This patch updates the grenade job to migrate from using Apache mod_wsgi
to using uwsgi for the Designate API when upgrading from Xena to Yoga.
It also splits out the wsgi devstack configuration into a library file.
Change-Id: Icf8ee4a8e7e2dff67257b0e5f82fbeab6cb7e0b8
The apache configuration file location is different between Ubuntu and CentOS.
Devstack provides us a helper function to get the correct filesystem path.
This patch switches the wsgi ProxyPass configuration to use this helper
function to place the file in the correct location.
Change-Id: Id0472fb25da106a74429e87ee26c5dfdd8c83b6f
This reverts commit 185d92d230.
Reason for revert: Lets try to move back to uwsgi, as logging is a lot cleaner in the CI with uwsgi. Switches uwsgi from using uwsgi over socket to over localhost HTTP.
This patch also bumps the API_WORKERS setting for devstack from 2 to 4.
This will bump the uwsgi processes and threads from two to four.
Change-Id: I126133564e2ada32448ad36e0d021790939425d4
Devstack is switching back to using distro installed uwsgi, which will
not reside in the same directory as the python binaries. Make sure to
use the right path for it. See also [0].
[0] https://review.opendev.org/577779
Change-Id: Ic1b67c9d0ebfbf444f5ee096d6478fbe0c073329
The current locking implementation is limited to
the running process. This introduces distributed
locking that will help prevent race conditions
when there are many instances of designate-central
running.
Closes-Bug: #1871332
Change-Id: I98f7f80ce365cdee33528f9964c03274f62a795a
This is a bit of a security issue, also we don't seem to need it anymore
since we have long switched to running under python3 and the setcap
doesn't have any effect anyway. It will also break deployments once we
drop installing python2 completely, so just remove it now.
Change-Id: I7265c525f1091012011ba12d65e9669a826ab979
The USE_SYSTEMD variable is to be dropped from devstack[0], as running
with systemd is the only option now. Drop it's usage in our plugin.
[0] https://review.opendev.org/703734
Change-Id: I0161bc82878ca936c3b0d9e9f9624be81fad21db
This patch switches to Apache and mod_wsgi by default
for devstack.
Also, use memcached as the coordinatior for single node deployments.
Change-Id: I8798c04f2bc386aca32bda8961efd29298899890
The panel _1720_project_dns_panel.py has been removed in [0], stop
trying to install it in our devstack plugin.
[0] Iabf7d396ea6feb0cd7de1c5408a81a7a3ce1efbf
Change-Id: I7ebc7991bd4f59579195d337f1787fd8abefbe90
That directory was only needed when using PKI tokens, which have been
removed from keystone for some cycles now. Also replace the deprecated
devstack function configure_auth_token_middleware with the current
version.
Change-Id: I7d10a21ed90dc9ea762dc3ea28fb22f55acf413d
Use API_WORKERS for all services, to make sure we
are testing with at least 2 workers for every service.
* Use API_WORKERS for all services.
* Removed deprecated and removed settings for the worker.
* Use enable_host_header is tests.
Change-Id: Iba9ba655c47ee085a47ee98872437f07fdc3346c
The pool-manager has been deprecated since Newton and
is now being removed with the Train release.
Change-Id: Ib258043d492bb25e1c061d765b40885317c73804
We don't need admin or internal endpoints in a normal devstack setup,
other basic projects are also only creating the public endpoint now.
Change-Id: Iaafec07cf9a0196b5da850924b98e3aa94d559f1
We will create new grenade gate that ensure upgrading
procedures from pool-manager-->worker and pool-manager-->pool-manager
by setting $DESIGNATE_ENABLED_WORKER_MODEL variable.
Co-Authored-By: Hieu LE <hieulq@vn.fujitsu.com>
Co-Authored-By: Nguyen Van Trung <trungnv@vn.fujitsu.com>
Change-Id: I5e220738a18422a28a3384db1ab671ea111ac9b2
Signed-off-by: Graham Hayes <gr@ham.ie>
* Cleaned up producer tests.
* Fixed a mutable argument.
* Removed unused rpc timeout override for devstack.
* Set retry interval to 0 in pool manager tests.
Change-Id: I4105d192e9de8b95c792969c7432cf6d5d9fb9fb
this patch adds several things to attempt (on best effort basis)
to use incoming user token in the quota set request to ask Keystone
if the project id the quota being set on is actualy valid:
- added new [keystone] config section to hold session- and
adapter-realated options for accessing Keystone enndpoint
- added a token- and service catalog-based user auth plugin to the request
context
- use the above to construct a keystoneauth adapter for Identity service
and attempt to GET on projects/{project_id}
- only if the Keystone v3 catalog endpoint is not found, or
the request returns 404 NotFound, we raise an error and return it
as 400 BadRequest to client when attempting to change quotas for
project.
This behavior is enabled by setting a new
[service:api]quotas-verify-project-id config option to True (default is
False for backward compatibility).
Change-Id: Ib14ee5b5628509b6a93be8b7bd10e734ab19ffee
Depends-On: https://review.openstack.org/580142
Closes-Bug: #1760822
- Added 'manager_model' flag for old style
pool-manager + zone-manager
- Added grenade testing for verify_noapi which
shows we can do an upgrade without impacting the
data plane
- Removed old keystone v3 test (v2 no longer exists, so
we are already testing it
- Make py35 job voting
- Stop dsvm jobs on docs / releasenotes / api-ref changes
Change-Id: I0de8d8c3366bb0325a73dd19ce0e1f9a57553d0b
This commit will move all default policies to code for:
- zone
- zone_export
- zone_import
- zone_transfer_accept
- zone_transfer_request
Change-Id: I9945fe66d127696907695c73ecef77a6f07acd38
Co-authored-By: Nam Nguyen Hoai <namnh@vn.fujitsu.com>
Implements: blueprint policy-in-code
Other services have stopped doing so a long time ago and they are not
needed anywhere.
Also clean up references to screen when devstack is doing systemd only.
Change-Id: I36029c6d1d00f0283c1f6b5f04b78ce92c8cc54f
In [1] the definition of start_tls_proxy was changed, we need to have a
service name as the first parameter now.
Also set the correct protocol when tls-proxy is enabled.
[1] Ifcba410f5969521e8b3d30f02795541c1661f83a
Change-Id: I64e6f9aefcc8da5b9988fb7bff894d9a4205f871
For some inexplicable reason grenade seems to think
horizon is installed, and is in ENABLED_SERVICES.
To avoid breaking the testing done in the other gates,
enable horizon to ensure that it is there for the
configure_designatedashboard function.
Closes-Bug: #1618253
Change-Id: I37d8756ba9f1e9f55ac9dd787ed19564e398d0dc
- More information about the actual worker code can be found
in `designate/worker/README.md` and in the inline docstrings
- Stand up a `designate-worker` process with an rpcapi, all
the usual jazz
- Implement a base `Task` class that defines the behavior of
a task and exposes resources to the task.
- Implement CUD Zone tasks, which includes Tasks that poll for zones,
send Notifies, and update status. These are all done in parallel
with threads using a shared threadpool, rather than iteratively.
- Implement a `recover_shard` task that serves the function
of a periodic recovery, but only for a shard. Call that
task with various shards from the zone manager.
- Put some shims in central and mdns so that the worker can
be switched on/off with a few config values.
- Changes Zone Manager -> Producer
- Removes zm rpcapi
- Adds startable designate-producer service
- Makes zone-manager an alias for producer service with a warning log
- Lots of renaming
- Moves zone export to worker
- API now uses central_api.export_zone to get zonefiles
- Central uses worker_api.start_zone_export to init exports
- Now including unit tests
- Temporary workarounds for upgrade/migration move the logic
into central if worker isn't available.
- Deprecates Pool manager polling options and adds warning msg on
starting designate-pool-manager
- Get some devstack going
- Changes powerdns backend to get new sqlalchemy sessions for each
action
- Sets the default number of threads in a worker process to 200,
this is pretty much a shot in the dark, but 1000 seemed like
too many, and 20 wasn't enough.
- Grenade upgrade testing
- Deprecation warnings for zone/pool mgr
The way to run this is simple, just stop `designate-pool-manager`
and `designate-zone-manager`, toggle the config settings in the
`service:worker` section: enabled = true, notify = true
and start `designate-worker` and `designate-producer` and you
should be good to go.
Change-Id: I259e9825d3a4eea58e082303ba3bdbdb7bf8c363
This adds the quotas api from /admin to /v2 with some changes.
All users can GET /v2/quotas/<project_id>
Users with "All-Projects" permission can view other projects
(by setting X-Auth-All-Projects:True in the HTTP Headers)
Users with "All-Projects" and "set-quotas" can set other
projects quotas
Moved the API rendering to Designate Object based rendering
Change-Id: I7a0b828824ad6f274d922748f5f9a68157cd939a
Depends-On: I06180a7402fc45940d4b312666cf2dfd33af1305
The Fedora box has not been available in some time, and most Designate
deployments running on RH based distros will be RHEL/CentOS.
Change-Id: I05e34c908ac1d5a7a2037d43f47987cad6c25531
As tempest is creating and deleting zones, it does not wait
for all zones to be deleted before moving onto the next test.
This can lead to having a large number of pending delete zones
which consume all/most of the default quotas, and tests begin
failing.
By setting the default quotas higher in DevStack, we allow the
tests to proceed.
Change-Id: I3652bb06724fb8b89bb341c9d9f61b1dde056119