* Add new config parameter reserved-host-memory-mb-for-sev
that updates snap config sev.reserved-host-memory-mb
* Add an action list-flavors to list the host flavors/
capabilities
Change-Id: I2500d1dafc0bb77dafa8a681daf833f7d1f76211
When the openstack-hypervisor snap fails to install, then set
the unit status to error instead of blocked.
Closes-Bug: #2065944.
Change-Id: I0b3817c8e8321e5bfd8eaabe63646c9cd48cdf36
Add management actions to hypervisor charm to allow enabling / disabling
the compute service, and get a list of running guests on that
hypervisor.
Change-Id: Ibea004be22462aff5a4d64704c67970af1b038d1
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
Add action to list-nics on the hypervisor. This is used to gather
candidate for the external network nic.
Change-Id: Ife70804d035a900d5fe95059b26d3006860506da
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
* Add new interface service-ready to check for service
readiness of remote application.
* Create a placeholder charm sunbeam-libs to place all
the common libraries. The charm and the libraries need
not be published to charmhub since at this point of time
they are used internally by sunbeam.
* Add provider to service-ready in masakari-k8s
* Add requirer to service-ready in openstack-hypervisor
and enable/disable snap option masakari.enable based on
service-ready relation.
Change-Id: I99feccee2c871fc5a581fdea6f45a541efc2a968
Qemu blockdev-add command is unhappy when the hostname is not part of
the sAN in the certificates (even if it's already in the CN). Add
hostname to certificate's subject alternative names.
If there is a migration address, it will be the prefered one for qemu
migration, therefore also include hostname exposed on this address.
Change-Id: I7a1f0e9e0a21f8dbc4bab94acec4f1c5b445a054
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
Charmcraft 3 moves towards a single charmcraft.yaml, this is needed for
24.04 migration.
Change-Id: I743712752aaf37bf68730b64bd6c147dfad370e2
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
This change refactors tls-certificates relation handler.
List of changes:
- Allow management of multiple tls certificates on the same relation
- Allow easier override of certificate signing request (csr)
- Enable certificate renewal on expiration / revokation
- Upgrade tls-certificates relation from v1 to v3
Change-Id: I4f6ac6a5570635388cc10131b34fbc6b422e1bca
Signed-off-by: Guillaume Boutry <guillaume.boutry@canonical.com>
Drop configuration of external-gateway property via charm configuration
as its actually determined by whether the unit as an external nic or if
the unit is configured in local only mode, with an IP address on the OVS
bridge.
Related-Bug: #2067623
Change-Id: I31e8a95b831911560c1fc761b1b107b188544fb5
Add dns-domain config option in neutron-k8s to allow building instances
within an internal domain.
Always enable extension dns_domain_ports.
Remove config option from openstack-hypervisor, as it is not the right
place.
Change-Id: I876269ba1b575ad108dc8c9defcc32dcf6044ba3
snap-openstack-hypervisor config key for spice proxy
url is spice-proxy-url. So change the key set in
openstack-hypervisor charm to spice-proxy-url. Update
the lib nova-service to have same name in relation
data for consistency.
Fix spiceproxy url to include spice_auto.html
Change-Id: I8606519a3266d0105dc1afd7ed2a06fceef87dbe
lib changes
Add new library nova_service to exchange config
information like nova spice proxy url.
ops-sunbeam changes
Move TraefikRouteHandler from heat-k8s to
ops_sunbeam to reuse in nova-k8s charm as well.
Add nova-service requires handler
nova-k8s changes
Add new container in nova-k8s for nova spice proxy
Add the corresponding pebble handler with plan to
start nova spice proxy process
Change the ingress relation to use traefik-route so
that both nova-api and nova-spiceproxy applications
are exposed via traefik
Add new interface nova-service to provide nova
spiceproxy url to client openstack-hypervisor.
Add nova-service provider handler
openstack-hypervisor changes:
Add interace nova-service in requires section of
metadata.yaml
Handle nova-service requires and update snap config
Change-Id: I27dd6523628e492bef1d1dd851dc528e41c520c7
'mock' is built in to python as unittest.mock since python 3.3.
The mock package on pypi is a backport, and not required here.
The test code throughout this repo used a mix of unittest.mock and
the mock package. This makes it consistently unittest.mock now,
and makes the import styles consistent too.
Change-Id: I643247ac4061c095b327a73cba75a1fa67f1c32e
Add receive-ca-cert relation.
Update the CA bundle to snap config ca.bundle
Update nova configuration.
Change-Id: I7008d6525f38d1b6f2f74782f8488b3a95b43efb
Don't provide an explicit value to virt-type to the snap, ensuring
that the code in the snap that falls back to userspace emulation
kicks in when KVM is not possible.
Change-Id: If4a21febf4b37d8a09da9448736d8bc84c4d4dda
Configure TLS certificates with the right extensions to be used in an
mTLS environment. (Used by Libvirt and QEMU for native TLS migration).
Ask for new TLS certificate if it's missing the mTLS clientAuth and
serverAuth extended key usages.
Libvirt/QEMU fail to read CA certificate with chain, therefore it's
templated without the chain.
Add extra binding `migration`.
Add extra configuration key `use-migration-binding`. It's false by
default, since on current sunbeam installation, there's no space
configuration, all ip addresses are part of the alpha space. Which makes
selecting the right ip address impossible.
Change-Id: Ia0622b12bcac6b90d7a9937695947c113f62d7fe
* Add sunbeam project template to run pep8, py3 tests
* Add zuul.d/zuul.yaml to run pep8, py3, cover tests
* Update charmcraft and requirements for each charm
* Add global tox.ini to invoke fmt, pep8, py3, cover,
build
* Add gitreview file
* Fix py3 test failures in ciner-ceph-k8s, glance-k8s,
openstack-exporter
* Add jobs for charm builds using files option so that
job is invoked if files within the component are
modified. Add charm builds to both check and gate
pipeline.
* Make function tests as part of global. Split the function
tests into core, ceph, caas, misc mainly to accomodate
function tests to run on 8GB. Add function tests as
part of check pipeline.
* Add zuul job to publish charms in promote pipeline
Add charmhub token as secret that can be used to
publish charms.
Note: Charmhub token is generated with ttl of 90 days.
* Run tox formatting
* Make .gitignore, .jujuignore, .stestr.conf global and
remove the files from all charms.
* Make libs and templates global. Split libs to internal
and external so that internal libs can adhere to
sunbeam formatting styles.
* Add script to copy common files necessary libs, config
templates, stestr conf, jujuignore during py3 tests
and charm builds.
* Tests for keystone-ldap-k8s are commented due to
intermittent bug LP#2045206
Change-Id: I804ca64182c109d16bd820ac00f129aa6dcf4496
Implement stop-services function for the charm.
For relations amqp, ovsdb-cms, reset the
corresponding snap data.
Add mandatory_relations to openstack-hypervisor
charm.
Depends-On: https://review.opendev.org/c/openstack/charm-ops-sunbeam/+/899012
Change-Id: Ie6a735d4cad281c080e47208cf87f34e50d00fd1
Implement ceilometer-service requires part of the relation.
Configure snap-openstack-hypervsor config parameters
telemetry.enable and telemetry.publisher-secret when the
relation is joined/changed.
Configure telemetry.enable to False when ceilometer-service
relation is removed.
Change-Id: I168348aba340db3ec2f63b69acef439906542e63
Currently, setting boolean config with `Snap.set` will result in setting
the snap config to a string of `true` or `false`, and the openstack
hypervisor snap will read those configs as string as well. This makes
the condition checking in openstack-hypervisor snap behaves incorrectly
[1]. This PR is to update the snap library will proper typing support.
- Update snap library
- Fix the data types used in `Snap.set()`
[1] https://github.com/openstack-snaps/snap-openstack-hypervisor/blob/main/openstack_hypervisor/hooks.py#L740
Closes-Bug: #2033272
Change-Id: I7bec4599b23500aaad9e008fce648793c104b642
In some cases, the netifaces does not properly detect the default
gateway for the node and returns an empty dict. However, there is
a default gateway actually set. This adds a fallback path to parse
the contents of the /proc/net/route table and determine which
interface to use based on which flags are set on the routes.
Closes-Bug: #2030497
Change-Id: I1cf358ad42f0cec4733e3afc9b60f5ddfade2bfe
As documented in [1] service tokens are useful to prevent issues
with long running services or with requests that take a long time
to finish where the user token can expire in the middle of an operation.
[1] https://docs.openstack.org/cinder/latest/configuration/block-storage/service-token.html
Depends-On: I15682c66d252d506e8f1c9b8de818bc19b1af973
Change-Id: I4d906132876a3efe4bd1154ad2c58a3bc635febe
Add optimisations to only install snap if it is absent and to
only update snap settings if they have changed.
Depends-On: If8086efcf7df4dcbe02be7454578dbbfb2d7945a
Change-Id: Icf2e9834cca6330eec92239aa5a5b76503c7c0f1
