diff --git a/config.yaml b/config.yaml index 237e0c3d..e390738a 100755 --- a/config.yaml +++ b/config.yaml @@ -22,6 +22,15 @@ options: such as thresholds and a destination log file are available in the neutron-openvswitch charm. Also, an neutron-openvswitch charm config option "firewall-driver" should be explicitly set to "openvswitch", since security group logging works only with OVS firewall driver now. + enable-fwaas: + type: boolean + default: True + description: | + Setting this to True will enable FWaasS (FWaaSv2 from Stein onwards). + This feature is disabled from Victoria onwards and will have no effect. + . + NOTE: Neutron FWaaS has been deprecated as of the OpenStack Ussuri + release and will be removed during the W cycle. enable-firewall-group-logging: type: boolean default: False diff --git a/hooks/neutron_api_context.py b/hooks/neutron_api_context.py index 1e2b024a..6f56f629 100644 --- a/hooks/neutron_api_context.py +++ b/hooks/neutron_api_context.py @@ -401,6 +401,23 @@ class NeutronCCContext(context.NeutronContext): return settings + def get_service_plugins(self, cmp_release, plugin_defs): + if str(cmp_release) in plugin_defs: + return plugin_defs[str(cmp_release)] + + # find the last available set of plugins. + last_available = None + for r in plugin_defs.keys(): + if cmp_release > CompareOpenStackReleases(r): + if last_available: + if (CompareOpenStackReleases(r) < + CompareOpenStackReleases(last_available)): + continue + + last_available = r + + return plugin_defs[last_available] + def __call__(self): from neutron_api_utils import api_port ctxt = super(NeutronCCContext, self).__call__() @@ -618,8 +635,9 @@ class NeutronCCContext(context.NeutronContext): 'train': ['router', 'firewall_v2', 'metering', 'segments', ('neutron_dynamic_routing.' 'services.bgp.bgp_plugin.BgpPlugin')], - # TODO: FWaaS was deprecated at Ussuri and will be removed - # during the W cycle + 'victoria': ['router', 'metering', 'segments', + ('neutron_dynamic_routing.' + 'services.bgp.bgp_plugin.BgpPlugin')], } if cmp_release >= 'rocky' and cmp_release < 'train': if ctxt.get('load_balancer_name', None): @@ -629,13 +647,11 @@ class NeutronCCContext(context.NeutronContext): # TODO(fnordahl): Remove fall-back in next charm release service_plugins[release].append('lbaasv2') - # TODO: FWaaS was deprecated at Ussuri and will be removed - # during the W cycle - if cmp_release >= 'stein': + if cmp_release >= 'stein' and cmp_release <= 'ussuri': ctxt['firewall_v2'] = True - ctxt['service_plugins'] = service_plugins.get( - release, service_plugins['stein']) + ctxt['service_plugins'] = self.get_service_plugins( + cmp_release, service_plugins) if is_nsg_logging_enabled() or is_nfg_logging_enabled(): ctxt['service_plugins'].append('log') diff --git a/hooks/neutron_api_utils.py b/hooks/neutron_api_utils.py index b745e160..7a5b9e75 100755 --- a/hooks/neutron_api_utils.py +++ b/hooks/neutron_api_utils.py @@ -102,14 +102,12 @@ BASE_PACKAGES = [ # TODO: FWaaS was deprecated at Ussuri and will be removed during the W cycle KILO_PACKAGES = [ 'python-neutron-lbaas', - 'python-neutron-fwaas', 'python-neutron-vpnaas', ] PY3_PACKAGES = [ 'python3-neutron', 'python3-neutron-lbaas', - 'python3-neutron-fwaas', 'python3-neutron-dynamic-routing', 'python3-networking-hyperv', 'python3-memcache', @@ -132,6 +130,10 @@ PURGE_EXTRA_PACKAGES_ON_TRAIN = [ 'python3-neutron-lbaas', ] +PURGE_EXTRA_PACKAGES_ON_VICTORIA = [ + 'python3-neutron-fwaas', +] + VERSION_PACKAGE = 'neutron-common' BASE_SERVICES = [ @@ -460,6 +462,8 @@ def determine_packages(source=None, openstack_release=None): packages = deepcopy(BASE_PACKAGES) if cmp_release >= 'rocky': packages.extend(PY3_PACKAGES) + if config('enable-fwaas') and cmp_release <= 'ussuri': + packages.append('python3-neutron-fwaas') if cmp_release >= 'train': packages.remove('python3-neutron-lbaas') @@ -476,6 +480,8 @@ def determine_packages(source=None, openstack_release=None): if cmp_release < 'rocky': if cmp_release >= 'kilo': packages.extend(KILO_PACKAGES) + if config('enable-fwaas'): + packages.append('python-neutron-fwaas') if cmp_release >= 'ocata': packages.append('python-neutron-dynamic-routing') if cmp_release >= 'pike': @@ -497,10 +503,14 @@ def determine_packages(source=None, openstack_release=None): def determine_purge_packages(): '''Return a list of packages to purge for the current OS release''' cmp_os_source = CompareOpenStackReleases(os_release('neutron-common')) - if cmp_os_source >= 'train': - return PURGE_PACKAGES + PURGE_EXTRA_PACKAGES_ON_TRAIN + purge_pkgs = PURGE_PACKAGES + if cmp_os_source >= 'victoria': + purge_pkgs += PURGE_EXTRA_PACKAGES_ON_TRAIN + return purge_pkgs + PURGE_EXTRA_PACKAGES_ON_VICTORIA + elif cmp_os_source >= 'train': + return purge_pkgs + PURGE_EXTRA_PACKAGES_ON_TRAIN elif cmp_os_source >= 'rocky': - return PURGE_PACKAGES + return purge_pkgs return [] @@ -680,8 +690,10 @@ def do_openstack_upgrade(configs): if CompareOpenStackReleases(os_release('neutron-common')) < 'liberty': stamp_neutron_database(cur_os_rel) migrate_neutron_database(upgrade=True) - if CompareOpenStackReleases(new_os_rel) >= 'stein': - fwaas_migrate_v1_to_v2() + if config('enable-fwaas'): + if (CompareOpenStackReleases(new_os_rel) >= 'stein' and + CompareOpenStackReleases(new_os_rel) <= 'ussuri'): + fwaas_migrate_v1_to_v2() # TODO: make an attribute of the context for shared usage diff --git a/unit_tests/test_neutron_api_context.py b/unit_tests/test_neutron_api_context.py index 70256e18..fe451b11 100644 --- a/unit_tests/test_neutron_api_context.py +++ b/unit_tests/test_neutron_api_context.py @@ -433,6 +433,17 @@ class NeutronCCContextTest(CharmTestCase): def tearDown(self): super(NeutronCCContextTest, self).tearDown() + def test_get_service_plugins(self): + plugs = {"mitaka": "A", + "queens": "B", + "ussuri": "C"} + p = context.NeutronCCContext().get_service_plugins('train', plugs) + self.assertEquals(p, "B") + p = context.NeutronCCContext().get_service_plugins('ussuri', plugs) + self.assertEquals(p, "C") + p = context.NeutronCCContext().get_service_plugins('wallaby', plugs) + self.assertEquals(p, "C") + @patch.object(context, 'NeutronLoadBalancerContext') @patch.object(context.NeutronCCContext, 'network_manager') @patch.object(context.NeutronCCContext, 'plugin') @@ -776,7 +787,7 @@ class NeutronCCContextTest(CharmTestCase): def test_neutroncc_context_api_rel(self, _import, plugin, nm, nlb): nova_url = 'http://127.0.0.10' plugin.return_value = None - self.os_release.return_value = 'havana' + self.os_release.return_value = 'queens' self.related_units.return_value = ['unit1'] self.relation_ids.return_value = ['rid2'] self.test_relation.set({'nova_url': nova_url, diff --git a/unit_tests/test_neutron_api_utils.py b/unit_tests/test_neutron_api_utils.py index 2cad01da..82725bef 100644 --- a/unit_tests/test_neutron_api_utils.py +++ b/unit_tests/test_neutron_api_utils.py @@ -138,7 +138,7 @@ class TestNeutronAPIUtils(CharmTestCase): pkg_list = nutils.determine_packages() expect = deepcopy(nutils.BASE_PACKAGES) expect.extend(['neutron-server', 'neutron-plugin-ml2', - 'python-networking-hyperv']) + 'python-networking-hyperv', 'python-neutron-fwaas']) expect.extend(nutils.KILO_PACKAGES) self.assertEqual(sorted(pkg_list), sorted(expect)) @@ -156,7 +156,7 @@ class TestNeutronAPIUtils(CharmTestCase): ]) expect.extend(nutils.KILO_PACKAGES) expect = [p for p in expect if not p.startswith('python-')] - expect.extend(nutils.PY3_PACKAGES) + expect.extend(nutils.PY3_PACKAGES + ['python3-neutron-fwaas']) expect.remove('python3-neutron-lbaas') self.assertEqual(sorted(pkg_list), sorted(expect)) @@ -171,7 +171,8 @@ class TestNeutronAPIUtils(CharmTestCase): 'memcached', 'neutron-server', 'neutron-plugin-ml2', - 'python-networking-hyperv' + 'python-networking-hyperv', + 'python3-neutron-fwaas', ]) expect.extend(nutils.KILO_PACKAGES) expect = [p for p in expect if not p.startswith('python-')]