x
/
charm-ovn-central
Code Issues Proposed changes
Juju Charm - Open Virtual Network - Central components
68 Commits 17 Branches 0 Tags 12 MiB
Python 99.8%
Shell 0.2%
Go to file
Aurelien Lourot 8c7621ae5c Sync release-tools 
In order to fix ResolutionImpossible on tox invocation.

https://github.com/openstack-charmers/release-tools/issues/151
https://github.com/openstack-charmers/release-tools/pull/152

Change-Id: I7babf45a06bd2035313242d7f313cf064bd855fa
 		2021-07-22 14:59:51 +02:00
src Sync release-tools 2021-07-22 14:59:51 +02:00
unit_tests Implementation of deferred restarts 2021-04-14 10:24:43 +00:00
.gitignore Initial commit of charm skeleton 2019-08-21 11:02:42 +02:00
.gitreview Add gerrit and zuul bits 2019-10-18 13:03:57 +02:00
.stestr.conf Initial commit of charm skeleton 2019-08-21 11:02:42 +02:00
.travis.yml Fix remote clustering after moving local addr code to interface 2019-10-11 13:58:59 +02:00
.zuul.yaml Add gerrit and zuul bits 2019-10-18 13:03:57 +02:00
LICENSE Initial commit of charm skeleton 2019-08-21 11:02:42 +02:00
README.md Fix DB connection configuration for ``ovn-northd`` 2019-10-25 09:52:05 +02:00
osci.yaml Test bundles for focal-wallaby and hirsute-wallaby 2021-05-20 18:30:29 +02:00
rebuild rebuild - restore c-h proxy env vars for add-apt-repository 2021-05-13 09:12:40 -04:00
requirements.txt Sync release-tools 2021-07-22 14:59:51 +02:00
test-requirements.txt Sync release-tools 2021-07-22 14:59:51 +02:00
tox.ini Sync release-tools 2021-07-22 14:59:51 +02:00

README.md

Overview

The ovn-central charm provides the Northbound and Southbound OVSDB Databases and the Open Virtual Network (OVN) central control daemon (ovn-northd). It is used in conjunction with either the ovn-chassis subordinate charm or the ovn-dedicated-chassis principle charm.

Note: The OVN charms are supported starting with OpenStack Train.

Usage

The OpenStack Base bundle gives an example of how you can deploy OpenStack and OVN with Vault to automate certificate lifecycle management.

OVN makes use of Public Key Infrastructure (PKI) to authenticate and authorize control plane communication. The charm therefore requires a Certificate Authority to be present in the model as represented by the certificates relation.

Refer to Open Virtual Network (OVN) in the OpenStack Charms Deployment Guide for details, including deployment steps.

Note: The ovn-central charm requires a minimum of three units to operate.

Network spaces

This charm supports the use of Juju network spaces.

By binding the ovsdb, ovsdb-cms and ovsdb-peer endpoints you can influence which interface will be used for communication with consumers of the Southbound DB, Cloud Management Systems (CMS) and cluster internal communication.

juju deploy -n 3 --series focal \
    --bind "''=oam-space ovsdb=data-space" \
    ovn-central

OVN RBAC and securing the OVN services

The charm enables RBAC in the OVN Southbound database by default. The RBAC feature enforces authorization of individual chassis connecting to the database, and also restricts database operations.

In the event of an individual chassis being compromised, RBAC will make it more difficult to leverage database access for compromising other parts of the network.

Note: Due to how RBAC is implemented in ovsdb-server the charm opens up a separate listener at port 16642 for connections from ovn-northd.

The charm automatically enables the firewall and will allow traffic from its cluster peers to port 6641, 6643, 6644 and 16642. CMS clients will be allowed to talk to port 6641.

Anyone will be allowed to connect to port 6642.

Bugs

Please report bugs on Launchpad.

For general questions please refer to the OpenStack Charm Guide.