* Add new config parameter reserved-host-memory-mb-for-sev
that updates snap config sev.reserved-host-memory-mb
* Add an action list-flavors to list the host flavors/
capabilities
Change-Id: I2500d1dafc0bb77dafa8a681daf833f7d1f76211
Zuul jobs are triggered based on the files
modified. However the regex for the files
used * at the end instead of .*
Since the regex is match, we can ignore *
at the end for detecting changes in directories.
Change-Id: Ie8e50d35b4c825d339341e2fbb14ee31f7b3e920
Add cinder-volume-ceph to gate job, allowing for the charm to be
promoted.
Change-Id: I7252ad851855f3e1879f720a61936e5a962cda07
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
This change includes cinder-volume and cinder-volume-ceph to manager the
cinder-volume service as snap that can be configured over multiple
backends.
Change-Id: Id520fc95710c8516aed5eae08cb20c8e54808cc7
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
When the setup of relation handlers throws an ops sunbeam status
exception, the charm is put to error while this is a supported patterns
for developping charms. The reason is that the exception is not thrown
from within a guard. But it is reasonable, for example, for
`OSBaseOperatorAPICharm.internal_url` to raise a WaitingExceptionError
instead of returning None.
Change-Id: Ide137421308733784b6aca7e247eb3e13485d2ff
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
Because handler setup was performed in __init__, this made using
attributes defined in constructor impossible to use in the setup
methods except by ensuring right order in object init. This, in
turn, added a lot of overhead.
Methods of an object should be able to use attributes defined in
the object constructor.
Move handler setup in __post_init__ hooks, called after object
initialiazation.
Remove constructors only calling super() constructor.
Re-order attribute definition to be called after super()
constructor.
Change-Id: Ieb9d23b1e4764e2c0e894c932b7584b5b7c38258
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
Apache2 supports the signal USR1 to restart all its children and reload
configuration.
Apache2ctl cannot receive USR1 signal directly to this effect, therefore
manage the apache2 directly, configuring all the environment variables
from apache2ctl.
Closes-Bug: #2097259
Change-Id: I55741645b09d5de0f25970b16e4d5fdfa3c58a9d
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
Because init_container_services was not replaced with
configure_containers, gnocchi tried to bootstrap its database before
ceph was configured.
Change-Id: I55dc6b92dbc61ff8744d18f5f27b3dc4b836f7c2
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
To use AMD SEV capability, the image should have the
following property hw_firmware_type=uefi.
Set this property on all the images that are getting
synced from images-sync.
Change-Id: Ib096b61ac7f021898dd555922278606d6ec42839
All services needing to run DB Sync actually need the database to be
populated before they start. Starting the services before the database
lead to a lot of error logs misleading on root case.
Modify configure_unit lifecycle to make db sync run first.
Change-Id: I6da0483aba0b0547c84946d540b362c3e5a46d82
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
In some cases, the wsgi-keystone process can be downed but the unit
considered bootstrap, run configure_charm first instead of last, to
ensure the unit is properly configured, and update endpoints.
Change-Id: Ib51944597d61023d0276556043a75b49dc0acb03
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
Remove deprecated kubernetes_service_patch library.
Add new class in ops_sunbeam to manage new kubernetes
service of type LoadBalancer.
The service name should be <app_name>-lb.
Use the class in ovn-relay-k8s and designate-bind-k8s
to create new service of type LoadBalancer.
Update open ports in default service definition for
ovn-relay-k8s and designate-bind-k8s.
Remove library kubernetes_service_patch from external
libs and remove any references.
Change-Id: Ic62af0aeaf9f5502d5d7792ed0b182b9a83c2b72
Pebble will raise either a <container>-pebble-check-failed when the
healthchecks fail <threshold> times, and a recovered when it succeeds
after a failed event. Update container status.
Change-Id: I0219e06d6cc89cda53e12c50f6e7f0e413ad4725
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
On exec errors, stdout / stderr __str__ get truncated up to 1024 characters,
which is often not enough to get the full error.
Also, log task failure when and timeout errors.
Change-Id: I8d09352a51b00b5bf94ee97ba1a1d835b8ccd487
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
nova-scheduler errors out if placement service is
not available even if the container healthchecks
shows active. Add placement integration in nova-k8s
to ensure placement is defined in the bundle/tf plan
Add ServiceReadinessProviderHandler in placement-k8s
and corresponding RequiresHandler in nova-k8s.
Fixes: #2097327
Change-Id: Ica072b98c4668c6248702ca680b2885c4d542e23
Currently each charm defines in the code all the
mandatory relations. Instead populate the mandatory
relations from chamrcraft.yaml requires relations
with optional as False.
Charm can define mandatory relations that are not
derived from requires relations and they will be
appended to the list of mandatory_relations.
Barbican and ovn-central charms follows this pattern.
Change-Id: Iff45fca33dc954593ded52b97e905431b6a7bb53
On model destroy, the secret permissions are revoked, do not emit ready
event.
Change-Id: I2abf871ad4e0dafe166646703ca508c21a694941
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
Disable magnum-k8s, as it currently is non-functional.
Override wait_for_all_endpoints, detailing which service returns which
error code.
Disable watcher-k8s, as it is flaky at the moment.
Change-Id: I5ff28f039292bbf91fe9ec3f893017d19f3cd078
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
When the openstack-hypervisor snap fails to install, then set
the unit status to error instead of blocked.
Closes-Bug: #2065944.
Change-Id: I0b3817c8e8321e5bfd8eaabe63646c9cd48cdf36
This is an workaround for fixing the unit test. Also note that coniter
project may be discontinued soon [1], and we should find an alternative.
[1]: https: //github.com/corpusops/croniter/issues/144
Change-Id: I5fac71bc194af0d0e0d3173693dda959cb13ec4e
Enabling the 3 charms would require a 120% of capacity which cannot
work. Ask a less initial size, and let ceph autoscale PGs when needed.
Change-Id: Ica115806caf243ba70836d09ee273fbc651120a7
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
list-ca-certs action considers part of name as
dictionary key if name contains '.'. This is due
to ops flattening the event result [1].
Replace '.' with '-'
Closes-Bug: #2091691
[1] e573f8f39c/ops/charm.py (L170)
Change-Id: I7f4d22bc978c606496c25187f4892dc47f6472ad
Sometime during instance resizing, nova will create a new instance on
different host with the same uuid and instance name, and this will cause
some query failed on "many-to-many matching not allowed: matching labels
must be unique on one side". Adding extra "flavor" label might help
resolving the uniqueness of metrics during resizing.
See issue: https://github.com/canonical/openstack-exporter-operator/issues/120
Change-Id: I49dcd22c90dacb52952461f37a043b48912d5e01
* Make ingress-internal relation mandatory for
charms instead of ingress-public
* If ingress-public is not integrated, default
public endpoint to internal endpoint
Change-Id: Ibbc600b3dd53655f2160394d4717b75e14d63cf8
Since CVE-2024-32498, cinder-volume is using qemu-img behind
privsephelpers which need capabilities you don't get in a default k8s
security context. This turns into an error about privsephelper not being
authorized to create security sandbox.
Disabling that feature will prevent the use of qemu-img, and explicity
allows creating a volume from image and booting from volume operations only for RAW
images.
Related-Bug: #2091269
Change-Id: Ie032b275a1966dac2383c6af0fba4ddfe13e0bbc
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
When traefik-route relation is updated, the library did not update the
right config (when targeting all relations).
When a relation is present in the event, is updates the right config.
Fix: LP#2090943
Change-Id: I362071cad61838fdbd8f5f0b39936696058a25ba
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
During restarts, the k8s services of type loadbalancer
can get diferent IPs and the integration tests tries to
communicate with older IPs.
Add a step after deploying the bundle to add loadbalancer
annotations to services of type loadbalancer so that
IPs persist during restart of pods.
Pin httpx version in tox.ini due to bug [1] in lightkube
[1] https://github.com/gtsystem/lightkube/issues/78
Change-Id: I013ec1c1e9dbac3ae86c57abcd9d87a3b99f6e82