Juju Charms Collection
openstack-dashboard package

Merge lp:~openstack-charmers/charms/precise/openstack-dashboard/ha-support into lp:~charmers/charms/precise/openstack-dashboard/trunk

Proposed by Adam Gandelman on 2013-05-29

Status:	Merged
Merged at revision:	20
Proposed branch:	lp:~openstack-charmers/charms/precise/openstack-dashboard/ha-support
Merge into:	lp:~charmers/charms/precise/openstack-dashboard/trunk
Diff against target:	880 lines (+692/-29) 8 files modified config.yaml (+59/-7) hooks/horizon-common (+53/-11) hooks/horizon-relations (+100/-7) hooks/lib/openstack-common (+456/-3) metadata.yaml (+6/-0) revision (+1/-1) scripts/add_to_cluster (+13/-0) scripts/remove_from_cluster (+4/-0)
To merge this branch:	bzr merge lp:~openstack-charmers/charms/precise/openstack-dashboard/ha-support
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
charmers		2013-05-29	Pending
Review via email: mp+166346@code.launchpad.net

Description of the change

* Updated for Grizzly.

* HA support via the hacluster subordinate.

Revision history for this message

Nobuto Murata (nobuto) wrote on 2013-06-03:

Hi, I'm not in the charmers group, but I found:

257 + if [ "$(config-get offline-compression)" != "yes" ]; then
258 + set_or_update COMPRESS_OFFLINE False
259 + apt-get install -y nodejs node-less
260 + else
261 + set_or_update COMPRESS_OFFLINE True
262 + fi

Installing nodejs and node-less should be in "COMPRESS_OFFLINE True" not "COMPRESS_OFFLINE False", shouldn't it?

Revision history for this message

Nobuto Murata (nobuto) wrote on 2013-06-03:

Ah, I misunderstood True/False of that option. Please disregard my last comment.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andreas Hasenack

Landscape

Nobuto Murata

OpenStack Charmers

charmers

 === modified file 'config.yaml'
 --- config.yaml	2013-01-11 21:59:22 +0000
 +++ config.yaml	2013-05-29 18:14:34 +0000
@@ -1,5 +1,5 @@
  options:
--   openstack-origin:
++    openstack-origin:
          default: distro
          type: string
          description: |
@@ -14,15 +14,67 @@
            Note that updating this setting to a source that is known to
            provide a later version of OpenStack will trigger a software
            upgrade.
--   webroot:
++    webroot:
          default: "/horizon"
          type: string
          description: |
--            Directory where application will be accessible, relative to
--            http://$hostname/.
--   default-role:
++          Directory where application will be accessible, relative to
++          http://$hostname/.
++    default-role:
          default: "Member"
          type: string
          description: |
--            Default role for Horizon operations that will be created in
--            Keystone upon introduction of an identity-service relation.
++          Default role for Horizon operations that will be created in
++          Keystone upon introduction of an identity-service relation.
++    vip:
++        type: string
++        description: "Virtual IP to use to front openstack dashboard ha configuration"
++    vip_iface:
++        type: string
++        default: eth0
++        description: "Network Interface where to place the Virtual IP"
++    vip_cidr:
++        type: int
++        default: 24
++        description: "Netmask that will be used for the Virtual IP"
++    ha-bindiface:
++        type: string
++        default: eth0
++        description: |
++          Default network interface on which HA cluster will bind to communication
++          with the other members of the HA Cluster.
++    ha-mcastport:
++        type: int
++        default: 5410
++        description: |
++          Default multicast port number that will be used to communicate between
++          HA Cluster nodes.
++    # User provided SSL cert and key
++    ssl_cert:
++        type: string
++        description: |
++          Base64 encoded SSL certificate to install and use for API ports.
++          .
++             juju set swift-proxy ssl_cert="$(cat cert | base64)" \
++                                  ssl_key="$(cat key | base64)"
++          .
++          Setting this value (and ssl_key) will enable reverse proxying, point
++          Swifts's entry in the Keystone catalog to use https, and override
++          any certficiate and key issued by Keystone (if it is configured to
++          do so).
++    ssl_key:
++        type: string
++        description: |
++          Base64 encoded SSL key to use with certificate specified as ssl_cert.
++    offline-compression:
++        type: string
++        default: "yes"
++        description: Use pre-generated Less compiled JS and CSS.
++    debug:
++        type: string
++        default: "no"
++        description: Show Django debug messages.
++    ubuntu-theme:
++        type: string
++        default: "yes"
++        description: Use Ubuntu theme for the dashboard.
 === added symlink 'hooks/cluster-relation-changed'
 === target is u'horizon-relations'
 === added symlink 'hooks/cluster-relation-departed'
 === target is u'horizon-relations'
 === added symlink 'hooks/ha-relation-changed'
 === target is u'horizon-relations'
 === added symlink 'hooks/ha-relation-joined'
 === target is u'horizon-relations'
 === modified file 'hooks/horizon-common'
 --- hooks/horizon-common	2012-10-10 23:32:24 +0000
 +++ hooks/horizon-common	2013-05-29 18:14:34 +0000
@@ -1,14 +1,16 @@
  #!/bin/bash
++# vim: set ts=2:et
  CHARM="openstack-dashboard"
--PACKAGES="openstack-dashboard openstack-dashboard-ubuntu-theme python-keystoneclient python-memcache memcached"
++PACKAGES="openstack-dashboard python-keystoneclient python-memcache memcached haproxy python-novaclient"
  LOCAL_SETTINGS="/etc/openstack-dashboard/local_settings.py"
++HOOKS_DIR="$CHARM_DIR/hooks"
--if [[ -e "$CHARM_DIR/lib/openstack-common" ]] ; then
--  . $CHARM_DIR/lib/openstack-common
++if [[ -e "$HOOKS_DIR/lib/openstack-common" ]] ; then
++  . $HOOKS_DIR/lib/openstack-common
  else
--  juju-log "ERROR: Couldn't load $CHARM_DIR/lib/openstack-common." && exit 1
++  juju-log "ERROR: Couldn't load $HOOKS_DIR/lib/openstack-common." && exit 1
  fi
  set_or_update() {
@@ -16,15 +18,28 @@
    local key=$1 value=$2
    [[ -z "$key" ]] || [[ -z "$value" ]] &&
      juju-log "$CHARM set_or_update: ERROR - missing parameters" && return 1
--  grep -q "^$key = \"$value\"" "$LOCAL_SETTINGS" &&
--    juju-log "$CHARM set_or_update: $key = $value already set" && return 0
++  if [ "$value" == "True" ] || [ "$value" == "False" ]; then
++    grep -q "^$key = $value" "$LOCAL_SETTINGS" &&
++      juju-log "$CHARM set_or_update: $key = $value already set" && return 0
++  else
++    grep -q "^$key = \"$value\"" "$LOCAL_SETTINGS" &&
++      juju-log "$CHARM set_or_update: $key = $value already set" && return 0
++  fi
    if grep -q "^$key = " "$LOCAL_SETTINGS" ; then
      juju-log "$CHARM set_or_update: Setting $key = $value"
      cp "$LOCAL_SETTINGS" /etc/openstack-dashboard/local_settings.last
--    sed -i "s|\(^$key = \).*|\1\"$value\"|g" "$LOCAL_SETTINGS" || return 1
++    if [ "$value" == "True" ] || [ "$value" == "False" ]; then
++      sed -i "s|\(^$key = \).*|\1$value|g" "$LOCAL_SETTINGS" || return 1
++    else
++      sed -i "s|\(^$key = \).*|\1\"$value\"|g" "$LOCAL_SETTINGS" || return 1
++    fi
    else
      juju-log "$CHARM set_or_update: Adding $key = $value"
--    echo "$key = \"$value\"" >>$LOCAL_SETTINGS || return 1
++    if [ "$value" == "True" ] || [ "$value" == "False" ]; then
++      echo "$key = $value" >>$LOCAL_SETTINGS || return 1
++    else
++      echo "$key = \"$value\"" >>$LOCAL_SETTINGS || return 1
++    fi
    fi
    return 0
+ }
@@ -46,10 +61,37 @@
      export JUJU_REMOTE_UNIT=$(relation-list -r $r_id | head -n1)
      export JUJU_RELATION="identity-service"
      export JUJU_RELATION_ID="$r_id"
--    local ks_host=$(relation-get -r $r_id private-address)
--    if [[ -n "$ks_host" ]] ; then
--      service_url="http://$ks_host:5000/v2.0"
++    local service_host=$(relation-get -r $r_id service_host)
++    local service_port=$(relation-get -r $r_id service_port)
++    if [[ -n "$service_host" ]] && [[ -n "$service_port" ]] ; then
++      service_url="http://$service_host:$service_port/v2.0"
        set_or_update OPENSTACK_KEYSTONE_URL "$service_url"
      fi
    fi
+ }
++
++configure_apache() {
++  # Reconfigure to listen on provided port
++  a2ensite default-ssl || :
++  a2enmod ssl || :
++  for ports in $@; do
++    from_port=$(echo $ports | cut -d : -f 1)
++    to_port=$(echo $ports | cut -d : -f 2)
++    sed -i -e "s/$from_port/$to_port/g" /etc/apache2/ports.conf
++    for site in $(ls -1 /etc/apache2/sites-available); do
++      sed -i -e "s/$from_port/$to_port/g" \
++        /etc/apache2/sites-available/$site
++    done
++  done
++}
++
++configure_apache_cert() {
++  cert=$1
++  key=$2
++  echo $cert | base64 -di > /etc/ssl/certs/dashboard.cert
++  echo $key | base64 -di > /etc/ssl/private/dashboard.key
++  chmod 0600 /etc/ssl/private/dashboard.key
++  sed -i -e "s|\(.*SSLCertificateFile\).*|\1 /etc/ssl/certs/dashboard.cert|g" \
++         -e "s|\(.*SSLCertificateKeyFile\).*|\1 /etc/ssl/private/dashboard.key|g" \
++          /etc/apache2/sites-available/default-ssl
++}
 === modified file 'hooks/horizon-relations'
 --- hooks/horizon-relations	2013-01-11 21:59:22 +0000
 +++ hooks/horizon-relations	2013-05-29 18:14:34 +0000
@@ -1,13 +1,13 @@
  #!/bin/bash
  set -e
--CHARM_DIR=$(dirname $0)
++HOOKS_DIR="$CHARM_DIR/hooks"
  ARG0=${0##*/}
--if [[ -e $CHARM_DIR/horizon-common ]] ; then
--  . $CHARM_DIR/horizon-common
++if [[ -e $HOOKS_DIR/horizon-common ]] ; then
++  . $HOOKS_DIR/horizon-common
  else
--  echo "ERROR: Could not load horizon-common from $CHARM_DIR"
++  echo "ERROR: Could not load horizon-common from $HOOKS_DIR"
  fi
  function install_hook {
@@ -44,7 +44,19 @@
+ }
  function keystone_changed {
--  service_url="http://$(relation-get private-address):5000/v2.0"
++  local service_host=$(relation-get service_host)
++  local service_port=$(relation-get service_port)
++  if [ -z "${service_host}" ] || [ -z "${service_port}" ]; then
++    juju-log "Insufficient information to configure keystone url"
++    exit 0
++  fi
++  local ca_cert=$(relation-get ca_cert)
++  if [ -n "$ca_cert" ]; then
++    juju-log "Installing Keystone supplied CA cert."
++    echo $ca_cert | base64 -di > /usr/local/share/ca-certificates/keystone_juju_ca_cert.crt
++    update-ca-certificates --fresh
++  fi
++  service_url="http://${service_host}:${service_port}/v2.0"
    juju-log "$CHARM: Configuring Horizon to access keystone @ $service_url."
    set_or_update OPENSTACK_KEYSTONE_URL "$service_url"
    service apache2 restart
@@ -73,6 +85,15 @@
    set_or_update LOGIN_URL "$web_root/auth/login"
    set_or_update LOGIN_REDIRECT_URL "$web_root"
++  # Save our scriptrc env variables for health checks
++  declare -a env_vars=(
++      'OPENSTACK_URL_HORIZON="http://localhost:70'$web_root'|Login+-+OpenStack"'
++      'OPENSTACK_SERVICE_HORIZON=apache2'
++      'OPENSTACK_PORT_HORIZON_SSL=433'
++      'OPENSTACK_PORT_HORIZON=70')
++  save_script_rc ${env_vars[@]}
++
++
    # Set default role and trigger a identity-service relation event to
    # ensure role is created in keystone.
    set_or_update OPENSTACK_KEYSTONE_DEFAULT_ROLE "$(config-get default-role)"
@@ -81,8 +102,77 @@
      keystone_joined "$relid"
    done
--  service apache2 reload
--
++  if [ "$(config-get offline-compression)" != "yes" ]; then
++    set_or_update COMPRESS_OFFLINE False
++    apt-get install -y nodejs node-less
++  else
++    set_or_update COMPRESS_OFFLINE True
++  fi
++
++  # Configure default HAProxy + Apache config
++  if [ -n "$(config-get ssl_cert)" ] && \
++     [ -n "$(config-get ssl_key)" ]; then
++    configure_apache_cert "$(config-get ssl_cert)" "$(config-get ssl_key)"
++  fi
++
++  if [ "$(config-get debug)" != "yes" ]; then
++    set_or_update DEBUG False
++  else
++    set_or_update DEBUG True
++  fi
++
++  if [ "$(config-get ubuntu-theme)" != "yes" ]; then
++    apt-get -y purge openstack-dashboard-ubuntu-theme || :
++  else
++    apt-get -y install openstack-dashboard-ubuntu-theme
++  fi
++
++  # Reconfigure Apache Ports
++  configure_apache "80:70" "443:433"
++  service apache2 restart
++  configure_haproxy "dash_insecure:80:70:http dash_secure:443:433:tcp"
++  service haproxy restart
++}
++
++function cluster_changed() {
++  configure_haproxy "dash_insecure:80:70:http dash_secure:443:433:tcp"
++  service haproxy reload
++}
++
++function ha_relation_joined() {
++  # Configure HA Cluster
++  local corosync_bindiface=`config-get ha-bindiface`
++  local corosync_mcastport=`config-get ha-mcastport`
++  local vip=`config-get vip`
++  local vip_iface=`config-get vip_iface`
++  local vip_cidr=`config-get vip_cidr`
++  if [ -n "$vip" ] && [ -n "$vip_iface" ] && \
++     [ -n "$vip_cidr" ] && [ -n "$corosync_bindiface" ] && \
++     [ -n "$corosync_mcastport" ]; then
++    # TODO: This feels horrible but the data required by the hacluster
++    # charm is quite complex and is python ast parsed.
++    resources="{
++'res_horizon_vip':'ocf:heartbeat:IPaddr2',
++'res_horizon_haproxy':'lsb:haproxy'
++}"
++    resource_params="{
++'res_horizon_vip': 'params ip=\"$vip\" cidr_netmask=\"$vip_cidr\" nic=\"$vip_iface\"',
++'res_horizon_haproxy': 'op monitor interval=\"5s\"'
++}"
++    init_services="{
++'res_horizon_haproxy':'haproxy'
++}"
++    clones="{
++'cl_horizon_haproxy':'res_horizon_haproxy'
++}"
++    relation-set corosync_bindiface=$corosync_bindiface \
++      corosync_mcastport=$corosync_mcastport \
++      resources="$resources" resource_params="$resource_params" \
++      init_services="$init_services" clones="$clones"
++  else
++    juju-log "Insufficient configuration data to configure hacluster"
++    exit 1
++  fi
+ }
  juju-log "$CHARM: Running hook $ARG0."
@@ -95,4 +185,7 @@
    "identity-service-relation-joined") keystone_joined;;
    "identity-service-relation-changed") keystone_changed;;
    "config-changed") config_changed;;
++  "cluster-relation-changed") cluster_changed ;;
++  "cluster-relation-departed") cluster_changed ;;
++  "ha-relation-joined") ha_relation_joined ;;
  esac
 === modified file 'hooks/lib/openstack-common'
 --- hooks/lib/openstack-common	2013-01-11 18:30:45 +0000
 +++ hooks/lib/openstack-common	2013-05-29 18:14:34 +0000
@@ -165,8 +165,9 @@
    fi
    # have a guess based on the deb string provided
--  if [[ "${rel:0:3}" == "deb" ]]; then
--    CODENAMES="diablo essex folsom grizzly"
++  if [[ "${rel:0:3}" == "deb" ]] || \
++     [[ "${rel:0:3}" == "ppa" ]] ; then
++    CODENAMES="diablo essex folsom grizzly havana"
      for cname in $CODENAMES; do
        if echo $rel | grep -q $cname; then
          codename=$cname
@@ -178,11 +179,13 @@
  get_os_codename_package() {
    local pkg_vers=$(dpkg -l | grep "$1" | awk '{ print $3 }') || echo "none"
++  pkg_vers=$(echo $pkg_vers | cut -d: -f2) # epochs
    case "${pkg_vers:0:6}" in
      "2011.2") echo "diablo" ;;
      "2012.1") echo "essex" ;;
      "2012.2") echo "folsom" ;;
      "2013.1") echo "grizzly" ;;
++    "2013.2") echo "havana" ;;
    esac
+ }
@@ -191,7 +194,8 @@
      "diablo") echo "2011.2" ;;
      "essex") echo "2012.1" ;;
      "folsom") echo "2012.2" ;;
--    "grizzly") echo "2012.3" ;;
++    "grizzly") echo "2013.1" ;;
++    "havana") echo "2013.2" ;;
    esac
+ }
@@ -314,3 +318,452 @@
    echo "$found"
    return 0
+ }
++
++HAPROXY_CFG=/etc/haproxy/haproxy.cfg
++HAPROXY_DEFAULT=/etc/default/haproxy
++##########################################################################
++# Description: Configures HAProxy services for Openstack API's
++# Parameters:
++#   Space delimited list of service:port:mode combinations for which
++#   haproxy service configuration should be generated for.  The function
++#   assumes the name of the peer relation is 'cluster' and that every
++#   service unit in the peer relation is running the same services.
++#
++#   Services that do not specify :mode in parameter will default to http.
++#
++# Example
++#   configure_haproxy cinder_api:8776:8756:tcp nova_api:8774:8764:http
++##########################################################################
++configure_haproxy() {
++  local address=`unit-get private-address`
++  local name=${JUJU_UNIT_NAME////-}
++  cat > $HAPROXY_CFG << EOF
++global
++  log 127.0.0.1 local0
++  log 127.0.0.1 local1 notice
++  maxconn 20000
++  user haproxy
++  group haproxy
++  spread-checks 0
++
++defaults
++  log global
++  mode http
++  option httplog
++  option dontlognull
++  retries 3
++  timeout queue 1000
++  timeout connect 1000
++  timeout client 30000
++  timeout server 30000
++
++listen stats :8888
++  mode http
++  stats enable
++  stats hide-version
++  stats realm Haproxy\ Statistics
++  stats uri /
++  stats auth admin:password
++
++EOF
++  for service in $@; do
++    local service_name=$(echo $service | cut -d : -f 1)
++    local haproxy_listen_port=$(echo $service | cut -d : -f 2)
++    local api_listen_port=$(echo $service | cut -d : -f 3)
++    local mode=$(echo $service | cut -d : -f 4)
++    [[ -z "$mode" ]] && mode="http"
++    juju-log "Adding haproxy configuration entry for $service "\
++             "($haproxy_listen_port -> $api_listen_port)"
++    cat >> $HAPROXY_CFG << EOF
++listen $service_name 0.0.0.0:$haproxy_listen_port
++  balance roundrobin
++  mode $mode
++  option ${mode}log
++  server $name $address:$api_listen_port check
++EOF
++    local r_id=""
++    local unit=""
++    for r_id in `relation-ids cluster`; do
++      for unit in `relation-list -r $r_id`; do
++        local unit_name=${unit////-}
++        local unit_address=`relation-get -r $r_id private-address $unit`
++        if [ -n "$unit_address" ]; then
++          echo "  server $unit_name $unit_address:$api_listen_port check" \
++            >> $HAPROXY_CFG
++        fi
++      done
++    done
++  done
++  echo "ENABLED=1" > $HAPROXY_DEFAULT
++  service haproxy restart
++}
++
++##########################################################################
++# Description: Query HA interface to determine is cluster is configured
++# Returns: 0 if configured, 1 if not configured
++##########################################################################
++is_clustered() {
++  local r_id=""
++  local unit=""
++  for r_id in $(relation-ids ha); do
++    if [ -n "$r_id" ]; then
++      for unit in $(relation-list -r $r_id); do
++         clustered=$(relation-get -r $r_id clustered $unit)
++         if [ -n "$clustered" ]; then
++           juju-log "Unit is haclustered"
++           return 0
++         fi
++      done
++    fi
++  done
++  juju-log "Unit is not haclustered"
++  return 1
++}
++
++##########################################################################
++# Description: Return a list of all peers in cluster relations
++##########################################################################
++peer_units() {
++  local peers=""
++  local r_id=""
++  for r_id in $(relation-ids cluster); do
++    peers="$peers $(relation-list -r $r_id)"
++  done
++  echo $peers
++}
++
++##########################################################################
++# Description: Determines whether the current unit is the oldest of all
++#              its peers - supports partial leader election
++# Returns: 0 if oldest, 1 if not
++##########################################################################
++oldest_peer() {
++  peers=$1
++  local l_unit_no=$(echo $JUJU_UNIT_NAME | cut -d / -f 2)
++  for peer in $peers; do
++    echo "Comparing $JUJU_UNIT_NAME with peers: $peers"
++    local r_unit_no=$(echo $peer | cut -d / -f 2)
++    if (($r_unit_no<$l_unit_no)); then
++        juju-log "Not oldest peer; deferring"
++        return 1
++    fi
++  done
++  juju-log "Oldest peer; might take charge?"
++  return 0
++}
++
++##########################################################################
++# Description: Determines whether the current service units is the
++#              leader within a) a cluster of its peers or b) across a
++#              set of unclustered peers.
++# Parameters: CRM resource to check ownership of if clustered
++# Returns: 0 if leader, 1 if not
++##########################################################################
++eligible_leader() {
++  if is_clustered; then
++    if ! is_leader $1; then
++      juju-log 'Deferring action to CRM leader'
++      return 1
++    fi
++  else
++    peers=$(peer_units)
++    if [ -n "$peers" ] && ! oldest_peer "$peers"; then
++      juju-log 'Deferring action to oldest service unit.'
++      return 1
++    fi
++  fi
++  return 0
++}
++
++##########################################################################
++# Description: Query Cluster peer interface to see if peered
++# Returns: 0 if peered, 1 if not peered
++##########################################################################
++is_peered() {
++  local r_id=$(relation-ids cluster)
++  if [ -n "$r_id" ]; then
++    if [ -n "$(relation-list -r $r_id)" ]; then
++      juju-log "Unit peered"
++      return 0
++    fi
++  fi
++  juju-log "Unit not peered"
++  return 1
++}
++
++##########################################################################
++# Description: Determines whether host is owner of clustered services
++# Parameters: Name of CRM resource to check ownership of
++# Returns: 0 if leader, 1 if not leader
++##########################################################################
++is_leader() {
++  hostname=`hostname`
++  if [ -x /usr/sbin/crm ]; then
++    if crm resource show $1 | grep -q $hostname; then
++      juju-log "$hostname is cluster leader."
++      return 0
++    fi
++  fi
++  juju-log "$hostname is not cluster leader."
++  return 1
++}
++
++##########################################################################
++# Description: Determines whether enough data has been provided in
++# configuration or relation data to configure HTTPS.
++# Parameters:  None
++# Returns: 0 if HTTPS can be configured, 1 if not.
++##########################################################################
++https() {
++  local r_id=""
++  if [[ -n "$(config-get ssl_cert)" ]] &&
++     [[ -n "$(config-get ssl_key)" ]] ; then
++    return 0
++  fi
++  for r_id in $(relation-ids identity-service) ; do
++    for unit in $(relation-list -r $r_id) ; do
++      if [[ "$(relation-get -r $r_id https_keystone $unit)" == "True" ]] &&
++         [[ -n "$(relation-get -r $r_id ssl_cert $unit)" ]] &&
++         [[ -n "$(relation-get -r $r_id ssl_key $unit)" ]] &&
++         [[ -n "$(relation-get -r $r_id ca_cert $unit)" ]] ; then
++          return 0
++      fi
++    done
++  done
++  return 1
++}
++
++##########################################################################
++# Description: For a given number of port mappings, configures apache2
++# HTTPs local reverse proxying using certficates and keys provided in
++# either configuration data (preferred) or relation data.  Assumes ports
++# are not in use (calling charm should ensure that).
++# Parameters:  Variable number of proxy port mappings as
++# $internal:$external.
++# Returns: 0 if reverse proxy(s) have been configured, 0 if not.
++##########################################################################
++enable_https() {
++  local port_maps="$@"
++  local http_restart=""
++  juju-log "Enabling HTTPS for port mappings: $port_maps."
++
++  # allow overriding of keystone provided certs with those set manually
++  # in config.
++  local cert=$(config-get ssl_cert)
++  local key=$(config-get ssl_key)
++  local ca_cert=""
++  if [[ -z "$cert" ]] || [[ -z "$key" ]] ; then
++    juju-log "Inspecting identity-service relations for SSL certificate."
++    local r_id=""
++    cert=""
++    key=""
++    ca_cert=""
++    for r_id in $(relation-ids identity-service) ; do
++      for unit in $(relation-list -r $r_id) ; do
++        [[ -z "$cert" ]] && cert="$(relation-get -r $r_id ssl_cert $unit)"
++        [[ -z "$key" ]] && key="$(relation-get -r $r_id ssl_key $unit)"
++        [[ -z "$ca_cert" ]] && ca_cert="$(relation-get -r $r_id ca_cert $unit)"
++      done
++    done
++    [[ -n "$cert" ]] && cert=$(echo $cert | base64 -di)
++    [[ -n "$key" ]] && key=$(echo $key | base64 -di)
++    [[ -n "$ca_cert" ]] && ca_cert=$(echo $ca_cert | base64 -di)
++  else
++    juju-log "Using SSL certificate provided in service config."
++  fi
++
++  [[ -z "$cert" ]] || [[ -z "$key" ]] &&
++    juju-log "Expected but could not find SSL certificate data, not "\
++             "configuring HTTPS!" && return 1
++
++  apt-get -y install apache2
++  a2enmod ssl proxy proxy_http | grep -v "To activate the new configuration" &&
++    http_restart=1
++
++  mkdir -p /etc/apache2/ssl/$CHARM
++  echo "$cert" >/etc/apache2/ssl/$CHARM/cert
++  echo "$key" >/etc/apache2/ssl/$CHARM/key
++  if [[ -n "$ca_cert" ]] ; then
++    juju-log "Installing Keystone supplied CA cert."
++    echo "$ca_cert" >/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt
++    update-ca-certificates --fresh
++
++    # XXX TODO: Find a better way of exporting this?
++    if [[ "$CHARM" == "nova-cloud-controller" ]] ; then
++      [[ -e /var/www/keystone_juju_ca_cert.crt ]] &&
++        rm -rf /var/www/keystone_juju_ca_cert.crt
++      ln -s  /usr/local/share/ca-certificates/keystone_juju_ca_cert.crt \
++             /var/www/keystone_juju_ca_cert.crt
++    fi
++
++  fi
++  for port_map in $port_maps ; do
++    local ext_port=$(echo $port_map | cut -d: -f1)
++    local int_port=$(echo $port_map | cut -d: -f2)
++    juju-log "Creating apache2 reverse proxy vhost for $port_map."
++    cat >/etc/apache2/sites-available/${CHARM}_${ext_port} <<END
++Listen $ext_port
++NameVirtualHost *:$ext_port
++<VirtualHost *:$ext_port>
++    ServerName $(unit-get private-address)
++    SSLEngine on
++    SSLCertificateFile /etc/apache2/ssl/$CHARM/cert
++    SSLCertificateKeyFile /etc/apache2/ssl/$CHARM/key
++    ProxyPass / http://localhost:$int_port/
++    ProxyPassReverse / http://localhost:$int_port/
++    ProxyPreserveHost on
++</VirtualHost>
++<Proxy *>
++    Order deny,allow
++    Allow from all
++</Proxy>
++<Location />
++    Order allow,deny
++    Allow from all
++</Location>
++END
++    a2ensite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" &&
++      http_restart=1
++  done
++  if [[ -n "$http_restart" ]] ; then
++    service apache2 restart
++  fi
++}
++
++##########################################################################
++# Description: Ensure HTTPS reverse proxying is disabled for given port
++# mappings.
++# Parameters:  Variable number of proxy port mappings as
++# $internal:$external.
++# Returns: 0 if reverse proxy is not active for all portmaps, 1 on error.
++##########################################################################
++disable_https() {
++  local port_maps="$@"
++  local http_restart=""
++  juju-log "Ensuring HTTPS disabled for $port_maps."
++  ( [[ ! -d /etc/apache2 ]] || [[ ! -d /etc/apache2/ssl/$CHARM ]] ) && return 0
++  for port_map in $port_maps ; do
++    local ext_port=$(echo $port_map | cut -d: -f1)
++    local int_port=$(echo $port_map | cut -d: -f2)
++    if [[ -e /etc/apache2/sites-available/${CHARM}_${ext_port} ]] ; then
++      juju-log "Disabling HTTPS reverse proxy for $CHARM $port_map."
++      a2dissite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" &&
++        http_restart=1
++    fi
++  done
++  if [[ -n "$http_restart" ]] ; then
++    service apache2 restart
++  fi
++}
++
++
++##########################################################################
++# Description: Ensures HTTPS is either enabled or disabled for given port
++# mapping.
++# Parameters:  Variable number of proxy port mappings as
++# $internal:$external.
++# Returns: 0 if HTTPS reverse proxy is in place, 1 if it is not.
++##########################################################################
++setup_https() {
++  # configure https via apache reverse proxying either
++  # using certs provided by config or keystone.
++  [[ -z "$CHARM" ]] &&
++    error_out "setup_https(): CHARM not set."
++  if ! https ; then
++    disable_https $@
++  else
++    enable_https $@
++  fi
++}
++
++##########################################################################
++# Description: Determine correct API server listening port based on
++# existence of HTTPS reverse proxy and/or haproxy.
++# Paremeters: The standard public port for given service.
++# Returns: The correct listening port for API service.
++##########################################################################
++determine_api_port() {
++  local public_port="$1"
++  local i=0
++  ( [[ -n "$(peer_units)" ]] || is_clustered >/dev/null 2>&1 ) && i=$[$i + 1]
++  https >/dev/null 2>&1 && i=$[$i + 1]
++  echo $[$public_port - $[$i * 10]]
++}
++
++##########################################################################
++# Description: Determine correct proxy listening port based on public IP +
++# existence of HTTPS reverse proxy.
++# Paremeters: The standard public port for given service.
++# Returns: The correct listening port for haproxy service public address.
++##########################################################################
++determine_haproxy_port() {
++  local public_port="$1"
++  local i=0
++  https >/dev/null 2>&1 && i=$[$i + 1]
++  echo $[$public_port - $[$i * 10]]
++}
++
++##########################################################################
++# Description: Print the value for a given config option in an OpenStack
++# .ini style configuration file.
++# Parameters: File path, option to retrieve, optional
++# section name (default=DEFAULT)
++# Returns: Prints value if set, prints nothing otherwise.
++##########################################################################
++local_config_get() {
++  # return config values set in openstack .ini config files.
++  # default placeholders starting (eg, %AUTH_HOST%) treated as
++  # unset values.
++  local file="$1"
++  local option="$2"
++  local section="$3"
++  [[ -z "$section" ]] && section="DEFAULT"
++  python -c "
++import ConfigParser
++config = ConfigParser.RawConfigParser()
++config.read('$file')
++try:
++  value = config.get('$section', '$option')
++except:
++  print ''
++  exit(0)
++if value.startswith('%'): exit(0)
++print value
++"
++}
++
++##########################################################################
++# Description: Creates an rc file exporting environment variables to a
++# script_path local to the charm's installed directory.
++# Any charm scripts run outside the juju hook environment can source this
++# scriptrc to obtain updated config information necessary to perform health
++# checks or service changes
++#
++# Parameters:
++#   An array of '=' delimited  ENV_VAR:value combinations to export.
++#   If optional script_path key is not provided in the array, script_path
++#     defaults to scripts/scriptrc
++##########################################################################
++function save_script_rc {
++  if [ ! -n "$JUJU_UNIT_NAME" ]; then
++     echo "Error: Missing JUJU_UNIT_NAME environment variable"
++     exit 1
++  fi
++  # our default unit_path
++  unit_path="$CHARM_DIR/scripts/scriptrc"
++  echo $unit_path
++  tmp_rc="/tmp/${JUJU_UNIT_NAME/\//-}rc"
++
++  echo "#!/bin/bash" > $tmp_rc
++  for env_var in "${@}"
++  do
++    if `echo $env_var | grep -q script_path`; then
++       # well then we need to reset the new unit-local script path
++       unit_path="$CHARM_DIR/${env_var/script_path=/}"
++    else
++       echo "export $env_var" >> $tmp_rc
++    fi
++  done
++  chmod 755 $tmp_rc
++  mv $tmp_rc $unit_path
++}
 === modified file 'metadata.yaml'
 --- metadata.yaml	2013-04-22 19:43:53 +0000
 +++ metadata.yaml	2013-05-29 18:14:34 +0000
@@ -9,3 +9,9 @@
      interface: mysql
    identity-service:
      interface: keystone
++  ha:
++    interface: hacluster
++    scope: container
++peers:
++  cluster:
++    interface: openstack-dashboard-ha
 === modified file 'revision'
 --- revision	2013-01-11 21:59:22 +0000
 +++ revision	2013-05-29 18:14:34 +0000
@@ -1,1 +1,1 @@
--22
++30
 === added directory 'scripts'
 === added file 'scripts/add_to_cluster'
 --- scripts/add_to_cluster	1970-01-01 00:00:00 +0000
 +++ scripts/add_to_cluster	2013-05-29 18:14:34 +0000
@@ -0,0 +1,13 @@
++#!/bin/bash
++service corosync start || /bin/true
++sleep 2
++while ! service pacemaker start; do
++    echo "Attempting to start pacemaker"
++    sleep 1;
++done;
++crm node online
++sleep 2
++while crm status | egrep -q 'Stopped$'; do
++    echo "Waiting for nodes to come online"
++    sleep 1
++done
 === added file 'scripts/remove_from_cluster'
 --- scripts/remove_from_cluster	1970-01-01 00:00:00 +0000
 +++ scripts/remove_from_cluster	2013-05-29 18:14:34 +0000
@@ -0,0 +1,4 @@
++#!/bin/bash
++crm node standby
++service pacemaker stop
++service corosync stop

Juju Charms Collectionopenstack-dashboard package

Merge lp:~openstack-charmers/charms/precise/openstack-dashboard/ha-support into lp:~charmers/charms/precise/openstack-dashboard/trunk

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
openstack-dashboard package