Don't enable DVR services when deployed in container

Also set upper constraint for ``python-cinderclient`` in the
functional test requirements as it relies on the v1 client
which has been removed.  We will not fix this in Amulet, charm
pending migration to the Zaza framework.

Change-Id: If4d3b3cd79767b37fe6b74a1d6d399076c122bc8
Closes-Bug: #1843557

README.md

@@ -106,7 +106,13 @@ The charm will automatically detect which PCI devices are on each unit of the ap
 
 # Port Configuration
 
-**NOTE:** External port configuration only applies when DVR mode is enabled.
+> **Note**: External port configuration only applies when DVR mode is enabled.
+  This may not work when `neutron-openvswitch` is deployed in a LXD container.
+  If your deployment requires mixed placement of `neutron-openvswitch` units,
+  add multiple application instances with different names to your model to
+  allow for separate configuration. You can view examples of this configuration
+  in the [Octavia Charm](https://jaas.ai/octavia) functional test gate
+  [bundles](https://opendev.org/openstack/charm-octavia/src/branch/master/src/tests/bundles).
 
 All network types (internal, external) are configured with bridge-mappings and
 data-port and the flat-network-providers configuration option of the

config.yaml

@@ -120,6 +120,9 @@ options:
       deployments which do not include a neutron-gateway (do not require l3,
       lbaas or vpnaas services) and should only be used in-conjunction with
       flat or VLAN provider networks configurations.
+
+      NOTE: This configuration option will be ignored when deployed in a LXD
+      container.
   dnsmasq-flags:
     type: string
     default:
@@ -127,6 +130,9 @@ options:
       Comma-separated list of key=value config flags with the additional dhcp
       options for neutron dnsmasq. Note, this option is only valid when
       enable-local-dhcp-and-metadata option is set to True.
+
+      NOTE: This configuration option will be ignored when deployed in a LXD
+      container.
   instance-mtu:
     type: int
     default:
@@ -135,6 +141,9 @@ options:
       within the cloud. This is useful in deployments where its not
       possible to increase MTU on switches and physical servers to
       accommodate the packet overhead of using GRE tunnels.
+
+      NOTE: This configuration option will be ignored when deployed in a LXD
+      container.
   dns-servers:
     type: string
     default:
@@ -142,6 +151,9 @@ options:
       A comma-separated list of DNS servers which will be used by dnsmasq as
       forwarders. This option only applies when the enable-local-dhcp-and-metadata
       options is set to True.
+
+      NOTE: This configuration option will be ignored when deployed in a LXD
+      container.
   prevent-arp-spoofing:
     type: boolean
     default: true
@@ -297,6 +309,9 @@ options:
       be scheduled without a requirement for a dedicated network node to host
       centralized SNAT. This is especially important if only floating IPs are
       used in the network design and SNAT traffic is minimal or non-existent.
+
+      NOTE: This configuration option will be ignored when deployed in a LXD
+      container.
   sysctl:
     type: string
     default: |

hooks/neutron_ovs_hooks.py

@@ -187,19 +187,21 @@ def neutron_plugin_api_changed():
 
 @hooks.hook('neutron-plugin-relation-joined')
 def neutron_plugin_joined(relation_id=None, request_restart=False):
-    if enable_local_dhcp():
+    secret = None
-        install_packages()
+    if not is_container():
-    else:
+        if enable_local_dhcp():
-        pkgs = deepcopy(DHCP_PACKAGES)
+            install_packages()
-        # NOTE: only purge metadata packages if dvr is not
+        else:
-        #       in use as this will remove the l3 agent
+            pkgs = deepcopy(DHCP_PACKAGES)
-        #       see https://pad.lv/1515008
+            # NOTE: only purge metadata packages if dvr is not
-        if not use_dvr():
+            #       in use as this will remove the l3 agent
-            # NOTE(fnordahl) do not remove ``haproxy``, the principal charm may
+            #       see https://pad.lv/1515008
-            # have use for it. LP: #1832739
+            if not use_dvr():
-            pkgs.extend(set(METADATA_PACKAGES)-set(['haproxy']))
+                # NOTE(fnordahl) do not remove ``haproxy``, the principal
-        purge_packages(pkgs)
+                # charm may have use for it. LP: #1832739
-    secret = get_shared_secret() if enable_nova_metadata() else None
+                pkgs.extend(set(METADATA_PACKAGES)-set(['haproxy']))
+            purge_packages(pkgs)
+        secret = get_shared_secret() if enable_nova_metadata() else None
     rel_data = {
         'metadata-shared-secret': secret,
     }

hooks/neutron_ovs_utils.py

@@ -770,11 +770,13 @@ def get_shared_secret():
 
 
 def use_dvr():
-    return context.NeutronAPIContext()().get('enable_dvr', False)
+    return not is_container() and context.NeutronAPIContext()().get(
+        'enable_dvr', False)
 
 
 def use_l3ha():
-    return context.NeutronAPIContext()().get('enable_l3ha', False)
+    return not is_container() and context.NeutronAPIContext()().get(
+        'enable_l3ha', False)
 
 
 def determine_datapath_type():
@@ -887,11 +889,11 @@ def dpdk_set_interfaces_mtu(mtu, ports):
 
 
 def enable_nova_metadata():
-    return use_dvr() or enable_local_dhcp()
+    return not is_container() and (use_dvr() or enable_local_dhcp())
 
 
 def enable_local_dhcp():
-    return config('enable-local-dhcp-and-metadata')
+    return not is_container() and config('enable-local-dhcp-and-metadata')
 
 
 def assess_status(configs):

unit_tests/test_neutron_ovs_utils.py

@@ -223,6 +223,7 @@ class TestNeutronOVSUtils(CharmTestCase):
     @patch.object(charmhelpers.contrib.openstack.neutron, 'headers_package')
     def test_determine_packages_metadata(self, _head_pkgs, _os_rel,
                                          _use_dvr, _use_l3ha):
+        self.is_container.return_value = False
         self.test_config.set('enable-local-dhcp-and-metadata', True)
         _use_dvr.return_value = False
         _use_l3ha.return_value = False
@@ -1101,6 +1102,42 @@ class TestNeutronOVSUtils(CharmTestCase):
         )
         self.service_restart.assert_called_with('openvswitch-switch')
 
+    @patch.object(nutils.context, 'NeutronAPIContext')
+    @patch.object(nutils, 'is_container')
+    def test_use_dvr(self, _is_container, _NeutronAPIContext):
+        _is_container.return_value = False
+        _NeutronAPIContext()().get.return_value = True
+        self.assertEquals(nutils.use_dvr(), True)
+        _is_container.return_value = True
+        self.assertEquals(nutils.use_dvr(), False)
+
+    @patch.object(nutils.context, 'NeutronAPIContext')
+    @patch.object(nutils, 'is_container')
+    def test_use_l3ha(self, _is_container, _NeutronAPIContext):
+        _is_container.return_value = False
+        _NeutronAPIContext()().get.return_value = True
+        self.assertEquals(nutils.use_l3ha(), True)
+        _is_container.return_value = True
+        self.assertEquals(nutils.use_l3ha(), False)
+
+    @patch.object(nutils.context, 'NeutronAPIContext')
+    @patch.object(nutils, 'is_container')
+    def test_enable_nova_metadata(self, _is_container, _NeutronAPIContext):
+        _is_container.return_value = False
+        _NeutronAPIContext()().get.return_value = True
+        self.assertEquals(nutils.enable_nova_metadata(), True)
+        _is_container.return_value = True
+        self.assertEquals(nutils.enable_nova_metadata(), False)
+
+    @patch.object(nutils, 'config')
+    @patch.object(nutils, 'is_container')
+    def test_enable_local_dhcp(self, _is_container, _config):
+        _is_container.return_value = False
+        _config.return_value = True
+        self.assertEquals(nutils.enable_local_dhcp(), True)
+        _is_container.return_value = True
+        self.assertEquals(nutils.enable_local_dhcp(), False)
+
 
 class TestDPDKBridgeBondMap(CharmTestCase):