Switch package install to Python 3 for OpenStack Train and later.
When upgrading, remove any python-* packages that were explicitly
installated and then autoremove --purge any dependencies that are
no longer required.
This patch also includes the following related changes:
* Use the common files package, swift, rather than python-swift
when using a package name to determine release.
Also add OS_* to tox.ini to allow functional tests to execute.
Change-Id: I121af845bf11c22052479a497b196a4670021256
It is possible for swift-storage units to attempt
to request rings from a proxy unit that is no longer
serving them so instead of raising an exception we
catch it and move on since there will likely be a
another proxy notification waiting to be consumed.
Change-Id: Ib2e634d2ed3509bfe2aa9b792cc17c2ed89029f1
Closes-Bug: #1765203
When upgrading the charm some package dependancies are missing
such as python3-distutils. This patch uses the same approach as the
install hook to install packages before calling the the main python
hook code.
Change-Id: If3bfa6efd5a3924f3ca6d1309f82c3867cfd4c67
Closes-Bug: #1803418
Add new secrets-storage relation to vault, supporting the
use of block device encryption using dm-crypt/vaultlocker.
Prepared devices are now recorded in the local unit kv
store; this information is used to provide a list of
configured block devices to the swift-proxy charm,
rather than the previous best guess provided by
determine_block_devices. This allows us to use the
dm-crypt device name, rather than the underlying
block device.
Encrypted block devices are unlocked on boot using
vaultlocker-decrypt systemd units (enabled by vaultlocker);
/etc/fstab entries for such devices make use of a
x-systemd.requires option to ensure that the block device
is unlocked prior to attempting to mount it.
Add new storage binding to allow charm to be used with
Juju storage.
Add new ephemeral-unmount configuration option to allow
cloud ephemeral storage to be used for testing purposes;
update functional testing to use this option. The behaviour
of 'overwrite' was changed to accomodate the use of
encrypted block devices.
Change-Id: I9b3f8cd2de412ee96e0139dba4d4abdf998ecaf2
In a converged architecture with storage and compute on the same
host, UFW can get in the way of tunneled traffic interpreting it as
INVALID. UFW makes solving this more difficult than it needs to be.
See http://northernmost.org/blog/gre-tunnels-and-ufw/index.html for
context.
This change updates /etc/ufw/before.rules to add GRE as an allowed
input.
Also, guarantee ufw is installed for LP #1763716
Please review and merge charm-helpers first:
https://github.com/juju/charm-helpers/pull/170
Change-Id: I789854c33e3af12f7412633dbf7c921beb0ed2b5
Closes-Bug: #1757564
Closes-Bug: #1763716
The charm neglected to set default policy for routed which cases
applications deployed to containers to fail to deploy.
This change explicitly sets default policy allow for routed and
outgoing.
Closes-Bug: #1747032
Change-Id: I440e5e040ad433bf0cf6c4ce99439da456476914
Ensure that only the swift-proxy units and swift-storage peers have
access to direct communication with swift storage daemons.
Charm-helpers sync to include ufw module and the ingress_address and
iter_units_for_relation_name functions.
Please review and merge first:
https://github.com/juju/charm-helpers/pull/35
Closes-Bug: #1727463
Change-Id: Id5677edbc40b0b891cbe66867d39d076a94c5436
Resolve correct private-address for use on the swift-storage
relation, supporting 'prefer-ipv6' as well as Juju 2.0 network
spaces.
Change-Id: I3ee111c6abdd028c2c29e80dceb99178443da45a
Closes-Bug: 1697491
Allows the administrator to set custom sysctls on the storage
nodes. This is especially useful for setting kernel.pid_max.
Change-Id: Id902f799796a121578eba10de22e0eb9cc627b9d
Closes-bug: 1396613
Juju 2.0 provides support for display of the version of
an application deployed by a charm in juju status.
Insert the os_application_version_set function into the
existing assess_status function - this gets called after
all hook executions, and periodically after that, so any
changes in package versions due to normal system updates
will also be reflected in the status output.
This review also includes a resync of charm-helpers to
pickup hookenv and contrib.openstack support for this
feature.
Change-Id: I75009a66ce9c9d43e234f9c5acbb185ac4a66ba5
All contributions to this charm where made under Canonical
copyright; switch to Apache-2.0 license as agreed so we
can move forward with official project status.
Change-Id: I97206ee8be76220cb0937a09be3230432e04535a
Add charmhelpers.contrib.hardening and calls to install,
config-changed, upgrade-charm and update-status hooks.
Also add new config option to allow one or more hardening
modules to be applied at runtime.
Change-Id: If0d1e10b58ed506e0aca659f30120b8d5c96c04f
Track devices that have been added to the ring and allow
devices to be added to the ring post-install (currently
only allowed within the install hook). Devices added to
the ring prior to this patch existing will be migrated
to the tracking store of devices to avoid conflicts.
Change-Id: Id268dc6369041a4d2db6f30a997dfa0c0d73b93f
Closes-Bug: 1383390