def swift_storage_relation_joined(rid=None): if config('encrypt') and not vaultlocker.vault_relation_complete(): log('Encryption configured and vault not ready, deferring', level=DEBUG) return rel_settings = { 'zone': config('zone'), 'object_port': config('object-server-port'), 'container_port': config('container-server-port'), 'account_port': config('account-server-port'), } if enable_replication(): replication_ip = network_get_primary_address('replication') cluster_ip = network_get_primary_address('cluster') rel_settings.update({ 'ip_rep': replication_ip, 'ip_cls': cluster_ip, 'region': config('storage-region'), 'object_port_rep': config('object-server-port-rep'), 'container_port_rep': config('container-server-port-rep'), 'account_port_rep': config('account-server-port-rep')}) db = kv() devs = db.get('prepared-devices', []) devs = [os.path.basename(d) for d in devs] rel_settings['device'] = ':'.join(devs) # Keep a reference of devices we are adding to the ring remember_devices(devs) rel_settings['private-address'] = get_relation_ip('swift-storage') relation_set(relation_id=rid, relation_settings=rel_settings)
def assess_status(): """Assess status of current unit""" # check to see if the unit is paused. application_version_set(get_upstream_version(VERSION_PACKAGE)) if is_unit_upgrading_set(): status_set("blocked", "Ready for do-release-upgrade and reboot. " "Set complete when finished.") return if is_unit_paused_set(): status_set('maintenance', "Paused. Use 'resume' action to resume normal service.") return # Check for mon relation if len(relation_ids('mon')) < 1: status_set('blocked', 'Missing relation: monitor') return # Check for monitors with presented addresses # Check for bootstrap key presentation monitors = get_mon_hosts() if len(monitors) < 1 or not get_conf('osd_bootstrap_key'): status_set('waiting', 'Incomplete relation: monitor') return # Check for vault if use_vaultlocker(): if not relation_ids('secrets-storage'): status_set('blocked', 'Missing relation: vault') return if not vaultlocker.vault_relation_complete(): status_set('waiting', 'Incomplete relation: vault') return # Check for OSD device creation parity i.e. at least some devices # must have been presented and used for this charm to be operational (prev_status, prev_message) = status_get() running_osds = ceph.get_running_osds() if not prev_message.startswith('Non-pristine'): if not running_osds: status_set('blocked', 'No block devices detected using current configuration') else: status_set('active', 'Unit is ready ({} OSD)'.format(len(running_osds))) else: pristine = True osd_journals = get_journal_devices() for dev in list(set(ceph.unmounted_disks()) - set(osd_journals)): if (not ceph.is_active_bluestore_device(dev) and not ceph.is_pristine_disk(dev)): pristine = False break if pristine: status_set('active', 'Unit is ready ({} OSD)'.format(len(running_osds)))
def test_context_complete(self): self._setup_relation(COMPLETE_RELATION) context = vaultlocker.VaultKVContext('charm-test') self.assertEqual( context(), { 'role_id': 'test-role-from-vault', 'secret_backend': 'charm-test', 'vault_url': 'http://vault:8200' }) self.hookenv.relation_ids.assert_called_with('secrets-storage') self.assertTrue(vaultlocker.vault_relation_complete())
def test_context_complete_cached_secret_id(self, retrieve_secret_id): self._setup_relation(COMPLETE_RELATION) context = vaultlocker.VaultKVContext('charm-test') self.db.set('last-token', '00c9a9ab-c523-459d-a250-2ce8f0877c03') self.db.set('secret-id', '5502fd27-059b-4b0a-91b2-eaff40b6a112') self.assertEqual( context(), { 'role_id': 'test-role-from-vault', 'secret_backend': 'charm-test', 'secret_id': '5502fd27-059b-4b0a-91b2-eaff40b6a112', 'vault_url': 'http://vault:8200' }) self.hookenv.relation_ids.assert_called_with('secrets-storage') self.assertTrue(vaultlocker.vault_relation_complete()) retrieve_secret_id.assert_not_called()
def test_context_complete(self, retrieve_secret_id): self._setup_relation(COMPLETE_RELATION) context = vaultlocker.VaultKVContext('charm-test') retrieve_secret_id.return_value = 'a3551c8d-0147-4cb6-afc6-efb3db2fccb2' self.assertEqual( context(), { 'role_id': 'test-role-from-vault', 'secret_backend': 'charm-test', 'secret_id': 'a3551c8d-0147-4cb6-afc6-efb3db2fccb2', 'vault_url': 'http://vault:8200' }) self.hookenv.relation_ids.assert_called_with('secrets-storage') self.assertTrue(vaultlocker.vault_relation_complete()) retrieve_secret_id.assert_called_once_with( url='http://vault:8200', token='00c9a9ab-c523-459d-a250-2ce8f0877c03')
def assess_status(): """Assess status of current unit""" # check to see if the unit is paused. application_version_set(get_upstream_version(VERSION_PACKAGE)) if is_unit_upgrading_set(): status_set( "blocked", "Ready for do-release-upgrade and reboot. " "Set complete when finished.") return if is_unit_paused_set(): status_set('maintenance', "Paused. Use 'resume' action to resume normal service.") return # Check for mon relation if len(relation_ids('mon')) < 1: status_set('blocked', 'Missing relation: monitor') return # Check for monitors with presented addresses # Check for bootstrap key presentation monitors = get_mon_hosts() if len(monitors) < 1 or not get_conf('osd_bootstrap_key'): status_set('waiting', 'Incomplete relation: monitor') return # Check for vault if use_vaultlocker(): if not relation_ids('secrets-storage'): status_set('blocked', 'Missing relation: vault') return if not vaultlocker.vault_relation_complete(): status_set('waiting', 'Incomplete relation: vault') return # Check for OSD device creation parity i.e. at least some devices # must have been presented and used for this charm to be operational (prev_status, prev_message) = status_get() running_osds = ceph.get_running_osds() if not prev_message.startswith('Non-pristine'): if not running_osds: status_set( 'blocked', 'No block devices detected using current configuration') else: status_set('active', 'Unit is ready ({} OSD)'.format(len(running_osds)))
def test_context_complete_cached_secret_id(self, retrieve_secret_id): self._setup_relation(COMPLETE_RELATION) context = vaultlocker.VaultKVContext('charm-test') self.db.set('secret-id', '5502fd27-059b-4b0a-91b2-eaff40b6a112') self.good_token = 'invalid-token' # i.e. cause failure retrieve_secret_id.side_effect = self.fake_retrieve_secret_id self.assertEqual( context(), { 'role_id': 'test-role-from-vault', 'secret_backend': 'charm-test', 'secret_id': '5502fd27-059b-4b0a-91b2-eaff40b6a112', 'vault_url': 'http://vault:8200' }) self.hookenv.relation_ids.assert_called_with('secrets-storage') self.assertTrue(vaultlocker.vault_relation_complete()) calls = [ mock.call(url='http://vault:8200', token='00c9a9ab-c523-459d-a250-2ce8f0877c03') ] retrieve_secret_id.assert_has_calls(calls)
def swift_storage_relation_joined(rid=None): if config('encrypt') and not vaultlocker.vault_relation_complete(): log('Encryption configured and vault not ready, deferring', level=DEBUG) return rel_settings = { 'zone': config('zone'), 'object_port': config('object-server-port'), 'container_port': config('container-server-port'), 'account_port': config('account-server-port'), } db = kv() devs = db.get('prepared-devices', []) devs = [os.path.basename(d) for d in devs] rel_settings['device'] = ':'.join(devs) # Keep a reference of devices we are adding to the ring remember_devices(devs) rel_settings['private-address'] = get_relation_ip('swift-storage') relation_set(relation_id=rid, relation_settings=rel_settings)
def test_context_complete_cached_dirty_data(self, retrieve_secret_id): self._setup_relation(DIRTY_RELATION) context = vaultlocker.VaultKVContext('charm-test') self.db.set('secret-id', '5502fd27-059b-4b0a-91b2-eaff40b6a112') self.good_token = '67b36149-dc86-4b80-96c4-35b91847d16e' retrieve_secret_id.side_effect = self.fake_retrieve_secret_id self.assertEqual( context(), { 'role_id': 'test-role-from-vault', 'secret_backend': 'charm-test', 'secret_id': '31be8e65-20a3-45e0-a4a8-4d5a0554fb60', 'vault_url': 'http://vault:8200' }) self.hookenv.relation_ids.assert_called_with('secrets-storage') self.assertTrue(vaultlocker.vault_relation_complete()) self.assertEquals(self.db.get('secret-id'), '31be8e65-20a3-45e0-a4a8-4d5a0554fb60') calls = [ mock.call(url='http://vault:8200', token='67b36149-dc86-4b80-96c4-35b91847d16e') ] retrieve_secret_id.assert_has_calls(calls)
def assess_status(): """Assess status of current unit""" # check to see if the unit is paused. application_version_set(get_upstream_version(VERSION_PACKAGE)) if is_unit_upgrading_set(): status_set( "blocked", "Ready for do-release-upgrade and reboot. " "Set complete when finished.") return if is_unit_paused_set(): status_set('maintenance', "Paused. Use 'resume' action to resume normal service.") return # Check for mon relation if len(relation_ids('mon')) < 1: status_set('blocked', 'Missing relation: monitor') return # Check for monitors with presented addresses # Check for bootstrap key presentation monitors = get_mon_hosts() if len(monitors) < 1 or not get_conf('osd_bootstrap_key'): status_set('waiting', 'Incomplete relation: monitor') return # Check for vault if use_vaultlocker(): if not relation_ids('secrets-storage'): status_set('blocked', 'Missing relation: vault') return try: if not vaultlocker.vault_relation_complete(): status_set('waiting', 'Incomplete relation: vault') return except Exception as e: status_set('blocked', "Warning: couldn't verify vault relation") log("Exception when verifying vault relation - maybe it was " "offline?:\n{}".format(str(e))) log("Traceback: {}".format(traceback.format_exc())) # Check for OSD device creation parity i.e. at least some devices # must have been presented and used for this charm to be operational (prev_status, prev_message) = status_get() running_osds = ceph.get_running_osds() if not prev_message.startswith('Non-pristine'): if not running_osds: status_set( 'blocked', 'No block devices detected using current configuration') else: status_set('active', 'Unit is ready ({} OSD)'.format(len(running_osds))) else: pristine = True osd_journals = get_journal_devices() for dev in list(set(ceph.unmounted_disks()) - set(osd_journals)): if (not ceph.is_active_bluestore_device(dev) and not ceph.is_pristine_disk(dev)): pristine = False break if pristine: status_set('active', 'Unit is ready ({} OSD)'.format(len(running_osds))) try: get_bdev_enable_discard() except ValueError as ex: status_set('blocked', str(ex)) try: bluestore_compression = ch_context.CephBlueStoreCompressionContext() bluestore_compression.validate() except ValueError as e: status_set('blocked', 'Invalid configuration: {}'.format(str(e)))
def test_context_incomplete(self): self._setup_relation(INCOMPLETE_RELATION) context = vaultlocker.VaultKVContext('charm-test') self.assertEqual(context(), {}) self.hookenv.relation_ids.assert_called_with('secrets-storage') self.assertFalse(vaultlocker.vault_relation_complete())