def cluster_changed():
unison.ssh_authorized_peers(user=SSH_USER, group="juju_keystone", peer_interface="cluster", ensure_local_user=True)
# NOTE(jamespage) re-echo passwords for peer storage
echo_whitelist = ["_passwd", "identity-service:", "ssl-cert-master", "db-initialised", "ssl-cert-available-updates"]
log("Peer echo whitelist: %s" % (echo_whitelist), level=DEBUG)
peer_echo(includes=echo_whitelist, force=True)
check_peer_actions()
initialise_pki()
# Figure out if we need to mandate a sync
units = get_ssl_sync_request_units()
synced_units = relation_get(attribute="ssl-synced-units", unit=local_unit())
diff = None
if synced_units:
synced_units = json.loads(synced_units)
diff = set(units).symmetric_difference(set(synced_units))
if units and (not synced_units or diff):
log("New peers joined and need syncing - %s" % (", ".join(units)), level=DEBUG)
update_all_identity_relation_units_force_sync()
else:
update_all_identity_relation_units()
if not is_elected_leader(CLUSTER_RES) and is_ssl_cert_master():
# Force and sync and trigger a sync master re-election since we are not
# leader anymore.
force_ssl_sync()
else:
CONFIGS.write_all()
def upgrade_charm():
status_set('maintenance', 'Installing apt packages')
apt_install(filter_installed_packages(determine_packages()))
unison.ssh_authorized_peers(user=SSH_USER,
group=SSH_USER,
peer_interface='cluster',
ensure_local_user=True)
ensure_ssl_dirs()
if run_in_apache():
disable_unused_apache_sites()
CONFIGS.write_all()
# See LP bug 1519035
leader_init_db_if_ready()
update_nrpe_config()
if is_elected_leader(CLUSTER_RES):
log(
'Cluster leader - ensuring endpoint configuration is up to '
'date',
level=DEBUG)
update_all_identity_relation_units()
def test_ssh_auth_peer_joined(self, ensure_user, get_keypair):
get_keypair.return_value = ('privkey', 'pubkey')
self.hook_name.return_value = 'cluster-relation-joined'
unison.ssh_authorized_peers(peer_interface='cluster',
user='******', group='foo',
ensure_local_user=True)
self.relation_set.assert_called_with(ssh_pub_key='pubkey')
self.assertFalse(self.relation_get.called)
ensure_user.assert_called_with('foo', 'foo')
get_keypair.assert_called_with('foo')
def cluster_joined():
unison.ssh_authorized_peers(user=SSH_USER, group="juju_keystone", peer_interface="cluster", ensure_local_user=True)
settings = {}
for addr_type in ADDRESS_TYPES:
address = get_address_in_network(config("os-{}-network".format(addr_type)))
if address:
settings["{}-address".format(addr_type)] = address
if config("prefer-ipv6"):
private_addr = get_ipv6_addr(exc_list=[config("vip")])[0]
settings["private-address"] = private_addr
relation_set(relation_settings=settings)
send_ssl_sync_request()
def upgrade_charm():
status_set('maintenance', 'Installing apt packages')
apt_install(filter_installed_packages(determine_packages()))
unison.ssh_authorized_peers(user=SSH_USER,
group='juju_keystone',
peer_interface='cluster',
ensure_local_user=True)
ensure_ssl_dirs()
CONFIGS.write_all()
update_nrpe_config()
if is_elected_leader(CLUSTER_RES):
log('Cluster leader - ensuring endpoint configuration is up to '
'date', level=DEBUG)
update_all_identity_relation_units()
def cluster_changed():
unison.ssh_authorized_peers(user=SSH_USER,
group=SSH_USER,
peer_interface='cluster',
ensure_local_user=True)
# NOTE(jamespage) re-echo passwords for peer storage
echo_whitelist = [
'_passwd', 'identity-service:', 'db-initialised',
'ssl-cert-available-updates'
]
# Don't echo if leader since a re-election may be in progress.
if not is_leader():
echo_whitelist.append('ssl-cert-master')
log("Peer echo whitelist: %s" % (echo_whitelist), level=DEBUG)
peer_echo(includes=echo_whitelist, force=True)
check_peer_actions()
initialise_pki()
if is_leader():
# Figure out if we need to mandate a sync
units = get_ssl_sync_request_units()
synced_units = relation_get_and_migrate(attribute='ssl-synced-units',
unit=local_unit())
diff = None
if synced_units:
synced_units = json.loads(synced_units)
diff = set(units).symmetric_difference(set(synced_units))
else:
units = None
if units and (not synced_units or diff):
log("New peers joined and need syncing - %s" % (', '.join(units)),
level=DEBUG)
update_all_identity_relation_units_force_sync()
else:
update_all_identity_relation_units()
if not is_leader() and is_ssl_cert_master():
# Force and sync and trigger a sync master re-election since we are not
# leader anymore.
force_ssl_sync()
else:
CONFIGS.write_all()
def upgrade_charm():
status_set("maintenance", "Installing apt packages")
apt_install(filter_installed_packages(determine_packages()))
unison.ssh_authorized_peers(user=SSH_USER, group="juju_keystone", peer_interface="cluster", ensure_local_user=True)
ensure_ssl_dirs()
CONFIGS.write_all()
# See LP bug 1519035
leader_init_db_if_ready()
update_nrpe_config()
if is_elected_leader(CLUSTER_RES):
log("Cluster leader - ensuring endpoint configuration is up to " "date", level=DEBUG)
update_all_identity_relation_units()
def cluster_joined():
unison.ssh_authorized_peers(user=SSH_USER,
group='juju_keystone',
peer_interface='cluster',
ensure_local_user=True)
settings = {}
for addr_type in ADDRESS_TYPES:
address = get_address_in_network(
config('os-{}-network'.format(addr_type)))
if address:
settings['{}-address'.format(addr_type)] = address
if config('prefer-ipv6'):
private_addr = get_ipv6_addr(exc_list=[config('vip')])[0]
settings['private-address'] = private_addr
relation_set(relation_settings=settings)
send_ssl_sync_request()
def test_ssh_auth_peer_departed(self, ensure_user, get_keypair, write_keys,
write_hosts):
get_keypair.return_value = ('privkey', 'pubkey')
self.hook_name.return_value = 'cluster-relation-departed'
self.relation_get.side_effect = [
'key1', 'host1', 'key2', 'host2', '', ''
]
unison.ssh_authorized_peers(peer_interface='cluster',
user='******',
group='foo',
ensure_local_user=True)
ensure_user.assert_called_with('foo', 'foo')
get_keypair.assert_called_with('foo')
write_keys.assert_called_with('foo', ['key1', 'key2'])
write_hosts.assert_called_with('foo', ['host1', 'host2'])
self.relation_set.assert_called_with(
ssh_authorized_hosts='host1:host2')
def cluster_joined(rid=None, ssl_sync_request=True):
unison.ssh_authorized_peers(user=SSH_USER,
group=SSH_USER,
peer_interface='cluster',
ensure_local_user=True)
settings = {}
for addr_type in ADDRESS_TYPES:
address = get_relation_ip(addr_type,
cidr_network=config(
'os-{}-network'.format(addr_type)))
if address:
settings['{}-address'.format(addr_type)] = address
settings['private-address'] = get_relation_ip('cluster')
relation_set(relation_id=rid, relation_settings=settings)
if ssl_sync_request:
send_ssl_sync_request()
