -
https://review.openstack.org/#/c/152496/
So I suggest to change EC2 urls in keystone catalog.
Change-Id: Ia2975ce0f6a30eed6016733e12c98b5f97648307
Closes-Bug: 1417555
The default project means that a user gains token scoping information
for a project if they don't specify another. This is something we want
to discourage for user creation. User's should specify there own
authentication scope when they authenticate.
Change-Id: I42c3060d59edfcd44d04cd166bad500419dd99bc
A recent patch [1] added support for lvm ephemeral storage for nova,
but at the cost of initializing a default lvm volume group even if it
was not required. This change ensures that init of the default volume
group is only performed when nova and/or cinder are configured to use
lvm.
1: https://review.openstack.org/#/c/132333
Change-Id: I7634ca0ed0ffe1b13464e4d66744918f85149f2e
Closes-Bug: #1414820
DevStack currently lacks support for LVM ephemeral storage in Nova.
This support is important for testing of Nova's LVM backend. The
proposed change adds a default volume group, to be shared by Cinder
and Nova. It also adds a configuration option NOVA_BACKEND, which
must be LVM if it is set, that determines whether Nova should be
configured to use LVM ephemeral storage.
Change-Id: I4eb9afff3536fbcd563939f2d325efbb845081bb
This makes a bunch of variable cleanups that will let -o nounset
function, for the time being we hide nounset behind another setting
variable so that it's not on by default.
Because this is bash, and things are only executed on demand, this
probably only works in the config it was run in. Expect cleaning up
all the paths to be something that takes quite a while.
This also includes a new set of unit tests around the trueorfalse
function, because my change in how it worked, didn't. Tests are good
m'kay.
Change-Id: I71a896623ea9e1f042a73dc0678ce85acf0dc87d
1. zmq-receiver should be started in advance
2. when using zeromq driver, nova-compute relies
on nova-conductor's rpc to be initialized
This fix is totally safe and won't influence
on other services.
Change-Id: I9d7b682df4d411af24a1ff6bcad79697e32fa723
Partially-Implements: blueprint zeromq
We use InnoDB everywhere, so there should be no issues with long unicode
keys. Dropped charset parameter for recreate_database since it's not
needed anymore.
Change-Id: Ib768402a9337c918309030a92ab81da17269f4f6
Newer versions of rabbitmq (3.3 and later) do not allow the 'guest'
user to access on non-local interfaces.
- Added a new config RABBIT_USERID which defaults to stackrabbit
- Invoked config scripts using that variable
Adopted from:
https://review.openstack.org/#/c/107779/
Change-Id: I43a231c9611b4cc2e390b603aa3bfb49c915bdc5
Closes-Bug: #1343354
Co-Authored-By: Scott Moser <smoser@ubuntu.com>
With gerrit 2.8, and the new change screen, this will trigger syntax
highlighting in gerrit. Thus making reviewing code a lot nicer.
Change-Id: Id238748417ffab53e02d59413dba66f61e724383
This has been deleted from the nova tree, we should purge it from
devstack, as it will not work any more.
Change-Id: I20501fec140998b91c9ddfd84b7b10168624430a
lib/nova checks NOVA_API_VERSION for setting Nova v2.1 API endpoint,
but the name of the initialization is different.
This patch fixes it.
Change-Id: I2fa234d66fe76b2a7146288adc1384b33921e178
This provides a mechanism for overriding v2 endpoint with v2.1 so that
tests can be run against a devstack to provide equivalency between the
APIs.
Change-Id: Iaaa530bda6bcdae75e86be8dbe572abe4396e8e9
In multi node devstack using multi-host nova-networking, n-api-meta runs
on every machine but n-api only runs on the API node. So copy
nova-api-paste.ini if any version of n-api* is running.
Change-Id: I323f39f5080b94e22907a173a1a2bc4a324567b8
The cinder endpoints should be correctly established in the service
catalog. There is no reason to provide an overriding endpoint_template.
Change-Id: I9b206fa22a8271a0fb65789d139ead35dfb1ea0d
ca_certificate_file is deprecated in favour of using the standard
options from keystoneclient session.
Change-Id: I611da719fb3a95d0a9c2f6ad43e2c083ea7d6862
We're using all the magic variables based on python-fooclient, however
all the inline code was using fooclient for variables. So we had a
mismatch, which was kindly pointed out by some of the 3rd party ci
testers.
Change-Id: I27a56222c7e8e610fba8bf97672d2a42f5cf14ca