def configure_vault(context): log("Running configure_vault", level=DEBUG) context['disable_mlock'] = is_container() or config('disable-mlock') context['ssl_available'] = is_state('vault.ssl.available') if is_flag_set('etcd.tls.available'): etcd = endpoint_from_flag('etcd.available') log("Etcd detected, adding to context", level=DEBUG) context['etcd_conn'] = etcd.connection_string() context['etcd_tls_ca_file'] = '/var/snap/vault/common/etcd-ca.pem' context['etcd_tls_cert_file'] = '/var/snap/vault/common/etcd-cert.pem' context['etcd_tls_key_file'] = '/var/snap/vault/common/etcd.key' save_etcd_client_credentials(etcd, key=context['etcd_tls_key_file'], cert=context['etcd_tls_cert_file'], ca=context['etcd_tls_ca_file']) context['api_addr'] = vault.get_api_url() context['cluster_addr'] = vault.get_cluster_url() log("Etcd detected, setting api_addr to {}".format( context['api_addr'])) else: log("Etcd not detected", level=DEBUG) log("Rendering vault.hcl.j2", level=DEBUG) render('vault.hcl.j2', VAULT_CONFIG, context, perms=0o600) log("Rendering vault systemd configuation", level=DEBUG) render('vault.service.j2', VAULT_SYSTEMD_CONFIG, {}, perms=0o644) service('enable', 'vault') log("Opening vault port", level=DEBUG) open_port(8200) set_flag('configured') if any_file_changed([VAULT_CONFIG, VAULT_SYSTEMD_CONFIG]): # force a restart if config has changed clear_flag('started')
def restart_candid(): clear_flag('candid.restart') if not any_file_changed([CONFIG_FILE]): hookenv.log("not restarting: config file unchanged", level="info") return hookenv.status_set('maintenance', 'Restarting candid') host.service_restart('snap.candid.candidsrv.service') update_status()
def install_calico_service(): ''' Install the calico-node systemd service. ''' status.maintenance('Installing calico-node service.') with open(kubernetes_common.kubeclientconfig_path) as f: kubeconfig = yaml.safe_load(f) any_file_changed([kubernetes_common.kubeclientconfig_path]) kubeconfig['users'] = [{ 'name': 'calico-node', 'user': { 'token': leader_get('calico-node-token') } }] kubeconfig['contexts'][0]['context']['user'] = '******' with open('/opt/calicoctl/kubeconfig', 'w') as f: yaml.dump(kubeconfig, f) etcd = endpoint_from_flag('etcd.available') service_path = os.path.join(os.sep, 'lib', 'systemd', 'system', 'calico-node.service') ip_versions = {net.version for net in get_networks(charm_config('cidr'))} ip4 = get_bind_address() if 4 in ip_versions else "none" ip6 = "autodetect" if 6 in ip_versions else "none" render( 'calico-node.service', service_path, { 'connection_string': etcd.get_connection_string(), 'etcd_key_path': ETCD_KEY_PATH, 'etcd_ca_path': ETCD_CA_PATH, 'etcd_cert_path': ETCD_CERT_PATH, 'nodename': gethostname(), # specify IP so calico doesn't grab a silly one from, say, lxdbr0 'ip': ip4, 'ip6': ip6, 'mtu': get_mtu(), 'calico_node_image': charm_config('calico-node-image'), 'ignore_loose_rpf': charm_config('ignore-loose-rpf'), 'lc_all': os.environ.get('LC_ALL', 'C.UTF-8'), 'lang': os.environ.get('LANG', 'C.UTF-8') }) check_call(['systemctl', 'daemon-reload']) service_restart('calico-node') service('enable', 'calico-node') remove_state('cni.kubeconfig.changed') set_state('calico.service.installed')
def render_config(*args): with charm.provide_charm_instance() as ( sdn_neutron_plugin_api_subordinate_charm): sdn_neutron_plugin_api_subordinate_charm.render_with_interfaces(args) sdn_neutron_plugin_api_subordinate_charm.assess_status() if reactive.any_file_changed([sdn_neutron_plugin_api_subordinate.ML2_CONF ]): remote_restart(*args)
def render_config(fid_sp): with charm.provide_charm_instance() as charm_instance: if charm_instance.configuration_complete(): charm_instance.render_config(fid_sp) # Trigger keystone restart. The relation is container-scoped # so a per-unit db of a remote unit will only contain a nonce # of a single subordinate if reactive.any_file_changed(charm_instance.restart_map.keys()): fid_sp.request_restart()
def reconfigure_tempest(self): """Expects an external network already configured, and enables cinder tests Sample: RALLY_VERIFIER=7b9d06ef-e651-4da3-a56b-ecac67c595c5 RALLY_VERIFICATION=4a730963-083f-4e1e-8c55-f2b4b9c9c0ac RALLY_DEPLOYMENT=a75657c6-9eea-4f00-9117-2580fe056a80 RALLY_ENV=a75657c6-9eea-4f00-9117-2580fe056a80 """ RALLY_CONF = [ '/home', self._rallyuser, 'snap', 'fcbtest', 'current', '.rally' ] rally_globalconfig = os.path.join(*RALLY_CONF, 'globals') if not os.path.isfile(rally_globalconfig): return False uuids = collections.defaultdict(lambda: '*') with open(rally_globalconfig, 'r') as fd: for line in fd.readlines(): key, value = line.strip().split('=') if key in ['RALLY_VERIFIER', 'RALLY_DEPLOYMENT']: uuids[key] = value tempest_path = os.path.join( *RALLY_CONF, 'verification', 'verifier-{RALLY_VERIFIER}'.format(**uuids), 'for-deployment-{RALLY_DEPLOYMENT}'.format(**uuids), 'tempest.conf') tempestfile = glob.glob(tempest_path) if len(tempestfile) == 0: # No tempest.conf file generated, yet return False if not any_file_changed([tempestfile[0]]): return False self._regenerate_tempest_conf(tempestfile[0]) return True