def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
service_pause('keystone')
CONFIGS.write(WSGI_KEYSTONE_CONF)
restart_pid_check('apache2')
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
initialise_pki()
update_all_identity_relation_units()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
if not git_install_requested():
service_pause('keystone')
CONFIGS.write(WSGI_KEYSTONE_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
initialise_pki()
update_all_identity_relation_units()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if snap_install_requested():
status_set('maintenance', 'Installing keystone snap')
# NOTE(thedac) Setting devmode until LP#1719636 is fixed
install_os_snaps(
get_snaps_install_info_from_origin(['keystone'],
config('openstack-origin'),
mode='devmode'))
post_snap_install()
service_stop('snap.keystone.*')
else:
# unconfigured keystone service will prevent start of haproxy in some
# circumstances. make sure haproxy runs. LP #1648396
service_stop('keystone')
service_start('haproxy')
if run_in_apache():
disable_unused_apache_sites()
service_pause('keystone')
unison.ensure_user(user=SSH_USER, group=SSH_USER)
unison.ensure_user(user=SSH_USER, group=KEYSTONE_USER)
def upgrade_charm():
status_set('maintenance', 'Installing apt packages')
apt_install(filter_installed_packages(determine_packages()))
unison.ssh_authorized_peers(user=SSH_USER,
group=SSH_USER,
peer_interface='cluster',
ensure_local_user=True)
ensure_ssl_dirs()
if run_in_apache():
disable_unused_apache_sites()
CONFIGS.write_all()
# See LP bug 1519035
leader_init_db_if_ready()
update_nrpe_config()
if is_elected_leader(CLUSTER_RES):
log(
'Cluster leader - ensuring endpoint configuration is up to '
'date',
level=DEBUG)
update_all_identity_relation_units()
def upgrade_charm():
packages_to_install = filter_installed_packages(determine_packages())
if packages_to_install:
log('Installing apt packages')
status_set('maintenance', 'Installing apt packages')
apt_install(packages_to_install)
packages_removed = remove_old_packages()
if run_in_apache():
disable_unused_apache_sites()
log('Regenerating configuration files')
status_set('maintenance', 'Regenerating configuration files')
CONFIGS.write_all()
# See LP bug 1519035
leader_init_db_if_ready()
update_nrpe_config()
if packages_removed:
status_set('maintenance', 'Restarting services')
log("Package purge detected, restarting services", "INFO")
for s in services():
service_restart(s)
stop_manager_instance()
if is_elected_leader(CLUSTER_RES):
log('Cluster leader - ensuring endpoint configuration is up to '
'date', level=DEBUG)
update_all_identity_relation_units()
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if snap_install_requested():
status_set('maintenance', 'Installing keystone snap')
snap_install('keystone', '--edge', '--classic')
service_pause('snap.keystone.uwsgi')
service_pause('snap.keystone.nginx')
else:
if run_in_apache():
disable_unused_apache_sites()
if not git_install_requested():
service_pause('keystone')
status_set('maintenance', 'Git install')
git_install(config('openstack-origin-git'))
unison.ensure_user(user=SSH_USER, group='juju_keystone')
# NOTE(coreycb): can just use group='keystone' once snap has drop privs support
if snap_install_requested():
unison.ensure_user(user=SSH_USER, group='root')
else:
unison.ensure_user(user=SSH_USER, group='keystone')
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if snap_install_requested():
status_set('maintenance', 'Installing keystone snap')
# NOTE(thedac) Setting devmode until LP#1719636 is fixed
install_os_snaps(
get_snaps_install_info_from_origin(
['keystone'],
config('openstack-origin'),
mode='devmode'))
post_snap_install()
service_stop('snap.keystone.*')
else:
# unconfigured keystone service will prevent start of haproxy in some
# circumstances. make sure haproxy runs. LP #1648396
service_stop('keystone')
service_start('haproxy')
if run_in_apache():
disable_unused_apache_sites()
service_pause('keystone')
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
check_call(["chmod", "-R", "g+wrx", "/var/lib/keystone/"])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
if not git_install_requested():
service_pause("keystone")
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check("apache2")
configure_https()
open_port(config("service-port"))
update_nrpe_config()
CONFIGS.write_all()
initialise_pki()
update_all_identity_relation_units()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids("ha"):
ha_joined(relation_id=r_id)
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if snap_install_requested():
status_set('maintenance', 'Installing keystone snap')
# NOTE(thedac) Setting devmode until LP#1719636 is fixed
install_os_snaps(
get_snaps_install_info_from_origin(['keystone'],
config('openstack-origin'),
mode='devmode'))
post_snap_install()
service_stop('snap.keystone.*')
else:
# unconfigured keystone service will prevent start of haproxy in some
# circumstances. make sure haproxy runs. LP #1648396
service_stop('keystone')
service_start('haproxy')
if run_in_apache():
disable_unused_apache_sites()
service_pause('keystone')
# call the policy overrides handler which will install any policy overrides
maybe_do_policyd_overrides(
os_release('keystone'),
'keystone',
restart_handler=lambda: service_restart('apache2'))
def post_series_upgrade():
log("Running complete series upgrade hook", "INFO")
# if we just upgraded from non systemd then ensure that the new packages of
# keystone definitely don't run the keystone service if we are a wsgi
# configured system.
if run_in_apache():
disable_unused_apache_sites()
service_pause('keystone')
series_upgrade_complete(resume_unit_helper, CONFIGS)
def config_changed_postupgrade():
save_script_rc()
release = os_release('keystone')
if run_in_apache(release=release):
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
service_pause('keystone')
disable_unused_apache_sites()
if WSGI_KEYSTONE_API_CONF in CONFIGS.templates:
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
stop_manager_instance()
if enable_memcache(release=release):
# If charm or OpenStack have been upgraded then the list of required
# packages may have changed so ensure they are installed.
apt_install(filter_installed_packages(determine_packages()))
if is_leader() and fernet_enabled():
key_setup()
key_leader_set()
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
if snap_install_requested() and not is_unit_paused_set():
service_restart('snap.keystone.*')
stop_manager_instance()
if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not
is_unit_paused_set()):
ensure_initial_admin(config)
if CompareOpenStackReleases(
os_release('keystone')) >= 'liberty':
CONFIGS.write(POLICY_JSON)
update_all_identity_relation_units()
update_all_domain_backends()
update_all_fid_backends()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
notify_middleware_with_release_version()
inform_peers_if_ready(check_api_unit_ready)
def config_changed_postupgrade():
save_script_rc()
release = os_release('keystone')
if run_in_apache(release=release):
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
service_pause('keystone')
disable_unused_apache_sites()
if WSGI_KEYSTONE_API_CONF in CONFIGS.templates:
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
stop_manager_instance()
if enable_memcache(release=release):
# If charm or OpenStack have been upgraded then the list of required
# packages may have changed so ensure they are installed.
apt_install(filter_installed_packages(determine_packages()))
if is_leader() and fernet_enabled():
key_setup()
key_leader_set()
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
if snap_install_requested() and not is_unit_paused_set():
service_restart('snap.keystone.*')
stop_manager_instance()
if (is_db_initialised() and is_elected_leader(CLUSTER_RES) and not
is_unit_paused_set()):
ensure_initial_admin(config)
if CompareOpenStackReleases(
os_release('keystone')) >= 'liberty':
CONFIGS.write(POLICY_JSON)
update_all_identity_relation_units()
update_all_domain_backends()
update_all_fid_backends()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
notify_middleware_with_release_version()
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
if not snap_install_requested():
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
release = os_release('keystone')
if run_in_apache(release=release):
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
service_pause('keystone')
disable_unused_apache_sites()
if WSGI_KEYSTONE_API_CONF in CONFIGS.templates:
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
if enable_memcache(release=release):
# If charm or OpenStack have been upgraded then the list of required
# packages may have changed so ensure they are installed.
apt_install(filter_installed_packages(determine_packages()))
configure_https()
open_port(config('service-port'))
update_nrpe_config()
CONFIGS.write_all()
if snap_install_requested() and not is_unit_paused_set():
service_restart('snap.keystone.*')
initialise_pki()
update_all_identity_relation_units()
update_all_domain_backends()
update_all_fid_backends()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def upgrade_charm():
packages_to_install = filter_installed_packages(determine_packages())
if packages_to_install:
log('Installing apt packages')
status_set('maintenance', 'Installing apt packages')
apt_install(packages_to_install)
packages_removed = remove_old_packages()
if run_in_apache():
disable_unused_apache_sites()
log('Regenerating configuration files')
status_set('maintenance', 'Regenerating configuration files')
CONFIGS.write_all()
# We no longer use the admin_token and need to ensure the charm has
# credentials. This call is idempotent and safe to run on existing
# deployments.
if is_leader():
bootstrap_keystone(configs=CONFIGS)
# See LP bug 1519035
leader_init_db_if_ready()
update_nrpe_config()
if packages_removed:
status_set('maintenance', 'Restarting services')
log("Package purge detected, restarting services", "INFO")
for s in services():
service_restart(s)
stop_manager_instance()
if is_elected_leader(CLUSTER_RES):
log(
'Cluster leader - ensuring endpoint configuration is up to '
'date',
level=DEBUG)
update_all_identity_relation_units()
# also ensure that the PCI-DSS protection is in place for service
# accounts.
ensure_all_service_accounts_protected_for_pci_dss_options()
# call the policy overrides handler which will install any policy overrides
maybe_do_policyd_overrides(
os_release('keystone'),
'keystone',
restart_handler=lambda: service_restart('apache2'))
inform_peers_if_ready(check_api_unit_ready)
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if run_in_apache():
service_pause('keystone')
status_set('maintenance', 'Git install')
git_install(config('openstack-origin-git'))
unison.ensure_user(user=SSH_USER, group='juju_keystone')
unison.ensure_user(user=SSH_USER, group='keystone')
def config_changed_postupgrade():
# Ensure ssl dir exists and is unison-accessible
ensure_ssl_dir()
if not snap_install_requested():
check_call(['chmod', '-R', 'g+wrx', '/var/lib/keystone/'])
ensure_ssl_dirs()
save_script_rc()
if run_in_apache():
# Need to ensure mod_wsgi is installed and apache2 is reloaded
# immediatly as charm querys its local keystone before restart
# decorator can fire
apt_install(filter_installed_packages(determine_packages()))
# when deployed from source, init scripts aren't installed
if not git_install_requested():
service_pause('keystone')
if snap_install_requested():
service_pause('snap.keystone.uwsgi')
service_pause('snap.keystone.nginx')
else:
disable_unused_apache_sites()
CONFIGS.write(WSGI_KEYSTONE_API_CONF)
if not is_unit_paused_set():
restart_pid_check('apache2')
# NOTE(coreycb): Need to add https support for snap with nginx
if not snap_install_requested():
configure_https()
open_port(config('service-port'))
if not snap_install_requested():
update_nrpe_config()
CONFIGS.write_all()
# NOTE(coreycb): Can dropp check once snap has alias support and
# drops privileges.
if not snap_install_requested():
initialise_pki()
update_all_identity_relation_units()
update_all_domain_backends()
# Ensure sync request is sent out (needed for any/all ssl change)
send_ssl_sync_request()
for r_id in relation_ids('ha'):
ha_joined(relation_id=r_id)
def upgrade_charm():
status_set('maintenance', 'Installing apt packages')
apt_install(filter_installed_packages(determine_packages()))
if run_in_apache():
disable_unused_apache_sites()
CONFIGS.write_all()
# See LP bug 1519035
leader_init_db_if_ready()
update_nrpe_config()
if is_elected_leader(CLUSTER_RES):
log(
'Cluster leader - ensuring endpoint configuration is up to '
'date',
level=DEBUG)
update_all_identity_relation_units()
def install():
status_set("maintenance", "Executing pre-install")
execd_preinstall()
configure_installation_source(config("openstack-origin"))
status_set("maintenance", "Installing apt packages")
apt_update()
apt_install(determine_packages(), fatal=True)
if run_in_apache():
# NOTE: ensure that packaging provided
# apache configuration is disabled
# as it will conflict with the charm
# provided version. when deployed from
# source, init scripts aren't installed.
if os.path.exists(PACKAGE_KEYSTONE_CONF):
check_call(["a2dissite", "keystone"])
if not git_install_requested():
service_pause("keystone")
status_set("maintenance", "Git install")
git_install(config("openstack-origin-git"))
unison.ensure_user(user=SSH_USER, group="juju_keystone")
unison.ensure_user(user=SSH_USER, group="keystone")
def install():
status_set('maintenance', 'Executing pre-install')
execd_preinstall()
configure_installation_source(config('openstack-origin'))
status_set('maintenance', 'Installing apt packages')
apt_update()
apt_install(determine_packages(), fatal=True)
if run_in_apache():
# NOTE: ensure that packaging provided
# apache configuration is disabled
# as it will conflict with the charm
# provided version. when deployed from
# source, init scripts aren't installed.
if os.path.exists(PACKAGE_KEYSTONE_CONF):
check_call(['a2dissite', 'keystone'])
if not git_install_requested():
service_pause('keystone')
status_set('maintenance', 'Git install')
git_install(config('openstack-origin-git'))
unison.ensure_user(user=SSH_USER, group='juju_keystone')
unison.ensure_user(user=SSH_USER, group='keystone')
def upgrade_charm():
packages_to_install = filter_installed_packages(determine_packages())
if packages_to_install:
log('Installing apt packages')
status_set('maintenance', 'Installing apt packages')
apt_install(packages_to_install)
packages_removed = remove_old_packages()
if run_in_apache():
disable_unused_apache_sites()
log('Regenerating configuration files')
status_set('maintenance', 'Regenerating configuration files')
CONFIGS.write_all()
# See LP bug 1519035
leader_init_db_if_ready()
update_nrpe_config()
if packages_removed:
status_set('maintenance', 'Restarting services')
log("Package purge detected, restarting services", "INFO")
for s in services():
service_restart(s)
stop_manager_instance()
if is_elected_leader(CLUSTER_RES):
log(
'Cluster leader - ensuring endpoint configuration is up to '
'date',
level=DEBUG)
update_all_identity_relation_units()
# call the policy overrides handler which will install any policy overrides
maybe_do_policyd_overrides(os_release('keystone'), 'keystone')
def upgrade_charm():
status_set('maintenance', 'Installing apt packages')
apt_install(filter_installed_packages(determine_packages()))
unison.ssh_authorized_peers(user=SSH_USER,
group='juju_keystone',
peer_interface='cluster',
ensure_local_user=True)
ensure_ssl_dirs()
if run_in_apache():
disable_unused_apache_sites()
CONFIGS.write_all()
# See LP bug 1519035
leader_init_db_if_ready()
update_nrpe_config()
if is_elected_leader(CLUSTER_RES):
log('Cluster leader - ensuring endpoint configuration is up to '
'date', level=DEBUG)
update_all_identity_relation_units()