Remove neutron-fwaas for >= V

Also adds config option enable-fwaas which defaults to
True to allow disabling fwaas for releases earlier than
Victoria.

Change-Id: Ic9251c5290f777f544a150a92702566474b264b8
Closes-Bug: 1934129
This commit is contained in:
Edward Hope-Morley 2021-06-30 17:57:53 +01:00
parent 0d4c5e139a
commit 00e7c8b6ad
5 changed files with 67 additions and 18 deletions

@ -22,6 +22,15 @@ options:
such as thresholds and a destination log file are available in the neutron-openvswitch charm. such as thresholds and a destination log file are available in the neutron-openvswitch charm.
Also, an neutron-openvswitch charm config option "firewall-driver" should be explicitly Also, an neutron-openvswitch charm config option "firewall-driver" should be explicitly
set to "openvswitch", since security group logging works only with OVS firewall driver now. set to "openvswitch", since security group logging works only with OVS firewall driver now.
enable-fwaas:
type: boolean
default: True
description: |
Setting this to True will enable FWaasS (FWaaSv2 from Stein onwards).
This feature is disabled from Victoria onwards and will have no effect.
.
NOTE: Neutron FWaaS has been deprecated as of the OpenStack Ussuri
release and will be removed during the W cycle.
enable-firewall-group-logging: enable-firewall-group-logging:
type: boolean type: boolean
default: False default: False

@ -401,6 +401,23 @@ class NeutronCCContext(context.NeutronContext):
return settings return settings
def get_service_plugins(self, cmp_release, plugin_defs):
if str(cmp_release) in plugin_defs:
return plugin_defs[str(cmp_release)]
# find the last available set of plugins.
last_available = None
for r in plugin_defs.keys():
if cmp_release > CompareOpenStackReleases(r):
if last_available:
if (CompareOpenStackReleases(r) <
CompareOpenStackReleases(last_available)):
continue
last_available = r
return plugin_defs[last_available]
def __call__(self): def __call__(self):
from neutron_api_utils import api_port from neutron_api_utils import api_port
ctxt = super(NeutronCCContext, self).__call__() ctxt = super(NeutronCCContext, self).__call__()
@ -618,8 +635,9 @@ class NeutronCCContext(context.NeutronContext):
'train': ['router', 'firewall_v2', 'metering', 'segments', 'train': ['router', 'firewall_v2', 'metering', 'segments',
('neutron_dynamic_routing.' ('neutron_dynamic_routing.'
'services.bgp.bgp_plugin.BgpPlugin')], 'services.bgp.bgp_plugin.BgpPlugin')],
# TODO: FWaaS was deprecated at Ussuri and will be removed 'victoria': ['router', 'metering', 'segments',
# during the W cycle ('neutron_dynamic_routing.'
'services.bgp.bgp_plugin.BgpPlugin')],
} }
if cmp_release >= 'rocky' and cmp_release < 'train': if cmp_release >= 'rocky' and cmp_release < 'train':
if ctxt.get('load_balancer_name', None): if ctxt.get('load_balancer_name', None):
@ -629,13 +647,11 @@ class NeutronCCContext(context.NeutronContext):
# TODO(fnordahl): Remove fall-back in next charm release # TODO(fnordahl): Remove fall-back in next charm release
service_plugins[release].append('lbaasv2') service_plugins[release].append('lbaasv2')
# TODO: FWaaS was deprecated at Ussuri and will be removed if cmp_release >= 'stein' and cmp_release <= 'ussuri':
# during the W cycle
if cmp_release >= 'stein':
ctxt['firewall_v2'] = True ctxt['firewall_v2'] = True
ctxt['service_plugins'] = service_plugins.get( ctxt['service_plugins'] = self.get_service_plugins(
release, service_plugins['stein']) cmp_release, service_plugins)
if is_nsg_logging_enabled() or is_nfg_logging_enabled(): if is_nsg_logging_enabled() or is_nfg_logging_enabled():
ctxt['service_plugins'].append('log') ctxt['service_plugins'].append('log')

@ -102,14 +102,12 @@ BASE_PACKAGES = [
# TODO: FWaaS was deprecated at Ussuri and will be removed during the W cycle # TODO: FWaaS was deprecated at Ussuri and will be removed during the W cycle
KILO_PACKAGES = [ KILO_PACKAGES = [
'python-neutron-lbaas', 'python-neutron-lbaas',
'python-neutron-fwaas',
'python-neutron-vpnaas', 'python-neutron-vpnaas',
] ]
PY3_PACKAGES = [ PY3_PACKAGES = [
'python3-neutron', 'python3-neutron',
'python3-neutron-lbaas', 'python3-neutron-lbaas',
'python3-neutron-fwaas',
'python3-neutron-dynamic-routing', 'python3-neutron-dynamic-routing',
'python3-networking-hyperv', 'python3-networking-hyperv',
'python3-memcache', 'python3-memcache',
@ -132,6 +130,10 @@ PURGE_EXTRA_PACKAGES_ON_TRAIN = [
'python3-neutron-lbaas', 'python3-neutron-lbaas',
] ]
PURGE_EXTRA_PACKAGES_ON_VICTORIA = [
'python3-neutron-fwaas',
]
VERSION_PACKAGE = 'neutron-common' VERSION_PACKAGE = 'neutron-common'
BASE_SERVICES = [ BASE_SERVICES = [
@ -460,6 +462,8 @@ def determine_packages(source=None, openstack_release=None):
packages = deepcopy(BASE_PACKAGES) packages = deepcopy(BASE_PACKAGES)
if cmp_release >= 'rocky': if cmp_release >= 'rocky':
packages.extend(PY3_PACKAGES) packages.extend(PY3_PACKAGES)
if config('enable-fwaas') and cmp_release <= 'ussuri':
packages.append('python3-neutron-fwaas')
if cmp_release >= 'train': if cmp_release >= 'train':
packages.remove('python3-neutron-lbaas') packages.remove('python3-neutron-lbaas')
@ -476,6 +480,8 @@ def determine_packages(source=None, openstack_release=None):
if cmp_release < 'rocky': if cmp_release < 'rocky':
if cmp_release >= 'kilo': if cmp_release >= 'kilo':
packages.extend(KILO_PACKAGES) packages.extend(KILO_PACKAGES)
if config('enable-fwaas'):
packages.append('python-neutron-fwaas')
if cmp_release >= 'ocata': if cmp_release >= 'ocata':
packages.append('python-neutron-dynamic-routing') packages.append('python-neutron-dynamic-routing')
if cmp_release >= 'pike': if cmp_release >= 'pike':
@ -497,10 +503,14 @@ def determine_packages(source=None, openstack_release=None):
def determine_purge_packages(): def determine_purge_packages():
'''Return a list of packages to purge for the current OS release''' '''Return a list of packages to purge for the current OS release'''
cmp_os_source = CompareOpenStackReleases(os_release('neutron-common')) cmp_os_source = CompareOpenStackReleases(os_release('neutron-common'))
if cmp_os_source >= 'train': purge_pkgs = PURGE_PACKAGES
return PURGE_PACKAGES + PURGE_EXTRA_PACKAGES_ON_TRAIN if cmp_os_source >= 'victoria':
purge_pkgs += PURGE_EXTRA_PACKAGES_ON_TRAIN
return purge_pkgs + PURGE_EXTRA_PACKAGES_ON_VICTORIA
elif cmp_os_source >= 'train':
return purge_pkgs + PURGE_EXTRA_PACKAGES_ON_TRAIN
elif cmp_os_source >= 'rocky': elif cmp_os_source >= 'rocky':
return PURGE_PACKAGES return purge_pkgs
return [] return []
@ -680,7 +690,9 @@ def do_openstack_upgrade(configs):
if CompareOpenStackReleases(os_release('neutron-common')) < 'liberty': if CompareOpenStackReleases(os_release('neutron-common')) < 'liberty':
stamp_neutron_database(cur_os_rel) stamp_neutron_database(cur_os_rel)
migrate_neutron_database(upgrade=True) migrate_neutron_database(upgrade=True)
if CompareOpenStackReleases(new_os_rel) >= 'stein': if config('enable-fwaas'):
if (CompareOpenStackReleases(new_os_rel) >= 'stein' and
CompareOpenStackReleases(new_os_rel) <= 'ussuri'):
fwaas_migrate_v1_to_v2() fwaas_migrate_v1_to_v2()

@ -433,6 +433,17 @@ class NeutronCCContextTest(CharmTestCase):
def tearDown(self): def tearDown(self):
super(NeutronCCContextTest, self).tearDown() super(NeutronCCContextTest, self).tearDown()
def test_get_service_plugins(self):
plugs = {"mitaka": "A",
"queens": "B",
"ussuri": "C"}
p = context.NeutronCCContext().get_service_plugins('train', plugs)
self.assertEquals(p, "B")
p = context.NeutronCCContext().get_service_plugins('ussuri', plugs)
self.assertEquals(p, "C")
p = context.NeutronCCContext().get_service_plugins('wallaby', plugs)
self.assertEquals(p, "C")
@patch.object(context, 'NeutronLoadBalancerContext') @patch.object(context, 'NeutronLoadBalancerContext')
@patch.object(context.NeutronCCContext, 'network_manager') @patch.object(context.NeutronCCContext, 'network_manager')
@patch.object(context.NeutronCCContext, 'plugin') @patch.object(context.NeutronCCContext, 'plugin')
@ -776,7 +787,7 @@ class NeutronCCContextTest(CharmTestCase):
def test_neutroncc_context_api_rel(self, _import, plugin, nm, nlb): def test_neutroncc_context_api_rel(self, _import, plugin, nm, nlb):
nova_url = 'http://127.0.0.10' nova_url = 'http://127.0.0.10'
plugin.return_value = None plugin.return_value = None
self.os_release.return_value = 'havana' self.os_release.return_value = 'queens'
self.related_units.return_value = ['unit1'] self.related_units.return_value = ['unit1']
self.relation_ids.return_value = ['rid2'] self.relation_ids.return_value = ['rid2']
self.test_relation.set({'nova_url': nova_url, self.test_relation.set({'nova_url': nova_url,

@ -138,7 +138,7 @@ class TestNeutronAPIUtils(CharmTestCase):
pkg_list = nutils.determine_packages() pkg_list = nutils.determine_packages()
expect = deepcopy(nutils.BASE_PACKAGES) expect = deepcopy(nutils.BASE_PACKAGES)
expect.extend(['neutron-server', 'neutron-plugin-ml2', expect.extend(['neutron-server', 'neutron-plugin-ml2',
'python-networking-hyperv']) 'python-networking-hyperv', 'python-neutron-fwaas'])
expect.extend(nutils.KILO_PACKAGES) expect.extend(nutils.KILO_PACKAGES)
self.assertEqual(sorted(pkg_list), sorted(expect)) self.assertEqual(sorted(pkg_list), sorted(expect))
@ -156,7 +156,7 @@ class TestNeutronAPIUtils(CharmTestCase):
]) ])
expect.extend(nutils.KILO_PACKAGES) expect.extend(nutils.KILO_PACKAGES)
expect = [p for p in expect if not p.startswith('python-')] expect = [p for p in expect if not p.startswith('python-')]
expect.extend(nutils.PY3_PACKAGES) expect.extend(nutils.PY3_PACKAGES + ['python3-neutron-fwaas'])
expect.remove('python3-neutron-lbaas') expect.remove('python3-neutron-lbaas')
self.assertEqual(sorted(pkg_list), sorted(expect)) self.assertEqual(sorted(pkg_list), sorted(expect))
@ -171,7 +171,8 @@ class TestNeutronAPIUtils(CharmTestCase):
'memcached', 'memcached',
'neutron-server', 'neutron-server',
'neutron-plugin-ml2', 'neutron-plugin-ml2',
'python-networking-hyperv' 'python-networking-hyperv',
'python3-neutron-fwaas',
]) ])
expect.extend(nutils.KILO_PACKAGES) expect.extend(nutils.KILO_PACKAGES)
expect = [p for p in expect if not p.startswith('python-')] expect = [p for p in expect if not p.startswith('python-')]