openstack/devstack - devstack - OpenDev: Free Software Needs Free Tools

Dropping libapache2-mod-proxy-uwsgi package for debuntu, which is no
longer needed for Jammy, Bookworm and beyond.
libpcre3-dev is removed form the set of packages pre installed
for debian systems.
This change adds both single and two node nodesets for trixie.
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Signed-off-by: Sean Mooney <work@seanmooney.info>
Change-Id: Ib056d2ad64b31657ea8ef9359fed78e589b01b88

Unlike other projects, Keystone was previously enabling validation for
all responses. This is a bad idea (TM). Quoting from the Keystone docs
for the new '[api] response_validation' option added in [1]:
 'warn' is the current recommendation for production environments. If
 you find it necessary to enable the 'ignore' option, please report the
 issues you are seeing to the Keystone team so we can improve our
 schemas.
 'error' should not be used in a production environment. This is
 because schema validation happens *after* the response body has been
 generated, meaning any side effects will still happen and the call may
 be non-idempotent despite the user receiving a HTTP 500 error.
DevStack is not used for production environments and is instead the
test harness used for the bulk of our integration testing. We *do* want
failed response validation to result in an error, since it will
highlight bugs in our schemas. Thus, we should override the default
value for this option.
[1] https://review.opendev.org/c/openstack/keystone/+/962851
Change-Id: I9fc2c5dce9511165ad2c1ab18db5eb439d357d9b
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Related-bug: #2126676 

Change-Id: I5d0697f39bab0a5ff956c3cc41c26ffe601ef6b9
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>

The commit Ia5fcfe6c63f5cc40b11f7e1f3be244d7897f26f6 wanted to enable
config file creation even if its parent dir not exists. But missed that
the caller of merge_config_file, merge_config_group already checks for
hte missing directory. So creating the missing dir in merge_config_file
is too late.
This patch moves the dir creation to the caller.
Change-Id: Ied0f321f31bf8888dce71cc18749f35dde303390
Signed-off-by: Balazs Gibizer <gibi@redhat.com>

AlmaLinux 10 has been introduced in OpenDev to increase hardware
coverage - it supports x86-64-v2 (compared to v3 required by
CentOS Stream 10 and Rocky Linux 10)
Change-Id: I5c91f2166bfce51cadef9c22a22a6031223604c7
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>

Currently on the multinode jobs, job continue to run even
if devstack setup fails on any of the subnode and then fails later
when required conditions are not met.
This patch changes it to fail if any of the node setup fails using
any_errors_fatal: true.
Change-Id: I2acd8a1fe0802ee1880df2ef794f8e7d7478b67b
Signed-off-by: Yatin Karel <ykarel@redhat.com>

Since the stable-compute-uuid nova feature the compute nodes created via
 VIRT_DRIVER=fake
cannot be restarted as these computes are not writing the compute_id
file to disk at first startup. Therefore any subsequent restart will
fail as nova-compute will refuse to start due to the missing compute_id
file but having a service already in the DB.
After this patch fake-virt uses a variant of the fake virt driver that
actually writes compute_id file to disk. To allow multiple fake computes
running on the same machine each compute now has a separate state_path
created so each can store a separate compute_id file.
Signed-off-by: Balazs Gibizer <gibi@redhat.com>
Change-Id: I813cab3c89554d1e319b2b3e5c3affd8ec5d887e

The `df` command can stall indefinitely on stale NFS mounts,
causing the playbook to time out. This leads to the entire job
failing with POST_FAILURE status, discarding controller logs
and impacting troubleshooting.
This patch changes `capture-system-logs` to run `df` with a 60s
timeout to prevent hangs from stale NFS mounts. If 'df' times out,
the mount output may help debug which NFS share is unresponsive.
Change-Id: Ife3945802c93bd77d60b60e433ea09aade38a522
Signed-off-by: Fernando Ferraz <fernandoperches@gmail.com>

This commit cap the network, volume and swift extensions on
Tempest's config option api_extensions.
In 2025.2, no new extension in neutron.
and no new extensions in swift and cinder.
Change-Id: I1f9a2f53fa1e513f58d7dd8706d57f2481ab3d47
Signed-off-by: Ghanshyam Maan <gmaan@ghanshyammann.com>

stable/2025.2 branch has been created now and
current master is for 2026.1
Change-Id: Ibec78664417207ca7784c548ab15c1c6ef0e0663
Signed-off-by: Ghanshyam Maan <gmaan@ghanshyammann.com>

With [1] fips based jobs which runs on 9-stream started
to fail as os_CODENAME not applicable on those. This
patch adds fallback as before.
Moving fips jobs to 10-stream/rocky requires some more work
due to [2]
[1] https://review.opendev.org/c/openstack/devstack/+/960342
[2] https://fedoraproject.org/wiki/Changes/RemoveFipsModeSetup
Change-Id: I6d7ba4f5698e9b4837b29662b0b7f883b3c5de35
Signed-off-by: Yatin Karel <ykarel@redhat.com>

Cinder talk to glance for new image location APIs which
are default to 'service' role[1]. That needs cinder to have
the glance service user configured. We need to assign admin
role also to service user so that it can access images from
glance.
Needed-By: https://review.opendev.org/c/openstack/glance/+/958715
[1] https://review.opendev.org/c/openstack/glance/+/958715
Change-Id: I52d118672c053b9d6890bc6289bf12dcf5d7dce3
Signed-off-by: Ghanshyam Maan <gmaan@ghanshyammann.com>

Change-Id: Ia70accd3e04bf9bea7fa50c18541fc71cff75f5f
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Depends-on: https://review.opendev.org/c/openstack/glance/+/933614 

Change-Id: Iaad9eb034348d559809108d254601d51719ff3e0
Signed-off-by: Michal Nasiadka <mnasiadka@gmail.com>

Configuring devstack's configure_keystone_authtoken_middleware to set
service_type as an additional option.
Needed-By: https://review.opendev.org/c/openstack/barbican/+/958845
Needed-By: https://review.opendev.org/c/openstack/manila/+/955393
Change-Id: I140c8392465965d68f52489b5e5bf3e47ae979be
Signed-off-by: Saikumar Pulluri <saikumar1016@gmail.com>

Horizon no longer use debian-bullseye nodeset
Change-Id: I78094a9dd7e51641dfb9b1a851b46744184df702
Signed-off-by: Jan Jasek <jjasek@redhat.com>

Use the RBD profile instead of setting explicit
permissions.
Change-Id: Idc2258e3b69df3df57894c17018a2a35043c8fa9
Signed-off-by: Tobias Urdin <tobias.urdin@binero.com>

In this release, nova is implementing the service role in
policy[depends-on], and Tempest being branchless needs to
decide if service defaults are present in testing release/
env (Needed-By). Setting the service role availability in
Tempest so that from this release onward, tests can use
service role user to perform the required operation in nova.
Depends-On: https://review.opendev.org/c/openstack/nova/+/957578
Needed-By: https://review.opendev.org/c/openstack/tempest/+/892639
Change-Id: I463cb85f3fcb9f2fdd7aa4a0a5f2ae49782e3fc1
Signed-off-by: Ghanshyam Maan <gmaan@ghanshyammann.com>

This patch fixes an issue in iniset where backslash (\) characters are
removed from the config value.
This patch ensures that backslash characters (\) are escaped in addition
to the ampersand (&) character that was already being escaped.
Closes-Bug: #2120180
Signed-off-by: Douglas Mendizábal <dmendiza@redhat.com>
Change-Id: Ica53ed42269931d151daf815d2e2c10c1f9e29a8

It is EOL.
Change-Id: I609cfce8a98f9933380ddbc719ed22e6fcda4785
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>

Change-Id: I9fab7209955ebdfda0f309aa0160749bd0f962e6
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>