Juju Charms Collection
openstack-dashboard package

Merge lp:~chad.smith/charms/precise/openstack-dashboard/openstack-dashboard-internal-port-health-update into lp:~charmers/charms/precise/openstack-dashboard/trunk

  1. Precise Pangolin (12.04)
  2. openstack-dashboard-internal-port-health-update
  3. Merge into trunk
Proposed by Chad Smith
Status: Superseded
Proposed branch: lp:~chad.smith/charms/precise/openstack-dashboard/openstack-dashboard-internal-port-health-update
Merge into: lp:~charmers/charms/precise/openstack-dashboard/trunk
Diff against target: 887 lines (+703/-22)
11 files modified
config.yaml (+55/-7)
hooks/horizon-common (+49/-8)
hooks/horizon-relations (+90/-3)
hooks/lib/openstack-common (+456/-3)
metadata.yaml (+6/-0)
revision (+1/-1)
scripts/add_to_cluster (+2/-0)
scripts/health_checks.d/service_ports_live (+13/-0)
scripts/health_checks.d/service_running (+13/-0)
scripts/health_checks.d/service_url_checks (+16/-0)
scripts/remove_from_cluster (+2/-0)
To merge this branch: bzr merge lp:~chad.smith/charms/precise/openstack-dashboard/openstack-dashboard-internal-port-health-update
Reviewer Review Type Date Requested Status
Adam Gandelman Pending
Review via email: mp+155775@code.launchpad.net

Description of the change

Update health script to use the new internal service port numbers 70 and 433 as they have been updated in the rest of the charm for new HA configuration.

To post a comment you must log in.

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'config.yaml'
--- config.yaml 2013-01-11 21:59:22 +0000
+++ config.yaml 2013-03-27 15:50:37 +0000
@@ -1,5 +1,5 @@
1options:1options:
2 openstack-origin:2 openstack-origin:
3 default: distro3 default: distro
4 type: string4 type: string
5 description: |5 description: |
@@ -14,15 +14,63 @@
14 Note that updating this setting to a source that is known to14 Note that updating this setting to a source that is known to
15 provide a later version of OpenStack will trigger a software15 provide a later version of OpenStack will trigger a software
16 upgrade.16 upgrade.
17 webroot:17 webroot:
18 default: "/horizon"18 default: "/horizon"
19 type: string19 type: string
20 description: |20 description: |
21 Directory where application will be accessible, relative to21 Directory where application will be accessible, relative to
22 http://$hostname/.22 http://$hostname/.
23 default-role:23 default-role:
24 default: "Member"24 default: "Member"
25 type: string25 type: string
26 description: |26 description: |
27 Default role for Horizon operations that will be created in27 Default role for Horizon operations that will be created in
28 Keystone upon introduction of an identity-service relation.28 Keystone upon introduction of an identity-service relation.
29 vip:
30 type: string
31 description: "Virtual IP to use to front openstack dashboard ha configuration"
32 vip_iface:
33 type: string
34 default: eth0
35 description: "Network Interface where to place the Virtual IP"
36 vip_cidr:
37 type: int
38 default: 24
39 description: "Netmask that will be used for the Virtual IP"
40 ha-bindiface:
41 type: string
42 default: eth0
43 description: |
44 Default network interface on which HA cluster will bind to communication
45 with the other members of the HA Cluster.
46 ha-mcastport:
47 type: int
48 default: 5410
49 description: |
50 Default multicast port number that will be used to communicate between
51 HA Cluster nodes.
52 # User provided SSL cert and key
53 ssl_cert:
54 type: string
55 description: |
56 Base64 encoded SSL certificate to install and use for API ports.
57 .
58 juju set swift-proxy ssl_cert="$(cat cert | base64)" \
59 ssl_key="$(cat key | base64)"
60 .
61 Setting this value (and ssl_key) will enable reverse proxying, point
62 Swifts's entry in the Keystone catalog to use https, and override
63 any certficiate and key issued by Keystone (if it is configured to
64 do so).
65 ssl_key:
66 type: string
67 description: |
68 Base64 encoded SSL key to use with certificate specified as ssl_cert.
69 offline-compression:
70 type: string
71 default: "yes"
72 description: Use pre-generated Less compiled JS and CSS.
73 debug:
74 type: string
75 default: "no"
76 description: Show Django debug messages.
2977
=== added symlink 'hooks/cluster-relation-changed'
=== target is u'horizon-relations'
=== added symlink 'hooks/cluster-relation-departed'
=== target is u'horizon-relations'
=== added symlink 'hooks/ha-relation-changed'
=== target is u'horizon-relations'
=== added symlink 'hooks/ha-relation-joined'
=== target is u'horizon-relations'
=== modified file 'hooks/horizon-common'
--- hooks/horizon-common 2012-10-10 23:32:24 +0000
+++ hooks/horizon-common 2013-03-27 15:50:37 +0000
@@ -1,8 +1,9 @@
1#!/bin/bash1#!/bin/bash
2# vim: set ts=2:et
23
3CHARM="openstack-dashboard"4CHARM="openstack-dashboard"
45
5PACKAGES="openstack-dashboard openstack-dashboard-ubuntu-theme python-keystoneclient python-memcache memcached"6PACKAGES="openstack-dashboard openstack-dashboard-ubuntu-theme python-keystoneclient python-memcache memcached haproxy"
6LOCAL_SETTINGS="/etc/openstack-dashboard/local_settings.py"7LOCAL_SETTINGS="/etc/openstack-dashboard/local_settings.py"
78
8if [[ -e "$CHARM_DIR/lib/openstack-common" ]] ; then9if [[ -e "$CHARM_DIR/lib/openstack-common" ]] ; then
@@ -16,15 +17,28 @@
16 local key=$1 value=$217 local key=$1 value=$2
17 [[ -z "$key" ]] || [[ -z "$value" ]] &&18 [[ -z "$key" ]] || [[ -z "$value" ]] &&
18 juju-log "$CHARM set_or_update: ERROR - missing parameters" && return 119 juju-log "$CHARM set_or_update: ERROR - missing parameters" && return 1
19 grep -q "^$key = \"$value\"" "$LOCAL_SETTINGS" &&20 if [ "$value" == "True" ] || [ "$value" == "False" ]; then
20 juju-log "$CHARM set_or_update: $key = $value already set" && return 021 grep -q "^$key = $value" "$LOCAL_SETTINGS" &&
22 juju-log "$CHARM set_or_update: $key = $value already set" && return 0
23 else
24 grep -q "^$key = \"$value\"" "$LOCAL_SETTINGS" &&
25 juju-log "$CHARM set_or_update: $key = $value already set" && return 0
26 fi
21 if grep -q "^$key = " "$LOCAL_SETTINGS" ; then27 if grep -q "^$key = " "$LOCAL_SETTINGS" ; then
22 juju-log "$CHARM set_or_update: Setting $key = $value"28 juju-log "$CHARM set_or_update: Setting $key = $value"
23 cp "$LOCAL_SETTINGS" /etc/openstack-dashboard/local_settings.last29 cp "$LOCAL_SETTINGS" /etc/openstack-dashboard/local_settings.last
24 sed -i "s|\(^$key = \).*|\1\"$value\"|g" "$LOCAL_SETTINGS" || return 130 if [ "$value" == "True" ] || [ "$value" == "False" ]; then
31 sed -i "s|\(^$key = \).*|\1$value|g" "$LOCAL_SETTINGS" || return 1
32 else
33 sed -i "s|\(^$key = \).*|\1\"$value\"|g" "$LOCAL_SETTINGS" || return 1
34 fi
25 else35 else
26 juju-log "$CHARM set_or_update: Adding $key = $value"36 juju-log "$CHARM set_or_update: Adding $key = $value"
27 echo "$key = \"$value\"" >>$LOCAL_SETTINGS || return 137 if [ "$value" == "True" ] || [ "$value" == "False" ]; then
38 echo "$key = $value" >>$LOCAL_SETTINGS || return 1
39 else
40 echo "$key = \"$value\"" >>$LOCAL_SETTINGS || return 1
41 fi
28 fi42 fi
29 return 043 return 0
30}44}
@@ -46,10 +60,37 @@
46 export JUJU_REMOTE_UNIT=$(relation-list -r $r_id | head -n1)60 export JUJU_REMOTE_UNIT=$(relation-list -r $r_id | head -n1)
47 export JUJU_RELATION="identity-service"61 export JUJU_RELATION="identity-service"
48 export JUJU_RELATION_ID="$r_id"62 export JUJU_RELATION_ID="$r_id"
49 local ks_host=$(relation-get -r $r_id private-address)63 local service_host=$(relation-get -r $r_id service_host)
50 if [[ -n "$ks_host" ]] ; then64 local service_port=$(relation-get -r $r_id service_port)
51 service_url="http://$ks_host:5000/v2.0"65 if [[ -n "$service_host" ]] && [[ -n "$service_port" ]] ; then
66 service_url="http://$service_host:$service_port/v2.0"
52 set_or_update OPENSTACK_KEYSTONE_URL "$service_url"67 set_or_update OPENSTACK_KEYSTONE_URL "$service_url"
53 fi68 fi
54 fi69 fi
55}70}
71
72configure_apache() {
73 # Reconfigure to listen on provided port
74 a2ensite default-ssl || :
75 a2enmod ssl || :
76 for ports in $@; do
77 from_port=$(echo $ports | cut -d : -f 1)
78 to_port=$(echo $ports | cut -d : -f 2)
79 sed -i -e "s/$from_port/$to_port/g" /etc/apache2/ports.conf
80 for site in $(ls -1 /etc/apache2/sites-available); do
81 sed -i -e "s/$from_port/$to_port/g" \
82 /etc/apache2/sites-available/$site
83 done
84 done
85}
86
87configure_apache_cert() {
88 cert=$1
89 key=$2
90 echo $cert | base64 -di > /etc/ssl/certs/dashboard.cert
91 echo $key | base64 -di > /etc/ssl/private/dashboard.key
92 chmod 0600 /etc/ssl/private/dashboard.key
93 sed -i -e "s|\(.*SSLCertificateFile\).*|\1 /etc/ssl/certs/dashboard.cert|g" \
94 -e "s|\(.*SSLCertificateKeyFile\).*|\1 /etc/ssl/private/dashboard.key|g" \
95 /etc/apache2/sites-available/default-ssl
96}
5697
=== modified file 'hooks/horizon-relations'
--- hooks/horizon-relations 2013-01-11 21:59:22 +0000
+++ hooks/horizon-relations 2013-03-27 15:50:37 +0000
@@ -44,7 +44,19 @@
44}44}
4545
46function keystone_changed {46function keystone_changed {
47 service_url="http://$(relation-get private-address):5000/v2.0"47 local service_host=$(relation-get service_host)
48 local service_port=$(relation-get service_port)
49 if [ -z "${service_host}" ] || [ -z "${service_port}" ]; then
50 juju-log "Insufficient information to configure keystone url"
51 exit 0
52 fi
53 local ca_cert=$(relation-get ca_cert)
54 if [ -n "$ca_cert" ]; then
55 juju-log "Installing Keystone supplied CA cert."
56 echo $ca_cert | base64 -di > /usr/local/share/ca-certificates/keystone_juju_ca_cert.crt
57 update-ca-certificates --fresh
58 fi
59 service_url="http://${service_host}:${service_port}/v2.0"
48 juju-log "$CHARM: Configuring Horizon to access keystone @ $service_url."60 juju-log "$CHARM: Configuring Horizon to access keystone @ $service_url."
49 set_or_update OPENSTACK_KEYSTONE_URL "$service_url"61 set_or_update OPENSTACK_KEYSTONE_URL "$service_url"
50 service apache2 restart62 service apache2 restart
@@ -73,6 +85,15 @@
73 set_or_update LOGIN_URL "$web_root/auth/login"85 set_or_update LOGIN_URL "$web_root/auth/login"
74 set_or_update LOGIN_REDIRECT_URL "$web_root"86 set_or_update LOGIN_REDIRECT_URL "$web_root"
7587
88 # Save our scriptrc env variables for health checks
89 declare -a env_vars=(
90 'OPENSTACK_URL_HORIZON="http://localhost:70'$web_root'|Login+-+OpenStack"'
91 'OPENSTACK_SERVICE_HORIZON=apache2'
92 'OPENSTACK_PORT_HORIZON_SSL=433'
93 'OPENSTACK_PORT_HORIZON=70')
94 save_script_rc ${env_vars[@]}
95
96
76 # Set default role and trigger a identity-service relation event to97 # Set default role and trigger a identity-service relation event to
77 # ensure role is created in keystone.98 # ensure role is created in keystone.
78 set_or_update OPENSTACK_KEYSTONE_DEFAULT_ROLE "$(config-get default-role)"99 set_or_update OPENSTACK_KEYSTONE_DEFAULT_ROLE "$(config-get default-role)"
@@ -81,8 +102,71 @@
81 keystone_joined "$relid"102 keystone_joined "$relid"
82 done103 done
83104
84 service apache2 reload105 if [ "$(config-get offline-compression)" != "yes" ]; then
85106 set_or_update COMPRESS_OFFLINE False
107 apt-get install -y nodejs node-less
108 else
109 set_or_update COMPRESS_OFFLINE True
110 fi
111
112 # Configure default HAProxy + Apache config
113 if [ -n "$(config-get ssl_cert)" ] && \
114 [ -n "$(config-get ssl_key)" ]; then
115 configure_apache_cert "$(config-get ssl_cert)" "$(config-get ssl_key)"
116 fi
117
118 if [ "$(config-get debug)" != "yes" ]; then
119 set_or_update DEBUG False
120 else
121 set_or_update DEBUG True
122 fi
123
124 # Reconfigure Apache Ports
125 configure_apache "80:70" "443:433"
126 service apache2 restart
127 configure_haproxy "dash_insecure:80:70:http dash_secure:443:433:tcp"
128 service haproxy restart
129}
130
131function cluster_changed() {
132 configure_haproxy "dash_insecure:80:70:http dash_secure:443:433:tcp"
133 service haproxy reload
134}
135
136function ha_relation_joined() {
137 # Configure HA Cluster
138 local corosync_bindiface=`config-get ha-bindiface`
139 local corosync_mcastport=`config-get ha-mcastport`
140 local vip=`config-get vip`
141 local vip_iface=`config-get vip_iface`
142 local vip_cidr=`config-get vip_cidr`
143 if [ -n "$vip" ] && [ -n "$vip_iface" ] && \
144 [ -n "$vip_cidr" ] && [ -n "$corosync_bindiface" ] && \
145 [ -n "$corosync_mcastport" ]; then
146 # TODO: This feels horrible but the data required by the hacluster
147 # charm is quite complex and is python ast parsed.
148 resources="{
149'res_horizon_vip':'ocf:heartbeat:IPaddr2',
150'res_horizon_haproxy':'lsb:haproxy'
151}"
152 resource_params="{
153'res_horizon_vip': 'params ip=\"$vip\" cidr_netmask=\"$vip_cidr\" nic=\"$vip_iface\"',
154'res_horizon_haproxy': 'op monitor interval=\"5s\"'
155}"
156 init_services="{
157'res_horizon_haproxy':'haproxy'
158}"
159 clones="{
160'cl_horizon_haproxy':'res_horizon_haproxy'
161}"
162 relation-set corosync_bindiface=$corosync_bindiface \
163 corosync_mcastport=$corosync_mcastport \
164 resources="$resources" resource_params="$resource_params" \
165 init_services="$init_services" clones="$clones"
166 else
167 juju-log "Insufficient configuration data to configure hacluster"
168 exit 1
169 fi
86}170}
87171
88juju-log "$CHARM: Running hook $ARG0."172juju-log "$CHARM: Running hook $ARG0."
@@ -95,4 +179,7 @@
95 "identity-service-relation-joined") keystone_joined;;179 "identity-service-relation-joined") keystone_joined;;
96 "identity-service-relation-changed") keystone_changed;;180 "identity-service-relation-changed") keystone_changed;;
97 "config-changed") config_changed;;181 "config-changed") config_changed;;
182 "cluster-relation-changed") cluster_changed ;;
183 "cluster-relation-departed") cluster_changed ;;
184 "ha-relation-joined") ha_relation_joined ;;
98esac185esac
99186
=== modified file 'hooks/lib/openstack-common'
--- hooks/lib/openstack-common 2013-01-11 18:30:45 +0000
+++ hooks/lib/openstack-common 2013-03-27 15:50:37 +0000
@@ -165,8 +165,9 @@
165 fi165 fi
166166
167 # have a guess based on the deb string provided167 # have a guess based on the deb string provided
168 if [[ "${rel:0:3}" == "deb" ]]; then168 if [[ "${rel:0:3}" == "deb" ]] || \
169 CODENAMES="diablo essex folsom grizzly"169 [[ "${rel:0:3}" == "ppa" ]] ; then
170 CODENAMES="diablo essex folsom grizzly havana"
170 for cname in $CODENAMES; do171 for cname in $CODENAMES; do
171 if echo $rel | grep -q $cname; then172 if echo $rel | grep -q $cname; then
172 codename=$cname173 codename=$cname
@@ -178,11 +179,13 @@
178179
179get_os_codename_package() {180get_os_codename_package() {
180 local pkg_vers=$(dpkg -l | grep "$1" | awk '{ print $3 }') || echo "none"181 local pkg_vers=$(dpkg -l | grep "$1" | awk '{ print $3 }') || echo "none"
182 pkg_vers=$(echo $pkg_vers | cut -d: -f2) # epochs
181 case "${pkg_vers:0:6}" in183 case "${pkg_vers:0:6}" in
182 "2011.2") echo "diablo" ;;184 "2011.2") echo "diablo" ;;
183 "2012.1") echo "essex" ;;185 "2012.1") echo "essex" ;;
184 "2012.2") echo "folsom" ;;186 "2012.2") echo "folsom" ;;
185 "2013.1") echo "grizzly" ;;187 "2013.1") echo "grizzly" ;;
188 "2013.2") echo "havana" ;;
186 esac189 esac
187}190}
188191
@@ -191,7 +194,8 @@
191 "diablo") echo "2011.2" ;;194 "diablo") echo "2011.2" ;;
192 "essex") echo "2012.1" ;;195 "essex") echo "2012.1" ;;
193 "folsom") echo "2012.2" ;;196 "folsom") echo "2012.2" ;;
194 "grizzly") echo "2012.3" ;;197 "grizzly") echo "2013.1" ;;
198 "havana") echo "2013.2" ;;
195 esac199 esac
196}200}
197201
@@ -314,3 +318,452 @@
314 echo "$found"318 echo "$found"
315 return 0319 return 0
316}320}
321
322HAPROXY_CFG=/etc/haproxy/haproxy.cfg
323HAPROXY_DEFAULT=/etc/default/haproxy
324##########################################################################
325# Description: Configures HAProxy services for Openstack API's
326# Parameters:
327# Space delimited list of service:port:mode combinations for which
328# haproxy service configuration should be generated for. The function
329# assumes the name of the peer relation is 'cluster' and that every
330# service unit in the peer relation is running the same services.
331#
332# Services that do not specify :mode in parameter will default to http.
333#
334# Example
335# configure_haproxy cinder_api:8776:8756:tcp nova_api:8774:8764:http
336##########################################################################
337configure_haproxy() {
338 local address=`unit-get private-address`
339 local name=${JUJU_UNIT_NAME////-}
340 cat > $HAPROXY_CFG << EOF
341global
342 log 127.0.0.1 local0
343 log 127.0.0.1 local1 notice
344 maxconn 20000
345 user haproxy
346 group haproxy
347 spread-checks 0
348
349defaults
350 log global
351 mode http
352 option httplog
353 option dontlognull
354 retries 3
355 timeout queue 1000
356 timeout connect 1000
357 timeout client 30000
358 timeout server 30000
359
360listen stats :8888
361 mode http
362 stats enable
363 stats hide-version
364 stats realm Haproxy\ Statistics
365 stats uri /
366 stats auth admin:password
367
368EOF
369 for service in $@; do
370 local service_name=$(echo $service | cut -d : -f 1)
371 local haproxy_listen_port=$(echo $service | cut -d : -f 2)
372 local api_listen_port=$(echo $service | cut -d : -f 3)
373 local mode=$(echo $service | cut -d : -f 4)
374 [[ -z "$mode" ]] && mode="http"
375 juju-log "Adding haproxy configuration entry for $service "\
376 "($haproxy_listen_port -> $api_listen_port)"
377 cat >> $HAPROXY_CFG << EOF
378listen $service_name 0.0.0.0:$haproxy_listen_port
379 balance roundrobin
380 mode $mode
381 option ${mode}log
382 server $name $address:$api_listen_port check
383EOF
384 local r_id=""
385 local unit=""
386 for r_id in `relation-ids cluster`; do
387 for unit in `relation-list -r $r_id`; do
388 local unit_name=${unit////-}
389 local unit_address=`relation-get -r $r_id private-address $unit`
390 if [ -n "$unit_address" ]; then
391 echo " server $unit_name $unit_address:$api_listen_port check" \
392 >> $HAPROXY_CFG
393 fi
394 done
395 done
396 done
397 echo "ENABLED=1" > $HAPROXY_DEFAULT
398 service haproxy restart
399}
400
401##########################################################################
402# Description: Query HA interface to determine is cluster is configured
403# Returns: 0 if configured, 1 if not configured
404##########################################################################
405is_clustered() {
406 local r_id=""
407 local unit=""
408 for r_id in $(relation-ids ha); do
409 if [ -n "$r_id" ]; then
410 for unit in $(relation-list -r $r_id); do
411 clustered=$(relation-get -r $r_id clustered $unit)
412 if [ -n "$clustered" ]; then
413 juju-log "Unit is haclustered"
414 return 0
415 fi
416 done
417 fi
418 done
419 juju-log "Unit is not haclustered"
420 return 1
421}
422
423##########################################################################
424# Description: Return a list of all peers in cluster relations
425##########################################################################
426peer_units() {
427 local peers=""
428 local r_id=""
429 for r_id in $(relation-ids cluster); do
430 peers="$peers $(relation-list -r $r_id)"
431 done
432 echo $peers
433}
434
435##########################################################################
436# Description: Determines whether the current unit is the oldest of all
437# its peers - supports partial leader election
438# Returns: 0 if oldest, 1 if not
439##########################################################################
440oldest_peer() {
441 peers=$1
442 local l_unit_no=$(echo $JUJU_UNIT_NAME | cut -d / -f 2)
443 for peer in $peers; do
444 echo "Comparing $JUJU_UNIT_NAME with peers: $peers"
445 local r_unit_no=$(echo $peer | cut -d / -f 2)
446 if (($r_unit_no<$l_unit_no)); then
447 juju-log "Not oldest peer; deferring"
448 return 1
449 fi
450 done
451 juju-log "Oldest peer; might take charge?"
452 return 0
453}
454
455##########################################################################
456# Description: Determines whether the current service units is the
457# leader within a) a cluster of its peers or b) across a
458# set of unclustered peers.
459# Parameters: CRM resource to check ownership of if clustered
460# Returns: 0 if leader, 1 if not
461##########################################################################
462eligible_leader() {
463 if is_clustered; then
464 if ! is_leader $1; then
465 juju-log 'Deferring action to CRM leader'
466 return 1
467 fi
468 else
469 peers=$(peer_units)
470 if [ -n "$peers" ] && ! oldest_peer "$peers"; then
471 juju-log 'Deferring action to oldest service unit.'
472 return 1
473 fi
474 fi
475 return 0
476}
477
478##########################################################################
479# Description: Query Cluster peer interface to see if peered
480# Returns: 0 if peered, 1 if not peered
481##########################################################################
482is_peered() {
483 local r_id=$(relation-ids cluster)
484 if [ -n "$r_id" ]; then
485 if [ -n "$(relation-list -r $r_id)" ]; then
486 juju-log "Unit peered"
487 return 0
488 fi
489 fi
490 juju-log "Unit not peered"
491 return 1
492}
493
494##########################################################################
495# Description: Determines whether host is owner of clustered services
496# Parameters: Name of CRM resource to check ownership of
497# Returns: 0 if leader, 1 if not leader
498##########################################################################
499is_leader() {
500 hostname=`hostname`
501 if [ -x /usr/sbin/crm ]; then
502 if crm resource show $1 | grep -q $hostname; then
503 juju-log "$hostname is cluster leader."
504 return 0
505 fi
506 fi
507 juju-log "$hostname is not cluster leader."
508 return 1
509}
510
511##########################################################################
512# Description: Determines whether enough data has been provided in
513# configuration or relation data to configure HTTPS.
514# Parameters: None
515# Returns: 0 if HTTPS can be configured, 1 if not.
516##########################################################################
517https() {
518 local r_id=""
519 if [[ -n "$(config-get ssl_cert)" ]] &&
520 [[ -n "$(config-get ssl_key)" ]] ; then
521 return 0
522 fi
523 for r_id in $(relation-ids identity-service) ; do
524 for unit in $(relation-list -r $r_id) ; do
525 if [[ "$(relation-get -r $r_id https_keystone $unit)" == "True" ]] &&
526 [[ -n "$(relation-get -r $r_id ssl_cert $unit)" ]] &&
527 [[ -n "$(relation-get -r $r_id ssl_key $unit)" ]] &&
528 [[ -n "$(relation-get -r $r_id ca_cert $unit)" ]] ; then
529 return 0
530 fi
531 done
532 done
533 return 1
534}
535
536##########################################################################
537# Description: For a given number of port mappings, configures apache2
538# HTTPs local reverse proxying using certficates and keys provided in
539# either configuration data (preferred) or relation data. Assumes ports
540# are not in use (calling charm should ensure that).
541# Parameters: Variable number of proxy port mappings as
542# $internal:$external.
543# Returns: 0 if reverse proxy(s) have been configured, 0 if not.
544##########################################################################
545enable_https() {
546 local port_maps="$@"
547 local http_restart=""
548 juju-log "Enabling HTTPS for port mappings: $port_maps."
549
550 # allow overriding of keystone provided certs with those set manually
551 # in config.
552 local cert=$(config-get ssl_cert)
553 local key=$(config-get ssl_key)
554 local ca_cert=""
555 if [[ -z "$cert" ]] || [[ -z "$key" ]] ; then
556 juju-log "Inspecting identity-service relations for SSL certificate."
557 local r_id=""
558 cert=""
559 key=""
560 ca_cert=""
561 for r_id in $(relation-ids identity-service) ; do
562 for unit in $(relation-list -r $r_id) ; do
563 [[ -z "$cert" ]] && cert="$(relation-get -r $r_id ssl_cert $unit)"
564 [[ -z "$key" ]] && key="$(relation-get -r $r_id ssl_key $unit)"
565 [[ -z "$ca_cert" ]] && ca_cert="$(relation-get -r $r_id ca_cert $unit)"
566 done
567 done
568 [[ -n "$cert" ]] && cert=$(echo $cert | base64 -di)
569 [[ -n "$key" ]] && key=$(echo $key | base64 -di)
570 [[ -n "$ca_cert" ]] && ca_cert=$(echo $ca_cert | base64 -di)
571 else
572 juju-log "Using SSL certificate provided in service config."
573 fi
574
575 [[ -z "$cert" ]] || [[ -z "$key" ]] &&
576 juju-log "Expected but could not find SSL certificate data, not "\
577 "configuring HTTPS!" && return 1
578
579 apt-get -y install apache2
580 a2enmod ssl proxy proxy_http | grep -v "To activate the new configuration" &&
581 http_restart=1
582
583 mkdir -p /etc/apache2/ssl/$CHARM
584 echo "$cert" >/etc/apache2/ssl/$CHARM/cert
585 echo "$key" >/etc/apache2/ssl/$CHARM/key
586 if [[ -n "$ca_cert" ]] ; then
587 juju-log "Installing Keystone supplied CA cert."
588 echo "$ca_cert" >/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt
589 update-ca-certificates --fresh
590
591 # XXX TODO: Find a better way of exporting this?
592 if [[ "$CHARM" == "nova-cloud-controller" ]] ; then
593 [[ -e /var/www/keystone_juju_ca_cert.crt ]] &&
594 rm -rf /var/www/keystone_juju_ca_cert.crt
595 ln -s /usr/local/share/ca-certificates/keystone_juju_ca_cert.crt \
596 /var/www/keystone_juju_ca_cert.crt
597 fi
598
599 fi
600 for port_map in $port_maps ; do
601 local ext_port=$(echo $port_map | cut -d: -f1)
602 local int_port=$(echo $port_map | cut -d: -f2)
603 juju-log "Creating apache2 reverse proxy vhost for $port_map."
604 cat >/etc/apache2/sites-available/${CHARM}_${ext_port} <<END
605Listen $ext_port
606NameVirtualHost *:$ext_port
607<VirtualHost *:$ext_port>
608 ServerName $(unit-get private-address)
609 SSLEngine on
610 SSLCertificateFile /etc/apache2/ssl/$CHARM/cert
611 SSLCertificateKeyFile /etc/apache2/ssl/$CHARM/key
612 ProxyPass / http://localhost:$int_port/
613 ProxyPassReverse / http://localhost:$int_port/
614 ProxyPreserveHost on
615</VirtualHost>
616<Proxy *>
617 Order deny,allow
618 Allow from all
619</Proxy>
620<Location />
621 Order allow,deny
622 Allow from all
623</Location>
624END
625 a2ensite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" &&
626 http_restart=1
627 done
628 if [[ -n "$http_restart" ]] ; then
629 service apache2 restart
630 fi
631}
632
633##########################################################################
634# Description: Ensure HTTPS reverse proxying is disabled for given port
635# mappings.
636# Parameters: Variable number of proxy port mappings as
637# $internal:$external.
638# Returns: 0 if reverse proxy is not active for all portmaps, 1 on error.
639##########################################################################
640disable_https() {
641 local port_maps="$@"
642 local http_restart=""
643 juju-log "Ensuring HTTPS disabled for $port_maps."
644 ( [[ ! -d /etc/apache2 ]] || [[ ! -d /etc/apache2/ssl/$CHARM ]] ) && return 0
645 for port_map in $port_maps ; do
646 local ext_port=$(echo $port_map | cut -d: -f1)
647 local int_port=$(echo $port_map | cut -d: -f2)
648 if [[ -e /etc/apache2/sites-available/${CHARM}_${ext_port} ]] ; then
649 juju-log "Disabling HTTPS reverse proxy for $CHARM $port_map."
650 a2dissite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" &&
651 http_restart=1
652 fi
653 done
654 if [[ -n "$http_restart" ]] ; then
655 service apache2 restart
656 fi
657}
658
659
660##########################################################################
661# Description: Ensures HTTPS is either enabled or disabled for given port
662# mapping.
663# Parameters: Variable number of proxy port mappings as
664# $internal:$external.
665# Returns: 0 if HTTPS reverse proxy is in place, 1 if it is not.
666##########################################################################
667setup_https() {
668 # configure https via apache reverse proxying either
669 # using certs provided by config or keystone.
670 [[ -z "$CHARM" ]] &&
671 error_out "setup_https(): CHARM not set."
672 if ! https ; then
673 disable_https $@
674 else
675 enable_https $@
676 fi
677}
678
679##########################################################################
680# Description: Determine correct API server listening port based on
681# existence of HTTPS reverse proxy and/or haproxy.
682# Paremeters: The standard public port for given service.
683# Returns: The correct listening port for API service.
684##########################################################################
685determine_api_port() {
686 local public_port="$1"
687 local i=0
688 ( [[ -n "$(peer_units)" ]] || is_clustered >/dev/null 2>&1 ) && i=$[$i + 1]
689 https >/dev/null 2>&1 && i=$[$i + 1]
690 echo $[$public_port - $[$i * 10]]
691}
692
693##########################################################################
694# Description: Determine correct proxy listening port based on public IP +
695# existence of HTTPS reverse proxy.
696# Paremeters: The standard public port for given service.
697# Returns: The correct listening port for haproxy service public address.
698##########################################################################
699determine_haproxy_port() {
700 local public_port="$1"
701 local i=0
702 https >/dev/null 2>&1 && i=$[$i + 1]
703 echo $[$public_port - $[$i * 10]]
704}
705
706##########################################################################
707# Description: Print the value for a given config option in an OpenStack
708# .ini style configuration file.
709# Parameters: File path, option to retrieve, optional
710# section name (default=DEFAULT)
711# Returns: Prints value if set, prints nothing otherwise.
712##########################################################################
713local_config_get() {
714 # return config values set in openstack .ini config files.
715 # default placeholders starting (eg, %AUTH_HOST%) treated as
716 # unset values.
717 local file="$1"
718 local option="$2"
719 local section="$3"
720 [[ -z "$section" ]] && section="DEFAULT"
721 python -c "
722import ConfigParser
723config = ConfigParser.RawConfigParser()
724config.read('$file')
725try:
726 value = config.get('$section', '$option')
727except:
728 print ''
729 exit(0)
730if value.startswith('%'): exit(0)
731print value
732"
733}
734
735##########################################################################
736# Description: Creates an rc file exporting environment variables to a
737# script_path local to the charm's installed directory.
738# Any charm scripts run outside the juju hook environment can source this
739# scriptrc to obtain updated config information necessary to perform health
740# checks or service changes
741#
742# Parameters:
743# An array of '=' delimited ENV_VAR:value combinations to export.
744# If optional script_path key is not provided in the array, script_path
745# defaults to scripts/scriptrc
746##########################################################################
747function save_script_rc {
748 if [ ! -n "$JUJU_UNIT_NAME" ]; then
749 echo "Error: Missing JUJU_UNIT_NAME environment variable"
750 exit 1
751 fi
752 # our default unit_path
753 unit_path="/var/lib/juju/units/${JUJU_UNIT_NAME/\//-}/charm/scripts/scriptrc"
754 echo $unit_path
755 tmp_rc="/tmp/${JUJU_UNIT_NAME/\//-}rc"
756
757 echo "#!/bin/bash" > $tmp_rc
758 for env_var in "${@}"
759 do
760 if `echo $env_var | grep -q script_path`; then
761 # well then we need to reset the new unit-local script path
762 unit_path="/var/lib/juju/units/${JUJU_UNIT_NAME/\//-}/charm/${env_var/script_path=/}"
763 else
764 echo "export $env_var" >> $tmp_rc
765 fi
766 done
767 chmod 755 $tmp_rc
768 mv $tmp_rc $unit_path
769}
317770
=== modified file 'metadata.yaml'
--- metadata.yaml 2012-08-09 20:29:51 +0000
+++ metadata.yaml 2013-03-27 15:50:37 +0000
@@ -8,3 +8,9 @@
8 interface: mysql8 interface: mysql
9 identity-service:9 identity-service:
10 interface: keystone10 interface: keystone
11 ha:
12 interface: hacluster
13 scope: container
14peers:
15 cluster:
16 interface: openstack-dashboard-ha
1117
=== modified file 'revision'
--- revision 2013-01-11 21:59:22 +0000
+++ revision 2013-03-27 15:50:37 +0000
@@ -1,1 +1,1 @@
122127
22
=== added directory 'scripts'
=== added file 'scripts/add_to_cluster'
--- scripts/add_to_cluster 1970-01-01 00:00:00 +0000
+++ scripts/add_to_cluster 2013-03-27 15:50:37 +0000
@@ -0,0 +1,2 @@
1#!/bin/bash
2crm node online
03
=== added directory 'scripts/health_checks.d'
=== added file 'scripts/health_checks.d/service_ports_live'
--- scripts/health_checks.d/service_ports_live 1970-01-01 00:00:00 +0000
+++ scripts/health_checks.d/service_ports_live 2013-03-27 15:50:37 +0000
@@ -0,0 +1,13 @@
1#!/bin/bash
2# Validate that service ports are active
3HEALTH_DIR=`dirname $0`
4SCRIPTS_DIR=`dirname $HEALTH_DIR`
5. $SCRIPTS_DIR/scriptrc
6set -e
7
8# Grab any OPENSTACK_PORT* environment variables
9openstack_ports=`env| awk -F '=' '(/OPENSTACK_PORT/){print $2}'`
10for port in $openstack_ports
11do
12 netstat -ln | grep -q ":$port "
13done
014
=== added file 'scripts/health_checks.d/service_running'
--- scripts/health_checks.d/service_running 1970-01-01 00:00:00 +0000
+++ scripts/health_checks.d/service_running 2013-03-27 15:50:37 +0000
@@ -0,0 +1,13 @@
1#!/bin/bash
2# Validate that service is running
3HEALTH_DIR=`dirname $0`
4SCRIPTS_DIR=`dirname $HEALTH_DIR`
5. $SCRIPTS_DIR/scriptrc
6set -e
7
8# Grab any OPENSTACK_SERVICE* environment variables
9openstack_service_names=`env| awk -F '=' '(/OPENSTACK_SERVICE/){print $2}'`
10for service_name in $openstack_service_names
11do
12 service $service_name status 2>/dev/null | grep -q running
13done
014
=== added file 'scripts/health_checks.d/service_url_checks'
--- scripts/health_checks.d/service_url_checks 1970-01-01 00:00:00 +0000
+++ scripts/health_checks.d/service_url_checks 2013-03-27 15:50:37 +0000
@@ -0,0 +1,16 @@
1#!/bin/bash
2# Validate that service urls return expected content
3HEALTH_DIR=`dirname $0`
4SCRIPTS_DIR=`dirname $HEALTH_DIR`
5. $SCRIPTS_DIR/scriptrc
6set -e
7
8# Grab any OPENSTACK_URL* environment variables and validate content response
9openstack_urls=`env| awk -F '=' '(/OPENSTACK_URL/){print $2 }'`
10for url_check in $openstack_urls
11do
12 url=`echo $url_check| awk -F '|' '{print $1}'`
13 expected_content=`echo $url_check| awk -F '|' '{print $2}'`
14 wget -q -O - $url | grep -q "${expected_content//+/ }"
15done
16
017
=== added file 'scripts/remove_from_cluster'
--- scripts/remove_from_cluster 1970-01-01 00:00:00 +0000
+++ scripts/remove_from_cluster 2013-03-27 15:50:37 +0000
@@ -0,0 +1,2 @@
1#!/bin/bash
2crm node standby

Subscribers

People subscribed via source and target branches

to all changes: