def update_nova_consoleauth_config():
"""
Configure nova-consoleauth pacemaker resources
"""
relids = hookenv.relation_ids('ha')
if len(relids) == 0:
hookenv.log('Related to {} ha services'.format(len(relids)),
level=hookenv.DEBUG)
ha_relid = None
data = {}
else:
ha_relid = relids[0]
data = hookenv.relation_get(rid=ha_relid) or {}
# initialize keys in case this is a new dict
data.setdefault('delete_resources', [])
for k in ['colocations', 'init_services', 'resources', 'resource_params']:
data.setdefault(k, {})
if (hookenv.config('single-nova-consoleauth')
and common.console_attributes('protocol')):
for item in ['vip_consoleauth', 'res_nova_consoleauth']:
try:
data['delete_resources'].remove(item)
except ValueError:
pass # nothing to remove, we are good
# the new pcmkr resources have to be added to the existing ones
data['colocations']['vip_consoleauth'] = COLO_CONSOLEAUTH
data['init_services']['res_nova_consoleauth'] = 'nova-consoleauth'
data['resources']['res_nova_consoleauth'] = AGENT_CONSOLEAUTH
data['resource_params']['res_nova_consoleauth'] = AGENT_CA_PARAMS
for rid in hookenv.relation_ids('ha'):
hookenv.relation_set(rid, **data)
# nova-consoleauth will be managed by pacemaker, so stop it
# and prevent it to be started again at boot. (LP: #1693629).
if hookenv.relation_ids('ha'):
ch_host.service_pause('nova-consoleauth')
elif (not hookenv.config('single-nova-consoleauth')
and common.console_attributes('protocol')):
for item in ['vip_consoleauth', 'res_nova_consoleauth']:
if item not in data['delete_resources']:
data['delete_resources'].append(item)
# remove them from the rel, so they aren't recreated when the hook
# is recreated
data['colocations'].pop('vip_consoleauth', None)
data['init_services'].pop('res_nova_consoleauth', None)
data['resources'].pop('res_nova_consoleauth', None)
data['resource_params'].pop('res_nova_consoleauth', None)
for rid in hookenv.relation_ids('ha'):
hookenv.relation_set(rid, **data)
if not ch_utils.is_unit_paused_set():
ch_host.service_resume('nova-consoleauth')
def __call__(self):
ctxt = {}
if (hookenv.config('console-ssl-cert') and
hookenv.config('console-ssl-key') and
hookenv.config('console-access-protocol')):
ssl_dir = '/etc/nova/ssl/'
if not os.path.exists(ssl_dir):
hookenv.log('Creating %s.' % ssl_dir, level=hookenv.DEBUG)
os.mkdir(ssl_dir)
cert_path = os.path.join(ssl_dir, 'nova_cert.pem')
decode_ssl_cert = base64.b64decode(
hookenv.config('console-ssl-cert'))
key_path = os.path.join(ssl_dir, 'nova_key.pem')
decode_ssl_key = base64.b64decode(
hookenv.config('console-ssl-key'))
with open(cert_path, 'wb') as fh:
fh.write(decode_ssl_cert)
with open(key_path, 'wb') as fh:
fh.write(decode_ssl_key)
ctxt['ssl_only'] = True
ctxt['ssl_cert'] = cert_path
ctxt['ssl_key'] = key_path
if ch_cluster.is_clustered():
ip_addr = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC)
else:
ip_addr = hookenv.unit_get('private-address')
ip_addr = ch_network_ip.format_ipv6_addr(ip_addr) or ip_addr
_proto = hookenv.config('console-access-protocol')
url = "https://%s:%s%s" % (
ip_addr,
common.console_attributes('proxy-port', proto=_proto),
common.console_attributes('proxy-page', proto=_proto))
if _proto == 'novnc':
ctxt['novncproxy_base_url'] = url
elif _proto == 'spice':
ctxt['html5proxy_base_url'] = url
return ctxt
def __call__(self):
ctxt = {}
if (hookenv.config('console-ssl-cert') and
hookenv.config('console-ssl-key') and
hookenv.config('console-access-protocol')):
ssl_dir = '/etc/nova/ssl/'
if not os.path.exists(ssl_dir):
hookenv.log('Creating %s.' % ssl_dir, level=hookenv.DEBUG)
os.mkdir(ssl_dir)
cert_path = os.path.join(ssl_dir, 'nova_cert.pem')
decode_ssl_cert = base64.b64decode(
hookenv.config('console-ssl-cert'))
key_path = os.path.join(ssl_dir, 'nova_key.pem')
decode_ssl_key = base64.b64decode(
hookenv.config('console-ssl-key'))
with open(cert_path, 'wb') as fh:
fh.write(decode_ssl_cert)
with open(key_path, 'wb') as fh:
fh.write(decode_ssl_key)
ctxt['ssl_only'] = True
ctxt['ssl_cert'] = cert_path
ctxt['ssl_key'] = key_path
if ch_cluster.is_clustered():
ip_addr = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC)
else:
ip_addr = hookenv.unit_get('private-address')
ip_addr = ch_network_ip.format_ipv6_addr(ip_addr) or ip_addr
_proto = hookenv.config('console-access-protocol')
url = "https://%s:%s%s" % (
ip_addr,
common.console_attributes('proxy-port', proto=_proto),
common.console_attributes('proxy-page', proto=_proto))
if _proto == 'novnc':
ctxt['novncproxy_base_url'] = url
elif _proto == 'spice':
ctxt['html5proxy_base_url'] = url
return ctxt
def console_settings():
rel_settings = {}
proto = common.console_attributes('protocol')
if not proto:
return {}
rel_settings['console_keymap'] = hookenv.config('console-keymap')
rel_settings['console_access_protocol'] = proto
console_ssl = False
if (hookenv.config('console-ssl-cert') and
hookenv.config('console-ssl-key')):
console_ssl = True
if hookenv.config('console-proxy-ip') == 'local':
if console_ssl:
address = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC)
address = ch_network_ip.format_ipv6_addr(address) or address
proxy_base_addr = 'https://%s' % address
else:
# canonical_url will only return 'https:' if API SSL are enabled.
proxy_base_addr = ch_ip.canonical_url(CONFIGS, ch_ip.PUBLIC)
else:
if console_ssl or ch_cluster.https():
schema = "https"
else:
schema = "http"
proxy_base_addr = ("{}://{}"
.format(schema, hookenv.config('console-proxy-ip')))
if proto == 'vnc':
protocols = ['novnc', 'xvpvnc']
else:
protocols = [proto]
for _proto in protocols:
rel_settings['console_proxy_{}_address'.format(_proto)] = \
"{}:{}{}".format(
proxy_base_addr,
common.console_attributes('proxy-port', proto=_proto),
common.console_attributes('proxy-page', proto=_proto))
rel_settings['console_proxy_%s_host' % (_proto)] = \
urlparse(proxy_base_addr).hostname
rel_settings['console_proxy_%s_port' % (_proto)] = \
common.console_attributes('proxy-port', proto=_proto)
return rel_settings
def console_settings():
rel_settings = {}
proto = common.console_attributes('protocol')
if not proto:
return {}
rel_settings['console_keymap'] = hookenv.config('console-keymap')
rel_settings['console_access_protocol'] = proto
console_ssl = False
if (hookenv.config('console-ssl-cert') and
hookenv.config('console-ssl-key')):
console_ssl = True
if hookenv.config('console-proxy-ip') == 'local':
if console_ssl:
address = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC)
address = ch_network_ip.format_ipv6_addr(address) or address
proxy_base_addr = 'https://%s' % address
else:
# canonical_url will only return 'https:' if API SSL are enabled.
proxy_base_addr = ch_ip.canonical_url(CONFIGS, ch_ip.PUBLIC)
else:
if console_ssl or ch_cluster.https():
schema = "https"
else:
schema = "http"
proxy_base_addr = ("{}://{}"
.format(schema, hookenv.config('console-proxy-ip')))
if proto == 'vnc':
protocols = ['novnc', 'xvpvnc']
else:
protocols = [proto]
for _proto in protocols:
rel_settings['console_proxy_{}_address'.format(_proto)] = \
"{}:{}{}".format(
proxy_base_addr,
common.console_attributes('proxy-port', proto=_proto),
common.console_attributes('proxy-page', proto=_proto))
rel_settings['console_proxy_%s_host' % (_proto)] = \
urlparse(proxy_base_addr).hostname
rel_settings['console_proxy_%s_port' % (_proto)] = \
common.console_attributes('proxy-port', proto=_proto)
return rel_settings
def ha_joined(relation_id=None):
ha_console_settings = {}
if not hookenv.config('dns-ha'):
if (hookenv.config('single-nova-consoleauth')
and common.console_attributes('protocol')):
ha_console_settings = {
'colocations': {
'vip_consoleauth': COLO_CONSOLEAUTH
},
'init_services': {
'res_nova_consoleauth': 'nova-consoleauth'
},
'resources': {
'res_nova_consoleauth': AGENT_CONSOLEAUTH
},
'resource_params': {
'res_nova_consoleauth': AGENT_CA_PARAMS
}
}
settings = ch_ha_utils.generate_ha_relation_data(
'nova', extra_settings=ha_console_settings)
hookenv.relation_set(relation_id=relation_id, **settings)
