Patch out charmhelpers.osplatform.get_platform() and
charmhelpers.core.host.lsb_release() globally in the unit tests to
insulate the unit tests from the platform that the unit tests are being
run on.
Change-Id: I3dd34ddb38141ec89896b1ce2d9dc6849f4faaa8
fwaas_v2 extension is added in l3_agent.ini by default from stein.
However with the newly introduced neutron-api configuration parameter
enable-fwaas, the extension have to added only when it is set to true
on neutron-api charm.
neutron-api charm adds enabled-fwaas as relation data in the commit
https://review.opendev.org/c/openstack/charm-neutron-api/+/806676.
This patch removes special handling of fwaas_v2 as l3_extension_plugins
is already updated in relation data based on neutron-api enable-fwaas
configuration.
Remove python3-neutron-fwaas in package list from stein release. The
package is already part of dependency of neutron-l3-agent until Ussuri
release and the dependency will be removed from Victoria release in
package control files.
Synced charmhelpers to get related changes
https://github.com/juju/charm-helpers/pull/635
Partial-Bug: #1934129
Change-Id: I07db7fb7c2f00eaf4c0a5bcc082c73922b87d1c0
The neutron-gateway uses the firewall driver just as other nodes
do when running neutron-openvswitch-agent. It is currently
hardcoded to the deprecated iptables_hybrid driver. This patch
allows the driver to be changed to openvswitch same as with the
neutron-openvswitch driver with a firewall-driver config option
that defaults to iptables_hybrid so as to maintain backwards
compatibility.
Change-Id: I4f5482425c91b5ad556c384abba7c27137c1948f
VRRP healthchecks were enabled by default starting in the 19.07 charm
release for network deployments which utilize l3ha or dvr+snat. The VRRP
healthchecks have specific expectations that may not be satisfied in
various data centers. This leads to problems with networks as failed
healthchecks lead to router failovers.
This change alters the default config option to disable the vrrp
healthchecks by default and require users to opt in to using them. The
description around the option has been updated to indicate that doing so
may lead to routers failing over if ICMP pings are missed.
Closes-Bug: #192101
Change-Id: Ie0ebb8072fa802dc8c2478a0b3ca38202d49c85f
Sync charmhelpers.
Replace _ovs_additional_ids() calls with generate_external_ids() from
charmhelpers.
Replace sequence_functions() with sequence_status_check_functions()
from charmhelpers.
This allows to share helper functions between charm-neutron-gateway
and charm-neutron-openvswitch.
Change-Id: I8fc3b5c9e33e539b8b9c1d188acb8c79e8758244
Signed-off-by: Przemysław Lal <przemyslaw.lal@canonical.com>
Add OVS to OVN migration at the end of the regular gate test. This
adds only 5-10 minutes to each job and we want to confirm this
works from focal-ussuri and onwards as this is the point where we
recomend our end users to migrate from OVS to OVN.
Do ch-sync.
Merge after https://github.com/juju/charm-helpers/pull/511
Change-Id: I506f499c8c506d999e79f223f03a58abc29b8746
Depends-On: Ifa99988612eaaeb9d60a0d99db172f97e27cfc93
This patchset updates the configure_ovs() function in
hooks/neutron_utils.py such that ports and bridges in OVS are marked as
being managed by this charm. This will allow us to clean up obsolete
managed bridges and ports in a later patchset. (On configuration change
new ports and bridges might be created and former ones might become
obsolete.)
This patchset also fully deprecates the 'ext-port' config option such
that if both 'data-port' and 'ext-port' config options are set, the unit
is blocked. The README and config.yaml are updated to reflect this
change.
This patchset also fixes and removes a few dead links.
Relies on a charm-helpers version containing these patchsets:
https://github.com/juju/charm-helpers/pull/443https://github.com/juju/charm-helpers/pull/447https://github.com/juju/charm-helpers/pull/449
Related documentation:
* Deployment guide / Upgrades / Known issues: https://review.opendev.org/630290
* Release notes: https://review.opendev.org/742660
Change-Id: I8b459135d131e16865de40ff3eae16ea3bc7195e
Partial-Bug: #1809190
Defaults to 30s (i.e. enabled) but also allows disabling
healthchecks by setting to 0.
Change-Id: I49603c22d8085aabd6085058e4d4eb9c74e84a20
Closes-Bug: #1890900
Use the resolve_CONFIGS function to resolve the current set
of CONFIGS for the charm, rather than directly referencing
the CONFIGS global variable which will not be initialized
during action invocation.
Change-Id: Ifd084c94c9808b49dda39bafed9345bfbf6aab81
Closes-Bug: 1876585
The nf_conntrack module is not loaded early enough on boot,
thus when sysctl options are applied, its settings are not.
This results in the correct sysctl settings seen on deploy
time (because nf_conntrack was loaded previously by others)
but not after reboot, despite configured in /etc/sysctl.d/.
So, insert it in /etc/modules for module auto-load on boot
(available on Trusty via /etc/init/kmod.conf, then Xenial+
via systemd-sysctl.service).
Since users can configure the sysctl option and thus need
more modules, introduce the config option 'kernel-modules'
(with 'nf_conntrack' as default.)
It's handled before sysctl in the config-changed hook in
case some sysctl option(s) needs not yet loaded module(s).
In case of failure to load modules, log a warning message.
Closes-Bug: #1885192
Change-Id: I661a4fe2d9284455e536b073dc93696355baf122
Signed-off-by: Mauricio Faria de Oliveira <mfo@canonical.com>
Since Rocky, Octavia is a valid alternative as LBaaS.
If enabled, we should not configure Neutron LBaaS(v2)
agent at the same time.
The fact that we configure both means neutron-lbaas-agent
will generate messages on rabbitmq which never gets consumed
and creating alarms on NRPE without any actual issues.
This change introduces an option to disable neutron LBaaS
solution. Once activated, it masks lbaas agent service.
Change-Id: I10c4cc2983245efb5bef3d7cbc8e3b6963448a7d
Closes-Bug: #1825906
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.
Note that https://github.com/openstack/charms.openstack is used during tests
and he need `mock`, unfortunatelly it doesn't declare `mock` in its
requirements so it retrieve mock from other charm project (cross dependency).
So we depend on charms.openstack first and when
Ib1ed5b598a52375e29e247db9ab4786df5b6d142 will be merged then CI
will pass without errors.
Depends-On: Ib1ed5b598a52375e29e247db9ab4786df5b6d142
Change-Id: I07af25792bf55b00092ec9b1d47497e2f422fe6c
This change adds nova-api-metadata to the list of
deprecated services for NRPE checks. That will be
happen if disable_nova_metadata() is set to True.
Added an update to NRPE checks to quantum-network
-service changed hook, since its change defines
if nova-api-metadata should be deprecated.
Change-Id: I6b1174561f3dad3ec5334f1e38e45c068a0107a8
Closes-Bug: #1812813
ovsdb-timeout sets ovsdb_timeout in openvswitch_agent.ini, this option
is used to determine when ovsdb commands should be marked as fail. This
is helpful for large clouds or where the node is under pressure.
Change-Id: I0b0e397691c49d3fcebdd30bbe9b160789acf3c3
Closes-Bug: #1849732
This patch removes completely any lbaas related service when upgrading
to OpenStack Train.
Change-Id: I51a19e4890dfbc4c7cbb61b6d7fdfc7888ff9262
Closes-Bug: #1853868
Signed-off-by: Stamatis Katsaounis <skatsaounis@admin.grnet.gr>
* get a list of l3 plugins to enable based on relation data coming from
neutron-api;
* refactor adding fwaasv2 service plugins to the l3 agent to accommodate
the l3_extension_plugins change.
See https://github.com/juju/charm-helpers/pull/370
See LP: #1842353
Change-Id: Ic3a8e302942ed331bc3d80223e123c13d61db3b2
Closes-Bug: #1842353
This patchset removes the load-time mocking necessary due to load-time
function calls in 'constants'. The constants are changed to run-time
functions and and the lazy feature of restart_on_change is used, and the
harden disable for unit testing is switched on when needed.
Change-Id: I73e719ed082a7c8f9c477fd82094532bdbb8029b
The pre-patch version of unit-testing tested the git-repo version of
charm-helpers instead of the version that was synced to the charm.
The git-repo version of charmhelpers is pip installed to obtain the
testing part of charm-helpers, for the unit tests. Whilst this is a bug
(really), it was compounded in that - due to how the paths worked - the
unit tests' git version of charm-helpers was in the path first, and thus
all unit tests were performed using that version of charm-helpers, and
not the version actually synced into the charm. This has led to all
sorts of 'odd' double mocking of config in the tests as there are
potentially two copies of charm-helpers (as was the case for py27). A
further commit will undo that madness.
This patchset moves the charm synced version of charm-helpers earlier
into the path so it gets picked first when the modules are loaded.
Change-Id: Iff0566c52a283ff0cd2fc7707d981d8c47f3e6b2
Enable support for configuration of FWaaS v2 firewall group
logging.
Configuration options mirror those for neutron-openvswitch
for security group logging.
This feature is currently only enabled for FWaaS v2 at Stein
for the charms (but is supported back to Queens in Neutron).
Change-Id: If1b332eb0f581e9acba111f79ba578a0b7081dd2
Partial-Bug: 1831972
Two generic contexts to handle nova vendor metadata have
been implemented in charm-helpers. So, replace the existing
one here in order to simplify and unify the implementation
across all charms that handle vendor metadata.
Change-Id: I2a802c763f2f4403a6dfb17575aa742ca8072e96
Related-Bug: #1777714
THe sysctls are not available inside of a container, so we
should not set them.
Change-Id: I93e1052958a8c8fb44c0589caf7cb5d6a6019ab8
Closes-Bug: #1829047
If you want to have vrrp watch the external networking interface
today, the option ha_vrrp_health_check_interval [1] detects a failure
it re-triggers the transitional change - which works if the external
physical interface fails because the ping will fail.
In fact, we've tried to enable it before [2], but then we had to
revert it [3] due to instability issues [4] in previous releases of
OpenStack. Maybe the previous instability issue [4] was caused by
another keepalived issue mentioned in the comment [5], now I have
tested this option again, it works.
This is how neutron allows monitoring southbound network today, so
I would suggest we add this capability into the charm again.
[1] https://docs.openstack.org/ocata/networking-guide/ \
deploy-ovs-ha-vrrp.html#keepalived-vrrp-health-check
[2] https://review.opendev.org/#/c/601533/
[3] https://review.opendev.org/#/c/603347/
[4] https://bugs.launchpad.net/neutron/+bug/1793102
[5] https://bugs.launchpad.net/neutron/+bug/1793102/comments/5
Change-Id: If2947e7640545cb9a48215afb9b2439fdc33c645
Closes-Bug: 1825966
When clouds have a large number of hosts, the default size of the ARP
cache is too small. The cache can overflow, which means that the
system has no way to reach some ip addresses.
Setting the threshold limits higher addresses the situation, in a
reasonably safe way (the maximum impact is 5MB or so of additional RAM
used). Docs on ARP at http://man7.org/linux/man-pages/man7/arp.7.html,
and more discussion of the issue in the bug.
Change-Id: I701141784224f5f870f6da73a24bed8015694409
Closes-Bug: 1780348
On charm upgrade the charm may switch to py3 packages. If so, ensure
the old py2 packages are purged. If the purge occurs then restart
services.
Change-Id: Iddfff1c7ce929776c294034706305f5d77ae9ade
Closes-Bug: 1803451
After an upgrade to Rocky the nova-metadata-agent is broken due to
a problem importing the amqp lib. This patch simply restarts the
service after an upgrade.
Change-Id: I2c4df35b714a8af607937cb3ad4261db58ed3bbc
Closes-Bug: #1802365
The change adds an option to the charm to use JUJU_AVAILABILITY_ZONE
environment variable set by Juju for the hook environment based on the
underlying provider's availability zone information for a given machine.
This information is used to configure the availability_zone setting for
Neutron DHCP and L3 agents specifically because they support it
and for other agents (because both neutron.conf and agent-specific
configuration files are loaded) such as metadata agents and lbaas
agents.
Additionally, a setting is added to allow changing the default
availability zone because 'nova' is a default value coming from the
Neutron defaults for agents.
Change-Id: I94303aa70ee3adc6ace0f9af1e7c4f5c0edbcdb5
Closes-Bug: #1796068
The change turns off the local nova metadata service and uses
endpoint data recieved from the quantum-network-service relation
to point the neutron metadata service at the nova metadata service
on the nova cloud controller for Queens+.
Depends-On: I5ad15ba782cb87b6fdb3c0941a6482d201670bff
Change-Id: I7037a20feac73f3a3f1ed1b8b1b70d0fa534bc46
Update purge packages and py3 packages to include python{3}-neutron-lbaas
otherwise we still end up with a python 2 deployment.
Change-Id: Ib01bab2802a13bf72973af8d02f70a5797d18577
Switch to using python3-{nova,neutron} at OpenStack Rocky; purge
previously installed Python 2 modules on upgrade.
Switch default test target to bionic-rocky.
Change-Id: I0a2b48bfc8c950efea3e83c74ec3eb6dd43796c4
We actually need this upstream feature, but we found it has
another bug (lp bug: 1793102), so revert it first.
This reverts commit 7b60534ce8.
Change-Id: I8d8a755e250d4d80e269c853a9d3d97c3f364d40
The option ha_vrrp_health_check_interval [1] can re-trigger
the election process until a master is re-elected when multiple
masters problem appear. This is an important feature that enables
the system to recover automatically, we should enable it.
[1] https://docs.openstack.org/ocata/networking-guide/ \
deploy-ovs-ha-vrrp.html#keepalived-vrrp-health-check
Change-Id: Iaf15ac77e249d1fe4a5101068761302e53385642
Closes-Bug: 1732154
Using vendor metadata helps alleviate the need to spin custom images
for things like package mirrors, timezones, or network proxies.
Adds new config option 'vendor-data' which takes a JSON formated
string to be used as static vendor metadata.
Adds new config option 'vendor-data-url' which takes a URL which
serves dynamic JSON formatted vendor metadata.
Adds new NovaMetadataContext class which writes
/etc/nova/vendor_data.json and enables it via nova.conf.
Closes-Bug: 1777714
Change-Id: I1d70804e59d42b0651a462c81e01d9c95626f27d