def install(): status_set('maintenance', 'Executing pre-install') execd_preinstall() configure_installation_source(config('openstack-origin')) status_set('maintenance', 'Installing apt packages') apt_update() apt_install(determine_packages(), fatal=True) if snap_install_requested(): status_set('maintenance', 'Installing keystone snap') # NOTE(thedac) Setting devmode until LP#1719636 is fixed install_os_snaps( get_snaps_install_info_from_origin(['keystone'], config('openstack-origin'), mode='devmode')) post_snap_install() service_stop('snap.keystone.*') else: # unconfigured keystone service will prevent start of haproxy in some # circumstances. make sure haproxy runs. LP #1648396 service_stop('keystone') service_start('haproxy') if run_in_apache(): disable_unused_apache_sites() service_pause('keystone') # call the policy overrides handler which will install any policy overrides maybe_do_policyd_overrides( os_release('keystone'), 'keystone', restart_handler=lambda: service_restart('apache2'))
def install(): status_set('maintenance', 'Executing pre-install') execd_preinstall() configure_installation_source(config('openstack-origin')) status_set('maintenance', 'Installing apt packages') apt_update() apt_install(determine_packages(), fatal=True) if snap_install_requested(): status_set('maintenance', 'Installing keystone snap') # NOTE(thedac) Setting devmode until LP#1719636 is fixed install_os_snaps( get_snaps_install_info_from_origin(['keystone'], config('openstack-origin'), mode='devmode')) post_snap_install() service_stop('snap.keystone.*') else: # unconfigured keystone service will prevent start of haproxy in some # circumstances. make sure haproxy runs. LP #1648396 service_stop('keystone') service_start('haproxy') if run_in_apache(): disable_unused_apache_sites() service_pause('keystone') unison.ensure_user(user=SSH_USER, group=SSH_USER) unison.ensure_user(user=SSH_USER, group=KEYSTONE_USER)
def upgrade_charm(): status_set('maintenance', 'Installing apt packages') apt_install(filter_installed_packages(determine_packages())) unison.ssh_authorized_peers(user=SSH_USER, group=SSH_USER, peer_interface='cluster', ensure_local_user=True) ensure_ssl_dirs() if run_in_apache(): disable_unused_apache_sites() CONFIGS.write_all() # See LP bug 1519035 leader_init_db_if_ready() update_nrpe_config() if is_elected_leader(CLUSTER_RES): log( 'Cluster leader - ensuring endpoint configuration is up to ' 'date', level=DEBUG) update_all_identity_relation_units()
def install(): status_set('maintenance', 'Executing pre-install') execd_preinstall() configure_installation_source(config('openstack-origin')) status_set('maintenance', 'Installing apt packages') apt_update() apt_install(determine_packages(), fatal=True) if snap_install_requested(): status_set('maintenance', 'Installing keystone snap') snap_install('keystone', '--edge', '--classic') service_pause('snap.keystone.uwsgi') service_pause('snap.keystone.nginx') else: if run_in_apache(): disable_unused_apache_sites() if not git_install_requested(): service_pause('keystone') status_set('maintenance', 'Git install') git_install(config('openstack-origin-git')) unison.ensure_user(user=SSH_USER, group='juju_keystone') # NOTE(coreycb): can just use group='keystone' once snap has drop privs support if snap_install_requested(): unison.ensure_user(user=SSH_USER, group='root') else: unison.ensure_user(user=SSH_USER, group='keystone')
def upgrade_charm(): packages_to_install = filter_installed_packages(determine_packages()) if packages_to_install: log('Installing apt packages') status_set('maintenance', 'Installing apt packages') apt_install(packages_to_install) packages_removed = remove_old_packages() if run_in_apache(): disable_unused_apache_sites() log('Regenerating configuration files') status_set('maintenance', 'Regenerating configuration files') CONFIGS.write_all() # See LP bug 1519035 leader_init_db_if_ready() update_nrpe_config() if packages_removed: status_set('maintenance', 'Restarting services') log("Package purge detected, restarting services", "INFO") for s in services(): service_restart(s) stop_manager_instance() if is_elected_leader(CLUSTER_RES): log('Cluster leader - ensuring endpoint configuration is up to ' 'date', level=DEBUG) update_all_identity_relation_units()
def install(): status_set('maintenance', 'Executing pre-install') execd_preinstall() configure_installation_source(config('openstack-origin')) status_set('maintenance', 'Installing apt packages') apt_update() apt_install(determine_packages(), fatal=True) if snap_install_requested(): status_set('maintenance', 'Installing keystone snap') # NOTE(thedac) Setting devmode until LP#1719636 is fixed install_os_snaps( get_snaps_install_info_from_origin( ['keystone'], config('openstack-origin'), mode='devmode')) post_snap_install() service_stop('snap.keystone.*') else: # unconfigured keystone service will prevent start of haproxy in some # circumstances. make sure haproxy runs. LP #1648396 service_stop('keystone') service_start('haproxy') if run_in_apache(): disable_unused_apache_sites() service_pause('keystone')
def post_series_upgrade(): log("Running complete series upgrade hook", "INFO") # if we just upgraded from non systemd then ensure that the new packages of # keystone definitely don't run the keystone service if we are a wsgi # configured system. if run_in_apache(): disable_unused_apache_sites() service_pause('keystone') series_upgrade_complete(resume_unit_helper, CONFIGS)
def config_changed_postupgrade(): save_script_rc() release = os_release('keystone') if run_in_apache(release=release): # Need to ensure mod_wsgi is installed and apache2 is reloaded # immediatly as charm querys its local keystone before restart # decorator can fire apt_install(filter_installed_packages(determine_packages())) # when deployed from source, init scripts aren't installed service_pause('keystone') disable_unused_apache_sites() if WSGI_KEYSTONE_API_CONF in CONFIGS.templates: CONFIGS.write(WSGI_KEYSTONE_API_CONF) if not is_unit_paused_set(): restart_pid_check('apache2') stop_manager_instance() if enable_memcache(release=release): # If charm or OpenStack have been upgraded then the list of required # packages may have changed so ensure they are installed. apt_install(filter_installed_packages(determine_packages())) if is_leader() and fernet_enabled(): key_setup() key_leader_set() configure_https() open_port(config('service-port')) update_nrpe_config() CONFIGS.write_all() if snap_install_requested() and not is_unit_paused_set(): service_restart('snap.keystone.*') stop_manager_instance() if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not is_unit_paused_set()): ensure_initial_admin(config) if CompareOpenStackReleases( os_release('keystone')) >= 'liberty': CONFIGS.write(POLICY_JSON) update_all_identity_relation_units() update_all_domain_backends() update_all_fid_backends() for r_id in relation_ids('ha'): ha_joined(relation_id=r_id) notify_middleware_with_release_version() inform_peers_if_ready(check_api_unit_ready)
def config_changed_postupgrade(): save_script_rc() release = os_release('keystone') if run_in_apache(release=release): # Need to ensure mod_wsgi is installed and apache2 is reloaded # immediatly as charm querys its local keystone before restart # decorator can fire apt_install(filter_installed_packages(determine_packages())) # when deployed from source, init scripts aren't installed service_pause('keystone') disable_unused_apache_sites() if WSGI_KEYSTONE_API_CONF in CONFIGS.templates: CONFIGS.write(WSGI_KEYSTONE_API_CONF) if not is_unit_paused_set(): restart_pid_check('apache2') stop_manager_instance() if enable_memcache(release=release): # If charm or OpenStack have been upgraded then the list of required # packages may have changed so ensure they are installed. apt_install(filter_installed_packages(determine_packages())) if is_leader() and fernet_enabled(): key_setup() key_leader_set() configure_https() open_port(config('service-port')) update_nrpe_config() CONFIGS.write_all() if snap_install_requested() and not is_unit_paused_set(): service_restart('snap.keystone.*') stop_manager_instance() if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not is_unit_paused_set()): ensure_initial_admin(config) if CompareOpenStackReleases( os_release('keystone')) >= 'liberty': CONFIGS.write(POLICY_JSON) update_all_identity_relation_units() update_all_domain_backends() update_all_fid_backends() for r_id in relation_ids('ha'): ha_joined(relation_id=r_id) notify_middleware_with_release_version()
def config_changed_postupgrade(): # Ensure ssl dir exists and is unison-accessible ensure_ssl_dir() if not snap_install_requested(): check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/']) ensure_ssl_dirs() save_script_rc() release = os_release('keystone') if run_in_apache(release=release): # Need to ensure mod_wsgi is installed and apache2 is reloaded # immediatly as charm querys its local keystone before restart # decorator can fire apt_install(filter_installed_packages(determine_packages())) # when deployed from source, init scripts aren't installed service_pause('keystone') disable_unused_apache_sites() if WSGI_KEYSTONE_API_CONF in CONFIGS.templates: CONFIGS.write(WSGI_KEYSTONE_API_CONF) if not is_unit_paused_set(): restart_pid_check('apache2') if enable_memcache(release=release): # If charm or OpenStack have been upgraded then the list of required # packages may have changed so ensure they are installed. apt_install(filter_installed_packages(determine_packages())) configure_https() open_port(config('service-port')) update_nrpe_config() CONFIGS.write_all() if snap_install_requested() and not is_unit_paused_set(): service_restart('snap.keystone.*') initialise_pki() update_all_identity_relation_units() update_all_domain_backends() update_all_fid_backends() # Ensure sync request is sent out (needed for any/all ssl change) send_ssl_sync_request() for r_id in relation_ids('ha'): ha_joined(relation_id=r_id)
def upgrade_charm(): packages_to_install = filter_installed_packages(determine_packages()) if packages_to_install: log('Installing apt packages') status_set('maintenance', 'Installing apt packages') apt_install(packages_to_install) packages_removed = remove_old_packages() if run_in_apache(): disable_unused_apache_sites() log('Regenerating configuration files') status_set('maintenance', 'Regenerating configuration files') CONFIGS.write_all() # We no longer use the admin_token and need to ensure the charm has # credentials. This call is idempotent and safe to run on existing # deployments. if is_leader(): bootstrap_keystone(configs=CONFIGS) # See LP bug 1519035 leader_init_db_if_ready() update_nrpe_config() if packages_removed: status_set('maintenance', 'Restarting services') log("Package purge detected, restarting services", "INFO") for s in services(): service_restart(s) stop_manager_instance() if is_elected_leader(CLUSTER_RES): log( 'Cluster leader - ensuring endpoint configuration is up to ' 'date', level=DEBUG) update_all_identity_relation_units() # also ensure that the PCI-DSS protection is in place for service # accounts. ensure_all_service_accounts_protected_for_pci_dss_options() # call the policy overrides handler which will install any policy overrides maybe_do_policyd_overrides( os_release('keystone'), 'keystone', restart_handler=lambda: service_restart('apache2')) inform_peers_if_ready(check_api_unit_ready)
def config_changed_postupgrade(): # Ensure ssl dir exists and is unison-accessible ensure_ssl_dir() if not snap_install_requested(): check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/']) ensure_ssl_dirs() save_script_rc() if run_in_apache(): # Need to ensure mod_wsgi is installed and apache2 is reloaded # immediatly as charm querys its local keystone before restart # decorator can fire apt_install(filter_installed_packages(determine_packages())) # when deployed from source, init scripts aren't installed if not git_install_requested(): service_pause('keystone') if snap_install_requested(): service_pause('snap.keystone.uwsgi') service_pause('snap.keystone.nginx') else: disable_unused_apache_sites() CONFIGS.write(WSGI_KEYSTONE_API_CONF) if not is_unit_paused_set(): restart_pid_check('apache2') # NOTE(coreycb): Need to add https support for snap with nginx if not snap_install_requested(): configure_https() open_port(config('service-port')) if not snap_install_requested(): update_nrpe_config() CONFIGS.write_all() # NOTE(coreycb): Can dropp check once snap has alias support and # drops privileges. if not snap_install_requested(): initialise_pki() update_all_identity_relation_units() update_all_domain_backends() # Ensure sync request is sent out (needed for any/all ssl change) send_ssl_sync_request() for r_id in relation_ids('ha'): ha_joined(relation_id=r_id)
def install(): status_set('maintenance', 'Executing pre-install') execd_preinstall() configure_installation_source(config('openstack-origin')) status_set('maintenance', 'Installing apt packages') apt_update() apt_install(determine_packages(), fatal=True) if run_in_apache(): disable_unused_apache_sites() if not git_install_requested(): service_pause('keystone') status_set('maintenance', 'Git install') git_install(config('openstack-origin-git')) unison.ensure_user(user=SSH_USER, group='juju_keystone') unison.ensure_user(user=SSH_USER, group='keystone')
def upgrade_charm(): status_set('maintenance', 'Installing apt packages') apt_install(filter_installed_packages(determine_packages())) if run_in_apache(): disable_unused_apache_sites() CONFIGS.write_all() # See LP bug 1519035 leader_init_db_if_ready() update_nrpe_config() if is_elected_leader(CLUSTER_RES): log( 'Cluster leader - ensuring endpoint configuration is up to ' 'date', level=DEBUG) update_all_identity_relation_units()
def upgrade_charm(): status_set('maintenance', 'Installing apt packages') apt_install(filter_installed_packages(determine_packages())) unison.ssh_authorized_peers(user=SSH_USER, group='juju_keystone', peer_interface='cluster', ensure_local_user=True) ensure_ssl_dirs() if run_in_apache(): disable_unused_apache_sites() CONFIGS.write_all() # See LP bug 1519035 leader_init_db_if_ready() update_nrpe_config() if is_elected_leader(CLUSTER_RES): log('Cluster leader - ensuring endpoint configuration is up to ' 'date', level=DEBUG) update_all_identity_relation_units()
def upgrade_charm(): packages_to_install = filter_installed_packages(determine_packages()) if packages_to_install: log('Installing apt packages') status_set('maintenance', 'Installing apt packages') apt_install(packages_to_install) packages_removed = remove_old_packages() if run_in_apache(): disable_unused_apache_sites() log('Regenerating configuration files') status_set('maintenance', 'Regenerating configuration files') CONFIGS.write_all() # See LP bug 1519035 leader_init_db_if_ready() update_nrpe_config() if packages_removed: status_set('maintenance', 'Restarting services') log("Package purge detected, restarting services", "INFO") for s in services(): service_restart(s) stop_manager_instance() if is_elected_leader(CLUSTER_RES): log( 'Cluster leader - ensuring endpoint configuration is up to ' 'date', level=DEBUG) update_all_identity_relation_units() # call the policy overrides handler which will install any policy overrides maybe_do_policyd_overrides(os_release('keystone'), 'keystone')