Update configs

* Add mysql-router relations
* Add telegraf grafana dashboard relation
* update neutron-agent config
* Add extra juju config for landscape-client-bionic

README.md

@@ -0,0 +1,12 @@
+# CPE Deployments
+
+This my working deployment for lab for a customer that I support
+
+# What works
+
+* bionic queens
+* CIS hardening level2 for bionic
+
+# TODO
+
+* FCE integration

config/bundle_focal.yaml

@@ -90,7 +90,8 @@ variables:
   glance-vip:          &glance-vip          "10.0.1.214"
   heat-vip:            &heat-vip            "10.0.1.215"
   keystone-vip:        &keystone-vip        "10.0.1.216"
-  mysql-vip:           &mysql-vip           "10.0.1.217"
+  # not required for mysql-innodb-cluster
+  #mysql-vip:           &mysql-vip           "10.0.1.217"
   neutron-api-vip:     &neutron-api-vip     "10.0.1.218"
   nova-cc-vip:         &nova-cc-vip         "10.0.1.219"
   gnocchi-vip:         &gnocchi-vip         "10.0.1.220"
@@ -624,6 +625,7 @@ applications:
       default-tenant-network-type: vxlan
       l2-population: True
       #global-physnet-mtu: 9000
+      manage-neutron-plugin-legacy-mode: True
     to:
     - lxd:100
     - lxd:101
@@ -986,7 +988,7 @@ applications:
     to:
     - lxd:200
   openstack-service-checks:
-    charm: cs:~canonical-bootstack//nagiosopenstack-service-checks
+    charm: cs:~llama-charmers-next/openstack-service-checks
     constraints: *oam-space-constr
     bindings:
       "": *public-space
@@ -1344,7 +1346,7 @@ relations:
 
   - [ "openstack-dashboard:ha", "hacluster-horizon:ha" ]
   - [ "openstack-dashboard:identity-service", "keystone:identity-service" ]
-  - [ "openstack-dashboard:shared-db", "keystone-mysql-router:shared-db" ]
+  - [ "openstack-dashboard:shared-db", "openstack-dashboard-mysql-router:shared-db" ]
 
   # ceilometer
   - [ "ceilometer:identity-credentials", "keystone:identity-credentials" ]
@@ -1369,6 +1371,26 @@ relations:
   - [ "aodh:amqp", "rabbitmq-server:amqp" ]
   - [ "aodh:ha", "hacluster-aodh:ha" ]
 
+  # placement
+  - [ "placement:ha", "hacluster-placement:ha" ]
+  - [ "placement:shared-db", "placement-mysql-router:shared-db" ]
+  - [ "placement:identity-service", "keystone:identity-service" ]
+  - [ "placement:placement", "nova-cloud-controller:placement" ]
+
+  # mysql-router
+  - [ "aodh-mysql-router:db-router", "mysql:db-router" ]
+  - [ "keystone-mysql-router:db-router", "mysql:db-router" ]
+  - [ "cinder-mysql-router:db-router", "mysql:db-router" ]
+#  - [ "cinder2-mysql-router:db-router", "mysql:db-router" ]
+  - [ "glance-mysql-router:db-router", "mysql:db-router" ]
+  - [ "gnocchi-mysql-router:db-router", "mysql:db-router" ]
+  - [ "heat-mysql-router:db-router", "mysql:db-router" ]
+  - [ "nova-cloud-controller-mysql-router:db-router", "mysql:db-router" ]
+  - [ "neutron-api-mysql-router:db-router", "mysql:db-router" ]
+  - [ "openstack-dashboard-mysql-router:db-router", "mysql:db-router" ]
+  - [ "placement-mysql-router:db-router", "mysql:db-router" ]
+  - [ "vault-mysql-router:db-router", "mysql:db-router" ]
+
   # sysconfig relations
   #- [ "ceph-osd:juju-info", "sysconfig-storage:juju-info" ]
   - [ "nova-compute:juju-info", "sysconfig-compute:juju-info" ]
@@ -1483,6 +1505,10 @@ relations:
   # juniper server
   - [ "juniper-server:juju-info", "ntp:juju-info" ]
 
+  # grafana dashboards
+  - [ "grafana:dashboards", "telegraf:dashboards" ]
+  - [ "grafana:dashboards", "telegraf-prometheus:dashboards" ]
+
   # LMA/landscape subordinates
   - [ "nova-compute", "filebeat" ]
   - [ "nova-compute", "telegraf" ]
@@ -1564,6 +1590,11 @@ relations:
   - [ "aodh", "landscape-client" ]
   - [ "aodh", "nrpe-container" ]
 
+  - [ "placement", "filebeat" ]
+  - [ "placement", "telegraf" ]
+  - [ "placement", "landscape-client" ]
+  - [ "placement", "nrpe-container" ]
+
   - [ "juniper-server", "telegraf" ]
   - [ "juniper-server", "filebeat" ]
   - [ "juniper-server", "landscape-client" ]
@@ -1578,6 +1609,7 @@ relations:
   - [ "hacluster-keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
   - [ "hacluster-neutron:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
   - [ "hacluster-nova:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
+  - [ "hacluster-placement:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
 
   # Landscape
   - [ "landscape-server:juju-info", "ntp:juju-info" ]

config/overlays/openstack_versioned_overlay_focal.yaml

@@ -93,7 +93,7 @@ applications:
 #    charm: cs:lldpd-9
   memcached:
     charm: cs:memcached-32
-  mysql-innodb-cluster:
+  mysql:
     charm: cs:mysql-innodb-cluster-11
   aodh-mysql-router:
     charm: cs:mysql-router-11
@@ -117,8 +117,6 @@ applications:
     charm: cs:mysql-router-11
   vault-mysql-router:
     charm: cs:mysql-router-11
-  manila-mysql-router:
-    charm: cs:mysql-router-11
   nagios:
     charm: cs:nagios-44
   neutron-gateway:

config/overlays/resources.yaml

@@ -2,6 +2,6 @@
 applications:
   keystone:
     options:
-      use-policyd-override: true
+      use-policyd-override: false
     resources:
       policyd-override: ../resources/keystone.zip

scripts/arif-scripts/update_landscape_certs_self.sh

@@ -3,10 +3,12 @@
 # This is when landscape-haproxy the cert is SELFSIGNED. This will ensure that landscape will work
 landscape_crt=$(juju run --application landscape-haproxy 'sudo openssl x509 -in /var/lib/haproxy/default.pem' | base64)
 juju config landscape-client ssl-public-key="base64:${landscape_crt}"
+juju config landscape-client-bionic ssl-public-key="base64:${landscape_crt}"
 
 # And yes, this needs to use the IP address, otherwise the the registration will fail
 landscape_ip=$(juju run --application landscape-haproxy 'unit-get private-address')
 juju config landscape-client url="https://${landscape_ip}/message-system" ping-url="http://${landscape_ip}/ping"
+juju config landscape-client-bionic url="https://${landscape_ip}/message-system" ping-url="http://${landscape_ip}/ping"
 
 # May need to restart all the landscape-clients
 #juju run --application landscape-client 'sudo systemctl restart landscape-client.service'