Re-arranged sessions to always be at the top level to make
it easier to know the origin of the current session. This
is important now that we no longer have autocommit enabled.
- Added zuul job testing sqlalchemy 2.x.
- Added new db api for service cleanup.
- Removed broken sqlite cleanup step during testing.
Change-Id: I168f3d9518611ac66cb9eec1132a7add19e92d5f
Nova placement use port 8778, to avoid confusion, Update
senlin default port from 8778 to 8777. And update
spelling mistakes in install-rdo.rst
Change-Id: I342b1badf3910ea07ea64523cdb8a19a8a0ccb06
- Use uwsgi binary from path:
Devstack projects have been fixed to run uwsgi binary from the path
instead of the project specific directory [1]. This applies the same
fix to senlin-api so that it makes uwsgi invocation to find it in the
path.
- Set keystone auth interface to public:
The default identity interface was changed from admin to internal in
[2]. Since devstack only creates admin and public endpoints for
identity service, senlin fails to talk to identity service without the
explicit setting to use public interface during authentication.
[1] https://review.opendev.org/#/c/577779/
[2] https://review.opendev.org/#/c/662734/
Change-Id: Ia8f56a7016eace5b7ce70dc661729e19284c3733
We should always be testing with at least two workers
to make sure that we catch bugs when running multiple
copies of each process.
Change-Id: I1ad628d23b16454e572f65b8845ab8d70d5915b9
This patch splits the engine into 3 services, conductor, engine and
health-manager.
The goal here is to make the engine more resilent by isolating the
pieces.
Before this patch each Engine worker could potentially be running many
thousands of threads and multiple thread groups, starving the process.
After this change each process would be limited to a single thread
group of 1000 threads, and more predictable and balanced workloads.
* Added two new services.
* Added workers opt to conductor and health manager.
* Merged Thread Group Manager into Engine Service code.
Change-Id: Id4a27ba934dc9777f7ae5b4d7d0a751318ea7877
This switches senlin-api to use uwsgi (or mod_wsgi) and
changes the endpoint to use <host>/cluster instead of
<host>:<port>/.
Change-Id: I78c6242149854d32497aacb63f698be58afae922
As part of Train community goal 'Support IPv6-Only Deployments and Testing'[1],
Tempest has defined the base job 'devstack-tempest-ipv6' which will
deploy services on IPv6.
This commit adds the new job 'senlin-tempest-api-ipv6-only'
run on gate which is derived from 'devstack-tempest-ipv6'.
Verification structure will be:
- 'devstack-IPv6' deploy the service on IPv6
- 'devstack-tempest-ipv6' run will verify the IPv6-only setting and listen address
- 'senlin-tempest-api-ipv6-only' will run the tests.
Story: #2005477
Task: #35929
[1] https://governance.openstack.org/tc/goals/train/ipv6-support-and-testing.html
Change-Id: Ib7695212e42ef16dbc1edd65c3516b277e99078d
Using fore-reinstall with upgrade will cause all
dependencies to always be reinstalled. This can
cause issues when other components install Senlin
as a dependency.
In this case we are causing issues because we are
re-installing certify, a file that is modified by
devstack after installation to make sure that the
system has the appropriate ssl certificates.
See the function fix_system_ca_bundle_path in devstack
for more information.
Change-Id: Ibb6578f45f9277f97ca61b60714c8ce2b4eacb61
Closes-Bug: #1769541
This patch fixes horizon problem which is caused by
senlin-dashboard installing.
Change-Id: Id9e8704857fcc15cd84dcd492fb6740a1b215b3e
Closes-Bug:#1748609
We can simplify connection creation now. The Connection constructor
understands not to load yaml or env vars if it doesnt' receive a cloud
argument - so this can all be done in one step.
Update the mocks in the tests to work for the new calling pattern.
Finally - isoformat wasn't processing UTC+00:00. There are some
dark issues with how isoformats get passed around OpenStack, but this
fixes the unittest matching to account for UTC+00:00.
openstacksdk has been working on merging the code from shade and
os-client-config. Part of this will result in the removal of the
Profile object in favor of the CloudRegion object from the new
openstack.config.
This updates the Connection construction code to code that should work
with both old and new versions of openstacksdk.
Temporarily mask some jobs to get this in. Will need to revise the
tempest plugin to fix gate jobs later.
Related-Bug: #1681620
Co-Authored-By: tengqm <tengqim@cn.ibm.com>
Change-Id: I10c74ca48b1ddb848a5a68cc4360431a21e0a2cc
Code conventions: Use “.” to source script files
When you have to source a script file, for example ,
a credentials file to gain access to user-only or
admin-only CLI commands, use . instead of source.
See more:
http://docs.openstack.org/contributor-guide/writing-style/code-conventions
Change-Id: I359c3b84643df2219b51715021f253257f8f29a2
Modify the descriptions in some files:
devstack/lib/senlin,
senlin/profiles/os/heat/stack.py,
senlin/profiles/os/nova/server.py.
Change-Id: I90cb156449620cd8ae204475043b5dac92a6a5f6
The senlin script for devstack will setup to use
keystone v2 as default url in keystonemiddleware,
since keystone remove its v2 api, so it will failed
on authentication.
fix-bug: #1727904
Change-Id: I61cf8902eef86efb9cfc82f0061f8b82bfc221f8
Like oslo.config, with oslo.policy, we can define all of
default rules in code base and only change some rules
via policy file. Another thing that we should use yaml
format instead of json format[1].
This commit will move all default policies to code for:
- actions
- events
- services
- webhooks
[1] https://governance.openstack.org/tc/goals/queens/policy-in-code.html
Change-Id: I0919eb5dc84c0e134b4918f477923b53dc9fbbbb
Co-authored-By: Hieu LE <hieulq@vn.fujitsu.com>
_50_senlin.py is moved into senlin_dashboard/enabled/ folder
Depends-On: Ibfe1731873c53e03cd808434bbcbd4dfc1b328d0
Change-Id: I558007b14a74a8f2660a26dacc05d5f40acf3b4f
We were checking if KEYSTONE_CATALOG_BACKEND when setting up senlin
service. This seems pointless and it is now rendering the gate jobs
failing.
Change-Id: I9edd08a0fa05994856a394d34ef43402acf3ced8
This patch revises Senlin devstack plugin to configure Zaqar
related options for message receiver.
Change-Id: I40c96a34335f96160572a6cd558924d37ef0563d
The instacllation doc should provide the senlin dashboard install
in devstack method, because horizon is a core service, many
developer will install this service. And if the developer want
to develop senlin-dashboard there is no doc instruction to guide
them how to install this horizon plugin.
Besides, there is a incorrect step in the install guide.
Change-Id: I375f04cb1e2621ce59740770566692e6643add05
When setting up tempest gate for senlin api test, we are currently
running git-clone on senlin-dashboard. It is unnecessary and it is
rejected by devstack. This patch propose a separate path for develop
setup of senlin-dashboard. Hopefully, it will not impact any production
setup while it leaves us some room for getting tempest gate up asap.
Change-Id: I314cf2e01e889a8c19fa819090ceacb98ee885eb
This patch adds default_region_name config option. It specifies
the default region name of backend openstack services that senlin
engine talks to.
Change-Id: Id12fb3c29b5b15a6684138c50d36a5dfdc565686
We are never using the 'region_name_for_services' option and the
'error_wait_time' option. This patch proposes a removal of both.
Change-Id: I1674d5da0b0fab9f3d0621616be372a347a5cd9c
We are removing 'tenant_id' from the senlin endpoints. This patch fixes
the setup script to make it: 1. work with latest service change; 2. work
with new changes to openstackclient.
Change-Id: I12a5b7acbe76370ceab3e79a807d91da22707d60
It is *never* acceptable to alter behavior based on this variable.
It defeats devstack gate testing.
Change-Id: I6c305468456742ac762da8b65e0831cd0c95c263
This patch tries to fix gate job of Senlin functional test. Three
works were done:
- Adding a judgement in plugin.sh to skip python-senlinclient
installation when this is an installation happens in gate side;
- Revising tox.ini to pass necessary environment variables for
functional test;
- Adding exetuable permission to post_test_hook.sh;
Partially implement: blueprint functional-test-startpoint
Change-Id: I36508910a50299afa388864704fbcbdbee609dec
Previously, we have been stealing configuration options from the
keystonemiddleware. This is dangerous. The keystonemiddleware package
may deprecate options at any time. This patch proposes some options for
Senlin to do role delegations.
Change-Id: Iea0571ffc63b7ec1504e440bb1e0dd3a2ce85a71
Due to default policy.json settings in Keystone, a non-admin user is not
allowed to call 'list_users' or 'get_user' APIs. However, Senlin only
knows the user name but it needs a user ID to create the trust between
service requester and the 'senlin' user. The only workaround today is to
have Senlin query its own user ID using its user name. After this is
done, the trust middleware will use the service requester's credential
to raise the 'trust create' request to Keystone.
This necessitates two changes to the current code, one is to relax
Keystone's policy setting to allow a user with 'service' role to do user
list and user get (proposed here: https://review.openstack.org/181298);
the other one is to have Senlin trust middleware to raise user ID
checking request using 'senlin' credential. This patch contains the
second part.
Since devstack doesn't provide a function to modify default policy
settings, we will wait to see if the patch to Keystone will be accepted.
If Keystone refuse to accept that change, we need to hack the devstack
plugin and 'setup-service' tool to modify the policy.json file.
Anyway, we need 'senlin' user to have a 'service' role in the
requester's domain (default to 'demo').
Change-Id: I87146a54f79e32a9175755f42da1e4406842c0b7