Commit Graph

230 Commits

Author SHA1 Message Date
Zuul 8bc99f3ef1 Merge "nova: unset cpu_model on aarch64" 2024-02-23 18:27:39 +00:00
Jay Faulkner e1297193dc [nova][ironic] Support configuring 1 shard on n-cpu
Allows for testing of basic sharding configuration.

Change-Id: Idfb2bd1822898d95af8643d69d97d9a76b4d64cc
Needed-By: https://review.opendev.org/c/openstack/ironic/+/894460
2023-09-11 17:44:09 +00:00
Brian Haley a13201646d Install systemd-coredump on Debian-based distros
On Debian-based distros, the 'coredumpctl' command is
provided by the systemd-coredump package, which is not
installed by default. On failure, when "post" commands
are executed this error is seen:

  controller | /bin/bash: line 1: coredumpctl: command not found

Install it along with other libvirt packages to avoid
the error.

On Fedora distros it is in the systemd package, so the
problem is not seen since it is always installed.

Change-Id: I6012bd3240d68736a5db8ae49dc32098a086f320
2023-05-30 13:31:05 -04:00
Martin Kopec ec07b343d2 Remove support for opensuse
We haven't been testing the distro for a while in CI, e.g. in
Tempest, the jobs on opensuse15 haven't been executed for a year
now.
Therefore the patch removes opensuse support from devstack.

Closes-Bug: #2002900
Change-Id: I0f5e4c644e2d14d1b8bb5bc0096d1469febe5fcc
2023-02-16 12:01:39 +01:00
wangxiyuan 6440c6d7e6 Add openEuler 22.03 LTS support
openEuler 20.03 LTS SP2 support was removed from devstack in last
few months due to its python version is too old and the CI job
always fail. And openEuler 20.03 LTS SP2 was out of maintainer in May
2022 by openEuler community.

The newest LTS version was released in March 2022 called 22.03 LTS.
This release will be maintained for at least 2 years. And the python
version is 3.9 which works well for devstack.

This Patch add the openEuler distro support back. And add the related
CI job to make sure its works well.

Change-Id: I99c99d08b4a44d3dc644bd2e56b5ae7f7ee44210
2022-12-07 10:03:27 +08:00
Mohammed Naser 28bed125a2 nova: unset cpu_model on aarch64
Without this, running DevStack on an `aarch64` environment will end
up in cpu_model set to "Nehalem" and cpu_mode set to "host-passthrough"
which does not work.

This patch drops that value under aarch64 environments.

Change-Id: I30be5a388dda5ccf08718670dbb14a28a4a8a8eb
2022-04-20 15:13:33 -04:00
Kevin Zhao 7880ba665e openEuler 20.03 LTS SP2 support
openEuler is an open-source Linux based operating system. The current
openEuler kernel is based on Linux and supports multi arch, such as X86_64
and aarch64. It fully unleashes the potential of computing chips. As an
efficient, stable, and secure open-source OS built by global open-source
contributors, openEuler applies to database, big data, cloud computing,
and AI scenarios. openEuler is using RPM for package management.

Note:
Currently there is no available package for uwsgi-plugin-python3 and ovn, so that
openEuler needs manually install them from source.

Website: https://www.openeuler.org/en/

Change-Id: I169a0017998054604a63ac6c177d0f43f8a32ba6
Co-Authored-By: wangxiyuan <wangxiyuan1007@gmail.com>
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
2021-12-22 14:47:27 +08:00
Clark Boylan e06d954229 Use Nehalem CPU model by default
CentOS/RHEL 9 are being compiled for the x86_64-v2 architecture which is
newer than the qemu default of qemu64. This means that for devstack to
boot these instances we need a newer CPU model. Nehalem is apparently
the oldest model that works for x86_64-v2 and is expected to work on
Intel and AMD cpus with kvm or qemu. Switch devstack to this model by
default.

Note that we cannot use host-passthrough or host-model because we want
to support live migration between devstack deployed nova-compute
instances and even within the CI instances that we get the host CPUs can
differ.

Also, we should run this change against as many clouds as possible to
ensure that the newer model works across all of our clouds. There is
some fear that the virtual CPUs presented to us in some clouds may not
be able to run these newer CPU models.

Change-Id: Ibd6e11b59f3c8655bc60ace7383a08458b2177f2
2021-10-21 08:15:12 -07:00
Radosław Piliszek 8b8a4c75b7 Remove libvirt-python from upper-constraints
... when installed from distribution.

This is mostly to fix Ironic's gate as their ecosystem is too
broad and complex to quickly remove libvirt-python from all
possible requirements.txt

More details inline.

See also: https://review.opendev.org/c/openstack/devstack/+/798514
aka f0bf2bdff1

Change-Id: Ic44daf15e952bbe3c424984ffb2474261e68008f
2021-08-18 15:01:27 +00:00
Lee Yarwood f0bf2bdff1 libvirt: Stop installing python bindings from pip
As set out in bug #1933096 these bindings are dynamically built against
the version of libvirt present in the environment at build time.

As a result using a pre-built wheel can cause AttributeError's when the
bindings have previously been built elsewhere against an older version
of libvirt installed on the host. This is currently the case in CentOS 8
stream based CI jobs where we try to use 7.4.0 bindings that appear to
be built against libvirt <= 6.10 leading to bug #1933096.

This change seeks to avoid this by installing the bindings from packages
that will always be built against the correct corresponding version of
libvirt.

Change-Id: I76184c17a776c4e1ecaab9549d9d36c8c07c60fa
Closes-Bug: #1933096
2021-06-29 11:53:22 +01:00
Zuul 94d7cacfe2 Merge "Revert edk2 workaround" 2021-06-25 10:16:44 +00:00
Radosław Piliszek 808331488d Revert edk2 workaround
It is not needed anymore.

Change-Id: I706a33b0a7c737a23b9a7270af1e53e5de83c66f
2021-06-18 12:06:02 +00:00
Julia Kreger 6af3cb9eb2 nova ironic-hypevisor - support scoped auth config
The Secure RBAC effort has updated Ironic such that it
can support a mode where it is scope enforcing for all
interactions with the API. Due to the design, and operating
nature of Ironic's API, services speaking with it must
authenticate with a system scope to have a full picture
of the universe.

In this case, we need to update the nova configuration
accordingly such that the compute service understands
how to talk to ironic so that it can see the nodes under
management.

Ironic will likely update this again at a later point in
time to enable a "hybrid" mixed-mode as the operating model
and related permissions *should* allow nova to use a project
scoped "owner" account with Ironic, in order to access
and command nodes to deploy. But at this time, we're
focusing on the exclusive operating mode.

Change-Id: I1946725ce08c495178c419eaf38829f921c91bbe
Needed-By: https://review.opendev.org/c/openstack/ironic/+/778957
2021-06-15 11:32:45 -07:00
Radosław Piliszek 96509ea025 Check centos-8-stream
CentOS Stream 8 (aka CentOS 8 Stream) is the currently
supported runtime platform. [0]

Some background history:
The Manila team has asked QA to test centos-8-stream
in the common gate.
A bit later it turned out the point releases of CentOS 8 (aka
CentOS Linux 8) will stop happening entirely by the end of 2021.
[1]

Includes a workaround to the edk2-ovmf issue on CentOS Stream 8
x86_64.

[0] https://governance.openstack.org/tc/reference/runtimes/xena.html
[1] https://lists.centos.org/pipermail/centos-devel/2020-December/075451.html

Change-Id: Iee5a262af757f27f79ba1d6f790e949427dca190
2021-06-07 06:54:20 +00:00
Stephen Finucane 970891a4ef Remove references to XenAPI driver
The XenAPI driver was removed during the Victoria release [1], while the
libvirt+xen driver has been removed in the Wallaby release [2]. Remove
references to Xen from DevStack since its all a no-op now.

[1] I42b302afbb1cfede7a0f7b16485a596cd70baf17
[2] I73305e82da5d8da548961b801a8e75fb0e8c4cf1

Change-Id: If7055feb88391f496a5e5e4c72008bf0050c5356
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2021-03-05 15:10:19 +00:00
Masayuki Igawa 89acae9779
Use python3-guestfs in Ubuntu
This commit makes to use python3-guestfs instead of python-guestfs in
Ubuntu because python-guestfs package is not provided in focal[1][2].
This causes errors in some gate job if `ENABLE_FILE_INJECTION` is true
like the following.

```
...
Package python-guestfs is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
  python3-guestfs

E: Package 'python-guestfs' has no installation candidate
...
```
http://paste.openstack.org/show/801073/

[1] https://packages.ubuntu.com/search?lang=en&keywords=python3-guestfs
[2] https://packages.ubuntu.com/search?lang=en&suite=default&arch=any&searchon=names&keywords=python-guestfs

Change-Id: Iffe60aa0351b732d543927afa1f1e846ba2a89fd
2020-12-16 09:17:08 +09:00
Jens Harbott 32c00890ed Prepare for dropping keystone admin endpoint
Keystone no longer has any special functionality hidden behind the admin
endpoint. Stop referencing it in consumers, so it can later be dropped
completely.

Change-Id: I04a5d77908005268cc7c59e7e9ddeea70f6732e2
2020-06-26 15:26:22 +02:00
Zuul ff479d03ee Merge "Fix devstack default settings in aarch64" 2020-06-04 10:13:00 +00:00
Riccardo Pittau e726ecb537 Remove sgabios.bin workaround
The bug has been fixed since a while, also in recent distributions,
for example Ubuntu 20.04, the sgabios.bin ROM is provided directly
by qemu-system-data as an actual file under /usr/share/qemu and
it conflicts with the one provided by sgabios, so removing the
workaround is actually needed to prevent failures.

Change-Id: Ib5f23dbd8839a0927418692054f4ed4abd76babc
2020-05-25 11:50:59 +02:00
Kevin Zhao 551848dd69 Fix devstack default settings in aarch64
1. Lack qemu-efi in ubuntu
2. Lack edk2.git-aarch64 in Fedora/Centos
3. Remove NOVNC disable.

Change-Id: Ifbd0c386df6b28bc64cef20cab8e08f99a85c782
Signed-off-by: Kevin Zhao <kevin.zhao@linaro.org>
2020-05-11 08:24:54 +00:00
Ian Wienand 9b8b7021d0 Fedora: install python3-libguestfs
All platforms are python3 now

Change-Id: Ie9f4c7e52f23a45bb8cf70a5fddf1b21a40d7000
2020-04-16 13:03:56 +10:00
Zuul 93d22d8298 Merge "Add LIBVIRT_CPU_MODE to set CPU mode" 2020-02-17 01:05:14 +00:00
Zuul d5c964d95e Merge "libvirt: Support the use of the virt-preview repo when using Fedora" 2020-01-29 04:51:39 +00:00
Lee Yarwood 169f5dee47 libvirt: Support the use of the virt-preview repo when using Fedora
The virt-preview repo provides the latest rawhide versions of QEMU,
Libvirt and other virt tools for older releases of Fedora. This repo is
extremely useful when testing features in OpenStack that rely on these
latest builds well in advance of them landing in full Fedora, CentOS or
RHEL releases.

This change adds a ``ENABLE_FEDORA_VIRT_PREVIEW_REPO`` configurable
to control when this repo is enabled and used when deploying on Fedora.

Change-Id: I5c3e1b7b632fd73310c462530990cdb0e0c0ceea
2020-01-27 18:02:30 +00:00
Carlos Goncalves 8dd6f153d6 Add LIBVIRT_CPU_MODE to set CPU mode
In same cases, the hypervisor presents to the guest OS a named CPU model
is similar to the host CPU and adds extra features to approximate the
host model. However, this does not guarantee all features will be
precisely match.

This patch adds LIBVIRT_CPU_MODE to allow users to define the CPU mode
they want to use, for example "host-passthrough".

Change-Id: I83792c776b50d1d22584be2a37cc6a166f09c72b
2020-01-20 14:16:12 +01:00
Stephen Finucane 248d4bb8d2 Stop configuring '[DEFAULT] firewall_driver' for nova
This option has default to the 'NoopFirewallDriver' for some time and
will soon be removed. Stop configuring it entirely.

Change-Id: I4dbc0015cf26d7edf51d0d5fd978ccd3a1ad1b79
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
2020-01-16 09:27:54 +00:00
Ian Wienand 2e66778699 Drop Xenial support
With the goals of Ussuri being Python 3.6 [1], the python 3.5
environment on Xenial is too old.  Remove testing and the most obvious
bits of support from devstack.

Also drop claimed support for artful, which is long EOL.

[1] https://governance.openstack.org/tc/reference/runtimes/ussuri.html

Change-Id: Iefcca99904dde76b34efbbfc0e04515dfa5a09e5
2019-11-21 18:38:32 +00:00
melanie witt 1d378dcf6d Remove n-novnc service requirement for TLS configuration
When configuring TLS between the console proxy (where the n-novnc
service runs) and the compute host, some configuration for QEMU needs
to be done on the compute host. The existing code for this requires the
n-novnc service to be running, which it is in a single node all-in-one
deployment. However, when running in a multinode deployment, the
n-novnc service runs only on the controller and not on the subnode.
Yet, we need to configure QEMU on the subnode compute host as well.

This removes the n-novnc service requirement to enable TLS QEMU
configuration to occur on a compute subnode in a multinode deployment.

Closes-Bug: #1849418

Change-Id: I8b6970e91ad7f52ff489cb9f776ca216d8f86aa4
2019-10-23 04:53:42 +00:00
Eric Fried e273c0433f Set ksa retry conf options for n-cpu [ironic]
We're trying to get nova to talk to ironic through openstacksdk and need
to be able to specify retry limits/intervals there. We could reuse the
existing conf options, but better to support the standard ones exposed
from keystoneauth1 via [1] and [2].

Note that these will be ignored unless you have keystoneauth1 3.15.0
(for [1]) or 3.16.0 ([1] and [2]) and are building your adapter using
ksa-derived conf options (see the Needed-By).

Needed-By: https://review.opendev.org/642899

[1] https://review.opendev.org/#/c/666287/
[2] https://review.opendev.org/#/c/672930/

Change-Id: I79c416e25d635b0ffa419640b4bd91e36f78b1ab
2019-08-21 08:59:51 +00:00
Zuul 2542354fb5 Merge "Fix error in configure_nova_hypervisor with hardware Ironic node" 2019-07-29 12:51:58 +00:00
Zuul 8072595150 Merge "Remove the usage of read_password from library files" 2019-07-15 12:15:42 +00:00
Vanou Ishii 705e9cb5dc Fix error in configure_nova_hypervisor with hardware Ironic node
Trying to deploy OpenStack environment consisting of ironic nova
hypervisor & hardware Ironic node (not VM Ironic node) with devstack
got failed.

Devstack error says error occurred while calling configure_libvirt
in configure_nova_hypervisor. This happens because libvirt related
packages are not installed when specifying "VIRT_DRIVER=ironic"
and "IRONIC_IS_HARDWARE=True".

To fix this problem, this commit add "if" statement to check
Ironic node is hardware or not using "is_ironic_hardware" function
in "function-common" file.

Change-Id: I1113478175fadec79d0f8bf6ae842ed86e5e686b
Closes-Bug: #1834985
2019-07-05 01:22:09 +00:00
Stephen Finucane 4b8cba77fe Remove n-cells, n-net and n-cauth
Remove nova cells v1 support, which also allows/necessitates removing
support for nova networks (which was only supported with cells v1) and
nova-consoleauth (which was required by cells v1 but is unnecessary
otherwise).

The Depends-On isn't really necessary, but it's here to make sure this
doesn't merge until we _really_ have killed cells v1.

I honestly expected this patch would be bigger.

Change-Id: I90316208d1af42c1659d3bee386f95e38aaf2c56
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>
Depends-On: Ib0e0b708c46e4330e51f8f8fdfbb02d45aaf0f44
2019-05-31 15:10:05 +01:00
Erik Olof Gunnar Andersson a13474fd78 Add region_name to ironic compute configuration
We should always pass on a region when talking to
ironic. This will also help detect and test issues
specific to regions.

Change-Id: Iaab3c1bcedc5aaa2106c0758cbb43bade3de2cf5
2019-04-18 21:14:40 -07:00
melanie witt e2853bf2d0 Set ownership of /etc/pki/<console> files for TLS
OpenSSL 1.0.2 generates key files with default permissions: 644 and the
files are copied to the /etc/pki/* directories with sudo.

When the default CI node Ubuntu version was changed from Xenial =>
Bionic we changed from OpenSSL 1.0.2 => 1.1.0. And OpenSSL 1.1.0
generates key files with default permissions: 600. When we copy the key
file to /etc/pki/* using sudo, it becomes owned by root and then the
console-related users are unable to read it.

This sets the ownership of the /etc/pki/<console> files to the
user:group intended to read them.

Closes-Bug: #1819794

Change-Id: I437a46c875cf633272e8cad0811e5557f2ac3641
2019-03-25 03:42:18 +00:00
Luigi Toscano 29771c1c1e Remove the usage of read_password from library files
The read_password function is defined inside stack.sh
and it cannot be used inside the "public library interface"
provided by DevStack.

Move the calls found inside library files to stack.sh,
following the same pattern of the other calls to read_password.

Change-Id: I8adc6723b677dfac2bef735f660e056c498bf773
2019-02-21 10:37:45 +01:00
Matt Riedemann 5e832d3061 Modernize VIRT_DRIVER=fake usage
This makes three changes:

1. The quota options set when using the fake
   virt driver have been renamed so we're getting
   deprecation warnings on using the old names.
   Rather than set each quota limit value individually,
   we can just use the noop quota driver for the same
   effect.

2. The enabled_filters list for the scheduler was last
   updated when using the fake virt driver back in Juno
   via Ic7ec87e4d497d9db58eec93f2b304fe9770a2bbc - with
   the Placement service, we don't need the CoreFilter,
   RamFilter or DiskFilter. Also, in general, we just
   don't need to hard-code a list of scheduler filters
   when using the fake virt driver. If one needs to set
   their own scheduler filter list, they can do so using
   the $FILTERS variable (or post-config for nova.conf).

3. The largeops job, which ran the Tempest scenario tests,
   has been gone for a few years now, as have the Tempest
   scenario tests, so the API_WORKERS modification when
   using the fake virt driver should be removed. If we had
   a CI job like the largeops job today, we would set the
   worker config via the job rather than in devstack.

Change-Id: I8d2bb2af40b5db8a555482a0852b1604aec29f15
2018-06-02 12:40:58 -04:00
Matt Riedemann 59e6ff10ce Remove IRONIC_USE_RESOURCE_CLASSES check
Nova has dropped support for non-resource class
baremetal scheduling, so the IRONIC_USE_RESOURCE_CLASSES
flag is no longer useful and has been removed.

Depends-On: https://review.openstack.org/565805/
Change-Id: Ib2e6c96409c98877f6a43b76f176c1420d2d415e
2018-05-02 11:45:09 -04:00
Zuul 96abf696f5 Merge "Increse api_max_retries and api_retry_interval for ironic" 2018-03-05 12:48:00 +00:00
Zuul 9f71c4ad4e Merge "nova: add support for TLS between novnc proxy & compute nodes" 2018-02-20 09:39:19 +00:00
Vasyl Saienko 64039ef300 Increse api_max_retries and api_retry_interval for ironic
There is no way to upgrade ironic before nova because of
grenade design. In multinode job we do not restart nova
as we test partial upgrade of ironic there.
On slow nodes upgrading ironic takes time and nova looses
ironic connectivity

This patch increases api_retry_interval and api_max_retries
to make sure we have a time to upgrade ironic before nova
compute stuck.

Change-Id: I3b1429d6561431a82edda04a0e574cac38771837
2018-01-23 12:07:19 +02:00
Zuul c19d0cbb27 Merge "Fix libvirt daemon name condition" 2017-11-21 20:04:34 +00:00
Ian Wienand 0d0b69027b Restore qemu-kvm install for CentOS
The kvmibm removal I009ae4779588615633bff81d0c47a1b879ec9279
incorrectly removed this (the check was install if *not* kvmibm).
Since we don't support kvmibm any more, it should be safe to install
everywhere as done here.

For the full history, it started with us installing qemu-kvm-ev with
Ide91b261f35fb19d8bd7155ca016fa3b76a45ea1, then we fixed it to be more
generic and just install qemu-kvm with
I46da627c0da8925064862fdc283db81591979285, then Fedora 26 support in
I5c79ad1ef0b11dba30c931a59786f9eb7e7f8587 made this install everywhere
*but* kvmibm.

Change-Id: If3e9661451ad1055e7c8d670605a53095f0aeda4
2017-11-17 10:41:55 +11:00
Zuul 2647fc2ac1 Merge "Drop support for "kvmibm" distro" 2017-11-15 00:05:24 +00:00
Daniel P. Berrange e9870eb18d nova: add support for TLS between novnc proxy & compute nodes
Nova is gaining the ability to run TLS over the connection between the
novnc proxy service and the QEMU/KVM compute node VNC server.

This adds a new config param - 'NOVA_CONSOLE_PROXY_COMPUTE_TLS=True' -
which instructs devstack to configure libvirt/QEMU to enable TLS for the
VNC server, and to configure the novncproxy to use TLS when connecting.
NB this use of TLS is distinct from use of TLS for the public facing API
controlled by USE_SSL, they can be enabled independently.

This is done in a generic manner so that it is easy to extend to cover
use of TLS with the SPICE and serial console proxy services too.

Change-Id: Ib29d3f5f18533115b9c51e27b373e92fc0a28d1a
Depends-on: I9cc9a380500715e60bd05aa5c29ee46bc6f8d6c2
Implements bp: websocket-proxy-to-host-security
2017-10-19 18:32:51 +00:00
Jan Zerebecki 2c2ca80ce0 Fix libvirt daemon name condition
This makes the condition that chooses which daemon name libvirt to call
the same as for choosing the livirt package names.

Without this fix the condition checking for a directory is incorrect
when livirt is not yet installed, but is used before installing the
packages.

Change-Id: Ib5eb12769128527a6f4b3b5f7674bd2dad0ed160
2017-10-17 18:34:30 +02:00
jianghua wang 843b039b3c Use the renamed vnc options
As the following commit has renamed the two vnc options; let's
use the new options in devstack:
https://review.openstack.org/#/c/498387/

Change-Id: Id125666814ea9bb8a22b579aee0f6bc1c65ade80
2017-10-13 07:25:43 +00:00
Markus Zoeller b8335eebe8 Drop support for "kvmibm" distro
The IBM hypervisor distro "KVM for IBM z Systems" gets discontiued,
like announced in March 2017 [1]. The key dates are:

* 03/2017: announcement
* 08/2017: the last day to order (EOM)
* 03/2018: the End of Service (EOL)

As the CI which tests OpenStack with KVM on IBM Z doesn't rely on this
distro anymore and EOM has reached, we remove the Devstack support for
this distro.

This basically reverts commit a5ea08b of Dec 2015.

NOTE: This doesn't affect other distros which have KVM on Z support.

References:
[1] FAQ for KVM for IBM z Systems Delivery Strategy Change
    https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=ZSQ03110USEN&

Change-Id: I009ae4779588615633bff81d0c47a1b879ec9279
2017-10-10 11:08:09 +02:00
Jenkins 401f43d4e1 Merge "Stop using ironic host manager with resource classes" 2017-10-06 03:17:02 +00:00
Vladyslav Drok b79be36cdb Remove setting some of the scheduler settings
It makes sense to set them only if resource classes are not used.

Change-Id: I76d8501a1d1a20357acadad4cd8f2d6cef3896c1
2017-08-30 19:19:56 +03:00