def update_all_configs():
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager']
and config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()
def config_changed():
if is_unit_paused_set():
log("Do not run config_changed when paused", "WARNING")
return
if config('ephemeral-unmount'):
umount(config('ephemeral-unmount'), persist=True)
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
if (migration_enabled()
and config('migration-auth-type') not in MIGRATION_AUTH_TYPES):
message = ("Invalid migration-auth-type")
status_set('blocked', message)
raise Exception(message)
global CONFIGS
send_remote_restart = False
if not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
send_remote_restart = True
sysctl_settings = config('sysctl')
if sysctl_settings:
create_sysctl(sysctl_settings, '/etc/sysctl.d/50-nova-compute.conf')
remove_libvirt_network('default')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
for rid in relation_ids('nova-ceilometer'):
nova_ceilometer_joined(rid, remote_restart=send_remote_restart)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
# NOTE(jamespage): trigger any configuration related changes
# for cephx permissions restrictions and
# keys on disk for ceph-access backends
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
for rid in relation_ids('ceph-access'):
for unit in related_units(rid):
ceph_access(rid=rid, unit=unit)
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager']
and config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()
install_vaultlocker()
install_multipath()
configure_local_ephemeral_storage()
context.WorkerConfigContext(),
vaultlocker.VaultKVContext(vaultlocker.VAULTLOCKER_BACKEND),
context.IdentityCredentialsContext(rel_name='cloud-credentials')
],
},
NOVA_API_AA_PROFILE_PATH: {
'services': ['nova-api'],
'contexts': [NovaAPIAppArmorContext()],
},
NOVA_COMPUTE_AA_PROFILE_PATH: {
'services': ['nova-compute'],
'contexts': [NovaComputeAppArmorContext()],
},
NOVA_NETWORK_AA_PROFILE_PATH: {
'services': ['nova-network'],
'contexts': [NovaNetworkAppArmorContext()],
},
}
LIBVIRTD_DAEMON = 'libvirtd'
LIBVIRT_BIN_DAEMON = 'libvirt-bin'
LIBVIRT_RESOURCE_MAP = {
QEMU_CONF: {
'services': [LIBVIRT_BIN_DAEMON],
'contexts': [NovaComputeLibvirtContext()],
},
QEMU_KVM: {
'services': ['qemu-kvm'],
'contexts': [NovaComputeLibvirtContext()],
},
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
global CONFIGS
send_remote_restart = False
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
send_remote_restart = True
sysctl_settings = config('sysctl')
if sysctl_settings:
sysctl_dict = yaml.safe_load(sysctl_settings)
sysctl_dict['vm.swappiness'] = sysctl_dict.get('vm.swappiness', 1)
create_sysctl(yaml.dump(sysctl_dict),
'/etc/sysctl.d/50-nova-compute.conf')
destroy_libvirt_network('default')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
# NOTE(jamespage): trigger any configuration related changes
# for cephx permissions restrictions and
# keys on disk for ceph-access backends
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
for rid in relation_ids('ceph-access'):
for unit in related_units(rid):
ceph_access(rid=rid, unit=unit)
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager']
and config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()