def compute_changed():
# rewriting all configs to pick up possible net or vol manager
# config advertised from controller.
CONFIGS.write_all()
import_authorized_keys()
import_authorized_keys(user='******', prefix='nova')
import_keystone_ca_cert()
def compute_changed():
# rewriting all configs to pick up possible net or vol manager
# config advertised from controller.
CONFIGS.write_all()
import_authorized_keys()
import_authorized_keys(user='******', prefix='nova')
import_keystone_ca_cert()
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
global CONFIGS
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
sysctl_dict = config('sysctl')
if sysctl_dict:
create_sysctl(sysctl_dict, '/etc/sysctl.d/50-nova-compute.conf')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
if (config('libvirt-image-backend') == 'rbd' and
assert_libvirt_imagebackend_allowed()):
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
CONFIGS.write_all()
def compute_changed():
# rewriting all configs to pick up possible net or vol manager
# config advertised from controller.
CONFIGS.write_all()
import_authorized_keys()
import_keystone_ca_cert()
if (network_manager() in ['quantum', 'neutron']
and neutron_plugin() == 'ovs'):
# in case we already have a database relation, need to request
# access to the additional neutron database.
[db_joined(rid) for rid in relation_ids('shared-db')]
def _test_import_authorized_keys_base(self,
getpwnam,
prefix=None,
auth_key_path='/home/foo/.ssh/'
'authorized_keys'):
getpwnam.return_value = self.fake_user('foo')
self.relation_get.side_effect = [
3, # relation_get('known_hosts_max_index')
'k_h_0', # relation_get_('known_hosts_0')
'k_h_1', # relation_get_('known_hosts_1')
'k_h_2', # relation_get_('known_hosts_2')
3, # relation_get('authorized_keys_max_index')
'auth_0', # relation_get('authorized_keys_0')
'auth_1', # relation_get('authorized_keys_1')
'auth_2', # relation_get('authorized_keys_2')
]
ex_open = [
call('/home/foo/.ssh/known_hosts', 'wb'),
call(auth_key_path, 'wb')
]
ex_write = [
call('k_h_0\n'),
call('k_h_1\n'),
call('k_h_2\n'),
call('auth_0\n'),
call('auth_1\n'),
call('auth_2\n')
]
with patch_open() as (_open, _file):
utils.import_authorized_keys(user='******', prefix=prefix)
self.assertEqual(ex_open, _open.call_args_list)
self.assertEqual(ex_write, _file.write.call_args_list)
authkey_root = 'authorized_keys_'
known_hosts_root = 'known_hosts_'
if prefix:
authkey_root = prefix + '_authorized_keys_'
known_hosts_root = prefix + '_known_hosts_'
expected_relations = [
call(known_hosts_root + 'max_index'),
call(known_hosts_root + '0'),
call(known_hosts_root + '1'),
call(known_hosts_root + '2'),
call(authkey_root + 'max_index'),
call(authkey_root + '0'),
call(authkey_root + '1'),
call(authkey_root + '2')
]
self.assertEqual(sorted(self.relation_get.call_args_list),
sorted(expected_relations))
def _test_import_authorized_keys_base(self, getpwnam, prefix=None,
auth_key_path='/home/foo/.ssh/'
'authorized_keys'):
getpwnam.return_value = self.fake_user('foo')
self.relation_get.side_effect = [
3, # relation_get('known_hosts_max_index')
'k_h_0', # relation_get_('known_hosts_0')
'k_h_1', # relation_get_('known_hosts_1')
'k_h_2', # relation_get_('known_hosts_2')
3, # relation_get('authorized_keys_max_index')
'auth_0', # relation_get('authorized_keys_0')
'auth_1', # relation_get('authorized_keys_1')
'auth_2', # relation_get('authorized_keys_2')
]
ex_open = [
call('/home/foo/.ssh/known_hosts', 'wb'),
call(auth_key_path, 'wb')
]
ex_write = [
call('k_h_0\n'),
call('k_h_1\n'),
call('k_h_2\n'),
call('auth_0\n'),
call('auth_1\n'),
call('auth_2\n')
]
with patch_open() as (_open, _file):
utils.import_authorized_keys(user='******', prefix=prefix)
self.assertEqual(ex_open, _open.call_args_list)
self.assertEqual(ex_write, _file.write.call_args_list)
authkey_root = 'authorized_keys_'
known_hosts_root = 'known_hosts_'
if prefix:
authkey_root = prefix + '_authorized_keys_'
known_hosts_root = prefix + '_known_hosts_'
expected_relations = [
call(known_hosts_root + 'max_index'),
call(known_hosts_root + '0'),
call(known_hosts_root + '1'),
call(known_hosts_root + '2'),
call(authkey_root + 'max_index'),
call(authkey_root + '0'),
call(authkey_root + '1'),
call(authkey_root + '2')
]
self.assertEqual(sorted(self.relation_get.call_args_list),
sorted(expected_relations))
def _test_import_authorized_keys_base(self,
getpwnam,
prefix=None,
auth_key_path='/home/foo/.ssh/'
'authorized_keys'):
getpwnam.return_value = self.fake_user('foo')
d = {
'known_hosts_max_index': 3,
'known_hosts_0': 'k_h_0',
'known_hosts_1': 'k_h_1',
'known_hosts_2': 'k_h_2',
'authorized_keys_max_index': 3,
'authorized_keys_0': 'auth_0',
'authorized_keys_1': 'auth_1',
'authorized_keys_2': 'auth_2',
}
if prefix:
for k, v in d.copy().items():
d["{}_{}".format(prefix, k)] = v
def _relation_get(scope=None, *args, **kwargs):
if scope is not None:
return d.get(scope, None)
return d
self.relation_get.side_effect = _relation_get
ex_open = [
call('/home/foo/.ssh/known_hosts', 'wt'),
call(auth_key_path, 'wt')
]
ex_write = [
call('k_h_0\n'),
call('k_h_1\n'),
call('k_h_2\n'),
call('auth_0\n'),
call('auth_1\n'),
call('auth_2\n')
]
# we only have to verify that the files are writen as expected as this
# implicitly checks that the relation_get calls have occurred.
with patch_open() as (_open, _file):
utils.import_authorized_keys(user='******', prefix=prefix)
self.assertEqual(ex_open, _open.call_args_list)
self.assertEqual(ex_write, _file.write.call_args_list)
def test_import_authorized_keys(self, getpwnam):
getpwnam.return_value = self.fake_user('foo')
self.relation_get.side_effect = [
'Zm9vX2tleQo=', # relation_get('known_hosts')
'Zm9vX2hvc3QK', # relation_get('authorized_keys')
]
ex_open = [
call('/home/foo/.ssh/authorized_keys', 'wb'),
call('/home/foo/.ssh/known_hosts', 'wb')
]
ex_write = [
call('foo_host\n'),
call('foo_key\n'),
]
with patch_open() as (_open, _file):
utils.import_authorized_keys(user='******')
self.assertEquals(ex_open, _open.call_args_list)
self.assertEquals(ex_write, _file.write.call_args_list)
def config_changed():
if is_unit_paused_set():
log("Do not run config_changed when paused", "WARNING")
return
if config('ephemeral-unmount'):
umount(config('ephemeral-unmount'), persist=True)
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
if (migration_enabled()
and config('migration-auth-type') not in MIGRATION_AUTH_TYPES):
message = ("Invalid migration-auth-type")
status_set('blocked', message)
raise Exception(message)
global CONFIGS
send_remote_restart = False
if not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
send_remote_restart = True
sysctl_settings = config('sysctl')
if sysctl_settings:
create_sysctl(sysctl_settings, '/etc/sysctl.d/50-nova-compute.conf')
remove_libvirt_network('default')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
for rid in relation_ids('nova-ceilometer'):
nova_ceilometer_joined(rid, remote_restart=send_remote_restart)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
# NOTE(jamespage): trigger any configuration related changes
# for cephx permissions restrictions and
# keys on disk for ceph-access backends
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
for rid in relation_ids('ceph-access'):
for unit in related_units(rid):
ceph_access(rid=rid, unit=unit)
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager']
and config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()
install_vaultlocker()
install_multipath()
configure_local_ephemeral_storage()
def test_import_authorized_keys_missing_data(self):
self.relation_get.return_value = None
with patch_open() as (_open, _file):
utils.import_authorized_keys(user='******')
self.assertFalse(_open.called)
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
global CONFIGS
send_remote_restart = False
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
send_remote_restart = True
sysctl_settings = config('sysctl')
if sysctl_settings:
sysctl_dict = yaml.safe_load(sysctl_settings)
sysctl_dict['vm.swappiness'] = sysctl_dict.get('vm.swappiness', 1)
create_sysctl(yaml.dump(sysctl_dict),
'/etc/sysctl.d/50-nova-compute.conf')
destroy_libvirt_network('default')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
# NOTE(jamespage): trigger any configuration related changes
# for cephx permissions restrictions and
# keys on disk for ceph-access backends
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
for rid in relation_ids('ceph-access'):
for unit in related_units(rid):
ceph_access(rid=rid, unit=unit)
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager']
and config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()
def test_import_authorized_keys_missing_data(self):
self.relation_get.return_value = None
with patch_open() as (_open, _file):
utils.import_authorized_keys(user='******')
self.assertFalse(_open.called)
def config_changed():
if is_unit_paused_set():
log("Do not run config_changed when paused", "WARNING")
return
if config('ephemeral-unmount'):
umount(config('ephemeral-unmount'), persist=True)
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
if (migration_enabled()
and config('migration-auth-type') not in MIGRATION_AUTH_TYPES):
message = ("Invalid migration-auth-type")
status_set('blocked', message)
raise Exception(message)
global CONFIGS
send_remote_restart = False
if not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
send_remote_restart = True
sysctl_settings = config('sysctl')
if sysctl_settings and not is_container():
create_sysctl(
sysctl_settings,
'/etc/sysctl.d/50-nova-compute.conf',
# Some keys in the config may not exist in /proc/sys/net/.
# For example, the conntrack module may not be loaded when
# using lxd drivers insteam of kvm. In these cases, we
# simply ignore the missing keys, rather than making time
# consuming calls out to the filesystem to check for their
# existence.
ignore=True)
remove_libvirt_network('default')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
if not os.path.exists(fp):
mkdir(path=fp, owner='nova', group='nova', perms=0o775)
fix_path_ownership(fp, user='******')
for rid in relation_ids('cloud-compute'):
compute_joined(rid)
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
for rid in relation_ids('nova-ceilometer'):
nova_ceilometer_joined(rid, remote_restart=send_remote_restart)
for rid in relation_ids('nova-vgpu'):
nova_vgpu_joined(rid, remote_restart=send_remote_restart)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
# NOTE(jamespage): trigger any configuration related changes
# for cephx permissions restrictions and
# keys on disk for ceph-access backends
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
for rid in relation_ids('ceph-access'):
for unit in related_units(rid):
ceph_access(rid=rid, unit=unit)
update_all_configs()
install_vaultlocker()
install_multipath()
configure_local_ephemeral_storage()
check_and_start_iscsid()
def config_changed():
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
global CONFIGS
send_remote_restart = False
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
send_remote_restart = True
sysctl_settings = config('sysctl')
if sysctl_settings:
sysctl_dict = yaml.safe_load(sysctl_settings)
sysctl_dict['vm.swappiness'] = sysctl_dict.get('vm.swappiness', 1)
create_sysctl(yaml.dump(sysctl_dict),
'/etc/sysctl.d/50-nova-compute.conf')
destroy_libvirt_network('default')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('zeromq-configuration'):
zeromq_configuration_relation_joined(rid)
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
# NOTE(jamespage): trigger any configuration related changes
# for cephx permissions restrictions
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and
config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()
def config_changed():
if is_unit_paused_set():
log("Do not run config_changed when paused", "WARNING")
return
if config('ephemeral-unmount'):
umount(config('ephemeral-unmount'), persist=True)
if config('prefer-ipv6'):
status_set('maintenance', 'configuring ipv6')
assert_charm_supports_ipv6()
if (migration_enabled() and
config('migration-auth-type') not in MIGRATION_AUTH_TYPES):
message = ("Invalid migration-auth-type")
status_set('blocked', message)
raise Exception(message)
global CONFIGS
send_remote_restart = False
if not config('action-managed-upgrade'):
if openstack_upgrade_available('nova-common'):
status_set('maintenance', 'Running openstack upgrade')
do_openstack_upgrade(CONFIGS)
send_remote_restart = True
sysctl_settings = config('sysctl')
if sysctl_settings and not is_container():
create_sysctl(
sysctl_settings,
'/etc/sysctl.d/50-nova-compute.conf',
# Some keys in the config may not exist in /proc/sys/net/.
# For example, the conntrack module may not be loaded when
# using lxd drivers insteam of kvm. In these cases, we
# simply ignore the missing keys, rather than making time
# consuming calls out to the filesystem to check for their
# existence.
ignore=True)
remove_libvirt_network('default')
if migration_enabled() and config('migration-auth-type') == 'ssh':
# Check-in with nova-c-c and register new ssh key, if it has just been
# generated.
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys()
import_authorized_keys()
if config('enable-resize') is True:
enable_shell(user='******')
status_set('maintenance', 'SSH key exchange')
initialize_ssh_keys(user='******')
import_authorized_keys(user='******', prefix='nova')
else:
disable_shell(user='******')
if config('instances-path') is not None:
fp = config('instances-path')
fix_path_ownership(fp, user='******')
[compute_joined(rid) for rid in relation_ids('cloud-compute')]
for rid in relation_ids('neutron-plugin'):
neutron_plugin_joined(rid, remote_restart=send_remote_restart)
for rid in relation_ids('nova-ceilometer'):
nova_ceilometer_joined(rid, remote_restart=send_remote_restart)
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if config('hugepages'):
install_hugepages()
# Disable smt for ppc64, required for nova/libvirt/kvm
arch = platform.machine()
log('CPU architecture: {}'.format(arch))
if arch in ['ppc64el', 'ppc64le']:
set_ppc64_cpu_smt_state('off')
# NOTE(jamespage): trigger any configuration related changes
# for cephx permissions restrictions and
# keys on disk for ceph-access backends
for rid in relation_ids('ceph'):
for unit in related_units(rid):
ceph_changed(rid=rid, unit=unit)
for rid in relation_ids('ceph-access'):
for unit in related_units(rid):
ceph_access(rid=rid, unit=unit)
CONFIGS.write_all()
NovaComputeAppArmorContext().setup_aa_profile()
if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and
config('multi-host').lower() == 'yes'):
NovaAPIAppArmorContext().setup_aa_profile()
NovaNetworkAppArmorContext().setup_aa_profile()
install_vaultlocker()
install_multipath()
configure_local_ephemeral_storage()
