Patch out charmhelpers.osplatform.get_platform() and
charmhelpers.core.host.lsb_release() globally in the unit tests to
insulate the unit tests from the platform that the unit tests are being
run on.
Change-Id: I2cc91999ccad52c8e42797a3d5ffbf65f9cb36d2
The networking-hyperv project is no longer maintained and
has been removed from Ubuntu in Mantic.
Closes-Bug: #2036953
Change-Id: Ib8e861377c9f691f31de0f707823dbf8ac0fde52
This change add several configuration options to enable HTTP checks
to the HAProxy configuration, instead of the default TCP connection
checks (which continue to be the default). It also enables /healthcheck
endpoint for neutron-api.
Closes-Bug: #1880610
Change-Id: Ia820d8c2ca709d6b358b1c80d770624568d9a85b
The mock third party library was needed for mock support in py2
runtimes. Since we now only support py36 and later, we can use the
standard lib unittest.mock module instead.
Note that https://github.com/openstack/charms.openstack is used during tests
and he need `mock`, unfortunatelly it doesn't declare `mock` in its
requirements so it retrieve mock from other charm project (cross dependency).
So we depend on charms.openstack first and when
Ib1ed5b598a52375e29e247db9ab4786df5b6d142 will be merged then CI
will pass without errors.
Depends-On: Ib1ed5b598a52375e29e247db9ab4786df5b6d142
Change-Id: I25d6d26f2a4169ddc30d8eeac193d768aa345058
Use the configure_installation_source method from
ch.contrib.openstack.utils instead of add_source since it understands
the various openstack-origin permutations.
Change-Id: I3c0d8392c4b0c68687a36c9455fc7991fda215f1
Closes-Bug: 1928727
The change [1] syncs the charmhelpers that has additional
context data to IdentityServiceContext - internal_host,
internal_port, internal_protocol.
This patch adds the internal_host, internal_port,
internal_protocol to neutron-plugin-api relation data.
Without this patch, any relations over neutron-plugin-api
will be incomplete if the charm holding the other end of
the relation has charmhelpers synced.
[1] https://review.opendev.org/c/openstack/charm-neutron-api/+/806676
Change-Id: Ic4abbd0a408949c0c752a1701db161e1cd5c4ff7
Add enable-fwaas to neutron-plugin-api relation data so
that neutron-openvswitch updates neutron-l3-agent
configuration accordingly.
Synced charmhelpers to get related changes
https://github.com/juju/charm-helpers/pull/635
Partial-Bug: #1934129
Change-Id: I5019c5ed3b8ab556d4900f1fe46dee69f5f09ee7
Commit 00e7c8b added support for disabling fwaas but
forgot to remove the firewall plugin from service_plugins
once the fwaas package has been removed. This patch fixes
that.
Change-Id: I75fdd192144138fa5bf09c278d5507ca8c5366d1
Closes-Bug: #1934129
Also adds config option enable-fwaas which defaults to
True to allow disabling fwaas for releases earlier than
Victoria.
Change-Id: Ic9251c5290f777f544a150a92702566474b264b8
Closes-Bug: 1934129
Includes updates to charmhelpers/charms.openstack for cert_utils
and unit-get for the install hook error on Juju 2.9
* charm-helpers sync for classic charms
* rebuild for reactive charms
* ensure tox.ini is from release-tools
* ensure requirements.txt files are from release-tools
* On reactive charms:
- ensure master branch for charms.openstack
- ensure master branch for charm-helpers
* Remove mock for unit_get as it's no longer in c-h context module
* Remove sections from subordinate context due to c-h change.
Change-Id: Idd0e4963823ec2ed915795fb04913f11ba305a2e
This change only replaced the deprecated function to add a new source
in the `do_openstack_upgrade` function. The original idea of this patch
was to fix an issue that was fixed in another patch.
Copy the new version of the requirements.txt and test-requirements.txt
files to avoid pip 20.3.
Change-Id: I523e2db35cfb0f7533831e5b5fbb802b628b0431
Neutron uses an AZ-unaware scheduler (LeastRoutersScheduler) by default
in its configuration and the neutron-api charm does not override it.
AZLeastRoutersScheduler inherits from LeastRoutersScheduler and does the
same, plus respects AZ hints when scheduling HA routers.
For --distributed --ha routers using AZLeastRoutersScheduler means that
snat namespaces will be scheduled with respect to the AZ hints specified
during router creation by an operator.
For --ha but not distributed routers using AZLeastRoutersScheduler means
that qrouter namespaces will be scheduled with respect to the AZ hints.
snat namespaces (--ha & --distributed) and qrouter namespaces (--ha
only) are placed by the scheduler to l3 agents that run in the dvr_snat
mode only so the scheduler change will affect both the deployments with
neutron-gateway units and the ones with neutron-openvswitch running with
use-dvr-snat=True.
Change-Id: I98cd67ff0cf5418a9699acc7aff96c3edb9b2341
Closes-Bug: #1886195
* charm-helpers sync for classic charms
* charms.ceph sync for ceph charms
* rebuild for reactive charms
* sync tox.ini files as needed
* sync requirements.txt files to sync to standard
Change-Id: I7c3e0a7e77e16b9bf318ca22c39f8220c5144ac7
Ensures that leader does not respond to db init
notifications to avoid infitinite looping after
leader switches to a different unit.
Also ensures that leader only restarts its neutron-server
once on db init.
Closes-Bug: #1893008
Change-Id: I59b9d5e0caab62b72380879bf16cb0fd8703bb32
This option is available on both OVS and OVN to
allow virtual switch to snoop into multicast IGMP
messages and learn which ports should be flooded.
This change adds igmp snooping option on neutron.conf.
Change-Id: I3a0e757e5afe6a77cc507ee01298961c16d41cb2
The new default will take effect on newly deployed units when
openstack-origin is set to 'ussuri' or newer.
Any existing units or newly deployed units with openstack-origin
set to prior versions will retain the existing default.
Change-Id: Ia38dd7882105c3adad1afbf754ba2ed047dd05e2
If the database is in maintenace mode do not attempt to access
it.
Change-Id: I42cc19aedff2bc060343f4431c1b4834f9389f03
Depends-On: I5d8ed7d3935db5568c50f8d585e37a4d0cc6914f
When resuming services exclude those managed by hacluster, in
this case haproxy. If pacemaker lacks quorum it may shut haproxy
down which will cause this charm to error.
Charmhelper sync included to bring in required
get_managed_services_and_ports method.
Change-Id: Ie6f117f47a8189c8e30224f7200d8976cdec9605
Currently, Apache ports.conf file is not being configured by this
charm. This patch changes the ports.conf default file with another one
that does not open port 80 on SSL environments.
Change-Id: I0d935de2eada861b986e2f17ead6a5674afd2969
Closes-bug: #1845665
There are transient situations where the config option openstack-origin will
hold the target OpenStack version, so it's not safe to be used to determine
what packages should be installed in the unit, an accurate method is to use
the version of the neutron-common package.
Change-Id: I88693be390f66ba94626e52b949b5573532ea5d7
Closes-Bug: #1854538
This patch removes completely any lbaas related service or
configuration for OS Train deployements.
Change-Id: Ib48adee32d649e5254265924175c3bf2d3437c0b
Closes-Bug: #1853868
Signed-off-by: Stamatis Katsaounis <skatsaounis@admin.grnet.gr>
This patch applies validation on values ipv4-ptr-zone-prefix-size and
ipv6-ptr-zone-prefix-size to prevent users from choosing values not
supported by Neutron's Designate driver.
Change-Id: I6f2d5c9d1a3f16242263f11b1f999ab7ec3a4266
Signed-off-by: Stamatis Katsaounis <katsaouniss@gmail.com>
Drop install of python3-neutron-lbaas as this package has been
dropped from the UCA at Train.
Add test bundle for train; make smoke to validate changes.
Change-Id: I355a136a0ced7367d69ee9fb8c3b493ddae5e087
* Adds an option to enable port forwarding service plugin;
* Exposes whether port forwarding is enabled or not to neutron-gateway
and neutron-openvswitch charms via the respective relation.
See LP: #1842353
Change-Id: Ic3a8e302942ed331bc3d80223e123c13d61db3b2
Closes-Bug: #1842353
This patchset implements policy overrides for neutron-gateway.
This change includes a charm-helpers sync to bring in the policyd helper
code.
Change-Id: I89f1f4b5d58843017e428a8d2cfada840dde14de
Closes-Bug: #1741723
Following the style of the SR-IOV enablement, add a new config
option to this charm to enable hardware offload support.
This is mainly used to signal to the nova-cloud-controller charm
to enable the PCI Passthrough Filter which is used in this type
of deployment.
Change-Id: I1f59012ad2d16af18ca310906f6c6b537bb7ec72
When a plugin does not override the ``core_plugin`` and
``neutron_plugin_config`` and leaves them to the ML2 default the
charm will now register the ``ml2_conf.ini`` config with both
the default Neutron and subordinate plugin contexts.
Any exposed context variables not provided by the plugin will no
longer be returned as empty values on the context, allowing for
passing of the Neutron API charm deduced and configured context
values.
The ``neutron.conf`` and ``ml2_conf.ini`` templates have been
updated to allow adding of new sections.
Partial-Bug: #1845212
Change-Id: I90ca77ad16c1a0f59deb34c4faa7e7a89f22aea9
We can't add constraints to admin role without consider
regressions. It happens that two tempest scenarios are now failling:
tempest.scenario.test_network_basic_ops.TestNetworkBasicOps.test_network_basic_ops
tempest.scenario.test_server_multinode.TestServerMultinode.test_schedule_to_all_nodes
If admin wants to give role (even Admin role) to an user for a tenant,
the right way is to use keystone trust API.
Change-Id: I161ea7d1aec5e5784455b5bce4605b2f9143daa2
Related-Bug: #1830536
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
When determining if a user is an admin the default neutron policy
file only checks if a user has the 'admin' role. It does not check
what that role is applied to.
The problem is illustrated by the following scenario: A cloud
admin creates a new domain, then creates a new project within that
domain. The cloud admin wants to delegate the maintenance of the
new project to userA so she grants them admin on the new project.
UserA is now a cloud admin from Neutrons pov.
To fix this issue a policy override file is added which checks that
the user is admin either against the admin project (as defined by
keystone) or the service project.
Change-Id: If4c5b0c1ab7bf2c75e911e77531d442d417a1231
Closes-Bug: 1830536
Charms related to neutron-api on the neutron-plugin-api relation
can use the global-physnet-mtu and physical-network-mtus
to set mtus on the devices they manage.
Change-Id: I18aabe17549d99383d9c13c24879d794719feca7
This change adds infoblox-api relation which allows neutron-server
to publish events to a remote infoblox server. Additionally this
change enables IPAM for the neutron service, which forces neutron
to authorize any network changes against the target Infoblox
server.
This change adds the proper hooks, context, and templates to add
infobox configuration to /etc/neutron/neutron.conf, passed by the
infoblox subordinate charm.
Closes-Bug: 1776689
Change-Id: Ib11377bd61c2b3fed5104ba0a423073a15cc18a2
Enable support for configuration of FWaaS v2 firewall group
logging. The feature can be enabled or disabled via the
enable-firewall-group-logging flag.
This feature is currently only enabled for FWaaS v2 at Stein
for the charms (but is supported back to Queens in Neutron).
Change-Id: I4c440e233ee16d4e756c575d8db70918ff062f3e
Partial-Bug: 1831972
If the certificates change then services needs to
be restarted. This change adds the SSL directory to the restart map
to ensure any certificate changes trigger a restart.
Change-Id: I891b3104c08c6b9cde06ce30d4279a239ae329b1
Closes-Bug: 1828530
Ensure that the firewall v1->v2 migrate tool is executed post
upgrade to stein or later.
Fix minor issue with switch of default mysql dialect to mysqldb
at Stein by writing all new configuration files prior to
executing the database upgrade.
Change-Id: Ifb0b33038a4df7a2a6f5c1a55caaeea01a92fc20
Closes-Bug: 1821192
FWaaS v1 has been removed as of the latest Stein snapshots. Switch
to configuration of v2 service provider.
This commit also switches >= rocky to use the lbaasv2 entry point
rather than the fully qualified class name for the lbaas service
provider.
Change-Id: Id0fd808a33dff25d48610bcf97d12c512a21fc40
The dns_domain_ports extension driver was introduced in Queens
to allow setting a dns_domain on ports and having that
override the network dns_domain value. The new extension driver
inherits from the old dns extension driver so it is safe to
simply replace it.
Change-Id: I26db4433359cf8c9d23158d553c4805fd0526a1a
Closes-Bug: #1815138
AZAwareWeightScheduler is based on WeightScheduler and provides a way to make
DHCP agent scheduling be AZ-aware. This is used in conjunction with
dhcp-agents-per-network config option and per-network agents (such as dnsmasq)
will be distributed across neutron-dhcp-agents that have availability_zone
configuration (based on dhcp-load-type for placement calculation).
bp: https://blueprints.launchpad.net/neutron/+spec/add-availability-zone
Upgrade impact is mentioned here:
specs.openstack.org/openstack/neutron-specs/specs/mitaka/availability-zone.html
The spec mentions that by default all agents belong to 'nova' AZ so
the scheduler change should be backwards-compatible.
Change-Id: I4d948efa157573fdbc0fbfd3b1efb21b69a713ef
Closes-Bug: #1796068