The cloud-compute relation uses the private-address setting to
reflect the hostname/address to be used for vm migrations. This
can be the default management network or an alternate one. When
this charm populates ssh known_hosts entries for compute hosts
it needs to ensure hostname, address and fqdn for the mgmt network
is included so that Nova resize operations can work if they use
the hostname from the db (which will always be from the mgmt
network).
Change-Id: Ic9e4657453d8f53d1ecbee23475c7b11549ebc14
Closes-Bug: #1969971
This patch checks if HTTPS configuration is enabled in Apache to
determine if the websocket protocol should switch from 'ws' to 'wss' or
not.
Change-Id: I738652373604966b6df079e45a0ad26c83e21688
Closes-Bug: #2039490
This new interface consumes information exposed by openstack-dashboard
to correctly configure nova-serialproxy and allow requests coming from
the web browser that tries to load the serial console.
Change-Id: I2d82abffb9649f16a792f180806cea36cc5e25df
Closes-Bug: #2030094
The method was refactored (in part) to use sets to enforce uniqueness of
the hosts. Unfortunately, a list method (.append()) slipped through
that should have been converted to .add(). This fixes that error.
Change-Id: I248430cd1a9156efab745fe110a39441b503b3a5
Closes-Bug: #1992789
The original code was appending a str to a list rather than either
appending it or adding it as a list of one element. The code avoids
append to avoid unintentional side-effects.
Change-Id: I1466981f1d68f8dea3bbe32fdde6c4825056c0d0
Closes-Bug: #1927698
Upon running hooks that update ssh_keys, they
end up duplicated in the /etc/nova/compute_ssh/* files
and cloud-compute relations because the code that
checks whether the keys already exist are currently
not working.
This change fixes the deduplication code and improves
unit tests, while also handling a special case for
specific ubuntu-version scenarios.
Change-Id: I93f9418d5340e7cb599a42970d78557362c1542f
Closes-bug: #1943753
When a cloud is deployed earlier than the Train release, the placement
service is provided by nova-cloud-controller. As part of an upgrade to
Train, the new placement service is added and updates the placement
endpoint in the service catalog. The nova-cloud-controller charm no
longer advertises the placement service URL, but because the data
exists on the relation until removed, the service catalog changes the
placement URL to the placement endpoints advertised from
nova-cloud-controller.
Fix this by explicitly removing the placement service URLs when the
placement service is not provided by nova-cloud-controller.
Change-Id: Ibb3b1429820a4188fe3d2c1142c295c0de4ee24e
Closes-Bug: #1928992
This action should be used to sync the Juju availability zones,
from the nova-compute units, with the OpenStack availability zones.
The action is meant to be used post-deployment by the operator.
It will setup OpenStack aggregates for each availability zone, and
add the proper compute hosts to them.
Co-Authored-By: Billy Olsen <billy.olsen@canonical.com>
Change-Id: Ibd71cd61e51b04599eadf21b3ef46e47544b8814
The charm looked for `keystone_juju_ca_cert` on disk
instead of
`/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt`
Synced charm-helpers for
https://github.com/juju/charm-helpers/pull/570
Change-Id: Ib7cfdadc3a75fca951792ef2c2e2b454b1ad021d
Closes-Bug: #1915504
Note that part of this fix belongs in c-h, but let's add it here
as a tactical measure given we are practically frozen.
Enable TLS in the functional test for focal-ussuri and onwards.
Also switch to focal-ussuri as target for smoke.
Drop Trusty/Mitaka as it currently does not pass with symptoms
like https://bugs.launchpad.net/charm-nova-compute/+bug/1861094
Closes-Bug: #1911902
Change-Id: I7b12479ce3afb94a0fb21c26b1ac78736b81aba2
There is a 'hole' in the user experience where if you try to
openstack-upgrade from stein to train but have no already related
placement to the nova-cc unit, then the openstack upgrade is aborted and
a workload message indicates that the relation is needed.
However, if you then subsequently add the placement relation, the
warning goes away, but the payload is not upgraded to match the
openstack-origin value.
This patch adds a warning if the openstack-origin is for train, the
payload is stein, the action-managed-upgrade is false and the placement
relation is made; i.e. that the operator fell into the above hole.
Change-Id: I360f2d72cad374c31ee766065af682e2fa6218d1
Closes-Bug: #1910276
Prior to this change, cell1 was updated when there was a database
or rabbitmq-server relation change, but cell0 wasn't. Ensure that
cell0 is also updated.
Change-Id: I670d0295ea339b21166ef7b18509b04a5beaa959
Closes-Bug: #1892904
New config option count_usage_from_placement is added in Nova from
Train release to enable/disable counting of quota usage from placement
service. Corresponding config parameter is required in nova-cloud-controller
charm.
This patch introduces quota-count-usage-from-placement config parameter in
nova-cloud-controller charm. For openstack releases train or above, this
option is rendered in nova.conf for nova-cloud-controller units.
func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/250
Change-Id: I57b9335b7b6aecb8610a66a59cb2e4e506e76a5e
Closes-Bug: #1864859
Allow attach between instance and volume in different
availability zones. If False, volumes attached to an
instance must be in the same availability zone
in Cinder as the instance availability zone in Nova.
Change-Id: I21df8e0dfa585133c5ef6a55cdbbc2071c267424
Closes-Bug: #1856776
Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments..
Change-Id: Id0b3ce106e2779ce6a44b59c0b08fb1011dfdd54
Closes-bug: #1845665
When resuming services exclude those managed by hacluster, in
this case haproxy. If pacemaker lacks quorum it may shut haproxy
down which will cause this charm to error.
Charmhelper sync included to bring in required
get_managed_services_and_ports method.
Change-Id: I063c168595bee05c924cb23469f8dc866a43982b
Openstack services don't use the default ports (80 and 443), so
change Apache to not open them.
Change-Id: I518465cd2d6f53e229ab81ebd751f311f8627f83
Closes-bug: #1845665
The linked bug is due to a computed shorthost name that is taken as the
first 'word' in a dotted fqdn provided by rDNS when resolving the IP
address of a nova-compute host. However, depending on the DNS server,
this shorthost may not actually exist in the DNS server. This patchset
ignores ssh-keyscans where effectively the host can't be reached and so
the shorthost is not added.
Change-Id: I9ca82e00a79a3eecf37231620f648683edc0bc95
Closes-Bug: #1849501
Make placement a required interface for train and above as
placement is required in order to schedule instances.
Change-Id: If2472ec24df4c3d90b14189f8c4d3cceee5edc97
Closes-Bug: #1849893
As of OpenStack Train, the placement charm manages the placement API, and it
is no longer managed by nova-cloud-controller. This requires the placement
charm to be deployed and related to nova-cloud-controller prior to upgrading
nova-cloud-controller to Train.
This patch ensures that if an attempt is made to upgrade nova-cloud-controller
from Stein to Train, and placement is not yet related, it will block and
prevent the upgrade.
Change-Id: I217adfb59aed2e509a56b6559a528ae4c0adaa48
Closes-Bug: 1848529
The Nova console authorization has been moved to the database
backend and the separate service and package is no longer
necessary.
Change-Id: I672ae9538dc687a1c868bf99001041a54241ec24
Closes-Bug: #1848478
The placement project has split from nova into its own project
in Train. This patch disables the nova placement API as of Stein
when the placement charm relatation joins, and discontinues
nova placement installation as of Train for new installs.
Change-Id: If7c37ef8936e418b5afd21d83c9322563348cbcf
Needed-By: https://review.opendev.org/#/c/687915/
Partial-Bug: 1811681
At Stein, the default mysql dialect in SQLAlchemy switched back
to MySQLDB in Ubuntu; as a result the db connection URL's stored
in the nova_api database for Nova cells are stale and need to
prefixed mysql+pymysql:// to work with the pymysql dialect.
However at this point in time there is no way to update the DB
URL for Nova Cell 0.
This fix works around this problem by installing python3-mysqldb
which provides the default dialect needed when using mysql://
prefixed DB connection URI's.
Change-Id: I3f74f18f649786fefa113fc3d8fa7c24010a185d
Related-Bug: 1835037
This change adds caching for the host look ups associated with a
private-address of a unit. This cache is maintained across hook
invocations, and is designed to reduce the time spent in
cloud-compute-relation-changed hooks (which occur as nova-compute units
join and update on the cloud-compute relation).
The feature has been added under an EXPERIMENTAL config flag (with the
default being "don't use the cached values") in case there are any
corner cases around DNS resolution in the deploying cloud during
deployment.
An action is included to allow clearing of the cache at unit,
application and whole relation level. This clears the cache and
re-triggers the host resolution, and relation updates. This is in case
of either 1) DNS changed during the deployment, 2) DNS has been altered
during the running of the cloud.
Change-Id: I5a68bf4c30bf1591184d660d50559c969822ddcf
The main driver here is to separate the concerns of resolving host names
and adding them to service/user related files. This is to enable the
(eventual) resolution of the feature to allow migrations across
relation ids (i.e. between nova-compute applications) and to enable
caching of hostname look ups.
Change-Id: I406d1daacbcc74eb6f3e090f9a46e01dd3e19cc8
Refactor ssh_known_hosts_lines() and ssh_authorized_keys_lines to be
easier to maintain and only call rstrip() once (per function).
Change-Id: Id2774bb1551e4826a2fd71d1a371d65ab2439a7d
The nova-api (commit 962790239b)
introduced a 'nova-api' ready relation, but it was never added to the
metadata.yaml and it has never been used. This commit removes it, as
there is no need for it after 3 years, and it therefore has a
maintenance burden, even if not being used.
Change-Id: I6b13e2639b808fd640a6f8d892d1e3dd58215361
This removes one loop, but also changes the unit test so that it is not
dependent on the implementation of the function, specifically w.r.t. the
number of writes to the output file (which can now be changed in the
future).
Change-Id: Ieb0a373ed55971af0c357fa89c199fb781e772ab
When using DVR and L3HA neutron deployment options,
Nova API Metadata requests are served from compute nodes,
instead of from neutron-gateway nodes.
This change allows nova-cloud-controller to send vendor_data
configuration values to nova-compute charm relation so it
can write to nova-compute's nova.conf appropriately.
Replaced the existing context logic with inheritance
from a new context created in charm-helpers, so the
logic can be shared across several charms that write
vendor metadata to nova.conf and vendor_data.json.
Also, small fix in the vendor-data and vendor-data-url
descriptions, where it was incorrectly stating that such
configuration would be effective in nova-cloud-controller
on Queens release.
The values set in vendor-data and vendor-data-url config
options will always be propagated to nova-compute regardless
of the OpenStack release. Those values will continue to only
be effective in nova-cloud-controller nodes on Rocky release
or later.
Included sync of charm-helpers code in order to inherit
the refactored vendor metadata contexts.
Change-Id: If8373fc6b2d04dbc29ed07896d385ac920cae3f4
Depends-On: I0c79e1bfac9fbe7009a7e862ad010cfa2de8cfda
Closes-Bug: #1777714
If the certificates change then services needs to be restarted. This
change adds the SSL directory to the restart map to ensure any
certificate changes trigger a restart.
Also, if the certificates change we need to pass those on to
nova-compute.
Change-Id: I4cb2f760c26f0804d3cb7466c8aa741d5e0ec314
Closes-Bug: 1828530
Check if console is enabled in this deploy before trying to start
console service. As part of this add a functions to determine whether
console is enabled and change existing methods to use them.
Change-Id: I91e2654bb0c5f89f51c703330ae2bd0a64cc84f3
Closes-Bug: #1820266
Remove support for single-nova-consoleauth operation; this option
managed a single instance of the nova-consoleauth process across
a cluster nova-cloud-controller application using the hacluster
charm. This proves somewhat racey on deployment as the ocf resource
deep checks the operation of nova-consoleauth including connectivity
to AMQP etc.. If the clustering of the service occurs before
other principle relations have been completed, the resource will
fail to start and the hook execution will spin, never returning.
HA deployments should always use memcached to share tokens between
instances of the nova-consolauth daemon; If the 'ha' relation is
detected, then ensure that a memcache relation is then required
for charm operation.
To support evaluation of the memcache relation completeness
the memcache specific code in InstanceConsoleContext was split out
into a new memcache specific class RemoteMemcacheContext.
Existing pacemaker resources will be deleted on upgrade; units will
move into a blocked state until a relation is added to memcached.
The nova-consoleauth service is resumed on upgrade to ensure that
instances run on all nova-cloud-controller units.
Change-Id: I2ac91b2bd92269b761befeb7563ad01cc5431151
Closes-Bug: 1781620
Due to an issue in python3 oslo_cache+eventlet when using
memcached. As workaroud for Rocky it has been decided to run service
nova-api-os-compute from systemd to apache2.
Closes-Bug: #1812672
Depends-On: https://review.openstack.org/#/c/633218
Depends-On: https://review.openstack.org/#/c/633482
Change-Id: I3bf279638c5decf1020345f3d2e876e379144997
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
Since we will have to generate a HAProxyContext for
nova-compute-os-api, this change add new class
PlacementAPIHAProxyContext which extends HAProxyContext.
Partial-Bug: #1812672
Change-Id: I56920e3d9c5216cdd5a8ea8b83714e65b777a78b
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
Currently we directly use the one provided by charmhelper which does
not allow to reuse it for an other service. In this commit we symlink
a new template called wsgi-placement-api.conf to
charmhelper/../wsgi-openstack-api.conf.
The disable_package_apache2_site() call has been added in
do_openstack_upgrade() since previously it was not necessary to have
it during this step.
The disable_package_apache2_site() call has been added in
upgrade-charm to ensure that we remove old wsgi config for users which
are already using bionic-rocky and are upgrading their charm.
Partial-Bug: #1812672
Change-Id: Idc3cad9304eaf9b610db20650c32cd754f016358
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
In order to have nova-metadata-api use the same dns-domain as neutron
when nova-metadata-api runs on nova-cloud-controller we must recieve
the dns-domain on the neutron-api relation.
Change-Id: I22c88a6fea87c56efdb5d93474a5ec7d2a6432d0
Partial-Bug: #1805645
The issue was the original commit had a bug (using the wrong variable),
and also that there were no tests to verify the functionality. This
patchset fixes the bug and adds tests to verify the contract.
Change-Id: Ia8b5580132c5a592461a57fb514994ab64a9ed42
Closes-Bug: #1805128
On charm upgrade the charm may switch to py3 packages. If so, ensure
the old py2 packages are purged. If the purge occurs then restart
services.
Change-Id: I984a227b3fe12a0086c926ae69c27d6e4d9741d3
Closes-Bug: 1803451
The keystone_ca_cert_b64 function retrieved the CA cert from a file
before encoding it but it was passing a str to the b64encode which
requires a bytes-like object.
Change-Id: Iafaf5916b04746eb045fcd3dfe9676a80c88b464
Some major changes:
* the charm has been rebased (from a Python perspective) to be rooted in
the charm directory. This is a single root.
* Imports have been changed so that the don't add lots of imports to the
namespace of the module doing the import.
* The code that used to run at module import time has been made lazy
such that it only has to run if the relevant functions are called.
This includes restart_on_change parameters, the harden function and
the parameters to the guard_map. Appropriate changes will be
submitted to charm-helpers.
* Several tests had to be re-written as (incorrect) mocking meant that
text fixtures didn't actually match what the code was doing. Thus,
the tests were meaningless.
* This has had a net positive impact on the unit tests wrt to importing
modules and mocking.
Change-Id: Id07d9d1caaa9b29453a63c2e49ba831071e9457f
Drop python-six from the list of packages to install/purge on
upgrade to py3 workload execution.
This was a legacy requirement in obsolete packaging versions
of Nova.
Purging six has the side effect of removing crmsh from the unit
in clustered deployments.
Change-Id: I9dfe7b031562c8f3e85445486ba16b3c7b2465ca
In a cells deployment its possible that the top-level
nova-cloud-controller will have no compute nodes associated with it.
This change fixes the work load status in that scenario.
There is also a drive by fix to return empty contexts for the cell
db and amqp contexts if the relation do not yet exists.
Change-Id: Ia8eeccb6794dd016185eb0cfb05339b76cef9348
This change adds relations necessary for registering a compute cell
with the superconductor. For a cell to be registered this charm
must have relations with the compute cells conductor, database and
message queue. Only when all these relations are complete can the
registration happen. Below are major changes included in this PR.
* Add nova-cell-api relation for communicating with the
nova-cell-conductor
* Add shared-db-cell relation for communicating with the
a compute cells database.
* Add amqp-cell relation for communicating with the
a compute cells message queue.
* Add methods for registering cells with the
superconductors database.
* Charm helper sync
Change-Id: Ic6ddc29426319b98b147c29031f60485fccc513f
Switch package install to Python 3 for OpenStack Rocky or later.
When upgrading, remove any python-* packages that were explicitly
installated and then autoremove --purge any dependencies that are
no longer required.
Change-Id: I87ee4a0a854f88b931093f6245a3a1057bf56c57
Add a service for handling nova metadata api services. This was
previously handled by the neutron-gateway and still is for
deployemnts up to and including Pike, For the neutron metadata
service and the nova service to communicate they need a shared
secret. To achieve this, the change includes:
* A charmhelper sync to get support for multiple wsgi vhosts
* Rendering new wsgi vhost and corresponding haproxy config.
* Setting a shared-secret down the relation with the neutron
gateway.
* Remove fragile keystone authtoken checks as they are failing
after a ch sync and any issues will be caught by the instance
launch functional test.
Change-Id: I5ad15ba782cb87b6fdb3c0941a6482d201670bff
Edward Hope-Morley