def _ensure_tls(self, bundle_type, properties): # TODO: We could create some system properties here, that work everywhere host = properties.get("host") or properties.get("private-address") port = properties.get("port") logger.info("Properties before rewrite: %s" % properties) default_port = self._get_default_port(bundle_type) # By using the default_port again, we can make things easier for clients # that don't support the port accept = "0.0.0.0:" + str(default_port) connect = host + ":" + str(port) stunnel_config = """ client=yes [tlswrap] accept=%s connect=%s """ % ( accept, connect, ) changed = False if utils.write_file("/etc/stunnel/tlswrap.conf", stunnel_config): changed = True if utils.update_keyvalue("/etc/default/stunnel4", {"ENABLED": "1"}): changed = True if changed: utils.run_command(["/etc/init.d/stunnel4", "start"]) utils.run_command(["/etc/init.d/stunnel4", "reload"]) if "hopst" in properties: properties["host"] = Juju.private_address() if "private-address" in properties: properties["private-address"] = Juju.private_address() properties["port"] = str(default_port) logger.info("Properties after rewrite: %s" % properties) return properties
def _run_loadbalancer_hook(self, action): logger.info("Running load-balancer hook %s", action) host = Juju.private_address() config = Juju.config() private_port = config['private-port'] if private_port == 0: logger.info("Private port is 0; won't configure load balancer") public_port = config['public-port'] if public_port == 0: logger.info("Public port is 0; won't configure load balancer") protocol = config.get('protocol', '').strip().lower() service_name = Juju.unit_name() service_name = service_name.split('/')[0] relation = Relation.default() relation_id = relation.relation_id servers = [] servers.append(['s_1', host, private_port, '']) service_options = [ 'mode tcp', 'balance leastconn' ] if protocol == 'tls': service_options.append('ssl') service = {} service['service_name'] = service_name service['service_options'] = service_options service['servers'] = servers # Must set both service_host and service_port, or else haproxy ignores the other service['service_host'] = '0.0.0.0' service['service_port'] = public_port services = [] services.append(service) new_properties = {} new_properties['services'] = yaml.dump(services) # relation-set "services= # - { service_name: my_web_app, # service_options: [mode http, balance leastconn], # servers: [[my_web_app_1, $host, $port, option httpchk GET / HTTP/1.0], # [... optionally more servers here ...]]} # - { ... optionally more services here ... } # " if new_properties: logger.info("Setting relation properties to: %s", new_properties) relation.set_properties(new_properties)