charm-openstack-service-checks

charm-openstack-service-checks:stable/21.10

Last commit made on 2021-10-11

Get this branch:: git clone -b stable/21.10 https://git.launchpad.net/charm-openstack-service-checks

Members of Canonical BootStack Charmers can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:: stable/21.10

Repository:: lp:charm-openstack-service-checks

Recent commits

65d4842... by Xav Paice on 2021-10-11

Update wheelhouse.txt to allow charm builds to complete

Reviewed-on: https://code.launchpad.net/~xavpaice/charm-openstack-service-checks/+git/charm-openstack-service-checks-1/+merge/409994
Reviewed-by: James Troup <email address hidden>
Reviewed-by: 🤖 prod-jenkaas-bootstack <email address hidden>

8217378... by Xav Paice on 2021-10-11

Update wheelhouse.txt

setuptools removed support for 2to3 during builds breaking compatibility with
Tempita. This commit locks wheelhouse.txt to versions that still build.

e97e7eb... by Jose Guedez on 2021-09-24

Add support to check_amphorae to use newer APIs if available (Focal)

Reviewed-on: https://code.launchpad.net/~jfguedez/charm-openstack-service-checks/+git/charm-openstack-service-checks/+merge/409124
Reviewed-by: James Troup <email address hidden>
Reviewed-by: Adam Dyess <email address hidden>

a9059f6... by Jose Guedez on 2021-09-24

Cleanup when nrpe-external-master is removed

Reviewed-on: https://code.launchpad.net/~jfguedez/charm-openstack-service-checks/+git/charm-openstack-service-checks/+merge/409135
Reviewed-by: James Troup <email address hidden>

1daf373... by Jose Guedez on 2021-09-24

Cleanup when nrpe-external-master is removed

Closes-Bug: 1914115

4f89517... by Jose Guedez on 2021-09-24

Add support to check_amphorae to use newer APIs if available (Focal)

Closes-Bug: 1915671

8f5b59b... by Celia Wang on 2021-07-19

Fix README syntax and add N818 ignore for lint

6d81e45... by Celia Wang on 2021-07-19

Merge remote-tracking branch 'fandanbango/offline-snap-install'

0be89e2... by Joe Guo on 2021-05-05

ensure requests to use system ca bundle for ssl verify

`keystoneclient` will use `requests` to access api endpoints.
When https/ssl is enabled, `requests` will rely on package `certifi` to find ca certs for ssl verify.

However, `certifi` has different behavior:

- in python package, it will return builtin `cacert.pem` which is Mozilla Root Certificates.
- in deb package, it's modified to return `/etc/ssl/certs/ca-certificates.crt` as expected.

When we use vault, keystone endpoints will be https and ssl verify is needed.
The ca cert configured via `trusted_ssl_ca` will be merged into `/etc/ssl/certs/ca-certificates.crt`.

This is ok if charm is running globally without venv (certifi deb package is used).
But when charm is running in venv(certifi python package is used),
above cert will be ignored by requests and cause [SSL: CERTIFICATE_VERIFY_FAILED] error.

This patch set envvar REQUESTS_CA_BUNDLE to system ca bundle, so
requests will use it as ca cert, instead of `.venv/.../certifi/cacert.pem`.

Related bugs:
LP: #1924816
LP: #1926670

Signed-off-by: Joe Guo <email address hidden>

e50f728... by Joe Guo on 2021-04-27

add email_from_addr config option and pass to port security check when set

Signed-off-by: Joe Guo <email address hidden>