Beispiel #1
0
def configure_vault(context):
    log("Running configure_vault", level=DEBUG)
    context['disable_mlock'] = is_container() or config('disable-mlock')

    context['ssl_available'] = is_state('vault.ssl.available')

    if is_flag_set('etcd.tls.available'):
        etcd = endpoint_from_flag('etcd.available')
        log("Etcd detected, adding to context", level=DEBUG)
        context['etcd_conn'] = etcd.connection_string()
        context['etcd_tls_ca_file'] = '/var/snap/vault/common/etcd-ca.pem'
        context['etcd_tls_cert_file'] = '/var/snap/vault/common/etcd-cert.pem'
        context['etcd_tls_key_file'] = '/var/snap/vault/common/etcd.key'
        save_etcd_client_credentials(etcd,
                                     key=context['etcd_tls_key_file'],
                                     cert=context['etcd_tls_cert_file'],
                                     ca=context['etcd_tls_ca_file'])
        context['api_addr'] = vault.get_api_url()
        context['cluster_addr'] = vault.get_cluster_url()
        log("Etcd detected, setting api_addr to {}".format(
            context['api_addr']))
    else:
        log("Etcd not detected", level=DEBUG)
    log("Rendering vault.hcl.j2", level=DEBUG)
    render('vault.hcl.j2', VAULT_CONFIG, context, perms=0o600)
    log("Rendering vault systemd configuation", level=DEBUG)
    render('vault.service.j2', VAULT_SYSTEMD_CONFIG, {}, perms=0o644)
    service('enable', 'vault')
    log("Opening vault port", level=DEBUG)
    open_port(8200)
    set_flag('configured')
    if any_file_changed([VAULT_CONFIG, VAULT_SYSTEMD_CONFIG]):
        # force a restart if config has changed
        clear_flag('started')
Beispiel #2
0
def restart_candid():
    clear_flag('candid.restart')
    if not any_file_changed([CONFIG_FILE]):
        hookenv.log("not restarting: config file unchanged", level="info")
        return
    hookenv.status_set('maintenance', 'Restarting candid')
    host.service_restart('snap.candid.candidsrv.service')
    update_status()
def install_calico_service():
    ''' Install the calico-node systemd service. '''
    status.maintenance('Installing calico-node service.')

    with open(kubernetes_common.kubeclientconfig_path) as f:
        kubeconfig = yaml.safe_load(f)
    any_file_changed([kubernetes_common.kubeclientconfig_path])
    kubeconfig['users'] = [{
        'name': 'calico-node',
        'user': {
            'token': leader_get('calico-node-token')
        }
    }]
    kubeconfig['contexts'][0]['context']['user'] = '******'
    with open('/opt/calicoctl/kubeconfig', 'w') as f:
        yaml.dump(kubeconfig, f)

    etcd = endpoint_from_flag('etcd.available')
    service_path = os.path.join(os.sep, 'lib', 'systemd', 'system',
                                'calico-node.service')
    ip_versions = {net.version for net in get_networks(charm_config('cidr'))}
    ip4 = get_bind_address() if 4 in ip_versions else "none"
    ip6 = "autodetect" if 6 in ip_versions else "none"
    render(
        'calico-node.service',
        service_path,
        {
            'connection_string': etcd.get_connection_string(),
            'etcd_key_path': ETCD_KEY_PATH,
            'etcd_ca_path': ETCD_CA_PATH,
            'etcd_cert_path': ETCD_CERT_PATH,
            'nodename': gethostname(),
            # specify IP so calico doesn't grab a silly one from, say, lxdbr0
            'ip': ip4,
            'ip6': ip6,
            'mtu': get_mtu(),
            'calico_node_image': charm_config('calico-node-image'),
            'ignore_loose_rpf': charm_config('ignore-loose-rpf'),
            'lc_all': os.environ.get('LC_ALL', 'C.UTF-8'),
            'lang': os.environ.get('LANG', 'C.UTF-8')
        })
    check_call(['systemctl', 'daemon-reload'])
    service_restart('calico-node')
    service('enable', 'calico-node')
    remove_state('cni.kubeconfig.changed')
    set_state('calico.service.installed')
Beispiel #4
0
def render_config(*args):
    with charm.provide_charm_instance() as (
            sdn_neutron_plugin_api_subordinate_charm):
        sdn_neutron_plugin_api_subordinate_charm.render_with_interfaces(args)
        sdn_neutron_plugin_api_subordinate_charm.assess_status()
    if reactive.any_file_changed([sdn_neutron_plugin_api_subordinate.ML2_CONF
                                  ]):
        remote_restart(*args)
def render_config(fid_sp):
    with charm.provide_charm_instance() as charm_instance:
        if charm_instance.configuration_complete():
            charm_instance.render_config(fid_sp)
            # Trigger keystone restart. The relation is container-scoped
            # so a per-unit db of a remote unit will only contain a nonce
            # of a single subordinate
            if reactive.any_file_changed(charm_instance.restart_map.keys()):
                fid_sp.request_restart()
Beispiel #6
0
    def reconfigure_tempest(self):
        """Expects an external network already configured, and enables cinder tests

        Sample:
        RALLY_VERIFIER=7b9d06ef-e651-4da3-a56b-ecac67c595c5
        RALLY_VERIFICATION=4a730963-083f-4e1e-8c55-f2b4b9c9c0ac
        RALLY_DEPLOYMENT=a75657c6-9eea-4f00-9117-2580fe056a80
        RALLY_ENV=a75657c6-9eea-4f00-9117-2580fe056a80
        """
        RALLY_CONF = [
            '/home', self._rallyuser, 'snap', 'fcbtest', 'current', '.rally'
        ]
        rally_globalconfig = os.path.join(*RALLY_CONF, 'globals')
        if not os.path.isfile(rally_globalconfig):
            return False

        uuids = collections.defaultdict(lambda: '*')
        with open(rally_globalconfig, 'r') as fd:
            for line in fd.readlines():
                key, value = line.strip().split('=')
                if key in ['RALLY_VERIFIER', 'RALLY_DEPLOYMENT']:
                    uuids[key] = value

        tempest_path = os.path.join(
            *RALLY_CONF, 'verification',
            'verifier-{RALLY_VERIFIER}'.format(**uuids),
            'for-deployment-{RALLY_DEPLOYMENT}'.format(**uuids),
            'tempest.conf')
        tempestfile = glob.glob(tempest_path)
        if len(tempestfile) == 0:
            # No tempest.conf file generated, yet
            return False

        if not any_file_changed([tempestfile[0]]):
            return False

        self._regenerate_tempest_conf(tempestfile[0])
        return True