def cluster_changed(): unison.ssh_authorized_peers(user=SSH_USER, group="juju_keystone", peer_interface="cluster", ensure_local_user=True) # NOTE(jamespage) re-echo passwords for peer storage echo_whitelist = ["_passwd", "identity-service:", "ssl-cert-master", "db-initialised", "ssl-cert-available-updates"] log("Peer echo whitelist: %s" % (echo_whitelist), level=DEBUG) peer_echo(includes=echo_whitelist, force=True) check_peer_actions() initialise_pki() # Figure out if we need to mandate a sync units = get_ssl_sync_request_units() synced_units = relation_get(attribute="ssl-synced-units", unit=local_unit()) diff = None if synced_units: synced_units = json.loads(synced_units) diff = set(units).symmetric_difference(set(synced_units)) if units and (not synced_units or diff): log("New peers joined and need syncing - %s" % (", ".join(units)), level=DEBUG) update_all_identity_relation_units_force_sync() else: update_all_identity_relation_units() if not is_elected_leader(CLUSTER_RES) and is_ssl_cert_master(): # Force and sync and trigger a sync master re-election since we are not # leader anymore. force_ssl_sync() else: CONFIGS.write_all()
def upgrade_charm(): status_set('maintenance', 'Installing apt packages') apt_install(filter_installed_packages(determine_packages())) unison.ssh_authorized_peers(user=SSH_USER, group=SSH_USER, peer_interface='cluster', ensure_local_user=True) ensure_ssl_dirs() if run_in_apache(): disable_unused_apache_sites() CONFIGS.write_all() # See LP bug 1519035 leader_init_db_if_ready() update_nrpe_config() if is_elected_leader(CLUSTER_RES): log( 'Cluster leader - ensuring endpoint configuration is up to ' 'date', level=DEBUG) update_all_identity_relation_units()
def test_ssh_auth_peer_joined(self, ensure_user, get_keypair): get_keypair.return_value = ('privkey', 'pubkey') self.hook_name.return_value = 'cluster-relation-joined' unison.ssh_authorized_peers(peer_interface='cluster', user='******', group='foo', ensure_local_user=True) self.relation_set.assert_called_with(ssh_pub_key='pubkey') self.assertFalse(self.relation_get.called) ensure_user.assert_called_with('foo', 'foo') get_keypair.assert_called_with('foo')
def cluster_joined(): unison.ssh_authorized_peers(user=SSH_USER, group="juju_keystone", peer_interface="cluster", ensure_local_user=True) settings = {} for addr_type in ADDRESS_TYPES: address = get_address_in_network(config("os-{}-network".format(addr_type))) if address: settings["{}-address".format(addr_type)] = address if config("prefer-ipv6"): private_addr = get_ipv6_addr(exc_list=[config("vip")])[0] settings["private-address"] = private_addr relation_set(relation_settings=settings) send_ssl_sync_request()
def upgrade_charm(): status_set('maintenance', 'Installing apt packages') apt_install(filter_installed_packages(determine_packages())) unison.ssh_authorized_peers(user=SSH_USER, group='juju_keystone', peer_interface='cluster', ensure_local_user=True) ensure_ssl_dirs() CONFIGS.write_all() update_nrpe_config() if is_elected_leader(CLUSTER_RES): log('Cluster leader - ensuring endpoint configuration is up to ' 'date', level=DEBUG) update_all_identity_relation_units()
def cluster_changed(): unison.ssh_authorized_peers(user=SSH_USER, group=SSH_USER, peer_interface='cluster', ensure_local_user=True) # NOTE(jamespage) re-echo passwords for peer storage echo_whitelist = [ '_passwd', 'identity-service:', 'db-initialised', 'ssl-cert-available-updates' ] # Don't echo if leader since a re-election may be in progress. if not is_leader(): echo_whitelist.append('ssl-cert-master') log("Peer echo whitelist: %s" % (echo_whitelist), level=DEBUG) peer_echo(includes=echo_whitelist, force=True) check_peer_actions() initialise_pki() if is_leader(): # Figure out if we need to mandate a sync units = get_ssl_sync_request_units() synced_units = relation_get_and_migrate(attribute='ssl-synced-units', unit=local_unit()) diff = None if synced_units: synced_units = json.loads(synced_units) diff = set(units).symmetric_difference(set(synced_units)) else: units = None if units and (not synced_units or diff): log("New peers joined and need syncing - %s" % (', '.join(units)), level=DEBUG) update_all_identity_relation_units_force_sync() else: update_all_identity_relation_units() if not is_leader() and is_ssl_cert_master(): # Force and sync and trigger a sync master re-election since we are not # leader anymore. force_ssl_sync() else: CONFIGS.write_all()
def upgrade_charm(): status_set("maintenance", "Installing apt packages") apt_install(filter_installed_packages(determine_packages())) unison.ssh_authorized_peers(user=SSH_USER, group="juju_keystone", peer_interface="cluster", ensure_local_user=True) ensure_ssl_dirs() CONFIGS.write_all() # See LP bug 1519035 leader_init_db_if_ready() update_nrpe_config() if is_elected_leader(CLUSTER_RES): log("Cluster leader - ensuring endpoint configuration is up to " "date", level=DEBUG) update_all_identity_relation_units()
def cluster_joined(): unison.ssh_authorized_peers(user=SSH_USER, group='juju_keystone', peer_interface='cluster', ensure_local_user=True) settings = {} for addr_type in ADDRESS_TYPES: address = get_address_in_network( config('os-{}-network'.format(addr_type))) if address: settings['{}-address'.format(addr_type)] = address if config('prefer-ipv6'): private_addr = get_ipv6_addr(exc_list=[config('vip')])[0] settings['private-address'] = private_addr relation_set(relation_settings=settings) send_ssl_sync_request()
def test_ssh_auth_peer_departed(self, ensure_user, get_keypair, write_keys, write_hosts): get_keypair.return_value = ('privkey', 'pubkey') self.hook_name.return_value = 'cluster-relation-departed' self.relation_get.side_effect = [ 'key1', 'host1', 'key2', 'host2', '', '' ] unison.ssh_authorized_peers(peer_interface='cluster', user='******', group='foo', ensure_local_user=True) ensure_user.assert_called_with('foo', 'foo') get_keypair.assert_called_with('foo') write_keys.assert_called_with('foo', ['key1', 'key2']) write_hosts.assert_called_with('foo', ['host1', 'host2']) self.relation_set.assert_called_with( ssh_authorized_hosts='host1:host2')
def cluster_joined(rid=None, ssl_sync_request=True): unison.ssh_authorized_peers(user=SSH_USER, group=SSH_USER, peer_interface='cluster', ensure_local_user=True) settings = {} for addr_type in ADDRESS_TYPES: address = get_relation_ip(addr_type, cidr_network=config( 'os-{}-network'.format(addr_type))) if address: settings['{}-address'.format(addr_type)] = address settings['private-address'] = get_relation_ip('cluster') relation_set(relation_id=rid, relation_settings=settings) if ssl_sync_request: send_ssl_sync_request()