def __call__(self): if isinstance(self.external_ports, six.string_types): self.external_ports = [self.external_ports] if not self.external_ports or not https(): return {} self.configure_ca() self.enable_modules() ctxt = { 'namespace': self.service_namespace, 'endpoints': [], 'ext_ports': [] } for cn in self.canonical_names(): self.configure_cert(cn) addresses = self.get_network_addresses() for address, endpoint in sorted(set(addresses)): for api_port in self.external_ports: ext_port = determine_apache_port(api_port) int_port = determine_api_port(api_port) portmap = (address, endpoint, int(ext_port), int(int_port)) ctxt['endpoints'].append(portmap) ctxt['ext_ports'].append(int(ext_port)) ctxt['ext_ports'] = sorted(list(set(ctxt['ext_ports']))) return ctxt
def test_https_cert_key_incomplete_identity_relation(self): '''It determines https unavailable if cert not in identity-service''' self.config_get.return_value = False self.relation_ids.return_value = 'identity-service:0' self.relation_list.return_value = 'keystone/0' self.relation_get.return_value = None self.assertFalse(cluster_utils.https())
def __call__(self): ctxt = {} servers = [] try: for rid in relation_ids('memcache'): for rel in relations_for_id(rid): priv_addr = rel['private-address'] # Format it as IPv6 address if needed priv_addr = format_ipv6_addr(priv_addr) or priv_addr servers.append("%s:%s" % (priv_addr, rel['port'])) except Exception as ex: log("Could not get memcache servers: %s" % (ex), level='WARNING') servers = [] ctxt['memcached_servers'] = ','.join(servers) # Configure nova-novncproxy https if nova-api is using https. if https(): cn = resolve_address(endpoint_type=INTERNAL) if cn: cert_filename = 'cert_{}'.format(cn) key_filename = 'key_{}'.format(cn) else: cert_filename = 'cert' key_filename = 'key' ssl_dir = '/etc/apache2/ssl/nova' cert = os.path.join(ssl_dir, cert_filename) key = os.path.join(ssl_dir, key_filename) if os.path.exists(cert) and os.path.exists(key): ctxt['ssl_cert'] = cert ctxt['ssl_key'] = key return ctxt
def __call__(self): ctxt = {} servers = [] try: for rid in relation_ids('memcache'): for rel in relations_for_id(rid): priv_addr = rel['private-address'] # Format it as IPv6 address if needed priv_addr = format_ipv6_addr(priv_addr) or priv_addr servers.append("%s:%s" % (priv_addr, rel['port'])) except Exception as ex: log("Could not get memcache servers: %s" % (ex), level='WARNING') servers = [] ctxt['memcached_servers'] = ','.join(servers) # Configure nova-novncproxy https if nova-api is using https. if https(): cn = resolve_address(endpoint_type=INTERNAL) if cn: cert_filename = 'cert_{}'.format(cn) key_filename = 'key_{}'.format(cn) else: cert_filename = 'cert' key_filename = 'key' ssl_dir = '/etc/apache2/ssl/nova' cert = os.path.join(ssl_dir, cert_filename) key = os.path.join(ssl_dir, key_filename) if os.path.exists(cert) and os.path.exists(key): ctxt['ssl_cert'] = cert ctxt['ssl_key'] = key return ctxt
def __call__(self): if isinstance(self.external_ports, six.string_types): self.external_ports = [self.external_ports] if not self.external_ports or not https(): return {} self.configure_ca() self.enable_modules() ctxt = {'namespace': self.service_namespace, 'endpoints': [], 'ext_ports': []} for cn in self.canonical_names(): self.configure_cert(cn) addresses = self.get_network_addresses() for address, endpoint in sorted(set(addresses)): for api_port in self.external_ports: ext_port = determine_apache_port(api_port, singlenode_mode=True) int_port = determine_api_port(api_port, singlenode_mode=True) portmap = (address, endpoint, int(ext_port), int(int_port)) ctxt['endpoints'].append(portmap) ctxt['ext_ports'].append(int(ext_port)) ctxt['ext_ports'] = sorted(list(set(ctxt['ext_ports']))) return ctxt
def services(): """Returns a list of services associate with this charm.""" _services = [] for v in BASE_RESOURCE_MAP.values(): _services.extend(v.get('services', [])) _set_services = set(_services) if not https(): _set_services.remove('apache2') return list(_set_services)
def test_https_cert_key_in_config(self): '''It determines https is available if cert + key in charm config''' # config_get('use-https') self.config_get.side_effect = [ 'no', # config_get('use-https') 'cert', # config_get('ssl_cert') 'key', # config_get('ssl_key') ] self.assertTrue(cluster_utils.https())
def __call__(self): # late import to work around circular dependency from keystone_utils import (determine_ports, update_hash_from_path, APACHE_SSL_DIR) ssl_paths = [CA_CERT_PATH, APACHE_SSL_DIR] self.external_ports = determine_ports() before = hashlib.sha256() for path in ssl_paths: update_hash_from_path(before, path) ret = super(NginxSSLContext, self).__call__() if not ret: log("SSL not used", level='DEBUG') return {} after = hashlib.sha256() for path in ssl_paths: update_hash_from_path(after, path) # Ensure that Nginx is restarted if these change if before.hexdigest() != after.hexdigest(): service_restart('snap.keystone.nginx') # Transform for use by Nginx """ {'endpoints': [(u'10.5.0.30', u'10.5.0.30', 4990, 4980), (u'10.5.0.30', u'10.5.0.30', 35347, 35337)], 'ext_ports': [4990, 35347], 'namespace': 'keystone'} """ nginx_ret = {} nginx_ret['ssl'] = https() nginx_ret['namespace'] = self.service_namespace endpoints = {} for ep in ret['endpoints']: int_address, address, ext, internal = ep if ext <= 5000: endpoints['public'] = { 'socket': 'public', 'address': address, 'ext': ext } elif ext >= 35337: endpoints['admin'] = { 'socket': 'admin', 'address': address, 'ext': ext } else: log("Unrecognized internal port", level='ERROR') nginx_ret['endpoints'] = endpoints return nginx_ret
def canonical_url(): """Returns the correct HTTP URL to this host given the state of HTTPS configuration and hacluster. """ scheme = 'http' if https(): scheme = 'https' addr = resolve_address(INTERNAL) return '%s://%s' % (scheme, format_ipv6_addr(addr) or addr)
def canonical_url(): """Returns the correct HTTP URL to this host given the state of HTTPS configuration and hacluster. """ scheme = 'http' if https(): scheme = 'https' addr = resolve_address(INTERNAL) return '%s://%s' % (scheme, format_ipv6_addr(addr) or addr)
def admin_relation_changed(relation_id=None): # TODO: fixup relation_data = { 'service_hostname': resolve_address(ADMIN), 'service_port': config('service-port'), 'service_username': config('admin-user'), 'service_tenant_name': config('admin-role'), 'service_region': config('region'), 'service_protocol': 'https' if https() else 'http', } relation_data['service_password'] = get_admin_passwd() relation_set(relation_id=relation_id, **relation_data)
def test_https_cert_key_in_identity_relation(self): '''It determines https is available if cert in identity-service''' self.config_get.return_value = False self.relation_ids.return_value = 'identity-service:0' self.relation_list.return_value = 'keystone/0' self.relation_get.side_effect = [ 'yes', # relation_get('https_keystone') 'cert', # relation_get('ssl_cert') 'key', # relation_get('ssl_key') 'ca_cert', # relation_get('ca_cert') ] self.assertTrue(cluster_utils.https())
def admin_relation_changed(relation_id=None): # TODO: fixup relation_data = { "service_hostname": resolve_address(ADMIN), "service_port": config("service-port"), "service_username": config("admin-user"), "service_tenant_name": config("admin-role"), "service_region": config("region"), "service_protocol": "https" if https() else "http", } relation_data["service_password"] = get_admin_passwd() relation_set(relation_id=relation_id, **relation_data)
def admin_relation_changed(relation_id=None): # TODO: fixup relation_data = { 'service_hostname': resolve_address(ADMIN), 'service_port': config('service-port'), 'service_username': config('admin-user'), 'service_tenant_name': config('admin-role'), 'service_region': config('region'), 'service_protocol': 'https' if https() else 'http', } relation_data['service_password'] = get_admin_passwd() relation_set(relation_id=relation_id, **relation_data)
def neutron_ctxt(self): if https(): proto = 'https' else: proto = 'http' if is_clustered(): host = config('vip') else: host = unit_get('private-address') ctxt = {'network_manager': self.network_manager, 'neutron_url': '%s://%s:%s' % (proto, host, '9696')} return ctxt
def listen_port(): """Determine port to listen to. The value in configuration will be used if specified, otherwise the default will be determined based on presence of TLS configuration. :returns: Port number :rtype: int """ if https(): default_port = 443 else: default_port = 80 return config('port') or default_port
def neutron_ctxt(self): if https(): proto = 'https' else: proto = 'http' if is_clustered(): host = config('vip') else: host = unit_get('private-address') url = '%s://%s:%s' % (proto, host, '9696') ctxt = { 'network_manager': self.network_manager, 'neutron_url': url, } return ctxt
def __call__(self): if isinstance(self.external_ports, basestring): self.external_ports = [self.external_ports] if (not self.external_ports or not https()): return {} self.configure_ca() self.enable_modules() ctxt = { 'namespace': self.service_namespace, 'endpoints': [], 'ext_ports': [] } for cn in self.canonical_names(): self.configure_cert(cn) addresses = [] vips = [] if config('vip'): vips = config('vip').split() for network_type in ['os-internal-network', 'os-admin-network', 'os-public-network']: address = get_address_in_network(config(network_type), unit_get('private-address')) if len(vips) > 0 and is_clustered(): for vip in vips: if is_address_in_network(config(network_type), vip): addresses.append((address, vip)) break elif is_clustered(): addresses.append((address, config('vip'))) else: addresses.append((address, address)) for address, endpoint in set(addresses): for api_port in self.external_ports: ext_port = determine_apache_port(api_port) int_port = determine_api_port(api_port) portmap = (address, endpoint, int(ext_port), int(int_port)) ctxt['endpoints'].append(portmap) ctxt['ext_ports'].append(int(ext_port)) ctxt['ext_ports'] = list(set(ctxt['ext_ports'])) return ctxt
def __call__(self): ''' Grab cert and key from configuraton for SSL config ''' ctxt = { 'http_port': 70, 'https_port': 433, 'enforce_ssl': False, 'hsts_max_age_seconds': config('hsts-max-age-seconds'), "custom_theme": config('custom-theme'), } if config('enforce-ssl') and https(): ctxt['enforce_ssl'] = True else: log("Enforce ssl redirect requested but ssl not configured - " "skipping redirect", level=WARNING) return ctxt
def console_settings(): rel_settings = {} proto = common.console_attributes('protocol') if not proto: return {} rel_settings['console_keymap'] = hookenv.config('console-keymap') rel_settings['console_access_protocol'] = proto console_ssl = False if (hookenv.config('console-ssl-cert') and hookenv.config('console-ssl-key')): console_ssl = True if hookenv.config('console-proxy-ip') == 'local': if console_ssl: address = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC) address = ch_network_ip.format_ipv6_addr(address) or address proxy_base_addr = 'https://%s' % address else: # canonical_url will only return 'https:' if API SSL are enabled. proxy_base_addr = ch_ip.canonical_url(CONFIGS, ch_ip.PUBLIC) else: if console_ssl or ch_cluster.https(): schema = "https" else: schema = "http" proxy_base_addr = ("{}://{}" .format(schema, hookenv.config('console-proxy-ip'))) if proto == 'vnc': protocols = ['novnc', 'xvpvnc'] else: protocols = [proto] for _proto in protocols: rel_settings['console_proxy_{}_address'.format(_proto)] = \ "{}:{}{}".format( proxy_base_addr, common.console_attributes('proxy-port', proto=_proto), common.console_attributes('proxy-page', proto=_proto)) rel_settings['console_proxy_%s_host' % (_proto)] = \ urlparse(proxy_base_addr).hostname rel_settings['console_proxy_%s_port' % (_proto)] = \ common.console_attributes('proxy-port', proto=_proto) return rel_settings
def console_settings(): rel_settings = {} proto = common.console_attributes('protocol') if not proto: return {} rel_settings['console_keymap'] = hookenv.config('console-keymap') rel_settings['console_access_protocol'] = proto console_ssl = False if (hookenv.config('console-ssl-cert') and hookenv.config('console-ssl-key')): console_ssl = True if hookenv.config('console-proxy-ip') == 'local': if console_ssl: address = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC) address = ch_network_ip.format_ipv6_addr(address) or address proxy_base_addr = 'https://%s' % address else: # canonical_url will only return 'https:' if API SSL are enabled. proxy_base_addr = ch_ip.canonical_url(CONFIGS, ch_ip.PUBLIC) else: if console_ssl or ch_cluster.https(): schema = "https" else: schema = "http" proxy_base_addr = ("{}://{}" .format(schema, hookenv.config('console-proxy-ip'))) if proto == 'vnc': protocols = ['novnc', 'xvpvnc'] else: protocols = [proto] for _proto in protocols: rel_settings['console_proxy_{}_address'.format(_proto)] = \ "{}:{}{}".format( proxy_base_addr, common.console_attributes('proxy-port', proto=_proto), common.console_attributes('proxy-page', proto=_proto)) rel_settings['console_proxy_%s_host' % (_proto)] = \ urlparse(proxy_base_addr).hostname rel_settings['console_proxy_%s_port' % (_proto)] = \ common.console_attributes('proxy-port', proto=_proto) return rel_settings
def resource_map(): """Dynamically generate a map of resources. These will be managed for a single hook execution. """ resource_map = deepcopy(BASE_RESOURCE_MAP) if not https(): resource_map.pop(APACHE_SITE_CONF) resource_map.pop(APACHE_SITE_24_CONF) else: if os.path.exists('/etc/apache2/conf-available'): resource_map.pop(APACHE_SITE_CONF) else: resource_map.pop(APACHE_SITE_24_CONF) resource_map[CEPH_CONF]['services'] = [service_name()] return resource_map
def __call__(self): if isinstance(self.external_ports, basestring): self.external_ports = [self.external_ports] if not self.external_ports or not https(): return {} self.configure_cert() self.enable_modules() ctxt = {"namespace": self.service_namespace, "private_address": unit_get("private-address"), "endpoints": []} for ext_port in self.external_ports: if peer_units() or is_clustered(): int_port = determine_haproxy_port(ext_port) else: int_port = determine_api_port(ext_port) portmap = (int(ext_port), int(int_port)) ctxt["endpoints"].append(portmap) return ctxt
def resource_map(): """Dynamically generate a map of resources. These will be managed for a single hook execution. """ resource_map = deepcopy(BASE_RESOURCE_MAP) if not https(): resource_map.pop(APACHE_SITE_CONF) resource_map.pop(APACHE_SITE_24_CONF) else: if os.path.exists('/etc/apache2/conf-available'): resource_map.pop(APACHE_SITE_CONF) else: resource_map.pop(APACHE_SITE_24_CONF) resource_map[CEPH_CONF]['services'] = [service_name()] return resource_map
def console_settings(): rel_settings = {} proto = console_attributes('protocol') if not proto: return {} rel_settings['console_keymap'] = config('console-keymap') rel_settings['console_access_protocol'] = proto console_ssl = False if config('console-ssl-cert') and config('console-ssl-key'): console_ssl = True if config('console-proxy-ip') == 'local': if console_ssl: address = resolve_address(endpoint_type=PUBLIC) address = format_ipv6_addr(address) or address proxy_base_addr = 'https://%s' % address else: # canonical_url will only return 'https:' if API SSL are enabled. proxy_base_addr = canonical_url(CONFIGS, PUBLIC) else: if console_ssl or https(): schema = "https" else: schema = "http" proxy_base_addr = "%s://%s" % (schema, config('console-proxy-ip')) if proto == 'vnc': protocols = ['novnc', 'xvpvnc'] else: protocols = [proto] for _proto in protocols: rel_settings['console_proxy_%s_address' % (_proto)] = \ "%s:%s%s" % (proxy_base_addr, console_attributes('proxy-port', proto=_proto), console_attributes('proxy-page', proto=_proto)) rel_settings['console_proxy_%s_host' % (_proto)] = \ urlparse(proxy_base_addr).hostname rel_settings['console_proxy_%s_port' % (_proto)] = \ console_attributes('proxy-port', proto=_proto) return rel_settings
def console_settings(): rel_settings = {} proto = console_attributes('protocol') if not proto: return {} rel_settings['console_keymap'] = config('console-keymap') rel_settings['console_access_protocol'] = proto console_ssl = False if config('console-ssl-cert') and config('console-ssl-key'): console_ssl = True if config('console-proxy-ip') == 'local': if console_ssl: address = resolve_address(endpoint_type=PUBLIC) address = format_ipv6_addr(address) or address proxy_base_addr = 'https://%s' % address else: # canonical_url will only return 'https:' if API SSL are enabled. proxy_base_addr = canonical_url(CONFIGS, PUBLIC) else: if console_ssl or https(): schema = "https" else: schema = "http" proxy_base_addr = "%s://%s" % (schema, config('console-proxy-ip')) if proto == 'vnc': protocols = ['novnc', 'xvpvnc'] else: protocols = [proto] for _proto in protocols: rel_settings['console_proxy_%s_address' % (_proto)] = \ "%s:%s%s" % (proxy_base_addr, console_attributes('proxy-port', proto=_proto), console_attributes('proxy-page', proto=_proto)) rel_settings['console_proxy_%s_host' % (_proto)] = \ urlparse(proxy_base_addr).hostname rel_settings['console_proxy_%s_port' % (_proto)] = \ console_attributes('proxy-port', proto=_proto) return rel_settings
def __call__(self): # late import to work around circular dependency from keystone_utils import ( determine_ports, ) self.external_ports = determine_ports() ret = super(NginxSSLContext, self).__call__() if not ret: log("SSL not used", level='DEBUG') return {} # Transform for use by Nginx """ {'endpoints': [(u'10.5.0.30', u'10.5.0.30', 4990, 4980), (u'10.5.0.30', u'10.5.0.30', 35347, 35337)], 'ext_ports': [4990, 35347], 'namespace': 'keystone'} """ nginx_ret = {} nginx_ret['ssl'] = https() nginx_ret['namespace'] = self.service_namespace endpoints = {} for ep in ret['endpoints']: int_address, address, ext, internal = ep if ext <= 5000: endpoints['public'] = { 'socket': 'public', 'address': address, 'ext': ext } elif ext >= 35337: endpoints['admin'] = { 'socket': 'admin', 'address': address, 'ext': ext } else: log("Unrecognized internal port", level='ERROR') nginx_ret['endpoints'] = endpoints return nginx_ret
def admin_relation_changed(relation_id=None): # TODO: fixup if expect_ha() and not is_clustered(): log("Expected to be HA but no hacluster relation yet", level=INFO) return relation_data = { 'service_hostname': resolve_address(ADMIN), 'service_port': config('service-port'), 'service_username': config('admin-user'), 'service_tenant_name': config('admin-role'), 'service_region': config('region'), 'service_protocol': 'https' if https() else 'http', 'api_version': get_api_version(), } if relation_data['api_version'] > 2: relation_data['service_user_domain_name'] = ADMIN_DOMAIN relation_data['service_project_domain_name'] = ADMIN_DOMAIN relation_data['service_project_name'] = ADMIN_PROJECT relation_data['service_password'] = get_admin_passwd() relation_set(relation_id=relation_id, **relation_data)
def __call__(self): ctxt = {} # Configure nova-novncproxy https if nova-api is using https. if ch_cluster.https(): cn = ch_ip.resolve_address(endpoint_type=ch_ip.INTERNAL) if cn: cert_filename = 'cert_{}'.format(cn) key_filename = 'key_{}'.format(cn) else: cert_filename = 'cert' key_filename = 'key' ssl_dir = '/etc/apache2/ssl/nova' cert = os.path.join(ssl_dir, cert_filename) key = os.path.join(ssl_dir, key_filename) if os.path.exists(cert) and os.path.exists(key): ctxt['ssl_cert'] = cert ctxt['ssl_key'] = key return ctxt
def admin_relation_changed(relation_id=None): # TODO: fixup if expect_ha() and not is_clustered(): log("Expected to be HA but no hacluster relation yet", level=INFO) return relation_data = { 'service_hostname': resolve_address(ADMIN), 'service_port': config('service-port'), 'service_username': config('admin-user'), 'service_tenant_name': config('admin-role'), 'service_region': config('region'), 'service_protocol': 'https' if https() else 'http', 'api_version': get_api_version(), } if relation_data['api_version'] > 2: relation_data['service_user_domain_name'] = ADMIN_DOMAIN relation_data['service_project_domain_name'] = ADMIN_DOMAIN relation_data['service_project_name'] = ADMIN_PROJECT relation_data['service_password'] = get_admin_passwd() relation_set(relation_id=relation_id, **relation_data)
def __call__(self): ctxt = {} # Configure nova-novncproxy https if nova-api is using https. if ch_cluster.https(): cn = ch_ip.resolve_address(endpoint_type=ch_ip.INTERNAL) if cn: cert_filename = 'cert_{}'.format(cn) key_filename = 'key_{}'.format(cn) else: cert_filename = 'cert' key_filename = 'key' ssl_dir = '/etc/apache2/ssl/nova' cert = os.path.join(ssl_dir, cert_filename) key = os.path.join(ssl_dir, key_filename) if os.path.exists(cert) and os.path.exists(key): ctxt['ssl_cert'] = cert ctxt['ssl_key'] = key return ctxt
def __call__(self): if isinstance(self.external_ports, basestring): self.external_ports = [self.external_ports] if (not self.external_ports or not https()): return {} self.configure_cert() self.enable_modules() ctxt = { 'namespace': self.service_namespace, 'private_address': unit_get('private-address'), 'endpoints': [] } for api_port in self.external_ports: ext_port = determine_apache_port(api_port) int_port = determine_api_port(api_port) portmap = (int(ext_port), int(int_port)) ctxt['endpoints'].append(portmap) return ctxt
def keystone_joined(relid=None): if not cluster.eligible_leader(SWIFT_HA_RES): return if cluster.is_clustered(): hostname = config('vip') else: hostname = unit_get('private-address') port = config('bind-port') if cluster.https(): proto = 'https' else: proto = 'http' admin_url = '%s://%s:%s' % (proto, hostname, port) internal_url = public_url = '%s/v1/AUTH_$(tenant_id)s' % admin_url relation_set(service='swift', region=config('region'), public_url=public_url, internal_url=internal_url, admin_url=admin_url, requested_roles=config('operator-roles'), relation_id=relid)
def __call__(self): # late import to work around circular dependency from keystone_utils import ( determine_ports, ) self.external_ports = determine_ports() ret = super(NginxSSLContext, self).__call__() if not ret: log("SSL not used", level='DEBUG') return {} # Transform for use by Nginx """ {'endpoints': [(u'10.5.0.30', u'10.5.0.30', 4990, 4980), (u'10.5.0.30', u'10.5.0.30', 35347, 35337)], 'ext_ports': [4990, 35347], 'namespace': 'keystone'} """ nginx_ret = {} nginx_ret['ssl'] = https() nginx_ret['namespace'] = self.service_namespace endpoints = {} for ep in ret['endpoints']: int_address, address, ext, internal = ep if ext <= 5000: endpoints['public'] = { 'socket': 'public', 'address': address, 'ext': ext} elif ext >= 35337: endpoints['admin'] = { 'socket': 'admin', 'address': address, 'ext': ext} else: log("Unrecognized internal port", level='ERROR') nginx_ret['endpoints'] = endpoints return nginx_ret
def __call__(self): if isinstance(self.external_ports, basestring): self.external_ports = [self.external_ports] if (not self.external_ports or not https()): return {} self.configure_cert() self.enable_modules() ctxt = { 'namespace': self.service_namespace, 'private_address': unit_get('private-address'), 'endpoints': [] } for ext_port in self.external_ports: if peer_units() or is_clustered(): int_port = determine_haproxy_port(ext_port) else: int_port = determine_api_port(ext_port) portmap = (int(ext_port), int(int_port)) ctxt['endpoints'].append(portmap) return ctxt
def __call__(self): if isinstance(self.external_ports, six.string_types): self.external_ports = [self.external_ports] if not self.external_ports or not https(): return {} self.configure_ca() self.enable_modules() ctxt = { 'namespace': self.service_namespace, 'endpoints': [], 'ext_ports': [] } cns = self.canonical_names() if cns: for cn in cns: self.configure_cert(cn) else: # Expect cert/key provided in config (currently assumed that ca # uses ip for cn) cn = resolve_address(endpoint_type=INTERNAL) self.configure_cert(cn) addresses = self.get_network_addresses() for address, endpoint in sorted(set(addresses)): for api_port in self.external_ports: ext_port = determine_apache_port(api_port, singlenode_mode=True) int_port = determine_api_port(api_port, singlenode_mode=True) portmap = (address, endpoint, int(ext_port), int(int_port)) ctxt['endpoints'].append(portmap) ctxt['ext_ports'].append(int(ext_port)) ctxt['ext_ports'] = sorted(list(set(ctxt['ext_ports']))) return ctxt
def __call__(self): if isinstance(self.external_ports, six.string_types): self.external_ports = [self.external_ports] if not self.external_ports or not https(): return {} self.configure_ca() self.enable_modules() ctxt = {'namespace': self.service_namespace, 'endpoints': [], 'ext_ports': []} cns = self.canonical_names() if cns: for cn in cns: self.configure_cert(cn) else: # Expect cert/key provided in config (currently assumed that ca # uses ip for cn) cn = resolve_address(endpoint_type=INTERNAL) self.configure_cert(cn) addresses = self.get_network_addresses() for address, endpoint in sorted(set(addresses)): for api_port in self.external_ports: ext_port = determine_apache_port(api_port, singlenode_mode=True) int_port = determine_api_port(api_port, singlenode_mode=True) portmap = (address, endpoint, int(ext_port), int(int_port)) ctxt['endpoints'].append(portmap) ctxt['ext_ports'].append(int(ext_port)) ctxt['ext_ports'] = sorted(list(set(ctxt['ext_ports']))) return ctxt
def test_https_explict(self): '''It determines https is available if configured explicitly''' # config_get('use-https') self.config_get.return_value = 'yes' self.assertTrue(cluster_utils.https())