Juju Charms Collection
keystone package

Merge lp:~billy-olsen/charms/trusty/keystone/backport-lp-1351401 into lp:~openstack-charmers-archive/charms/trusty/keystone/trunk

  1. Trusty Tahr (14.04)
  2. backport-lp-1351401
  3. Merge into trunk
Proposed by Billy Olsen
Status: Merged
Merged at revision: 122
Proposed branch: lp:~billy-olsen/charms/trusty/keystone/backport-lp-1351401
Merge into: lp:~openstack-charmers-archive/charms/trusty/keystone/trunk
Diff against target: 168 lines (+47/-17)
3 files modified
hooks/charmhelpers/contrib/openstack/context.py (+12/-1)
hooks/keystone_context.py (+29/-15)
unit_tests/test_keystone_contexts.py (+6/-1)
To merge this branch: bzr merge lp:~billy-olsen/charms/trusty/keystone/backport-lp-1351401
Reviewer Review Type Date Requested Status
Liang Chen (community) Approve
Edward Hope-Morley Pending
OpenStack Charmers Pending
Review via email: mp+253607@code.launchpad.net

Description of the change

Backport fix for lp 1351401 into stable

To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #2767 keystone for billy-olsen mp253607
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/2767/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #2558 keystone for billy-olsen mp253607
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/2558/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #2606 keystone for billy-olsen mp253607
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/2606/

Revision history for this message
Liang Chen (cbjchen) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/charmhelpers/contrib/openstack/context.py'
2--- hooks/charmhelpers/contrib/openstack/context.py 2015-03-05 11:08:26 +0000
3+++ hooks/charmhelpers/contrib/openstack/context.py 2015-03-19 23:26:52 +0000
4@@ -64,6 +64,10 @@
5 from charmhelpers.contrib.openstack.neutron import (
6 neutron_plugin_attribute,
7 )
8+from charmhelpers.contrib.openstack.ip import (
9+ resolve_address,
10+ INTERNAL,
11+)
12 from charmhelpers.contrib.network.ip import (
13 get_address_in_network,
14 get_ipv6_addr,
15@@ -677,7 +681,14 @@
16 'endpoints': [],
17 'ext_ports': []}
18
19- for cn in self.canonical_names():
20+ cns = self.canonical_names()
21+ if cns:
22+ for cn in cns:
23+ self.configure_cert(cn)
24+ else:
25+ # Expect cert/key provided in config (currently assumed that ca
26+ # uses ip for cn)
27+ cn = resolve_address(endpoint_type=INTERNAL)
28 self.configure_cert(cn)
29
30 addresses = self.get_network_addresses()
31
32=== modified file 'hooks/keystone_context.py'
33--- hooks/keystone_context.py 2015-01-27 23:56:15 +0000
34+++ hooks/keystone_context.py 2015-03-19 23:26:52 +0000
35@@ -1,7 +1,7 @@
36 import hashlib
37 import os
38
39-from charmhelpers.core.hookenv import config
40+from base64 import b64decode
41
42 from charmhelpers.core.host import (
43 mkdir,
44@@ -17,6 +17,7 @@
45 )
46
47 from charmhelpers.core.hookenv import (
48+ config,
49 log,
50 INFO,
51 )
52@@ -26,6 +27,13 @@
53 CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'
54
55
56+def is_cert_provided_in_config():
57+ ca = config('ssl_ca')
58+ cert = config('ssl_cert')
59+ key = config('ssl_key')
60+ return bool(ca and cert and key)
61+
62+
63 class ApacheSSLContext(context.ApacheSSLContext):
64
65 interfaces = ['https']
66@@ -66,12 +74,8 @@
67 get_ca,
68 ensure_permissions,
69 is_ssl_cert_master,
70- is_ssl_enabled,
71 )
72
73- if not is_ssl_enabled():
74- return
75-
76 # Ensure ssl dir exists whether master or not
77 ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace)
78 perms = 0o755
79@@ -80,15 +84,23 @@
80 ensure_permissions(ssl_dir, user=SSH_USER, group='keystone',
81 perms=perms)
82
83- if not is_ssl_cert_master():
84+ if not is_cert_provided_in_config() and not is_ssl_cert_master():
85 log("Not ssl-cert-master - skipping apache cert config until "
86 "master is elected", level=INFO)
87 return
88
89 log("Creating apache ssl certs in %s" % (ssl_dir), level=INFO)
90
91- ca = get_ca(user=SSH_USER)
92- cert, key = ca.get_cert_and_key(common_name=cn)
93+ cert = config('ssl_cert')
94+ key = config('ssl_key')
95+
96+ if not (cert and key):
97+ ca = get_ca(user=SSH_USER)
98+ cert, key = ca.get_cert_and_key(common_name=cn)
99+ else:
100+ cert = b64decode(cert)
101+ key = b64decode(key)
102+
103 write_file(path=os.path.join(ssl_dir, 'cert_{}'.format(cn)),
104 content=cert, owner=SSH_USER, group='keystone', perms=0o644)
105 write_file(path=os.path.join(ssl_dir, 'key_{}'.format(cn)),
106@@ -100,20 +112,22 @@
107 get_ca,
108 ensure_permissions,
109 is_ssl_cert_master,
110- is_ssl_enabled,
111 )
112
113- if not is_ssl_enabled():
114- return
115-
116- if not is_ssl_cert_master():
117+ if not is_cert_provided_in_config() and not is_ssl_cert_master():
118 log("Not ssl-cert-master - skipping apache ca config until "
119 "master is elected", level=INFO)
120 return
121
122- ca = get_ca(user=SSH_USER)
123- install_ca_cert(ca.get_ca_bundle())
124+ ca_cert = config('ssl_ca')
125+ if ca_cert is None:
126+ ca = get_ca(user=SSH_USER)
127+ ca_cert = ca.get_ca_bundle()
128+ else:
129+ ca_cert = b64decode(ca_cert)
130+
131 # Ensure accessible by keystone ssh user and group (unison)
132+ install_ca_cert(ca_cert)
133 ensure_permissions(CA_CERT_PATH, user=SSH_USER, group='keystone',
134 perms=0o0644)
135
136
137=== modified file 'unit_tests/test_keystone_contexts.py'
138--- unit_tests/test_keystone_contexts.py 2015-01-27 23:56:15 +0000
139+++ unit_tests/test_keystone_contexts.py 2015-03-19 23:26:52 +0000
140@@ -6,8 +6,10 @@
141 )
142
143 TO_PATCH = [
144+ 'config',
145 'determine_apache_port',
146 'determine_api_port',
147+ 'is_cert_provided_in_config',
148 ]
149
150
151@@ -16,6 +18,7 @@
152 def setUp(self):
153 super(TestKeystoneContexts, self).setUp(context, TO_PATCH)
154
155+ @patch.object(context, 'is_cert_provided_in_config')
156 @patch.object(context, 'mkdir')
157 @patch('keystone_utils.get_ca')
158 @patch('keystone_utils.ensure_permissions')
159@@ -30,7 +33,9 @@
160 mock_determine_ports,
161 mock_ensure_permissions,
162 mock_get_ca,
163- mock_mkdir):
164+ mock_mkdir,
165+ mock_cert_provided_in_config):
166+ mock_cert_provided_in_config.return_value = False
167 mock_is_ssl_enabled.return_value = True
168 mock_is_ssl_cert_master.return_value = False
169

Subscribers

People subscribed via source and target branches