* etcd 3.3 is no longer maintained.
* etcd 3.4 removes deprecated interfaces, and clients may
need updated configs.
* The cinder backend coordination URL needs to explicitly
specify the version, until tooz can be updated
https://review.opendev.org/c/openstack/tooz/+/891355
* etcd only supports in-place upgrades between minor
versions, so any jobs testing upgrades could fail if
they skip from 3.2 directly to 3.4
Change-Id: Ifcecdffa17a3a2b1075aa503978c44545c4a2a3c
While the patch where this was first introduced and set to 120 [1] is
sensible for the vast majority of jobs, it's conceivable that some
jobs might want a different value.
Specifically, the whitebox-tempest-plugin changes configurations and
restarts Nova services, and to do so it waits for the service status
to update in the API before continuing with the tests. With the report
interval set to 120 and the down time threshold set to 720, the
service would continue showing 'up' in the API long after it was
actually down, causing the wait to time out.
Whitebox is a low-traffic project with only a couple of devstack jobs
that run tempest tests sequentially (concurrency=1). Its CI is also
pretty stable. It seems legitimate for it to keep the old default
values of report_interval and service_down_time.
This patch keeps the 120 default for NOVA_SERVICE_REPORT_INTERVAL, but
makes it configurable by individual jobs. Since the original patch
also introduced CINDER_SERVICE_REPORT_INTERVAL as a constant, make
that configurable as well.
[1] https://review.opendev.org/c/openstack/devstack/+/890439
Needed-by: https://review.opendev.org/c/openstack/whitebox-tempest-plugin/+/891612
Change-Id: I64fa2059537ea072a38fb4900d3c7d2d8f0ce429
Heavily-loaded workers in CI consistently fail to complete the
service checkin task, which is configured for every ten seconds in
nova and cinder. This generates additional load on the database server
as well as consumes a threadpool worker. If we're not making the
deadline, there's really no point in having it be so high. Further,
since the workers must remain up for all the tempest tests we're
running against them, there's really no benefit to a fast-fail
detection.
This sets the report_interval to 120s for nova and cinder, and sets
service_down_time to 6x that value, which is consistent with the
default scale.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/890448
Change-Id: Idd7aa1daf354256b143a3778f161cfc72b318ea5
Creating multiattach volume is a non-admin operation but creating
multiattach volume type is an admin operation.
Previously cinder allowed creating multiattach volumes without a
volume type but that support is being removed with[1].
The change requires updating tempest tests[2] but some tempest
tests are non-admin, which require admin priviledges to create the
multiattach volume type.
Based on the last discussion with tempest team[3], the proposed
solution is to create a multiattach volume type in devstack,
if ENABLE_VOLUME_MULTIATTACH is True, and use it in tempest
tests. Similar to how admins create multiattach volume types
for non-admin users.
This patch creates a multiattach volume type if
ENABLE_VOLUME_MULTIATTACH is True. Also we set the multiattach
type name as a tempest config option 'volume_type_multiattach'.
[1] https://review.opendev.org/c/openstack/cinder/+/874865
[2] https://review.opendev.org/c/openstack/tempest/+/875372
[3] https://meetings.opendev.org/irclogs/%23openstack-cinder/%23openstack-cinder.2023-03-13.log.html#t2023-03-13T18:47:56
Change-Id: Icd3690565bf7b27898cd206641e612da3993703d
We haven't been testing the distro for a while in CI, e.g. in
Tempest, the jobs on opensuse15 haven't been executed for a year
now.
Therefore the patch removes opensuse support from devstack.
Closes-Bug: #2002900
Change-Id: I0f5e4c644e2d14d1b8bb5bc0096d1469febe5fcc
In this release cycle, a few services are enabling the
enforce scope and new defaults by default. Example Nova:
- https://review.opendev.org/c/openstack/nova/+/866218)
Until the new defaults enalbing by default is not released we
should keep testing the old defaults in existing jobs and we can
add new jobs testing new defautls. To do that we can provide the
way in devstack to keep scope/new defaults disable by default which
can be enabled by setting enforce_scope variable to true.
Once any service release the new defaults enabled by default then
we can switch the bhavior, enable the scope/new defaults by default
and a single job can disbale them to keep testing the old defaults
until service does not remove those.
Change-Id: I5c2ec3e1667172a75e06458f16cf3d57947b2c53
This patch adds NVMe LVM support to the existing iSCSI LVM configuration
support.
We deprecate the CINDER_ISCSI_HELPER configuration option since we are
no longer limited to iSCSI, and replace it with the CINDER_TARGET_HELPER
option.
The patch also adds another 3 target configuration options:
- CINDER_TARGET_PROTOCOL
- CINDER_TARGET_PREFIX
- CINDER_TARGET_PORT
These options will have different defaults based on the selected target
helper. For tgtadm and lioadm they'll be iSCSI,
iqn.2010-10.org.openstack:, and 3260 respectively, and for nvmet they'll
be nvmet_rdma, nvme-subsystem-1, and 4420.
Besides nvmet_rdma the CINDER_TARGET_PROTOCOL option can also be set to
nvmet_tcp, and nvmet_fc.
For the RDMA transport protocol devstack will be using Soft-RoCE and
creating a device on top of the network interface.
LVM NVMe-TCP support is added in the dependency mentioned in the footer
and LVM NVMe-FC will be added in later patches (need os-brick and cinder
patches) but the code here should still be valid.
Change-Id: I6578cdc27489b34916cdeb72ba3fdf06ea9d4ad8
When barbican is enabled, add the "creator" role to cinder's service
user so that cinder can create secrets. Cinder needs to create
barbican secrets when migrating encryption keys from the legacy
ConfKeyManager to barbican. Cinder also needs to create barbican
secrets in order to support transferring encrypted volumes.
Implements: bp/transfer-encrypted-volume
Depends-On: I216f78e8a300ab3f79bbcbb38110adf2bbec2196
Change-Id: Ia3f414c4b9b0829f60841a6dd63c97a893fdde4d
This patch reduces memory usage on the Cinder Volume and Backup services
by tuning glibc.
The specific tuning consist on disabling the per thread arenas and
disabling dynamic thresholds.
The Cinder Backup service suffers from high water mark memory usage and
uses excessive memory. As an example just after 10 restore operations
the service uses almost 1GB of RAM and does not ever free it afterwards.
With this patch the memory consumption of the service is reduced down to
almost 130MB. If we add a revert from Cinder (Change-Id
I43a20c8687f12bc52b014611cc6977c4c3ca212c) it goes down to 100MB during
my tests.
This glibc tuning is not applied to all Python services because I
haven't done proper testings on them and at first glance they don't seem
to have such great improvements.
Related-bug: #1908805
Change-Id: Ic9030d01468b3189350f83b04a8d1d346c489d3c
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.
Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
Previously this would always happen for Nova and Cinder even if n-api
and c-api were not enabled on the host respectively.
This change stops this by placing both calls write_uwsgi_config behind
is_service_enabled checks.
Change-Id: I997685da771736dbad79bcfe4b00dbc63bd6d6b6
The default cinder quotas for volumes, backups, or snapshots may
be too low for highly concurrent testing, so make these configurable
in devstack.
Change-Id: Ie3cf3239b48f9905f5760ad0166eea954ecf5eed
When Glance is configured with a cinder glance_store, Cinder can be
configured to allow cloning of image data directly in the backend
instead of transferring data through Glance. Expose these
configuration options in devstack to facilitate testing this feature.
Adds:
- CINDER_ALLOWED_DIRECT_URL_SCHEMES
- GLANCE_SHOW_DIRECT_URL
- GLANCE_SHOW_MULTIPLE_LOCATIONS
Change-Id: Iee619b443088fd77cf7b1a48563203bdf4a93a39
Since victoria cycle, we have moved upstream testing to
Ubuntu Focal (20.04) and so does no Bionic distro in
Xena cycle testing runtime[1]. Grenade jobs also started
running on Focal since victoria was released.
Only thing left was legacy jobs which were not migrated to
Ubuntu Focal in Victoria and as per another community-wide
goal[2], all the lgeacy jobs were suppsoed to be migrated
to zuulv3 native jobs in victoria cycle itself. One of the
pending job was in nova (nova-grenade-multinode) which is also
migrated to zuulv3 native now
- https://review.opendev.org/c/openstack/nova/+/778885
If there is any job running on bionic, we strongly recommend
to migrate it to Ubuntu Focal.
[1] https://governance.openstack.org/tc/reference/runtimes/xena.html
[2] https://governance.openstack.org/tc/goals/selected/victoria/native-zuulv3-jobs.html
Change-Id: I39e38e4a6c2e52dd3822c9fdea354258359a9f53
If5c860d1e69aaef9a9236303c370479a7714ad43 attempted to move this default
to lioadm while pinning certain Bionic based jobs to tgtadm.
Unfortunately it missed the legacy dsvm based jobs within various
projects that do not inherit from the devstack-platform-bionic base job
and that are also not covered by devstack's gate.
This change simply forces CINDER_ISCSI_HELPER to tgtadm on Bionic based
hosts to ensure it is always used.
Closes-Bug: #1926411
Change-Id: Ib4b38b45f25575c92fb09b8e97fa1b24af0cc06a
As outlined in bug #1917750 the use of tgtadm in multinode environments
with multiple c-vol services can cause volumes to use duplicate WWNs.
This has been shown to cause some encrypted volume test failures as
os-brick returns a /dev/disk/by-id path to n-cpu that can point to the
wrong underlying volume when multiple volumes with the same WWN are
connected to a host.
There is also some speculation that the duplicate WWNs are also causing
libvirt to fail to detach volumes from instances but as yet this has not
been proven.
This change aims to avoid all of the above by switching the default of
CINDER_ISCSI_HELPER to lioadm for all deployments instead of just EL and
SUSE based deployments.
The Bionic platform job however is pinned to tgtadm as there issues
installing python3-rtslib-fb.
Closes-Bug: #1917750
Change-Id: If5c860d1e69aaef9a9236303c370479a7714ad43
This patch adds a new environment variable, CINDER_BACKUP_DRIVER for
configuring cinder backup driver used when c-bak service is enabled.
This gets cinder backup driver configurable with a similar pattern to
cinder backends. Although the current configurable backup drivers don't
need cleanup functions, the interface for cleanup is prepared for the
future.
The following backup drivers can be configured:
swift:
This is the default backup driver.
ceph:
This already can be configured if ceph backend driver is enabled. For
backward compatibility, ceph backup driver is used if ceph backend
driver is enabled and no backup driver is specified.
s3_swift:
The s3 backup driver gets configurable with this patch. By specifying
's3_swift', the driver is configured for swift s3api.
In the future, lib/cinder_backups/s3 should be created separatedly for
external S3 compatible storage. This file will just set given parameters
such as a URL and credentials.
Change-Id: I356c224d938e1aa59c8589387a03682b3ec6e23d
Conder started moving to new RBAC and cinder-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on cinder side and on Temepst side to tell
cinder is all configured with scope checks and test can be run with
scoped token.
Change-Id: Ic7cd919c000c4e7b9a3a06638a5bd87b1617e749
If we are backing glance with cinder, we will use more volumes and
if timing is right, we will clash with other tests and be unable
to create what we need. If we are backing glance with cinder, we
should increase the volumes quota, which this patch does (to 50 from
a default of 10).
Closes-Bug: #1914665
Change-Id: I2ad1c4d21f996ee1a9ce29ba4f1a4b8f5720f8fb
Bug #1873234 documents a number of CI failures caused by RPC requests
from c-api to c-vol timing out due to `lvchange` taking longer than the
default rpc_response_timeout of 60 seconds to complete.
While the underlying reason for the slowness should be investigated by
the cinder team a trivial workaround to the fallout created by these
timeouts is to simply double the client RPC timeout used by c-api,
allowing c-vol to return and overall the request to succeed.
Change-Id: I53dc0ae10af6aa13f1349b58373932eb6a15ab02
Related-Bug: #1873234
No targetcli package on Ubuntu Focal, it should use targetcli-fb also
when "$CINDER_ISCSI_HELPER" == "lioadm".
Although Xenial only has targetcli, but Xenial is dropped from CI. And
starting from bionic, Ubuntu uses targetcli-fb to replace targetcli. So
here we can use is_ubuntu to make ubuntu use targetcli-fb.
Change-Id: I6d35b6651d486e716980dcd9f4d693bed560463a
This option sets enable_v1_api in glance-api.conf, a setting that
was removed by change Ia086230cc8c92f7b7dfd5b001923110d5bc55d4d
in July 2018, so remove the devstack option from lib/glance.
It occurs in two other places:
This option is used in lib/cinder to set an option that was removed
from Cinder by change Ice379db9ae83420bacf9e96e242c7515930eae86 in
Queens, so remove the related code.
When this option is False, it is used in lib/tempest to set
[image-feature-enabled]/api_v1 to False in the tempest config file.
However, the default value of ths setting has been False since
change Iab3a209c744375bf2618afc00a3f7731b62f557e in Sept 2018,
so remove the related code.
Change-Id: I4b18a0a388ed7e7a392fabeac613778e0d23dee7
All these uwsgi invocations assume that the uwsgi binary is in the
same directory as their project binaries are installed into (probably
/usr/bin). That may not be correct -- for example if using a packaged
uwsgi on Fedora the binary will live in /usr/sbin/uwsgi (not /usr/bin
where the project files from pip are).
Switch invocations to just find it in the path.
Change-Id: I298e3374e9c84e209ffcabbaaacda17f8df19f4f
This only applies to the LVM driver (when using
thick provisioning), and doesn't have any effect on
other backends like NFS, so only write the conf entry
for LVM.
Change-Id: I722ba2fa0010d9887ed9b7fdd9e050cd4694768e
Devstack's lib/cinder set the my_ip on cinder side but it
hard-code it with HOST_IP[1]. It is no issue for IPv4 env
but when you build or run the IPv6 job then this ip is left
to set with IPv6. my_ip should be set to HOST_IP or HOST_IPV6
based on SERVICE_IP_VERSION value.
As part of Train community goal 'Support IPv6-Only Deployments',
we will expand the 'devstack-tempest-ipv6' job to do IPv6-only
deployments verification so we need fix the the my_ip setting.
Closes-Bug: #1838250
Depends-On: https://review.opendev.org/#/c/677524/
[1]6aeaceb0c4/lib/cinder (L231)
Change-Id: I71c74e46467a5d3c1bf9c7d683f364cba7cf9d80
This is no longer being used due to Keystone PKI tokens no longer
being implemented.
In order to not break backward compatibility we create a new function
that is to be used instead and deprecate the old one. Modify the old
function to ignore the 3rd argument and display a deprecation warning.
Adjust callers to no longer create and set that directory, calling the
new function instead.
Change-Id: Id0dec1ba72467cce5cacfcfdb2bc0af2bd3a3610
Support for changing the cinder periodic_interval config option
was added way back in havana as a workaround for bug #1180976
by change I20e52e66fcc94b224476cdd14c88bd6981b4e617. As the fix
for that bug does not require modifying this config value, and
such modification may have unintentional adverse effects, end
the support.
Change-Id: I1ef1fe564123216b19582262726cdb1078b7650e
Partial-bug: #1824837
This patch switches the CINDER_ISCSI_HELPER from tgtadm
to lioadm in openSUSE distros, as it increase the performance
and reduce the flakiness on some tests.
Change-Id: Ic3ee9c6baabe20f8f4d14246f6e29808796a5db9
Signed-off-by: aojeagarcia <aojeagarcia@suse.com>
The tempest-multinode-full job is running the c-bak
service on the subnode where swift isn't running, and
because of the "is_enabled_service swift" check, cinder
on the subnode wasn't getting configured to talk to
swift so the c-bak service was down. Since chances are
good that we're running swift, just configure cinder
to always use it.
Change-Id: I86b090967dadeeefc017ff0311beeea9441b6ba6
Closes-Bug: #1783128
cinder does not yet support operations without project_id in the url.
The unversioned endpoint is not a usable endpoint for a user that
requests the block-storage service. Although it would be lovely to have
the block-storage service have the unversioned endpoint in the catalog,
we need to get project-id out of the urls first.
Change-Id: I4246708b6ea31496ba4d565ab422abc76f730ee7
Needed-By: https://review.openstack.org/564494
DEFAULT_VOLUME_GROUP_NAME volume group is LVM ephemeral storage used by
Nova. It is created by init_nova() if user sets NOVA_BACKEND to "LVM".
However, init_cinder() is also hardcoded to create it, based on the
asumption that CINDER_ENABLED_BACKENDS includes it. That assumption
doesn't hold for the current code. What's more important, even if user
wants to use DEFAULT_VOLUME_GROUP_NAME as one of cinder backends and
adds it to CINDER_ENABLED_BACKENDS, the current code in init_cinder()
are general enough and should work fine. This change removes relevant
code in init_cinder(). It also moves DEFAULT_VOLUME_GROUP_NAME clean-up
code from unstack.sh to cleanup_nova().
Change-Id: I53762f8eda6256f962cc4e1f1098406879bbcf5c
Cinder supports both noauth and keystone auth mode. So now we can
configure this value via local.conf:
[[post-config|$CINDER_CONF]]
[DEFAULT]
auth_strategy = noauth
Change-Id: I1e434362117ab30dae71a8f3a80bc139e78f51bc