Juju Charms Collection
python-moinmoin package

Merge lp:~brad-marshall/charms/precise/python-moinmoin/python-rewrite-with-openid-fixes into lp:charms/python-moinmoin

Proposed by Brad Marshall on 2013-09-26

Status:	Merged
Merged at revision:	8
Proposed branch:	lp:~brad-marshall/charms/precise/python-moinmoin/python-rewrite-with-openid-fixes
Merge into:	lp:charms/python-moinmoin
Diff against target:	14878 lines (+13568/-295) 115 files modified README.md (+0/-62) config.yaml (+0/-30) copyright (+0/-17) files/openidrp.py (+325/-0) files/openidrp_teams.py (+157/-0) files/teams.py (+398/-0) hooks/config-changed (+0/-54) hooks/hooks.py (+226/-0) hooks/install (+0/-19) hooks/start (+0/-4) hooks/stop (+0/-7) hooks/website-relation-joined (+0/-2) lib/charm-helpers/LICENSE.txt (+661/-0) lib/charm-helpers/MANIFEST.in (+6/-0) lib/charm-helpers/Makefile (+46/-0) lib/charm-helpers/README.test (+7/-0) lib/charm-helpers/README.txt (+8/-0) lib/charm-helpers/REVISION (+1/-0) lib/charm-helpers/VERSION (+1/-0) lib/charm-helpers/bin/README (+1/-0) lib/charm-helpers/bin/chlp (+7/-0) lib/charm-helpers/bin/contrib/charmsupport/charmsupport (+31/-0) lib/charm-helpers/bin/contrib/saltstack/salt-call (+11/-0) lib/charm-helpers/charmhelpers/cli/README.rst (+57/-0) lib/charm-helpers/charmhelpers/cli/__init__.py (+147/-0) lib/charm-helpers/charmhelpers/cli/commands.py (+2/-0) lib/charm-helpers/charmhelpers/cli/host.py (+14/-0) lib/charm-helpers/charmhelpers/contrib/ansible/__init__.py (+101/-0) lib/charm-helpers/charmhelpers/contrib/charmhelpers/IMPORT (+4/-0) lib/charm-helpers/charmhelpers/contrib/charmhelpers/__init__.py (+184/-0) lib/charm-helpers/charmhelpers/contrib/charmsupport/IMPORT (+14/-0) lib/charm-helpers/charmhelpers/contrib/charmsupport/nrpe.py (+218/-0) lib/charm-helpers/charmhelpers/contrib/charmsupport/volumes.py (+156/-0) lib/charm-helpers/charmhelpers/contrib/hahelpers/apache.py (+58/-0) lib/charm-helpers/charmhelpers/contrib/hahelpers/ceph.py (+294/-0) lib/charm-helpers/charmhelpers/contrib/hahelpers/cluster.py (+181/-0) lib/charm-helpers/charmhelpers/contrib/jujugui/IMPORT (+4/-0) lib/charm-helpers/charmhelpers/contrib/jujugui/utils.py (+602/-0) lib/charm-helpers/charmhelpers/contrib/network/ovs/__init__.py (+72/-0) lib/charm-helpers/charmhelpers/contrib/openstack/context.py (+294/-0) lib/charm-helpers/charmhelpers/contrib/openstack/templates/__init__.py (+2/-0) lib/charm-helpers/charmhelpers/contrib/openstack/templates/ceph.conf (+11/-0) lib/charm-helpers/charmhelpers/contrib/openstack/templates/haproxy.cfg (+37/-0) lib/charm-helpers/charmhelpers/contrib/openstack/templates/openstack_https_frontend (+23/-0) lib/charm-helpers/charmhelpers/contrib/openstack/templating.py (+261/-0) lib/charm-helpers/charmhelpers/contrib/openstack/utils.py (+276/-0) lib/charm-helpers/charmhelpers/contrib/saltstack/__init__.py (+149/-0) lib/charm-helpers/charmhelpers/contrib/ssl/__init__.py (+79/-0) lib/charm-helpers/charmhelpers/contrib/storage/linux/loopback.py (+62/-0) lib/charm-helpers/charmhelpers/contrib/storage/linux/lvm.py (+88/-0) lib/charm-helpers/charmhelpers/contrib/storage/linux/utils.py (+25/-0) lib/charm-helpers/charmhelpers/contrib/templating/pyformat.py (+13/-0) lib/charm-helpers/charmhelpers/core/hookenv.py (+340/-0) lib/charm-helpers/charmhelpers/core/host.py (+241/-0) lib/charm-helpers/charmhelpers/fetch/__init__.py (+209/-0) lib/charm-helpers/charmhelpers/fetch/archiveurl.py (+48/-0) lib/charm-helpers/charmhelpers/fetch/bzrurl.py (+49/-0) lib/charm-helpers/charmhelpers/payload/__init__.py (+1/-0) lib/charm-helpers/charmhelpers/payload/archive.py (+57/-0) lib/charm-helpers/charmhelpers/payload/execd.py (+50/-0) lib/charm-helpers/debian/compat (+1/-0) lib/charm-helpers/debian/control (+20/-0) lib/charm-helpers/debian/rules (+9/-0) lib/charm-helpers/debian/source/format (+1/-0) lib/charm-helpers/scripts/README (+1/-0) lib/charm-helpers/scripts/update-revno (+11/-0) lib/charm-helpers/setup.cfg (+4/-0) lib/charm-helpers/setup.py (+42/-0) lib/charm-helpers/tarmac_tests.sh (+6/-0) lib/charm-helpers/test_requirements.txt (+18/-0) lib/charm-helpers/tests/cli/test_cmdline.py (+189/-0) lib/charm-helpers/tests/cli/test_function_signature_analysis.py (+46/-0) lib/charm-helpers/tests/contrib/ansible/test_ansible.py (+134/-0) lib/charm-helpers/tests/contrib/charmhelpers/test_charmhelpers.py (+290/-0) lib/charm-helpers/tests/contrib/charmsupport/test_nrpe.py (+222/-0) lib/charm-helpers/tests/contrib/hahelpers/test_apache_utils.py (+44/-0) lib/charm-helpers/tests/contrib/hahelpers/test_ceph_utils.py (+131/-0) lib/charm-helpers/tests/contrib/hahelpers/test_cluster_utils.py (+277/-0) lib/charm-helpers/tests/contrib/jujugui/config/apache-ports.template (+2/-0) lib/charm-helpers/tests/contrib/jujugui/config/apache-site.template (+30/-0) lib/charm-helpers/tests/contrib/jujugui/config/config.js.template (+26/-0) lib/charm-helpers/tests/contrib/jujugui/config/haproxy.cfg.template (+48/-0) lib/charm-helpers/tests/contrib/jujugui/config/haproxy.conf (+22/-0) lib/charm-helpers/tests/contrib/jujugui/config/juju-api-agent.conf.template (+14/-0) lib/charm-helpers/tests/contrib/jujugui/config/juju-api-improv.conf.template (+12/-0) lib/charm-helpers/tests/contrib/jujugui/deploy.test (+232/-0) lib/charm-helpers/tests/contrib/jujugui/test_utils.py (+660/-0) lib/charm-helpers/tests/contrib/jujugui/unit.test (+11/-0) lib/charm-helpers/tests/contrib/network/test_ovs.py (+202/-0) lib/charm-helpers/tests/contrib/openstack/test_openstack_utils.py (+421/-0) lib/charm-helpers/tests/contrib/openstack/test_os_contexts.py (+473/-0) lib/charm-helpers/tests/contrib/openstack/test_os_templating.py (+232/-0) lib/charm-helpers/tests/contrib/saltstack/test_saltstates.py (+229/-0) lib/charm-helpers/tests/contrib/ssl/test_ssl.py (+60/-0) lib/charm-helpers/tests/contrib/storage/test_linux_storage_loopback.py (+75/-0) lib/charm-helpers/tests/contrib/storage/test_linux_storage_lvm.py (+70/-0) lib/charm-helpers/tests/contrib/storage/test_linux_storage_utils.py (+23/-0) lib/charm-helpers/tests/contrib/templating/test_pyformat.py (+36/-0) lib/charm-helpers/tests/core/test_hookenv.py (+797/-0) lib/charm-helpers/tests/core/test_host.py (+678/-0) lib/charm-helpers/tests/fetch/test_archiveurl.py (+89/-0) lib/charm-helpers/tests/fetch/test_bzrurl.py (+80/-0) lib/charm-helpers/tests/fetch/test_fetch.py (+407/-0) lib/charm-helpers/tests/payload/test_archive.py (+131/-0) lib/charm-helpers/tests/payload/test_execd.py (+151/-0) lib/charm-helpers/tests/tools/test_charm_helper_sync.py (+249/-0) lib/charm-helpers/tools/charm_helpers_sync/README (+114/-0) lib/charm-helpers/tools/charm_helpers_sync/charm_helpers_sync.py (+225/-0) lib/charm-helpers/tools/charm_helpers_sync/example-config.yaml (+14/-0) metadata.yaml (+0/-10) revision (+0/-1) templates/gunicorn.conf.tmpl (+0/-18) templates/logging.conf.tmpl (+0/-31) templates/wikiconfig.py.tmpl (+0/-30) templates/wsgi.py.tmpl (+0/-10)
To merge this branch:	bzr merge lp:~brad-marshall/charms/precise/python-moinmoin/python-rewrite-with-openid-fixes
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Marco Ceppi (community)		2013-09-26	Approve on 2013-10-20
Review via email: mp+187672@code.launchpad.net

Description of the change

Rewrote the charm in python using charm-helper.

Added openid auth support, testing can be done using:

$ juju set python-moinmoin use_openid=True openidrp_authorized_teams="['your-openid-team']"

Then try logging into http://<instance>:8080/ with a user in your-openid-team.

Revision history for this message

Marco Ceppi (marcoceppi) wrote on 2013-10-20:

LGTM +1, Thanks for the rewrite. You might want to consider linking to various appropriate sections of the docs in case the README methods become out of date, https://juju.ubuntu.com/docs/charms-config.html#config-deployment for example.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Brad Marshall

charmers

 === added file 'README.md'
 --- README.md	1970-01-01 00:00:00 +0000
 +++ README.md	2013-09-26 06:24:47 +0000
@@ -0,0 +1,72 @@
++# Overview
++Juju charm for python-moinmoin, charm author: Patrick Hetu <patrick@koumbit.org>
++
++# Deployment
++After a successful bootstrap, you can deploy the service without a configuration or alias with:
++
++    juju deploy python-moinmoin
++    juju expose python-moinmoin
++
++Though, it's recommended you create a yaml file with your parameters, for instance if you were to deploy the service as "mywiki", the configuration would look like:
++
++    mywiki:
++      wiki_name : "My MoinMoin wiki"
++      admin_name: "Admin"
++      languages: English French
++      xapian_search: True
++      port: 80
++
++To then deploy the wiki, with pre-seeded configuration:
++
++    juju deploy --config mywiki.yaml python-moinmoin mywiki
++    juju expose mywiki
++
++# Configuration
++This service contains several configuration options for controlling the moinmoin install
++
++## wiki_name
++Set the name and title of the wiki
++
++    juju set python_moinmoin wiki_name="My new wiki name"
++
++## admin_name
++Name of the admin account
++
++    juju set python_moinmoin admin_name="Adminstrator"
++
++## languages
++List of languages to be installed on the wiki, space delimited
++
++    juju set python_moinmoin languages English Spanish French
++
++To remove a language you'll need to re-enter the entire list, removing the language you no longer want
++
++    juju set python_moinmoin languages="English Spanish"
++
++# xapian_serach
++Enable xapian serach on your wiki (True or False)
++
++    juju set python_moinmoin xapian_search="True"
++
++# port
++The port moinmoin should listen on. By default it's 8080
++
++    juju set python_moinmoin port=80
++
++# use_openid
++Setting to say if the wiki is using OpenID authentication or not.
++
++    juju set python_moinmoin use_openid=True
++
++# openidrp_authorized_teams
++What OpenID teams are authorized to log in, if use_openid is true.
++
++   juju set python_moinmoin openidrp_authorized_teams="['team1', 'team2']"
++
++# Relations
++python-moinmoin can be related to any of the proxy charms, including but not limited to: haproxy, varnish, and squid. An example of connecting squid-reverseproxy to python-moinmoin is listed below:
++
++    juju deploy squid-reverseproxy squid
++    juju unexpose python-moinmoin
++    juju add-relation python-moinmoin squid
++    juju expose squid
 === removed file 'README.md'
 --- README.md	2013-05-23 13:02:52 +0000
 +++ README.md	1970-01-01 00:00:00 +0000
@@ -1,62 +0,0 @@
--# Overview
--Juju charm for python-moinmoin, charm author: Patrick Hetu <patrick@koumbit.org>
--
--# Deployment
--After a successful bootstrap, you can deploy the service without a configuration or alias with:
--
--    juju deploy python-moinmoin
--    juju expose python-moinmoin
--
--Though, it's recommended you create a yaml file with your parameters, for instance if you were to deploy the service as "mywiki", the configuration would look like:
--
--    mywiki:
--      wiki_name : "My MoinMoin wiki"
--      admin_name: "Admin"
--      languages: English French
--      xapian_search: True
--      port: 80
--
--To then deploy the wiki, with pre-seeded configuration:
--
--    juju deploy --config mywiki.yaml python-moinmoin mywiki
--    juju expose mywiki
--
--# Configuration
--This service contains several configuration options for controlling the moinmoin install
--
--## wiki_name
--Set the name and title of the wiki
--
--    juju set python_moinmoin wiki_name="My new wiki name"
--
--## admin_name
--Name of the admin account
--
--    juju set python_moinmoin admin_name="Adminstrator"
--
--## languages
--List of languages to be installed on the wiki, space delimited
--
--    juju set python_moinmoin languages English Spanish French
--
--To remove a language you'll need to re-enter the entire list, removing the language you no longer want
--
--    juju set python_moinmoin languages="English Spanish"
--
--# xapian_serach
--Enable xapian serach on your wiki (True or False)
--
--    juju set python_moinmoin xapian_search="True"
--
--# port
--The port moinmoin should listen on. By default it's 8080
--
--    juju set python_moinmoin port=80
--
--# Relations
--python-moinmoin can be related to any of the proxy charms, including but not limited to: haproxy, varnish, and squid. An example of connecting squid-reverseproxy to python-moinmoin is listed below:
--
--    juju deploy squid-reverseproxy squid
--    juju unexpose python-moinmoin
--    juju add-relation python-moinmoin squid
--    juju expose squid
 === added file 'config.yaml'
 --- config.yaml	1970-01-01 00:00:00 +0000
 +++ config.yaml	2013-09-26 06:24:47 +0000
@@ -0,0 +1,42 @@
++options:
++    wiki_name:
++        default: "My MoinMoin wiki"
++        type: string
++        description: The name of your wiki.
++    admin_name:
++        default: "Admin"
++        type: string
++        description: The wiki name of the admin user.
++    languages:
++        default: "English"
++        type: string
++        description: |
++            Languages to installed in a space-separated format.
++            For available languages see: http://moinmo.in/4ct10n/AttachFile/LanguageSetup?action=AttachFile
++            (write only the language name part)
++    loglevel:
++        default: "INFO"
++        type: string
++        description: Default loglevel, to adjust verbosity DEBUG, INFO, WARNING, ERROR, CRITICAL
++    xapian_search:
++        default: "True"
++        type: string
++        description: Set to True to enable the Xapian search engine.
++    listen_port:
++        default: 8080
++        type: int
++        description: The port for the service to listen on.
++    use_openid:
++        default: "False"
++        type: string
++        description: OpenID authentication used or not.
++    openidrp_authorized_teams:
++        default: "False"
++        type: string
++        description: Define the openid authorized teams for the wiki.
++    extra_settings:
++        default: ""
++        type: string
++        description: |
++            For the list of available configuration options see: http://moinmo.in/HelpOnConfiguration.
++            Also, don't forget to starts your configuration lines with a 4 spaces indentation.
 === removed file 'config.yaml'
 --- config.yaml	2013-05-07 16:03:30 +0000
 +++ config.yaml	1970-01-01 00:00:00 +0000
@@ -1,30 +0,0 @@
--options:
--    wiki_name:
--        default: "My MoinMoin wiki"
--        type: string
--        description: The name of your wiki.
--    admin_name:
--        default: "Admin"
--        type: string
--        description: The wiki name of the admin user.
--    languages:
--        default: "English"
--        type: string
--        description: |
--            Languages to installed in a space-separated format.
--            For available languages see: http://moinmo.in/4ct10n/AttachFile/LanguageSetup?action=AttachFile
--            (write only the language name part)
--    xapian_search:
--        default: "True"
--        type: string
--        description: Set to True to enable the Xapian search engine.
--    listen_port:
--        default: 8080
--        type: int
--        description: The port for the service to listen on.
--    extra_settings:
--        default: ""
--        type: string
--        description: |
--            For the list of available configuration options see: http://moinmo.in/HelpOnConfiguration.
--            Also, don't forget to starts your configuration lines with a 4 spaces indentation.
 === added file 'copyright'
 --- copyright	1970-01-01 00:00:00 +0000
 +++ copyright	2013-09-26 06:24:47 +0000
@@ -0,0 +1,18 @@
++Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
++
++Files: *
++Copyright: Copyright 2013, Canonical Ltd., All Rights Reserved.
++License: GPL-3
++ This program is free software: you can redistribute it and/or modify
++ it under the terms of the GNU General Public License as published by
++ the Free Software Foundation, either version 3 of the License, or
++ (at your option) any later version.
++ .
++ This program is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ GNU General Public License for more details.
++ .
++ You should have received a copy of the GNU General Public License
++ along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
 === removed file 'copyright'
 --- copyright	2011-11-01 20:33:21 +0000
 +++ copyright	1970-01-01 00:00:00 +0000
@@ -1,17 +0,0 @@
--Format: http://dep.debian.net/deps/dep5/
--
--Files: *
--Copyright: Copyright 2011, Patrick Hetu <patrick@koumbit.org>, All Rights Reserved.
--License: GPL-3
-- This program is free software: you can redistribute it and/or modify
-- it under the terms of the GNU General Public License as published by
-- the Free Software Foundation, either version 3 of the License, or
-- (at your option) any later version.
-- .
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-- GNU General Public License for more details.
-- .
-- You should have received a copy of the GNU General Public License
-- along with this program.  If not, see <http://www.gnu.org/licenses/>.
 === added directory 'files'
 === added file 'files/openidrp.py'
 --- files/openidrp.py	1970-01-01 00:00:00 +0000
 +++ files/openidrp.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,325 @@
++# -*- coding: iso-8859-1 -*-
++"""
++    MoinMoin - OpenID authorization
++
++    @copyright: 2007 MoinMoin:JohannesBerg
++    @license: GNU GPL, see COPYING for details.
++"""
++from MoinMoin import log
++logging = log.getLogger(__name__)
++
++from MoinMoin.util.moinoid import MoinOpenIDStore
++from MoinMoin import user
++from MoinMoin.auth import BaseAuth
++from openid.consumer import consumer
++from openid.yadis.discover import DiscoveryFailure
++from openid.fetchers import HTTPFetchingError
++from MoinMoin.widget import html
++from MoinMoin.auth import CancelLogin, ContinueLogin
++from MoinMoin.auth import MultistageFormLogin, MultistageRedirectLogin
++from MoinMoin.auth import get_multistage_continuation_url
++from werkzeug import url_encode
++
++class OpenIDAuth(BaseAuth):
++    login_inputs = ['openid_identifier']
++    name = 'openid'
++    logout_possible = True
++    auth_attribs = ()
++
++    def __init__(self, modify_request=None,
++                       update_user=None,
++                       create_user=None,
++                       forced_service=None,
++                       idselector_com=None):
++        BaseAuth.__init__(self)
++        self._modify_request = modify_request or (lambda x, c: None)
++        self._update_user = update_user or (lambda i, u, c: None)
++        self._create_user = create_user or (lambda i, u, c: None)
++        self._forced_service = forced_service
++        self._idselector_com = idselector_com
++        if forced_service:
++            self.login_inputs = ['special_no_input']
++
++    def _handle_user_data(self, request, u):
++        create = not u
++        # just in case the wiki admin screwed up
++        if create and user.getUserIdByOpenId(request, request.session['openid.id']):
++            return None
++
++        if create:
++            # pass in a created but unsaved user object
++            u = user.User(request, auth_method=self.name,
++                          auth_username=request.session['openid.id'],
++                          auth_attribs=self.auth_attribs)
++            # invalid name
++            u.name = ''
++            u = self._create_user(request.session['openid.info'], u, request.cfg)
++
++        if u:
++            self._update_user(request.session['openid.info'], u, request.cfg)
++
++            if not user.isValidName(request, u.name):
++                return None
++
++            if not hasattr(u, 'openids'):
++                u.openids = []
++            if not request.session['openid.id'] in u.openids:
++                u.openids.append(request.session['openid.id'])
++
++            u.save()
++
++            del request.session['openid.id']
++            del request.session['openid.info']
++
++        return u
++
++    def _get_account_name(self, request, form, msg=None):
++        # now we need to ask the user for a new username
++        # that they want to use on this wiki
++        # XXX: request nickname from OP and suggest using it
++        # (if it isn't in use yet)
++        logging.debug("running _get_account_name")
++        _ = request.getText
++        form.append(html.INPUT(type='hidden', name='oidstage', value='2'))
++        table = html.TABLE(border='0')
++        form.append(table)
++        td = html.TD(colspan=2)
++        td.append(html.Raw(_("""Please choose an account name now.
++If you choose an existing account name you will be asked for the
++password and be able to associate the account with your OpenID.""")))
++        table.append(html.TR().append(td))
++        if msg:
++            td = html.TD(colspan='2')
++            td.append(html.P().append(html.STRONG().append(html.Raw(msg))))
++            table.append(html.TR().append(td))
++        td1 = html.TD()
++        td1.append(html.STRONG().append(html.Raw(_('Name'))))
++        td2 = html.TD()
++        td2.append(html.INPUT(type='text', name='username'))
++        table.append(html.TR().append(td1).append(td2))
++        td1 = html.TD()
++        td2 = html.TD()
++        td2.append(html.INPUT(type='submit', name='submit',
++                              value=_('Choose this name')))
++        table.append(html.TR().append(td1).append(td2))
++
++    def _get_account_name_inval_user(self, request, form):
++        _ = request.getText
++        msg = _('This is not a valid username, choose a different one.')
++        return self._get_account_name(request, form, msg=msg)
++
++    def _associate_account(self, request, form, accountname, msg=None):
++        _ = request.getText
++
++        form.append(html.INPUT(type='hidden', name='oidstage', value='3'))
++        table = html.TABLE(border='0')
++        form.append(table)
++        td = html.TD(colspan=2)
++        td.append(html.Raw(_("""The username you have chosen is already
++taken. If it is your username, enter your password below to associate
++the username with your OpenID. Otherwise, please choose a different
++username and leave the password field blank.""")))
++        table.append(html.TR().append(td))
++        if msg:
++            td.append(html.P().append(html.STRONG().append(html.Raw(msg))))
++        td1 = html.TD()
++        td1.append(html.STRONG().append(html.Raw(_('Name'))))
++        td2 = html.TD()
++        td2.append(html.INPUT(type='text', name='username', value=accountname))
++        table.append(html.TR().append(td1).append(td2))
++        td1 = html.TD()
++        td1.append(html.STRONG().append(html.Raw(_('Password'))))
++        td2 = html.TD()
++        td2.append(html.INPUT(type='password', name='password'))
++        table.append(html.TR().append(td1).append(td2))
++        td1 = html.TD()
++        td2 = html.TD()
++        td2.append(html.INPUT(type='submit', name='submit',
++                              value=_('Associate this name')))
++        table.append(html.TR().append(td1).append(td2))
++
++    def _handle_verify_continuation(self, request):
++        _ = request.getText
++        oidconsumer = consumer.Consumer(request.session,
++                                        MoinOpenIDStore(request))
++        query = {}
++        for key in request.values.keys():
++            query[key] = request.values.get(key)
++        current_url = get_multistage_continuation_url(request, self.name,
++                                                      {'oidstage': '1'})
++        info = oidconsumer.complete(query, current_url)
++        if info.status == consumer.FAILURE:
++            logging.debug(_("OpenID error: %s.") % info.message)
++            return CancelLogin(_('OpenID error: %s.') % info.message)
++        elif info.status == consumer.CANCEL:
++            logging.debug(_("OpenID verification canceled."))
++            return CancelLogin(_('Verification canceled.'))
++        elif info.status == consumer.SUCCESS:
++            logging.debug(_("OpenID success. id: %s") % info.identity_url)
++            request.session['openid.id'] = info.identity_url
++            request.session['openid.info'] = info
++
++            # try to find user object
++            uid = user.getUserIdByOpenId(request, info.identity_url)
++            if uid:
++                u = user.User(request, id=uid, auth_method=self.name,
++                              auth_username=info.identity_url,
++                              auth_attribs=self.auth_attribs)
++            else:
++                u = None
++
++            # create or update the user according to the registration data
++            u = self._handle_user_data(request, u)
++            if u:
++                return ContinueLogin(u)
++
++            # if no user found, then we need to ask for a username,
++            # possibly associating an existing account.
++            logging.debug("OpenID: No user found, prompting for username")
++            #request.session['openid.id'] = info.identity_url
++            return MultistageFormLogin(self._get_account_name)
++        else:
++            logging.debug(_("OpenID failure"))
++            return CancelLogin(_('OpenID failure.'))
++
++    def _handle_name_continuation(self, request):
++        _ = request.getText
++        if not 'openid.id' in request.session:
++            return CancelLogin(_('No OpenID found in session.'))
++
++        newname = request.form.get('username', '')
++        if not newname:
++            return MultistageFormLogin(self._get_account_name)
++        if not user.isValidName(request, newname):
++            return MultistageFormLogin(self._get_account_name_inval_user)
++        uid = None
++        if newname:
++            uid = user.getUserId(request, newname)
++        if not uid:
++            # we can create a new user with this name :)
++            u = user.User(request, auth_method=self.name,
++                          auth_username=request.session['openid.id'],
++                          auth_attribs=self.auth_attribs)
++            u.name = newname
++            u = self._handle_user_data(request, u)
++            return ContinueLogin(u)
++        # requested username already exists. if they know the password,
++        # they can associate that account with the openid.
++        assoc = lambda req, form: self._associate_account(req, form, newname)
++        return MultistageFormLogin(assoc)
++
++    def _handle_associate_continuation(self, request):
++        if not 'openid.id' in request.session:
++            return CancelLogin(_('No OpenID found in session.'))
++
++        _ = request.getText
++        username = request.form.get('username', '')
++        password = request.form.get('password', '')
++        if not password:
++            return self._handle_name_continuation(request)
++        u = user.User(request, name=username, password=password,
++                      auth_method=self.name,
++                      auth_username=request.session['openid.id'],
++                      auth_attribs=self.auth_attribs)
++        if u.valid:
++            self._handle_user_data(request, u)
++            return ContinueLogin(u, _('Your account is now associated to your OpenID.'))
++        else:
++            msg = _('The password you entered is not valid.')
++            assoc = lambda req, form: self._associate_account(req, form, username, msg=msg)
++            return MultistageFormLogin(assoc)
++
++    def _handle_continuation(self, request):
++        _ = request.getText
++        oidstage = request.values.get('oidstage')
++        if oidstage == '1':
++            logging.debug('OpenID: handle verify continuation')
++            return self._handle_verify_continuation(request)
++        elif oidstage == '2':
++            logging.debug('OpenID: handle name continuation')
++            return self._handle_name_continuation(request)
++        elif oidstage == '3':
++            logging.debug('OpenID: handle associate continuation')
++            return self._handle_associate_continuation(request)
++        logging.debug('OpenID error: unknown continuation stage')
++        return CancelLogin(_('OpenID error: unknown continuation stage'))
++
++    def _openid_form(self, request, form, oidhtml):
++        _ = request.getText
++        txt = _('OpenID verification requires that you click this button:')
++        # create JS to automatically submit the form if possible
++        submitjs = """<script type="text/javascript">
++<!--//
++document.getElementById("openid_message").submit();
++//-->
++</script>
++"""
++        return ''.join([txt, oidhtml, submitjs])
++
++    def login(self, request, user_obj, **kw):
++        continuation = kw.get('multistage')
++
++        if continuation:
++            return self._handle_continuation(request)
++
++        # openid is designed to work together with other auths
++        if user_obj and user_obj.valid:
++            return ContinueLogin(user_obj)
++
++        openid_id = kw.get('openid_identifier')
++
++        # nothing entered? continue...
++        if not self._forced_service and not openid_id:
++            return ContinueLogin(user_obj)
++
++        _ = request.getText
++
++        # user entered something but the session can't be stored
++        if not request.cfg.cookie_lifetime[0]:
++            return ContinueLogin(user_obj,
++                                 _('Anonymous sessions need to be enabled for OpenID login.'))
++
++        oidconsumer = consumer.Consumer(request.session,
++                                        MoinOpenIDStore(request))
++
++        try:
++            fserv = self._forced_service
++            if fserv:
++                if isinstance(fserv, str) or isinstance(fserv, unicode):
++                    oidreq = oidconsumer.begin(fserv)
++                else:
++                    oidreq = oidconsumer.beginWithoutDiscovery(fserv)
++            else:
++                oidreq = oidconsumer.begin(openid_id)
++        except HTTPFetchingError:
++            return ContinueLogin(None, _('Failed to resolve OpenID.'))
++        except DiscoveryFailure:
++            return ContinueLogin(None, _('OpenID discovery failure, not a valid OpenID.'))
++        else:
++            if oidreq is None:
++                return ContinueLogin(None, _('No OpenID.'))
++
++            self._modify_request(oidreq, request.cfg)
++
++            return_to = get_multistage_continuation_url(request, self.name,
++                                                        {'oidstage': '1'})
++            trust_root = request.url_root
++            if oidreq.shouldSendRedirect():
++                redirect_url = oidreq.redirectURL(trust_root, return_to)
++                return MultistageRedirectLogin(redirect_url)
++            else:
++                form_html = oidreq.formMarkup(trust_root, return_to,
++                    form_tag_attrs={'id': 'openid_message'})
++                mcall = lambda request, form:\
++                    self._openid_form(request, form, form_html)
++                ret = MultistageFormLogin(mcall)
++                return ret
++
++    def login_hint(self, request):
++        _ = request.getText
++        msg = u''
++        if self._idselector_com:
++            msg = self._idselector_com
++        msg += _("If you do not have an account yet, you can still log in "
++                 "with your OpenID and create one during login.")
++        return msg
 === added file 'files/openidrp_teams.py'
 --- files/openidrp_teams.py	1970-01-01 00:00:00 +0000
 +++ files/openidrp_teams.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,157 @@
++# -*- coding: iso-8859-1 -*-
++"""
++    MoinMoin - Launchpad Teams Extension for OpenID authorization
++
++    @copyright: 2009 Canonical, Inc.
++    @license: GNU GPL, see COPYING for details.
++"""
++import time
++import re
++import os
++import logging
++import fcntl
++import errno
++import copy
++
++#from MoinMoin.util.moinoid import MoinOpenIDStore
++from MoinMoin import user
++from MoinMoin.auth import BaseAuth
++from MoinMoin.auth.openidrp import OpenIDAuth
++#OpenIDSREGAuth
++#from openid.consumer import consumer
++#from openid.yadis.discover import DiscoveryFailure
++#from openid.fetchers import HTTPFetchingError
++#from MoinMoin.widget import html
++#from MoinMoin.auth import CancelLogin, ContinueLogin
++#from MoinMoin.auth import MultistageFormLogin, MultistageRedirectLogin
++#from MoinMoin.auth import get_multistage_continuation_url
++
++from .teams import TeamsRequest, TeamsResponse, supportsTeams
++from MoinMoin import wikiutil
++from MoinMoin.PageEditor import PageEditor, conflict_markers
++from MoinMoin.Page import Page
++
++def openidrp_teams_modify_request(oidreq, cfg):
++    # Request Launchpad teams information, if configured
++    # should also check supportsTeams() result
++    #if teams_extension_avail and len(cfg.openidrp_authorized_teams) > 0:
++    if len(cfg.openidrp_authorized_teams) > 0:
++        oidreq.addExtension(TeamsRequest(cfg.openidrp_authorized_teams))
++
++def openidrp_teams_create_user(info, u, cfg):
++    # Check for Launchpad teams data in response
++    teams = None
++    #if teams_extension_avail and len(cfg.openidrp_authorized_teams) > 0:
++    teams_response = TeamsResponse.fromSuccessResponse(info)
++    teams = teams_response.is_member
++    if teams:
++        _save_teams_acl(u, teams, cfg)
++    return u
++
++def openidrp_teams_update_user(info, u, cfg):
++    teams = None
++    teams_response = TeamsResponse.fromSuccessResponse(info)
++    teams = teams_response.is_member
++    if teams:
++        _save_teams_acl(u, teams, cfg)
++
++# Take a list of Launchpad teams and add the user to the ACL pages
++# ACL group names cannot have "-" in them, although team names do.
++def _save_teams_acl(u, teams, cfg):
++    logging.log(logging.INFO, "running save_teams_acl...")
++
++    # remove any teams the user is no longer in
++    if not hasattr(u, 'teams'):
++        u.teams = []
++    logging.log(logging.INFO, "old teams: " + str(u.teams)
++        + "  new teams: " + str(teams))
++
++    for t in u.teams:
++        if not t in teams:
++            logging.log(logging.INFO, "remove user from team: " + t)
++            team = t.strip().replace("-", "")
++            _remove_user_from_team(u, team, cfg)
++
++    for t in teams:
++        team = t.strip().replace("-", "")
++        if not team:
++            continue
++        logging.log(logging.INFO, "Launchpad team: "  + team)
++        _add_user_to_team(u, team, cfg)
++
++    u.teams = teams
++    u.save()
++
++def _add_user_to_team(u, team, cfg):
++    # use admin account to create or edit ACL page
++    # http://moinmo.in/MoinDev/CommonTasks
++    acl_request = u._request
++    acl_request.user = user.User(acl_request, None, cfg.openidrp_acl_admin)
++
++    # PageEditor() is not safe to use concurrently - and browsers
++    # offten try to relogin to multiple tabs on the same wiki
++    # concurrently - due to its underlying reliance on the 'current'
++    # file to determine the current revision and the fact that
++    # PageEditor.saveText() moves 'current' out of the way as a
++    # lockfile.  If you lose the race, you end up getting an
++    # apparently empty body for a page which in fact has content.
++    #
++    # Work around this by doing our own locking.
++
++    pagedir = os.path.join(u._request.cfg.data_dir, "pages",
++                           team + cfg.openidrp_acl_page_postfix)
++    if not os.path.exists(pagedir):
++        os.mkdir(pagedir)
++    lockfile = os.path.join(pagedir, "openid.lock")
++    lock_fd = os.open(lockfile, os.O_RDWR | os.O_CREAT)
++    got_lock = False
++    retry = 0
++    while not got_lock and retry < 25:
++        retry += 1
++        try:
++            fcntl.lockf(lock_fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
++            got_lock = True
++        except IOError, e:
++            got_lock = False
++            if (e.errno == errno.EACCES or e.errno == errno.EAGAIN):
++                time.sleep(0.1)
++            else:
++                raise
++    # If we can't get a lock, give up and return quietly.  The user
++    # will simply have to logout and back in.
++    if not got_lock:
++        logging.log(logging.WARNING, "Could not acquire lock on " + lockfile)
++        return
++
++    pe = PageEditor(acl_request, team + cfg.openidrp_acl_page_postfix)
++    acl_text = pe.get_raw_body()
++    logging.log(logging.INFO, "ACL Page content: " + acl_text)
++    # make sure acl command is first line of document
++    # only the admin user specified in wikiconfig should
++    # be allowed to change these acl files
++    if not acl_text or acl_text == "" or acl_text[0] != "#":
++        acl_text = "#acl Known:read All:\n" + acl_text
++    # does ACL want uid, name, username, auth_username?
++    p = re.compile(ur"^ \* %s$" % u.name, re.MULTILINE)
++    if not p.search(acl_text):
++        logging.log(logging.INFO, "did not find user %s in acl, adding..." % u.name)
++        acl_text += u" * %s\n" % u.name
++        pe.saveText(acl_text, 0)
++    os.close(lock_fd)
++
++def _remove_user_from_team(u, team, cfg):
++    acl_request = u._request
++    acl_request.user = user.User(acl_request, None, cfg.openidrp_acl_admin)
++    pe = PageEditor(acl_request, team + cfg.openidrp_acl_page_postfix)
++    acl_text = pe.get_raw_body()
++    logging.log(logging.INFO, "ACL Page content: " + acl_text)
++    # does ACL want uid, name, username, auth_username?
++    p = re.compile(ur"^ \* %s$" % u.name, re.MULTILINE)
++    if p.search(acl_text):
++        logging.log(logging.INFO, "found user %s in acl, removing..." % u.name)
++        acl_text = acl_text.replace(" * %s\n" % u.name, "")
++        try:
++            pe.saveText(acl_text, 0)
++        except PageEditor.EmptyPage:
++            pe.deletePage()
++
 === added file 'files/teams.py'
 --- files/teams.py	1970-01-01 00:00:00 +0000
 +++ files/teams.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,398 @@
++# Copyright (C) 2009, 2010 Canonical Ltd
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the License, or
++# (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++"""Team membership support for Launchpad.
++
++The primary form of communication between the RP and Launchpad is an
++OpenID authentication request. Our solution is to piggyback a team
++membership test onto this interaction.
++
++As part of an OpenID authentication request, the RP includes the
++following fields:
++
++  openid.ns.lp:
++    An OpenID 2.0 namespace URI for the extension. It is not strictly
++    required for 1.1 requests, but including it is good for forward
++    compatibility.
++
++    It must be set to: http://ns.launchpad.net/2007/openid-teams
++
++  openid.lp.query_membership:
++    A comma separated list of Launchpad team names that the RP is
++    interested in.
++
++As part of the positive assertion OpenID response, the following field
++will be provided:
++
++  openid.ns.lp:
++    (as above)
++
++  openid.lp.is_member:
++    A comma separated list of teams that the user is actually a member
++    of. The list may be limited to those teams mentioned in the
++    request.
++
++    This field must be included in the response signature in order to
++    be considered valid (as the response is bounced through the user's
++    web browser, an unsigned value could be modified).
++
++@since: 2.1.1
++"""
++
++from openid.message import registerNamespaceAlias, \
++     NamespaceAliasRegistrationError
++from openid.extension import Extension
++from openid import oidutil
++
++try:
++    basestring #pylint:disable-msg=W0104
++except NameError:
++    # For Python 2.2
++    basestring = (str, unicode) #pylint:disable-msg=W0622
++
++__all__ = [
++    'TeamsRequest',
++    'TeamsResponse',
++    'ns_uri',
++    'supportsTeams',
++    ]
++
++ns_uri = 'http://ns.launchpad.net/2007/openid-teams'
++
++try:
++    registerNamespaceAlias(ns_uri, 'lp')
++except NamespaceAliasRegistrationError, e:
++    oidutil.log('registerNamespaceAlias(%r, %r) failed: %s' % (ns_uri,
++                                                               'lp', str(e),))
++
++def supportsTeams(endpoint):
++    """Does the given endpoint advertise support for Launchpad Teams?
++
++    @param endpoint: The endpoint object as returned by OpenID discovery
++    @type endpoint: openid.consumer.discover.OpenIDEndpoint
++
++    @returns: Whether an lp type was advertised by the endpoint
++    @rtype: bool
++    """
++    return endpoint.usesExtension(ns_uri)
++
++class TeamsNamespaceError(ValueError):
++    """The Launchpad teams namespace was not found and could not
++    be created using the expected name (there's another extension
++    using the name 'lp')
++
++    This is not I{illegal}, for OpenID 2, although it probably
++    indicates a problem, since it's not expected that other extensions
++    will re-use the alias that is in use for OpenID 1.
++
++    If this is an OpenID 1 request, then there is no recourse. This
++    should not happen unless some code has modified the namespaces for
++    the message that is being processed.
++    """
++
++def getTeamsNS(message):
++    """Extract the Launchpad teams namespace URI from the given
++    OpenID message.
++
++    @param message: The OpenID message from which to parse Launchpad
++        teams. This may be a request or response message.
++    @type message: C{L{openid.message.Message}}
++
++    @returns: the lp namespace URI for the supplied message. The
++        message may be modified to define a Launchpad teams
++        namespace.
++    @rtype: C{str}
++
++    @raise ValueError: when using OpenID 1 if the message defines
++        the 'lp' alias to be something other than a Launchpad
++        teams type.
++    """
++    # See if there exists an alias for the Launchpad teams type.
++    alias = message.namespaces.getAlias(ns_uri)
++    if alias is None:
++        # There is no alias, so try to add one. (OpenID version 1)
++        try:
++            message.namespaces.addAlias(ns_uri, 'lp')
++        except KeyError, why:
++            # An alias for the string 'lp' already exists, but it's
++            # defined for something other than Launchpad teams
++            raise TeamsNamespaceError(why[0])
++
++    # we know that ns_uri defined, because it's defined in the
++    # else clause of the loop as well, so disable the warning
++    return ns_uri #pylint:disable-msg=W0631
++
++class TeamsRequest(Extension):
++    """An object to hold the state of a Launchpad teams request.
++
++    @ivar query_membership: A comma separated list of Launchpad team
++        names that the RP is interested in.
++    @type required: [str]
++
++    @group Consumer: requestField, requestTeams, getExtensionArgs, addToOpenIDRequest
++    @group Server: fromOpenIDRequest, parseExtensionArgs
++    """
++
++    ns_alias = 'lp'
++
++    def __init__(self, query_membership=None, lp_ns_uri=ns_uri):
++        """Initialize an empty Launchpad teams request"""
++        Extension.__init__(self)
++        self.query_membership = []
++        self.ns_uri = lp_ns_uri
++
++        if query_membership:
++            self.requestTeams(query_membership)
++
++    # Assign getTeamsNS to a static method so that it can be
++    # overridden for testing.
++    _getTeamsNS = staticmethod(getTeamsNS)
++
++    def fromOpenIDRequest(cls, request):
++        """Create a Launchpad teams request that contains the
++        fields that were requested in the OpenID request with the
++        given arguments
++
++        @param request: The OpenID request
++        @type request: openid.server.CheckIDRequest
++
++        @returns: The newly created Launchpad teams request
++        @rtype: C{L{TeamsRequest}}
++        """
++        self = cls()
++
++        # Since we're going to mess with namespace URI mapping, don't
++        # mutate the object that was passed in.
++        message = request.message.copy()
++
++        self.ns_uri = self._getTeamsNS(message)
++        args = message.getArgs(self.ns_uri)
++        self.parseExtensionArgs(args)
++
++        return self
++
++    fromOpenIDRequest = classmethod(fromOpenIDRequest)
++
++    def parseExtensionArgs(self, args, strict=False):
++        """Parse the unqualified Launchpad teams request
++        parameters and add them to this object.
++
++        This method is essentially the inverse of
++        C{L{getExtensionArgs}}. This method restores the serialized
++        Launchpad teams request fields.
++
++        If you are extracting arguments from a standard OpenID
++        checkid_* request, you probably want to use C{L{fromOpenIDRequest}},
++        which will extract the lp namespace and arguments from the
++        OpenID request. This method is intended for cases where the
++        OpenID server needs more control over how the arguments are
++        parsed than that method provides.
++
++        >>> args = message.getArgs(ns_uri)
++        >>> request.parseExtensionArgs(args)
++
++        @param args: The unqualified Launchpad teams arguments
++        @type args: {str:str}
++
++        @param strict: Whether requests with fields that are not
++            defined in the Launchpad teams specification should be
++            tolerated (and ignored)
++        @type strict: bool
++
++        @returns: None; updates this object
++        """
++        items = args.get('query_membership')
++        if items:
++            for team_name in items.split(','):
++                try:
++                    self.requestTeam(team_name, strict)
++                except ValueError:
++                    if strict:
++                        raise
++
++    def allRequestedTeams(self):
++        """A list of all of the Launchpad teams that were
++        requested.
++
++        @rtype: [str]
++        """
++        return self.query_membership
++
++    def wereTeamsRequested(self):
++        """Have any Launchpad teams been requested?
++
++        @rtype: bool
++        """
++        return bool(self.allRequestedTeams())
++
++    def __contains__(self, team_name):
++        """Was this team in the request?"""
++        return team_name in self.query_membership
++
++    def requestTeam(self, team_name, strict=False):
++        """Request the specified team from the OpenID user
++
++        @param team_name: the unqualified Launchpad team name
++        @type team_name: str
++
++        @param strict: whether to raise an exception when a team is
++            added to a request more than once
++
++        @raise ValueError: when strict is set and the team was
++            requested more than once
++        """
++        if strict:
++            if team_name in self.query_membership:
++                raise ValueError('That team has already been requested')
++        else:
++            if team_name in self.query_membership:
++                return
++
++        self.query_membership.append(team_name)
++
++    def requestTeams(self, query_membership, strict=False):
++        """Add the given list of teams to the request
++
++        @param query_membership: The Launchpad teams request
++        @type query_membership: [str]
++
++        @raise ValueError: when a team requested is not a string
++            or strict is set and a team was requested more than once
++        """
++        if isinstance(query_membership, basestring):
++            raise TypeError('Teams should be passed as a list of '
++                            'strings (not %r)' % (type(query_membership),))
++
++        for team_name in query_membership:
++            self.requestTeam(team_name, strict=strict)
++
++    def getExtensionArgs(self):
++        """Get a dictionary of unqualified Launchpad teams
++        arguments representing this request.
++
++        This method is essentially the inverse of
++        C{L{parseExtensionArgs}}. This method serializes the Launchpad
++        teams request fields.
++
++        @rtype: {str:str}
++        """
++        args = {}
++
++        if self.query_membership:
++            args['query_membership'] = ','.join(self.query_membership)
++
++        return args
++
++class TeamsResponse(Extension):
++    """Represents the data returned in a Launchpad teams response
++    inside of an OpenID C{id_res} response. This object will be
++    created by the OpenID server, added to the C{id_res} response
++    object, and then extracted from the C{id_res} message by the
++    Consumer.
++
++    @ivar data: The Launchpad teams data, an array.
++
++    @ivar ns_uri: The URI under which the Launchpad teams data was
++        stored in the response message.
++
++    @group Server: extractResponse
++    @group Consumer: fromSuccessResponse
++    @group Read-only dictionary interface: keys, iterkeys, items, iteritems,
++        __iter__, get, __getitem__, keys, has_key
++    """
++
++    ns_alias = 'lp'
++
++    def __init__(self, is_member=None, lp_ns_uri=ns_uri):
++        Extension.__init__(self)
++        if is_member is None:
++            self.is_member = []
++        else:
++            self.is_member = is_member
++
++        self.ns_uri = lp_ns_uri
++
++    def addTeam(self, team_name):
++        if team_name not in self.is_member:
++            self.is_member.append(team_name)
++
++    def extractResponse(cls, request, is_member_str):
++        """Take a C{L{TeamsRequest}} and a list of Launchpad
++        team values and create a C{L{TeamsResponse}}
++        object containing that data.
++
++        @param request: The Launchpad teams request object
++        @type request: TeamsRequest
++
++        @param is_member: The Launchpad teams data for this
++            response, as a list of strings.
++        @type is_member: {str:str}
++
++        @returns: a Launchpad teams response object
++        @rtype: TeamsResponse
++        """
++        self = cls()
++        self.ns_uri = request.ns_uri
++        self.is_member = is_member_str.split(',')
++        return self
++
++    extractResponse = classmethod(extractResponse)
++
++    # Assign getTeamsNS to a static method so that it can be
++    # overridden for testing
++    _getTeamsNS = staticmethod(getTeamsNS)
++
++    def fromSuccessResponse(cls, success_response, signed_only=True):
++        """Create a C{L{TeamsResponse}} object from a successful OpenID
++        library response
++        (C{L{openid.consumer.consumer.SuccessResponse}}) response
++        message
++
++        @param success_response: A SuccessResponse from consumer.complete()
++        @type success_response: C{L{openid.consumer.consumer.SuccessResponse}}
++
++        @param signed_only: Whether to process only data that was
++            signed in the id_res message from the server.
++        @type signed_only: bool
++
++        @rtype: TeamsResponse
++        @returns: A Launchpad teams response containing the data
++            that was supplied with the C{id_res} response.
++        """
++        self = cls()
++        self.ns_uri = self._getTeamsNS(success_response.message)
++        if signed_only:
++            args = success_response.getSignedNS(self.ns_uri)
++        else:
++            args = success_response.message.getArgs(self.ns_uri)
++
++        if "is_member" in args:
++            is_member_str = args["is_member"]
++            self.is_member = is_member_str.split(',')
++            #self.is_member = args["is_member"]
++
++        return self
++
++    fromSuccessResponse = classmethod(fromSuccessResponse)
++
++    def getExtensionArgs(self):
++        """Get the fields to put in the Launchpad teams namespace
++        when adding them to an id_res message.
++
++        @see: openid.extension
++        """
++        ns_args = {'is_member': ','.join(self.is_member),}
++        return ns_args
++
 === added directory 'hooks'
 === removed directory 'hooks'
 === added symlink 'hooks/config-changed'
 === target is u'hooks.py'
 === removed file 'hooks/config-changed'
 --- hooks/config-changed	2013-05-07 21:32:01 +0000
 +++ hooks/config-changed	1970-01-01 00:00:00 +0000
@@ -1,54 +0,0 @@
--#!/bin/bash
--
--set -eux
--
--export UNIT_NAME=`echo $JUJU_UNIT_NAME | cut -d/ -f1`
--
--export WIKI_NAME=$(config-get wiki_name)
--export ADMIN_NAME=$(config-get admin_name)
--export LANGUAGES=$(config-get languages)
--export XAPIAN_SETTINGS=$(config-get xapian_search)
--export EXTRA_SETTINGS=$(config-get extra_settings)
--export PORT=$(config-get listen_port)
--
--juju-log "variables: WIKI_NAME: $WIKI_NAME,ADMIN_NAME: $ADMIN_NAME ,LANGUAGES: $LANGUAGES ,XAPIAN_SETTINGS: $XAPIAN_SETTINGS"
--
--if [ -f /etc/gunicorn.d/${UNIT_NAME}.conf ]; then
--    CURRENT_PORT=$(grep '\-\-bind' /etc/gunicorn.d/${UNIT_NAME}.conf | cut -d: -f2 | sed "s/'.*//")
--else
--    CURRENT_PORT=$(config-get listen_port)
--fi
--
--cheetah fill --env -p templates/wikiconfig.py.tmpl > /srv/${UNIT_NAME}/wikiconfig.py
--
--cheetah fill --env -p templates/wsgi.py.tmpl > /srv/${UNIT_NAME}/wsgi.py
--
--cheetah fill --env -p templates/logging.conf.tmpl > /srv/${UNIT_NAME}/logging.conf
--
--cheetah fill --env -p templates/gunicorn.conf.tmpl > /etc/gunicorn.d/${UNIT_NAME}.conf
--
--if [ $CURRENT_PORT != $PORT ]; then
--    close-port $CURRENT_PORT/tcp
--    open-port $PORT/tcp
--fi
--
--if [ "$XAPIAN_SETTINGS" == "True" ] ; then
--    if [ ! -e /srv/${UNIT_NAME}/xapian_is_initialized ] ; then
--        moin --config-dir=/srv/${UNIT_NAME}/ index build --mode=add
--        touch /srv/${UNIT_NAME}/xapian_is_initialized
--    else
--        moin --config-dir=/srv/${UNIT_NAME}/ index build --mode=rebuild
--    fi
--fi
--
--cd /srv/${UNIT_NAME}/
--
--for lang in $LANGUAGES; do
--    python -m MoinMoin.packages i ./underlay/pages/LanguageSetup/attachments/${lang}--all_pages.zip
--done
--
--chown root:www-data /srv/${UNIT_NAME}/ -R
--chmod g+rw /srv/${UNIT_NAME}/ -R
--
--/etc/init.d/gunicorn start
--/etc/init.d/gunicorn restart
 === added file 'hooks/hooks.py'
 --- hooks/hooks.py	1970-01-01 00:00:00 +0000
 +++ hooks/hooks.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,226 @@
++#!/usr/bin/env python
++
++# Copyright 2013 Canonical Ltd. All rights reserved.
++# Author: Brad Marshall <brad.marshall@canonical.com>
++
++import glob
++import os
++import sys
++import shutil
++import subprocess
++import socket
++import stat
++import pwd
++import grp
++import json
++import yaml
++import distutils.sysconfig
++
++local_copy = os.path.join(
++    os.path.dirname(os.path.abspath(os.path.dirname(__file__))),
++    "lib", "charm-helpers")
++if os.path.exists(local_copy) and os.path.isdir(local_copy):
++    sys.path.insert(0, local_copy)
++
++
++from charmhelpers.core.host import (
++    mkdir,
++    service,
++    service_start,
++    service_stop,
++    service_restart,
++    write_file,
++)
++
++from charmhelpers.core.hookenv import (
++    Hooks,
++    config,
++    open_port,
++    close_port,
++    relation_get,
++    relation_set,
++    relation_id,
++    remote_unit,
++    local_unit,
++)
++
++from charmhelpers.fetch import (
++    apt_install,
++)
++
++unit_name = local_unit().split("/")[0]
++hostname = socket.getfqdn()
++basedir = "/srv/" + unit_name
++rundir = basedir + "/run"
++logdir = basedir + "/logs"
++staticdir = basedir + "/moin_static"
++wikiconfig = basedir + "/wikiconfig.py"
++wsgipy = basedir + "/wsgi.py"
++loggingconf = basedir + "/logging.conf"
++xapian_initialised = basedir + "/xapian_is_initialized"
++gunicornconf = "/etc/gunicorn.d/" + unit_name + ".conf"
++wiki_name = config().get('wiki_name')
++admin_name = config().get('admin_name')
++languages = config().get('languages')
++loglevel = config().get('loglevel')
++xapian_search = config().get('xapian_search')
++listen_port = config().get('listen_port')
++use_openid = config().get('use_openid')
++openidrp_authorized_teams = config().get('openidrp_authorized_teams')
++extra_settings = config().get('extra_settings')
++
++hook_dir = os.path.abspath(os.path.dirname(__file__))
++charm_dir = os.path.dirname(hook_dir)
++
++required_pkgs = [
++    'python-moinmoin',
++    'python-flup',
++    'gunicorn',
++    'python-eventlet',
++    'python-tz',
++    'unzip',
++    'python-openid',
++    'python-xapian',
++    'python-xappy',
++    'python-docutils',
++    'python-jinja2'
++]
++
++hooks = Hooks()
++
++
++@hooks.hook()
++def install():
++    apt_install(required_pkgs, options=['--force-yes'])
++    if os.path.exists('/etc/moin/farmconfig.py'):
++        os.remove('/etc/moin/farmconfig.py')
++    if not os.path.exists(rundir):
++        os.makedirs(rundir)
++    if not os.path.exists(logdir):
++        os.makedirs(logdir)
++    if not os.path.exists(basedir + "/data"):
++        shutil.copytree('/usr/share/moin/data', basedir + "/data")
++    if not os.path.exists(basedir + "/underlay"):
++        shutil.copytree('/usr/share/moin/underlay', basedir + "/underlay")
++    if not os.path.exists(staticdir):
++        shutil.copytree('/usr/share/moin/htdocs', staticdir)
++
++
++@hooks.hook("config-changed")
++def config_changed():
++    # See if the port has changed
++    if (os.path.exists(gunicornconf)):
++        for line in open(gunicornconf):
++            if "--bind" in line:
++                port = line.split("=")[1].split(":")[1].rstrip("',\r\n")
++                break
++        if (listen_port != port):
++            close_port(port)
++            open_port(listen_port)
++
++    # Create files from templates
++    from jinja2 import Environment, FileSystemLoader
++    template_env = Environment(
++        loader=FileSystemLoader(os.path.join(os.environ['CHARM_DIR'],
++                                'templates')))
++    templ_vars = {
++        'basedir': basedir,
++        'unit_name': unit_name,
++        'wiki_name': wiki_name,
++        'admin_name': admin_name,
++        'languages': languages,
++        'loglevel': loglevel,
++        'xapian_search': xapian_search,
++        'listen_port': listen_port,
++        'use_openid': use_openid,
++        'openidrp_authorized_teams': openidrp_authorized_teams,
++        'extra_settings': extra_settings,
++    }
++
++    # gunicorn.conf.tmpl  logging.conf.tmpl  wikiconfig.py.tmpl  wsgi.py.tmpl
++    wikiconfigtemplate = \
++        template_env.get_template('wikiconfig.py.tmpl').render(templ_vars)
++    with open(wikiconfig, 'w') as wikiconfig_config:
++        wikiconfig_config.write(str(wikiconfigtemplate))
++    wsgipytemplate = \
++        template_env.get_template('wsgi.py.tmpl').render(templ_vars)
++    with open(wsgipy, 'w') as wsgipy_config:
++        wsgipy_config.write(str(wsgipytemplate))
++    loggingconftemplate = \
++        template_env.get_template('logging.conf.tmpl').render(templ_vars)
++    with open(loggingconf, 'w') as loggingconf_config:
++        loggingconf_config.write(str(loggingconftemplate))
++    gunicornconftemplate = \
++        template_env.get_template('gunicorn.conf.tmpl').render(templ_vars)
++    with open(gunicornconf, 'w') as gunicornconf_config:
++        gunicornconf_config.write(str(gunicornconftemplate))
++
++    # Handle xapian search updates
++    if (xapian_search == "True"):
++        if not os.path.exists(xapian_initialised):
++            subprocess.call(['moin', "--config-dir=%s/" % (basedir), 'index',
++                            'build', '--mode=add'])
++            open(xapian_initialised, 'w').close()
++        else:
++            subprocess.call(['moin', "--config=dir=%s/" % (basedir), 'index',
++                            'build', '--mode=rebuild'])
++
++    # Install languages
++    for lang in languages.split():
++        subprocess.call(['python', '-m', 'MoinMoin.packages', 'i',
++            "%s/underlay/pages/LanguageSetup/attachments/%s--all_pages.zip"
++            % (basedir, lang)], cwd=basedir)
++
++    # fix perms to be owned by root:www-data and g+rwX
++    root_uid = pwd.getpwnam('root').pw_uid
++    www_gid = grp.getgrnam('www-data').gr_gid
++    for root, dirs, files in os.walk(basedir):
++        for d in dirs:
++            os.chown(os.path.join(root, d), root_uid, www_gid)
++            os.chmod(os.path.join(root, d), 0775)
++        for f in files:
++            os.chown(os.path.join(root, f), root_uid, www_gid)
++            os.chmod(os.path.join(root, f), 0664)
++
++    # if we are using openid make sure files are in place
++    openid_python_path = "/usr/share/pyshared/MoinMoin/auth/openidrp_ext"
++    dist_dir = distutils.sysconfig.get_python_lib()
++    if (use_openid == "True"):
++	# Copy the openidrp.py file in place
++	shutil.copyfile("files/openidrp.py",
++			"%s/MoinMoin/auth/openidrp.py" % (dist_dir))
++        # Copy the openidrp_teams.py file in place
++        shutil.copyfile("files/openidrp_teams.py",
++                        "%s/openidrp_teams.py" % (openid_python_path))
++        # Only copy and symlink the teams.py in place if we don't have it
++        if not os.path.exists("%s/teams.py" % (openid_python_path)):
++            shutil.copyfile("files/teams.py", "%s/teams.py"
++                            % (openid_python_path))
++            os.symlink("%s/teams.py" % (openid_python_path),
++                       "%s/MoinMoin/auth/openidrp_ext/teams.py" % (dist_dir))
++
++    service_restart('gunicorn')
++
++
++@hooks.hook("website-relation-joined")
++def website_relation_join():
++    relation_set(port=listen_port, hostname=hostname)
++
++
++@hooks.hook("upgrade-charm")
++def upgrade_charm():
++    install()
++
++
++@hooks.hook("start")
++def start():
++    service_start('gunicorn')
++
++
++@hooks.hook("stop")
++def stop():
++    service_stop('gunicorn')
++
++
++if __name__ == "__main__":
++    hooks.execute(sys.argv)
 === added symlink 'hooks/install'
 === target is u'hooks.py'
 === removed file 'hooks/install'
 --- hooks/install	2013-05-07 16:36:59 +0000
 +++ hooks/install	1970-01-01 00:00:00 +0000
@@ -1,19 +0,0 @@
--#!/bin/bash
--
--UNIT_NAME=`echo $JUJU_UNIT_NAME | cut -d/ -f1`
--
--# --no-install-recommends and not fckeditor: because we don't want apache2 here.
--
--apt-get install --no-install-recommends -y python-moinmoin python-flup \
--    gunicorn python-eventlet unzip python-openid python-xapian python-xappy \
--    python-docutils python-cheetah
--
--# MoinMoin's command line script 'moin' check there first
--# and we don't want that
--rm /etc/moin/farmconfig.py
--
--mkdir -p /srv/${UNIT_NAME}/run
--mkdir -p /srv/${UNIT_NAME}/logs
--
--cp -r /usr/share/moin/data /usr/share/moin/underlay /srv/${UNIT_NAME}/
--cp -r /usr/share/moin/htdocs /srv/${UNIT_NAME}/moin_static
 === added symlink 'hooks/start'
 === target is u'hooks.py'
 === removed file 'hooks/start'
 --- hooks/start	2011-11-01 20:33:21 +0000
 +++ hooks/start	1970-01-01 00:00:00 +0000
@@ -1,4 +0,0 @@
--#!/bin/bash
--# Here put anything that is needed to start the service.
--# Note that currently this is run directly after install
--# i.e. 'service apache2 start'
 === added symlink 'hooks/stop'
 === target is u'hooks.py'
 === removed file 'hooks/stop'
 --- hooks/stop	2011-11-01 20:33:21 +0000
 +++ hooks/stop	1970-01-01 00:00:00 +0000
@@ -1,7 +0,0 @@
--#!/bin/bash
--# This will be run when the service is being torn down, allowing you to disable
--# it in various ways..
--# For example, if your web app uses a text file to signal to the load balancer
--# that it is live... you could remove it and sleep for a bit to allow the load
--# balancer to stop sending traffic.
--# rm /srv/webroot/server-live.txt && sleep 30
 === added symlink 'hooks/upgrade-charm'
 === target is u'hooks.py'
 === added symlink 'hooks/website-relation-joined'
 === target is u'hooks.py'
 === removed file 'hooks/website-relation-joined'
 --- hooks/website-relation-joined	2013-05-07 16:03:30 +0000
 +++ hooks/website-relation-joined	1970-01-01 00:00:00 +0000
@@ -1,2 +0,0 @@
--#!/bin/sh
--relation-set port=$(config-get listen_port) hostname=$(hostname -f)
 === added directory 'lib'
 === added directory 'lib/charm-helpers'
 === added file 'lib/charm-helpers/LICENSE.txt'
 --- lib/charm-helpers/LICENSE.txt	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/LICENSE.txt	2013-09-26 06:24:47 +0000
@@ -0,0 +1,661 @@
++                    GNU AFFERO GENERAL PUBLIC LICENSE
++                       Version 3, 19 November 2007
++
++ Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
++ Everyone is permitted to copy and distribute verbatim copies
++ of this license document, but changing it is not allowed.
++
++                            Preamble
++
++  The GNU Affero General Public License is a free, copyleft license for
++software and other kinds of works, specifically designed to ensure
++cooperation with the community in the case of network server software.
++
++  The licenses for most software and other practical works are designed
++to take away your freedom to share and change the works.  By contrast,
++our General Public Licenses are intended to guarantee your freedom to
++share and change all versions of a program--to make sure it remains free
++software for all its users.
++
++  When we speak of free software, we are referring to freedom, not
++price.  Our General Public Licenses are designed to make sure that you
++have the freedom to distribute copies of free software (and charge for
++them if you wish), that you receive source code or can get it if you
++want it, that you can change the software or use pieces of it in new
++free programs, and that you know you can do these things.
++
++  Developers that use our General Public Licenses protect your rights
++with two steps: (1) assert copyright on the software, and (2) offer
++you this License which gives you legal permission to copy, distribute
++and/or modify the software.
++
++  A secondary benefit of defending all users' freedom is that
++improvements made in alternate versions of the program, if they
++receive widespread use, become available for other developers to
++incorporate.  Many developers of free software are heartened and
++encouraged by the resulting cooperation.  However, in the case of
++software used on network servers, this result may fail to come about.
++The GNU General Public License permits making a modified version and
++letting the public access it on a server without ever releasing its
++source code to the public.
++
++  The GNU Affero General Public License is designed specifically to
++ensure that, in such cases, the modified source code becomes available
++to the community.  It requires the operator of a network server to
++provide the source code of the modified version running there to the
++users of that server.  Therefore, public use of a modified version, on
++a publicly accessible server, gives the public access to the source
++code of the modified version.
++
++  An older license, called the Affero General Public License and
++published by Affero, was designed to accomplish similar goals.  This is
++a different license, not a version of the Affero GPL, but Affero has
++released a new version of the Affero GPL which permits relicensing under
++this license.
++
++  The precise terms and conditions for copying, distribution and
++modification follow.
++
++                       TERMS AND CONDITIONS
++
++  0. Definitions.
++
++  "This License" refers to version 3 of the GNU Affero General Public License.
++
++  "Copyright" also means copyright-like laws that apply to other kinds of
++works, such as semiconductor masks.
++
++  "The Program" refers to any copyrightable work licensed under this
++License.  Each licensee is addressed as "you".  "Licensees" and
++"recipients" may be individuals or organizations.
++
++  To "modify" a work means to copy from or adapt all or part of the work
++in a fashion requiring copyright permission, other than the making of an
++exact copy.  The resulting work is called a "modified version" of the
++earlier work or a work "based on" the earlier work.
++
++  A "covered work" means either the unmodified Program or a work based
++on the Program.
++
++  To "propagate" a work means to do anything with it that, without
++permission, would make you directly or secondarily liable for
++infringement under applicable copyright law, except executing it on a
++computer or modifying a private copy.  Propagation includes copying,
++distribution (with or without modification), making available to the
++public, and in some countries other activities as well.
++
++  To "convey" a work means any kind of propagation that enables other
++parties to make or receive copies.  Mere interaction with a user through
++a computer network, with no transfer of a copy, is not conveying.
++
++  An interactive user interface displays "Appropriate Legal Notices"
++to the extent that it includes a convenient and prominently visible
++feature that (1) displays an appropriate copyright notice, and (2)
++tells the user that there is no warranty for the work (except to the
++extent that warranties are provided), that licensees may convey the
++work under this License, and how to view a copy of this License.  If
++the interface presents a list of user commands or options, such as a
++menu, a prominent item in the list meets this criterion.
++
++  1. Source Code.
++
++  The "source code" for a work means the preferred form of the work
++for making modifications to it.  "Object code" means any non-source
++form of a work.
++
++  A "Standard Interface" means an interface that either is an official
++standard defined by a recognized standards body, or, in the case of
++interfaces specified for a particular programming language, one that
++is widely used among developers working in that language.
++
++  The "System Libraries" of an executable work include anything, other
++than the work as a whole, that (a) is included in the normal form of
++packaging a Major Component, but which is not part of that Major
++Component, and (b) serves only to enable use of the work with that
++Major Component, or to implement a Standard Interface for which an
++implementation is available to the public in source code form.  A
++"Major Component", in this context, means a major essential component
++(kernel, window system, and so on) of the specific operating system
++(if any) on which the executable work runs, or a compiler used to
++produce the work, or an object code interpreter used to run it.
++
++  The "Corresponding Source" for a work in object code form means all
++the source code needed to generate, install, and (for an executable
++work) run the object code and to modify the work, including scripts to
++control those activities.  However, it does not include the work's
++System Libraries, or general-purpose tools or generally available free
++programs which are used unmodified in performing those activities but
++which are not part of the work.  For example, Corresponding Source
++includes interface definition files associated with source files for
++the work, and the source code for shared libraries and dynamically
++linked subprograms that the work is specifically designed to require,
++such as by intimate data communication or control flow between those
++subprograms and other parts of the work.
++
++  The Corresponding Source need not include anything that users
++can regenerate automatically from other parts of the Corresponding
++Source.
++
++  The Corresponding Source for a work in source code form is that
++same work.
++
++  2. Basic Permissions.
++
++  All rights granted under this License are granted for the term of
++copyright on the Program, and are irrevocable provided the stated
++conditions are met.  This License explicitly affirms your unlimited
++permission to run the unmodified Program.  The output from running a
++covered work is covered by this License only if the output, given its
++content, constitutes a covered work.  This License acknowledges your
++rights of fair use or other equivalent, as provided by copyright law.
++
++  You may make, run and propagate covered works that you do not
++convey, without conditions so long as your license otherwise remains
++in force.  You may convey covered works to others for the sole purpose
++of having them make modifications exclusively for you, or provide you
++with facilities for running those works, provided that you comply with
++the terms of this License in conveying all material for which you do
++not control copyright.  Those thus making or running the covered works
++for you must do so exclusively on your behalf, under your direction
++and control, on terms that prohibit them from making any copies of
++your copyrighted material outside their relationship with you.
++
++  Conveying under any other circumstances is permitted solely under
++the conditions stated below.  Sublicensing is not allowed; section 10
++makes it unnecessary.
++
++  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
++
++  No covered work shall be deemed part of an effective technological
++measure under any applicable law fulfilling obligations under article
++11 of the WIPO copyright treaty adopted on 20 December 1996, or
++similar laws prohibiting or restricting circumvention of such
++measures.
++
++  When you convey a covered work, you waive any legal power to forbid
++circumvention of technological measures to the extent such circumvention
++is effected by exercising rights under this License with respect to
++the covered work, and you disclaim any intention to limit operation or
++modification of the work as a means of enforcing, against the work's
++users, your or third parties' legal rights to forbid circumvention of
++technological measures.
++
++  4. Conveying Verbatim Copies.
++
++  You may convey verbatim copies of the Program's source code as you
++receive it, in any medium, provided that you conspicuously and
++appropriately publish on each copy an appropriate copyright notice;
++keep intact all notices stating that this License and any
++non-permissive terms added in accord with section 7 apply to the code;
++keep intact all notices of the absence of any warranty; and give all
++recipients a copy of this License along with the Program.
++
++  You may charge any price or no price for each copy that you convey,
++and you may offer support or warranty protection for a fee.
++
++  5. Conveying Modified Source Versions.
++
++  You may convey a work based on the Program, or the modifications to
++produce it from the Program, in the form of source code under the
++terms of section 4, provided that you also meet all of these conditions:
++
++    a) The work must carry prominent notices stating that you modified
++    it, and giving a relevant date.
++
++    b) The work must carry prominent notices stating that it is
++    released under this License and any conditions added under section
++    7.  This requirement modifies the requirement in section 4 to
++    "keep intact all notices".
++
++    c) You must license the entire work, as a whole, under this
++    License to anyone who comes into possession of a copy.  This
++    License will therefore apply, along with any applicable section 7
++    additional terms, to the whole of the work, and all its parts,
++    regardless of how they are packaged.  This License gives no
++    permission to license the work in any other way, but it does not
++    invalidate such permission if you have separately received it.
++
++    d) If the work has interactive user interfaces, each must display
++    Appropriate Legal Notices; however, if the Program has interactive
++    interfaces that do not display Appropriate Legal Notices, your
++    work need not make them do so.
++
++  A compilation of a covered work with other separate and independent
++works, which are not by their nature extensions of the covered work,
++and which are not combined with it such as to form a larger program,
++in or on a volume of a storage or distribution medium, is called an
++"aggregate" if the compilation and its resulting copyright are not
++used to limit the access or legal rights of the compilation's users
++beyond what the individual works permit.  Inclusion of a covered work
++in an aggregate does not cause this License to apply to the other
++parts of the aggregate.
++
++  6. Conveying Non-Source Forms.
++
++  You may convey a covered work in object code form under the terms
++of sections 4 and 5, provided that you also convey the
++machine-readable Corresponding Source under the terms of this License,
++in one of these ways:
++
++    a) Convey the object code in, or embodied in, a physical product
++    (including a physical distribution medium), accompanied by the
++    Corresponding Source fixed on a durable physical medium
++    customarily used for software interchange.
++
++    b) Convey the object code in, or embodied in, a physical product
++    (including a physical distribution medium), accompanied by a
++    written offer, valid for at least three years and valid for as
++    long as you offer spare parts or customer support for that product
++    model, to give anyone who possesses the object code either (1) a
++    copy of the Corresponding Source for all the software in the
++    product that is covered by this License, on a durable physical
++    medium customarily used for software interchange, for a price no
++    more than your reasonable cost of physically performing this
++    conveying of source, or (2) access to copy the
++    Corresponding Source from a network server at no charge.
++
++    c) Convey individual copies of the object code with a copy of the
++    written offer to provide the Corresponding Source.  This
++    alternative is allowed only occasionally and noncommercially, and
++    only if you received the object code with such an offer, in accord
++    with subsection 6b.
++
++    d) Convey the object code by offering access from a designated
++    place (gratis or for a charge), and offer equivalent access to the
++    Corresponding Source in the same way through the same place at no
++    further charge.  You need not require recipients to copy the
++    Corresponding Source along with the object code.  If the place to
++    copy the object code is a network server, the Corresponding Source
++    may be on a different server (operated by you or a third party)
++    that supports equivalent copying facilities, provided you maintain
++    clear directions next to the object code saying where to find the
++    Corresponding Source.  Regardless of what server hosts the
++    Corresponding Source, you remain obligated to ensure that it is
++    available for as long as needed to satisfy these requirements.
++
++    e) Convey the object code using peer-to-peer transmission, provided
++    you inform other peers where the object code and Corresponding
++    Source of the work are being offered to the general public at no
++    charge under subsection 6d.
++
++  A separable portion of the object code, whose source code is excluded
++from the Corresponding Source as a System Library, need not be
++included in conveying the object code work.
++
++  A "User Product" is either (1) a "consumer product", which means any
++tangible personal property which is normally used for personal, family,
++or household purposes, or (2) anything designed or sold for incorporation
++into a dwelling.  In determining whether a product is a consumer product,
++doubtful cases shall be resolved in favor of coverage.  For a particular
++product received by a particular user, "normally used" refers to a
++typical or common use of that class of product, regardless of the status
++of the particular user or of the way in which the particular user
++actually uses, or expects or is expected to use, the product.  A product
++is a consumer product regardless of whether the product has substantial
++commercial, industrial or non-consumer uses, unless such uses represent
++the only significant mode of use of the product.
++
++  "Installation Information" for a User Product means any methods,
++procedures, authorization keys, or other information required to install
++and execute modified versions of a covered work in that User Product from
++a modified version of its Corresponding Source.  The information must
++suffice to ensure that the continued functioning of the modified object
++code is in no case prevented or interfered with solely because
++modification has been made.
++
++  If you convey an object code work under this section in, or with, or
++specifically for use in, a User Product, and the conveying occurs as
++part of a transaction in which the right of possession and use of the
++User Product is transferred to the recipient in perpetuity or for a
++fixed term (regardless of how the transaction is characterized), the
++Corresponding Source conveyed under this section must be accompanied
++by the Installation Information.  But this requirement does not apply
++if neither you nor any third party retains the ability to install
++modified object code on the User Product (for example, the work has
++been installed in ROM).
++
++  The requirement to provide Installation Information does not include a
++requirement to continue to provide support service, warranty, or updates
++for a work that has been modified or installed by the recipient, or for
++the User Product in which it has been modified or installed.  Access to a
++network may be denied when the modification itself materially and
++adversely affects the operation of the network or violates the rules and
++protocols for communication across the network.
++
++  Corresponding Source conveyed, and Installation Information provided,
++in accord with this section must be in a format that is publicly
++documented (and with an implementation available to the public in
++source code form), and must require no special password or key for
++unpacking, reading or copying.
++
++  7. Additional Terms.
++
++  "Additional permissions" are terms that supplement the terms of this
++License by making exceptions from one or more of its conditions.
++Additional permissions that are applicable to the entire Program shall
++be treated as though they were included in this License, to the extent
++that they are valid under applicable law.  If additional permissions
++apply only to part of the Program, that part may be used separately
++under those permissions, but the entire Program remains governed by
++this License without regard to the additional permissions.
++
++  When you convey a copy of a covered work, you may at your option
++remove any additional permissions from that copy, or from any part of
++it.  (Additional permissions may be written to require their own
++removal in certain cases when you modify the work.)  You may place
++additional permissions on material, added by you to a covered work,
++for which you have or can give appropriate copyright permission.
++
++  Notwithstanding any other provision of this License, for material you
++add to a covered work, you may (if authorized by the copyright holders of
++that material) supplement the terms of this License with terms:
++
++    a) Disclaiming warranty or limiting liability differently from the
++    terms of sections 15 and 16 of this License; or
++
++    b) Requiring preservation of specified reasonable legal notices or
++    author attributions in that material or in the Appropriate Legal
++    Notices displayed by works containing it; or
++
++    c) Prohibiting misrepresentation of the origin of that material, or
++    requiring that modified versions of such material be marked in
++    reasonable ways as different from the original version; or
++
++    d) Limiting the use for publicity purposes of names of licensors or
++    authors of the material; or
++
++    e) Declining to grant rights under trademark law for use of some
++    trade names, trademarks, or service marks; or
++
++    f) Requiring indemnification of licensors and authors of that
++    material by anyone who conveys the material (or modified versions of
++    it) with contractual assumptions of liability to the recipient, for
++    any liability that these contractual assumptions directly impose on
++    those licensors and authors.
++
++  All other non-permissive additional terms are considered "further
++restrictions" within the meaning of section 10.  If the Program as you
++received it, or any part of it, contains a notice stating that it is
++governed by this License along with a term that is a further
++restriction, you may remove that term.  If a license document contains
++a further restriction but permits relicensing or conveying under this
++License, you may add to a covered work material governed by the terms
++of that license document, provided that the further restriction does
++not survive such relicensing or conveying.
++
++  If you add terms to a covered work in accord with this section, you
++must place, in the relevant source files, a statement of the
++additional terms that apply to those files, or a notice indicating
++where to find the applicable terms.
++
++  Additional terms, permissive or non-permissive, may be stated in the
++form of a separately written license, or stated as exceptions;
++the above requirements apply either way.
++
++  8. Termination.
++
++  You may not propagate or modify a covered work except as expressly
++provided under this License.  Any attempt otherwise to propagate or
++modify it is void, and will automatically terminate your rights under
++this License (including any patent licenses granted under the third
++paragraph of section 11).
++
++  However, if you cease all violation of this License, then your
++license from a particular copyright holder is reinstated (a)
++provisionally, unless and until the copyright holder explicitly and
++finally terminates your license, and (b) permanently, if the copyright
++holder fails to notify you of the violation by some reasonable means
++prior to 60 days after the cessation.
++
++  Moreover, your license from a particular copyright holder is
++reinstated permanently if the copyright holder notifies you of the
++violation by some reasonable means, this is the first time you have
++received notice of violation of this License (for any work) from that
++copyright holder, and you cure the violation prior to 30 days after
++your receipt of the notice.
++
++  Termination of your rights under this section does not terminate the
++licenses of parties who have received copies or rights from you under
++this License.  If your rights have been terminated and not permanently
++reinstated, you do not qualify to receive new licenses for the same
++material under section 10.
++
++  9. Acceptance Not Required for Having Copies.
++
++  You are not required to accept this License in order to receive or
++run a copy of the Program.  Ancillary propagation of a covered work
++occurring solely as a consequence of using peer-to-peer transmission
++to receive a copy likewise does not require acceptance.  However,
++nothing other than this License grants you permission to propagate or
++modify any covered work.  These actions infringe copyright if you do
++not accept this License.  Therefore, by modifying or propagating a
++covered work, you indicate your acceptance of this License to do so.
++
++  10. Automatic Licensing of Downstream Recipients.
++
++  Each time you convey a covered work, the recipient automatically
++receives a license from the original licensors, to run, modify and
++propagate that work, subject to this License.  You are not responsible
++for enforcing compliance by third parties with this License.
++
++  An "entity transaction" is a transaction transferring control of an
++organization, or substantially all assets of one, or subdividing an
++organization, or merging organizations.  If propagation of a covered
++work results from an entity transaction, each party to that
++transaction who receives a copy of the work also receives whatever
++licenses to the work the party's predecessor in interest had or could
++give under the previous paragraph, plus a right to possession of the
++Corresponding Source of the work from the predecessor in interest, if
++the predecessor has it or can get it with reasonable efforts.
++
++  You may not impose any further restrictions on the exercise of the
++rights granted or affirmed under this License.  For example, you may
++not impose a license fee, royalty, or other charge for exercise of
++rights granted under this License, and you may not initiate litigation
++(including a cross-claim or counterclaim in a lawsuit) alleging that
++any patent claim is infringed by making, using, selling, offering for
++sale, or importing the Program or any portion of it.
++
++  11. Patents.
++
++  A "contributor" is a copyright holder who authorizes use under this
++License of the Program or a work on which the Program is based.  The
++work thus licensed is called the contributor's "contributor version".
++
++  A contributor's "essential patent claims" are all patent claims
++owned or controlled by the contributor, whether already acquired or
++hereafter acquired, that would be infringed by some manner, permitted
++by this License, of making, using, or selling its contributor version,
++but do not include claims that would be infringed only as a
++consequence of further modification of the contributor version.  For
++purposes of this definition, "control" includes the right to grant
++patent sublicenses in a manner consistent with the requirements of
++this License.
++
++  Each contributor grants you a non-exclusive, worldwide, royalty-free
++patent license under the contributor's essential patent claims, to
++make, use, sell, offer for sale, import and otherwise run, modify and
++propagate the contents of its contributor version.
++
++  In the following three paragraphs, a "patent license" is any express
++agreement or commitment, however denominated, not to enforce a patent
++(such as an express permission to practice a patent or covenant not to
++sue for patent infringement).  To "grant" such a patent license to a
++party means to make such an agreement or commitment not to enforce a
++patent against the party.
++
++  If you convey a covered work, knowingly relying on a patent license,
++and the Corresponding Source of the work is not available for anyone
++to copy, free of charge and under the terms of this License, through a
++publicly available network server or other readily accessible means,
++then you must either (1) cause the Corresponding Source to be so
++available, or (2) arrange to deprive yourself of the benefit of the
++patent license for this particular work, or (3) arrange, in a manner
++consistent with the requirements of this License, to extend the patent
++license to downstream recipients.  "Knowingly relying" means you have
++actual knowledge that, but for the patent license, your conveying the
++covered work in a country, or your recipient's use of the covered work
++in a country, would infringe one or more identifiable patents in that
++country that you have reason to believe are valid.
++
++  If, pursuant to or in connection with a single transaction or
++arrangement, you convey, or propagate by procuring conveyance of, a
++covered work, and grant a patent license to some of the parties
++receiving the covered work authorizing them to use, propagate, modify
++or convey a specific copy of the covered work, then the patent license
++you grant is automatically extended to all recipients of the covered
++work and works based on it.
++
++  A patent license is "discriminatory" if it does not include within
++the scope of its coverage, prohibits the exercise of, or is
++conditioned on the non-exercise of one or more of the rights that are
++specifically granted under this License.  You may not convey a covered
++work if you are a party to an arrangement with a third party that is
++in the business of distributing software, under which you make payment
++to the third party based on the extent of your activity of conveying
++the work, and under which the third party grants, to any of the
++parties who would receive the covered work from you, a discriminatory
++patent license (a) in connection with copies of the covered work
++conveyed by you (or copies made from those copies), or (b) primarily
++for and in connection with specific products or compilations that
++contain the covered work, unless you entered into that arrangement,
++or that patent license was granted, prior to 28 March 2007.
++
++  Nothing in this License shall be construed as excluding or limiting
++any implied license or other defenses to infringement that may
++otherwise be available to you under applicable patent law.
++
++  12. No Surrender of Others' Freedom.
++
++  If conditions are imposed on you (whether by court order, agreement or
++otherwise) that contradict the conditions of this License, they do not
++excuse you from the conditions of this License.  If you cannot convey a
++covered work so as to satisfy simultaneously your obligations under this
++License and any other pertinent obligations, then as a consequence you may
++not convey it at all.  For example, if you agree to terms that obligate you
++to collect a royalty for further conveying from those to whom you convey
++the Program, the only way you could satisfy both those terms and this
++License would be to refrain entirely from conveying the Program.
++
++  13. Remote Network Interaction; Use with the GNU General Public License.
++
++  Notwithstanding any other provision of this License, if you modify the
++Program, your modified version must prominently offer all users
++interacting with it remotely through a computer network (if your version
++supports such interaction) an opportunity to receive the Corresponding
++Source of your version by providing access to the Corresponding Source
++from a network server at no charge, through some standard or customary
++means of facilitating copying of software.  This Corresponding Source
++shall include the Corresponding Source for any work covered by version 3
++of the GNU General Public License that is incorporated pursuant to the
++following paragraph.
++
++  Notwithstanding any other provision of this License, you have
++permission to link or combine any covered work with a work licensed
++under version 3 of the GNU General Public License into a single
++combined work, and to convey the resulting work.  The terms of this
++License will continue to apply to the part which is the covered work,
++but the work with which it is combined will remain governed by version
++3 of the GNU General Public License.
++
++  14. Revised Versions of this License.
++
++  The Free Software Foundation may publish revised and/or new versions of
++the GNU Affero General Public License from time to time.  Such new versions
++will be similar in spirit to the present version, but may differ in detail to
++address new problems or concerns.
++
++  Each version is given a distinguishing version number.  If the
++Program specifies that a certain numbered version of the GNU Affero General
++Public License "or any later version" applies to it, you have the
++option of following the terms and conditions either of that numbered
++version or of any later version published by the Free Software
++Foundation.  If the Program does not specify a version number of the
++GNU Affero General Public License, you may choose any version ever published
++by the Free Software Foundation.
++
++  If the Program specifies that a proxy can decide which future
++versions of the GNU Affero General Public License can be used, that proxy's
++public statement of acceptance of a version permanently authorizes you
++to choose that version for the Program.
++
++  Later license versions may give you additional or different
++permissions.  However, no additional obligations are imposed on any
++author or copyright holder as a result of your choosing to follow a
++later version.
++
++  15. Disclaimer of Warranty.
++
++  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
++APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
++HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
++OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
++THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
++IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
++ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
++
++  16. Limitation of Liability.
++
++  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
++WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
++THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
++GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
++USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
++DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
++PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
++EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
++SUCH DAMAGES.
++
++  17. Interpretation of Sections 15 and 16.
++
++  If the disclaimer of warranty and limitation of liability provided
++above cannot be given local legal effect according to their terms,
++reviewing courts shall apply local law that most closely approximates
++an absolute waiver of all civil liability in connection with the
++Program, unless a warranty or assumption of liability accompanies a
++copy of the Program in return for a fee.
++
++                     END OF TERMS AND CONDITIONS
++
++            How to Apply These Terms to Your New Programs
++
++  If you develop a new program, and you want it to be of the greatest
++possible use to the public, the best way to achieve this is to make it
++free software which everyone can redistribute and change under these terms.
++
++  To do so, attach the following notices to the program.  It is safest
++to attach them to the start of each source file to most effectively
++state the exclusion of warranty; and each file should have at least
++the "copyright" line and a pointer to where the full notice is found.
++
++    <one line to give the program's name and a brief idea of what it does.>
++    Copyright (C) <year>  <name of author>
++
++    This program is free software: you can redistribute it and/or modify
++    it under the terms of the GNU Affero General Public License as published by
++    the Free Software Foundation, either version 3 of the License, or
++    (at your option) any later version.
++
++    This program is distributed in the hope that it will be useful,
++    but WITHOUT ANY WARRANTY; without even the implied warranty of
++    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++    GNU Affero General Public License for more details.
++
++    You should have received a copy of the GNU Affero General Public License
++    along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++Also add information on how to contact you by electronic and paper mail.
++
++  If your software can interact with users remotely through a computer
++network, you should also make sure that it provides a way for users to
++get its source.  For example, if your program is a web application, its
++interface could display a "Source" link that leads users to an archive
++of the code.  There are many ways you could offer source, and different
++solutions will be better for different programs; see section 13 for the
++specific requirements.
++
++  You should also get your employer (if you work as a programmer) or school,
++if any, to sign a "copyright disclaimer" for the program, if necessary.
++For more information on this, and how to apply and follow the GNU AGPL, see
++<http://www.gnu.org/licenses/>.
 === added file 'lib/charm-helpers/MANIFEST.in'
 --- lib/charm-helpers/MANIFEST.in	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/MANIFEST.in	2013-09-26 06:24:47 +0000
@@ -0,0 +1,6 @@
++include *.txt
++include Makefile
++include VERSION
++include MANIFEST.in
++include scripts/*
++recursive-include debian *
 === added file 'lib/charm-helpers/Makefile'
 --- lib/charm-helpers/Makefile	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/Makefile	2013-09-26 06:24:47 +0000
@@ -0,0 +1,46 @@
++PROJECT=charmhelpers
++PYTHON := /usr/bin/env python
++SUITE=unstable
++TESTS=tests/
++
++all:
++	@echo "make source - Create source package"
++	@echo "make sdeb - Create debian source package"
++	@echo "make deb - Create debian package"
++	@echo "make clean"
++	@echo "make userinstall - Install locally"
++
++sdeb: source
++	scripts/build source
++
++deb: source
++	scripts/build
++
++source: setup.py
++	scripts/update-revno
++	python setup.py sdist
++
++clean:
++	python setup.py clean
++	rm -rf build/ MANIFEST
++	find . -name '*.pyc' -delete
++	rm -rf dist/*
++	dh_clean
++
++userinstall:
++	scripts/update-revno
++	python setup.py install --user
++
++test:
++	@echo Starting tests...
++	@$(PYTHON) /usr/bin/nosetests --nologcapture tests/
++
++ftest:
++	@echo Starting fast tests...
++	@$(PYTHON) /usr/bin/nosetests --attr '!slow' --nologcapture tests/
++
++lint:
++	@echo Checking for Python syntax...
++	@flake8 --ignore=E123,E501 $(PROJECT) $(TESTS) && echo OK
++
++build: test lint
 === added file 'lib/charm-helpers/README.test'
 --- lib/charm-helpers/README.test	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/README.test	2013-09-26 06:24:47 +0000
@@ -0,0 +1,7 @@
++Required Packages for Running Tests
++-----------------------------------
++python-shelltoolbox
++python-tempita
++python-nose
++python-mock
++python-testtools
 === added file 'lib/charm-helpers/README.txt'
 --- lib/charm-helpers/README.txt	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/README.txt	2013-09-26 06:24:47 +0000
@@ -0,0 +1,8 @@
++============
++CharmHelpers
++============
++
++CharmHelpers provides an opinionated set of tools for building Juju
++charms that work together. In addition to basic tasks like interact-
++ing with the charm environment and the machine it runs on, it also
++helps keep you build hooks and establish relations effortlessly.
 === added file 'lib/charm-helpers/REVISION'
 --- lib/charm-helpers/REVISION	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/REVISION	2013-09-26 06:24:47 +0000
@@ -0,0 +1,1 @@
++76
 === added file 'lib/charm-helpers/VERSION'
 --- lib/charm-helpers/VERSION	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/VERSION	2013-09-26 06:24:47 +0000
@@ -0,0 +1,1 @@
++0.1.2
 === added directory 'lib/charm-helpers/bin'
 === added file 'lib/charm-helpers/bin/README'
 --- lib/charm-helpers/bin/README	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/bin/README	2013-09-26 06:24:47 +0000
@@ -0,0 +1,1 @@
++This directory contains executables for accessing charmhelpers functionality
 === added file 'lib/charm-helpers/bin/chlp'
 --- lib/charm-helpers/bin/chlp	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/bin/chlp	2013-09-26 06:24:47 +0000
@@ -0,0 +1,7 @@
++#!/usr/bin/env python
++
++from charmhelpers.cli import cmdline
++from charmhelpers.cli.commands import *
++
++if __name__ == '__main__':
++    cmdline.run()
 === added directory 'lib/charm-helpers/bin/contrib'
 === added directory 'lib/charm-helpers/bin/contrib/charmsupport'
 === added file 'lib/charm-helpers/bin/contrib/charmsupport/charmsupport'
 --- lib/charm-helpers/bin/contrib/charmsupport/charmsupport	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/bin/contrib/charmsupport/charmsupport	2013-09-26 06:24:47 +0000
@@ -0,0 +1,31 @@
++#!/usr/bin/env python
++
++import argparse
++from charmhelpers.contrib.charmsupport import execd
++
++
++def run_execd(args):
++    execd.execd_run(args.module, args.dir, die_on_error=True)
++
++
++def parse_args():
++    parser = argparse.ArgumentParser(description='Perform common charm tasks')
++    subparsers = parser.add_subparsers(help='Commands')
++
++    execd_parser = subparsers.add_parser('execd',
++                                         help='Execute a directory of commands')
++    execd_parser.add_argument('--module', default='charm-pre-install',
++                              help='module to run (default: charm-pre-install)')
++    execd_parser.add_argument('--dir',
++                              help="Override the exec.d directory path")
++    execd_parser.set_defaults(func=run_execd)
++
++    return parser.parse_args()
++
++
++def main():
++    arguments = parse_args()
++    arguments.func(arguments)
++
++if __name__ == '__main__':
++    exit(main())
 === added directory 'lib/charm-helpers/bin/contrib/saltstack'
 === added file 'lib/charm-helpers/bin/contrib/saltstack/salt-call'
 --- lib/charm-helpers/bin/contrib/saltstack/salt-call	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/bin/contrib/saltstack/salt-call	2013-09-26 06:24:47 +0000
@@ -0,0 +1,11 @@
++#!/usr/bin/env python
++'''
++Directly call a salt command in the modules, does not require a running salt
++minion to run.
++'''
++
++from salt.scripts import salt_call
++
++
++if __name__ == '__main__':
++    salt_call()
 === added directory 'lib/charm-helpers/charmhelpers'
 === added file 'lib/charm-helpers/charmhelpers/__init__.py'
 === added directory 'lib/charm-helpers/charmhelpers/cli'
 === added file 'lib/charm-helpers/charmhelpers/cli/README.rst'
 --- lib/charm-helpers/charmhelpers/cli/README.rst	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/cli/README.rst	2013-09-26 06:24:47 +0000
@@ -0,0 +1,57 @@
++==========
++Commandant
++==========
++
++-----------------------------------------------------
++Automatic command-line interfaces to Python functions
++-----------------------------------------------------
++
++One of the benefits of ``libvirt`` is the uniformity of the interface: the C  API (as well as the bindings in other languages) is a set of functions that accept parameters that are nearly identical to the command-line arguments.  If you run ``virsh``, you get an interactive command prompt that supports all of the same commands that your shell scripts use as ``virsh`` subcommands.
++
++Command execution and stdio manipulation is the greatest common factor across all development systems in the POSIX environment.  By exposing your functions as commands that manipulate streams of text, you can make life easier for all the Ruby and Erlang and Go programmers in your life.
++
++Goals
++=====
++
++* Single decorator to expose a function as a command.
++  * now two decorators - one "automatic" and one that allows authors to manipulate the arguments for fine-grained control.(MW)
++* Automatic analysis of function signature through ``inspect.getargspec()``
++* Command argument parser built automatically with ``argparse``
++* Interactive interpreter loop object made with ``Cmd``
++* Options to output structured return value data via ``pprint``, ``yaml`` or ``json`` dumps.
++
++Other Important Features that need writing
++------------------------------------------
++
++* Help and Usage documentation can be automatically generated, but it will be important to let users override this behaviour
++* The decorator should allow specifying further parameters to the parser's add_argument() calls, to specify types or to make arguments behave as boolean flags, etc.
++    - Filename arguments are important, as good practice is for functions to accept file objects as parameters.
++    - choices arguments help to limit bad input before the function is called
++* Some automatic behaviour could make for better defaults, once the user can override them.
++    - We could automatically detect arguments that default to False or True, and automatically support --no-foo for foo=True.
++    - We could automatically support hyphens as alternates for underscores
++    - Arguments defaulting to sequence types could support the ``append`` action.
++
++
++-----------------------------------------------------
++Implementing subcommands
++-----------------------------------------------------
++
++(WIP)
++
++So as to avoid dependencies on the cli module, subcommands should be defined separately from their implementations. The recommmendation would be to place definitions into separate modules near the implementations which they expose.
++
++Some examples::
++
++    from charmhelpers.cli import CommandLine
++    from charmhelpers.payload import execd
++    from charmhelpers.foo import bar
++
++    cli = CommandLine()
++
++    cli.subcommand(execd.execd_run)
++
++    @cli.subcommand_builder("bar", help="Bar baz qux")
++    def barcmd_builder(subparser):
++        subparser.add_argument('argument1', help="yackety")
++        return bar
 === added file 'lib/charm-helpers/charmhelpers/cli/__init__.py'
 --- lib/charm-helpers/charmhelpers/cli/__init__.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/cli/__init__.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,147 @@
++import inspect
++import itertools
++import argparse
++import sys
++
++
++class OutputFormatter(object):
++    def __init__(self, outfile=sys.stdout):
++        self.formats = (
++            "raw",
++            "json",
++            "py",
++            "yaml",
++            "csv",
++            "tab",
++        )
++        self.outfile = outfile
++
++    def add_arguments(self, argument_parser):
++        formatgroup = argument_parser.add_mutually_exclusive_group()
++        choices = self.supported_formats
++        formatgroup.add_argument("--format", metavar='FMT',
++                                 help="Select output format for returned data, "
++                                      "where FMT is one of: {}".format(choices),
++                                 choices=choices, default='raw')
++        for fmt in self.formats:
++            fmtfunc = getattr(self, fmt)
++            formatgroup.add_argument("-{}".format(fmt[0]),
++                                     "--{}".format(fmt), action='store_const',
++                                     const=fmt, dest='format',
++                                     help=fmtfunc.__doc__)
++
++    @property
++    def supported_formats(self):
++        return self.formats
++
++    def raw(self, output):
++        """Output data as raw string (default)"""
++        self.outfile.write(str(output))
++
++    def py(self, output):
++        """Output data as a nicely-formatted python data structure"""
++        import pprint
++        pprint.pprint(output, stream=self.outfile)
++
++    def json(self, output):
++        """Output data in JSON format"""
++        import json
++        json.dump(output, self.outfile)
++
++    def yaml(self, output):
++        """Output data in YAML format"""
++        import yaml
++        yaml.safe_dump(output, self.outfile)
++
++    def csv(self, output):
++        """Output data as excel-compatible CSV"""
++        import csv
++        csvwriter = csv.writer(self.outfile)
++        csvwriter.writerows(output)
++
++    def tab(self, output):
++        """Output data in excel-compatible tab-delimited format"""
++        import csv
++        csvwriter = csv.writer(self.outfile, dialect=csv.excel_tab)
++        csvwriter.writerows(output)
++
++    def format_output(self, output, fmt='raw'):
++        fmtfunc = getattr(self, fmt)
++        fmtfunc(output)
++
++
++class CommandLine(object):
++    argument_parser = None
++    subparsers = None
++    formatter = None
++
++    def __init__(self):
++        if not self.argument_parser:
++            self.argument_parser = argparse.ArgumentParser(description='Perform common charm tasks')
++        if not self.formatter:
++            self.formatter = OutputFormatter()
++            self.formatter.add_arguments(self.argument_parser)
++        if not self.subparsers:
++            self.subparsers = self.argument_parser.add_subparsers(help='Commands')
++
++    def subcommand(self, command_name=None):
++        """
++        Decorate a function as a subcommand. Use its arguments as the
++        command-line arguments"""
++        def wrapper(decorated):
++            cmd_name = command_name or decorated.__name__
++            subparser = self.subparsers.add_parser(cmd_name,
++                                                   description=decorated.__doc__)
++            for args, kwargs in describe_arguments(decorated):
++                subparser.add_argument(*args, **kwargs)
++            subparser.set_defaults(func=decorated)
++            return decorated
++        return wrapper
++
++    def subcommand_builder(self, command_name, description=None):
++        """
++        Decorate a function that builds a subcommand. Builders should accept a
++        single argument (the subparser instance) and return the function to be
++        run as the command."""
++        def wrapper(decorated):
++            subparser = self.subparsers.add_parser(command_name)
++            func = decorated(subparser)
++            subparser.set_defaults(func=func)
++            subparser.description = description or func.__doc__
++        return wrapper
++
++    def run(self):
++        "Run cli, processing arguments and executing subcommands."
++        arguments = self.argument_parser.parse_args()
++        argspec = inspect.getargspec(arguments.func)
++        vargs = []
++        kwargs = {}
++        if argspec.varargs:
++            vargs = getattr(arguments, argspec.varargs)
++        for arg in argspec.args:
++            kwargs[arg] = getattr(arguments, arg)
++        self.formatter.format_output(arguments.func(*vargs, **kwargs), arguments.format)
++
++
++cmdline = CommandLine()
++
++
++def describe_arguments(func):
++    """
++    Analyze a function's signature and return a data structure suitable for
++    passing in as arguments to an argparse parser's add_argument() method."""
++
++    argspec = inspect.getargspec(func)
++    # we should probably raise an exception somewhere if func includes **kwargs
++    if argspec.defaults:
++        positional_args = argspec.args[:-len(argspec.defaults)]
++        keyword_names = argspec.args[-len(argspec.defaults):]
++        for arg, default in itertools.izip(keyword_names, argspec.defaults):
++            yield ('--{}'.format(arg),), {'default': default}
++    else:
++        positional_args = argspec.args
++
++    for arg in positional_args:
++        yield (arg,), {}
++    if argspec.varargs:
++        yield (argspec.varargs,), {'nargs': '*'}
 === added file 'lib/charm-helpers/charmhelpers/cli/commands.py'
 --- lib/charm-helpers/charmhelpers/cli/commands.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/cli/commands.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,2 @@
++from . import CommandLine
++import host
 === added file 'lib/charm-helpers/charmhelpers/cli/host.py'
 --- lib/charm-helpers/charmhelpers/cli/host.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/cli/host.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,14 @@
++from . import cmdline
++from charmhelpers.core import host
++
++
++@cmdline.subcommand()
++def mounts():
++    "List mounts"
++    return host.mounts()
++
++@cmdline.subcommand_builder('service', description="Control system services")
++def service(subparser):
++    subparser.add_argument("action", help="The action to perform (start, stop, etc...)")
++    subparser.add_argument("service_name", help="Name of the service to control")
++    return host.service
 === added directory 'lib/charm-helpers/charmhelpers/contrib'
 === added file 'lib/charm-helpers/charmhelpers/contrib/__init__.py'
 === added directory 'lib/charm-helpers/charmhelpers/contrib/ansible'
 === added file 'lib/charm-helpers/charmhelpers/contrib/ansible/__init__.py'
 --- lib/charm-helpers/charmhelpers/contrib/ansible/__init__.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/ansible/__init__.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,101 @@
++# Copyright 2013 Canonical Ltd.
++#
++# Authors:
++#  Charm Helpers Developers <juju@lists.ubuntu.com>
++"""Charm Helpers ansible - declare the state of your machines.
++
++This helper enables you to declare your machine state, rather than
++program it procedurally (and have to test each change to your procedures).
++Your install hook can be as simple as:
++
++{{{
++import charmhelpers.contrib.ansible
++
++
++def install():
++    charmhelpers.contrib.ansible.install_ansible_support()
++    charmhelpers.contrib.ansible.apply_playbook('playbooks/install.yaml')
++}}}
++
++and won't need to change (nor will its tests) when you change the machine
++state.
++
++All of your juju config and relation-data are available as template
++variables within your playbooks and templates. An install playbook looks
++something like:
++
++{{{
++---
++- hosts: localhost
++  user: root
++
++  tasks:
++    - name: Add private repositories.
++      template:
++        src: ../templates/private-repositories.list.jinja2
++        dest: /etc/apt/sources.list.d/private.list
++
++    - name: Update the cache.
++      apt: update_cache=yes
++
++    - name: Install dependencies.
++      apt: pkg={{ item }}
++      with_items:
++        - python-mimeparse
++        - python-webob
++        - sunburnt
++
++    - name: Setup groups.
++      group: name={{ item.name }} gid={{ item.gid }}
++      with_items:
++        - { name: 'deploy_user', gid: 1800 }
++        - { name: 'service_user', gid: 1500 }
++
++  ...
++}}}
++
++Read more online about playbooks[1] and standard ansible modules[2].
++
++[1] http://www.ansibleworks.com/docs/playbooks.html
++[2] http://www.ansibleworks.com/docs/modules.html
++"""
++import os
++import subprocess
++
++import charmhelpers.contrib.saltstack
++import charmhelpers.core.host
++import charmhelpers.core.hookenv
++import charmhelpers.fetch
++
++
++charm_dir = os.environ.get('CHARM_DIR', '')
++ansible_hosts_path = '/etc/ansible/hosts'
++# Ansible will automatically include any vars in the following
++# file in its inventory when run locally.
++ansible_vars_path = '/etc/ansible/host_vars/localhost'
++
++
++def install_ansible_support(from_ppa=True):
++    """Installs the ansible package.
++
++    By default it is installed from the PPA [1] linked from
++    the ansible website [2].
++
++    [1] https://launchpad.net/~rquillo/+archive/ansible
++    [2] http://www.ansibleworks.com/docs/gettingstarted.html#ubuntu-and-debian
++
++    If from_ppa is false, you must ensure that the package is available
++    from a configured repository.
++    """
++    if from_ppa:
++        charmhelpers.fetch.add_source('ppa:rquillo/ansible')
++        charmhelpers.fetch.apt_update(fatal=True)
++    charmhelpers.fetch.apt_install('ansible')
++    with open(ansible_hosts_path, 'w+') as hosts_file:
++        hosts_file.write('localhost ansible_connection=local')
++
++
++def apply_playbook(playbook):
++    charmhelpers.contrib.saltstack.juju_state_to_yaml(
++        ansible_vars_path, namespace_separator='__')
++    subprocess.check_call(['ansible-playbook', '-c', 'local', playbook])
 === added directory 'lib/charm-helpers/charmhelpers/contrib/charmhelpers'
 === added file 'lib/charm-helpers/charmhelpers/contrib/charmhelpers/IMPORT'
 --- lib/charm-helpers/charmhelpers/contrib/charmhelpers/IMPORT	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/charmhelpers/IMPORT	2013-09-26 06:24:47 +0000
@@ -0,0 +1,4 @@
++Source lp:charm-tools/trunk
++
++charm-tools/helpers/python/charmhelpers/__init__.py -> charmhelpers/charmhelpers/contrib/charmhelpers/__init__.py
++charm-tools/helpers/python/charmhelpers/tests/test_charmhelpers.py -> charmhelpers/tests/contrib/charmhelpers/test_charmhelpers.py
 === added file 'lib/charm-helpers/charmhelpers/contrib/charmhelpers/__init__.py'
 --- lib/charm-helpers/charmhelpers/contrib/charmhelpers/__init__.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/charmhelpers/__init__.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,184 @@
++# Copyright 2012 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++import warnings
++warnings.warn("contrib.charmhelpers is deprecated", DeprecationWarning)
++
++"""Helper functions for writing Juju charms in Python."""
++
++__metaclass__ = type
++__all__ = [
++    #'get_config',             # core.hookenv.config()
++    #'log',                    # core.hookenv.log()
++    #'log_entry',              # core.hookenv.log()
++    #'log_exit',               # core.hookenv.log()
++    #'relation_get',           # core.hookenv.relation_get()
++    #'relation_set',           # core.hookenv.relation_set()
++    #'relation_ids',           # core.hookenv.relation_ids()
++    #'relation_list',          # core.hookenv.relation_units()
++    #'config_get',             # core.hookenv.config()
++    #'unit_get',               # core.hookenv.unit_get()
++    #'open_port',              # core.hookenv.open_port()
++    #'close_port',             # core.hookenv.close_port()
++    #'service_control',        # core.host.service()
++    'unit_info',              # client-side, NOT IMPLEMENTED
++    'wait_for_machine',       # client-side, NOT IMPLEMENTED
++    'wait_for_page_contents',  # client-side, NOT IMPLEMENTED
++    'wait_for_relation',      # client-side, NOT IMPLEMENTED
++    'wait_for_unit',          # client-side, NOT IMPLEMENTED
++]
++
++import operator
++from shelltoolbox import (
++    command,
++)
++import tempfile
++import time
++import urllib2
++import yaml
++
++SLEEP_AMOUNT = 0.1
++# We create a juju_status Command here because it makes testing much,
++# much easier.
++juju_status = lambda: command('juju')('status')
++
++# re-implemented as charmhelpers.fetch.configure_sources()
++#def configure_source(update=False):
++#    source = config_get('source')
++#    if ((source.startswith('ppa:') or
++#         source.startswith('cloud:') or
++#         source.startswith('http:'))):
++#        run('add-apt-repository', source)
++#    if source.startswith("http:"):
++#        run('apt-key', 'import', config_get('key'))
++#    if update:
++#        run('apt-get', 'update')
++
++
++# DEPRECATED: client-side only
++def make_charm_config_file(charm_config):
++    charm_config_file = tempfile.NamedTemporaryFile()
++    charm_config_file.write(yaml.dump(charm_config))
++    charm_config_file.flush()
++    # The NamedTemporaryFile instance is returned instead of just the name
++    # because we want to take advantage of garbage collection-triggered
++    # deletion of the temp file when it goes out of scope in the caller.
++    return charm_config_file
++
++
++# DEPRECATED: client-side only
++def unit_info(service_name, item_name, data=None, unit=None):
++    if data is None:
++        data = yaml.safe_load(juju_status())
++    service = data['services'].get(service_name)
++    if service is None:
++        # XXX 2012-02-08 gmb:
++        #     This allows us to cope with the race condition that we
++        #     have between deploying a service and having it come up in
++        #     `juju status`. We could probably do with cleaning it up so
++        #     that it fails a bit more noisily after a while.
++        return ''
++    units = service['units']
++    if unit is not None:
++        item = units[unit][item_name]
++    else:
++        # It might seem odd to sort the units here, but we do it to
++        # ensure that when no unit is specified, the first unit for the
++        # service (or at least the one with the lowest number) is the
++        # one whose data gets returned.
++        sorted_unit_names = sorted(units.keys())
++        item = units[sorted_unit_names[0]][item_name]
++    return item
++
++
++# DEPRECATED: client-side only
++def get_machine_data():
++    return yaml.safe_load(juju_status())['machines']
++
++
++# DEPRECATED: client-side only
++def wait_for_machine(num_machines=1, timeout=300):
++    """Wait `timeout` seconds for `num_machines` machines to come up.
++
++    This wait_for... function can be called by other wait_for functions
++    whose timeouts might be too short in situations where only a bare
++    Juju setup has been bootstrapped.
++
++    :return: A tuple of (num_machines, time_taken). This is used for
++             testing.
++    """
++    # You may think this is a hack, and you'd be right. The easiest way
++    # to tell what environment we're working in (LXC vs EC2) is to check
++    # the dns-name of the first machine. If it's localhost we're in LXC
++    # and we can just return here.
++    if get_machine_data()[0]['dns-name'] == 'localhost':
++        return 1, 0
++    start_time = time.time()
++    while True:
++        # Drop the first machine, since it's the Zookeeper and that's
++        # not a machine that we need to wait for. This will only work
++        # for EC2 environments, which is why we return early above if
++        # we're in LXC.
++        machine_data = get_machine_data()
++        non_zookeeper_machines = [
++            machine_data[key] for key in machine_data.keys()[1:]]
++        if len(non_zookeeper_machines) >= num_machines:
++            all_machines_running = True
++            for machine in non_zookeeper_machines:
++                if machine.get('instance-state') != 'running':
++                    all_machines_running = False
++                    break
++            if all_machines_running:
++                break
++        if time.time() - start_time >= timeout:
++            raise RuntimeError('timeout waiting for service to start')
++        time.sleep(SLEEP_AMOUNT)
++    return num_machines, time.time() - start_time
++
++
++# DEPRECATED: client-side only
++def wait_for_unit(service_name, timeout=480):
++    """Wait `timeout` seconds for a given service name to come up."""
++    wait_for_machine(num_machines=1)
++    start_time = time.time()
++    while True:
++        state = unit_info(service_name, 'agent-state')
++        if 'error' in state or state == 'started':
++            break
++        if time.time() - start_time >= timeout:
++            raise RuntimeError('timeout waiting for service to start')
++        time.sleep(SLEEP_AMOUNT)
++    if state != 'started':
++        raise RuntimeError('unit did not start, agent-state: ' + state)
++
++
++# DEPRECATED: client-side only
++def wait_for_relation(service_name, relation_name, timeout=120):
++    """Wait `timeout` seconds for a given relation to come up."""
++    start_time = time.time()
++    while True:
++        relation = unit_info(service_name, 'relations').get(relation_name)
++        if relation is not None and relation['state'] == 'up':
++            break
++        if time.time() - start_time >= timeout:
++            raise RuntimeError('timeout waiting for relation to be up')
++        time.sleep(SLEEP_AMOUNT)
++
++
++# DEPRECATED: client-side only
++def wait_for_page_contents(url, contents, timeout=120, validate=None):
++    if validate is None:
++        validate = operator.contains
++    start_time = time.time()
++    while True:
++        try:
++            stream = urllib2.urlopen(url)
++        except (urllib2.HTTPError, urllib2.URLError):
++            pass
++        else:
++            page = stream.read()
++            if validate(page, contents):
++                return page
++        if time.time() - start_time >= timeout:
++            raise RuntimeError('timeout waiting for contents of ' + url)
++        time.sleep(SLEEP_AMOUNT)
 === added directory 'lib/charm-helpers/charmhelpers/contrib/charmsupport'
 === added file 'lib/charm-helpers/charmhelpers/contrib/charmsupport/IMPORT'
 --- lib/charm-helpers/charmhelpers/contrib/charmsupport/IMPORT	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/charmsupport/IMPORT	2013-09-26 06:24:47 +0000
@@ -0,0 +1,14 @@
++Source: lp:charmsupport/trunk
++
++charmsupport/charmsupport/execd.py -> charm-helpers/charmhelpers/contrib/charmsupport/execd.py
++charmsupport/charmsupport/hookenv.py -> charm-helpers/charmhelpers/contrib/charmsupport/hookenv.py
++charmsupport/charmsupport/host.py -> charm-helpers/charmhelpers/contrib/charmsupport/host.py
++charmsupport/charmsupport/nrpe.py -> charm-helpers/charmhelpers/contrib/charmsupport/nrpe.py
++charmsupport/charmsupport/volumes.py -> charm-helpers/charmhelpers/contrib/charmsupport/volumes.py
++
++charmsupport/tests/test_execd.py -> charm-helpers/tests/contrib/charmsupport/test_execd.py
++charmsupport/tests/test_hookenv.py -> charm-helpers/tests/contrib/charmsupport/test_hookenv.py
++charmsupport/tests/test_host.py -> charm-helpers/tests/contrib/charmsupport/test_host.py
++charmsupport/tests/test_nrpe.py -> charm-helpers/tests/contrib/charmsupport/test_nrpe.py
++
++charmsupport/bin/charmsupport -> charm-helpers/bin/contrib/charmsupport/charmsupport
 === added file 'lib/charm-helpers/charmhelpers/contrib/charmsupport/__init__.py'
 === added file 'lib/charm-helpers/charmhelpers/contrib/charmsupport/nrpe.py'
 --- lib/charm-helpers/charmhelpers/contrib/charmsupport/nrpe.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/charmsupport/nrpe.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,218 @@
++"""Compatibility with the nrpe-external-master charm"""
++# Copyright 2012 Canonical Ltd.
++#
++# Authors:
++#  Matthew Wedgwood <matthew.wedgwood@canonical.com>
++
++import subprocess
++import pwd
++import grp
++import os
++import re
++import shlex
++import yaml
++
++from charmhelpers.core.hookenv import (
++    config,
++    local_unit,
++    log,
++    relation_ids,
++    relation_set,
++)
++
++from charmhelpers.core.host import service
++
++# This module adds compatibility with the nrpe-external-master and plain nrpe
++# subordinate charms. To use it in your charm:
++#
++# 1. Update metadata.yaml
++#
++#   provides:
++#     (...)
++#     nrpe-external-master:
++#       interface: nrpe-external-master
++#       scope: container
++#
++#   and/or
++#
++#   provides:
++#     (...)
++#     local-monitors:
++#       interface: local-monitors
++#       scope: container
++
++#
++# 2. Add the following to config.yaml
++#
++#    nagios_context:
++#      default: "juju"
++#      type: string
++#      description: |
++#        Used by the nrpe subordinate charms.
++#        A string that will be prepended to instance name to set the host name
++#        in nagios. So for instance the hostname would be something like:
++#            juju-myservice-0
++#        If you're running multiple environments with the same services in them
++#        this allows you to differentiate between them.
++#
++# 3. Add custom checks (Nagios plugins) to files/nrpe-external-master
++#
++# 4. Update your hooks.py with something like this:
++#
++#    from charmsupport.nrpe import NRPE
++#    (...)
++#    def update_nrpe_config():
++#        nrpe_compat = NRPE()
++#        nrpe_compat.add_check(
++#            shortname = "myservice",
++#            description = "Check MyService",
++#            check_cmd = "check_http -w 2 -c 10 http://localhost"
++#            )
++#        nrpe_compat.add_check(
++#            "myservice_other",
++#            "Check for widget failures",
++#            check_cmd = "/srv/myapp/scripts/widget_check"
++#            )
++#        nrpe_compat.write()
++#
++#    def config_changed():
++#        (...)
++#        update_nrpe_config()
++#
++#    def nrpe_external_master_relation_changed():
++#        update_nrpe_config()
++#
++#    def local_monitors_relation_changed():
++#        update_nrpe_config()
++#
++# 5. ln -s hooks.py nrpe-external-master-relation-changed
++#    ln -s hooks.py local-monitors-relation-changed
++
++
++class CheckException(Exception):
++    pass
++
++
++class Check(object):
++    shortname_re = '[A-Za-z0-9-_]+$'
++    service_template = ("""
++#---------------------------------------------------
++# This file is Juju managed
++#---------------------------------------------------
++define service {{
++    use                             active-service
++    host_name                       {nagios_hostname}
++    service_description             {nagios_hostname}[{shortname}] """
++                        """{description}
++    check_command                   check_nrpe!{command}
++    servicegroups                   {nagios_servicegroup}
++}}
++""")
++
++    def __init__(self, shortname, description, check_cmd):
++        super(Check, self).__init__()
++        # XXX: could be better to calculate this from the service name
++        if not re.match(self.shortname_re, shortname):
++            raise CheckException("shortname must match {}".format(
++                Check.shortname_re))
++        self.shortname = shortname
++        self.command = "check_{}".format(shortname)
++        # Note: a set of invalid characters is defined by the
++        # Nagios server config
++        # The default is: illegal_object_name_chars=`~!$%^&*"|'<>?,()=
++        self.description = description
++        self.check_cmd = self._locate_cmd(check_cmd)
++
++    def _locate_cmd(self, check_cmd):
++        search_path = (
++            '/',
++            os.path.join(os.environ['CHARM_DIR'],
++                         'files/nrpe-external-master'),
++            '/usr/lib/nagios/plugins',
++        )
++        parts = shlex.split(check_cmd)
++        for path in search_path:
++            if os.path.exists(os.path.join(path, parts[0])):
++                command = os.path.join(path, parts[0])
++                if len(parts) > 1:
++                    command += " " + " ".join(parts[1:])
++                return command
++        log('Check command not found: {}'.format(parts[0]))
++        return ''
++
++    def write(self, nagios_context, hostname):
++        nrpe_check_file = '/etc/nagios/nrpe.d/{}.cfg'.format(
++            self.command)
++        with open(nrpe_check_file, 'w') as nrpe_check_config:
++            nrpe_check_config.write("# check {}\n".format(self.shortname))
++            nrpe_check_config.write("command[{}]={}\n".format(
++                self.command, self.check_cmd))
++
++        if not os.path.exists(NRPE.nagios_exportdir):
++            log('Not writing service config as {} is not accessible'.format(
++                NRPE.nagios_exportdir))
++        else:
++            self.write_service_config(nagios_context, hostname)
++
++    def write_service_config(self, nagios_context, hostname):
++        for f in os.listdir(NRPE.nagios_exportdir):
++            if re.search('.*{}.cfg'.format(self.command), f):
++                os.remove(os.path.join(NRPE.nagios_exportdir, f))
++
++        templ_vars = {
++            'nagios_hostname': hostname,
++            'nagios_servicegroup': nagios_context,
++            'description': self.description,
++            'shortname': self.shortname,
++            'command': self.command,
++        }
++        nrpe_service_text = Check.service_template.format(**templ_vars)
++        nrpe_service_file = '{}/service__{}_{}.cfg'.format(
++            NRPE.nagios_exportdir, hostname, self.command)
++        with open(nrpe_service_file, 'w') as nrpe_service_config:
++            nrpe_service_config.write(str(nrpe_service_text))
++
++    def run(self):
++        subprocess.call(self.check_cmd)
++
++
++class NRPE(object):
++    nagios_logdir = '/var/log/nagios'
++    nagios_exportdir = '/var/lib/nagios/export'
++    nrpe_confdir = '/etc/nagios/nrpe.d'
++
++    def __init__(self):
++        super(NRPE, self).__init__()
++        self.config = config()
++        self.nagios_context = self.config['nagios_context']
++        self.unit_name = local_unit().replace('/', '-')
++        self.hostname = "{}-{}".format(self.nagios_context, self.unit_name)
++        self.checks = []
++
++    def add_check(self, *args, **kwargs):
++        self.checks.append(Check(*args, **kwargs))
++
++    def write(self):
++        try:
++            nagios_uid = pwd.getpwnam('nagios').pw_uid
++            nagios_gid = grp.getgrnam('nagios').gr_gid
++        except:
++            log("Nagios user not set up, nrpe checks not updated")
++            return
++
++        if not os.path.exists(NRPE.nagios_logdir):
++            os.mkdir(NRPE.nagios_logdir)
++            os.chown(NRPE.nagios_logdir, nagios_uid, nagios_gid)
++
++        nrpe_monitors = {}
++        monitors = {"monitors": {"remote": {"nrpe": nrpe_monitors}}}
++        for nrpecheck in self.checks:
++            nrpecheck.write(self.nagios_context, self.hostname)
++            nrpe_monitors[nrpecheck.shortname] = {
++                "command": nrpecheck.command,
++            }
++
++        service('restart', 'nagios-nrpe-server')
++
++        for rid in relation_ids("local-monitors"):
++            relation_set(relation_id=rid, monitors=yaml.dump(monitors))
 === added file 'lib/charm-helpers/charmhelpers/contrib/charmsupport/volumes.py'
 --- lib/charm-helpers/charmhelpers/contrib/charmsupport/volumes.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/charmsupport/volumes.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,156 @@
++'''
++Functions for managing volumes in juju units. One volume is supported per unit.
++Subordinates may have their own storage, provided it is on its own partition.
++
++Configuration stanzas:
++  volume-ephemeral:
++    type: boolean
++    default: true
++    description: >
++      If false, a volume is mounted as sepecified in "volume-map"
++      If true, ephemeral storage will be used, meaning that log data
++         will only exist as long as the machine. YOU HAVE BEEN WARNED.
++  volume-map:
++    type: string
++    default: {}
++    description: >
++      YAML map of units to device names, e.g:
++        "{ rsyslog/0: /dev/vdb, rsyslog/1: /dev/vdb }"
++      Service units will raise a configure-error if volume-ephemeral
++      is 'true' and no volume-map value is set. Use 'juju set' to set a
++      value and 'juju resolved' to complete configuration.
++
++Usage:
++    from charmsupport.volumes import configure_volume, VolumeConfigurationError
++    from charmsupport.hookenv import log, ERROR
++    def post_mount_hook():
++        stop_service('myservice')
++    def post_mount_hook():
++        start_service('myservice')
++
++    if __name__ == '__main__':
++        try:
++            configure_volume(before_change=pre_mount_hook,
++                             after_change=post_mount_hook)
++        except VolumeConfigurationError:
++            log('Storage could not be configured', ERROR)
++'''
++
++# XXX: Known limitations
++# - fstab is neither consulted nor updated
++
++import os
++from charmhelpers.core import hookenv
++from charmhelpers.core import host
++import yaml
++
++
++MOUNT_BASE = '/srv/juju/volumes'
++
++
++class VolumeConfigurationError(Exception):
++    '''Volume configuration data is missing or invalid'''
++    pass
++
++
++def get_config():
++    '''Gather and sanity-check volume configuration data'''
++    volume_config = {}
++    config = hookenv.config()
++
++    errors = False
++
++    if config.get('volume-ephemeral') in (True, 'True', 'true', 'Yes', 'yes'):
++        volume_config['ephemeral'] = True
++    else:
++        volume_config['ephemeral'] = False
++
++    try:
++        volume_map = yaml.safe_load(config.get('volume-map', '{}'))
++    except yaml.YAMLError as e:
++        hookenv.log("Error parsing YAML volume-map: {}".format(e),
++                    hookenv.ERROR)
++        errors = True
++    if volume_map is None:
++        # probably an empty string
++        volume_map = {}
++    elif not isinstance(volume_map, dict):
++        hookenv.log("Volume-map should be a dictionary, not {}".format(
++            type(volume_map)))
++        errors = True
++
++    volume_config['device'] = volume_map.get(os.environ['JUJU_UNIT_NAME'])
++    if volume_config['device'] and volume_config['ephemeral']:
++        # asked for ephemeral storage but also defined a volume ID
++        hookenv.log('A volume is defined for this unit, but ephemeral '
++                    'storage was requested', hookenv.ERROR)
++        errors = True
++    elif not volume_config['device'] and not volume_config['ephemeral']:
++        # asked for permanent storage but did not define volume ID
++        hookenv.log('Ephemeral storage was requested, but there is no volume '
++                    'defined for this unit.', hookenv.ERROR)
++        errors = True
++
++    unit_mount_name = hookenv.local_unit().replace('/', '-')
++    volume_config['mountpoint'] = os.path.join(MOUNT_BASE, unit_mount_name)
++
++    if errors:
++        return None
++    return volume_config
++
++
++def mount_volume(config):
++    if os.path.exists(config['mountpoint']):
++        if not os.path.isdir(config['mountpoint']):
++            hookenv.log('Not a directory: {}'.format(config['mountpoint']))
++            raise VolumeConfigurationError()
++    else:
++        host.mkdir(config['mountpoint'])
++    if os.path.ismount(config['mountpoint']):
++        unmount_volume(config)
++    if not host.mount(config['device'], config['mountpoint'], persist=True):
++        raise VolumeConfigurationError()
++
++
++def unmount_volume(config):
++    if os.path.ismount(config['mountpoint']):
++        if not host.umount(config['mountpoint'], persist=True):
++            raise VolumeConfigurationError()
++
++
++def managed_mounts():
++    '''List of all mounted managed volumes'''
++    return filter(lambda mount: mount[0].startswith(MOUNT_BASE), host.mounts())
++
++
++def configure_volume(before_change=lambda: None, after_change=lambda: None):
++    '''Set up storage (or don't) according to the charm's volume configuration.
++       Returns the mount point or "ephemeral". before_change and after_change
++       are optional functions to be called if the volume configuration changes.
++    '''
++
++    config = get_config()
++    if not config:
++        hookenv.log('Failed to read volume configuration', hookenv.CRITICAL)
++        raise VolumeConfigurationError()
++
++    if config['ephemeral']:
++        if os.path.ismount(config['mountpoint']):
++            before_change()
++            unmount_volume(config)
++            after_change()
++        return 'ephemeral'
++    else:
++        # persistent storage
++        if os.path.ismount(config['mountpoint']):
++            mounts = dict(managed_mounts())
++            if mounts.get(config['mountpoint']) != config['device']:
++                before_change()
++                unmount_volume(config)
++                mount_volume(config)
++                after_change()
++        else:
++            before_change()
++            mount_volume(config)
++            after_change()
++        return config['mountpoint']
 === added directory 'lib/charm-helpers/charmhelpers/contrib/hahelpers'
 === added file 'lib/charm-helpers/charmhelpers/contrib/hahelpers/__init__.py'
 === added file 'lib/charm-helpers/charmhelpers/contrib/hahelpers/apache.py'
 --- lib/charm-helpers/charmhelpers/contrib/hahelpers/apache.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/hahelpers/apache.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,58 @@
++#
++# Copyright 2012 Canonical Ltd.
++#
++# This file is sourced from lp:openstack-charm-helpers
++#
++# Authors:
++#  James Page <james.page@ubuntu.com>
++#  Adam Gandelman <adamg@ubuntu.com>
++#
++
++import subprocess
++
++from charmhelpers.core.hookenv import (
++    config as config_get,
++    relation_get,
++    relation_ids,
++    related_units as relation_list,
++    log,
++    INFO,
++)
++
++
++def get_cert():
++    cert = config_get('ssl_cert')
++    key = config_get('ssl_key')
++    if not (cert and key):
++        log("Inspecting identity-service relations for SSL certificate.",
++            level=INFO)
++        cert = key = None
++        for r_id in relation_ids('identity-service'):
++            for unit in relation_list(r_id):
++                if not cert:
++                    cert = relation_get('ssl_cert',
++                                        rid=r_id, unit=unit)
++                if not key:
++                    key = relation_get('ssl_key',
++                                       rid=r_id, unit=unit)
++    return (cert, key)
++
++
++def get_ca_cert():
++    ca_cert = None
++    log("Inspecting identity-service relations for CA SSL certificate.",
++        level=INFO)
++    for r_id in relation_ids('identity-service'):
++        for unit in relation_list(r_id):
++            if not ca_cert:
++                ca_cert = relation_get('ca_cert',
++                                       rid=r_id, unit=unit)
++    return ca_cert
++
++
++def install_ca_cert(ca_cert):
++    if ca_cert:
++        with open('/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt',
++                  'w') as crt:
++            crt.write(ca_cert)
++        subprocess.check_call(['update-ca-certificates', '--fresh'])
 === added file 'lib/charm-helpers/charmhelpers/contrib/hahelpers/ceph.py'
 --- lib/charm-helpers/charmhelpers/contrib/hahelpers/ceph.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/hahelpers/ceph.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,294 @@
++#
++# Copyright 2012 Canonical Ltd.
++#
++# This file is sourced from lp:openstack-charm-helpers
++#
++# Authors:
++#  James Page <james.page@ubuntu.com>
++#  Adam Gandelman <adamg@ubuntu.com>
++#
++
++import commands
++import os
++import shutil
++import time
++
++from subprocess import (
++    check_call,
++    check_output,
++    CalledProcessError
++)
++
++from charmhelpers.core.hookenv import (
++    relation_get,
++    relation_ids,
++    related_units,
++    log,
++    INFO,
++    ERROR
++)
++
++from charmhelpers.fetch import (
++    apt_install,
++)
++
++from charmhelpers.core.host import (
++    mount,
++    mounts,
++    service_start,
++    service_stop,
++    umount,
++)
++
++KEYRING = '/etc/ceph/ceph.client.%s.keyring'
++KEYFILE = '/etc/ceph/ceph.client.%s.key'
++
++CEPH_CONF = """[global]
++ auth supported = %(auth)s
++ keyring = %(keyring)s
++ mon host = %(mon_hosts)s
++"""
++
++
++def running(service):
++    # this local util can be dropped as soon the following branch lands
++    # in lp:charm-helpers
++    # https://code.launchpad.net/~gandelman-a/charm-helpers/service_running/
++    try:
++        output = check_output(['service', service, 'status'])
++    except CalledProcessError:
++        return False
++    else:
++        if ("start/running" in output or "is running" in output):
++            return True
++        else:
++            return False
++
++
++def install():
++    ceph_dir = "/etc/ceph"
++    if not os.path.isdir(ceph_dir):
++        os.mkdir(ceph_dir)
++    apt_install('ceph-common', fatal=True)
++
++
++def rbd_exists(service, pool, rbd_img):
++    (rc, out) = commands.getstatusoutput('rbd list --id %s --pool %s' %
++                                         (service, pool))
++    return rbd_img in out
++
++
++def create_rbd_image(service, pool, image, sizemb):
++    cmd = [
++        'rbd',
++        'create',
++        image,
++        '--size',
++        str(sizemb),
++        '--id',
++        service,
++        '--pool',
++        pool
++    ]
++    check_call(cmd)
++
++
++def pool_exists(service, name):
++    (rc, out) = commands.getstatusoutput("rados --id %s lspools" % service)
++    return name in out
++
++
++def create_pool(service, name):
++    cmd = [
++        'rados',
++        '--id',
++        service,
++        'mkpool',
++        name
++    ]
++    check_call(cmd)
++
++
++def keyfile_path(service):
++    return KEYFILE % service
++
++
++def keyring_path(service):
++    return KEYRING % service
++
++
++def create_keyring(service, key):
++    keyring = keyring_path(service)
++    if os.path.exists(keyring):
++        log('ceph: Keyring exists at %s.' % keyring, level=INFO)
++    cmd = [
++        'ceph-authtool',
++        keyring,
++        '--create-keyring',
++        '--name=client.%s' % service,
++        '--add-key=%s' % key
++    ]
++    check_call(cmd)
++    log('ceph: Created new ring at %s.' % keyring, level=INFO)
++
++
++def create_key_file(service, key):
++    # create a file containing the key
++    keyfile = keyfile_path(service)
++    if os.path.exists(keyfile):
++        log('ceph: Keyfile exists at %s.' % keyfile, level=INFO)
++    fd = open(keyfile, 'w')
++    fd.write(key)
++    fd.close()
++    log('ceph: Created new keyfile at %s.' % keyfile, level=INFO)
++
++
++def get_ceph_nodes():
++    hosts = []
++    for r_id in relation_ids('ceph'):
++        for unit in related_units(r_id):
++            hosts.append(relation_get('private-address', unit=unit, rid=r_id))
++    return hosts
++
++
++def configure(service, key, auth):
++    create_keyring(service, key)
++    create_key_file(service, key)
++    hosts = get_ceph_nodes()
++    mon_hosts = ",".join(map(str, hosts))
++    keyring = keyring_path(service)
++    with open('/etc/ceph/ceph.conf', 'w') as ceph_conf:
++        ceph_conf.write(CEPH_CONF % locals())
++    modprobe_kernel_module('rbd')
++
++
++def image_mapped(image_name):
++    (rc, out) = commands.getstatusoutput('rbd showmapped')
++    return image_name in out
++
++
++def map_block_storage(service, pool, image):
++    cmd = [
++        'rbd',
++        'map',
++        '%s/%s' % (pool, image),
++        '--user',
++        service,
++        '--secret',
++        keyfile_path(service),
++    ]
++    check_call(cmd)
++
++
++def filesystem_mounted(fs):
++    return fs in [f for m, f in mounts()]
++
++
++def make_filesystem(blk_device, fstype='ext4', timeout=10):
++    count = 0
++    e_noent = os.errno.ENOENT
++    while not os.path.exists(blk_device):
++        if count >= timeout:
++            log('ceph: gave up waiting on block device %s' % blk_device,
++                level=ERROR)
++            raise IOError(e_noent, os.strerror(e_noent), blk_device)
++        log('ceph: waiting for block device %s to appear' % blk_device,
++            level=INFO)
++        count += 1
++        time.sleep(1)
++    else:
++        log('ceph: Formatting block device %s as filesystem %s.' %
++            (blk_device, fstype), level=INFO)
++        check_call(['mkfs', '-t', fstype, blk_device])
++
++
++def place_data_on_ceph(service, blk_device, data_src_dst, fstype='ext4'):
++    # mount block device into /mnt
++    mount(blk_device, '/mnt')
++
++    # copy data to /mnt
++    try:
++        copy_files(data_src_dst, '/mnt')
++    except:
++        pass
++
++    # umount block device
++    umount('/mnt')
++
++    _dir = os.stat(data_src_dst)
++    uid = _dir.st_uid
++    gid = _dir.st_gid
++
++    # re-mount where the data should originally be
++    mount(blk_device, data_src_dst, persist=True)
++
++    # ensure original ownership of new mount.
++    cmd = ['chown', '-R', '%s:%s' % (uid, gid), data_src_dst]
++    check_call(cmd)
++
++
++# TODO: re-use
++def modprobe_kernel_module(module):
++    log('ceph: Loading kernel module', level=INFO)
++    cmd = ['modprobe', module]
++    check_call(cmd)
++    cmd = 'echo %s >> /etc/modules' % module
++    check_call(cmd, shell=True)
++
++
++def copy_files(src, dst, symlinks=False, ignore=None):
++    for item in os.listdir(src):
++        s = os.path.join(src, item)
++        d = os.path.join(dst, item)
++        if os.path.isdir(s):
++            shutil.copytree(s, d, symlinks, ignore)
++        else:
++            shutil.copy2(s, d)
++
++
++def ensure_ceph_storage(service, pool, rbd_img, sizemb, mount_point,
++                        blk_device, fstype, system_services=[]):
++    """
++    To be called from the current cluster leader.
++    Ensures given pool and RBD image exists, is mapped to a block device,
++    and the device is formatted and mounted at the given mount_point.
++
++    If formatting a device for the first time, data existing at mount_point
++    will be migrated to the RBD device before being remounted.
++
++    All services listed in system_services will be stopped prior to data
++    migration and restarted when complete.
++    """
++    # Ensure pool, RBD image, RBD mappings are in place.
++    if not pool_exists(service, pool):
++        log('ceph: Creating new pool %s.' % pool, level=INFO)
++        create_pool(service, pool)
++
++    if not rbd_exists(service, pool, rbd_img):
++        log('ceph: Creating RBD image (%s).' % rbd_img, level=INFO)
++        create_rbd_image(service, pool, rbd_img, sizemb)
++
++    if not image_mapped(rbd_img):
++        log('ceph: Mapping RBD Image as a Block Device.', level=INFO)
++        map_block_storage(service, pool, rbd_img)
++
++    # make file system
++    # TODO: What happens if for whatever reason this is run again and
++    # the data is already in the rbd device and/or is mounted??
++    # When it is mounted already, it will fail to make the fs
++    # XXX: This is really sketchy!  Need to at least add an fstab entry
++    #      otherwise this hook will blow away existing data if its executed
++    #      after a reboot.
++    if not filesystem_mounted(mount_point):
++        make_filesystem(blk_device, fstype)
++
++        for svc in system_services:
++            if running(svc):
++                log('Stopping services %s prior to migrating data.' % svc,
++                    level=INFO)
++                service_stop(svc)
++
++        place_data_on_ceph(service, blk_device, mount_point, fstype)
++
++        for svc in system_services:
++            service_start(svc)
 === added file 'lib/charm-helpers/charmhelpers/contrib/hahelpers/cluster.py'
 --- lib/charm-helpers/charmhelpers/contrib/hahelpers/cluster.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/hahelpers/cluster.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,181 @@
++#
++# Copyright 2012 Canonical Ltd.
++#
++# Authors:
++#  James Page <james.page@ubuntu.com>
++#  Adam Gandelman <adamg@ubuntu.com>
++#
++
++import subprocess
++import os
++
++from socket import gethostname as get_unit_hostname
++
++from charmhelpers.core.hookenv import (
++    log,
++    relation_ids,
++    related_units as relation_list,
++    relation_get,
++    config as config_get,
++    INFO,
++    ERROR,
++    unit_get,
++)
++
++
++class HAIncompleteConfig(Exception):
++    pass
++
++
++def is_clustered():
++    for r_id in (relation_ids('ha') or []):
++        for unit in (relation_list(r_id) or []):
++            clustered = relation_get('clustered',
++                                     rid=r_id,
++                                     unit=unit)
++            if clustered:
++                return True
++    return False
++
++
++def is_leader(resource):
++    cmd = [
++        "crm", "resource",
++        "show", resource
++    ]
++    try:
++        status = subprocess.check_output(cmd)
++    except subprocess.CalledProcessError:
++        return False
++    else:
++        if get_unit_hostname() in status:
++            return True
++        else:
++            return False
++
++
++def peer_units():
++    peers = []
++    for r_id in (relation_ids('cluster') or []):
++        for unit in (relation_list(r_id) or []):
++            peers.append(unit)
++    return peers
++
++
++def oldest_peer(peers):
++    local_unit_no = int(os.getenv('JUJU_UNIT_NAME').split('/')[1])
++    for peer in peers:
++        remote_unit_no = int(peer.split('/')[1])
++        if remote_unit_no < local_unit_no:
++            return False
++    return True
++
++
++def eligible_leader(resource):
++    if is_clustered():
++        if not is_leader(resource):
++            log('Deferring action to CRM leader.', level=INFO)
++            return False
++    else:
++        peers = peer_units()
++        if peers and not oldest_peer(peers):
++            log('Deferring action to oldest service unit.', level=INFO)
++            return False
++    return True
++
++
++def https():
++    '''
++    Determines whether enough data has been provided in configuration
++    or relation data to configure HTTPS
++    .
++    returns: boolean
++    '''
++    if config_get('use-https') == "yes":
++        return True
++    if config_get('ssl_cert') and config_get('ssl_key'):
++        return True
++    for r_id in relation_ids('identity-service'):
++        for unit in relation_list(r_id):
++            if None not in [
++                relation_get('https_keystone', rid=r_id, unit=unit),
++                relation_get('ssl_cert', rid=r_id, unit=unit),
++                relation_get('ssl_key', rid=r_id, unit=unit),
++                relation_get('ca_cert', rid=r_id, unit=unit),
++            ]:
++                return True
++    return False
++
++
++def determine_api_port(public_port):
++    '''
++    Determine correct API server listening port based on
++    existence of HTTPS reverse proxy and/or haproxy.
++
++    public_port: int: standard public port for given service
++
++    returns: int: the correct listening port for the API service
++    '''
++    i = 0
++    if len(peer_units()) > 0 or is_clustered():
++        i += 1
++    if https():
++        i += 1
++    return public_port - (i * 10)
++
++
++def determine_haproxy_port(public_port):
++    '''
++    Description: Determine correct proxy listening port based on public IP +
++    existence of HTTPS reverse proxy.
++
++    public_port: int: standard public port for given service
++
++    returns: int: the correct listening port for the HAProxy service
++    '''
++    i = 0
++    if https():
++        i += 1
++    return public_port - (i * 10)
++
++
++def get_hacluster_config():
++    '''
++    Obtains all relevant configuration from charm configuration required
++    for initiating a relation to hacluster:
++
++        ha-bindiface, ha-mcastport, vip, vip_iface, vip_cidr
++
++    returns: dict: A dict containing settings keyed by setting name.
++    raises: HAIncompleteConfig if settings are missing.
++    '''
++    settings = ['ha-bindiface', 'ha-mcastport', 'vip', 'vip_iface', 'vip_cidr']
++    conf = {}
++    for setting in settings:
++        conf[setting] = config_get(setting)
++    missing = []
++    [missing.append(s) for s, v in conf.iteritems() if v is None]
++    if missing:
++        log('Insufficient config data to configure hacluster.', level=ERROR)
++        raise HAIncompleteConfig
++    return conf
++
++
++def canonical_url(configs, vip_setting='vip'):
++    '''
++    Returns the correct HTTP URL to this host given the state of HTTPS
++    configuration and hacluster.
++
++    :configs    : OSTemplateRenderer: A config tempating object to inspect for
++                                      a complete https context.
++    :vip_setting:                str: Setting in charm config that specifies
++                                      VIP address.
++    '''
++    scheme = 'http'
++    if 'https' in configs.complete_contexts():
++        scheme = 'https'
++    if is_clustered():
++        addr = config_get(vip_setting)
++    else:
++        addr = unit_get('private-address')
++    return '%s://%s' % (scheme, addr)
 === added directory 'lib/charm-helpers/charmhelpers/contrib/jujugui'
 === added file 'lib/charm-helpers/charmhelpers/contrib/jujugui/IMPORT'
 --- lib/charm-helpers/charmhelpers/contrib/jujugui/IMPORT	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/jujugui/IMPORT	2013-09-26 06:24:47 +0000
@@ -0,0 +1,4 @@
++Source: lp:charms/juju-gui
++
++juju-gui/hooks/utils.py -> charm-helpers/charmhelpers/contrib/jujugui/utils.py
++juju-gui/tests/test_utils.py -> charm-helpers/tests/contrib/jujugui/test_utils.py
 === added file 'lib/charm-helpers/charmhelpers/contrib/jujugui/__init__.py'
 === added file 'lib/charm-helpers/charmhelpers/contrib/jujugui/utils.py'
 --- lib/charm-helpers/charmhelpers/contrib/jujugui/utils.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/jujugui/utils.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,602 @@
++"""Juju GUI charm utilities."""
++
++__all__ = [
++    'AGENT',
++    'APACHE',
++    'API_PORT',
++    'CURRENT_DIR',
++    'HAPROXY',
++    'IMPROV',
++    'JUJU_DIR',
++    'JUJU_GUI_DIR',
++    'JUJU_GUI_SITE',
++    'JUJU_PEM',
++    'WEB_PORT',
++    'bzr_checkout',
++    'chain',
++    'cmd_log',
++    'fetch_api',
++    'fetch_gui',
++    'find_missing_packages',
++    'first_path_in_dir',
++    'get_api_address',
++    'get_npm_cache_archive_url',
++    'get_release_file_url',
++    'get_staging_dependencies',
++    'get_zookeeper_address',
++    'legacy_juju',
++    'log_hook',
++    'merge',
++    'parse_source',
++    'prime_npm_cache',
++    'render_to_file',
++    'save_or_create_certificates',
++    'setup_apache',
++    'setup_gui',
++    'start_agent',
++    'start_gui',
++    'start_improv',
++    'write_apache_config',
++]
++
++from contextlib import contextmanager
++import errno
++import json
++import os
++import logging
++import shutil
++from subprocess import CalledProcessError
++import tempfile
++from urlparse import urlparse
++
++import apt
++import tempita
++
++from launchpadlib.launchpad import Launchpad
++from shelltoolbox import (
++    Serializer,
++    apt_get_install,
++    command,
++    environ,
++    install_extra_repositories,
++    run,
++    script_name,
++    search_file,
++    su,
++)
++from charmhelpers.core.host import (
++    service_start,
++)
++from charmhelpers.core.hookenv import (
++    log,
++    config,
++    unit_get,
++)
++
++
++AGENT = 'juju-api-agent'
++APACHE = 'apache2'
++IMPROV = 'juju-api-improv'
++HAPROXY = 'haproxy'
++
++API_PORT = 8080
++WEB_PORT = 8000
++
++CURRENT_DIR = os.getcwd()
++JUJU_DIR = os.path.join(CURRENT_DIR, 'juju')
++JUJU_GUI_DIR = os.path.join(CURRENT_DIR, 'juju-gui')
++JUJU_GUI_SITE = '/etc/apache2/sites-available/juju-gui'
++JUJU_GUI_PORTS = '/etc/apache2/ports.conf'
++JUJU_PEM = 'juju.includes-private-key.pem'
++BUILD_REPOSITORIES = ('ppa:chris-lea/node.js-legacy',)
++DEB_BUILD_DEPENDENCIES = (
++    'bzr', 'imagemagick', 'make', 'nodejs', 'npm',
++)
++DEB_STAGE_DEPENDENCIES = (
++    'zookeeper',
++)
++
++
++# Store the configuration from on invocation to the next.
++config_json = Serializer('/tmp/config.json')
++# Bazaar checkout command.
++bzr_checkout = command('bzr', 'co', '--lightweight')
++# Whether or not the charm is deployed using juju-core.
++# If juju-core has been used to deploy the charm, an agent.conf file must
++# be present in the charm parent directory.
++legacy_juju = lambda: not os.path.exists(
++    os.path.join(CURRENT_DIR, '..', 'agent.conf'))
++
++
++def _get_build_dependencies():
++    """Install deb dependencies for building."""
++    log('Installing build dependencies.')
++    cmd_log(install_extra_repositories(*BUILD_REPOSITORIES))
++    cmd_log(apt_get_install(*DEB_BUILD_DEPENDENCIES))
++
++
++def get_api_address(unit_dir):
++    """Return the Juju API address stored in the uniter agent.conf file."""
++    import yaml  # python-yaml is only installed if juju-core is used.
++    # XXX 2013-03-27 frankban bug=1161443:
++        # currently the uniter agent.conf file does not include the API
++        # address. For now retrieve it from the machine agent file.
++    base_dir = os.path.abspath(os.path.join(unit_dir, '..'))
++    for dirname in os.listdir(base_dir):
++        if dirname.startswith('machine-'):
++            agent_conf = os.path.join(base_dir, dirname, 'agent.conf')
++            break
++    else:
++        raise IOError('Juju agent configuration file not found.')
++    contents = yaml.load(open(agent_conf))
++    return contents['apiinfo']['addrs'][0]
++
++
++def get_staging_dependencies():
++    """Install deb dependencies for the stage (improv) environment."""
++    log('Installing stage dependencies.')
++    cmd_log(apt_get_install(*DEB_STAGE_DEPENDENCIES))
++
++
++def first_path_in_dir(directory):
++    """Return the full path of the first file/dir in *directory*."""
++    return os.path.join(directory, os.listdir(directory)[0])
++
++
++def _get_by_attr(collection, attr, value):
++    """Return the first item in collection having attr == value.
++
++    Return None if the item is not found.
++    """
++    for item in collection:
++        if getattr(item, attr) == value:
++            return item
++
++
++def get_release_file_url(project, series_name, release_version):
++    """Return the URL of the release file hosted in Launchpad.
++
++    The returned URL points to a release file for the given project, series
++    name and release version.
++    The argument *project* is a project object as returned by launchpadlib.
++    The arguments *series_name* and *release_version* are strings. If
++    *release_version* is None, the URL of the latest release will be returned.
++    """
++    series = _get_by_attr(project.series, 'name', series_name)
++    if series is None:
++        raise ValueError('%r: series not found' % series_name)
++    # Releases are returned by Launchpad in reverse date order.
++    releases = list(series.releases)
++    if not releases:
++        raise ValueError('%r: series does not contain releases' % series_name)
++    if release_version is not None:
++        release = _get_by_attr(releases, 'version', release_version)
++        if release is None:
++            raise ValueError('%r: release not found' % release_version)
++        releases = [release]
++    for release in releases:
++        for file_ in release.files:
++            if str(file_).endswith('.tgz'):
++                return file_.file_link
++    raise ValueError('%r: file not found' % release_version)
++
++
++def get_zookeeper_address(agent_file_path):
++    """Retrieve the Zookeeper address contained in the given *agent_file_path*.
++
++    The *agent_file_path* is a path to a file containing a line similar to the
++    following::
++
++        env JUJU_ZOOKEEPER="address"
++    """
++    line = search_file('JUJU_ZOOKEEPER', agent_file_path).strip()
++    return line.split('=')[1].strip('"')
++
++
++@contextmanager
++def log_hook():
++    """Log when a hook starts and stops its execution.
++
++    Also log to stdout possible CalledProcessError exceptions raised executing
++    the hook.
++    """
++    script = script_name()
++    log(">>> Entering {}".format(script))
++    try:
++        yield
++    except CalledProcessError as err:
++        log('Exception caught:')
++        log(err.output)
++        raise
++    finally:
++        log("<<< Exiting {}".format(script))
++
++
++def parse_source(source):
++    """Parse the ``juju-gui-source`` option.
++
++    Return a tuple of two elements representing info on how to deploy Juju GUI.
++    Examples:
++       - ('stable', None): latest stable release;
++       - ('stable', '0.1.0'): stable release v0.1.0;
++       - ('trunk', None): latest trunk release;
++       - ('trunk', '0.1.0+build.1'): trunk release v0.1.0 bzr revision 1;
++       - ('branch', 'lp:juju-gui'): release is made from a branch;
++       - ('url', 'http://example.com/gui'): release from a downloaded file.
++    """
++    if source.startswith('url:'):
++        source = source[4:]
++        # Support file paths, including relative paths.
++        if urlparse(source).scheme == '':
++            if not source.startswith('/'):
++                source = os.path.join(os.path.abspath(CURRENT_DIR), source)
++            source = "file://%s" % source
++        return 'url', source
++    if source in ('stable', 'trunk'):
++        return source, None
++    if source.startswith('lp:') or source.startswith('http://'):
++        return 'branch', source
++    if 'build' in source:
++        return 'trunk', source
++    return 'stable', source
++
++
++def render_to_file(template_name, context, destination):
++    """Render the given *template_name* into *destination* using *context*.
++
++    The tempita template language is used to render contents
++    (see http://pythonpaste.org/tempita/).
++    The argument *template_name* is the name or path of the template file:
++    it may be either a path relative to ``../config`` or an absolute path.
++    The argument *destination* is a file path.
++    The argument *context* is a dict-like object.
++    """
++    template_path = os.path.abspath(template_name)
++    template = tempita.Template.from_filename(template_path)
++    with open(destination, 'w') as stream:
++        stream.write(template.substitute(context))
++
++
++results_log = None
++
++
++def _setupLogging():
++    global results_log
++    if results_log is not None:
++        return
++    cfg = config()
++    logging.basicConfig(
++        filename=cfg['command-log-file'],
++        level=logging.INFO,
++        format="%(asctime)s: %(name)s@%(levelname)s %(message)s")
++    results_log = logging.getLogger('juju-gui')
++
++
++def cmd_log(results):
++    global results_log
++    if not results:
++        return
++    if results_log is None:
++        _setupLogging()
++    # Since 'results' may be multi-line output, start it on a separate line
++    # from the logger timestamp, etc.
++    results_log.info('\n' + results)
++
++
++def start_improv(staging_env, ssl_cert_path,
++                 config_path='/etc/init/juju-api-improv.conf'):
++    """Start a simulated juju environment using ``improv.py``."""
++    log('Setting up staging start up script.')
++    context = {
++        'juju_dir': JUJU_DIR,
++        'keys': ssl_cert_path,
++        'port': API_PORT,
++        'staging_env': staging_env,
++    }
++    render_to_file('config/juju-api-improv.conf.template', context, config_path)
++    log('Starting the staging backend.')
++    with su('root'):
++        service_start(IMPROV)
++
++
++def start_agent(
++        ssl_cert_path, config_path='/etc/init/juju-api-agent.conf',
++        read_only=False):
++    """Start the Juju agent and connect to the current environment."""
++    # Retrieve the Zookeeper address from the start up script.
++    unit_dir = os.path.realpath(os.path.join(CURRENT_DIR, '..'))
++    agent_file = '/etc/init/juju-{0}.conf'.format(os.path.basename(unit_dir))
++    zookeeper = get_zookeeper_address(agent_file)
++    log('Setting up API agent start up script.')
++    context = {
++        'juju_dir': JUJU_DIR,
++        'keys': ssl_cert_path,
++        'port': API_PORT,
++        'zookeeper': zookeeper,
++        'read_only': read_only
++    }
++    render_to_file('config/juju-api-agent.conf.template', context, config_path)
++    log('Starting API agent.')
++    with su('root'):
++        service_start(AGENT)
++
++
++def start_gui(
++        console_enabled, login_help, readonly, in_staging, ssl_cert_path,
++        charmworld_url, serve_tests, haproxy_path='/etc/haproxy/haproxy.cfg',
++        config_js_path=None, secure=True, sandbox=False):
++    """Set up and start the Juju GUI server."""
++    with su('root'):
++        run('chown', '-R', 'ubuntu:', JUJU_GUI_DIR)
++    # XXX 2013-02-05 frankban bug=1116320:
++        # External insecure resources are still loaded when testing in the
++        # debug environment. For now, switch to the production environment if
++        # the charm is configured to serve tests.
++    if in_staging and not serve_tests:
++        build_dirname = 'build-debug'
++    else:
++        build_dirname = 'build-prod'
++    build_dir = os.path.join(JUJU_GUI_DIR, build_dirname)
++    log('Generating the Juju GUI configuration file.')
++    is_legacy_juju = legacy_juju()
++    user, password = None, None
++    if (is_legacy_juju and in_staging) or sandbox:
++        user, password = 'admin', 'admin'
++    else:
++        user, password = None, None
++
++    api_backend = 'python' if is_legacy_juju else 'go'
++    if secure:
++        protocol = 'wss'
++    else:
++        log('Running in insecure mode! Port 80 will serve unencrypted.')
++        protocol = 'ws'
++
++    context = {
++        'raw_protocol': protocol,
++        'address': unit_get('public-address'),
++        'console_enabled': json.dumps(console_enabled),
++        'login_help': json.dumps(login_help),
++        'password': json.dumps(password),
++        'api_backend': json.dumps(api_backend),
++        'readonly': json.dumps(readonly),
++        'user': json.dumps(user),
++        'protocol': json.dumps(protocol),
++        'sandbox': json.dumps(sandbox),
++        'charmworld_url': json.dumps(charmworld_url),
++    }
++    if config_js_path is None:
++        config_js_path = os.path.join(
++            build_dir, 'juju-ui', 'assets', 'config.js')
++    render_to_file('config/config.js.template', context, config_js_path)
++
++    write_apache_config(build_dir, serve_tests)
++
++    log('Generating haproxy configuration file.')
++    if is_legacy_juju:
++        # The PyJuju API agent is listening on localhost.
++        api_address = '127.0.0.1:{0}'.format(API_PORT)
++    else:
++        # Retrieve the juju-core API server address.
++        api_address = get_api_address(os.path.join(CURRENT_DIR, '..'))
++    context = {
++        'api_address': api_address,
++        'api_pem': JUJU_PEM,
++        'legacy_juju': is_legacy_juju,
++        'ssl_cert_path': ssl_cert_path,
++        # In PyJuju environments, use the same certificate for both HTTPS and
++        # WebSocket connections. In juju-core the system already has the proper
++        # certificate installed.
++        'web_pem': JUJU_PEM,
++        'web_port': WEB_PORT,
++        'secure': secure
++    }
++    render_to_file('config/haproxy.cfg.template', context, haproxy_path)
++    log('Starting Juju GUI.')
++
++
++def write_apache_config(build_dir, serve_tests=False):
++    log('Generating the apache site configuration file.')
++    context = {
++        'port': WEB_PORT,
++        'serve_tests': serve_tests,
++        'server_root': build_dir,
++        'tests_root': os.path.join(JUJU_GUI_DIR, 'test', ''),
++    }
++    render_to_file('config/apache-ports.template', context, JUJU_GUI_PORTS)
++    render_to_file('config/apache-site.template', context, JUJU_GUI_SITE)
++
++
++def get_npm_cache_archive_url(Launchpad=Launchpad):
++    """Figure out the URL of the most recent NPM cache archive on Launchpad."""
++    launchpad = Launchpad.login_anonymously('Juju GUI charm', 'production')
++    project = launchpad.projects['juju-gui']
++    # Find the URL of the most recently created NPM cache archive.
++    npm_cache_url = get_release_file_url(project, 'npm-cache', None)
++    return npm_cache_url
++
++
++def prime_npm_cache(npm_cache_url):
++    """Download NPM cache archive and prime the NPM cache with it."""
++    # Download the cache archive and then uncompress it into the NPM cache.
++    npm_cache_archive = os.path.join(CURRENT_DIR, 'npm-cache.tgz')
++    cmd_log(run('curl', '-L', '-o', npm_cache_archive, npm_cache_url))
++    npm_cache_dir = os.path.expanduser('~/.npm')
++    # The NPM cache directory probably does not exist, so make it if not.
++    try:
++        os.mkdir(npm_cache_dir)
++    except OSError, e:
++        # If the directory already exists then ignore the error.
++        if e.errno != errno.EEXIST:  # File exists.
++            raise
++    uncompress = command('tar', '-x', '-z', '-C', npm_cache_dir, '-f')
++    cmd_log(uncompress(npm_cache_archive))
++
++
++def fetch_gui(juju_gui_source, logpath):
++    """Retrieve the Juju GUI release/branch."""
++    # Retrieve a Juju GUI release.
++    origin, version_or_branch = parse_source(juju_gui_source)
++    if origin == 'branch':
++        # Make sure we have the dependencies necessary for us to actually make
++        # a build.
++        _get_build_dependencies()
++        # Create a release starting from a branch.
++        juju_gui_source_dir = os.path.join(CURRENT_DIR, 'juju-gui-source')
++        log('Retrieving Juju GUI source checkout from %s.' % version_or_branch)
++        cmd_log(run('rm', '-rf', juju_gui_source_dir))
++        cmd_log(bzr_checkout(version_or_branch, juju_gui_source_dir))
++        log('Preparing a Juju GUI release.')
++        logdir = os.path.dirname(logpath)
++        fd, name = tempfile.mkstemp(prefix='make-distfile-', dir=logdir)
++        log('Output from "make distfile" sent to %s' % name)
++        with environ(NO_BZR='1'):
++            run('make', '-C', juju_gui_source_dir, 'distfile',
++                stdout=fd, stderr=fd)
++        release_tarball = first_path_in_dir(
++            os.path.join(juju_gui_source_dir, 'releases'))
++    else:
++        log('Retrieving Juju GUI release.')
++        if origin == 'url':
++            file_url = version_or_branch
++        else:
++            # Retrieve a release from Launchpad.
++            launchpad = Launchpad.login_anonymously(
++                'Juju GUI charm', 'production')
++            project = launchpad.projects['juju-gui']
++            file_url = get_release_file_url(project, origin, version_or_branch)
++        log('Downloading release file from %s.' % file_url)
++        release_tarball = os.path.join(CURRENT_DIR, 'release.tgz')
++        cmd_log(run('curl', '-L', '-o', release_tarball, file_url))
++    return release_tarball
++
++
++def fetch_api(juju_api_branch):
++    """Retrieve the Juju branch."""
++    # Retrieve Juju API source checkout.
++    log('Retrieving Juju API source checkout.')
++    cmd_log(run('rm', '-rf', JUJU_DIR))
++    cmd_log(bzr_checkout(juju_api_branch, JUJU_DIR))
++
++
++def setup_gui(release_tarball):
++    """Set up Juju GUI."""
++    # Uncompress the release tarball.
++    log('Installing Juju GUI.')
++    release_dir = os.path.join(CURRENT_DIR, 'release')
++    cmd_log(run('rm', '-rf', release_dir))
++    os.mkdir(release_dir)
++    uncompress = command('tar', '-x', '-z', '-C', release_dir, '-f')
++    cmd_log(uncompress(release_tarball))
++    # Link the Juju GUI dir to the contents of the release tarball.
++    cmd_log(run('ln', '-sf', first_path_in_dir(release_dir), JUJU_GUI_DIR))
++
++
++def setup_apache():
++    """Set up apache."""
++    log('Setting up apache.')
++    if not os.path.exists(JUJU_GUI_SITE):
++        cmd_log(run('touch', JUJU_GUI_SITE))
++        cmd_log(run('chown', 'ubuntu:', JUJU_GUI_SITE))
++        cmd_log(
++            run('ln', '-s', JUJU_GUI_SITE,
++                '/etc/apache2/sites-enabled/juju-gui'))
++
++    if not os.path.exists(JUJU_GUI_PORTS):
++        cmd_log(run('touch', JUJU_GUI_PORTS))
++        cmd_log(run('chown', 'ubuntu:', JUJU_GUI_PORTS))
++
++    with su('root'):
++        run('a2dissite', 'default')
++        run('a2ensite', 'juju-gui')
++
++
++def save_or_create_certificates(
++        ssl_cert_path, ssl_cert_contents, ssl_key_contents):
++    """Generate the SSL certificates.
++
++    If both *ssl_cert_contents* and *ssl_key_contents* are provided, use them
++    as certificates; otherwise, generate them.
++
++    Also create a pem file, suitable for use in the haproxy configuration,
++    concatenating the key and the certificate files.
++    """
++    crt_path = os.path.join(ssl_cert_path, 'juju.crt')
++    key_path = os.path.join(ssl_cert_path, 'juju.key')
++    if not os.path.exists(ssl_cert_path):
++        os.makedirs(ssl_cert_path)
++    if ssl_cert_contents and ssl_key_contents:
++        # Save the provided certificates.
++        with open(crt_path, 'w') as cert_file:
++            cert_file.write(ssl_cert_contents)
++        with open(key_path, 'w') as key_file:
++            key_file.write(ssl_key_contents)
++    else:
++        # Generate certificates.
++        # See http://superuser.com/questions/226192/openssl-without-prompt
++        cmd_log(run(
++            'openssl', 'req', '-new', '-newkey', 'rsa:4096',
++            '-days', '365', '-nodes', '-x509', '-subj',
++            # These are arbitrary test values for the certificate.
++            '/C=GB/ST=Juju/L=GUI/O=Ubuntu/CN=juju.ubuntu.com',
++            '-keyout', key_path, '-out', crt_path))
++    # Generate the pem file.
++    pem_path = os.path.join(ssl_cert_path, JUJU_PEM)
++    if os.path.exists(pem_path):
++        os.remove(pem_path)
++    with open(pem_path, 'w') as pem_file:
++        shutil.copyfileobj(open(key_path), pem_file)
++        shutil.copyfileobj(open(crt_path), pem_file)
++
++
++def find_missing_packages(*packages):
++    """Given a list of packages, return the packages which are not installed.
++    """
++    cache = apt.Cache()
++    missing = set()
++    for pkg_name in packages:
++        try:
++            pkg = cache[pkg_name]
++        except KeyError:
++            missing.add(pkg_name)
++            continue
++        if pkg.is_installed:
++            continue
++        missing.add(pkg_name)
++    return missing
++
++
++## Backend support decorators
++
++def chain(name):
++    """Helper method to compose a set of mixin objects into a callable.
++
++    Each method is called in the context of its mixin instance, and its
++    argument is the Backend instance.
++    """
++    # Chain method calls through all implementing mixins.
++    def method(self):
++        for mixin in self.mixins:
++            a_callable = getattr(type(mixin), name, None)
++            if a_callable:
++                a_callable(mixin, self)
++
++    method.__name__ = name
++    return method
++
++
++def merge(name):
++    """Helper to merge a property from a set of strategy objects
++    into a unified set.
++    """
++    # Return merged property from every providing mixin as a set.
++    @property
++    def method(self):
++        result = set()
++        for mixin in self.mixins:
++            segment = getattr(type(mixin), name, None)
++            if segment and isinstance(segment, (list, tuple, set)):
++                result |= set(segment)
++
++        return result
++    return method
 === added directory 'lib/charm-helpers/charmhelpers/contrib/network'
 === added file 'lib/charm-helpers/charmhelpers/contrib/network/__init__.py'
 === added directory 'lib/charm-helpers/charmhelpers/contrib/network/ovs'
 === added file 'lib/charm-helpers/charmhelpers/contrib/network/ovs/__init__.py'
 --- lib/charm-helpers/charmhelpers/contrib/network/ovs/__init__.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/network/ovs/__init__.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,72 @@
++''' Helpers for interacting with OpenvSwitch '''
++import subprocess
++import os
++from charmhelpers.core.hookenv import (
++    log, WARNING
++)
++from charmhelpers.core.host import (
++    service
++)
++
++
++def add_bridge(name):
++    ''' Add the named bridge to openvswitch '''
++    log('Creating bridge {}'.format(name))
++    subprocess.check_call(["ovs-vsctl", "--", "--may-exist", "add-br", name])
++
++
++def del_bridge(name):
++    ''' Delete the named bridge from openvswitch '''
++    log('Deleting bridge {}'.format(name))
++    subprocess.check_call(["ovs-vsctl", "--", "--if-exists", "del-br", name])
++
++
++def add_bridge_port(name, port):
++    ''' Add a port to the named openvswitch bridge '''
++    log('Adding port {} to bridge {}'.format(port, name))
++    subprocess.check_call(["ovs-vsctl", "--", "--may-exist", "add-port",
++                           name, port])
++    subprocess.check_call(["ip", "link", "set", port, "up"])
++
++
++def del_bridge_port(name, port):
++    ''' Delete a port from the named openvswitch bridge '''
++    log('Deleting port {} from bridge {}'.format(port, name))
++    subprocess.check_call(["ovs-vsctl", "--", "--if-exists", "del-port",
++                           name, port])
++    subprocess.check_call(["ip", "link", "set", port, "down"])
++
++
++def set_manager(manager):
++    ''' Set the controller for the local openvswitch '''
++    log('Setting manager for local ovs to {}'.format(manager))
++    subprocess.check_call(['ovs-vsctl', 'set-manager',
++                           'ssl:{}'.format(manager)])
++
++
++CERT_PATH = '/etc/openvswitch/ovsclient-cert.pem'
++
++
++def get_certificate():
++    ''' Read openvswitch certificate from disk '''
++    if os.path.exists(CERT_PATH):
++        log('Reading ovs certificate from {}'.format(CERT_PATH))
++        with open(CERT_PATH, 'r') as cert:
++            full_cert = cert.read()
++            begin_marker = "-----BEGIN CERTIFICATE-----"
++            end_marker = "-----END CERTIFICATE-----"
++            begin_index = full_cert.find(begin_marker)
++            end_index = full_cert.rfind(end_marker)
++            if end_index == -1 or begin_index == -1:
++                raise RuntimeError("Certificate does not contain valid begin"
++                                   " and end markers.")
++            full_cert = full_cert[begin_index:(end_index + len(end_marker))]
++            return full_cert
++    else:
++        log('Certificate not found', level=WARNING)
++        return None
++
++
++def full_restart():
++    ''' Full restart and reload of openvswitch '''
++    service('force-reload-kmod', 'openvswitch-switch')
 === added directory 'lib/charm-helpers/charmhelpers/contrib/openstack'
 === added file 'lib/charm-helpers/charmhelpers/contrib/openstack/__init__.py'
 === added file 'lib/charm-helpers/charmhelpers/contrib/openstack/context.py'
 --- lib/charm-helpers/charmhelpers/contrib/openstack/context.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/openstack/context.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,294 @@
++import os
++
++from base64 import b64decode
++
++from subprocess import (
++    check_call
++)
++
++from charmhelpers.core.hookenv import (
++    config,
++    local_unit,
++    log,
++    relation_get,
++    relation_ids,
++    related_units,
++    unit_get,
++)
++
++from charmhelpers.contrib.hahelpers.cluster import (
++    determine_api_port,
++    determine_haproxy_port,
++    https,
++    is_clustered,
++    peer_units,
++)
++
++from charmhelpers.contrib.hahelpers.apache import (
++    get_cert,
++    get_ca_cert,
++)
++
++CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'
++
++
++class OSContextError(Exception):
++    pass
++
++
++def context_complete(ctxt):
++    _missing = []
++    for k, v in ctxt.iteritems():
++        if v is None or v == '':
++            _missing.append(k)
++    if _missing:
++        log('Missing required data: %s' % ' '.join(_missing), level='INFO')
++        return False
++    return True
++
++
++class OSContextGenerator(object):
++    interfaces = []
++
++    def __call__(self):
++        raise NotImplementedError
++
++
++class SharedDBContext(OSContextGenerator):
++    interfaces = ['shared-db']
++
++    def __call__(self):
++        log('Generating template context for shared-db')
++        conf = config()
++        try:
++            database = conf['database']
++            username = conf['database-user']
++        except KeyError as e:
++            log('Could not generate shared_db context. '
++                'Missing required charm config options: %s.' % e)
++            raise OSContextError
++        ctxt = {}
++        for rid in relation_ids('shared-db'):
++            for unit in related_units(rid):
++                ctxt = {
++                    'database_host': relation_get('db_host', rid=rid,
++                                                  unit=unit),
++                    'database': database,
++                    'database_user': username,
++                    'database_password': relation_get('password', rid=rid,
++                                                      unit=unit)
++                }
++        if not context_complete(ctxt):
++            return {}
++        return ctxt
++
++
++class IdentityServiceContext(OSContextGenerator):
++    interfaces = ['identity-service']
++
++    def __call__(self):
++        log('Generating template context for identity-service')
++        ctxt = {}
++
++        for rid in relation_ids('identity-service'):
++            for unit in related_units(rid):
++                ctxt = {
++                    'service_port': relation_get('service_port', rid=rid,
++                                                 unit=unit),
++                    'service_host': relation_get('service_host', rid=rid,
++                                                 unit=unit),
++                    'auth_host': relation_get('auth_host', rid=rid, unit=unit),
++                    'auth_port': relation_get('auth_port', rid=rid, unit=unit),
++                    'admin_tenant_name': relation_get('service_tenant',
++                                                      rid=rid, unit=unit),
++                    'admin_user': relation_get('service_username', rid=rid,
++                                               unit=unit),
++                    'admin_password': relation_get('service_password', rid=rid,
++                                                   unit=unit),
++                    # XXX: Hard-coded http.
++                    'service_protocol': 'http',
++                    'auth_protocol': 'http',
++                }
++        if not context_complete(ctxt):
++            return {}
++        return ctxt
++
++
++class AMQPContext(OSContextGenerator):
++    interfaces = ['amqp']
++
++    def __call__(self):
++        log('Generating template context for amqp')
++        conf = config()
++        try:
++            username = conf['rabbit-user']
++            vhost = conf['rabbit-vhost']
++        except KeyError as e:
++            log('Could not generate shared_db context. '
++                'Missing required charm config options: %s.' % e)
++            raise OSContextError
++
++        ctxt = {}
++        for rid in relation_ids('amqp'):
++            for unit in related_units(rid):
++                if relation_get('clustered', rid=rid, unit=unit):
++                    rabbitmq_host = relation_get('vip', rid=rid, unit=unit)
++                else:
++                    rabbitmq_host = relation_get('private-address',
++                                                 rid=rid, unit=unit)
++                ctxt = {
++                    'rabbitmq_host': rabbitmq_host,
++                    'rabbitmq_user': username,
++                    'rabbitmq_password': relation_get('password', rid=rid,
++                                                      unit=unit),
++                    'rabbitmq_virtual_host': vhost,
++                }
++        if not context_complete(ctxt):
++            return {}
++        return ctxt
++
++
++class CephContext(OSContextGenerator):
++    interfaces = ['ceph']
++
++    def __call__(self):
++        '''This generates context for /etc/ceph/ceph.conf templates'''
++        log('Generating tmeplate context for ceph')
++        mon_hosts = []
++        auth = None
++        for rid in relation_ids('ceph'):
++            for unit in related_units(rid):
++                mon_hosts.append(relation_get('private-address', rid=rid,
++                                              unit=unit))
++                auth = relation_get('auth', rid=rid, unit=unit)
++
++        ctxt = {
++            'mon_hosts': ' '.join(mon_hosts),
++            'auth': auth,
++        }
++        if not context_complete(ctxt):
++            return {}
++        return ctxt
++
++
++class HAProxyContext(OSContextGenerator):
++    interfaces = ['cluster']
++
++    def __call__(self):
++        '''
++        Builds half a context for the haproxy template, which describes
++        all peers to be included in the cluster.  Each charm needs to include
++        its own context generator that describes the port mapping.
++        '''
++        if not relation_ids('cluster'):
++            return {}
++
++        cluster_hosts = {}
++        l_unit = local_unit().replace('/', '-')
++        cluster_hosts[l_unit] = unit_get('private-address')
++
++        for rid in relation_ids('cluster'):
++            for unit in related_units(rid):
++                _unit = unit.replace('/', '-')
++                addr = relation_get('private-address', rid=rid, unit=unit)
++                cluster_hosts[_unit] = addr
++
++        ctxt = {
++            'units': cluster_hosts,
++        }
++        if len(cluster_hosts.keys()) > 1:
++            # Enable haproxy when we have enough peers.
++            log('Ensuring haproxy enabled in /etc/default/haproxy.')
++            with open('/etc/default/haproxy', 'w') as out:
++                out.write('ENABLED=1\n')
++            return ctxt
++        log('HAProxy context is incomplete, this unit has no peers.')
++        return {}
++
++
++class ImageServiceContext(OSContextGenerator):
++    interfaces = ['image-servce']
++
++    def __call__(self):
++        '''
++        Obtains the glance API server from the image-service relation.  Useful
++        in nova and cinder (currently).
++        '''
++        log('Generating template context for image-service.')
++        rids = relation_ids('image-service')
++        if not rids:
++            return {}
++        for rid in rids:
++            for unit in related_units(rid):
++                api_server = relation_get('glance-api-server',
++                                          rid=rid, unit=unit)
++                if api_server:
++                    return {'glance_api_servers': api_server}
++        log('ImageService context is incomplete. '
++            'Missing required relation data.')
++        return {}
++
++
++class ApacheSSLContext(OSContextGenerator):
++    """
++    Generates a context for an apache vhost configuration that configures
++    HTTPS reverse proxying for one or many endpoints.  Generated context
++    looks something like:
++    {
++        'namespace': 'cinder',
++        'private_address': 'iscsi.mycinderhost.com',
++        'endpoints': [(8776, 8766), (8777, 8767)]
++    }
++
++    The endpoints list consists of a tuples mapping external ports
++    to internal ports.
++    """
++    interfaces = ['https']
++
++    # charms should inherit this context and set external ports
++    # and service namespace accordingly.
++    external_ports = []
++    service_namespace = None
++
++    def enable_modules(self):
++        cmd = ['a2enmod', 'ssl', 'proxy', 'proxy_http']
++        check_call(cmd)
++
++    def configure_cert(self):
++        if not os.path.isdir('/etc/apache2/ssl'):
++            os.mkdir('/etc/apache2/ssl')
++        ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace)
++        if not os.path.isdir(ssl_dir):
++            os.mkdir(ssl_dir)
++        cert, key = get_cert()
++        with open(os.path.join(ssl_dir, 'cert'), 'w') as cert_out:
++            cert_out.write(b64decode(cert))
++        with open(os.path.join(ssl_dir, 'key'), 'w') as key_out:
++            key_out.write(b64decode(key))
++        ca_cert = get_ca_cert()
++        if ca_cert:
++            with open(CA_CERT_PATH, 'w') as ca_out:
++                ca_out.write(b64decode(ca_cert))
++
++    def __call__(self):
++        if isinstance(self.external_ports, basestring):
++            self.external_ports = [self.external_ports]
++        if (not self.external_ports or not https()):
++            return {}
++
++        self.configure_cert()
++        self.enable_modules()
++
++        ctxt = {
++            'namespace': self.service_namespace,
++            'private_address': unit_get('private-address'),
++            'endpoints': []
++        }
++        for ext_port in self.external_ports:
++            if peer_units() or is_clustered():
++                int_port = determine_haproxy_port(ext_port)
++            else:
++                int_port = determine_api_port(ext_port)
++            portmap = (int(ext_port), int(int_port))
++            ctxt['endpoints'].append(portmap)
++        return ctxt
 === added directory 'lib/charm-helpers/charmhelpers/contrib/openstack/templates'
 === added file 'lib/charm-helpers/charmhelpers/contrib/openstack/templates/__init__.py'
 --- lib/charm-helpers/charmhelpers/contrib/openstack/templates/__init__.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/openstack/templates/__init__.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,2 @@
++# dummy __init__.py to fool syncer into thinking this is a syncable python
++# module
 === added file 'lib/charm-helpers/charmhelpers/contrib/openstack/templates/ceph.conf'
 --- lib/charm-helpers/charmhelpers/contrib/openstack/templates/ceph.conf	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/openstack/templates/ceph.conf	2013-09-26 06:24:47 +0000
@@ -0,0 +1,11 @@
++###############################################################################
++# [ WARNING ]
++# cinder configuration file maintained by Juju
++# local changes may be overwritten.
++###############################################################################
++{% if auth -%}
++[global]
++ auth_supported = {{ auth }}
++ keyring = /etc/ceph/$cluster.$name.keyring
++ mon host = {{ mon_hosts }}
++{% endif -%}
 === added file 'lib/charm-helpers/charmhelpers/contrib/openstack/templates/haproxy.cfg'
 --- lib/charm-helpers/charmhelpers/contrib/openstack/templates/haproxy.cfg	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/openstack/templates/haproxy.cfg	2013-09-26 06:24:47 +0000
@@ -0,0 +1,37 @@
++global
++    log 127.0.0.1 local0
++    log 127.0.0.1 local1 notice
++    maxconn 20000
++    user haproxy
++    group haproxy
++    spread-checks 0
++
++defaults
++    log global
++    mode http
++    option httplog
++    option dontlognull
++    retries 3
++    timeout queue 1000
++    timeout connect 1000
++    timeout client 30000
++    timeout server 30000
++
++listen stats :8888
++    mode http
++    stats enable
++    stats hide-version
++    stats realm Haproxy\ Statistics
++    stats uri /
++    stats auth admin:password
++
++{% if units -%}
++{% for service, ports in service_ports.iteritems() -%}
++listen {{ service }} 0.0.0.0:{{ ports[0] }}
++    balance roundrobin
++    option tcplog
++    {% for unit, address in units.iteritems() -%}
++    server {{ unit }} {{ address }}:{{ ports[1] }} check
++    {% endfor %}
++{% endfor -%}
++{% endif -%}
 === added file 'lib/charm-helpers/charmhelpers/contrib/openstack/templates/openstack_https_frontend'
 --- lib/charm-helpers/charmhelpers/contrib/openstack/templates/openstack_https_frontend	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/openstack/templates/openstack_https_frontend	2013-09-26 06:24:47 +0000
@@ -0,0 +1,23 @@
++{% if endpoints -%}
++{% for ext, int in endpoints -%}
++Listen {{ ext }}
++NameVirtualHost *:{{ ext }}
++<VirtualHost *:{{ ext }}>
++    ServerName {{ private_address }}
++    SSLEngine on
++    SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert
++    SSLCertificateKeyFile /etc/apache2/ssl/{{ namespace }}/key
++    ProxyPass / http://localhost:{{ int }}/
++    ProxyPassReverse / http://localhost:{{ int }}/
++    ProxyPreserveHost on
++</VirtualHost>
++<Proxy *>
++    Order deny,allow
++    Allow from all
++</Proxy>
++<Location />
++    Order allow,deny
++    Allow from all
++</Location>
++{% endfor -%}
++{% endif -%}
 === added file 'lib/charm-helpers/charmhelpers/contrib/openstack/templating.py'
 --- lib/charm-helpers/charmhelpers/contrib/openstack/templating.py	1970-01-01 00:00:00 +0000
 +++ lib/charm-helpers/charmhelpers/contrib/openstack/templating.py	2013-09-26 06:24:47 +0000
@@ -0,0 +1,261 @@
++import os
++
++from charmhelpers.fetch import apt_install
++
++from charmhelpers.core.hookenv import (
++    log,
++    ERROR,
++    INFO
++)
++
++from charmhelpers.contrib.openstack.utils import OPENSTACK_CODENAMES
++
++try:
++    from jinja2 import FileSystemLoader, ChoiceLoader, Environment
++except ImportError:
++    # python-jinja2 may not be installed yet, or we're running unittests.
++    FileSystemLoader = ChoiceLoader = Environment = None
++
++
++class OSConfigException(Exception):
++    pass
++
++
++def get_loader(templates_dir, os_release):
++    """
++    Create a jinja2.ChoiceLoader containing template dirs up to
++    and including os_release.  If directory template directory
++    is missing at templates_dir, it will be omitted from the loader.
++    templates_dir is added to the bottom of the search list as a base
++    loading dir.
++
++    A charm may also ship a templates dir with this module
++    and it will be appended to the bottom of the search list, eg:

Juju Charms Collectionpython-moinmoin package

Merge lp:~brad-marshall/charms/precise/python-moinmoin/python-rewrite-with-openid-fixes into lp:charms/python-moinmoin

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
python-moinmoin package