The iptables service files are no longer included by default on
Fedora. This causes the systemctl calls in fixup_stuff.sh to fail
when disabling firewalld in favor of iptables.
Change-Id: If37691d03e3d07ca8b53c541717081beeb184c16
Closes-Bug: #1462347
We've bike-sheded over this before
(I5252a12223a35f7fb7a4ac3c58aa4a3cd1bc4799) but I have just traced
down further issues to firewalld with neutron+ipv6 (see the bug).
In fact, as mentioned in the comments, RDO disables firewalld and the
neutron guide says to disable it [1]. The force flag is left if
anyone really wants this; but nobody is testing (or, as far as I can
tell, working on) this so bring devstack back into line and disable it
always. Note we do not remove the package; as has been found in the
puppet scripts this can lead to dependency issues.
[1] http://docs.openstack.org/developer/devstack/guides/neutron.html
Change-Id: Ief7cb33d926a9538f4eb39c74d906ee0c879de35
Partial-Bug: 1455303
The version of pip supported by python-virtualenv has issues in
environment under proxy, hence uninstalling python-virtualenv package
and installing the latest version using pip.
Change-Id: Id749c37ab7fefa96b35f11816b56b9def5ef4b08
Closes-Bug: 1421541
el6 is shipped with Python 2.6.x which is not expected
to be supported with the openstack kilo release.
For el6 support we need to do lot of thing differently,
which makes the code more complicated.
This change removes el6 and py26 support from devstack.
This change also removed a discontinued (1 year ago)
openSUSE 12.2 code path, which used a similar codepath as el6.
Several comment related to el6 also removed or modified.
Change-Id: Iea0b0c98a5e11fd85bb5e93c099f740fe05d2f3a
Fedora 19 will reach its end of life on 6-JAN-2015
https://lists.fedoraproject.org/pipermail/announce/2014-December/003243.html
Remove it as a supported distribution and add Fedora 21
- stack.sh: Remove Fedora 19 from list of 'supported' distributions.
- tools/fixup_stuff.sh: Remove Fedora 19. Also remove the workaround
of disabling firewalld for Fedora 21.
Change-Id: If92b87d2f9a2bb95469730cda201a7981670f727
Also use sudo -H with pip so that it doesn't create a ~stack/.cache
other things can't write to as the stack user later.
Change-Id: I2134c7d8f58f8b83f33150c9ed86d87f8ccba2f3
We don't use nose anywhere in anything related to devstack. The only
legitimate OpenStack things that are still nose are horizon and swift
unittests, and it turns out we don't really run those in devstack.
Change-Id: I215e0f3664f269e0e1b8f5d5f9c70553dededddd
Only set the keystone reserved ports when available, on some system
(like when running under containers) where this sysfs interface is not
exposed we are almost pretty sure these ports would be exclusive for our
devstack.
Change-Id: I06d7d227ae94d564c91c16119e4bbbcc6564a280
firewalld interacts badly with the libvirt on f20, causing slow-downs
so great that it can timeout the gate.
Developers who want to leave it enabled should set FORCE_FIREWALLD=True
Change-Id: I5252a12223a35f7fb7a4ac3c58aa4a3cd1bc4799
This was landed to try to address an issue with netns vs nbd during
icehouse development. It never really got us anywhere, and is now
just cruft.
Change-Id: Ie498fae8d1f796c1fc83459c65d0de948d1d50ce
This old setuptools egg-info file causes havoc and really weird pip
install errors. I think possibly not everyone has the
python-setuptools package installed, so it may only appear in some
situations.
Change-Id: I7ef0fa35c650e323a8945ed7c5c7754ca62a0ca5
Reserve Keystone ports from the ephemeral range as early as reasonably
possible in the fixup_stuff.sh process to reduce the likelihood that the
port will be in use. This does not completely resolve the issue
where Keystone's IANA assigned port falls into Linux's ephemeral
range, but this should reduce the occurrences. The default ports
are 35357 and 35358.
Change-Id: I8cfb53d8f90c1ff1fb1083c59fefabca3d14323b
Partial-Bug: #1253482
The f20 gate job is failing on hpcloud images
(official F20 cloud image), with enforcing selinux.
Setting selinux to permissive on all Fedoras.
Currently selinux policies are violated, when
- horizon/httpd tries to access a files without
httpd_t friendly security label.
- horizon/httpd_t tries to connect to openstack
service port, without an allowing policy.
- swift tryes rsync content without an authorized
security label and without rsync_full_access sebool.
- ..
In permissive mode you will be able to track,
the missing policies and labels by checking
the /var/log/auidit/audit.log*
The enforcing mode might be turned on in the future,
when all label and policy configured correctly.
Change-Id: I6dad705dd11b9eb5f01ce67814f05d294b3979a5
Simplifying the steps between devstack install and tempest run, by
* installing tox<1.7, bacuse 1.7 is not compatible with our tox.ini
* installing and patching 'discover' when the python version is 2.6
Change-Id: I8008837d2fae6cebeeeb051b63066279ca477e01
Check that function calls look like ^function foo {$ in bash8, and fix
all existing failures of that check. Add a note to HACKING.rst
Change-Id: Ic19eecb39e0b20273d1bcd551a42fe400d54e938
Change 4f1fee6eae300a3384900df06ebc857e95854eb0 added the RHEL6
optional repo in fixup_stuff.sh, but it turns out that doesn't get run
until after the package prerequisites phase. Move this into stack.sh
with the RDO repo setup.
Change-Id: Iae0df85fa94c6c1b6f497dd29fda90d03b903a41
python-glanceclient is failing to install on rhel6 with a dependency
chain from pip as
cryptography>=0.2.1 (from pyOpenSSL>=0.11->python-glanceclient==0.12.0.56.gb8a850c)
cryptography requires libffi-devel to build. I'm not sure what
changed, but remove it from "testonly" so it is always installed.
However, RHEL6 includes this in the optional repo, so we enable this
repo in the fixup script.
Change-Id: I9da0e91b75f41578861ee9685b8c7e91dd12dae7
we are getting kernel crashes in the OpenStack gate, to test
getting around this we'd like devstack to be able to upgrade
the precise kernel to the latest lts backported kernel.
default to off
Change-Id: I5d47aa8d15b1b1c0386a13b65022f6b8108c5c49
The minimum prettytable version is changed from 0.6 to 0.7
in the global requirements.
If the system has an older prettytable version the fixup_stuff does not
takes effect in time, because at fixup time the system has the old
version.
Ensure the fixup installs the minimum required version in time.
Change-Id: If1737dacb25db73b68e707953d05576ad8a97da7
since commit a0739c9423a4c559b45af96fa4cdb30539dcdbd7, horizon use
a pure Python alternative to nodejs
Change-Id: I231b453e42c303c3cc29e8bea4d7b935fecdccd2
A few Markdown-oriented issues were causing Docutils errors to
leak into the end-user docs on http://devstack.org
Change-Id: I51fa9698afb1bfb48596478d83bd1fdcd84ac52e
stack.sh invokes some helper scripts as separate processes, rather than
by source'ing them. As with stack.sh itself, abort immediately on the
first error, so that errors don't compound and result in confusing error
messages. If one of these helper scripts aborts, stack.sh itself will
also abort in the usual manner.
Due to the change in behaviour, tweak some mv invocations to ensure that
they don't trigger false failures.
As with stack.sh itself, also enable xtrace so we can see exactly what's
happening. In particular this allows us to see the cause of any
premature termination due to a command failing whilst errexit is
enabled.
Change-Id: I7a55784c31e5395e29ab9bbe2bb112b83b9be693
* Add tools/fixup_stuff.sh to fix prettytable and httplib2 install
with pip 1.4+
* Cache downloads properly in tools/install_pip.sh
Change-Id: I482590cb91f7a10c1436bc9015afd572ac1cc73e
