| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Don't use timestamp when generating ec2 signed url for alarm url
attributes of resource.
This will resolve the issue for new resources even if they are cached
in attributes or resource_data.
However, for existing stacks containing these resources the current
best option is to not cache these attributes and allow alarm resources
to be able to get a new never expiring urls in the next forced update.
Change-Id: If2ebc3deacb770294004ae023500367af603b59e
Task: 39985
Related-Bug: #1872737
(cherry picked from commit d0e44ded0a07cfe6b3413693d79c7f1f67b27701)
|
| |\ \
| |/
| |
| | |
stable/stein
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As part of a CVE keystone has started checking[1] the timestamp
of signed ec2 token with default TTL of 15 mins. We can't
store the ec2 url anymore for future use for those.
This moves the caching logic to BaseWaitConditionHandle class.
Conflicts:
heat/engine/resources/signal_responder.py
heat/tests/test_signal.py
[1] https://review.opendev.org/#/c/724124/
Change-Id: I6b74faed820caccd39210bd48a212b2dedca46b9
Task: 39985
Related-Bug: #1872737
(cherry picked from commit 3047ca7d36baaa59ab2960602da956d2087a2a62)
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When user wants to do manual scale-up of ASG by increasing the
desired_capacity and also update some member properties as
part of a stack update, if it fails due to insufficient
resources when resizing, trying to manually scale-down by
decreasing the desired_capacity won't work, as it would
always expect to update the group with the earlier size
before scaling down.
This patch uses the target_size when building the batches.
Task: 39867
Change-Id: Id851530b424f68b5e0e967fe34431483bfffd852
(cherry picked from commit 26d8f64fc90ed9b3ad0413ed0c932fb91b51d666)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
INSTALL_TEMPEST flag enable to install Tempest by default on
devstack env which is meant for using on master gate only and has
to be false for stable branch. On stable branch master Tempest
on system wide can fail to install for various reason like constraint
etc. That is why we install Tempest on venv always.
This started failing the py2 jobs on stable/train gate[1] where
heat devstack plugin try to install Tempest on system wide also which try to
use py2 env (Tempest is py3 only now) because jobs is py2 and fail.
We need to set up the Tempest on system wide based on INSTALL_TEMPEST flag
which is set to false on all stable branch to:
- https://review.opendev.org/#/q/I60949fb735c82959fb2cfcb6aeef9e33fb0445b6
[1] https://zuul.opendev.org/t/openstack/build/398d906e73724ee6b91d8f32babc5035/log/logs/devstacklog.txt#37969
- https://review.opendev.org/#/c/717428/
- https://review.opendev.org/#/c/717529/
Change-Id: I13153881223c3a585052a94651b9ff082a75b283
|
| |\
| |
| |
| | |
stable/stein
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
If the project has already been deleted, don't let that prevent role
assignments on it from being deleted.
Change-Id: I56aede8209e425ee6c2d762a44db8cda5416e69b
Task: 30955
(cherry picked from commit 8c67437378ca505c5752cee0d862d806ca11c3a0)
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OS::Mistral::Workflow resource creates a mistral workflow with
a unique name (resource_id). We replace FAILED resources by
default and replace wont work in this case as it will try to
use the same workflow name for the replacement resouce, if the
'name' property is provided.
If the workflow does not exist/deleted using mistral api directly,
it would create a replacement resource, but it would delete the
workflow when cleaning up the old resource. So we would endup
with a replacement resource without any backing workflow.
This adds a new resource attribute ``always_replace_on_check_failed``
and overrides needs_replace_failed() for OS::Mistral::Workflow.
Task: 38855
Change-Id: Ia0812b88cae363dfa25ccd907ecbe8b86f5b1a23
(cherry picked from commit 9e80518b900a1f14a80ee05ddeef4b250433febd)
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fedora-Cloud-Base-29-1.2.x86_64 is removed from openstack local mirror.
Update to use Fedora-Cloud-Base-30-1.2.x86_64 for test jobs.
Also add UPPER_CONSTRAINTS_FILE as we also run grenade against rocky.
Change-Id: I942d7f1fc4b54304f472e0cb0097f7dcb70f3c71
|
| | |
| |
| |
| |
| | |
Change-Id: I3c9bdfe1bc40e6b96335041928aed275d1eb4958
(cherry picked from commit 18f59964a02fa3dd00f8f250bfd00857ae9f4310)
|
| |/
|
|
|
|
|
|
|
|
|
| |
This feature of openstackdocstheme means that we'll always link to the
corresponding branch of another project (i.e. latest links to latest,
but train links to train, &c.)
https://docs.openstack.org/openstackdocstheme/latest/#external-link-helper
Change-Id: If94115f87af3689413405f3283be7fb197fab058
(cherry picked from commit dd70d9244d5a8b8b91b3e5908b45bf5b7f6a8974)
|
| |
|
|
|
|
| |
Change-Id: I6e48a71ee0928ed052062460e4f5d735355e4ad9
Story: #2007061
Task: #37920
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As per CLI and GUI, availability_zone is not mandatory. In templates,
it is. This is incorrect.
This patch corrects behaviour to match CLI and GUI.
Change-Id: Ice37340f084ea65bd4b46562145e82ede6bc0df5
Story: 2006586
(cherry picked from commit 2799a5fcd76639a202092ea1b6fc242a8886dc56)
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Unit of both 'delay' and 'timeout' should be seconds based on Octavia
API doc
https://docs.openstack.org/api-ref/load-balancer/v2/index.html?expanded=create-health-monitor-detail#id105
Change-Id: I6de88e687ff95432ddbd0547a7f5759e18d7749e
Story: 2006637
Task: 36852
(cherry picked from commit ad841b4483eeba9dfd0ccd8f8b4c5d5fd3e15cc1)
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added a new config option to specify the keystone authentication
endpoint to pass into cloud-init data.
Heat code currently has several different methods of retrieving the
keystone endpoint to embed into cloud-init data for created
servers. This data is currently read from several different parts
of the heat config file rather than the service catalog which results
in URLs being passed which are appropriate for the heat service rather
than the server. In particular there can be misconfiguration of
servers due to deployments which separate the internal and
external API endpoints.
This patch introduces a new config variable
server_keystone_endpoint_type which if set
reads the keystone endpoint directly from the service catalog,
if it is unset the original behavior is unchanged.
story: 2004808
task: 28967
story: 2004524
Change-Id: I5d8fc5977014b196c34f4a59a30a7525bc778359
(cherry picked from commit 5ba3b608741a0f00744c87b016185a6d845a34b9)
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When creating session clients we should use 'connect_retries'
for clients that use Adapter interface. This will
allow retries when we get ConnectTimeout errors.
Task: 36331
Change-Id: Ic526c8039c91353e772eee7b55f1d263470c86bb
(cherry picked from commit 364716725a4767f8d9e3e5e1c76ecf4f969a6613
and c7cc740f307ce8ffdf36c29094c9cbce5a6c8d14)
|
| |\ \ \ |
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
update_input_data in sync_point.sync() at times fails with
DBDeadlock. Let's add retry like sync_point_create()
Change-Id: Id4468801bcffa7a704d90d2e190ec8dbb9a0a00b
Task: 36299
(cherry picked from commit ba9c42b9eb33b98ef68bea8d47852cfe54977b4d)
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We may end up loading lots of nested stacks concurrently with
convergence and those would try to discover endpoints and fetch
access info objects from keystone. This at times results in
ConnectTimeout errors from keystone. We can avoid these errors
by adding some retries.
Also adds retries to client_plugin get_endpoint() calls, which has
simillar issue.
Change-Id: I18cde971248eff5783f97c9e7a60316d7dd93431
Task: 36349
(cherry picked from commit 6fb8ac250ae27810516b89f273923d6b786606b5)
|
| |\ \
| |/
|/| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Neutron requires the allowed address pair ip address to be
either an ip or a cidr.
https://review.opendev.org/#/c/575265/ made heat verify for
cidr only.
Change-Id: I2cc2785cb32cf8d788af6262992b1b76107c8292
Story: 2005674
Task: 30985
(cherry picked from commit 5e93b3e4cf60310d33bf397fd11b4ec50e6067a0)
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Periodic stable jobs don't run on stein, only up till rocky as
periodic-stable-jobs template is missing from master and stein
branches.
Conflicts:
.zuul.yaml
Change-Id: Ic7fa6a2bef3db1f6f2548d1c792e0cef29787586
(cherry picked from commit 8e784ff9c4d3dd9f37f23118b819d646f8dab3ed)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We use the same periodic_interval to update the service record
and compare it with current time when doing 'service list'. So, It's
possible there will be a small window where 'service list' would show
the engine as down. Tools that use service list for monitoring would
wrongly assume the service as down. Let's change service list to
report the service as down if it's not updated in 2*periodic_interval.
Change-Id: I0f6a30e06bb214bb673930b31a2db946600926b0
Task: 35946
(cherry picked from commit fd23308f6ec20e4441d8da486a4f6930a2ba366d)
|
| |\ \ \ |
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We don't store resource_properties_data for OS::Heat::None.
There is no point trying to resolve the properties for old resource
which would fail at times.
Change-Id: I4cf72ae6d11ffbedc20adedfe7b6d2a1d47e23ee
Task: 35661
Closes-Bug: #1834881
Depends-On: https://review.opendev.org/668144
(cherry picked from commit 7066bccc538574de5424ff0b79ce1e2feeb6e2ad)
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As it was announced [1] global bindep-fallback.txt was removed and now
projects need to have a local bindep.txt to be able to install binary
dependencies for testing.
In test jobs the script tools/test-setup.sh is called which requires
mysql and postgres servers and clients to be installed.
[1] http://lists.openstack.org/pipermail/openstack-discuss/2019-June/007272.html
(cherry picked from commit d116b216965bbfc80840f5bfc994b731e2d29d81)
Note(elod.illes): patch was modified so that the test-requires files
are kept. An upper constraint was also added for bandit. This actually
freezes requirements (required by bandit) on stable branch.
Change-Id: If9befe4115c64c2fda52321002ba5fe1124eaf7c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the 'actions' property of a deployment is [], we don't
create a software deployment in heat and resource_id of the
software deployment is None. However, there is a possibility
that we access the attributes of the sd in the template and
that results in TypeError as we try to make an rpc call to
show the software deployment for None.
Change-Id: Iefd3cdd20bb51c63e7267ae0628e0f15544c0427
Task: 33516
(cherry picked from commit ee061103477ed7c9b4692a8b90817a127064fbcd)
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The region name eventually has to pass through an os-collect-config.conf
file, the format of which is unable to distinguish between the JSON null
(equivalent to None in Python) and the string "null".
This means that Story 2002781 caused a regression for users who didn't
have the region_name_for_services config option explicitly set in
heat.conf.
To avoid this, only specify the region when we know what it is.
Change-Id: I23493b1c477d082c478f87167de2c1859ba5ace7
Story: #2005797
Task: 33527
Task: 33528
(cherry picked from commit d580565abff2997002eff856535bdfd2ddb44da7)
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Change-Id: I50c106a2b80a707ba8296efed86194526d6e5da6
Task: 30196
(cherry picked from commit 41b9a650dfd9a78614272a1fd8f23c617261266a)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
With the setup.cfg entry it can be called directly from
oslo.policy.
$oslopolicy-policy-generator --namespace heat
This will get the effective policy that’s being executed.
Change-Id: Iad2e71819f4847f47dd17d3cd4afa78e6b3f52a7
Story: #2005055
Task: 29573
(cherry picked from commit 5bdcaeff018782a956fd8228e04ddd2169c353c6)
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's a regression[0] in bandit 1.6.0 which causes bandit to stop
respecting excluded directories, and our tests throw a bunch of
violations. Blacklist this version, but allow newer versions as there is
already a pull request[1] to fix it, and I expect it will be included in
the next release.
Also fix the requirements job which was broken by
https://review.opendev.org/657890 adding a cap on Sphinx on Python 2.
[0] https://github.com/PyCQA/bandit/issues/488
[1] https://github.com/PyCQA/bandit/pull/489
Change-Id: Ieabcd4e8c5e5354125a63e89b9b60931c760858a
(cherry picked from commit 011fa22c42506e63229cca7e5fc65f81b6e0aabf)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit was bulk generated and pushed by the OpenDev sysadmins
as a part of the Git hosting and code review systems migration
detailed in these mailing list posts:
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003603.html
http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004920.html
Attempts have been made to correct repository namespaces and
hostnames based on simple pattern matching, but it's possible some
were updated incorrectly or missed entirely. Please reach out to us
via the contact information listed at https://opendev.org/ with any
questions you may have.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In convergence we were loading resources from the database using the
current environment. This is incorrect when a previous update has
failed, meaning the resources in the database were created with a
non-current template and environment. If an attempt was made to change
the type of a resource but that resource was never updated, this will
result in us loading a resource with the wrong type. If the type has
been removed then it can result in errors just trying to show the stack.
Note that the Resource.load() method used during a convergence traversal
already does the Right Thing - it only uses the new type if it is a
valid substitution for the old type, and UpdateReplace is later raised
in Resource.update_convergence() if the type does not match in that
specified in the new environment. So we don't see any problems with
stack updates, just with API calls.
Since we cannot change the signature of Resource.__new__() without also
modifying the signature of __init__() in every resource plugin that has
implemented it (many of which are out of tree), instead substitute the
stack definition for the duration of creating the Resource object. This
will result in stack.env returning the environment the resource was last
updated with.
Change-Id: I3fbd14324fc4681b26747ee7505000b8fc9439f1
Story: #2005090
Task: 29688
(cherry picked from commit aa58fbcacfdc14bb2e8d5a4ff1ef7a47fe9268d0)
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a mechanically generated change to replace openstack.org
git:// URLs with https:// equivalents.
This is in aid of a planned future move of the git hosting
infrastructure to a self-hosted instance of gitea (https://gitea.io),
which does not support the git wire protocol at this stage.
This update should result in no functional change.
For more information see the thread at
http://lists.openstack.org/pipermail/openstack-discuss/2019-March/003825.html
Change-Id: Ib8d0f6b9c13f9ef77b727e133c8fc62e3262a62a
|
| |/
|
|
|
| |
Change-Id: Ieb5d2204b283d63dbf534752a40cb63231b267bf
(cherry picked from commit af9c2e4baa44a95cca9892d873b09482a32666e8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we specify a sd on delete action, os-collect-config will not
get authentication because we didn't load access_allowed_handlers
after stack enter stack delete phrase. This patch will make sure
we load necessary access_allowed_handlers even if in stack delete
phrase.
Change-Id: I43c1a865f507f7cb7757e26ae5c503ce484ee280
Story: #2004661
Task: #28628
(cherry picked from commit 0e1ed1a4b23142ff379e01a3574fef771f703915)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update the URL to the upper-constraints file to point to the redirect
rule on releases.openstack.org so that anyone working on this branch
will switch to the correct upper-constraints list automatically when
the requirements repository branches.
Until the requirements repository has as stable/stein branch, tests will
continue to use the upper-constraints list on master.
Change-Id: Id400587c8571035b3c41b2269609fab14545f79a
|
| |
|
|
| |
Change-Id: Ifcb9d5a8ec9a5e78b1822b8305e9f8605edfb51a
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch deprecate personality property for `OS::Nova::Server`.
Since that property is deprecated by nova since version 2.57,
we should plan to Hidden that property soon.
please use ``user_data`` or ``metadata`` instead. If that
property really required, use config ``max_nova_api_microversion``
to set the maximum nova API microversion <2.57 for nova client
plugin to support personality property.
Add config option ``max_nova_api_microversion`` to set the maximum
nova API microversion for nova client plugin.
Story: #2004188
Task: #29979
Change-Id: I1852739e818ec67ac5a821e436e243eaa72f0938
|
| | |
| |
| |
| |
| | |
Change-Id: I4c66927e3dd3e1a91cfab94f26a24dbe8932bde8
Related-Bug: #1695144
|
