def cluster_changed():
CONFIGS.write_all()
if hookenv.relation_ids('cluster'):
ch_peerstorage.peer_echo(includes=['dbsync_state'])
dbsync_state = ch_peerstorage.peer_retrieve('dbsync_state')
if dbsync_state == 'complete':
if not ch_utils.is_unit_paused_set():
for svc in ncc_utils.services():
ch_host.service_resume(svc)
else:
hookenv.log('Unit is in paused state, not issuing '
'start/resume to all services')
else:
if not ch_utils.is_unit_paused_set():
hookenv.log('Database sync not ready. Shutting down services')
for svc in ncc_utils.services():
ch_host.service_pause(svc)
else:
hookenv.log(
'Database sync not ready. Would shut down services but '
'unit is in paused state, not issuing stop/pause to all '
'services')
# The shared metadata secret is stored in the leader-db and if its changed
# the gateway needs to know.
for rid in hookenv.relation_ids('quantum-network-service'):
quantum_joined(rid=rid, remote_restart=False)
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
if not git_install_requested():
service_pause('keystone')
CONFIGS.write(WSGI_KEYSTONE_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
initialise_pki()
update_all_identity_relation_units()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if snap_install_requested():
status_set('maintenance', 'Installing keystone snap')
# NOTE(thedac) Setting devmode until LP#1719636 is fixed
install_os_snaps(
get_snaps_install_info_from_origin(['keystone'],
config('openstack-origin'),
mode='devmode'))
post_snap_install()
service_stop('snap.keystone.*')
else:
# unconfigured keystone service will prevent start of haproxy in some
# circumstances. make sure haproxy runs. LP #1648396
service_stop('keystone')
service_start('haproxy')
if run_in_apache():
disable_unused_apache_sites()
service_pause('keystone')
unison.ensure_user(user=SSH_USER, group=SSH_USER)
unison.ensure_user(user=SSH_USER, group=KEYSTONE_USER)
def upgrade_charm():
emit_cephconf()
apt_install(packages=filter_installed_packages(ceph.determine_packages()),
fatal=True)
try:
# we defer and explicitly run `ceph-create-keys` from
# add_keyring_to_ceph() as part of bootstrap process
# LP: #1719436.
service_pause('ceph-create-keys')
except ValueError:
pass
ceph.update_monfs()
mon_relation_joined()
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
if not ceph.monitor_key_exists('admin', 'autotune'):
autotune = config('pg-autotune')
if (cmp_pkgrevno('ceph', '14.2.0') >= 0
and (autotune == 'true' or autotune == 'auto')):
ceph.monitor_key_set('admin', 'autotune', 'true')
else:
ceph.monitor_key_set('admin', 'autotune', 'false')
# NOTE(jamespage):
# Reprocess broker requests to ensure that any cephx
# key permission changes are applied
notify_client()
notify_radosgws()
notify_rbd_mirrors()
notify_prometheus()
def install():
hookenv.status_set('maintenance', 'Executing pre-install')
execd.execd_preinstall()
ch_utils.configure_installation_source(hookenv.config('openstack-origin'))
hookenv.status_set('maintenance', 'Installing apt packages')
ch_fetch.apt_update()
ch_fetch.apt_install(ncc_utils.determine_packages(), fatal=True)
ncc_utils.disable_package_apache_site()
ncc_utils.stop_deprecated_services()
_files = os.path.join(hookenv.charm_dir(), 'files')
if os.path.isdir(_files):
for f in os.listdir(_files):
f = os.path.join(_files, f)
if os.path.isfile(f):
hookenv.log('Installing %s to /usr/bin' % f)
shutil.copy2(f, '/usr/bin')
for port in ncc_utils.determine_ports():
hookenv.open_port(port)
msg = 'Disabling services into db relation joined'
hookenv.log(msg)
hookenv.status_set('maintenance', msg)
if not ch_utils.is_unit_paused_set():
for svc in ncc_utils.services():
ch_host.service_pause(svc)
else:
hookenv.log('Unit is in paused state, not issuing stop/pause '
'to all services')
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
check_call(["chmod", "-R", "g+wrx", "/var/lib/keystone/"])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
if not git_install_requested():
service_pause("keystone")
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check("apache2")
configure_https()
open_port(config("service-port"))
update_nrpe_config()
CONFIGS.write_all()
initialise_pki()
update_all_identity_relation_units()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids("ha"):
ha_joined(relation_id=r_id)
def install():
hookenv.status_set('maintenance', 'Executing pre-install')
execd.execd_preinstall()
ch_utils.configure_installation_source(hookenv.config('openstack-origin'))
hookenv.status_set('maintenance', 'Installing apt packages')
ch_fetch.apt_update()
ch_fetch.apt_install(ncc_utils.determine_packages(), fatal=True)
ncc_utils.disable_package_apache_site()
ncc_utils.stop_deprecated_services()
_files = os.path.join(hookenv.charm_dir(), 'files')
if os.path.isdir(_files):
for f in os.listdir(_files):
f = os.path.join(_files, f)
if os.path.isfile(f):
hookenv.log('Installing %s to /usr/bin' % f)
shutil.copy2(f, '/usr/bin')
for port in ncc_utils.determine_ports():
hookenv.open_port(port)
msg = 'Disabling services into db relation joined'
hookenv.log(msg)
hookenv.status_set('maintenance', msg)
if not ch_utils.is_unit_paused_set():
for svc in ncc_utils.services():
ch_host.service_pause(svc)
else:
hookenv.log('Unit is in paused state, not issuing stop/pause '
'to all services')
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if snap_install_requested():
status_set('maintenance', 'Installing keystone snap')
# NOTE(thedac) Setting devmode until LP#1719636 is fixed
install_os_snaps(
get_snaps_install_info_from_origin(['keystone'],
config('openstack-origin'),
mode='devmode'))
post_snap_install()
service_stop('snap.keystone.*')
else:
# unconfigured keystone service will prevent start of haproxy in some
# circumstances. make sure haproxy runs. LP #1648396
service_stop('keystone')
service_start('haproxy')
if run_in_apache():
disable_unused_apache_sites()
service_pause('keystone')
# call the policy overrides handler which will install any policy overrides
maybe_do_policyd_overrides(
os_release('keystone'),
'keystone',
restart_handler=lambda: service_restart('apache2'))
def remove_from_cloud():
"""
Implementation of 'remove-from-cloud' action.
This action is preparation for clean removal of nova-compute unit from
juju model. If this action succeeds , user can run `juju remove-unit`
command.
Steps performed by this action:
- Checks that this nova-compute unit can be removed from the cloud
- If not, action fails
- Stops nova-compute system service
- Unregisters nova-compute service from the nova cloud controller
"""
nova = cloud_utils.nova_client()
if cloud_utils.running_vms(nova) > 0:
raise RuntimeError("This unit can not be removed from the "
"cloud because it's still running VMs. Please "
"remove these VMs or migrate them to another "
"nova-compute unit")
nova_service_id = cloud_utils.nova_service_id(nova)
log("Stopping nova-compute service", DEBUG)
service_pause('nova-compute')
log("Deleting nova service '{}'".format(nova_service_id), DEBUG)
nova.services.delete(nova_service_id)
status_set(WORKLOAD_STATES.BLOCKED, UNIT_REMOVED_MSG)
function_set({'message': UNIT_REMOVED_MSG})
def upgrade():
"""Upgrade basic-auths-service snap."""
install()
# XXX Work-around a bug in the snap that restarts the service even
# when disabled: disable it again.
host.service_pause(SERVICE_JOB)
hookenv.status_set("maintenance", "Service upgraded and paused.")
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if snap_install_requested():
status_set('maintenance', 'Installing keystone snap')
# NOTE(thedac) Setting devmode until LP#1719636 is fixed
install_os_snaps(
get_snaps_install_info_from_origin(
['keystone'],
config('openstack-origin'),
mode='devmode'))
post_snap_install()
service_stop('snap.keystone.*')
else:
# unconfigured keystone service will prevent start of haproxy in some
# circumstances. make sure haproxy runs. LP #1648396
service_stop('keystone')
service_start('haproxy')
if run_in_apache():
disable_unused_apache_sites()
service_pause('keystone')
def cluster_changed():
CONFIGS.write_all()
if hookenv.relation_ids('cluster'):
ch_peerstorage.peer_echo(includes=['dbsync_state'])
dbsync_state = ch_peerstorage.peer_retrieve('dbsync_state')
if dbsync_state == 'complete':
if not ch_utils.is_unit_paused_set():
for svc in ncc_utils.services():
ch_host.service_resume(svc)
else:
hookenv.log('Unit is in paused state, not issuing '
'start/resume to all services')
else:
if not ch_utils.is_unit_paused_set():
hookenv.log('Database sync not ready. Shutting down services')
for svc in ncc_utils.services():
ch_host.service_pause(svc)
else:
hookenv.log(
'Database sync not ready. Would shut down services but '
'unit is in paused state, not issuing stop/pause to all '
'services')
# The shared metadata secret is stored in the leader-db and if its changed
# the gateway needs to know.
for rid in hookenv.relation_ids('quantum-network-service'):
quantum_joined(rid=rid, remote_restart=False)
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
service_pause('keystone')
CONFIGS.write(WSGI_KEYSTONE_CONF)
restart_pid_check('apache2')
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
initialise_pki()
update_all_identity_relation_units()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def update_nova_consoleauth_config():
"""
Configure nova-consoleauth pacemaker resources
"""
relids = hookenv.relation_ids('ha')
if len(relids) == 0:
hookenv.log('Related to {} ha services'.format(len(relids)),
level=hookenv.DEBUG)
ha_relid = None
data = {}
else:
ha_relid = relids[0]
data = hookenv.relation_get(rid=ha_relid) or {}
# initialize keys in case this is a new dict
data.setdefault('delete_resources', [])
for k in ['colocations', 'init_services', 'resources', 'resource_params']:
data.setdefault(k, {})
if (hookenv.config('single-nova-consoleauth')
and common.console_attributes('protocol')):
for item in ['vip_consoleauth', 'res_nova_consoleauth']:
try:
data['delete_resources'].remove(item)
except ValueError:
pass # nothing to remove, we are good
# the new pcmkr resources have to be added to the existing ones
data['colocations']['vip_consoleauth'] = COLO_CONSOLEAUTH
data['init_services']['res_nova_consoleauth'] = 'nova-consoleauth'
data['resources']['res_nova_consoleauth'] = AGENT_CONSOLEAUTH
data['resource_params']['res_nova_consoleauth'] = AGENT_CA_PARAMS
for rid in hookenv.relation_ids('ha'):
hookenv.relation_set(rid, **data)
# nova-consoleauth will be managed by pacemaker, so stop it
# and prevent it to be started again at boot. (LP: #1693629).
if hookenv.relation_ids('ha'):
ch_host.service_pause('nova-consoleauth')
elif (not hookenv.config('single-nova-consoleauth')
and common.console_attributes('protocol')):
for item in ['vip_consoleauth', 'res_nova_consoleauth']:
if item not in data['delete_resources']:
data['delete_resources'].append(item)
# remove them from the rel, so they aren't recreated when the hook
# is recreated
data['colocations'].pop('vip_consoleauth', None)
data['init_services'].pop('res_nova_consoleauth', None)
data['resources'].pop('res_nova_consoleauth', None)
data['resource_params'].pop('res_nova_consoleauth', None)
for rid in hookenv.relation_ids('ha'):
hookenv.relation_set(rid, **data)
if not ch_utils.is_unit_paused_set():
ch_host.service_resume('nova-consoleauth')
def initial_setup():
status_set('maintenance', 'Initial setup of slurm-controller')
# Disable slurmd on controller
service_pause(SLURMD_SERVICE)
# Setup munge key
munge_key = pwgen(length=4096)
config().update({'munge_key': munge_key})
render_munge_key(config=config())
def configure_dhcp_agents():
'''
If we're using the Calico DHCP agent, ensure that the Neutron DHCP agent is
stopped and disabled.
'''
if DHCP_AGENT == 'calico-dhcp-agent':
# Stop and disable the Neutron DHCP agent.
service_pause('neutron-dhcp-agent')
def configure_dhcp_agents():
'''
If we're using the Calico DHCP agent, ensure that the Neutron DHCP agent is
stopped and disabled.
'''
if DHCP_AGENT == 'calico-dhcp-agent':
# Stop and disable the Neutron DHCP agent.
service_pause('neutron-dhcp-agent')
def post_series_upgrade():
log("Running complete series upgrade hook", "INFO")
# if we just upgraded from non systemd then ensure that the new packages of
# keystone definitely don't run the keystone service if we are a wsgi
# configured system.
if run_in_apache():
disable_unused_apache_sites()
service_pause('keystone')
series_upgrade_complete(resume_unit_helper, CONFIGS)
def initial_setup():
hookenv.status_set('maintenance', 'Setting up munge key')
# use leader-get here as this is executed on both active and
# backup controllers
munge_key = hookenv.leader_get('munge_key')
# Disable slurmd on controller
host.service_pause(helpers.SLURMD_SERVICE)
helpers.render_munge_key(context={'munge_key': munge_key})
flags.set_flag('munge.configured')
def config_changed_postupgrade():
save_script_rc()
release = os_release('keystone')
if run_in_apache(release=release):
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
service_pause('keystone')
disable_unused_apache_sites()
if WSGI_KEYSTONE_API_CONF in CONFIGS.templates:
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
stop_manager_instance()
if enable_memcache(release=release):
# If charm or OpenStack have been upgraded then the list of required
# packages may have changed so ensure they are installed.
apt_install(filter_installed_packages(determine_packages()))
if is_leader() and fernet_enabled():
key_setup()
key_leader_set()
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
if snap_install_requested() and not is_unit_paused_set():
service_restart('snap.keystone.*')
stop_manager_instance()
if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not
is_unit_paused_set()):
ensure_initial_admin(config)
if CompareOpenStackReleases(
os_release('keystone')) >= 'liberty':
CONFIGS.write(POLICY_JSON)
update_all_identity_relation_units()
update_all_domain_backends()
update_all_fid_backends()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
notify_middleware_with_release_version()
inform_peers_if_ready(check_api_unit_ready)
def db_departed():
CONFIGS.write_all()
update_cell_db_if_ready(skip_acl_check=True)
for r_id in hookenv.relation_ids('cluster'):
hookenv.relation_set(relation_id=r_id, dbsync_state='incomplete')
if not ch_utils.is_unit_paused_set():
for svc in ncc_utils.services():
ch_host.service_pause(svc)
else:
hookenv.log('Unit is in paused state, not issuing stop/pause to all '
'services')
def db_departed():
CONFIGS.write_all()
update_cell_db_if_ready(skip_acl_check=True)
for r_id in hookenv.relation_ids('cluster'):
hookenv.relation_set(relation_id=r_id, dbsync_state='incomplete')
if not ch_utils.is_unit_paused_set():
for svc in ncc_utils.services():
ch_host.service_pause(svc)
else:
hookenv.log('Unit is in paused state, not issuing stop/pause to all '
'services')
def install(self):
"""Called when the charm is being installed or upgraded.
The available configuration options need to be check AFTER the charm is
installed to check to see whether it is blocked or can go into service.
"""
super().install()
# this creates the /etc/nova directory for the
# neutron-openvswitch plugin if needed.
subprocess.check_call(["mkdir", "-p", "/etc/nova"])
host.service_pause('manila-api')
self.assess_status()
def install():
execd_preinstall()
add_source(config('source'), config('key'))
apt_update(fatal=True)
apt_install(packages=ceph.determine_packages(), fatal=True)
try:
# we defer and explicitly run `ceph-create-keys` from
# add_keyring_to_ceph() as part of bootstrap process
# LP: #1719436.
service_pause('ceph-create-keys')
except ValueError:
pass
def config_changed_postupgrade():
save_script_rc()
release = os_release('keystone')
if run_in_apache(release=release):
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
service_pause('keystone')
disable_unused_apache_sites()
if WSGI_KEYSTONE_API_CONF in CONFIGS.templates:
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
stop_manager_instance()
if enable_memcache(release=release):
# If charm or OpenStack have been upgraded then the list of required
# packages may have changed so ensure they are installed.
apt_install(filter_installed_packages(determine_packages()))
if is_leader() and fernet_enabled():
key_setup()
key_leader_set()
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
if snap_install_requested() and not is_unit_paused_set():
service_restart('snap.keystone.*')
stop_manager_instance()
if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not
is_unit_paused_set()):
ensure_initial_admin(config)
if CompareOpenStackReleases(
os_release('keystone')) >= 'liberty':
CONFIGS.write(POLICY_JSON)
update_all_identity_relation_units()
update_all_domain_backends()
update_all_fid_backends()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
notify_middleware_with_release_version()
def start_ntpmon():
"""
Start the ntpmon daemon process.
If ntp is not installed, do nothing.
"""
if os.path.exists(ntp_conf):
hookenv.log(ntp_conf + ' present; enabling and starting ntpmon')
host.service_resume(service_name)
else:
hookenv.log(ntp_conf + ' not present; disabling ntpmon')
host.service_pause(service_name)
set_state('ntpmon.started')
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
install_packages()
# hold the service down until we have keys from ceph
log('Disable service "{}" until we have keys for it.'.format(
service_name()),
level=DEBUG)
service_pause(service_name())
if not os.path.exists('/etc/ceph'):
os.makedirs('/etc/ceph')
if is_leader():
leader_set(namespace_tenants=config('namespace-tenants'))
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
if not snap_install_requested():
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
release = os_release('keystone')
if run_in_apache(release=release):
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
service_pause('keystone')
disable_unused_apache_sites()
if WSGI_KEYSTONE_API_CONF in CONFIGS.templates:
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
if enable_memcache(release=release):
# If charm or OpenStack have been upgraded then the list of required
# packages may have changed so ensure they are installed.
apt_install(filter_installed_packages(determine_packages()))
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
if snap_install_requested() and not is_unit_paused_set():
service_restart('snap.keystone.*')
initialise_pki()
update_all_identity_relation_units()
update_all_domain_backends()
update_all_fid_backends()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def install(self):
"""Install packages related to this charm based on
contents of self.packages attribute, after first
configuring the installation source.
"""
# Use goal-state to determine if we are expecting multiple units
# and, if so, mask the manila-share service so that it only ever
# gets run by pacemaker.
_goal_state = goal_state()
peers = (key for key in _goal_state['units']
if '/' in key and key != local_unit())
if len(list(peers)) > 0:
service_pause('manila-share')
super().install()
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if run_in_apache():
service_pause('keystone')
status_set('maintenance', 'Git install')
git_install(config('openstack-origin-git'))
unison.ensure_user(user=SSH_USER, group='juju_keystone')
unison.ensure_user(user=SSH_USER, group='keystone')
def pre_series_upgrade():
# NB: We use --force here because unmanaged pods are going to die anyway
# when the node is shut down, and it's better to let drain cleanly
# terminate them. We use --delete-local-data because the dashboard, at
# least, uses local data (emptyDir); but local data is documented as being
# ephemeral anyway, so we can assume it should be ok.
kubectl(
"drain",
get_node_name(),
"--ignore-daemonsets",
"--force",
"--delete-local-data",
)
service_pause("snap.kubelet.daemon")
service_pause("snap.kube-proxy.daemon")
def update_aws_compat_services():
"""Depending on the configuration of `disable-aws-compatibility` config
option.
This will stop/start and disable/enable `nova-api-ec2` and
`nova-objectstore` services.
"""
# if packages aren't installed, then there is nothing to do
if filter_installed_packages(AWS_COMPAT_SERVICES) != []:
return
if config('disable-aws-compat'):
# TODO: the endpoints have to removed from keystone
for service_ in AWS_COMPAT_SERVICES:
service_pause(service_)
else:
for service_ in AWS_COMPAT_SERVICES:
service_resume(service_)
def start_ntpmon():
"""
Start the ntpmon daemon process.
If no NTP server is installed, do nothing.
"""
started = False
service_name = layer.options.get('ntpmon', 'service-name')
if service_name:
for f in (CHRONY_CONF, NTP_CONF):
if os.path.exists(f):
log('{} present; enabling and starting ntpmon'.format(f))
host.service_resume(service_name)
started = True
break
if not started:
log('No supported NTP service present; disabling ntpmon')
host.service_pause(service_name)
set_flag('ntpmon.started')
def start_ntpmon():
"""
Start the ntpmon daemon process.
If no NTP server is installed, do nothing.
"""
started = False
service_name = layer.options.get('ntpmon', 'service-name')
if service_name:
for f in (CHRONY_CONF, NTP_CONF):
if os.path.exists(f):
log('{} present; enabling and starting ntpmon'.format(f))
host.service_resume(service_name)
started = True
break
if not started:
log('No supported NTP service present; disabling ntpmon')
host.service_pause(service_name)
set_flag('ntpmon.started')
def pause(args):
"""Pause all the Glance services.
@raises Exception if any services fail to stop
"""
for service in services():
stopped = service_pause(service)
if not stopped:
raise Exception("{} didn't stop cleanly.".format(service))
status_set("maintenance", "Paused. Use 'resume' action to resume normal service.")
def pause(args):
"""Pause the MySQL service.
@raises Exception should the service fail to stop.
"""
if not service_pause(MYSQL_SERVICE):
raise Exception("Failed to pause MySQL service.")
status_set(
"maintenance",
"Unit paused - use 'resume' action to resume normal service")
def pause(args):
"""Pause all the Keystone services.
@raises Exception if any services fail to stop
"""
for service in services():
stopped = service_pause(service)
if not stopped:
raise Exception("{} didn't stop cleanly.".format(service))
status_set("maintenance",
"Paused. Use 'resume' action to resume normal service.")
def remove_leftovers():
"""
Remove the installed packages and stop the service.
"""
rdebug('storpool-block.stop invoked')
reactive.remove_state('storpool-block.stop')
if not sputils.check_in_lxc():
rdebug('stopping and disabling the storpool_block service')
host.service_pause('storpool_block')
rdebug('uninstalling any block-related packages')
sprepo.unrecord_packages('storpool-block')
rdebug('let storpool-beacon know')
reactive.set_state('storpool-beacon.stop')
reactive.set_state('storpool-block.stopped')
for state in STATES_REDO['set'] + STATES_REDO['unset']:
reactive.remove_state(state)
def pause(args):
"""Pause all the swift services.
@raises Exception if any services fail to stop
"""
for service in args.services:
stopped = service_pause(service)
if not stopped:
raise Exception("{} didn't stop cleanly.".format(service))
set_unit_paused()
assess_status(CONFIGS, args.services)
def remove_leftovers():
"""
Clean up, disable the service, uninstall the packages.
"""
rdebug('storpool-beacon.stop invoked')
reactive.remove_state('storpool-beacon.stop')
if not sputils.check_in_lxc():
rdebug('stopping and disabling the storpool_beacon service')
host.service_pause('storpool_beacon')
rdebug('uninstalling any beacon-related packages')
sprepo.unrecord_packages('storpool-beacon')
rdebug('letting storpool-common know')
reactive.set_state('storpool-common.stop')
reactive.set_state('storpool-beacon.stopped')
for state in STATES_REDO['set'] + STATES_REDO['unset']:
reactive.remove_state(state)
def upgrade_charm():
emit_cephconf()
apt_install(packages=filter_installed_packages(ceph.determine_packages()),
fatal=True)
try:
# we defer and explicitly run `ceph-create-keys` from
# add_keyring_to_ceph() as part of bootstrap process
# LP: #1719436.
service_pause('ceph-create-keys')
except ValueError:
pass
ceph.update_monfs()
mon_relation_joined()
if is_relation_made("nrpe-external-master"):
update_nrpe_config()
# NOTE(jamespage):
# Reprocess broker requests to ensure that any cephx
# key permission changes are applied
notify_client()
def pause(args):
"""Pause all the swift services.
@raises Exception if any services fail to stop
"""
for service in args.services:
stopped = service_pause(service)
if not stopped:
raise Exception("{} didn't stop cleanly.".format(service))
set_unit_paused()
assess_status(CONFIGS, args.services)
def pause(args):
"""Pause all the swift services.
@raises Exception if any services fail to stop
"""
for service in args.services:
stopped = service_pause(service)
if not stopped:
raise Exception("{} didn't stop cleanly.".format(service))
with HookData()():
kv().set('unit-paused', True)
assess_status(CONFIGS)
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if snap_install_requested():
status_set('maintenance', 'Installing keystone snap')
snap_install('keystone', '--edge', '--classic')
service_pause('snap.keystone.uwsgi')
service_pause('snap.keystone.nginx')
else:
if run_in_apache():
disable_unused_apache_sites()
if not git_install_requested():
service_pause('keystone')
status_set('maintenance', 'Git install')
git_install(config('openstack-origin-git'))
unison.ensure_user(user=SSH_USER, group='juju_keystone')
# NOTE(coreycb): can just use group='keystone' once snap has drop privs support
if snap_install_requested():
unison.ensure_user(user=SSH_USER, group='root')
else:
unison.ensure_user(user=SSH_USER, group='keystone')
def install():
status_set("maintenance", "Executing pre-install")
execd_preinstall()
configure_installation_source(config("openstack-origin"))
status_set("maintenance", "Installing apt packages")
apt_update()
apt_install(determine_packages(), fatal=True)
if run_in_apache():
# NOTE: ensure that packaging provided
# apache configuration is disabled
# as it will conflict with the charm
# provided version. when deployed from
# source, init scripts aren't installed.
if os.path.exists(PACKAGE_KEYSTONE_CONF):
check_call(["a2dissite", "keystone"])
if not git_install_requested():
service_pause("keystone")
status_set("maintenance", "Git install")
git_install(config("openstack-origin-git"))
unison.ensure_user(user=SSH_USER, group="juju_keystone")
unison.ensure_user(user=SSH_USER, group="keystone")
def pause(args):
"""Pause the Ceilometer services.
@raises Exception should the service fail to stop.
"""
services = CEILOMETER_BASE_SERVICES + ceilometer_release_services()
for service in services:
if not service_pause(service):
raise Exception("Failed to %s." % service)
db = kv()
db.set('unit-paused', True)
db.flush()
status_set(
"maintenance",
"Unit paused - use 'resume' action to resume normal service")
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
if not snap_install_requested():
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
if not git_install_requested():
service_pause('keystone')
if snap_install_requested():
service_pause('snap.keystone.uwsgi')
service_pause('snap.keystone.nginx')
else:
disable_unused_apache_sites()
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
# NOTE(coreycb): Need to add https support for snap with nginx
if not snap_install_requested():
configure_https()
open_port(config('service-port'))
if not snap_install_requested():
update_nrpe_config()
CONFIGS.write_all()
# NOTE(coreycb): Can dropp check once snap has alias support and
# drops privileges.
if not snap_install_requested():
initialise_pki()
update_all_identity_relation_units()
update_all_domain_backends()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def config_changed():
# if we are paused, delay doing any config changed hooks.
# It is forced on the resume.
if ch_utils.is_unit_paused_set():
hookenv.log("Unit is pause or upgrading. Skipping config_changed",
hookenv.WARNING)
return
# neutron-server runs if < juno. Neutron-server creates mysql tables
# which will subsequently cause db migrations to fail if >= juno.
# Disable neutron-server if >= juno
if ch_utils.CompareOpenStackReleases(
ch_utils.os_release('nova-common')) >= 'juno':
try:
ch_host.service_pause('neutron-server')
except ValueError:
# neutron-server service not installed, ignore.
pass
if hookenv.config('prefer-ipv6'):
hookenv.status_set('maintenance', 'configuring ipv6')
ncc_utils.setup_ipv6()
ch_utils.sync_db_with_multi_ipv6_addresses(
hookenv.config('database'),
hookenv.config('database-user'),
relation_prefix='nova')
global CONFIGS
if not hookenv.config('action-managed-upgrade'):
if ch_utils.openstack_upgrade_available('nova-common'):
hookenv.status_set('maintenance', 'Running openstack upgrade')
ncc_utils.do_openstack_upgrade(CONFIGS)
for rid in hookenv.relation_ids('neutron-api'):
neutron_api_relation_joined(rid=rid, remote_restart=True)
# NOTE(jamespage): Force re-fire of shared-db joined hook
# to ensure that nova_api database is setup if required.
for r_id in hookenv.relation_ids('shared-db'):
db_joined(relation_id=r_id)
ncc_utils.save_script_rc()
configure_https()
CONFIGS.write_all()
# NOTE(jamespage): deal with any changes to the console and serial
# console configuration options
filtered = ch_fetch.filter_installed_packages(
ncc_utils.determine_packages())
if filtered:
ch_fetch.apt_install(filtered, fatal=True)
for r_id in hookenv.relation_ids('identity-service'):
identity_joined(rid=r_id)
for rid in hookenv.relation_ids('cluster'):
cluster_joined(rid)
update_nova_relation()
update_nrpe_config()
# If the region value has changed, notify the cloud-compute relations
# to ensure the value is propagated to the compute nodes.
if ch_utils.config_value_changed('region'):
for rid in hookenv.relation_ids('cloud-compute'):
for unit in hookenv.related_units(rid):
compute_changed(rid, unit)
ncc_utils.update_aws_compat_services()
if hookenv.config('vendor-data'):
ncc_utils.write_vendordata(hookenv.config('vendor-data'))
if hookenv.is_leader() and not ncc_utils.get_shared_metadatasecret():
ncc_utils.set_shared_metadatasecret()
for rid in hookenv.relation_ids('ha'):
ha_joined(rid)
if (not ch_utils.is_unit_paused_set() and
ncc_utils.is_console_auth_enabled()):
ch_host.service_resume('nova-consoleauth')
