In this release cycle, a few services are enabling the
enforce scope and new defaults by default. Example Nova:
- https://review.opendev.org/c/openstack/nova/+/866218)
Until the new defaults enalbing by default is not released we
should keep testing the old defaults in existing jobs and we can
add new jobs testing new defautls. To do that we can provide the
way in devstack to keep scope/new defaults disable by default which
can be enabled by setting enforce_scope variable to true.
Once any service release the new defaults enabled by default then
we can switch the bhavior, enable the scope/new defaults by default
and a single job can disbale them to keep testing the old defaults
until service does not remove those.
Change-Id: I5c2ec3e1667172a75e06458f16cf3d57947b2c53
This function has been deprecated for a long time, let's finally
remove it. It is only generating a warning anyway.
Change-Id: I7bd440adf2ce8283e3ad3d5d09e6b2b877e2b42e
All these uwsgi invocations assume that the uwsgi binary is in the
same directory as their project binaries are installed into (probably
/usr/bin). That may not be correct -- for example if using a packaged
uwsgi on Fedora the binary will live in /usr/sbin/uwsgi (not /usr/bin
where the project files from pip are).
Switch invocations to just find it in the path.
Change-Id: I298e3374e9c84e209ffcabbaaacda17f8df19f4f
This is no longer being used due to Keystone PKI tokens no longer
being implemented.
In order to not break backward compatibility we create a new function
that is to be used instead and deprecate the old one. Modify the old
function to ignore the 3rd argument and display a deprecation warning.
Adjust callers to no longer create and set that directory, calling the
new function instead.
Change-Id: Id0dec1ba72467cce5cacfcfdb2bc0af2bd3a3610
This change addresses a few inconsistencies in how nova processes
are configured to speak to the placement service.
The initial inspiration was that region_name was not being set in the
[placement] section, despite $REGION_NAME being used when setting
the endpoint in the catalog. That's fixed.
While fixing that two other issues became clear:
* Configuring nova process to use placement should happen in lib/nova
not lib/placement so the function has been moved.
* auth_strategy is not relevant in the [placement] section of a
nova process
The name of the function is maintained, in case there are plugins which
call it, but a comment is added to indicate that other services besides
nova compute (such as the cell conductor) may use the function.
Change-Id: I4a46b6460596e9a445bd90de2d52dbb71fb963df
Earlier review [1] suggested some cleanups which have been
done here:
* Removing a redundant call from cleanup_placement
* Fixing a typo in a comment
[1] https://review.openstack.org/#/c/600162/15/lib/placement
Change-Id: I8abd2f02b123c6c1937c026ff13eb4e600de3202
We introduce and set PLACEMENT_REPO, add a placement-manage command
to sync database tables (see one of the commits on which this
depends), use /etc/placement/placement.conf for config, and put the
uwsgi config file (pointing to placement-api instead of
nova-placement-api) in /etc/placement.
openstack/placement is also added to the required-projects in
the devstack zuul job.
Change-Id: I0b217e7a8c68a637b7a3445f6c44b7574117e320
With change I7e1e89cd66397883453935dcf7172d977bf82e84 the placement
service may optionally use its own database. In order for this to
work, however, the ordering of how both nova and placement are
configured and initialized in stack.sh requires careful control.
* nova.conf must be created first
* then placement must make some adjustments to it
* then lib/placement needs to create the placement database
* before nova does a database sync (of both databases)
Otherwise, when the placement_database/connection is defined, the nova
db_sync command will fail because the placement database does not yet
exist. If we try to do a sync before the nova_api database is created
_that_ sync will fail.
This patch adjusts the ordering and also removes a comment that will
no longer be true when I7e1e89cd66397883453935dcf7172d977bf82e84 is
merged.
Change-Id: Id5b5911c04d198fe7b94c7d827afeb5cdf43a076
The [placement]/os_region_name config option is deprecated
and no longer required to be set (the default is fine for
devstack) with the dependent nova change.
Depends-On: I973180d6a384b32838ab61d4e6aaf73c255fd116
Change-Id: I6379acf179ed511f1cdadbd7fb09e2454182a5d3
Nova now calculates alternate hosts in the scheduler and
sends those to the cell for reschedules in case a build on
a given compute node fails.
The cell conductor needs to claim resources against the
alternate hosts in Placement during a reschedule, therefore
it needs to be configured to talk to the placement service.
Part of blueprint return-alternate-hosts
Change-Id: Ie599968d9e7537e551fe6d9deb63a91b256b1e11
It had been in stop_placement, but we don't want it there: the old
side of grenade needs to call that but should not remove the uwsgi
configuration when doing so. It is configuration, after all.
Change-Id: Iee763adf7895145d97b184924896db3f1f48a015
Partial-Bug: #1736385
This makes sure that the openstack client placement plugin gets
installed when either LIBS_FROM_GIT includes osc-placement or
placement is used, which is always now if you've enabled nova,
which is enabled by default.
Co-Authored-By: Matt Riedemann <mriedem.os@gmail.com>
Depends-On: Ica83e29780722dd1555904e46b9ff1d1fdf72516
Change-Id: I7c5a5c10288b356302bb3027837d4ed4f0fbad8c
Code in grenade and elsewhere rely on the process/service name
when one runs "ps auxw" and they grep for example "grep -e glance-api"
to check if the service is running. with uwsgi, let us make sure
we use process name prefix so it is easier to spot the services
and be compatible with code elsewhere that relies on this.
Change-Id: I4d1cd223ed9904fcb19b26fc9362b676e0b4f9b3
We are trying to keep better track of what pieces of devstack consume
the most time. Add the db sync commands to the time tracking as they run
the database migrations which can take more time than expected.
Change-Id: Ib92f2b8304ccf703712d45fd7207444de3599e2d
When transitioning between different wsgi modes, or service modes, we
should really safely stop and cleanup things that are started in any
service mode, which makes it easier to ensure that we don't leave
things around from past runs.
Change-Id: I33acbee39e1a2da2bfd79a5dd54b84a12a778be1
The removed TODO was talking about USE_SYSTEMD, not WSGI_MODE.
WSGI_MODE makes sense, so the TODO has been done.
Change-Id: Ib574ef123ea4c82d4d88012c990cd1ad660d7879
This converts the placement API to use the new WSGI_MODE variable
(which is not introduced until the next changeset). We do this so that
placement and keystone patches can be reviewed independently, but
there are some hidden coupling of mod_wsgi setup which happens only in
keystone, so if we do keystone first, it breaks placement.
Change-Id: Id5b2c67701bcc7b12c8e3764c7199d10f85df80f
tls-proxy is the way we're now doing a standard install using https
between services. There is a lot more work to make services directly
handle https, and having python daemons do that directly is a bit of
an anti pattern. Nothing currently tests this in project-config from
my recent grepping, so in the interest of long term maintenance,
delete it all.
Change-Id: I910df4ceab6f24f3d9c484e0433c93b06f17d6e1
lib/keystone builds KEYSTONE_SERVICE_URI so that other services
don't need to reconstruct the identity URI. Many services already
use it, but some parts were still building the identity URI from
the different parts.
This will allow changing the identity URI to include a path
(e.g., to http://<host>/identity) in 1 place rather than in
multiple places.
Change-Id: I58cbdbe591d8869807545e0815480fc3375e0479
The proliferation of internal/admin endpoints is mostly legacy and
based on some specific deployment patterns. These are not used by
everyone, and for the devstack case aren't really that useful. We
should simplify our service catalog down to the minimum we need for
development.
Change-Id: Ided7a65c81b3a0b56f0184847fc82e17c29a771e
The domain_name to be used needs to be $SERVICE_DOMAIN_NAME, as this is
changed in devstack from "Default" to "service".
Change-Id: I6351c1b2ca7ea4448e13eb87455bff4058df4fa7
The placement API configuration was binding a specific port *and* was supporting
to be called by the default HTTPd ports using a Location directive.
Given that the corresponding service catalog entry for the placement service type
doesn't mention the specific application port but is rather using the default
port 80, we can remove that specific port and just use the default config.
Note that we still need to use a VirtualHost directive for the specific placement
config because ErrorLog is only scoped for either server or virtualhost but can't
be set for a Location (or a Directory) context.
Change-Id: I9a26dcff4b879cf9e82e43a3d1aca2e4fe6aa3e6
When doing multinode devstack we need a way to specify that we've
enabled for the placement service. We use a pseudo service of
placement-client for this.
Change-Id: I04a655fbc58913b3d607400a7f677be299499142
We should use the standard install nova-placement-api script which is
managed by the python package instead of a one off copy procedure.
Depends-On: I00d032554de273d7493cfb467f81687c08fd5389
Change-Id: I74b39d6a0cedea7c18ce8080dcddb43d13df1de8
Uses lib/placement, but relies on some functionality from
lib/nova. This leads to some weirdness since the nova has
special status in stack.sh. If/when placement is extracted
it may be good to follow the devstack plugin structure
instead.
Because the placement code is currently a part of nova, there
are dependencies in lib/placement on a some $NOVA_* variable
and, if virtenv is being used, the virtualenv used by nova.
Because placement currently runs using nova's configuration
settings, not a lot actually happens in lib/placement: apache
is configured and keystone accounts and endpoints are created.
If PLACEMENT_DB_ENABLED is true then a separate placement db
will be configured.
When complete the initial version of the placement service will
provide support for managing resource providers, inventories and
allocations.
The placement api only runs under mod-wsgi.
Change-Id: I53dd3e6b41de17387a0e179fc9ac64c143b6a9eb
Ghanshyam Mann