This patchset implements policy overrides for swift-proxy. It uses
the code in charmhelpers.
Closed-Bug: #1741723
Change-Id: Ic51ee5d181558b63dfd968c5b0c7d40760a5ac59
If a unit is paused then its services will not start during the
post-series-upgrade hook. In addition exclude haproxy from the list
of services to start if it is being managed by hacluster.
Closes-Bug: #1861660
Change-Id: I5f72f5507b9ed40b50dcacd1940e91d3cff26298
This patchset adds a support for Swift Global Cluster feature as
described at:
https://docs.openstack.org/swift/latest/overview_global_cluster.html
It allows specifying affinity settings as parrt of the deployment.
Moreover, the master - slave relation is introduced for the purpose of
rings distribution across proxy nodes participating in the Swift Global
Cluster.
Change-Id: I406445493e2226aa5ae40a09c9053ac8633a46e9
Closes-Bug: 1815879
Depends-On: I11b6c7802e5bfbd61b06e4d11c65804a165781b6
Switch package install to Python 3 for OpenStack Train and later.
When upgrading, remove any python-* packages that were explicitly
installated and then autoremove --purge any dependencies that are
no longer required.
This patch also includes the following related changes:
* Use the common files package, swift, rather than python-swift
as the package name when determining releases.
* Drop the python2 shebang from manager.py in favor of specifying
the interpreter on the subprocess call. The python interpreter
version must match the python version of the OpenStack payload
due to the swift library imports.
* Enable the cPickle import in manager.py for Python 3
(C-optimized module name is _pickle), and fix 'result'
variable that is a set type but should be a dict type.
Change-Id: Ia3fdbf2020137bcf39039478ee3606717d3d6e20
Closes-Bug: #1841184
This patchset implements 'replicas-account' and 'replicas-container'
charm options which can be used to set the desired number of replicas
per ring.
Change-Id: Ie7fa1b8c5619d0a5a278cd0eddaf1051de11f2a3
Closes-Bug: 1823696
If local unit is no longer leader, clear rings_url on
storage relations to avoid storage units getting
rings from wrong proxy unit.
Also send broker-timestamp to storage units when providing
rings_url so that we have a means of knowing which is the most
recent. Broker timestamp is the same for peer and storage
sync so this enables identifying most recent.
Change-Id: I2c7e9028f345791bad0a736cb89979284b144e33
Closes-Bug: #1765203
This results in a few changes in behaviour:
1) The charm will no longer specify a nic name to bind the vip. This
is because Pacemaker VIP resources are able to automatically
detect and configure correct iface and netmask parameters based
on local configuration of the unit.
2) The original iface named VIP resource will be stopped and deleted
prior to the creation of the new short hash named VIP resource.
Change-Id: Iad743ebdb6283d72126142122ce393092cd60f18
Reverting this for a more general fix; see the topic bug/1796830.
This reverts commit 65c90e7c272e984ecc9cee7c936484fbe087fa1b.
Change-Id: If7f7801b3b170f252c318de746c3d4d90edb808a
From stable/18.02 onwards, charmhelpers symlink has been removed from
the hooks directory. On fresh deploys, this caused check_haproxy*
scripts not to be copied to /usr/local/lib/nagios/plugins.
This change uses new copy_nrpe_checks arg available to choose a
different location than the default.
Change-Id: Ia0a78dd2ace60dd77e81382b8018c04bbc0e2ebf
Closes-Bug: 1796830
Signed-off-by: Alvaro Uria <alvaro.uria@canonical.com>
* Needed to add a swift_manager/manager.py file which uses the payload
software python modules to perform certain functions on behalf of the
charm. These were part of the main charm, which couldn't be retained
in the charm due to the charm changing to Py3.
* Changed to absolute imports using the charm root as the root for all
charm modules.
* The py2 target in tox.ini is used to test the swift_manager/manager.py
file only.
* The .testr.conf file has been migrated to .stestr.conf
Change-Id: If37a393aa6ed27651b04810aa0bbf69eda37d7b4
Ensure that any network space binding provided by the end user
is used as units join the swift-storage relation.
This allows backend communication to swift-storage units to be
network isolated from frontend public access to the swift
deployment.
Change-Id: If29ba3dfb1379f0cda20d9685e654d911d67df1d
Closes-Bug: 1697491
This reverts commit 1cf5ea71d0895556bdfd69ae4302ebcca441289a which
is not required as the should_balance function already inspects
the configuration option that enforces ring balancing via actions.
Change-Id: I79c1be12f680c446d556dc16e9dfbd60a7d9db38
Enable dual stack IPv4 and IPv6 VIPs on the same interface.
HAProxy always listens on both IPv4 and IPv6 allowing connectivity
on either protocol.
charm-helpers sync for HAProxy template changes.
Change-Id: I9d0907b19bf30e256102f79e72b42400569ebbbc
The NRPE healthcheck included with swift-proxy uses hardcoded api
port, 8070, to talk to swift. However, the charm configures the api
port differently if swift-proxy is configured for https.
Closes-Bug: 1702847
Change-Id: I3e8d025e66799d9eb24ede530b6a7d0936613620
Add new amqp interface and configure ceilometermiddleware to
send telemetry notifications via RabbitMQ when swift-proxy is
related to the rabbitmq-server charm.
This change also includes some tidyup to include required
components in the swift pipelines (automagically added by swift
prior to this).
Change-Id: Ie3c5c87b31d805cb7e62fa47c322402f47dd0d33
Closes-Bug: 1321281
Use the get_relation_ip function for selecting addresses for the
cluster relationship. Including overrides for the admin, internal,
and public config settings or extra bindings.
Change-Id: I33de35055ec11be01988c36e69f5d48b10bf7390
Partial-Bug: #1687439
Some cluster relation settings are dependant on
config so ensure that if confg changes, those
changes are reflected on the cluster relation.
Change-Id: I0bf8601bc7d3c769a59c4eafd89643811b46dbe6
Closes-Bug: 1641870
When adding new storage capacity, its desirable to disable ring
rebalancing until all new storage has been added, allowing the
end-user to determing when all new capacity has been added and its
OK to rebalance the rings and re-distribute.
Ensure that storage hook events from swift-storage observe the
'disable-ring-rebalance' configuration option, enabling end users
to perform this type of orchestration storage expansion.
Change-Id: I95727e663b369d5feb28147b19edcc6cab36b905
Closes-Bug: 1638981
No need for refresh of proxy-server.conf template for Mitaka. Update
template for Kilo and later to make use of domain_name and project_name
parameters instead of domain_id and project_id parameters.
The current template sets up auth to user in default domain
but project in service domain. This does not work with service
domain layout.
Do not request configured operator_roles roles from Keystone. From
which roles swift-proxy should accept requests are still configured
in proxy-server.conf, but requesting and setting up these roles for
the s3_swift user in Keystone is incorrect behaviour.
Register required relation data for identity-service immediatelly when
relation to 'identity-service' exists. Do not postpone registration
until context is complete which may cause the swift-proxy unit marking
itself ready while still being in a unconfigured state.
Add tests to verify configuration and operation of swift-proxy when
using Keystone v3 auth.
Change-Id: I8bf182a9256f96af50e4cc37505d9c0ca3d62e47
Closes-Bug: 1646765
This change implements the alternative authentication system,
swauth in addition to adding an action to add users to swauth
Change-Id: Ib752cd3a2a58f6c8cb06119c6be595cfc07ddc9f
This change registers the configured S3 proxy with Keystone, so that
your cloud knows about the S3 endpoints.
Also includes an update to ensure that the s3token middleware
authenticates against the correct keystone endpoint.
Change-Id: I07d25df6332028a99e0bf79b39f998f84613a4fc
All contributions to this charm where made under Canonical
copyright; switch to Apache-2.0 license as agreed so we
can move forward with official project status.
Change-Id: I78e8d98d51c7ff28baf1c8421d093fbefd65ae7d
Implement DNS high availability. Pass the correct information to
hacluster to register a DNS entry with MAAS 2.0 or greater rather
than using a virtual IP.
Charm-helpers sync to bring in DNS HA helpers
Change-Id: I3e356a85c0893171ac8db26300e0530054fc93bd
The existing pause/resume has been enhanced by adding more robust service
checks and hooking into the pause/resume functionality in the charmhelpers
library.
Change-Id: Ia487499ec4d8e4f41ec985eac02d97e085a06e2c
Make the ring sync code clearer and improve logic around leader
switching during or after a sync. Also add more debug logs to
make it easier to debug when things go wrong.
Closes-Bug: 1448884
Change-Id: I10d51c74001710b6b7a2502e14370996b15ffb40
Add charmhelpers.contrib.hardening and calls to install,
config-changed, upgrade-charm and update-status hooks.
Also add new config option to allow one or more hardening
modules to be applied at runtime.
Change-Id: I7e6abb16d16d08575cad4f3a52b6fc54b3ac01c2
