openstack/charm-nova-compute
Code Issues Proposed changes
7c60a92414
charm-nova-compute/hooks/nova_compute_utils.py

1206 lines
40 KiB
Python
Raw Normal View History

Spelling fixes found by codespell. Change-Id: I819aa04eef6cc72a24ecaf39a350b30015612165
2021-09-21 19:28:46 +01:00
# Copyright 2016-2021 Canonical Ltd
Re-license charm as Apache-2.0 All contributors to this charm have agreed to the switch from GPL v3 to Apache 2.0; switch to Apache-2.0 license as agreed so we can move forward with official project status. Change-Id: I385f684581a74ae41b507ed9e9d17ef1e9fc5819
2016-07-01 17:43:29 +01:00
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
import os
Fix issues introduced by previous commit Commit b533a3fbfb96bd5939b3e790f67964ce3ba8f7fd introduces a regression whereby subsequent runs of the config-changed hook will throw an error when it tries to re-delete the default network. Change-Id: I17c8ca7cda27ae2e282c0b2c1cd921c1a2ef3162
2016-07-12 16:25:06 +02:00
import re
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
import pwd
Fixup imports and unit tests
2015-08-13 11:54:25 +01:00
import subprocess
Install qemu-efi on AArch64 hosts UEFI firmware is required to chain into the bootloader supplied by AArch64 cloud images. Ubuntu's qemu-efi package supplies Tianocore-based UEFI firmware for AArch64 QEMU guests. Install it by default. Change-Id: Ie2477a42ed7a850c2d84ddf2e3e17c264d507374
2016-09-29 16:47:15 -07:00
import platform
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
import uuid
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
Skip qemu-kvm from Nagios-monitored services The qemu-kvm service should not be configured as monitored in Nagios when the NRPE relation is set, since it's a one-shot service. Closes-Bug: #1645822 Change-Id: I20b4eeb7971bae69f29183814e8c61a977e80bf0
2016-12-01 11:56:21 +00:00
from itertools import chain
Add ssh + cert methods.
2013-07-29 12:01:44 -07:00
from base64 import b64decode
Add libvirt context to enable TCP listening when migration is configured.
2013-07-30 19:40:47 -07:00
from copy import deepcopy
Refactor LXD and add build from support source.
2015-07-23 22:24:48 -04:00
from subprocess import (
check_call,
check_output,
CalledProcessError
)
Add ssh + cert methods.
2013-07-29 12:01:44 -07:00
Integrated all ipv6 check into setup_ipv6()
2014-09-18 20:55:05 +08:00
from charmhelpers.fetch import (
apt_update,
apt_upgrade,
Deploy from source
2015-04-15 14:21:42 +00:00
apt_install,
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
apt_purge,
apt_autoremove,
py3: deal with subordinate dependencies Switch to marking non-leaf python-* packages as automatically installed so that they will be purged once the last remaining package that depends on them that was manually installed is removed. Force install of python3-nova-lxd for Rocky and above to ensure that py versions are matched with python3-nova. Change-Id: I79d528bfb7732490aa42da2158244350c03dfa59 Closes-Bug: 1797879
2018-10-15 16:39:52 +01:00
apt_mark,
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
filter_missing_packages,
Charmhelpers sync to get vaultlocker fixes Also gates checking vaultlocker status until it is installed Change-Id: I07f92132b0340b538ee472887c7fd0e0cc911453 Closes-Bug: #1849323
2019-12-10 13:38:51 +00:00
filter_installed_packages,
Integrated all ipv6 check into setup_ipv6()
2014-09-18 20:55:05 +08:00
)
Remove hugepage fstab entry and use qemu-kvm init The hugepages fstab entry can stop systems from booting if the /run filesystem is not available. The qemu-kvm init script can be used to enable hugepages by setting KVM_HUGEPAGES=1 This apporach works for both upstart and systemd (where the old System V script is used). However, for a systemd system the prefered approach would be to enable hugepages via kernel parameters set in MAAS. Change-Id: Ib91ca930a91da3d75dbd96f7d55e7e259cb50fd1 Closes-Bug: 1518771
2016-04-11 12:31:31 +00:00
from charmhelpers.core.fstab import Fstab
Integrated all ipv6 check into setup_ipv6()
2014-09-18 20:55:05 +08:00
from charmhelpers.core.host import (
mkdir,
service_restart,
Deploy from source
2015-04-15 14:21:42 +00:00
lsb_release,
Fix alphanumeric comparisons for openstack and ubuntu releases - sync charmhelpers with fix-alpha helpers - fix up code where the alpha comparisons are done - fix tests which assumed mocks would just work on os_release() Change-Id: Iffd4ed0aecbb966fe493fe0f24bf2422aab55bb6 Related-Bug: #1659575
2017-04-04 18:53:20 +01:00
rsync,
CompareHostReleases,
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
mount,
fstab_add,
Integrated all ipv6 check into setup_ipv6()
2014-09-18 20:55:05 +08:00
)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
from charmhelpers.core.hookenv import (
Deploy from source
2015-04-15 14:21:42 +00:00
charm_dir,
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
config,
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
log,
related_units,
relation_ids,
relation_get,
Update ppc64el state setting behavior Prevent attempts to set smt state in cases where the smt state value is already set to the expected value. Change-Id: I83682033cb46998c5e1ad8fe5986deecf6e4e89d Closes-Bug: 1610536
2016-08-08 17:48:59 +00:00
status_set,
Clean up stale ceph keyring [cbjchen,r=] Clean up the keyring after ceph relation is broken. So when next time ceph relation is joined, ensure_ceph_keyring will not ignore the new key because of the existance of the old one.
2015-02-06 13:09:18 -05:00
DEBUG,
[cbjchen,r=hopem] Clean up the keyring after ceph relation is broken. So when next time ceph relation is joined, ensure_ceph_keyring will not ignore the new key because of the existance of the old one.
2015-02-16 09:26:23 +00:00
INFO,
Fix issues introduced by previous commit Commit b533a3fbfb96bd5939b3e790f67964ce3ba8f7fd introduces a regression whereby subsequent runs of the config-changed hook will throw an error when it tries to re-delete the default network. Change-Id: I17c8ca7cda27ae2e282c0b2c1cd921c1a2ef3162
2016-07-12 16:25:06 +02:00
WARNING,
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
storage_list,
storage_get,
Start libvirt in post-series-upgrade A recent change (commit ceab1e91dc2e3948f6ba7c121c1801ad1641643c) removed libvirt from the pause/resume list of services. This affected series upgrade. Libvirt stayed down and did not start back up on resume. This change checks the hook being executed and if it is post-series-upgrade it includes libvirt as a service to start on resume. Closes-Bug: #1839495 Change-Id: Ibfa24b678c1077b441464da8c38114ce23d14963
2019-08-08 20:49:12 +00:00
hook_name,
neutron compat.
2013-08-12 14:48:24 -07:00
)
Fixes, unit tests and avoidance of lxd restart races
2015-04-22 11:26:15 +01:00
from charmhelpers.core.decorators import retry_on_exception
Add main context generators.
2013-07-29 18:10:45 -07:00
from charmhelpers.contrib.openstack import templating, context
Install ceph.conf as an alternative for co-existence with ceph and ceph-osd charms
2013-10-10 12:09:48 +01:00
from charmhelpers.contrib.openstack.alternatives import install_alternative
Add main context generators.
2013-07-29 18:10:45 -07:00
Implement upgrades, move templates to folsom.
2013-08-19 14:14:39 -07:00
from charmhelpers.contrib.openstack.utils import (
configure_installation_source,
get_os_codename_install_source,
Process subordinate releases packages map For principal - subordinate plugin type relations where the principal Python payload imports code from packages managed by a subordinate, upgrades can be problematic. This change will allow a subordinate charm that have opted into the feature to inform its principal about all implemented release - packages combinations ahead of time. With this information in place the principal can do the upgrade in one operation without risk of charm relation RPC type processing at a critical moment. This makes use of https://github.com/juju/charm-helpers/pull/643 This is similar to https://review.opendev.org/c/openstack/charm-keystone/+/781822 Also fixed broken link to charm-guide. Change-Id: Iaf5b44be70ee108cbe88b4a26f0f15f915d507fe Closes-Bug: #1927277
2021-09-27 15:52:48 +02:00
get_subordinate_release_packages,
get_subordinate_services,
Workload Status
2015-09-25 15:12:01 -07:00
os_release,
Reset os_release cached value after upgrade In enable_memcache, ensure that the os_release cache is reset after upgrade. Change-Id: If25be2df23b08b69ad3ee28c53d7dce1de509c6e Partial-Bug: 1715624
2017-09-07 12:03:58 +00:00
reset_os_release,
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
is_unit_paused_set,
make_assess_status_func,
pause_unit,
resume_unit,
Add support for application version Juju 2.0 provides support for display of the version of an application deployed by a charm in juju status. Insert the os_application_version_set function into the existing assess_status function - this gets called after all hook executions, and periodically after that, so any changes in package versions due to normal system updates will also be reflected in the status output. This review also includes a resync of charm-helpers to pickup hookenv and contrib.openstack support for this feature. Change-Id: I8d8744ea11c6d70262ba350717f90489c25535bb
2016-09-20 12:37:40 +01:00
os_application_version_set,
Fix alphanumeric comparisons for openstack and ubuntu releases - sync charmhelpers with fix-alpha helpers - fix up code where the alpha comparisons are done - fix tests which assumed mocks would just work on os_release() Change-Id: Iffd4ed0aecbb966fe493fe0f24bf2422aab55bb6 Related-Bug: #1659575
2017-04-04 18:53:20 +01:00
CompareOpenStackReleases,
Implement upgrades, move templates to folsom.
2013-08-19 14:14:39 -07:00
)
Add support for configurable hugepages
2015-08-13 10:11:23 +01:00
from charmhelpers.core.hugepage import hugepage_support
Checkin templates.
2013-07-30 20:39:44 -07:00
from nova_compute_context import (
Restart nova-api-metadata when nova.conf changes The charm code as it stood before did this correctly when the neutron-plugin relation included 'metadata-shared-secret', but not when it included 'enable-metadata' without 'metadata-shared-secret'. (See https://bugs.launchpad.net/charms/+source/nova-compute/+bug/1515570 for when 'enable-metadata' is used in this way.) This change commonizes the code that determines when nova-api-metadata should run, and uses this both to install the package and to add the resource map dependency from nova.conf to the nova-api-metadata service. Change-Id: I3354051b454621bc423ec6b2853d61301e58658c
2016-06-29 23:51:25 +01:00
nova_metadata_requirement,
Add main context generators.
2013-07-29 18:10:45 -07:00
CloudComputeContext,
Propagate vendor_data from nova-cloud-controller When using DVR and L3HA neutron deployment options, Nova API Metadata requests are served from compute nodes, instead of from neutron-gateway nodes. This change allows nova-compute to receive vendor_data configuration values from nova-cloud-controller charm relation and write to nova-compute's nova.conf appropriately. This will be effictive for Queens and later OpenStack releases. Synced charm-helpers in order to import new context for writing the vendor_data.json file. Change-Id: I0c79e1bfac9fbe7009a7e862ad010cfa2de8cfda Closes-Bug: #1777714
2019-05-09 16:15:04 -03:00
CloudComputeVendorJSONContext,
Add LXDContext This allows us to configure the lxd section of nova.conf to appropriately configure LXD storage based on the information provided across the LXD relation Change-Id: I5c38766c4be66d63ef4a07eccc780fcab5973d49
2017-05-31 10:28:26 +02:00
LxdContext,
Enable a nova metadata agent if running in DVR mode
2015-02-04 16:31:09 +00:00
MetadataServiceContext,
Add main context generators.
2013-07-29 18:10:45 -07:00
NovaComputeLibvirtContext,
Fixes broken rev 112 by using /etc/init.d/libvirt-bin.override instead of /etc/default/libvirt-bin
2015-03-31 14:22:53 +01:00
NovaComputeLibvirtOverrideContext,
Add main context generators.
2013-07-29 18:10:45 -07:00
NovaComputeCephContext,
neutron compat.
2013-08-12 14:48:24 -07:00
NeutronComputeContext,
Another Minor bug fix
2014-07-09 14:42:57 +01:00
InstanceConsoleContext,
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
IronicAPIContext,
added libvirt_image_ceph_conf_file conf option
2014-11-13 15:46:39 +00:00
CEPH_CONF,
ceph_config_file,
set my_ip to unit private-address [cbjchen,r=] The default value for my_ip can be problematic. The ip assocated with the NIC leading to the default gateway may not be the desired one for openstack service communication. Setting it to the unit private-address, so that all the inter service communications use the same network - we alreay use the unit private-address as service endpoint IPs.
2014-12-03 18:23:54 -05:00
HostIPContext,
Add support for LXD live migration Live migration is turned off by default in nova-lxd because the feature is still considered to be experimental by the LXD project. Re-use the 'enable-live-migration' config option so that when it's enabled, turn on live-migration for lxd as well. Change-Id: Ie03457b588b43e22cbb2894da04637f82ab03059 Signed-off-by: Chuck Short <chuck.short@canonical.com>
2016-07-12 09:58:41 -04:00
NovaComputeVirtContext,
Add apparmor support Fixes to nova-network and nova-api service restarts Charm helpers sync to bring in the AppArmorContext class Create specific service ApiAppArmorContexts Add service specific templates for apparmor profiles Add aa-profile-mode in config.yaml Apply the apparmor profile as requested: disable, enforce, complain Add aa-profile-mode change test to amulet Charm-helpers sync to pull in AA Profile context changes Change-Id: I18aff4bfe131010521ea9ff544c6bf76f888afa6
2016-04-21 15:14:23 -07:00
NOVA_API_AA_PROFILE,
NOVA_COMPUTE_AA_PROFILE,
NOVA_NETWORK_AA_PROFILE,
NovaAPIAppArmorContext,
NovaComputeAppArmorContext,
NovaNetworkAppArmorContext,
Add support for serial console access Enable instance serial console based on flags provided from nova-cloud-controller charm. This is only supported in OpenStack Juno or later, and replaces the standard output to the nova console-log. Change-Id: I147166d9b273964d34ba81724b0311f269b9fea0 Depends-On: I3bfcca88bd6147be337e6d770db7348170b914e6
2016-09-15 12:02:35 +01:00
SerialConsoleContext,
Add support for 'default_availability_zone' parameter. I've added support for 'default_availability_zone' parameter. I've added charm parameter, modified 'nova.conf' templates and implemented it to be exposed via 'neutron-plugin' relation settings. Change-Id: I85008ac0f3540a2b5c817893d63e497b63f43043 Closes-Bug: 1595937
2016-12-07 12:06:11 +01:00
NovaComputeAvailabilityZoneContext,
Allow neutron-plugin sub to publish nothing A change landed to charm helpers to mark the SubordinateConfigContext as incomplete if the subordinate supplied no data *1. But the neutron-plugin subordinate may legitimately supply no data if no special config is needed. This restores the previous behaviour of marking the subordinate context for the neutron-plugin relation as complete even if not data was supplied. *1 https://github.com/juju/charm-helpers/pull/519 Change-Id: I34fa2d39171132e4fe7d0b7e5fd29162161a5060 Closes-Bug: #1912187
2021-01-19 14:49:57 +00:00
NeutronPluginSubordinateConfigContext,
Added allocation-ratio config opts Nova supports setting allocation ratios at the nova-compute level from Liberty onwards. Prior to this allocation ratios were set at the nova-scheduler level. Newton introduced the Placement API, and Ocata introduced the ability to have compute resources (Core/RAM/Disk) precomputed before passing candidates to the FilterScheduler [0]. Pike removed CoreFilter, RAMFilter and DiskFilter scheduler filters. From Pike onwards valid methods for settings these allocation ratios are via: - A call to the Placement API [1]. - Config values to supplied to nova-compute (xxx_allocation_ratio). Stein introduced initial_xxx_allocation_ratio in response to the runtime behaviour of the ResourceTracker [2]. Currently, the precedence of resource ratio values are: xxx_allocation_ratio > Placement API call > initial_xxx_allocation_ratio That is a (compute) resource provider's allocation ratios will default to initial_xxx_allocation_ratio which may be overridden at run time by a call to the Placement API. If xxx_allocation_ratio is set it will override all configurations for that provider. When not otherwise configured, we set initial_xxx_allocation_ratio to the values provided by ncc to maintain backwards compatibility. Where initial_xxx_allocation_ratio is not available we set xxx_allocation_ratio. [0] https://specs.openstack.org/openstack/nova-specs/specs/ocata/implemented/resource-providers-scheduler-db-filters.html [1] https://docs.openstack.org/api-ref/placement/#update-resource-provider-inventories [2] https://specs.openstack.org/openstack/nova-specs/specs/stein/implemented/initial-allocation-ratios.html Change-Id: Ifa314e9e23e0ae5d16113cd91a7507e61f9de704 Closes-Bug: #1677223
2020-04-07 11:00:37 +10:00
NovaComputePlacementContext,
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
NovaComputeSWTPMContext,
Make virt_mkfs configurable with ext4 default Closes-Bug: #1960231 Change-Id: Ia2ac7318f1164a9015bdf9e7ce7d20a129e22af4
2022-03-07 16:26:36 +00:00
VirtMkfsContext,
Use a stable hostname to render nova.conf OVS introduced a new service called ovs-record-hostname.service which records the hostname on the first start in the ovs database to identify the ovn chassis, this is how it achieved a stable hostname and be resilient to the changes in the FQDN when the DNS gets available. This change introduces the same approach for nova-compute charm. In the first run of the NovaComputeHostInfoContext the value passed in the context as host_fqdn is stored in the unit's kv db, and re-used on every subsequent call. This change affects only new installs since the hint to store (or not) the host fqdn is set in the install hook. Change-Id: I2aa74442ec25b21201a47070077df27899465814 Closes-Bug: #1896630
2023-02-15 11:43:40 -03:00
NovaComputeHostInfoContext,
Add ssh + cert methods.
2013-07-29 12:01:44 -07:00
)
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
import charmhelpers.contrib.openstack.vaultlocker as vaultlocker
from charmhelpers.core.unitdata import kv
from charmhelpers.contrib.storage.linux.utils import (
is_block_device,
is_device_mounted,
mkfs_xfs,
)
Block nova-compute startup on mountpoint If an ephemeral-device storage configuration has been provided, ensure that the nova-compute service will not start until the mountpoint (currently /var/lib/nova/instances) has actually been mounted. If this does not happen the nova-compute service will fail to start in a failsafe condition. Change-Id: Ic16691e119e430faec9994f6e207596629e47bb6 Closes-Bug: 1863358
2021-09-15 15:49:40 +01:00
from charmhelpers.core.templating import render
Add main context generators.
2013-07-29 18:10:45 -07:00
CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'
Finish up: new templates, ssh key creation, Makefile.
2013-08-01 16:21:58 -07:00
TEMPLATES = 'templates/'
Add main context generators.
2013-07-29 18:10:45 -07:00
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
BASE_PACKAGES = [
'nova-compute',
'genisoimage', # was missing as a package dependency until raring.
delint
2015-04-14 05:26:04 +00:00
'librbd1', # bug 1440953
psutil install
2015-08-13 10:16:35 +01:00
'python-psutil',
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
'xfsprogs',
Add support for nfs cinder volumes Cinder volumes which are provisioned via nfs need to be mounted on the compute nodes. For this to work the nfs-common package is needed. Closes-Bug: #1816820 Change-Id: I5d536817b2098698cecd4627408a82321bf7fb9b
2019-02-20 17:20:10 +00:00
'nfs-common',
Added verification to ensure iscsid is running Currently, the charm does not verify if iscsid is installed or running. This patch adds those verifications on install and update hooks. Closes-bug: #1816435 Change-Id: I23992832a82557f406999427fe8d151f6a2b63af
2019-02-26 14:42:20 -03:00
'open-iscsi',
Make sure lsscsi is installed for os-brick os-brick upstream made some changes and started to use lsscsi for discovering iSCSI devices. Make sure lsscsi is installed by the charm until the os-brick package in Ubuntu pulls it as a dependency. Closes-Bug: #1939390 Change-Id: I509d5edb3c6e3a4c35b7252b567a1672cf5e0bbe
2022-02-21 22:49:01 +09:00
'lsscsi', # bug 1939390
Add numactl to nova_compute_utils.py base packages This tool is useful for numa usage reporting. Change-Id: Id0aaba514b06fe3dfa79e9e1d263b1dbde20f494
2021-08-10 14:11:30 +02:00
'numactl',
Added actions that enable clean removal of nova-compute unit from model List of added actions: * disable * enable * remove-from-cloud * register-to-cloud More detailed explanation of the process added to the README.md Closes-Bug: #1691998 Change-Id: I45d1def2ca0b1289f6fcce06c5f8949ef2a4a69e func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/470
2020-11-23 16:14:55 +01:00
'python3-novaclient', # lib required by juju actions
'python3-neutronclient', # lib required by juju actions
'python3-keystoneauth1', # lib required by juju actions
Add ovmf package for uefi support When creating an instance with uefi support it is looking for various files that are typically provided by ovmf package. This is automatically installed from train and above, but is lacking in queens. This will solve it for any deployment. Change-Id: I7665a596112d673624ea5edd7438b915834918df
2021-09-06 16:23:38 +01:00
'ovmf', # required for uefi based instances
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
]
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
PY3_PACKAGES = [
'python3-nova',
'python3-memcache',
Ensure ceph python3 deps installed for >= R Change-Id: I65ddf1dfd4082a8b8ea452d00c6098ed70f3395a Closes-Bug: #1802484
2018-11-09 10:22:15 +00:00
'python3-rados',
'python3-rbd',
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
]
PURGE_PACKAGES = [
py3: deal with more subordinate dependencies Ensure subordinate py3 packages are installed if their py2 counter-parts are currently installed for neutron-openvswitch and ceilometer-agent. Change-Id: I940fb2ce9d671e919c817cee7adda2ac22ecb3fb Closes-Bug: #1816299
2019-02-19 20:15:30 +00:00
'python-ceilometer',
'python-neutron',
py3: deal with more subordinate dependencies Ensure subordinate py3 packages are installed if their py2 counter-parts are currently installed for neutron-openvswitch. In this case we had missed python(3)-neutron-fwaas. Change-Id: I9d5e7c2ad034cd7bdf9cbf292b9107577860dac1 Closes-Bug: #1828259
2019-05-09 08:13:51 -04:00
'python-neutron-fwaas',
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
'python-nova',
py3: deal with more subordinate dependencies Ensure subordinate py3 packages are installed if their py2 counter-parts are currently installed for neutron-openvswitch and ceilometer-agent. Change-Id: I940fb2ce9d671e919c817cee7adda2ac22ecb3fb Closes-Bug: #1816299
2019-02-19 20:15:30 +00:00
'python-nova-lxd',
Remove python-oslo.privsep on upgrades to >=rocky Ubuntu OpenStack Rocky migrated from python2 to python3, the package python-oslo.privsep provides the privsep-helper program as an alternative, when having it installed next to python3-oslo.privsep the first installed will stay as a default. This change add python-oslo.privsep to the list of packages that need to be purged on OpenStack>=rocky. Change-Id: Ib64dfa30b6705a45f82051dfc3634740a5f3a661 Closes-Bug: #1822763
2021-12-14 12:47:24 -03:00
'python-oslo.privsep', # LP: #1822763
py3: deal with subordinate dependencies Switch to marking non-leaf python-* packages as automatically installed so that they will be purged once the last remaining package that depends on them that was manually installed is removed. Force install of python3-nova-lxd for Rocky and above to ensure that py versions are matched with python3-nova. Change-Id: I79d528bfb7732490aa42da2158244350c03dfa59 Closes-Bug: 1797879
2018-10-15 16:39:52 +01:00
]
Install multipath dependencies when use-multipath is True This change ensures that the multipath dependencies are installed on the compute node when the use-multipath config flag is enabled. Change-Id: I39b017398b95f5901d9bc57ffa0c59ff59f3a359 Closes-Bug: #1806830
2019-02-04 19:43:49 -07:00
MULTIPATH_PACKAGES = [
'multipath-tools',
'sysfsutils',
]
py3: deal with subordinate dependencies Switch to marking non-leaf python-* packages as automatically installed so that they will be purged once the last remaining package that depends on them that was manually installed is removed. Force install of python3-nova-lxd for Rocky and above to ensure that py versions are matched with python3-nova. Change-Id: I79d528bfb7732490aa42da2158244350c03dfa59 Closes-Bug: 1797879
2018-10-15 16:39:52 +01:00
HELD_PACKAGES = [
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
'python-memcache',
py3: deal with subordinate dependencies Switch to marking non-leaf python-* packages as automatically installed so that they will be purged once the last remaining package that depends on them that was manually installed is removed. Force install of python3-nova-lxd for Rocky and above to ensure that py versions are matched with python3-nova. Change-Id: I79d528bfb7732490aa42da2158244350c03dfa59 Closes-Bug: 1797879
2018-10-15 16:39:52 +01:00
'python-psutil',
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
]
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
SWTPM_PACKAGES = [
'swtpm',
'swtpm-tools',
]
Add support for application version Juju 2.0 provides support for display of the version of an application deployed by a charm in juju status. Insert the os_application_version_set function into the existing assess_status function - this gets called after all hook executions, and periodically after that, so any changes in package versions due to normal system updates will also be reflected in the status output. This review also includes a resync of charm-helpers to pickup hookenv and contrib.openstack support for this feature. Change-Id: I8d8744ea11c6d70262ba350717f90489c25535bb
2016-09-20 12:37:40 +01:00
VERSION_PACKAGE = 'nova-common'
Sort out default config stuff
2014-10-17 16:56:44 +01:00
DEFAULT_INSTANCE_PATH = '/var/lib/nova/instances'
update helpers, utils, and conf templates
2014-02-21 09:36:58 -05:00
NOVA_CONF_DIR = "/etc/nova"
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
QEMU_CONF = '/etc/libvirt/qemu.conf'
LIBVIRTD_CONF = '/etc/libvirt/libvirtd.conf'
LIBVIRT_BIN = '/etc/default/libvirt-bin'
Fixes broken rev 112 by using /etc/init.d/libvirt-bin.override instead of /etc/default/libvirt-bin
2015-03-31 14:22:53 +01:00
LIBVIRT_BIN_OVERRIDES = '/etc/init/libvirt-bin.override'
update helpers, utils, and conf templates
2014-02-21 09:36:58 -05:00
NOVA_CONF = '%s/nova.conf' % NOVA_CONF_DIR
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
NOVA_COMPUTE_CONF = '%s/nova-compute.conf' % NOVA_CONF_DIR
Propagate vendor_data from nova-cloud-controller When using DVR and L3HA neutron deployment options, Nova API Metadata requests are served from compute nodes, instead of from neutron-gateway nodes. This change allows nova-compute to receive vendor_data configuration values from nova-cloud-controller charm relation and write to nova-compute's nova.conf appropriately. This will be effictive for Queens and later OpenStack releases. Synced charm-helpers in order to import new context for writing the vendor_data.json file. Change-Id: I0c79e1bfac9fbe7009a7e862ad010cfa2de8cfda Closes-Bug: #1777714
2019-05-09 16:15:04 -03:00
VENDORDATA_FILE = '%s/vendor_data.json' % NOVA_CONF_DIR
Remove hugepage fstab entry and use qemu-kvm init The hugepages fstab entry can stop systems from booting if the /run filesystem is not available. The qemu-kvm init script can be used to enable hugepages by setting KVM_HUGEPAGES=1 This apporach works for both upstart and systemd (where the old System V script is used). However, for a systemd system the prefered approach would be to enable hugepages via kernel parameters set in MAAS. Change-Id: Ib91ca930a91da3d75dbd96f7d55e7e259cb50fd1 Closes-Bug: 1518771
2016-04-11 12:31:31 +00:00
QEMU_KVM = '/etc/default/qemu-kvm'
Add apparmor support Fixes to nova-network and nova-api service restarts Charm helpers sync to bring in the AppArmorContext class Create specific service ApiAppArmorContexts Add service specific templates for apparmor profiles Add aa-profile-mode in config.yaml Apply the apparmor profile as requested: disable, enforce, complain Add aa-profile-mode change test to amulet Charm-helpers sync to pull in AA Profile context changes Change-Id: I18aff4bfe131010521ea9ff544c6bf76f888afa6
2016-04-21 15:14:23 -07:00
NOVA_API_AA_PROFILE_PATH = ('/etc/apparmor.d/{}'.format(NOVA_API_AA_PROFILE))
NOVA_COMPUTE_AA_PROFILE_PATH = ('/etc/apparmor.d/{}'
''.format(NOVA_COMPUTE_AA_PROFILE))
NOVA_NETWORK_AA_PROFILE_PATH = ('/etc/apparmor.d/{}'
''.format(NOVA_NETWORK_AA_PROFILE))
Block nova-compute startup on mountpoint If an ephemeral-device storage configuration has been provided, ensure that the nova-compute service will not start until the mountpoint (currently /var/lib/nova/instances) has actually been mounted. If this does not happen the nova-compute service will fail to start in a failsafe condition. Change-Id: Ic16691e119e430faec9994f6e207596629e47bb6 Closes-Bug: 1863358
2021-09-15 15:49:40 +01:00
NOVA_COMPUTE_OVERRIDE_DIR = '/etc/systemd/system/nova-compute.service.d'
MOUNT_DEPENDENCY_OVERRIDE = '99-mount.conf'
Add LXD support for ceph-access relation The nova-lxd driver is growing support for ceph storage backends, but as this is a host based integration, it relies on keyrings being placed in /etc/ceph for cephx authentication, rather than using some other secret storage mechanism as done for libvirt. Tweak the ceph-access-relation-changed handling to deal with this and ensure that the ceph-common package is installed with relations of this type are joined. Change-Id: I887e0be007c5606614e00c6a374416368d675c4d
2017-03-29 14:31:46 +01:00
LIBVIRT_TYPES = ['kvm', 'qemu', 'lxc']
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
Use hosts official name for FQDN The current implementations use of a specific interface to build FQDN from has the undesired side effect of the ``nova-compute`` and ``neutron-openvswitch`` charms ending up with using different hostnames in some situations. It may also lead to use of a identifier that is mutable throughout the lifetime of a deployment. Use of a specific interface was chosen due to ``socket.getfqdn()`` not giving reliable results (https://bugs.python.org/issue5004). This patch gets the FQDN by mimickingthe behaviour of a call to ``hostname -f`` with fallback to shortname on failure. Add relevant update from c-h. Needed-By: Ic8f8742261b773484687985aa0a366391cd2737a Change-Id: I82db81937e5a46dc6bd222b7160ca1fa5b190c10 Closes-Bug: #1839300
2020-01-10 09:13:34 +01:00
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
BASE_RESOURCE_MAP = {
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
NOVA_CONF: {
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
'services': ['nova-compute'],
rabbit ssl support
2014-02-23 17:31:39 -05:00
'contexts': [context.AMQPContext(ssl_dir=NOVA_CONF_DIR),
update helpers, utils, and conf templates
2014-02-21 09:36:58 -05:00
context.SharedDBContext(
relation_prefix='nova', ssl_dir=NOVA_CONF_DIR),
Add main context generators.
2013-07-29 18:10:45 -07:00
context.ImageServiceContext(),
Drop OSConfigFlagContext, move to helpers.
2013-08-14 09:13:20 -07:00
context.OSConfigFlagContext(),
Add main context generators.
2013-07-29 18:10:45 -07:00
CloudComputeContext(),
Add LXDContext This allows us to configure the lxd section of nova.conf to appropriately configure LXD storage based on the information provided across the LXD relation Change-Id: I5c38766c4be66d63ef4a07eccc780fcab5973d49
2017-05-31 10:28:26 +02:00
LxdContext(),
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
IronicAPIContext(),
Subscbe nova.conf to libvirt context, set migration URI for ssh migration accordingly.
2013-09-05 19:11:31 -07:00
NovaComputeLibvirtContext(),
Add new locally scoped relation and context updates for nova-ceilometer
2013-11-29 15:35:28 +00:00
NovaComputeCephContext(),
Replace use-syslog with SyslogContext
2014-02-12 16:21:55 +01:00
context.SyslogContext(),
Allow neutron-plugin sub to publish nothing A change landed to charm helpers to mark the SubordinateConfigContext as incomplete if the subordinate supplied no data *1. But the neutron-plugin subordinate may legitimately supply no data if no special config is needed. This restores the previous behaviour of marking the subordinate context for the neutron-plugin relation as complete even if not data was supplied. *1 https://github.com/juju/charm-helpers/pull/519 Change-Id: I34fa2d39171132e4fe7d0b7e5fd29162161a5060 Closes-Bug: #1912187
2021-01-19 14:49:57 +00:00
NeutronPluginSubordinateConfigContext(
interface=['neutron-plugin'],
service=['nova-compute', 'nova'],
config_file=NOVA_CONF),
Add new locally scoped relation and context updates for nova-ceilometer
2013-11-29 15:35:28 +00:00
context.SubordinateConfigContext(
Allow neutron-plugin sub to publish nothing A change landed to charm helpers to mark the SubordinateConfigContext as incomplete if the subordinate supplied no data *1. But the neutron-plugin subordinate may legitimately supply no data if no special config is needed. This restores the previous behaviour of marking the subordinate context for the neutron-plugin relation as complete even if not data was supplied. *1 https://github.com/juju/charm-helpers/pull/519 Change-Id: I34fa2d39171132e4fe7d0b7e5fd29162161a5060 Closes-Bug: #1912187
2021-01-19 14:49:57 +00:00
interface=['nova-ceilometer',
Add ability to provide another ephemeral storage for nova-compute Nova has configuration option to specify ephemeral storage - images_type But right now this charm allows to specify only ceph via relation to ceph. This changeset adds ability to specify any images_type and add ability to provide configuration for the ephemeral backend via relation. Same functionality implemented in cinder charm via storage-backend interface. Change-Id: Id851e172aed53723d4d8fb6623ff1c4b4a03fefa
2016-06-17 18:38:26 +03:00
'ephemeral-backend'],
Update charm to use single SubordinateConfigContext to stop ctxt data being lost
2015-07-29 17:10:07 +01:00
service=['nova-compute', 'nova'],
Consume data from neutron-plugin subordinates.
2015-07-14 11:45:42 +01:00
config_file=NOVA_CONF),
Add nova-vgpu relation Change-Id: Ie034a263c85c2909ce87ada632196772dbd265d2
2022-02-15 11:51:42 +01:00
context.SubordinateConfigContext(
interface=['nova-vgpu'],
service=['nova-compute', 'nova'],
config_file=NOVA_CONF),
Added 0mq support
2014-09-09 09:47:14 +00:00
InstanceConsoleContext(),
Fix unit tests and lint
2014-10-20 14:16:22 +00:00
context.ZeroMQContext(),
Rebase on next
2014-12-15 10:39:46 +00:00
context.NotificationDriverContext(),
Enable a nova metadata agent if running in DVR mode
2015-02-04 16:31:09 +00:00
MetadataServiceContext(),
[trivial] make debug and verbose configurable
2015-04-13 13:22:05 +01:00
HostIPContext(),
Add support for LXD live migration Live migration is turned off by default in nova-lxd because the feature is still considered to be experimental by the LXD project. Re-use the 'enable-live-migration' config option so that when it's enabled, turn on live-migration for lxd as well. Change-Id: Ie03457b588b43e22cbb2894da04637f82ab03059 Signed-off-by: Chuck Short <chuck.short@canonical.com>
2016-07-12 09:58:41 -04:00
NovaComputeVirtContext(),
Support using internal network for clients Openstack mostly defaults to using public endpoints for internal communication between services. This patch adds a new option use-internal-endpoints which, if set to True, will configure services to use internal endpoints where possible. Closes-Bug: 1456876 Change-Id: I736a0a281ec434067bc92fa70898b16a027f7422
2016-03-24 16:00:51 +00:00
context.LogLevelContext(),
Sync charm-helpers and use VolumeAPIContext Sync in the charm-helpers to use the new VolumeAPIContext object in order to determine the volume catalog info to use in the configuration file. This is simply an alternative implementation for commit 5d92bc9f. This will separate concerns for determining internal endpoints and determining volume api versions. Change-Id: I91009e1f9643f818b6f97898aa5d7c43e84684ed Related-Bug: #1733566
2018-02-08 19:07:34 -07:00
context.InternalEndpointContext(),
context.VolumeAPIContext('nova-common'),
Add support for 'default_availability_zone' parameter. I've added support for 'default_availability_zone' parameter. I've added charm parameter, modified 'nova.conf' templates and implemented it to be exposed via 'neutron-plugin' relation settings. Change-Id: I85008ac0f3540a2b5c817893d63e497b63f43043 Closes-Bug: 1595937
2016-12-07 12:06:11 +01:00
SerialConsoleContext(),
Support configurable metadata_workers Adds config option worker-multiplier to allow configuring the number of workers used for the metadata api when using local dhcp or dvr. Change-Id: I505963165f8a4fade0123c2825af00189285f168 Closes-Bug: 1707618
2017-08-14 10:09:03 +01:00
NovaComputeAvailabilityZoneContext(),
Added allocation-ratio config opts Nova supports setting allocation ratios at the nova-compute level from Liberty onwards. Prior to this allocation ratios were set at the nova-scheduler level. Newton introduced the Placement API, and Ocata introduced the ability to have compute resources (Core/RAM/Disk) precomputed before passing candidates to the FilterScheduler [0]. Pike removed CoreFilter, RAMFilter and DiskFilter scheduler filters. From Pike onwards valid methods for settings these allocation ratios are via: - A call to the Placement API [1]. - Config values to supplied to nova-compute (xxx_allocation_ratio). Stein introduced initial_xxx_allocation_ratio in response to the runtime behaviour of the ResourceTracker [2]. Currently, the precedence of resource ratio values are: xxx_allocation_ratio > Placement API call > initial_xxx_allocation_ratio That is a (compute) resource provider's allocation ratios will default to initial_xxx_allocation_ratio which may be overridden at run time by a call to the Placement API. If xxx_allocation_ratio is set it will override all configurations for that provider. When not otherwise configured, we set initial_xxx_allocation_ratio to the values provided by ncc to maintain backwards compatibility. Where initial_xxx_allocation_ratio is not available we set xxx_allocation_ratio. [0] https://specs.openstack.org/openstack/nova-specs/specs/ocata/implemented/resource-providers-scheduler-db-filters.html [1] https://docs.openstack.org/api-ref/placement/#update-resource-provider-inventories [2] https://specs.openstack.org/openstack/nova-specs/specs/stein/implemented/initial-allocation-ratios.html Change-Id: Ifa314e9e23e0ae5d16113cd91a7507e61f9de704 Closes-Bug: #1677223
2020-04-07 11:00:37 +10:00
NovaComputePlacementContext(),
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
context.WorkerConfigContext(),
vaultlocker.VaultKVContext(
Retrieve cloud credentials directly from keystone In a cells deployment the credentials for the nova-compute application will no longer be available via the nova-cloud-controller in the local cell. This change adds the scaffolding for a cell to utilise a new cloud-credentials relation to allow it to retrieve credentials directly from keystone. Change-Id: I9d1a7353d730f7cb8e93cc9eea5b788f7c956c3d
2018-06-14 10:12:28 +00:00
vaultlocker.VAULTLOCKER_BACKEND),
context.IdentityCredentialsContext(
Use hosts official name for FQDN The current implementations use of a specific interface to build FQDN from has the undesired side effect of the ``nova-compute`` and ``neutron-openvswitch`` charms ending up with using different hostnames in some situations. It may also lead to use of a identifier that is mutable throughout the lifetime of a deployment. Use of a specific interface was chosen due to ``socket.getfqdn()`` not giving reliable results (https://bugs.python.org/issue5004). This patch gets the FQDN by mimickingthe behaviour of a call to ``hostname -f`` with fallback to shortname on failure. Add relevant update from c-h. Needed-By: Ic8f8742261b773484687985aa0a366391cd2737a Change-Id: I82db81937e5a46dc6bd222b7160ca1fa5b190c10 Closes-Bug: #1839300
2020-01-10 09:13:34 +01:00
rel_name='cloud-credentials'),
Use a stable hostname to render nova.conf OVS introduced a new service called ovs-record-hostname.service which records the hostname on the first start in the ovs database to identify the ovn chassis, this is how it achieved a stable hostname and be resilient to the changes in the FQDN when the DNS gets available. This change introduces the same approach for nova-compute charm. In the first run of the NovaComputeHostInfoContext the value passed in the context as host_fqdn is stored in the unit's kv db, and re-used on every subsequent call. This change affects only new installs since the hint to store (or not) the host fqdn is set in the install hook. Change-Id: I2aa74442ec25b21201a47070077df27899465814 Closes-Bug: #1896630
2023-02-15 11:43:40 -03:00
NovaComputeHostInfoContext(),
Make virt_mkfs configurable with ext4 default Closes-Bug: #1960231 Change-Id: Ia2ac7318f1164a9015bdf9e7ce7d20a129e22af4
2022-03-07 16:26:36 +00:00
VirtMkfsContext(),
Use hosts official name for FQDN The current implementations use of a specific interface to build FQDN from has the undesired side effect of the ``nova-compute`` and ``neutron-openvswitch`` charms ending up with using different hostnames in some situations. It may also lead to use of a identifier that is mutable throughout the lifetime of a deployment. Use of a specific interface was chosen due to ``socket.getfqdn()`` not giving reliable results (https://bugs.python.org/issue5004). This patch gets the FQDN by mimickingthe behaviour of a call to ``hostname -f`` with fallback to shortname on failure. Add relevant update from c-h. Needed-By: Ic8f8742261b773484687985aa0a366391cd2737a Change-Id: I82db81937e5a46dc6bd222b7160ca1fa5b190c10 Closes-Bug: #1839300
2020-01-10 09:13:34 +01:00
],
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
},
Propagate vendor_data from nova-cloud-controller When using DVR and L3HA neutron deployment options, Nova API Metadata requests are served from compute nodes, instead of from neutron-gateway nodes. This change allows nova-compute to receive vendor_data configuration values from nova-cloud-controller charm relation and write to nova-compute's nova.conf appropriately. This will be effictive for Queens and later OpenStack releases. Synced charm-helpers in order to import new context for writing the vendor_data.json file. Change-Id: I0c79e1bfac9fbe7009a7e862ad010cfa2de8cfda Closes-Bug: #1777714
2019-05-09 16:15:04 -03:00
VENDORDATA_FILE: {
'services': [],
'contexts': [CloudComputeVendorJSONContext()],
},
Add apparmor support Fixes to nova-network and nova-api service restarts Charm helpers sync to bring in the AppArmorContext class Create specific service ApiAppArmorContexts Add service specific templates for apparmor profiles Add aa-profile-mode in config.yaml Apply the apparmor profile as requested: disable, enforce, complain Add aa-profile-mode change test to amulet Charm-helpers sync to pull in AA Profile context changes Change-Id: I18aff4bfe131010521ea9ff544c6bf76f888afa6
2016-04-21 15:14:23 -07:00
NOVA_API_AA_PROFILE_PATH: {
'services': ['nova-api'],
'contexts': [NovaAPIAppArmorContext()],
},
NOVA_COMPUTE_AA_PROFILE_PATH: {
'services': ['nova-compute'],
'contexts': [NovaComputeAppArmorContext()],
},
NOVA_NETWORK_AA_PROFILE_PATH: {
'services': ['nova-network'],
'contexts': [NovaNetworkAppArmorContext()],
},
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
}
Updates for Ubuntu Yakkety Yakkety swiches: a) the name of the libvirt daemon from libvirt-bin -> libvirtd b) the default libvirt user from libvirtd -> libvirt Update contexts, restarts, templates and enable yakkety test to deal with this change. Resync charm-helpers to support enablement of yakkety amulet test. Change-Id: I58eb3a5da53d4a12390968c835c0ff408a42d1b5
2016-09-14 11:40:57 +01:00
LIBVIRTD_DAEMON = 'libvirtd'
LIBVIRT_BIN_DAEMON = 'libvirt-bin'
Merge zuls first cut, tweak and optimize
2014-10-17 16:35:40 +01:00
LIBVIRT_RESOURCE_MAP = {
QEMU_CONF: {
Updates for Ubuntu Yakkety Yakkety swiches: a) the name of the libvirt daemon from libvirt-bin -> libvirtd b) the default libvirt user from libvirtd -> libvirt Update contexts, restarts, templates and enable yakkety test to deal with this change. Resync charm-helpers to support enablement of yakkety amulet test. Change-Id: I58eb3a5da53d4a12390968c835c0ff408a42d1b5
2016-09-14 11:40:57 +01:00
'services': [LIBVIRT_BIN_DAEMON],
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
'contexts': [NovaComputeLibvirtContext(),
NovaComputeSWTPMContext()],
Merge zuls first cut, tweak and optimize
2014-10-17 16:35:40 +01:00
},
Remove hugepage fstab entry and use qemu-kvm init The hugepages fstab entry can stop systems from booting if the /run filesystem is not available. The qemu-kvm init script can be used to enable hugepages by setting KVM_HUGEPAGES=1 This apporach works for both upstart and systemd (where the old System V script is used). However, for a systemd system the prefered approach would be to enable hugepages via kernel parameters set in MAAS. Change-Id: Ib91ca930a91da3d75dbd96f7d55e7e259cb50fd1 Closes-Bug: 1518771
2016-04-11 12:31:31 +00:00
QEMU_KVM: {
'services': ['qemu-kvm'],
'contexts': [NovaComputeLibvirtContext()],
},
Merge zuls first cut, tweak and optimize
2014-10-17 16:35:40 +01:00
LIBVIRTD_CONF: {
Updates for Ubuntu Yakkety Yakkety swiches: a) the name of the libvirt daemon from libvirt-bin -> libvirtd b) the default libvirt user from libvirtd -> libvirt Update contexts, restarts, templates and enable yakkety test to deal with this change. Resync charm-helpers to support enablement of yakkety amulet test. Change-Id: I58eb3a5da53d4a12390968c835c0ff408a42d1b5
2016-09-14 11:40:57 +01:00
'services': [LIBVIRT_BIN_DAEMON],
Merge zuls first cut, tweak and optimize
2014-10-17 16:35:40 +01:00
'contexts': [NovaComputeLibvirtContext()],
},
LIBVIRT_BIN: {
Updates for Ubuntu Yakkety Yakkety swiches: a) the name of the libvirt daemon from libvirt-bin -> libvirtd b) the default libvirt user from libvirtd -> libvirt Update contexts, restarts, templates and enable yakkety test to deal with this change. Resync charm-helpers to support enablement of yakkety amulet test. Change-Id: I58eb3a5da53d4a12390968c835c0ff408a42d1b5
2016-09-14 11:40:57 +01:00
'services': [LIBVIRT_BIN_DAEMON],
Merge zuls first cut, tweak and optimize
2014-10-17 16:35:40 +01:00
'contexts': [NovaComputeLibvirtContext()],
Rediffed
2014-09-29 13:07:52 -04:00
},
Tidy, drop storage config
2015-04-22 10:21:01 +01:00
LIBVIRT_BIN_OVERRIDES: {
Updates for Ubuntu Yakkety Yakkety swiches: a) the name of the libvirt daemon from libvirt-bin -> libvirtd b) the default libvirt user from libvirtd -> libvirt Update contexts, restarts, templates and enable yakkety test to deal with this change. Resync charm-helpers to support enablement of yakkety amulet test. Change-Id: I58eb3a5da53d4a12390968c835c0ff408a42d1b5
2016-09-14 11:40:57 +01:00
'services': [LIBVIRT_BIN_DAEMON],
Tidy, drop storage config
2015-04-22 10:21:01 +01:00
'contexts': [NovaComputeLibvirtOverrideContext()],
},
Rediffed
2014-09-29 13:07:52 -04:00
}
Merge zuls first cut, tweak and optimize
2014-10-17 16:35:40 +01:00
LIBVIRT_RESOURCE_MAP.update(BASE_RESOURCE_MAP)
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
CEPH_SECRET = '/etc/ceph/secret.xml'
Fix support for cinder ceph rbd in Ocata As of Ocata, the ceph key used to access a specific Cinder Ceph backend must match the name of the key used by cinder, with an appropriate secret configured for libvirt use with the cephx key used by the cinder-ceph charm. Add support for the new ceph-access relation to allow nova-compute units to communicate with multiple ceph backends using different cephx keys and user names. The side effect of this change is that nova-compute will have a key for use with its own ephemeral backend ceph access, and a key for each cinder ceph backend configured in the deployment. Change-Id: I638473fc46c99a8bfe301f9a0c844de9efd47a2a Closes-Bug: 1671422
2017-03-09 12:51:25 +00:00
CEPH_BACKEND_SECRET = '/etc/ceph/secret-{}.xml'
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
Checkin templates.
2013-07-30 20:39:44 -07:00
CEPH_RESOURCES = {
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
CEPH_SECRET: {
Checkin templates.
2013-07-30 20:39:44 -07:00
'contexts': [NovaComputeCephContext()],
'services': [],
}
}
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
# Maps virt-type config to a compute package(s).
VIRT_TYPES = {
'kvm': ['nova-compute-kvm'],
'qemu': ['nova-compute-qemu'],
'uml': ['nova-compute-uml'],
'lxc': ['nova-compute-lxc'],
flex->lxd
2015-02-11 13:20:35 -05:00
'lxd': ['nova-compute-lxd'],
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
'ironic': ['nova-compute-ironic'],
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
}
py3: deal with subordinate dependencies Switch to marking non-leaf python-* packages as automatically installed so that they will be purged once the last remaining package that depends on them that was manually installed is removed. Force install of python3-nova-lxd for Rocky and above to ensure that py versions are matched with python3-nova. Change-Id: I79d528bfb7732490aa42da2158244350c03dfa59 Closes-Bug: 1797879
2018-10-15 16:39:52 +01:00
Specify which hypervisor to connect virsh to based on virt-type config.
2014-08-19 19:57:45 +00:00
# Maps virt-type config to a libvirt URI.
LIBVIRT_URIS = {
'kvm': 'qemu:///system',
'qemu': 'qemu:///system',
'uml': 'uml:///system',
'lxc': 'lxc:///',
}
Workload Status
2015-09-25 15:12:01 -07:00
# The interface is said to be satisfied if anyone of the interfaces in the
# list has a complete context.
REQUIRED_INTERFACES = {
Drop zeromq support Support for the ZeroMQ messaging driver has bit-rotted over the last few years across the OpenStack charms; drop support for ZMQ inline with deprecation notices issues in 17.02 charm release. Change-Id: I66330dd29972e39e45e9bf81cb0570d5749b8312
2017-12-07 14:19:34 +00:00
'messaging': ['amqp'],
Workload Status
2015-09-25 15:12:01 -07:00
'image': ['image-service'],
Support for neutron context without credentials If the compute node is deployed in a cell it will get service credentials via a direct relationship with keystone and not from a nova-cloud-controller relation. This change adds support for having a complete CloudComputeContext without having service credentials. Change-Id: Id39262c53f207bb61b0a60954d5a077562e4e6f3
2018-06-19 14:42:13 +00:00
'compute': ['cloud-compute'],
Workload Status
2015-09-25 15:12:01 -07:00
}
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Updates for Ubuntu Yakkety Yakkety swiches: a) the name of the libvirt daemon from libvirt-bin -> libvirtd b) the default libvirt user from libvirtd -> libvirt Update contexts, restarts, templates and enable yakkety test to deal with this change. Resync charm-helpers to support enablement of yakkety amulet test. Change-Id: I58eb3a5da53d4a12390968c835c0ff408a42d1b5
2016-09-14 11:40:57 +01:00
def libvirt_daemon():
'''Resolve the correct name of the libvirt daemon service'''
distro_codename = lsb_release()['DISTRIB_CODENAME'].lower()
Fix alphanumeric comparisons for openstack and ubuntu releases - sync charmhelpers with fix-alpha helpers - fix up code where the alpha comparisons are done - fix tests which assumed mocks would just work on os_release() Change-Id: Iffd4ed0aecbb966fe493fe0f24bf2422aab55bb6 Related-Bug: #1659575
2017-04-04 18:53:20 +01:00
if (CompareHostReleases(distro_codename) >= 'yakkety' or
CompareOpenStackReleases(os_release('nova-common')) >= 'ocata'):
Updates for Ubuntu Yakkety Yakkety swiches: a) the name of the libvirt daemon from libvirt-bin -> libvirtd b) the default libvirt user from libvirtd -> libvirt Update contexts, restarts, templates and enable yakkety test to deal with this change. Resync charm-helpers to support enablement of yakkety amulet test. Change-Id: I58eb3a5da53d4a12390968c835c0ff408a42d1b5
2016-09-14 11:40:57 +01:00
return LIBVIRTD_DAEMON
else:
return LIBVIRT_BIN_DAEMON
Charmhelpers sync to get vaultlocker fixes Also gates checking vaultlocker status until it is installed Change-Id: I07f92132b0340b538ee472887c7fd0e0cc911453 Closes-Bug: #1849323
2019-12-10 13:38:51 +00:00
def vaultlocker_installed():
return len(filter_installed_packages(['vaultlocker'])) == 0
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
def resource_map():
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
'''
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
Dynamically generate a map of resources that will be managed for a single
hook execution.
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
'''
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
# TODO: Cache this on first call?
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
virt_type = config('virt-type').lower()
if virt_type in ('lxd', 'ironic'):
Merge zuls first cut, tweak and optimize
2014-10-17 16:35:40 +01:00
resource_map = deepcopy(BASE_RESOURCE_MAP)
Fixup minor bits and pieces
2015-04-23 14:32:10 +01:00
else:
resource_map = deepcopy(LIBVIRT_RESOURCE_MAP)
Charmhelpers sync to get vaultlocker fixes Also gates checking vaultlocker status until it is installed Change-Id: I07f92132b0340b538ee472887c7fd0e0cc911453 Closes-Bug: #1849323
2019-12-10 13:38:51 +00:00
# if vault deps are not installed it is not yet possible to check the vault
# context status since it requires the hvac dependency.
if not vaultlocker_installed():
to_delete = []
for item in resource_map[NOVA_CONF]['contexts']:
if isinstance(item, type(vaultlocker.VaultKVContext())):
to_delete.append(item)
for item in to_delete:
resource_map[NOVA_CONF]['contexts'].remove(item)
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
net_manager = network_manager()
Ensure nova.conf subscribes to the Neutron context only when we required.
2013-08-16 12:14:16 -07:00
# Network manager gets set late by the cloud-compute interface.
# FlatDHCPManager only requires some extra packages.
Fix alphanumeric comparisons for openstack and ubuntu releases - sync charmhelpers with fix-alpha helpers - fix up code where the alpha comparisons are done - fix tests which assumed mocks would just work on os_release() Change-Id: Iffd4ed0aecbb966fe493fe0f24bf2422aab55bb6 Related-Bug: #1659575
2017-04-04 18:53:20 +01:00
cmp_os_release = CompareOpenStackReleases(os_release('nova-common'))
neutron compat.
2013-08-12 14:48:24 -07:00
if (net_manager in ['flatmanager', 'flatdhcpmanager'] and
Ocata fixes for nova-compute Disable deprecated nova-network in ocata libvirtd vs libvirt-bin Amulet test fixes and enable xenial-ocata target Change-Id: Ie08fcd333515669a2b6cdb722f2eb0ac75ee35ea
2017-02-28 16:23:06 -08:00
config('multi-host').lower() == 'yes' and
Fix alphanumeric comparisons for openstack and ubuntu releases - sync charmhelpers with fix-alpha helpers - fix up code where the alpha comparisons are done - fix tests which assumed mocks would just work on os_release() Change-Id: Iffd4ed0aecbb966fe493fe0f24bf2422aab55bb6 Related-Bug: #1659575
2017-04-04 18:53:20 +01:00
cmp_os_release < 'ocata'):
Use more constants, use default neutron/quantum control exchange
2013-09-24 14:42:13 +01:00
resource_map[NOVA_CONF]['services'].extend(
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
['nova-api', 'nova-network']
)
Add apparmor support Fixes to nova-network and nova-api service restarts Charm helpers sync to bring in the AppArmorContext class Create specific service ApiAppArmorContexts Add service specific templates for apparmor profiles Add aa-profile-mode in config.yaml Apply the apparmor profile as requested: disable, enforce, complain Add aa-profile-mode change test to amulet Charm-helpers sync to pull in AA Profile context changes Change-Id: I18aff4bfe131010521ea9ff544c6bf76f888afa6
2016-04-21 15:14:23 -07:00
else:
resource_map.pop(NOVA_API_AA_PROFILE_PATH)
resource_map.pop(NOVA_NETWORK_AA_PROFILE_PATH)
neutron compat.
2013-08-12 14:48:24 -07:00
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
if cmp_os_release >= 'wallaby':
resource_map[NOVA_COMPUTE_CONF] = {
"services": ["nova-compute"],
"contexts": [NovaComputeSWTPMContext(),
NovaComputeVirtContext()]
}
Only render qemu.conf for hypervisors using qemu Change-Id: I02a250c27d1b52d5cc9df3f1d6256bfc3ab982ea Closes-Bug: #1968547
2022-04-11 10:37:24 +00:00
if virt_type in ('kvm', 'qemu'):
resource_map[QEMU_CONF] = {
"services": [LIBVIRTD_DAEMON],
"contexts": [NovaComputeSWTPMContext()]
}
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
elif cmp_os_release >= 'train':
resource_map[NOVA_COMPUTE_CONF] = {
"services": ["nova-compute"],
"contexts": [NovaComputeVirtContext()]
}
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
Fix alphanumeric comparisons for openstack and ubuntu releases - sync charmhelpers with fix-alpha helpers - fix up code where the alpha comparisons are done - fix tests which assumed mocks would just work on os_release() Change-Id: Iffd4ed0aecbb966fe493fe0f24bf2422aab55bb6 Related-Bug: #1659575
2017-04-04 18:53:20 +01:00
cmp_distro_codename = CompareHostReleases(
lsb_release()['DISTRIB_CODENAME'].lower())
if (cmp_distro_codename >= 'yakkety' or cmp_os_release >= 'ocata'):
Updates for Ubuntu Yakkety Yakkety swiches: a) the name of the libvirt daemon from libvirt-bin -> libvirtd b) the default libvirt user from libvirtd -> libvirt Update contexts, restarts, templates and enable yakkety test to deal with this change. Resync charm-helpers to support enablement of yakkety amulet test. Change-Id: I58eb3a5da53d4a12390968c835c0ff408a42d1b5
2016-09-14 11:40:57 +01:00
for data in resource_map.values():
if LIBVIRT_BIN_DAEMON in data['services']:
data['services'].remove(LIBVIRT_BIN_DAEMON)
data['services'].append(LIBVIRTD_DAEMON)
Ensure nova.conf subscribes to the Neutron context only when we required.
2013-08-16 12:14:16 -07:00
# Neutron/quantum requires additional contexts, as well as new resources
# depending on the plugin used.
Rejig context building
2013-10-16 13:36:45 +01:00
# NOTE(james-page): only required for ovs plugin right now
Ensure that general neutron context is applied in all circumstances so nova neutron configuration is correct
2014-10-02 13:56:19 +01:00
if net_manager in ['neutron', 'quantum']:
Use constants for configuration file names
2013-09-20 17:50:33 +01:00
resource_map[NOVA_CONF]['contexts'].append(NeutronComputeContext())
Ensure nova.conf subscribes to the Neutron context only when we required.
2013-08-16 12:14:16 -07:00
Checkin templates.
2013-07-30 20:39:44 -07:00
if relation_ids('ceph'):
Add helper function for generating ceph configuration filename
2013-10-10 12:41:00 +01:00
CEPH_RESOURCES[ceph_config_file()] = {
Install ceph.conf as an alternative for co-existence with ceph and ceph-osd charms
2013-10-10 12:09:48 +01:00
'contexts': [NovaComputeCephContext()],
cleanup context
2014-11-11 20:22:38 +00:00
'services': ['nova-compute']
Install ceph.conf as an alternative for co-existence with ceph and ceph-osd charms
2013-10-10 12:09:48 +01:00
}
Checkin templates.
2013-07-30 20:39:44 -07:00
resource_map.update(CEPH_RESOURCES)
Restart nova-api-metadata when nova.conf changes The charm code as it stood before did this correctly when the neutron-plugin relation included 'metadata-shared-secret', but not when it included 'enable-metadata' without 'metadata-shared-secret'. (See https://bugs.launchpad.net/charms/+source/nova-compute/+bug/1515570 for when 'enable-metadata' is used in this way.) This change commonizes the code that determines when nova-api-metadata should run, and uses this both to install the package and to add the resource map dependency from nova.conf to the nova-api-metadata service. Change-Id: I3354051b454621bc423ec6b2853d61301e58658c
2016-06-29 23:51:25 +01:00
enable_nova_metadata, _ = nova_metadata_requirement()
if enable_nova_metadata:
Enable a nova metadata agent if running in DVR mode
2015-02-04 16:31:09 +00:00
resource_map[NOVA_CONF]['services'].append('nova-api-metadata')
Don't write files to /etc/init if not present Only write the libvirt-bin.override file if /etc/init actually exists; This is really present to support upstart based deployments so is not required on Ubuntu Xenial or later. If nova-compute is deployed in a LXD container, this directory is unlikely to be present in a pristine container image. Change-Id: Ie68be0f3e7ca610478159f5f1dd491b8b755e82e Closes-Bug: 1805191
2018-11-27 10:51:23 +00:00
# NOTE(james-page): If not on an upstart based system, don't write
# and override file for libvirt-bin.
if not os.path.exists('/etc/init'):
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
if LIBVIRT_BIN_OVERRIDES in resource_map:
del resource_map[LIBVIRT_BIN_OVERRIDES]
Don't write files to /etc/init if not present Only write the libvirt-bin.override file if /etc/init actually exists; This is really present to support upstart based deployments so is not required on Ubuntu Xenial or later. If nova-compute is deployed in a LXD container, this directory is unlikely to be present in a pristine container image. Change-Id: Ie68be0f3e7ca610478159f5f1dd491b8b755e82e Closes-Bug: 1805191
2018-11-27 10:51:23 +00:00
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
return resource_map
Finish up: new templates, ssh key creation, Makefile.
2013-08-01 16:21:58 -07:00
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
def restart_map():
'''
Constructs a restart map based on charm config settings and relation
state.
'''
Update to run under Python 3 Updating charm to support execution under Python 3. Change-Id: I9013860b5eefef05bee5b473e30217229fb6a739
2017-11-05 12:47:42 +11:00
return {k: v['services'] for k, v in resource_map().items()}
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
Finish up: new templates, ssh key creation, Makefile.
2013-08-01 16:21:58 -07:00
Rework do_openstack_upgrade to accomodate config file name changes
2014-03-06 16:25:06 +00:00
def services():
Process subordinate releases packages map For principal - subordinate plugin type relations where the principal Python payload imports code from packages managed by a subordinate, upgrades can be problematic. This change will allow a subordinate charm that have opted into the feature to inform its principal about all implemented release - packages combinations ahead of time. With this information in place the principal can do the upgrade in one operation without risk of charm relation RPC type processing at a critical moment. This makes use of https://github.com/juju/charm-helpers/pull/643 This is similar to https://review.opendev.org/c/openstack/charm-keystone/+/781822 Also fixed broken link to charm-guide. Change-Id: Iaf5b44be70ee108cbe88b4a26f0f15f915d507fe Closes-Bug: #1927277
2021-09-27 15:52:48 +02:00
'''
Returns a list of services associated with this charm and its subordinates.
'''
Fix resume action failure Services have interdependencies and the order in which we attempt to resume them is important, otherwise the resume action may fail. Uncovered while and validated by running the openstack-upgrade tests. [1] [1]: https://github.com/openstack-charmers/charmed-openstack-tester Change-Id: I12218b47dc56b502ecc8578c6ab13acbd321bf26 Related-Bug: #1927277 Related-Bug: #1952882
2021-12-01 11:09:57 +01:00
# NOTE(lourot): the order is important when resuming the services. For
# example the ceilometer-agent-compute service, coming from the
# ceilometer-agent subordinate charm, has a dependency to the nova-compute
# service. Attempting to start the ceilometer-agent-compute service first
# will then fail. Thus we return the services here in a resume-friendly
# order, i.e. the principal services first, then the subordinate ones.
return (list(set(chain(*restart_map().values()))) +
list(get_subordinate_services()))
Rework do_openstack_upgrade to accomodate config file name changes
2014-03-06 16:25:06 +00:00
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
def register_configs():
'''
Add main context generators.
2013-07-29 18:10:45 -07:00
Returns an OSTemplateRenderer object with all required configs registered.
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
'''
Appropriately update resource_map in presence of quantum.
2013-08-12 15:20:15 -07:00
release = os_release('nova-common')
Add main context generators.
2013-07-29 18:10:45 -07:00
configs = templating.OSConfigRenderer(templates_dir=TEMPLATES,
openstack_release=release)
create ceph conf dir and .conf alternative as early as possible if required.
2014-11-11 20:11:45 +00:00
if relation_ids('ceph'):
# Add charm ceph configuration to resources and
# ensure directory actually exists
mkdir(os.path.dirname(ceph_config_file()))
mkdir(os.path.dirname(CEPH_CONF))
# Install ceph config as an alternative for co-location with
# ceph and ceph-osd charms - nova-compute ceph.conf will be
Spelling fixes found by codespell. Change-Id: I819aa04eef6cc72a24ecaf39a350b30015612165
2021-09-21 19:28:46 +01:00
# lower priority than both of these but that's OK
create ceph conf dir and .conf alternative as early as possible if required.
2014-11-11 20:11:45 +00:00
if not os.path.exists(ceph_config_file()):
# touch file for pre-templated generation
open(ceph_config_file(), 'w').close()
install_alternative(os.path.basename(CEPH_CONF),
CEPH_CONF, ceph_config_file())
Update to run under Python 3 Updating charm to support execution under Python 3. Change-Id: I9013860b5eefef05bee5b473e30217229fb6a739
2017-11-05 12:47:42 +11:00
for cfg, d in resource_map().items():
Add main context generators.
2013-07-29 18:10:45 -07:00
configs.register(cfg, d['contexts'])
return configs
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
Install qemu-efi on AArch64 hosts UEFI firmware is required to chain into the bootloader supplied by AArch64 cloud images. Ubuntu's qemu-efi package supplies Tianocore-based UEFI firmware for AArch64 QEMU guests. Install it by default. Change-Id: Ie2477a42ed7a850c2d84ddf2e3e17c264d507374
2016-09-29 16:47:15 -07:00
def determine_packages_arch():
'''Generate list of architecture-specific packages'''
packages = []
distro_codename = lsb_release()['DISTRIB_CODENAME'].lower()
Fix alphanumeric comparisons for openstack and ubuntu releases - sync charmhelpers with fix-alpha helpers - fix up code where the alpha comparisons are done - fix tests which assumed mocks would just work on os_release() Change-Id: Iffd4ed0aecbb966fe493fe0f24bf2422aab55bb6 Related-Bug: #1659575
2017-04-04 18:53:20 +01:00
if (platform.machine() == 'aarch64' and
CompareHostReleases(distro_codename) >= 'wily'):
Install qemu-efi on AArch64 hosts UEFI firmware is required to chain into the bootloader supplied by AArch64 cloud images. Ubuntu's qemu-efi package supplies Tianocore-based UEFI firmware for AArch64 QEMU guests. Install it by default. Change-Id: Ie2477a42ed7a850c2d84ddf2e3e17c264d507374
2016-09-29 16:47:15 -07:00
packages.extend(['qemu-efi']), # AArch64 cloud images require UEFI fw
return packages
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
def determine_packages():
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
release = os_release('nova-common')
cmp_release = CompareOpenStackReleases(release)
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
packages = [] + BASE_PACKAGES
net_manager = network_manager()
neutron compat.
2013-08-12 14:48:24 -07:00
if (net_manager in ['flatmanager', 'flatdhcpmanager'] and
Ocata fixes for nova-compute Disable deprecated nova-network in ocata libvirtd vs libvirt-bin Amulet test fixes and enable xenial-ocata target Change-Id: Ie08fcd333515669a2b6cdb722f2eb0ac75ee35ea
2017-02-28 16:23:06 -08:00
config('multi-host').lower() == 'yes' and
Fix alphanumeric comparisons for openstack and ubuntu releases - sync charmhelpers with fix-alpha helpers - fix up code where the alpha comparisons are done - fix tests which assumed mocks would just work on os_release() Change-Id: Iffd4ed0aecbb966fe493fe0f24bf2422aab55bb6 Related-Bug: #1659575
2017-04-04 18:53:20 +01:00
CompareOpenStackReleases(os_release('nova-common')) < 'ocata'):
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
packages.extend(['nova-api', 'nova-network'])
if relation_ids('ceph'):
packages.append('ceph-common')
virt_type = config('virt-type')
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
if virt_type == 'ironic' and release < 'victoria':
# ironic compute driver is part of nova and
Spelling fixes found by codespell. Change-Id: I819aa04eef6cc72a24ecaf39a350b30015612165
2021-09-21 19:28:46 +01:00
# gets installed along with python3-nova
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
# The nova-compute-ironic metapackage that satisfies
# nova-compute-hypervisor does not exist for versions of
# OpenStack prior to Victoria. Use nova-compute-vmware,
# as that package has the least amount of dependencies.
# We also add python3-ironicclient here. This is a dependency
# which gets installed by nova-compute-ironic in Victoria and later.
VIRT_TYPES[virt_type] = [
'nova-compute-vmware',
'python3-ironicclient']
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
try:
packages.extend(VIRT_TYPES[virt_type])
except KeyError:
log('Unsupported virt-type configured: %s' % virt_type)
raise
Restart nova-api-metadata when nova.conf changes The charm code as it stood before did this correctly when the neutron-plugin relation included 'metadata-shared-secret', but not when it included 'enable-metadata' without 'metadata-shared-secret'. (See https://bugs.launchpad.net/charms/+source/nova-compute/+bug/1515570 for when 'enable-metadata' is used in this way.) This change commonizes the code that determines when nova-api-metadata should run, and uses this both to install the package and to add the resource map dependency from nova.conf to the nova-api-metadata service. Change-Id: I3354051b454621bc423ec6b2853d61301e58658c
2016-06-29 23:51:25 +01:00
enable_nova_metadata, _ = nova_metadata_requirement()
if enable_nova_metadata:
Enable a nova metadata agent if running in DVR mode
2015-02-04 16:31:09 +00:00
packages.append('nova-api-metadata')
Update tests.
2013-08-14 13:45:38 -07:00
Install qemu-efi on AArch64 hosts UEFI firmware is required to chain into the bootloader supplied by AArch64 cloud images. Ubuntu's qemu-efi package supplies Tianocore-based UEFI firmware for AArch64 QEMU guests. Install it by default. Change-Id: Ie2477a42ed7a850c2d84ddf2e3e17c264d507374
2016-09-29 16:47:15 -07:00
packages.extend(determine_packages_arch())
Install multipath dependencies when use-multipath is True This change ensures that the multipath dependencies are installed on the compute node when the use-multipath config flag is enabled. Change-Id: I39b017398b95f5901d9bc57ffa0c59ff59f3a359 Closes-Bug: #1806830
2019-02-04 19:43:49 -07:00
# LP#1806830 - ensure that multipath packages are installed when
# use-multipath option is enabled.
if config('use-multipath'):
packages.extend(MULTIPATH_PACKAGES)
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
if cmp_release >= 'rocky':
packages = [p for p in packages if not p.startswith('python-')]
packages.extend(PY3_PACKAGES)
py3: deal with more subordinate dependencies Ensure subordinate py3 packages are installed if their py2 counter-parts are currently installed for neutron-openvswitch and ceilometer-agent. Change-Id: I940fb2ce9d671e919c817cee7adda2ac22ecb3fb Closes-Bug: #1816299
2019-02-19 20:15:30 +00:00
if filter_missing_packages(['python-ceilometer']):
packages.append('python3-ceilometer')
if filter_missing_packages(['python-neutron']):
packages.append('python3-neutron')
py3: deal with more subordinate dependencies Ensure subordinate py3 packages are installed if their py2 counter-parts are currently installed for neutron-openvswitch. In this case we had missed python(3)-neutron-fwaas. Change-Id: I9d5e7c2ad034cd7bdf9cbf292b9107577860dac1 Closes-Bug: #1828259
2019-05-09 08:13:51 -04:00
if filter_missing_packages(['python-neutron-fwaas']):
packages.append('python3-neutron-fwaas')
py3: deal with subordinate dependencies Switch to marking non-leaf python-* packages as automatically installed so that they will be purged once the last remaining package that depends on them that was manually installed is removed. Force install of python3-nova-lxd for Rocky and above to ensure that py versions are matched with python3-nova. Change-Id: I79d528bfb7732490aa42da2158244350c03dfa59 Closes-Bug: 1797879
2018-10-15 16:39:52 +01:00
if virt_type == 'lxd':
packages.append('python3-nova-lxd')
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
Enable vTPM support in nova-compute Enable vTPM support in nova-compute charm. This adds new packages to be installed swtpm and swtpm-tools as well as updates the nova-compute.conf file and the qemu.conf file to set appropriate user/groups for swtpm. func-test-pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/696 Change-Id: Idf0d19d75b9231f029fa6a7dc557d2a9ee04915b
2022-01-10 15:26:26 -07:00
if config('enable-vtpm') and cmp_release >= 'wallaby':
packages.extend(SWTPM_PACKAGES)
Process subordinate releases packages map For principal - subordinate plugin type relations where the principal Python payload imports code from packages managed by a subordinate, upgrades can be problematic. This change will allow a subordinate charm that have opted into the feature to inform its principal about all implemented release - packages combinations ahead of time. With this information in place the principal can do the upgrade in one operation without risk of charm relation RPC type processing at a critical moment. This makes use of https://github.com/juju/charm-helpers/pull/643 This is similar to https://review.opendev.org/c/openstack/charm-keystone/+/781822 Also fixed broken link to charm-guide. Change-Id: Iaf5b44be70ee108cbe88b4a26f0f15f915d507fe Closes-Bug: #1927277
2021-09-27 15:52:48 +02:00
packages = sorted(set(packages).union(get_subordinate_release_packages(
release).install))
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
return packages
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
def determine_purge_packages():
'''Return a list of packages to purge for the current OS release'''
Process subordinate releases packages map For principal - subordinate plugin type relations where the principal Python payload imports code from packages managed by a subordinate, upgrades can be problematic. This change will allow a subordinate charm that have opted into the feature to inform its principal about all implemented release - packages combinations ahead of time. With this information in place the principal can do the upgrade in one operation without risk of charm relation RPC type processing at a critical moment. This makes use of https://github.com/juju/charm-helpers/pull/643 This is similar to https://review.opendev.org/c/openstack/charm-keystone/+/781822 Also fixed broken link to charm-guide. Change-Id: Iaf5b44be70ee108cbe88b4a26f0f15f915d507fe Closes-Bug: #1927277
2021-09-27 15:52:48 +02:00
release = os_release('nova-common')
cmp_release = CompareOpenStackReleases(release)
packages = []
if cmp_release >= 'rocky':
packages.extend(PURGE_PACKAGES)
packages = sorted(set(packages).union(get_subordinate_release_packages(
release).purge))
return packages
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
Purge old packages on upgrade-charm On charm upgrade the charm may switch to py3 packages. If so, ensure the old py2 packages are purged. If the purge occurs then restart services. Change-Id: I17abef16afbb8c62dae1b725c74c39cec414f4f8 Closes-Bug: 1803451
2018-11-15 15:13:19 +00:00
def remove_old_packages():
Spelling fixes found by codespell. Change-Id: I819aa04eef6cc72a24ecaf39a350b30015612165
2021-09-21 19:28:46 +01:00
'''Purge any packages that need to be removed.
Purge old packages on upgrade-charm On charm upgrade the charm may switch to py3 packages. If so, ensure the old py2 packages are purged. If the purge occurs then restart services. Change-Id: I17abef16afbb8c62dae1b725c74c39cec414f4f8 Closes-Bug: 1803451
2018-11-15 15:13:19 +00:00
:returns: bool Whether packages were removed.
'''
installed_packages = filter_missing_packages(
determine_purge_packages()
)
if installed_packages:
apt_mark(filter_missing_packages(determine_held_packages()),
'auto')
apt_purge(installed_packages, fatal=True)
apt_autoremove(purge=True, fatal=True)
return bool(installed_packages)
py3: deal with subordinate dependencies Switch to marking non-leaf python-* packages as automatically installed so that they will be purged once the last remaining package that depends on them that was manually installed is removed. Force install of python3-nova-lxd for Rocky and above to ensure that py versions are matched with python3-nova. Change-Id: I79d528bfb7732490aa42da2158244350c03dfa59 Closes-Bug: 1797879
2018-10-15 16:39:52 +01:00
def determine_held_packages():
'''Return a list of packages to mark as candidates for removal
for the current OS release'''
cmp_os_source = CompareOpenStackReleases(os_release('nova-common'))
if cmp_os_source >= 'rocky':
return HELD_PACKAGES
return []
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
def migration_enabled():
Checkin templates.
2013-07-30 20:39:44 -07:00
# XXX: confirm juju-core bool behavior is the same.
return config('enable-live-migration')
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
def _network_config():
'''
Obtain all relevant network configuration settings from nova-c-c via
cloud-compute interface.
'''
neutron compat.
2013-08-12 14:48:24 -07:00
settings = ['network_manager', 'neutron_plugin', 'quantum_plugin']
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
net_config = {}
for rid in relation_ids('cloud-compute'):
for unit in related_units(rid):
for setting in settings:
value = relation_get(setting, rid=rid, unit=unit)
if value:
net_config[setting] = value
return net_config
neutron compat.
2013-08-12 14:48:24 -07:00
def neutron_plugin():
Fix neutron_plugin() to actually query for neutron and quantum.
2013-09-24 09:12:49 -07:00
return (_network_config().get('neutron_plugin') or
neutron compat.
2013-08-12 14:48:24 -07:00
_network_config().get('quantum_plugin'))
Construct package list and restart_map dynamically. Check-in tests.
2013-07-18 21:41:07 -07:00
def network_manager():
Better compat for quantum+neutron.
2013-08-13 15:03:53 -07:00
'''
Obtain the network manager advertised by nova-c-c, renaming to Quantum
if required
'''
Alway set network_manager
2015-07-14 12:11:25 +01:00
manager = _network_config().get('network_manager')
if manager:
manager = manager.lower()
Drop support for OpenStack releases < Icehouse Rollup configuration file templates, drop templates relating to Quantum (renamed to Neutron@Havana). Drop all references to Quantum and related code paths, refactor tests to baseline on Neutron/Icehouse. Change-Id: I900a758f2aad77f1730d7a4d822d2cbcca9b63fc
2016-03-22 11:34:10 +00:00
if manager != 'neutron':
Alway set network_manager
2015-07-14 12:11:25 +01:00
return manager
else:
return 'neutron'
neutron compat.
2013-08-12 14:48:24 -07:00
return manager
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Finish up: new templates, ssh key creation, Makefile.
2013-08-01 16:21:58 -07:00
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
def public_ssh_key(user='root'):
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
home = pwd.getpwnam(user).pw_dir
try:
Add context generator for handling config-flags charm config setting.
2013-08-01 12:53:09 -07:00
with open(os.path.join(home, '.ssh', 'id_rsa.pub')) as key:
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
return key.read().strip()
Misc fixes for charm infra Update pydev project definition to use python 3. Drop upper bound on flake8. Tidy misc lint across codebase with newer flake8. Change-Id: I9637ac603cb3801c9e3ffa8c2b0897968d42ada5
2020-05-26 09:22:25 +01:00
except OSError:
Update tests. convert restart_map generation to a broader resource_map.
2013-07-26 14:22:44 -07:00
return None
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Finish up: new templates, ssh key creation, Makefile.
2013-08-01 16:21:58 -07:00
def initialize_ssh_keys(user='root'):
home_dir = pwd.getpwnam(user).pw_dir
ssh_dir = os.path.join(home_dir, '.ssh')
if not os.path.isdir(ssh_dir):
os.mkdir(ssh_dir)
priv_key = os.path.join(ssh_dir, 'id_rsa')
if not os.path.isfile(priv_key):
log('Generating new ssh key for user %s.' % user)
cmd = ['ssh-keygen', '-q', '-N', '', '-t', 'rsa', '-b', '2048',
'-f', priv_key]
check_output(cmd)
pub_key = '%s.pub' % priv_key
if not os.path.isfile(pub_key):
log('Generating missing ssh public key @ %s.' % pub_key)
cmd = ['ssh-keygen', '-y', '-f', priv_key]
Update to run under Python 3 Updating charm to support execution under Python 3. Change-Id: I9013860b5eefef05bee5b473e30217229fb6a739
2017-11-05 12:47:42 +11:00
p = check_output(cmd).decode('UTF-8').strip()
Fix writing text after py3 conversion During the recent py3 conversion of the charm a couple of places where the charm writes text in binary mode were missed. This fixes that problem. Without this fix the charm errors with: "TypeError: a bytes-like object is required, not 'str'" Change-Id: I5c2af1dce12092c1ba1be4b4ad9a50261000e886
2017-11-22 11:28:34 +00:00
with open(pub_key, 'wt') as out:
Finish up: new templates, ssh key creation, Makefile.
2013-08-01 16:21:58 -07:00
out.write(p)
check_output(['chown', '-R', user, ssh_dir])
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Set smt off and cpu-mode to host-passthrough for ppc64 architectures When deploying a ppc64el compute node, smt needs to be turned off and cpu-mode needs to be set to host-passthrough for nova/libvirt/kvm use. Change-Id: I48bd8f9e42dbc5f7c626addaa2fdd1e3f8fdd97e
2016-04-04 14:06:37 +00:00
def set_ppc64_cpu_smt_state(smt_state):
"""Set ppc64_cpu smt state."""
Update ppc64el state setting behavior Prevent attempts to set smt state in cases where the smt state value is already set to the expected value. Change-Id: I83682033cb46998c5e1ad8fe5986deecf6e4e89d Closes-Bug: 1610536
2016-08-08 17:48:59 +00:00
Update to run under Python 3 Updating charm to support execution under Python 3. Change-Id: I9013860b5eefef05bee5b473e30217229fb6a739
2017-11-05 12:47:42 +11:00
current_smt_state = check_output(['ppc64_cpu', '--smt']).decode('UTF-8')
Update ppc64el state setting behavior Prevent attempts to set smt state in cases where the smt state value is already set to the expected value. Change-Id: I83682033cb46998c5e1ad8fe5986deecf6e4e89d Closes-Bug: 1610536
2016-08-08 17:48:59 +00:00
# Possible smt state values are integer or 'off'
# Ex. common ppc64_cpu query command output values:
# SMT=8
# -or-
# SMT is off
if 'SMT={}'.format(smt_state) in current_smt_state:
log('Not changing ppc64_cpu smt state ({})'.format(smt_state))
elif smt_state == 'off' and 'SMT is off' in current_smt_state:
log('Not changing ppc64_cpu smt state (already off)')
else:
log('Setting ppc64_cpu smt state: {}'.format(smt_state))
cmd = ['ppc64_cpu', '--smt={}'.format(smt_state)]
try:
check_output(cmd)
except CalledProcessError as e:
# Known to fail in a container (host must pre-configure smt)
msg = 'Failed to set ppc64_cpu smt state: {}'.format(smt_state)
log(msg, level=WARNING)
status_set('blocked', msg)
raise e
Set smt off and cpu-mode to host-passthrough for ppc64 architectures When deploying a ppc64el compute node, smt needs to be turned off and cpu-mode needs to be set to host-passthrough for nova/libvirt/kvm use. Change-Id: I48bd8f9e42dbc5f7c626addaa2fdd1e3f8fdd97e
2016-04-04 14:06:37 +00:00
Initial cut of feature to enable resize of instances
2013-12-16 10:10:19 +00:00
def import_authorized_keys(user='root', prefix=None):
Added authorized-keys-path config option which allows for non default authorized_keys file location
2014-04-03 16:50:00 +01:00
"""Import SSH authorized_keys + known_hosts from a cloud-compute relation.
Store known_hosts in user's $HOME/.ssh and authorized_keys in a path
specified using authorized-keys-path config option.
Refactor import_authorized_keys() function for performance The main change is to fetch all of the relation_data() at once, and then iterate through the python dictionary. This speeds up processing of potentially hundreds of hosts and authorized_keys. Change-Id: I095104f535c1eae1554f842502ae93ebb92e44fe Related-Bug: #1833420
2019-06-19 17:08:45 +01:00
The relation_get data is a series of key values of the form:
[prefix_]known_hosts_max_index: <int>
[prefix_]authorized_keys_max_index: <int>
[prefix_]known_hosts_[n]: <str>
[prefix_]authorized_keys_[n]: <str>
:param user: the user to write the known hosts and keys for (default 'root)
:type user: str
:param prefix: A prefix to add to the relation data keys (default None)
:type prefix: Option[str, None]
Add ssh + cert methods.
2013-07-29 12:01:44 -07:00
"""
Refactor import_authorized_keys() function for performance The main change is to fetch all of the relation_data() at once, and then iterate through the python dictionary. This speeds up processing of potentially hundreds of hosts and authorized_keys. Change-Id: I095104f535c1eae1554f842502ae93ebb92e44fe Related-Bug: #1833420
2019-06-19 17:08:45 +01:00
_prefix = "{}_".format(prefix) if prefix else ""
# get all the data at once with one relation_get call
rdata = relation_get() or {}
known_hosts_index = int(
rdata.get('{}known_hosts_max_index'.format(_prefix), '0'))
authorized_keys_index = int(
rdata.get('{}authorized_keys_max_index'.format(_prefix), '0'))
if known_hosts_index == 0 or authorized_keys_index == 0:
Add ssh + cert methods.
2013-07-29 12:01:44 -07:00
return
Refactor import_authorized_keys() function for performance The main change is to fetch all of the relation_data() at once, and then iterate through the python dictionary. This speeds up processing of potentially hundreds of hosts and authorized_keys. Change-Id: I095104f535c1eae1554f842502ae93ebb92e44fe Related-Bug: #1833420
2019-06-19 17:08:45 +01:00
Added authorized-keys-path config option which allows for non default authorized_keys file location
2014-04-03 16:50:00 +01:00
homedir = pwd.getpwnam(user).pw_dir
dest_auth_keys = config('authorized-keys-path').format(
homedir=homedir, username=user)
dest_known_hosts = os.path.join(homedir, '.ssh/known_hosts')
log('Saving new known_hosts file to %s and authorized_keys file to: %s.' %
(dest_known_hosts, dest_auth_keys))
Refactor import_authorized_keys() function for performance The main change is to fetch all of the relation_data() at once, and then iterate through the python dictionary. This speeds up processing of potentially hundreds of hosts and authorized_keys. Change-Id: I095104f535c1eae1554f842502ae93ebb92e44fe Related-Bug: #1833420
2019-06-19 17:08:45 +01:00
# write known hosts using data from relation_get
with open(dest_known_hosts, 'wt') as f:
for index in range(known_hosts_index):
f.write("{}\n".format(
rdata.get("{}known_hosts_{}".format(_prefix, index))))
# write authorized keys using data from relation_get
with open(dest_auth_keys, 'wt') as f:
for index in range(authorized_keys_index):
f.write("{}\n".format(
rdata.get('{}authorized_keys_{}'.format(_prefix, index))))
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
Finish up: new templates, ssh key creation, Makefile.
2013-08-01 16:21:58 -07:00
refactoring do_openstack_upgrade to accept configs argument, bringing it in line with the other openstack charms
2015-10-06 15:38:12 +00:00
def do_openstack_upgrade(configs):
Rework upgrade handling
2014-04-01 17:01:37 +01:00
# NOTE(jamespage) horrible hack to make utils forget a cached value
import charmhelpers.contrib.openstack.utils as utils
utils.os_rel = None
Implement upgrades, move templates to folsom.
2013-08-19 14:14:39 -07:00
new_src = config('openstack-origin')
new_os_rel = get_os_codename_install_source(new_src)
log('Performing OpenStack upgrade to %s.' % (new_os_rel))
configure_installation_source(new_src)
Use install and upgrade during upgrade
2014-03-14 11:26:59 +00:00
apt_update(fatal=True)
Implement upgrades, move templates to folsom.
2013-08-19 14:14:39 -07:00
dpkg_opts = [
'--option', 'Dpkg::Options::=--force-confnew',
'--option', 'Dpkg::Options::=--force-confdef',
]
Use dist-upgrade
2014-03-06 13:42:17 +00:00
apt_upgrade(options=dpkg_opts, fatal=True, dist=True)
Reset os_release cached value after upgrade In enable_memcache, ensure that the os_release cache is reset after upgrade. Change-Id: If25be2df23b08b69ad3ee28c53d7dce1de509c6e Partial-Bug: 1715624
2017-09-07 12:03:58 +00:00
reset_os_release()
Use install and upgrade during upgrade
2014-03-14 11:26:59 +00:00
apt_install(determine_packages(), fatal=True)
Implement upgrades, move templates to folsom.
2013-08-19 14:14:39 -07:00
Purge old packages on upgrade-charm On charm upgrade the charm may switch to py3 packages. If so, ensure the old py2 packages are purged. If the purge occurs then restart services. Change-Id: I17abef16afbb8c62dae1b725c74c39cec414f4f8 Closes-Bug: 1803451
2018-11-15 15:13:19 +00:00
remove_old_packages()
py3: Switch to using Python 3 for OpenStack Rocky Switch nova installation to use Python 3 for OpenStack Rocky. Purge python- packages on upgrade. Change-Id: I7839c823d51f6a3d166157be19f2e93b8dd72305 Depends-On: Ic5e96336b6a2ca474fc28d358553c6a05e1a75ce
2018-10-03 15:51:27 +01:00
Simplier solution used by the other charms
2015-10-14 14:17:49 +00:00
configs.set_release(openstack_release=new_os_rel)
configs.write_all()
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
if not is_unit_paused_set():
for s in services():
service_restart(s)
Check-in initial python redux.
2013-07-18 19:37:30 -07:00
def import_keystone_ca_cert():
Fix the misspelling of "import" Change-Id: Ifd5f91a566184b27c12f4488727ce87013ea0d0a
2019-01-16 10:45:45 +08:00
"""If provided, import the Keystone CA cert that gets forwarded
Add ssh + cert methods.
2013-07-29 12:01:44 -07:00
to compute nodes via the cloud-compute interface
"""
ca_cert = relation_get('ca_cert')
if not ca_cert:
return
log('Writing Keystone CA certificate to %s' % CA_CERT_PATH)
b64decoded data bust be written as binary Change-Id: I41e92106b5b53685b2b8e9b8f1f420dd2baca3ed
2017-11-24 14:05:00 +01:00
with open(CA_CERT_PATH, 'wb') as out:
Add ssh + cert methods.
2013-07-29 12:01:44 -07:00
out.write(b64decode(ca_cert))
check_call(['update-ca-certificates'])
Move creation of libvirt secret out of context and into a utility helper.
2013-09-03 17:16:15 -07:00
def create_libvirt_secret(secret_file, secret_uuid, key):
Specify which hypervisor to connect virsh to based on virt-type config.
2014-08-19 19:57:45 +00:00
uri = LIBVIRT_URIS[config('virt-type')]
Update to run under Python 3 Updating charm to support execution under Python 3. Change-Id: I9013860b5eefef05bee5b473e30217229fb6a739
2017-11-05 12:47:42 +11:00
cmd = ['virsh', '-c', uri, 'secret-list']
if secret_uuid in check_output(cmd).decode('UTF-8'):
Clean up stale ceph keyring [cbjchen,r=] Clean up the keyring after ceph relation is broken. So when next time ceph relation is joined, ensure_ceph_keyring will not ignore the new key because of the existance of the old one.
2015-02-06 13:09:18 -05:00
old_key = check_output(['virsh', '-c', uri, 'secret-get-value',
Update to run under Python 3 Updating charm to support execution under Python 3. Change-Id: I9013860b5eefef05bee5b473e30217229fb6a739
2017-11-05 12:47:42 +11:00
secret_uuid]).decode('UTF-8')
Fix ceph client virsh secret check Previously we were not stripping whitespace or newlines from the value returned from virsh secret-get-value which resulted in the key comparison always returning False and services being restarted. Change-Id: If465183860dc9d6e13c81d363791c06c0e5adb76 Closes-Bug: 1694963
2017-06-01 12:27:15 +01:00
old_key = old_key.strip()
Clean up stale ceph keyring [cbjchen,r=] Clean up the keyring after ceph relation is broken. So when next time ceph relation is joined, ensure_ceph_keyring will not ignore the new key because of the existance of the old one.
2015-02-06 13:09:18 -05:00
if old_key == key:
log('Libvirt secret already exists for uuid %s.' % secret_uuid,
level=DEBUG)
return
else:
log('Libvirt secret changed for uuid %s.' % secret_uuid,
level=INFO)
Move creation of libvirt secret out of context and into a utility helper.
2013-09-03 17:16:15 -07:00
log('Defining new libvirt secret for uuid %s.' % secret_uuid)
Specify which hypervisor to connect virsh to based on virt-type config.
2014-08-19 19:57:45 +00:00
cmd = ['virsh', '-c', uri, 'secret-define', '--file', secret_file]
Move creation of libvirt secret out of context and into a utility helper.
2013-09-03 17:16:15 -07:00
check_call(cmd)
Specify which hypervisor to connect virsh to based on virt-type config.
2014-08-19 19:57:45 +00:00
cmd = ['virsh', '-c', uri, 'secret-set-value', '--secret', secret_uuid,
Move creation of libvirt secret out of context and into a utility helper.
2013-09-03 17:16:15 -07:00
'--base64', key]
check_call(cmd)
Enable shell access for nova when resize is enabled
2013-12-16 12:33:45 +00:00
Properly remove libvirt default network As well as destroying the network we should also undefine it to ensure it does not return. Change-Id: I57738856adb25c190357b1b23dd8a1245798cb14 Closes-Bug: #1800160
2018-10-26 15:32:19 +01:00
def _libvirt_network_exec(netname, action):
"""Run action on libvirt network"""
Fix issues introduced by previous commit Commit b533a3fbfb96bd5939b3e790f67964ce3ba8f7fd introduces a regression whereby subsequent runs of the config-changed hook will throw an error when it tries to re-delete the default network. Change-Id: I17c8ca7cda27ae2e282c0b2c1cd921c1a2ef3162
2016-07-12 16:25:06 +02:00
try:
Properly remove libvirt default network As well as destroying the network we should also undefine it to ensure it does not return. Change-Id: I57738856adb25c190357b1b23dd8a1245798cb14 Closes-Bug: #1800160
2018-10-26 15:32:19 +01:00
cmd = ['virsh', 'net-list', '--all']
out = check_output(cmd).decode('UTF-8').splitlines()
Fix issues introduced by previous commit Commit b533a3fbfb96bd5939b3e790f67964ce3ba8f7fd introduces a regression whereby subsequent runs of the config-changed hook will throw an error when it tries to re-delete the default network. Change-Id: I17c8ca7cda27ae2e282c0b2c1cd921c1a2ef3162
2016-07-12 16:25:06 +02:00
if len(out) < 3:
return
for line in out[2:]:
Misc fixes for charm infra Update pydev project definition to use python 3. Drop upper bound on flake8. Tidy misc lint across codebase with newer flake8. Change-Id: I9637ac603cb3801c9e3ffa8c2b0897968d42ada5
2020-05-26 09:22:25 +01:00
res = re.search(r"^\s+{} ".format(netname), line)
Fix issues introduced by previous commit Commit b533a3fbfb96bd5939b3e790f67964ce3ba8f7fd introduces a regression whereby subsequent runs of the config-changed hook will throw an error when it tries to re-delete the default network. Change-Id: I17c8ca7cda27ae2e282c0b2c1cd921c1a2ef3162
2016-07-12 16:25:06 +02:00
if res:
Properly remove libvirt default network As well as destroying the network we should also undefine it to ensure it does not return. Change-Id: I57738856adb25c190357b1b23dd8a1245798cb14 Closes-Bug: #1800160
2018-10-26 15:32:19 +01:00
check_call(['virsh', 'net-{}'.format(action), netname])
Fix issues introduced by previous commit Commit b533a3fbfb96bd5939b3e790f67964ce3ba8f7fd introduces a regression whereby subsequent runs of the config-changed hook will throw an error when it tries to re-delete the default network. Change-Id: I17c8ca7cda27ae2e282c0b2c1cd921c1a2ef3162
2016-07-12 16:25:06 +02:00
return
except CalledProcessError:
Properly remove libvirt default network As well as destroying the network we should also undefine it to ensure it does not return. Change-Id: I57738856adb25c190357b1b23dd8a1245798cb14 Closes-Bug: #1800160
2018-10-26 15:32:19 +01:00
log("Failed to {} libvirt network '{}'".format(action, netname),
Fix issues introduced by previous commit Commit b533a3fbfb96bd5939b3e790f67964ce3ba8f7fd introduces a regression whereby subsequent runs of the config-changed hook will throw an error when it tries to re-delete the default network. Change-Id: I17c8ca7cda27ae2e282c0b2c1cd921c1a2ef3162
2016-07-12 16:25:06 +02:00
level=WARNING)
Add exception handling for unavailable virsh When virt-type is lxd libvirt-bin is not installed. The call to destroy_libvirt_network fails because virsh is not available. Add exception handling to destroy_libvirt_network when virt-type is lxd and virsh is unavailable. Closes-Bug: 1603566 Change-Id: I448598d5160c183de46938999db1c9d5232b80b2
2016-07-15 10:01:48 -07:00
except OSError as e:
if e.errno == 2:
log("virsh is unavailable. Virt Type is '{}'. Not attempting to "
Properly remove libvirt default network As well as destroying the network we should also undefine it to ensure it does not return. Change-Id: I57738856adb25c190357b1b23dd8a1245798cb14 Closes-Bug: #1800160
2018-10-26 15:32:19 +01:00
"{} libvirt network '{}'"
"".format(config('virt-type'), action, netname), level=DEBUG)
Add exception handling for unavailable virsh When virt-type is lxd libvirt-bin is not installed. The call to destroy_libvirt_network fails because virsh is not available. Add exception handling to destroy_libvirt_network when virt-type is lxd and virsh is unavailable. Closes-Bug: 1603566 Change-Id: I448598d5160c183de46938999db1c9d5232b80b2
2016-07-15 10:01:48 -07:00
else:
raise e
Delete libvirt-bin default network to avoid MASQUERADE rules libvirt-bin installs a 192.168.122.0/24 default network and creates MASQUERADE rules for it on boot. These rules will effect and break instance traffic including GRE tenant networks. Check if the network exists and then destroy it with virsh net-destroy which both immediately removes the MASQUERADE rules and the network so it is not applied after reboot. Change-Id: Ia79aea6ef889d1ef58f903f967bea37dc07fd160 Closes-Bug: #1387390
2016-07-10 10:59:47 +08:00
Properly remove libvirt default network As well as destroying the network we should also undefine it to ensure it does not return. Change-Id: I57738856adb25c190357b1b23dd8a1245798cb14 Closes-Bug: #1800160
2018-10-26 15:32:19 +01:00
def remove_libvirt_network(netname):
_libvirt_network_exec(netname, 'destroy')
_libvirt_network_exec(netname, 'undefine')
flex->lxd
2015-02-11 13:20:35 -05:00
def configure_lxd(user='nova'):
Fixes, unit tests and avoidance of lxd restart races
2015-04-22 11:26:15 +01:00
''' Configure lxd use for nova user '''
Remove deploy from source support Drop support for deployment from Git repositories, as deprecated in the 17.02 charm release. This feature is unmaintained and has no known users. Change-Id: I44a7a92d5d4ae493bab4d5b81e9757cb12149a66
2017-12-21 14:55:43 +00:00
_release = lsb_release()['DISTRIB_CODENAME'].lower()
if CompareHostReleases(_release) < "vivid":
raise Exception("LXD is not supported for Ubuntu "
"versions less than 15.04 (vivid)")
Re-do flex storage
2014-10-22 13:41:30 -04:00
Move to sub configured access, and triggered restart
2015-09-23 13:11:45 +01:00
configure_subuid(user)
Fixes, unit tests and avoidance of lxd restart races
2015-04-22 11:26:15 +01:00
lxc_list(user)
@retry_on_exception(5, base_delay=2, exc_type=CalledProcessError)
def lxc_list(user):
LXD 0.5 fixes
2015-03-26 14:17:48 -04:00
cmd = ['sudo', '-u', user, 'lxc', 'list']
check_call(cmd)
Add lxd stuff
2015-02-12 08:46:11 -05:00
Fix lint and start adding tests
2015-03-31 09:54:33 -04:00
Rediffed
2014-09-29 13:07:52 -04:00
def configure_subuid(user):
cmd = ['usermod', '-v', '100000-200000', '-w', '100000-200000', user]
check_call(cmd)
Merge zuls first cut, tweak and optimize
2014-10-17 16:35:40 +01:00
Enable shell access for nova when resize is enabled
2013-12-16 12:33:45 +00:00
def enable_shell(user):
cmd = ['usermod', '-s', '/bin/bash', user]
check_call(cmd)
def disable_shell(user):
cmd = ['usermod', '-s', '/bin/false', user]
check_call(cmd)
[bradm] Adding instance_path config variable in nova.conf, and fixing perms on dir
2014-02-19 14:40:50 +10:00
[bradm] Fixed order of arguments to fix_path_ownership
2014-02-19 14:53:05 +10:00
def fix_path_ownership(path, user='nova'):
[bradm] Adding instance_path config variable in nova.conf, and fixing perms on dir
2014-02-19 14:40:50 +10:00
cmd = ['chown', user, path]
check_call(cmd)
Correct topics
2014-09-09 10:56:37 +00:00
Integrated all ipv6 check into setup_ipv6()
2014-09-18 20:55:05 +08:00
fixed ipv6 support check
2014-09-26 19:20:20 +01:00
def assert_charm_supports_ipv6():
"""Check whether we are able to support charms ipv6."""
Fix alphanumeric comparisons for openstack and ubuntu releases - sync charmhelpers with fix-alpha helpers - fix up code where the alpha comparisons are done - fix tests which assumed mocks would just work on os_release() Change-Id: Iffd4ed0aecbb966fe493fe0f24bf2422aab55bb6 Related-Bug: #1659575
2017-04-04 18:53:20 +01:00
_release = lsb_release()['DISTRIB_CODENAME'].lower()
if CompareHostReleases(_release) < "trusty":
fixed ipv6 support check
2014-09-26 19:20:20 +01:00
raise Exception("IPv6 is not supported in the charms for Ubuntu "
Integrated all ipv6 check into setup_ipv6()
2014-09-18 20:55:05 +08:00
"versions less than Trusty 14.04")
Add option to stop nova-compute managing neutron packages, files and services
2015-03-31 10:27:36 +00:00
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
def get_hugepage_number():
# TODO: defaults to 2M - this should probably be configurable
# and support multiple pool sizes - e.g. 2M and 1G.
Correct hugepage percentage memory calculation psutil.virtual_memory() returns values in bytes, not kilobytes. Ensure 2MB hugepage size is calculated in the same units, ensuring that % calculations are correct. Resync of charmhelpers to fixup amulet test issues due to newer client versions. Change-Id: I95c431edcf316d194de752048ec1503d8fe996f1 Closes-Bug: 1678185
2017-04-04 08:42:10 +01:00
# NOTE(jamespage): 2M in bytes
hugepage_size = 2048 * 1024
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
hugepage_config = config('hugepages')
If hugepages config was not set charm breaks due to endswith('%') being applied to None
2015-12-02 09:55:37 +00:00
hugepages = None
if hugepage_config:
if hugepage_config.endswith('%'):
Correct hugepage percentage memory calculation psutil.virtual_memory() returns values in bytes, not kilobytes. Ensure 2MB hugepage size is calculated in the same units, ensuring that % calculations are correct. Resync of charmhelpers to fixup amulet test issues due to newer client versions. Change-Id: I95c431edcf316d194de752048ec1503d8fe996f1 Closes-Bug: 1678185
2017-04-04 08:42:10 +01:00
# NOTE(jamespage): return units of virtual_memory is
# bytes
If hugepages config was not set charm breaks due to endswith('%') being applied to None
2015-12-02 09:55:37 +00:00
import psutil
mem = psutil.virtual_memory()
hugepage_config_pct = hugepage_config.strip('%')
hugepage_multiplier = float(hugepage_config_pct) / 100
hugepages = int((mem.total * hugepage_multiplier) / hugepage_size)
else:
hugepages = int(hugepage_config)
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
return hugepages
Add support for configurable hugepages
2015-08-13 10:11:23 +01:00
def install_hugepages():
""" Configure hugepages """
hugepage_config = config('hugepages')
if hugepage_config:
Move hugepages mount point to apparmor profile good location
2015-08-13 15:39:13 +01:00
mnt_point = '/run/hugepages/kvm'
Add support for configurable hugepages
2015-08-13 10:11:23 +01:00
hugepage_support(
'nova',
mnt_point=mnt_point,
group='root',
Inform subordinate about changes to hugepages
2015-11-25 12:48:50 +00:00
nr_hugepages=get_hugepage_number(),
Add support for configurable hugepages
2015-08-13 10:11:23 +01:00
mount=False,
Have shmmax set when enabling hugepages
2015-09-17 12:21:15 +01:00
set_shmmax=True,
Add support for configurable hugepages
2015-08-13 10:11:23 +01:00
)
Remove hugepage fstab entry and use qemu-kvm init The hugepages fstab entry can stop systems from booting if the /run filesystem is not available. The qemu-kvm init script can be used to enable hugepages by setting KVM_HUGEPAGES=1 This apporach works for both upstart and systemd (where the old System V script is used). However, for a systemd system the prefered approach would be to enable hugepages via kernel parameters set in MAAS. Change-Id: Ib91ca930a91da3d75dbd96f7d55e7e259cb50fd1 Closes-Bug: 1518771
2016-04-11 12:31:31 +00:00
# Remove hugepages entry if present due to Bug #1518771
Fstab.remove_by_mountpoint(mnt_point)
Fixup imports and unit tests
2015-08-13 11:54:25 +01:00
if subprocess.call(['mountpoint', mnt_point]):
Remove hugepage fstab entry and use qemu-kvm init The hugepages fstab entry can stop systems from booting if the /run filesystem is not available. The qemu-kvm init script can be used to enable hugepages by setting KVM_HUGEPAGES=1 This apporach works for both upstart and systemd (where the old System V script is used). However, for a systemd system the prefered approach would be to enable hugepages via kernel parameters set in MAAS. Change-Id: Ib91ca930a91da3d75dbd96f7d55e7e259cb50fd1 Closes-Bug: 1518771
2016-04-11 12:31:31 +00:00
service_restart('qemu-kvm')
Add support for configurable hugepages
2015-08-13 10:11:23 +01:00
rsync(
charm_dir() + '/files/qemu-hugefsdir',
'/etc/init.d/qemu-hugefsdir'
)
Fixup imports and unit tests
2015-08-13 11:54:25 +01:00
subprocess.check_call('/etc/init.d/qemu-hugefsdir')
subprocess.check_call(['update-rc.d', 'qemu-hugefsdir', 'defaults'])
Workload Status
2015-09-25 15:12:01 -07:00
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
def get_optional_relations():
"""Return a dictionary of optional relations.
Check for neutron plugin relation
2015-09-28 14:40:59 -07:00
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
@returns {relation: relation_name}
"""
optional_interfaces = {}
if relation_ids('ceph'):
optional_interfaces['storage-backend'] = ['ceph']
Check for neutron plugin relation
2015-09-28 14:40:59 -07:00
if relation_ids('neutron-plugin'):
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
optional_interfaces['neutron-plugin'] = ['neutron-plugin']
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
if config('encrypt'):
optional_interfaces['vault'] = ['secrets-storage']
Add Ironic virt type Adds support for the Ironic virt driver. Change-Id: I72a7fb65395e4ceddc77a92bccc7b4563af0750a
2020-08-19 14:28:36 +00:00
if config('virt-type').lower() == 'ironic':
optional_interfaces['baremetal'] = ['ironic-api']
Remove databases relation Since Icehouse nova-compute does not need to access to a database, all accesses are made through nova-conductor. This patch removes shared-db relation and their hook handler. Change-Id: I7c4f6a70785d7dad1727d52cf86508209849ca35 Closes-Bug: 1713807
2017-10-02 17:59:34 -03:00
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
return optional_interfaces
def assess_status(configs):
"""Assess status of current unit
Decides what the state of the unit should be based on the current
configuration.
SIDE EFFECT: calls set_os_workload_status(...) which sets the workload
status of the unit.
Also calls status_set(...) directly if paused state isn't complete.
@param configs: a templating.OSConfigRenderer() object
@returns None - this function is executed for its side-effect
"""
Don't include libvirtd on pause/resume libvirt needs to be running even when the pause action runs, this allows commands like "virsh secret-list" run and having it running is safe enough from a nova-compute unit point of view, because it won't touch the already running instances. Change-Id: Idec9e2b7c6275c4c5485942574120289552f2955 Closes-Bug: 1802917
2018-12-10 09:52:43 -03:00
if is_unit_paused_set():
services_to_check = services_to_pause_or_resume()
else:
services_to_check = services()
assess_status_func(configs, services_to_check)()
Add support for application version Juju 2.0 provides support for display of the version of an application deployed by a charm in juju status. Insert the os_application_version_set function into the existing assess_status function - this gets called after all hook executions, and periodically after that, so any changes in package versions due to normal system updates will also be reflected in the status output. This review also includes a resync of charm-helpers to pickup hookenv and contrib.openstack support for this feature. Change-Id: I8d8744ea11c6d70262ba350717f90489c25535bb
2016-09-20 12:37:40 +01:00
os_application_version_set(VERSION_PACKAGE)
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
Add Ceph BlueStore Compression support Sync c-h. Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/429 Change-Id: I3bbf41350c18ac5cc045392ace6e14118b04e1e8
2020-08-28 16:40:28 +02:00
def check_optional_config_and_relations(configs):
"""Validate optional configuration and relations when present.
This function is called from assess_status/set_os_workload_status as the
charm_func and needs to return either None, None if there is no problem or
the status, message if there is a problem.
:param configs: an OSConfigRender() instance.
:return 2-tuple: (string, string) = (status, message)
"""
if relation_ids('ceph'):
# Check that provided Ceph BlueStoe configuration is valid.
try:
bluestore_compression = context.CephBlueStoreCompressionContext()
bluestore_compression.validate()
except AttributeError:
# The charm does late installation of the `ceph-common` package and
# the class initializer above will throw an exception until it is.
pass
except ValueError as e:
return ('blocked', 'Invalid configuration: {}'.format(str(e)))
Add storage-backend subordinate relation Implement initial support for container-scoped storage-backend relation to integrate nova-compute with storage providers. Transition to blocked state if multiple storage backend relations are connected Change-Id: I03e67731df0263887d2d0f671750f420d6e62c1c
2022-10-12 07:22:51 +03:00
if len(relation_ids('storage-backend')) > 1:
return 'blocked', "Multiple storage backends are not supported"
Add Ceph BlueStore Compression support Sync c-h. Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/429 Change-Id: I3bbf41350c18ac5cc045392ace6e14118b04e1e8
2020-08-28 16:40:28 +02:00
# return 'unknown' as the lowest priority to not clobber an existing
# status.
return "unknown", ""
Don't include libvirtd on pause/resume libvirt needs to be running even when the pause action runs, this allows commands like "virsh secret-list" run and having it running is safe enough from a nova-compute unit point of view, because it won't touch the already running instances. Change-Id: Idec9e2b7c6275c4c5485942574120289552f2955 Closes-Bug: 1802917
2018-12-10 09:52:43 -03:00
def assess_status_func(configs, services_=None):
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
"""Helper function to create the function that will assess_status() for
the unit.
Uses charmhelpers.contrib.openstack.utils.make_assess_status_func() to
create the appropriate status function and then returns it.
Used directly by assess_status() and also for pausing and resuming
the unit.
NOTE(ajkavanagh) ports are not checked due to race hazards with services
Spelling fixes found by codespell. Change-Id: I819aa04eef6cc72a24ecaf39a350b30015612165
2021-09-21 19:28:46 +01:00
that don't behave synchronously w.r.t their service scripts. e.g.
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
apache2.
@param configs: a templating.OSConfigRenderer() object
@return f() -> None : a function that assesses the unit's workload status
"""
required_interfaces = REQUIRED_INTERFACES.copy()
Charmhelpers sync to get vaultlocker fixes Also gates checking vaultlocker status until it is installed Change-Id: I07f92132b0340b538ee472887c7fd0e0cc911453 Closes-Bug: #1849323
2019-12-10 13:38:51 +00:00
optional_relations = get_optional_relations()
if 'vault' in optional_relations:
# skip check if hvac dependency not installed yet
if not vaultlocker_installed():
log("Vault dependencies not yet met so removing from status check")
del optional_relations['vault']
else:
log("Vault dependencies met so including in status check")
required_interfaces.update(optional_relations)
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
return make_assess_status_func(
configs, required_interfaces,
Add Ceph BlueStore Compression support Sync c-h. Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/429 Change-Id: I3bbf41350c18ac5cc045392ace6e14118b04e1e8
2020-08-28 16:40:28 +02:00
charm_func=check_optional_config_and_relations,
Don't include libvirtd on pause/resume libvirt needs to be running even when the pause action runs, this allows commands like "virsh secret-list" run and having it running is safe enough from a nova-compute unit point of view, because it won't touch the already running instances. Change-Id: Idec9e2b7c6275c4c5485942574120289552f2955 Closes-Bug: 1802917
2018-12-10 09:52:43 -03:00
services=services_ or services(), ports=None)
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
def pause_unit_helper(configs):
"""Helper function to pause a unit, and then call assess_status(...) in
effect, so that the status is correctly updated.
Uses charmhelpers.contrib.openstack.utils.pause_unit() to do the work.
@param configs: a templating.OSConfigRenderer() object
@returns None - this function is executed for its side-effect
"""
_pause_resume_helper(pause_unit, configs)
Database is optional for nova-compute. Fix decorator ordering
2015-09-29 08:14:35 -07:00
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
def resume_unit_helper(configs):
"""Helper function to resume a unit, and then call assess_status(...) in
effect, so that the status is correctly updated.
Uses charmhelpers.contrib.openstack.utils.resume_unit() to do the work.
@param configs: a templating.OSConfigRenderer() object
@returns None - this function is executed for its side-effect
"""
_pause_resume_helper(resume_unit, configs)
Don't include libvirtd on pause/resume libvirt needs to be running even when the pause action runs, this allows commands like "virsh secret-list" run and having it running is safe enough from a nova-compute unit point of view, because it won't touch the already running instances. Change-Id: Idec9e2b7c6275c4c5485942574120289552f2955 Closes-Bug: 1802917
2018-12-10 09:52:43 -03:00
def services_to_pause_or_resume():
Start libvirt in post-series-upgrade A recent change (commit ceab1e91dc2e3948f6ba7c121c1801ad1641643c) removed libvirt from the pause/resume list of services. This affected series upgrade. Libvirt stayed down and did not start back up on resume. This change checks the hook being executed and if it is post-series-upgrade it includes libvirt as a service to start on resume. Closes-Bug: #1839495 Change-Id: Ibfa24b678c1077b441464da8c38114ce23d14963
2019-08-08 20:49:12 +00:00
if "post-series-upgrade" in hook_name():
return services()
else:
Fix resume action failure Services have interdependencies and the order in which we attempt to resume them is important, otherwise the resume action may fail. Uncovered while and validated by running the openstack-upgrade tests. [1] [1]: https://github.com/openstack-charmers/charmed-openstack-tester Change-Id: I12218b47dc56b502ecc8578c6ab13acbd321bf26 Related-Bug: #1927277 Related-Bug: #1952882
2021-12-01 11:09:57 +01:00
# WARNING(lourot): the list ordering is important. See services() for
# more details.
return [service for service in services()
if service != libvirt_daemon()]
Don't include libvirtd on pause/resume libvirt needs to be running even when the pause action runs, this allows commands like "virsh secret-list" run and having it running is safe enough from a nova-compute unit point of view, because it won't touch the already running instances. Change-Id: Idec9e2b7c6275c4c5485942574120289552f2955 Closes-Bug: 1802917
2018-12-10 09:52:43 -03:00
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
def _pause_resume_helper(f, configs):
"""Helper function that uses the make_assess_status_func(...) from
charmhelpers.contrib.openstack.utils to create an assess_status(...)
function that can be used with the pause/resume of the unit
@param f: the function to be used with the assess_status(...) function
@returns None - this function is executed for its side-effect
"""
# TODO(ajkavanagh) - ports= has been left off because of the race hazard
# that exists due to service_start()
Don't include libvirtd on pause/resume libvirt needs to be running even when the pause action runs, this allows commands like "virsh secret-list" run and having it running is safe enough from a nova-compute unit point of view, because it won't touch the already running instances. Change-Id: Idec9e2b7c6275c4c5485942574120289552f2955 Closes-Bug: 1802917
2018-12-10 09:52:43 -03:00
f(assess_status_func(configs, services_to_pause_or_resume()),
services=services_to_pause_or_resume(),
Enhanced pause/resume for maintenance mode Implemented pause/resume with some services checking. Charm-helpers sync to bring in pause/resume support. Change-Id: I8bcd7464a606f6fc9db374be6004d851935e749a
2016-04-01 11:47:46 +00:00
ports=None)
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
def determine_block_device():
"""Determine the block device to use for ephemeral storage
:returns: Block device to use for storage
:rtype: str or None if not configured"""
config_dev = config('ephemeral-device')
if config_dev and os.path.exists(config_dev):
return config_dev
storage_ids = storage_list('ephemeral-device')
storage_devs = [storage_get('location', s) for s in storage_ids]
if storage_devs:
return storage_devs[0]
return None
def configure_local_ephemeral_storage():
"""Configure local block device for use as ephemeral instance storage"""
# Preflight check vault relation if encryption is enabled
Charmhelpers sync to get vaultlocker fixes Also gates checking vaultlocker status until it is installed Change-Id: I07f92132b0340b538ee472887c7fd0e0cc911453 Closes-Bug: #1849323
2019-12-10 13:38:51 +00:00
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
encrypt = config('encrypt')
Charmhelpers sync to get vaultlocker fixes Also gates checking vaultlocker status until it is installed Change-Id: I07f92132b0340b538ee472887c7fd0e0cc911453 Closes-Bug: #1849323
2019-12-10 13:38:51 +00:00
if encrypt:
if not vaultlocker_installed():
log("Encryption requested but vaultlocker not yet installed",
level=DEBUG)
return
vault_kv = vaultlocker.VaultKVContext(
secret_backend=vaultlocker.VAULTLOCKER_BACKEND
)
context = vault_kv()
if vault_kv.complete:
# NOTE: only write vaultlocker configuration once relation is
# complete otherwise we run the chance of an empty
# configuration file being installed on a machine with other
# vaultlocker based services
vaultlocker.write_vaultlocker_conf(context, priority=80)
else:
log("Encryption requested but vault relation not complete",
level=DEBUG)
return
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
Fix misc issues with instances-path usage Fix use of ephemeral-device with instances-path to ensure that the configured block device is mounted in the desired location. Ensure instances-path directory actually exists. Change-Id: I81725f602ba3086bc142d59104e4bfc80918d8cf Closes-Bug: 1909141
2021-09-16 10:00:03 +01:00
mountpoint = config('instances-path') or '/var/lib/nova/instances'
Block nova-compute startup on mountpoint If an ephemeral-device storage configuration has been provided, ensure that the nova-compute service will not start until the mountpoint (currently /var/lib/nova/instances) has actually been mounted. If this does not happen the nova-compute service will fail to start in a failsafe condition. Change-Id: Ic16691e119e430faec9994f6e207596629e47bb6 Closes-Bug: 1863358
2021-09-15 15:49:40 +01:00
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
db = kv()
storage_configured = db.get('storage-configured', False)
if storage_configured:
log("Ephemeral storage already configured, skipping",
level=DEBUG)
Block nova-compute startup on mountpoint If an ephemeral-device storage configuration has been provided, ensure that the nova-compute service will not start until the mountpoint (currently /var/lib/nova/instances) has actually been mounted. If this does not happen the nova-compute service will fail to start in a failsafe condition. Change-Id: Ic16691e119e430faec9994f6e207596629e47bb6 Closes-Bug: 1863358
2021-09-15 15:49:40 +01:00
# NOTE(jamespage):
# Install mountpoint override to ensure that upgrades
# to the charm version which supports this change
# also start exhibiting the correct behaviour
install_mount_override(mountpoint)
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
return
dev = determine_block_device()
if not dev:
log('No block device configuration found, skipping',
level=DEBUG)
return
if not is_block_device(dev):
log("Device '{}' is not a block device, "
"unable to configure storage".format(dev),
level=DEBUG)
return
# NOTE: this deals with a dm-crypt'ed block device already in
# use
if is_device_mounted(dev):
log("Device '{}' is already mounted, "
"unable to configure storage".format(dev),
level=DEBUG)
return
options = None
if encrypt:
dev_uuid = str(uuid.uuid4())
check_call(['vaultlocker', 'encrypt',
'--uuid', dev_uuid,
dev])
dev = '/dev/mapper/crypt-{}'.format(dev_uuid)
options = ','.join([
"defaults",
"nofail",
("x-systemd.requires="
"vaultlocker-decrypt@{uuid}.service".format(uuid=dev_uuid)),
"comment=vaultlocker",
])
# If not cleaned and in use, mkfs should fail.
mkfs_xfs(dev, force=True)
filesystem = "xfs"
mount(dev, mountpoint, filesystem=filesystem)
fstab_add(dev, mountpoint, filesystem, options=options)
Block nova-compute startup on mountpoint If an ephemeral-device storage configuration has been provided, ensure that the nova-compute service will not start until the mountpoint (currently /var/lib/nova/instances) has actually been mounted. If this does not happen the nova-compute service will fail to start in a failsafe condition. Change-Id: Ic16691e119e430faec9994f6e207596629e47bb6 Closes-Bug: 1863358
2021-09-15 15:49:40 +01:00
install_mount_override(mountpoint)
Add support for instance storage encryption Add support for encryption of the underlying block device providing storage for local instances. This commit introduces a new juju storage binding and configuration option to provide a single block device for use for local instance storage; this block device is formatted and mounted at /var/lib/nova/instances. In a MAAS deployment, this could be a bcache fronted device. The configuration option is preferred over the Juju storage binding if both are supplied. This block device can optionally be encrypted using dm-crypt/LUKS with encryption keys stored in Hashicorp Vault using vaultlocker. vaultlocker ensures that keys are never persisted to local storage, providing assurance around security of data at rest in the event that disks/server are stolen. Charm support is implemented using a new configuration option 'encrypt' which when set enforces a mandatory relationship to an instance of the vault application. Copy the 'ephemeral-unmount' config option and assocaited code from the ceph-osd and swift-storage charms to enable testing in cloudy environments. Change-Id: I772baa61f45ff430f706ec4864f3018488026148
2018-04-26 12:52:35 +01:00
check_call(['chown', '-R', 'nova:nova', mountpoint])
check_call(['chmod', '-R', '0755', mountpoint])
# NOTE: record preparation of device - this ensures that ephemeral
# storage is never reconfigured by mistake, losing instance disks
db.set('storage-configured', True)
db.flush()
Allow Juju AZ context information to be used The change adds an option to the charm to use JUJU_AVAILABILITY_ZONE environment variable set by Juju for the hook environment based on the underlying provider's availability zone information for a given machine. This information is used to configure default_availability_zone for nova and availability_zone for subordinate networking charms. Change-Id: Idc7112e7fe7b76d15cf9c4896b702b8ffd8c0e8e Closes-Bug: #1796068
2018-10-04 19:22:43 +03:00
Block nova-compute startup on mountpoint If an ephemeral-device storage configuration has been provided, ensure that the nova-compute service will not start until the mountpoint (currently /var/lib/nova/instances) has actually been mounted. If this does not happen the nova-compute service will fail to start in a failsafe condition. Change-Id: Ic16691e119e430faec9994f6e207596629e47bb6 Closes-Bug: 1863358
2021-09-15 15:49:40 +01:00
def install_mount_override(mountpoint):
"""Install override for nova-compute for configured mountpoint"""
render(
MOUNT_DEPENDENCY_OVERRIDE,
os.path.join(NOVA_COMPUTE_OVERRIDE_DIR, MOUNT_DEPENDENCY_OVERRIDE),
{'mount_point': mountpoint.replace('/', '-')[1:]},
perms=0o644,
)
Copy Permalink