diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..7534783 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,14 @@ +sudo: true +dist: xenial +language: python +install: pip install tox-travis +matrix: + include: + - name: "Python 3.6" + python: 3.6 + env: ENV=pep8,py3 + - name: "Python 3.7" + python: 3.7 + env: ENV=pep8,py3 +script: + - tox -c tox.ini -e $ENV diff --git a/src/lib/charm/openstack/neutron_api_plugin_ovn.py b/src/lib/charm/openstack/neutron_api_plugin_ovn.py index ac5a156..3a28702 100644 --- a/src/lib/charm/openstack/neutron_api_plugin_ovn.py +++ b/src/lib/charm/openstack/neutron_api_plugin_ovn.py @@ -13,19 +13,50 @@ # limitations under the License. import os -import subprocess - -import charms.reactive as reactive - -import charmhelpers.core as ch_core import charms_openstack.adapters import charms_openstack.charm -class NeutronAPIPluginOvn(charms_openstack.charm.OpenStackCharm): - release = 'train' - name = 'ovn' +NEUTRON_PLUGIN_ML2_DIR = '/etc/neutron/plugins/ml2' + + +@charms_openstack.adapters.config_property +def ovn_key(cls): + return os.path.join(NEUTRON_PLUGIN_ML2_DIR, 'key_host') + + +@charms_openstack.adapters.config_property +def ovn_cert(cls): + return os.path.join(NEUTRON_PLUGIN_ML2_DIR, 'cert_host') + + +@charms_openstack.adapters.config_property +def ovn_ca_cert(cls): + return os.path.join(NEUTRON_PLUGIN_ML2_DIR, + '{}.crt'.format(cls.charm_instance.name)) + + +class NeutronAPIPluginCharm(charms_openstack.charm.OpenStackCharm): + release = 'stein' + name = 'neutron-api-plugin-ovn' packages = ['python3-networking-ovn'] required_relations = ['neutron-plugin', 'ovsdb-cms'] python_version = 3 + # make sure we can write secrets readable by the ``neutron-server`` process + group = 'neutron' + + def configure_tls(self, certificates_interface=None): + tls_objects = self.get_certs_and_keys( + certificates_interface=certificates_interface) + + for tls_object in tls_objects: + with open(ovn_ca_cert(self.adapters_instance), 'w') as crt: + crt.write( + tls_object['ca'] + + os.linesep + + tls_object.get('chain', '')) + self.configure_cert(NEUTRON_PLUGIN_ML2_DIR, + tls_object['cert'], + tls_object['key'], + cn='host') diff --git a/src/reactive/neutron_api_plugin_ovn_handlers.py b/src/reactive/neutron_api_plugin_ovn_handlers.py index 05371d2..4bcf7a0 100644 --- a/src/reactive/neutron_api_plugin_ovn_handlers.py +++ b/src/reactive/neutron_api_plugin_ovn_handlers.py @@ -15,7 +15,6 @@ import charmhelpers.core as ch_core import charms.reactive as reactive -import charms.leadership as leadership import charms_openstack.bus import charms_openstack.charm as charm @@ -47,33 +46,64 @@ def request_db_migration(): neutron.request_db_migration() -@reactive.when('neutron-plugin.connected') +@reactive.when('neutron-plugin.connected', 'ovsdb-cms.available') def configure_neutron(): neutron = reactive.endpoint_from_flag( 'neutron-plugin.connected') + ovsdb = reactive.endpoint_from_flag( + 'ovsdb-cms.available') ch_core.hookenv.log('DEBUG: neutron_config_data="{}"' .format(neutron.neutron_config_data)) - neutron.configure_plugin( - 'ovn', - subordinate_configuration={ - 'neutron-api': { - '/etc/neutron/neutron.conf': { - 'sections': { - 'blablabla': [ - ('neutron_conf_key1', 'val1'), - ], - }, - }, - '/etc/neutron/plugins/ml2/ml2_conf.ini': { - 'sections': { - 'ovn': [ - ('ml2_conf_key1', 'val1'), - ], + service_plugins = neutron.neutron_config_data.get( + 'service_plugins', '').split(',') + service_plugins = [svc for svc in service_plugins if svc not in ['router']] + service_plugins.append('networking_ovn.l3.l3_ovn.OVNL3RouterPlugin') + tenant_network_types = neutron.neutron_config_data.get( + 'tenant_network_types', '').split(',') + tenant_network_types.insert(0, 'geneve') + with charm.provide_charm_instance() as instance: + neutron.configure_plugin( + 'ovn', + service_plugins=','.join(service_plugins), + mechanism_drivers='ovn', + tenant_network_types=','.join(tenant_network_types), + subordinate_configuration={ + 'neutron-api': { + '/etc/neutron/plugins/ml2/ml2_conf.ini': { + 'sections': { + 'ovn': [ + ('ovn_nb_connection', + ','.join(ovsdb.db_nb_connection_strs)), + ('ovn_nb_private_key', + instance.adapters_instance.options.ovn_key), + ('ovn_nb_certificate', + instance.adapters_instance.options.ovn_cert), + ('ovn_nb_ca_cert', + instance.adapters_instance.options.ovn_ca_cert + ), + ('ovn_sb_connection', + ','.join(ovsdb.db_sb_connection_strs)), + ('ovn_sb_private_key', + instance.adapters_instance.options.ovn_key), + ('ovn_sb_certificate', + instance.adapters_instance.options.ovn_cert), + ('ovn_sb_ca_cert', + instance.adapters_instance.options.ovn_ca_cert + ), + # XXX config + ('ovn_l3_scheduler', 'leastloaded'), + ('ovn_metadata_enabled', 'true'), # XXX config + ], + 'ml2_type_geneve': [ + ('vni_ranges', '1000:2000'), # XXX config + ('max_header_size', '38'), + ], + }, }, }, }, - }, - ) + ) + instance.assess_status() @reactive.when('neutron-plugin.available') diff --git a/src/tests/bundles/bionic-stein.yaml b/src/tests/bundles/bionic-stein.yaml index 44e1f67..b51e30e 100644 --- a/src/tests/bundles/bionic-stein.yaml +++ b/src/tests/bundles/bionic-stein.yaml @@ -10,7 +10,7 @@ applications: num_units: 1 neutron-api: series: bionic - charm: /home/frode/Projects/OpenStack/charm-neutron-api + charm: cs:~openstack-charmers-next/neutron-api num_units: 3 options: manage-neutron-plugin-legacy-mode: false diff --git a/src/tests/tests.yaml b/src/tests/tests.yaml index 80ba55e..eae5ced 100644 --- a/src/tests/tests.yaml +++ b/src/tests/tests.yaml @@ -12,6 +12,6 @@ target_deploy_status: workload-status: blocked workload-status-message: Vault needs to be initialized configure: -- zaza.openstack.charm_tests.vault.setup.auto_initialize +- zaza.openstack.charm_tests.vault.setup.auto_initialize_no_validation tests: - zaza.charm_tests.noop.tests.NoopTest diff --git a/unit_tests/test_lib_charm_openstack_ovn.py b/unit_tests/test_lib_charm_openstack_ovn.py index 7c549f8..0a37284 100644 --- a/unit_tests/test_lib_charm_openstack_ovn.py +++ b/unit_tests/test_lib_charm_openstack_ovn.py @@ -12,148 +12,76 @@ # See the License for the specific language governing permissions and # limitations under the License. +import io import mock import os import charms_openstack.test_utils as test_utils -import charm.openstack.ovn as ovn +import charm.openstack.neutron_api_plugin_ovn as neutron_api_plugin_ovn -class TestOVNConfigProperties(test_utils.PatchHelper): +class TestNeutronAPIPluginOvnConfigProperties(test_utils.PatchHelper): - def test_cluster_local_addr(self): - self.patch_object(ovn.ch_core.hookenv, 'unit_get') + def test_ovn_key(self): cls = mock.MagicMock() - self.assertEquals(ovn.cluster_local_addr(cls), self.unit_get()) + self.assertEquals( + neutron_api_plugin_ovn.ovn_key(cls), + os.path.join(neutron_api_plugin_ovn.NEUTRON_PLUGIN_ML2_DIR, + 'key_host')) - def test_db_nb_port(self): + def test_ovn_cert(self): cls = mock.MagicMock() - self.assertEquals(ovn.db_nb_port(cls), ovn.DB_NB_PORT) + self.assertEquals( + neutron_api_plugin_ovn.ovn_cert(cls), + os.path.join(neutron_api_plugin_ovn.NEUTRON_PLUGIN_ML2_DIR, + 'cert_host')) - def test_db_sb_port(self): + def test_ovn_ca_cert(self): cls = mock.MagicMock() - self.assertEquals(ovn.db_sb_port(cls), ovn.DB_SB_PORT) + cls.charm_instance.name = 'neutron-api-plugin-ovn' + self.assertEquals( + neutron_api_plugin_ovn.ovn_ca_cert(cls), + os.path.join(neutron_api_plugin_ovn.NEUTRON_PLUGIN_ML2_DIR, + 'neutron-api-plugin-ovn.crt')) class Helper(test_utils.PatchHelper): def setUp(self): super().setUp() - self.patch_release(ovn.OVNCharm.release) + self.patch_release( + neutron_api_plugin_ovn.NeutronAPIPluginCharm.release) -class TestOVNCharm(Helper): - - def test_install(self): - self.patch_object(ovn.charms_openstack.charm.OpenStackCharm, - 'install') - self.patch_object(ovn.os.path, 'islink') - self.islink.return_value = False - self.patch_object(ovn.os, 'symlink') - c = ovn.OVNCharm() - c.install() - self.islink.assert_called_once_with( - '/etc/systemd/system/ovn-central.service') - self.symlink.assert_called_once_with( - '/dev/null', - '/etc/systemd/system/ovn-central.service') - self.install.assert_called_once_with() - - def test__default_port_list(self): - c = ovn.OVNCharm() - self.assertEquals( - c._default_port_list(), - [ovn.DB_NB_PORT, ovn.DB_SB_PORT]) - - def test_ports_to_check(self): - c = ovn.OVNCharm() - c._default_port_list = mock.MagicMock() - c.ports_to_check() - c._default_port_list.assert_called_once_with() - - def test_enable_services(self): - self.patch_object(ovn.ch_core.host, 'service_resume') - c = ovn.OVNCharm() - c.check_if_paused = mock.MagicMock() - c.check_if_paused.return_value = ('status', 'message') - c.enable_services() - c.check_if_paused.assert_called_once_with() - self.assertFalse(self.service_resume.called) - c.check_if_paused.return_value = (None, None) - c.enable_services() - self.service_resume.assert_called_once_with('ovn-central') - - def test_ovs_controller_cert(self): - c = ovn.OVNCharm() - self.assertEquals( - c.ovs_controller_cert, - os.path.join(ovn.OVS_ETCDIR, 'cert_host')) - - def test_ovs_controller_key(self): - c = ovn.OVNCharm() - self.assertEquals( - c.ovs_controller_key, - os.path.join(ovn.OVS_ETCDIR, 'key_host')) - - def test_run(self): - self.patch_object(ovn.subprocess, 'run') - self.patch_object(ovn.ch_core.hookenv, 'log') - c = ovn.OVNCharm() - c.run('some', 'args') - self.run.assert_called_once_with( - ('some', 'args'), - stdout=ovn.subprocess.PIPE, - stderr=ovn.subprocess.STDOUT, - check=True, - universal_newlines=True) +class TestNeutronAPIPluginOvnCharm(Helper): def test_configure_tls(self): - self.patch_object(ovn.ch_core.hookenv, 'service_name') + self.patch('charmhelpers.core.hookenv', 'service_name') self.service_name.return_value = 'fakeservice' - self.patch_object(ovn.charms_openstack.charm.OpenStackCharm, - 'configure_tls') - self.configure_tls.return_value = [{ + self.patch_object( + neutron_api_plugin_ovn.charms_openstack.charm.OpenStackCharm, + 'get_certs_and_keys') + self.get_certs_and_keys.return_value = [{ 'cert': 'fakecert', 'key': 'fakekey', 'cn': 'fakecn', + 'ca': 'fakeca', + 'chain': 'fakechain', }] - c = ovn.OVNCharm() - c.configure_cert = mock.MagicMock() - c.run = mock.MagicMock() - c.configure_tls() - self.configure_tls.assert_called_once_with(certificates_interface=None) - c.configure_cert.assert_called_once_with( - ovn.OVS_ETCDIR, - 'fakecert', - 'fakekey', - cn='host') - c.run.assert_has_calls([ - mock.call('ovs-vsctl', - 'set-ssl', - '/etc/openvswitch/key_host', - '/etc/openvswitch/cert_host', - '/usr/local/share/ca-certificates/fakeservice.crt'), - mock.call('ovn-nbctl', - 'set-ssl', - '/etc/openvswitch/key_host', - '/etc/openvswitch/cert_host', - '/usr/local/share/ca-certificates/fakeservice.crt'), - mock.call('ovn-sbctl', - 'set-ssl', - '/etc/openvswitch/key_host', - '/etc/openvswitch/cert_host', - '/usr/local/share/ca-certificates/fakeservice.crt'), - mock.call('ovn-nbctl', - 'set-connection', - 'pssl:6641'), - mock.call('ovn-sbctl', - 'set-connection', - 'role=ovn-controller', - 'pssl:6642'), - mock.call('ovs-vsctl', - 'set', - 'open', - '.', - 'external-ids:ovn-remote=ssl:127.0.0.1:6642') - ]) + with mock.patch('builtins.open', create=True) as mocked_open: + mocked_file = mock.MagicMock(spec=io.FileIO) + mocked_open.return_value = mocked_file + c = neutron_api_plugin_ovn.NeutronAPIPluginCharm() + c.configure_cert = mock.MagicMock() + c.configure_tls() + mocked_open.assert_called_once_with( + '/etc/neutron/plugins/ml2/neutron-api-plugin-ovn.crt', 'w') + mocked_file.__enter__().write.assert_called_once_with( + 'fakeca\nfakechain') + c.configure_cert.assert_called_once_with( + neutron_api_plugin_ovn.NEUTRON_PLUGIN_ML2_DIR, + 'fakecert', + 'fakekey', + cn='host', + ) diff --git a/unit_tests/test_reactive_neutron_api_plugin_ovn_handlers.py b/unit_tests/test_reactive_neutron_api_plugin_ovn_handlers.py new file mode 100644 index 0000000..72e804d --- /dev/null +++ b/unit_tests/test_reactive_neutron_api_plugin_ovn_handlers.py @@ -0,0 +1,134 @@ +# Copyright 2019 Canonical Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import mock + +import reactive.neutron_api_plugin_ovn_handlers as handlers + +import charms_openstack.test_utils as test_utils + + +class TestRegisteredHooks(test_utils.TestRegisteredHooks): + + def test_hooks(self): + defaults = [ + 'charm.installed', + 'config.changed', + 'update-status', + 'upgrade-charm', + 'certificates.available', + ] + hook_set = { + 'when_none': { + 'flag_db_migration': ( + 'neutron-plugin.db_migration', + 'neutron-plugin.available',), + 'request_db_migration': ( + 'neutron-plugin.available', + 'run-default-update-status',), + }, + 'when': { + 'flag_db_migration': ('charm.installed',), + 'request_db_migration': ('neutron-plugin.connected',), + 'configure_neutron': ( + 'neutron-plugin.connected', + 'ovsdb-cms.available',), + 'assess_status': ('neutron-plugin.available',), + 'poke_ovsdb': ('ovsdb-cms.available',), + }, + } + # test that the hooks were registered via the + # reactive.ovn_handlers + self.registered_hooks_test_helper(handlers, hook_set, defaults) + + +class TestOvnHandlers(test_utils.PatchHelper): + + def setUp(self): + super().setUp() + # self.patch_release(octavia.OctaviaCharm.release) + self.charm = mock.MagicMock() + self.patch_object(handlers.charm, 'provide_charm_instance', + new=mock.MagicMock()) + self.provide_charm_instance().__enter__.return_value = \ + self.charm + self.provide_charm_instance().__exit__.return_value = None + + def test_flag_db_migration(self): + self.patch_object(handlers.reactive, 'set_flag') + handlers.flag_db_migration() + self.set_flag.assert_called_once_with('neutron-plugin.db_migration') + + def test_request_db_migration(self): + self.patch_object(handlers.reactive, 'endpoint_from_flag') + neutron = mock.MagicMock() + ovsdb = mock.MagicMock() + self.endpoint_from_flag.side_effect = [neutron, ovsdb] + neutron.neutron_config_data.get.side_effect = [ + 'router,firewall_v2,metering,segments,' + 'neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin,' + 'lbaasv2', + 'gre,vlan,flat,local', + ] + handlers.configure_neutron() + neutron.configure_plugin.assert_called_once_with( + 'ovn', + service_plugins=( + 'firewall_v2,metering,segments,' + 'neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin,' + 'lbaasv2,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin'), + mechanism_drivers='ovn', + tenant_network_types='geneve,gre,vlan,flat,local', + subordinate_configuration={ + 'neutron-api': { + '/etc/neutron/plugins/ml2/ml2_conf.ini': { + 'sections': { + 'ovn': [ + ('ovn_nb_connection', + ''), # FIXME + ('ovn_nb_private_key', mock.ANY), + ('ovn_nb_certificate', mock.ANY), + ('ovn_nb_ca_cert', mock.ANY), + ('ovn_sb_connection', + ''), # FIXME + ('ovn_sb_private_key', mock.ANY), + ('ovn_sb_certificate', mock.ANY), + ('ovn_sb_ca_cert', mock.ANY), + ('ovn_l3_scheduler', 'leastloaded'), + ('ovn_metadata_enabled', 'true'), + ], + 'ml2_type_geneve': [ + ('vni_ranges', '1000:2000'), + ('max_header_size', '38'), + ], + }, + }, + }, + }, + ) + + # def test_render(self): + # self.patch_object(handlers.charm, 'use_defaults') + # self.patch_object(handlers.reactive, 'set_flag') + # self.charm.enable_services.return_value = False + # handlers.render() + # self.charm.render_with_interfaces.assert_called_once_with([]) + # self.charm.enable_services.assert_called_once_with() + # self.assertFalse(self.use_defaults.called) + # self.assertFalse(self.set_flag.called) + # self.charm.assess_status.assert_called_once_with() + # self.charm.enable_services.return_value = True + # handlers.render() + # self.use_defaults.assert_called_once_with('certificates.available') + # self.set_flag.assert_called_once_with('config.rendered') diff --git a/unit_tests/test_reactive_ovn_handlers.py b/unit_tests/test_reactive_ovn_handlers.py deleted file mode 100644 index ee3e2a1..0000000 --- a/unit_tests/test_reactive_ovn_handlers.py +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright 2019 Canonical Ltd -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import mock - -import reactive.ovn_handlers as handlers - -import charms_openstack.test_utils as test_utils - - -class TestRegisteredHooks(test_utils.TestRegisteredHooks): - - def test_hooks(self): - defaults = [ - 'charm.installed', - 'config.changed', - 'update-status', - 'upgrade-charm', - ] - hook_set = { - 'when': { - 'render': ('charm.installed',), - 'certificates_in_config_tls': ('config.rendered', - 'config.changed',), - }, - 'when_not_all': { - 'certificates_in_config_tls': ('config.default.ssl_ca', - 'config.default.ssl_cert', - 'config.default.ssl_key',), - }, - } - # test that the hooks were registered via the - # reactive.ovn_handlers - self.registered_hooks_test_helper(handlers, hook_set, defaults) - - -class TestOvnHandlers(test_utils.PatchHelper): - - def setUp(self): - super().setUp() - # self.patch_release(octavia.OctaviaCharm.release) - self.charm = mock.MagicMock() - self.patch_object(handlers.charm, 'provide_charm_instance', - new=mock.MagicMock()) - self.provide_charm_instance().__enter__.return_value = \ - self.charm - self.provide_charm_instance().__exit__.return_value = None - - def test_render(self): - self.patch_object(handlers.charm, 'use_defaults') - self.patch_object(handlers.reactive, 'set_flag') - self.charm.enable_services.return_value = False - handlers.render() - self.charm.render_with_interfaces.assert_called_once_with([]) - self.charm.enable_services.assert_called_once_with() - self.assertFalse(self.use_defaults.called) - self.assertFalse(self.set_flag.called) - self.charm.assess_status.assert_called_once_with() - self.charm.enable_services.return_value = True - handlers.render() - self.use_defaults.assert_called_once_with('certificates.available') - self.set_flag.assert_called_once_with('config.rendered')