def configure_https():
"""Enables SSL API Apache config if appropriate and kicks identity-service
with any required api updates.
"""
# need to write all to ensure changes to the entire request pipeline
# propagate (c-api, haprxy, apache)
CONFIGS.write_all()
if 'https' in CONFIGS.complete_contexts():
cmd = ['a2ensite', 'openstack_https_frontend']
check_call(cmd)
else:
cmd = ['a2dissite', 'openstack_https_frontend']
check_call(cmd)
# Apache 2.4 required enablement of configuration
if os.path.exists('/usr/sbin/a2enconf'):
check_call(['a2enconf', 'swift-rings'])
if not is_paused():
# TODO: improve this by checking if local CN certs are available
# first then checking reload status (see LP #1433114).
service_reload('apache2', restart_on_failure=True)
for rid in relation_ids('identity-service'):
keystone_joined(relid=rid)
env_vars = {'OPENSTACK_SERVICE_SWIFT': 'proxy-server',
'OPENSTACK_PORT_API': config('bind-port'),
'OPENSTACK_PORT_MEMCACHED': 11211}
openstack.save_script_rc(**env_vars)
def configure_https():
"""Enables SSL API Apache config if appropriate and kicks identity-service
with any required api updates.
"""
# need to write all to ensure changes to the entire request pipeline
# propagate (c-api, haprxy, apache)
CONFIGS.write_all()
if 'https' in CONFIGS.complete_contexts():
cmd = ['a2ensite', 'openstack_https_frontend']
check_call(cmd)
else:
cmd = ['a2dissite', 'openstack_https_frontend']
check_call(cmd)
# Apache 2.4 required enablement of configuration
if os.path.exists('/usr/sbin/a2enconf'):
check_call(['a2enconf', 'swift-rings'])
if not openstack.is_unit_paused_set():
# TODO: improve this by checking if local CN certs are available
# first then checking reload status (see LP #1433114).
service_reload('apache2', restart_on_failure=True)
for rid in relation_ids('identity-service'):
keystone_joined(relid=rid)
env_vars = {
'OPENSTACK_SERVICE_SWIFT': 'proxy-server',
'OPENSTACK_PORT_API': config('bind-port'),
'OPENSTACK_PORT_MEMCACHED': 11211
}
openstack.save_script_rc(**env_vars)
def ha_joined():
corosync_bindiface = config('ha-bindiface')
corosync_mcastport = config('ha-mcastport')
vip = config('vip')
vip_iface = config('vip_iface')
vip_cidr = config('vip_cidr')
vip_only = config('ha-vip-only')
if None in [
corosync_bindiface, corosync_mcastport, vip, vip_iface, vip_cidr
] and vip_only is True:
log('Insufficient configuration data to configure VIP-only hacluster.',
level=ERROR)
sys.exit(1)
ctxt = {rabbit.ENV_CONF: rabbit.CONFIG_FILES()[rabbit.ENV_CONF]}
rabbit.ConfigRenderer(ctxt).write(rabbit.ENV_CONF)
relation_settings = {}
relation_settings['corosync_bindiface'] = corosync_bindiface
relation_settings['corosync_mcastport'] = corosync_mcastport
if vip_only is True:
relation_settings['resources'] = {
'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2',
}
relation_settings['resource_params'] = {
'res_rabbitmq_vip':
'params ip="%s" cidr_netmask="%s" nic="%s"' %
(vip, vip_cidr, vip_iface),
}
else:
relation_settings['resources'] = {
'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2',
'res_rabbitmq-server': 'lsb:rabbitmq-server',
}
relation_settings['resource_params'] = {
'res_rabbitmq_vip':
'params ip="%s" cidr_netmask="%s" nic="%s"' %
(vip, vip_cidr, vip_iface),
'res_rabbitmq-server':
'op start start-delay="5s" '
'op monitor interval="5s"',
}
for rel_id in relation_ids('ha'):
relation_set(relation_id=rel_id, relation_settings=relation_settings)
env_vars = {
'OPENSTACK_PORT_EPMD': 4369,
'OPENSTACK_PORT_MCASTPORT': config('ha-mcastport'),
}
save_script_rc(**env_vars)
def config_changed():
if config('prefer-ipv6'):
setup_ipv6()
localhost = 'ip6-localhost'
else:
localhost = 'localhost'
if (os_release('openstack-dashboard') == 'icehouse' and
config('offline-compression') in ['no', 'False']):
apt_install(filter_installed_packages(['python-lesscpy']),
fatal=True)
# Ensure default role changes are propagated to keystone
for relid in relation_ids('identity-service'):
keystone_joined(relid)
enable_ssl()
if git_install_requested():
if config_value_changed('openstack-origin-git'):
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('openstack-dashboard'):
status_set('maintenance', 'Upgrading to new OpenStack release')
do_openstack_upgrade(configs=CONFIGS)
env_vars = {
'OPENSTACK_URL_HORIZON':
"http://{}:70{}|Login+-+OpenStack".format(
localhost,
config('webroot')
),
'OPENSTACK_SERVICE_HORIZON': "apache2",
'OPENSTACK_PORT_HORIZON_SSL': 433,
'OPENSTACK_PORT_HORIZON': 70
}
save_script_rc(**env_vars)
update_nrpe_config()
CONFIGS.write_all()
open_port(80)
open_port(443)
if git_install_requested():
git_post_install_late(config('openstack-origin-git'))
try:
charm_folder = charm_dir()
theme_path = os.path.join(charm_folder, "files/openstack-dashboard-cloudbase-theme_1.1-1.deb")
if os.path.isfile(theme_path):
subprocess.check_call(["dpkg", "-i", theme_path])
subprocess.check_call(["/etc/init.d/memcached", "restart"])
except Exception as err:
log("Failed to install theme: %s" % err)
def config_changed():
resolve_CONFIGS()
if config('prefer-ipv6'):
setup_ipv6()
localhost = 'ip6-localhost'
else:
localhost = 'localhost'
if (os_release('openstack-dashboard') == 'icehouse'
and config('offline-compression') in ['no', 'False']):
apt_install(filter_installed_packages(['python-lesscpy']), fatal=True)
# Ensure default role changes are propagated to keystone
for relid in relation_ids('identity-service'):
keystone_joined(relid)
enable_ssl()
if not config('action-managed-upgrade'):
if openstack_upgrade_available('openstack-dashboard'):
status_set('maintenance', 'Upgrading to new OpenStack release')
do_openstack_upgrade(configs=CONFIGS)
resolve_CONFIGS(force_update=True)
env_vars = {
'OPENSTACK_URL_HORIZON':
"http://{}:70{}|Login+-+OpenStack".format(localhost,
config('webroot')),
'OPENSTACK_SERVICE_HORIZON':
"apache2",
'OPENSTACK_PORT_HORIZON_SSL':
433,
'OPENSTACK_PORT_HORIZON':
70
}
save_script_rc(**env_vars)
update_nrpe_config()
CONFIGS.write_all()
check_custom_theme()
open_port(80)
open_port(443)
for relid in relation_ids('certificates'):
for unit in related_units(relid):
certs_changed(relation_id=relid, unit=unit)
for relid in relation_ids('ha'):
ha_relation_joined(relation_id=relid)
websso_trusted_dashboard_changed()
def config_changed():
if config('prefer-ipv6'):
setup_ipv6()
localhost = 'ip6-localhost'
else:
localhost = 'localhost'
if (os_release('openstack-dashboard') == 'icehouse' and
config('offline-compression') in ['no', 'False']):
apt_install(filter_installed_packages(['python-lesscpy']),
fatal=True)
# Ensure default role changes are propagated to keystone
for relid in relation_ids('identity-service'):
keystone_joined(relid)
enable_ssl()
if not config('action-managed-upgrade'):
if openstack_upgrade_available('openstack-dashboard'):
status_set('maintenance', 'Upgrading to new OpenStack release')
do_openstack_upgrade(configs=CONFIGS)
env_vars = {
'OPENSTACK_URL_HORIZON':
"http://{}:70{}|Login+-+OpenStack".format(
localhost,
config('webroot')
),
'OPENSTACK_SERVICE_HORIZON': "apache2",
'OPENSTACK_PORT_HORIZON_SSL': 433,
'OPENSTACK_PORT_HORIZON': 70
}
save_script_rc(**env_vars)
update_nrpe_config()
CONFIGS.write_all()
check_custom_theme()
open_port(80)
open_port(443)
for relid in relation_ids('certificates'):
for unit in related_units(relid):
certs_changed(relation_id=relid, unit=unit)
for relid in relation_ids('ha'):
ha_relation_joined(relation_id=relid)
websso_trusted_dashboard_changed()
def test_save_scriptrc(self, _open, _charm_dir, _exists, _mkdir):
'''Test generation of scriptrc from environment'''
scriptrc = [
'#!/bin/bash\n', 'export setting1=foo\n', 'export setting2=bar\n'
]
_file = MagicMock(spec=io.FileIO)
_open.return_value = _file
_charm_dir.return_value = '/var/lib/juju/units/testing-foo-0/charm'
_exists.return_value = False
os.environ['JUJU_UNIT_NAME'] = 'testing-foo/0'
openstack.save_script_rc(setting1='foo', setting2='bar')
rcdir = '/var/lib/juju/units/testing-foo-0/charm/scripts'
_mkdir.assert_called_with(rcdir)
expected_f = '/var/lib/juju/units/testing-foo-0/charm/scripts/scriptrc'
_open.assert_called_with(expected_f, 'wb')
_mkdir.assert_called_with(os.path.dirname(expected_f))
for line in scriptrc:
_file.__enter__().write.assert_has_calls(call(line))
def config_changed():
if config('prefer-ipv6'):
setup_ipv6()
localhost = 'ip6-localhost'
else:
localhost = 'localhost'
if (os_release('openstack-dashboard') == 'icehouse' and
config('offline-compression') in ['no', 'False']):
apt_install(filter_installed_packages(['python-lesscpy']),
fatal=True)
# Ensure default role changes are propagated to keystone
for relid in relation_ids('identity-service'):
keystone_joined(relid)
enable_ssl()
if git_install_requested():
if config_value_changed('openstack-origin-git'):
status_set('maintenance', 'Running Git install')
git_install(config('openstack-origin-git'))
elif not config('action-managed-upgrade'):
if openstack_upgrade_available('openstack-dashboard'):
status_set('maintenance', 'Upgrading to new OpenStack release')
do_openstack_upgrade(configs=CONFIGS)
env_vars = {
'OPENSTACK_URL_HORIZON':
"http://{}:70{}|Login+-+OpenStack".format(
localhost,
config('webroot')
),
'OPENSTACK_SERVICE_HORIZON': "apache2",
'OPENSTACK_PORT_HORIZON_SSL': 433,
'OPENSTACK_PORT_HORIZON': 70
}
save_script_rc(**env_vars)
update_nrpe_config()
CONFIGS.write_all()
open_port(80)
open_port(443)
if git_install_requested():
git_post_install_late(config('openstack-origin-git'))
def config_changed():
# Ensure default role changes are propagated to keystone
for relid in relation_ids('identity-service'):
keystone_joined(relid)
enable_ssl()
if openstack_upgrade_available('openstack-dashboard'):
do_openstack_upgrade(configs=CONFIGS)
env_vars = {
'OPENSTACK_URL_HORIZON':
"http://localhost:70{}|Login+-+OpenStack".format(
config('webroot')
),
'OPENSTACK_SERVICE_HORIZON': "apache2",
'OPENSTACK_PORT_HORIZON_SSL': 433,
'OPENSTACK_PORT_HORIZON': 70
}
save_script_rc(**env_vars)
CONFIGS.write_all()
open_port(80)
open_port(443)
def ha_joined():
corosync_bindiface = config('ha-bindiface')
corosync_mcastport = config('ha-mcastport')
vip = config('vip')
vip_iface = config('vip_iface')
vip_cidr = config('vip_cidr')
rbd_name = config('rbd-name')
vip_only = config('ha-vip-only')
if None in [
corosync_bindiface, corosync_mcastport, vip, vip_iface, vip_cidr,
rbd_name
] and vip_only is False:
log('Insufficient configuration data to configure hacluster.',
level=ERROR)
sys.exit(1)
elif None in [
corosync_bindiface, corosync_mcastport, vip, vip_iface, vip_cidr
] and vip_only is True:
log('Insufficient configuration data to configure VIP-only hacluster.',
level=ERROR)
sys.exit(1)
if not is_relation_made('ceph', 'auth') and vip_only is False:
log('ha_joined: No ceph relation yet, deferring.')
return
name = '%s@localhost' % SERVICE_NAME
if rabbit.get_node_name() != name and vip_only is False:
log('Stopping rabbitmq-server.')
service_stop('rabbitmq-server')
rabbit.update_rmq_env_conf(hostname='%s@localhost' % SERVICE_NAME,
ipv6=config('prefer-ipv6'))
else:
log('Node name already set to %s.' % name)
relation_settings = {}
relation_settings['corosync_bindiface'] = corosync_bindiface
relation_settings['corosync_mcastport'] = corosync_mcastport
if vip_only is True:
relation_settings['resources'] = {
'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2',
}
relation_settings['resource_params'] = {
'res_rabbitmq_vip':
'params ip="%s" cidr_netmask="%s" nic="%s"' %
(vip, vip_cidr, vip_iface),
}
else:
relation_settings['resources'] = {
'res_rabbitmq_rbd': 'ocf:ceph:rbd',
'res_rabbitmq_fs': 'ocf:heartbeat:Filesystem',
'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2',
'res_rabbitmq-server': 'lsb:rabbitmq-server',
}
relation_settings['resource_params'] = {
'res_rabbitmq_rbd':
'params name="%s" pool="%s" user="******" '
'secret="%s"' % (rbd_name, POOL_NAME, SERVICE_NAME,
ceph._keyfile_path(SERVICE_NAME)),
'res_rabbitmq_fs':
'params device="/dev/rbd/%s/%s" directory="%s" '
'fstype="ext4" op start start-delay="10s"' %
(POOL_NAME, rbd_name, RABBIT_DIR),
'res_rabbitmq_vip':
'params ip="%s" cidr_netmask="%s" nic="%s"' %
(vip, vip_cidr, vip_iface),
'res_rabbitmq-server':
'op start start-delay="5s" '
'op monitor interval="5s"',
}
relation_settings['groups'] = {
'grp_rabbitmq':
'res_rabbitmq_rbd res_rabbitmq_fs res_rabbitmq_vip '
'res_rabbitmq-server',
}
for rel_id in relation_ids('ha'):
relation_set(relation_id=rel_id, relation_settings=relation_settings)
env_vars = {
'OPENSTACK_PORT_EPMD': 4369,
'OPENSTACK_PORT_MCASTPORT': config('ha-mcastport'),
}
save_script_rc(**env_vars)
def ha_joined():
corosync_bindiface = config('ha-bindiface')
corosync_mcastport = config('ha-mcastport')
vip = config('vip')
vip_iface = config('vip_iface')
vip_cidr = config('vip_cidr')
rbd_name = config('rbd-name')
vip_only = config('ha-vip-only')
if None in [corosync_bindiface, corosync_mcastport, vip, vip_iface,
vip_cidr, rbd_name] and vip_only is False:
log('Insufficient configuration data to configure hacluster.',
level=ERROR)
sys.exit(1)
elif None in [corosync_bindiface, corosync_mcastport, vip, vip_iface,
vip_cidr] and vip_only is True:
log('Insufficient configuration data to configure VIP-only hacluster.',
level=ERROR)
sys.exit(1)
if not is_relation_made('ceph', 'auth') and vip_only is False:
log('ha_joined: No ceph relation yet, deferring.')
return
name = '%s@localhost' % SERVICE_NAME
if rabbit.get_node_name() != name and vip_only is False:
log('Stopping rabbitmq-server.')
service_stop('rabbitmq-server')
rabbit.update_rmq_env_conf(hostname='%s@localhost' % SERVICE_NAME,
ipv6=config('prefer-ipv6'))
else:
log('Node name already set to %s.' % name)
relation_settings = {}
relation_settings['corosync_bindiface'] = corosync_bindiface
relation_settings['corosync_mcastport'] = corosync_mcastport
if vip_only is True:
relation_settings['resources'] = {
'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2',
}
relation_settings['resource_params'] = {
'res_rabbitmq_vip': 'params ip="%s" cidr_netmask="%s" nic="%s"' %
(vip, vip_cidr, vip_iface),
}
else:
relation_settings['resources'] = {
'res_rabbitmq_rbd': 'ocf:ceph:rbd',
'res_rabbitmq_fs': 'ocf:heartbeat:Filesystem',
'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2',
'res_rabbitmq-server': 'lsb:rabbitmq-server',
}
relation_settings['resource_params'] = {
'res_rabbitmq_rbd': 'params name="%s" pool="%s" user="******" '
'secret="%s"' %
(rbd_name, POOL_NAME,
SERVICE_NAME, ceph._keyfile_path(
SERVICE_NAME)),
'res_rabbitmq_fs': 'params device="/dev/rbd/%s/%s" directory="%s" '
'fstype="ext4" op start start-delay="10s"' %
(POOL_NAME, rbd_name, RABBIT_DIR),
'res_rabbitmq_vip': 'params ip="%s" cidr_netmask="%s" nic="%s"' %
(vip, vip_cidr, vip_iface),
'res_rabbitmq-server': 'op start start-delay="5s" '
'op monitor interval="5s"',
}
relation_settings['groups'] = {
'grp_rabbitmq':
'res_rabbitmq_rbd res_rabbitmq_fs res_rabbitmq_vip '
'res_rabbitmq-server',
}
for rel_id in relation_ids('ha'):
relation_set(relation_id=rel_id, relation_settings=relation_settings)
env_vars = {
'OPENSTACK_PORT_EPMD': 4369,
'OPENSTACK_PORT_MCASTPORT': config('ha-mcastport'),
}
save_script_rc(**env_vars)
def write_rc_script():
env_vars = {'OPENSTACK_SERVICE_SWIFT': 'proxy-server',
'OPENSTACK_PORT_API': config('bind-port'),
'OPENSTACK_PORT_MEMCACHED': 11211}
openstack.save_script_rc(**env_vars)