Remove dependency on openvswitch-switch daemons
While the ovn packages have a dependency on the `openvswitch-switch` and `openvswitch-common` packages the OVN central components have no need for having the daemons running. Also fixes an issue with the ovn-central systemd service file which lead to unwanted reverse dependency between `ovn-northd` and the database services. I.e. we do not want a restart of `ovn-northd` to lead to a reastart of the `ovn-nb-ovsdb` service. Remove loading of `openvswitch` kernel module from LXD profile, add in iptables instead as we will need this to protect the SB DB listener created for accepting connections from `ovn-northd` Change-Id: I134ec560c5522f0c657c203a4cd828e0e5c6f3cb
This commit is contained in:
parent
54caf36bb8
commit
4f09e06b6b
|
@ -94,12 +94,19 @@ class OVNCentralCharm(charms_openstack.charm.OpenStackCharm):
|
||||||
We also configure source before installing as OpenvSwitch and OVN
|
We also configure source before installing as OpenvSwitch and OVN
|
||||||
packages are distributed as part of the UCA.
|
packages are distributed as part of the UCA.
|
||||||
"""
|
"""
|
||||||
|
# NOTE(fnordahl) The OVN central components are currently packaged with
|
||||||
|
# a dependency on openvswitch-switch, but it does not need the switch
|
||||||
|
# or stock ovsdb running.
|
||||||
service_masks = [
|
service_masks = [
|
||||||
'/etc/systemd/system/ovn-central.service',
|
'openvswitch-switch.service',
|
||||||
|
'ovs-vswitchd.service',
|
||||||
|
'ovsdb-server.service',
|
||||||
|
'ovn-central.service',
|
||||||
]
|
]
|
||||||
for service_file in service_masks:
|
for service_file in service_masks:
|
||||||
if not os.path.islink(service_file):
|
abs_path_svc = os.path.join('/etc/systemd/system', service_file)
|
||||||
os.symlink('/dev/null', service_file)
|
if not os.path.islink(abs_path_svc):
|
||||||
|
os.symlink('/dev/null', abs_path_svc)
|
||||||
self.configure_source()
|
self.configure_source()
|
||||||
super().install()
|
super().install()
|
||||||
|
|
||||||
|
@ -196,11 +203,6 @@ class OVNCentralCharm(charms_openstack.charm.OpenStackCharm):
|
||||||
tls_object['cert'],
|
tls_object['cert'],
|
||||||
tls_object['key'],
|
tls_object['key'],
|
||||||
cn='host')
|
cn='host')
|
||||||
self.run('ovs-vsctl',
|
|
||||||
'set-ssl',
|
|
||||||
ovn_key(self.adapters_instance),
|
|
||||||
ovn_cert(self.adapters_instance),
|
|
||||||
ovn_ca_cert(self.adapters_instance))
|
|
||||||
if (reactive.is_flag_set('leadership.is_leader') and not
|
if (reactive.is_flag_set('leadership.is_leader') and not
|
||||||
reactive.is_flag_set('leadership.set.ready')):
|
reactive.is_flag_set('leadership.set.ready')):
|
||||||
# This is one-time set up at cluster creation and can only be
|
# This is one-time set up at cluster creation and can only be
|
||||||
|
@ -238,19 +240,3 @@ class OVNCentralCharm(charms_openstack.charm.OpenStackCharm):
|
||||||
'add', 'SB_Global', '.', 'connections', '@connection')
|
'add', 'SB_Global', '.', 'connections', '@connection')
|
||||||
self.restart_all()
|
self.restart_all()
|
||||||
break
|
break
|
||||||
|
|
||||||
def configure_ovn_remote(self, ovsdb_interface):
|
|
||||||
"""Configure the OVN remote setting in the local OVSDB.
|
|
||||||
|
|
||||||
The value is used by command line tools run on this unit.
|
|
||||||
|
|
||||||
:param ovsdb_interface: OVSDB interface instance
|
|
||||||
:type ovsdb_interface: reactive.Endpoint derived class
|
|
||||||
:raises: subprocess.CalledProcessError
|
|
||||||
"""
|
|
||||||
self.run('ovs-vsctl',
|
|
||||||
'set',
|
|
||||||
'open',
|
|
||||||
'.',
|
|
||||||
'external-ids:ovn-remote={}'
|
|
||||||
.format(','.join(ovsdb_interface.db_sb_connection_strs)))
|
|
||||||
|
|
|
@ -1,6 +1,2 @@
|
||||||
comment: |
|
|
||||||
NOTE(fnordahl): This is not required by the services the charm ultimately
|
|
||||||
will run, but is currently required by how it is packaged. We should work
|
|
||||||
towards not having this dependency.
|
|
||||||
config:
|
config:
|
||||||
linux.kernel_modules: openvswitch
|
linux.kernel_modules: ip_tables,ip6_tables
|
||||||
|
|
|
@ -146,6 +146,5 @@ def render():
|
||||||
ovsdb_peer.cluster_remote_addrs,
|
ovsdb_peer.cluster_remote_addrs,
|
||||||
ovsdb_peer.db_sb_cluster_port))
|
ovsdb_peer.db_sb_cluster_port))
|
||||||
if ovn_charm.enable_services():
|
if ovn_charm.enable_services():
|
||||||
ovn_charm.configure_ovn_remote(ovsdb_peer)
|
|
||||||
reactive.set_flag('config.rendered')
|
reactive.set_flag('config.rendered')
|
||||||
ovn_charm.assess_status()
|
ovn_charm.assess_status()
|
||||||
|
|
|
@ -6,10 +6,8 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Open Virtual Network central components
|
Description=Open Virtual Network central components
|
||||||
After=network.target
|
After=network.target
|
||||||
After=openvswitch-switch.service
|
|
||||||
Requires=network.target
|
Requires=network.target
|
||||||
Requires=openvswitch-switch.service
|
Wants=ovn-northd.service
|
||||||
Requires=ovn-northd.service
|
|
||||||
# Facilitate spread placement of the DBs if someone should choose to do that
|
# Facilitate spread placement of the DBs if someone should choose to do that
|
||||||
Wants=ovn-nb-ovsdb.service
|
Wants=ovn-nb-ovsdb.service
|
||||||
Wants=ovn-sb-ovsdb.service
|
Wants=ovn-sb-ovsdb.service
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
###############################################################################
|
###############################################################################
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Open vSwitch database server for OVN Northbound database
|
Description=Open vSwitch database server for OVN Northbound database
|
||||||
After=network.target openvswitch-switch.service
|
After=network.target
|
||||||
PartOf=ovn-central.service
|
PartOf=ovn-central.service
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
|
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
###############################################################################
|
###############################################################################
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Open vSwitch database server for OVN Southbound database
|
Description=Open vSwitch database server for OVN Southbound database
|
||||||
After=network.target openvswitch-switch.service
|
After=network.target
|
||||||
PartOf=ovn-central.service
|
PartOf=ovn-central.service
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
|
|
||||||
|
|
|
@ -65,12 +65,14 @@ class TestOVNCentralCharm(Helper):
|
||||||
self.patch_target('configure_source')
|
self.patch_target('configure_source')
|
||||||
self.target.install()
|
self.target.install()
|
||||||
calls = []
|
calls = []
|
||||||
for service in self.target.services:
|
for service in ('openvswitch-switch', 'ovs-vswitchd', 'ovsdb-server',
|
||||||
|
self.target.services[0],):
|
||||||
calls.append(
|
calls.append(
|
||||||
mock.call('/etc/systemd/system/{}.service'.format(service)))
|
mock.call('/etc/systemd/system/{}.service'.format(service)))
|
||||||
self.islink.assert_has_calls(calls)
|
self.islink.assert_has_calls(calls)
|
||||||
calls = []
|
calls = []
|
||||||
for service in self.target.services:
|
for service in ('openvswitch-switch', 'ovs-vswitchd', 'ovsdb-server',
|
||||||
|
self.target.services[0],):
|
||||||
calls.append(
|
calls.append(
|
||||||
mock.call('/dev/null',
|
mock.call('/dev/null',
|
||||||
'/etc/systemd/system/{}.service'.format(service)))
|
'/etc/systemd/system/{}.service'.format(service)))
|
||||||
|
@ -161,11 +163,6 @@ class TestOVNCentralCharm(Helper):
|
||||||
'fakekey',
|
'fakekey',
|
||||||
cn='host')
|
cn='host')
|
||||||
self.target.run.assert_has_calls([
|
self.target.run.assert_has_calls([
|
||||||
mock.call('ovs-vsctl',
|
|
||||||
'set-ssl',
|
|
||||||
'/etc/openvswitch/key_host',
|
|
||||||
'/etc/openvswitch/cert_host',
|
|
||||||
'/etc/openvswitch/ovn-central.crt'),
|
|
||||||
mock.call('ovn-nbctl',
|
mock.call('ovn-nbctl',
|
||||||
'set-connection',
|
'set-connection',
|
||||||
'pssl:6641'),
|
'pssl:6641'),
|
||||||
|
@ -178,28 +175,3 @@ class TestOVNCentralCharm(Helper):
|
||||||
'add', 'SB_Global', '.', 'connections',
|
'add', 'SB_Global', '.', 'connections',
|
||||||
'@connection'),
|
'@connection'),
|
||||||
])
|
])
|
||||||
self.is_flag_set.side_effect = [False, True]
|
|
||||||
self.target.run.reset_mock()
|
|
||||||
self.target.configure_tls()
|
|
||||||
self.target.run.assert_has_calls([
|
|
||||||
mock.call('ovs-vsctl',
|
|
||||||
'set-ssl',
|
|
||||||
'/etc/openvswitch/key_host',
|
|
||||||
'/etc/openvswitch/cert_host',
|
|
||||||
'/etc/openvswitch/ovn-central.crt'),
|
|
||||||
])
|
|
||||||
|
|
||||||
def test_configure_ovn_remote(self):
|
|
||||||
self.patch_target('run')
|
|
||||||
ovsdb_interface = mock.MagicMock()
|
|
||||||
ovsdb_interface.db_sb_connection_strs = \
|
|
||||||
mock.PropertyMock().return_value = [
|
|
||||||
'ssl:a.b.c.d:6642',
|
|
||||||
'ssl:a.b.c.d:6642',
|
|
||||||
'ssl:a.b.c.d:6642',
|
|
||||||
]
|
|
||||||
self.target.configure_ovn_remote(ovsdb_interface)
|
|
||||||
self.run.assert_called_once_with(
|
|
||||||
'ovs-vsctl', 'set', 'open', '.',
|
|
||||||
'external-ids:ovn-remote='
|
|
||||||
'ssl:a.b.c.d:6642,ssl:a.b.c.d:6642,ssl:a.b.c.d:6642')
|
|
||||||
|
|
Loading…
Reference in New Issue