Enable isolated provider network metadata access

When an isolated provider network with no virtual routers metadata access occurs in the qdhcp netns. Without the force_metadata option in dhcp_agent.ini and the haproxy package installed ns-metadata-proxy is not enabled. ns-metdata-proxy sits in the ip netns and proxies requests from 169.254.169.254 to the nova-api-metadata service outside the netns. This change adds the force_metadata option and installs haproxy when enable-local-dhcp-and-metadata is True. Closes-Bug: #1831935 Change-Id: Iaad1501e8d7d58888ef0917b6700d22a7cf05ecf
2019-06-07 09:58:11 -07:00 · 2019-06-07 09:58:11 -07:00 · a1639fe51f
commit a1639fe51f
parent 380adb7271
5 changed files with 50 additions and 2 deletions
--- a/hooks/neutron_ovs_utils.py
+++ b/hooks/neutron_ovs_utils.py
@ -108,7 +108,9 @@ EXT_PORT_CONF = '/etc/init/ext-port.conf'
 NEUTRON_METADATA_AGENT_CONF = "/etc/neutron/metadata_agent.ini"
 DVR_PACKAGES = ['neutron-l3-agent']
 DHCP_PACKAGES = ['neutron-dhcp-agent']
-METADATA_PACKAGES = ['neutron-metadata-agent']
+# haproxy is required for isolated provider networks
+# ns-metadata-proxy LP#1831935
+METADATA_PACKAGES = ['neutron-metadata-agent', 'haproxy']
 # conntrack is a dependency of neutron-l3-agent and hence is not added
 L3HA_PACKAGES = ['keepalived']

--- a/templates/ocata/dhcp_agent.ini
+++ b/templates/ocata/dhcp_agent.ini
@ -0,0 +1,39 @@
+# ocata
+###############################################################################
+# [ WARNING ]
+# Configuration file maintained by Juju. Local changes may be overwritten.
+# 
+###############################################################################
+
+[DEFAULT]
+state_path = /var/lib/neutron
+interface_driver = openvswitch
+dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
+root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
+
+{% if dnsmasq_flags -%}
+dnsmasq_config_file = /etc/neutron/dnsmasq.conf
+{% endif -%}
+
+{% if dns_servers -%}
+dnsmasq_dns_servers = {{ dns_servers }}
+{% endif -%}
+
+{% if dns_domain -%}
+dns_domain = {{ dns_domain }}
+# Per LP#1583769, dhcp_domain needs to be configured in mitaka as well. Additional
+# testing shows that this has not been changed in newton, so will also
+# specify the dhcp_domain field.
+dhcp_domain = {{ dns_domain }}
+{% endif -%}
+
+enable_metadata_network = True
+force_metadata = True
+enable_isolated_metadata = True
+
+ovs_use_veth = True
+
+[AGENT]
+{% if availability_zone -%}
+availability_zone = {{ availability_zone }}
+{% endif -%}
--- a/tox.ini
+++ b/tox.ini
@ -32,6 +32,11 @@ basepython = python3.6
 deps = -r{toxinidir}/requirements.txt
       -r{toxinidir}/test-requirements.txt

+[testenv:py37]
+basepython = python3.7
+deps = -r{toxinidir}/requirements.txt
+       -r{toxinidir}/test-requirements.txt
+
 [testenv:pep8]
 basepython = python3
 deps = -r{toxinidir}/requirements.txt
--- a/unit_tests/test_neutron_ovs_hooks.py
+++ b/unit_tests/test_neutron_ovs_hooks.py
@ -216,7 +216,8 @@ class NeutronOVSHooksTests(CharmTestCase):
            **rel_data
        )
        self.purge_packages.assert_called_with(['neutron-dhcp-agent',
-                                                'neutron-metadata-agent'])
+                                                'neutron-metadata-agent',
+                                                'haproxy'])
        self.assertFalse(self.install_packages.called)

    @patch.object(hooks, 'os_release')
--- a/unit_tests/test_neutron_ovs_utils.py
+++ b/unit_tests/test_neutron_ovs_utils.py
@ -189,6 +189,7 @@ class TestNeutronOVSUtils(CharmTestCase):
            'neutron-plugin-openvswitch-agent',
            'neutron-dhcp-agent',
            'neutron-metadata-agent',
+            'haproxy',
        ]
        self.assertEqual(pkg_list, expect)