Juju Charms Collection
keystone package

Merge lp:~cbjchen/charms/trusty/keystone/use-ssl-config into lp:~openstack-charmers-archive/charms/trusty/keystone/next

  1. Trusty Tahr (14.04)
  2. use-ssl-config
  3. Merge into next
Proposed by Edward Hope-Morley
Status: Rejected
Rejected by: Edward Hope-Morley
Proposed branch: lp:~cbjchen/charms/trusty/keystone/use-ssl-config
Merge into: lp:~openstack-charmers-archive/charms/trusty/keystone/next
Diff against target: 54 lines (+18/-5)
1 file modified
hooks/keystone_context.py (+18/-5)
To merge this branch: bzr merge lp:~cbjchen/charms/trusty/keystone/use-ssl-config
Reviewer Review Type Date Requested Status
Edward Hope-Morley Disapprove
Review via email: mp+253026@code.launchpad.net
To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #2697 keystone-next for hopem mp253026
    LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
  hooks/keystone_context.py:21:1: F811 redefinition of unused 'config' from line 6
  make: *** [lint] Error 1

Full lint test output: http://paste.ubuntu.com/10615463/
Build: http://10.245.162.77:8080/job/charm_lint_check/2697/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #2488 keystone-next for hopem mp253026
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/2488/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #2537 keystone-next for hopem mp253026
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
  ERROR subprocess encountered error code 124
  make: *** [test] Error 124

Full amulet test output: http://paste.ubuntu.com/10615602/
Build: http://10.245.162.77:8080/job/charm_amulet_test/2537/

Revision history for this message
Edward Hope-Morley (hopem) wrote :

This does't quite do the trick unfortunately, I'll be pushing up a new set of patches imminently.

review: Needs Fixing
Revision history for this message
Edward Hope-Morley (hopem) :
review: Disapprove

Unmerged revisions

129. By Liang Chen <email address hidden>

Make use of key/cert/ca config

[cjbchen,r=]
Make sure the configure option ssl_key, ssl_cert, and
ssl_ca are used when provided.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/keystone_context.py'
2--- hooks/keystone_context.py 2015-02-24 14:51:28 +0000
3+++ hooks/keystone_context.py 2015-03-16 09:32:29 +0000
4@@ -1,6 +1,8 @@
5 import hashlib
6 import os
7
8+from base64 import b64decode
9+
10 from charmhelpers.core.hookenv import config
11
12 from charmhelpers.core.host import (
13@@ -17,6 +19,7 @@
14 )
15
16 from charmhelpers.core.hookenv import (
17+ config,
18 log,
19 DEBUG,
20 INFO,
21@@ -92,8 +95,14 @@
22
23 log("Creating apache ssl certs in %s" % (ssl_dir), level=INFO)
24
25- ca = get_ca(user=SSH_USER)
26- cert, key = ca.get_cert_and_key(common_name=cn)
27+ cert = config('ssl_cert')
28+ key = config('ssl_key')
29+ if not (cert and key):
30+ ca = get_ca(user=SSH_USER)
31+ cert, key = ca.get_cert_and_key(common_name=cn)
32+ else:
33+ cert = b64decode(cert)
34+ key = b64decode(key)
35 write_file(path=os.path.join(ssl_dir, 'cert_{}'.format(cn)),
36 content=cert, owner=SSH_USER, group='keystone', perms=0o644)
37 write_file(path=os.path.join(ssl_dir, 'key_{}'.format(cn)),
38@@ -115,10 +124,14 @@
39 log("Not ssl-cert-master - skipping apache ca config until "
40 "master is elected", level=INFO)
41 return
42-
43- ca = get_ca(user=SSH_USER)
44- install_ca_cert(ca.get_ca_bundle())
45+ ca_cert = config('ssl_ca')
46+ if ca_cert is None:
47+ ca = get_ca(user=SSH_USER)
48+ ca_cert = ca.get_ca_bundle()
49+ else:
50+ ca_cert = b64decode(ca_cert)
51 # Ensure accessible by keystone ssh user and group (unison)
52+ install_ca_cert(ca_cert)
53 ensure_permissions(CA_CERT_PATH, user=SSH_USER, group='keystone',
54 perms=0o0644)
55

Subscribers

People subscribed via source and target branches