From a1639fe51f48b9a6cdb5185c5bffc4480f4e264b Mon Sep 17 00:00:00 2001 From: David Ames Date: Fri, 7 Jun 2019 09:58:11 -0700 Subject: [PATCH] Enable isolated provider network metadata access When an isolated provider network with no virtual routers metadata access occurs in the qdhcp netns. Without the force_metadata option in dhcp_agent.ini and the haproxy package installed ns-metadata-proxy is not enabled. ns-metdata-proxy sits in the ip netns and proxies requests from 169.254.169.254 to the nova-api-metadata service outside the netns. This change adds the force_metadata option and installs haproxy when enable-local-dhcp-and-metadata is True. Closes-Bug: #1831935 Change-Id: Iaad1501e8d7d58888ef0917b6700d22a7cf05ecf --- hooks/neutron_ovs_utils.py | 4 ++- templates/ocata/dhcp_agent.ini | 39 ++++++++++++++++++++++++++++ tox.ini | 5 ++++ unit_tests/test_neutron_ovs_hooks.py | 3 ++- unit_tests/test_neutron_ovs_utils.py | 1 + 5 files changed, 50 insertions(+), 2 deletions(-) create mode 100644 templates/ocata/dhcp_agent.ini diff --git a/hooks/neutron_ovs_utils.py b/hooks/neutron_ovs_utils.py index 8993b1e0..66655149 100644 --- a/hooks/neutron_ovs_utils.py +++ b/hooks/neutron_ovs_utils.py @@ -108,7 +108,9 @@ EXT_PORT_CONF = '/etc/init/ext-port.conf' NEUTRON_METADATA_AGENT_CONF = "/etc/neutron/metadata_agent.ini" DVR_PACKAGES = ['neutron-l3-agent'] DHCP_PACKAGES = ['neutron-dhcp-agent'] -METADATA_PACKAGES = ['neutron-metadata-agent'] +# haproxy is required for isolated provider networks +# ns-metadata-proxy LP#1831935 +METADATA_PACKAGES = ['neutron-metadata-agent', 'haproxy'] # conntrack is a dependency of neutron-l3-agent and hence is not added L3HA_PACKAGES = ['keepalived'] diff --git a/templates/ocata/dhcp_agent.ini b/templates/ocata/dhcp_agent.ini new file mode 100644 index 00000000..1c3cd3b7 --- /dev/null +++ b/templates/ocata/dhcp_agent.ini @@ -0,0 +1,39 @@ +# ocata +############################################################################### +# [ WARNING ] +# Configuration file maintained by Juju. Local changes may be overwritten. +# +############################################################################### + +[DEFAULT] +state_path = /var/lib/neutron +interface_driver = openvswitch +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq +root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf + +{% if dnsmasq_flags -%} +dnsmasq_config_file = /etc/neutron/dnsmasq.conf +{% endif -%} + +{% if dns_servers -%} +dnsmasq_dns_servers = {{ dns_servers }} +{% endif -%} + +{% if dns_domain -%} +dns_domain = {{ dns_domain }} +# Per LP#1583769, dhcp_domain needs to be configured in mitaka as well. Additional +# testing shows that this has not been changed in newton, so will also +# specify the dhcp_domain field. +dhcp_domain = {{ dns_domain }} +{% endif -%} + +enable_metadata_network = True +force_metadata = True +enable_isolated_metadata = True + +ovs_use_veth = True + +[AGENT] +{% if availability_zone -%} +availability_zone = {{ availability_zone }} +{% endif -%} diff --git a/tox.ini b/tox.ini index 63460ab6..8862afd8 100644 --- a/tox.ini +++ b/tox.ini @@ -32,6 +32,11 @@ basepython = python3.6 deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt +[testenv:py37] +basepython = python3.7 +deps = -r{toxinidir}/requirements.txt + -r{toxinidir}/test-requirements.txt + [testenv:pep8] basepython = python3 deps = -r{toxinidir}/requirements.txt diff --git a/unit_tests/test_neutron_ovs_hooks.py b/unit_tests/test_neutron_ovs_hooks.py index 27691ab8..462d5b4c 100644 --- a/unit_tests/test_neutron_ovs_hooks.py +++ b/unit_tests/test_neutron_ovs_hooks.py @@ -216,7 +216,8 @@ class NeutronOVSHooksTests(CharmTestCase): **rel_data ) self.purge_packages.assert_called_with(['neutron-dhcp-agent', - 'neutron-metadata-agent']) + 'neutron-metadata-agent', + 'haproxy']) self.assertFalse(self.install_packages.called) @patch.object(hooks, 'os_release') diff --git a/unit_tests/test_neutron_ovs_utils.py b/unit_tests/test_neutron_ovs_utils.py index 1ecf6038..f9386cb5 100644 --- a/unit_tests/test_neutron_ovs_utils.py +++ b/unit_tests/test_neutron_ovs_utils.py @@ -189,6 +189,7 @@ class TestNeutronOVSUtils(CharmTestCase): 'neutron-plugin-openvswitch-agent', 'neutron-dhcp-agent', 'neutron-metadata-agent', + 'haproxy', ] self.assertEqual(pkg_list, expect)