Add OVN + neutron-dynamic-routing bundles

* OVN + NDR testing is possible as of Neutron 22.0.0 (2023.1 or
  Antelope), see [1][2].
* Vault is added to non-OVN bundles as the tests.yaml file is shared
  and uses a configure step for Vault

Important note: at the time of writing the OVN integration code in
Neutron does not have any use for `distributed` and `ha` router extra
attributes and whether distributed or centralized FIPs are used in OVN
is governed by the ovn/enable_distributed_floating_ip option which does
not operate at the per-router granularity and is global.

The docs have not been updated and still say [3] that OVN routers do not
expose `ha` or `distributed` attributes which are now there as of [1].

At the same time, the NDR implementation uses the `distributed`
attribute to determine whether to use the gateway port IP and treat FIPs
as centralized [4] and add a next-hop to the gateway port IP or not in
the advertised /32 routes. For routers with `distributed == True`,
NDR only attempts [5] to find ports with device owner
`'floatingip_agent_gateway'`. Therefore, when distributed FIPs are
enabled via ovn/enable_distributed_floating_ip, the `distributed` extra
attribute on a router is set to `False` and /32 routes are advertised
as centralized.

The distributed FIP case is currently not exercised by the current
bundles neither for ML2/ovs nor ML2/ovn. The current bundles only test
the control plane and route advertisement, not packet forwarding via
advertised next-hops.

[1] https://review.opendev.org/c/openstack/neutron/+/864051
[2] 4d1a7bd0bc
[3] cd66232c2b/doc/source/ovn/faq/index.rst (L16-L29)
[4] 513ea649be/neutron_dynamic_routing/db/bgp_db.py (L564)
[5] 513ea649be/neutron_dynamic_routing/db/bgp_db.py (L567-L580)

Change-Id: I21ba5d79ff100b839874a65e4ddd32f20dfb1311

osci.yaml

@@ -1,9 +1,29 @@
 - project:
     templates:
       - charm-unit-jobs-py310
-      - charm-functional-jobs
+    check:
+      jobs:
+      - jammy-zed
+      - jammy-antelope
+      - jammy-antelope-ovn
+      - lunar-antelope:
+          voting: false
+      - lunar-antelope-ovn:
+          voting: false
     vars:
       needs_charm_build: true
       charm_build_name: neutron-dynamic-routing
       build_type: charmcraft
       charmcraft_channel: 2.1/stable
+
+- job:
+    name: jammy-antelope-ovn
+    parent: func-target
+    vars:
+      tox_extra_args: '-- jammy-antelope-ovn'
+- job:
+    name: lunar-antelope-ovn
+    parent: func-target
+    vars:
+      juju_snap_channel: "3.2/stable"
+      tox_extra_args: '-- lunar-antelope-ovn'

src/tests/bundles/jammy-antelope-ovn.yaml

@@ -0,0 +1,159 @@
+local_overlay_enabled: False
+
+variables:
+  openstack-origin: &openstack-origin cloud:jammy-antelope
+
+series: jammy
+
+comment:
+- 'machines section to decide order of deployment. database sooner = faster'
+machines:
+  '0':
+    constraints: mem=3072M
+  '1':
+    constraints: mem=3072M
+  '2':
+    constraints: mem=3072M
+  '3':
+  '4':
+  '5':
+  '6':
+  '7':
+    # osci-frr has a limited set of supported series.
+    series: jammy
+  '8':
+  '9':
+  '10':
+  '11':
+
+applications:
+
+  keystone-mysql-router:
+    charm: ch:mysql-router
+    channel: latest/edge
+  neutron-api-mysql-router:
+    charm: ch:mysql-router
+    channel: latest/edge
+
+  mysql-innodb-cluster:
+    charm: ch:mysql-innodb-cluster
+    num_units: 3
+    to:
+      - '0'
+      - '1'
+      - '2'
+    channel: latest/edge
+
+  keystone:
+    charm: ch:keystone
+    num_units: 1
+    options:
+      openstack-origin: *openstack-origin
+      haproxy-server-timeout: 90000
+      haproxy-client-timeout: 90000
+      haproxy-queue-timeout: 9000
+      haproxy-connect-timeout: 9000
+    to:
+      - '3'
+    channel: latest/edge
+
+  neutron-api:
+    charm: ch:neutron-api
+    num_units: 1
+    options:
+      manage-neutron-plugin-legacy-mode: true
+      neutron-plugin: ovs
+      flat-network-providers: physnet1,
+      neutron-security-groups: true
+      openstack-origin: *openstack-origin
+      haproxy-server-timeout: 90000
+      haproxy-client-timeout: 90000
+      haproxy-queue-timeout: 9000
+      haproxy-connect-timeout: 9000
+    to:
+      - '4'
+    channel: latest/edge
+
+  neutron-dynamic-routing:
+    charm: ../../../neutron-dynamic-routing_ubuntu-22.04-amd64_ubuntu-22.10-amd64_ubuntu-23.04-amd64.charm
+    num_units: 1
+    options:
+      openstack-origin: *openstack-origin
+    to:
+      - '5'
+
+  rabbitmq-server:
+    charm: ch:rabbitmq-server
+    num_units: 1
+    to:
+      - '6'
+    channel: latest/edge
+
+  osci-frr:
+    charm: ch:osci-frr
+    series: jammy
+    num_units: 1
+    to:
+      - '7'
+
+  ovn-central:
+    charm: ch:ovn-central
+    num_units: 3
+    options:
+      source: *openstack-origin
+    channel: latest/edge
+    to:
+      - '8'
+      - '9'
+      - '10'
+  neutron-api-plugin-ovn:
+    charm: ch:neutron-api-plugin-ovn
+    channel: latest/edge
+
+  vault:
+    charm: ch:vault
+    num_units: 1
+    channel: latest/edge
+    to:
+      - '11'
+relations:
+
+  - - 'neutron-dynamic-routing:amqp'
+    - 'rabbitmq-server:amqp'
+
+  - - 'neutron-dynamic-routing:bgp-speaker'
+    - 'osci-frr:bgpclient'
+
+  - - 'keystone:shared-db'
+    - 'keystone-mysql-router:shared-db'
+  - - 'keystone-mysql-router:db-router'
+    - 'mysql-innodb-cluster:db-router'
+
+  - - 'neutron-api:shared-db'
+    - 'neutron-api-mysql-router:shared-db'
+  - - 'neutron-api-mysql-router:db-router'
+    - 'mysql-innodb-cluster:db-router'
+
+  - - 'neutron-api:amqp'
+    - 'rabbitmq-server:amqp'
+
+  - - 'neutron-api:identity-service'
+    - 'keystone:identity-service'
+
+  - - ovn-central:certificates
+    - vault:certificates
+
+  - - ovn-central:ovsdb-cms
+    - neutron-api-plugin-ovn:ovsdb-cms
+
+  - - vault:certificates
+    - keystone:certificates
+
+  - - vault:certificates
+    - neutron-api:certificates
+
+  - - vault:certificates
+    - neutron-api-plugin-ovn:certificates
+
+  - - neutron-api-plugin-ovn:neutron-plugin
+    - neutron-api:neutron-plugin-api-subordinate

src/tests/bundles/jammy-antelope.yaml

@@ -21,6 +21,7 @@ machines:
   '7':
     # osci-frr has a limited set of supported series.
     series: jammy
+  '8':
 
 applications:
 
@@ -92,6 +93,13 @@ applications:
     to:
       - '7'
 
+  vault:
+    charm: ch:vault
+    num_units: 1
+    channel: latest/edge
+    to:
+      - '8'
+
 relations:
 
   - - 'neutron-dynamic-routing:amqp'
@@ -115,3 +123,9 @@ relations:
 
   - - 'neutron-api:identity-service'
     - 'keystone:identity-service'
+
+  - - vault:certificates
+    - keystone:certificates
+
+  - - vault:certificates
+    - neutron-api:certificates

src/tests/bundles/jammy-zed.yaml

@@ -21,6 +21,7 @@ machines:
   '7':
     # osci-frr has a limited set of supported series.
     series: jammy
+  '8':
 
 applications:
 
@@ -92,6 +93,13 @@ applications:
     to:
       - '7'
 
+  vault:
+    charm: ch:vault
+    num_units: 1
+    channel: latest/edge
+    to:
+      - '8'
+
 relations:
 
   - - 'neutron-dynamic-routing:amqp'
@@ -115,3 +123,9 @@ relations:
 
   - - 'neutron-api:identity-service'
     - 'keystone:identity-service'
+
+  - - vault:certificates
+    - keystone:certificates
+
+  - - vault:certificates
+    - neutron-api:certificates

src/tests/bundles/lunar-antelope-ovn.yaml

@@ -0,0 +1,160 @@
+local_overlay_enabled: False
+
+variables:
+  openstack-origin: &openstack-origin distro
+
+series: lunar
+
+comment:
+- 'machines section to decide order of deployment. database sooner = faster'
+machines:
+  '0':
+    constraints: mem=3072M
+  '1':
+    constraints: mem=3072M
+  '2':
+    constraints: mem=3072M
+  '3':
+  '4':
+  '5':
+  '6':
+  '7':
+    # osci-frr has a limited set of supported series.
+    series: jammy
+  '8':
+  '9':
+  '10':
+  '11':
+
+applications:
+
+  keystone-mysql-router:
+    charm: ch:mysql-router
+    channel: latest/edge
+  neutron-api-mysql-router:
+    charm: ch:mysql-router
+    channel: latest/edge
+
+  mysql-innodb-cluster:
+    charm: ch:mysql-innodb-cluster
+    num_units: 3
+    to:
+      - '0'
+      - '1'
+      - '2'
+    channel: latest/edge
+
+  keystone:
+    charm: ch:keystone
+    num_units: 1
+    options:
+      openstack-origin: *openstack-origin
+      haproxy-server-timeout: 90000
+      haproxy-client-timeout: 90000
+      haproxy-queue-timeout: 9000
+      haproxy-connect-timeout: 9000
+    to:
+      - '3'
+    channel: latest/edge
+
+  neutron-api:
+    charm: ch:neutron-api
+    num_units: 1
+    options:
+      manage-neutron-plugin-legacy-mode: true
+      neutron-plugin: ovs
+      flat-network-providers: physnet1,
+      neutron-security-groups: true
+      openstack-origin: *openstack-origin
+      haproxy-server-timeout: 90000
+      haproxy-client-timeout: 90000
+      haproxy-queue-timeout: 9000
+      haproxy-connect-timeout: 9000
+    to:
+      - '4'
+    channel: latest/edge
+
+  neutron-dynamic-routing:
+    charm: ../../../neutron-dynamic-routing_ubuntu-22.04-amd64_ubuntu-22.10-amd64_ubuntu-23.04-amd64.charm
+    num_units: 1
+    options:
+      openstack-origin: *openstack-origin
+    to:
+      - '5'
+
+  rabbitmq-server:
+    charm: ch:rabbitmq-server
+    num_units: 1
+    to:
+      - '6'
+    channel: latest/edge
+
+  osci-frr:
+    charm: ch:osci-frr
+    series: jammy
+    num_units: 1
+    to:
+      - '7'
+
+  ovn-central:
+    charm: ch:ovn-central
+    num_units: 3
+    options:
+      source: *openstack-origin
+    channel: latest/edge
+    to:
+      - '8'
+      - '9'
+      - '10'
+  neutron-api-plugin-ovn:
+    charm: ch:neutron-api-plugin-ovn
+    channel: latest/edge
+
+  vault:
+    charm: ch:vault
+    num_units: 1
+    channel: latest/edge
+    to:
+      - '11'
+
+relations:
+
+  - - 'neutron-dynamic-routing:amqp'
+    - 'rabbitmq-server:amqp'
+
+  - - 'neutron-dynamic-routing:bgp-speaker'
+    - 'osci-frr:bgpclient'
+
+  - - 'keystone:shared-db'
+    - 'keystone-mysql-router:shared-db'
+  - - 'keystone-mysql-router:db-router'
+    - 'mysql-innodb-cluster:db-router'
+
+  - - 'neutron-api:shared-db'
+    - 'neutron-api-mysql-router:shared-db'
+  - - 'neutron-api-mysql-router:db-router'
+    - 'mysql-innodb-cluster:db-router'
+
+  - - 'neutron-api:amqp'
+    - 'rabbitmq-server:amqp'
+
+  - - 'neutron-api:identity-service'
+    - 'keystone:identity-service'
+
+  - - ovn-central:certificates
+    - vault:certificates
+
+  - - ovn-central:ovsdb-cms
+    - neutron-api-plugin-ovn:ovsdb-cms
+
+  - - vault:certificates
+    - keystone:certificates
+
+  - - vault:certificates
+    - neutron-api:certificates
+
+  - - vault:certificates
+    - neutron-api-plugin-ovn:certificates
+
+  - - neutron-api-plugin-ovn:neutron-plugin
+    - neutron-api:neutron-plugin-api-subordinate

src/tests/bundles/lunar-antelope.yaml

@@ -21,6 +21,7 @@ machines:
   '7':
     # osci-frr has a limited set of supported series.
     series: jammy
+  '8':
 
 applications:
 
@@ -92,6 +93,13 @@ applications:
     to:
       - '7'
 
+  vault:
+    charm: ch:vault
+    num_units: 1
+    channel: latest/edge
+    to:
+      - '8'
+
 relations:
 
   - - 'neutron-dynamic-routing:amqp'
@@ -115,3 +123,9 @@ relations:
 
   - - 'neutron-api:identity-service'
     - 'keystone:identity-service'
+
+  - - vault:certificates
+    - keystone:certificates
+
+  - - vault:certificates
+    - neutron-api:certificates

src/tests/tests.yaml

@@ -1,6 +1,7 @@
 charm_name: neutron-dynamic-routing
 
 configure:
+- zaza.openstack.charm_tests.vault.setup.auto_initialize
 - zaza.openstack.charm_tests.dragent.configure.setup
 
 gate_bundles:
@@ -10,9 +11,25 @@ smoke_bundles:
 - jammy-zed
 
 dev_bundles:
+# There is no jammy-zed-ovn bundle as neutron-dynamic-routing
+# compatibility with ML2/ovn has only been declared in Neutron
+# 22.0.0 which is used in 2023.1 (Antelope)
 - jammy-zed
 - jammy-antelope
+- jammy-antelope-ovn
 - lunar-antelope
+- lunar-antelope-ovn
+
+target_deploy_status:
+  neutron-api-plugin-ovn:
+    workload-status: waiting
+    workload-status-message-prefix: "'certificates' awaiting server certificate data, 'ovsdb-cms' incomplete"
+  ovn-central:
+    workload-status: waiting
+    workload-status-message-prefix: "'ovsdb-peer' incomplete, 'certificates' awaiting server certificate data"
+  vault:
+    workload-status: blocked
+    workload-status-message-prefix: Vault needs to be initialized
 
 tests:
 - zaza.openstack.charm_tests.dragent.tests.DRAgentTest