Juju Charms Collection
keystone package

Merge lp:~billy-olsen/charms/trusty/keystone/backport-lp-1351401 into lp:~openstack-charmers-archive/charms/trusty/keystone/trunk

  1. Trusty Tahr (14.04)
  2. backport-lp-1351401
  3. Merge into trunk
Proposed by Billy Olsen
Status: Merged
Merged at revision: 122
Proposed branch: lp:~billy-olsen/charms/trusty/keystone/backport-lp-1351401
Merge into: lp:~openstack-charmers-archive/charms/trusty/keystone/trunk
Diff against target: 168 lines (+47/-17)
3 files modified
hooks/charmhelpers/contrib/openstack/context.py (+12/-1)
hooks/keystone_context.py (+29/-15)
unit_tests/test_keystone_contexts.py (+6/-1)
To merge this branch: bzr merge lp:~billy-olsen/charms/trusty/keystone/backport-lp-1351401
Reviewer Review Type Date Requested Status
Liang Chen (community) Approve
Edward Hope-Morley Pending
OpenStack Charmers Pending
Review via email: mp+253607@code.launchpad.net

Description of the change

Backport fix for lp 1351401 into stable

To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #2767 keystone for billy-olsen mp253607
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/2767/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #2558 keystone for billy-olsen mp253607
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/2558/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #2606 keystone for billy-olsen mp253607
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/2606/

Revision history for this message
Liang Chen (cbjchen) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/charmhelpers/contrib/openstack/context.py'
--- hooks/charmhelpers/contrib/openstack/context.py 2015-03-05 11:08:26 +0000
+++ hooks/charmhelpers/contrib/openstack/context.py 2015-03-19 23:26:52 +0000
@@ -64,6 +64,10 @@
64from charmhelpers.contrib.openstack.neutron import (64from charmhelpers.contrib.openstack.neutron import (
65 neutron_plugin_attribute,65 neutron_plugin_attribute,
66)66)
67from charmhelpers.contrib.openstack.ip import (
68 resolve_address,
69 INTERNAL,
70)
67from charmhelpers.contrib.network.ip import (71from charmhelpers.contrib.network.ip import (
68 get_address_in_network,72 get_address_in_network,
69 get_ipv6_addr,73 get_ipv6_addr,
@@ -677,7 +681,14 @@
677 'endpoints': [],681 'endpoints': [],
678 'ext_ports': []}682 'ext_ports': []}
679683
680 for cn in self.canonical_names():684 cns = self.canonical_names()
685 if cns:
686 for cn in cns:
687 self.configure_cert(cn)
688 else:
689 # Expect cert/key provided in config (currently assumed that ca
690 # uses ip for cn)
691 cn = resolve_address(endpoint_type=INTERNAL)
681 self.configure_cert(cn)692 self.configure_cert(cn)
682693
683 addresses = self.get_network_addresses()694 addresses = self.get_network_addresses()
684695
=== modified file 'hooks/keystone_context.py'
--- hooks/keystone_context.py 2015-01-27 23:56:15 +0000
+++ hooks/keystone_context.py 2015-03-19 23:26:52 +0000
@@ -1,7 +1,7 @@
1import hashlib1import hashlib
2import os2import os
33
4from charmhelpers.core.hookenv import config4from base64 import b64decode
55
6from charmhelpers.core.host import (6from charmhelpers.core.host import (
7 mkdir,7 mkdir,
@@ -17,6 +17,7 @@
17)17)
1818
19from charmhelpers.core.hookenv import (19from charmhelpers.core.hookenv import (
20 config,
20 log,21 log,
21 INFO,22 INFO,
22)23)
@@ -26,6 +27,13 @@
26CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'27CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'
2728
2829
30def is_cert_provided_in_config():
31 ca = config('ssl_ca')
32 cert = config('ssl_cert')
33 key = config('ssl_key')
34 return bool(ca and cert and key)
35
36
29class ApacheSSLContext(context.ApacheSSLContext):37class ApacheSSLContext(context.ApacheSSLContext):
3038
31 interfaces = ['https']39 interfaces = ['https']
@@ -66,12 +74,8 @@
66 get_ca,74 get_ca,
67 ensure_permissions,75 ensure_permissions,
68 is_ssl_cert_master,76 is_ssl_cert_master,
69 is_ssl_enabled,
70 )77 )
7178
72 if not is_ssl_enabled():
73 return
74
75 # Ensure ssl dir exists whether master or not79 # Ensure ssl dir exists whether master or not
76 ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace)80 ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace)
77 perms = 0o75581 perms = 0o755
@@ -80,15 +84,23 @@
80 ensure_permissions(ssl_dir, user=SSH_USER, group='keystone',84 ensure_permissions(ssl_dir, user=SSH_USER, group='keystone',
81 perms=perms)85 perms=perms)
8286
83 if not is_ssl_cert_master():87 if not is_cert_provided_in_config() and not is_ssl_cert_master():
84 log("Not ssl-cert-master - skipping apache cert config until "88 log("Not ssl-cert-master - skipping apache cert config until "
85 "master is elected", level=INFO)89 "master is elected", level=INFO)
86 return90 return
8791
88 log("Creating apache ssl certs in %s" % (ssl_dir), level=INFO)92 log("Creating apache ssl certs in %s" % (ssl_dir), level=INFO)
8993
90 ca = get_ca(user=SSH_USER)94 cert = config('ssl_cert')
91 cert, key = ca.get_cert_and_key(common_name=cn)95 key = config('ssl_key')
96
97 if not (cert and key):
98 ca = get_ca(user=SSH_USER)
99 cert, key = ca.get_cert_and_key(common_name=cn)
100 else:
101 cert = b64decode(cert)
102 key = b64decode(key)
103
92 write_file(path=os.path.join(ssl_dir, 'cert_{}'.format(cn)),104 write_file(path=os.path.join(ssl_dir, 'cert_{}'.format(cn)),
93 content=cert, owner=SSH_USER, group='keystone', perms=0o644)105 content=cert, owner=SSH_USER, group='keystone', perms=0o644)
94 write_file(path=os.path.join(ssl_dir, 'key_{}'.format(cn)),106 write_file(path=os.path.join(ssl_dir, 'key_{}'.format(cn)),
@@ -100,20 +112,22 @@
100 get_ca,112 get_ca,
101 ensure_permissions,113 ensure_permissions,
102 is_ssl_cert_master,114 is_ssl_cert_master,
103 is_ssl_enabled,
104 )115 )
105116
106 if not is_ssl_enabled():117 if not is_cert_provided_in_config() and not is_ssl_cert_master():
107 return
108
109 if not is_ssl_cert_master():
110 log("Not ssl-cert-master - skipping apache ca config until "118 log("Not ssl-cert-master - skipping apache ca config until "
111 "master is elected", level=INFO)119 "master is elected", level=INFO)
112 return120 return
113121
114 ca = get_ca(user=SSH_USER)122 ca_cert = config('ssl_ca')
115 install_ca_cert(ca.get_ca_bundle())123 if ca_cert is None:
124 ca = get_ca(user=SSH_USER)
125 ca_cert = ca.get_ca_bundle()
126 else:
127 ca_cert = b64decode(ca_cert)
128
116 # Ensure accessible by keystone ssh user and group (unison)129 # Ensure accessible by keystone ssh user and group (unison)
130 install_ca_cert(ca_cert)
117 ensure_permissions(CA_CERT_PATH, user=SSH_USER, group='keystone',131 ensure_permissions(CA_CERT_PATH, user=SSH_USER, group='keystone',
118 perms=0o0644)132 perms=0o0644)
119133
120134
=== modified file 'unit_tests/test_keystone_contexts.py'
--- unit_tests/test_keystone_contexts.py 2015-01-27 23:56:15 +0000
+++ unit_tests/test_keystone_contexts.py 2015-03-19 23:26:52 +0000
@@ -6,8 +6,10 @@
6)6)
77
8TO_PATCH = [8TO_PATCH = [
9 'config',
9 'determine_apache_port',10 'determine_apache_port',
10 'determine_api_port',11 'determine_api_port',
12 'is_cert_provided_in_config',
11]13]
1214
1315
@@ -16,6 +18,7 @@
16 def setUp(self):18 def setUp(self):
17 super(TestKeystoneContexts, self).setUp(context, TO_PATCH)19 super(TestKeystoneContexts, self).setUp(context, TO_PATCH)
1820
21 @patch.object(context, 'is_cert_provided_in_config')
19 @patch.object(context, 'mkdir')22 @patch.object(context, 'mkdir')
20 @patch('keystone_utils.get_ca')23 @patch('keystone_utils.get_ca')
21 @patch('keystone_utils.ensure_permissions')24 @patch('keystone_utils.ensure_permissions')
@@ -30,7 +33,9 @@
30 mock_determine_ports,33 mock_determine_ports,
31 mock_ensure_permissions,34 mock_ensure_permissions,
32 mock_get_ca,35 mock_get_ca,
33 mock_mkdir):36 mock_mkdir,
37 mock_cert_provided_in_config):
38 mock_cert_provided_in_config.return_value = False
34 mock_is_ssl_enabled.return_value = True39 mock_is_ssl_enabled.return_value = True
35 mock_is_ssl_cert_master.return_value = False40 mock_is_ssl_cert_master.return_value = False
3641

Subscribers

People subscribed via source and target branches