This change add several configuration options to enable HTTP checks
to the HAProxy configuration, instead of the default TCP connection
checks (which continue to be the default). It also enables /healthcheck
endpoint for cinder-api on openstack releases >= ocata.
Closes-Bug: #1880610
Change-Id: I9d118f70fc1390be7b800ad20ae20e77818adac7
Implement support for the identity-credentials relation as an
alternative way to get keystone credentials when we are not registering
a service endpoint via the identity-service relation.
This solves an issue where the image volume cache does not work when the
cinder volume service is deployed as a second cinder application
('cinder-volume') having enabled-services=volume set.
Previously the following items were missing from cinder.conf:
cinder_internal_tenant_project_id
cinder_internal_tenant_user_id
Resulting in the image cache not functioning with the following warnings:
Unable to get internal tenant context: Missing required config
parameters.
Unable to get Cinder internal context, will not use image-volume cache.
As there are now two possible interfaces to keystone ('identity-service'
and 'identity-credentials') any existing bundles that don't specify the
interface 'identity-service' when relating to keystone will fail to
deploy and will need to be updated.
Closes-Bug: #1978452
Change-Id: Ieef500c9c55eb3968b3e2e231a8ff6e2a5ec148d
The command 'cinder-manage db online_data_migrations' has three possible
exit codes:
- 0: The migrations have been completed successfully.
- 1: Some migrations have been completed, but more objects need to be
migrated.
- 2: Some migrations are generating errors and manual intervention is
needed.
This change will run in a loop the command online_data_migrations in
batches of 5000 objects, when the exit code is 1 runs again, when the
exit code is 0 the loop is stopped, when the exit code is 2 a
CalledProcessError exception is raised.
Change-Id: Iee99e9ab9777392f05c1a0db55951d97773bb0ba
Due to bug #1908037, the database sync can fail if the volume types
have not been migrated to the __DEFAULT__ volume type. When this fails,
a message will be sent telling the user to run online_data_migrations.
Check for this error, and when it occurs, run the online_data_migrations
and then retry the db sync.
Closes-Bug: #1908037
Change-Id: I0cd9a9db256b0adffbb244222a66c85d055840c4
The linked bug shows the install of the charm with openstack-origin set
to zed. This happens because configure_installation_source() causes the
openstack-release package to be installed *before* the zed cloud archive
sources are configured into /etc/apt and an apt update done. This means
that the openstack-release package says "yoga" despite the zed packages
actually being installed.
Then, on the config-changed hook, it sees that the installed version is
showing as yoga and tries to do an upgrade. This fails, as the charm
hasn't yet bootstrapped, and the charm tries to bootstrap after
upgrading the packages.
There's a few bugs here which are exposed, but the tactical fix is to
force the openstack-release to match the installed packages.
Closes-Bug: #1989538
Change-Id: Ifc35474c98b1ffa1d7d81ac42deb897ace7db885
If an HA cinder deployment is upgraded twice and the leadership has
changed, there is a potential race that can be triggered where because
the CINDER_DB_INIT_RKEY is different on the units that have been the
leader. This race is that when the unit tries to decide whether it has
reflected the 'new' RKEY it sees a different one from each unit. By
clearing the rkey, it ensures that only the relation changed event from
the leader actually causes a restart.
Change-Id: I712502a666f23421cc58925f10b7643e3482d861
Closes-Bug: #1928383
The CA information is necessary to talk to Keystone or Glance from the
Cinder volume service. This is a follow-up of the following change where
the Vault certificate relations is assumed but ssl_ca wasn't addressed
at that point.
I69f15c3fd164f7114f5498d100b2832caf93fb00
Closes-Bug: #1967302
Change-Id: I4d7b3721fe7dfd6f7cdfd364d8c5bc340d38c00f
Add new config option: `scheduler-default-filters`.
This is unset by default, so cinder retains the default value for
scheduler_default_filters.
Closes-Bug: #1956727
Change-Id: I9777bf8fe5ddbb69689db60c2790e8a4be57e1ab
os_brick may require InitiatorName in /etc/iscsi/initiatorname.iscsi
before iscsid is invoked via iscsid.socket with iscsiadm. Cloud images
including MAAS ones have "GenerateName=yes" instead of "InitiatorName="
on purpose not to clone the initiator name. Let's initialize it so
Cinder units can be fully ready to accept iSCSI based subordinate and
storage backend charms.
Closes-Bug: 1825809
Change-Id: I413bbb29dd609e0c86ac3691556f37a9fcc13439
This reverts commit 2603a774b1, which
converted cinder to use cluster configuration for stateless services.
While well-intentioned, this causes problems due to the lack of a
proper migration for those backends which are not able to support
ACTIVE-ACTIVE configuration.
Configurations that do not support ACTIVE_ACTIVE driver will have the
volume service fail to start, which will cause a service outage.
Change-Id: I7bf4baaf80e5bb58b5c1cf55a2065f3bc50dbced
Related-Bug: #1945239
Usage of "host" config for grouping cinder-volume
services for the purpose of stateless config and/or
active-active HA is not recommended.
The usage of "cluster" config is recommended for
achieving that behavior. This change replaces the
usage of "host" with "cluster".
Change-Id: I249ce179cfdaf2394ee4e8481a8c9644d667ea99
Closes-bug: #1945239
For principal - subordinate plugin type relations where the
principal Python payload imports code from packages managed by a
subordinate, upgrades can be problematic.
This change will allow a subordinate charm that have opted into the
feature to inform its principal about all implemented release -
packages combinations ahead of time. With this information in place
the principal can do the upgrade in one operation without risk of
charm relation RPC type processing at a critical moment.
Related-Bug: #1806111
Change-Id: Ic8ea4fe6109081814045adea7ce6688b3564c9e5
Co-authored-by: Aurelien Lourot <aurelien.lourot@canonical.com>
Support new configuration to turn on image volume cache in Cinder
service. User can control the maximum size and count from
configuration too.
Closes-Bug: #1869903
Change-Id: If96dbb9c0974bfa1f6d67405bb430a7cd251f821
* charm-helpers sync for classic charms
* charms.ceph sync for ceph charms
* rebuild for reactive charms
* sync tox.ini files as needed
* sync requirements.txt files to sync to standard
Change-Id: I6027b4bb12dce36a7b10df2e14cafd5dc6ee963b
It's useful when multiple storage backends to be connected to Cinder.
The corresponding volume type must be created after a deployment via API
to take effect, e.g., `openstack volume type create VOLUME_TYPE
--property volume_backend_name=BACKEND_NAME`
Please note that there is a regression in upstream as LP: #1879578, so
it doesn't work for Train or later releases until the issue gets fixed.
The other way to have the similar effect is to edit the definition of
__DEFAULT__ volume type via API (available for Train or later releases).
Howevers it's not as flexible as the option in cinder.conf since it
doesn't allow any modification unless all of the volumes with the
__DEFAULT__ type get deleted.
Change-Id: I031a6bf2a066bb9d3157e545bb9df782a76551f3
Closes-Bug: #1884548
COMMON_PACKAGES included haproxy and apache2. However, enabled-services
can request a unit to only run cinder-volume. Cinder API related
services should not run or get monitored.
func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/337
Change-Id: I69f15c3fd164f7114f5498d100b2832caf93fb00
Closes-Bug: #1779310
Due to the additional of the cinder storage, it's possible that the
log_lvm_info() commands gets called really early before lvm has been
configured. This wraps the call to pvscan and logs if it doesn't
complete -- the command is just to log the state of lvm at that point.
Also, defensively wrap the reduce_lvm_volume_group_missing() calls for
the same reason.
Closes-Bug: #1878227
Change-Id: I217f62d3f620992d1b18475ca5c3031da9428828
This feature adds juju storage support to the charm. This is largely to
deal with the related bugs, but also makes the charm more useful.
Release-Note: https://review.opendev.org/#/c/718410/
Related-Bug: #1801349
Change-Id: I056967f4e83f4c99a4aac1090056dd4f320c03f5
If the database is in maintenace mode do not attempt to access
it.
Depends-On: I5d8ed7d3935db5568c50f8d585e37a4d0cc6914f
Change-Id: I131079ea390d11c1208f75b8b97ab4cff7fb47ff
Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.
Change-Id: Iaa80573dc2661089093c4c87ab100bf941f8b3b8
Closes-bug: #1845665
When resuming services exclude those managed by hacluster, in
this case haproxy. If pacemaker lacks quorum it may shut haproxy
down which will cause this charm to error.
Charmhelper sync included to bring in required
get_managed_services_and_ports method.
Change-Id: I00fa695edb7651098d9c7afdd4df823d66a01aef
Openstack services don't use the default ports (80 and 443), so
change Apache to not open them.
Change-Id: I896334b232589baacb48da2285829f9e9f0963f9
Closes-bug: #1845665
This patchset implements policy overrides for cinder. It uses the
code in charmhelpers.
It also fixes several bugs in the bundles where the actual version of
cinder that was being installed was the distro default rather than the
one that the bundle described.
Change-Id: Ic979dcb96ddb931fadb1fa4a4b36108244ddf306
Closed-Bug: #1741723
Re-execute the identity-joined relation to ensure that cinder v3
API endpoints are registered for OpenStack Pike or later.
Change-Id: Ia259696b787188218003f63ab510eb143c0ea563
Closes-Bug: 1809634
Cinder volumes which are provisioned via nfs are initially mounted
on the cinder node. For this to work the nfs-common package is
needed.
Change-Id: Iac11c262c6e5408303b3afda8633b0252055cfec
Closes-Bug: #1816820
The pre-install operations may fail, yet that failure is not
elevated to the user. This masks the failure and makes early
package install issues difficult to troubleshoot.
If the basic pre-install script fails, the charm should not
proceed to later hooks as the requirements may not be met.
Hashbangs for bash should specify -e (errexit) on all of the
pre-install bash scripts.
Change-Id: I3e421d586df341113bbcd1888f280a2ea24c52b9
Closes-bug: #1815243
Partial-bug: #1815231
The default in cinder is to only allow the admin to
force delete a volume; this change allows the
admin_or_owner to force delete a volume.
This was previously authored by Chris MacNaughton in change
I703a21b68186059a63f0d06d88cd2528e821f3d3
And then reverted in change
I77f9351da8516e5af40fea57400101e6dd16b528
This change includes gating on the OpenStack version.
Change-Id: I35599bae8a94724869a36c555ebfc6bf94384bd4
Co-Authored-By: Chris MacNaughton <chris.macnaughton@canonical.com>
Closes-Bug: #1782008
The upgrade-charm hook installs any new packages required for the
new charm version however this needs to be filtered against packages
that are already installed to ensure that any pending package
updates are not installed as a side effect of a charm upgrade.
Change-Id: Ie23b65fd97014134ba6f3d9004f18a4600cd2d5a
Closes-Bug: 1812982
Use the generate_ha_relation_data helper from charmhelpers to
generate the data to send down the relation to the hacluster
charm.
This results in a few changes in behaviour:
1) The charm will no longer specify a nic name to bind the vip. This
is because Pacemaker VIP resources are able to automatically
detect and configure correct iface and netmask parameters based
on local configuration of the unit.
2) The original iface named VIP resource will be stopped and deleted
prior to the creation of the new short hash named VIP resource.
Change-Id: I50bddc990cb0182c8ba3a3d473fba2d60186322a
When adding ceph-mon relation to cinder, the charm installs ceph.conf
with the update-alternatives via cinder_utils.resource_map().
However when the relation is removed, the alternative isn't cleaned up.
This can cause issues if installing a cinder-ceph subordinate charm.
The cinder-ceph charm also installs a ceph.conf alternative that will
point to the leftover ceph.conf installed by the ceph-mon charm.
Added remove_alternative() in ceph-relation-broken hook to ensure
that leftover ceph.conf alternatives is removed upon relation removal.
Change-Id: If9a8d460ee8209ef917fa55ec970379e9c741ec6
Related-Bug: 1778084
On charm upgrade the charm may switch to py3 packages. If so, ensure
the old py2 packages are purged. If the purge occurs then restart
services.
Change-Id: I3e67d35324888522f6c138ebd74a2ea7f1a4ce05
Closes-Bug: 1803451
Add a tactical change which is already merged into charm-helpers.
This needs to go into all charms to solve the chicken:egg issue
where cosmic is untestable until this change exists.
Reference:
4835c6c167
Change-Id: Iff25c42c760ff39ab941444cf8cb0aab958ce365
Switch package install to Python 3 for OpenStack Rocky or later.
When upgrading, remove any python-* packages that where explicitly
installated and then autoremove --purge any dependencies that are
no longer required.
This change also switches to using the cinder-manage binary in
preference to using the internal API of Cinder to query and manage
services in cinder, avoiding the need to continue to have python-cinder
installed for charm usage.
Change-Id: Ie8f7d2d7e1ef7b3065d6d9ed244e5fd05e2f613b
The default in cinder is to only allow the admin to
force delete a volume; this change allows the
admin_or_owner to force delete a volume.
Change-Id: I703a21b68186059a63f0d06d88cd2528e821f3d3
Closes-Bug: #1782008