Commit Graph

282 Commits

Author SHA1 Message Date
Alex Kavanagh 94cedb6840 Improve platform mocking
Patch out charmhelpers.osplatform.get_platform() and
charmhelpers.core.host.lsb_release() globally in the unit tests to
insulate the unit tests from the platform that the unit tests are being
run on.

Change-Id: I2cc91999ccad52c8e42797a3d5ffbf65f9cb36d2
2023-10-24 18:09:00 +01:00
Corey Bryant a6c5567354 Drop hyperv mechanism driver and package
The networking-hyperv project is no longer maintained and
has been removed from Ubuntu in Mantic.

Closes-Bug: #2036953

Change-Id: Ib8e861377c9f691f31de0f707823dbf8ac0fde52
2023-10-05 11:51:17 -04:00
Zuul 4dd4294a0f Merge "Add support for HAProxy L7 checks" 2023-03-29 08:03:06 +00:00
Gabriel Cocenza 7330c5badf Add support for HAProxy L7 checks
This change add several configuration options to enable HTTP checks
to the HAProxy configuration, instead of the default TCP connection
checks (which continue to be the default). It also enables /healthcheck
endpoint for neutron-api.

Closes-Bug: #1880610

Change-Id: Ia820d8c2ca709d6b358b1c80d770624568d9a85b
2023-03-27 18:29:06 -03:00
Corey Bryant 7bf6281b92 Add Antelope support
* sync charm-helpers to classic charms
* change openstack-origin/source default to antelope
* align testing with antelope
* add new antelope bundles
* add antelope bundles to tests.yaml
* add antelope tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases

Change-Id: Id40cf30dcbd7467c3dc39ae0d7fbcc3a7a2899bb
2023-03-07 22:17:35 +00:00
Nobuto Murata c411b90d2d Option to enable network-segment-range support
To let operators add an additional and optional service plugin into the
deployment configuration as "network_segment_range".
https://docs.openstack.org/neutron/latest/admin/config-network-segment-ranges.html

Closes-Bug: #1965229
Change-Id: Id0ac7c397874ad2c51935e8c0eab64f1ef4f6fd3
2022-03-17 18:38:01 +09:00
Hervé Beraud 48cdd1a86c Use unittest.mock instead of mock
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.

Note that https://github.com/openstack/charms.openstack is used during tests
and he need `mock`, unfortunatelly it doesn't declare `mock` in its
requirements so it retrieve mock from other charm project (cross dependency).
So we depend on charms.openstack first and when
Ib1ed5b598a52375e29e247db9ab4786df5b6d142 will be merged then CI
will pass without errors.

Depends-On: Ib1ed5b598a52375e29e247db9ab4786df5b6d142
Change-Id: I25d6d26f2a4169ddc30d8eeac193d768aa345058
2021-12-15 14:05:35 +00:00
Billy Olsen 1561529e12 Use configure_installation_source instead of add_source
Use the configure_installation_source method from
ch.contrib.openstack.utils instead of add_source since it understands
the various openstack-origin permutations.

Change-Id: I3c0d8392c4b0c68687a36c9455fc7991fda215f1
Closes-Bug: 1928727
2021-12-14 13:35:05 +00:00
Aurelien Lourot e18b89a3f0 Fix removing fwaas when upgrading from Ussuri to Victoria
Without this fix, upgrading from Ussuri to Victoria won't
fully remove fwaas everywhere, leading to broken floating
IPs.

Fixes https://github.com/openstack-charmers/charmed-openstack-tester/issues/57

Change-Id: I959e8f8cafc6d4040895762c21f8ad8b6f190a3b
2021-11-29 11:21:30 +01:00
Hemanth Nakkina c7d8ee4c86 add internal endpoints to neutron-plugin-api relation data
The change [1] syncs the charmhelpers that has additional
context data to IdentityServiceContext - internal_host,
internal_port, internal_protocol.

This patch adds the internal_host, internal_port,
internal_protocol to neutron-plugin-api relation data.
Without this patch, any relations over neutron-plugin-api
will be incomplete if the charm holding the other end of
the relation has charmhelpers synced.

[1] https://review.opendev.org/c/openstack/charm-neutron-api/+/806676

Change-Id: Ic4abbd0a408949c0c752a1701db161e1cd5c4ff7
2021-09-08 11:32:22 +05:30
Hemanth Nakkina 69af89a615 Add enable-fwaas to relation data
Add enable-fwaas to neutron-plugin-api relation data so
that neutron-openvswitch updates neutron-l3-agent
configuration accordingly.

Synced charmhelpers to get related changes
https://github.com/juju/charm-helpers/pull/635

Partial-Bug: #1934129
Change-Id: I5019c5ed3b8ab556d4900f1fe46dee69f5f09ee7
2021-09-07 06:51:52 +05:30
Edward Hope-Morley 2e0896c737 Fixes disabling fwaas
Commit 00e7c8b added support for disabling fwaas but
forgot to remove the firewall plugin from service_plugins
once the fwaas package has been removed. This patch fixes
that.

Change-Id: I75fdd192144138fa5bf09c278d5507ca8c5366d1
Closes-Bug: #1934129
2021-07-28 13:20:08 +02:00
Edward Hope-Morley 00e7c8b6ad Remove neutron-fwaas for >= V
Also adds config option enable-fwaas which defaults to
True to allow disabling fwaas for releases earlier than
Victoria.

Change-Id: Ic9251c5290f777f544a150a92702566474b264b8
Closes-Bug: 1934129
2021-07-07 10:12:20 +01:00
Alex Kavanagh 1bd71a1bed Updates for testing period for 20.01 release
Includes updates to charmhelpers/charms.openstack for cert_utils
and unit-get for the install hook error on Juju 2.9

* charm-helpers sync for classic charms
* rebuild for reactive charms
* ensure tox.ini is from release-tools
* ensure requirements.txt files are from release-tools
* On reactive charms:
  - ensure master branch for charms.openstack
  - ensure master branch for charm-helpers
* Remove mock for unit_get as it's no longer in c-h context module
* Remove sections from subordinate context due to c-h change.

Change-Id: Idd0e4963823ec2ed915795fb04913f11ba305a2e
2021-01-18 20:27:23 +00:00
Zuul 2ac53e951b Merge "Use AZLeastRoutersScheduler by default" 2021-01-05 18:51:11 +00:00
Robert Gildein ed1bbfd769 Replaced deprecated function to add a new source
This change only replaced the deprecated function to add a new source
in the `do_openstack_upgrade` function. The original idea of this patch
was to fix an issue that was fixed in another patch.

Copy the new version of the requirements.txt and test-requirements.txt
files to avoid pip 20.3.

Change-Id: I523e2db35cfb0f7533831e5b5fbb802b628b0431
2020-12-16 10:02:11 +01:00
Dmitrii Shcherbakov a155e9cf11 Use AZLeastRoutersScheduler by default
Neutron uses an AZ-unaware scheduler (LeastRoutersScheduler) by default
in its configuration and the neutron-api charm does not override it.

AZLeastRoutersScheduler inherits from LeastRoutersScheduler and does the
same, plus respects AZ hints when scheduling HA routers.

For --distributed --ha routers using AZLeastRoutersScheduler means that
snat namespaces will be scheduled with respect to the AZ hints specified
during router creation by an operator.

For --ha but not distributed routers using AZLeastRoutersScheduler means
that qrouter namespaces will be scheduled with respect to the AZ hints.

snat namespaces (--ha & --distributed) and qrouter namespaces (--ha
only) are placed by the scheduler to l3 agents that run in the dvr_snat
mode only so the scheduler change will affect both the deployments with
neutron-gateway units and the ones with neutron-openvswitch running with
use-dvr-snat=True.

Change-Id: I98cd67ff0cf5418a9699acc7aff96c3edb9b2341
Closes-Bug: #1886195
2020-11-09 20:17:17 +03:00
Alex Kavanagh 8f45645505 Sync libraries & common files prior to freeze
* charm-helpers sync for classic charms
* charms.ceph sync for ceph charms
* rebuild for reactive charms
* sync tox.ini files as needed
* sync requirements.txt files to sync to standard

Change-Id: I7c3e0a7e77e16b9bf318ca22c39f8220c5144ac7
2020-09-28 09:52:17 +01:00
Edward Hope-Morley 104626a19f Fix db init notifications
Ensures that leader does not respond to db init
notifications to avoid infitinite looping after
leader switches to a different unit.

Also ensures that leader only restarts its neutron-server
once on db init.

Closes-Bug: #1893008

Change-Id: I59b9d5e0caab62b72380879bf16cb0fd8703bb32
2020-08-26 13:49:52 +01:00
Pedro Guimaraes f401914ee3 Add igmp_snooping_enable config
This option is available on both OVS and OVN to
allow virtual switch to snoop into multicast IGMP
messages and learn which ports should be flooded.

This change adds igmp snooping option on neutron.conf.

Change-Id: I3a0e757e5afe6a77cc507ee01298961c16d41cb2
2020-07-03 16:44:05 +02:00
Zuul dd4505efd6 Merge "Enable hardware offload support" 2020-03-20 10:09:06 +00:00
Frode Nordahl 4ac5e3f71c Conditionally make neutron-plugin relations required
When charm is not managing the plugin the neutron-plugin-* relations
should be required.

Change-Id: I8c061f272e68b05b6d415e0686564bd7f617aa12
2020-02-24 16:44:54 +01:00
Frode Nordahl 38117ba022 Conditional default of ``manage-neutron-plugin-legacy-mode``
The new default will take effect on newly deployed units when
openstack-origin is set to 'ussuri' or newer.

Any existing units or newly deployed units with openstack-origin
set to prior versions will retain the existing default.

Change-Id: Ia38dd7882105c3adad1afbf754ba2ed047dd05e2
2020-02-24 16:44:54 +01:00
Zuul ece024b467 Merge "Disable Apache port 80" 2020-01-31 15:48:35 +00:00
Liam Young 6fafb5abc5 Do not access DB when it is in maintenance mode.
If the database is in maintenace mode do not attempt to access
it.

Change-Id: I42cc19aedff2bc060343f4431c1b4834f9389f03
Depends-On: I5d8ed7d3935db5568c50f8d585e37a4d0cc6914f
2020-01-30 12:37:43 +00:00
Liam Young 1b978ffd78 When resuming, exclude haproxy
When resuming services exclude those managed by hacluster, in
this case haproxy. If pacemaker lacks quorum it may shut haproxy
down which will cause this charm to error.

Charmhelper sync included to bring in required
get_managed_services_and_ports method.

Change-Id: Ie6f117f47a8189c8e30224f7200d8976cdec9605
2020-01-29 18:51:51 +00:00
tpsilva b972488ad2 Disable Apache port 80
Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.

Change-Id: I0d935de2eada861b986e2f17ead6a5674afd2969
Closes-bug: #1845665
2020-01-27 17:32:50 +00:00
Felipe Reyes 518ae9a01b Use the version of neutron-common to determine the OpenStack version
There are transient situations where the config option openstack-origin will
hold the target OpenStack version, so it's not safe to be used to determine
what packages should be installed in the unit, an accurate method is to use
the version of the neutron-common package.

Change-Id: I88693be390f66ba94626e52b949b5573532ea5d7
Closes-Bug: #1854538
2019-12-04 15:35:45 -03:00
Stamatis Katsaounis b36ac4b4ed Remove lbaas in OpenStack Train deployments
This patch removes completely any lbaas related service or
configuration for OS Train deployements.

Change-Id: Ib48adee32d649e5254265924175c3bf2d3437c0b
Closes-Bug: #1853868
Signed-off-by: Stamatis Katsaounis <skatsaounis@admin.grnet.gr>
2019-11-26 13:58:13 +02:00
Stamatis Katsaounis 1967d7794d Apply validation on designate zone prefix values
This patch applies validation on values ipv4-ptr-zone-prefix-size and
ipv6-ptr-zone-prefix-size to prevent users from choosing values not
supported by Neutron's Designate driver.

Change-Id: I6f2d5c9d1a3f16242263f11b1f999ab7ec3a4266
Signed-off-by: Stamatis Katsaounis <katsaouniss@gmail.com>
2019-10-29 12:57:25 +01:00
James Page fc2a172b9b Misc updates for OpenStack Train
Drop install of python3-neutron-lbaas as this package has been
dropped from the UCA at Train.

Add test bundle for train; make smoke to validate changes.

Change-Id: I355a136a0ced7367d69ee9fb8c3b493ddae5e087
2019-10-16 13:51:00 +01:00
Zuul f67e22fa1b Merge "Add an option to enable port forwarding feature" 2019-10-08 20:29:40 +00:00
Dmitrii Shcherbakov 104f8d411e Add an option to enable port forwarding feature
* Adds an option to enable port forwarding service plugin;
* Exposes whether port forwarding is enabled or not to neutron-gateway
  and neutron-openvswitch charms via the respective relation.

See LP: #1842353

Change-Id: Ic3a8e302942ed331bc3d80223e123c13d61db3b2
Closes-Bug: #1842353
2019-10-08 20:10:33 +00:00
Alex Kavanagh 697ca00bcf Policyd override implementation
This patchset implements policy overrides for neutron-gateway.

This change includes a charm-helpers sync to bring in the policyd helper
code.

Change-Id: I89f1f4b5d58843017e428a8d2cfada840dde14de
Closes-Bug: #1741723
2019-10-07 20:35:36 +01:00
Frode Nordahl 925b2caca7 Support plugin-subordinate request for db_migration
Change-Id: Iaefcb81fff5ed8a9441c93ac4c8bac3fa12eef15
2019-09-30 17:29:42 +00:00
James Page c7d9e9ab42 Enable hardware offload support
Following the style of the SR-IOV enablement, add a new config
option to this charm to enable hardware offload support.

This is mainly used to signal to the nova-cloud-controller charm
to enable the PCI Passthrough Filter which is used in this type
of deployment.

Change-Id: I1f59012ad2d16af18ca310906f6c6b537bb7ec72
2019-09-30 10:15:01 +01:00
Frode Nordahl 831729dc98
Share values of interest from charm state with plugin
Remove separate relation-changed hook.

Change-Id: I9eb5f8a6039b74288a395a584f844507448cdc23
Closes-Bug: #1845212
2019-09-30 08:17:18 +02:00
Frode Nordahl 40b3977d16
Expose ML2 context and config to new style plugins
When a plugin does not override the ``core_plugin`` and
``neutron_plugin_config`` and leaves them to the ML2 default the
charm will now register the ``ml2_conf.ini`` config with both
the default Neutron and subordinate plugin contexts.

Any exposed context variables not provided by the plugin will no
longer be returned as empty values on the context, allowing for
passing of the Neutron API charm deduced and configured context
values.

The ``neutron.conf`` and ``ml2_conf.ini`` templates have been
updated to allow adding of new sections.

Partial-Bug: #1845212
Change-Id: I90ca77ad16c1a0f59deb34c4faa7e7a89f22aea9
2019-09-30 08:17:12 +02:00
Sahid Orentino Ferdjaoui 2ad425b1cd revert "Ensure that only cloud admins are neutron admins"
We can't add constraints to admin role without consider
regressions. It happens that two tempest scenarios are now failling:

 tempest.scenario.test_network_basic_ops.TestNetworkBasicOps.test_network_basic_ops
 tempest.scenario.test_server_multinode.TestServerMultinode.test_schedule_to_all_nodes

If admin wants to give role (even Admin role) to an user for a tenant,
the right way is to use keystone trust API.

Change-Id: I161ea7d1aec5e5784455b5bce4605b2f9143daa2
Related-Bug: #1830536
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
2019-09-18 13:39:43 +00:00
Liam Young e03501dee1 Ensure that only cloud admins are neutron admins
When determining if a user is an admin the default neutron policy
file only checks if a user has the 'admin'  role. It does not check
what that role is applied to.

The problem is illustrated by the following scenario: A cloud
admin creates a new domain, then creates a new project within that
domain. The cloud admin wants to delegate the maintenance of the
new project to userA so she grants them admin on the new project.
UserA is now a cloud admin from Neutrons pov.

To fix this issue a policy override file is added which checks that
the user is admin either against the admin project (as defined by
keystone) or the service project.

Change-Id: If4c5b0c1ab7bf2c75e911e77531d442d417a1231
Closes-Bug: 1830536
2019-07-19 13:00:59 +00:00
Liam Young 573997fa38 Pass global-physnet-mtu on neutron-plugin-api
Charms related to neutron-api on the neutron-plugin-api relation
can use the global-physnet-mtu and physical-network-mtus
to set mtus on the devices they manage.

Change-Id: I18aabe17549d99383d9c13c24879d794719feca7
2019-07-02 08:58:22 +00:00
Zuul 771484669e Merge "Add support for FWaaS v2 logging" 2019-06-25 15:56:07 +00:00
Michael Skalka 92a1062830 Add support for Infoblox IPAM configuration via subordinate charm.
This change adds infoblox-api relation which allows neutron-server
to publish events to a remote infoblox server. Additionally this
change enables IPAM for the neutron service, which forces neutron
to authorize any network changes against the target Infoblox
server.

This change adds the proper hooks, context, and templates to add
infobox configuration to /etc/neutron/neutron.conf, passed by the
infoblox subordinate charm.

Closes-Bug: 1776689

Change-Id: Ib11377bd61c2b3fed5104ba0a423073a15cc18a2
2019-06-20 12:03:28 -04:00
Liam Young 27b4fb1538 Add support for FWaaS v2 logging
Enable support for configuration of FWaaS v2 firewall group
logging. The feature can be enabled or disabled via the
enable-firewall-group-logging flag.

This feature is currently only enabled for FWaaS v2 at Stein
for the charms (but is supported back to Queens in Neutron).

Change-Id: I4c440e233ee16d4e756c575d8db70918ff062f3e
Partial-Bug: 1831972
2019-06-11 08:06:37 +00:00
Liam Young 1cdfc381ad Check Apache ssl dir when determining restart map
If the certificates change then services needs to
be restarted. This change adds the SSL directory to the restart map
to ensure any certificate changes trigger a restart.

Change-Id: I891b3104c08c6b9cde06ce30d4279a239ae329b1
Closes-Bug: 1828530
2019-05-10 15:09:31 +00:00
James Page 71542f7452 stein: migrate v1 firewalls -> v2
Ensure that the firewall v1->v2 migrate tool is executed post
upgrade to stein or later.

Fix minor issue with switch of default mysql dialect to mysqldb
at Stein by writing all new configuration files prior to
executing the database upgrade.

Change-Id: Ifb0b33038a4df7a2a6f5c1a55caaeea01a92fc20
Closes-Bug: 1821192
2019-03-25 09:04:23 +00:00
James Page 25ec688145 stein: switch to FWaaS v2
FWaaS v1 has been removed as of the latest Stein snapshots. Switch
to configuration of v2 service provider.

This commit also switches >= rocky to use the lbaasv2 entry point
rather than the fully qualified class name for the lbaas service
provider.

Change-Id: Id0fd808a33dff25d48610bcf97d12c512a21fc40
2019-03-20 06:13:51 +00:00
Zuul 088ae637c9 Merge "Use dns_domain_ports extension driver for >= queens" 2019-02-12 12:40:14 +00:00
Edward Hope-Morley 4c842b1346 Use dns_domain_ports extension driver for >= queens
The dns_domain_ports extension driver was introduced in Queens
to allow setting a dns_domain on ports and having that
override the network dns_domain value. The new extension driver
inherits from the old dns extension driver so it is safe to
simply replace it.

Change-Id: I26db4433359cf8c9d23158d553c4805fd0526a1a
Closes-Bug: #1815138
2019-02-08 09:07:55 +00:00
Dmitrii Shcherbakov 1e6430f9c6 Switch to AZAwareWeightScheduler as of Mitaka
AZAwareWeightScheduler is based on WeightScheduler and provides a way to make
DHCP agent scheduling be AZ-aware. This is used in conjunction with
dhcp-agents-per-network config option and per-network agents (such as dnsmasq)
will be distributed across neutron-dhcp-agents that have availability_zone
configuration (based on dhcp-load-type for placement calculation).

bp: https://blueprints.launchpad.net/neutron/+spec/add-availability-zone

Upgrade impact is mentioned here:
specs.openstack.org/openstack/neutron-specs/specs/mitaka/availability-zone.html

The spec mentions that by default all agents belong to 'nova' AZ so
the scheduler change should be backwards-compatible.

Change-Id: I4d948efa157573fdbc0fbfd3b1efb21b69a713ef
Closes-Bug: #1796068
2019-01-21 15:29:46 +02:00