def swift_storage_relation_joined(rid=None):
if config('encrypt') and not vaultlocker.vault_relation_complete():
log('Encryption configured and vault not ready, deferring',
level=DEBUG)
return
rel_settings = {
'zone': config('zone'),
'object_port': config('object-server-port'),
'container_port': config('container-server-port'),
'account_port': config('account-server-port'),
}
if enable_replication():
replication_ip = network_get_primary_address('replication')
cluster_ip = network_get_primary_address('cluster')
rel_settings.update({
'ip_rep': replication_ip,
'ip_cls': cluster_ip,
'region': config('storage-region'),
'object_port_rep': config('object-server-port-rep'),
'container_port_rep': config('container-server-port-rep'),
'account_port_rep': config('account-server-port-rep')})
db = kv()
devs = db.get('prepared-devices', [])
devs = [os.path.basename(d) for d in devs]
rel_settings['device'] = ':'.join(devs)
# Keep a reference of devices we are adding to the ring
remember_devices(devs)
rel_settings['private-address'] = get_relation_ip('swift-storage')
relation_set(relation_id=rid, relation_settings=rel_settings)
def assess_status():
"""Assess status of current unit"""
# check to see if the unit is paused.
application_version_set(get_upstream_version(VERSION_PACKAGE))
if is_unit_upgrading_set():
status_set("blocked",
"Ready for do-release-upgrade and reboot. "
"Set complete when finished.")
return
if is_unit_paused_set():
status_set('maintenance',
"Paused. Use 'resume' action to resume normal service.")
return
# Check for mon relation
if len(relation_ids('mon')) < 1:
status_set('blocked', 'Missing relation: monitor')
return
# Check for monitors with presented addresses
# Check for bootstrap key presentation
monitors = get_mon_hosts()
if len(monitors) < 1 or not get_conf('osd_bootstrap_key'):
status_set('waiting', 'Incomplete relation: monitor')
return
# Check for vault
if use_vaultlocker():
if not relation_ids('secrets-storage'):
status_set('blocked', 'Missing relation: vault')
return
if not vaultlocker.vault_relation_complete():
status_set('waiting', 'Incomplete relation: vault')
return
# Check for OSD device creation parity i.e. at least some devices
# must have been presented and used for this charm to be operational
(prev_status, prev_message) = status_get()
running_osds = ceph.get_running_osds()
if not prev_message.startswith('Non-pristine'):
if not running_osds:
status_set('blocked',
'No block devices detected using current configuration')
else:
status_set('active',
'Unit is ready ({} OSD)'.format(len(running_osds)))
else:
pristine = True
osd_journals = get_journal_devices()
for dev in list(set(ceph.unmounted_disks()) - set(osd_journals)):
if (not ceph.is_active_bluestore_device(dev) and
not ceph.is_pristine_disk(dev)):
pristine = False
break
if pristine:
status_set('active',
'Unit is ready ({} OSD)'.format(len(running_osds)))
def test_context_complete(self):
self._setup_relation(COMPLETE_RELATION)
context = vaultlocker.VaultKVContext('charm-test')
self.assertEqual(
context(), {
'role_id': 'test-role-from-vault',
'secret_backend': 'charm-test',
'vault_url': 'http://vault:8200'
})
self.hookenv.relation_ids.assert_called_with('secrets-storage')
self.assertTrue(vaultlocker.vault_relation_complete())
def test_context_complete_cached_secret_id(self, retrieve_secret_id):
self._setup_relation(COMPLETE_RELATION)
context = vaultlocker.VaultKVContext('charm-test')
self.db.set('last-token', '00c9a9ab-c523-459d-a250-2ce8f0877c03')
self.db.set('secret-id', '5502fd27-059b-4b0a-91b2-eaff40b6a112')
self.assertEqual(
context(), {
'role_id': 'test-role-from-vault',
'secret_backend': 'charm-test',
'secret_id': '5502fd27-059b-4b0a-91b2-eaff40b6a112',
'vault_url': 'http://vault:8200'
})
self.hookenv.relation_ids.assert_called_with('secrets-storage')
self.assertTrue(vaultlocker.vault_relation_complete())
retrieve_secret_id.assert_not_called()
def test_context_complete(self, retrieve_secret_id):
self._setup_relation(COMPLETE_RELATION)
context = vaultlocker.VaultKVContext('charm-test')
retrieve_secret_id.return_value = 'a3551c8d-0147-4cb6-afc6-efb3db2fccb2'
self.assertEqual(
context(), {
'role_id': 'test-role-from-vault',
'secret_backend': 'charm-test',
'secret_id': 'a3551c8d-0147-4cb6-afc6-efb3db2fccb2',
'vault_url': 'http://vault:8200'
})
self.hookenv.relation_ids.assert_called_with('secrets-storage')
self.assertTrue(vaultlocker.vault_relation_complete())
retrieve_secret_id.assert_called_once_with(
url='http://vault:8200',
token='00c9a9ab-c523-459d-a250-2ce8f0877c03')
def assess_status():
"""Assess status of current unit"""
# check to see if the unit is paused.
application_version_set(get_upstream_version(VERSION_PACKAGE))
if is_unit_upgrading_set():
status_set(
"blocked", "Ready for do-release-upgrade and reboot. "
"Set complete when finished.")
return
if is_unit_paused_set():
status_set('maintenance',
"Paused. Use 'resume' action to resume normal service.")
return
# Check for mon relation
if len(relation_ids('mon')) < 1:
status_set('blocked', 'Missing relation: monitor')
return
# Check for monitors with presented addresses
# Check for bootstrap key presentation
monitors = get_mon_hosts()
if len(monitors) < 1 or not get_conf('osd_bootstrap_key'):
status_set('waiting', 'Incomplete relation: monitor')
return
# Check for vault
if use_vaultlocker():
if not relation_ids('secrets-storage'):
status_set('blocked', 'Missing relation: vault')
return
if not vaultlocker.vault_relation_complete():
status_set('waiting', 'Incomplete relation: vault')
return
# Check for OSD device creation parity i.e. at least some devices
# must have been presented and used for this charm to be operational
(prev_status, prev_message) = status_get()
running_osds = ceph.get_running_osds()
if not prev_message.startswith('Non-pristine'):
if not running_osds:
status_set(
'blocked',
'No block devices detected using current configuration')
else:
status_set('active',
'Unit is ready ({} OSD)'.format(len(running_osds)))
def test_context_complete_cached_secret_id(self, retrieve_secret_id):
self._setup_relation(COMPLETE_RELATION)
context = vaultlocker.VaultKVContext('charm-test')
self.db.set('secret-id', '5502fd27-059b-4b0a-91b2-eaff40b6a112')
self.good_token = 'invalid-token' # i.e. cause failure
retrieve_secret_id.side_effect = self.fake_retrieve_secret_id
self.assertEqual(
context(), {
'role_id': 'test-role-from-vault',
'secret_backend': 'charm-test',
'secret_id': '5502fd27-059b-4b0a-91b2-eaff40b6a112',
'vault_url': 'http://vault:8200'
})
self.hookenv.relation_ids.assert_called_with('secrets-storage')
self.assertTrue(vaultlocker.vault_relation_complete())
calls = [
mock.call(url='http://vault:8200',
token='00c9a9ab-c523-459d-a250-2ce8f0877c03')
]
retrieve_secret_id.assert_has_calls(calls)
def swift_storage_relation_joined(rid=None):
if config('encrypt') and not vaultlocker.vault_relation_complete():
log('Encryption configured and vault not ready, deferring',
level=DEBUG)
return
rel_settings = {
'zone': config('zone'),
'object_port': config('object-server-port'),
'container_port': config('container-server-port'),
'account_port': config('account-server-port'),
}
db = kv()
devs = db.get('prepared-devices', [])
devs = [os.path.basename(d) for d in devs]
rel_settings['device'] = ':'.join(devs)
# Keep a reference of devices we are adding to the ring
remember_devices(devs)
rel_settings['private-address'] = get_relation_ip('swift-storage')
relation_set(relation_id=rid, relation_settings=rel_settings)
def test_context_complete_cached_dirty_data(self, retrieve_secret_id):
self._setup_relation(DIRTY_RELATION)
context = vaultlocker.VaultKVContext('charm-test')
self.db.set('secret-id', '5502fd27-059b-4b0a-91b2-eaff40b6a112')
self.good_token = '67b36149-dc86-4b80-96c4-35b91847d16e'
retrieve_secret_id.side_effect = self.fake_retrieve_secret_id
self.assertEqual(
context(), {
'role_id': 'test-role-from-vault',
'secret_backend': 'charm-test',
'secret_id': '31be8e65-20a3-45e0-a4a8-4d5a0554fb60',
'vault_url': 'http://vault:8200'
})
self.hookenv.relation_ids.assert_called_with('secrets-storage')
self.assertTrue(vaultlocker.vault_relation_complete())
self.assertEquals(self.db.get('secret-id'),
'31be8e65-20a3-45e0-a4a8-4d5a0554fb60')
calls = [
mock.call(url='http://vault:8200',
token='67b36149-dc86-4b80-96c4-35b91847d16e')
]
retrieve_secret_id.assert_has_calls(calls)
def assess_status():
"""Assess status of current unit"""
# check to see if the unit is paused.
application_version_set(get_upstream_version(VERSION_PACKAGE))
if is_unit_upgrading_set():
status_set(
"blocked", "Ready for do-release-upgrade and reboot. "
"Set complete when finished.")
return
if is_unit_paused_set():
status_set('maintenance',
"Paused. Use 'resume' action to resume normal service.")
return
# Check for mon relation
if len(relation_ids('mon')) < 1:
status_set('blocked', 'Missing relation: monitor')
return
# Check for monitors with presented addresses
# Check for bootstrap key presentation
monitors = get_mon_hosts()
if len(monitors) < 1 or not get_conf('osd_bootstrap_key'):
status_set('waiting', 'Incomplete relation: monitor')
return
# Check for vault
if use_vaultlocker():
if not relation_ids('secrets-storage'):
status_set('blocked', 'Missing relation: vault')
return
try:
if not vaultlocker.vault_relation_complete():
status_set('waiting', 'Incomplete relation: vault')
return
except Exception as e:
status_set('blocked', "Warning: couldn't verify vault relation")
log("Exception when verifying vault relation - maybe it was "
"offline?:\n{}".format(str(e)))
log("Traceback: {}".format(traceback.format_exc()))
# Check for OSD device creation parity i.e. at least some devices
# must have been presented and used for this charm to be operational
(prev_status, prev_message) = status_get()
running_osds = ceph.get_running_osds()
if not prev_message.startswith('Non-pristine'):
if not running_osds:
status_set(
'blocked',
'No block devices detected using current configuration')
else:
status_set('active',
'Unit is ready ({} OSD)'.format(len(running_osds)))
else:
pristine = True
osd_journals = get_journal_devices()
for dev in list(set(ceph.unmounted_disks()) - set(osd_journals)):
if (not ceph.is_active_bluestore_device(dev)
and not ceph.is_pristine_disk(dev)):
pristine = False
break
if pristine:
status_set('active',
'Unit is ready ({} OSD)'.format(len(running_osds)))
try:
get_bdev_enable_discard()
except ValueError as ex:
status_set('blocked', str(ex))
try:
bluestore_compression = ch_context.CephBlueStoreCompressionContext()
bluestore_compression.validate()
except ValueError as e:
status_set('blocked', 'Invalid configuration: {}'.format(str(e)))
def test_context_incomplete(self):
self._setup_relation(INCOMPLETE_RELATION)
context = vaultlocker.VaultKVContext('charm-test')
self.assertEqual(context(), {})
self.hookenv.relation_ids.assert_called_with('secrets-storage')
self.assertFalse(vaultlocker.vault_relation_complete())
