def compute_changed(): # rewriting all configs to pick up possible net or vol manager # config advertised from controller. CONFIGS.write_all() import_authorized_keys() import_authorized_keys(user='******', prefix='nova') import_keystone_ca_cert()
def config_changed(): if config('prefer-ipv6'): status_set('maintenance', 'configuring ipv6') assert_charm_supports_ipv6() global CONFIGS if git_install_requested(): if config_value_changed('openstack-origin-git'): status_set('maintenance', 'Running Git install') git_install(config('openstack-origin-git')) elif not config('action-managed-upgrade'): if openstack_upgrade_available('nova-common'): status_set('maintenance', 'Running openstack upgrade') do_openstack_upgrade(CONFIGS) sysctl_dict = config('sysctl') if sysctl_dict: create_sysctl(sysctl_dict, '/etc/sysctl.d/50-nova-compute.conf') if migration_enabled() and config('migration-auth-type') == 'ssh': # Check-in with nova-c-c and register new ssh key, if it has just been # generated. status_set('maintenance', 'SSH key exchange') initialize_ssh_keys() import_authorized_keys() if config('enable-resize') is True: enable_shell(user='******') status_set('maintenance', 'SSH key exchange') initialize_ssh_keys(user='******') import_authorized_keys(user='******', prefix='nova') else: disable_shell(user='******') if config('instances-path') is not None: fp = config('instances-path') fix_path_ownership(fp, user='******') [compute_joined(rid) for rid in relation_ids('cloud-compute')] for rid in relation_ids('zeromq-configuration'): zeromq_configuration_relation_joined(rid) for rid in relation_ids('neutron-plugin'): neutron_plugin_joined(rid) if is_relation_made("nrpe-external-master"): update_nrpe_config() if config('hugepages'): install_hugepages() if (config('libvirt-image-backend') == 'rbd' and assert_libvirt_imagebackend_allowed()): for rid in relation_ids('ceph'): for unit in related_units(rid): ceph_changed(rid=rid, unit=unit) CONFIGS.write_all()
def compute_changed(): # rewriting all configs to pick up possible net or vol manager # config advertised from controller. CONFIGS.write_all() import_authorized_keys() import_keystone_ca_cert() if (network_manager() in ['quantum', 'neutron'] and neutron_plugin() == 'ovs'): # in case we already have a database relation, need to request # access to the additional neutron database. [db_joined(rid) for rid in relation_ids('shared-db')]
def _test_import_authorized_keys_base(self, getpwnam, prefix=None, auth_key_path='/home/foo/.ssh/' 'authorized_keys'): getpwnam.return_value = self.fake_user('foo') self.relation_get.side_effect = [ 3, # relation_get('known_hosts_max_index') 'k_h_0', # relation_get_('known_hosts_0') 'k_h_1', # relation_get_('known_hosts_1') 'k_h_2', # relation_get_('known_hosts_2') 3, # relation_get('authorized_keys_max_index') 'auth_0', # relation_get('authorized_keys_0') 'auth_1', # relation_get('authorized_keys_1') 'auth_2', # relation_get('authorized_keys_2') ] ex_open = [ call('/home/foo/.ssh/known_hosts', 'wb'), call(auth_key_path, 'wb') ] ex_write = [ call('k_h_0\n'), call('k_h_1\n'), call('k_h_2\n'), call('auth_0\n'), call('auth_1\n'), call('auth_2\n') ] with patch_open() as (_open, _file): utils.import_authorized_keys(user='******', prefix=prefix) self.assertEqual(ex_open, _open.call_args_list) self.assertEqual(ex_write, _file.write.call_args_list) authkey_root = 'authorized_keys_' known_hosts_root = 'known_hosts_' if prefix: authkey_root = prefix + '_authorized_keys_' known_hosts_root = prefix + '_known_hosts_' expected_relations = [ call(known_hosts_root + 'max_index'), call(known_hosts_root + '0'), call(known_hosts_root + '1'), call(known_hosts_root + '2'), call(authkey_root + 'max_index'), call(authkey_root + '0'), call(authkey_root + '1'), call(authkey_root + '2') ] self.assertEqual(sorted(self.relation_get.call_args_list), sorted(expected_relations))
def _test_import_authorized_keys_base(self, getpwnam, prefix=None, auth_key_path='/home/foo/.ssh/' 'authorized_keys'): getpwnam.return_value = self.fake_user('foo') d = { 'known_hosts_max_index': 3, 'known_hosts_0': 'k_h_0', 'known_hosts_1': 'k_h_1', 'known_hosts_2': 'k_h_2', 'authorized_keys_max_index': 3, 'authorized_keys_0': 'auth_0', 'authorized_keys_1': 'auth_1', 'authorized_keys_2': 'auth_2', } if prefix: for k, v in d.copy().items(): d["{}_{}".format(prefix, k)] = v def _relation_get(scope=None, *args, **kwargs): if scope is not None: return d.get(scope, None) return d self.relation_get.side_effect = _relation_get ex_open = [ call('/home/foo/.ssh/known_hosts', 'wt'), call(auth_key_path, 'wt') ] ex_write = [ call('k_h_0\n'), call('k_h_1\n'), call('k_h_2\n'), call('auth_0\n'), call('auth_1\n'), call('auth_2\n') ] # we only have to verify that the files are writen as expected as this # implicitly checks that the relation_get calls have occurred. with patch_open() as (_open, _file): utils.import_authorized_keys(user='******', prefix=prefix) self.assertEqual(ex_open, _open.call_args_list) self.assertEqual(ex_write, _file.write.call_args_list)
def test_import_authorized_keys(self, getpwnam): getpwnam.return_value = self.fake_user('foo') self.relation_get.side_effect = [ 'Zm9vX2tleQo=', # relation_get('known_hosts') 'Zm9vX2hvc3QK', # relation_get('authorized_keys') ] ex_open = [ call('/home/foo/.ssh/authorized_keys', 'wb'), call('/home/foo/.ssh/known_hosts', 'wb') ] ex_write = [ call('foo_host\n'), call('foo_key\n'), ] with patch_open() as (_open, _file): utils.import_authorized_keys(user='******') self.assertEquals(ex_open, _open.call_args_list) self.assertEquals(ex_write, _file.write.call_args_list)
def config_changed(): if is_unit_paused_set(): log("Do not run config_changed when paused", "WARNING") return if config('ephemeral-unmount'): umount(config('ephemeral-unmount'), persist=True) if config('prefer-ipv6'): status_set('maintenance', 'configuring ipv6') assert_charm_supports_ipv6() if (migration_enabled() and config('migration-auth-type') not in MIGRATION_AUTH_TYPES): message = ("Invalid migration-auth-type") status_set('blocked', message) raise Exception(message) global CONFIGS send_remote_restart = False if not config('action-managed-upgrade'): if openstack_upgrade_available('nova-common'): status_set('maintenance', 'Running openstack upgrade') do_openstack_upgrade(CONFIGS) send_remote_restart = True sysctl_settings = config('sysctl') if sysctl_settings: create_sysctl(sysctl_settings, '/etc/sysctl.d/50-nova-compute.conf') remove_libvirt_network('default') if migration_enabled() and config('migration-auth-type') == 'ssh': # Check-in with nova-c-c and register new ssh key, if it has just been # generated. status_set('maintenance', 'SSH key exchange') initialize_ssh_keys() import_authorized_keys() if config('enable-resize') is True: enable_shell(user='******') status_set('maintenance', 'SSH key exchange') initialize_ssh_keys(user='******') import_authorized_keys(user='******', prefix='nova') else: disable_shell(user='******') if config('instances-path') is not None: fp = config('instances-path') fix_path_ownership(fp, user='******') [compute_joined(rid) for rid in relation_ids('cloud-compute')] for rid in relation_ids('neutron-plugin'): neutron_plugin_joined(rid, remote_restart=send_remote_restart) for rid in relation_ids('nova-ceilometer'): nova_ceilometer_joined(rid, remote_restart=send_remote_restart) if is_relation_made("nrpe-external-master"): update_nrpe_config() if config('hugepages'): install_hugepages() # Disable smt for ppc64, required for nova/libvirt/kvm arch = platform.machine() log('CPU architecture: {}'.format(arch)) if arch in ['ppc64el', 'ppc64le']: set_ppc64_cpu_smt_state('off') # NOTE(jamespage): trigger any configuration related changes # for cephx permissions restrictions and # keys on disk for ceph-access backends for rid in relation_ids('ceph'): for unit in related_units(rid): ceph_changed(rid=rid, unit=unit) for rid in relation_ids('ceph-access'): for unit in related_units(rid): ceph_access(rid=rid, unit=unit) CONFIGS.write_all() NovaComputeAppArmorContext().setup_aa_profile() if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and config('multi-host').lower() == 'yes'): NovaAPIAppArmorContext().setup_aa_profile() NovaNetworkAppArmorContext().setup_aa_profile() install_vaultlocker() install_multipath() configure_local_ephemeral_storage()
def test_import_authorized_keys_missing_data(self): self.relation_get.return_value = None with patch_open() as (_open, _file): utils.import_authorized_keys(user='******') self.assertFalse(_open.called)
def config_changed(): if config('prefer-ipv6'): status_set('maintenance', 'configuring ipv6') assert_charm_supports_ipv6() global CONFIGS send_remote_restart = False if git_install_requested(): if config_value_changed('openstack-origin-git'): status_set('maintenance', 'Running Git install') git_install(config('openstack-origin-git')) elif not config('action-managed-upgrade'): if openstack_upgrade_available('nova-common'): status_set('maintenance', 'Running openstack upgrade') do_openstack_upgrade(CONFIGS) send_remote_restart = True sysctl_settings = config('sysctl') if sysctl_settings: sysctl_dict = yaml.safe_load(sysctl_settings) sysctl_dict['vm.swappiness'] = sysctl_dict.get('vm.swappiness', 1) create_sysctl(yaml.dump(sysctl_dict), '/etc/sysctl.d/50-nova-compute.conf') destroy_libvirt_network('default') if migration_enabled() and config('migration-auth-type') == 'ssh': # Check-in with nova-c-c and register new ssh key, if it has just been # generated. status_set('maintenance', 'SSH key exchange') initialize_ssh_keys() import_authorized_keys() if config('enable-resize') is True: enable_shell(user='******') status_set('maintenance', 'SSH key exchange') initialize_ssh_keys(user='******') import_authorized_keys(user='******', prefix='nova') else: disable_shell(user='******') if config('instances-path') is not None: fp = config('instances-path') fix_path_ownership(fp, user='******') [compute_joined(rid) for rid in relation_ids('cloud-compute')] for rid in relation_ids('zeromq-configuration'): zeromq_configuration_relation_joined(rid) for rid in relation_ids('neutron-plugin'): neutron_plugin_joined(rid, remote_restart=send_remote_restart) if is_relation_made("nrpe-external-master"): update_nrpe_config() if config('hugepages'): install_hugepages() # Disable smt for ppc64, required for nova/libvirt/kvm arch = platform.machine() log('CPU architecture: {}'.format(arch)) if arch in ['ppc64el', 'ppc64le']: set_ppc64_cpu_smt_state('off') # NOTE(jamespage): trigger any configuration related changes # for cephx permissions restrictions and # keys on disk for ceph-access backends for rid in relation_ids('ceph'): for unit in related_units(rid): ceph_changed(rid=rid, unit=unit) for rid in relation_ids('ceph-access'): for unit in related_units(rid): ceph_access(rid=rid, unit=unit) CONFIGS.write_all() NovaComputeAppArmorContext().setup_aa_profile() if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and config('multi-host').lower() == 'yes'): NovaAPIAppArmorContext().setup_aa_profile() NovaNetworkAppArmorContext().setup_aa_profile()
def config_changed(): if is_unit_paused_set(): log("Do not run config_changed when paused", "WARNING") return if config('ephemeral-unmount'): umount(config('ephemeral-unmount'), persist=True) if config('prefer-ipv6'): status_set('maintenance', 'configuring ipv6') assert_charm_supports_ipv6() if (migration_enabled() and config('migration-auth-type') not in MIGRATION_AUTH_TYPES): message = ("Invalid migration-auth-type") status_set('blocked', message) raise Exception(message) global CONFIGS send_remote_restart = False if not config('action-managed-upgrade'): if openstack_upgrade_available('nova-common'): status_set('maintenance', 'Running openstack upgrade') do_openstack_upgrade(CONFIGS) send_remote_restart = True sysctl_settings = config('sysctl') if sysctl_settings and not is_container(): create_sysctl( sysctl_settings, '/etc/sysctl.d/50-nova-compute.conf', # Some keys in the config may not exist in /proc/sys/net/. # For example, the conntrack module may not be loaded when # using lxd drivers insteam of kvm. In these cases, we # simply ignore the missing keys, rather than making time # consuming calls out to the filesystem to check for their # existence. ignore=True) remove_libvirt_network('default') if migration_enabled() and config('migration-auth-type') == 'ssh': # Check-in with nova-c-c and register new ssh key, if it has just been # generated. status_set('maintenance', 'SSH key exchange') initialize_ssh_keys() import_authorized_keys() if config('enable-resize') is True: enable_shell(user='******') status_set('maintenance', 'SSH key exchange') initialize_ssh_keys(user='******') import_authorized_keys(user='******', prefix='nova') else: disable_shell(user='******') if config('instances-path') is not None: fp = config('instances-path') if not os.path.exists(fp): mkdir(path=fp, owner='nova', group='nova', perms=0o775) fix_path_ownership(fp, user='******') for rid in relation_ids('cloud-compute'): compute_joined(rid) for rid in relation_ids('neutron-plugin'): neutron_plugin_joined(rid, remote_restart=send_remote_restart) for rid in relation_ids('nova-ceilometer'): nova_ceilometer_joined(rid, remote_restart=send_remote_restart) for rid in relation_ids('nova-vgpu'): nova_vgpu_joined(rid, remote_restart=send_remote_restart) if is_relation_made("nrpe-external-master"): update_nrpe_config() if config('hugepages'): install_hugepages() # Disable smt for ppc64, required for nova/libvirt/kvm arch = platform.machine() log('CPU architecture: {}'.format(arch)) if arch in ['ppc64el', 'ppc64le']: set_ppc64_cpu_smt_state('off') # NOTE(jamespage): trigger any configuration related changes # for cephx permissions restrictions and # keys on disk for ceph-access backends for rid in relation_ids('ceph'): for unit in related_units(rid): ceph_changed(rid=rid, unit=unit) for rid in relation_ids('ceph-access'): for unit in related_units(rid): ceph_access(rid=rid, unit=unit) update_all_configs() install_vaultlocker() install_multipath() configure_local_ephemeral_storage() check_and_start_iscsid()
def config_changed(): if config('prefer-ipv6'): status_set('maintenance', 'configuring ipv6') assert_charm_supports_ipv6() global CONFIGS send_remote_restart = False if git_install_requested(): if config_value_changed('openstack-origin-git'): status_set('maintenance', 'Running Git install') git_install(config('openstack-origin-git')) elif not config('action-managed-upgrade'): if openstack_upgrade_available('nova-common'): status_set('maintenance', 'Running openstack upgrade') do_openstack_upgrade(CONFIGS) send_remote_restart = True sysctl_settings = config('sysctl') if sysctl_settings: sysctl_dict = yaml.safe_load(sysctl_settings) sysctl_dict['vm.swappiness'] = sysctl_dict.get('vm.swappiness', 1) create_sysctl(yaml.dump(sysctl_dict), '/etc/sysctl.d/50-nova-compute.conf') destroy_libvirt_network('default') if migration_enabled() and config('migration-auth-type') == 'ssh': # Check-in with nova-c-c and register new ssh key, if it has just been # generated. status_set('maintenance', 'SSH key exchange') initialize_ssh_keys() import_authorized_keys() if config('enable-resize') is True: enable_shell(user='******') status_set('maintenance', 'SSH key exchange') initialize_ssh_keys(user='******') import_authorized_keys(user='******', prefix='nova') else: disable_shell(user='******') if config('instances-path') is not None: fp = config('instances-path') fix_path_ownership(fp, user='******') [compute_joined(rid) for rid in relation_ids('cloud-compute')] for rid in relation_ids('zeromq-configuration'): zeromq_configuration_relation_joined(rid) for rid in relation_ids('neutron-plugin'): neutron_plugin_joined(rid, remote_restart=send_remote_restart) if is_relation_made("nrpe-external-master"): update_nrpe_config() if config('hugepages'): install_hugepages() # Disable smt for ppc64, required for nova/libvirt/kvm arch = platform.machine() log('CPU architecture: {}'.format(arch)) if arch in ['ppc64el', 'ppc64le']: set_ppc64_cpu_smt_state('off') # NOTE(jamespage): trigger any configuration related changes # for cephx permissions restrictions for rid in relation_ids('ceph'): for unit in related_units(rid): ceph_changed(rid=rid, unit=unit) CONFIGS.write_all() NovaComputeAppArmorContext().setup_aa_profile() if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and config('multi-host').lower() == 'yes'): NovaAPIAppArmorContext().setup_aa_profile() NovaNetworkAppArmorContext().setup_aa_profile()
def config_changed(): if is_unit_paused_set(): log("Do not run config_changed when paused", "WARNING") return if config('ephemeral-unmount'): umount(config('ephemeral-unmount'), persist=True) if config('prefer-ipv6'): status_set('maintenance', 'configuring ipv6') assert_charm_supports_ipv6() if (migration_enabled() and config('migration-auth-type') not in MIGRATION_AUTH_TYPES): message = ("Invalid migration-auth-type") status_set('blocked', message) raise Exception(message) global CONFIGS send_remote_restart = False if not config('action-managed-upgrade'): if openstack_upgrade_available('nova-common'): status_set('maintenance', 'Running openstack upgrade') do_openstack_upgrade(CONFIGS) send_remote_restart = True sysctl_settings = config('sysctl') if sysctl_settings and not is_container(): create_sysctl( sysctl_settings, '/etc/sysctl.d/50-nova-compute.conf', # Some keys in the config may not exist in /proc/sys/net/. # For example, the conntrack module may not be loaded when # using lxd drivers insteam of kvm. In these cases, we # simply ignore the missing keys, rather than making time # consuming calls out to the filesystem to check for their # existence. ignore=True) remove_libvirt_network('default') if migration_enabled() and config('migration-auth-type') == 'ssh': # Check-in with nova-c-c and register new ssh key, if it has just been # generated. status_set('maintenance', 'SSH key exchange') initialize_ssh_keys() import_authorized_keys() if config('enable-resize') is True: enable_shell(user='******') status_set('maintenance', 'SSH key exchange') initialize_ssh_keys(user='******') import_authorized_keys(user='******', prefix='nova') else: disable_shell(user='******') if config('instances-path') is not None: fp = config('instances-path') fix_path_ownership(fp, user='******') [compute_joined(rid) for rid in relation_ids('cloud-compute')] for rid in relation_ids('neutron-plugin'): neutron_plugin_joined(rid, remote_restart=send_remote_restart) for rid in relation_ids('nova-ceilometer'): nova_ceilometer_joined(rid, remote_restart=send_remote_restart) if is_relation_made("nrpe-external-master"): update_nrpe_config() if config('hugepages'): install_hugepages() # Disable smt for ppc64, required for nova/libvirt/kvm arch = platform.machine() log('CPU architecture: {}'.format(arch)) if arch in ['ppc64el', 'ppc64le']: set_ppc64_cpu_smt_state('off') # NOTE(jamespage): trigger any configuration related changes # for cephx permissions restrictions and # keys on disk for ceph-access backends for rid in relation_ids('ceph'): for unit in related_units(rid): ceph_changed(rid=rid, unit=unit) for rid in relation_ids('ceph-access'): for unit in related_units(rid): ceph_access(rid=rid, unit=unit) CONFIGS.write_all() NovaComputeAppArmorContext().setup_aa_profile() if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and config('multi-host').lower() == 'yes'): NovaAPIAppArmorContext().setup_aa_profile() NovaNetworkAppArmorContext().setup_aa_profile() install_vaultlocker() install_multipath() configure_local_ephemeral_storage()