When using NVMeoF feature with nova-compute apparmor in enforce
mode, nova-compute is denied from running /usr/sbin/nvme and
/usr/sbin/blkid, and reading /etc/nvme/hostnqn.
Change-Id: Ia23fbf341d5b7ad469337d8a0c65c18ec519a891
Closes-Bug: #2039161
(cherry picked from commit 0f9c730817b4f175e617ab5ce362bf9ff5157092)
[v2] Fix migration across nova-compute apps using ceph
This change reworks previous changes [1] and [2] that had
been respectively reverted and abandoned.
When using the config libvirt-image-backend=rbd, VMs
created from image have their disk data stored in ceph
instead of the compute node itself.
When performing live-migrations, both nodes need to
access the same ceph credentials to access the VM's
disk in ceph, but this is currently not possible
if the nodes involved pertain to different
nova-compute charm apps.
This patch changes app name sent to ceph to
'nova-compute-ceph-auth-c91ce26f', a unique name common to
all nova-compute apps, allowing all nova-compute apps to
use the same ceph auth.
This change also ensures newly deployed nodes install
the old credentials first on ceph-joined hook,
and then supercedes it with the new credentials
on ceph-changed hook, therefore also retaining
the old credentials.
Nova-compute uses ssh and scp commands extensively and this
patch allows the process to read the configuration too in
/etc/ssh/ssh_config.d/ directory.
Closes-Bug: #2044983
Change-Id: I336ce64d493c549096d0b8706996e0f17a2728fb
(cherry picked from commit 4d6f4c07c9b634e22d5445a702be3d3ee9730ab3)
* charm-helpers sync for classic charms
* build.lock file for reactive charms
* ensure tox.ini is from release-tools
* Locked requirements using pip-compile:
* existing (test-)requirements.txt ->
(test-)requirements.in
* pip-compile to *-py3[8|10].txt using python3.8
and python3.10.
* Updated tox.ini to use the appropriate merged
requirements-*.txt files.
* Removal of lunar from metadata, charmcraft.yaml
osci.yaml, tests.yaml and associated bundles.
* Locked libs and tests to stable/bobcat branches for:
* charm-helpers
* charms.openstack
* zaza
* zaza-openstack-tests
Fix migration across apps when using VMs created from image
When using the config libvirt-image-backend=rbd, VMs
created from image have their disk data stored in ceph
instead of the compute node itself.
When performing live-migrations, both nodes need to
access the same ceph credentials to access the VM's
disk in ceph, but this is currently not possible
if the nodes involved pertain to different
nova-compute charm apps.
This patch changes app name sent to ceph to 'nova-compute',
allowing all nova-compute apps to use the same ceph auth.
This patch also includes the charmhelpers sync
from PR: #840