As per the bug report, it's not enough to simply monitor that the
appropriate process is alive; there have been instances of the process
being alive but the port/API being unavailable.
This patch adds monitoring for Object/Container/Account API
availability.
I've tested the fix in my small test environment and I can confirm
it's working.
For reference, the following branch/commit was used as a functional
test (later rejected with the aim of moving the checks to Mojo):
https://github.com/openstack-charmers/zaza-openstack-tests/pull/395
Change-Id: I60c5b74279f71ca8f8bc769c93af2eab1f59e002
Closes-Bug: #1854299
As noted in lp#1691570, there is an issue with storage I/O during
coro-thread cleanup that affects the swift-object-replicator's ability
to complete replication successfully. This is most easily witnessed by
the lack of the every 5 minute replicated percentage complete messages
that should come from the swift-object-replicator daemon to syslog.
This patch monitors for and alerts on the condition of the "replicated"
line missing from syslog within the past 15 minutes.
Change-Id: Ieb15da3f3f67fa9bcad03151e36c70faae4c36c9
Closes-Bug: 1691570
The referenced bug is essentially: make vault:secrets relation to vault
but keep the 'encrypt' option as False. In this case, the Context
handling code in charm-helpers is expecting python3-hvac to be
available, but it is only installed if the encrypt option is set to
True. Hence the charm crashes. This resolves that crash.
Note the related charm-helpers fix [1].
[1]: https://github.com/juju/charm-helpers/pull/431
Change-Id: I92773b7c1f48d456091062751e69581fabe4c5f3
Closes-bug: #1862085
This patchset adds a support for Swift Global Cluster feature as
described at:
https://docs.openstack.org/swift/latest/overview_global_cluster.html
It allows specifying 'region' config option as part of the deployment.
Theregion is reflected later on in the Swift rings.
Change-Id: I11b6c7802e5bfbd61b06e4d11c65804a165781b6
Partial-Bug: 1815879
Needed-By: I406445493e2226aa5ae40a09c9053ac8633a46e9
Also gate checking vault context completing on whether
dependencies are installed.
Change-Id: Ib424abe608081da21207db262fb82362f23fe6ca
Closes-Bug: #1849323
Switch package install to Python 3 for OpenStack Train and later.
When upgrading, remove any python-* packages that were explicitly
installated and then autoremove --purge any dependencies that are
no longer required.
This patch also includes the following related changes:
* Use the common files package, swift, rather than python-swift
when using a package name to determine release.
Also add OS_* to tox.ini to allow functional tests to execute.
Change-Id: I121af845bf11c22052479a497b196a4670021256
The pre-install operations may fail, yet that failure is not
elevated to the user. This masks the failure and makes early
package install issues difficult to troubleshoot.
If the basic pre-install script fails, the charm should not
proceed to later hooks as the requirements may not be met.
Hashbangs for bash should specify -e (errexit) on all of the
pre-install bash scripts.
Change-Id: Ie2a9e473e35eb8067db2890c62b4af9adce3ed43
Closes-bug: #1815243
Partial-bug: #1815231
It is possible for swift-storage units to attempt
to request rings from a proxy unit that is no longer
serving them so instead of raising an exception we
catch it and move on since there will likely be a
another proxy notification waiting to be consumed.
Change-Id: Ib2e634d2ed3509bfe2aa9b792cc17c2ed89029f1
Closes-Bug: #1765203
When upgrading the charm some package dependancies are missing
such as python3-distutils. This patch uses the same approach as the
install hook to install packages before calling the the main python
hook code.
Change-Id: If3bfa6efd5a3924f3ca6d1309f82c3867cfd4c67
Closes-Bug: #1803418
Add new secrets-storage relation to vault, supporting the
use of block device encryption using dm-crypt/vaultlocker.
Prepared devices are now recorded in the local unit kv
store; this information is used to provide a list of
configured block devices to the swift-proxy charm,
rather than the previous best guess provided by
determine_block_devices. This allows us to use the
dm-crypt device name, rather than the underlying
block device.
Encrypted block devices are unlocked on boot using
vaultlocker-decrypt systemd units (enabled by vaultlocker);
/etc/fstab entries for such devices make use of a
x-systemd.requires option to ensure that the block device
is unlocked prior to attempting to mount it.
Add new storage binding to allow charm to be used with
Juju storage.
Add new ephemeral-unmount configuration option to allow
cloud ephemeral storage to be used for testing purposes;
update functional testing to use this option. The behaviour
of 'overwrite' was changed to accomodate the use of
encrypted block devices.
Change-Id: I9b3f8cd2de412ee96e0139dba4d4abdf998ecaf2
In a converged architecture with storage and compute on the same
host, UFW can get in the way of tunneled traffic interpreting it as
INVALID. UFW makes solving this more difficult than it needs to be.
See http://northernmost.org/blog/gre-tunnels-and-ufw/index.html for
context.
This change updates /etc/ufw/before.rules to add GRE as an allowed
input.
Also, guarantee ufw is installed for LP #1763716
Please review and merge charm-helpers first:
https://github.com/juju/charm-helpers/pull/170
Change-Id: I789854c33e3af12f7412633dbf7c921beb0ed2b5
Closes-Bug: #1757564
Closes-Bug: #1763716
The charm neglected to set default policy for routed which cases
applications deployed to containers to fail to deploy.
This change explicitly sets default policy allow for routed and
outgoing.
Closes-Bug: #1747032
Change-Id: I440e5e040ad433bf0cf6c4ce99439da456476914
Ensure that only the swift-proxy units and swift-storage peers have
access to direct communication with swift storage daemons.
Charm-helpers sync to include ufw module and the ingress_address and
iter_units_for_relation_name functions.
Please review and merge first:
https://github.com/juju/charm-helpers/pull/35
Closes-Bug: #1727463
Change-Id: Id5677edbc40b0b891cbe66867d39d076a94c5436
Resolve correct private-address for use on the swift-storage
relation, supporting 'prefer-ipv6' as well as Juju 2.0 network
spaces.
Change-Id: I3ee111c6abdd028c2c29e80dceb99178443da45a
Closes-Bug: 1697491
Allows the administrator to set custom sysctls on the storage
nodes. This is especially useful for setting kernel.pid_max.
Change-Id: Id902f799796a121578eba10de22e0eb9cc627b9d
Closes-bug: 1396613
Juju 2.0 provides support for display of the version of
an application deployed by a charm in juju status.
Insert the os_application_version_set function into the
existing assess_status function - this gets called after
all hook executions, and periodically after that, so any
changes in package versions due to normal system updates
will also be reflected in the status output.
This review also includes a resync of charm-helpers to
pickup hookenv and contrib.openstack support for this
feature.
Change-Id: I75009a66ce9c9d43e234f9c5acbb185ac4a66ba5
When using charmhelpers.contrib.network.ip apt install was quietly
failing. Install python dependencies in the early install hook
(before install.real).
Charm-helpers sync to bring in apt_install with fatal=True
Change-Id: I03b43c5bb75a831fa55fd09c43c5ba2f79ae123b
Partial-Bug: 1601972
All contributions to this charm where made under Canonical
copyright; switch to Apache-2.0 license as agreed so we
can move forward with official project status.
Change-Id: I97206ee8be76220cb0937a09be3230432e04535a
Add charmhelpers.contrib.hardening and calls to install,
config-changed, upgrade-charm and update-status hooks.
Also add new config option to allow one or more hardening
modules to be applied at runtime.
Change-Id: If0d1e10b58ed506e0aca659f30120b8d5c96c04f
Track devices that have been added to the ring and allow
devices to be added to the ring post-install (currently
only allowed within the install hook). Devices added to
the ring prior to this patch existing will be migrated
to the tracking store of devices to avoid conflicts.
Change-Id: Id268dc6369041a4d2db6f30a997dfa0c0d73b93f
Closes-Bug: 1383390
Brett Milford