Ovn Central
- By OpenStack Charmers
- Cloud
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| latest/edge | 220 | 09 May 2024 | |
| latest/edge | 219 | 09 May 2024 | |
| latest/edge | 210 | 09 May 2024 | |
| latest/edge | 209 | 09 May 2024 | |
| latest/edge | 208 | 09 May 2024 | |
| latest/edge | 207 | 09 May 2024 | |
| latest/edge | 206 | 09 May 2024 | |
| latest/edge | 205 | 09 May 2024 | |
| latest/edge | 155 | 13 Sep 2023 | |
| latest/edge | 151 | 13 Sep 2023 | |
| latest/edge | 148 | 13 Sep 2023 | |
| latest/edge | 145 | 13 Sep 2023 | |
| latest/edge | 106 | 20 Jul 2023 | |
| latest/edge | 105 | 20 Jul 2023 | |
| latest/edge | 104 | 20 Jul 2023 | |
| latest/edge | 103 | 20 Jul 2023 | |
| latest/edge | 34 | 29 Jul 2022 | |
| 22.03/stable | 245 | 13 Jun 2024 | |
| openstack-21.09/edge | 19 | 22 Feb 2022 | |
| openstack-20.12/edge | 18 | 22 Feb 2022 | |
| openstack-20.03/edge | 17 | 22 Feb 2022 | |
| 24.03/candidate | 228 | 01 Jun 2024 | |
| 24.03/candidate | 227 | 31 May 2024 | |
| 24.03/candidate | 226 | 31 May 2024 | |
| 24.03/candidate | 225 | 31 May 2024 | |
| 24.03/candidate | 224 | 31 May 2024 | |
| 24.03/candidate | 223 | 31 May 2024 | |
| 24.03/candidate | 222 | 31 May 2024 | |
| 24.03/candidate | 221 | 31 May 2024 | |
| 23.09/stable | 244 | 12 Jun 2024 | |
| 23.09/stable | 239 | 12 Jun 2024 | |
| 23.09/stable | 238 | 12 Jun 2024 | |
| 23.09/stable | 237 | 12 Jun 2024 | |
| 23.09/stable | 236 | 12 Jun 2024 | |
| 23.09/stable | 235 | 12 Jun 2024 | |
| 23.09/stable | 234 | 12 Jun 2024 | |
| 23.09/stable | 230 | 12 Jun 2024 | |
| 23.03/stable | 240 | 12 Jun 2024 | |
| 23.03/stable | 243 | 12 Jun 2024 | |
| 23.03/stable | 242 | 12 Jun 2024 | |
| 23.03/stable | 241 | 12 Jun 2024 | |
| 22.09/stable | 233 | 12 Jun 2024 | |
| 22.09/stable | 232 | 12 Jun 2024 | |
| 22.09/stable | 231 | 12 Jun 2024 | |
| 22.09/stable | 229 | 12 Jun 2024 | |
| 21.09/stable | 24 | 05 Aug 2022 | |
| 20.12/stable | 30 | 23 Jan 2023 | |
| 20.03/stable | 35 | 23 Jan 2023 |
juju deploy ovn-central --channel latest/edge
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
Overview
The ovn-central charm provides the Northbound and Southbound OVSDB Databases
and the Open Virtual Network (OVN) central control daemon (ovn-northd). It is
used in conjunction with either the ovn-chassis
subordinate charm or the ovn-dedicated-chassis
principle charm.
Note: The OVN charms are supported starting with OpenStack Train.
Usage
The OpenStack Base bundle gives an example of how you can deploy OpenStack and OVN with Vault to automate certificate lifecycle management.
OVN makes use of Public Key Infrastructure (PKI) to authenticate and authorize
control plane communication. The charm therefore requires a Certificate
Authority to be present in the model as represented by the certificates
relation.
Refer to Open Virtual Network (OVN) in the OpenStack Charms Deployment Guide for details, including deployment steps.
Note: The ovn-central charm requires a minimum of three units to operate.
Network spaces
This charm supports the use of Juju network spaces.
By binding the ovsdb, ovsdb-cms and ovsdb-peer endpoints you can
influence which interface will be used for communication with consumers of the
Southbound DB, Cloud Management Systems (CMS) and cluster internal
communication.
juju deploy -n 3 --series focal \
--bind "''=oam-space ovsdb=data-space" \
ovn-central
OVN RBAC and securing the OVN services
The charm enables RBAC in the OVN Southbound database by default. The RBAC feature enforces authorization of individual chassis connecting to the database, and also restricts database operations.
In the event of an individual chassis being compromised, RBAC will make it more difficult to leverage database access for compromising other parts of the network.
Note: Due to how RBAC is implemented in ovsdb-server the charm opens up a separate listener at port 16642 for connections from ovn-northd.
The charm automatically enables the firewall and will allow traffic from its cluster peers to port 6641, 6643, 6644 and 16642. CMS clients will be allowed to talk to port 6641.
Anyone will be allowed to connect to port 6642.
Deferred service events
Operational or maintenance procedures applied to a cloud often lead to the restarting of various OpenStack services and/or the calling of certain charm hooks. Although normal, such events can be undesirable due to the service interruptions they can cause.
The deferred service events feature provides the operator the choice of preventing these service restarts and hook calls from occurring, which can then be resolved at a more opportune time.
See the Deferred service events page in the OpenStack Charms Deployment Guide for an in-depth treatment of this feature.
Bugs
Please report bugs on Launchpad.
For general questions please refer to the OpenStack Charm Guide.