def update_all_configs(): CONFIGS.write_all() NovaComputeAppArmorContext().setup_aa_profile() if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and config('multi-host').lower() == 'yes'): NovaAPIAppArmorContext().setup_aa_profile() NovaNetworkAppArmorContext().setup_aa_profile()
def config_changed(): if is_unit_paused_set(): log("Do not run config_changed when paused", "WARNING") return if config('ephemeral-unmount'): umount(config('ephemeral-unmount'), persist=True) if config('prefer-ipv6'): status_set('maintenance', 'configuring ipv6') assert_charm_supports_ipv6() if (migration_enabled() and config('migration-auth-type') not in MIGRATION_AUTH_TYPES): message = ("Invalid migration-auth-type") status_set('blocked', message) raise Exception(message) global CONFIGS send_remote_restart = False if not config('action-managed-upgrade'): if openstack_upgrade_available('nova-common'): status_set('maintenance', 'Running openstack upgrade') do_openstack_upgrade(CONFIGS) send_remote_restart = True sysctl_settings = config('sysctl') if sysctl_settings: create_sysctl(sysctl_settings, '/etc/sysctl.d/50-nova-compute.conf') remove_libvirt_network('default') if migration_enabled() and config('migration-auth-type') == 'ssh': # Check-in with nova-c-c and register new ssh key, if it has just been # generated. status_set('maintenance', 'SSH key exchange') initialize_ssh_keys() import_authorized_keys() if config('enable-resize') is True: enable_shell(user='******') status_set('maintenance', 'SSH key exchange') initialize_ssh_keys(user='******') import_authorized_keys(user='******', prefix='nova') else: disable_shell(user='******') if config('instances-path') is not None: fp = config('instances-path') fix_path_ownership(fp, user='******') [compute_joined(rid) for rid in relation_ids('cloud-compute')] for rid in relation_ids('neutron-plugin'): neutron_plugin_joined(rid, remote_restart=send_remote_restart) for rid in relation_ids('nova-ceilometer'): nova_ceilometer_joined(rid, remote_restart=send_remote_restart) if is_relation_made("nrpe-external-master"): update_nrpe_config() if config('hugepages'): install_hugepages() # Disable smt for ppc64, required for nova/libvirt/kvm arch = platform.machine() log('CPU architecture: {}'.format(arch)) if arch in ['ppc64el', 'ppc64le']: set_ppc64_cpu_smt_state('off') # NOTE(jamespage): trigger any configuration related changes # for cephx permissions restrictions and # keys on disk for ceph-access backends for rid in relation_ids('ceph'): for unit in related_units(rid): ceph_changed(rid=rid, unit=unit) for rid in relation_ids('ceph-access'): for unit in related_units(rid): ceph_access(rid=rid, unit=unit) CONFIGS.write_all() NovaComputeAppArmorContext().setup_aa_profile() if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and config('multi-host').lower() == 'yes'): NovaAPIAppArmorContext().setup_aa_profile() NovaNetworkAppArmorContext().setup_aa_profile() install_vaultlocker() install_multipath() configure_local_ephemeral_storage()
context.WorkerConfigContext(), vaultlocker.VaultKVContext(vaultlocker.VAULTLOCKER_BACKEND), context.IdentityCredentialsContext(rel_name='cloud-credentials') ], }, NOVA_API_AA_PROFILE_PATH: { 'services': ['nova-api'], 'contexts': [NovaAPIAppArmorContext()], }, NOVA_COMPUTE_AA_PROFILE_PATH: { 'services': ['nova-compute'], 'contexts': [NovaComputeAppArmorContext()], }, NOVA_NETWORK_AA_PROFILE_PATH: { 'services': ['nova-network'], 'contexts': [NovaNetworkAppArmorContext()], }, } LIBVIRTD_DAEMON = 'libvirtd' LIBVIRT_BIN_DAEMON = 'libvirt-bin' LIBVIRT_RESOURCE_MAP = { QEMU_CONF: { 'services': [LIBVIRT_BIN_DAEMON], 'contexts': [NovaComputeLibvirtContext()], }, QEMU_KVM: { 'services': ['qemu-kvm'], 'contexts': [NovaComputeLibvirtContext()], },
def config_changed(): if config('prefer-ipv6'): status_set('maintenance', 'configuring ipv6') assert_charm_supports_ipv6() global CONFIGS send_remote_restart = False if git_install_requested(): if config_value_changed('openstack-origin-git'): status_set('maintenance', 'Running Git install') git_install(config('openstack-origin-git')) elif not config('action-managed-upgrade'): if openstack_upgrade_available('nova-common'): status_set('maintenance', 'Running openstack upgrade') do_openstack_upgrade(CONFIGS) send_remote_restart = True sysctl_settings = config('sysctl') if sysctl_settings: sysctl_dict = yaml.safe_load(sysctl_settings) sysctl_dict['vm.swappiness'] = sysctl_dict.get('vm.swappiness', 1) create_sysctl(yaml.dump(sysctl_dict), '/etc/sysctl.d/50-nova-compute.conf') destroy_libvirt_network('default') if migration_enabled() and config('migration-auth-type') == 'ssh': # Check-in with nova-c-c and register new ssh key, if it has just been # generated. status_set('maintenance', 'SSH key exchange') initialize_ssh_keys() import_authorized_keys() if config('enable-resize') is True: enable_shell(user='******') status_set('maintenance', 'SSH key exchange') initialize_ssh_keys(user='******') import_authorized_keys(user='******', prefix='nova') else: disable_shell(user='******') if config('instances-path') is not None: fp = config('instances-path') fix_path_ownership(fp, user='******') [compute_joined(rid) for rid in relation_ids('cloud-compute')] for rid in relation_ids('zeromq-configuration'): zeromq_configuration_relation_joined(rid) for rid in relation_ids('neutron-plugin'): neutron_plugin_joined(rid, remote_restart=send_remote_restart) if is_relation_made("nrpe-external-master"): update_nrpe_config() if config('hugepages'): install_hugepages() # Disable smt for ppc64, required for nova/libvirt/kvm arch = platform.machine() log('CPU architecture: {}'.format(arch)) if arch in ['ppc64el', 'ppc64le']: set_ppc64_cpu_smt_state('off') # NOTE(jamespage): trigger any configuration related changes # for cephx permissions restrictions and # keys on disk for ceph-access backends for rid in relation_ids('ceph'): for unit in related_units(rid): ceph_changed(rid=rid, unit=unit) for rid in relation_ids('ceph-access'): for unit in related_units(rid): ceph_access(rid=rid, unit=unit) CONFIGS.write_all() NovaComputeAppArmorContext().setup_aa_profile() if (network_manager() in ['flatmanager', 'flatdhcpmanager'] and config('multi-host').lower() == 'yes'): NovaAPIAppArmorContext().setup_aa_profile() NovaNetworkAppArmorContext().setup_aa_profile()