def tests_expect_ha(self):
self.conf = {'vip': None, 'dns-ha': None}
self.assertFalse(ha.expect_ha())
self.conf = {'vip': '10.0.0.1', 'dns-ha': None}
self.assertTrue(ha.expect_ha())
self.conf = {'vip': None, 'dns-ha': True}
self.assertTrue(ha.expect_ha())
def identity_credentials_changed(relation_id=None, remote_unit=None):
"""Update the identity credentials relation on change
Calls add_credentials_to_keystone
:param relation_id: Relation id of the relation
:param remote_unit: Related unit on the relation
"""
if is_elected_leader(CLUSTER_RES):
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
if not is_db_ready():
log(
"identity-credentials-relation-changed hook fired before db "
"ready - deferring until db ready",
level=WARNING)
return
if not is_db_initialised():
log(
"Database not yet initialised - deferring "
"identity-credentials-relation updates",
level=INFO)
return
# Create the tenant user
add_credentials_to_keystone(relation_id, remote_unit)
else:
log('Deferring identity_credentials_changed() to service leader.')
def identity_credentials_changed(relation_id=None, remote_unit=None):
"""Update the identity credentials relation on change
Calls add_credentials_to_keystone
:param relation_id: Relation id of the relation
:param remote_unit: Related unit on the relation
"""
if is_elected_leader(CLUSTER_RES):
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
if not is_db_ready():
log("identity-credentials-relation-changed hook fired before db "
"ready - deferring until db ready", level=WARNING)
return
if not is_db_initialised():
log("Database not yet initialised - deferring "
"identity-credentials-relation updates", level=INFO)
return
# Create the tenant user
add_credentials_to_keystone(relation_id, remote_unit)
else:
log('Deferring identity_credentials_changed() to service leader.')
def tests_expect_ha(self, expected_related_units):
expected_related_units.return_value = (x for x in [])
self.conf = {'vip': None, 'dns-ha': None}
self.assertFalse(ha.expect_ha())
expected_related_units.return_value = (
x for x in
['hacluster-unit/0', 'hacluster-unit/1', 'hacluster-unit/2'])
self.conf = {'vip': None, 'dns-ha': None}
self.assertTrue(ha.expect_ha())
expected_related_units.side_effect = NotImplementedError
self.conf = {'vip': '10.0.0.1', 'dns-ha': None}
self.assertTrue(ha.expect_ha())
self.conf = {'vip': None, 'dns-ha': True}
self.assertTrue(ha.expect_ha())
def identity_changed(relation_id=None, remote_unit=None):
notifications_checksums = {}
notifications_endpoints = {}
if is_elected_leader(CLUSTER_RES):
if not is_db_ready():
log(
"identity-service-relation-changed hook fired before db "
"ready - deferring until db ready",
level=WARNING)
return
if not is_db_initialised():
log(
"Database not yet initialised - deferring identity-relation "
"updates",
level=INFO)
return
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
add_service_to_keystone(relation_id, remote_unit)
if is_service_present('neutron', 'network'):
delete_service_entry('quantum', 'network')
settings = relation_get(rid=relation_id, unit=remote_unit)
# If endpoint has changed, notify to units related over the
# identity-notifications interface. We base the decision to notify on
# whether admin_url, public_url or internal_url have changed from
# previous notify.
service = settings.get('service')
if service:
key = '%s-endpoint-changed' % service
notifications_endpoints[key] = endpoints_dict(settings)
notifications_checksums[key] = endpoints_checksum(settings)
else:
# Some services don't set their name in the 'service' key in the
# relation, for those their name is calculated from the prefix of
# keys. See `assemble_endpoints()` for details.
single = {
'service', 'region', 'public_url', 'admin_url', 'internal_url'
}
endpoints = assemble_endpoints(settings)
for ep in endpoints.keys():
if single.issubset(endpoints[ep]):
key = '%s-endpoint-changed' % ep
log('endpoint: %s' % ep)
notifications_endpoints[key] = (endpoints_dict(
endpoints[ep]))
notifications_checksums[key] = (endpoints_checksum(
endpoints[ep]))
else:
log('Deferring identity_changed() to service leader.')
if notifications_endpoints or notifications_checksums:
send_notifications(notifications_checksums, notifications_endpoints)
def identity_changed(relation_id=None, remote_unit=None):
CONFIGS.write_all()
notifications = {}
if is_elected_leader(CLUSTER_RES):
if not is_db_ready():
log(
"identity-service-relation-changed hook fired before db "
"ready - deferring until db ready",
level=WARNING)
return
if not is_db_initialised():
log(
"Database not yet initialised - deferring identity-relation "
"updates",
level=INFO)
return
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
add_service_to_keystone(relation_id, remote_unit)
if is_service_present('neutron', 'network'):
delete_service_entry('quantum', 'network')
settings = relation_get(rid=relation_id, unit=remote_unit)
service = settings.get('service', None)
if service:
# If service is known and endpoint has changed, notify service if
# it is related with notifications interface.
csum = hashlib.sha256()
# We base the decision to notify on whether these parameters have
# changed (if csum is unchanged from previous notify, relation will
# not fire).
csum.update(settings.get('public_url', None))
csum.update(settings.get('admin_url', None))
csum.update(settings.get('internal_url', None))
notifications['%s-endpoint-changed' % (service)] = csum.hexdigest()
else:
# Each unit needs to set the db information otherwise if the unit
# with the info dies the settings die with it Bug# 1355848
for rel_id in relation_ids('identity-service'):
peerdb_settings = peer_retrieve_by_prefix(rel_id)
# Ensure the null'd settings are unset in the relation.
peerdb_settings = filter_null(peerdb_settings)
if 'service_password' in peerdb_settings:
relation_set(relation_id=rel_id, **peerdb_settings)
log('Deferring identity_changed() to service leader.')
if notifications:
send_notifications(notifications)
def identity_changed(relation_id=None, remote_unit=None):
CONFIGS.write_all()
notifications = {}
if is_elected_leader(CLUSTER_RES):
if not is_db_ready():
log("identity-service-relation-changed hook fired before db "
"ready - deferring until db ready", level=WARNING)
return
if not is_db_initialised():
log("Database not yet initialised - deferring identity-relation "
"updates", level=INFO)
return
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
add_service_to_keystone(relation_id, remote_unit)
if is_service_present('neutron', 'network'):
delete_service_entry('quantum', 'network')
settings = relation_get(rid=relation_id, unit=remote_unit)
service = settings.get('service', None)
if service:
# If service is known and endpoint has changed, notify service if
# it is related with notifications interface.
csum = hashlib.sha256()
# We base the decision to notify on whether these parameters have
# changed (if csum is unchanged from previous notify, relation will
# not fire).
csum.update(settings.get('public_url', None))
csum.update(settings.get('admin_url', None))
csum.update(settings.get('internal_url', None))
notifications['%s-endpoint-changed' % (service)] = csum.hexdigest()
else:
# Each unit needs to set the db information otherwise if the unit
# with the info dies the settings die with it Bug# 1355848
for rel_id in relation_ids('identity-service'):
peerdb_settings = peer_retrieve_by_prefix(rel_id)
# Ensure the null'd settings are unset in the relation.
peerdb_settings = filter_null(peerdb_settings)
if 'service_password' in peerdb_settings:
relation_set(relation_id=rel_id, **peerdb_settings)
log('Deferring identity_changed() to service leader.')
if notifications:
send_notifications(notifications)
def trustee_credentials_changed(relation_id=None, remote_unit=None):
if is_elected_leader(CLUSTER_RES):
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
if not is_db_ready():
log("trustee-credentials-relation-changed hook fired before db "
"ready - deferring until db ready", level=WARNING)
return
if not is_db_initialised():
log("Database not yet initialised - deferring "
"trustee-credentials-relation updates", level=INFO)
return
# Create the tenant user
add_trustee_credentials_to_keystone(relation_id, remote_unit)
else:
log('Deferring add_trustee_credentials_to_keystone() to service leader.')
def admin_relation_changed(relation_id=None):
# TODO: fixup
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
relation_data = {
'service_hostname': resolve_address(ADMIN),
'service_port': config('service-port'),
'service_username': config('admin-user'),
'service_tenant_name': config('admin-role'),
'service_region': config('region'),
'service_protocol': 'https' if https() else 'http',
'api_version': get_api_version(),
}
if relation_data['api_version'] > 2:
relation_data['service_user_domain_name'] = ADMIN_DOMAIN
relation_data['service_project_domain_name'] = ADMIN_DOMAIN
relation_data['service_project_name'] = ADMIN_PROJECT
relation_data['service_password'] = get_admin_passwd()
relation_set(relation_id=relation_id, **relation_data)
def admin_relation_changed(relation_id=None):
# TODO: fixup
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
relation_data = {
'service_hostname': resolve_address(ADMIN),
'service_port': config('service-port'),
'service_username': config('admin-user'),
'service_tenant_name': config('admin-role'),
'service_region': config('region'),
'service_protocol': 'https' if https() else 'http',
'api_version': get_api_version(),
}
if relation_data['api_version'] > 2:
relation_data['service_user_domain_name'] = ADMIN_DOMAIN
relation_data['service_project_domain_name'] = ADMIN_DOMAIN
relation_data['service_project_name'] = ADMIN_PROJECT
relation_data['service_password'] = get_admin_passwd()
relation_set(relation_id=relation_id, **relation_data)
