def main(cluster_data={}):
# Grab the boilerplate config entries
cluster_data['unit_name'] = environ['JUJU_UNIT_NAME'].replace('/', '')
cluster_data['private_address'] = private_address
cluster_data['public_address'] = public_address
cluster_data['cluster_state'] = 'new'
if not leader_status:
cluster_data['cluster_state'] = hookenv.relation_get('cluster-state')
leader_address = hookenv.relation_get('leader-address')
# do self registration
if not db.get('registered'):
cmd = "/opt/etcd/etcdctl -C http://{}:4001 member add {}" \
" http://{}:7001".format(leader_address,
cluster_data['unit_name'],
private_address)
print(cmd)
check_call(shlex.split(cmd))
db.set('registered', True)
# introspect the cluster, and form the cluster string.
# https://github.com/coreos/etcd/blob/master/Documentation/configuration.md#-initial-cluster
templating.render('etcd.conf.jinja2', '/etc/init/etcd.conf',
cluster_data, owner='root', group='root')
host.service('restart', 'etcd')
def restart():
open_port(80)
if service_running("traefik"):
service("restart", "traefik")
else:
service("start", "traefik")
status_set("active", "")
def restart():
open_port(port())
if service_running('omnivector-challenge'):
service('restart', 'omnivector-challenge')
else:
service('start', 'omnivector-challenge')
status_set("active", "")
def maybe_handle_policyd_override(openstack_release, hook):
"""Handle the use-policy-override config flag and resource file.
This function checks that policy overrides are supported on this release,
that the config flag is enabled, and then processes the resources, copies
the package policies to the config area, loads the override files. In the
case where the config flag is false, it removes the policy overrides by
deleting the config area policys. Note that the template for
`local_settings.py` controls where the horizon service actually reads the
policies from.
Note that for the 'config-changed' hook, the function is only interested in
whether the config value of `use-policy-override` matches the current
status of the policy overrides success file. If it doesn't, either the
config area policies are removed (i.e. False) or the policy overrides file
is processed.
:param openstack_release: The release of OpenStack installed.
:type openstack_release: str
:param hook: The hook name
:type hook: str
"""
log("Seeing if policyd overrides need doing", level=INFO)
if not policyd.is_policyd_override_valid_on_this_release(
openstack_release):
log("... policy overrides not valid on this release: {}".format(
openstack_release),
level=INFO)
return
# if policy config is not set, then remove the entire directory
_config = config()
if not _config.get(policyd.POLICYD_CONFIG_NAME, False):
_dir = policyd.policyd_dir_for('openstack-dashboard')
if os.path.exists(_dir):
log("... config is cleared, and removing {}".format(_dir), INFO)
shutil.rmtree(_dir)
else:
log("... nothing to do", INFO)
policyd.remove_policy_success_file()
return
# config-change and the policyd overrides have been performed just return
if hook == "config-changed" and policyd.is_policy_success_file_set():
log("... already setup, so skipping.", level=INFO)
return
# from now on it should succeed; if it doesn't then status line will show
# broken.
resource_filename = policyd.get_policy_resource_filename()
restart = policyd.process_policy_resource_file(
resource_filename,
'openstack-dashboard',
blacklist_paths=blacklist_policyd_paths(),
preserve_topdir=True,
preprocess_filename=policyd_preprocess_name,
user='******',
group='horizon')
copy_conf_to_policyd()
if restart:
service('stop', 'apache2')
service('start', 'apache2')
log("Policy override processing complete.", level=INFO)
def render_nimsoft_robot_config():
"""Create the nimbus.conf config file.
Renders the appropriate template for the Nimbus Robot
"""
# The v5 template is compatible with all versions < 6
cfg_original_hash = file_hash(NIMBUS_ROBOT_CONFIG)
context = {
'hub': config("hub"),
'domain': config("domain"),
'hubip': config("hubip"),
'hub_robot_name': config("hub-robot-name"),
'secondary_domain': config("secondary-domain"),
'secondary_hubip': config("secondary-hubip"),
'secondary_hub': config("secondary-hub"),
'secondary_hub_robot_name': config("secondary-hub-robot-name"),
'private_address': unit_private_ip(),
'hostname': os.uname()[1]
}
render('robot.cfg', NIMBUS_ROBOT_CONFIG, context=context)
cfg_new_hash = file_hash(NIMBUS_ROBOT_CONFIG)
rsync(charm_dir() + '/files/request_linux_prod.cfg',
'/opt/nimsoft/request.cfg')
# Install the nimbus service
rsync(charm_dir() + '/files/nimbus.service',
'/lib/systemd/system/nimbus.service')
if cfg_original_hash != cfg_new_hash:
service('restart', 'nimbus')
status.active('nimbus ready.')
def write(self):
try:
nagios_uid = pwd.getpwnam('nagios').pw_uid
nagios_gid = grp.getgrnam('nagios').gr_gid
except Exception:
log("Nagios user not set up, nrpe checks not updated")
return
if not os.path.exists(NRPE.nagios_logdir):
os.mkdir(NRPE.nagios_logdir)
os.chown(NRPE.nagios_logdir, nagios_uid, nagios_gid)
nrpe_monitors = {}
monitors = {"monitors": {"remote": {"nrpe": nrpe_monitors}}}
for nrpecheck in self.checks:
nrpecheck.write(self.nagios_context, self.hostname,
self.nagios_servicegroups)
nrpe_monitors[nrpecheck.shortname] = {
"command": nrpecheck.command,
}
# update-status hooks are configured to firing every 5 minutes by
# default. When nagios-nrpe-server is restarted, the nagios server
# reports checks failing causing unnecessary alerts. Let's not restart
# on update-status hooks.
if not hook_name() == 'update-status':
service('restart', 'nagios-nrpe-server')
monitor_ids = relation_ids("local-monitors") + \
relation_ids("nrpe-external-master")
for rid in monitor_ids:
relation_set(relation_id=rid, monitors=yaml.dump(monitors))
def write(self):
try:
nagios_uid = pwd.getpwnam('nagios').pw_uid
nagios_gid = grp.getgrnam('nagios').gr_gid
except Exception:
log("Nagios user not set up, nrpe checks not updated")
return
if not os.path.exists(NRPE.nagios_logdir):
os.mkdir(NRPE.nagios_logdir)
os.chown(NRPE.nagios_logdir, nagios_uid, nagios_gid)
nrpe_monitors = {}
monitors = {"monitors": {"remote": {"nrpe": nrpe_monitors}}}
# check that the charm can write to the conf dir. If not, then nagios
# probably isn't installed, and we can defer.
if not self.does_nrpe_conf_dir_exist():
return
for nrpecheck in self.checks:
nrpecheck.write(self.nagios_context, self.hostname,
self.nagios_servicegroups)
nrpe_monitors[nrpecheck.shortname] = {
"command": nrpecheck.command,
}
# If we were passed max_check_attempts, add that to the relation data
try:
nrpe_monitors[nrpecheck.shortname]['max_check_attempts'] = nrpecheck.max_check_attempts
except AttributeError:
pass
# update-status hooks are configured to firing every 5 minutes by
# default. When nagios-nrpe-server is restarted, the nagios server
# reports checks failing causing unnecessary alerts. Let's not restart
# on update-status hooks.
if not hook_name() == 'update-status':
service('restart', 'nagios-nrpe-server')
monitor_ids = relation_ids("local-monitors") + \
relation_ids("nrpe-external-master")
for rid in monitor_ids:
reldata = relation_get(unit=local_unit(), rid=rid)
if 'monitors' in reldata:
# update the existing set of monitors with the new data
old_monitors = yaml.safe_load(reldata['monitors'])
old_nrpe_monitors = old_monitors['monitors']['remote']['nrpe']
# remove keys that are in the remove_check_queue
old_nrpe_monitors = {k: v for k, v in old_nrpe_monitors.items()
if k not in self.remove_check_queue}
# update/add nrpe_monitors
old_nrpe_monitors.update(nrpe_monitors)
old_monitors['monitors']['remote']['nrpe'] = old_nrpe_monitors
# write back to the relation
relation_set(relation_id=rid, monitors=yaml.dump(old_monitors))
else:
# write a brand new set of monitors, as no existing ones.
relation_set(relation_id=rid, monitors=yaml.dump(monitors))
self.remove_check_queue.clear()
def restart():
open_port(9000)
if service_running("minio"):
service("restart", "minio")
else:
service("start", "minio")
status_set("active", "")
def install_dpdk():
modprobe(config["dpdk-driver"])
try:
modprobe("vfio-pci")
except:
pass
dkms_autoinstall()
pages = get_hugepages()
if pages:
hugepage_support("root", group="root", nr_hugepages=pages,
mnt_point="/hugepages")
service_restart("libvirt-bin")
configure_vrouter_interface()
set_dpdk_options()
if not init_is_systemd():
os.remove("/etc/init/supervisor-vrouter.override")
service_start("supervisor-vrouter")
service_restart("contrail-vrouter-agent")
else:
# unmask them first
for srv in ("contrail-vrouter-agent", "contrail-vrouter-dpdk"):
try:
os.remove("/etc/systemd/system/{}.service".format(srv))
except OSError:
pass
service("enable", "contrail-vrouter-dpdk")
service_start("contrail-vrouter-dpdk")
service("enable", "contrail-vrouter-agent")
service_start("contrail-vrouter-agent")
fix_libvirt()
def main(cluster_data={}):
# Grab the boilerplate config entries
cluster_data['unit_name'] = environ['JUJU_UNIT_NAME'].replace('/', '')
cluster_data['private_address'] = private_address
cluster_data['public_address'] = public_address
cluster_data['cluster_state'] = 'new'
if not leader_status:
cluster_data['cluster_state'] = hookenv.relation_get('cluster-state')
leader_address = hookenv.relation_get('leader-address')
# do self registration
if not db.get('registered'):
cmd = "etcdctl -C http://{}:2379 member add {}" \
" http://{}:2380".format(leader_address,
cluster_data['unit_name'],
private_address)
print(cmd)
check_call(shlex.split(cmd))
db.set('registered', True)
# introspect the cluster, and form the cluster string.
# https://github.com/coreos/etcd/blob/master/Documentation/configuration.md#-initial-cluster
templating.render('etcd.default.jinja2', '/etc/default/etcd',
cluster_data, owner='root', group='root')
host.service('stop', 'etcd')
check_output(['rm', '-Rf', '/var/lib/etcd/default'])
host.service('start', 'etcd')
if leader_status:
status_set('active', 'Etcd leader running')
else:
status_set('active', 'Etcd follower running')
def write(self):
try:
nagios_uid = pwd.getpwnam('nagios').pw_uid
nagios_gid = grp.getgrnam('nagios').gr_gid
except:
log("Nagios user not set up, nrpe checks not updated")
return
if not os.path.exists(NRPE.nagios_logdir):
os.mkdir(NRPE.nagios_logdir)
os.chown(NRPE.nagios_logdir, nagios_uid, nagios_gid)
nrpe_monitors = {}
monitors = {"monitors": {"remote": {"nrpe": nrpe_monitors}}}
for nrpecheck in self.checks:
nrpecheck.write(self.nagios_context, self.hostname,
self.nagios_servicegroups)
nrpe_monitors[nrpecheck.shortname] = {
"command": nrpecheck.command,
}
service('restart', 'nagios-nrpe-server')
monitor_ids = relation_ids("local-monitors") + \
relation_ids("nrpe-external-master")
for rid in monitor_ids:
relation_set(relation_id=rid, monitors=yaml.dump(monitors))
def configure_vault(context):
log("Running configure_vault", level=DEBUG)
context['disable_mlock'] = is_container() or config('disable-mlock')
context['ssl_available'] = is_state('vault.ssl.available')
if is_flag_set('etcd.tls.available'):
etcd = endpoint_from_flag('etcd.available')
log("Etcd detected, adding to context", level=DEBUG)
context['etcd_conn'] = etcd.connection_string()
context['etcd_tls_ca_file'] = '/var/snap/vault/common/etcd-ca.pem'
context['etcd_tls_cert_file'] = '/var/snap/vault/common/etcd-cert.pem'
context['etcd_tls_key_file'] = '/var/snap/vault/common/etcd.key'
save_etcd_client_credentials(etcd,
key=context['etcd_tls_key_file'],
cert=context['etcd_tls_cert_file'],
ca=context['etcd_tls_ca_file'])
context['api_addr'] = vault.get_api_url()
context['cluster_addr'] = vault.get_cluster_url()
log("Etcd detected, setting api_addr to {}".format(
context['api_addr']))
else:
log("Etcd not detected", level=DEBUG)
log("Rendering vault.hcl.j2", level=DEBUG)
render('vault.hcl.j2', VAULT_CONFIG, context, perms=0o600)
log("Rendering vault systemd configuation", level=DEBUG)
render('vault.service.j2', VAULT_SYSTEMD_CONFIG, {}, perms=0o644)
service('enable', 'vault')
log("Opening vault port", level=DEBUG)
open_port(8200)
set_flag('configured')
if any_file_changed([VAULT_CONFIG, VAULT_SYSTEMD_CONFIG]):
# force a restart if config has changed
clear_flag('started')
def restart_services():
"""Determine which service names are required to be restarted based on
Ubuntu release and restart them.
"""
ubuntu_release = host.lsb_release()['DISTRIB_CODENAME']
for service in QUAGGA_SERVICES[ubuntu_release]:
host.service('restart', service)
def main(cluster_data={}):
# Grab the boilerplate config entries
cluster_data['unit_name'] = environ['JUJU_UNIT_NAME'].replace('/', '')
cluster_data['private_address'] = private_address
cluster_data['public_address'] = public_address
cluster_data['cluster_state'] = 'new'
if not leader_status:
cluster_data['cluster_state'] = hookenv.relation_get('cluster-state')
leader_address = hookenv.relation_get('leader-address')
# do self registration
if not db.get('registered'):
cmd = "/opt/etcd/etcdctl -C http://{}:4001 member add {}" \
" http://{}:7001".format(leader_address,
cluster_data['unit_name'],
private_address)
print(cmd)
check_call(shlex.split(cmd))
db.set('registered', True)
# introspect the cluster, and form the cluster string.
# https://github.com/coreos/etcd/blob/master/Documentation/configuration.md#-initial-cluster
templating.render('etcd.conf.jinja2',
'/etc/init/etcd.conf',
cluster_data,
owner='root',
group='root')
host.service('restart', 'etcd')
def write(self):
try:
nagios_uid = pwd.getpwnam('nagios').pw_uid
nagios_gid = grp.getgrnam('nagios').gr_gid
except:
log("Nagios user not set up, nrpe checks not updated")
return
if not os.path.exists(NRPE.nagios_logdir):
os.mkdir(NRPE.nagios_logdir)
os.chown(NRPE.nagios_logdir, nagios_uid, nagios_gid)
nrpe_monitors = {}
monitors = {"monitors": {"remote": {"nrpe": nrpe_monitors}}}
for nrpecheck in self.checks:
nrpecheck.write(self.nagios_context, self.hostname,
self.nagios_servicegroups)
nrpe_monitors[nrpecheck.shortname] = {
"command": nrpecheck.command,
}
service('restart', 'nagios-nrpe-server')
for rid in relation_ids("local-monitors"):
relation_set(relation_id=rid, monitors=yaml.dump(monitors))
def restart():
open_port(port())
if service_running('hello-juju'):
service('restart', 'hello-juju')
else:
service('start', 'hello-juju')
status_set("active", "")
def write(self):
try:
nagios_uid = pwd.getpwnam('nagios').pw_uid
nagios_gid = grp.getgrnam('nagios').gr_gid
except Exception:
log("Nagios user not set up, nrpe checks not updated")
return
if not os.path.exists(NRPE.nagios_logdir):
os.mkdir(NRPE.nagios_logdir)
os.chown(NRPE.nagios_logdir, nagios_uid, nagios_gid)
nrpe_monitors = {}
monitors = {"monitors": {"remote": {"nrpe": nrpe_monitors}}}
for nrpecheck in self.checks:
nrpecheck.write(self.nagios_context, self.hostname,
self.nagios_servicegroups)
nrpe_monitors[nrpecheck.shortname] = {
"command": nrpecheck.command,
}
# update-status hooks are configured to firing every 5 minutes by
# default. When nagios-nrpe-server is restarted, the nagios server
# reports checks failing causing unnecessary alerts. Let's not restart
# on update-status hooks.
if not hook_name() == 'update-status':
service('restart', 'nagios-nrpe-server')
monitor_ids = relation_ids("local-monitors") + \
relation_ids("nrpe-external-master")
for rid in monitor_ids:
relation_set(relation_id=rid, monitors=yaml.dump(monitors))
def install_calico_service():
''' Install the calico-node systemd service. '''
status.maintenance('Installing calico-node service.')
# keep track of our etcd connections so we can detect when it changes later
etcd = endpoint_from_flag('etcd.available')
etcd_connections = etcd.get_connection_string()
data_changed('calico_etcd_connections', etcd_connections)
data_changed('calico_etcd_cert', etcd.get_client_credentials())
service_path = os.path.join(os.sep, 'lib', 'systemd', 'system',
'calico-node.service')
render(
'calico-node.service',
service_path,
{
'connection_string': etcd_connections,
'etcd_key_path': ETCD_KEY_PATH,
'etcd_ca_path': ETCD_CA_PATH,
'etcd_cert_path': ETCD_CERT_PATH,
'nodename': gethostname(),
# specify IP so calico doesn't grab a silly one from, say, lxdbr0
'ip': get_bind_address(),
'calico_node_image': hookenv.config('calico-node-image'),
'ignore_loose_rpf': hookenv.config('ignore-loose-rpf'),
'lc_all': os.environ.get('LC_ALL', 'C.UTF-8'),
'lang': os.environ.get('LANG', 'C.UTF-8')
})
check_call(['systemctl', 'daemon-reload'])
service_restart('calico-node')
service('enable', 'calico-node')
set_state('calico.service.installed')
def install_dpdk():
modprobe(config["dpdk-driver"])
try:
modprobe("vfio-pci")
except:
pass
dkms_autoinstall()
pages = get_hugepages()
if pages:
hugepage_support("root", group="root", nr_hugepages=pages,
mnt_point="/hugepages")
service_restart("libvirt-bin")
configure_vrouter_interface()
set_dpdk_coremask()
write_configs()
if not init_is_systemd():
os.remove("/etc/init/supervisor-vrouter.override")
service_start("supervisor-vrouter")
service_restart("contrail-vrouter-agent")
else:
service("enable", "contrail-vrouter-dpdk")
service_start("contrail-vrouter-dpdk")
service("enable", "contrail-vrouter-agent")
service_start("contrail-vrouter-agent")
fix_libvirt()
def install_calico_service():
''' Install the calico-node systemd service. '''
status.maintenance('Installing calico-node service.')
etcd = endpoint_from_flag('etcd.available')
service_path = os.path.join(os.sep, 'lib', 'systemd', 'system',
'calico-node.service')
registry = hookenv.config('registry') or DEFAULT_REGISTRY
image = hookenv.config('calico-node-image')
uri = os.path.join(registry, image)
render(
'calico-node.service',
service_path,
{
'connection_string': etcd.get_connection_string(),
'etcd_key_path': ETCD_KEY_PATH,
'etcd_ca_path': ETCD_CA_PATH,
'etcd_cert_path': ETCD_CERT_PATH,
'nodename': gethostname(),
# specify IP so calico doesn't grab a silly one from, say, lxdbr0
'ip': get_bind_address(),
'cnx_node_image': uri,
'ignore_loose_rpf': hookenv.config('ignore-loose-rpf'),
'lc_all': os.environ.get('LC_ALL', 'C.UTF-8'),
'lang': os.environ.get('LANG', 'C.UTF-8')
})
service_restart('calico-node')
service('enable', 'calico-node')
set_state('calico.service.installed')
def bootstrap_pxc():
"""Bootstrap PXC
On systemd systems systemctl bootstrap-pxc mysql does not work.
Run service mysql bootstrap-pxc to bootstrap."""
service('stop', 'mysql')
bootstrapped = service('bootstrap-pxc', 'mysql')
if not bootstrapped:
try:
# NOTE(jamespage): execute under systemd-run to ensure
# that the bootstrap-pxc mysqld does
# not end up in the juju unit daemons
# cgroup scope.
cmd = [
'systemd-run', '--service-type=forking', 'service', 'mysql',
'bootstrap-pxc'
]
subprocess.check_call(cmd)
except subprocess.CalledProcessError as e:
msg = 'Bootstrap PXC failed'
error_msg = '{}: {}'.format(msg, e)
status_set('blocked', msg)
log(error_msg, ERROR)
raise Exception(error_msg)
# To make systemd aware mysql is running after a bootstrap
service('start', 'mysql')
log("Bootstrap PXC Succeeded", DEBUG)
def render_filebeat_template():
"""Create the filebeat.yaml config file.
Renders the appropriate template for the major version of filebeat that
is installed.
"""
# kube_logs requires access to k8s-related filesystem data. If configured,
# don't try to start filebeat until that data is present.
if config().get('kube_logs') and not os.path.exists(KUBE_CONFIG):
status.maint('Waiting for: {}'.format(KUBE_CONFIG))
return
version = charms.apt.get_package_version('filebeat')[0]
cfg_original_hash = file_hash(FILEBEAT_CONFIG)
connections = render_without_context('filebeat-{}.yml'.format(version),
FILEBEAT_CONFIG)
cfg_new_hash = file_hash(FILEBEAT_CONFIG)
# Ensure ssl files match config each time we render a new template
manage_filebeat_logstash_ssl()
remove_state('beat.render')
if connections:
if cfg_original_hash != cfg_new_hash:
service('restart', 'filebeat')
status.active('Filebeat ready.')
else:
# Stop the service when not connected to any log handlers.
# NB: beat base layer will handle setting a waiting status
service('stop', 'filebeat')
def remove_legacy_nova_metadata():
"""Remove nova metadata files."""
service_name = 'nova-api-metadata'
service_stop(service_name)
service('disable', service_name)
service('mask', service_name)
for f in NOVA_CONFIG_FILES.keys():
remove_file(f)
def cmd_all_services(cmd):
if cmd == 'start':
for svc in services():
if not service_running(svc):
service_start(svc)
else:
for svc in services():
service(cmd, svc)
def remove_legacy_nova_metadata():
"""Remove nova metadata files."""
service_name = 'nova-api-metadata'
service_stop(service_name)
service('disable', service_name)
service('mask', service_name)
for f in get_nova_config_files().keys():
remove_file(f)
def cmd_all_services(cmd):
if cmd == 'start':
for svc in services():
if not service_running(svc):
service_start(svc)
else:
for svc in services():
service(cmd, svc)
def upgrade(self):
"""Install or upgrade the GitLab runner packages, adding APT sources as needed."""
self.add_sources()
apt_update()
apt_install("gitlab-runner")
self.set_global_config()
service("enable", "gitlab-runner")
service("start", "gitlab-runner")
return True
def start_ftb(java):
""" start instance """
log('ftb-infinity: start_ftb')
service('enable', CHARM_NAME)
service_start(CHARM_NAME)
open_port(conf['server_port'])
set_state(CHARM_STATE_STARTED)
status_set('active', 'ftb started')
def render_config_restart_on_changed(clustered, hosts, bootstrap=False):
"""Render mysql config and restart mysql service if file changes as a
result.
If bootstrap is True we do a bootstrap-pxc in order to bootstrap the
percona cluster. This should only be performed once at cluster creation
time.
If percona is already bootstrapped we can get away with just ensuring that
it is started so long as the new node to be added is guaranteed to have
been restarted so as to apply the new config.
"""
pre_hash = file_hash(resolve_cnf_file())
render_config(clustered, hosts)
create_binlogs_directory()
update_db_rels = False
if file_hash(resolve_cnf_file()) != pre_hash or bootstrap:
if bootstrap:
service('stop', 'mysql')
service('bootstrap-pxc', 'mysql')
# NOTE(dosaboy): this will not actually do anything if no cluster
# relation id exists yet.
notify_bootstrapped()
update_db_rels = True
else:
delay = 1
attempts = 0
max_retries = 5
# NOTE(dosaboy): avoid unnecessary restarts. Once mysql is started
# it needn't be restarted when new units join the cluster since the
# new units will join and apply their own config.
if not seeded():
action = service_restart
else:
action = service_start
while not action('mysql'):
if attempts == max_retries:
raise Exception("Failed to start mysql (max retries "
"reached)")
log("Failed to start mysql - retrying in %ss" % (delay),
WARNING)
time.sleep(delay)
delay += 2
attempts += 1
# If we get here we assume prior actions have succeeded to always
# this unit is marked as seeded so that subsequent calls don't result
# in a restart.
mark_seeded()
if update_db_rels:
update_shared_db_rels()
else:
log("Config file '%s' unchanged", level=DEBUG)
def render_config_restart_on_changed(clustered, hosts, bootstrap=False):
"""Render mysql config and restart mysql service if file changes as a
result.
If bootstrap is True we do a bootstrap-pxc in order to bootstrap the
percona cluster. This should only be performed once at cluster creation
time.
If percona is already bootstrapped we can get away with just ensuring that
it is started so long as the new node to be added is guaranteed to have
been restarted so as to apply the new config.
"""
pre_hash = file_hash(resolve_cnf_file())
render_config(clustered, hosts)
update_db_rels = False
if file_hash(resolve_cnf_file()) != pre_hash or bootstrap:
if bootstrap:
service('bootstrap-pxc', 'mysql')
# NOTE(dosaboy): this will not actually do anything if no cluster
# relation id exists yet.
notify_bootstrapped()
update_db_rels = True
else:
delay = 1
attempts = 0
max_retries = 5
# NOTE(dosaboy): avoid unnecessary restarts. Once mysql is started
# it needn't be restarted when new units join the cluster since the
# new units will join and apply their own config.
if not seeded():
action = service_restart
else:
action = service_start
while not action('mysql'):
if attempts == max_retries:
raise Exception("Failed to start mysql (max retries "
"reached)")
log("Failed to start mysql - retrying in %ss" % (delay),
WARNING)
time.sleep(delay)
delay += 2
attempts += 1
# If we get here we assume prior actions have succeeded to always
# this unit is marked as seeded so that subsequent calls don't result
# in a restart.
mark_seeded()
if update_db_rels:
update_shared_db_rels()
else:
log("Config file '%s' unchanged", level=DEBUG)
def install_flannel_service(etcd):
''' Install the flannel service. '''
status_set('maintenance', 'Installing flannel service.')
iface = config('iface') or get_bind_address_interface()
context = {'iface': iface,
'connection_string': etcd.get_connection_string(),
'cert_path': ETCD_PATH}
render('flannel.service', '/lib/systemd/system/flannel.service', context)
service('enable', 'flannel')
set_state('flannel.service.installed')
remove_state('flannel.service.started')
def setup_systemd(self):
context = {'user': self.user,
'group': self.user,
'mono': self.mono_path,
'radarr': self.executable
}
templating.render(source="{}.j2".format(self.service_name),
target=self.service_file,
context=context)
host.service('enable', self.service_name)
host.service('start', self.service_name)
def remove_legacy_neutron_lbaas():
"""Remove neutron lbaas files."""
cmp_os_source = CompareOpenStackReleases(os_release('neutron-common'))
service_name = 'neutron-lbaas-agent'
if cmp_os_source >= 'train':
return
if cmp_os_source >= 'newton':
service_name = 'neutron-lbaasv2-agent'
service_stop(service_name)
service('disable', service_name)
service('mask', service_name)
def cmd_all_services(cmd):
if is_unit_paused_set():
log('Unit is in paused state, not issuing {} to all'
'services'.format(cmd))
return
if cmd == 'start':
for svc in services():
if not service_running(svc):
service_start(svc)
else:
for svc in services():
service(cmd, svc)
def cmd_all_services(cmd):
if is_unit_paused_set():
log('Unit is in paused state, not issuing {} to all'
'services'.format(cmd))
return
if cmd == 'start':
for svc in services():
if not service_running(svc):
service_start(svc)
else:
for svc in services():
service(cmd, svc)
def _mon_relation():
key_name = 'rgw.{}'.format(socket.gethostname())
if request_per_unit_key():
relation_set(relation_id=rid,
key_name=key_name)
# NOTE: prefer zone name if in use over pool-prefix.
rq = ceph.get_create_rgw_pools_rq(
prefix=config('zone') or config('pool-prefix'))
if is_request_complete(rq, relation='mon'):
log('Broker request complete', level=DEBUG)
CONFIGS.write_all()
# New style per unit keys
key = relation_get(attribute='{}_key'.format(key_name),
rid=rid, unit=unit)
if not key:
# Fallback to old style global key
key = relation_get(attribute='radosgw_key',
rid=rid, unit=unit)
key_name = None
if key:
new_keyring = ceph.import_radosgw_key(key,
name=key_name)
# NOTE(jamespage):
# Deal with switch from radosgw init script to
# systemd named units for radosgw instances by
# stopping and disabling the radosgw unit
if systemd_based_radosgw():
service_stop('radosgw')
service('disable', 'radosgw')
# Update the nrpe config. If we wait for the below
# to be called elsewhere, there exists a period
# where nagios will report the radosgw service as
# down, and also not be monitoring the per
# host services.
update_nrpe_config(checks_to_remove=['radosgw'])
service('enable', service_name())
# NOTE(jamespage):
# Multi-site deployments need to defer restart as the
# zone is not created until the master relation is
# joined; restarting here will cause a restart burst
# in systemd and stop the process restarting once
# zone configuration is complete.
if (not is_unit_paused_set() and
new_keyring and
not multisite_deployment()):
service_restart(service_name())
process_multisite_relations()
else:
send_request_if_needed(rq, relation='mon')
def configure_gunicorn():
status_set("maintenance", "Configuring gunicorn service")
render('omnivector-challenge.service.j2',
'/etc/systemd/system/omnivector-challenge.service',
perms=0o755,
context={
'port': port(),
'project_root': '/srv/omnivector-challenge/app',
'user': '******',
'group': 'www-data',
})
service("enable", "omnivector-challenge")
status_set("active", "Serving HTTP from gunicorn")
def _mon_relation():
key_name = 'rgw.{}'.format(socket.gethostname())
if request_per_unit_key():
relation_set(relation_id=rid, key_name=key_name)
# NOTE: prefer zone name if in use over pool-prefix.
rq = ceph.get_create_rgw_pools_rq(
prefix=config('zone') or config('pool-prefix'))
if is_request_complete(rq, relation='mon'):
log('Broker request complete', level=DEBUG)
CONFIGS.write_all()
# New style per unit keys
key = relation_get(attribute='{}_key'.format(key_name),
rid=rid,
unit=unit)
if not key:
# Fallback to old style global key
key = relation_get(attribute='radosgw_key', rid=rid, unit=unit)
key_name = None
if key:
new_keyring = ceph.import_radosgw_key(key, name=key_name)
# NOTE(jamespage):
# Deal with switch from radosgw init script to
# systemd named units for radosgw instances by
# stopping and disabling the radosgw unit
if systemd_based_radosgw():
service_stop('radosgw')
service('disable', 'radosgw')
# Update the nrpe config. If we wait for the below
# to be called elsewhere, there exists a period
# where nagios will report the radosgw service as
# down, and also not be monitoring the per
# host services.
update_nrpe_config(checks_to_remove=['radosgw'])
# NOTE(jamespage):
# Multi-site deployments need to defer restart as the
# zone is not created until the master relation is
# joined; restarting here will cause a restart burst
# in systemd and stop the process restarting once
# zone configuration is complete.
if (not is_unit_paused_set() and new_keyring
and not multisite_deployment()):
log('Resume service "{}" as we now have keys for it.'.
format(service_name()),
level=DEBUG)
service_resume(service_name())
process_multisite_relations()
else:
send_request_if_needed(rq, relation='mon')
def config_changed():
ls_tgz = os.path.join(os.environ['CHARM_DIR'], 'files', LS_FNAME)
# sorry if you reboot the server, we're fetching it again unless
# you fatpacked the charm. YOLO DORITOS
if not os.path.exists(ls_tgz):
link = cfg['logstash_url']
sum = cfg['logstash_sum']
tpath = download_and_validate(link, sum)
cmd = 'tar -xvz --strip-components=1 -C /opt/logstash -f {}'
subprocess.check_call(shlex.split(cmd.format(tpath)))
service('restart', 'logstash-indexer')
def wrapped_f(*args, **kwargs):
checksums = {path: path_hash(path) for path in restart_map}
f(*args, **kwargs)
restarts = []
for path in restart_map:
if path_hash(path) != checksums[path]:
restarts += restart_map[path]
services_list = list(OrderedDict.fromkeys(restarts))
if not stopstart:
for service_name in services_list:
service('restart', service_name)
else:
for action in ['stop', 'start']:
for service_name in services_list:
service(action, service_name)
if action == 'stop' and sleep:
time.sleep(sleep)
def start_builtin_server(
ssl_cert_path,
serve_tests,
sandbox,
builtin_server_logging,
insecure,
charmworld_url,
env_password=None,
env_uuid=None,
juju_version=None,
debug=False,
port=None,
bundleservice_url=None,
interactive_login=False,
gzip=True,
gtm_enabled=False,
gisf_enabled=False,
charmstore_url=None,
):
"""Start the builtin server."""
if (port is not None) and not port_in_range(port):
# Do not use the user provided port if it is not valid.
port = None
write_builtin_server_startup(
ssl_cert_path,
serve_tests=serve_tests,
sandbox=sandbox,
builtin_server_logging=builtin_server_logging,
insecure=insecure,
charmworld_url=charmworld_url,
env_password=env_password,
env_uuid=env_uuid,
juju_version=juju_version,
debug=debug,
port=port,
bundleservice_url=bundleservice_url,
interactive_login=interactive_login,
gzip=gzip,
gtm_enabled=gtm_enabled,
gisf_enabled=gisf_enabled,
charmstore_url=charmstore_url,
)
log("Starting the builtin server.")
with su("root"):
service(RESTART, GUISERVER)
def bootstrap_pxc():
"""Bootstrap PXC
On systemd systems systemctl bootstrap-pxc mysql does not work.
Run service mysql bootstrap-pxc to bootstrap."""
service('stop', 'mysql')
bootstrapped = service('bootstrap-pxc', 'mysql')
if not bootstrapped:
try:
cmp_os = CompareHostReleases(
lsb_release()['DISTRIB_CODENAME']
)
if cmp_os < 'bionic':
# NOTE(jamespage): execute under systemd-run to ensure
# that the bootstrap-pxc mysqld does
# not end up in the juju unit daemons
# cgroup scope.
cmd = ['systemd-run', '--service-type=forking',
'service', 'mysql', 'bootstrap-pxc']
subprocess.check_call(cmd)
else:
service('start', 'mysql@bootstrap')
except subprocess.CalledProcessError as e:
msg = 'Bootstrap PXC failed'
error_msg = '{}: {}'.format(msg, e)
status_set('blocked', msg)
log(error_msg, ERROR)
raise Exception(error_msg)
if CompareHostReleases(lsb_release()['DISTRIB_CODENAME']) < 'bionic':
# To make systemd aware mysql is running after a bootstrap
service('start', 'mysql')
log("Bootstrap PXC Succeeded", DEBUG)
def install_etcd():
''' Attempt resource get on the "etcd" and "etcdctl" resources. If no
resources are provided attempt to install from the archive only on the
16.04 (xenial) series. '''
status_set('maintenance', 'Installing etcd from apt.')
pkg_list = ['etcd']
apt_update()
apt_install(pkg_list, fatal=True)
# Stop the service and remove the defaults
# I hate that I have to do this. Sorry short-lived local data #RIP
# State control is to prevent upgrade-charm from nuking cluster
# data.
if not is_state('etcd.package.adjusted'):
host.service('stop', 'etcd')
if os.path.exists('/var/lib/etcd/default'):
shutil.rmtree('/var/lib/etcd/default')
set_state('etcd.package.adjusted')
set_state('etcd.installed')
def services():
"""Return a list of services that are managed by this charm.
@returns [services] - list of strings that are service names.
"""
# NOTE(jamespage): Native systemd variants of the packagin
# use mysql@bootstrap to seed the cluster
# however this is cleared after a reboot,
# so dynamically check to see if this active
if service('is-active', 'mysql@bootstrap'):
return ['mysql@bootstrap']
return ['mysql']
def stop_builtin_server():
"""Stop the builtin server."""
log("Stopping the builtin server.")
with su("root"):
service(STOP, GUISERVER)
cmd_log(run("rm", "-f", GUISERVER_INIT_PATH))
def configure_sriov():
'''Configure SR-IOV devices based on provided configuration options
NOTE(fnordahl): Boot time configuration is done by init script
intalled by this charm.
This function only does runtime configuration!
'''
charm_config = config()
if not enable_sriov():
return
# make sure init script has correct mode and that boot time execution
# is enabled
os.chmod(NEUTRON_SRIOV_INIT_SCRIPT, 0o755)
service('enable', 'neutron-openvswitch-networking-sriov')
devices = PCINetDevices()
sriov_numvfs = charm_config.get('sriov-numvfs')
# automatic configuration of all SR-IOV devices
if sriov_numvfs == 'auto':
log('Configuring SR-IOV device VF functions in auto mode')
for device in devices.pci_devices:
if device and device.sriov:
log("Configuring SR-IOV device"
" {} with {} VF's".format(device.interface_name,
device.sriov_totalvfs))
device.set_sriov_numvfs(device.sriov_totalvfs)
else:
# Single int blanket configuration
try:
log('Configuring SR-IOV device VF functions'
' with blanket setting')
for device in devices.pci_devices:
if device and device.sriov:
numvfs = min(int(sriov_numvfs), device.sriov_totalvfs)
if int(sriov_numvfs) > device.sriov_totalvfs:
log('Requested value for sriov-numvfs ({}) too '
'high for interface {}. Falling back to '
'interface totalvfs '
'value: {}'.format(sriov_numvfs,
device.interface_name,
device.sriov_totalvfs))
log("Configuring SR-IOV device {} with {} "
"VFs".format(device.interface_name, numvfs))
device.set_sriov_numvfs(numvfs)
except ValueError:
# <device>:<numvfs>[ <device>:numvfs] configuration
sriov_numvfs = sriov_numvfs.split()
for device_config in sriov_numvfs:
log('Configuring SR-IOV device VF functions per interface')
interface_name, numvfs = device_config.split(':')
device = devices.get_device_from_interface_name(
interface_name)
if device and device.sriov:
if int(numvfs) > device.sriov_totalvfs:
log('Requested value for sriov-numfs ({}) too '
'high for interface {}. Falling back to '
'interface totalvfs '
'value: {}'.format(numvfs,
device.interface_name,
device.sriov_totalvfs))
numvfs = device.sriov_totalvfs
log("Configuring SR-IOV device {} with {} "
"VF's".format(device.interface_name, numvfs))
device.set_sriov_numvfs(int(numvfs))
# Trigger remote restart in parent application
remote_restart('neutron-plugin', 'nova-compute')
# Restart of SRIOV agent is required after changes to system runtime
# VF configuration
cmp_release = CompareOpenStackReleases(
os_release('neutron-common', base='icehouse'))
if cmp_release >= 'mitaka':
service_restart('neutron-sriov-agent')
else:
service_restart('neutron-plugin-sriov-agent')
def full_restart():
''' Full restart and reload of openvswitch '''
if os.path.exists('/etc/init/openvswitch-force-reload-kmod.conf'):
service('start', 'openvswitch-force-reload-kmod')
else:
service('force-reload-kmod', 'openvswitch-switch')
def stop_builtin_server():
"""Stop the builtin server."""
log('Stopping the builtin server.')
with su('root'):
service(STOP, GUISERVER)
cmd_log(run('rm', '-f', GUISERVER_INIT_PATH))
def git_post_install(projects_yaml):
"""Perform post-install setup."""
src_etc = os.path.join(git_src_dir(projects_yaml, 'neutron'), 'etc')
configs = [
{'src': src_etc,
'dest': '/etc/neutron'},
{'src': os.path.join(src_etc, 'neutron/plugins'),
'dest': '/etc/neutron/plugins'},
{'src': os.path.join(src_etc, 'neutron/rootwrap.d'),
'dest': '/etc/neutron/rootwrap.d'},
]
for c in configs:
if os.path.exists(c['dest']):
shutil.rmtree(c['dest'])
shutil.copytree(c['src'], c['dest'])
# NOTE(coreycb): Need to find better solution than bin symlinks.
symlinks = [
{'src': os.path.join(git_pip_venv_dir(projects_yaml),
'bin/neutron-rootwrap'),
'link': '/usr/local/bin/neutron-rootwrap'},
]
for s in symlinks:
if os.path.lexists(s['link']):
os.remove(s['link'])
os.symlink(s['src'], s['link'])
render('git/neutron_sudoers', '/etc/sudoers.d/neutron_sudoers', {},
perms=0o440)
bin_dir = os.path.join(git_pip_venv_dir(projects_yaml), 'bin')
# Use systemd init units/scripts from ubuntu wily onward
if lsb_release()['DISTRIB_RELEASE'] >= '15.10':
templates_dir = os.path.join(charm_dir(), 'templates/git')
daemons = ['neutron-openvswitch-agent', 'neutron-ovs-cleanup']
for daemon in daemons:
neutron_ovs_context = {
'daemon_path': os.path.join(bin_dir, daemon),
}
filename = daemon
if daemon == 'neutron-openvswitch-agent':
if os_release('neutron-common') < 'mitaka':
filename = 'neutron-plugin-openvswitch-agent'
template_file = 'git/{}.init.in.template'.format(filename)
init_in_file = '{}.init.in'.format(filename)
render(template_file, os.path.join(templates_dir, init_in_file),
neutron_ovs_context, perms=0o644)
git_generate_systemd_init_files(templates_dir)
for daemon in daemons:
filename = daemon
if daemon == 'neutron-openvswitch-agent':
if os_release('neutron-common') < 'mitaka':
filename = 'neutron-plugin-openvswitch-agent'
service('enable', filename)
else:
neutron_ovs_agent_context = {
'service_description': 'Neutron OpenvSwitch Plugin Agent',
'charm_name': 'neutron-openvswitch',
'process_name': 'neutron-openvswitch-agent',
'executable_name': os.path.join(bin_dir,
'neutron-openvswitch-agent'),
'cleanup_process_name': 'neutron-ovs-cleanup',
'plugin_config': '/etc/neutron/plugins/ml2/ml2_conf.ini',
'log_file': '/var/log/neutron/openvswitch-agent.log',
}
neutron_ovs_cleanup_context = {
'service_description': 'Neutron OpenvSwitch Cleanup',
'charm_name': 'neutron-openvswitch',
'process_name': 'neutron-ovs-cleanup',
'executable_name': os.path.join(bin_dir, 'neutron-ovs-cleanup'),
'log_file': '/var/log/neutron/ovs-cleanup.log',
}
if os_release('neutron-common') < 'mitaka':
render('git/upstart/neutron-plugin-openvswitch-agent.upstart',
'/etc/init/neutron-plugin-openvswitch-agent.conf',
neutron_ovs_agent_context, perms=0o644)
else:
render('git/upstart/neutron-plugin-openvswitch-agent.upstart',
'/etc/init/neutron-openvswitch-agent.conf',
neutron_ovs_agent_context, perms=0o644)
render('git/upstart/neutron-ovs-cleanup.upstart',
'/etc/init/neutron-ovs-cleanup.conf',
neutron_ovs_cleanup_context, perms=0o644)
if not is_unit_paused_set():
service_restart('neutron-plugin-openvswitch-agent')
def install_git():
apt_install('git')
configure_sshd()
host.service('restart', 'ssh')
def full_restart():
''' Full restart and reload of openvswitch '''
service('force-reload-kmod', 'openvswitch-switch')
def ftb_systemd_remove():
service('disable', CHARM_NAME)
os.unlink(SYSTEMD_SVC_PATH)
check_call(['systemctl', 'daemon-reload'])
