def send_ssl_sync_request(): """Set sync request on cluster relation. Value set equals number of ssl configs currently enabled so that if they change, we ensure that certs are synced. This setting is consumed by cluster-relation-changed ssl master. We also clear the 'synced' set to guarantee that a sync will occur. Note the we do nothing if the setting is already applied. """ unit = local_unit().replace('/', '-') count = 0 use_https = config('use-https') if use_https and bool_from_string(use_https): count += 1 https_service_endpoints = config('https-service-endpoints') if (https_service_endpoints and bool_from_string(https_service_endpoints)): count += 2 enable_pki = config('enable-pki') if enable_pki and bool_from_string(enable_pki): count += 3 key = 'ssl-sync-required-%s' % (unit) settings = {key: count} # If all ssl is disabled ensure this is set to 0 so that cluster hook runs # and endpoints are updated. if not count: log("Setting %s=%s" % (key, count), level=DEBUG) for rid in relation_ids('cluster'): relation_set(relation_id=rid, relation_settings=settings) return prev = 0 rid = None for rid in relation_ids('cluster'): for unit in related_units(rid): _prev = relation_get(rid=rid, unit=unit, attribute=key) or 0 if _prev and _prev > prev: prev = _prev if rid and prev < count: clear_ssl_synced_units() log("Setting %s=%s" % (key, count), level=DEBUG) relation_set(relation_id=rid, relation_settings=settings)
def send_ssl_sync_request(): """Set sync request on cluster relation. Value set equals number of ssl configs currently enabled so that if they change, we ensure that certs are synced. This setting is consumed by cluster-relation-changed ssl master. We also clear the 'synced' set to guarantee that a sync will occur. Note the we do nothing if the setting is already applied. """ unit = local_unit().replace('/', '-') # Start with core config (e.g. used for signing revoked token list) ssl_config = 0b1 use_https = config('use-https') if use_https and bool_from_string(use_https): ssl_config ^= 0b10 https_service_endpoints = config('https-service-endpoints') if (https_service_endpoints and bool_from_string(https_service_endpoints)): ssl_config ^= 0b100 enable_pki = config('enable-pki') if enable_pki and bool_from_string(enable_pki): ssl_config ^= 0b1000 key = 'ssl-sync-required-%s' % (unit) settings = {key: ssl_config} prev = 0b0 rid = None for rid in relation_ids('cluster'): for unit in related_units(rid): _prev = relation_get(rid=rid, unit=unit, attribute=key) or 0b0 if _prev and _prev > prev: prev = bin(_prev) if rid and prev ^ ssl_config: if is_leader(): clear_ssl_synced_units() log("Setting %s=%s" % (key, bin(ssl_config)), level=DEBUG) relation_set(relation_id=rid, relation_settings=settings)
def send_ssl_sync_request(): """Set sync request on cluster relation. Value set equals number of ssl configs currently enabled so that if they change, we ensure that certs are synced. This setting is consumed by cluster-relation-changed ssl master. We also clear the 'synced' set to guarantee that a sync will occur. Note the we do nothing if the setting is already applied. """ unit = local_unit().replace('/', '-') # Start with core config (e.g. used for signing revoked token list) ssl_config = 0b1 use_https = config('use-https') if use_https and bool_from_string(use_https): ssl_config ^= 0b10 https_service_endpoints = config('https-service-endpoints') if (https_service_endpoints and bool_from_string(https_service_endpoints)): ssl_config ^= 0b100 enable_pki = config('enable-pki') if enable_pki and bool_from_string(enable_pki): ssl_config ^= 0b1000 key = 'ssl-sync-required-%s' % (unit) settings = {key: ssl_config} prev = 0b0 rid = None for rid in relation_ids('cluster'): for unit in related_units(rid): _prev = relation_get(rid=rid, unit=unit, attribute=key) or 0b0 if _prev and _prev > prev: prev = bin(_prev) if rid and prev ^ ssl_config: clear_ssl_synced_units() log("Setting %s=%s" % (key, bin(ssl_config)), level=DEBUG) relation_set(relation_id=rid, relation_settings=settings)