Ensure mgmt network hostname and fqdn in known_hosts
The cloud-compute relation uses the private-address setting to
reflect the hostname/address to be used for vm migrations. This
can be the default management network or an alternate one. When
this charm populates ssh known_hosts entries for compute hosts
it needs to ensure hostname, address and fqdn for the mgmt network
is included so that Nova resize operations can work if they use
the hostname from the db (which will always be from the mgmt
network).
Also adds requirements.txt to default tox [testenv] to get
netaddr constraints applied to others that were removed as
part of https://review.opendev.org/q/topic:%22batch-update%22.
This is needed for -epy38 which is only run by gate.
Change-Id: Ic9e4657453d8f53d1ecbee23475c7b11549ebc14
Closes-Bug: #1969971
(cherry picked from commit 05b081bf5ffa24045a1fef3b18d2e28fec52d604)
(cherry picked from commit b6809e75e181a49c2209aa2c1be9e4d11442cbb3)
(cherry picked from commit 61a7dd0bbd62af3cf73635199cc1090154a5ebb9)
Bug LP 1863232 introduced a new Apache configuration option called
WSGISocketRotation which allows users to disable wsgi socket
rotation. This patch makes this configurable with a new
wsgi-socket-rotation config option that defaults to the Apache
default and can optionally be set to False.
This new interface consumes information exposed by openstack-dashboard
to correctly configure nova-serialproxy and allow requests coming from
the web browser that tries to load the serial console.
Change-Id: I2d82abffb9649f16a792f180806cea36cc5e25df
Closes-Bug: #2030094
(cherry picked from commit 816ee80cd0e83dd3b5d9e49187caf9e6d420cf1b)
[zed] Ensure get_requests_for_local_unit doesn't fail on incomplete relation
This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix
any inadvertant accesses of ['ca'] in the relation data before it is available
from vault in the certificates relation. Fix in charmhelpers is in [1].
Sync from charm-helpers to update [service_user] config to use the
service domain.
The keystone charm currently creates two service users, one for the
service domain (for v3 authentication), and the other for the default
domain (for v2 authentication). The [service_user] config needs to
use the service domain.
This patch configures nova-cloud-controller to send a service token
along with the received user token on requests sent to other services.
This allows those other services to accept the request even if the user
token has been invalidated since received by the nova services running
in nova-cloud-controller units, the same applies for incoming requests
from other services. Service tokens exist since Openstack Queens.
Change-Id: I95021600da8af12cb75ef5681fb5af8780ade4f8
Closes-Bug: #1992840
(cherry picked from commit fd810f9afd92904cd66544c00610f830fd337299)
When taking the nova-cloud-controller from single unit to full HA by
increasing the number of units from 1 to 3 and relating it to hacluster,
the data set on the cloud-compute relation is not updated, because the
update_nova_relation() function is only called on
cloud-compute-relation-joined and config-changed, none of these hooks
are executed when scaling out the application.
This patch introduces a call to update_nova_relation() on
ha-relation-changed.
Test case on an environment deployed with a single unit of
nova-cloud-controller: