Enable OVN L4 provider from Victoria onward
The driver is unreliable at Ussuri. Also ensure we restart the ovn-driver-agent when configuration is written to disk. Ensure Port Security is enabled as this is a requirement for reliable operation of the Amphora driver also exercised by the functional tests. Enable focal/groovy-victoria gates and re-enable Ussuri OVS gate. Closes-Bug: #1927960 Closes-Bug: #1927962 Related-Bug: #1927959 Change-Id: I1bafd9eecb83aefb425bc5286f23d47c0885ac8e
This commit is contained in:
parent
abc730c2af
commit
d5b9859741
53
osci.yaml
53
osci.yaml
|
@ -7,8 +7,15 @@
|
|||
- bionic-stein-ha
|
||||
- bionic-train-ha-ovn
|
||||
- bionic-train-ha
|
||||
# Awaiting SRU in LP: #1924981 to complete
|
||||
#- bionic-ussuri-ha-ovn
|
||||
- bionic-ussuri-ha
|
||||
- focal-ussuri-ha-ovn
|
||||
- focal-ussuri-ha
|
||||
- focal-victoria-ha-ovn
|
||||
- focal-victoria-ha
|
||||
- groovy-victoria-ha-ovn
|
||||
- groovy-victoria-ha
|
||||
vars:
|
||||
needs_charm_build: true
|
||||
charm_build_name: octavia
|
||||
|
@ -19,6 +26,14 @@
|
|||
dependencies: &smoke-jobs
|
||||
- focal-ussuri-ha
|
||||
- focal-ussuri-ha-ovn
|
||||
vars:
|
||||
needs_charm_build: true
|
||||
charm_build_name: octavia
|
||||
|
||||
- job:
|
||||
name: bionic-rocky-ha
|
||||
parent: func-target
|
||||
dependencies: *smoke-jobs
|
||||
vars:
|
||||
tox_extra_args: bionic-rocky-ha
|
||||
- job:
|
||||
|
@ -39,6 +54,18 @@
|
|||
dependencies: *smoke-jobs
|
||||
vars:
|
||||
tox_extra_args: bionic-train-ha
|
||||
- job:
|
||||
name: bionic-ussuri-ha-ovn
|
||||
parent: func-target
|
||||
dependencies: *smoke-jobs
|
||||
vars:
|
||||
tox_extra_args: bionic-ussuri-ha-ovn
|
||||
- job:
|
||||
name: bionic-ussuri-ha
|
||||
parent: func-target
|
||||
dependencies: *smoke-jobs
|
||||
vars:
|
||||
tox_extra_args: bionic-ussuri-ha
|
||||
- job:
|
||||
name: focal-ussuri-ha-ovn
|
||||
parent: func-target
|
||||
|
@ -56,4 +83,28 @@
|
|||
parent: func-target
|
||||
dependencies: *lint-jobs
|
||||
vars:
|
||||
tox_extra_args: focal-ussuri-ha
|
||||
tox_extra_args: focal-ussuri-ha
|
||||
- job:
|
||||
name: focal-victoria-ha-ovn
|
||||
parent: func-target
|
||||
dependencies: *smoke-jobs
|
||||
vars:
|
||||
tox_extra_args: focal-victoria-ha-ovn
|
||||
- job:
|
||||
name: focal-victoria-ha
|
||||
parent: func-target
|
||||
dependencies: *smoke-jobs
|
||||
vars:
|
||||
tox_extra_args: focal-victoria-ha
|
||||
- job:
|
||||
name: groovy-victoria-ha-ovn
|
||||
parent: func-target
|
||||
dependencies: *smoke-jobs
|
||||
vars:
|
||||
tox_extra_args: groovy-victoria-ha-ovn
|
||||
- job:
|
||||
name: groovy-victoria-ha
|
||||
parent: func-target
|
||||
dependencies: *smoke-jobs
|
||||
vars:
|
||||
tox_extra_args: groovy-victoria-ha
|
||||
|
|
|
@ -324,15 +324,8 @@ class BaseOctaviaCharm(ch_plugins.PolicydOverridePlugin,
|
|||
},
|
||||
}
|
||||
default_service = 'octavia-api'
|
||||
services = ['apache2', 'octavia-health-manager', 'octavia-housekeeping',
|
||||
'octavia-worker']
|
||||
required_relations = ['shared-db', 'amqp', 'identity-service',
|
||||
'sdn-subordinate']
|
||||
restart_map = {
|
||||
OCTAVIA_MGMT_INTF_CONF: services + ['systemd-networkd'],
|
||||
OCTAVIA_CONF: services,
|
||||
OCTAVIA_WSGI_CONF: ['apache2'],
|
||||
}
|
||||
sync_cmd = ['sudo', 'octavia-db-manage', 'upgrade', 'head']
|
||||
ha_resources = ['vips', 'haproxy', 'dnsha']
|
||||
release_pkg = 'octavia-common'
|
||||
|
@ -351,6 +344,21 @@ class BaseOctaviaCharm(ch_plugins.PolicydOverridePlugin,
|
|||
policyd_service_name = 'octavia'
|
||||
policyd_restart_on_change = True
|
||||
|
||||
@property
|
||||
def services(self):
|
||||
"""Allow descendents to modify the service list."""
|
||||
return ['apache2', 'octavia-health-manager', 'octavia-housekeeping',
|
||||
'octavia-worker']
|
||||
|
||||
@property
|
||||
def restart_map(self):
|
||||
"""Allow descendents to modify the restart map."""
|
||||
return {
|
||||
OCTAVIA_MGMT_INTF_CONF: self.services + ['systemd-networkd'],
|
||||
OCTAVIA_CONF: self.services,
|
||||
OCTAVIA_WSGI_CONF: ['apache2'],
|
||||
}
|
||||
|
||||
def install(self):
|
||||
"""Custom install function.
|
||||
|
||||
|
@ -477,9 +485,9 @@ class RockyOctaviaCharm(BaseOctaviaCharm):
|
|||
release = 'rocky'
|
||||
|
||||
|
||||
class UssuriOctaviaCharm(BaseOctaviaCharm):
|
||||
class VictoriaOctaviaCharm(BaseOctaviaCharm):
|
||||
"""Charm class for the Octavia charm on Ussuri and newer releases."""
|
||||
release = 'ussuri'
|
||||
release = 'victoria'
|
||||
|
||||
@property
|
||||
def all_packages(self):
|
||||
|
@ -495,8 +503,8 @@ class UssuriOctaviaCharm(BaseOctaviaCharm):
|
|||
return all_packages
|
||||
|
||||
@property
|
||||
def full_service_list(self):
|
||||
services = super().full_service_list
|
||||
def services(self):
|
||||
_services = super().services
|
||||
if reactive.is_flag_set('charm.octavia.enable-ovn-driver'):
|
||||
services.extend(['octavia-driver-agent'])
|
||||
return services
|
||||
_services.extend(['octavia-driver-agent'])
|
||||
return _services
|
||||
|
|
|
@ -1,154 +0,0 @@
|
|||
[DEFAULT]
|
||||
debug = {{ options.debug }}
|
||||
|
||||
{% include "parts/section-transport-url" %}
|
||||
|
||||
{% if ovsdb_subordinate and ovsdb_subordinate.ovn_configured and ovsdb_cms -%}
|
||||
[api_settings]
|
||||
enabled_provider_drivers = amphora:The Octavia Amphora driver,ovn:Octavia OVN driver
|
||||
|
||||
[ovn]
|
||||
ovn_nb_connection={{ ','.join(ovsdb_cms.db_nb_connection_strs) }}
|
||||
ovn_nb_private_key=/etc/apache2/ssl/{{ options.service_name }}/key_{{ ovsdb_subordinate.chassis_name }}
|
||||
ovn_nb_certificate=/etc/apache2/ssl/{{ options.service_name }}/cert_{{ ovsdb_subordinate.chassis_name }}
|
||||
ovn_nb_ca_cert=/etc/ssl/certs/ca-certificates.crt
|
||||
{% endif %}
|
||||
|
||||
[health_manager]
|
||||
{% if options.health_manager_bind_ip -%}
|
||||
bind_ip = {{ options.health_manager_bind_ip }}
|
||||
{% endif -%}
|
||||
{% if options.controller_ip_port_list -%}
|
||||
controller_ip_port_list = {{ options.controller_ip_port_list }}
|
||||
{% endif -%}
|
||||
heartbeat_key = {{ options.heartbeat_key }}
|
||||
health_update_threads = {{ options.workers }}
|
||||
stats_update_threads = {{ options.workers }}
|
||||
|
||||
[house_keeping]
|
||||
{% if options.spare_amphora_pool_size -%}
|
||||
spare_amphora_pool_size = {{ options.spare_amphora_pool_size }}
|
||||
{% endif %}
|
||||
|
||||
[controller_worker]
|
||||
{% if options.amp_ssh_key_name %}
|
||||
amp_ssh_key_name = {{ options.amp_ssh_key_name }}
|
||||
{% endif -%}
|
||||
{% if options.amp_image_owner_id -%}
|
||||
amp_image_owner_id = {{ options.amp_image_owner_id }}
|
||||
{% endif -%}
|
||||
{% if options.amp_secgroup_list -%}
|
||||
amp_secgroup_list = {{ options.amp_secgroup_list }}
|
||||
{% endif -%}
|
||||
{% if options.amp_flavor_id -%}
|
||||
amp_flavor_id = {{ options.amp_flavor_id }}
|
||||
{% endif -%}
|
||||
{% if options.amp_boot_network_list -%}
|
||||
amp_boot_network_list = {{ options.amp_boot_network_list }}
|
||||
{% endif -%}
|
||||
{% if options.amp_image_tag -%}
|
||||
amp_image_tag = {{ options.amp_image_tag }}
|
||||
{% endif -%}
|
||||
amp_active_retries = 180
|
||||
# This certificate is installed on the ``Amphorae`` and used for validating
|
||||
# the authenticity of the ``Octavia`` controller.
|
||||
client_ca = {{ options.controller_cacert }}
|
||||
network_driver = allowed_address_pairs_driver
|
||||
compute_driver = compute_nova_driver
|
||||
amphora_driver = amphora_haproxy_rest_driver
|
||||
loadbalancer_topology = {{ options.loadbalancer_topology }}
|
||||
{%- if options.loadbalancer_topology == "SINGLE" or options.anti_affinity_policy == "disable" %}
|
||||
enable_anti_affinity = False
|
||||
{%- elif options.loadbalancer_topology == "ACTIVE_STANDBY" %}
|
||||
{%- if options.anti_affinity_policy == "auto" %}
|
||||
enable_anti_affinity = True
|
||||
anti_affinity_policy = "soft-anti-affinity"
|
||||
{%- elif options.anti_affinity_policy in ["anti-affinity", "soft-anti-affinity"] %}
|
||||
enable_anti_affinity = True
|
||||
anti_affinity_policy = {{ options.anti_affinity_policy }}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
|
||||
[certificates]
|
||||
# NOTE(fnordahl) certificates for authentication between Octavia controllers
|
||||
# and its Amphorae instances are issued locally on the Octavia controller.
|
||||
#
|
||||
# At the time of this writing this is the only supported alternative upstream
|
||||
# after the retirement of the Anchor project [0].
|
||||
#
|
||||
# Note that these certificates are not used for any load balancer payload data
|
||||
#
|
||||
# 0: https://review.opendev.org/#/c/597022/
|
||||
cert_generator = local_cert_generator
|
||||
# This certificate is used to issue individual certificates for each
|
||||
# ``Amphora`` and to validate their authenticity when they connect to the
|
||||
# ``Octavia`` controller.
|
||||
ca_certificate = {{ options.issuing_cacert }}
|
||||
ca_private_key = {{ options.issuing_ca_private_key }}
|
||||
ca_private_key_passphrase = {{ options.issuing_ca_private_key_passphrase }}
|
||||
|
||||
cert_manager = barbican_cert_manager
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
|
||||
[haproxy_amphora]
|
||||
# This certificate is used by the ``Octavia`` controller to validate the
|
||||
# authenticity of the ``Amphorae`` connecting to it.
|
||||
server_ca = {{ options.issuing_cacert }}
|
||||
# This certificate is used by the ``Octavia`` controller when it takes on the
|
||||
# role as a "client" connecting to the ``Amphorae``.
|
||||
client_cert = {{ options.controller_cert }}
|
||||
|
||||
{% include "parts/section-database" %}
|
||||
|
||||
[service_auth]
|
||||
auth_section = keystone_authtoken
|
||||
|
||||
{% include "parts/section-keystone-authtoken" %}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
[oslo_messaging]
|
||||
topic = octavia
|
||||
|
||||
[nova]
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
[cinder]
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
[glance]
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
[neutron]
|
||||
{% if options.region -%}
|
||||
region_name = {{ options.region }}
|
||||
{% endif -%}
|
||||
{% if options.use_internal_endpoints -%}
|
||||
endpoint_type = internalURL
|
||||
{%- endif %}
|
||||
|
||||
{% include "parts/section-oslo-messaging-rabbit" %}
|
||||
|
||||
{% include "parts/section-oslo-middleware" %}
|
|
@ -96,6 +96,7 @@ applications:
|
|||
openstack-origin: cloud:bionic-rocky
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
enable-dvr: True
|
||||
neutron-openvswitch:
|
||||
|
|
|
@ -109,6 +109,7 @@ applications:
|
|||
openstack-origin: cloud:bionic-rocky
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
to:
|
||||
- lxd:1
|
||||
|
|
|
@ -96,6 +96,7 @@ applications:
|
|||
openstack-origin: cloud:bionic-stein
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
enable-dvr: True
|
||||
neutron-openvswitch:
|
||||
|
|
|
@ -106,6 +106,7 @@ applications:
|
|||
openstack-origin: cloud:bionic-train
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
manage-neutron-plugin-legacy-mode: False
|
||||
nova-cloud-controller:
|
||||
|
|
|
@ -101,6 +101,7 @@ applications:
|
|||
openstack-origin: cloud:bionic-train
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
enable-dvr: True
|
||||
neutron-openvswitch:
|
||||
|
|
|
@ -103,12 +103,10 @@ applications:
|
|||
charm: cs:~openstack-charmers-next/neutron-api
|
||||
num_units: 1
|
||||
options:
|
||||
# NOTE(fnordahl): At current state of upstream Neutron development this
|
||||
# is a requirement. Remove once fixed upstream.
|
||||
enable-ml2-port-security: true
|
||||
openstack-origin: cloud:bionic-ussuri/proposed
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
nova-cloud-controller:
|
||||
constraints: mem=7168M
|
||||
|
|
|
@ -101,6 +101,7 @@ applications:
|
|||
openstack-origin: cloud:bionic-ussuri/proposed
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
enable-dvr: True
|
||||
manage-neutron-plugin-legacy-mode: True
|
||||
|
|
|
@ -127,6 +127,7 @@ applications:
|
|||
openstack-origin: distro
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
nova-cloud-controller:
|
||||
constraints: mem=7168M
|
||||
|
|
|
@ -122,6 +122,7 @@ applications:
|
|||
openstack-origin: distro
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
enable-dvr: True
|
||||
manage-neutron-plugin-legacy-mode: True
|
||||
|
|
|
@ -127,6 +127,7 @@ applications:
|
|||
openstack-origin: cloud:focal-victoria
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
nova-cloud-controller:
|
||||
constraints: mem=7168M
|
||||
|
@ -169,6 +170,8 @@ applications:
|
|||
options:
|
||||
amp-image-tag: 'octavia-amphora'
|
||||
retrofit-series: focal
|
||||
# LP: #1928179
|
||||
# retrofit-uca-pocket: victoria
|
||||
placement:
|
||||
charm: cs:~openstack-charmers-next/placement
|
||||
num_units: 1
|
||||
|
|
|
@ -122,6 +122,7 @@ applications:
|
|||
openstack-origin: cloud:focal-victoria
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
enable-dvr: True
|
||||
manage-neutron-plugin-legacy-mode: True
|
||||
|
@ -186,6 +187,8 @@ applications:
|
|||
options:
|
||||
amp-image-tag: 'octavia-amphora'
|
||||
retrofit-series: focal
|
||||
# LP: #1928179
|
||||
# retrofit-uca-pocket: victoria
|
||||
placement:
|
||||
charm: cs:~openstack-charmers-next/placement
|
||||
num_units: 1
|
||||
|
|
|
@ -127,6 +127,7 @@ applications:
|
|||
openstack-origin: distro
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
nova-cloud-controller:
|
||||
constraints: mem=7168M
|
||||
|
@ -168,7 +169,9 @@ applications:
|
|||
charm: cs:~openstack-charmers-next/octavia-diskimage-retrofit
|
||||
options:
|
||||
amp-image-tag: 'octavia-amphora'
|
||||
retrofit-series: groovy
|
||||
# LP: #1928179
|
||||
# retrofit-series: groovy
|
||||
retrofit-series: focal
|
||||
placement:
|
||||
charm: cs:~openstack-charmers-next/placement
|
||||
num_units: 1
|
||||
|
|
|
@ -122,6 +122,7 @@ applications:
|
|||
openstack-origin: distro
|
||||
debug: True
|
||||
flat-network-providers: physnet1
|
||||
enable-ml2-port-security: True
|
||||
neutron-security-groups: True
|
||||
enable-dvr: True
|
||||
manage-neutron-plugin-legacy-mode: True
|
||||
|
@ -185,7 +186,9 @@ applications:
|
|||
charm: cs:~openstack-charmers-next/octavia-diskimage-retrofit
|
||||
options:
|
||||
amp-image-tag: 'octavia-amphora'
|
||||
retrofit-series: groovy
|
||||
# LP: #1928179
|
||||
# retrofit-series: groovy
|
||||
retrofit-series: focal
|
||||
placement:
|
||||
charm: cs:~openstack-charmers-next/placement
|
||||
num_units: 1
|
||||
|
|
|
@ -3,21 +3,19 @@ gate_bundles:
|
|||
- bionic-stein-ha
|
||||
- bionic-train-ha-ovn
|
||||
- bionic-train-ha
|
||||
# focal-ussuri-ha-ovn disabled due to LP: #1893756
|
||||
# - focal-ussuri-ha-ovn
|
||||
# Awaiting SRU in LP: #1924981 to complete
|
||||
# - bionic-ussuri-ha-ovn
|
||||
- bionic-ussuri-ha
|
||||
- focal-ussuri-ha-ovn
|
||||
- focal-ussuri-ha
|
||||
smoke_bundles:
|
||||
# focal-ussuri-ha-ovn disabled due to LP: #1893756
|
||||
# - focal-ussuri-ha-ovn
|
||||
- focal-ussuri-ha
|
||||
dev_bundles:
|
||||
- groovy-victoria-ha-ovn
|
||||
- groovy-victoria-ha
|
||||
- focal-victoria-ha-ovn
|
||||
- focal-victoria-ha
|
||||
# LP: #1896729
|
||||
- bionic-ussuri-ha-ovn
|
||||
- bionic-ussuri-ha
|
||||
- groovy-victoria-ha-ovn
|
||||
- groovy-victoria-ha
|
||||
smoke_bundles:
|
||||
- focal-ussuri-ha-ovn
|
||||
- focal-ussuri-ha
|
||||
dev_bundles:
|
||||
- bionic-rocky-ha
|
||||
- bionic-rocky-lxd
|
||||
comment: |
|
||||
|
|
|
@ -133,7 +133,7 @@ class TestOctaviaCharm(Helper):
|
|||
self.assertFalse(
|
||||
'python3-ovn-octavia-provider' in self.target.packages)
|
||||
self.patch_object(octavia.reactive, 'is_flag_set', return_value=True)
|
||||
c = octavia.UssuriOctaviaCharm()
|
||||
c = octavia.VictoriaOctaviaCharm()
|
||||
self.assertTrue('octavia-driver-agent' in c.all_packages)
|
||||
self.assertTrue('python3-ovn-octavia-provider' in c.all_packages)
|
||||
self.assertTrue('octavia-driver-agent' in c.full_service_list)
|
||||
|
|
Loading…
Reference in New Issue