Add config options for volume-based amphora.

By default launched amphora will use ephemeral storage as defined by flavor used, this is suboptimal for environments where live-migration is desired (and avoiding the transfer of the blockstorage is needed), but also provides some resiliency in case of hypervisor failures. This patch adds a new set of configuration option to enable amphora instances booted from volume. * enable-volume-based-amphora * volume-size * volume-type More details about this feature can be found at 93b509cfe5 Func-Test-Pr: https://github.com/openstack-charmers/zaza-openstack-tests/pull/1173 Closes-Bug: #1901732 Change-Id: I45a8385e3522f161e31daf786f293777363e57e0
2021-09-23 11:36:49 +03:00 · 2021-09-23 11:36:49 +03:00 · a4711f55d7
commit a4711f55d7
parent 951ed04331
8 changed files with 297 additions and 6 deletions
--- a/src/config.yaml
+++ b/src/config.yaml
@ -219,3 +219,22 @@ options:
    type: int
    description: |
      Retry timeout between connection attempts in seconds for active amphora.
+  enable-volume-based-amphora:
+    default: False
+    type: boolean
+    description: |
+      Enable the use of cinder volumes for the amphora. When this option is
+      enabled, Octavia will create a volume and attach it to the amphora.
+  volume-size:
+    default: 16
+    type: int
+    description: |
+      Size of the volume, in GB, for amphora instance. Applies only when
+      enable-volume-based-amphora is True.
+  volume-type:
+    default:
+    type: string
+    description: |
+      Type of volume for amphora volume root disk. Applies only when
+      enable-volume-based-amphora is True.If this isn't specified,
+      the default_volume_type from cinder.conf will be used.
--- a/src/templates/bobcat/octavia.conf
+++ b/src/templates/bobcat/octavia.conf
@ -70,6 +70,9 @@ network_driver = allowed_address_pairs_driver
 compute_driver = compute_nova_driver
 amphora_driver = amphora_haproxy_rest_driver
 loadbalancer_topology = {{ options.loadbalancer_topology }}
+{% if options.enable_volume_based_amphora -%}
+volume_driver = volume_cinder_driver
+{% endif -%}

 [certificates]
 # NOTE(fnordahl) certificates for authentication between Octavia controllers
@ -168,6 +171,12 @@ region_name = {{ options.region }}
 {% if options.use_internal_endpoints -%}
 endpoint_type = internalURL
 {%- endif %}
+{% if options.enable_volume_based_amphora -%}
+volume_size = {{options.volume_size}}
+{% if options.volume_type -%}
+volume_type = {{options.volume_type}}
+{%- endif %}
+{%- endif %}

 [glance]
 {% if options.region -%}
--- a/src/templates/ussuri/octavia.conf
+++ b/src/templates/ussuri/octavia.conf
@ -0,0 +1,158 @@
+# victoria
+[DEFAULT]
+debug = {{ options.debug }}
+
+{% include "parts/section-transport-url" %}
+
+[health_manager]
+{% if options.health_manager_bind_ip -%}
+bind_ip = {{ options.health_manager_bind_ip }}
+{% endif -%}
+{% if options.controller_ip_port_list -%}
+controller_ip_port_list = {{ options.controller_ip_port_list }}
+{% endif -%}
+heartbeat_key = {{ options.heartbeat_key }}
+health_update_threads = {{ options.workers }}
+stats_update_threads = {{ options.workers }}
+
+[house_keeping]
+{% if options.spare_amphora_pool_size -%}
+spare_amphora_pool_size = {{ options.spare_amphora_pool_size }}
+{% endif %}
+
+[controller_worker]
+{% if options.amp_ssh_key_name %}
+amp_ssh_key_name = {{ options.amp_ssh_key_name }}
+{% endif -%}
+{% if options.amp_image_owner_id -%}
+amp_image_owner_id = {{ options.amp_image_owner_id }}
+{% endif -%}
+{% if options.amp_secgroup_list -%}
+amp_secgroup_list = {{ options.amp_secgroup_list }}
+{% endif -%}
+{% if options.amp_flavor_id -%}
+amp_flavor_id = {{ options.amp_flavor_id }}
+{% endif -%}
+{% if options.amp_boot_network_list -%}
+amp_boot_network_list = {{ options.amp_boot_network_list }}
+{% endif -%}
+{% if options.amp_image_tag -%}
+amp_image_tag = {{ options.amp_image_tag }}
+{% endif -%}
+amp_active_retries = 180
+# This certificate is installed on the ``Amphorae`` and used for validating
+# the authenticity of the ``Octavia`` controller.
+client_ca = {{ options.controller_cacert }}
+network_driver = allowed_address_pairs_driver
+compute_driver = compute_nova_driver
+amphora_driver = amphora_haproxy_rest_driver
+loadbalancer_topology = {{ options.loadbalancer_topology }}
+{% if options.enable_volume_based_amphora -%}
+volume_driver = volume_cinder_driver
+{% endif -%}
+
+[certificates]
+# NOTE(fnordahl) certificates for authentication between Octavia controllers
+# and its Amphorae instances are issued locally on the Octavia controller.
+#
+# At the time of this writing this is the only supported alternative upstream
+# after the retirement of the Anchor project [0].
+#
+# Note that these certificates are not used for any load balancer payload data
+#
+# 0: https://review.opendev.org/#/c/597022/
+cert_generator = local_cert_generator
+# This certificate is used to issue individual certificates for each
+# ``Amphora`` and to validate their authenticity when they connect to the
+# ``Octavia`` controller.
+ca_certificate = {{ options.issuing_cacert }}
+ca_private_key = {{ options.issuing_ca_private_key }}
+ca_private_key_passphrase = {{ options.issuing_ca_private_key_passphrase }}
+
+cert_manager = barbican_cert_manager
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+
+
+[haproxy_amphora]
+# This certificate is used by the ``Octavia`` controller to validate the
+# authenticity of the ``Amphorae`` connecting to it.
+server_ca = {{ options.issuing_cacert }}
+# This certificate is used by the ``Octavia`` controller when it takes on the
+# role as a "client" connecting to the ``Amphorae``.
+client_cert = {{ options.controller_cert }}
+connection_max_retries = {{ options.connection_max_retries }}
+connection_retry_interval = {{ options.connection_retry_interval }}
+active_connection_max_retries = {{ options.active_connection_max_retries }}
+active_connection_retry_interval = {{ options.active_connection_retry_interval }}
+
+
+{% include "parts/section-database" %}
+
+[service_auth]
+auth_section = keystone_authtoken
+
+{% include "parts/section-keystone-authtoken" %}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+
+[oslo_messaging]
+topic = octavia
+
+[nova]
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+{%- if options.loadbalancer_topology == "SINGLE" or options.anti_affinity_policy == "disable" %}
+enable_anti_affinity = False
+{%- elif options.loadbalancer_topology == "ACTIVE_STANDBY" %}
+{%- if options.anti_affinity_policy == "auto" %}
+enable_anti_affinity = True
+anti_affinity_policy = "soft-anti-affinity"
+{%- elif options.anti_affinity_policy in ["anti-affinity", "soft-anti-affinity"] %}
+enable_anti_affinity = True
+anti_affinity_policy = {{ options.anti_affinity_policy }}
+{%- endif %}
+{%- endif %}
+
+[cinder]
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+{% if options.enable_volume_based_amphora -%}
+volume_size = {{options.volume_size}}
+{% if options.volume_type -%}
+volume_type = {{options.volume_type}}
+{%- endif %}
+{%- endif %}
+
+[glance]
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+
+[neutron]
+{% if options.region -%}
+region_name = {{ options.region }}
+{% endif -%}
+{% if options.use_internal_endpoints -%}
+endpoint_type = internalURL
+{%- endif %}
+
+{% include "parts/section-oslo-messaging-rabbit" %}
+
+{% include "parts/section-oslo-middleware" %}
--- a/src/templates/victoria/octavia.conf
+++ b/src/templates/victoria/octavia.conf
@ -65,6 +65,9 @@ network_driver = allowed_address_pairs_driver
 compute_driver = compute_nova_driver
 amphora_driver = amphora_haproxy_rest_driver
 loadbalancer_topology = {{ options.loadbalancer_topology }}
+{% if options.enable_volume_based_amphora -%}
+volume_driver = volume_cinder_driver
+{% endif -%}

 [certificates]
 # NOTE(fnordahl) certificates for authentication between Octavia controllers
@ -145,6 +148,12 @@ region_name = {{ options.region }}
 {% if options.use_internal_endpoints -%}
 endpoint_type = internalURL
 {%- endif %}
+{% if options.enable_volume_based_amphora -%}
+volume_size = {{options.volume_size}}
+{% if options.volume_type -%}
+volume_type = {{options.volume_type}}
+{%- endif %}
+{%- endif %}

 [glance]
 {% if options.region -%}
--- a/src/templates/xena/octavia.conf
+++ b/src/templates/xena/octavia.conf
@ -70,6 +70,9 @@ network_driver = allowed_address_pairs_driver
 compute_driver = compute_nova_driver
 amphora_driver = amphora_haproxy_rest_driver
 loadbalancer_topology = {{ options.loadbalancer_topology }}
+{% if options.enable_volume_based_amphora -%}
+volume_driver = volume_cinder_driver
+{% endif -%}

 [certificates]
 # NOTE(fnordahl) certificates for authentication between Octavia controllers
@ -149,6 +152,12 @@ region_name = {{ options.region }}
 {% if options.use_internal_endpoints -%}
 endpoint_type = internalURL
 {%- endif %}
+{% if options.enable_volume_based_amphora -%}
+volume_size = {{options.volume_size}}
+{% if options.volume_type -%}
+volume_type = {{options.volume_type}}
+{%- endif %}
+{%- endif %}

 [glance]
 {% if options.region -%}
--- a/src/tests/bundles/noble-caracal-ha-ovn.yaml
+++ b/src/tests/bundles/noble-caracal-ha-ovn.yaml
@ -1,5 +1,5 @@
 variables:
-  openstack-origin: &openstack-origin cloud:noble-caracal
+  openstack-origin: &openstack-origin distro

 local_overlay_enabled: True

@ -90,6 +90,8 @@ relations:
  - octavia:certificates
 - - vault:certificates
  - glance-simplestreams-sync:certificates
+- - vault:certificates
+  - cinder:certificates
 - - hacluster-octavia:ha
  - octavia:ha
 - ["octavia-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
@ -99,6 +101,15 @@ relations:
 - ["neutron-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
 - ["placement-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
 - ["vault-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
+- ["cinder-ceph:storage-backend", "cinder:storage-backend"]
+- ["nova-compute:ceph-access", "cinder-ceph:ceph-access"]
+- ["ceph-mon:client", "cinder-ceph:ceph"]
+- ["ceph-mon:osd", "ceph-osd:mon"]
+- ["cinder:shared-db", "cinder-mysql-router:shared-db"]
+- ["cinder-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
+- ["cinder:identity-service", "keystone:identity-service"]
+- ["cinder:amqp", "rabbitmq-server:amqp"]
+- ["cinder:image-service", "glance:image-service"]
 applications:
  glance:
    charm: ch:glance
@ -112,6 +123,9 @@ applications:
    options:
      openstack-origin: *openstack-origin
    channel: latest/edge
+  cinder-mysql-router:
+    charm: ch:mysql-router
+    channel: latest/edge
  octavia-mysql-router:
    charm: ch:mysql-router
    channel: latest/edge
@ -138,6 +152,35 @@ applications:
    charm: ch:mysql-innodb-cluster
    num_units: 3
    channel: latest/edge
+  ceph-osd:
+    charm: ch:ceph-osd
+    num_units: 3
+    storage:
+      osd-devices: '40G'
+    options:
+      source: *openstack-origin
+    channel: squid/candidate
+  ceph-mon:
+    charm: ch:ceph-mon
+    num_units: 1
+    options:
+      source: *openstack-origin
+      monitor-count: '1'
+    channel: squid/candidate
+  cinder:
+    charm: ch:cinder
+    num_units: 1
+    storage:
+      block-devices: '40G'
+    options:
+      openstack-origin: *openstack-origin
+      glance-api-version: 2
+      block-device: None
+      overwrite: "true"
+    channel: latest/edge
+  cinder-ceph:
+    charm: ch:cinder-ceph
+    channel: latest/edge
  neutron-api:
    constraints: cores=4
    charm: ch:neutron-api
@ -196,7 +239,7 @@ applications:
                      name_prefix: 'ubuntu:released',
                      path: 'streams/v1/index.sjson', max: 1,
                      item_filters: [
-                        'release~(jammy)',
+                        'release~(jammy|noble)',
                        'arch~(x86_64|amd64)',
                        'ftype~(disk1.img|disk.img)']}]"
    channel: latest/edge
@ -205,7 +248,7 @@ applications:
    options:
      amp-image-tag: 'octavia-amphora'
      retrofit-series: *series
-      retrofit-uca-pocket: bobcat
+      retrofit-uca-pocket: caracal
    channel: latest/edge
  placement:
    charm: ch:placement
--- a/src/tests/bundles/noble-caracal-ha.yaml
+++ b/src/tests/bundles/noble-caracal-ha.yaml
@ -1,5 +1,5 @@
 variables:
-  openstack-origin: &openstack-origin cloud:noble-caracal
+  openstack-origin: &openstack-origin distro

 local_overlay_enabled: True

@ -84,6 +84,8 @@ relations:
  - glance-simplestreams-sync:certificates
 - - vault:certificates
  - placement:certificates
+- - vault:certificates
+  - cinder:certificates
 - ["octavia-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
 - ["keystone-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
 - ["nova-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
@ -91,6 +93,15 @@ relations:
 - ["neutron-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
 - ["placement-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
 - ["vault-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
+- ["cinder-ceph:storage-backend", "cinder:storage-backend"]
+- ["nova-compute:ceph-access", "cinder-ceph:ceph-access"]
+- ["ceph-mon:client", "cinder-ceph:ceph"]
+- ["ceph-mon:osd", "ceph-osd:mon"]
+- ["cinder:shared-db", "cinder-mysql-router:shared-db"]
+- ["cinder-mysql-router:db-router", "mysql-innodb-cluster:db-router"]
+- ["cinder:identity-service", "keystone:identity-service"]
+- ["cinder:amqp", "rabbitmq-server:amqp"]
+- ["cinder:image-service", "glance:image-service"]
 applications:
  glance:
    charm: ch:glance
@ -104,6 +115,9 @@ applications:
    options:
      openstack-origin: *openstack-origin
    channel: latest/edge
+  cinder-mysql-router:
+    charm: ch:mysql-router
+    channel: latest/edge
  octavia-mysql-router:
    charm: ch:mysql-router
    channel: latest/edge
@ -130,6 +144,35 @@ applications:
    charm: ch:mysql-innodb-cluster
    num_units: 3
    channel: latest/edge
+  ceph-osd:
+    charm: ch:ceph-osd
+    num_units: 3
+    storage:
+      osd-devices: '40G'
+    options:
+      source: *openstack-origin
+    channel: squid/candidate
+  ceph-mon:
+    charm: ch:ceph-mon
+    num_units: 1
+    options:
+      source: *openstack-origin
+      monitor-count: '1'
+    channel: squid/candidate
+  cinder:
+    charm: ch:cinder
+    num_units: 1
+    storage:
+      block-devices: '40G'
+    options:
+      openstack-origin: *openstack-origin
+      glance-api-version: 2
+      block-device: None
+      overwrite: "true"
+    channel: latest/edge
+  cinder-ceph:
+    charm: ch:cinder-ceph
+    channel: latest/edge
  neutron-api:
    charm: ch:neutron-api
    num_units: 1
@ -207,7 +250,7 @@ applications:
                      name_prefix: 'ubuntu:released',
                      path: 'streams/v1/index.sjson', max: 1,
                      item_filters: [
-                        'release~(jammy)',
+                        'release~(jammy|noble)',
                        'arch~(x86_64|amd64)',
                        'ftype~(disk1.img|disk.img)']}]"
    channel: latest/edge
@ -216,7 +259,7 @@ applications:
    options:
      amp-image-tag: 'octavia-amphora'
      retrofit-series: *series
-      retrofit-uca-pocket: bobcat
+      retrofit-uca-pocket: caracal
    channel: latest/edge
  placement:
    charm: ch:placement
--- a/src/tests/tests.yaml
+++ b/src/tests/tests.yaml
@ -58,6 +58,7 @@ configure:
 tests:
 - zaza.openstack.charm_tests.octavia.tests.LBAASv2Test
 - zaza.openstack.charm_tests.octavia.tests.CharmOperationTest
+- zaza.openstack.charm_tests.octavia.tests.VolumeBasedAmphoraTest
 - zaza.openstack.charm_tests.policyd.tests.OctaviaTests
 - no-amphora:
  - zaza.openstack.charm_tests.octavia.tests.LBAASv2Test