Remove neutron-fwaas for >= V

Also adds config option enable-fwaas which defaults to
True to allow disabling fwaas for releases earlier than
Victoria.

Change-Id: Ic9251c5290f777f544a150a92702566474b264b8
Closes-Bug: 1934129
This commit is contained in:
Edward Hope-Morley 2021-06-30 17:57:53 +01:00
parent 0d4c5e139a
commit 00e7c8b6ad
5 changed files with 67 additions and 18 deletions

View File

@ -22,6 +22,15 @@ options:
such as thresholds and a destination log file are available in the neutron-openvswitch charm.
Also, an neutron-openvswitch charm config option "firewall-driver" should be explicitly
set to "openvswitch", since security group logging works only with OVS firewall driver now.
enable-fwaas:
type: boolean
default: True
description: |
Setting this to True will enable FWaasS (FWaaSv2 from Stein onwards).
This feature is disabled from Victoria onwards and will have no effect.
.
NOTE: Neutron FWaaS has been deprecated as of the OpenStack Ussuri
release and will be removed during the W cycle.
enable-firewall-group-logging:
type: boolean
default: False

View File

@ -401,6 +401,23 @@ class NeutronCCContext(context.NeutronContext):
return settings
def get_service_plugins(self, cmp_release, plugin_defs):
if str(cmp_release) in plugin_defs:
return plugin_defs[str(cmp_release)]
# find the last available set of plugins.
last_available = None
for r in plugin_defs.keys():
if cmp_release > CompareOpenStackReleases(r):
if last_available:
if (CompareOpenStackReleases(r) <
CompareOpenStackReleases(last_available)):
continue
last_available = r
return plugin_defs[last_available]
def __call__(self):
from neutron_api_utils import api_port
ctxt = super(NeutronCCContext, self).__call__()
@ -618,8 +635,9 @@ class NeutronCCContext(context.NeutronContext):
'train': ['router', 'firewall_v2', 'metering', 'segments',
('neutron_dynamic_routing.'
'services.bgp.bgp_plugin.BgpPlugin')],
# TODO: FWaaS was deprecated at Ussuri and will be removed
# during the W cycle
'victoria': ['router', 'metering', 'segments',
('neutron_dynamic_routing.'
'services.bgp.bgp_plugin.BgpPlugin')],
}
if cmp_release >= 'rocky' and cmp_release < 'train':
if ctxt.get('load_balancer_name', None):
@ -629,13 +647,11 @@ class NeutronCCContext(context.NeutronContext):
# TODO(fnordahl): Remove fall-back in next charm release
service_plugins[release].append('lbaasv2')
# TODO: FWaaS was deprecated at Ussuri and will be removed
# during the W cycle
if cmp_release >= 'stein':
if cmp_release >= 'stein' and cmp_release <= 'ussuri':
ctxt['firewall_v2'] = True
ctxt['service_plugins'] = service_plugins.get(
release, service_plugins['stein'])
ctxt['service_plugins'] = self.get_service_plugins(
cmp_release, service_plugins)
if is_nsg_logging_enabled() or is_nfg_logging_enabled():
ctxt['service_plugins'].append('log')

View File

@ -102,14 +102,12 @@ BASE_PACKAGES = [
# TODO: FWaaS was deprecated at Ussuri and will be removed during the W cycle
KILO_PACKAGES = [
'python-neutron-lbaas',
'python-neutron-fwaas',
'python-neutron-vpnaas',
]
PY3_PACKAGES = [
'python3-neutron',
'python3-neutron-lbaas',
'python3-neutron-fwaas',
'python3-neutron-dynamic-routing',
'python3-networking-hyperv',
'python3-memcache',
@ -132,6 +130,10 @@ PURGE_EXTRA_PACKAGES_ON_TRAIN = [
'python3-neutron-lbaas',
]
PURGE_EXTRA_PACKAGES_ON_VICTORIA = [
'python3-neutron-fwaas',
]
VERSION_PACKAGE = 'neutron-common'
BASE_SERVICES = [
@ -460,6 +462,8 @@ def determine_packages(source=None, openstack_release=None):
packages = deepcopy(BASE_PACKAGES)
if cmp_release >= 'rocky':
packages.extend(PY3_PACKAGES)
if config('enable-fwaas') and cmp_release <= 'ussuri':
packages.append('python3-neutron-fwaas')
if cmp_release >= 'train':
packages.remove('python3-neutron-lbaas')
@ -476,6 +480,8 @@ def determine_packages(source=None, openstack_release=None):
if cmp_release < 'rocky':
if cmp_release >= 'kilo':
packages.extend(KILO_PACKAGES)
if config('enable-fwaas'):
packages.append('python-neutron-fwaas')
if cmp_release >= 'ocata':
packages.append('python-neutron-dynamic-routing')
if cmp_release >= 'pike':
@ -497,10 +503,14 @@ def determine_packages(source=None, openstack_release=None):
def determine_purge_packages():
'''Return a list of packages to purge for the current OS release'''
cmp_os_source = CompareOpenStackReleases(os_release('neutron-common'))
if cmp_os_source >= 'train':
return PURGE_PACKAGES + PURGE_EXTRA_PACKAGES_ON_TRAIN
purge_pkgs = PURGE_PACKAGES
if cmp_os_source >= 'victoria':
purge_pkgs += PURGE_EXTRA_PACKAGES_ON_TRAIN
return purge_pkgs + PURGE_EXTRA_PACKAGES_ON_VICTORIA
elif cmp_os_source >= 'train':
return purge_pkgs + PURGE_EXTRA_PACKAGES_ON_TRAIN
elif cmp_os_source >= 'rocky':
return PURGE_PACKAGES
return purge_pkgs
return []
@ -680,7 +690,9 @@ def do_openstack_upgrade(configs):
if CompareOpenStackReleases(os_release('neutron-common')) < 'liberty':
stamp_neutron_database(cur_os_rel)
migrate_neutron_database(upgrade=True)
if CompareOpenStackReleases(new_os_rel) >= 'stein':
if config('enable-fwaas'):
if (CompareOpenStackReleases(new_os_rel) >= 'stein' and
CompareOpenStackReleases(new_os_rel) <= 'ussuri'):
fwaas_migrate_v1_to_v2()

View File

@ -433,6 +433,17 @@ class NeutronCCContextTest(CharmTestCase):
def tearDown(self):
super(NeutronCCContextTest, self).tearDown()
def test_get_service_plugins(self):
plugs = {"mitaka": "A",
"queens": "B",
"ussuri": "C"}
p = context.NeutronCCContext().get_service_plugins('train', plugs)
self.assertEquals(p, "B")
p = context.NeutronCCContext().get_service_plugins('ussuri', plugs)
self.assertEquals(p, "C")
p = context.NeutronCCContext().get_service_plugins('wallaby', plugs)
self.assertEquals(p, "C")
@patch.object(context, 'NeutronLoadBalancerContext')
@patch.object(context.NeutronCCContext, 'network_manager')
@patch.object(context.NeutronCCContext, 'plugin')
@ -776,7 +787,7 @@ class NeutronCCContextTest(CharmTestCase):
def test_neutroncc_context_api_rel(self, _import, plugin, nm, nlb):
nova_url = 'http://127.0.0.10'
plugin.return_value = None
self.os_release.return_value = 'havana'
self.os_release.return_value = 'queens'
self.related_units.return_value = ['unit1']
self.relation_ids.return_value = ['rid2']
self.test_relation.set({'nova_url': nova_url,

View File

@ -138,7 +138,7 @@ class TestNeutronAPIUtils(CharmTestCase):
pkg_list = nutils.determine_packages()
expect = deepcopy(nutils.BASE_PACKAGES)
expect.extend(['neutron-server', 'neutron-plugin-ml2',
'python-networking-hyperv'])
'python-networking-hyperv', 'python-neutron-fwaas'])
expect.extend(nutils.KILO_PACKAGES)
self.assertEqual(sorted(pkg_list), sorted(expect))
@ -156,7 +156,7 @@ class TestNeutronAPIUtils(CharmTestCase):
])
expect.extend(nutils.KILO_PACKAGES)
expect = [p for p in expect if not p.startswith('python-')]
expect.extend(nutils.PY3_PACKAGES)
expect.extend(nutils.PY3_PACKAGES + ['python3-neutron-fwaas'])
expect.remove('python3-neutron-lbaas')
self.assertEqual(sorted(pkg_list), sorted(expect))
@ -171,7 +171,8 @@ class TestNeutronAPIUtils(CharmTestCase):
'memcached',
'neutron-server',
'neutron-plugin-ml2',
'python-networking-hyperv'
'python-networking-hyperv',
'python3-neutron-fwaas',
])
expect.extend(nutils.KILO_PACKAGES)
expect = [p for p in expect if not p.startswith('python-')]