The linked bug shows the install of the charm with openstack-origin set
to zed. This happens because configure_installation_source() causes the
openstack-release package to be installed *before* the zed cloud archive
sources are configured into /etc/apt and an apt update done. This means
that the openstack-release package says "yoga" despite the zed packages
actually being installed.
Then, on the config-changed hook, it sees that the installed version is
showing as yoga and tries to do an upgrade. This fails, as the charm
hasn't yet bootstrapped, and the charm tries to bootstrap after
upgrading the packages.
There's a few bugs here which are exposed, but the tactical fix is to
force the openstack-release to match the installed packages.
Closes-Bug: #1989538
Change-Id: Icaa2303d2dbbcfc883ea1cd44ce0a77af1ef7250
The change [1] syncs the charmhelpers that has additional
context data to IdentityServiceContext - internal_host,
internal_port, internal_protocol.
This patch adds the internal_host, internal_port,
internal_protocol to neutron-plugin-api relation data.
Without this patch, any relations over neutron-plugin-api
will be incomplete if the charm holding the other end of
the relation has charmhelpers synced.
[1] https://review.opendev.org/c/openstack/charm-neutron-api/+/806676
Change-Id: Ic4abbd0a408949c0c752a1701db161e1cd5c4ff7
Add enable-fwaas to neutron-plugin-api relation data so
that neutron-openvswitch updates neutron-l3-agent
configuration accordingly.
Synced charmhelpers to get related changes
https://github.com/juju/charm-helpers/pull/635
Partial-Bug: #1934129
Change-Id: I5019c5ed3b8ab556d4900f1fe46dee69f5f09ee7
The new default will take effect on newly deployed units when
openstack-origin is set to 'ussuri' or newer.
Any existing units or newly deployed units with openstack-origin
set to prior versions will retain the existing default.
Change-Id: Ia38dd7882105c3adad1afbf754ba2ed047dd05e2
If the charm has joined the certificate relation and switched its
endpoint to using https then it needs to tell nova-cc as it currently
gets its neutron endpoint from the neutron-api relation and not the
catalogue.
Change-Id: Idb1dbf8cbc344ef3f3bf3b6f463e55729a9ff63c
If the database is in maintenace mode do not attempt to access
it.
Change-Id: I42cc19aedff2bc060343f4431c1b4834f9389f03
Depends-On: I5d8ed7d3935db5568c50f8d585e37a4d0cc6914f
There are transient situations where the config option openstack-origin will
hold the target OpenStack version, so it's not safe to be used to determine
what packages should be installed in the unit, an accurate method is to use
the version of the neutron-common package.
Change-Id: I88693be390f66ba94626e52b949b5573532ea5d7
Closes-Bug: #1854538
* Adds an option to enable port forwarding service plugin;
* Exposes whether port forwarding is enabled or not to neutron-gateway
and neutron-openvswitch charms via the respective relation.
See LP: #1842353
Change-Id: Ic3a8e302942ed331bc3d80223e123c13d61db3b2
Closes-Bug: #1842353
This patchset implements policy overrides for neutron-gateway.
This change includes a charm-helpers sync to bring in the policyd helper
code.
Change-Id: I89f1f4b5d58843017e428a8d2cfada840dde14de
Closes-Bug: #1741723
Following the style of the SR-IOV enablement, add a new config
option to this charm to enable hardware offload support.
This is mainly used to signal to the nova-cloud-controller charm
to enable the PCI Passthrough Filter which is used in this type
of deployment.
Change-Id: I1f59012ad2d16af18ca310906f6c6b537bb7ec72
We can't add constraints to admin role without consider
regressions. It happens that two tempest scenarios are now failling:
tempest.scenario.test_network_basic_ops.TestNetworkBasicOps.test_network_basic_ops
tempest.scenario.test_server_multinode.TestServerMultinode.test_schedule_to_all_nodes
If admin wants to give role (even Admin role) to an user for a tenant,
the right way is to use keystone trust API.
Change-Id: I161ea7d1aec5e5784455b5bce4605b2f9143daa2
Related-Bug: #1830536
Signed-off-by: Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
Charms related to neutron-api on the neutron-plugin-api relation
can use the global-physnet-mtu and physical-network-mtus
to set mtus on the devices they manage.
Change-Id: I18aabe17549d99383d9c13c24879d794719feca7
This change adds infoblox-api relation which allows neutron-server
to publish events to a remote infoblox server. Additionally this
change enables IPAM for the neutron service, which forces neutron
to authorize any network changes against the target Infoblox
server.
This change adds the proper hooks, context, and templates to add
infobox configuration to /etc/neutron/neutron.conf, passed by the
infoblox subordinate charm.
Closes-Bug: 1776689
Change-Id: Ib11377bd61c2b3fed5104ba0a423073a15cc18a2
Enable support for configuration of FWaaS v2 firewall group
logging. The feature can be enabled or disabled via the
enable-firewall-group-logging flag.
This feature is currently only enabled for FWaaS v2 at Stein
for the charms (but is supported back to Queens in Neutron).
Change-Id: I4c440e233ee16d4e756c575d8db70918ff062f3e
Partial-Bug: 1831972
Use the generate_ha_relation_data helper from charmhelpers to
generate the data to send down the relation to the hacluster
charm.
This results in a few changes in behaviour:
1) The charm will no longer specify a nic name to bind the vip. This
is because Pacemaker VIP resources are able to automatically
detect and configure correct iface and netmask parameters based
on local configuration of the unit.
2) The original iface named VIP resource will be stopped and deleted
prior to the creation of the new short hash named VIP resource.
Change-Id: I473fc8a8c00e0fa2fd39e7d187f63334acbe6462
In order to have nova-metadata-api use the same dns-domain as neutron
when nova-metadata-api runs on nova-cloud-controller we must pass the
dns-domain on the neutron-api relation.
Change-Id: I14fe163a445b6dcffccced762041942de7d6b41d
Partial-Bug: #1805645
On charm upgrade the charm may switch to py3 packages. If so, ensure
the old py2 packages are purged. If the purge occurs then restart
services.
Change-Id: I2f5d95d9688c48e97fbb9b8b11a23d4b6250e016
Closes-Bug: 1803451
The Neutron built-in LBaaS provider is deprecated as of
OpenStack version Queens and the service is to be replaced
by a separate service such as Octavia.
This interface serves the purpose of notifying a external
load balancer service of when the Neutron API is ready to
accept queries.
In a transition period it is also used by the ``neutron-api``
charm to determine whether it should configure Neutron with
the legacy LBaaS provider enabled or if it should enable
the ``lbaasv2-proxy`` driver to proxy load balancer requests
sent to the Neutron API to the external service.
Change-Id: Id9f7ffb3d363c7606d92af592b9803644046d865
Add support to enable logging of security groups for
OpenStack Queens or later; this feature is enabled via
the neutron-api charm, with local configuration options
provided in the neutron-openvswitch charm.
The feature is only compatible with the openvswitch firewall
driver and will not be enabled if this configuration option
is not set in the neutron-openvswitch charm.
This change is removing unnecessary Neutron config
option "neutron_firewall_driver" since FW drivers are
being handled on agents side (not on API server) since
Mitaka release.
Change-Id: Icadb055b2c5c3216b6d086b44a4823595b2baffa
Closes-Bug: #1787397
This fix add ability to enable VLAN trunking in configuration.
Signed-off-by: Anton Kremenetsky <akremenetsky@dev.rtsoft.ru>
Change-Id: If80dc4750e6639bdc41bc62eede350019b4306c5
Closes-Bug: #1772979
Drop support for deployment from Git repositories, as deprecated
in the 17.02 charm release. This feature is unmaintained and has
no known users.
Change-Id: I44f00afeee8623713055310b025f1e91af18b86a
Encode dicts passed to hacluster charm using JSON serialization,
supporting consistent data presentation under Python 3 where
dict key iteration is non-deterministic.
This is supported by prefixing json based data items with 'json_'
and encoding with keys sorted.
The charm will also clear any unprefixed based data items for
upgrades.
Change-Id: I21c6acff4a4a22cbcc5e6ea4e78394ce076e79d9
Closes-Bug: 1741304
Depends-On: I364a60ca7b91327fe88ee729cf49ff8ab3f5e2b6
This patchset implements new relation ("external-dns") using new
interface ("designate") between designate and neutron-api charms.
The following charm options have been added:
* "reverse-dns-lookup"
* "ipv4-ptr-zone-prefix-size"
* "ipv6-ptr-zone-prefix-size"
The patchset contains changes to various items (config files, hooks,
template files and unit tests).
When neutron-api is related to designate, the notification topic
previously used to send notification events to designate will be
disabled (as the DNS driver method is preferred).
Change-Id: I13b2ab39bd1daac13112398762f2be06022594b0
Closes-Bug: #1704769
Remove postgresql DB support; This feature is untested as part
of the charms, is not in use and was deprecated as part of
the 1708 charms release.
Change-Id: I5ebd4af9da38c03ca9952b8eed02fe5783692445
Support for the ZeroMQ messaging driver has bit-rotted over
the last few years across the OpenStack charms; drop support
for ZMQ inline with deprecation notices issued in 17.02 charm
release.
Change-Id: Ia11cd42eab112aa6dc609a5c15353ba98f6ae3ea
Updates across the charm and unit tests to switch to
execution under Python 3.
Note that the changes are not backwards compatible
with Python 2.
Refactor use of neutronclient python module to simply
wrap the neutron binary, using the yaml output format
to avoid the requirement for a Python 3 module on
older OpenStack release versions.
Change-Id: Ic26b0dd19a76552481939325963a6c21585dee3c
When an existing cluster of the service is scaled out the new unit
will join with keystone before it is fully clustered. In identity
joined hook the charmhelpers function canonical_url is called which
in turn uses another charmhelpers function, resolve_address.
resolve_address will only return the vip if the vip is set in config
AND the unit is clustered. This means that the units local address
is returned and that is then registered with keystone.
This change gates registering an endpoint if the cluster is
partially formed.
Change-Id: I233e0cccb8ccd732080fd239df6d1e7db174eba5
Partial-Bug: #1544959
This patch adds the enable-qos option to the charm. If enable-qos is
set then neutron.services.qos.qos_plugin.QoSPlugin is added to
service_plugins in neutron.conf locally. The
neutron-plugin-api-relation has also been updated to send the
enable-qos option to charms connected over that relation (for
example neutron-openvswitch and neutron-gateway).
As part of this some of the logic for setting service_plugins was
removed from the neutron.conf and placed in the NeutronCCContext.
This patch is based on the steps in:
https://docs.openstack.org/mitaka/networking-guide/config-qos.html
Change-Id: I1beba9bebdb7766fd95d47bf13b6f4ad86e762b5
Partial-Bug: #1705358
Currently whenever the shared-db hook fires we call
migrate_neutron_database() which will always (unless unit
is paused) do a migration and restart the neutron-server
service. This is unnecessary and disruptive so we avoid
doing this by first checking whether we have already
initialised and and skipping migrate and restart if we
have already initialised. We also add support to override
this logic if an upgrade is in progress.
Change-Id: Ia4c104ff21d10a0d24ac3038bb75a5a9dc67ca94
Closes-Bug: 1708459
Enable dual stack IPv4 and IPv6 VIPs on the same interface.
HAProxy always listens on both IPv4 and IPv6 allowing connectivity
on either protocol.
charm-helpers sync for HAProxy template changes.
Change-Id: I4f011b404abb63e8b8e612a57f285010d06ccb0c
This patch adds support for setting polling-interval rpc-response-timeout
and report-interval in neutron-api charm centrally, then other charms
need to continue doing:
1, polling_interval
Just used by neutron l2 agents, so neutron-openvswitch charm
gets it via its relations and set it in [agent] of ml2_conf.ini
or openvswitch_agent.ini(>=Mitaka)
2, rpc_response_timeout
Used by all neutron agents, so both neutron-gateway charm and
neutron-openvswitch charm get it via its relations and set it
in [default] of neutron.conf
3, report_interval
Used by all neutron agents, so both neutron-gateway charm and
neutron-openvswitch charm get it via its relations and set it
in [agent] of neutron.conf
This patch also syncs charmhelpers.
Change-Id: I669e959a596b214acf486b0532c4ab31c2b82557
Partial-Bug: #1685788
Use the get_relation_ip function for selecting addresses for the
cluster relationship. Including overrides for the admin, internal,
and public config settings or extra bindings.
Change-Id: Ief31b5bf605e6fad0b5fc57cd048e3d8badfa2db
Partial-Bug: #1687439
Add the dns-domain config and enable-ml2-dns options, allowing the
user to enable DNS integration between Neutron and Nova. This enables
the DNS integration between Nova and Neutron for internal DNS services
when the enable-ml2-dns option is set to True.
Change-Id: Id5f828da003e056a882297ffdbf3df22e856d14a
Implements: blueprint internal-dns
When the percona-cluster charm sets an access-network but the default
unit-get address is not on that network extra shared-db relations get
executed. This is specifically a problem when running upgrades and
trying to avoid API downtime.
The root cause is that the access-network is not checked until the
SharedDBContext is consulted. But then db_joined function will
change it back to the wrong ip on subsequent runs.
This change adds a check for access-network on the relation during
the db_joined function and pushes IP selection off to get_relation_ip.
Charm helpers sync to pull in changes to get_relation_ip.
Partial-bug: #1677647
Change-Id: I20f35dd7a12315ef61939feb5199680db128bc0b
- sync charmhelpers with fix-alpha helpers
- fix up code where the alpha comparisons are done
- fix tests which assumed mocks would just work on os_release()
Change-Id: I3d1a8993286f0e7a1037c03e6711015883f1b615
Related-Bug: #1659575
In order to support changes in the api-paste.ini file for the keystone
middleware of the neutron-api service by subordinates we need a generic
mechanism to pass wsgi middleware data via a relation.
The following approach is used in this change:
- relation data set by subordinates:
{'extra_middleware': [{
'type': 'middleware_type',
'name': 'middleware_name',
'config': {
'setting_1': 'value_1',
'setting_2': 'value_2'}}]}
- there may be many subordinates each with their own set of middleware
all of which should be taken into account
- besides a factory method for middleware other settings can be
specified, therefore, a generic config dictionary is used
- neutron-server has to be restarted as api-paste.ini is read upon
startup of the service
- api-paste.ini rendering code is added along with a template code
containing loops over a list of middleware provided in a context to
construct the following entries:
keystone = [name-1 ... name-m] <default_middleware>
[type-1:name-1]
key-1 = value-1
...
key-n = value-n
...
[type-m:name-m]
key-1 = value-1
...
key-k = value-k
- api-paste.ini defaults are copied from their respective upstream
neutron branches
Change-Id: I9449aa2e85b1523f24acdcee11ca1f635dda47c0
neutron-api was still using the old approach to status assessment,
calling the os_set_workload_status function rather than the provided
assess_status function in neutron_api_utils.
Switch to using assess_status, which also correctly sets the
application version for the application.
Change-Id: I324f6e77bca96f2bb0aacc286050ee258dd09f77
All contributors to this charm have agreed to the switch
from GPL v3 to Apache 2.0; switch to Apache-2.0 license
as agreed so we can move forward with official project status.
Change-Id: Ie7859853644fb819f1cd3062a2fea86766de0afb
