def update_nova_consoleauth_config(): """ Configure nova-consoleauth pacemaker resources """ relids = hookenv.relation_ids('ha') if len(relids) == 0: hookenv.log('Related to {} ha services'.format(len(relids)), level=hookenv.DEBUG) ha_relid = None data = {} else: ha_relid = relids[0] data = hookenv.relation_get(rid=ha_relid) or {} # initialize keys in case this is a new dict data.setdefault('delete_resources', []) for k in ['colocations', 'init_services', 'resources', 'resource_params']: data.setdefault(k, {}) if (hookenv.config('single-nova-consoleauth') and common.console_attributes('protocol')): for item in ['vip_consoleauth', 'res_nova_consoleauth']: try: data['delete_resources'].remove(item) except ValueError: pass # nothing to remove, we are good # the new pcmkr resources have to be added to the existing ones data['colocations']['vip_consoleauth'] = COLO_CONSOLEAUTH data['init_services']['res_nova_consoleauth'] = 'nova-consoleauth' data['resources']['res_nova_consoleauth'] = AGENT_CONSOLEAUTH data['resource_params']['res_nova_consoleauth'] = AGENT_CA_PARAMS for rid in hookenv.relation_ids('ha'): hookenv.relation_set(rid, **data) # nova-consoleauth will be managed by pacemaker, so stop it # and prevent it to be started again at boot. (LP: #1693629). if hookenv.relation_ids('ha'): ch_host.service_pause('nova-consoleauth') elif (not hookenv.config('single-nova-consoleauth') and common.console_attributes('protocol')): for item in ['vip_consoleauth', 'res_nova_consoleauth']: if item not in data['delete_resources']: data['delete_resources'].append(item) # remove them from the rel, so they aren't recreated when the hook # is recreated data['colocations'].pop('vip_consoleauth', None) data['init_services'].pop('res_nova_consoleauth', None) data['resources'].pop('res_nova_consoleauth', None) data['resource_params'].pop('res_nova_consoleauth', None) for rid in hookenv.relation_ids('ha'): hookenv.relation_set(rid, **data) if not ch_utils.is_unit_paused_set(): ch_host.service_resume('nova-consoleauth')
def __call__(self): ctxt = {} if (hookenv.config('console-ssl-cert') and hookenv.config('console-ssl-key') and hookenv.config('console-access-protocol')): ssl_dir = '/etc/nova/ssl/' if not os.path.exists(ssl_dir): hookenv.log('Creating %s.' % ssl_dir, level=hookenv.DEBUG) os.mkdir(ssl_dir) cert_path = os.path.join(ssl_dir, 'nova_cert.pem') decode_ssl_cert = base64.b64decode( hookenv.config('console-ssl-cert')) key_path = os.path.join(ssl_dir, 'nova_key.pem') decode_ssl_key = base64.b64decode( hookenv.config('console-ssl-key')) with open(cert_path, 'wb') as fh: fh.write(decode_ssl_cert) with open(key_path, 'wb') as fh: fh.write(decode_ssl_key) ctxt['ssl_only'] = True ctxt['ssl_cert'] = cert_path ctxt['ssl_key'] = key_path if ch_cluster.is_clustered(): ip_addr = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC) else: ip_addr = hookenv.unit_get('private-address') ip_addr = ch_network_ip.format_ipv6_addr(ip_addr) or ip_addr _proto = hookenv.config('console-access-protocol') url = "https://%s:%s%s" % ( ip_addr, common.console_attributes('proxy-port', proto=_proto), common.console_attributes('proxy-page', proto=_proto)) if _proto == 'novnc': ctxt['novncproxy_base_url'] = url elif _proto == 'spice': ctxt['html5proxy_base_url'] = url return ctxt
def __call__(self): ctxt = {} if (hookenv.config('console-ssl-cert') and hookenv.config('console-ssl-key') and hookenv.config('console-access-protocol')): ssl_dir = '/etc/nova/ssl/' if not os.path.exists(ssl_dir): hookenv.log('Creating %s.' % ssl_dir, level=hookenv.DEBUG) os.mkdir(ssl_dir) cert_path = os.path.join(ssl_dir, 'nova_cert.pem') decode_ssl_cert = base64.b64decode( hookenv.config('console-ssl-cert')) key_path = os.path.join(ssl_dir, 'nova_key.pem') decode_ssl_key = base64.b64decode( hookenv.config('console-ssl-key')) with open(cert_path, 'wb') as fh: fh.write(decode_ssl_cert) with open(key_path, 'wb') as fh: fh.write(decode_ssl_key) ctxt['ssl_only'] = True ctxt['ssl_cert'] = cert_path ctxt['ssl_key'] = key_path if ch_cluster.is_clustered(): ip_addr = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC) else: ip_addr = hookenv.unit_get('private-address') ip_addr = ch_network_ip.format_ipv6_addr(ip_addr) or ip_addr _proto = hookenv.config('console-access-protocol') url = "https://%s:%s%s" % ( ip_addr, common.console_attributes('proxy-port', proto=_proto), common.console_attributes('proxy-page', proto=_proto)) if _proto == 'novnc': ctxt['novncproxy_base_url'] = url elif _proto == 'spice': ctxt['html5proxy_base_url'] = url return ctxt
def console_settings(): rel_settings = {} proto = common.console_attributes('protocol') if not proto: return {} rel_settings['console_keymap'] = hookenv.config('console-keymap') rel_settings['console_access_protocol'] = proto console_ssl = False if (hookenv.config('console-ssl-cert') and hookenv.config('console-ssl-key')): console_ssl = True if hookenv.config('console-proxy-ip') == 'local': if console_ssl: address = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC) address = ch_network_ip.format_ipv6_addr(address) or address proxy_base_addr = 'https://%s' % address else: # canonical_url will only return 'https:' if API SSL are enabled. proxy_base_addr = ch_ip.canonical_url(CONFIGS, ch_ip.PUBLIC) else: if console_ssl or ch_cluster.https(): schema = "https" else: schema = "http" proxy_base_addr = ("{}://{}" .format(schema, hookenv.config('console-proxy-ip'))) if proto == 'vnc': protocols = ['novnc', 'xvpvnc'] else: protocols = [proto] for _proto in protocols: rel_settings['console_proxy_{}_address'.format(_proto)] = \ "{}:{}{}".format( proxy_base_addr, common.console_attributes('proxy-port', proto=_proto), common.console_attributes('proxy-page', proto=_proto)) rel_settings['console_proxy_%s_host' % (_proto)] = \ urlparse(proxy_base_addr).hostname rel_settings['console_proxy_%s_port' % (_proto)] = \ common.console_attributes('proxy-port', proto=_proto) return rel_settings
def console_settings(): rel_settings = {} proto = common.console_attributes('protocol') if not proto: return {} rel_settings['console_keymap'] = hookenv.config('console-keymap') rel_settings['console_access_protocol'] = proto console_ssl = False if (hookenv.config('console-ssl-cert') and hookenv.config('console-ssl-key')): console_ssl = True if hookenv.config('console-proxy-ip') == 'local': if console_ssl: address = ch_ip.resolve_address(endpoint_type=ch_ip.PUBLIC) address = ch_network_ip.format_ipv6_addr(address) or address proxy_base_addr = 'https://%s' % address else: # canonical_url will only return 'https:' if API SSL are enabled. proxy_base_addr = ch_ip.canonical_url(CONFIGS, ch_ip.PUBLIC) else: if console_ssl or ch_cluster.https(): schema = "https" else: schema = "http" proxy_base_addr = ("{}://{}" .format(schema, hookenv.config('console-proxy-ip'))) if proto == 'vnc': protocols = ['novnc', 'xvpvnc'] else: protocols = [proto] for _proto in protocols: rel_settings['console_proxy_{}_address'.format(_proto)] = \ "{}:{}{}".format( proxy_base_addr, common.console_attributes('proxy-port', proto=_proto), common.console_attributes('proxy-page', proto=_proto)) rel_settings['console_proxy_%s_host' % (_proto)] = \ urlparse(proxy_base_addr).hostname rel_settings['console_proxy_%s_port' % (_proto)] = \ common.console_attributes('proxy-port', proto=_proto) return rel_settings
def ha_joined(relation_id=None): ha_console_settings = {} if not hookenv.config('dns-ha'): if (hookenv.config('single-nova-consoleauth') and common.console_attributes('protocol')): ha_console_settings = { 'colocations': { 'vip_consoleauth': COLO_CONSOLEAUTH }, 'init_services': { 'res_nova_consoleauth': 'nova-consoleauth' }, 'resources': { 'res_nova_consoleauth': AGENT_CONSOLEAUTH }, 'resource_params': { 'res_nova_consoleauth': AGENT_CA_PARAMS } } settings = ch_ha_utils.generate_ha_relation_data( 'nova', extra_settings=ha_console_settings) hookenv.relation_set(relation_id=relation_id, **settings)