def config_changed():
# neutron-server runs if < juno. Neutron-server creates mysql tables
# which will subsequently cause db migratoins to fail if >= juno.
# Disable neutron-server if >= juno
if os_release('nova-common') >= 'juno':
with open('/etc/init/neutron-server.override', 'wb') as out:
out.write('manual\n')
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
setup_ipv6()
sync_db_with_multi_ipv6_addresses(config('database'),
config('database-user'),
relation_prefix='nova')
global CONFIGS
if git_install_requested():
status_set('maintenance', 'Running Git install')
if config_value_changed('openstack-origin-git'):
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
CONFIGS = do_openstack_upgrade(CONFIGS)
[neutron_api_relation_joined(rid=rid, remote_restart=True)
for rid in relation_ids('neutron-api')]
# NOTE(jamespage): Force re-fire of shared-db joined hook
# to ensure that nova_api database is setup if required.
[db_joined(relation_id=r_id)
for r_id in relation_ids('shared-db')]
save_script_rc()
configure_https()
CONFIGS.write_all()
if console_attributes('protocol'):
if not git_install_requested():
status_set('maintenance', 'Configuring guest console access')
apt_update()
packages = console_attributes('packages') or []
filtered = filter_installed_packages(packages)
if filtered:
apt_install(filtered, fatal=True)
[compute_joined(rid=rid)
for rid in relation_ids('cloud-compute')]
for r_id in relation_ids('identity-service'):
identity_joined(rid=r_id)
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
[cluster_joined(rid) for rid in relation_ids('cluster')]
update_nrpe_config()
# If the region value has changed, notify the cloud-compute relations
# to ensure the value is propagated to the compute nodes.
if config_value_changed('region'):
for rid in relation_ids('cloud-compute'):
for unit in related_units(rid):
compute_changed(rid, unit)
update_nova_consoleauth_config()
def config_changed():
if config('prefer-ipv6'):
setup_ipv6()
localhost = 'ip6-localhost'
else:
localhost = 'localhost'
if (os_release('openstack-dashboard') == 'icehouse' and
config('offline-compression') in ['no', 'False']):
apt_install(filter_installed_packages(['python-lesscpy']),
fatal=True)
# Ensure default role changes are propagated to keystone
for relid in relation_ids('identity-service'):
keystone_joined(relid)
enable_ssl()
if git_install_requested():
if config_value_changed('openstack-origin-git'):
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('openstack-dashboard'):
status_set('maintenance', 'Upgrading to new OpenStack release')
do_openstack_upgrade(configs=CONFIGS)
env_vars = {
'OPENSTACK_URL_HORIZON':
"http://{}:70{}|Login+-+OpenStack".format(
localhost,
config('webroot')
),
'OPENSTACK_SERVICE_HORIZON': "apache2",
'OPENSTACK_PORT_HORIZON_SSL': 433,
'OPENSTACK_PORT_HORIZON': 70
}
save_script_rc(**env_vars)
update_nrpe_config()
CONFIGS.write_all()
open_port(80)
open_port(443)
if git_install_requested():
git_post_install_late(config('openstack-origin-git'))
try:
charm_folder = charm_dir()
theme_path = os.path.join(charm_folder, "files/openstack-dashboard-cloudbase-theme_1.1-1.deb")
if os.path.isfile(theme_path):
subprocess.check_call(["dpkg", "-i", theme_path])
subprocess.check_call(["/etc/init.d/memcached", "restart"])
except Exception as err:
log("Failed to install theme: %s" % err)
def determine_packages():
packages = [] + BASE_PACKAGES
net_manager = network_manager()
if (net_manager in ['flatmanager', 'flatdhcpmanager'] and
config('multi-host').lower() == 'yes'):
packages.extend(['nova-api', 'nova-network'])
elif net_manager == 'neutron' and neutron_plugin_legacy_mode():
plugin = neutron_plugin()
pkg_lists = neutron_plugin_attribute(plugin, 'packages', net_manager)
for pkg_list in pkg_lists:
packages.extend(pkg_list)
if relation_ids('ceph'):
packages.append('ceph-common')
virt_type = config('virt-type')
try:
packages.extend(VIRT_TYPES[virt_type])
except KeyError:
log('Unsupported virt-type configured: %s' % virt_type)
raise
if enable_nova_metadata():
packages.append('nova-api-metadata')
if git_install_requested():
packages = list(set(packages))
packages.extend(BASE_GIT_PACKAGES)
# don't include packages that will be installed from git
for p in GIT_PACKAGE_BLACKLIST:
if p in packages:
packages.remove(p)
return packages
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if snap_install_requested():
status_set('maintenance', 'Installing keystone snap')
snap_install('keystone', '--edge', '--classic')
service_pause('snap.keystone.uwsgi')
service_pause('snap.keystone.nginx')
else:
if run_in_apache():
disable_unused_apache_sites()
if not git_install_requested():
service_pause('keystone')
status_set('maintenance', 'Git install')
git_install(config('openstack-origin-git'))
unison.ensure_user(user=SSH_USER, group='juju_keystone')
# NOTE(coreycb): can just use group='keystone' once snap has drop privs support
if snap_install_requested():
unison.ensure_user(user=SSH_USER, group='root')
else:
unison.ensure_user(user=SSH_USER, group='keystone')
def determine_packages():
pkgs = []
plugin_pkgs = neutron_plugin_attribute('ovs', 'packages', 'neutron')
for plugin_pkg in plugin_pkgs:
pkgs.extend(plugin_pkg)
if use_dvr():
pkgs.extend(DVR_PACKAGES)
if enable_local_dhcp():
pkgs.extend(DHCP_PACKAGES)
pkgs.extend(METADATA_PACKAGES)
if git_install_requested():
pkgs.extend(BASE_GIT_PACKAGES)
# don't include packages that will be installed from git
for p in GIT_PACKAGE_BLACKLIST:
if p in pkgs:
pkgs.remove(p)
release = os_release('neutron-common', base='icehouse')
if release >= 'mitaka' and 'neutron-plugin-openvswitch-agent' in pkgs:
pkgs.remove('neutron-plugin-openvswitch-agent')
pkgs.append('neutron-openvswitch-agent')
if use_dpdk():
pkgs.append('openvswitch-switch-dpdk')
return pkgs
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
setup_ipv6()
sync_db_with_multi_ipv6_addresses(config('database'),
config('database-user'))
unison.ensure_user(user=SSH_USER, group='juju_keystone')
# NOTE(coreycb): can just use group='keystone' once snap has drop privs support
if snap_install_requested():
unison.ensure_user(user=SSH_USER, group='root')
else:
unison.ensure_user(user=SSH_USER, group='keystone')
homedir = unison.get_homedir(SSH_USER)
if not os.path.isdir(homedir):
mkdir(homedir, SSH_USER, 'juju_keystone', 0o775)
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('keystone'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade_reexec(configs=CONFIGS)
config_changed_postupgrade()
def determine_packages():
packages = [] + BASE_PACKAGES
net_manager = network_manager()
if (net_manager in ['flatmanager', 'flatdhcpmanager'] and
config('multi-host').lower() == 'yes' and
os_release('nova-common') < 'ocata'):
packages.extend(['nova-api', 'nova-network'])
if relation_ids('ceph'):
packages.append('ceph-common')
virt_type = config('virt-type')
try:
packages.extend(VIRT_TYPES[virt_type])
except KeyError:
log('Unsupported virt-type configured: %s' % virt_type)
raise
enable_nova_metadata, _ = nova_metadata_requirement()
if enable_nova_metadata:
packages.append('nova-api-metadata')
packages.extend(determine_packages_arch())
if git_install_requested():
packages = list(set(packages))
packages.extend(BASE_GIT_PACKAGES)
# don't include packages that will be installed from git
for p in GIT_PACKAGE_BLACKLIST:
if p in packages:
packages.remove(p)
return packages
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
check_call(["chmod", "-R", "g+wrx", "/var/lib/keystone/"])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
if not git_install_requested():
service_pause("keystone")
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check("apache2")
configure_https()
open_port(config("service-port"))
update_nrpe_config()
CONFIGS.write_all()
initialise_pki()
update_all_identity_relation_units()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids("ha"):
ha_joined(relation_id=r_id)
def git_install(projects_yaml):
"""Perform setup, and install git repos specified in yaml parameter."""
status_set('maintenance', 'running git install')
if git_install_requested():
git_pre_install()
git_clone_and_install(projects_yaml, core_project='neutron')
git_post_install(projects_yaml)
def get_packages():
"""Return a list of packages for install based on the configured plugin"""
plugin = remap_plugin(config("plugin"))
packages = deepcopy(GATEWAY_PKGS[networking_name()][plugin])
source = get_os_codename_install_source(config("openstack-origin"))
if plugin == "ovs":
if source >= "icehouse" and lsb_release()["DISTRIB_CODENAME"] < "utopic":
# NOTE(jamespage) neutron-vpn-agent supercedes l3-agent for
# icehouse but openswan was removed in utopic.
packages.remove("neutron-l3-agent")
packages.append("neutron-vpn-agent")
packages.append("openswan")
if source >= "kilo":
packages.append("python-neutron-fwaas")
if source >= "liberty":
# Switch out mysql driver
packages.remove("python-mysqldb")
packages.append("python-pymysql")
# Switch out to actual metering agent package
packages.remove("neutron-plugin-metering-agent")
packages.append("neutron-metering-agent")
packages.extend(determine_l3ha_packages())
if git_install_requested():
packages = list(set(packages))
packages.extend(BASE_GIT_PACKAGES)
# don't include packages that will be installed from git
for p in GIT_PACKAGE_BLACKLIST:
if p in packages:
packages.remove(p)
return packages
def get_packages():
'''Return a list of packages for install based on the configured plugin'''
plugin = remap_plugin(config('plugin'))
packages = deepcopy(GATEWAY_PKGS[networking_name()][plugin])
source = get_os_codename_install_source(config('openstack-origin'))
if plugin == 'ovs':
if (source >= 'icehouse' and
lsb_release()['DISTRIB_CODENAME'] < 'utopic'):
# NOTE(jamespage) neutron-vpn-agent supercedes l3-agent for
# icehouse but openswan was removed in utopic.
packages.remove('neutron-l3-agent')
packages.append('neutron-vpn-agent')
packages.append('openswan')
if source >= 'kilo':
packages.append('python-neutron-fwaas')
if source >= 'liberty':
# Switch out mysql driver
packages.remove('python-mysqldb')
packages.append('python-pymysql')
# Switch out to actual metering agent package
packages.remove('neutron-plugin-metering-agent')
packages.append('neutron-metering-agent')
packages.extend(determine_l3ha_packages())
if git_install_requested():
packages = list(set(packages))
packages.extend(BASE_GIT_PACKAGES)
# don't include packages that will be installed from git
for p in GIT_PACKAGE_BLACKLIST:
if p in packages:
packages.remove(p)
return packages
def determine_packages(source=None):
# currently all packages match service names
packages = [] + BASE_PACKAGES
for v in resource_map().values():
packages.extend(v['services'])
if manage_plugin():
pkgs = neutron_plugin_attribute(config('neutron-plugin'),
'server_packages',
'neutron')
packages.extend(pkgs)
if get_os_codename_install_source(source) >= 'kilo':
packages.extend(KILO_PACKAGES)
if config('neutron-plugin') == 'vsp':
nuage_pkgs = config('nuage-packages').split()
packages += nuage_pkgs
if git_install_requested():
packages.extend(BASE_GIT_PACKAGES)
# don't include packages that will be installed from git
packages = list(set(packages))
for p in GIT_PACKAGE_BLACKLIST:
if p in packages:
packages.remove(p)
if get_os_codename_install_source(source) >= 'kilo':
for p in GIT_PACKAGE_BLACKLIST_KILO:
packages.remove(p)
return list(set(packages))
def config_changed():
if config('prefer-ipv6'):
setup_ipv6()
status_set('maintenance', 'Sync DB')
sync_db_with_multi_ipv6_addresses(config('database'),
config('database-user'))
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('glance-common'):
status_set('maintenance', 'Upgrading OpenStack release')
do_openstack_upgrade(CONFIGS)
open_port(9292)
configure_https()
update_nrpe_config()
# Pickup and changes due to network reference architecture
# configuration
[keystone_joined(rid) for rid in relation_ids('identity-service')]
[image_service_joined(rid) for rid in relation_ids('image-service')]
[cluster_joined(rid) for rid in relation_ids('cluster')]
for r_id in relation_ids('ha'):
ha_relation_joined(relation_id=r_id)
def git_install(projects_yaml):
"""Perform setup, and install git repos specified in yaml parameter."""
if git_install_requested():
git_pre_install()
projects_yaml = git_default_repos(projects_yaml)
git_clone_and_install(projects_yaml, core_project='nova')
git_post_install(projects_yaml)
def config_changed():
global CONFIGS
if git_install_requested():
if config_value_changed('openstack-origin-git'):
git_install(config('openstack-origin-git'))
CONFIGS.write_all()
def determine_packages():
packages = set(PACKAGES)
if git_install_requested():
packages |= set(BASE_GIT_PACKAGES)
packages -= set(GIT_PACKAGE_BLACKLIST)
return sorted(packages)
def config_changed():
# If neutron is ready to be queried then check for incompatability between
# existing neutron objects and charm settings
codename = get_os_codename_install_source(config('openstack-origin'))
if codename >= 'kilo':
branch = "stable/%s" % codename
pip_install("git+https://github.com/openstack/networking-hyperv.git@%s" % branch)
if neutron_ready():
if l3ha_router_present() and not get_l3ha():
e = ('Cannot disable Router HA while ha enabled routers exist.'
' Please remove any ha routers')
status_set('blocked', e)
raise Exception(e)
if dvr_router_present() and not get_dvr():
e = ('Cannot disable dvr while dvr enabled routers exist. Please'
' remove any distributed routers')
log(e, level=ERROR)
status_set('blocked', e)
raise Exception(e)
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
setup_ipv6()
sync_db_with_multi_ipv6_addresses(config('database'),
config('database-user'))
global CONFIGS
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('neutron-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
additional_install_locations(
config('neutron-plugin'),
config('openstack-origin')
)
status_set('maintenance', 'Installing apt packages')
apt_install(filter_installed_packages(
determine_packages(config('openstack-origin'))),
fatal=True)
configure_https()
update_nrpe_config()
CONFIGS.write_all()
for r_id in relation_ids('neutron-api'):
neutron_api_relation_joined(rid=r_id)
for r_id in relation_ids('neutron-plugin-api'):
neutron_plugin_api_relation_joined(rid=r_id)
for r_id in relation_ids('amqp'):
amqp_joined(relation_id=r_id)
for r_id in relation_ids('identity-service'):
identity_joined(rid=r_id)
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
[cluster_joined(rid) for rid in relation_ids('cluster')]
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
global CONFIGS
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
sysctl_dict = config('sysctl')
if sysctl_dict:
create_sysctl(sysctl_dict, '/etc/sysctl.d/50-nova-compute.conf')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
if (config('libvirt-image-backend') == 'rbd' and
assert_libvirt_imagebackend_allowed()):
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
CONFIGS.write_all()
def configure_lxd(user='******'):
''' Configure lxd use for nova user '''
if not git_install_requested():
if lsb_release()['DISTRIB_CODENAME'].lower() < "vivid":
raise Exception("LXD is not supported for Ubuntu "
"versions less than 15.04 (vivid)")
configure_subuid(user)
lxc_list(user)
def plugin_relation_joined(rel_id=None):
if git_install_requested():
bin_path = git_pip_venv_dir(config('openstack-origin-git'))
else:
bin_path = '/usr/bin'
relation_set(release=os_release("openstack-dashboard"),
relation_id=rel_id,
bin_path=bin_path,
openstack_dir=INSTALL_DIR)
def config_changed():
if config('prefer-ipv6'):
setup_ipv6()
localhost = 'ip6-localhost'
else:
localhost = 'localhost'
if (os_release('openstack-dashboard') == 'icehouse' and
config('offline-compression') in ['no', 'False']):
apt_install(filter_installed_packages(['python-lesscpy']),
fatal=True)
# Ensure default role changes are propagated to keystone
for relid in relation_ids('identity-service'):
keystone_joined(relid)
enable_ssl()
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('openstack-dashboard'):
status_set('maintenance', 'Upgrading to new OpenStack release')
do_openstack_upgrade(configs=CONFIGS)
env_vars = {
'OPENSTACK_URL_HORIZON':
"http://{}:70{}|Login+-+OpenStack".format(
localhost,
config('webroot')
),
'OPENSTACK_SERVICE_HORIZON': "apache2",
'OPENSTACK_PORT_HORIZON_SSL': 433,
'OPENSTACK_PORT_HORIZON': 70
}
save_script_rc(**env_vars)
update_nrpe_config()
CONFIGS.write_all()
open_port(80)
open_port(443)
if git_install_requested():
git_post_install_late(config('openstack-origin-git'))
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
setup_ipv6()
sync_db_with_multi_ipv6_addresses(config('database'),
config('database-user'),
relation_prefix='nova')
global CONFIGS
if git_install_requested():
status_set('maintenance', 'Running Git install')
if config_value_changed('openstack-origin-git'):
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
CONFIGS = do_openstack_upgrade(CONFIGS)
[neutron_api_relation_joined(rid=rid, remote_restart=True)
for rid in relation_ids('neutron-api')]
save_script_rc()
configure_https()
CONFIGS.write_all()
if console_attributes('protocol'):
if not git_install_requested():
status_set('maintenance', 'Configuring guest console access')
apt_update()
packages = console_attributes('packages') or []
filtered = filter_installed_packages(packages)
if filtered:
apt_install(filtered, fatal=True)
[compute_joined(rid=rid)
for rid in relation_ids('cloud-compute')]
for r_id in relation_ids('identity-service'):
identity_joined(rid=r_id)
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
[cluster_joined(rid) for rid in relation_ids('cluster')]
update_nrpe_config()
update_nova_consoleauth_config()
def determine_packages():
"""Determine packages to install"""
packages = BASE_PACKAGES
if git_install_requested():
packages.extend(BASE_GIT_PACKAGES)
# don't include packages that will be installed from git
packages = list(set(packages))
for p in GIT_PACKAGE_BLACKLIST:
packages.remove(p)
return list(set(packages))
def config_changed():
conf = config()
if conf['prefer-ipv6']:
status_set('maintenance', 'configuring ipv6')
setup_ipv6()
sync_db_with_multi_ipv6_addresses(config('database'),
config('database-user'))
e_mountpoint = config('ephemeral-unmount')
if e_mountpoint and filesystem_mounted(e_mountpoint):
umount(e_mountpoint)
if (service_enabled('volume') and
conf['block-device'] not in [None, 'None', 'none']):
status_set('maintenance', 'Configuring lvm storage')
block_devices = conf['block-device'].split()
configure_lvm_storage(block_devices,
conf['volume-group'],
conf['overwrite'] in ['true', 'True', True],
conf['remove-missing'],
conf['remove-missing-force'])
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('cinder-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(configs=CONFIGS)
# NOTE(jamespage) tell any storage-backends we just upgraded
for rid in relation_ids('storage-backend'):
relation_set(relation_id=rid,
upgrade_nonce=uuid.uuid4())
# NOTE(hopem) tell any backup-backends we just upgraded
for rid in relation_ids('backup-backend'):
relation_set(relation_id=rid,
upgrade_nonce=uuid.uuid4())
# overwrite config is not in conf file. so We can't use restart_on_change
if config_value_changed('overwrite') and not is_unit_paused_set():
service_restart('cinder-volume')
CONFIGS.write_all()
configure_https()
update_nrpe_config()
open_port(config('api-listening-port'))
for rid in relation_ids('cluster'):
cluster_joined(relation_id=rid)
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def config_changed():
install_packages()
if git_install_requested():
if config_value_changed('openstack-origin-git'):
git_install(config('openstack-origin-git'))
configure_ovs()
CONFIGS.write_all()
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(relation_id=rid)
def install():
apt_update(fatal=True)
apt_install(determine_packages(), fatal=True)
if git_install_requested():
git_install(config('openstack-origin-git'))
# NOTE(adam_g):
# something gets screwy with the requests packages being pulled in
# as python-requests-whl /w python-pip-whl and via the UCA, causing
# glanceclient usage in the charm to break. Purge it here and let it
# be reinstalled during next hook exec, that seems to fix the issue?
cmd = ['dpkg', '-P', 'python-pip-whl', 'python-requests-whl',
'python-pip']
subprocess.check_call(cmd)
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
if not snap_install_requested():
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
if not git_install_requested():
service_pause('keystone')
if snap_install_requested():
service_pause('snap.keystone.uwsgi')
service_pause('snap.keystone.nginx')
else:
disable_unused_apache_sites()
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
# NOTE(coreycb): Need to add https support for snap with nginx
if not snap_install_requested():
configure_https()
open_port(config('service-port'))
if not snap_install_requested():
update_nrpe_config()
CONFIGS.write_all()
# NOTE(coreycb): Can dropp check once snap has alias support and
# drops privileges.
if not snap_install_requested():
initialise_pki()
update_all_identity_relation_units()
update_all_domain_backends()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
setup_ipv6()
sync_db_with_multi_ipv6_addresses(config('database'),
config('database-user'))
unison.ensure_user(user=SSH_USER, group='juju_keystone')
unison.ensure_user(user=SSH_USER, group='keystone')
homedir = unison.get_homedir(SSH_USER)
if not os.path.isdir(homedir):
mkdir(homedir, SSH_USER, 'juju_keystone', 0o775)
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('keystone'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(configs=CONFIGS)
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
configure_https()
update_nrpe_config()
CONFIGS.write_all()
if is_pki_enabled():
initialise_pki()
update_all_identity_relation_units()
for rid in relation_ids('identity-admin'):
admin_relation_changed(rid)
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def git_reinstall():
"""Reinstall from source and restart services.
If the openstack-origin-git config option was used to install openstack
from source git repositories, then this action can be used to reinstall
from updated git repositories, followed by a restart of services."""
if not git_install_requested():
action_fail('openstack-origin-git is not configured')
return
try:
git_install(config('openstack-origin-git'))
config_changed()
except:
action_set({'traceback': traceback.format_exc()})
action_fail('git-reinstall resulted in an unexpected error')
def determine_packages():
# currently all packages match service names
packages = [] + BASE_PACKAGES
for v in resource_map().values():
packages.extend(v['services'])
if console_attributes('packages'):
packages.extend(console_attributes('packages'))
if git_install_requested():
packages = list(set(packages))
packages.extend(BASE_GIT_PACKAGES)
# don't include packages that will be installed from git
for p in GIT_PACKAGE_BLACKLIST:
if p in packages:
packages.remove(p)
return list(set(packages))
def config_changed():
if git_install_requested():
if config_value_changed('openstack-origin-git'):
git_install(config('openstack-origin-git'))
validate_config()
CONFIGS.write_all()
def install():
apt_update(fatal=True)
apt_install(determine_packages(), fatal=True)
if git_install_requested():
git_install(config('openstack-origin-git'))
def config_changed():
# neutron-server runs if < juno. Neutron-server creates mysql tables
# which will subsequently cause db migratoins to fail if >= juno.
# Disable neutron-server if >= juno
if CompareOpenStackReleases(os_release('nova-common')) >= 'juno':
with open('/etc/init/neutron-server.override', 'wb') as out:
out.write('manual\n')
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
setup_ipv6()
sync_db_with_multi_ipv6_addresses(config('database'),
config('database-user'),
relation_prefix='nova')
global CONFIGS
if git_install_requested():
status_set('maintenance', 'Running Git install')
if config_value_changed('openstack-origin-git'):
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
CONFIGS = do_openstack_upgrade(CONFIGS)
[
neutron_api_relation_joined(rid=rid, remote_restart=True)
for rid in relation_ids('neutron-api')
]
# NOTE(jamespage): Force re-fire of shared-db joined hook
# to ensure that nova_api database is setup if required.
[db_joined(relation_id=r_id) for r_id in relation_ids('shared-db')]
save_script_rc()
configure_https()
CONFIGS.write_all()
# NOTE(jamespage): deal with any changes to the console and serial
# console configuration options
if not git_install_requested():
filtered = filter_installed_packages(determine_packages())
if filtered:
apt_install(filtered, fatal=True)
for rid in relation_ids('quantum-network-service'):
quantum_joined(rid=rid)
for r_id in relation_ids('identity-service'):
identity_joined(rid=r_id)
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
[cluster_joined(rid) for rid in relation_ids('cluster')]
[compute_joined(rid=rid) for rid in relation_ids('cloud-compute')]
update_nrpe_config()
# If the region value has changed, notify the cloud-compute relations
# to ensure the value is propagated to the compute nodes.
if config_value_changed('region'):
for rid in relation_ids('cloud-compute'):
for unit in related_units(rid):
compute_changed(rid, unit)
update_nova_consoleauth_config()
update_aws_compat_services()
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
global CONFIGS
send_remote_restart = False
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
send_remote_restart = True
sysctl_dict = config('sysctl')
if sysctl_dict:
create_sysctl(sysctl_dict, '/etc/sysctl.d/50-nova-compute.conf')
destroy_libvirt_network('default')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
if (config('libvirt-image-backend') == 'rbd' and
assert_libvirt_rbd_imagebackend_allowed()):
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and
config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()
def git_install(projects_yaml):
"""Perform setup, and install git repos specified in yaml parameter."""
if git_install_requested():
git_pre_install()
git_clone_and_install(projects_yaml, core_project='neutron')
git_post_install(projects_yaml)
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
if (migration_enabled()
and config('migration-auth-type') not in MIGRATION_AUTH_TYPES):
message = ("Invalid migration-auth-type")
status_set('blocked', message)
raise Exception(message)
global CONFIGS
send_remote_restart = False
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
send_remote_restart = True
sysctl_settings = config('sysctl')
if sysctl_settings:
sysctl_dict = yaml.safe_load(sysctl_settings)
sysctl_dict['vm.swappiness'] = sysctl_dict.get('vm.swappiness', 1)
create_sysctl(yaml.dump(sysctl_dict),
'/etc/sysctl.d/50-nova-compute.conf')
destroy_libvirt_network('default')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
# NOTE(jamespage): trigger any configuration related changes
# for cephx permissions restrictions and
# keys on disk for ceph-access backends
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
for rid in relation_ids('ceph-access'):
for unit in related_units(rid):
ceph_access(rid=rid, unit=unit)
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager']
and config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()
