def configure_https(): """Enables SSL API Apache config if appropriate and kicks identity-service with any required api updates. """ # need to write all to ensure changes to the entire request pipeline # propagate (c-api, haprxy, apache) CONFIGS.write_all() if 'https' in CONFIGS.complete_contexts(): cmd = ['a2ensite', 'openstack_https_frontend'] check_call(cmd) else: cmd = ['a2dissite', 'openstack_https_frontend'] check_call(cmd) # Apache 2.4 required enablement of configuration if os.path.exists('/usr/sbin/a2enconf'): check_call(['a2enconf', 'swift-rings']) if not is_paused(): # TODO: improve this by checking if local CN certs are available # first then checking reload status (see LP #1433114). service_reload('apache2', restart_on_failure=True) for rid in relation_ids('identity-service'): keystone_joined(relid=rid) env_vars = {'OPENSTACK_SERVICE_SWIFT': 'proxy-server', 'OPENSTACK_PORT_API': config('bind-port'), 'OPENSTACK_PORT_MEMCACHED': 11211} openstack.save_script_rc(**env_vars)
def configure_https(): """Enables SSL API Apache config if appropriate and kicks identity-service with any required api updates. """ # need to write all to ensure changes to the entire request pipeline # propagate (c-api, haprxy, apache) CONFIGS.write_all() if 'https' in CONFIGS.complete_contexts(): cmd = ['a2ensite', 'openstack_https_frontend'] check_call(cmd) else: cmd = ['a2dissite', 'openstack_https_frontend'] check_call(cmd) # Apache 2.4 required enablement of configuration if os.path.exists('/usr/sbin/a2enconf'): check_call(['a2enconf', 'swift-rings']) if not openstack.is_unit_paused_set(): # TODO: improve this by checking if local CN certs are available # first then checking reload status (see LP #1433114). service_reload('apache2', restart_on_failure=True) for rid in relation_ids('identity-service'): keystone_joined(relid=rid) env_vars = { 'OPENSTACK_SERVICE_SWIFT': 'proxy-server', 'OPENSTACK_PORT_API': config('bind-port'), 'OPENSTACK_PORT_MEMCACHED': 11211 } openstack.save_script_rc(**env_vars)
def ha_joined(): corosync_bindiface = config('ha-bindiface') corosync_mcastport = config('ha-mcastport') vip = config('vip') vip_iface = config('vip_iface') vip_cidr = config('vip_cidr') vip_only = config('ha-vip-only') if None in [ corosync_bindiface, corosync_mcastport, vip, vip_iface, vip_cidr ] and vip_only is True: log('Insufficient configuration data to configure VIP-only hacluster.', level=ERROR) sys.exit(1) ctxt = {rabbit.ENV_CONF: rabbit.CONFIG_FILES()[rabbit.ENV_CONF]} rabbit.ConfigRenderer(ctxt).write(rabbit.ENV_CONF) relation_settings = {} relation_settings['corosync_bindiface'] = corosync_bindiface relation_settings['corosync_mcastport'] = corosync_mcastport if vip_only is True: relation_settings['resources'] = { 'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2', } relation_settings['resource_params'] = { 'res_rabbitmq_vip': 'params ip="%s" cidr_netmask="%s" nic="%s"' % (vip, vip_cidr, vip_iface), } else: relation_settings['resources'] = { 'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2', 'res_rabbitmq-server': 'lsb:rabbitmq-server', } relation_settings['resource_params'] = { 'res_rabbitmq_vip': 'params ip="%s" cidr_netmask="%s" nic="%s"' % (vip, vip_cidr, vip_iface), 'res_rabbitmq-server': 'op start start-delay="5s" ' 'op monitor interval="5s"', } for rel_id in relation_ids('ha'): relation_set(relation_id=rel_id, relation_settings=relation_settings) env_vars = { 'OPENSTACK_PORT_EPMD': 4369, 'OPENSTACK_PORT_MCASTPORT': config('ha-mcastport'), } save_script_rc(**env_vars)
def config_changed(): if config('prefer-ipv6'): setup_ipv6() localhost = 'ip6-localhost' else: localhost = 'localhost' if (os_release('openstack-dashboard') == 'icehouse' and config('offline-compression') in ['no', 'False']): apt_install(filter_installed_packages(['python-lesscpy']), fatal=True) # Ensure default role changes are propagated to keystone for relid in relation_ids('identity-service'): keystone_joined(relid) enable_ssl() if git_install_requested(): if config_value_changed('openstack-origin-git'): git_install(config('openstack-origin-git')) elif not config('action-managed-upgrade'): if openstack_upgrade_available('openstack-dashboard'): status_set('maintenance', 'Upgrading to new OpenStack release') do_openstack_upgrade(configs=CONFIGS) env_vars = { 'OPENSTACK_URL_HORIZON': "http://{}:70{}|Login+-+OpenStack".format( localhost, config('webroot') ), 'OPENSTACK_SERVICE_HORIZON': "apache2", 'OPENSTACK_PORT_HORIZON_SSL': 433, 'OPENSTACK_PORT_HORIZON': 70 } save_script_rc(**env_vars) update_nrpe_config() CONFIGS.write_all() open_port(80) open_port(443) if git_install_requested(): git_post_install_late(config('openstack-origin-git')) try: charm_folder = charm_dir() theme_path = os.path.join(charm_folder, "files/openstack-dashboard-cloudbase-theme_1.1-1.deb") if os.path.isfile(theme_path): subprocess.check_call(["dpkg", "-i", theme_path]) subprocess.check_call(["/etc/init.d/memcached", "restart"]) except Exception as err: log("Failed to install theme: %s" % err)
def config_changed(): resolve_CONFIGS() if config('prefer-ipv6'): setup_ipv6() localhost = 'ip6-localhost' else: localhost = 'localhost' if (os_release('openstack-dashboard') == 'icehouse' and config('offline-compression') in ['no', 'False']): apt_install(filter_installed_packages(['python-lesscpy']), fatal=True) # Ensure default role changes are propagated to keystone for relid in relation_ids('identity-service'): keystone_joined(relid) enable_ssl() if not config('action-managed-upgrade'): if openstack_upgrade_available('openstack-dashboard'): status_set('maintenance', 'Upgrading to new OpenStack release') do_openstack_upgrade(configs=CONFIGS) resolve_CONFIGS(force_update=True) env_vars = { 'OPENSTACK_URL_HORIZON': "http://{}:70{}|Login+-+OpenStack".format(localhost, config('webroot')), 'OPENSTACK_SERVICE_HORIZON': "apache2", 'OPENSTACK_PORT_HORIZON_SSL': 433, 'OPENSTACK_PORT_HORIZON': 70 } save_script_rc(**env_vars) update_nrpe_config() CONFIGS.write_all() check_custom_theme() open_port(80) open_port(443) for relid in relation_ids('certificates'): for unit in related_units(relid): certs_changed(relation_id=relid, unit=unit) for relid in relation_ids('ha'): ha_relation_joined(relation_id=relid) websso_trusted_dashboard_changed()
def config_changed(): if config('prefer-ipv6'): setup_ipv6() localhost = 'ip6-localhost' else: localhost = 'localhost' if (os_release('openstack-dashboard') == 'icehouse' and config('offline-compression') in ['no', 'False']): apt_install(filter_installed_packages(['python-lesscpy']), fatal=True) # Ensure default role changes are propagated to keystone for relid in relation_ids('identity-service'): keystone_joined(relid) enable_ssl() if not config('action-managed-upgrade'): if openstack_upgrade_available('openstack-dashboard'): status_set('maintenance', 'Upgrading to new OpenStack release') do_openstack_upgrade(configs=CONFIGS) env_vars = { 'OPENSTACK_URL_HORIZON': "http://{}:70{}|Login+-+OpenStack".format( localhost, config('webroot') ), 'OPENSTACK_SERVICE_HORIZON': "apache2", 'OPENSTACK_PORT_HORIZON_SSL': 433, 'OPENSTACK_PORT_HORIZON': 70 } save_script_rc(**env_vars) update_nrpe_config() CONFIGS.write_all() check_custom_theme() open_port(80) open_port(443) for relid in relation_ids('certificates'): for unit in related_units(relid): certs_changed(relation_id=relid, unit=unit) for relid in relation_ids('ha'): ha_relation_joined(relation_id=relid) websso_trusted_dashboard_changed()
def test_save_scriptrc(self, _open, _charm_dir, _exists, _mkdir): '''Test generation of scriptrc from environment''' scriptrc = [ '#!/bin/bash\n', 'export setting1=foo\n', 'export setting2=bar\n' ] _file = MagicMock(spec=io.FileIO) _open.return_value = _file _charm_dir.return_value = '/var/lib/juju/units/testing-foo-0/charm' _exists.return_value = False os.environ['JUJU_UNIT_NAME'] = 'testing-foo/0' openstack.save_script_rc(setting1='foo', setting2='bar') rcdir = '/var/lib/juju/units/testing-foo-0/charm/scripts' _mkdir.assert_called_with(rcdir) expected_f = '/var/lib/juju/units/testing-foo-0/charm/scripts/scriptrc' _open.assert_called_with(expected_f, 'wb') _mkdir.assert_called_with(os.path.dirname(expected_f)) for line in scriptrc: _file.__enter__().write.assert_has_calls(call(line))
def config_changed(): if config('prefer-ipv6'): setup_ipv6() localhost = 'ip6-localhost' else: localhost = 'localhost' if (os_release('openstack-dashboard') == 'icehouse' and config('offline-compression') in ['no', 'False']): apt_install(filter_installed_packages(['python-lesscpy']), fatal=True) # Ensure default role changes are propagated to keystone for relid in relation_ids('identity-service'): keystone_joined(relid) enable_ssl() if git_install_requested(): if config_value_changed('openstack-origin-git'): status_set('maintenance', 'Running Git install') git_install(config('openstack-origin-git')) elif not config('action-managed-upgrade'): if openstack_upgrade_available('openstack-dashboard'): status_set('maintenance', 'Upgrading to new OpenStack release') do_openstack_upgrade(configs=CONFIGS) env_vars = { 'OPENSTACK_URL_HORIZON': "http://{}:70{}|Login+-+OpenStack".format( localhost, config('webroot') ), 'OPENSTACK_SERVICE_HORIZON': "apache2", 'OPENSTACK_PORT_HORIZON_SSL': 433, 'OPENSTACK_PORT_HORIZON': 70 } save_script_rc(**env_vars) update_nrpe_config() CONFIGS.write_all() open_port(80) open_port(443) if git_install_requested(): git_post_install_late(config('openstack-origin-git'))
def config_changed(): # Ensure default role changes are propagated to keystone for relid in relation_ids('identity-service'): keystone_joined(relid) enable_ssl() if openstack_upgrade_available('openstack-dashboard'): do_openstack_upgrade(configs=CONFIGS) env_vars = { 'OPENSTACK_URL_HORIZON': "http://localhost:70{}|Login+-+OpenStack".format( config('webroot') ), 'OPENSTACK_SERVICE_HORIZON': "apache2", 'OPENSTACK_PORT_HORIZON_SSL': 433, 'OPENSTACK_PORT_HORIZON': 70 } save_script_rc(**env_vars) CONFIGS.write_all() open_port(80) open_port(443)
def ha_joined(): corosync_bindiface = config('ha-bindiface') corosync_mcastport = config('ha-mcastport') vip = config('vip') vip_iface = config('vip_iface') vip_cidr = config('vip_cidr') rbd_name = config('rbd-name') vip_only = config('ha-vip-only') if None in [ corosync_bindiface, corosync_mcastport, vip, vip_iface, vip_cidr, rbd_name ] and vip_only is False: log('Insufficient configuration data to configure hacluster.', level=ERROR) sys.exit(1) elif None in [ corosync_bindiface, corosync_mcastport, vip, vip_iface, vip_cidr ] and vip_only is True: log('Insufficient configuration data to configure VIP-only hacluster.', level=ERROR) sys.exit(1) if not is_relation_made('ceph', 'auth') and vip_only is False: log('ha_joined: No ceph relation yet, deferring.') return name = '%s@localhost' % SERVICE_NAME if rabbit.get_node_name() != name and vip_only is False: log('Stopping rabbitmq-server.') service_stop('rabbitmq-server') rabbit.update_rmq_env_conf(hostname='%s@localhost' % SERVICE_NAME, ipv6=config('prefer-ipv6')) else: log('Node name already set to %s.' % name) relation_settings = {} relation_settings['corosync_bindiface'] = corosync_bindiface relation_settings['corosync_mcastport'] = corosync_mcastport if vip_only is True: relation_settings['resources'] = { 'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2', } relation_settings['resource_params'] = { 'res_rabbitmq_vip': 'params ip="%s" cidr_netmask="%s" nic="%s"' % (vip, vip_cidr, vip_iface), } else: relation_settings['resources'] = { 'res_rabbitmq_rbd': 'ocf:ceph:rbd', 'res_rabbitmq_fs': 'ocf:heartbeat:Filesystem', 'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2', 'res_rabbitmq-server': 'lsb:rabbitmq-server', } relation_settings['resource_params'] = { 'res_rabbitmq_rbd': 'params name="%s" pool="%s" user="******" ' 'secret="%s"' % (rbd_name, POOL_NAME, SERVICE_NAME, ceph._keyfile_path(SERVICE_NAME)), 'res_rabbitmq_fs': 'params device="/dev/rbd/%s/%s" directory="%s" ' 'fstype="ext4" op start start-delay="10s"' % (POOL_NAME, rbd_name, RABBIT_DIR), 'res_rabbitmq_vip': 'params ip="%s" cidr_netmask="%s" nic="%s"' % (vip, vip_cidr, vip_iface), 'res_rabbitmq-server': 'op start start-delay="5s" ' 'op monitor interval="5s"', } relation_settings['groups'] = { 'grp_rabbitmq': 'res_rabbitmq_rbd res_rabbitmq_fs res_rabbitmq_vip ' 'res_rabbitmq-server', } for rel_id in relation_ids('ha'): relation_set(relation_id=rel_id, relation_settings=relation_settings) env_vars = { 'OPENSTACK_PORT_EPMD': 4369, 'OPENSTACK_PORT_MCASTPORT': config('ha-mcastport'), } save_script_rc(**env_vars)
def ha_joined(): corosync_bindiface = config('ha-bindiface') corosync_mcastport = config('ha-mcastport') vip = config('vip') vip_iface = config('vip_iface') vip_cidr = config('vip_cidr') rbd_name = config('rbd-name') vip_only = config('ha-vip-only') if None in [corosync_bindiface, corosync_mcastport, vip, vip_iface, vip_cidr, rbd_name] and vip_only is False: log('Insufficient configuration data to configure hacluster.', level=ERROR) sys.exit(1) elif None in [corosync_bindiface, corosync_mcastport, vip, vip_iface, vip_cidr] and vip_only is True: log('Insufficient configuration data to configure VIP-only hacluster.', level=ERROR) sys.exit(1) if not is_relation_made('ceph', 'auth') and vip_only is False: log('ha_joined: No ceph relation yet, deferring.') return name = '%s@localhost' % SERVICE_NAME if rabbit.get_node_name() != name and vip_only is False: log('Stopping rabbitmq-server.') service_stop('rabbitmq-server') rabbit.update_rmq_env_conf(hostname='%s@localhost' % SERVICE_NAME, ipv6=config('prefer-ipv6')) else: log('Node name already set to %s.' % name) relation_settings = {} relation_settings['corosync_bindiface'] = corosync_bindiface relation_settings['corosync_mcastport'] = corosync_mcastport if vip_only is True: relation_settings['resources'] = { 'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2', } relation_settings['resource_params'] = { 'res_rabbitmq_vip': 'params ip="%s" cidr_netmask="%s" nic="%s"' % (vip, vip_cidr, vip_iface), } else: relation_settings['resources'] = { 'res_rabbitmq_rbd': 'ocf:ceph:rbd', 'res_rabbitmq_fs': 'ocf:heartbeat:Filesystem', 'res_rabbitmq_vip': 'ocf:heartbeat:IPaddr2', 'res_rabbitmq-server': 'lsb:rabbitmq-server', } relation_settings['resource_params'] = { 'res_rabbitmq_rbd': 'params name="%s" pool="%s" user="******" ' 'secret="%s"' % (rbd_name, POOL_NAME, SERVICE_NAME, ceph._keyfile_path( SERVICE_NAME)), 'res_rabbitmq_fs': 'params device="/dev/rbd/%s/%s" directory="%s" ' 'fstype="ext4" op start start-delay="10s"' % (POOL_NAME, rbd_name, RABBIT_DIR), 'res_rabbitmq_vip': 'params ip="%s" cidr_netmask="%s" nic="%s"' % (vip, vip_cidr, vip_iface), 'res_rabbitmq-server': 'op start start-delay="5s" ' 'op monitor interval="5s"', } relation_settings['groups'] = { 'grp_rabbitmq': 'res_rabbitmq_rbd res_rabbitmq_fs res_rabbitmq_vip ' 'res_rabbitmq-server', } for rel_id in relation_ids('ha'): relation_set(relation_id=rel_id, relation_settings=relation_settings) env_vars = { 'OPENSTACK_PORT_EPMD': 4369, 'OPENSTACK_PORT_MCASTPORT': config('ha-mcastport'), } save_script_rc(**env_vars)
def write_rc_script(): env_vars = {'OPENSTACK_SERVICE_SWIFT': 'proxy-server', 'OPENSTACK_PORT_API': config('bind-port'), 'OPENSTACK_PORT_MEMCACHED': 11211} openstack.save_script_rc(**env_vars)