def is_ipv6_ok(soft_fail=False):
"""
Check if IPv6 support is present and ip6tables functional
:param soft_fail: If set to True and IPv6 support is broken, then reports
that the host doesn't have IPv6 support, otherwise a
UFWIPv6Error exception is raised.
:returns: True if IPv6 is working, False otherwise
"""
# do we have IPv6 in the machine?
if os.path.isdir('/proc/sys/net/ipv6'):
# is ip6tables kernel module loaded?
if not is_module_loaded('ip6_tables'):
# ip6tables support isn't complete, let's try to load it
try:
modprobe('ip6_tables')
# great, we can load the module
return True
except subprocess.CalledProcessError as ex:
hookenv.log("Couldn't load ip6_tables module: %s" % ex.output,
level="WARN")
# we are in a world where ip6tables isn't working
if soft_fail:
# so we inform that the machine doesn't have IPv6
return False
else:
raise UFWIPv6Error("IPv6 firewall support broken")
else:
# the module is present :)
return True
else:
# the system doesn't have IPv6
return False
def install_dpdk():
modprobe(config["dpdk-driver"])
try:
modprobe("vfio-pci")
except:
pass
dkms_autoinstall()
pages = get_hugepages()
if pages:
hugepage_support("root", group="root", nr_hugepages=pages,
mnt_point="/hugepages")
service_restart("libvirt-bin")
configure_vrouter_interface()
set_dpdk_coremask()
write_configs()
if not init_is_systemd():
os.remove("/etc/init/supervisor-vrouter.override")
service_start("supervisor-vrouter")
service_restart("contrail-vrouter-agent")
else:
service("enable", "contrail-vrouter-dpdk")
service_start("contrail-vrouter-dpdk")
service("enable", "contrail-vrouter-agent")
service_start("contrail-vrouter-agent")
fix_libvirt()
def is_ipv6_ok(soft_fail=False):
"""
Check if IPv6 support is present and ip6tables functional
:param soft_fail: If set to True and IPv6 support is broken, then reports
that the host doesn't have IPv6 support, otherwise a
UFWIPv6Error exception is raised.
:returns: True if IPv6 is working, False otherwise
"""
# do we have IPv6 in the machine?
if os.path.isdir('/proc/sys/net/ipv6'):
# is ip6tables kernel module loaded?
if not is_module_loaded('ip6_tables'):
# ip6tables support isn't complete, let's try to load it
try:
modprobe('ip6_tables')
# great, we can load the module
return True
except subprocess.CalledProcessError as ex:
hookenv.log("Couldn't load ip6_tables module: %s" % ex.output,
level="WARN")
# we are in a world where ip6tables isn't working
if soft_fail:
# so we inform that the machine doesn't have IPv6
return False
else:
raise UFWIPv6Error("IPv6 firewall support broken")
else:
# the module is present :)
return True
else:
# the system doesn't have IPv6
return False
def install_dpdk():
modprobe(config["dpdk-driver"])
try:
modprobe("vfio-pci")
except:
pass
dkms_autoinstall()
pages = get_hugepages()
if pages:
hugepage_support("root", group="root", nr_hugepages=pages,
mnt_point="/hugepages")
service_restart("libvirt-bin")
configure_vrouter_interface()
set_dpdk_options()
if not init_is_systemd():
os.remove("/etc/init/supervisor-vrouter.override")
service_start("supervisor-vrouter")
service_restart("contrail-vrouter-agent")
else:
# unmask them first
for srv in ("contrail-vrouter-agent", "contrail-vrouter-dpdk"):
try:
os.remove("/etc/systemd/system/{}.service".format(srv))
except OSError:
pass
service("enable", "contrail-vrouter-dpdk")
service_start("contrail-vrouter-dpdk")
service("enable", "contrail-vrouter-agent")
service_start("contrail-vrouter-agent")
fix_libvirt()
def configure_lxd_host():
ubuntu_release = lsb_release()['DISTRIB_CODENAME'].lower()
if ubuntu_release > "vivid":
log('>= Wily deployment - configuring LXD trust password and address',
level=INFO)
cmd = ['lxc', 'config', 'set',
'core.trust_password', lxd_trust_password()]
check_call(cmd)
cmd = ['lxc', 'config', 'set',
'core.https_address', '[::]']
check_call(cmd)
if ubuntu_release == 'xenial':
apt_install('linux-image-extra-%s' % os.uname()[2],
fatal=True)
if ubuntu_release >= 'xenial':
modprobe('netlink_diag')
elif ubuntu_release == "vivid":
log('Vivid deployment - loading overlay kernel module', level=INFO)
cmd = ['modprobe', 'overlay']
check_call(cmd)
with open('/etc/modules', 'r+') as modules:
if 'overlay' not in modules.read():
modules.write('overlay')
def config_changed():
configure_deferred_restarts(deferrable_services())
if not config('action-managed-upgrade'):
if openstack_upgrade_available(NEUTRON_COMMON):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
update_nrpe_config()
module_settings = config('kernel-modules')
if module_settings:
if is_container():
log("Cannot load modules inside of a container", level=WARNING)
else:
for module in module_settings.split():
try:
modprobe(module)
except Exception:
message = "Failed to load kernel module '%s'" % module
log(message, level=WARNING)
sysctl_settings = config('sysctl')
if sysctl_settings:
if is_container():
log("Cannot create sysctls inside of a container", level=WARNING)
else:
create_sysctl(sysctl_settings,
'/etc/sysctl.d/50-quantum-gateway.conf')
# Re-run joined hooks as config might have changed
for r_id in relation_ids('amqp'):
amqp_joined(relation_id=r_id)
for r_id in relation_ids('amqp-nova'):
amqp_nova_joined(relation_id=r_id)
if valid_plugin():
CONFIGS.write_all()
configure_ovs()
configure_apparmor()
else:
message = 'Please provide a valid plugin config'
log(message, level=ERROR)
status_set('blocked', message)
sys.exit(1)
if config('plugin') == 'n1kv':
if config('enable-l3-agent'):
status_set('maintenance', 'Installing apt packages')
apt_install(filter_installed_packages('neutron-l3-agent'))
else:
apt_purge('neutron-l3-agent')
# Setup legacy ha configurations
update_legacy_ha_files()
# Disable nova metadata if possible,
if disable_nova_metadata():
remove_legacy_nova_metadata()
if disable_neutron_lbaas():
remove_legacy_neutron_lbaas()
def test_modprobe_not_persistent_centos(self, platform, check_call):
platform.return_value = 'centos'
imp.reload(kernel)
with patch_open() as (_open, _file):
_file.read.return_value = 'anothermod\n'
with patch("charmhelpers.core.kernel.log"):
kernel.modprobe('mymod', persist=False)
assert not _open.called
check_call.assert_called_with(['modprobe', 'mymod'])
def configure(service, key, auth, use_syslog):
"""Perform basic configuration of Ceph."""
create_keyring(service, key)
create_key_file(service, key)
hosts = get_ceph_nodes()
with open('/etc/ceph/ceph.conf', 'w') as ceph_conf:
ceph_conf.write(CEPH_CONF.format(auth=auth,
keyring=_keyring_path(service),
mon_hosts=",".join(map(str, hosts)),
use_syslog=use_syslog))
modprobe('rbd')
def install_dkms():
try:
log("Loading kernel module vrouter")
modprobe("vrouter")
except CalledProcessError:
log("vrouter kernel module failed to load,"
" clearing pagecache and retrying")
drop_caches()
modprobe("vrouter")
dkms_autoinstall()
configure_vrouter_interface()
def configure(service, key, auth, use_syslog):
"""Perform basic configuration of Ceph."""
create_keyring(service, key)
create_key_file(service, key)
hosts = get_ceph_nodes()
with open('/etc/ceph/ceph.conf', 'w') as ceph_conf:
ceph_conf.write(CEPH_CONF.format(auth=auth,
keyring=_keyring_path(service),
mon_hosts=",".join(map(str, hosts)),
use_syslog=use_syslog))
modprobe('rbd')
def test_modprobe_persistent_ubuntu(self, platform, check_call):
platform.return_value = 'ubuntu'
imp.reload(kernel)
with patch_open() as (_open, _file):
_file.read.return_value = 'anothermod\n'
with patch("charmhelpers.core.kernel.log"):
kernel.modprobe('mymod')
_open.assert_called_with('/etc/modules', 'r+')
_file.read.assert_called_with()
_file.write.assert_called_with('mymod\n')
check_call.assert_called_with(['modprobe', 'mymod'])
def install_dkms():
try:
log("Loading kernel module vrouter")
modprobe("vrouter")
except CalledProcessError:
log("vrouter kernel module failed to load,"
" clearing pagecache and retrying")
drop_caches()
modprobe("vrouter")
dkms_autoinstall()
configure_vrouter_interface()
config["vrouter-expected-provision-state"] = False
status_set("blocked", "Missing relation to contrail-controller")
def enable_br_netfilter_module():
"""
Enable br_netfilter to work around https://github.com/kubernetes/kubernetes/issues/21613.
:return: None
"""
try:
modprobe('br_netfilter', persist=True)
except Exception:
log(traceback.format_exc())
if host.is_container():
log('LXD detected, ignoring failure to load br_netfilter')
else:
log('LXD not detected, will retry loading br_netfilter')
return
set_state('containerd.br_netfilter.enabled')
def configure_lxd_host():
ubuntu_release = lsb_release()['DISTRIB_CODENAME'].lower()
cmp_ubuntu_release = CompareHostReleases(ubuntu_release)
if cmp_ubuntu_release > "vivid":
log('>= Wily deployment - configuring LXD trust password and address',
level=INFO)
cmd = ['lxc', 'config', 'set',
'core.trust_password', lxd_trust_password()]
check_call(cmd)
cmd = ['lxc', 'config', 'set',
'core.https_address', '[::]']
check_call(cmd)
if not is_container():
# NOTE(jamespage): None of the below is worth doing when running
# within a container on an all-in-one install
# Configure live migration
if cmp_ubuntu_release == 'xenial':
uname = os.uname()[2]
if uname > '4.4.0-122-generic':
pkg = "linux-modules-extra-{}"
else:
pkg = "linux-image-extra-{}"
apt_install(pkg.format(uname), fatal=True)
if cmp_ubuntu_release >= 'xenial':
modprobe('netlink_diag')
# Enable/disable use of ext4 within nova-lxd containers
if os.path.exists(EXT4_USERNS_MOUNTS):
with open(EXT4_USERNS_MOUNTS, 'w') as userns_mounts:
userns_mounts.write(
'Y\n' if config('enable-ext4-userns') else 'N\n'
)
configure_uid_mapping()
elif cmp_ubuntu_release == "vivid":
log('Vivid deployment - loading overlay kernel module', level=INFO)
cmd = ['modprobe', 'overlay']
check_call(cmd)
with open('/etc/modules', 'r+') as modules:
if 'overlay' not in modules.read():
modules.write('overlay')
def configure_lxd_host():
ubuntu_release = lsb_release()['DISTRIB_CODENAME'].lower()
cmp_ubuntu_release = CompareHostReleases(ubuntu_release)
if cmp_ubuntu_release > "vivid":
log('>= Wily deployment - configuring LXD trust password and address',
level=INFO)
cmd = [
'lxc', 'config', 'set', 'core.trust_password',
lxd_trust_password()
]
check_call(cmd)
cmd = ['lxc', 'config', 'set', 'core.https_address', '[::]']
check_call(cmd)
if not is_container():
# NOTE(jamespage): None of the below is worth doing when running
# within a container on an all-in-one install
# Configure live migration
if cmp_ubuntu_release == 'xenial':
uname = os.uname()[2]
if uname > '4.4.0-122-generic':
pkg = "linux-modules-extra-{}"
else:
pkg = "linux-image-extra-{}"
apt_install(pkg.format(uname), fatal=True)
if cmp_ubuntu_release >= 'xenial':
modprobe('netlink_diag')
# Enable/disable use of ext4 within nova-lxd containers
if os.path.exists(EXT4_USERNS_MOUNTS):
with open(EXT4_USERNS_MOUNTS, 'w') as userns_mounts:
userns_mounts.write(
'Y\n' if config('enable-ext4-userns') else 'N\n')
configure_uid_mapping()
elif cmp_ubuntu_release == "vivid":
log('Vivid deployment - loading overlay kernel module', level=INFO)
cmd = ['modprobe', 'overlay']
check_call(cmd)
with open('/etc/modules', 'r+') as modules:
if 'overlay' not in modules.read():
modules.write('overlay')
def install():
status_set("maintenance", "Installing...")
configure_sources(True, "install-sources", "install-keys")
apt_upgrade(fatal=True, dist=True)
packages = list()
packages.extend(PACKAGES)
# TODO: support dpdk config option
packages.extend(PACKAGES_DKMS_INIT)
apt_install(packages, fatal=True)
try:
output = check_output([
"dpkg-query", "-f", "${Version}\\n", "-W", "contrail-vrouter-agent"
])
version = output.decode('UTF-8').rstrip()
application_version_set(version)
except CalledProcessError:
return None
status_set("maintenance", "Configuring...")
os.chmod("/etc/contrail", 0o755)
os.chown("/etc/contrail", 0, 0)
# supervisord must be started after installation
release = lsb_release()["DISTRIB_CODENAME"]
if release == 'trusty':
# supervisord
service_restart("supervisor-vrouter")
try:
log("Loading kernel module vrouter")
modprobe("vrouter")
except CalledProcessError:
log("vrouter kernel module failed to load,"
" clearing pagecache and retrying")
drop_caches()
modprobe("vrouter")
dkms_autoinstall("vrouter")
configure_vrouter_interface()
config["vrouter-expected-provision-state"] = False
status_set("blocked", "Missing relation to contrail-controller")
def install_packages():
apt_update()
# NOTE(jamespage): install neutron-common package so we always
# get a clear signal on which OS release is
# being deployed
apt_install(filter_installed_packages(['neutron-common']), fatal=True)
# NOTE(jamespage): ensure early install of dkms related
# dependencies for kernels which need
# openvswitch via dkms (12.04).
dkms_packages = determine_dkms_package()
if dkms_packages:
apt_install([headers_package()] + dkms_packages, fatal=True)
missing_packages = filter_installed_packages(determine_packages())
if missing_packages:
status_set('maintenance', 'Installing packages')
apt_install(missing_packages, fatal=True)
if use_dpdk():
enable_ovs_dpdk()
# NOTE(tpsilva): if we're using openvswitch driver, we need to explicitly
# load the nf_conntrack_ipv4/6 module, since it won't be
# loaded automatically in some cases. LP#1834213
if not is_container() and config('firewall-driver') == 'openvswitch':
try:
modprobe('nf_conntrack_ipv4', True)
modprobe('nf_conntrack_ipv6', True)
except subprocess.CalledProcessError:
# Newer kernel versions (4.19+) don't have two modules for that, so
# only load nf_conntrack
log("This kernel does not have nf_conntrack_ipv4/6. "
"Loading nf_conntrack only.")
modprobe('nf_conntrack', True)
def install_packages():
# NOTE(jamespage): install neutron-common package so we always
# get a clear signal on which OS release is
# being deployed
apt_install(filter_installed_packages(['neutron-common']), fatal=True)
# NOTE(jamespage):
# networking-tools-source provides general tooling for configuration
# of SR-IOV VF's and Mellanox ConnectX switchdev capable adapters
# The default PPA published packages back to Xenial, which covers
# all target series for this charm.
if config('networking-tools-source') and \
(use_dpdk() or enable_sriov() or use_hw_offload()):
add_source(config('networking-tools-source'))
apt_update()
# NOTE(jamespage): ensure early install of dkms related
# dependencies for kernels which need
# openvswitch via dkms (12.04).
dkms_packages = determine_dkms_package()
if dkms_packages:
apt_install([headers_package()] + dkms_packages, fatal=True)
missing_packages = filter_installed_packages(determine_packages())
if missing_packages:
status_set('maintenance', 'Installing packages')
apt_install(missing_packages, fatal=True)
if use_dpdk():
enable_ovs_dpdk()
if use_hw_offload():
enable_hw_offload()
# NOTE(tpsilva): if we're using openvswitch driver, we need to explicitly
# load the nf_conntrack_ipv4/6 module, since it won't be
# loaded automatically in some cases. LP#1834213
if not is_container() and config('firewall-driver') == 'openvswitch':
try:
modprobe('nf_conntrack_ipv4', True)
modprobe('nf_conntrack_ipv6', True)
except subprocess.CalledProcessError:
# Newer kernel versions (4.19+) don't have two modules for that, so
# only load nf_conntrack
log("This kernel does not have nf_conntrack_ipv4/6. "
"Loading nf_conntrack only.")
modprobe('nf_conntrack', True)
def load_modules():
for module in REQUIRED_MODULES:
modprobe(module, persist=True)
