Commit Graph

625 Commits

Author SHA1 Message Date
Gabriel Cocenza 51e32a4f7e Add support for HAProxy L7 checks
This change add several configuration options to enable HTTP checks
to the HAProxy configuration, instead of the default TCP connection
checks (which continue to be the default). It also enables /healthcheck
endpoint for cinder-api on openstack releases >= ocata.

Closes-Bug: #1880610
Change-Id: I9d118f70fc1390be7b800ad20ae20e77818adac7
2023-03-29 09:48:30 -03:00
Trent Lloyd ba8d8fc3e1 Add identity-credentials relation support
Implement support for the identity-credentials relation as an
alternative way to get keystone credentials when we are not registering
a service endpoint via the identity-service relation.

This solves an issue where the image volume cache does not work when the
cinder volume service is deployed as a second cinder application
('cinder-volume') having enabled-services=volume set.

Previously the following items were missing from cinder.conf:
cinder_internal_tenant_project_id
cinder_internal_tenant_user_id

Resulting in the image cache not functioning with the following warnings:
Unable to get internal tenant context: Missing required config
parameters.
Unable to get Cinder internal context, will not use image-volume cache.

As there are now two possible interfaces to keystone ('identity-service'
and 'identity-credentials') any existing bundles that don't specify the
interface 'identity-service' when relating to keystone will fail to
deploy and will need to be updated.

Closes-Bug: #1978452
Change-Id: Ieef500c9c55eb3968b3e2e231a8ff6e2a5ec148d
2023-01-20 14:53:39 +08:00
Felipe Reyes ca61c8e7fe Retry online_data_migrations until exit code 0 or 2.
The command 'cinder-manage db online_data_migrations' has three possible
exit codes:

- 0: The migrations have been completed successfully.
- 1: Some migrations have been completed, but more objects need to be
  migrated.
- 2: Some migrations are generating errors and manual intervention is
  needed.

This change will run in a loop the command online_data_migrations in
batches of 5000 objects, when the exit code is 1 runs again, when the
exit code is 0 the loop is stopped, when the exit code is 2 a
CalledProcessError exception is raised.

Change-Id: Iee99e9ab9777392f05c1a0db55951d97773bb0ba
2022-10-07 17:09:24 -03:00
Billy Olsen d33a2d0567 Check for online_data_migrations when syncing db
Due to bug #1908037, the database sync can fail if the volume types
have not been migrated to the __DEFAULT__ volume type. When this fails,
a message will be sent telling the user to run online_data_migrations.
Check for this error, and when it occurs, run the online_data_migrations
and then retry the db sync.

Closes-Bug: #1908037

Change-Id: I0cd9a9db256b0adffbb244222a66c85d055840c4
2022-10-06 21:27:26 -03:00
Corey Bryant 0fa3fdadd0 Ensure openstack-release package is correct after install hook
The linked bug shows the install of the charm with openstack-origin set
to zed.  This happens because configure_installation_source() causes the
openstack-release package to be installed *before* the zed cloud archive
sources are configured into /etc/apt and an apt update done. This means
that the openstack-release package says "yoga" despite the zed packages
actually being installed.

Then, on the config-changed hook, it sees that the installed version is
showing as yoga and tries to do an upgrade.  This fails, as the charm
hasn't yet bootstrapped, and the charm tries to bootstrap after
upgrading the packages.

There's a few bugs here which are exposed, but the tactical fix is to
force the openstack-release to match the installed packages.

Closes-Bug: #1989538
Change-Id: Ifc35474c98b1ffa1d7d81ac42deb897ace7db885
2022-10-05 14:46:46 +00:00
Alex Kavanagh a50281db83 Stop endless cycles on openstack upgrade
If an HA cinder deployment is upgraded twice and the leadership has
changed, there is a potential race that can be triggered where because
the CINDER_DB_INIT_RKEY is different on the units that have been the
leader.  This race is that when the unit tries to decide whether it has
reflected the 'new' RKEY it sees a different one from each unit.  By
clearing the rkey, it ensures that only the relation changed event from
the leader actually causes a restart.

Change-Id: I712502a666f23421cc58925f10b7643e3482d861
Closes-Bug: #1928383
2022-05-12 12:01:40 +01:00
Nobuto Murata a0f44d0f90 Install ssl_ca for volume service only scenarios
The CA information is necessary to talk to Keystone or Glance from the
Cinder volume service. This is a follow-up of the following change where
the Vault certificate relations is assumed but ssl_ca wasn't addressed
at that point.
I69f15c3fd164f7114f5498d100b2832caf93fb00

Closes-Bug: #1967302
Change-Id: I4d7b3721fe7dfd6f7cdfd364d8c5bc340d38c00f
2022-04-01 10:12:58 +09:00
Samuel Walladge 7f97a6d30e Add support to configure scheduler_default_filters
Add new config option: `scheduler-default-filters`.
This is unset by default, so cinder retains the default value for
scheduler_default_filters.

Closes-Bug: #1956727
Change-Id: I9777bf8fe5ddbb69689db60c2790e8a4be57e1ab
2022-01-25 11:04:40 +10:30
Nobuto Murata bde329d973 Make sure iscsid has a unique InitiatorName
os_brick may require InitiatorName in /etc/iscsi/initiatorname.iscsi
before iscsid is invoked via iscsid.socket with iscsiadm. Cloud images
including MAAS ones have "GenerateName=yes" instead of "InitiatorName="
on purpose not to clone the initiator name. Let's initialize it so
Cinder units can be fully ready to accept iSCSI based subordinate and
storage backend charms.

Closes-Bug: 1825809
Change-Id: I413bbb29dd609e0c86ac3691556f37a9fcc13439
2021-12-01 12:17:49 +09:00
Corey Bryant bc48c60f1c Drop creation of v2 endpoint from OpenStack Xena+
In this patch we drop creation of the v2 volume endpoint for
OpenStack Xena onward. Upstream cinder removed the block storage
v2 API in commit e05b261a "Remove Block Storage API v2".

func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/670
Depends-On: https://review.opendev.org/c/openstack/charm-cinder/+/816007
Closes-Bug: #1947387
Change-Id: Ie553a53f794f2cdd262bf77364e6374244844b92
2021-11-22 09:18:02 -05:00
Billy Olsen c5896a884a Revert "Group cinder-volume services using cluster config"
This reverts commit 2603a774b1, which
converted cinder to use cluster configuration for stateless services.
While well-intentioned, this causes problems due to the lack of a
proper migration for those backends which are not able to support
ACTIVE-ACTIVE configuration.

Configurations that do not support ACTIVE_ACTIVE driver will have the
volume service fail to start, which will cause a service outage.

Change-Id: I7bf4baaf80e5bb58b5c1cf55a2065f3bc50dbced
Related-Bug: #1945239
2021-10-21 18:55:47 -07:00
Zuul 6bc43bd756 Merge "Group cinder-volume services using cluster config" 2021-10-01 09:09:30 +00:00
Rodrigo Barbieri 2603a774b1 Group cinder-volume services using cluster config
Usage of "host" config for grouping cinder-volume
services for the purpose of stateless config and/or
active-active HA is not recommended.

The usage of "cluster" config is recommended for
achieving that behavior. This change replaces the
usage of "host" with "cluster".

Change-Id: I249ce179cfdaf2394ee4e8481a8c9644d667ea99
Closes-bug: #1945239
2021-09-30 17:23:18 -03:00
Aurelien Lourot 3d043ae144 Process subordinate releases packages map
For principal - subordinate plugin type relations where the
principal Python payload imports code from packages managed by a
subordinate, upgrades can be problematic.

This change will allow a subordinate charm that have opted into the
feature to inform its principal about all implemented release -
packages combinations ahead of time. With this information in place
the principal can do the upgrade in one operation without risk of
charm relation RPC type processing at a critical moment.

Related-Bug: #1806111
Change-Id: Ic8ea4fe6109081814045adea7ce6688b3564c9e5
Co-authored-by: Aurelien Lourot <aurelien.lourot@canonical.com>
2021-09-28 10:44:26 +02:00
eric-chen dd5137c2e7 Add support for configuring image volume cache
Support new configuration to turn on image volume cache in Cinder
service. User can control the maximum size and count from
configuration too.

Closes-Bug: #1869903
Change-Id: If96dbb9c0974bfa1f6d67405bb430a7cd251f821
2021-09-16 15:25:13 +08:00
Alex Kavanagh 5a3bea35c4 Sync libraries & common files prior to freeze
* charm-helpers sync for classic charms
* charms.ceph sync for ceph charms
* rebuild for reactive charms
* sync tox.ini files as needed
* sync requirements.txt files to sync to standard

Change-Id: I6027b4bb12dce36a7b10df2e14cafd5dc6ee963b
2020-09-28 13:07:05 +01:00
Nobuto Murata 12193d2bc2 Allow specifying default_volume_type
It's useful when multiple storage backends to be connected to Cinder.
The corresponding volume type must be created after a deployment via API
to take effect, e.g., `openstack volume type create VOLUME_TYPE
--property volume_backend_name=BACKEND_NAME`

Please note that there is a regression in upstream as LP: #1879578, so
it doesn't work for Train or later releases until the issue gets fixed.

The other way to have the similar effect is to edit the definition of
__DEFAULT__ volume type via API (available for Train or later releases).
Howevers it's not as flexible as the option in cinder.conf since it
doesn't allow any modification unless all of the volumes with the
__DEFAULT__ type get deleted.

Change-Id: I031a6bf2a066bb9d3157e545bb9df782a76551f3
Closes-Bug: #1884548
2020-08-19 17:51:35 +00:00
Alvaro Uria 71f968faf1 Ensure API not configured on volume-only units
COMMON_PACKAGES included haproxy and apache2. However, enabled-services
can request a unit to only run cinder-volume. Cinder API related
services should not run or get monitored.

func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/337

Change-Id: I69f15c3fd164f7114f5498d100b2832caf93fb00
Closes-Bug: #1779310
2020-07-01 10:50:03 +02:00
Alex Kavanagh fc8e95f8c7 Wrap lvm commands in try: except:
Due to the additional of the cinder storage, it's possible that the
log_lvm_info() commands gets called really early before lvm has been
configured.  This wraps the call to pvscan and logs if it doesn't
complete -- the command is just to log the state of lvm at that point.

Also, defensively wrap the reduce_lvm_volume_group_missing() calls for
the same reason.

Closes-Bug: #1878227
Change-Id: I217f62d3f620992d1b18475ca5c3031da9428828
2020-05-13 17:13:05 +01:00
Alex Kavanagh 7a98ea3daa Add juju storage support to the charm
This feature adds juju storage support to the charm.  This is largely to
deal with the related bugs, but also makes the charm more useful.

Release-Note: https://review.opendev.org/#/c/718410/

Related-Bug: #1801349
Change-Id: I056967f4e83f4c99a4aac1090056dd4f320c03f5
2020-04-08 14:15:02 +01:00
Zuul b0a3dd8907 Merge "Disable Apache port 80" 2020-01-31 15:50:01 +00:00
Liam Young 0585d9a96b Do not access DB when it is in maintenance mode.
If the database is in maintenace mode do not attempt to access
it.

Depends-On: I5d8ed7d3935db5568c50f8d585e37a4d0cc6914f
Change-Id: I131079ea390d11c1208f75b8b97ab4cff7fb47ff
2020-01-30 12:35:18 +00:00
tpsilva 962225ecca Disable Apache port 80
Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.

Change-Id: Iaa80573dc2661089093c4c87ab100bf941f8b3b8
Closes-bug: #1845665
2020-01-27 17:33:51 +00:00
Liam Young 605352cfe0 When resuming, exclude haproxy
When resuming services exclude those managed by hacluster, in
this case haproxy. If pacemaker lacks quorum it may shut haproxy
down which will cause this charm to error.

Charmhelper sync included to bring in required
get_managed_services_and_ports method.

Change-Id: I00fa695edb7651098d9c7afdd4df823d66a01aef
2020-01-25 07:45:19 +00:00
Tiago Pasqualini da Silva ebcbb5bc90 Revert "Disable Apache default ports"
This reverts commit 2b251b093f.

Change-Id: I28a3634eb1d980c16aea804e11eb1bbc0c88beec
2019-12-20 02:05:28 +00:00
tpsilva 2b251b093f Disable Apache default ports
Openstack services don't use the default ports (80 and 443), so
change Apache to not open them.

Change-Id: I896334b232589baacb48da2285829f9e9f0963f9
Closes-bug: #1845665
2019-11-27 12:51:48 +00:00
Alex Kavanagh 6ee32006e5 Policyd override implementation
This patchset implements policy overrides for cinder.  It uses the
code in charmhelpers.

It also fixes several bugs in the bundles where the actual version of
cinder that was being installed was the distro default rather than the
one that the bundle described.

Change-Id: Ic979dcb96ddb931fadb1fa4a4b36108244ddf306
Closed-Bug: #1741723
2019-10-14 15:11:13 +01:00
James Page 8d977e8152 Ensure identity-joined execute post upgrade.
Re-execute the identity-joined relation to ensure that cinder v3
API endpoints are registered for OpenStack Pike or later.

Change-Id: Ia259696b787188218003f63ab510eb143c0ea563
Closes-Bug: 1809634
2019-03-04 11:56:27 +00:00
Liam Young 233dc6a760 Add support for nfs cinder volumes
Cinder volumes which are provisioned via nfs are initially mounted
on the cinder node. For this to work the nfs-common package is
needed.

Change-Id: Iac11c262c6e5408303b3afda8633b0252055cfec
Closes-Bug: #1816820
2019-02-20 17:23:29 +00:00
Zuul 4ca1bbab37 Merge "Add policy to allow owner to force delete volumes" 2019-02-12 12:44:31 +00:00
Ryan Beisner 9eb22b8949
Update pre-install hooks to fail on error
The pre-install operations may fail, yet that failure is not
elevated to the user. This masks the failure and makes early
package install issues difficult to troubleshoot.

If the basic pre-install script fails, the charm should not
proceed to later hooks as the requirements may not be met.

Hashbangs for bash should specify -e (errexit) on all of the
pre-install bash scripts.

Change-Id: I3e421d586df341113bbcd1888f280a2ea24c52b9
Closes-bug: #1815243
Partial-bug: #1815231
2019-02-08 15:47:48 -06:00
Chris MacNaughton 26c0dec5f3 Add policy to allow owner to force delete volumes
The default in cinder is to only allow the admin to
force delete a volume; this change allows the
admin_or_owner to force delete a volume.

This was previously authored by Chris MacNaughton in change
I703a21b68186059a63f0d06d88cd2528e821f3d3
And then reverted in change
I77f9351da8516e5af40fea57400101e6dd16b528

This change includes gating on the OpenStack version.

Change-Id: I35599bae8a94724869a36c555ebfc6bf94384bd4
Co-Authored-By: Chris MacNaughton <chris.macnaughton@canonical.com>
Closes-Bug: #1782008
2019-02-08 07:32:20 -08:00
Alex Kavanagh 834cde35ec Migrate to python3 only charm
Change-Id: Ia4bcf570d40083625358fdd4fea14202ff3d89af
2019-01-30 12:36:21 +00:00
James Page a070870967 upgrade-charm: filter previously installed packages
The upgrade-charm hook installs any new packages required for the
new charm version however this needs to be filtered against packages
that are already installed to ensure that any pending package
updates are not installed as a side effect of a charm upgrade.

Change-Id: Ie23b65fd97014134ba6f3d9004f18a4600cd2d5a
Closes-Bug: 1812982
2019-01-23 17:05:00 +00:00
Pete Vander Giessen 64c15641fe charmhelpers-sync
Pull in fix for call to ceph-authtool when updating keys.

Change-Id: I97eb26d6ecb3f39aef6b9a203b1feb2107323572
Closes-Bug: #1810917
2019-01-17 17:47:32 -05:00
Corey Bryant af837d60c6 Sync charm-helpers
Change-Id: Ib504ba2192f277b7c6b7d4547b69b20584c88e48
2019-01-11 14:35:52 +00:00
Zuul 8547fcdcfb Merge "fix typos in the docstring" 2019-01-09 09:35:07 +00:00
Corey Bryant f82d3892b4 Sync charm-helpers
Change-Id: Idda7ae9eae10241c89252107f882a16dde96fbfa
2019-01-08 15:16:11 +00:00
melissaml 0740ca046f fix typos in the docstring
Change-Id: I2c85ec0898ec757fa86c1795d2c6c161b62c6ad3
2018-12-22 03:52:04 +08:00
Liam Young 7873b20126 Use chelper generate_ha_relation_data for ha rel
Use the generate_ha_relation_data helper from charmhelpers to
generate the data to send down the relation to the hacluster
charm.

This results in a few changes in behaviour:

1) The charm will no longer specify a nic name to bind the vip. This
   is because Pacemaker VIP resources are able to automatically
   detect and configure correct iface and netmask parameters based
   on local configuration of the unit.
2) The original iface named VIP resource will be stopped and deleted
   prior to the creation of the new short hash named VIP resource.

Change-Id: I50bddc990cb0182c8ba3a3d473fba2d60186322a
2018-12-03 13:04:34 +00:00
Syed Mohammad Adnan Karim e6a150c0d2 Update hook to remove old ceph.conf alternatives
When adding ceph-mon relation to cinder, the charm installs ceph.conf
with the update-alternatives via cinder_utils.resource_map().
However when the relation is removed, the alternative isn't cleaned up.
This can cause issues if installing a cinder-ceph subordinate charm.
The cinder-ceph charm also installs a ceph.conf alternative that will
point to the leftover ceph.conf installed by the ceph-mon charm.

Added remove_alternative() in ceph-relation-broken hook to ensure
that leftover ceph.conf alternatives is removed upon relation removal.

Change-Id: If9a8d460ee8209ef917fa55ec970379e9c741ec6
Related-Bug: 1778084
2018-11-26 18:51:36 +00:00
Liam Young d3ca911e24 Purge old packages on upgrade-charm
On charm upgrade the charm may switch to py3 packages. If so, ensure
the old py2 packages are purged. If the purge occurs then restart
services.

Change-Id: I3e67d35324888522f6c138ebd74a2ea7f1a4ce05
Closes-Bug: 1803451
2018-11-15 11:33:32 +00:00
Ryan Beisner b1bfc915a6 Sync charm-helpers
Change-Id: Id12bd8d56b79e706ecb90fc817837ba723942d25
2018-11-10 09:19:16 -08:00
Zuul 82ac621a00 Merge "py3: Switch to using Python 3 for rocky or later" 2018-09-21 10:19:54 +00:00
Ryan Beisner bdda25cc91 Add cosmic
Add a tactical change which is already merged into charm-helpers.

This needs to go into all charms to solve the chicken:egg issue
where cosmic is untestable until this change exists.

Reference:

4835c6c167

Change-Id: Iff25c42c760ff39ab941444cf8cb0aab958ce365
2018-09-19 13:25:14 +02:00
James Page e31d5eb0a4 py3: Switch to using Python 3 for rocky or later
Switch package install to Python 3 for OpenStack Rocky or later.

When upgrading, remove any python-* packages that where explicitly
installated and then autoremove --purge any dependencies that are
no longer required.

This change also switches to using the cinder-manage binary in
preference to using the internal API of Cinder to query and manage
services in cinder, avoiding the need to continue to have python-cinder
installed for charm usage.

Change-Id: Ie8f7d2d7e1ef7b3065d6d9ed244e5fd05e2f613b
2018-09-18 12:24:27 +02:00
David Ames 2623277ace Series Upgrade
Implement the series-upgrade feature allowing to move between Ubuntu
series.

Change-Id: Iea24af291b3d9d5b7771f35c2374e8d7e9b655c3
2018-09-14 20:58:32 -07:00
Chris MacNaughton (icey) 79f9ff5c70 Revert "Add policy.json to allow owner to force delete volumes"
This reverts commit 4ddea990d0.

Change-Id: I77f9351da8516e5af40fea57400101e6dd16b528
2018-07-30 15:19:47 +00:00
Chris MacNaughton 4ddea990d0 Add policy.json to allow owner to force delete volumes
The default in cinder is to only allow the admin to
force delete a volume; this change allows the
admin_or_owner to force delete a volume.

Change-Id: I703a21b68186059a63f0d06d88cd2528e821f3d3
Closes-Bug: #1782008
2018-07-27 13:18:35 +02:00
Chris MacNaughton 14ca6cedc0 Sync charm-helpers to ensure Rocky support
Change-Id: Ib850fcd688c65febe331c7f8210893ed330ffd3f
2018-07-13 15:53:05 +02:00