1888 Commits

Author SHA1 Message Date
Zuul
97e82b6cec Merge "[openstack-hypervisor] Add support for sev" into main 2025-02-25 09:00:58 +00:00
Zuul
51dde7f84a Merge "[c-v-c] add to gate job" into main 2025-02-25 08:29:27 +00:00
Hemanth Nakkina
d65c121ee5
[openstack-hypervisor] Add support for sev
* Add new config parameter reserved-host-memory-mb-for-sev
that updates snap config sev.reserved-host-memory-mb
* Add an action list-flavors to list the host flavors/
capabilities

Change-Id: I2500d1dafc0bb77dafa8a681daf833f7d1f76211
2025-02-25 13:49:14 +05:30
Zuul
be409b3ef7 Merge "Rebuild gnocchi-k8s charm" into main 2025-02-25 07:13:56 +00:00
Zuul
53c36b763b Merge "Fix regex in zuul jobs" into main 2025-02-25 07:06:18 +00:00
Hemanth Nakkina
8d7f995125
Rebuild gnocchi-k8s charm
Publish job for gnocchi-k8s failed for
https://review.opendev.org/c/openstack/sunbeam-charms/+/942564

Rebuild the gnocchi-k8s charm to pick latest
changes of ops-sunbeam and publish the charm

Change-Id: I02baa51a7df7e01fdcbf81b87e9a9c9fd500eacd
2025-02-25 06:48:38 +05:30
Zuul
d8e75e5cbc Merge "[ops-sunbeam] Allow post-init to throw status exceptions" into main 2025-02-25 00:50:04 +00:00
Hemanth Nakkina
969f1ed076
Fix regex in zuul jobs
Zuul jobs are triggered based on the files
modified. However the regex for the files
used * at the end instead of .*
Since the regex is match, we can ignore *
at the end for detecting changes in directories.

Change-Id: Ie8e50d35b4c825d339341e2fbb14ee31f7b3e920
2025-02-25 06:05:31 +05:30
Guillaume Boutry
e7b65a1075
[c-v-c] add to gate job
Add cinder-volume-ceph to gate job, allowing for the charm to be
promoted.

Change-Id: I7252ad851855f3e1879f720a61936e5a962cda07
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-24 16:01:43 +01:00
Guillaume Boutry
93eabbfa72
Implement cinder-volume as a snap
This change includes cinder-volume and cinder-volume-ceph to manager the
cinder-volume service as snap that can be configured over multiple
backends.

Change-Id: Id520fc95710c8516aed5eae08cb20c8e54808cc7
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-24 13:22:53 +01:00
Guillaume Boutry
99e69fdc9d
[ops-sunbeam] Allow post-init to throw status exceptions
When the setup of relation handlers throws an ops sunbeam status
exception, the charm is put to error while this is a supported patterns
for developping charms. The reason is that the exception is not thrown
from within a guard. But it is reasonable, for example, for
`OSBaseOperatorAPICharm.internal_url` to raise a WaitingExceptionError
instead of returning None.

Change-Id: Ide137421308733784b6aca7e247eb3e13485d2ff
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-24 11:18:39 +01:00
Guillaume Boutry
4d4b4a41b0
[ops-sunbeam] Ensure external connectivity for machine charms
Machine charms need external connectivity to access services hosted on a
K8S substrate.

Ensure rabbitmq / ovn relay are access remotely for machine charms.

Closes-Bug: #2098974
Change-Id: Ifadb196dd6d60e33feab7dc0d835a7ea84444b9e
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-21 17:39:48 +01:00
Guillaume Boutry
cb27776b43
[ops-sunbeam] Move handlers setup in post_init
Because handler setup was performed in __init__, this made using
attributes defined in constructor impossible to use in the setup
methods except by ensuring right order in object init. This, in
turn, added a lot of overhead.
Methods of an object should be able to use attributes defined in
the object constructor.

Move handler setup in __post_init__ hooks, called after object
initialiazation.
Remove constructors only calling super() constructor.
Re-order attribute definition to be called after super()
constructor.

Change-Id: Ieb9d23b1e4764e2c0e894c932b7584b5b7c38258
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-21 13:30:22 +01:00
Guillaume Boutry
2cc6bdfad6
Manage apache2 process directly
Apache2 supports the signal USR1 to restart all its children and reload
configuration.
Apache2ctl cannot receive USR1 signal directly to this effect, therefore
manage the apache2 directly, configuring all the environment variables
from apache2ctl.

Closes-Bug: #2097259
Change-Id: I55741645b09d5de0f25970b16e4d5fdfa3c58a9d
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-13 17:53:39 +01:00
Guillaume Boutry
fba9eac56a
[gnocchi-k8s] Configure containers instead of init
Because init_container_services was not replaced with
configure_containers, gnocchi tried to bootstrap its database before
ceph was configured.

Change-Id: I55dc6b92dbc61ff8744d18f5f27b3dc4b836f7c2
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-12 12:18:42 +01:00
Hemanth Nakkina
c303cd6fb1
[openstack-images-sync] Add custom property
To use AMD SEV capability, the image should have the
following property hw_firmware_type=uefi.
Set this property on all the images that are getting
synced from images-sync.

Change-Id: Ib096b61ac7f021898dd555922278606d6ec42839
2025-02-11 11:36:26 +05:30
Guillaume Boutry
93b6184174
[ops-sunbeam] Run DB Sync before starting services
All services needing to run DB Sync actually need the database to be
populated before they start. Starting the services before the database
lead to a lot of error logs misleading on root case.

Modify configure_unit lifecycle to make db sync run first.

Change-Id: I6da0483aba0b0547c84946d540b362c3e5a46d82
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-10 11:11:27 +01:00
Guillaume Boutry
d19b2f0451 [keystone-k8s] Run configure_charm before updating endpoints
In some cases, the wsgi-keystone process can be downed but the unit
considered bootstrap, run configure_charm first instead of last, to
ensure the unit is properly configured, and update endpoints.

Change-Id: Ib51944597d61023d0276556043a75b49dc0acb03
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-06 09:36:39 +00:00
Zuul
6ccb712624 Merge "Remove deprecated kubernetes_service_patch library" into main 2025-02-06 09:17:14 +00:00
Hemanth Nakkina
27b06dbb54
Remove deprecated kubernetes_service_patch library
Remove deprecated kubernetes_service_patch library.
Add new class in ops_sunbeam to manage new kubernetes
service of type LoadBalancer.
The service name should be <app_name>-lb.
Use the class in ovn-relay-k8s and designate-bind-k8s
to create new service of type LoadBalancer.
Update open ports in default service definition for
ovn-relay-k8s and designate-bind-k8s.

Remove library kubernetes_service_patch from external
libs and remove any references.

Change-Id: Ic62af0aeaf9f5502d5d7792ed0b182b9a83c2b72
2025-02-06 05:41:46 +05:30
Zuul
eb8e1fbdbc Merge "[ops-sunbeam] Update status on pebble checks" into main 2025-02-05 16:41:13 +00:00
Guillaume Boutry
741c95758b
[ops-sunbeam] Update status on pebble checks
Pebble will raise either a <container>-pebble-check-failed when the
healthchecks fail <threshold> times, and a recovered when it succeeds
after a failed event. Update container status.

Change-Id: I0219e06d6cc89cda53e12c50f6e7f0e413ad4725
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-05 15:22:44 +01:00
Guillaume Boutry
b518015c8b
[ops-sunbeam] Log db sync errors extensively
On exec errors, stdout / stderr __str__ get truncated up to 1024 characters,
which is often not enough to get the full error.

Also, log task failure when and timeout errors.

Change-Id: I8d09352a51b00b5bf94ee97ba1a1d835b8ccd487
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-05 11:03:07 +01:00
Hemanth Nakkina
f218d87642
[nova-k8s/placement-k8s] Add placement interface
nova-scheduler errors out if placement service is
not available even if the container healthchecks
shows active. Add placement integration in nova-k8s
to ensure placement is defined in the bundle/tf plan

Add ServiceReadinessProviderHandler in placement-k8s
and corresponding RequiresHandler in nova-k8s.

Fixes: #2097327
Change-Id: Ica072b98c4668c6248702ca680b2885c4d542e23
2025-02-04 12:15:02 +05:30
Hemanth Nakkina
e07819a9d9
Derive mandatory relations from charmcraft.yaml
Currently each charm defines in the code all the
mandatory relations. Instead populate the mandatory
relations from chamrcraft.yaml requires relations
with optional as False.
Charm can define mandatory relations that are not
derived from requires relations and they will be
appended to the list of mandatory_relations.
Barbican and ovn-central charms follows this pattern.

Change-Id: Iff45fca33dc954593ded52b97e905431b6a7bb53
2025-02-03 15:23:59 +05:30
Guillaume Boutry
56c35f5988 [keystone-k8s] Do not emit ready when permission issues on secret
On model destroy, the secret permissions are revoked, do not emit ready
event.

Change-Id: I2abf871ad4e0dafe166646703ca508c21a694941
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-02-03 08:03:32 +00:00
Zuul
c1c14aee1e Merge "[*-k8s] Test all sunbeam charms in a single job" into main 2025-02-03 08:02:14 +00:00
Guillaume Boutry
b27cdc3951
[*-k8s] Test all sunbeam charms in a single job
Disable magnum-k8s, as it currently is non-functional.
Override wait_for_all_endpoints, detailing which service returns which
error code.

Disable watcher-k8s, as it is flaky at the moment.

Change-Id: I5ff28f039292bbf91fe9ec3f893017d19f3cd078
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2025-01-31 17:45:49 +01:00
Hemanth Nakkina
bf0bdbcc60
Update charmhub token
Regenerate charmhub token as the old one is expired.

Change-Id: Ib36e88c9cfd0e83a7c374185035433c07e90d727
2025-01-28 14:01:21 +05:30
Ahmad Hassan
b3387c4ff1 [openstack-hypervisor] error out on snap installation failure
When the openstack-hypervisor snap fails to install, then set
the unit status to error instead of blocked.

Closes-Bug: #2065944.

Change-Id: I0b3817c8e8321e5bfd8eaabe63646c9cd48cdf36
2025-01-28 11:21:39 +05:00
Hemanth Nakkina
03000df1de
[ci] bump k8s channel to 1.32-classic/stable
Bump k8s channel to 1.32-classic/stable

Change-Id: I9b9faf4ade277ac1759626bc84a51af341a6d881
2025-01-06 13:07:27 +05:30
Chi Wai Chan
2717720cac
Pin croniter to 5.0.1
This is an workaround for fixing the unit test. Also note that coniter
project may be discontinued soon [1], and we should find an alternative.

[1]: https: //github.com/corpusops/croniter/issues/144

Change-Id: I5fac71bc194af0d0e0d3173693dda959cb13ec4e
2025-01-06 13:53:19 +08:00
Zuul
4296ec9d19 Merge "[keystone-k8s] fix list-ca-certs action result" into main 2024-12-13 16:50:36 +00:00
Guillaume Boutry
a69380677d
Reduce default ceph pool weight to 20
Enabling the 3 charms would require a 120% of capacity which cannot
work. Ask a less initial size, and let ceph autoscale PGs when needed.

Change-Id: Ica115806caf243ba70836d09ee273fbc651120a7
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2024-12-13 12:39:53 +01:00
Hemanth Nakkina
41399f501e
[keystone-k8s] fix list-ca-certs action result
list-ca-certs action considers part of name as
dictionary key if name contains '.'. This is due
to ops flattening the event result [1].
Replace '.' with '-'

Closes-Bug: #2091691

[1] e573f8f39c/ops/charm.py (L170)

Change-Id: I7f4d22bc978c606496c25187f4892dc47f6472ad
2024-12-13 16:36:15 +05:30
Zuul
8fcfaf96b4 Merge "[glance-k8s] change defaults for image-size-cap" into main 2024-12-10 07:24:22 +00:00
Chi Wai Chan
ed96973390 Add "flavor" label to uniquely identify metrics
Sometime during instance resizing, nova will create a new instance on
different host with the same uuid and instance name, and this will cause
some query failed on "many-to-many matching not allowed: matching labels
must be unique on one side". Adding extra "flavor" label might help
resolving the uniqueness of metrics during resizing.

See issue: https://github.com/canonical/openstack-exporter-operator/issues/120

Change-Id: I49dcd22c90dacb52952461f37a043b48912d5e01
2024-12-10 05:46:43 +00:00
Hemanth Nakkina
e39d95f459
[glance-k8s] change defaults for image-size-cap
Change default value for image-size-cap with 30G
for ceph based storage and 1G for local storage.

Change-Id: I784f8bfd31a856d822490ab285a165e75992ff83
2024-12-10 05:10:10 +05:30
Zuul
c802e94024 Merge "Make ingress-internal mandatory relation" into main 2024-12-09 16:49:40 +00:00
Hemanth Nakkina
43119913d6
Make ingress-internal mandatory relation
* Make ingress-internal relation mandatory for
charms instead of ingress-public
* If ingress-public is not integrated, default
public endpoint to internal endpoint

Change-Id: Ibbc600b3dd53655f2160394d4717b75e14d63cf8
2024-12-09 18:43:30 +05:30
Zuul
3aacfeef5b Merge "[cinder-ceph-k8s] Disable image conversion" into main 2024-12-09 12:47:38 +00:00
Zuul
5b10275c95 Merge "Upgrade to 24.04 machines charms" into main 2024-12-09 10:35:14 +00:00
Guillaume Boutry
79410a7186
[cinder-ceph-k8s] Disable image conversion
Since CVE-2024-32498, cinder-volume is using qemu-img behind
privsephelpers which need capabilities you don't get in a default k8s
security context. This turns into an error about privsephelper not being
authorized to create security sandbox.

Disabling that feature will prevent the use of qemu-img, and explicity
allows creating a volume from image and booting from volume operations only for RAW
images.

Related-Bug: #2091269
Change-Id: Ie032b275a1966dac2383c6af0fba4ddfe13e0bbc
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2024-12-09 10:23:22 +01:00
Guillaume Boutry
030cb78792
Upgrade to 24.04 machines charms
Move machine charms base to 24.04.

Change-Id: I63dec29520c195886a9faaa8cbf5b448255907a0
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2024-12-09 10:20:02 +01:00
Guillaume Boutry
dd24355383
[nova-k8s] Update spice-proxy-url on all relations
When traefik-route relation is updated, the library did not update the
right config (when targeting all relations).

When a relation is present in the event, is updates the right config.

Fix: LP#2090943

Change-Id: I362071cad61838fdbd8f5f0b39936696058a25ba
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
2024-12-03 17:52:44 +01:00
Hemanth Nakkina
5c21c23de8
[ci] Add loadbalancer annotations as part of setup
During restarts, the k8s services of type loadbalancer
can get diferent IPs and the integration tests tries to
communicate with older IPs.
Add a step after deploying the bundle to add loadbalancer
annotations to services of type loadbalancer so that
IPs persist during restart of pods.

Pin httpx version in tox.ini due to bug [1] in lightkube

[1] https://github.com/gtsystem/lightkube/issues/78

Change-Id: I013ec1c1e9dbac3ae86c57abcd9d87a3b99f6e82
2024-12-02 21:43:37 +05:30
Hemanth Nakkina
45e7919a98
[glance-k8s] set image-size-cap default to 1G
Set image-size-cap default to 1G as defaults for
glance-repository storage is 1G

Change-Id: I55f991a49195b106512de80a2b471809cb4fd9d2
2024-11-30 08:45:06 +05:30
Zuul
8b8a697c2f Merge "[glance-k8s] set minimum storage size to defaults" into main 2024-11-29 10:52:50 +00:00
Hemanth Nakkina
d51938f4ce
[glance-k8s] set minimum storage size to defaults
Set minimum storage size for glance-k8s glance image
repository to defaults which is 1G

Change-Id: I56642ff4314fc07648e74bf6b5daa39cba7f3471
2024-11-29 15:16:31 +05:30
Zuul
0ae9e92b6d Merge "Add dashboard for troubleshooting." into main 2024-11-29 08:58:16 +00:00