Configure Neutron

This commit is contained in:
Frode Nordahl 2019-09-30 12:48:19 +02:00 committed by Frode Nordahl
parent 5acafe3b04
commit a664071412
No known key found for this signature in database
GPG Key ID: 6A5D59A3BA48373F
8 changed files with 284 additions and 220 deletions

14
.travis.yml Normal file
View File

@ -0,0 +1,14 @@
sudo: true
dist: xenial
language: python
install: pip install tox-travis
matrix:
include:
- name: "Python 3.6"
python: 3.6
env: ENV=pep8,py3
- name: "Python 3.7"
python: 3.7
env: ENV=pep8,py3
script:
- tox -c tox.ini -e $ENV

View File

@ -13,19 +13,50 @@
# limitations under the License. # limitations under the License.
import os import os
import subprocess
import charms.reactive as reactive
import charmhelpers.core as ch_core
import charms_openstack.adapters import charms_openstack.adapters
import charms_openstack.charm import charms_openstack.charm
class NeutronAPIPluginOvn(charms_openstack.charm.OpenStackCharm): NEUTRON_PLUGIN_ML2_DIR = '/etc/neutron/plugins/ml2'
release = 'train'
name = 'ovn'
@charms_openstack.adapters.config_property
def ovn_key(cls):
return os.path.join(NEUTRON_PLUGIN_ML2_DIR, 'key_host')
@charms_openstack.adapters.config_property
def ovn_cert(cls):
return os.path.join(NEUTRON_PLUGIN_ML2_DIR, 'cert_host')
@charms_openstack.adapters.config_property
def ovn_ca_cert(cls):
return os.path.join(NEUTRON_PLUGIN_ML2_DIR,
'{}.crt'.format(cls.charm_instance.name))
class NeutronAPIPluginCharm(charms_openstack.charm.OpenStackCharm):
release = 'stein'
name = 'neutron-api-plugin-ovn'
packages = ['python3-networking-ovn'] packages = ['python3-networking-ovn']
required_relations = ['neutron-plugin', 'ovsdb-cms'] required_relations = ['neutron-plugin', 'ovsdb-cms']
python_version = 3 python_version = 3
# make sure we can write secrets readable by the ``neutron-server`` process
group = 'neutron'
def configure_tls(self, certificates_interface=None):
tls_objects = self.get_certs_and_keys(
certificates_interface=certificates_interface)
for tls_object in tls_objects:
with open(ovn_ca_cert(self.adapters_instance), 'w') as crt:
crt.write(
tls_object['ca'] +
os.linesep +
tls_object.get('chain', ''))
self.configure_cert(NEUTRON_PLUGIN_ML2_DIR,
tls_object['cert'],
tls_object['key'],
cn='host')

View File

@ -15,7 +15,6 @@
import charmhelpers.core as ch_core import charmhelpers.core as ch_core
import charms.reactive as reactive import charms.reactive as reactive
import charms.leadership as leadership
import charms_openstack.bus import charms_openstack.bus
import charms_openstack.charm as charm import charms_openstack.charm as charm
@ -47,33 +46,64 @@ def request_db_migration():
neutron.request_db_migration() neutron.request_db_migration()
@reactive.when('neutron-plugin.connected') @reactive.when('neutron-plugin.connected', 'ovsdb-cms.available')
def configure_neutron(): def configure_neutron():
neutron = reactive.endpoint_from_flag( neutron = reactive.endpoint_from_flag(
'neutron-plugin.connected') 'neutron-plugin.connected')
ovsdb = reactive.endpoint_from_flag(
'ovsdb-cms.available')
ch_core.hookenv.log('DEBUG: neutron_config_data="{}"' ch_core.hookenv.log('DEBUG: neutron_config_data="{}"'
.format(neutron.neutron_config_data)) .format(neutron.neutron_config_data))
service_plugins = neutron.neutron_config_data.get(
'service_plugins', '').split(',')
service_plugins = [svc for svc in service_plugins if svc not in ['router']]
service_plugins.append('networking_ovn.l3.l3_ovn.OVNL3RouterPlugin')
tenant_network_types = neutron.neutron_config_data.get(
'tenant_network_types', '').split(',')
tenant_network_types.insert(0, 'geneve')
with charm.provide_charm_instance() as instance:
neutron.configure_plugin( neutron.configure_plugin(
'ovn', 'ovn',
service_plugins=','.join(service_plugins),
mechanism_drivers='ovn',
tenant_network_types=','.join(tenant_network_types),
subordinate_configuration={ subordinate_configuration={
'neutron-api': { 'neutron-api': {
'/etc/neutron/neutron.conf': {
'sections': {
'blablabla': [
('neutron_conf_key1', 'val1'),
],
},
},
'/etc/neutron/plugins/ml2/ml2_conf.ini': { '/etc/neutron/plugins/ml2/ml2_conf.ini': {
'sections': { 'sections': {
'ovn': [ 'ovn': [
('ml2_conf_key1', 'val1'), ('ovn_nb_connection',
','.join(ovsdb.db_nb_connection_strs)),
('ovn_nb_private_key',
instance.adapters_instance.options.ovn_key),
('ovn_nb_certificate',
instance.adapters_instance.options.ovn_cert),
('ovn_nb_ca_cert',
instance.adapters_instance.options.ovn_ca_cert
),
('ovn_sb_connection',
','.join(ovsdb.db_sb_connection_strs)),
('ovn_sb_private_key',
instance.adapters_instance.options.ovn_key),
('ovn_sb_certificate',
instance.adapters_instance.options.ovn_cert),
('ovn_sb_ca_cert',
instance.adapters_instance.options.ovn_ca_cert
),
# XXX config
('ovn_l3_scheduler', 'leastloaded'),
('ovn_metadata_enabled', 'true'), # XXX config
],
'ml2_type_geneve': [
('vni_ranges', '1000:2000'), # XXX config
('max_header_size', '38'),
], ],
}, },
}, },
}, },
}, },
) )
instance.assess_status()
@reactive.when('neutron-plugin.available') @reactive.when('neutron-plugin.available')

View File

@ -10,7 +10,7 @@ applications:
num_units: 1 num_units: 1
neutron-api: neutron-api:
series: bionic series: bionic
charm: /home/frode/Projects/OpenStack/charm-neutron-api charm: cs:~openstack-charmers-next/neutron-api
num_units: 3 num_units: 3
options: options:
manage-neutron-plugin-legacy-mode: false manage-neutron-plugin-legacy-mode: false

View File

@ -12,6 +12,6 @@ target_deploy_status:
workload-status: blocked workload-status: blocked
workload-status-message: Vault needs to be initialized workload-status-message: Vault needs to be initialized
configure: configure:
- zaza.openstack.charm_tests.vault.setup.auto_initialize - zaza.openstack.charm_tests.vault.setup.auto_initialize_no_validation
tests: tests:
- zaza.charm_tests.noop.tests.NoopTest - zaza.charm_tests.noop.tests.NoopTest

View File

@ -12,148 +12,76 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
import io
import mock import mock
import os import os
import charms_openstack.test_utils as test_utils import charms_openstack.test_utils as test_utils
import charm.openstack.ovn as ovn import charm.openstack.neutron_api_plugin_ovn as neutron_api_plugin_ovn
class TestOVNConfigProperties(test_utils.PatchHelper): class TestNeutronAPIPluginOvnConfigProperties(test_utils.PatchHelper):
def test_cluster_local_addr(self): def test_ovn_key(self):
self.patch_object(ovn.ch_core.hookenv, 'unit_get')
cls = mock.MagicMock() cls = mock.MagicMock()
self.assertEquals(ovn.cluster_local_addr(cls), self.unit_get()) self.assertEquals(
neutron_api_plugin_ovn.ovn_key(cls),
os.path.join(neutron_api_plugin_ovn.NEUTRON_PLUGIN_ML2_DIR,
'key_host'))
def test_db_nb_port(self): def test_ovn_cert(self):
cls = mock.MagicMock() cls = mock.MagicMock()
self.assertEquals(ovn.db_nb_port(cls), ovn.DB_NB_PORT) self.assertEquals(
neutron_api_plugin_ovn.ovn_cert(cls),
os.path.join(neutron_api_plugin_ovn.NEUTRON_PLUGIN_ML2_DIR,
'cert_host'))
def test_db_sb_port(self): def test_ovn_ca_cert(self):
cls = mock.MagicMock() cls = mock.MagicMock()
self.assertEquals(ovn.db_sb_port(cls), ovn.DB_SB_PORT) cls.charm_instance.name = 'neutron-api-plugin-ovn'
self.assertEquals(
neutron_api_plugin_ovn.ovn_ca_cert(cls),
os.path.join(neutron_api_plugin_ovn.NEUTRON_PLUGIN_ML2_DIR,
'neutron-api-plugin-ovn.crt'))
class Helper(test_utils.PatchHelper): class Helper(test_utils.PatchHelper):
def setUp(self): def setUp(self):
super().setUp() super().setUp()
self.patch_release(ovn.OVNCharm.release) self.patch_release(
neutron_api_plugin_ovn.NeutronAPIPluginCharm.release)
class TestOVNCharm(Helper): class TestNeutronAPIPluginOvnCharm(Helper):
def test_install(self):
self.patch_object(ovn.charms_openstack.charm.OpenStackCharm,
'install')
self.patch_object(ovn.os.path, 'islink')
self.islink.return_value = False
self.patch_object(ovn.os, 'symlink')
c = ovn.OVNCharm()
c.install()
self.islink.assert_called_once_with(
'/etc/systemd/system/ovn-central.service')
self.symlink.assert_called_once_with(
'/dev/null',
'/etc/systemd/system/ovn-central.service')
self.install.assert_called_once_with()
def test__default_port_list(self):
c = ovn.OVNCharm()
self.assertEquals(
c._default_port_list(),
[ovn.DB_NB_PORT, ovn.DB_SB_PORT])
def test_ports_to_check(self):
c = ovn.OVNCharm()
c._default_port_list = mock.MagicMock()
c.ports_to_check()
c._default_port_list.assert_called_once_with()
def test_enable_services(self):
self.patch_object(ovn.ch_core.host, 'service_resume')
c = ovn.OVNCharm()
c.check_if_paused = mock.MagicMock()
c.check_if_paused.return_value = ('status', 'message')
c.enable_services()
c.check_if_paused.assert_called_once_with()
self.assertFalse(self.service_resume.called)
c.check_if_paused.return_value = (None, None)
c.enable_services()
self.service_resume.assert_called_once_with('ovn-central')
def test_ovs_controller_cert(self):
c = ovn.OVNCharm()
self.assertEquals(
c.ovs_controller_cert,
os.path.join(ovn.OVS_ETCDIR, 'cert_host'))
def test_ovs_controller_key(self):
c = ovn.OVNCharm()
self.assertEquals(
c.ovs_controller_key,
os.path.join(ovn.OVS_ETCDIR, 'key_host'))
def test_run(self):
self.patch_object(ovn.subprocess, 'run')
self.patch_object(ovn.ch_core.hookenv, 'log')
c = ovn.OVNCharm()
c.run('some', 'args')
self.run.assert_called_once_with(
('some', 'args'),
stdout=ovn.subprocess.PIPE,
stderr=ovn.subprocess.STDOUT,
check=True,
universal_newlines=True)
def test_configure_tls(self): def test_configure_tls(self):
self.patch_object(ovn.ch_core.hookenv, 'service_name') self.patch('charmhelpers.core.hookenv', 'service_name')
self.service_name.return_value = 'fakeservice' self.service_name.return_value = 'fakeservice'
self.patch_object(ovn.charms_openstack.charm.OpenStackCharm, self.patch_object(
'configure_tls') neutron_api_plugin_ovn.charms_openstack.charm.OpenStackCharm,
self.configure_tls.return_value = [{ 'get_certs_and_keys')
self.get_certs_and_keys.return_value = [{
'cert': 'fakecert', 'cert': 'fakecert',
'key': 'fakekey', 'key': 'fakekey',
'cn': 'fakecn', 'cn': 'fakecn',
'ca': 'fakeca',
'chain': 'fakechain',
}] }]
c = ovn.OVNCharm() with mock.patch('builtins.open', create=True) as mocked_open:
mocked_file = mock.MagicMock(spec=io.FileIO)
mocked_open.return_value = mocked_file
c = neutron_api_plugin_ovn.NeutronAPIPluginCharm()
c.configure_cert = mock.MagicMock() c.configure_cert = mock.MagicMock()
c.run = mock.MagicMock()
c.configure_tls() c.configure_tls()
self.configure_tls.assert_called_once_with(certificates_interface=None) mocked_open.assert_called_once_with(
'/etc/neutron/plugins/ml2/neutron-api-plugin-ovn.crt', 'w')
mocked_file.__enter__().write.assert_called_once_with(
'fakeca\nfakechain')
c.configure_cert.assert_called_once_with( c.configure_cert.assert_called_once_with(
ovn.OVS_ETCDIR, neutron_api_plugin_ovn.NEUTRON_PLUGIN_ML2_DIR,
'fakecert', 'fakecert',
'fakekey', 'fakekey',
cn='host') cn='host',
c.run.assert_has_calls([ )
mock.call('ovs-vsctl',
'set-ssl',
'/etc/openvswitch/key_host',
'/etc/openvswitch/cert_host',
'/usr/local/share/ca-certificates/fakeservice.crt'),
mock.call('ovn-nbctl',
'set-ssl',
'/etc/openvswitch/key_host',
'/etc/openvswitch/cert_host',
'/usr/local/share/ca-certificates/fakeservice.crt'),
mock.call('ovn-sbctl',
'set-ssl',
'/etc/openvswitch/key_host',
'/etc/openvswitch/cert_host',
'/usr/local/share/ca-certificates/fakeservice.crt'),
mock.call('ovn-nbctl',
'set-connection',
'pssl:6641'),
mock.call('ovn-sbctl',
'set-connection',
'role=ovn-controller',
'pssl:6642'),
mock.call('ovs-vsctl',
'set',
'open',
'.',
'external-ids:ovn-remote=ssl:127.0.0.1:6642')
])

View File

@ -0,0 +1,134 @@
# Copyright 2019 Canonical Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import mock
import reactive.neutron_api_plugin_ovn_handlers as handlers
import charms_openstack.test_utils as test_utils
class TestRegisteredHooks(test_utils.TestRegisteredHooks):
def test_hooks(self):
defaults = [
'charm.installed',
'config.changed',
'update-status',
'upgrade-charm',
'certificates.available',
]
hook_set = {
'when_none': {
'flag_db_migration': (
'neutron-plugin.db_migration',
'neutron-plugin.available',),
'request_db_migration': (
'neutron-plugin.available',
'run-default-update-status',),
},
'when': {
'flag_db_migration': ('charm.installed',),
'request_db_migration': ('neutron-plugin.connected',),
'configure_neutron': (
'neutron-plugin.connected',
'ovsdb-cms.available',),
'assess_status': ('neutron-plugin.available',),
'poke_ovsdb': ('ovsdb-cms.available',),
},
}
# test that the hooks were registered via the
# reactive.ovn_handlers
self.registered_hooks_test_helper(handlers, hook_set, defaults)
class TestOvnHandlers(test_utils.PatchHelper):
def setUp(self):
super().setUp()
# self.patch_release(octavia.OctaviaCharm.release)
self.charm = mock.MagicMock()
self.patch_object(handlers.charm, 'provide_charm_instance',
new=mock.MagicMock())
self.provide_charm_instance().__enter__.return_value = \
self.charm
self.provide_charm_instance().__exit__.return_value = None
def test_flag_db_migration(self):
self.patch_object(handlers.reactive, 'set_flag')
handlers.flag_db_migration()
self.set_flag.assert_called_once_with('neutron-plugin.db_migration')
def test_request_db_migration(self):
self.patch_object(handlers.reactive, 'endpoint_from_flag')
neutron = mock.MagicMock()
ovsdb = mock.MagicMock()
self.endpoint_from_flag.side_effect = [neutron, ovsdb]
neutron.neutron_config_data.get.side_effect = [
'router,firewall_v2,metering,segments,'
'neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin,'
'lbaasv2',
'gre,vlan,flat,local',
]
handlers.configure_neutron()
neutron.configure_plugin.assert_called_once_with(
'ovn',
service_plugins=(
'firewall_v2,metering,segments,'
'neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin,'
'lbaasv2,networking_ovn.l3.l3_ovn.OVNL3RouterPlugin'),
mechanism_drivers='ovn',
tenant_network_types='geneve,gre,vlan,flat,local',
subordinate_configuration={
'neutron-api': {
'/etc/neutron/plugins/ml2/ml2_conf.ini': {
'sections': {
'ovn': [
('ovn_nb_connection',
''), # FIXME
('ovn_nb_private_key', mock.ANY),
('ovn_nb_certificate', mock.ANY),
('ovn_nb_ca_cert', mock.ANY),
('ovn_sb_connection',
''), # FIXME
('ovn_sb_private_key', mock.ANY),
('ovn_sb_certificate', mock.ANY),
('ovn_sb_ca_cert', mock.ANY),
('ovn_l3_scheduler', 'leastloaded'),
('ovn_metadata_enabled', 'true'),
],
'ml2_type_geneve': [
('vni_ranges', '1000:2000'),
('max_header_size', '38'),
],
},
},
},
},
)
# def test_render(self):
# self.patch_object(handlers.charm, 'use_defaults')
# self.patch_object(handlers.reactive, 'set_flag')
# self.charm.enable_services.return_value = False
# handlers.render()
# self.charm.render_with_interfaces.assert_called_once_with([])
# self.charm.enable_services.assert_called_once_with()
# self.assertFalse(self.use_defaults.called)
# self.assertFalse(self.set_flag.called)
# self.charm.assess_status.assert_called_once_with()
# self.charm.enable_services.return_value = True
# handlers.render()
# self.use_defaults.assert_called_once_with('certificates.available')
# self.set_flag.assert_called_once_with('config.rendered')

View File

@ -1,73 +0,0 @@
# Copyright 2019 Canonical Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import mock
import reactive.ovn_handlers as handlers
import charms_openstack.test_utils as test_utils
class TestRegisteredHooks(test_utils.TestRegisteredHooks):
def test_hooks(self):
defaults = [
'charm.installed',
'config.changed',
'update-status',
'upgrade-charm',
]
hook_set = {
'when': {
'render': ('charm.installed',),
'certificates_in_config_tls': ('config.rendered',
'config.changed',),
},
'when_not_all': {
'certificates_in_config_tls': ('config.default.ssl_ca',
'config.default.ssl_cert',
'config.default.ssl_key',),
},
}
# test that the hooks were registered via the
# reactive.ovn_handlers
self.registered_hooks_test_helper(handlers, hook_set, defaults)
class TestOvnHandlers(test_utils.PatchHelper):
def setUp(self):
super().setUp()
# self.patch_release(octavia.OctaviaCharm.release)
self.charm = mock.MagicMock()
self.patch_object(handlers.charm, 'provide_charm_instance',
new=mock.MagicMock())
self.provide_charm_instance().__enter__.return_value = \
self.charm
self.provide_charm_instance().__exit__.return_value = None
def test_render(self):
self.patch_object(handlers.charm, 'use_defaults')
self.patch_object(handlers.reactive, 'set_flag')
self.charm.enable_services.return_value = False
handlers.render()
self.charm.render_with_interfaces.assert_called_once_with([])
self.charm.enable_services.assert_called_once_with()
self.assertFalse(self.use_defaults.called)
self.assertFalse(self.set_flag.called)
self.charm.assess_status.assert_called_once_with()
self.charm.enable_services.return_value = True
handlers.render()
self.use_defaults.assert_called_once_with('certificates.available')
self.set_flag.assert_called_once_with('config.rendered')