def leader_settings_changed(): # we always want to write the keys on leader-settings-changed regardless of # whether the unit is paused or not. if fernet_enabled(): key_write() # if we are paused, delay doing any config changed hooks. # It is forced on the resume. if is_unit_paused_set(): log("Unit is pause or upgrading. Skipping config_changed", "WARN") return # Since minions are notified of a regime change via the # leader-settings-changed hook, rewrite the token flush cron job to make # sure only the leader is running the cron job. CONFIGS.write(TOKEN_FLUSH_CRON_FILE) # Make sure we keep domain and/or project ids used in templates up to date if CompareOpenStackReleases( os_release('keystone')) >= 'liberty': CONFIGS.write(POLICY_JSON) update_all_identity_relation_units() inform_peers_if_ready(check_api_unit_ready)
def config_changed_postupgrade(): save_script_rc() release = os_release('keystone') if run_in_apache(release=release): # Need to ensure mod_wsgi is installed and apache2 is reloaded # immediatly as charm querys its local keystone before restart # decorator can fire apt_install(filter_installed_packages(determine_packages())) # when deployed from source, init scripts aren't installed service_pause('keystone') disable_unused_apache_sites() if WSGI_KEYSTONE_API_CONF in CONFIGS.templates: CONFIGS.write(WSGI_KEYSTONE_API_CONF) if not is_unit_paused_set(): restart_pid_check('apache2') stop_manager_instance() if enable_memcache(release=release): # If charm or OpenStack have been upgraded then the list of required # packages may have changed so ensure they are installed. apt_install(filter_installed_packages(determine_packages())) if is_leader() and fernet_enabled(): key_setup() key_leader_set() configure_https() open_port(config('service-port')) update_nrpe_config() CONFIGS.write_all() if snap_install_requested() and not is_unit_paused_set(): service_restart('snap.keystone.*') stop_manager_instance() if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not is_unit_paused_set()): ensure_initial_admin(config) if CompareOpenStackReleases( os_release('keystone')) >= 'liberty': CONFIGS.write(POLICY_JSON) update_all_identity_relation_units() update_all_domain_backends() update_all_fid_backends() for r_id in relation_ids('ha'): ha_joined(relation_id=r_id) notify_middleware_with_release_version() inform_peers_if_ready(check_api_unit_ready)
def config_changed_postupgrade(): save_script_rc() release = os_release('keystone') if run_in_apache(release=release): # Need to ensure mod_wsgi is installed and apache2 is reloaded # immediatly as charm querys its local keystone before restart # decorator can fire apt_install(filter_installed_packages(determine_packages())) # when deployed from source, init scripts aren't installed service_pause('keystone') disable_unused_apache_sites() if WSGI_KEYSTONE_API_CONF in CONFIGS.templates: CONFIGS.write(WSGI_KEYSTONE_API_CONF) if not is_unit_paused_set(): restart_pid_check('apache2') stop_manager_instance() if enable_memcache(release=release): # If charm or OpenStack have been upgraded then the list of required # packages may have changed so ensure they are installed. apt_install(filter_installed_packages(determine_packages())) if is_leader() and fernet_enabled(): key_setup() key_leader_set() configure_https() open_port(config('service-port')) update_nrpe_config() CONFIGS.write_all() if snap_install_requested() and not is_unit_paused_set(): service_restart('snap.keystone.*') stop_manager_instance() if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not is_unit_paused_set()): ensure_initial_admin(config) if CompareOpenStackReleases( os_release('keystone')) >= 'liberty': CONFIGS.write(POLICY_JSON) update_all_identity_relation_units() update_all_domain_backends() update_all_fid_backends() for r_id in relation_ids('ha'): ha_joined(relation_id=r_id) notify_middleware_with_release_version()
def leader_settings_changed(): # Since minions are notified of a regime change via the # leader-settings-changed hook, rewrite the token flush cron job to make # sure only the leader is running the cron job. CONFIGS.write(TOKEN_FLUSH_CRON_FILE) # Make sure we keep domain and/or project ids used in templates up to date if CompareOpenStackReleases(os_release('keystone')) >= 'liberty': CONFIGS.write(POLICY_JSON) if fernet_enabled(): key_write() update_all_identity_relation_units()
def leader_settings_changed(): # if we are paused, delay doing any config changed hooks. # It is forced on the resume. if is_unit_paused_set(): log("Unit is pause or upgrading. Skipping config_changed", "WARN") return # Since minions are notified of a regime change via the # leader-settings-changed hook, rewrite the token flush cron job to make # sure only the leader is running the cron job. CONFIGS.write(TOKEN_FLUSH_CRON_FILE) # Make sure we keep domain and/or project ids used in templates up to date if CompareOpenStackReleases( os_release('keystone')) >= 'liberty': CONFIGS.write(POLICY_JSON) if fernet_enabled(): key_write() update_all_identity_relation_units()
def test_fernet_enabled_yes_release_override_config(self): self.os_release.return_value = 'rocky' self.test_config.set('token-provider', 'uuid') result = context.fernet_enabled() self.assertTrue(result)
def test_fernet_enabled_yes_release(self): self.os_release.return_value = 'rocky' result = context.fernet_enabled() self.assertTrue(result)
def test_fernet_enabled_no_release_override_config(self): self.os_release.return_value = 'mitaka' self.test_config.set('token-provider', 'fernet') result = context.fernet_enabled() self.assertFalse(result)
def test_fernet_enabled_yes_config(self): self.os_release.return_value = 'ocata' self.test_config.set('token-provider', 'fernet') result = context.fernet_enabled() self.assertTrue(result)
def test_fernet_enabled_yes_release_override_config(self): self.os_release.return_value = 'rocky' self.test_config.set('token-provider', 'uuid') result = context.fernet_enabled() self.assertTrue(result)
def test_fernet_enabled_yes_release(self): self.os_release.return_value = 'rocky' result = context.fernet_enabled() self.assertTrue(result)
def test_fernet_enabled_no_release_override_config(self): self.os_release.return_value = 'mitaka' self.test_config.set('token-provider', 'fernet') result = context.fernet_enabled() self.assertFalse(result)
def test_fernet_enabled_yes_config(self): self.os_release.return_value = 'ocata' self.test_config.set('token-provider', 'fernet') result = context.fernet_enabled() self.assertTrue(result)