Updated clean.sh to remove Glance's Apache uWSGI config files in
APACHE_CONF_DIR, including /etc/apache2/sites-enabled/ on Ubuntu.
Test Plan:
- Run clean.sh.
- Confirm Glance uWSGI configs are removed from APACHE_CONF_DIR.
Closes-Bug: #2057999
Change-Id: I44475b8e084c4b20d7b7cb7f28574f797dbda7a2
Making newly introduced `centralized_db` driver as default cache
driver for glance so that it can be tested in available CI jobs.
New cache driver `centralized_db` needs `worker_self_reference_url`
in glance-api.conf file otherwise glance api service will fail to
start.
Related blueprint centralized-cache-db
Depends-On: https://review.opendev.org/c/openstack/glance/+/899871
Change-Id: I75267988b1c80ac9daa5843ce8462bbac49ffe27
Added new devstack variable `GLANCE_CACHE_DRIVER` default
to `sqlite` to set the cache driver for glance service.
Related blueprint centralized-cache-db
Change-Id: I76d064590356e2d65bfc6a3f57d1bdaeeb83a74a
This makes the glance-api-remote setup honor the GLOBAL_VENV flag,
and not pass the --venv stuff to uwsgi if it is disabled. This should
fix the glance-multistore-cinder-import-fips job.
Change-Id: I2005da5ced027d273e1f25f47b644fecafffc6c1
The base systemd unit file setup now writes an Environment= line to
the file for the venv. The glance-remote code was setting that to
point at the alternate config location, using iniset which was
clobbering the venv one. Switch to iniadd to fix.
Also, we need to explicitly put the --venv flag into the command since
we write our unit file ourselves. This probably needs a cleanup at
this point, but since the glance gate is blocked, do this for now.
Change-Id: I2bd33de45c41b18ed7d4270a7301b1e322134987
Since we are python3 only for openstack we create a single python3
virtualenv to install all the packages into. This gives us the benefits
of installing into a virtualenv while still ensuring coinstallability.
This is a major change and will likely break many things.
There are several reasons for this. The change that started this effort
was pip stopped uninstalling packages which used distutils to generate
their package installation. Many distro packages do this which meant
that pip installed packages and distro packages could not coexist in the
global install space. More recently git has made pip installing repos as
root more difficult due to file ownership concerns.
Currently the switch to the global venv is optional, but if we go down
this path we should very quickly remove the old global installation
method as it has only caused us problems.
Major hurdles we have to get over are convincing rootwrap to trust
binaries in the virtualenvs (so you'll notice we update rootwrap
configs).
Some distros still have issues, keep them using the old setup for now.
Depends-On: https://review.opendev.org/c/openstack/grenade/+/880266
Co-Authored-By: Dr. Jens Harbott <frickler@offenerstapel.de>
Change-Id: If9bc7ba45522189d03f19b86cb681bb150ee2f25
Glance antelope release has enabled the RBAC new defaults
by default
- https://review.opendev.org/c/openstack/glance/+/872522
With the latest release of Glance have new defaults enable,
we should test the same by default in devstack. This change
make GLANCE_ENFORCE_SCOPE flag to True by default so that every
job will run with Glance new defaults.
As old defaults are still supported (in deprecated way), we will keep
GLANCE_ENFORCE_SCOPE flag so that we can have a single job can disable
the new defaults and continue testing the old defaults.
Depends-On: https://review.opendev.org/c/openstack/tempest/+/883701
Change-Id: Idde6f3cb766597575ca822f21b4bb3a465e5e753
We haven't been testing the distro for a while in CI, e.g. in
Tempest, the jobs on opensuse15 haven't been executed for a year
now.
Therefore the patch removes opensuse support from devstack.
Closes-Bug: #2002900
Change-Id: I0f5e4c644e2d14d1b8bb5bc0096d1469febe5fcc
In this release cycle, a few services are enabling the
enforce scope and new defaults by default. Example Nova:
- https://review.opendev.org/c/openstack/nova/+/866218)
Until the new defaults enalbing by default is not released we
should keep testing the old defaults in existing jobs and we can
add new jobs testing new defautls. To do that we can provide the
way in devstack to keep scope/new defaults disable by default which
can be enabled by setting enforce_scope variable to true.
Once any service release the new defaults enabled by default then
we can switch the bhavior, enable the scope/new defaults by default
and a single job can disbale them to keep testing the old defaults
until service does not remove those.
Change-Id: I5c2ec3e1667172a75e06458f16cf3d57947b2c53
This updates each devstack service library, to use it as the
default value for service-specific RBAC configuration.
Change-Id: I41061d042206c411ee3dd94ce91098e612af7ae7
This is a followup for change Ifdef3510bc7da3098a71739814e35dbaf612ae34
which added configuration of unified limits for nova. This removes an
unnecessary wrapper unsetting of OS_ env variables, unnecessary quoting
on an iniset config value, and a hardcoding of user domain. The glance
code from which the nova code was originally copied is also cleaned up.
Change-Id: I4921af5cc0f624dd5aa848533f7049ee816be593
This is needed so we can set keystone into enforcing secure RBAC.
This also adjusts lib/glance, which already partially used
devstack-system-admin.
Change-Id: I6df8ad23a3077a8420340167a748ae23ad094962
Before, we needed to unset a couple of parameters that would make the
client return a project-scoped token instead of a system-scoped token,
which we need when interacting with registered limits in keystone.
This commit removes those unsets since we no longer source those
variables by default. This commit also cleans up some of the redundant
parameters in the registered limit calls, like region.
Change-Id: I1af8a168a29e895d57504d41e30efea271ea232d
Earlier glance remote worker was using same cache directory used by
glance worker. Ideally both should use their own cache directory.
This patch makes provision for the same by setting different path
for image_cache_dir config option.
Change-Id: If2627e9c212fd765b96d925046c04e9cb1001c3d
The glance image size limitation was added and unfortuantely
does prevent larger images from being uploaded to glance. In the
case of all baremetal testing, this value is realistically smaller
than stock "cloud" images which support booting to baremetal with
often requisite firmware blobs, which forces some images over 1GB
in size.
Adds GLANCE_LIMIT_IMAGE_SIZE_TOTAL which allows users who need
larger images to be able to override the default while still
enabling limits enforcement in their deployment. The default
value is 1000.
Change-Id: Id425aa546f1a5973bae8be9c017782d18f0b4a47
When Glance is configured with a cinder glance_store, Cinder can be
configured to allow cloning of image data directly in the backend
instead of transferring data through Glance. Expose these
configuration options in devstack to facilitate testing this feature.
Adds:
- CINDER_ALLOWED_DIRECT_URL_SCHEMES
- GLANCE_SHOW_DIRECT_URL
- GLANCE_SHOW_MULTIPLE_LOCATIONS
Change-Id: Iee619b443088fd77cf7b1a48563203bdf4a93a39
This cleans up some of the quote and variable handling that was
pointed out in review of the previous patch. This is non-critical,
so I'm putting it in a subsequent patch to avoid disturbing the
careful alignment of patches across three projects that are mostly
approved.
Change-Id: I9b281efd74ba5cd78f97b84e5704b41fd040e481
In order to be able to test glance's distributed import function,
we need to have multiple workers in an arrangement like they
would be if one was on another host (potentially at another site).
This extra worker must be separate from the default image service
in order to repeatedly hit one and then the other to test cross-
service interactions.
This allows you to enable_service g-api-r, which will clone the main
g-api service, modify it to run on a different port, and start it.
The service will be registered in the catalog as image_remote.
Depends-On: https://review.opendev.org/c/openstack/glance/+/769976
Change-Id: I0e2bb5412701d515153c023873addb9d7abdb8a4
Glance started moving to new RBAC and glance-tempest-plugin
and Tempest need to set few configuration to enable the
scope checks on glance side and so does on Temepst side to tell
glance is ready with scope checks so that test can be run with
scoped token.
Change-Id: I09f513d08212bc80a3a86a750b29b1c6625d2f89
The XenAPI driver was removed during the Victoria release [1], while the
libvirt+xen driver has been removed in the Wallaby release [2]. Remove
references to Xen from DevStack since its all a no-op now.
[1] I42b302afbb1cfede7a0f7b16485a596cd70baf17
[2] I73305e82da5d8da548961b801a8e75fb0e8c4cf1
Change-Id: If7055feb88391f496a5e5e4c72008bf0050c5356
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
The situation around glance under WSGI has changed a lot in a week.
We can now run tasks and imports under WSGI, so let's switch the
default back so that glance is consistent (by default) with the
other projects.
Change-Id: I3ae285b2ac4972c0b8abaccfc7c0ede0e1c49bf1
This patch will enable user to configure single cinder store as well as
multiple cinder stores for glance. Below are the parameters needs to be
added in local.conf.
A. For single store
USE_CINDER_FOR_GLANCE=True
B. For Multiple stores
USE_CINDER_FOR_GLANCE=True
GLANCE_ENABLE_MULTIPLE_STORES=True
CINDER_ENABLED_BACKENDS=${CINDER_ENABLED_BACKENDS:-lvm:lvmdriver-1,lvm:lvmdriver-2,nfs:nfsdriver-1,ceph:cephdriver-1}
GLANCE_CINDER_DEFAULT_BACKEND=lvmdriver-1
enable_plugin devstack-plugin-nfs https://opendev.org/openstack/devstack-plugin-nfs
enable_plugin devstack-plugin-ceph https://opendev.org/openstack/devstack-plugin-ceph
NOTE:
GLANCE_CINDER_DEFAULT_BACKEND should be one of the value from CINDER_ENABLED_BACKENDS.
If you need to configure nfs and ceph backend for cinder then you need to add respective plugins in
local.conf file.
If GLANCE_ENABLE_MULTIPLE_STORES is True then it will not configure
swift store for glance even if it is enabled in local.conf file.
Needed-by: https://review.opendev.org/#/c/750018
Change-Id: Id0d63c4ea41cce389eee8dc9a96913a7d427f186
As of the referenced patch in glance, we can do import in wsgi mode.
Also remove the enforcement that import methods are disabled.
Change-Id: I8da4b4ad6105bb64c4045ca80db9742591d01564
Depends-On: https://review.opendev.org/#/c/742065
We always want to start glance on the internal port now,
regardless of whether or not tls-proxy is in use, because we
write_local_proxy_http_config() for the standalone case.
Change-Id: I47dea645d4a852e02e25af0e1df9c28fec92c42a
Co-Authored-By: Radosław Piliszek <radoslaw.piliszek@gmail.com>
While removing registry [1] we by mistake removed some code related to
multiple store configuration for glance. This must be happened during
resolving merged conflicts.
Adding it back.
[1] https://review.opendev.org/708062
Change-Id: I2b84f7b7c51b7b20765a06b48c75006fd2e8ab71
Glance should not be exposing import methods that cannot work via its
API, but it does today. In order for tempest (et al) to be able to
properly detect whether import is possible, we must configure the
import methods in standalone mode, or disable them in wsgi mode. The
referenced Glance patch will make this a requirement.
Change-Id: I3bf3498d83607c5e98b70877c061dc54fc3c0a6e
Needed-By: https://review.opendev.org/#/c/741497/
A whole set of Glance functionality is not usable under uwsgi, including any
of the more powerful async import, customization, and copying functions.
In order to facilitate writing and running tempest tests for these features
in all environments covered by the various jobs across all the projects that
include Glance, we should default to this deployment method.
It is still possible to deploy glance in uwsgi mode by setting the flag to
False, and we can do that for some jobs to make sure that it continues to
work. However, the default should be what we expect deployers will use,
which is standalone mode.
Depends-On: https://review.opendev.org/741479
Change-Id: I141acab2a07a4eebd8d850f900058bc8cbf9c7bf
Full Glance functionality requires Glance being run in a configuration
where it can spawn long-running task threads. The default uwsgi mode
does not allow this, and the current workaround is to set WSGI_MODE
to something other than uwsgi to get the devstack code to deploy
Glance as a standalone service. Since this affects the entire rest of
the deployment, this patch separates out a flag to control this behavior
specifically for Glance. When WSGI_MODE=uwsgi, control of the Glance
deployment mechanism is allowed via GLANCE_STANDALONE=True|False. If
WSGI_MODE!= uwsgi then we deploy standalone Glance anyway.
Change-Id: I79068ce0bd7414bc48ff534ee22f0de5d7b091cb
Added new boolean option 'GLANCE_USE_IMPORT_WORKFLOW' default to False.
If this parameter set in local.conf as True then devstack will use the
new import workflow to create the image.
In order to use new import workflow of glance;
user need to set below options in local.conf
GLANCE_USE_IMPORT_WORKFLOW=True
Note that the import workflow does not work in uwsgi because of
some fundamental restrictions it has. Thus, devstack must be configured
with WSGI_MODE=mod_wsgi, otherwise glance will not be able to process
the imports. The new helper function will abort to avoid in that case
to avoid the image never being moved to "active" state by an import
task that will never be executed.
Co-Authored-By: Abhishek Kekane <akekane@redhat.com>
Co-Authored-By: Dan Smith <dansmith@redhat.com>
Needed-By: https://review.opendev.org/#/c/734184
Change-Id: I1306fe816b7a3eca1e2312c0c454be3d81118eca
This option sets enable_v1_api in glance-api.conf, a setting that
was removed by change Ia086230cc8c92f7b7dfd5b001923110d5bc55d4d
in July 2018, so remove the devstack option from lib/glance.
It occurs in two other places:
This option is used in lib/cinder to set an option that was removed
from Cinder by change Ice379db9ae83420bacf9e96e242c7515930eae86 in
Queens, so remove the related code.
When this option is False, it is used in lib/tempest to set
[image-feature-enabled]/api_v1 to False in the tempest config file.
However, the default value of ths setting has been False since
change Iab3a209c744375bf2618afc00a3f7731b62f557e in Sept 2018,
so remove the related code.
Change-Id: I4b18a0a388ed7e7a392fabeac613778e0d23dee7
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.
Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
Glance has deprecated registry serivce for long and now efforts are placed to
remove the registry code from the glance repo.
To avoid regression on other projects, gate jobs etc. removing
configuring registry service from the devstack.
Change-Id: I6a7be6bdc97acc43c8e985060aeea05d92642e80
All these uwsgi invocations assume that the uwsgi binary is in the
same directory as their project binaries are installed into (probably
/usr/bin). That may not be correct -- for example if using a packaged
uwsgi on Fedora the binary will live in /usr/sbin/uwsgi (not /usr/bin
where the project files from pip are).
Switch invocations to just find it in the path.
Change-Id: I298e3374e9c84e209ffcabbaaacda17f8df19f4f
Disable insecure option for glance_store with
swift backend when tls is enabled.
Specify swift_store_cacert option.
Change-Id: Ia1e8f596c95dd7b6e63cb21a94c8316dc71bf945
Recent change to devstack dropped installing test-requirements [1]
However, this caused gate failures due to lack of glance-store
deps for cinder and swift support.
This patch makes devstack install relevant extras depending on
enabled features.
Additionally, relevant functions are added/fixed to make this
possible.
glance-store = glance_store (for gerrit search match)
[1] https://review.opendev.org/715469
Change-Id: I0bf5792a6058b52936115b515ea8360f6264a7c9
From Train release Glance has added support [0][1] to configure multiple stores
of same or different types. This patch enables developers to configure
multiple file stores for glance. In order to configure multiple file stores
user need to set below options in local.conf
GLANCE_ENABLE_MULTIPLE_STORES=True/False
To enable multiple stores of glance.
GLANCE_MULTIPLE_FILE_STORES=veryfast,fast,cheap,verycheap,slow,veryslow
Comma separated list of store identifiers.
GLANCE_DEFAULT_BACKEND=fast
Default glance store in which image should be stored if store identifier not
specified explicilty. Should be one of the store identifier from
GLANCE_MULTIPLE_FILE_STORES config option.
NOTE: This support is added so that we can start adding tempest/CI tests for
glance multiple stores.
[0] 515412b59f5b3af07a1787b9f8e85a4d656d3e1c
[1] https://docs.openstack.org/glance/train/admin/multistores.html
Change-Id: I494f77555cfe9115356ce0ee75c7d7f192141447
huicoffee