def leader_settings_changed():
# we always want to write the keys on leader-settings-changed regardless of
# whether the unit is paused or not.
if fernet_enabled():
key_write()
# if we are paused, delay doing any config changed hooks.
# It is forced on the resume.
if is_unit_paused_set():
log("Unit is pause or upgrading. Skipping config_changed", "WARN")
return
# Since minions are notified of a regime change via the
# leader-settings-changed hook, rewrite the token flush cron job to make
# sure only the leader is running the cron job.
CONFIGS.write(TOKEN_FLUSH_CRON_FILE)
# Make sure we keep domain and/or project ids used in templates up to date
if CompareOpenStackReleases(
os_release('keystone')) >= 'liberty':
CONFIGS.write(POLICY_JSON)
update_all_identity_relation_units()
inform_peers_if_ready(check_api_unit_ready)
def config_changed_postupgrade():
save_script_rc()
release = os_release('keystone')
if run_in_apache(release=release):
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
service_pause('keystone')
disable_unused_apache_sites()
if WSGI_KEYSTONE_API_CONF in CONFIGS.templates:
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
stop_manager_instance()
if enable_memcache(release=release):
# If charm or OpenStack have been upgraded then the list of required
# packages may have changed so ensure they are installed.
apt_install(filter_installed_packages(determine_packages()))
if is_leader() and fernet_enabled():
key_setup()
key_leader_set()
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
if snap_install_requested() and not is_unit_paused_set():
service_restart('snap.keystone.*')
stop_manager_instance()
if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not
is_unit_paused_set()):
ensure_initial_admin(config)
if CompareOpenStackReleases(
os_release('keystone')) >= 'liberty':
CONFIGS.write(POLICY_JSON)
update_all_identity_relation_units()
update_all_domain_backends()
update_all_fid_backends()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
notify_middleware_with_release_version()
inform_peers_if_ready(check_api_unit_ready)
def config_changed_postupgrade():
save_script_rc()
release = os_release('keystone')
if run_in_apache(release=release):
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
service_pause('keystone')
disable_unused_apache_sites()
if WSGI_KEYSTONE_API_CONF in CONFIGS.templates:
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
stop_manager_instance()
if enable_memcache(release=release):
# If charm or OpenStack have been upgraded then the list of required
# packages may have changed so ensure they are installed.
apt_install(filter_installed_packages(determine_packages()))
if is_leader() and fernet_enabled():
key_setup()
key_leader_set()
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
if snap_install_requested() and not is_unit_paused_set():
service_restart('snap.keystone.*')
stop_manager_instance()
if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not
is_unit_paused_set()):
ensure_initial_admin(config)
if CompareOpenStackReleases(
os_release('keystone')) >= 'liberty':
CONFIGS.write(POLICY_JSON)
update_all_identity_relation_units()
update_all_domain_backends()
update_all_fid_backends()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
notify_middleware_with_release_version()
def leader_settings_changed():
# Since minions are notified of a regime change via the
# leader-settings-changed hook, rewrite the token flush cron job to make
# sure only the leader is running the cron job.
CONFIGS.write(TOKEN_FLUSH_CRON_FILE)
# Make sure we keep domain and/or project ids used in templates up to date
if CompareOpenStackReleases(os_release('keystone')) >= 'liberty':
CONFIGS.write(POLICY_JSON)
if fernet_enabled():
key_write()
update_all_identity_relation_units()
def leader_settings_changed():
# if we are paused, delay doing any config changed hooks.
# It is forced on the resume.
if is_unit_paused_set():
log("Unit is pause or upgrading. Skipping config_changed", "WARN")
return
# Since minions are notified of a regime change via the
# leader-settings-changed hook, rewrite the token flush cron job to make
# sure only the leader is running the cron job.
CONFIGS.write(TOKEN_FLUSH_CRON_FILE)
# Make sure we keep domain and/or project ids used in templates up to date
if CompareOpenStackReleases(
os_release('keystone')) >= 'liberty':
CONFIGS.write(POLICY_JSON)
if fernet_enabled():
key_write()
update_all_identity_relation_units()
def test_fernet_enabled_yes_release_override_config(self):
self.os_release.return_value = 'rocky'
self.test_config.set('token-provider', 'uuid')
result = context.fernet_enabled()
self.assertTrue(result)
def test_fernet_enabled_yes_release(self):
self.os_release.return_value = 'rocky'
result = context.fernet_enabled()
self.assertTrue(result)
def test_fernet_enabled_no_release_override_config(self):
self.os_release.return_value = 'mitaka'
self.test_config.set('token-provider', 'fernet')
result = context.fernet_enabled()
self.assertFalse(result)
def test_fernet_enabled_yes_config(self):
self.os_release.return_value = 'ocata'
self.test_config.set('token-provider', 'fernet')
result = context.fernet_enabled()
self.assertTrue(result)
def test_fernet_enabled_yes_release_override_config(self):
self.os_release.return_value = 'rocky'
self.test_config.set('token-provider', 'uuid')
result = context.fernet_enabled()
self.assertTrue(result)
def test_fernet_enabled_yes_release(self):
self.os_release.return_value = 'rocky'
result = context.fernet_enabled()
self.assertTrue(result)
def test_fernet_enabled_no_release_override_config(self):
self.os_release.return_value = 'mitaka'
self.test_config.set('token-provider', 'fernet')
result = context.fernet_enabled()
self.assertFalse(result)
def test_fernet_enabled_yes_config(self):
self.os_release.return_value = 'ocata'
self.test_config.set('token-provider', 'fernet')
result = context.fernet_enabled()
self.assertTrue(result)
