def __call__(self):
if isinstance(self.external_ports, six.string_types):
self.external_ports = [self.external_ports]
if not self.external_ports or not https():
return {}
self.configure_ca()
self.enable_modules()
ctxt = {
'namespace': self.service_namespace,
'endpoints': [],
'ext_ports': []
}
for cn in self.canonical_names():
self.configure_cert(cn)
addresses = self.get_network_addresses()
for address, endpoint in sorted(set(addresses)):
for api_port in self.external_ports:
ext_port = determine_apache_port(api_port)
int_port = determine_api_port(api_port)
portmap = (address, endpoint, int(ext_port), int(int_port))
ctxt['endpoints'].append(portmap)
ctxt['ext_ports'].append(int(ext_port))
ctxt['ext_ports'] = sorted(list(set(ctxt['ext_ports'])))
return ctxt
def test_https_cert_key_incomplete_identity_relation(self):
'''It determines https unavailable if cert not in identity-service'''
self.config_get.return_value = False
self.relation_ids.return_value = 'identity-service:0'
self.relation_list.return_value = 'keystone/0'
self.relation_get.return_value = None
self.assertFalse(cluster_utils.https())
def __call__(self):
ctxt = {}
servers = []
try:
for rid in relation_ids('memcache'):
for rel in relations_for_id(rid):
priv_addr = rel['private-address']
# Format it as IPv6 address if needed
priv_addr = format_ipv6_addr(priv_addr) or priv_addr
servers.append("%s:%s" % (priv_addr, rel['port']))
except Exception as ex:
log("Could not get memcache servers: %s" % (ex), level='WARNING')
servers = []
ctxt['memcached_servers'] = ','.join(servers)
# Configure nova-novncproxy https if nova-api is using https.
if https():
cn = resolve_address(endpoint_type=INTERNAL)
if cn:
cert_filename = 'cert_{}'.format(cn)
key_filename = 'key_{}'.format(cn)
else:
cert_filename = 'cert'
key_filename = 'key'
ssl_dir = '/etc/apache2/ssl/nova'
cert = os.path.join(ssl_dir, cert_filename)
key = os.path.join(ssl_dir, key_filename)
if os.path.exists(cert) and os.path.exists(key):
ctxt['ssl_cert'] = cert
ctxt['ssl_key'] = key
return ctxt
def __call__(self):
ctxt = {}
servers = []
try:
for rid in relation_ids('memcache'):
for rel in relations_for_id(rid):
priv_addr = rel['private-address']
# Format it as IPv6 address if needed
priv_addr = format_ipv6_addr(priv_addr) or priv_addr
servers.append("%s:%s" % (priv_addr, rel['port']))
except Exception as ex:
log("Could not get memcache servers: %s" % (ex), level='WARNING')
servers = []
ctxt['memcached_servers'] = ','.join(servers)
# Configure nova-novncproxy https if nova-api is using https.
if https():
cn = resolve_address(endpoint_type=INTERNAL)
if cn:
cert_filename = 'cert_{}'.format(cn)
key_filename = 'key_{}'.format(cn)
else:
cert_filename = 'cert'
key_filename = 'key'
ssl_dir = '/etc/apache2/ssl/nova'
cert = os.path.join(ssl_dir, cert_filename)
key = os.path.join(ssl_dir, key_filename)
if os.path.exists(cert) and os.path.exists(key):
ctxt['ssl_cert'] = cert
ctxt['ssl_key'] = key
return ctxt
def __call__(self):
if isinstance(self.external_ports, six.string_types):
self.external_ports = [self.external_ports]
if not self.external_ports or not https():
return {}
self.configure_ca()
self.enable_modules()
ctxt = {'namespace': self.service_namespace,
'endpoints': [],
'ext_ports': []}
for cn in self.canonical_names():
self.configure_cert(cn)
addresses = self.get_network_addresses()
for address, endpoint in sorted(set(addresses)):
for api_port in self.external_ports:
ext_port = determine_apache_port(api_port,
singlenode_mode=True)
int_port = determine_api_port(api_port, singlenode_mode=True)
portmap = (address, endpoint, int(ext_port), int(int_port))
ctxt['endpoints'].append(portmap)
ctxt['ext_ports'].append(int(ext_port))
ctxt['ext_ports'] = sorted(list(set(ctxt['ext_ports'])))
return ctxt
def services():
"""Returns a list of services associate with this charm."""
_services = []
for v in BASE_RESOURCE_MAP.values():
_services.extend(v.get('services', []))
_set_services = set(_services)
if not https():
_set_services.remove('apache2')
return list(_set_services)
def test_https_cert_key_in_config(self):
'''It determines https is available if cert + key in charm config'''
# config_get('use-https')
self.config_get.side_effect = [
'no', # config_get('use-https')
'cert', # config_get('ssl_cert')
'key', # config_get('ssl_key')
]
self.assertTrue(cluster_utils.https())
def __call__(self):
# late import to work around circular dependency
from keystone_utils import (determine_ports, update_hash_from_path,
APACHE_SSL_DIR)
ssl_paths = [CA_CERT_PATH, APACHE_SSL_DIR]
self.external_ports = determine_ports()
before = hashlib.sha256()
for path in ssl_paths:
update_hash_from_path(before, path)
ret = super(NginxSSLContext, self).__call__()
if not ret:
log("SSL not used", level='DEBUG')
return {}
after = hashlib.sha256()
for path in ssl_paths:
update_hash_from_path(after, path)
# Ensure that Nginx is restarted if these change
if before.hexdigest() != after.hexdigest():
service_restart('snap.keystone.nginx')
# Transform for use by Nginx
"""
{'endpoints': [(u'10.5.0.30', u'10.5.0.30', 4990, 4980),
(u'10.5.0.30', u'10.5.0.30', 35347, 35337)],
'ext_ports': [4990, 35347],
'namespace': 'keystone'}
"""
nginx_ret = {}
nginx_ret['ssl'] = https()
nginx_ret['namespace'] = self.service_namespace
endpoints = {}
for ep in ret['endpoints']:
int_address, address, ext, internal = ep
if ext <= 5000:
endpoints['public'] = {
'socket': 'public',
'address': address,
'ext': ext
}
elif ext >= 35337:
endpoints['admin'] = {
'socket': 'admin',
'address': address,
'ext': ext
}
else:
log("Unrecognized internal port", level='ERROR')
nginx_ret['endpoints'] = endpoints
return nginx_ret
def canonical_url():
"""Returns the correct HTTP URL to this host given the state of HTTPS
configuration and hacluster.
"""
scheme = 'http'
if https():
scheme = 'https'
addr = resolve_address(INTERNAL)
return '%s://%s' % (scheme, format_ipv6_addr(addr) or addr)
def canonical_url():
"""Returns the correct HTTP URL to this host given the state of HTTPS
configuration and hacluster.
"""
scheme = 'http'
if https():
scheme = 'https'
addr = resolve_address(INTERNAL)
return '%s://%s' % (scheme, format_ipv6_addr(addr) or addr)
def admin_relation_changed(relation_id=None):
# TODO: fixup
relation_data = {
'service_hostname': resolve_address(ADMIN),
'service_port': config('service-port'),
'service_username': config('admin-user'),
'service_tenant_name': config('admin-role'),
'service_region': config('region'),
'service_protocol': 'https' if https() else 'http',
}
relation_data['service_password'] = get_admin_passwd()
relation_set(relation_id=relation_id, **relation_data)
def test_https_cert_key_in_identity_relation(self):
'''It determines https is available if cert in identity-service'''
self.config_get.return_value = False
self.relation_ids.return_value = 'identity-service:0'
self.relation_list.return_value = 'keystone/0'
self.relation_get.side_effect = [
'yes', # relation_get('https_keystone')
'cert', # relation_get('ssl_cert')
'key', # relation_get('ssl_key')
'ca_cert', # relation_get('ca_cert')
]
self.assertTrue(cluster_utils.https())
def admin_relation_changed(relation_id=None):
# TODO: fixup
relation_data = {
"service_hostname": resolve_address(ADMIN),
"service_port": config("service-port"),
"service_username": config("admin-user"),
"service_tenant_name": config("admin-role"),
"service_region": config("region"),
"service_protocol": "https" if https() else "http",
}
relation_data["service_password"] = get_admin_passwd()
relation_set(relation_id=relation_id, **relation_data)
def admin_relation_changed(relation_id=None):
# TODO: fixup
relation_data = {
'service_hostname': resolve_address(ADMIN),
'service_port': config('service-port'),
'service_username': config('admin-user'),
'service_tenant_name': config('admin-role'),
'service_region': config('region'),
'service_protocol': 'https' if https() else 'http',
}
relation_data['service_password'] = get_admin_passwd()
relation_set(relation_id=relation_id, **relation_data)
def neutron_ctxt(self):
if https():
proto = 'https'
else:
proto = 'http'
if is_clustered():
host = config('vip')
else:
host = unit_get('private-address')
ctxt = {'network_manager': self.network_manager,
'neutron_url': '%s://%s:%s' % (proto, host, '9696')}
return ctxt
def listen_port():
"""Determine port to listen to.
The value in configuration will be used if specified, otherwise the default
will be determined based on presence of TLS configuration.
:returns: Port number
:rtype: int
"""
if https():
default_port = 443
else:
default_port = 80
return config('port') or default_port
def neutron_ctxt(self):
if https():
proto = 'https'
else:
proto = 'http'
if is_clustered():
host = config('vip')
else:
host = unit_get('private-address')
url = '%s://%s:%s' % (proto, host, '9696')
ctxt = {
'network_manager': self.network_manager,
'neutron_url': url,
}
return ctxt
def __call__(self):
if isinstance(self.external_ports, basestring):
self.external_ports = [self.external_ports]
if (not self.external_ports or not https()):
return {}
self.configure_ca()
self.enable_modules()
ctxt = {
'namespace': self.service_namespace,
'endpoints': [],
'ext_ports': []
}
for cn in self.canonical_names():
self.configure_cert(cn)
addresses = []
vips = []
if config('vip'):
vips = config('vip').split()
for network_type in ['os-internal-network',
'os-admin-network',
'os-public-network']:
address = get_address_in_network(config(network_type),
unit_get('private-address'))
if len(vips) > 0 and is_clustered():
for vip in vips:
if is_address_in_network(config(network_type),
vip):
addresses.append((address, vip))
break
elif is_clustered():
addresses.append((address, config('vip')))
else:
addresses.append((address, address))
for address, endpoint in set(addresses):
for api_port in self.external_ports:
ext_port = determine_apache_port(api_port)
int_port = determine_api_port(api_port)
portmap = (address, endpoint, int(ext_port), int(int_port))
ctxt['endpoints'].append(portmap)
ctxt['ext_ports'].append(int(ext_port))
ctxt['ext_ports'] = list(set(ctxt['ext_ports']))
return ctxt
def __call__(self):
''' Grab cert and key from configuraton for SSL config '''
ctxt = {
'http_port': 70,
'https_port': 433,
'enforce_ssl': False,
'hsts_max_age_seconds': config('hsts-max-age-seconds'),
"custom_theme": config('custom-theme'),
}
if config('enforce-ssl') and https():
ctxt['enforce_ssl'] = True
else:
log("Enforce ssl redirect requested but ssl not configured - "
"skipping redirect", level=WARNING)
return ctxt
def console_settings():
rel_settings = {}
proto = common.console_attributes('protocol')
if not proto:
return {}
rel_settings['console_keymap'] = hookenv.config('console-keymap')
rel_settings['console_access_protocol'] = proto
console_ssl = False
if (hookenv.config('console-ssl-cert') and
hookenv.config('console-ssl-key')):
console_ssl = True
if hookenv.config('console-proxy-ip') == 'local':
if console_ssl:
address = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC)
address = ch_network_ip.format_ipv6_addr(address) or address
proxy_base_addr = 'https://%s' % address
else:
# canonical_url will only return 'https:' if API SSL are enabled.
proxy_base_addr = ch_ip.canonical_url(CONFIGS, ch_ip.PUBLIC)
else:
if console_ssl or ch_cluster.https():
schema = "https"
else:
schema = "http"
proxy_base_addr = ("{}://{}"
.format(schema, hookenv.config('console-proxy-ip')))
if proto == 'vnc':
protocols = ['novnc', 'xvpvnc']
else:
protocols = [proto]
for _proto in protocols:
rel_settings['console_proxy_{}_address'.format(_proto)] = \
"{}:{}{}".format(
proxy_base_addr,
common.console_attributes('proxy-port', proto=_proto),
common.console_attributes('proxy-page', proto=_proto))
rel_settings['console_proxy_%s_host' % (_proto)] = \
urlparse(proxy_base_addr).hostname
rel_settings['console_proxy_%s_port' % (_proto)] = \
common.console_attributes('proxy-port', proto=_proto)
return rel_settings
def console_settings():
rel_settings = {}
proto = common.console_attributes('protocol')
if not proto:
return {}
rel_settings['console_keymap'] = hookenv.config('console-keymap')
rel_settings['console_access_protocol'] = proto
console_ssl = False
if (hookenv.config('console-ssl-cert') and
hookenv.config('console-ssl-key')):
console_ssl = True
if hookenv.config('console-proxy-ip') == 'local':
if console_ssl:
address = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC)
address = ch_network_ip.format_ipv6_addr(address) or address
proxy_base_addr = 'https://%s' % address
else:
# canonical_url will only return 'https:' if API SSL are enabled.
proxy_base_addr = ch_ip.canonical_url(CONFIGS, ch_ip.PUBLIC)
else:
if console_ssl or ch_cluster.https():
schema = "https"
else:
schema = "http"
proxy_base_addr = ("{}://{}"
.format(schema, hookenv.config('console-proxy-ip')))
if proto == 'vnc':
protocols = ['novnc', 'xvpvnc']
else:
protocols = [proto]
for _proto in protocols:
rel_settings['console_proxy_{}_address'.format(_proto)] = \
"{}:{}{}".format(
proxy_base_addr,
common.console_attributes('proxy-port', proto=_proto),
common.console_attributes('proxy-page', proto=_proto))
rel_settings['console_proxy_%s_host' % (_proto)] = \
urlparse(proxy_base_addr).hostname
rel_settings['console_proxy_%s_port' % (_proto)] = \
common.console_attributes('proxy-port', proto=_proto)
return rel_settings
def resource_map():
"""Dynamically generate a map of resources.
These will be managed for a single hook execution.
"""
resource_map = deepcopy(BASE_RESOURCE_MAP)
if not https():
resource_map.pop(APACHE_SITE_CONF)
resource_map.pop(APACHE_SITE_24_CONF)
else:
if os.path.exists('/etc/apache2/conf-available'):
resource_map.pop(APACHE_SITE_CONF)
else:
resource_map.pop(APACHE_SITE_24_CONF)
resource_map[CEPH_CONF]['services'] = [service_name()]
return resource_map
def __call__(self):
if isinstance(self.external_ports, basestring):
self.external_ports = [self.external_ports]
if not self.external_ports or not https():
return {}
self.configure_cert()
self.enable_modules()
ctxt = {"namespace": self.service_namespace, "private_address": unit_get("private-address"), "endpoints": []}
for ext_port in self.external_ports:
if peer_units() or is_clustered():
int_port = determine_haproxy_port(ext_port)
else:
int_port = determine_api_port(ext_port)
portmap = (int(ext_port), int(int_port))
ctxt["endpoints"].append(portmap)
return ctxt
def resource_map():
"""Dynamically generate a map of resources.
These will be managed for a single hook execution.
"""
resource_map = deepcopy(BASE_RESOURCE_MAP)
if not https():
resource_map.pop(APACHE_SITE_CONF)
resource_map.pop(APACHE_SITE_24_CONF)
else:
if os.path.exists('/etc/apache2/conf-available'):
resource_map.pop(APACHE_SITE_CONF)
else:
resource_map.pop(APACHE_SITE_24_CONF)
resource_map[CEPH_CONF]['services'] = [service_name()]
return resource_map
def console_settings():
rel_settings = {}
proto = console_attributes('protocol')
if not proto:
return {}
rel_settings['console_keymap'] = config('console-keymap')
rel_settings['console_access_protocol'] = proto
console_ssl = False
if config('console-ssl-cert') and config('console-ssl-key'):
console_ssl = True
if config('console-proxy-ip') == 'local':
if console_ssl:
address = resolve_address(endpoint_type=PUBLIC)
address = format_ipv6_addr(address) or address
proxy_base_addr = 'https://%s' % address
else:
# canonical_url will only return 'https:' if API SSL are enabled.
proxy_base_addr = canonical_url(CONFIGS, PUBLIC)
else:
if console_ssl or https():
schema = "https"
else:
schema = "http"
proxy_base_addr = "%s://%s" % (schema, config('console-proxy-ip'))
if proto == 'vnc':
protocols = ['novnc', 'xvpvnc']
else:
protocols = [proto]
for _proto in protocols:
rel_settings['console_proxy_%s_address' % (_proto)] = \
"%s:%s%s" % (proxy_base_addr,
console_attributes('proxy-port', proto=_proto),
console_attributes('proxy-page', proto=_proto))
rel_settings['console_proxy_%s_host' % (_proto)] = \
urlparse(proxy_base_addr).hostname
rel_settings['console_proxy_%s_port' % (_proto)] = \
console_attributes('proxy-port', proto=_proto)
return rel_settings
def console_settings():
rel_settings = {}
proto = console_attributes('protocol')
if not proto:
return {}
rel_settings['console_keymap'] = config('console-keymap')
rel_settings['console_access_protocol'] = proto
console_ssl = False
if config('console-ssl-cert') and config('console-ssl-key'):
console_ssl = True
if config('console-proxy-ip') == 'local':
if console_ssl:
address = resolve_address(endpoint_type=PUBLIC)
address = format_ipv6_addr(address) or address
proxy_base_addr = 'https://%s' % address
else:
# canonical_url will only return 'https:' if API SSL are enabled.
proxy_base_addr = canonical_url(CONFIGS, PUBLIC)
else:
if console_ssl or https():
schema = "https"
else:
schema = "http"
proxy_base_addr = "%s://%s" % (schema, config('console-proxy-ip'))
if proto == 'vnc':
protocols = ['novnc', 'xvpvnc']
else:
protocols = [proto]
for _proto in protocols:
rel_settings['console_proxy_%s_address' % (_proto)] = \
"%s:%s%s" % (proxy_base_addr,
console_attributes('proxy-port', proto=_proto),
console_attributes('proxy-page', proto=_proto))
rel_settings['console_proxy_%s_host' % (_proto)] = \
urlparse(proxy_base_addr).hostname
rel_settings['console_proxy_%s_port' % (_proto)] = \
console_attributes('proxy-port', proto=_proto)
return rel_settings
def __call__(self):
# late import to work around circular dependency
from keystone_utils import (
determine_ports, )
self.external_ports = determine_ports()
ret = super(NginxSSLContext, self).__call__()
if not ret:
log("SSL not used", level='DEBUG')
return {}
# Transform for use by Nginx
"""
{'endpoints': [(u'10.5.0.30', u'10.5.0.30', 4990, 4980),
(u'10.5.0.30', u'10.5.0.30', 35347, 35337)],
'ext_ports': [4990, 35347],
'namespace': 'keystone'}
"""
nginx_ret = {}
nginx_ret['ssl'] = https()
nginx_ret['namespace'] = self.service_namespace
endpoints = {}
for ep in ret['endpoints']:
int_address, address, ext, internal = ep
if ext <= 5000:
endpoints['public'] = {
'socket': 'public',
'address': address,
'ext': ext
}
elif ext >= 35337:
endpoints['admin'] = {
'socket': 'admin',
'address': address,
'ext': ext
}
else:
log("Unrecognized internal port", level='ERROR')
nginx_ret['endpoints'] = endpoints
return nginx_ret
def admin_relation_changed(relation_id=None):
# TODO: fixup
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
relation_data = {
'service_hostname': resolve_address(ADMIN),
'service_port': config('service-port'),
'service_username': config('admin-user'),
'service_tenant_name': config('admin-role'),
'service_region': config('region'),
'service_protocol': 'https' if https() else 'http',
'api_version': get_api_version(),
}
if relation_data['api_version'] > 2:
relation_data['service_user_domain_name'] = ADMIN_DOMAIN
relation_data['service_project_domain_name'] = ADMIN_DOMAIN
relation_data['service_project_name'] = ADMIN_PROJECT
relation_data['service_password'] = get_admin_passwd()
relation_set(relation_id=relation_id, **relation_data)
def __call__(self):
ctxt = {}
# Configure nova-novncproxy https if nova-api is using https.
if ch_cluster.https():
cn = ch_ip.resolve_address(endpoint_type=ch_ip.INTERNAL)
if cn:
cert_filename = 'cert_{}'.format(cn)
key_filename = 'key_{}'.format(cn)
else:
cert_filename = 'cert'
key_filename = 'key'
ssl_dir = '/etc/apache2/ssl/nova'
cert = os.path.join(ssl_dir, cert_filename)
key = os.path.join(ssl_dir, key_filename)
if os.path.exists(cert) and os.path.exists(key):
ctxt['ssl_cert'] = cert
ctxt['ssl_key'] = key
return ctxt
def admin_relation_changed(relation_id=None):
# TODO: fixup
if expect_ha() and not is_clustered():
log("Expected to be HA but no hacluster relation yet", level=INFO)
return
relation_data = {
'service_hostname': resolve_address(ADMIN),
'service_port': config('service-port'),
'service_username': config('admin-user'),
'service_tenant_name': config('admin-role'),
'service_region': config('region'),
'service_protocol': 'https' if https() else 'http',
'api_version': get_api_version(),
}
if relation_data['api_version'] > 2:
relation_data['service_user_domain_name'] = ADMIN_DOMAIN
relation_data['service_project_domain_name'] = ADMIN_DOMAIN
relation_data['service_project_name'] = ADMIN_PROJECT
relation_data['service_password'] = get_admin_passwd()
relation_set(relation_id=relation_id, **relation_data)
def __call__(self):
ctxt = {}
# Configure nova-novncproxy https if nova-api is using https.
if ch_cluster.https():
cn = ch_ip.resolve_address(endpoint_type=ch_ip.INTERNAL)
if cn:
cert_filename = 'cert_{}'.format(cn)
key_filename = 'key_{}'.format(cn)
else:
cert_filename = 'cert'
key_filename = 'key'
ssl_dir = '/etc/apache2/ssl/nova'
cert = os.path.join(ssl_dir, cert_filename)
key = os.path.join(ssl_dir, key_filename)
if os.path.exists(cert) and os.path.exists(key):
ctxt['ssl_cert'] = cert
ctxt['ssl_key'] = key
return ctxt
def __call__(self):
if isinstance(self.external_ports, basestring):
self.external_ports = [self.external_ports]
if (not self.external_ports or not https()):
return {}
self.configure_cert()
self.enable_modules()
ctxt = {
'namespace': self.service_namespace,
'private_address': unit_get('private-address'),
'endpoints': []
}
for api_port in self.external_ports:
ext_port = determine_apache_port(api_port)
int_port = determine_api_port(api_port)
portmap = (int(ext_port), int(int_port))
ctxt['endpoints'].append(portmap)
return ctxt
def keystone_joined(relid=None):
if not cluster.eligible_leader(SWIFT_HA_RES):
return
if cluster.is_clustered():
hostname = config('vip')
else:
hostname = unit_get('private-address')
port = config('bind-port')
if cluster.https():
proto = 'https'
else:
proto = 'http'
admin_url = '%s://%s:%s' % (proto, hostname, port)
internal_url = public_url = '%s/v1/AUTH_$(tenant_id)s' % admin_url
relation_set(service='swift',
region=config('region'),
public_url=public_url, internal_url=internal_url,
admin_url=admin_url,
requested_roles=config('operator-roles'),
relation_id=relid)
def __call__(self):
# late import to work around circular dependency
from keystone_utils import (
determine_ports,
)
self.external_ports = determine_ports()
ret = super(NginxSSLContext, self).__call__()
if not ret:
log("SSL not used", level='DEBUG')
return {}
# Transform for use by Nginx
"""
{'endpoints': [(u'10.5.0.30', u'10.5.0.30', 4990, 4980),
(u'10.5.0.30', u'10.5.0.30', 35347, 35337)],
'ext_ports': [4990, 35347],
'namespace': 'keystone'}
"""
nginx_ret = {}
nginx_ret['ssl'] = https()
nginx_ret['namespace'] = self.service_namespace
endpoints = {}
for ep in ret['endpoints']:
int_address, address, ext, internal = ep
if ext <= 5000:
endpoints['public'] = {
'socket': 'public',
'address': address,
'ext': ext}
elif ext >= 35337:
endpoints['admin'] = {
'socket': 'admin',
'address': address,
'ext': ext}
else:
log("Unrecognized internal port", level='ERROR')
nginx_ret['endpoints'] = endpoints
return nginx_ret
def __call__(self):
if isinstance(self.external_ports, basestring):
self.external_ports = [self.external_ports]
if (not self.external_ports or not https()):
return {}
self.configure_cert()
self.enable_modules()
ctxt = {
'namespace': self.service_namespace,
'private_address': unit_get('private-address'),
'endpoints': []
}
for ext_port in self.external_ports:
if peer_units() or is_clustered():
int_port = determine_haproxy_port(ext_port)
else:
int_port = determine_api_port(ext_port)
portmap = (int(ext_port), int(int_port))
ctxt['endpoints'].append(portmap)
return ctxt
def __call__(self):
if isinstance(self.external_ports, six.string_types):
self.external_ports = [self.external_ports]
if not self.external_ports or not https():
return {}
self.configure_ca()
self.enable_modules()
ctxt = {
'namespace': self.service_namespace,
'endpoints': [],
'ext_ports': []
}
cns = self.canonical_names()
if cns:
for cn in cns:
self.configure_cert(cn)
else:
# Expect cert/key provided in config (currently assumed that ca
# uses ip for cn)
cn = resolve_address(endpoint_type=INTERNAL)
self.configure_cert(cn)
addresses = self.get_network_addresses()
for address, endpoint in sorted(set(addresses)):
for api_port in self.external_ports:
ext_port = determine_apache_port(api_port,
singlenode_mode=True)
int_port = determine_api_port(api_port, singlenode_mode=True)
portmap = (address, endpoint, int(ext_port), int(int_port))
ctxt['endpoints'].append(portmap)
ctxt['ext_ports'].append(int(ext_port))
ctxt['ext_ports'] = sorted(list(set(ctxt['ext_ports'])))
return ctxt
def __call__(self):
if isinstance(self.external_ports, six.string_types):
self.external_ports = [self.external_ports]
if not self.external_ports or not https():
return {}
self.configure_ca()
self.enable_modules()
ctxt = {'namespace': self.service_namespace,
'endpoints': [],
'ext_ports': []}
cns = self.canonical_names()
if cns:
for cn in cns:
self.configure_cert(cn)
else:
# Expect cert/key provided in config (currently assumed that ca
# uses ip for cn)
cn = resolve_address(endpoint_type=INTERNAL)
self.configure_cert(cn)
addresses = self.get_network_addresses()
for address, endpoint in sorted(set(addresses)):
for api_port in self.external_ports:
ext_port = determine_apache_port(api_port,
singlenode_mode=True)
int_port = determine_api_port(api_port, singlenode_mode=True)
portmap = (address, endpoint, int(ext_port), int(int_port))
ctxt['endpoints'].append(portmap)
ctxt['ext_ports'].append(int(ext_port))
ctxt['ext_ports'] = sorted(list(set(ctxt['ext_ports'])))
return ctxt
def test_https_explict(self):
'''It determines https is available if configured explicitly'''
# config_get('use-https')
self.config_get.return_value = 'yes'
self.assertTrue(cluster_utils.https())
