* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml
Change-Id: I93da9ce52bed2b3e8a467491d2a61bfd2ed4ea7d
Depends-On: https://review.opendev.org/c/openstack/charm-swift-proxy/+/847513
swift-storage is often deployed alongside nova-compute where it
inherits some sane defaults for sysctl values, specifically around
conntrack configuration.
If its deployed standalone it does not recieve the same tuning,
but its very much applicable as access between swift-storage nodes
for rsync traffic is firewall limited so makes a high demand
on conntrack on the server.
Lift and shift the defaults from the nova-compute charm.
Change-Id: Iedd27a51ff93fd1670a418e1434c94875fe21643
Closes-Bug: 1879121
As per the bug report, the xfs-inode-size default value is in contradiction with the current upstream advice.
This patch removes the default value and accept the filesystem defaults for mkfs.xfs inode sizes.
Closes-Bug: #1879423
Change-Id: I9effc6052524ead9817454912284e3c48ce55901
- Add 22.04 to charmcraft.yaml
- Update metadata to include jammy
- Remove impish from metadata
- Update osci.yaml to include py3.10 default job
- Modify tox.ini to remove py35,py36,py37 tox target and add py310
target.
- ensure that the openstack-origin is yoga
- charmhelpers sync
Change-Id: Ie37826e7803659f2f40eaac5f8d539cce5ef145b
In order to prevent disks from filling up, add the option to configure
fallocate_reserve parameter in account-server.conf,
container-server.conf, and object-server.conf, as described in
https://docs.openstack.org/swift/latest/admin_guide.html#preventing-disk-full-scenarios
This change adds the config option file-allocation-reserve with a
default of 0.
Change-Id: Ib396a151250bb8d1733f9b5b9cab7eb506c9f6c6
Closes-Bug: 1872069
As noted in lp#1691570, there is an issue with storage I/O during
coro-thread cleanup that affects the swift-object-replicator's ability
to complete replication successfully. This is most easily witnessed by
the lack of the every 5 minute replicated percentage complete messages
that should come from the swift-object-replicator daemon to syslog.
This patch monitors for and alerts on the condition of the "replicated"
line missing from syslog within the past 15 minutes.
Change-Id: Ieb15da3f3f67fa9bcad03151e36c70faae4c36c9
Closes-Bug: 1691570
Swift default is used if no config provided.
As per swift docs, if node_timeout is set,
http_timeout ensured to be greater than
node_timeout.
Change-Id: Idf5945a6c2f64fcad8f2ab7cb137f1ce1f1dc424
Closes-Bug: #1878657
In extreme cases of object rebalance or node failure, swift environments
with millions of objects may have a hard time with objects landing in
handoff or misplaced partitions and the operator of the cloud may need
to prioritize migrating data in handoff partitions back to primary
partitions over the 3 primary partitions replicating amongst each other.
To allow for this, the object-server.conf [object-replicator]
configuration can have handoffs_first set to True which will force
the object-replicators to focus on handoff partitions before syncing
primary partitions for any given object partition.
Change-Id: I8b44c287567a0e6d634def0b13baf0fe4ad4aa7b
Closes-Bug: 1878087
This patchset adds a support for Swift Global Cluster feature as
described at:
https://docs.openstack.org/swift/latest/overview_global_cluster.html
It allows specifying 'region' config option as part of the deployment.
Theregion is reflected later on in the Swift rings.
Change-Id: I11b6c7802e5bfbd61b06e4d11c65804a165781b6
Partial-Bug: 1815879
Needed-By: I406445493e2226aa5ae40a09c9053ac8633a46e9
Make XFS inode size configurable, so that it could be set to the
desired value, if different than default 1024.
Change-Id: If621587a02746876ee6c35d7af2e878dbc2ac8ef
Closes-Bug: 1826552
Add new secrets-storage relation to vault, supporting the
use of block device encryption using dm-crypt/vaultlocker.
Prepared devices are now recorded in the local unit kv
store; this information is used to provide a list of
configured block devices to the swift-proxy charm,
rather than the previous best guess provided by
determine_block_devices. This allows us to use the
dm-crypt device name, rather than the underlying
block device.
Encrypted block devices are unlocked on boot using
vaultlocker-decrypt systemd units (enabled by vaultlocker);
/etc/fstab entries for such devices make use of a
x-systemd.requires option to ensure that the block device
is unlocked prior to attempting to mount it.
Add new storage binding to allow charm to be used with
Juju storage.
Add new ephemeral-unmount configuration option to allow
cloud ephemeral storage to be used for testing purposes;
update functional testing to use this option. The behaviour
of 'overwrite' was changed to accomodate the use of
encrypted block devices.
Change-Id: I9b3f8cd2de412ee96e0139dba4d4abdf998ecaf2
In a converged architecture with storage and compute on the same
host, UFW can get in the way of tunneled traffic interpreting it as
INVALID. UFW makes solving this more difficult than it needs to be.
See http://northernmost.org/blog/gre-tunnels-and-ufw/index.html for
context.
This change updates /etc/ufw/before.rules to add GRE as an allowed
input.
Also, guarantee ufw is installed for LP #1763716
Please review and merge charm-helpers first:
https://github.com/juju/charm-helpers/pull/170
Change-Id: I789854c33e3af12f7412633dbf7c921beb0ed2b5
Closes-Bug: #1757564
Closes-Bug: #1763716
Ensure that only the swift-proxy units and swift-storage peers have
access to direct communication with swift storage daemons.
Charm-helpers sync to include ufw module and the ingress_address and
iter_units_for_relation_name functions.
Please review and merge first:
https://github.com/juju/charm-helpers/pull/35
Closes-Bug: #1727463
Change-Id: Id5677edbc40b0b891cbe66867d39d076a94c5436
By default, statsd metrics can be sent by the swift account,
container and object storage services for diagnostic and
monitoring purposes, but are disabled by default. This change exposes
charm config settings that allow it to be enabled by setting
'statsd_host' to a non-empty value. 'statsd_port' and
'statsd_sample_rate' are also supported for changing the destination
port and rate at which metrics are collected.
Closes-Bug: #1729770
Change-Id: If1bf3ced8a9ed07af81f352eb0263659d147e3aa
The units for the object-rsync-timeout config option are not clear.
This commit clarifies that the specified value is in seconds.
Change-Id: I4d4492ee5590b8fbf02bbae4acaf1cceeb454c0c
Adds the rsync_timeout option to to object-server.conf, so we can adjust
it away from the default of 900s.
If there are a number of large partitions needing replication,
occasionally one needs to adjust the timeout in order to allow the rsync
to complete rather than timeout and retry.
Change-Id: I2d895741cb0528836a675deb6399005a5bf59ab5
Closes-bug: 1702039
Allows the administrator to set custom sysctls on the storage
nodes. This is especially useful for setting kernel.pid_max.
Change-Id: Id902f799796a121578eba10de22e0eb9cc627b9d
Closes-bug: 1396613
Change the worker-multiplier to a floating point config option type
instead of integer. This allows users to specify workers to be less
than the number of CPUs, which is useful in deployments with multiple
services deployed into containers on top of bare metal.
The fix is to simply change the config option type and to sync in
the necessary update from lp:charm-helpers.
Partial-Bug: #1602444
Change-Id: I31d7652e7ad5db0185b78e2c4c2c1d2ddba05be2
Signed-off-by: Billy Olsen <billy.olsen@gmail.com>
Add charmhelpers.contrib.hardening and calls to install,
config-changed, upgrade-charm and update-status hooks.
Also add new config option to allow one or more hardening
modules to be applied at runtime.
Change-Id: If0d1e10b58ed506e0aca659f30120b8d5c96c04f
Corey Bryant