openstack/charm-nova-compute
Code Issues Proposed changes
7c60a92414
charm-nova-compute/hooks/nova_compute_hooks.py

1050 lines
35 KiB
Python
Raw Normal View History

Update to run under Python 3 Updating charm to support execution under Python 3. Change-Id: I9013860b5eefef05bee5b473e30217229fb6a739
2017-11-05 12:47:42 +11:00
#!/usr/bin/env python3
Re-license charm as Apache-2.0 All contributors to this charm have agreed to the switch from GPL v3 to Apache 2.0; switch to Apache-2.0 license as agreed so we can move forward with official project status. Change-Id: I385f684581a74ae41b507ed9e9d17ef1e9fc5819
2016-07-01 17:43:29 +01:00
#
Spelling fixes found by codespell. Change-Id: I819aa04eef6cc72a24ecaf39a350b30015612165
2021-09-21 19:28:46 +01:00
# Copyright 2016-2021 Canonical Ltd
Re-license charm as Apache-2.0 All contributors to this charm have agreed to the switch from GPL v3 to Apache 2.0; switch to Apache-2.0 license as agreed so we can move forward with official project status. Change-Id: I385f684581a74ae41b507ed9e9d17ef1e9fc5819
2016-07-01 17:43:29 +01:00
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
import base64
Do not manage subordinate service restarts The subordinate charms should manage the services that they deploys and configure, not the principle they are related to. This change switches the approach for restarting services from having the nova-compute charm doing it directly to having nova-compute triggering the restart by request a restart down the existing relations. Closes-Bug: #1947585 Change-Id: I7419e39d68c70d21a11d03deeff9699421b0571e
2023-02-28 13:31:28 +00:00
import functools
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
import json
Set smt off and cpu-mode to host-passthrough for ppc64 architectures When deploying a ppc64el compute node, smt needs to be turned off and cpu-mode needs to be set to host-passthrough for nova/libvirt/kvm use. Change-Id: I48bd8f9e42dbc5f7c626addaa2fdd1e3f8fdd97e
2016-04-04 14:06:37 +00:00
import platform
Checkin templates.
2013-07-30 20:39:44 -07:00
import sys
Send remote restart to neutron plugin post upgrade When this principle charm performs and Openstack upgrade the subordinates packages are also upgraded. The subordinate may need to render new config for the new release so the charm now sends a restart trigger to the subordinate Change-Id: Ifd5dea4e67d09dc29bb0bba579fd8903fb64490a Partial-Bug: 1571634
2016-04-18 17:32:19 +00:00
import uuid
Fix support for cinder ceph rbd in Ocata As of Ocata, the ceph key used to access a specific Cinder Ceph backend must match the name of the key used by cinder, with an appropriate secret configured for libvirt use with the cephx key used by the cinder-ceph charm. Add support for the new ceph-access relation to allow nova-compute units to communicate with multiple ceph backends using different cephx keys and user names. The side effect of this change is that nova-compute will have a key for use with its own ephemeral backend ceph access, and a key for each cinder ceph backend configured in the deployment. Change-Id: I638473fc46c99a8bfe301f9a0c844de9efd47a2a Closes-Bug: 1671422
2017-03-09 12:51:25 +00:00
import os
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
import subprocess
Fixing /var/run/ceph/ directory permissions In previous versions of the charm the directory /var/run/ceph/ was created with access permissions only for root. Consequently libvirt had no access to the rbd admin socket. Prior installations are also fixed through update-charm. Change-Id: I7f8054a404de9910bc070b288e1df1ce8dcf754e Closes-Bug: #1779676
2018-07-03 13:31:56 +02:00
import grp
import shutil
Load nf_conntrack at boot time Sysctl rules fined in charm config fails to be applied in ovn enviroments because the rules are applied before nf_conntrack is loaded. By adding nf_conntrack to the /etc/modules file it guarantees that it will be loaded before the rules are applied. Closes-Bug: #1922778 Change-Id: I51dae65cdc06e35230160bcaedda99710a72617d
2024-04-15 13:45:45 -03:00
import yaml
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Support for restart of services from subordianates Neutron subordinate charms that manage underlying PCI devices, such as SR-IOV VF's, need to ensure that the nova-compute service is restarted after the underlying device configuration has been completed, so that the nova pci_devices database is correctly populated as part of the nova-compute startup process. Add a service_restart_handler to the neutron-plugin-relation-changed hook to allow subordinate charms to request restarts using the standard restart-nonce trigger mechanism. Change-Id: I2a4fcaa0988dae0b85904ff84ff5e492d651a043
2017-02-07 10:12:11 +01:00
import charmhelpers.core.unitdata as unitdata
Load nf_conntrack at boot time Sysctl rules fined in charm config fails to be applied in ovn enviroments because the rules are applied before nf_conntrack is loaded. By adding nf_conntrack to the /etc/modules file it guarantees that it will be loaded before the rules are applied. Closes-Bug: #1922778 Change-Id: I51dae65cdc06e35230160bcaedda99710a72617d
2024-04-15 13:45:45 -03:00
from charmhelpers.core.kernel import modprobe
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
from charmhelpers.core.hookenv import (
Hooks,
config,
changes to support postgresql
2014-03-25 10:12:03 +01:00
is_relation_made,
Retrieve cloud credentials directly from keystone In a cells deployment the credentials for the nova-compute application will no longer be available via the nova-cloud-controller in the local cell. This change adds the scaffolding for a cell to utilise a new cloud-credentials relation to allow it to retrieve credentials directly from keystone. Change-Id: I9d1a7353d730f7cb8e93cc9eea5b788f7c956c3d
2018-06-14 10:12:28 +00:00
local_unit,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
log,
Prevent unnecessary nova-compute restarts on ceph_changed Function 'is_broker_action_done' should return False when it finds a response from ceph broker not marked done, in order to trigger a nova restart. However, it also returns False if there is no response data from ceph broker, triggering an unecessary restart. The function 'ceph_changed' is invoked under different remote unit contexts when there are updates to the relation. When querying the broker response, only the context of the remote unit that is the broker can see the response, unless specifically queried for that given unit. The 'ceph_changed' invocations under a remote context that are not the broker end up returning False in 'is_broker_action_done' and causing restarts, even after the action is already marked done. This also happens on 'config-changed' hooks. To fix this problem, the logic is now changed have each 'ceph_changed' invocation loop through units and process the broker response, regardless of remote context. This is an initial change to address the issue locally in nova-compute charm. A later change will be worked on to move the new helper methods to charmhelpers, refactoring the existing ones there. Change-Id: I2b41f8b252f4ccb68830e90c5e68456e15372bcf Closes-bug: #1835045
2019-07-11 17:44:09 -03:00
DEBUG,
Add extra-repositories config option Add an extra-repositories config option to nova-compute in order to allow configuring additional apt repositories. This is useful when some packages are not available in the distro or cloud archive. Change-Id: Ie3b76ff3bc07b83e416c80fab1da2560d48df498
2022-03-31 15:14:07 -07:00
INFO,
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
WARNING,
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
ERROR,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
relation_ids,
Fix support for cinder ceph rbd in Ocata As of Ocata, the ceph key used to access a specific Cinder Ceph backend must match the name of the key used by cinder, with an appropriate secret configured for libvirt use with the cephx key used by the cinder-ceph charm. Add support for the new ceph-access relation to allow nova-compute units to communicate with multiple ceph backends using different cephx keys and user names. The side effect of this change is that nova-compute will have a key for use with its own ephemeral backend ceph access, and a key for each cinder ceph backend configured in the deployment. Change-Id: I638473fc46c99a8bfe301f9a0c844de9efd47a2a Closes-Bug: 1671422
2017-03-09 12:51:25 +00:00
remote_service_name,
[hopem,r=] Ensure libvirt image backend pool is configured if RBDImageBackend enabled post-deploy. Closes-Bug: 1489463
2016-02-09 15:55:14 +00:00
related_units,
Move creation of libvirt secret out of context and into a utility helper.
2013-09-03 17:16:15 -07:00
relation_get,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
relation_set,
service_name,
Checkin templates.
2013-07-30 20:39:44 -07:00
UnregisteredHookError,
Workload Status
2015-09-25 15:12:01 -07:00
status_set,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
)
Fix support for cinder ceph rbd in Ocata As of Ocata, the ceph key used to access a specific Cinder Ceph backend must match the name of the key used by cinder, with an appropriate secret configured for libvirt use with the cephx key used by the cinder-ceph charm. Add support for the new ceph-access relation to allow nova-compute units to communicate with multiple ceph backends using different cephx keys and user names. The side effect of this change is that nova-compute will have a key for use with its own ephemeral backend ceph access, and a key for each cinder ceph backend configured in the deployment. Change-Id: I638473fc46c99a8bfe301f9a0c844de9efd47a2a Closes-Bug: 1671422
2017-03-09 12:51:25 +00:00
from charmhelpers.core.templating import (
render
)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
from charmhelpers.core.host import (
Restart libvirt-bin after installing ceph-common to pick up the librbd libraries
2015-03-03 12:57:50 +00:00
service_restart,
Added verification to ensure iscsid is running Currently, the charm does not verify if iscsid is installed or running. This patch adds those verifications on install and update hooks. Closes-bug: #1816435 Change-Id: I23992832a82557f406999427fe8d151f6a2b63af
2019-02-26 14:42:20 -03:00
service_running,
service_start,
Series Upgrade Implement the series-upgrade feature allowing to move between Ubuntu series. Change-Id: I092a0558b4dd6a9fd15851753900cc116b6796b2
2018-08-06 15:45:10 -07:00
service_stop,
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
write_file,
umount,
Skip sysctl configuration in containers Some testing use cases make use of containers to host nova-compute; sysctl options can't be tweaked in this use case so detect and skip if executing in a container. Change-Id: I9ff894e728e46b229068e91a290b84cde73eb09c
2019-03-05 12:19:54 +00:00
is_container,
Fix misc issues with instances-path usage Fix use of ephemeral-device with instances-path to ensure that the configured block device is mounted in the desired location. Ensure instances-path directory actually exists. Change-Id: I81725f602ba3086bc142d59104e4bfc80918d8cf Closes-Bug: 1909141
2021-09-16 10:00:03 +01:00
mkdir,
Resync charm-helpers
2013-09-20 17:40:54 +01:00
)
from charmhelpers.fetch import (
Add extra-repositories config option Add an extra-repositories config option to nova-compute in order to allow configuring additional apt repositories. This is useful when some packages are not available in the distro or cloud archive. Change-Id: Ie3b76ff3bc07b83e416c80fab1da2560d48df498
2022-03-31 15:14:07 -07:00
add_source,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
apt_install,
Purge metadata pkg when not in dvr mode
2015-03-02 14:55:03 +00:00
apt_purge,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
apt_update,
Add context generator for handling config-flags charm config setting.
2013-08-01 12:53:09 -07:00
filter_installed_packages,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
)
Add Ceph BlueStore Compression support Sync c-h. Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/429 Change-Id: I3bbf41350c18ac5cc045392ace6e14118b04e1e8
2020-08-28 16:40:28 +02:00
import charmhelpers.contrib.openstack.context as ch_context
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
from charmhelpers.contrib.openstack.utils import (
Fix gate for enabling FQDN agent registration If a new version of the charm is used to install a version of OpenStack prior to Stein, do not enable the FQDN registration. Change-Id: Ib86d6a48ee34c9efc42b4455ac669ef0cb8dc3bb Closes-Bug: #1846781
2019-10-08 14:13:51 +02:00
CompareOpenStackReleases,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
configure_installation_source,
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
is_unit_paused_set,
Add extra-repositories config option Add an extra-repositories config option to nova-compute in order to allow configuring additional apt repositories. This is useful when some packages are not available in the distro or cloud archive. Change-Id: Ie3b76ff3bc07b83e416c80fab1da2560d48df498
2022-03-31 15:14:07 -07:00
get_source_and_pgp_key,
Fix gate for enabling FQDN agent registration If a new version of the charm is used to install a version of OpenStack prior to Stein, do not enable the FQDN registration. Change-Id: Ib86d6a48ee34c9efc42b4455ac669ef0cb8dc3bb Closes-Bug: #1846781
2019-10-08 14:13:51 +02:00
openstack_upgrade_available,
os_release,
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
pausable_restart_on_change as restart_on_change,
Series Upgrade Implement the series-upgrade feature allowing to move between Ubuntu series. Change-Id: I092a0558b4dd6a9fd15851753900cc116b6796b2
2018-08-06 15:45:10 -07:00
series_upgrade_complete,
Fix gate for enabling FQDN agent registration If a new version of the charm is used to install a version of OpenStack prior to Stein, do not enable the FQDN registration. Change-Id: Ib86d6a48ee34c9efc42b4455ac669ef0cb8dc3bb Closes-Bug: #1846781
2019-10-08 14:13:51 +02:00
series_upgrade_prepare,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
)
added broker wrappers
2014-11-19 17:53:16 -06:00
from charmhelpers.contrib.storage.linux.ceph import (
ensure_ceph_keyring,
CephBrokerRq,
Prevent unnecessary nova-compute restarts on ceph_changed Function 'is_broker_action_done' should return False when it finds a response from ceph broker not marked done, in order to trigger a nova restart. However, it also returns False if there is no response data from ceph broker, triggering an unecessary restart. The function 'ceph_changed' is invoked under different remote unit contexts when there are updates to the relation. When querying the broker response, only the context of the remote unit that is the broker can see the response, unless specifically queried for that given unit. The 'ceph_changed' invocations under a remote context that are not the broker end up returning False in 'is_broker_action_done' and causing restarts, even after the action is already marked done. This also happens on 'config-changed' hooks. To fix this problem, the logic is now changed have each 'ceph_changed' invocation loop through units and process the broker response, regardless of remote context. This is an initial change to address the issue locally in nova-compute charm. A later change will be worked on to move the new helper methods to charmhelpers, refactoring the existing ones there. Change-Id: I2b41f8b252f4ccb68830e90c5e68456e15372bcf Closes-bug: #1835045
2019-07-11 17:44:09 -03:00
CephBrokerRsp,
Clean up stale ceph keyring [cbjchen,r=] Clean up the keyring after ceph relation is broken. So when next time ceph relation is joined, ensure_ceph_keyring will not ignore the new key because of the existance of the old one.
2015-02-06 13:09:18 -05:00
delete_keyring,
Prevent repeated nova-compute service restart Once a ceph broker request has completed and the nova-compute service has been restarted as a result, ensure that this does not get retriggered when the ceph relation fires as a result of a peer unit's data coming onto the wire and no new information is provided to the local unit. Change-Id: Ie359a0ec9af7edfb9d453dcf4dbd9880af324d37 Closes-Bug: 1694963
2017-06-07 18:39:10 +01:00
is_broker_action_done,
mark_broker_action_done,
Prevent unnecessary nova-compute restarts on ceph_changed Function 'is_broker_action_done' should return False when it finds a response from ceph broker not marked done, in order to trigger a nova restart. However, it also returns False if there is no response data from ceph broker, triggering an unecessary restart. The function 'ceph_changed' is invoked under different remote unit contexts when there are updates to the relation. When querying the broker response, only the context of the remote unit that is the broker can see the response, unless specifically queried for that given unit. The 'ceph_changed' invocations under a remote context that are not the broker end up returning False in 'is_broker_action_done' and causing restarts, even after the action is already marked done. This also happens on 'config-changed' hooks. To fix this problem, the logic is now changed have each 'ceph_changed' invocation loop through units and process the broker response, regardless of remote context. This is an initial change to address the issue locally in nova-compute charm. A later change will be worked on to move the new helper methods to charmhelpers, refactoring the existing ones there. Change-Id: I2b41f8b252f4ccb68830e90c5e68456e15372bcf Closes-bug: #1835045
2019-07-11 17:44:09 -03:00
get_broker_rsp_key,
get_request_states,
get_previous_request,
Send application name to ceph-mon Send application name to ceph-mon as ceph-mon cannot derive it from CMR relations. Change-Id: I0da4d7a55b1df947c10a8c7a4ae0f514c91be1eb
2020-06-19 09:27:20 +00:00
send_application_name,
added broker wrappers
2014-11-19 17:53:16 -06:00
)
Add preinstall execd hook calls
2013-09-27 17:20:42 +01:00
from charmhelpers.payload.execd import execd_preinstall
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
from nova_compute_utils import (
Move creation of libvirt secret out of context and into a utility helper.
2013-09-03 17:16:15 -07:00
create_libvirt_secret,
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
determine_packages,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
import_authorized_keys,
import_keystone_ca_cert,
Checkin templates.
2013-07-30 20:39:44 -07:00
initialize_ssh_keys,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
migration_enabled,
do_openstack_upgrade,
public_ssh_key,
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
restart_map,
[bradm] Added sysvinit daemon monitoring, use services() instead of hard coded daemon list, pep8 fixes
2014-11-17 13:45:12 +10:00
services,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
register_configs,
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
NOVA_CONF,
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
ceph_config_file,
CEPH_SECRET,
Fix support for cinder ceph rbd in Ocata As of Ocata, the ceph key used to access a specific Cinder Ceph backend must match the name of the key used by cinder, with an appropriate secret configured for libvirt use with the cephx key used by the cinder-ceph charm. Add support for the new ceph-access relation to allow nova-compute units to communicate with multiple ceph backends using different cephx keys and user names. The side effect of this change is that nova-compute will have a key for use with its own ephemeral backend ceph access, and a key for each cinder ceph backend configured in the deployment. Change-Id: I638473fc46c99a8bfe301f9a0c844de9efd47a2a Closes-Bug: 1671422
2017-03-09 12:51:25 +00:00
CEPH_BACKEND_SECRET,
[bradm] Added missing import for fix_path_ownership
2014-02-19 16:03:50 +10:00
enable_shell, disable_shell,
flex->lxd
2015-02-11 13:20:35 -05:00
configure_lxd,
Tidyup
2014-05-06 21:58:56 +00:00
fix_path_ownership,
Merged next in
2014-10-15 06:51:47 +00:00
assert_charm_supports_ipv6,
Add support for configurable hugepages
2015-08-13 10:11:23 +01:00
install_hugepages,
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
get_hugepage_number,
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
assess_status,
Set smt off and cpu-mode to host-passthrough for ppc64 architectures When deploying a ppc64el compute node, smt needs to be turned off and cpu-mode needs to be set to host-passthrough for nova/libvirt/kvm use. Change-Id: I48bd8f9e42dbc5f7c626addaa2fdd1e3f8fdd97e
2016-04-04 14:06:37 +00:00
set_ppc64_cpu_smt_state,
Properly remove libvirt default network As well as destroying the network we should also undefine it to ensure it does not return. Change-Id: I57738856adb25c190357b1b23dd8a1245798cb14 Closes-Bug: #1800160
2018-10-26 15:32:19 +01:00
remove_libvirt_network,
Add apparmor support Fixes to nova-network and nova-api service restarts Charm helpers sync to bring in the AppArmorContext class Create specific service ApiAppArmorContexts Add service specific templates for apparmor profiles Add aa-profile-mode in config.yaml Apply the apparmor profile as requested: disable, enforce, complain Add aa-profile-mode change test to amulet Charm-helpers sync to pull in AA Profile context changes Change-Id: I18aff4bfe131010521ea9ff544c6bf76f888afa6
2016-04-21 15:14:23 -07:00
network_manager,
Updates for Ubuntu Yakkety Yakkety swiches: a) the name of the libvirt daemon from libvirt-bin -> libvirtd b) the default libvirt user from libvirtd -> libvirt Update contexts, restarts, templates and enable yakkety test to deal with this change. Resync charm-helpers to support enablement of yakkety amulet test. Change-Id: I58eb3a5da53d4a12390968c835c0ff408a42d1b5
2016-09-14 11:40:57 +01:00
libvirt_daemon,
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
LIBVIRT_TYPES,
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
configure_local_ephemeral_storage,
Series Upgrade Implement the series-upgrade feature allowing to move between Ubuntu series. Change-Id: I092a0558b4dd6a9fd15851753900cc116b6796b2
2018-08-06 15:45:10 -07:00
pause_unit_helper,
resume_unit_helper,
Purge old packages on upgrade-charm On charm upgrade the charm may switch to py3 packages. If so, ensure the old py2 packages are purged. If the purge occurs then restart services. Change-Id: I17abef16afbb8c62dae1b725c74c39cec414f4f8 Closes-Bug: 1803451
2018-11-15 15:13:19 +00:00
remove_old_packages,
Install multipath dependencies when use-multipath is True This change ensures that the multipath dependencies are installed on the compute node when the use-multipath config flag is enabled. Change-Id: I39b017398b95f5901d9bc57ffa0c59ff59f3a359 Closes-Bug: #1806830
2019-02-04 19:43:49 -07:00
MULTIPATH_PACKAGES,
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
SWTPM_PACKAGES,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
)
Support cloud-compute for IPv6.
2014-09-17 14:49:43 +08:00
from charmhelpers.contrib.network.ip import (
Make the cloud-compute relation net spaces aware When nova compute is deployed with multiple network interfaces configured. It may be necessary to specify which interface to use for the cloud-compute relation. Do not use unit_get('private-address') which gives unpredictable results. Instead, leverage network-get for network spaces aware address selection. Charm helpers sync to pull in generalized get_relation_ip() used in other charms which checks network-get after checking for all of the edge cases including IPv6 and config overrides. Use get_relation_ip() for address selection. This allows for specifying a network space in a bundle when using MAAS 2.x. This guarantees the charm will select the correct interface and IP for the network space. nova-compute: bindings: cloud-compute: internal-space Closes-bug: #1670866 Change-Id: Ib43a7a52acf5a07b68dea808082da0ba6eb237c1
2017-03-07 08:33:13 -08:00
get_relation_ip,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
)
Move to sub configured access, and triggered restart
2015-09-23 13:11:45 +01:00
from charmhelpers.core.unitdata import kv
more cleanup
2014-11-11 22:28:08 +00:00
from nova_compute_context import (
Restart nova-api-metadata when nova.conf changes The charm code as it stood before did this correctly when the neutron-plugin relation included 'metadata-shared-secret', but not when it included 'enable-metadata' without 'metadata-shared-secret'. (See https://bugs.launchpad.net/charms/+source/nova-compute/+bug/1515570 for when 'enable-metadata' is used in this way.) This change commonizes the code that determines when nova-api-metadata should run, and uses this both to install the package and to add the resource map dependency from nova.conf to the nova-api-metadata service. Change-Id: I3354051b454621bc423ec6b2853d61301e58658c
2016-06-29 23:51:25 +01:00
nova_metadata_requirement,
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
sent_ceph_application_name,
CEPH_OLD_SECRET_UUID,
CEPH_AUTH_CRED_NAME,
more cleanup
2014-11-11 22:28:08 +00:00
CEPH_SECRET_UUID,
Add apparmor support Fixes to nova-network and nova-api service restarts Charm helpers sync to bring in the AppArmorContext class Create specific service ApiAppArmorContexts Add service specific templates for apparmor profiles Add aa-profile-mode in config.yaml Apply the apparmor profile as requested: disable, enforce, complain Add aa-profile-mode change test to amulet Charm-helpers sync to pull in AA Profile context changes Change-Id: I18aff4bfe131010521ea9ff544c6bf76f888afa6
2016-04-21 15:14:23 -07:00
assert_libvirt_rbd_imagebackend_allowed,
Refactor unit tests to avoid leaks of mocks. It was found that the modules test_actions_openstack_upgrade and test_actions_package_upgrade were mocking different classes and functions right before importing the modules under test (openstack_upgrade and package_upgrade respectively), although these mocks weren't being reset making tests executions coming after them to get benefitted (or impacted) by the mocks in memory. This patch takes advantage of mock.patch() decorator at the class level and importlib.reload() to make sure the mocks don't outsurvive the module. When the teardown was in place it was found a different set of functions that were relying on that mocking, so they were patched to allow the tests run in the expected (mock'ed) environment. Summary of changes: - Move get_availability_zone() to contexts module, nova_compute_utils depends on nova_compute_context, the latter shouldn't be importing code from the former since it breaks the layering, even when the import is being done within a function's body. - Mock env variable JUJU_UNIT_NAME per test case, the tests defined in the test_nova_compute_utils and test_nova_compute_contexts were relying on the leakage of mocks set by other test modules, this makes them run in an isolated fashion. - Move update_nrpe_config testing to its own class, the main class NovaComputeRelationsTests mocks the function update_nrpe_config() making it difficult to test it in a test method, hence making the test part of its own class it's posible to not mock the function and correctly runs its implementation. - Teardown mocks made at import level. Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/997 Change-Id: I4468ef1a0619befc75c6af2bad8df316125a7cf5
2023-02-15 15:25:51 -03:00
get_availability_zone,
Add apparmor support Fixes to nova-network and nova-api service restarts Charm helpers sync to bring in the AppArmorContext class Create specific service ApiAppArmorContexts Add service specific templates for apparmor profiles Add aa-profile-mode in config.yaml Apply the apparmor profile as requested: disable, enforce, complain Add aa-profile-mode change test to amulet Charm-helpers sync to pull in AA Profile context changes Change-Id: I18aff4bfe131010521ea9ff544c6bf76f888afa6
2016-04-21 15:14:23 -07:00
NovaAPIAppArmorContext,
NovaComputeAppArmorContext,
NovaNetworkAppArmorContext,
Use a stable hostname to render nova.conf OVS introduced a new service called ovs-record-hostname.service which records the hostname on the first start in the ovs database to identify the ovn chassis, this is how it achieved a stable hostname and be resilient to the changes in the FQDN when the DNS gets available. This change introduces the same approach for nova-compute charm. In the first run of the NovaComputeHostInfoContext the value passed in the context as host_fqdn is stored in the unit's kv db, and re-used on every subsequent call. This change affects only new installs since the hint to store (or not) the host fqdn is set in the install hook. Change-Id: I2aa74442ec25b21201a47070077df27899465814 Closes-Bug: #1896630
2023-02-15 11:43:40 -03:00
NovaComputeHostInfoContext,
more cleanup
2014-11-11 22:28:08 +00:00
)
Use rnpe functions from charmhelpers
2015-01-12 12:04:00 +00:00
from charmhelpers.contrib.charmsupport import nrpe
[all] make sync
2014-11-26 10:39:42 -03:00
from charmhelpers.core.sysctl import create as create_sysctl
Add hardening support Add charmhelpers.contrib.hardening and calls to install, config-changed, upgrade-charm and update-status hooks. Also add new config option to allow one or more hardening modules to be applied at runtime. Change-Id: I525c15a14662175f2a68cdcd25a3ab2c92237850
2016-03-22 21:00:45 +00:00
from charmhelpers.contrib.hardening.harden import harden
[all] make sync
2014-11-26 10:39:42 -03:00
Add hostname to cloud-compute relation for MAAS environment SSH keyscanning
2014-06-12 10:40:30 +01:00
from socket import gethostname
Move creation of libvirt secret out of context and into a utility helper.
2013-09-03 17:16:15 -07:00
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
import charmhelpers.contrib.openstack.vaultlocker as vaultlocker
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
hooks = Hooks()
CONFIGS = register_configs()
Mark charm blocked for invalid migrations settings Previously if enable-live-migration was true and migration-auth-type was anything other than "ssh" then migration setup would be invalid. The change puts the charm in a blocked state to make it clear that the migration settings are not valid. Change-Id: I796b54e9a08e8eab5c2b316a2aff0b29ee7e6bd9 Closes-Bug: #1431685
2017-09-22 13:25:42 +00:00
MIGRATION_AUTH_TYPES = ["ssh"]
Series Upgrade Implement the series-upgrade feature allowing to move between Ubuntu series. Change-Id: I092a0558b4dd6a9fd15851753900cc116b6796b2
2018-08-06 15:45:10 -07:00
LIBVIRTD_PID = '/var/run/libvirtd.pid'
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Ensure python2 is installed before hook execution
2015-09-22 14:53:11 +01:00
@hooks.hook('install.real')
Add hardening support Add charmhelpers.contrib.hardening and calls to install, config-changed, upgrade-charm and update-status hooks. Also add new config option to allow one or more hardening modules to be applied at runtime. Change-Id: I525c15a14662175f2a68cdcd25a3ab2c92237850
2016-03-22 21:00:45 +00:00
@harden()
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
def install():
Workload Status
2015-09-25 15:12:01 -07:00
status_set('maintenance', 'Executing pre-install')
Add preinstall execd hook calls
2013-09-27 17:20:42 +01:00
execd_preinstall()
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
configure_installation_source(config('openstack-origin'))
Add extra-repositories config option Add an extra-repositories config option to nova-compute in order to allow configuring additional apt repositories. This is useful when some packages are not available in the distro or cloud archive. Change-Id: Ie3b76ff3bc07b83e416c80fab1da2560d48df498
2022-03-31 15:14:07 -07:00
configure_extra_repositories(config('extra-repositories'))
Deploy from source
2015-04-15 14:21:42 +00:00
Workload Status
2015-09-25 15:12:01 -07:00
status_set('maintenance', 'Installing apt packages')
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
apt_update()
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
apt_install(determine_packages(), fatal=True)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Fix gate for enabling FQDN agent registration If a new version of the charm is used to install a version of OpenStack prior to Stein, do not enable the FQDN registration. Change-Id: Ib86d6a48ee34c9efc42b4455ac669ef0cb8dc3bb Closes-Bug: #1846781
2019-10-08 14:13:51 +02:00
# Start migration to agent registration with FQDNs for newly installed
# units with OpenStack release Stein or newer.
release = os_release('nova-common')
if CompareOpenStackReleases(release) >= 'stein':
Use a stable hostname to render nova.conf OVS introduced a new service called ovs-record-hostname.service which records the hostname on the first start in the ovs database to identify the ovn chassis, this is how it achieved a stable hostname and be resilient to the changes in the FQDN when the DNS gets available. This change introduces the same approach for nova-compute charm. In the first run of the NovaComputeHostInfoContext the value passed in the context as host_fqdn is stored in the unit's kv db, and re-used on every subsequent call. This change affects only new installs since the hint to store (or not) the host fqdn is set in the install hook. Change-Id: I2aa74442ec25b21201a47070077df27899465814 Closes-Bug: #1896630
2023-02-15 11:43:40 -03:00
NovaComputeHostInfoContext.set_fqdn_hint(True)
NovaComputeHostInfoContext.set_record_fqdn_hint(True) # LP: #1896630
Use FQDN when registering agents with Nova The change of behaviour will only have affect on newly installed deployments on OpenStack Train and onwards. Also set upper constraint for ``python-cinderclient`` in the functional test requirements as it relies on the v1 client which has been removed. We will not fix this in Amulet, charm pending migration to the Zaza framework. Change-Id: Ia73ed6b76fc7f18014d4fa913397cc069e51ff07 Depends-On: Iee73164358745628a4b8658614608bc872771fd1 Closes-Bug: #1839300
2019-09-16 09:27:28 +02:00
Charmhelpers sync to get vaultlocker fixes Also gates checking vaultlocker status until it is installed Change-Id: I07f92132b0340b538ee472887c7fd0e0cc911453 Closes-Bug: #1849323
2019-12-10 13:38:51 +00:00
install_vaultlocker()
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Add extra-repositories config option Add an extra-repositories config option to nova-compute in order to allow configuring additional apt repositories. This is useful when some packages are not available in the distro or cloud archive. Change-Id: Ie3b76ff3bc07b83e416c80fab1da2560d48df498
2022-03-31 15:14:07 -07:00
def configure_extra_repositories(extra_repositories):
"""Configures extra repositories to be added to the deployment.
Evaluates the config option 'extra-repositories' and configures the
additional installation sources as appropriate.
:param extra_repositories: extra repositories to install
:type extra_repositories: str
:raises: SourceConfigError if there is an error with the extra repositories
"""
if not extra_repositories:
log('No additional repositories to configure.', level=DEBUG)
return
for repo in extra_repositories.split(','):
if not repo:
continue
repo = repo.strip()
log('Configuring additional repository: "{}"'.format(repo),
level=DEBUG)
source, key = get_source_and_pgp_key(repo)
# Note: the add_source should fail and will result in the hook failing
# which is better to correct at this point if there is a
# configuration error rather than believing the repository to be
# configured.
add_source(source, key, fail_invalid=True)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
@hooks.hook('config-changed')
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
@restart_on_change(restart_map())
Add hardening support Add charmhelpers.contrib.hardening and calls to install, config-changed, upgrade-charm and update-status hooks. Also add new config option to allow one or more hardening modules to be applied at runtime. Change-Id: I525c15a14662175f2a68cdcd25a3ab2c92237850
2016-03-22 21:00:45 +00:00
@harden()
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
def config_changed():
Series Upgrade Implement the series-upgrade feature allowing to move between Ubuntu series. Change-Id: I092a0558b4dd6a9fd15851753900cc116b6796b2
2018-08-06 15:45:10 -07:00
if is_unit_paused_set():
log("Do not run config_changed when paused", "WARNING")
return
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
if config('ephemeral-unmount'):
umount(config('ephemeral-unmount'), persist=True)
Integrated all ipv6 check into setup_ipv6()
2014-09-18 20:55:05 +08:00
if config('prefer-ipv6'):
Workload Status
2015-09-25 15:12:01 -07:00
status_set('maintenance', 'configuring ipv6')
fixed ipv6 support check
2014-09-26 19:20:20 +01:00
assert_charm_supports_ipv6()
Integrated all ipv6 check into setup_ipv6()
2014-09-18 20:55:05 +08:00
Add extra-repositories config option Add an extra-repositories config option to nova-compute in order to allow configuring additional apt repositories. This is useful when some packages are not available in the distro or cloud archive. Change-Id: Ie3b76ff3bc07b83e416c80fab1da2560d48df498
2022-03-31 15:14:07 -07:00
if config('extra-repositories'):
log('Configuring extra repositories', level=INFO)
configure_extra_repositories(config('extra-repositories'))
apt_update()
Mark charm blocked for invalid migrations settings Previously if enable-live-migration was true and migration-auth-type was anything other than "ssh" then migration setup would be invalid. The change puts the charm in a blocked state to make it clear that the migration settings are not valid. Change-Id: I796b54e9a08e8eab5c2b316a2aff0b29ee7e6bd9 Closes-Bug: #1431685
2017-09-22 13:25:42 +00:00
if (migration_enabled() and
config('migration-auth-type') not in MIGRATION_AUTH_TYPES):
message = ("Invalid migration-auth-type")
status_set('blocked', message)
raise Exception(message)
Rework upgrade handling
2014-04-01 17:01:37 +01:00
global CONFIGS
Send remote restart to neutron plugin post upgrade When this principle charm performs and Openstack upgrade the subordinates packages are also upgraded. The subordinate may need to render new config for the new release so the charm now sends a restart trigger to the subordinate Change-Id: Ifd5dea4e67d09dc29bb0bba579fd8903fb64490a Partial-Bug: 1571634
2016-04-18 17:32:19 +00:00
send_remote_restart = False
Remove deploy from source support Drop support for deployment from Git repositories, as deprecated in the 17.02 charm release. This feature is unmaintained and has no known users. Change-Id: I44a7a92d5d4ae493bab4d5b81e9757cb12149a66
2017-12-21 14:55:43 +00:00
if not config('action-managed-upgrade'):
Deploy from source
2015-04-15 14:21:42 +00:00
if openstack_upgrade_available('nova-common'):
Workload Status
2015-09-25 15:12:01 -07:00
status_set('maintenance', 'Running openstack upgrade')
refactoring do_openstack_upgrade to accept configs argument, bringing it in line with the other openstack charms
2015-10-06 15:38:12 +00:00
do_openstack_upgrade(CONFIGS)
Send remote restart to neutron plugin post upgrade When this principle charm performs and Openstack upgrade the subordinates packages are also upgraded. The subordinate may need to render new config for the new release so the charm now sends a restart trigger to the subordinate Change-Id: Ifd5dea4e67d09dc29bb0bba579fd8903fb64490a Partial-Bug: 1571634
2016-04-18 17:32:19 +00:00
send_remote_restart = True
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Lower vm.swappiness to reduce guest memory latency Lowering the value of vm.swappiness to 1 (minimum amount of swapping without disabling it entirely) should reduce the guest memory latency. The default of 1 in the charm can be changed by the user by explicitly setting vm.swappiness in the sysctl charm setting. Change-Id: If9d3a9a0d15a84b86cfa7ba3620b66e7ea61d414 Closes-Bug: 1660248
2017-02-09 11:57:45 +00:00
sysctl_settings = config('sysctl')
Load nf_conntrack at boot time Sysctl rules fined in charm config fails to be applied in ovn enviroments because the rules are applied before nf_conntrack is loaded. By adding nf_conntrack to the /etc/modules file it guarantees that it will be loaded before the rules are applied. Closes-Bug: #1922778 Change-Id: I51dae65cdc06e35230160bcaedda99710a72617d
2024-04-15 13:45:45 -03:00
ensure_nf_conntrack_module_loaded(sysctl_settings)
Skip sysctl configuration in containers Some testing use cases make use of containers to host nova-compute; sysctl options can't be tweaked in this use case so detect and skip if executing in a container. Change-Id: I9ff894e728e46b229068e91a290b84cde73eb09c
2019-03-05 12:19:54 +00:00
if sysctl_settings and not is_container():
Add ignore=True to call to create_sysctl Take advantage of a new feature in charmhelpers to ignore missing keys when running sysctl. This addresses the issue where we want to include conntrack settings for nova-compute with a kvm driver, but don't want to include those settings for lxd. And it addresses it in a generic way to handle similar situations going forward. Change-Id: I29c36c11345b8876c4c39651c124a64860dd35db Closes-Bug: 1820635
2019-03-21 09:46:34 -04:00
create_sysctl(
sysctl_settings,
'/etc/sysctl.d/50-nova-compute.conf',
# Some keys in the config may not exist in /proc/sys/net/.
# For example, the conntrack module may not be loaded when
# using lxd drivers insteam of kvm. In these cases, we
# simply ignore the missing keys, rather than making time
# consuming calls out to the filesystem to check for their
# existence.
ignore=True)
[all] make sync
2014-11-26 10:39:42 -03:00
Properly remove libvirt default network As well as destroying the network we should also undefine it to ensure it does not return. Change-Id: I57738856adb25c190357b1b23dd8a1245798cb14 Closes-Bug: #1800160
2018-10-26 15:32:19 +01:00
remove_libvirt_network('default')
Delete libvirt-bin default network to avoid MASQUERADE rules libvirt-bin installs a 192.168.122.0/24 default network and creates MASQUERADE rules for it on boot. These rules will effect and break instance traffic including GRE tenant networks. Check if the network exists and then destroy it with virsh net-destroy which both immediately removes the MASQUERADE rules and the network so it is not applied after reboot. Change-Id: Ia79aea6ef889d1ef58f903f967bea37dc07fd160 Closes-Bug: #1387390
2016-07-10 10:59:47 +08:00
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
Workload Status
2015-09-25 15:12:01 -07:00
status_set('maintenance', 'SSH key exchange')
Checkin templates.
2013-07-30 20:39:44 -07:00
initialize_ssh_keys()
Write authorized_keys on config change
2014-04-03 17:18:05 +01:00
import_authorized_keys()
Initial cut of feature to enable resize of instances
2013-12-16 10:10:19 +00:00
if config('enable-resize') is True:
Enable shell access for nova when resize is enabled
2013-12-16 12:33:45 +00:00
enable_shell(user='nova')
Workload Status
2015-09-25 15:12:01 -07:00
status_set('maintenance', 'SSH key exchange')
Initial cut of feature to enable resize of instances
2013-12-16 10:10:19 +00:00
initialize_ssh_keys(user='nova')
Fixed small bug in config-changed hook. Only write nova authorized keys if enable-resize is set
2014-04-03 17:48:13 +01:00
import_authorized_keys(user='nova', prefix='nova')
Enable shell access for nova when resize is enabled
2013-12-16 12:33:45 +00:00
else:
disable_shell(user='nova')
Initial cut of feature to enable resize of instances
2013-12-16 10:10:19 +00:00
Fixed bug in config-changed
2014-03-31 16:30:14 +01:00
if config('instances-path') is not None:
[bradm] Adding instance_path config variable in nova.conf, and fixing perms on dir
2014-02-19 14:40:50 +10:00
fp = config('instances-path')
Fix misc issues with instances-path usage Fix use of ephemeral-device with instances-path to ensure that the configured block device is mounted in the desired location. Ensure instances-path directory actually exists. Change-Id: I81725f602ba3086bc142d59104e4bfc80918d8cf Closes-Bug: 1909141
2021-09-16 10:00:03 +01:00
if not os.path.exists(fp):
mkdir(path=fp, owner='nova', group='nova', perms=0o775)
[bradm] Fixed order of arguments to fix_path_ownership
2014-02-19 14:53:05 +10:00
fix_path_ownership(fp, user='nova')
[bradm] Adding instance_path config variable in nova.conf, and fixing perms on dir
2014-02-19 14:40:50 +10:00
Fix for not restarting subordinate services on managed upgrade This fixes the referenced bug by ensuring that the action does initiate remote restarts for container scoped related units. Change-Id: I149b753355b64113adfd8fd4eea972978b7ed20b Closes-Bug:#1835557
2020-01-07 14:01:50 +00:00
for rid in relation_ids('cloud-compute'):
compute_joined(rid)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
for rid in relation_ids('neutron-plugin'):
Send remote restart to neutron plugin post upgrade When this principle charm performs and Openstack upgrade the subordinates packages are also upgraded. The subordinate may need to render new config for the new release so the charm now sends a restart trigger to the subordinate Change-Id: Ifd5dea4e67d09dc29bb0bba579fd8903fb64490a Partial-Bug: 1571634
2016-04-18 17:32:19 +00:00
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
Trigger ceilometer-agent after upgrade Send trigger to ceilometer-agent after an upgrade to trigger an upgrade. This follows the same pattern as other OpenStack subordinatees. Change-Id: Ic07d53c02b84d210aefd47e49a42002fac801ff4 Closes-Bug: #1802400
2018-11-11 18:34:20 +00:00
for rid in relation_ids('nova-ceilometer'):
nova_ceilometer_joined(rid, remote_restart=send_remote_restart)
Add nova-vgpu relation Change-Id: Ie034a263c85c2909ce87ada632196772dbd265d2
2022-02-15 11:51:42 +01:00
for rid in relation_ids('nova-vgpu'):
nova_vgpu_joined(rid, remote_restart=send_remote_restart)
Fixes bug LP: #1448143
2015-04-24 10:43:58 -03:00
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
[bradm] initial nrpe checks
2014-10-29 22:30:36 -05:00
Enabling hugepages should be conditional on it being requested
2015-08-19 15:07:10 +00:00
if config('hugepages'):
install_hugepages()
Add support for configurable hugepages
2015-08-13 10:11:23 +01:00
Set smt off and cpu-mode to host-passthrough for ppc64 architectures When deploying a ppc64el compute node, smt needs to be turned off and cpu-mode needs to be set to host-passthrough for nova/libvirt/kvm use. Change-Id: I48bd8f9e42dbc5f7c626addaa2fdd1e3f8fdd97e
2016-04-04 14:06:37 +00:00
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
Add support for cephx pool grouping and permissions Sync charmhelpers and add configuration option to allow access to ceph pools to be limited based on grouping. Nova will require access to volumes, images and vms pool groups. Change-Id: I1c188d983609577ab34f7aef7854954c104b58bd Partial-Bug: 1424771
2017-02-14 12:26:48 +00:00
# NOTE(jamespage): trigger any configuration related changes
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
# for cephx permissions restrictions and
# keys on disk for ceph-access backends
Add support for cephx pool grouping and permissions Sync charmhelpers and add configuration option to allow access to ceph pools to be limited based on grouping. Nova will require access to volumes, images and vms pool groups. Change-Id: I1c188d983609577ab34f7aef7854954c104b58bd Partial-Bug: 1424771
2017-02-14 12:26:48 +00:00
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
for rid in relation_ids('ceph-access'):
for unit in related_units(rid):
ceph_access(rid=rid, unit=unit)
[hopem,r=] Ensure libvirt image backend pool is configured if RBDImageBackend enabled post-deploy. Closes-Bug: 1489463
2016-02-09 15:55:14 +00:00
Ensure apparmor is configured when writing files When re-writing files, the apparmor configuration is not written, this will fix this to ensure that aa-profile-mode is respected Closes-Bug: 1947389 Change-Id: I79e9625ab4d261845822d4825ba1ed7e31d0b1e0
2021-12-07 15:33:24 +00:00
update_all_configs()
Add apparmor support Fixes to nova-network and nova-api service restarts Charm helpers sync to bring in the AppArmorContext class Create specific service ApiAppArmorContexts Add service specific templates for apparmor profiles Add aa-profile-mode in config.yaml Apply the apparmor profile as requested: disable, enforce, complain Add aa-profile-mode change test to amulet Charm-helpers sync to pull in AA Profile context changes Change-Id: I18aff4bfe131010521ea9ff544c6bf76f888afa6
2016-04-21 15:14:23 -07:00
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
install_vaultlocker()
Install multipath dependencies when use-multipath is True This change ensures that the multipath dependencies are installed on the compute node when the use-multipath config flag is enabled. Change-Id: I39b017398b95f5901d9bc57ffa0c59ff59f3a359 Closes-Bug: #1806830
2019-02-04 19:43:49 -07:00
install_multipath()
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
install_swtpm()
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
configure_local_ephemeral_storage()
Added verification to ensure iscsid is running Currently, the charm does not verify if iscsid is installed or running. This patch adds those verifications on install and update hooks. Closes-bug: #1816435 Change-Id: I23992832a82557f406999427fe8d151f6a2b63af
2019-02-26 14:42:20 -03:00
check_and_start_iscsid()
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
Load nf_conntrack at boot time Sysctl rules fined in charm config fails to be applied in ovn enviroments because the rules are applied before nf_conntrack is loaded. By adding nf_conntrack to the /etc/modules file it guarantees that it will be loaded before the rules are applied. Closes-Bug: #1922778 Change-Id: I51dae65cdc06e35230160bcaedda99710a72617d
2024-04-15 13:45:45 -03:00
def ensure_nf_conntrack_module_loaded(sysctl_str):
"""Loads and writes nf_conntrack to /etc/modules if present in sysctls."""
# abort if empty or container
if not sysctl_str or is_container():
return
try:
sysctl_dict = yaml.safe_load(sysctl_str)
except yaml.YAMLError:
log("Error parsing YAML sysctl_dict: {}".format(sysctl_str),
level=ERROR)
return
if any("nf_conntrack" in key for key in sysctl_dict.keys()):
try:
# this call loads the module and writes an entry in /etc/modules
# for automatic loading at early boot
modprobe("nf_conntrack")
except Exception as e:
log("Failed to load or persist nf_conntrack"
" kernel module: {}".format(e), level=WARNING)
Ensure apparmor is configured when writing files When re-writing files, the apparmor configuration is not written, this will fix this to ensure that aa-profile-mode is respected Closes-Bug: 1947389 Change-Id: I79e9625ab4d261845822d4825ba1ed7e31d0b1e0
2021-12-07 15:33:24 +00:00
def update_all_configs():
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and
config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
def install_vaultlocker():
"""Determine whether vaultlocker is required and install"""
if config('encrypt'):
installed = len(filter_installed_packages(['vaultlocker'])) == 0
if not installed:
apt_install('vaultlocker', fatal=True)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Install multipath dependencies when use-multipath is True This change ensures that the multipath dependencies are installed on the compute node when the use-multipath config flag is enabled. Change-Id: I39b017398b95f5901d9bc57ffa0c59ff59f3a359 Closes-Bug: #1806830
2019-02-04 19:43:49 -07:00
def install_multipath():
if config('use-multipath'):
installed = len(filter_installed_packages(MULTIPATH_PACKAGES)) == 0
if not installed:
apt_install(MULTIPATH_PACKAGES, fatal=True)
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
def install_swtpm():
if config('enable-vtpm'):
installed = len(filter_installed_packages(SWTPM_PACKAGES)) == 0
if not installed:
try:
apt_install(SWTPM_PACKAGES, fatal=True)
except Exception:
log('Error installing swtpm packages. Try adding extra '
'repositories containing swtpm packages or disabling '
'vtpm by setting enable-vtpm=False.', ERROR)
raise
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
@hooks.hook('amqp-relation-joined')
Switch to using common vhost for all openstack services
2013-10-17 20:25:15 +01:00
def amqp_joined(relation_id=None):
relation_set(relation_id=relation_id,
username=config('rabbit-user'),
vhost=config('rabbit-vhost'))
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
@hooks.hook('amqp-relation-changed')
added amqp relation departed
2014-01-30 12:46:46 +01:00
@hooks.hook('amqp-relation-departed')
@restart_on_change(restart_map())
Remove duplicate function
2014-02-13 09:49:17 +01:00
def amqp_changed():
added amqp relation departed
2014-01-30 12:46:46 +01:00
if 'amqp' not in CONFIGS.complete_contexts():
log('amqp relation incomplete. Peer not ready?')
return
CONFIGS.write(NOVA_CONF)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
@hooks.hook('image-service-relation-changed')
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
@restart_on_change(restart_map())
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
def image_service_changed():
if 'image-service' not in CONFIGS.complete_contexts():
log('image-service relation incomplete. Peer not ready?')
return
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
CONFIGS.write(NOVA_CONF)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Add ability to provide another ephemeral storage for nova-compute Nova has configuration option to specify ephemeral storage - images_type But right now this charm allows to specify only ceph via relation to ceph. This changeset adds ability to specify any images_type and add ability to provide configuration for the ephemeral backend via relation. Same functionality implemented in cinder charm via storage-backend interface. Change-Id: Id851e172aed53723d4d8fb6623ff1c4b4a03fefa
2016-06-17 18:38:26 +03:00
@hooks.hook('ephemeral-backend-relation-changed',
'ephemeral-backend-relation-broken')
@restart_on_change(restart_map())
def ephemeral_backend_hook():
if 'ephemeral-backend' not in CONFIGS.complete_contexts():
log('ephemeral-backend relation incomplete. Peer not ready?')
return
CONFIGS.write(NOVA_CONF)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
@hooks.hook('cloud-compute-relation-joined')
def compute_joined(rid=None):
Add hostname to cloud-compute relation for MAAS environment SSH keyscanning
2014-06-12 10:40:30 +01:00
# NOTE(james-page) in MAAS environments the actual hostname is a CNAME
# record so won't get scanned based on private-address which is an IP
# add the hostname configured locally to the relation.
settings = {
Make the cloud-compute relation net spaces aware When nova compute is deployed with multiple network interfaces configured. It may be necessary to specify which interface to use for the cloud-compute relation. Do not use unit_get('private-address') which gives unpredictable results. Instead, leverage network-get for network spaces aware address selection. Charm helpers sync to pull in generalized get_relation_ip() used in other charms which checks network-get after checking for all of the edge cases including IPv6 and config overrides. Use get_relation_ip() for address selection. This allows for specifying a network space in a bundle when using MAAS 2.x. This guarantees the charm will select the correct interface and IP for the network space. nova-compute: bindings: cloud-compute: internal-space Closes-bug: #1670866 Change-Id: Ib43a7a52acf5a07b68dea808082da0ba6eb237c1
2017-03-07 08:33:13 -08:00
'hostname': gethostname(),
my_ip should belong to internal-network rather than data-network When defining os-data-network=10.10.1.0/24, os-internal-network=10.12.1.0/24 and not defining os-data-space, private-address of nova-compute units will be in 10.10.1.0/24 because now 10.10.1.0/24 and 10.12.1.0/24 are all in internal-network. nova-cloud-controller units can't collect public keys of nova-compute units because they don't have NIC belonged to 10.10.1.0/24. This will lead to some problems when resizing/migrating VM. This problem can be fixed by defining os-internal-space for cloud-compute because at this time private-address of nova-compute units will be in 10.12.1.0/24. bindings: cloud-compute: *os-internal-space However, the nova-compute charm has an os-internal-network option, this should also be referenced as a way to do this since not everybody uses spaces. This patch is used to deliver this point, then we can fix this problem by running the following command: juju config nova-compute os-internal-network='10.12.1.0/24' Change-Id: I70b096fd709e5ec8d8a47d2d11f71ed3ea780c5d Closes-Bug: 1686882
2017-07-05 16:58:00 +08:00
'private-address': get_relation_ip(
Use correct space binding for live migration Ensure that the 'migration' network space binding or the fallback configuration option is passed to the nova-cloud-controller application so that the correct IP address is SSH host scanned during setup of live migration between hypervisors. Change-Id: I6e20cd0b03f564ee9c110cf58fb0466f6a1f6c82 Closes-Bug: 1874235
2020-05-26 09:20:38 +01:00
'migration', cidr_network=config('libvirt-migration-network')),
Add hostname to cloud-compute relation for MAAS environment SSH keyscanning
2014-06-12 10:40:30 +01:00
}
Make the cloud-compute relation net spaces aware When nova compute is deployed with multiple network interfaces configured. It may be necessary to specify which interface to use for the cloud-compute relation. Do not use unit_get('private-address') which gives unpredictable results. Instead, leverage network-get for network spaces aware address selection. Charm helpers sync to pull in generalized get_relation_ip() used in other charms which checks network-get after checking for all of the edge cases including IPv6 and config overrides. Use get_relation_ip() for address selection. This allows for specifying a network space in a bundle when using MAAS 2.x. This guarantees the charm will select the correct interface and IP for the network space. nova-compute: bindings: cloud-compute: internal-space Closes-bug: #1670866 Change-Id: Ib43a7a52acf5a07b68dea808082da0ba6eb237c1
2017-03-07 08:33:13 -08:00
Use get_availability_zone() on cloud-compute relation Commit 9f4369d9 added a feature to set the availability zone of the nova-compute unit on the cloud-compute relation. This uses the value of the JUJU_AVAILABILITY_ZONE environment variable, which is not consistent with how the nova-compute service sets its availability zone. Use the nova_compute_utils.get_availability_zone() method instead. Closes-Bug #1925412 Change-Id: Ie68ecd808a60baf0d5bfe526f4355ce3c7ae5c77
2021-04-21 20:48:46 -07:00
az = get_availability_zone()
if az:
relation_set(relation_id=rid, availability_zone=az)
Set availability_zone as part of the cloud-compute relation A new Juju action, to the nova-cloud-controller charm, will be added to sync the nova-compute units Juju availability zones with the availability from OpenStack. It is useful in the context of a MAAS deployment, in order to map MAAS AZs to OpenStack AZs. Change-Id: I62f68f0c0c97aeca20a8afb32095d2972abd8473
2021-02-03 15:17:25 +00:00
Initial cut of feature to enable resize of instances
2013-12-16 10:10:19 +00:00
if migration_enabled():
auth_type = config('migration-auth-type')
Add hostname to cloud-compute relation for MAAS environment SSH keyscanning
2014-06-12 10:40:30 +01:00
settings['migration_auth_type'] = auth_type
Initial cut of feature to enable resize of instances
2013-12-16 10:10:19 +00:00
if auth_type == 'ssh':
settings['ssh_public_key'] = public_ssh_key()
relation_set(relation_id=rid, **settings)
if config('enable-resize'):
Add hostname to cloud-compute relation for MAAS environment SSH keyscanning
2014-06-12 10:40:30 +01:00
settings['nova_ssh_public_key'] = public_ssh_key(user='nova')
Initial cut of feature to enable resize of instances
2013-12-16 10:10:19 +00:00
relation_set(relation_id=rid, **settings)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
@hooks.hook('cloud-compute-relation-changed')
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
@restart_on_change(restart_map())
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
def compute_changed():
Add libvirt context to enable TCP listening when migration is configured.
2013-07-30 19:40:47 -07:00
# rewriting all configs to pick up possible net or vol manager
# config advertised from controller.
Ensure apparmor is configured when writing files When re-writing files, the apparmor configuration is not written, this will fix this to ensure that aa-profile-mode is respected Closes-Bug: 1947389 Change-Id: I79e9625ab4d261845822d4825ba1ed7e31d0b1e0
2021-12-07 15:33:24 +00:00
update_all_configs()
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
import_authorized_keys()
Initial cut of feature to enable resize of instances
2013-12-16 10:10:19 +00:00
import_authorized_keys(user='nova', prefix='nova')
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
import_keystone_ca_cert()
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
@hooks.hook('ironic-api-relation-changed')
@restart_on_change(restart_map())
def ironic_api_changed():
CONFIGS.write(NOVA_CONF)
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
@hooks.hook('ceph-access-relation-joined')
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
@hooks.hook('ceph-relation-joined')
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
@restart_on_change(restart_map())
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
def ceph_joined():
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
pkgs = filter_installed_packages(['ceph-common'])
if pkgs:
status_set('maintenance', 'Installing ceph-common package')
apt_install(pkgs, fatal=True)
# Bug 1427660
if not is_unit_paused_set() and config('virt-type') in LIBVIRT_TYPES:
service_restart(libvirt_daemon())
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
# install old credentials first for backwards compatibility
Revert "Fix migration across apps when using VMs created from image" This reverts commit c3c2cf0349c086dad7f23b180c3ee9ea0f865e8f. Reason for revert: This introduces an undesired behavior when scaling-out that needs to be addressed in a complementary patch. Change-Id: I21c127aa565e489ba4d93a1efc8ddba63ef32e87
2023-10-05 09:22:10 +00:00
send_application_name()
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Switch to using shared Ceph broker code in charmhelpers
2015-08-27 09:04:55 +00:00
def get_ceph_request():
rq = CephBrokerRq()
Add support for cephx pool grouping and permissions Sync charmhelpers and add configuration option to allow access to ceph pools to be limited based on grouping. Nova will require access to volumes, images and vms pool groups. Change-Id: I1c188d983609577ab34f7aef7854954c104b58bd Partial-Bug: 1424771
2017-02-14 12:26:48 +00:00
if (config('libvirt-image-backend') == 'rbd' and
assert_libvirt_rbd_imagebackend_allowed()):
Add support for Erasure Coded pools Enable support for use of Erasure Coded (EC) pools for nova disks when RBD is used to back ephemeral storage volumes. Add the standard set of EC based configuration options to the charm. Update Ceph broker request to create a replicated pool, an erasure coding profile and an erasure coded pool (using the profile) when pool-type == erasure-coded is specified. Resync charm-helpers to pick changes to the standard ceph.conf template and associated contexts for rbd default data pool mangle due to lack for explicit support in OpenStack Services. Update context to use metadata pool name in nova configuration when erasure-coding is enabled. Change-Id: Ida0b9c889ddf9fcc0847a9cee01b3206239d9318 Depends-On: Iec4de19f7b39f0b08158d96c5cc1561b40aefa10
2020-08-04 14:04:04 +01:00
pool_name = config('rbd-pool')
Add support for cephx pool grouping and permissions Sync charmhelpers and add configuration option to allow access to ceph pools to be limited based on grouping. Nova will require access to volumes, images and vms pool groups. Change-Id: I1c188d983609577ab34f7aef7854954c104b58bd Partial-Bug: 1424771
2017-02-14 12:26:48 +00:00
replicas = config('ceph-osd-replication-count')
weight = config('ceph-pool-weight')
Add Ceph BlueStore Compression support Sync c-h. Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/429 Change-Id: I3bbf41350c18ac5cc045392ace6e14118b04e1e8
2020-08-28 16:40:28 +02:00
bluestore_compression = ch_context.CephBlueStoreCompressionContext()
Add support for Erasure Coded pools Enable support for use of Erasure Coded (EC) pools for nova disks when RBD is used to back ephemeral storage volumes. Add the standard set of EC based configuration options to the charm. Update Ceph broker request to create a replicated pool, an erasure coding profile and an erasure coded pool (using the profile) when pool-type == erasure-coded is specified. Resync charm-helpers to pick changes to the standard ceph.conf template and associated contexts for rbd default data pool mangle due to lack for explicit support in OpenStack Services. Update context to use metadata pool name in nova configuration when erasure-coding is enabled. Change-Id: Ida0b9c889ddf9fcc0847a9cee01b3206239d9318 Depends-On: Iec4de19f7b39f0b08158d96c5cc1561b40aefa10
2020-08-04 14:04:04 +01:00
if config('pool-type') == 'erasure-coded':
# General EC plugin config
plugin = config('ec-profile-plugin')
technique = config('ec-profile-technique')
device_class = config('ec-profile-device-class')
metadata_pool_name = (
config('ec-rbd-metadata-pool') or
"{}-metadata".format(pool_name)
)
bdm_k = config('ec-profile-k')
bdm_m = config('ec-profile-m')
# LRC plugin config
bdm_l = config('ec-profile-locality')
crush_locality = config('ec-profile-crush-locality')
# SHEC plugin config
bdm_c = config('ec-profile-durability-estimator')
# CLAY plugin config
bdm_d = config('ec-profile-helper-chunks')
scalar_mds = config('ec-profile-scalar-mds')
# Profile name
profile_name = (
config('ec-profile-name') or
"{}-profile".format(pool_name)
)
# Metadata sizing is approximately 1% of overall data weight
# but is in effect driven by the number of rbd's rather than
# their size - so it can be very lightweight.
metadata_weight = weight * 0.01
Spelling fixes found by codespell. Change-Id: I819aa04eef6cc72a24ecaf39a350b30015612165
2021-09-21 19:28:46 +01:00
# Resize data pool weight to accommodate metadata weight
Add support for Erasure Coded pools Enable support for use of Erasure Coded (EC) pools for nova disks when RBD is used to back ephemeral storage volumes. Add the standard set of EC based configuration options to the charm. Update Ceph broker request to create a replicated pool, an erasure coding profile and an erasure coded pool (using the profile) when pool-type == erasure-coded is specified. Resync charm-helpers to pick changes to the standard ceph.conf template and associated contexts for rbd default data pool mangle due to lack for explicit support in OpenStack Services. Update context to use metadata pool name in nova configuration when erasure-coding is enabled. Change-Id: Ida0b9c889ddf9fcc0847a9cee01b3206239d9318 Depends-On: Iec4de19f7b39f0b08158d96c5cc1561b40aefa10
2020-08-04 14:04:04 +01:00
weight = weight - metadata_weight
# Create metadata pool
rq.add_op_create_pool(
name=metadata_pool_name, replica_count=replicas,
weight=metadata_weight, group='vms', app_name='rbd'
)
# Create erasure profile
rq.add_op_create_erasure_profile(
name=profile_name,
k=bdm_k, m=bdm_m,
lrc_locality=bdm_l,
lrc_crush_locality=crush_locality,
shec_durability_estimator=bdm_c,
clay_helper_chunks=bdm_d,
clay_scalar_mds=scalar_mds,
device_class=device_class,
erasure_type=plugin,
erasure_technique=technique
)
# Create EC data pool
Add Ceph BlueStore Compression support Sync c-h. Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/429 Change-Id: I3bbf41350c18ac5cc045392ace6e14118b04e1e8
2020-08-28 16:40:28 +02:00
# NOTE(fnordahl): once we deprecate Python 3.5 support we can do
# the unpacking of the BlueStore compression arguments as part of
# the function arguments. Until then we need to build the dict
# prior to the function call.
kwargs = {
'name': pool_name,
'erasure_profile': profile_name,
'weight': weight,
'group': "vms",
'app_name': "rbd",
'allow_ec_overwrites': True
}
kwargs.update(bluestore_compression.get_kwargs())
rq.add_op_create_erasure_pool(**kwargs)
Add support for Erasure Coded pools Enable support for use of Erasure Coded (EC) pools for nova disks when RBD is used to back ephemeral storage volumes. Add the standard set of EC based configuration options to the charm. Update Ceph broker request to create a replicated pool, an erasure coding profile and an erasure coded pool (using the profile) when pool-type == erasure-coded is specified. Resync charm-helpers to pick changes to the standard ceph.conf template and associated contexts for rbd default data pool mangle due to lack for explicit support in OpenStack Services. Update context to use metadata pool name in nova configuration when erasure-coding is enabled. Change-Id: Ida0b9c889ddf9fcc0847a9cee01b3206239d9318 Depends-On: Iec4de19f7b39f0b08158d96c5cc1561b40aefa10
2020-08-04 14:04:04 +01:00
else:
Add Ceph BlueStore Compression support Sync c-h. Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/429 Change-Id: I3bbf41350c18ac5cc045392ace6e14118b04e1e8
2020-08-28 16:40:28 +02:00
kwargs = {
'name': pool_name,
'replica_count': replicas,
'weight': weight,
'group': 'vms',
'app_name': 'rbd',
}
kwargs.update(bluestore_compression.get_kwargs())
rq.add_op_create_replicated_pool(**kwargs)
Add support for Erasure Coded pools Enable support for use of Erasure Coded (EC) pools for nova disks when RBD is used to back ephemeral storage volumes. Add the standard set of EC based configuration options to the charm. Update Ceph broker request to create a replicated pool, an erasure coding profile and an erasure coded pool (using the profile) when pool-type == erasure-coded is specified. Resync charm-helpers to pick changes to the standard ceph.conf template and associated contexts for rbd default data pool mangle due to lack for explicit support in OpenStack Services. Update context to use metadata pool name in nova configuration when erasure-coding is enabled. Change-Id: Ida0b9c889ddf9fcc0847a9cee01b3206239d9318 Depends-On: Iec4de19f7b39f0b08158d96c5cc1561b40aefa10
2020-08-04 14:04:04 +01:00
Add support for cephx pool grouping and permissions Sync charmhelpers and add configuration option to allow access to ceph pools to be limited based on grouping. Nova will require access to volumes, images and vms pool groups. Change-Id: I1c188d983609577ab34f7aef7854954c104b58bd Partial-Bug: 1424771
2017-02-14 12:26:48 +00:00
if config('restrict-ceph-pools'):
Request class-read object_prefix rbd_children perm When using ceph as a backend request the additional privilege class-read on rbd_children. This fixes bug 1696073. Change-Id: I468cfb5026751b96feba013b4e6ae74ff8da38ca Closes-Bug: #1696073
2018-05-31 17:04:33 +02:00
rq.add_op_request_access_to_group(
name="volumes",
object_prefix_permissions={'class-read': ['rbd_children']},
permission='rwx')
rq.add_op_request_access_to_group(
name="images",
object_prefix_permissions={'class-read': ['rbd_children']},
permission='rwx')
rq.add_op_request_access_to_group(
name="vms",
object_prefix_permissions={'class-read': ['rbd_children']},
permission='rwx')
Switch to using shared Ceph broker code in charmhelpers
2015-08-27 09:04:55 +00:00
return rq
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
@hooks.hook('ceph-relation-changed')
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
@restart_on_change(restart_map())
[hopem,r=] Ensure libvirt image backend pool is configured if RBDImageBackend enabled post-deploy. Closes-Bug: 1489463
2016-02-09 15:55:14 +00:00
def ceph_changed(rid=None, unit=None):
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
if 'ceph' not in CONFIGS.complete_contexts():
log('ceph relation incomplete. Peer not ready?')
return
added ceph broker call to create nova rbd pool
2014-11-11 14:11:34 +00:00
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
sent_app_name = sent_ceph_application_name()
if sent_app_name == CEPH_AUTH_CRED_NAME:
secret_uuid = CEPH_SECRET_UUID
else:
secret_uuid = CEPH_OLD_SECRET_UUID
if not ensure_ceph_keyring(service=sent_app_name, user='nova',
keyring user/group need to be unix ids not service name
2014-11-11 21:23:57 +00:00
group='nova'):
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
log('Could not create ceph keyring '
'for {}: peer not ready?'.format(sent_app_name))
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
return
Checkin templates.
2013-07-30 20:39:44 -07:00
Add helper function for generating ceph configuration filename
2013-10-10 12:41:00 +01:00
CONFIGS.write(ceph_config_file())
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
CONFIGS.write(CEPH_SECRET)
CONFIGS.write(NOVA_CONF)
Checkin templates.
2013-07-30 20:39:44 -07:00
Move creation of libvirt secret out of context and into a utility helper.
2013-09-03 17:16:15 -07:00
# With some refactoring, this can move into NovaComputeCephContext
# and allow easily extended to support other compute flavors.
[hopem,r=] Ensure libvirt image backend pool is configured if RBDImageBackend enabled post-deploy. Closes-Bug: 1489463
2016-02-09 15:55:14 +00:00
key = relation_get(attribute='key', rid=rid, unit=unit)
if config('virt-type') in ['kvm', 'qemu', 'lxc'] and key:
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
create_libvirt_secret(secret_file=CEPH_SECRET,
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
secret_uuid=secret_uuid, key=key)
if sent_app_name != CEPH_AUTH_CRED_NAME:
log('Sending application name for new ceph credentials after '
'setting up the old credentials')
send_application_name(relid=rid, app_name=CEPH_AUTH_CRED_NAME)
Move creation of libvirt secret out of context and into a utility helper.
2013-09-03 17:16:15 -07:00
Add Ceph BlueStore Compression support Sync c-h. Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/429 Change-Id: I3bbf41350c18ac5cc045392ace6e14118b04e1e8
2020-08-28 16:40:28 +02:00
try:
_handle_ceph_request()
except ValueError as e:
# The end user has most likely provided a invalid value for a
# configuration option. Just log the traceback here, the end
# user will be notified by assess_status() called at the end of
# the hook execution.
log('Caught ValueError, invalid value provided for '
'configuration?: "{}"'.format(str(e)),
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
level=WARNING)
Prevent unnecessary nova-compute restarts on ceph_changed Function 'is_broker_action_done' should return False when it finds a response from ceph broker not marked done, in order to trigger a nova restart. However, it also returns False if there is no response data from ceph broker, triggering an unecessary restart. The function 'ceph_changed' is invoked under different remote unit contexts when there are updates to the relation. When querying the broker response, only the context of the remote unit that is the broker can see the response, unless specifically queried for that given unit. The 'ceph_changed' invocations under a remote context that are not the broker end up returning False in 'is_broker_action_done' and causing restarts, even after the action is already marked done. This also happens on 'config-changed' hooks. To fix this problem, the logic is now changed have each 'ceph_changed' invocation loop through units and process the broker response, regardless of remote context. This is an initial change to address the issue locally in nova-compute charm. A later change will be worked on to move the new helper methods to charmhelpers, refactoring the existing ones there. Change-Id: I2b41f8b252f4ccb68830e90c5e68456e15372bcf Closes-bug: #1835045
2019-07-11 17:44:09 -03:00
# TODO: Refactor this method moving part of this logic to charmhelpers,
# refacting the existing ones.
def _handle_ceph_request():
"""Handles the logic for sending and acknowledging Ceph broker requests."""
# First, we create a request. We will test if this request is equivalent
# to a previous one. If it is not, we will send it.
request = get_ceph_request()
log("New ceph request {} created.".format(request.request_id), level=DEBUG)
# Here we will know if the new request is equivalent, and if it is, whether
# it has completed, or just sent.
states = get_request_states(request, relation='ceph')
log("Request states: {}.".format(states), level=DEBUG)
complete = True
sent = True
# According to existing ceph broker messaging logic, we are expecting only
# 1 rid.
for rid in states.keys():
if not states[rid]['complete']:
complete = False
if not states[rid]['sent']:
sent = False
if not sent and not complete:
break
# If either complete or sent is True, then get_request_states has validated
# that the current request is equivalent to a previously sent request.
if complete:
log('Previous request complete.')
# If the request is complete, we need to restart nova once and mark it
# restarted. The broker response comes from a specific unit, and can
# only be read when this hook is invoked by the remote unit (the
# broker), unless specifically queried for the given unit. Therefore,
# we iterate across all units to find which has the broker response,
# and we process the response regardless of this execution context.
broker_rid, broker_unit = _get_broker_rid_unit_for_previous_request()
# If we cannot determine which unit has the response, then it means
# there is no response yet.
if (broker_rid, broker_unit) == (None, None):
log("Aborting because there is no broker response "
"for any unit at the moment.", level=DEBUG)
return
Add support for cephx pool grouping and permissions Sync charmhelpers and add configuration option to allow access to ceph pools to be limited based on grouping. Nova will require access to volumes, images and vms pool groups. Change-Id: I1c188d983609577ab34f7aef7854954c104b58bd Partial-Bug: 1424771
2017-02-14 12:26:48 +00:00
# Ensure that nova-compute is restarted since only now can we
# guarantee that ceph resources are ready, but only if not paused.
Prevent repeated nova-compute service restart Once a ceph broker request has completed and the nova-compute service has been restarted as a result, ensure that this does not get retriggered when the ceph relation fires as a result of a peer unit's data coming onto the wire and no new information is provided to the local unit. Change-Id: Ie359a0ec9af7edfb9d453dcf4dbd9880af324d37 Closes-Bug: 1694963
2017-06-07 18:39:10 +01:00
if (not is_unit_paused_set() and
Prevent unnecessary nova-compute restarts on ceph_changed Function 'is_broker_action_done' should return False when it finds a response from ceph broker not marked done, in order to trigger a nova restart. However, it also returns False if there is no response data from ceph broker, triggering an unecessary restart. The function 'ceph_changed' is invoked under different remote unit contexts when there are updates to the relation. When querying the broker response, only the context of the remote unit that is the broker can see the response, unless specifically queried for that given unit. The 'ceph_changed' invocations under a remote context that are not the broker end up returning False in 'is_broker_action_done' and causing restarts, even after the action is already marked done. This also happens on 'config-changed' hooks. To fix this problem, the logic is now changed have each 'ceph_changed' invocation loop through units and process the broker response, regardless of remote context. This is an initial change to address the issue locally in nova-compute charm. A later change will be worked on to move the new helper methods to charmhelpers, refactoring the existing ones there. Change-Id: I2b41f8b252f4ccb68830e90c5e68456e15372bcf Closes-bug: #1835045
2019-07-11 17:44:09 -03:00
not is_broker_action_done('nova_compute_restart', broker_rid,
broker_unit)):
log('Restarting Nova Compute as per request '
'{}.'.format(request.request_id), level=DEBUG)
Add support for cephx pool grouping and permissions Sync charmhelpers and add configuration option to allow access to ceph pools to be limited based on grouping. Nova will require access to volumes, images and vms pool groups. Change-Id: I1c188d983609577ab34f7aef7854954c104b58bd Partial-Bug: 1424771
2017-02-14 12:26:48 +00:00
service_restart('nova-compute')
Prevent unnecessary nova-compute restarts on ceph_changed Function 'is_broker_action_done' should return False when it finds a response from ceph broker not marked done, in order to trigger a nova restart. However, it also returns False if there is no response data from ceph broker, triggering an unecessary restart. The function 'ceph_changed' is invoked under different remote unit contexts when there are updates to the relation. When querying the broker response, only the context of the remote unit that is the broker can see the response, unless specifically queried for that given unit. The 'ceph_changed' invocations under a remote context that are not the broker end up returning False in 'is_broker_action_done' and causing restarts, even after the action is already marked done. This also happens on 'config-changed' hooks. To fix this problem, the logic is now changed have each 'ceph_changed' invocation loop through units and process the broker response, regardless of remote context. This is an initial change to address the issue locally in nova-compute charm. A later change will be worked on to move the new helper methods to charmhelpers, refactoring the existing ones there. Change-Id: I2b41f8b252f4ccb68830e90c5e68456e15372bcf Closes-bug: #1835045
2019-07-11 17:44:09 -03:00
mark_broker_action_done('nova_compute_restart',
broker_rid, broker_unit)
Add support for cephx pool grouping and permissions Sync charmhelpers and add configuration option to allow access to ceph pools to be limited based on grouping. Nova will require access to volumes, images and vms pool groups. Change-Id: I1c188d983609577ab34f7aef7854954c104b58bd Partial-Bug: 1424771
2017-02-14 12:26:48 +00:00
else:
Prevent unnecessary nova-compute restarts on ceph_changed Function 'is_broker_action_done' should return False when it finds a response from ceph broker not marked done, in order to trigger a nova restart. However, it also returns False if there is no response data from ceph broker, triggering an unecessary restart. The function 'ceph_changed' is invoked under different remote unit contexts when there are updates to the relation. When querying the broker response, only the context of the remote unit that is the broker can see the response, unless specifically queried for that given unit. The 'ceph_changed' invocations under a remote context that are not the broker end up returning False in 'is_broker_action_done' and causing restarts, even after the action is already marked done. This also happens on 'config-changed' hooks. To fix this problem, the logic is now changed have each 'ceph_changed' invocation loop through units and process the broker response, regardless of remote context. This is an initial change to address the issue locally in nova-compute charm. A later change will be worked on to move the new helper methods to charmhelpers, refactoring the existing ones there. Change-Id: I2b41f8b252f4ccb68830e90c5e68456e15372bcf Closes-bug: #1835045
2019-07-11 17:44:09 -03:00
if sent:
log("Request {} already sent, not sending "
"another.".format(request.request_id), level=DEBUG)
else:
log("Request {} not sent, sending it "
"now.".format(request.request_id), level=DEBUG)
for rid in relation_ids('ceph'):
log('Sending request {}'.format(request.request_id),
level=DEBUG)
relation_set(relation_id=rid, broker_req=request.request)
# TODO: Move this method to charmhelpers while refactoring the existing ones
def _get_broker_rid_unit_for_previous_request():
"""Gets the broker rid and unit combination that has a response for the
previous sent request."""
broker_key = get_broker_rsp_key()
log("Broker key is {}.".format(broker_key), level=DEBUG)
for rid in relation_ids('ceph'):
previous_request = get_previous_request(rid)
for unit in related_units(rid):
rdata = relation_get(rid=rid, unit=unit)
if rdata.get(broker_key):
rsp = CephBrokerRsp(rdata.get(broker_key))
if rsp.request_id == previous_request.request_id:
log("Found broker rid/unit: {}/{}".format(rid, unit),
level=DEBUG)
return rid, unit
log("There is no broker response for any unit at the moment.", level=DEBUG)
return None, None
added ceph broker call to create nova rbd pool
2014-11-11 14:11:34 +00:00
Checkin templates.
2013-07-30 20:39:44 -07:00
Clean up stale ceph keyring [cbjchen,r=] Clean up the keyring after ceph relation is broken. So when next time ceph relation is joined, ensure_ceph_keyring will not ignore the new key because of the existance of the old one.
2015-02-06 13:09:18 -05:00
@hooks.hook('ceph-relation-broken')
def ceph_broken():
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
delete_keyring(service=CEPH_AUTH_CRED_NAME)
# cleanup old entries based on application name
svc_name = service_name()
if svc_name != CEPH_AUTH_CRED_NAME:
delete_keyring(service=svc_name)
Ensure apparmor is configured when writing files When re-writing files, the apparmor configuration is not written, this will fix this to ensure that aa-profile-mode is respected Closes-Bug: 1947389 Change-Id: I79e9625ab4d261845822d4825ba1ed7e31d0b1e0
2021-12-07 15:33:24 +00:00
update_all_configs()
Clean up stale ceph keyring [cbjchen,r=] Clean up the keyring after ceph relation is broken. So when next time ceph relation is joined, ensure_ceph_keyring will not ignore the new key because of the existance of the old one.
2015-02-06 13:09:18 -05:00
Remove databases relation Since Icehouse nova-compute does not need to access to a database, all accesses are made through nova-conductor. This patch removes shared-db relation and their hook handler. Change-Id: I7c4f6a70785d7dad1727d52cf86508209849ca35 Closes-Bug: 1713807
2017-10-02 17:59:34 -03:00
@hooks.hook('amqp-relation-broken', 'image-service-relation-broken')
Add generic relation broken hook.
2013-08-20 12:10:36 -07:00
@restart_on_change(restart_map())
def relation_broken():
Ensure apparmor is configured when writing files When re-writing files, the apparmor configuration is not written, this will fix this to ensure that aa-profile-mode is respected Closes-Bug: 1947389 Change-Id: I79e9625ab4d261845822d4825ba1ed7e31d0b1e0
2021-12-07 15:33:24 +00:00
update_all_configs()
Add generic relation broken hook.
2013-08-20 12:10:36 -07:00
Ensure that all packaged python deps are installed on upgrade The referenced bug indicates that if the charm upgrades on a previous py2 version of the charm then the upgrade fails due to a missing package (in this python3-yaml). This patchset ensures that the python3 versions of the dependency packages are installed. Change-Id: I8b07de3b2f950237518c0555db1288f9b2c0aabf Closes-Bug: #1746650
2019-11-29 15:25:26 +00:00
@hooks.hook('upgrade-charm.real')
Add hardening support Add charmhelpers.contrib.hardening and calls to install, config-changed, upgrade-charm and update-status hooks. Also add new config option to allow one or more hardening modules to be applied at runtime. Change-Id: I525c15a14662175f2a68cdcd25a3ab2c92237850
2016-03-22 21:00:45 +00:00
@harden()
Switch to using common vhost for all openstack services
2013-10-17 20:25:15 +01:00
def upgrade_charm():
upgrade-charm: filter previously installed packages The upgrade-charm hook installs any new packages required for the new charm version however this needs to be filtered against previously installed packages to ensure that pending package updates don't get applied to the system as a side effect of upgrading the charm. Change-Id: I6c490f9af2312dc42f2b56e0b7ce8c802e3aac1d Closes-Bug: 1812982
2019-01-23 17:09:15 +00:00
apt_install(filter_installed_packages(determine_packages()),
fatal=True)
psutil install
2015-08-13 10:16:35 +01:00
# NOTE: ensure psutil install for hugepages configuration
Workload Status
2015-09-25 15:12:01 -07:00
status_set('maintenance', 'Installing apt packages')
psutil install
2015-08-13 10:16:35 +01:00
apt_install(filter_installed_packages(['python-psutil']))
Purge old packages on upgrade-charm On charm upgrade the charm may switch to py3 packages. If so, ensure the old py2 packages are purged. If the purge occurs then restart services. Change-Id: I17abef16afbb8c62dae1b725c74c39cec414f4f8 Closes-Bug: 1803451
2018-11-15 15:13:19 +00:00
packages_removed = remove_old_packages()
if packages_removed and not is_unit_paused_set():
log("Package purge detected, restarting services", "INFO")
for s in services():
service_restart(s)
Switch to using common vhost for all openstack services
2013-10-17 20:25:15 +01:00
for r_id in relation_ids('amqp'):
amqp_joined(relation_id=r_id)
[v2] Fix migration across nova-compute apps using ceph This change reworks previous changes [1] and [2] that had been respectively reverted and abandoned. When using the config libvirt-image-backend=rbd, VMs created from image have their disk data stored in ceph instead of the compute node itself. When performing live-migrations, both nodes need to access the same ceph credentials to access the VM's disk in ceph, but this is currently not possible if the nodes involved pertain to different nova-compute charm apps. This patch changes app name sent to ceph to 'nova-compute-ceph-auth-c91ce26f', a unique name common to all nova-compute apps, allowing all nova-compute apps to use the same ceph auth. This change also ensures newly deployed nodes install the old credentials first on ceph-joined hook, and then supercedes it with the new credentials on ceph-changed hook, therefore also retaining the old credentials. This patch also includes the charmhelpers sync from PR: #840 [1] https://review.opendev.org/889642 [2] https://review.opendev.org/896155 Closes-bug: #2028559 Related-bug: #2037003 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1149 Change-Id: I1ae12d787a1f8e7761ca06b5a80049c1c62e9e90
2023-10-06 10:24:48 -03:00
# Trigger upgrade-path from application_name to 'nova-compute'
if sent_ceph_application_name() != CEPH_AUTH_CRED_NAME:
for r_id in relation_ids('ceph'):
send_application_name(relid=r_id, app_name=CEPH_AUTH_CRED_NAME)
Fixes bug LP: #1448143
2015-04-24 10:43:58 -03:00
if is_relation_made('nrpe-external-master'):
update_nrpe_config()
Switch to using common vhost for all openstack services
2013-10-17 20:25:15 +01:00
Fixing /var/run/ceph/ directory permissions In previous versions of the charm the directory /var/run/ceph/ was created with access permissions only for root. Consequently libvirt had no access to the rbd admin socket. Prior installations are also fixed through update-charm. Change-Id: I7f8054a404de9910bc070b288e1df1ce8dcf754e Closes-Bug: #1779676
2018-07-03 13:31:56 +02:00
# Fix previously wrongly created path permissions
# LP: https://bugs.launchpad.net/charm-cinder-ceph/+bug/1779676
asok_path = '/var/run/ceph/'
gid = grp.getgrnam("kvm").gr_gid
if gid and os.path.isdir(asok_path) and gid != os.stat(asok_path).st_gid:
log("{} not owned by group 'kvm', fixing permissions."
.format(asok_path))
shutil.chown(asok_path, group='kvm')
Switch to using common vhost for all openstack services
2013-10-17 20:25:15 +01:00
Trigger ceilometer-agent after upgrade Send trigger to ceilometer-agent after an upgrade to trigger an upgrade. This follows the same pattern as other OpenStack subordinatees. Change-Id: Ic07d53c02b84d210aefd47e49a42002fac801ff4 Closes-Bug: #1802400
2018-11-11 18:34:20 +00:00
@hooks.hook('nova-ceilometer-relation-joined')
def nova_ceilometer_joined(relid=None, remote_restart=False):
if remote_restart:
rel_settings = {
'restart-trigger': str(uuid.uuid4())}
relation_set(relation_id=relid, relation_settings=rel_settings)
Add new locally scoped relation and context updates for nova-ceilometer
2013-11-29 15:35:28 +00:00
@hooks.hook('nova-ceilometer-relation-changed')
@restart_on_change(restart_map())
def nova_ceilometer_relation_changed():
Ensure apparmor is configured when writing files When re-writing files, the apparmor configuration is not written, this will fix this to ensure that aa-profile-mode is respected Closes-Bug: 1947389 Change-Id: I79e9625ab4d261845822d4825ba1ed7e31d0b1e0
2021-12-07 15:33:24 +00:00
update_all_configs()
Do not manage subordinate service restarts The subordinate charms should manage the services that they deploys and configure, not the principle they are related to. This change switches the approach for restarting services from having the nova-compute charm doing it directly to having nova-compute triggering the restart by request a restart down the existing relations. Closes-Bug: #1947585 Change-Id: I7419e39d68c70d21a11d03deeff9699421b0571e
2023-02-28 13:31:28 +00:00
trigger_ceilometer_service_restart()
Add new locally scoped relation and context updates for nova-ceilometer
2013-11-29 15:35:28 +00:00
Add nova-vgpu relation Change-Id: Ie034a263c85c2909ce87ada632196772dbd265d2
2022-02-15 11:51:42 +01:00
@hooks.hook('nova-vgpu-relation-joined')
def nova_vgpu_joined(relid=None, remote_restart=False):
if remote_restart:
rel_settings = {
'restart-trigger': str(uuid.uuid4())}
relation_set(relation_id=relid, relation_settings=rel_settings)
@hooks.hook('nova-vgpu-relation-changed')
@restart_on_change(restart_map())
def nova_vgpu_relation_changed():
update_all_configs()
Do not manage subordinate service restarts The subordinate charms should manage the services that they deploys and configure, not the principle they are related to. This change switches the approach for restarting services from having the nova-compute charm doing it directly to having nova-compute triggering the restart by request a restart down the existing relations. Closes-Bug: #1947585 Change-Id: I7419e39d68c70d21a11d03deeff9699421b0571e
2023-02-28 13:31:28 +00:00
trigger_nova_vgpu_service_restart()
Add nova-vgpu relation Change-Id: Ie034a263c85c2909ce87ada632196772dbd265d2
2022-02-15 11:51:42 +01:00
[bradm] Added sysvinit daemon monitoring, use services() instead of hard coded daemon list, pep8 fixes
2014-11-17 13:45:12 +10:00
@hooks.hook('nrpe-external-master-relation-joined',
'nrpe-external-master-relation-changed')
[bradm] initial nrpe checks
2014-10-29 22:30:36 -05:00
def update_nrpe_config():
Use rnpe functions from charmhelpers
2015-01-12 12:04:00 +00:00
# python-dbus is used by check_upstart_job
[bradm] initial nrpe checks
2014-10-29 22:30:36 -05:00
apt_install('python-dbus')
Use rnpe functions from charmhelpers
2015-01-12 12:04:00 +00:00
hostname = nrpe.get_nagios_hostname()
current_unit = nrpe.get_nagios_unit_name()
nrpe_setup = nrpe.NRPE(hostname=hostname)
Skip qemu-kvm from Nagios-monitored services The qemu-kvm service should not be configured as monitored in Nagios when the NRPE relation is set, since it's a one-shot service. Closes-Bug: #1645822 Change-Id: I20b4eeb7971bae69f29183814e8c61a977e80bf0
2016-12-01 11:56:21 +00:00
monitored_services = services()
try:
# qemu-kvm is a one-shot service
monitored_services.remove('qemu-kvm')
except ValueError:
pass
nrpe.add_init_service_checks(nrpe_setup, monitored_services, current_unit)
Use rnpe functions from charmhelpers
2015-01-12 12:04:00 +00:00
nrpe_setup.write()
[bradm] initial nrpe checks
2014-10-29 22:30:36 -05:00
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
@hooks.hook('neutron-plugin-relation-joined')
Send remote restart to neutron plugin post upgrade When this principle charm performs and Openstack upgrade the subordinates packages are also upgraded. The subordinate may need to render new config for the new release so the charm now sends a restart trigger to the subordinate Change-Id: Ifd5dea4e67d09dc29bb0bba579fd8903fb64490a Partial-Bug: 1571634
2016-04-18 17:32:19 +00:00
def neutron_plugin_joined(relid=None, remote_restart=False):
rel_settings = {
Add support for 'default_availability_zone' parameter. I've added support for 'default_availability_zone' parameter. I've added charm parameter, modified 'nova.conf' templates and implemented it to be exposed via 'neutron-plugin' relation settings. Change-Id: I85008ac0f3540a2b5c817893d63e497b63f43043 Closes-Bug: 1595937
2016-12-07 12:06:11 +01:00
'hugepage_number': get_hugepage_number(),
Allow Juju AZ context information to be used The change adds an option to the charm to use JUJU_AVAILABILITY_ZONE environment variable set by Juju for the hook environment based on the underlying provider's availability zone information for a given machine. This information is used to configure default_availability_zone for nova and availability_zone for subordinate networking charms. Change-Id: Idc7112e7fe7b76d15cf9c4896b702b8ffd8c0e8e Closes-Bug: #1796068
2018-10-04 19:22:43 +03:00
'default_availability_zone': get_availability_zone()
Send remote restart to neutron plugin post upgrade When this principle charm performs and Openstack upgrade the subordinates packages are also upgraded. The subordinate may need to render new config for the new release so the charm now sends a restart trigger to the subordinate Change-Id: Ifd5dea4e67d09dc29bb0bba579fd8903fb64490a Partial-Bug: 1571634
2016-04-18 17:32:19 +00:00
}
if remote_restart:
rel_settings['restart-trigger'] = str(uuid.uuid4())
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
relation_set(relation_id=relid,
Send remote restart to neutron plugin post upgrade When this principle charm performs and Openstack upgrade the subordinates packages are also upgraded. The subordinate may need to render new config for the new release so the charm now sends a restart trigger to the subordinate Change-Id: Ifd5dea4e67d09dc29bb0bba579fd8903fb64490a Partial-Bug: 1571634
2016-04-18 17:32:19 +00:00
**rel_settings)
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
Enable a nova metadata agent if running in DVR mode
2015-02-04 16:31:09 +00:00
@hooks.hook('neutron-plugin-relation-changed')
@restart_on_change(restart_map())
def neutron_plugin_changed():
Restart nova-api-metadata when nova.conf changes The charm code as it stood before did this correctly when the neutron-plugin relation included 'metadata-shared-secret', but not when it included 'enable-metadata' without 'metadata-shared-secret'. (See https://bugs.launchpad.net/charms/+source/nova-compute/+bug/1515570 for when 'enable-metadata' is used in this way.) This change commonizes the code that determines when nova-api-metadata should run, and uses this both to install the package and to add the resource map dependency from nova.conf to the nova-api-metadata service. Change-Id: I3354051b454621bc423ec6b2853d61301e58658c
2016-06-29 23:51:25 +01:00
enable_nova_metadata, _ = nova_metadata_requirement()
if enable_nova_metadata:
Enable a nova metadata agent if running in DVR mode
2015-02-04 16:31:09 +00:00
apt_update()
Allow a subordinate to request a metadata proxy without setting a shared secret
2015-11-16 11:53:00 +00:00
apt_install(filter_installed_packages(['nova-api-metadata']),
fatal=True)
Purge metadata pkg when not in dvr mode
2015-03-02 14:55:03 +00:00
else:
apt_purge('nova-api-metadata', fatal=True)
Support for restart of services from subordianates Neutron subordinate charms that manage underlying PCI devices, such as SR-IOV VF's, need to ensure that the nova-compute service is restarted after the underlying device configuration has been completed, so that the nova pci_devices database is correctly populated as part of the nova-compute startup process. Add a service_restart_handler to the neutron-plugin-relation-changed hook to allow subordinate charms to request restarts using the standard restart-nonce trigger mechanism. Change-Id: I2a4fcaa0988dae0b85904ff84ff5e492d651a043
2017-02-07 10:12:11 +01:00
service_restart_handler(default_service='nova-compute')
Enable a nova metadata agent if running in DVR mode
2015-02-04 16:31:09 +00:00
CONFIGS.write(NOVA_CONF)
Do not manage subordinate service restarts The subordinate charms should manage the services that they deploys and configure, not the principle they are related to. This change switches the approach for restarting services from having the nova-compute charm doing it directly to having nova-compute triggering the restart by request a restart down the existing relations. Closes-Bug: #1947585 Change-Id: I7419e39d68c70d21a11d03deeff9699421b0571e
2023-02-28 13:31:28 +00:00
trigger_ceilometer_service_restart()
trigger_nova_vgpu_service_restart()
Enable a nova metadata agent if running in DVR mode
2015-02-04 16:31:09 +00:00
Support for restart of services from subordianates Neutron subordinate charms that manage underlying PCI devices, such as SR-IOV VF's, need to ensure that the nova-compute service is restarted after the underlying device configuration has been completed, so that the nova pci_devices database is correctly populated as part of the nova-compute startup process. Add a service_restart_handler to the neutron-plugin-relation-changed hook to allow subordinate charms to request restarts using the standard restart-nonce trigger mechanism. Change-Id: I2a4fcaa0988dae0b85904ff84ff5e492d651a043
2017-02-07 10:12:11 +01:00
# TODO(jamespage): Move this into charmhelpers for general reuse.
def service_restart_handler(relation_id=None, unit=None,
default_service=None):
'''Handler for detecting requests from subordinate
charms for restarts of services'''
restart_nonce = relation_get(attribute='restart-nonce',
unit=unit,
rid=relation_id)
db = unitdata.kv()
nonce_key = 'restart-nonce'
if restart_nonce != db.get(nonce_key):
if not is_unit_paused_set():
service = relation_get(attribute='remote-service',
unit=unit,
rid=relation_id) or default_service
if service:
service_restart(service)
db.set(nonce_key, restart_nonce)
db.flush()
Move to sub configured access, and triggered restart
2015-09-23 13:11:45 +01:00
@hooks.hook('lxd-relation-joined')
def lxd_joined(relid=None):
relation_set(relation_id=relid,
user='nova')
Ensure all settings provided on lxd relation before configuring
2015-09-22 15:22:50 +01:00
@hooks.hook('lxd-relation-changed')
Ensure we write nova configs after lxd relation is ready Change-Id: I1dd56bdc449488a45aed7cb09987faaafe5d613a
2017-06-06 09:30:29 +02:00
@restart_on_change(restart_map())
Move to sub configured access, and triggered restart
2015-09-23 13:11:45 +01:00
def lxc_changed():
nonce = relation_get('nonce')
db = kv()
if nonce and db.get('lxd-nonce') != nonce:
db.set('lxd-nonce', nonce)
configure_lxd(user='nova')
Ensure we write nova configs after lxd relation is ready Change-Id: I1dd56bdc449488a45aed7cb09987faaafe5d613a
2017-06-06 09:30:29 +02:00
CONFIGS.write(NOVA_CONF)
Move to sub configured access, and triggered restart
2015-09-23 13:11:45 +01:00
Refactor LXD and add build from support source.
2015-07-23 22:24:48 -04:00
Fix support for cinder ceph rbd in Ocata As of Ocata, the ceph key used to access a specific Cinder Ceph backend must match the name of the key used by cinder, with an appropriate secret configured for libvirt use with the cephx key used by the cinder-ceph charm. Add support for the new ceph-access relation to allow nova-compute units to communicate with multiple ceph backends using different cephx keys and user names. The side effect of this change is that nova-compute will have a key for use with its own ephemeral backend ceph access, and a key for each cinder ceph backend configured in the deployment. Change-Id: I638473fc46c99a8bfe301f9a0c844de9efd47a2a Closes-Bug: 1671422
2017-03-09 12:51:25 +00:00
@hooks.hook('ceph-access-relation-changed')
def ceph_access(rid=None, unit=None):
'''Setup libvirt secret for specific ceph backend access'''
Handle the extended ceph-access relation If more than a single Ceph key is set as part of the relation data, make sure that all of them are configured. Makes sure that the previous relation data is handled as well in order to maintain backwards compatibility. Co-authored-by: Ionut Balutoiu <ibalutoiu@cloudbasesolutions.com> Change-Id: I24be0ed48edd5af517e1699df77ef0d96ef20aa2
2020-11-24 16:37:50 +02:00
def _configure_keyring(service_name, key, uuid):
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
if config('virt-type') in LIBVIRT_TYPES:
Handle the extended ceph-access relation If more than a single Ceph key is set as part of the relation data, make sure that all of them are configured. Makes sure that the previous relation data is handled as well in order to maintain backwards compatibility. Co-authored-by: Ionut Balutoiu <ibalutoiu@cloudbasesolutions.com> Change-Id: I24be0ed48edd5af517e1699df77ef0d96ef20aa2
2020-11-24 16:37:50 +02:00
secrets_filename = CEPH_BACKEND_SECRET.format(service_name)
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
render(os.path.basename(CEPH_SECRET), secrets_filename,
context={'ceph_secret_uuid': uuid,
Handle the extended ceph-access relation If more than a single Ceph key is set as part of the relation data, make sure that all of them are configured. Makes sure that the previous relation data is handled as well in order to maintain backwards compatibility. Co-authored-by: Ionut Balutoiu <ibalutoiu@cloudbasesolutions.com> Change-Id: I24be0ed48edd5af517e1699df77ef0d96ef20aa2
2020-11-24 16:37:50 +02:00
'service_name': service_name})
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
create_libvirt_secret(secret_file=secrets_filename,
secret_uuid=uuid,
key=key)
# NOTE(jamespage): LXD ceph integration via host rbd mapping, so
# install keyring for rbd commands to use
Handle the extended ceph-access relation If more than a single Ceph key is set as part of the relation data, make sure that all of them are configured. Makes sure that the previous relation data is handled as well in order to maintain backwards compatibility. Co-authored-by: Ionut Balutoiu <ibalutoiu@cloudbasesolutions.com> Change-Id: I24be0ed48edd5af517e1699df77ef0d96ef20aa2
2020-11-24 16:37:50 +02:00
ensure_ceph_keyring(service=service_name,
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
user='nova', group='nova',
key=key)
Fix support for cinder ceph rbd in Ocata As of Ocata, the ceph key used to access a specific Cinder Ceph backend must match the name of the key used by cinder, with an appropriate secret configured for libvirt use with the cephx key used by the cinder-ceph charm. Add support for the new ceph-access relation to allow nova-compute units to communicate with multiple ceph backends using different cephx keys and user names. The side effect of this change is that nova-compute will have a key for use with its own ephemeral backend ceph access, and a key for each cinder ceph backend configured in the deployment. Change-Id: I638473fc46c99a8bfe301f9a0c844de9efd47a2a Closes-Bug: 1671422
2017-03-09 12:51:25 +00:00
Handle the extended ceph-access relation If more than a single Ceph key is set as part of the relation data, make sure that all of them are configured. Makes sure that the previous relation data is handled as well in order to maintain backwards compatibility. Co-authored-by: Ionut Balutoiu <ibalutoiu@cloudbasesolutions.com> Change-Id: I24be0ed48edd5af517e1699df77ef0d96ef20aa2
2020-11-24 16:37:50 +02:00
ceph_keyrings = relation_get('keyrings')
if ceph_keyrings:
for keyring in json.loads(ceph_keyrings):
_configure_keyring(
keyring['name'], keyring['key'], keyring['secret-uuid'])
else:
# NOTE: keep backwards compatibility with previous relation data
key = relation_get('key', unit, rid)
uuid = relation_get('secret-uuid', unit, rid)
if key and uuid:
_configure_keyring(remote_service_name(rid), key, uuid)
Fix support for cinder ceph rbd in Ocata As of Ocata, the ceph key used to access a specific Cinder Ceph backend must match the name of the key used by cinder, with an appropriate secret configured for libvirt use with the cephx key used by the cinder-ceph charm. Add support for the new ceph-access relation to allow nova-compute units to communicate with multiple ceph backends using different cephx keys and user names. The side effect of this change is that nova-compute will have a key for use with its own ephemeral backend ceph access, and a key for each cinder ceph backend configured in the deployment. Change-Id: I638473fc46c99a8bfe301f9a0c844de9efd47a2a Closes-Bug: 1671422
2017-03-09 12:51:25 +00:00
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
@hooks.hook('secrets-storage-relation-joined')
def secrets_storage_joined(relation_id=None):
relation_set(relation_id=relation_id,
secret_backend=vaultlocker.VAULTLOCKER_BACKEND,
isolated=True,
access_address=get_relation_ip('secrets-storage'),
hostname=gethostname())
@hooks.hook('secrets-storage-relation-changed')
def secrets_storage_changed():
vault_ca = relation_get('vault_ca')
if vault_ca:
Replace deprecated "decodestring()" by "decodebytes()" decodestring() is deprecated alias of decodebytes() https://docs.python.org/3/library/base64.html#base64.decodestring The same has been done for nova: https://review.openstack.org/#/c/610401/ Change-Id: I3d4038c729e3cf18bae2a5b2b7cbf97a30c1ac35
2018-11-02 16:07:08 +07:00
vault_ca = base64.decodebytes(json.loads(vault_ca).encode())
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
write_file('/usr/local/share/ca-certificates/vault-ca.crt',
vault_ca, perms=0o644)
subprocess.check_call(['update-ca-certificates', '--fresh'])
configure_local_ephemeral_storage()
@hooks.hook('storage.real')
def storage_changed():
configure_local_ephemeral_storage()
Retrieve cloud credentials directly from keystone In a cells deployment the credentials for the nova-compute application will no longer be available via the nova-cloud-controller in the local cell. This change adds the scaffolding for a cell to utilise a new cloud-credentials relation to allow it to retrieve credentials directly from keystone. Change-Id: I9d1a7353d730f7cb8e93cc9eea5b788f7c956c3d
2018-06-14 10:12:28 +00:00
@hooks.hook('cloud-credentials-relation-joined')
def cloud_credentials_joined():
svc_name = local_unit().split('/')[0].replace('-', '_')
relation_set(username=svc_name)
@hooks.hook('cloud-credentials-relation-changed')
@restart_on_change(restart_map())
def cloud_credentials_changed():
CONFIGS.write(NOVA_CONF)
Added verification to ensure iscsid is running Currently, the charm does not verify if iscsid is installed or running. This patch adds those verifications on install and update hooks. Closes-bug: #1816435 Change-Id: I23992832a82557f406999427fe8d151f6a2b63af
2019-02-26 14:42:20 -03:00
def check_and_start_iscsid():
if not service_running('iscsid'):
service_start('iscsid')
Add hardening support Add charmhelpers.contrib.hardening and calls to install, config-changed, upgrade-charm and update-status hooks. Also add new config option to allow one or more hardening modules to be applied at runtime. Change-Id: I525c15a14662175f2a68cdcd25a3ab2c92237850
2016-03-22 21:00:45 +00:00
@hooks.hook('update-status')
@harden()
def update_status():
log('Updating status.')
Series Upgrade Implement the series-upgrade feature allowing to move between Ubuntu series. Change-Id: I092a0558b4dd6a9fd15851753900cc116b6796b2
2018-08-06 15:45:10 -07:00
@hooks.hook('pre-series-upgrade')
def pre_series_upgrade():
log("Running prepare series upgrade hook", "INFO")
series_upgrade_prepare(
pause_unit_helper, CONFIGS)
@hooks.hook('post-series-upgrade')
def post_series_upgrade():
log("Running complete series upgrade hook", "INFO")
service_stop('nova-compute')
Start libvirt in post-series-upgrade A recent change (commit ceab1e91dc2e3948f6ba7c121c1801ad1641643c) removed libvirt from the pause/resume list of services. This affected series upgrade. Libvirt stayed down and did not start back up on resume. This change checks the hook being executed and if it is post-series-upgrade it includes libvirt as a service to start on resume. Closes-Bug: #1839495 Change-Id: Ibfa24b678c1077b441464da8c38114ce23d14963
2019-08-08 20:49:12 +00:00
service_stop(libvirt_daemon())
Series Upgrade Implement the series-upgrade feature allowing to move between Ubuntu series. Change-Id: I092a0558b4dd6a9fd15851753900cc116b6796b2
2018-08-06 15:45:10 -07:00
# After package upgrade the service is broken and leaves behind a
# PID file which causes the service to fail to start.
# Remove this before restart
if os.path.exists(LIBVIRTD_PID):
os.unlink(LIBVIRTD_PID)
series_upgrade_complete(
resume_unit_helper, CONFIGS)
Add focal-ussuri and bionic-ussuri bundle This patch adds a focal-ussuri and bionic-ussuri bundles to the tests for the charm. The linked bug is concerned with installing nova-network, which is not available on Ussuri. Closes-Bug: #1872770 Change-Id: Iea5a682aaebeb6f6941cf9d8f5780473f457e455
2020-04-20 10:37:07 +01:00
@hooks.hook('shared-db-relation-joined')
def shared_db_relation_joined():
release = os_release('nova-common')
if CompareOpenStackReleases(release) >= 'ussuri':
log("shared-db is only required for nova-network which is NOT "
"available in Ussuri and later. Please remove the relation.",
"WARNING")
Do not manage subordinate service restarts The subordinate charms should manage the services that they deploys and configure, not the principle they are related to. This change switches the approach for restarting services from having the nova-compute charm doing it directly to having nova-compute triggering the restart by request a restart down the existing relations. Closes-Bug: #1947585 Change-Id: I7419e39d68c70d21a11d03deeff9699421b0571e
2023-02-28 13:31:28 +00:00
def trigger_subordinate_service_restart(relation_name, hook_method):
"""Send restart trigger to subordinate relaion
:param relation_name: Name of relation
:type relation_name: str
:param hook_method: Method to call to send trigger
:type hook_method: callable
"""
if not is_unit_paused_set():
log(
"Sending restart trigger down {} relation".format(relation_name),
"INFO")
for rid in relation_ids(relation_name):
hook_method(
rid,
remote_restart=True)
trigger_ceilometer_service_restart = functools.partial(
trigger_subordinate_service_restart,
'nova-ceilometer',
nova_ceilometer_joined)
trigger_nova_vgpu_service_restart = functools.partial(
trigger_subordinate_service_restart,
'nova-vgpu',
nova_vgpu_joined)
Checkin templates.
2013-07-30 20:39:44 -07:00
def main():
try:
hooks.execute(sys.argv)
except UnregisteredHookError as e:
log('Unknown hook {} - skipping.'.format(e))
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
assess_status(CONFIGS)
Checkin templates.
2013-07-30 20:39:44 -07:00
if __name__ == '__main__':
main()
Copy Permalink