8444 Commits

Author SHA1 Message Date
Jenkins
0c0232f508 Merge "Set OS_AUTH_TYPE to password" 2017-04-28 04:00:20 +00:00
Jenkins
a292c5068c Merge "Always restart apache" 2017-04-27 08:35:01 +00:00
Jenkins
a8204752e3 Merge "neutron-legacy: Defer service_plugins configuration" 2017-04-26 21:22:09 +00:00
Ian Wienand
f6a2d2cd4e Always restart apache
As described in [1], it seems that mod_wsgi is not "graceful" reload
safe.  Upon re-init, it can end up in a segfault loop.

The "reload" (not *restart*) after setting up uwsgi was added with
I1d89be1f1b36f26eaf543b99bde6fdc5701474fe but not causing an issue
until uwsgi was enabled.

We do not notice in the gate, because the TLS setup ends up doing a
restart after this setup.  In the period between the
write_uwsgi_config and that restart, Apache is sitting in a segfault
loop, but we never noticed because we don't try talking to it.  Other
jobs that don't do any further apache configuration have started
failing, however.

Looking at the original comments around "reload_apache_server" I'm not
sure if it is still necessary.  [2] shows it is not used outside these
two calls.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1445540
[2] http://codesearch.openstack.org/?q=reload_apache_server&i=nope&files=&repos=

Closes-Bug: #1686210
Change-Id: I5234bae0595efdcd30305a32bf9c121072a3625e
2017-04-26 11:09:59 +10:00
Jenkins
2eb322ab2e Merge "Set fixed-key key manager" 2017-04-25 23:42:18 +00:00
Jenkins
bc8db65da2 Merge "Define a new function for notifications URL" 2017-04-25 17:47:35 +00:00
Thomas Herve
26e431dbd7 Define a new function for notifications URL
This defines a new function get_notification_url, which returns the URL
of RabbitMQ when you want connect to it, and uses in
ceilometermiddleware. This fixes an issue when we try to use AMQP for
RPC, but not for notifications.

Change-Id: I14450b2440806a17a90e5ddefc243868fdbe4f2c
2017-04-25 17:01:21 +02:00
Jenkins
aa444d0d83 Merge "Create custom dir for uwsgi domain sockets" 2017-04-21 03:29:15 +00:00
rabi
aa26baacb8 Create custom dir for uwsgi domain sockets
On Centos, apache has a private view of /tmp and thus can't see this
socket, causing keystone to fail. This happened after
I46294fb24e3c23fa19fcfd7d6c9ee8a932354702.

Move it to /var/run.

Closes-Bug: #1684360
Change-Id: I47f091656802719c259752454ec88bf50760b967
2017-04-21 10:42:27 +10:00
Jenkins
d8863f6c98 Merge "Increase rsyslog buffer sizes." 2017-04-20 20:03:44 +00:00
Sean Dague
1b245cef7f Cleanup duplicate get_or_add_user_domain_role
It turns out that we ended up with duplicate versions of this function
merging on top of each other within 3 days, and gerrit didn't catch
it. Boo gerrit. Boo bash.

Change-Id: Ic6aa2f9bafdec906de2bc51d5929beeec48a6a40
2017-04-20 00:19:20 +00:00
Paul Belanger
37c7843aad
Increase rsyslog buffer sizes.
Swift proxy logs to syslog during the devstack-gate tempest runs. To
better capture the swift logs increase the rsyslog buffer size to 6k
bytes allowing for longer messages like tracebacks.

This was setup by openstack-infra previous during our diskimage
builds.

  I03e42964e14d9f930c07ed047851bdf775639c59

Change-Id: Iaa232335865410600c93f47d4777ed4f1bce08e2
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-19 13:20:47 -04:00
Jenkins
e2fb00ebb7 Merge "cinder: wait for cinder-api for wsgi too" 2017-04-19 15:01:07 +00:00
Jenkins
d4df865c07 Merge "Adding placement-client to compute node local.conf for multinode setup " 2017-04-19 12:52:15 +00:00
Jenkins
23756fbef5 Merge "Updated from generate-devstack-plugins-list" 2017-04-19 12:37:22 +00:00
Jenkins
c5a2f1b1f3 Merge "Add cursive to LIBS_FROM_GIT" 2017-04-19 12:37:15 +00:00
Jenkins
0cfc523ff7 Merge "Add castellan to LIBS_FROM_GIT" 2017-04-19 12:33:06 +00:00
Jenkins
f6c86749fd Merge "fix typo" 2017-04-19 12:32:59 +00:00
Jenkins
041a5d9d83 Merge "Send useful auth_port and auth_prefix to swift's test.conf" 2017-04-19 12:30:19 +00:00
OpenStack Proposal Bot
09a08aacf4 Updated from generate-devstack-plugins-list
Change-Id: If6c07fd6b56d776a5548564b72e637f6bd3dfbfc
2017-04-19 09:24:43 +00:00
Jenkins
4b9022ddd7 Merge "Make a2dissite fail softly if the site is not enabled" 2017-04-19 06:34:20 +00:00
Tim Burke
f43ea47766 Send useful auth_port and auth_prefix to swift's test.conf
Until we can test with a version of swiftclient that knows how to eat
auth_uri, swift still needs a working gate.

Change-Id: I09f9ad5c87b542df962a79898e06fbf1e968b1e3
Related-Change: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
Related-Change: Ie427f3b0b9eb834ff940fa5d52444a5a6cdcab15
2017-04-18 21:58:10 -07:00
Jenkins
cf2846ab64 Merge "Add new configuration option for LM+grenade job" 2017-04-18 21:29:16 +00:00
Jenkins
227661e881 Merge "Remove a TODO that no longer applies" 2017-04-18 18:39:55 +00:00
Jenkins
487777f5c7 Merge "Enable EPEL mirror by default" 2017-04-18 18:14:17 +00:00
Jenkins
ee49497205 Merge "XenAPI: Remove final references to Integration bridge" 2017-04-18 18:08:09 +00:00
Chris Dent
2fcdaac56e Make a2dissite fail softly if the site is not enabled
a2dissite will return a non-zero error code if the site that is being
disabled is not currently enabled (that is, if the conf file for it does
not exist). This can happen during development if you've been messing
with files by hand. Rather than exploding out of a ./stack.sh, accept
the missing file as meaning "it's disabled" and carry one. The rpm
version of disable, which does not use a2dissite, does this already.

Change-Id: Ie5dfd42efdff4bdba5ffaa765af000dd8e1d596e
2017-04-18 16:54:12 +01:00
Chris Dent
e0be9e3a2e Remove a TODO that no longer applies
The removed TODO was talking about USE_SYSTEMD, not WSGI_MODE.

WSGI_MODE makes sense, so the TODO has been done.

Change-Id: Ib574ef123ea4c82d4d88012c990cd1ad660d7879
2017-04-18 16:52:25 +01:00
Prabhuraj Kamaraj
921da2654b Adding placement-client to compute node local.conf for multinode setup
Change-Id: Ie98f908d5a932da259ae13934af45d535fcffb82
Closes-Bug: #1682362
2017-04-18 05:12:52 +00:00
Sean Dague
6ed53156b6 Convert keystone to use uwsgi with the proxy
This makes keystone use the proxy uwsgi module when running in uwsgi
mode. It also introduces a new stackrc variable which is WSGI_MODE
that we can use to control the conditionals in services that current
work with mod_wsgi.

Also update retry timeouts on proxy pass so that workers don't disable
their connections during polling for initial activity.

Change-Id: I46294fb24e3c23fa19fcfd7d6c9ee8a932354702
2017-04-17 16:27:35 -04:00
Sean Dague
64ffff9b7d Convert placement to new uwsgi mode
This converts the placement API to use the new WSGI_MODE variable
(which is not introduced until the next changeset). We do this so that
placement and keystone patches can be reviewed independently, but
there are some hidden coupling of mod_wsgi setup which happens only in
keystone, so if we do keystone first, it breaks placement.

Change-Id: Id5b2c67701bcc7b12c8e3764c7199d10f85df80f
2017-04-17 14:51:44 -04:00
Sean Dague
604e598e2a Install and enable apache uwsgi proxy
The uwsgi proxy version that comes with Ubuntu xenial is too old, so
we have to build it from source. This is a temporary solution until
the next LTS.

This lays the ground work for using it in keystone.

Change-Id: I00fb1759e6988c7df0ce0f3df5ff1ce9fd7cd381
2017-04-17 14:51:44 -04:00
Sean Dague
a1446b960f always retry proxy errors
When an apache worker gets a proxy error, it will not retry talking to
the backend server until the retry timeout expires. We bring up the
proxy server *before* the backend server, and poll it. If we are
running a small number of workers, there is a likely chance that we're
going to hit one that errored before the backend was up, thus failing
for now real reason.

Set this to 0 instead to mean always retry failed connections.

Change-Id: I9e584f087bd375f71ddf0c70f83205c425094a17
Ref: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
2017-04-17 14:31:21 -04:00
Sean Dague
f3b2f4c853 Remove USE_SSL support
tls-proxy is the way we're now doing a standard install using https
between services. There is a lot more work to make services directly
handle https, and having python daemons do that directly is a bit of
an anti pattern. Nothing currently tests this in project-config from
my recent grepping, so in the interest of long term maintenance,
delete it all.

Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
2017-04-17 07:27:32 -04:00
Sean Dague
2f8c88e053 Factor out code to write uwsgi config files
Instead of this code all existing in keystone inline, factor out into
a dedicated set of functions, and make keystone use this. This drops
uwsgi supporting https directly, but that's not going to be a
supported model going forward once we get to proxy only anyway.

Change-Id: I1d89be1f1b36f26eaf543b99bde6fdc5701474fe
2017-04-14 15:41:02 -04:00
Sean Dague
2b85cf0f06 Just use normal restart for apache
We're now in a systemd world where systemd is managing the restart
effectively, there is no reason to be tricksy with apache now that
we're not working around weird upstartd issues.

Change-Id: Ifadfd504eb10a90db5177ea9180b9cd8331a2948
2017-04-14 15:41:02 -04:00
Sean Dague
4da0fa8c13 Always install apache and proxy-uwsgi
We're going to want to start using it by default so just start with
always installing it. This should not negatively impact anything else.

Also had to fix the test using cowsay, now that cowsay depends on
cowsay-off.

Part of uwsgi in devstack.

Change-Id: I8306a992d9d006bc0130a255145a6880065aa0df
2017-04-14 15:41:02 -04:00
Brianna Poulos
f9c2a68338 Add cursive to LIBS_FROM_GIT
Allow cursive to be installed from git instead of pip.

The barbican-tempest-plugin, which uses cursive indirectly
through nova and glance, would benefit from the ability to
use cursive from git instead of pip.

Change-Id: Icae7d310f1ee392d080e7c8e421a26d7c0ef4727
2017-04-14 14:00:31 -04:00
Brianna Poulos
968ebeee41 Add castellan to LIBS_FROM_GIT
Allow castellan to be installed from git instead of pip.

Castellan has recently been moved under the oslo framework,
and the barbican-tempest-plugin tests which use castellan
would benefit from the ability to usd castellan from git
instead of pip.

Change-Id: I96edca90c61aec84637b7b1ce842eff04c521923
2017-04-14 12:17:46 -04:00
Jenkins
94047f45cd Merge "Make auth_uri available in the swift test setup" 2017-04-14 14:25:08 +00:00
Jenkins
0166b866a3 Merge "Add python3-systemd package" 2017-04-14 02:08:27 +00:00
Sean Dague
4222ee35f6 Make auth_uri available in the swift test setup
The swift functional tests use a config which requires keystone ports,
we're about to make those go away. This exposes the actual auth_uri to
swift for consumption.

Change-Id: I5868dfdb8e5f0972ba04e359d212b04351502436
2017-04-13 20:33:42 -04:00
Jenkins
af5e3d668f Merge "Clean up apache 2.2 cruft from Ubuntu 12.04" 2017-04-13 21:32:54 +00:00
Paul Belanger
bc4b8eb5bf
Enable EPEL mirror by default
We recently disabled EPEL in openstack-infra, enable it again.

Change-Id: I213b302b34b740354d63b69e8ac7f4e1b3d3cdd7
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-13 15:07:29 -04:00
Sean Dague
13a29ab787 Add python3-systemd package
Otherwise journal logging under python3 doesn't work

Change-Id: Ib136d88a522c40482a3e94d0386a26600236f135
2017-04-13 17:52:37 +00:00
Paul Belanger
1f92d44544
Use apt_get_update after we setup UCA
It is possible some CI system are using an http_proxy. Use the helper
function to cover this use case.

Change-Id: Iee685147ca0244fc7de328a765f937602223de20
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
2017-04-13 13:08:59 -04:00
Sean Dague
8f8b274e60 Clean up apache 2.2 cruft from Ubuntu 12.04
All the apache 2.2 handling is obsolete now, as we don't support those
distros, so get rid of it.

Change-Id: I9c0f78af2b32afabb2c4264aebc92089c4694f91
2017-04-13 09:35:21 -04:00
Clark Boylan
3d4c6d2dd1 Install netcat for libvirt live migration
Libvirt live migration requires netcat. It appears that newer UCA
packages may not automagically pull this in so explicitly list it as a
dependency of nova compute here. Note that netcat/netcat-traditional do
not appear to work and netcat-openbsd is required.

Change-Id: If2dbc53d082fea779448998ea12b821bd037a14e
2017-04-12 14:33:00 -07:00
Jenkins
42414520b7 Merge "Test using UCA for libvirt 2.5.0" 2017-04-12 15:15:45 +00:00
youri jeong
f68f6f2e33 fix typo
fix typo for tools/dstat.sh
retreive must be retrieve

Change-Id: I7a817ec02e7156c886d7d6abb28688bfe2ef5998
2017-04-12 19:24:14 +09:00