def config_changed_postupgrade(): # Ensure ssl dir exists and is unison-accessible ensure_ssl_dir() if not snap_install_requested(): check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/']) ensure_ssl_dirs() save_script_rc() release = os_release('keystone') if run_in_apache(release=release): # Need to ensure mod_wsgi is installed and apache2 is reloaded # immediatly as charm querys its local keystone before restart # decorator can fire apt_install(filter_installed_packages(determine_packages())) # when deployed from source, init scripts aren't installed service_pause('keystone') disable_unused_apache_sites() if WSGI_KEYSTONE_API_CONF in CONFIGS.templates: CONFIGS.write(WSGI_KEYSTONE_API_CONF) if not is_unit_paused_set(): restart_pid_check('apache2') if enable_memcache(release=release): # If charm or OpenStack have been upgraded then the list of required # packages may have changed so ensure they are installed. apt_install(filter_installed_packages(determine_packages())) configure_https() open_port(config('service-port')) update_nrpe_config() CONFIGS.write_all() if snap_install_requested() and not is_unit_paused_set(): service_restart('snap.keystone.*') initialise_pki() update_all_identity_relation_units() update_all_domain_backends() update_all_fid_backends() # Ensure sync request is sent out (needed for any/all ssl change) send_ssl_sync_request() for r_id in relation_ids('ha'): ha_joined(relation_id=r_id)
def install(): status_set('maintenance', 'Executing pre-install') execd_preinstall() configure_installation_source(config('openstack-origin')) status_set('maintenance', 'Installing apt packages') apt_update() apt_install(determine_packages(), fatal=True) if snap_install_requested(): status_set('maintenance', 'Installing keystone snap') # NOTE(thedac) Setting devmode until LP#1719636 is fixed install_os_snaps( get_snaps_install_info_from_origin( ['keystone'], config('openstack-origin'), mode='devmode')) post_snap_install() service_stop('snap.keystone.*') else: # unconfigured keystone service will prevent start of haproxy in some # circumstances. make sure haproxy runs. LP #1648396 service_stop('keystone') service_start('haproxy') if run_in_apache(): disable_unused_apache_sites() service_pause('keystone')
def install(self): """Install packages or snaps related to this charm based on contents of self.packages or self.snaps attribute. """ packages = fetch.filter_installed_packages( self.all_packages) if packages: hookenv.status_set('maintenance', 'Installing packages') fetch.apt_install(packages, fatal=True) if os_utils.snap_install_requested(): if self.all_snaps: hookenv.status_set('maintenance', 'Installing snaps') os_utils.install_os_snaps( os_utils.get_snaps_install_info_from_origin( self.all_snaps, self.config['openstack-origin'], mode=self.snap_mode) ) # AJK: we set this as charms can use it to detect installed state self.set_state('{}-installed'.format(self.name)) self.update_api_ports() hookenv.status_set('maintenance', 'Installation complete - awaiting next status')
def initialise_pki(): """Create certs and keys required for token signing. Used for PKI and signing token revocation list. NOTE: keystone.conf [signing] section must be up-to-date prior to executing this. """ if CompareOpenStackReleases(os_release('keystone-common')) >= 'pike': # pike dropped support for PKI token; skip function return ensure_pki_cert_paths() if not peer_units() or is_ssl_cert_master(): log("Ensuring PKI token certs created", level=DEBUG) if snap_install_requested(): cmd = ['/snap/bin/keystone-manage', 'pki_setup', '--keystone-user', KEYSTONE_USER, '--keystone-group', KEYSTONE_USER] _log_dir = '/var/snap/keystone/common/log' else: cmd = ['keystone-manage', 'pki_setup', '--keystone-user', KEYSTONE_USER, '--keystone-group', KEYSTONE_USER] _log_dir = '/var/log/keystone' check_call(cmd) # Ensure logfile has keystone perms since we may have just created it # with root. ensure_permissions(_log_dir, user=KEYSTONE_USER, group=KEYSTONE_USER, perms=0o744) ensure_permissions('{}/keystone.log'.format(_log_dir), user=KEYSTONE_USER, group=KEYSTONE_USER, perms=0o644) ensure_pki_dir_permissions()
def configure_cert(self, cert, key, cn=None): """Configure service SSL cert and key Write out service SSL certificate and key for Apache. @param cert string SSL Certificate @param key string SSL Key @param cn string Canonical name for service """ if os_utils.snap_install_requested(): ssl_dir = '/var/snap/{snap_name}/common/etc/nginx/ssl'.format( snap_name=self.primary_snap) else: ssl_dir = os.path.join('/etc/apache2/ssl/', self.name) if not cn: cn = self.get_default_cn() ch_host.mkdir(path=ssl_dir) if cn: cert_filename = 'cert_{}'.format(cn) key_filename = 'key_{}'.format(cn) else: cert_filename = 'cert' key_filename = 'key' ch_host.write_file(path=os.path.join(ssl_dir, cert_filename), content=cert.encode('utf-8'), group=self.group, perms=0o640) ch_host.write_file(path=os.path.join(ssl_dir, key_filename), content=key.encode('utf-8'), group=self.group, perms=0o640)
def configure_ssl(self, keystone_interface=None): """Configure SSL certificates and keys NOTE(AJK): This function tries to minimise the work it does, particularly with writing files and restarting apache. @param keystone_interface KeystoneRequires class """ keystone_interface = ( relations.endpoint_from_flag('identity-service.available.ssl') or relations.endpoint_from_flag( 'identity-service.available.ssl_legacy')) ssl_objects = self.get_certs_and_keys( keystone_interface=keystone_interface) with is_data_changed('configure_ssl.ssl_objects', ssl_objects) as changed: if ssl_objects: if changed: for ssl in ssl_objects: self.set_state('ssl.requested', True) self.configure_cert(ssl['cert'], ssl['key'], cn=ssl['cn']) self.configure_ca(ssl['ca']) if not os_utils.snap_install_requested(): self.configure_apache() self.remove_state('ssl.requested') self.set_state('ssl.enabled', True) else: self.set_state('ssl.enabled', False) amqp_ssl = relations.endpoint_from_flag('amqp.available.ssl') if amqp_ssl: self.configure_rabbit_cert(amqp_ssl)
def configure_cert(self, cert, key, cn=None): """Configure service SSL cert and key Write out service SSL certificate and key for Apache. @param cert string SSL Certificate @param key string SSL Key @param cn string Canonical name for service """ if os_utils.snap_install_requested(): ssl_dir = '/var/snap/{snap_name}/common/etc/nginx/ssl'.format( snap_name=self.primary_snap) else: ssl_dir = os.path.join('/etc/apache2/ssl/', self.name) if not cn: cn = self.get_default_cn() ch_host.mkdir(path=ssl_dir) if cn: cert_filename = 'cert_{}'.format(cn) key_filename = 'key_{}'.format(cn) else: cert_filename = 'cert' key_filename = 'key' ch_host.write_file(path=os.path.join(ssl_dir, cert_filename), content=cert.encode('utf-8')) ch_host.write_file(path=os.path.join(ssl_dir, key_filename), content=key.encode('utf-8'))
def install(): status_set('maintenance', 'Executing pre-install') execd_preinstall() configure_installation_source(config('openstack-origin')) status_set('maintenance', 'Installing apt packages') apt_update() apt_install(determine_packages(), fatal=True) if snap_install_requested(): status_set('maintenance', 'Installing keystone snap') # NOTE(thedac) Setting devmode until LP#1719636 is fixed install_os_snaps( get_snaps_install_info_from_origin(['keystone'], config('openstack-origin'), mode='devmode')) post_snap_install() service_stop('snap.keystone.*') else: # unconfigured keystone service will prevent start of haproxy in some # circumstances. make sure haproxy runs. LP #1648396 service_stop('keystone') service_start('haproxy') if run_in_apache(): disable_unused_apache_sites() service_pause('keystone') # call the policy overrides handler which will install any policy overrides maybe_do_policyd_overrides( os_release('keystone'), 'keystone', restart_handler=lambda: service_restart('apache2'))
def install(): status_set('maintenance', 'Executing pre-install') execd_preinstall() configure_installation_source(config('openstack-origin')) status_set('maintenance', 'Installing apt packages') apt_update() apt_install(determine_packages(), fatal=True) if snap_install_requested(): status_set('maintenance', 'Installing keystone snap') # NOTE(thedac) Setting devmode until LP#1719636 is fixed install_os_snaps( get_snaps_install_info_from_origin(['keystone'], config('openstack-origin'), mode='devmode')) post_snap_install() service_stop('snap.keystone.*') else: # unconfigured keystone service will prevent start of haproxy in some # circumstances. make sure haproxy runs. LP #1648396 service_stop('keystone') service_start('haproxy') if run_in_apache(): disable_unused_apache_sites() service_pause('keystone') unison.ensure_user(user=SSH_USER, group=SSH_USER) unison.ensure_user(user=SSH_USER, group=KEYSTONE_USER)
def do_openstack_pkg_upgrade(self): """Upgrade OpenStack packages and snaps :returns: None """ new_src = self.config[self.source_config_key] new_os_rel = os_utils.get_os_codename_install_source(new_src) hookenv.log('Performing OpenStack upgrade to %s.' % (new_os_rel)) # TODO(jamespage): Deal with deb->snap->deb migrations if os_utils.snap_install_requested() and self.all_snaps: os_utils.install_os_snaps( snaps=os_utils.get_snaps_install_info_from_origin( self.all_snaps, self.config[self.source_config_key], mode=self.snap_mode), refresh=True) os_utils.configure_installation_source(new_src) fetch.apt_update() dpkg_opts = [ '--option', 'Dpkg::Options::=--force-confnew', '--option', 'Dpkg::Options::=--force-confdef', ] fetch.apt_upgrade(options=dpkg_opts, fatal=True, dist=True) fetch.apt_install(packages=self.all_packages, options=dpkg_opts, fatal=True) self.remove_obsolete_packages() self.release = new_os_rel
def domain_backend_changed(relation_id=None, unit=None): if get_api_version() < 3: log('Domain specific backend identity configuration only supported ' 'with Keystone v3 API, skipping domain creation and ' 'restart.') return domain_name = relation_get(attribute='domain-name', unit=unit, rid=relation_id) if domain_name: # NOTE(jamespage): Only create domain data from lead # unit when clustered and database # is configured and created. if is_leader() and is_db_ready() and is_db_initialised(): create_or_show_domain(domain_name) # NOTE(jamespage): Deployment may have multiple domains, # with different identity backends so # ensure that a domain specific nonce # is checked for restarts of keystone restart_nonce = relation_get(attribute='restart-nonce', unit=unit, rid=relation_id) domain_nonce_key = 'domain-restart-nonce-{}'.format(domain_name) db = unitdata.kv() if restart_nonce != db.get(domain_nonce_key): if not is_unit_paused_set(): if snap_install_requested(): service_restart('snap.keystone.*') else: service_restart(keystone_service()) db.set(domain_nonce_key, restart_nonce) db.flush()
def configure_tls(self, certificates_interface=None): """Configure TLS certificates and keys NOTE(AJK): This function tries to minimise the work it does, particularly with writing files and restarting apache. :param certificates_interface: certificates relation endpoint :type certificates_interface: TlsRequires(Endpoint) object """ # this takes care of writing out the CA certificate tls_objects = super().configure_tls( certificates_interface=certificates_interface) with is_data_changed( 'configure_ssl.ssl_objects', tls_objects) as changed: if tls_objects: # NOTE(fnordahl): regardless of changes to data we may # have other changes we want to apply to the files. # (e.g. ownership, permissions) # # Also note that c-h.host.write_file used in configure_cert() # has it's own logic to detect data changes. # # LP: #1821314 for tls_object in tls_objects: self.set_state('ssl.requested', True) if os_utils.snap_install_requested(): path = ('/var/snap/{snap_name}/common/etc/nginx/ssl' .format(snap_name=self.primary_snap)) else: path = os.path.join('/etc/apache2/ssl/', self.name) self.configure_cert( path, tls_object['cert'], tls_object['key'], cn=tls_object['cn']) cert_utils.create_ip_cert_links( os.path.join('/etc/apache2/ssl/', self.name)) if not os_utils.snap_install_requested() and changed: self.configure_apache() ch_host.service_reload('apache2') self.remove_state('ssl.requested') self.set_state('ssl.enabled', True) else: self.set_state('ssl.enabled', False)
def nginx_ssl_enabled(self): """Determine if nginx is being used @return True if nginx is being used""" if os_utils.snap_install_requested(): return (self.get_state('ssl.enabled') or self.get_state('ssl.requested')) else: return False
def config_changed_postupgrade(): save_script_rc() release = os_release('keystone') if run_in_apache(release=release): # Need to ensure mod_wsgi is installed and apache2 is reloaded # immediatly as charm querys its local keystone before restart # decorator can fire apt_install(filter_installed_packages(determine_packages())) # when deployed from source, init scripts aren't installed service_pause('keystone') disable_unused_apache_sites() if WSGI_KEYSTONE_API_CONF in CONFIGS.templates: CONFIGS.write(WSGI_KEYSTONE_API_CONF) if not is_unit_paused_set(): restart_pid_check('apache2') stop_manager_instance() if enable_memcache(release=release): # If charm or OpenStack have been upgraded then the list of required # packages may have changed so ensure they are installed. apt_install(filter_installed_packages(determine_packages())) if is_leader() and fernet_enabled(): key_setup() key_leader_set() configure_https() open_port(config('service-port')) update_nrpe_config() CONFIGS.write_all() if snap_install_requested() and not is_unit_paused_set(): service_restart('snap.keystone.*') stop_manager_instance() if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not is_unit_paused_set()): ensure_initial_admin(config) if CompareOpenStackReleases( os_release('keystone')) >= 'liberty': CONFIGS.write(POLICY_JSON) update_all_identity_relation_units() update_all_domain_backends() update_all_fid_backends() for r_id in relation_ids('ha'): ha_joined(relation_id=r_id) notify_middleware_with_release_version() inform_peers_if_ready(check_api_unit_ready)
def enable_apache_modules(self): """Enable Apache modules needed for SSL termination""" if os_utils.snap_install_requested(): return restart = False for module in ['ssl', 'proxy', 'proxy_http', 'headers']: check_enabled = subprocess.call(['a2query', '-m', module]) if check_enabled != 0: subprocess.check_call(['a2enmod', module]) restart = True if restart: ch_host.service_restart('apache2')
def all_packages(self): """List of packages to be installed @return ['pkg1', 'pkg2', ...] """ _packages = super(HAOpenStackCharm, self).all_packages if self.haproxy_enabled(): _packages.append('haproxy') if not os_utils.snap_install_requested(): if self.apache_enabled(): _packages.append('apache2') return _packages
def config_changed_postupgrade(): save_script_rc() release = os_release('keystone') if run_in_apache(release=release): # Need to ensure mod_wsgi is installed and apache2 is reloaded # immediatly as charm querys its local keystone before restart # decorator can fire apt_install(filter_installed_packages(determine_packages())) # when deployed from source, init scripts aren't installed service_pause('keystone') disable_unused_apache_sites() if WSGI_KEYSTONE_API_CONF in CONFIGS.templates: CONFIGS.write(WSGI_KEYSTONE_API_CONF) if not is_unit_paused_set(): restart_pid_check('apache2') stop_manager_instance() if enable_memcache(release=release): # If charm or OpenStack have been upgraded then the list of required # packages may have changed so ensure they are installed. apt_install(filter_installed_packages(determine_packages())) if is_leader() and fernet_enabled(): key_setup() key_leader_set() configure_https() open_port(config('service-port')) update_nrpe_config() CONFIGS.write_all() if snap_install_requested() and not is_unit_paused_set(): service_restart('snap.keystone.*') stop_manager_instance() if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not is_unit_paused_set()): ensure_initial_admin(config) if CompareOpenStackReleases( os_release('keystone')) >= 'liberty': CONFIGS.write(POLICY_JSON) update_all_identity_relation_units() update_all_domain_backends() update_all_fid_backends() for r_id in relation_ids('ha'): ha_joined(relation_id=r_id) notify_middleware_with_release_version()
def install_snap_certs(self): """Install systems CA certificates for a snap Installs the aggregated host system ca-certificates.crt into $SNAP_COMMON/etc/ssl/certs for services running within a sandboxed snap to consume. Snaps should set the REQUESTS_CA_BUNDLE environment variable to ensure requests based API calls use the updated system certs. """ if (os_utils.snap_install_requested() and os.path.exists(SYSTEM_CA_CERTS)): ca_certs = SNAP_CA_CERTS.format(self.primary_snap) ch_host.mkdir(os.path.dirname(ca_certs)) shutil.copyfile(SYSTEM_CA_CERTS, ca_certs)
def default_select_package_type(): """Determine the package type (snap or deb) based on the openstack-origin setting. Note that this function caches the package type after the first install so that it doesn't need to keep going and getting it from the config information. """ package_type = unitdata.kv().get(OPENSTACK_PACKAGE_TYPE_KEY, None) if package_type is None: if os_utils.snap_install_requested(): package_type = 'snap' else: package_type = 'deb' unitdata.kv().set(OPENSTACK_PACKAGE_TYPE_KEY, package_type) return package_type
def default_select_package_type(): """Determine the package type (snap or deb) based on the configuration option indicated in the source_config_key class variable. (deafult: 'openstack-origin') Note that this function caches the package type after the first install so that it doesn't need to keep going and getting it from the config information. """ package_type = unitdata.kv().get(OPENSTACK_PACKAGE_TYPE_KEY, None) if package_type is None: if os_utils.snap_install_requested(): package_type = 'snap' else: package_type = 'deb' unitdata.kv().set(OPENSTACK_PACKAGE_TYPE_KEY, package_type) return package_type
def configure_ssl(self, keystone_interface=None): """Configure SSL certificates and keys NOTE(AJK): This function tries to minimise the work it does, particularly with writing files and restarting apache. @param keystone_interface KeystoneRequires class """ keystone_interface = ( relations.endpoint_from_flag('identity-service.available.ssl') or relations .endpoint_from_flag('identity-service.available.ssl_legacy')) certificates_interface = relations.endpoint_from_flag( 'certificates.batch.cert.available') ssl_objects = self.get_certs_and_keys( keystone_interface=keystone_interface, certificates_interface=certificates_interface) with is_data_changed('configure_ssl.ssl_objects', ssl_objects) as changed: if ssl_objects: # NOTE(fnordahl): regardless of changes to data we may # have other changes we want to apply to the files. # (e.g. ownership, permissions) # # Also note that c-h.host.write_file used in configure_cert() # has it's own logic to detect data changes. # # LP: #1821314 for ssl in ssl_objects: self.set_state('ssl.requested', True) self.configure_cert( ssl['cert'], ssl['key'], cn=ssl['cn']) self.configure_ca(ssl['ca']) cert_utils.create_ip_cert_links( os.path.join('/etc/apache2/ssl/', self.name)) if not os_utils.snap_install_requested() and changed: self.configure_apache() ch_host.service_reload('apache2') self.remove_state('ssl.requested') self.set_state('ssl.enabled', True) else: self.set_state('ssl.enabled', False) amqp_ssl = relations.endpoint_from_flag('amqp.available.ssl') if amqp_ssl: self.configure_rabbit_cert(amqp_ssl)
def configure_ssl(self, keystone_interface=None): """Configure SSL certificates and keys NOTE(AJK): This function tries to minimise the work it does, particularly with writing files and restarting apache. @param keystone_interface KeystoneRequires class """ keystone_interface = ( relations.endpoint_from_flag('identity-service.available.ssl') or relations.endpoint_from_flag( 'identity-service.available.ssl_legacy')) certificates_interface = relations.endpoint_from_flag( 'certificates.batch.cert.available') ssl_objects = self.get_certs_and_keys( keystone_interface=keystone_interface, certificates_interface=certificates_interface) with is_data_changed('configure_ssl.ssl_objects', ssl_objects) as changed: if ssl_objects: # NOTE(fnordahl): regardless of changes to data we may # have other changes we want to apply to the files. # (e.g. ownership, permissions) # # Also note that c-h.host.write_file used in configure_cert() # has it's own logic to detect data changes. # # LP: #1821314 for ssl in ssl_objects: self.set_state('ssl.requested', True) self.configure_cert(ssl['cert'], ssl['key'], cn=ssl['cn']) self.configure_ca(ssl['ca']) cert_utils.create_ip_cert_links( os.path.join('/etc/apache2/ssl/', self.name)) if not os_utils.snap_install_requested() and changed: self.configure_apache() ch_host.service_reload('apache2') self.remove_state('ssl.requested') self.set_state('ssl.enabled', True) else: self.set_state('ssl.enabled', False) amqp_ssl = relations.endpoint_from_flag('amqp.available.ssl') if amqp_ssl: self.configure_rabbit_cert(amqp_ssl)
def configure_https(): ''' Enables SSL API Apache config if appropriate and kicks identity-service with any required api updates. ''' # need to write all to ensure changes to the entire request pipeline # propagate (c-api, haprxy, apache) CONFIGS.write_all() # NOTE (thedac): When using snaps, nginx is installed, skip any apache2 # config. if snap_install_requested(): return if 'https' in CONFIGS.complete_contexts(): cmd = ['a2ensite', 'openstack_https_frontend'] check_call(cmd) else: cmd = ['a2dissite', 'openstack_https_frontend'] check_call(cmd)
def full_restart_map(self): """Map of services to be restarted if a file changes @return { 'file1': ['svc1', 'svc3'], 'file2': ['svc2', 'svc3'], ... } """ _restart_map = super(HAOpenStackCharm, self).full_restart_map if self.haproxy_enabled(): _restart_map[self.HAPROXY_CONF] = ['haproxy'] if os_utils.snap_install_requested(): # TODO(coreycb): add nginx config/service for ssl vhost pass else: if self.apache_enabled(): _restart_map[self.apache_ssl_vhost_file] = ['apache2'] return _restart_map
def get_os_version_snap(self, snap, fatal=True): """Derive OpenStack version number from an installed snap. :param package: str Snap name to lookup in snap list :param fatal: bool Raise exception if snap not installed :returns: str OpenStack version number corresponding to snap """ if os_utils.snap_install_requested(): codename = self.get_os_codename_snap(snap, self.snap_codenames, fatal=fatal) if not codename: return None for version, cname in os_utils.OPENSTACK_CODENAMES.items(): if cname == codename: return version return None
def application_version(self): """Return the current version of the application being deployed by the charm, as indicated by the version_package or version_snap attribute """ if os_utils.snap_install_requested(): if not self.version_snap: self.version_snap = self.snaps[0] version = get_snap_version(self.version_snap, fatal=False) if not version: version = os_utils.get_os_codename_install_source( self.config['openstack-origin']) else: if not self.version_package: self.version_package = self.packages[0] version = get_upstream_version(self.version_package) if not version: version = os_utils.os_release(self.version_package) return version
def get_os_version_package(self, package, fatal=True): """Derive OpenStack version number from an installed package. :param package: str Package name to lookup in apt cache :param fatal: bool Raise exception if pkg not installed :returns: str OpenStack version number corresponding to package """ if not os_utils.snap_install_requested(): codename = self.get_os_codename_package( package, self.package_codenames or os_utils.PACKAGE_CODENAMES, fatal=fatal) if not codename: return None for version, cname in os_utils.OPENSTACK_CODENAMES.items(): if cname == codename: return version return None
def openstack_upgrade_available(self, package=None, snap=None): """Check if an OpenStack upgrade is available :param package: str Package name to use to check upgrade availability :returns: bool """ if not package: package = self.release_pkg if not snap: snap = self.release_snap src = self.config[self.source_config_key] cur_vers = self.get_os_version_package(package) avail_vers = os_utils.get_os_version_install_source(src) if os_utils.snap_install_requested(): cur_vers = self.get_os_version_snap(snap) else: cur_vers = self.get_os_version_package(package) apt.init() return apt.version_compare(avail_vers, cur_vers) == 1
def configure_ssl(self, keystone_interface=None): """Configure SSL certificates and keys NOTE(AJK): This function tries to minimise the work it does, particularly with writing files and restarting apache. @param keystone_interface KeystoneRequires class """ keystone_interface = ( relations.endpoint_from_flag('identity-service.available.ssl') or relations .endpoint_from_flag('identity-service.available.ssl_legacy')) certificates_interface = relations.endpoint_from_flag( 'certificates.batch.cert.available') ssl_objects = self.get_certs_and_keys( keystone_interface=keystone_interface, certificates_interface=certificates_interface) with is_data_changed('configure_ssl.ssl_objects', ssl_objects) as changed: if ssl_objects: if changed: for ssl in ssl_objects: self.set_state('ssl.requested', True) self.configure_cert( ssl['cert'], ssl['key'], cn=ssl['cn']) self.configure_ca(ssl['ca']) cert_utils.create_ip_cert_links( os.path.join('/etc/apache2/ssl/', self.name)) if not os_utils.snap_install_requested(): self.configure_apache() ch_host.service_reload('apache2') self.remove_state('ssl.requested') self.set_state('ssl.enabled', True) else: self.set_state('ssl.enabled', False) amqp_ssl = relations.endpoint_from_flag('amqp.available.ssl') if amqp_ssl: self.configure_rabbit_cert(amqp_ssl)
def application_version(self): """Return the current version of the application being deployed by the charm, as indicated by the version_package or version_snap attribute """ if os_utils.snap_install_requested(): if not self.version_snap: self.version_snap = self.snaps[0] version = get_snap_version(self.version_snap, fatal=False) if not version: version = os_utils.get_os_codename_install_source( self.config[self.source_config_key] ) else: if not self.version_package: self.version_package = self.packages[0] version = get_upstream_version( self.version_package ) if not version: version = os_utils.os_release(self.version_package) return version
def log_config(config): if ch_utils.snap_install_requested(): return os.path.join(SNAP_PREFIX, 'log/gnocchi-api.log') else: return '/var/log/gnocchi/gnocchi-api.log'
def ceph_config(config): if ch_utils.snap_install_requested(): return CEPH_CONF_SNAP else: return CEPH_CONF