Openstack moved from using wsgi scripts to directly calling the wsgi module
due to changes in setuptools that stops the pbr wsgi_scripts from working.
This patch adds an upgrade script that reconfigures uwsgi when updating
to Flamingo.
Change-Id: I24609499e96cfcaed866a40fd59146cded26479b
As our master branch is 2025.2 (Flamingo), we should run grenade
skip-level from stable/2024.2 instead of 2024.1.
I also reverted designate-grenade-bind9-skip-level to be a voting job
again.
Change-Id: I53d1315d373bb08ad9f295c5aa7bb78a25ae6a74
Changes in python packaging tooling mean that the wsgi_scripts
functionality via PBR may not longer function.
This patch switches Designate from using the PBR wsgi_scripts method to
using a new wsgi module that provides the same behavior as the generated
wsgi scripts provided.
A related devstack patch enables devstack to setup uWSGI to use the new
module path instead of the generated wsgi scripts.
This also aligns Designate to a new proposed OpenStack goal[1].
[1] https://review.opendev.org/c/openstack/governance/+/902807
In order to make the CI work, this patch was merged with:
zuul: Drop centos9 and make grenade non-voting
The requirements repo has dropped upper-constraints for python3.9, so
the centos9-based jobs are no longer working on master, let's drop them.
Also the grenade jobs are broken due to the referenced bug, make them
temporarily non-voting, so that we can merge the fix[0] on master first,
backport it, and then re-enable them.
[0] https://review.opendev.org/c/openstack/designate/+/902846
Related-Bug: 2109577
Depends-On: https://review.opendev.org/c/openstack/devstack/+/902758
Change-Id: If90056ae1de4a6a3557fc870497e6233088bfb02
A change in keystone[1] changed the default role it creates which breaks
the designate grenade jobs. This patch switches "Member" to "member" in
the update scripts to resolve the issue.
[1] https://review.opendev.org/c/openstack/designate/+/946058
Change-Id: Ic88789c822be36e7834394e8abc9f095e6963830
We need to use the specific python path to run the command with
all software installed in global virtualenv.
Change-Id: I4d9c26e25851be0a955f4172a530eff266a89331
Service user with name "designate" had only "service" role up to now but
it seems that with oslo.policy 4.4.0 where "enforce_new_defaults" is set
to True by default, this breaks integration between Neutron and
Designate as e.g. Neutron's creation of the recordset fails with
Forbidden exception as this seems to be allowed only for admin user or
shared or primary zone.
This patch adds also "admin" role for this "designate" service user to
workaround that issue, at least until Designate will support "service"
role usage with Secure RBAC policies.
Closes-Bug: #2078518
Change-Id: I477cc96519e7396a614f92d109867222207ec388
This sets up 2 pools with an instance of named running in both. The
second is denoted by /etc/bind-2 and var/cache/named-2 as its
locations. The build up of the /etc/designate/pools.yaml reflects
the changes.
Co-Authored-By: Don Kehn <dekehn@gmail.com>
Co-Authored-By: Omer Schwartz <oschwart@redhat.com>
Change-Id: Icf73e730b31ab26b8be65347239636c0137ab4bd
This fixes the errors detected by bashate (kicked by `tox -e bashate`),
which has not been actually tested in CI.
Change-Id: I73f0748e05b8421ca988d3e888e54a7daa469ae8
This patch adds the ability to configure devstack to use catalog zones
when using the BIND9 backend.
It also adds a test job "designate-bind9-catalog-zones" that uses catalog zones
with a BIND9 backend.
Change-Id: Ib618d7850b0a86a8eb10eaa52b0e330cf908883a
Signed-off-by: Jan Hartkopf <jhartkopf@inovex.de>
The edgegrid-python library is not necessary unless akamai backend is
used, so this library should be an optional dependency to avoid pulling
unnecessary packages.
Note that akamai backend hasn't been updated since it was added 4 years
back. Probably we can deprecate and remove it assuming it's not really
used(or at least it's not maintained).
Change-Id: If13e722e5ec3cdcd11461201ea20b2dc022cce10
Devstack has removed support for suse[1], so we need to remove our usage of
functions from devstack that no longer exist (is_suse).
[1] https://review.opendev.org/c/openstack/devstack/+/871641
Change-Id: Ib136de0ee6cf5884918a29abd8b281d3b4cccf85
This patch adds an example of the "clean_zonefile" option in the BIND9 targets in the pools.yaml file. The option has existed in the code, but was not documented in any way.
It also enables this feature in the bind9 devstack plugin for testing and to reduce the storage utilization during test runs.
Change-Id: I70b92b400cfeb059d1a1889ffa72621e0011d8c6
During a grenade upgrade the Designate grenade plugin updates the
python-designateclient. This can cause the installation location to change
to under the /opt/stack/new path.
This patch makes sure we restart neutron q-svc after this update to make sure
it can still find the client.
Change-Id: I5ce96268cb39ae4a4a8d82a75ac192b2310455a1
This patch adds a hacking check for line continuation backslashes and fixes the occurences that existed in the code.
Change-Id: I1d1269de231f6e747248a9d816a1d64e3968c69b
With the minimal Designate deployment with devstack, keystone module
doesn't load proxy_http so Designate API requests may fail. Explicitly
enable the module to make sure the apache2 setup always works for
Designate.
Closes-Bug: #1999019
Change-Id: I1fc02225b6676b68137245df2279340f215221f4
Adds a configuration variable that allows a user to
declare the CA certificate to be used to verify
traffic with a PowerDNS API endpoint.
Closes-Bug: #1971856
Signed-off-by: Juan Pablo Suazo <jsuazo@whitestack.com>
Change-Id: I57f3d5a1d1f79186cc5b38e76d30f62e01b60482
The current grenade job tests only with pdns4, but it would be valuable
to also test with bind9 to discern upgrade issues when bind9 is in use.
Change-Id: I118cc92e3950540d725f433dfe5d9590cbdab616
During a grenade upgrade test run, we updated the grenade test to migrate
to using uwsgi for the API during the from-Xena upgrade, but missed that
the main grenade upgrade script was starting the API without uwsgi.
This patch corrects the grenade upgrade script to run the API process
properly.
Change-Id: Ia54de92ec44641e16c20281cfa634599073f39e3
This patch updates the grenade job to migrate from using Apache mod_wsgi
to using uwsgi for the Designate API when upgrading from Xena to Yoga.
It also splits out the wsgi devstack configuration into a library file.
Change-Id: Icf8ee4a8e7e2dff67257b0e5f82fbeab6cb7e0b8
The apache configuration file location is different between Ubuntu and CentOS.
Devstack provides us a helper function to get the correct filesystem path.
This patch switches the wsgi ProxyPass configuration to use this helper
function to place the file in the correct location.
Change-Id: Id0472fb25da106a74429e87ee26c5dfdd8c83b6f
To better align with other OpenStack projects and to reduce the
ongoing problem with duplicate imports, this patch re-enables the
H306 check for proper module import order.
Change-Id: Iced92590829f6d9177d64ad4868aebe6eafd6a8a
This reverts commit 185d92d230.
Reason for revert: Lets try to move back to uwsgi, as logging is a lot cleaner in the CI with uwsgi. Switches uwsgi from using uwsgi over socket to over localhost HTTP.
This patch also bumps the API_WORKERS setting for devstack from 2 to 4.
This will bump the uwsgi processes and threads from two to four.
Change-Id: I126133564e2ada32448ad36e0d021790939425d4
Previously, the grenade API started check during the upgrade was
checking if the root of the web server was functioning. In this job
that is testing the horizon endpoint and not the designate API.
This patch fixes this to have the check run against the designate
endpoint under apache. This prevents false failures when horizon
has an issue.
Change-Id: Idbfec1adca2024cd5f352017a7c9319dcec65d42
"localhost" can also point to ::1, but the memcached service is only
listening on 127.0.0.1, so be explicit about that in the URL that
we give to tooz.
Depends-On: https://review.opendev.org/759831
Change-Id: I2a2ec20b7645034a23337380005add2e953f9185
We no longer need to deal with xenial or older distro versions, so we
can assume that we can always install pdns4 from the distro directly
and don't need the distro version check any longer.
Drop a config option that was removed in pdns 4.2.x.
Use mysql credentials correctly.
Change-Id: I90af3a092296f943509833608f25522b6f8e9ab6
There is an issue with the unauthed tests
and uwsgi causing the CI to frequently fail.
Lets move back to mod_wsgi until we can figure
that out.
Change-Id: I9fd558cec85da87c8daea36f7a9e2666948e72f1
Devstack is switching back to using distro installed uwsgi, which will
not reside in the same directory as the python binaries. Make sure to
use the right path for it. See also [0].
[0] https://review.opendev.org/577779
Change-Id: Ic1b67c9d0ebfbf444f5ee096d6478fbe0c073329
The updated flake8 seems to have fixed a check for .format() issues that
discovered a bug in one of our tests, which is fixed here.
Also get rid of using "l" as a variable name and tag the imports that
need to stay in order after setting an environment variable.
Change-Id: I28de0ffa68f9bff4685d81fe7b5a5d8909e2313c
The current locking implementation is limited to
the running process. This introduces distributed
locking that will help prevent race conditions
when there are many instances of designate-central
running.
Closes-Bug: #1871332
Change-Id: I98f7f80ce365cdee33528f9964c03274f62a795a
The repo is Python 3 now, so update hacking to version 3.0 which
supports Python 3.
Fix problems found.
Update local hacking checks for new flake8.
# to unbreak gate:
Depends-on: https://review.opendev.org/715835
Change-Id: Icc2f4368cc90689d74510ce36fe77d2346aec625
This is a bit of a security issue, also we don't seem to need it anymore
since we have long switched to running under python3 and the setcap
doesn't have any effect anyway. It will also break deployments once we
drop installing python2 completely, so just remove it now.
Change-Id: I7265c525f1091012011ba12d65e9669a826ab979
The USE_SYSTEMD variable is to be dropped from devstack[0], as running
with systemd is the only option now. Drop it's usage in our plugin.
[0] https://review.opendev.org/703734
Change-Id: I0161bc82878ca936c3b0d9e9f9624be81fad21db
- Ignore duplicate Zone error
- Handle error when contractId or gid is missed
- Ignore port for masters servers, because Akamai uses only 53 port and
does not allow to specify any port in list of masters servers.
- Added timeout and retries for soft Zone Delete
- Added handling errors on the delete zone action
- Added Log info message with RequestId on soft zone delete
- Added processing for TsigKey during creation zone
- Added devsatck_plugin for akamai_v2 backend
Depends-On: https://review.opendev.org/#/c/692819/4
Change-Id: Ib221f4cf0371e70fc6900582d826ffc1bdfc12b9
The old v1 dashboard panel has been removed, when upgrading from an
older version we need to remove the symbolic link for it in order to
avoid horizon from failing.
Change-Id: I383884aa100fd983e1087d7458396f8053414d55
