Merge lp:~chad.smith/charms/trusty/glance-simplestreams-sync/sync-charmhelpers-for-add-apt-repo-retry into lp:~openstack-charmers/charms/trusty/glance-simplestreams-sync/next
- Trusty Tahr (14.04)
- sync-charmhelpers-for-add-apt-repo-retry
- Merge into next
Proposed by
Chad Smith
Status: | Needs review | ||||
---|---|---|---|---|---|
Proposed branch: | lp:~chad.smith/charms/trusty/glance-simplestreams-sync/sync-charmhelpers-for-add-apt-repo-retry | ||||
Merge into: | lp:~openstack-charmers/charms/trusty/glance-simplestreams-sync/next | ||||
Diff against target: |
10125 lines (+5920/-1725) 74 files modified
charm-helpers-sync.yaml (+1/-0) charmhelpers/__init__.py (+11/-13) charmhelpers/contrib/__init__.py (+11/-13) charmhelpers/contrib/charmsupport/__init__.py (+11/-13) charmhelpers/contrib/charmsupport/nrpe.py (+103/-34) charmhelpers/contrib/charmsupport/volumes.py (+11/-13) charmhelpers/contrib/hahelpers/__init__.py (+11/-13) charmhelpers/contrib/hahelpers/apache.py (+30/-17) charmhelpers/contrib/hahelpers/cluster.py (+70/-23) charmhelpers/contrib/network/__init__.py (+11/-13) charmhelpers/contrib/network/ip.py (+99/-42) charmhelpers/contrib/openstack/__init__.py (+11/-13) charmhelpers/contrib/openstack/alternatives.py (+11/-13) charmhelpers/contrib/openstack/amulet/__init__.py (+11/-13) charmhelpers/contrib/openstack/amulet/deployment.py (+200/-69) charmhelpers/contrib/openstack/amulet/utils.py (+354/-38) charmhelpers/contrib/openstack/context.py (+313/-127) charmhelpers/contrib/openstack/exceptions.py (+21/-0) charmhelpers/contrib/openstack/files/__init__.py (+11/-13) charmhelpers/contrib/openstack/files/check_haproxy.sh (+7/-5) charmhelpers/contrib/openstack/ha/__init__.py (+13/-0) charmhelpers/contrib/openstack/ha/utils.py (+139/-0) charmhelpers/contrib/openstack/ip.py (+60/-25) charmhelpers/contrib/openstack/keystone.py (+178/-0) charmhelpers/contrib/openstack/neutron.py (+57/-23) charmhelpers/contrib/openstack/templates/__init__.py (+11/-13) charmhelpers/contrib/openstack/templates/haproxy.cfg (+19/-11) charmhelpers/contrib/openstack/templates/memcached.conf (+53/-0) charmhelpers/contrib/openstack/templates/openstack_https_frontend (+5/-0) charmhelpers/contrib/openstack/templates/openstack_https_frontend.conf (+5/-0) charmhelpers/contrib/openstack/templates/section-keystone-authtoken (+8/-5) charmhelpers/contrib/openstack/templates/section-keystone-authtoken-legacy (+10/-0) charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka (+20/-0) charmhelpers/contrib/openstack/templates/wsgi-openstack-api.conf (+100/-0) charmhelpers/contrib/openstack/templating.py (+19/-15) charmhelpers/contrib/openstack/utils.py (+1163/-151) charmhelpers/contrib/python/__init__.py (+11/-13) charmhelpers/contrib/python/packages.py (+59/-26) charmhelpers/contrib/storage/__init__.py (+11/-13) charmhelpers/contrib/storage/linux/__init__.py (+11/-13) charmhelpers/contrib/storage/linux/ceph.py (+766/-72) charmhelpers/contrib/storage/linux/loopback.py (+21/-13) charmhelpers/contrib/storage/linux/lvm.py (+11/-13) charmhelpers/contrib/storage/linux/utils.py (+16/-18) charmhelpers/core/__init__.py (+11/-13) charmhelpers/core/decorators.py (+11/-13) charmhelpers/core/files.py (+11/-13) charmhelpers/core/fstab.py (+11/-13) charmhelpers/core/hookenv.py (+157/-19) charmhelpers/core/host.py (+482/-150) charmhelpers/core/host_factory/centos.py (+56/-0) charmhelpers/core/host_factory/ubuntu.py (+56/-0) charmhelpers/core/hugepage.py (+13/-13) charmhelpers/core/kernel.py (+34/-30) charmhelpers/core/kernel_factory/centos.py (+17/-0) charmhelpers/core/kernel_factory/ubuntu.py (+13/-0) charmhelpers/core/services/__init__.py (+11/-13) charmhelpers/core/services/base.py (+11/-13) charmhelpers/core/services/helpers.py (+25/-18) charmhelpers/core/strutils.py (+11/-13) charmhelpers/core/sysctl.py (+11/-13) charmhelpers/core/templating.py (+40/-24) charmhelpers/core/unitdata.py (+11/-14) charmhelpers/fetch/__init__.py (+43/-302) charmhelpers/fetch/archiveurl.py (+12/-14) charmhelpers/fetch/bzrurl.py (+48/-50) charmhelpers/fetch/centos.py (+171/-0) charmhelpers/fetch/giturl.py (+33/-37) charmhelpers/fetch/snap.py (+122/-0) charmhelpers/fetch/ubuntu.py (+364/-0) charmhelpers/osplatform.py (+25/-0) charmhelpers/payload/__init__.py (+11/-13) charmhelpers/payload/archive.py (+11/-13) charmhelpers/payload/execd.py (+14/-15) |
||||
To merge this branch: | bzr merge lp:~chad.smith/charms/trusty/glance-simplestreams-sync/sync-charmhelpers-for-add-apt-repo-retry | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
OpenStack Charmers | Pending | ||
Review via email: mp+318976@code.launchpad.net |
Commit message
Description of the change
Make sync of charmhelpers updates to get latest fetch.add_source retries logic.
The only official change to this branch is in charm-helpers-sync because host now depends on osplatform
--- charm-helpers-
+++ charm-helpers-
@@ -3,6 +3,7 @@
include:
- core
- fetch
+ - osplatform
- payload
- contrib.
- contrib.
To post a comment you must log in.
Unmerged revisions
- 60. By Chad Smith
-
make sync pulling in updated charmhelpers
- 59. By Chad Smith
-
Update charmhelpers dependencies prior to make sync since charmhelpers.host now imports get_platform from charmhelpers.
osplatform, we need to import osplatform too
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'charm-helpers-sync.yaml' |
2 | --- charm-helpers-sync.yaml 2015-09-28 20:36:18 +0000 |
3 | +++ charm-helpers-sync.yaml 2017-03-04 02:21:16 +0000 |
4 | @@ -3,6 +3,7 @@ |
5 | include: |
6 | - core |
7 | - fetch |
8 | + - osplatform |
9 | - payload |
10 | - contrib.openstack|inc=* |
11 | - contrib.charmsupport |
12 | |
13 | === modified file 'charmhelpers/__init__.py' |
14 | --- charmhelpers/__init__.py 2015-09-28 20:09:02 +0000 |
15 | +++ charmhelpers/__init__.py 2017-03-04 02:21:16 +0000 |
16 | @@ -1,18 +1,16 @@ |
17 | # Copyright 2014-2015 Canonical Limited. |
18 | # |
19 | -# This file is part of charm-helpers. |
20 | -# |
21 | -# charm-helpers is free software: you can redistribute it and/or modify |
22 | -# it under the terms of the GNU Lesser General Public License version 3 as |
23 | -# published by the Free Software Foundation. |
24 | -# |
25 | -# charm-helpers is distributed in the hope that it will be useful, |
26 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
27 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
28 | -# GNU Lesser General Public License for more details. |
29 | -# |
30 | -# You should have received a copy of the GNU Lesser General Public License |
31 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
32 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
33 | +# you may not use this file except in compliance with the License. |
34 | +# You may obtain a copy of the License at |
35 | +# |
36 | +# http://www.apache.org/licenses/LICENSE-2.0 |
37 | +# |
38 | +# Unless required by applicable law or agreed to in writing, software |
39 | +# distributed under the License is distributed on an "AS IS" BASIS, |
40 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
41 | +# See the License for the specific language governing permissions and |
42 | +# limitations under the License. |
43 | |
44 | # Bootstrap charm-helpers, installing its dependencies if necessary using |
45 | # only standard libraries. |
46 | |
47 | === modified file 'charmhelpers/contrib/__init__.py' |
48 | --- charmhelpers/contrib/__init__.py 2015-09-28 20:09:02 +0000 |
49 | +++ charmhelpers/contrib/__init__.py 2017-03-04 02:21:16 +0000 |
50 | @@ -1,15 +1,13 @@ |
51 | # Copyright 2014-2015 Canonical Limited. |
52 | # |
53 | -# This file is part of charm-helpers. |
54 | -# |
55 | -# charm-helpers is free software: you can redistribute it and/or modify |
56 | -# it under the terms of the GNU Lesser General Public License version 3 as |
57 | -# published by the Free Software Foundation. |
58 | -# |
59 | -# charm-helpers is distributed in the hope that it will be useful, |
60 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
61 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
62 | -# GNU Lesser General Public License for more details. |
63 | -# |
64 | -# You should have received a copy of the GNU Lesser General Public License |
65 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
66 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
67 | +# you may not use this file except in compliance with the License. |
68 | +# You may obtain a copy of the License at |
69 | +# |
70 | +# http://www.apache.org/licenses/LICENSE-2.0 |
71 | +# |
72 | +# Unless required by applicable law or agreed to in writing, software |
73 | +# distributed under the License is distributed on an "AS IS" BASIS, |
74 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
75 | +# See the License for the specific language governing permissions and |
76 | +# limitations under the License. |
77 | |
78 | === modified file 'charmhelpers/contrib/charmsupport/__init__.py' |
79 | --- charmhelpers/contrib/charmsupport/__init__.py 2015-09-28 20:09:02 +0000 |
80 | +++ charmhelpers/contrib/charmsupport/__init__.py 2017-03-04 02:21:16 +0000 |
81 | @@ -1,15 +1,13 @@ |
82 | # Copyright 2014-2015 Canonical Limited. |
83 | # |
84 | -# This file is part of charm-helpers. |
85 | -# |
86 | -# charm-helpers is free software: you can redistribute it and/or modify |
87 | -# it under the terms of the GNU Lesser General Public License version 3 as |
88 | -# published by the Free Software Foundation. |
89 | -# |
90 | -# charm-helpers is distributed in the hope that it will be useful, |
91 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
92 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
93 | -# GNU Lesser General Public License for more details. |
94 | -# |
95 | -# You should have received a copy of the GNU Lesser General Public License |
96 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
97 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
98 | +# you may not use this file except in compliance with the License. |
99 | +# You may obtain a copy of the License at |
100 | +# |
101 | +# http://www.apache.org/licenses/LICENSE-2.0 |
102 | +# |
103 | +# Unless required by applicable law or agreed to in writing, software |
104 | +# distributed under the License is distributed on an "AS IS" BASIS, |
105 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
106 | +# See the License for the specific language governing permissions and |
107 | +# limitations under the License. |
108 | |
109 | === modified file 'charmhelpers/contrib/charmsupport/nrpe.py' |
110 | --- charmhelpers/contrib/charmsupport/nrpe.py 2015-09-28 20:09:02 +0000 |
111 | +++ charmhelpers/contrib/charmsupport/nrpe.py 2017-03-04 02:21:16 +0000 |
112 | @@ -1,18 +1,16 @@ |
113 | # Copyright 2014-2015 Canonical Limited. |
114 | # |
115 | -# This file is part of charm-helpers. |
116 | -# |
117 | -# charm-helpers is free software: you can redistribute it and/or modify |
118 | -# it under the terms of the GNU Lesser General Public License version 3 as |
119 | -# published by the Free Software Foundation. |
120 | -# |
121 | -# charm-helpers is distributed in the hope that it will be useful, |
122 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
123 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
124 | -# GNU Lesser General Public License for more details. |
125 | -# |
126 | -# You should have received a copy of the GNU Lesser General Public License |
127 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
128 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
129 | +# you may not use this file except in compliance with the License. |
130 | +# You may obtain a copy of the License at |
131 | +# |
132 | +# http://www.apache.org/licenses/LICENSE-2.0 |
133 | +# |
134 | +# Unless required by applicable law or agreed to in writing, software |
135 | +# distributed under the License is distributed on an "AS IS" BASIS, |
136 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
137 | +# See the License for the specific language governing permissions and |
138 | +# limitations under the License. |
139 | |
140 | """Compatibility with the nrpe-external-master charm""" |
141 | # Copyright 2012 Canonical Ltd. |
142 | @@ -40,6 +38,7 @@ |
143 | ) |
144 | |
145 | from charmhelpers.core.host import service |
146 | +from charmhelpers.core import host |
147 | |
148 | # This module adds compatibility with the nrpe-external-master and plain nrpe |
149 | # subordinate charms. To use it in your charm: |
150 | @@ -110,6 +109,13 @@ |
151 | # def local_monitors_relation_changed(): |
152 | # update_nrpe_config() |
153 | # |
154 | +# 4.a If your charm is a subordinate charm set primary=False |
155 | +# |
156 | +# from charmsupport.nrpe import NRPE |
157 | +# (...) |
158 | +# def update_nrpe_config(): |
159 | +# nrpe_compat = NRPE(primary=False) |
160 | +# |
161 | # 5. ln -s hooks.py nrpe-external-master-relation-changed |
162 | # ln -s hooks.py local-monitors-relation-changed |
163 | |
164 | @@ -148,6 +154,13 @@ |
165 | self.description = description |
166 | self.check_cmd = self._locate_cmd(check_cmd) |
167 | |
168 | + def _get_check_filename(self): |
169 | + return os.path.join(NRPE.nrpe_confdir, '{}.cfg'.format(self.command)) |
170 | + |
171 | + def _get_service_filename(self, hostname): |
172 | + return os.path.join(NRPE.nagios_exportdir, |
173 | + 'service__{}_{}.cfg'.format(hostname, self.command)) |
174 | + |
175 | def _locate_cmd(self, check_cmd): |
176 | search_path = ( |
177 | '/usr/lib/nagios/plugins', |
178 | @@ -163,9 +176,21 @@ |
179 | log('Check command not found: {}'.format(parts[0])) |
180 | return '' |
181 | |
182 | + def _remove_service_files(self): |
183 | + if not os.path.exists(NRPE.nagios_exportdir): |
184 | + return |
185 | + for f in os.listdir(NRPE.nagios_exportdir): |
186 | + if f.endswith('_{}.cfg'.format(self.command)): |
187 | + os.remove(os.path.join(NRPE.nagios_exportdir, f)) |
188 | + |
189 | + def remove(self, hostname): |
190 | + nrpe_check_file = self._get_check_filename() |
191 | + if os.path.exists(nrpe_check_file): |
192 | + os.remove(nrpe_check_file) |
193 | + self._remove_service_files() |
194 | + |
195 | def write(self, nagios_context, hostname, nagios_servicegroups): |
196 | - nrpe_check_file = '/etc/nagios/nrpe.d/{}.cfg'.format( |
197 | - self.command) |
198 | + nrpe_check_file = self._get_check_filename() |
199 | with open(nrpe_check_file, 'w') as nrpe_check_config: |
200 | nrpe_check_config.write("# check {}\n".format(self.shortname)) |
201 | nrpe_check_config.write("command[{}]={}\n".format( |
202 | @@ -180,9 +205,7 @@ |
203 | |
204 | def write_service_config(self, nagios_context, hostname, |
205 | nagios_servicegroups): |
206 | - for f in os.listdir(NRPE.nagios_exportdir): |
207 | - if re.search('.*{}.cfg'.format(self.command), f): |
208 | - os.remove(os.path.join(NRPE.nagios_exportdir, f)) |
209 | + self._remove_service_files() |
210 | |
211 | templ_vars = { |
212 | 'nagios_hostname': hostname, |
213 | @@ -192,8 +215,7 @@ |
214 | 'command': self.command, |
215 | } |
216 | nrpe_service_text = Check.service_template.format(**templ_vars) |
217 | - nrpe_service_file = '{}/service__{}_{}.cfg'.format( |
218 | - NRPE.nagios_exportdir, hostname, self.command) |
219 | + nrpe_service_file = self._get_service_filename(hostname) |
220 | with open(nrpe_service_file, 'w') as nrpe_service_config: |
221 | nrpe_service_config.write(str(nrpe_service_text)) |
222 | |
223 | @@ -206,9 +228,10 @@ |
224 | nagios_exportdir = '/var/lib/nagios/export' |
225 | nrpe_confdir = '/etc/nagios/nrpe.d' |
226 | |
227 | - def __init__(self, hostname=None): |
228 | + def __init__(self, hostname=None, primary=True): |
229 | super(NRPE, self).__init__() |
230 | self.config = config() |
231 | + self.primary = primary |
232 | self.nagios_context = self.config['nagios_context'] |
233 | if 'nagios_servicegroups' in self.config and self.config['nagios_servicegroups']: |
234 | self.nagios_servicegroups = self.config['nagios_servicegroups'] |
235 | @@ -218,12 +241,38 @@ |
236 | if hostname: |
237 | self.hostname = hostname |
238 | else: |
239 | - self.hostname = "{}-{}".format(self.nagios_context, self.unit_name) |
240 | + nagios_hostname = get_nagios_hostname() |
241 | + if nagios_hostname: |
242 | + self.hostname = nagios_hostname |
243 | + else: |
244 | + self.hostname = "{}-{}".format(self.nagios_context, self.unit_name) |
245 | self.checks = [] |
246 | + # Iff in an nrpe-external-master relation hook, set primary status |
247 | + relation = relation_ids('nrpe-external-master') |
248 | + if relation: |
249 | + log("Setting charm primary status {}".format(primary)) |
250 | + for rid in relation_ids('nrpe-external-master'): |
251 | + relation_set(relation_id=rid, relation_settings={'primary': self.primary}) |
252 | |
253 | def add_check(self, *args, **kwargs): |
254 | self.checks.append(Check(*args, **kwargs)) |
255 | |
256 | + def remove_check(self, *args, **kwargs): |
257 | + if kwargs.get('shortname') is None: |
258 | + raise ValueError('shortname of check must be specified') |
259 | + |
260 | + # Use sensible defaults if they're not specified - these are not |
261 | + # actually used during removal, but they're required for constructing |
262 | + # the Check object; check_disk is chosen because it's part of the |
263 | + # nagios-plugins-basic package. |
264 | + if kwargs.get('check_cmd') is None: |
265 | + kwargs['check_cmd'] = 'check_disk' |
266 | + if kwargs.get('description') is None: |
267 | + kwargs['description'] = '' |
268 | + |
269 | + check = Check(*args, **kwargs) |
270 | + check.remove(self.hostname) |
271 | + |
272 | def write(self): |
273 | try: |
274 | nagios_uid = pwd.getpwnam('nagios').pw_uid |
275 | @@ -260,7 +309,7 @@ |
276 | :param str relation_name: Name of relation nrpe sub joined to |
277 | """ |
278 | for rel in relations_of_type(relation_name): |
279 | - if 'nagios_hostname' in rel: |
280 | + if 'nagios_host_context' in rel: |
281 | return rel['nagios_host_context'] |
282 | |
283 | |
284 | @@ -289,18 +338,30 @@ |
285 | return unit |
286 | |
287 | |
288 | -def add_init_service_checks(nrpe, services, unit_name): |
289 | +def add_init_service_checks(nrpe, services, unit_name, immediate_check=True): |
290 | """ |
291 | Add checks for each service in list |
292 | |
293 | :param NRPE nrpe: NRPE object to add check to |
294 | :param list services: List of services to check |
295 | :param str unit_name: Unit name to use in check description |
296 | + :param bool immediate_check: For sysv init, run the service check immediately |
297 | """ |
298 | for svc in services: |
299 | + # Don't add a check for these services from neutron-gateway |
300 | + if svc in ['ext-port', 'os-charm-phy-nic-mtu']: |
301 | + next |
302 | + |
303 | upstart_init = '/etc/init/%s.conf' % svc |
304 | sysv_init = '/etc/init.d/%s' % svc |
305 | - if os.path.exists(upstart_init): |
306 | + |
307 | + if host.init_is_systemd(): |
308 | + nrpe.add_check( |
309 | + shortname=svc, |
310 | + description='process check {%s}' % unit_name, |
311 | + check_cmd='check_systemd.py %s' % svc |
312 | + ) |
313 | + elif os.path.exists(upstart_init): |
314 | nrpe.add_check( |
315 | shortname=svc, |
316 | description='process check {%s}' % unit_name, |
317 | @@ -308,21 +369,29 @@ |
318 | ) |
319 | elif os.path.exists(sysv_init): |
320 | cronpath = '/etc/cron.d/nagios-service-check-%s' % svc |
321 | - cron_file = ('*/5 * * * * root ' |
322 | - '/usr/local/lib/nagios/plugins/check_exit_status.pl ' |
323 | - '-s /etc/init.d/%s status > ' |
324 | - '/var/lib/nagios/service-check-%s.txt\n' % (svc, |
325 | - svc) |
326 | - ) |
327 | + checkpath = '/var/lib/nagios/service-check-%s.txt' % svc |
328 | + croncmd = ( |
329 | + '/usr/local/lib/nagios/plugins/check_exit_status.pl ' |
330 | + '-s /etc/init.d/%s status' % svc |
331 | + ) |
332 | + cron_file = '*/5 * * * * root %s > %s\n' % (croncmd, checkpath) |
333 | f = open(cronpath, 'w') |
334 | f.write(cron_file) |
335 | f.close() |
336 | nrpe.add_check( |
337 | shortname=svc, |
338 | - description='process check {%s}' % unit_name, |
339 | - check_cmd='check_status_file.py -f ' |
340 | - '/var/lib/nagios/service-check-%s.txt' % svc, |
341 | + description='service check {%s}' % unit_name, |
342 | + check_cmd='check_status_file.py -f %s' % checkpath, |
343 | ) |
344 | + if immediate_check: |
345 | + f = open(checkpath, 'w') |
346 | + subprocess.call( |
347 | + croncmd.split(), |
348 | + stdout=f, |
349 | + stderr=subprocess.STDOUT |
350 | + ) |
351 | + f.close() |
352 | + os.chmod(checkpath, 0o644) |
353 | |
354 | |
355 | def copy_nrpe_checks(): |
356 | |
357 | === modified file 'charmhelpers/contrib/charmsupport/volumes.py' |
358 | --- charmhelpers/contrib/charmsupport/volumes.py 2015-09-28 20:09:02 +0000 |
359 | +++ charmhelpers/contrib/charmsupport/volumes.py 2017-03-04 02:21:16 +0000 |
360 | @@ -1,18 +1,16 @@ |
361 | # Copyright 2014-2015 Canonical Limited. |
362 | # |
363 | -# This file is part of charm-helpers. |
364 | -# |
365 | -# charm-helpers is free software: you can redistribute it and/or modify |
366 | -# it under the terms of the GNU Lesser General Public License version 3 as |
367 | -# published by the Free Software Foundation. |
368 | -# |
369 | -# charm-helpers is distributed in the hope that it will be useful, |
370 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
371 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
372 | -# GNU Lesser General Public License for more details. |
373 | -# |
374 | -# You should have received a copy of the GNU Lesser General Public License |
375 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
376 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
377 | +# you may not use this file except in compliance with the License. |
378 | +# You may obtain a copy of the License at |
379 | +# |
380 | +# http://www.apache.org/licenses/LICENSE-2.0 |
381 | +# |
382 | +# Unless required by applicable law or agreed to in writing, software |
383 | +# distributed under the License is distributed on an "AS IS" BASIS, |
384 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
385 | +# See the License for the specific language governing permissions and |
386 | +# limitations under the License. |
387 | |
388 | ''' |
389 | Functions for managing volumes in juju units. One volume is supported per unit. |
390 | |
391 | === modified file 'charmhelpers/contrib/hahelpers/__init__.py' |
392 | --- charmhelpers/contrib/hahelpers/__init__.py 2015-09-28 20:09:02 +0000 |
393 | +++ charmhelpers/contrib/hahelpers/__init__.py 2017-03-04 02:21:16 +0000 |
394 | @@ -1,15 +1,13 @@ |
395 | # Copyright 2014-2015 Canonical Limited. |
396 | # |
397 | -# This file is part of charm-helpers. |
398 | -# |
399 | -# charm-helpers is free software: you can redistribute it and/or modify |
400 | -# it under the terms of the GNU Lesser General Public License version 3 as |
401 | -# published by the Free Software Foundation. |
402 | -# |
403 | -# charm-helpers is distributed in the hope that it will be useful, |
404 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
405 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
406 | -# GNU Lesser General Public License for more details. |
407 | -# |
408 | -# You should have received a copy of the GNU Lesser General Public License |
409 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
410 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
411 | +# you may not use this file except in compliance with the License. |
412 | +# You may obtain a copy of the License at |
413 | +# |
414 | +# http://www.apache.org/licenses/LICENSE-2.0 |
415 | +# |
416 | +# Unless required by applicable law or agreed to in writing, software |
417 | +# distributed under the License is distributed on an "AS IS" BASIS, |
418 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
419 | +# See the License for the specific language governing permissions and |
420 | +# limitations under the License. |
421 | |
422 | === modified file 'charmhelpers/contrib/hahelpers/apache.py' |
423 | --- charmhelpers/contrib/hahelpers/apache.py 2015-09-28 20:09:02 +0000 |
424 | +++ charmhelpers/contrib/hahelpers/apache.py 2017-03-04 02:21:16 +0000 |
425 | @@ -1,18 +1,16 @@ |
426 | # Copyright 2014-2015 Canonical Limited. |
427 | # |
428 | -# This file is part of charm-helpers. |
429 | -# |
430 | -# charm-helpers is free software: you can redistribute it and/or modify |
431 | -# it under the terms of the GNU Lesser General Public License version 3 as |
432 | -# published by the Free Software Foundation. |
433 | -# |
434 | -# charm-helpers is distributed in the hope that it will be useful, |
435 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
436 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
437 | -# GNU Lesser General Public License for more details. |
438 | -# |
439 | -# You should have received a copy of the GNU Lesser General Public License |
440 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
441 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
442 | +# you may not use this file except in compliance with the License. |
443 | +# You may obtain a copy of the License at |
444 | +# |
445 | +# http://www.apache.org/licenses/LICENSE-2.0 |
446 | +# |
447 | +# Unless required by applicable law or agreed to in writing, software |
448 | +# distributed under the License is distributed on an "AS IS" BASIS, |
449 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
450 | +# See the License for the specific language governing permissions and |
451 | +# limitations under the License. |
452 | |
453 | # |
454 | # Copyright 2012 Canonical Ltd. |
455 | @@ -24,6 +22,7 @@ |
456 | # Adam Gandelman <adamg@ubuntu.com> |
457 | # |
458 | |
459 | +import os |
460 | import subprocess |
461 | |
462 | from charmhelpers.core.hookenv import ( |
463 | @@ -74,9 +73,23 @@ |
464 | return ca_cert |
465 | |
466 | |
467 | +def retrieve_ca_cert(cert_file): |
468 | + cert = None |
469 | + if os.path.isfile(cert_file): |
470 | + with open(cert_file, 'r') as crt: |
471 | + cert = crt.read() |
472 | + return cert |
473 | + |
474 | + |
475 | def install_ca_cert(ca_cert): |
476 | if ca_cert: |
477 | - with open('/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt', |
478 | - 'w') as crt: |
479 | - crt.write(ca_cert) |
480 | - subprocess.check_call(['update-ca-certificates', '--fresh']) |
481 | + cert_file = ('/usr/local/share/ca-certificates/' |
482 | + 'keystone_juju_ca_cert.crt') |
483 | + old_cert = retrieve_ca_cert(cert_file) |
484 | + if old_cert and old_cert == ca_cert: |
485 | + log("CA cert is the same as installed version", level=INFO) |
486 | + else: |
487 | + log("Installing new CA cert", level=INFO) |
488 | + with open(cert_file, 'w') as crt: |
489 | + crt.write(ca_cert) |
490 | + subprocess.check_call(['update-ca-certificates', '--fresh']) |
491 | |
492 | === modified file 'charmhelpers/contrib/hahelpers/cluster.py' |
493 | --- charmhelpers/contrib/hahelpers/cluster.py 2015-09-28 20:09:02 +0000 |
494 | +++ charmhelpers/contrib/hahelpers/cluster.py 2017-03-04 02:21:16 +0000 |
495 | @@ -1,18 +1,16 @@ |
496 | # Copyright 2014-2015 Canonical Limited. |
497 | # |
498 | -# This file is part of charm-helpers. |
499 | -# |
500 | -# charm-helpers is free software: you can redistribute it and/or modify |
501 | -# it under the terms of the GNU Lesser General Public License version 3 as |
502 | -# published by the Free Software Foundation. |
503 | -# |
504 | -# charm-helpers is distributed in the hope that it will be useful, |
505 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
506 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
507 | -# GNU Lesser General Public License for more details. |
508 | -# |
509 | -# You should have received a copy of the GNU Lesser General Public License |
510 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
511 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
512 | +# you may not use this file except in compliance with the License. |
513 | +# You may obtain a copy of the License at |
514 | +# |
515 | +# http://www.apache.org/licenses/LICENSE-2.0 |
516 | +# |
517 | +# Unless required by applicable law or agreed to in writing, software |
518 | +# distributed under the License is distributed on an "AS IS" BASIS, |
519 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
520 | +# See the License for the specific language governing permissions and |
521 | +# limitations under the License. |
522 | |
523 | # |
524 | # Copyright 2012 Canonical Ltd. |
525 | @@ -41,10 +39,11 @@ |
526 | relation_get, |
527 | config as config_get, |
528 | INFO, |
529 | - ERROR, |
530 | + DEBUG, |
531 | WARNING, |
532 | unit_get, |
533 | - is_leader as juju_is_leader |
534 | + is_leader as juju_is_leader, |
535 | + status_set, |
536 | ) |
537 | from charmhelpers.core.decorators import ( |
538 | retry_on_exception, |
539 | @@ -60,6 +59,10 @@ |
540 | pass |
541 | |
542 | |
543 | +class HAIncorrectConfig(Exception): |
544 | + pass |
545 | + |
546 | + |
547 | class CRMResourceNotFound(Exception): |
548 | pass |
549 | |
550 | @@ -274,27 +277,71 @@ |
551 | Obtains all relevant configuration from charm configuration required |
552 | for initiating a relation to hacluster: |
553 | |
554 | - ha-bindiface, ha-mcastport, vip |
555 | + ha-bindiface, ha-mcastport, vip, os-internal-hostname, |
556 | + os-admin-hostname, os-public-hostname, os-access-hostname |
557 | |
558 | param: exclude_keys: list of setting key(s) to be excluded. |
559 | returns: dict: A dict containing settings keyed by setting name. |
560 | - raises: HAIncompleteConfig if settings are missing. |
561 | + raises: HAIncompleteConfig if settings are missing or incorrect. |
562 | ''' |
563 | - settings = ['ha-bindiface', 'ha-mcastport', 'vip'] |
564 | + settings = ['ha-bindiface', 'ha-mcastport', 'vip', 'os-internal-hostname', |
565 | + 'os-admin-hostname', 'os-public-hostname', 'os-access-hostname'] |
566 | conf = {} |
567 | for setting in settings: |
568 | if exclude_keys and setting in exclude_keys: |
569 | continue |
570 | |
571 | conf[setting] = config_get(setting) |
572 | - missing = [] |
573 | - [missing.append(s) for s, v in six.iteritems(conf) if v is None] |
574 | - if missing: |
575 | - log('Insufficient config data to configure hacluster.', level=ERROR) |
576 | - raise HAIncompleteConfig |
577 | + |
578 | + if not valid_hacluster_config(): |
579 | + raise HAIncorrectConfig('Insufficient or incorrect config data to ' |
580 | + 'configure hacluster.') |
581 | return conf |
582 | |
583 | |
584 | +def valid_hacluster_config(): |
585 | + ''' |
586 | + Check that either vip or dns-ha is set. If dns-ha then one of os-*-hostname |
587 | + must be set. |
588 | + |
589 | + Note: ha-bindiface and ha-macastport both have defaults and will always |
590 | + be set. We only care that either vip or dns-ha is set. |
591 | + |
592 | + :returns: boolean: valid config returns true. |
593 | + raises: HAIncompatibileConfig if settings conflict. |
594 | + raises: HAIncompleteConfig if settings are missing. |
595 | + ''' |
596 | + vip = config_get('vip') |
597 | + dns = config_get('dns-ha') |
598 | + if not(bool(vip) ^ bool(dns)): |
599 | + msg = ('HA: Either vip or dns-ha must be set but not both in order to ' |
600 | + 'use high availability') |
601 | + status_set('blocked', msg) |
602 | + raise HAIncorrectConfig(msg) |
603 | + |
604 | + # If dns-ha then one of os-*-hostname must be set |
605 | + if dns: |
606 | + dns_settings = ['os-internal-hostname', 'os-admin-hostname', |
607 | + 'os-public-hostname', 'os-access-hostname'] |
608 | + # At this point it is unknown if one or all of the possible |
609 | + # network spaces are in HA. Validate at least one is set which is |
610 | + # the minimum required. |
611 | + for setting in dns_settings: |
612 | + if config_get(setting): |
613 | + log('DNS HA: At least one hostname is set {}: {}' |
614 | + ''.format(setting, config_get(setting)), |
615 | + level=DEBUG) |
616 | + return True |
617 | + |
618 | + msg = ('DNS HA: At least one os-*-hostname(s) must be set to use ' |
619 | + 'DNS HA') |
620 | + status_set('blocked', msg) |
621 | + raise HAIncompleteConfig(msg) |
622 | + |
623 | + log('VIP HA: VIP is set {}'.format(vip), level=DEBUG) |
624 | + return True |
625 | + |
626 | + |
627 | def canonical_url(configs, vip_setting='vip'): |
628 | ''' |
629 | Returns the correct HTTP URL to this host given the state of HTTPS |
630 | |
631 | === modified file 'charmhelpers/contrib/network/__init__.py' |
632 | --- charmhelpers/contrib/network/__init__.py 2015-09-28 20:09:02 +0000 |
633 | +++ charmhelpers/contrib/network/__init__.py 2017-03-04 02:21:16 +0000 |
634 | @@ -1,15 +1,13 @@ |
635 | # Copyright 2014-2015 Canonical Limited. |
636 | # |
637 | -# This file is part of charm-helpers. |
638 | -# |
639 | -# charm-helpers is free software: you can redistribute it and/or modify |
640 | -# it under the terms of the GNU Lesser General Public License version 3 as |
641 | -# published by the Free Software Foundation. |
642 | -# |
643 | -# charm-helpers is distributed in the hope that it will be useful, |
644 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
645 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
646 | -# GNU Lesser General Public License for more details. |
647 | -# |
648 | -# You should have received a copy of the GNU Lesser General Public License |
649 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
650 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
651 | +# you may not use this file except in compliance with the License. |
652 | +# You may obtain a copy of the License at |
653 | +# |
654 | +# http://www.apache.org/licenses/LICENSE-2.0 |
655 | +# |
656 | +# Unless required by applicable law or agreed to in writing, software |
657 | +# distributed under the License is distributed on an "AS IS" BASIS, |
658 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
659 | +# See the License for the specific language governing permissions and |
660 | +# limitations under the License. |
661 | |
662 | === modified file 'charmhelpers/contrib/network/ip.py' |
663 | --- charmhelpers/contrib/network/ip.py 2015-09-28 20:09:02 +0000 |
664 | +++ charmhelpers/contrib/network/ip.py 2017-03-04 02:21:16 +0000 |
665 | @@ -1,18 +1,16 @@ |
666 | # Copyright 2014-2015 Canonical Limited. |
667 | # |
668 | -# This file is part of charm-helpers. |
669 | -# |
670 | -# charm-helpers is free software: you can redistribute it and/or modify |
671 | -# it under the terms of the GNU Lesser General Public License version 3 as |
672 | -# published by the Free Software Foundation. |
673 | -# |
674 | -# charm-helpers is distributed in the hope that it will be useful, |
675 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
676 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
677 | -# GNU Lesser General Public License for more details. |
678 | -# |
679 | -# You should have received a copy of the GNU Lesser General Public License |
680 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
681 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
682 | +# you may not use this file except in compliance with the License. |
683 | +# You may obtain a copy of the License at |
684 | +# |
685 | +# http://www.apache.org/licenses/LICENSE-2.0 |
686 | +# |
687 | +# Unless required by applicable law or agreed to in writing, software |
688 | +# distributed under the License is distributed on an "AS IS" BASIS, |
689 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
690 | +# See the License for the specific language governing permissions and |
691 | +# limitations under the License. |
692 | |
693 | import glob |
694 | import re |
695 | @@ -33,14 +31,20 @@ |
696 | import netifaces |
697 | except ImportError: |
698 | apt_update(fatal=True) |
699 | - apt_install('python-netifaces', fatal=True) |
700 | + if six.PY2: |
701 | + apt_install('python-netifaces', fatal=True) |
702 | + else: |
703 | + apt_install('python3-netifaces', fatal=True) |
704 | import netifaces |
705 | |
706 | try: |
707 | import netaddr |
708 | except ImportError: |
709 | apt_update(fatal=True) |
710 | - apt_install('python-netaddr', fatal=True) |
711 | + if six.PY2: |
712 | + apt_install('python-netaddr', fatal=True) |
713 | + else: |
714 | + apt_install('python3-netaddr', fatal=True) |
715 | import netaddr |
716 | |
717 | |
718 | @@ -53,7 +57,7 @@ |
719 | |
720 | |
721 | def no_ip_found_error_out(network): |
722 | - errmsg = ("No IP address found in network: %s" % network) |
723 | + errmsg = ("No IP address found in network(s): %s" % network) |
724 | raise ValueError(errmsg) |
725 | |
726 | |
727 | @@ -61,7 +65,7 @@ |
728 | """Get an IPv4 or IPv6 address within the network from the host. |
729 | |
730 | :param network (str): CIDR presentation format. For example, |
731 | - '192.168.1.0/24'. |
732 | + '192.168.1.0/24'. Supports multiple networks as a space-delimited list. |
733 | :param fallback (str): If no address is found, return fallback. |
734 | :param fatal (boolean): If no address is found, fallback is not |
735 | set and fatal is True then exit(1). |
736 | @@ -75,24 +79,26 @@ |
737 | else: |
738 | return None |
739 | |
740 | - _validate_cidr(network) |
741 | - network = netaddr.IPNetwork(network) |
742 | - for iface in netifaces.interfaces(): |
743 | - addresses = netifaces.ifaddresses(iface) |
744 | - if network.version == 4 and netifaces.AF_INET in addresses: |
745 | - addr = addresses[netifaces.AF_INET][0]['addr'] |
746 | - netmask = addresses[netifaces.AF_INET][0]['netmask'] |
747 | - cidr = netaddr.IPNetwork("%s/%s" % (addr, netmask)) |
748 | - if cidr in network: |
749 | - return str(cidr.ip) |
750 | + networks = network.split() or [network] |
751 | + for network in networks: |
752 | + _validate_cidr(network) |
753 | + network = netaddr.IPNetwork(network) |
754 | + for iface in netifaces.interfaces(): |
755 | + addresses = netifaces.ifaddresses(iface) |
756 | + if network.version == 4 and netifaces.AF_INET in addresses: |
757 | + addr = addresses[netifaces.AF_INET][0]['addr'] |
758 | + netmask = addresses[netifaces.AF_INET][0]['netmask'] |
759 | + cidr = netaddr.IPNetwork("%s/%s" % (addr, netmask)) |
760 | + if cidr in network: |
761 | + return str(cidr.ip) |
762 | |
763 | - if network.version == 6 and netifaces.AF_INET6 in addresses: |
764 | - for addr in addresses[netifaces.AF_INET6]: |
765 | - if not addr['addr'].startswith('fe80'): |
766 | - cidr = netaddr.IPNetwork("%s/%s" % (addr['addr'], |
767 | - addr['netmask'])) |
768 | - if cidr in network: |
769 | - return str(cidr.ip) |
770 | + if network.version == 6 and netifaces.AF_INET6 in addresses: |
771 | + for addr in addresses[netifaces.AF_INET6]: |
772 | + if not addr['addr'].startswith('fe80'): |
773 | + cidr = netaddr.IPNetwork("%s/%s" % (addr['addr'], |
774 | + addr['netmask'])) |
775 | + if cidr in network: |
776 | + return str(cidr.ip) |
777 | |
778 | if fallback is not None: |
779 | return fallback |
780 | @@ -189,6 +195,15 @@ |
781 | get_netmask_for_address = partial(_get_for_address, key='netmask') |
782 | |
783 | |
784 | +def resolve_network_cidr(ip_address): |
785 | + ''' |
786 | + Resolves the full address cidr of an ip_address based on |
787 | + configured network interfaces |
788 | + ''' |
789 | + netmask = get_netmask_for_address(ip_address) |
790 | + return str(netaddr.IPNetwork("%s/%s" % (ip_address, netmask)).cidr) |
791 | + |
792 | + |
793 | def format_ipv6_addr(address): |
794 | """If address is IPv6, wrap it in '[]' otherwise return None. |
795 | |
796 | @@ -203,7 +218,16 @@ |
797 | |
798 | def get_iface_addr(iface='eth0', inet_type='AF_INET', inc_aliases=False, |
799 | fatal=True, exc_list=None): |
800 | - """Return the assigned IP address for a given interface, if any.""" |
801 | + """Return the assigned IP address for a given interface, if any. |
802 | + |
803 | + :param iface: network interface on which address(es) are expected to |
804 | + be found. |
805 | + :param inet_type: inet address family |
806 | + :param inc_aliases: include alias interfaces in search |
807 | + :param fatal: if True, raise exception if address not found |
808 | + :param exc_list: list of addresses to ignore |
809 | + :return: list of ip addresses |
810 | + """ |
811 | # Extract nic if passed /dev/ethX |
812 | if '/' in iface: |
813 | iface = iface.split('/')[-1] |
814 | @@ -304,6 +328,14 @@ |
815 | We currently only support scope global IPv6 addresses i.e. non-temporary |
816 | addresses. If no global IPv6 address is found, return the first one found |
817 | in the ipv6 address list. |
818 | + |
819 | + :param iface: network interface on which ipv6 address(es) are expected to |
820 | + be found. |
821 | + :param inc_aliases: include alias interfaces in search |
822 | + :param fatal: if True, raise exception if address not found |
823 | + :param exc_list: list of addresses to ignore |
824 | + :param dynamic_only: only recognise dynamic addresses |
825 | + :return: list of ipv6 addresses |
826 | """ |
827 | addresses = get_iface_addr(iface=iface, inet_type='AF_INET6', |
828 | inc_aliases=inc_aliases, fatal=fatal, |
829 | @@ -325,7 +357,7 @@ |
830 | cmd = ['ip', 'addr', 'show', iface] |
831 | out = subprocess.check_output(cmd).decode('UTF-8') |
832 | if dynamic_only: |
833 | - key = re.compile("inet6 (.+)/[0-9]+ scope global dynamic.*") |
834 | + key = re.compile("inet6 (.+)/[0-9]+ scope global.* dynamic.*") |
835 | else: |
836 | key = re.compile("inet6 (.+)/[0-9]+ scope global.*") |
837 | |
838 | @@ -377,10 +409,10 @@ |
839 | Returns True if address is a valid IP address. |
840 | """ |
841 | try: |
842 | - # Test to see if already an IPv4 address |
843 | - socket.inet_aton(address) |
844 | + # Test to see if already an IPv4/IPv6 address |
845 | + address = netaddr.IPAddress(address) |
846 | return True |
847 | - except socket.error: |
848 | + except (netaddr.AddrFormatError, ValueError): |
849 | return False |
850 | |
851 | |
852 | @@ -388,7 +420,10 @@ |
853 | try: |
854 | import dns.resolver |
855 | except ImportError: |
856 | - apt_install('python-dnspython') |
857 | + if six.PY2: |
858 | + apt_install('python-dnspython', fatal=True) |
859 | + else: |
860 | + apt_install('python3-dnspython', fatal=True) |
861 | import dns.resolver |
862 | |
863 | if isinstance(address, dns.name.Name): |
864 | @@ -398,7 +433,11 @@ |
865 | else: |
866 | return None |
867 | |
868 | - answers = dns.resolver.query(address, rtype) |
869 | + try: |
870 | + answers = dns.resolver.query(address, rtype) |
871 | + except dns.resolver.NXDOMAIN: |
872 | + return None |
873 | + |
874 | if answers: |
875 | return str(answers[0]) |
876 | return None |
877 | @@ -432,7 +471,10 @@ |
878 | try: |
879 | import dns.reversename |
880 | except ImportError: |
881 | - apt_install("python-dnspython") |
882 | + if six.PY2: |
883 | + apt_install("python-dnspython", fatal=True) |
884 | + else: |
885 | + apt_install("python3-dnspython", fatal=True) |
886 | import dns.reversename |
887 | |
888 | rev = dns.reversename.from_address(address) |
889 | @@ -454,3 +496,18 @@ |
890 | return result |
891 | else: |
892 | return result.split('.')[0] |
893 | + |
894 | + |
895 | +def port_has_listener(address, port): |
896 | + """ |
897 | + Returns True if the address:port is open and being listened to, |
898 | + else False. |
899 | + |
900 | + @param address: an IP address or hostname |
901 | + @param port: integer port |
902 | + |
903 | + Note calls 'zc' via a subprocess shell |
904 | + """ |
905 | + cmd = ['nc', '-z', address, str(port)] |
906 | + result = subprocess.call(cmd) |
907 | + return not(bool(result)) |
908 | |
909 | === modified file 'charmhelpers/contrib/openstack/__init__.py' |
910 | --- charmhelpers/contrib/openstack/__init__.py 2015-09-28 20:09:02 +0000 |
911 | +++ charmhelpers/contrib/openstack/__init__.py 2017-03-04 02:21:16 +0000 |
912 | @@ -1,15 +1,13 @@ |
913 | # Copyright 2014-2015 Canonical Limited. |
914 | # |
915 | -# This file is part of charm-helpers. |
916 | -# |
917 | -# charm-helpers is free software: you can redistribute it and/or modify |
918 | -# it under the terms of the GNU Lesser General Public License version 3 as |
919 | -# published by the Free Software Foundation. |
920 | -# |
921 | -# charm-helpers is distributed in the hope that it will be useful, |
922 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
923 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
924 | -# GNU Lesser General Public License for more details. |
925 | -# |
926 | -# You should have received a copy of the GNU Lesser General Public License |
927 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
928 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
929 | +# you may not use this file except in compliance with the License. |
930 | +# You may obtain a copy of the License at |
931 | +# |
932 | +# http://www.apache.org/licenses/LICENSE-2.0 |
933 | +# |
934 | +# Unless required by applicable law or agreed to in writing, software |
935 | +# distributed under the License is distributed on an "AS IS" BASIS, |
936 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
937 | +# See the License for the specific language governing permissions and |
938 | +# limitations under the License. |
939 | |
940 | === modified file 'charmhelpers/contrib/openstack/alternatives.py' |
941 | --- charmhelpers/contrib/openstack/alternatives.py 2015-09-28 20:09:02 +0000 |
942 | +++ charmhelpers/contrib/openstack/alternatives.py 2017-03-04 02:21:16 +0000 |
943 | @@ -1,18 +1,16 @@ |
944 | # Copyright 2014-2015 Canonical Limited. |
945 | # |
946 | -# This file is part of charm-helpers. |
947 | -# |
948 | -# charm-helpers is free software: you can redistribute it and/or modify |
949 | -# it under the terms of the GNU Lesser General Public License version 3 as |
950 | -# published by the Free Software Foundation. |
951 | -# |
952 | -# charm-helpers is distributed in the hope that it will be useful, |
953 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
954 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
955 | -# GNU Lesser General Public License for more details. |
956 | -# |
957 | -# You should have received a copy of the GNU Lesser General Public License |
958 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
959 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
960 | +# you may not use this file except in compliance with the License. |
961 | +# You may obtain a copy of the License at |
962 | +# |
963 | +# http://www.apache.org/licenses/LICENSE-2.0 |
964 | +# |
965 | +# Unless required by applicable law or agreed to in writing, software |
966 | +# distributed under the License is distributed on an "AS IS" BASIS, |
967 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
968 | +# See the License for the specific language governing permissions and |
969 | +# limitations under the License. |
970 | |
971 | ''' Helper for managing alternatives for file conflict resolution ''' |
972 | |
973 | |
974 | === modified file 'charmhelpers/contrib/openstack/amulet/__init__.py' |
975 | --- charmhelpers/contrib/openstack/amulet/__init__.py 2015-09-28 20:09:02 +0000 |
976 | +++ charmhelpers/contrib/openstack/amulet/__init__.py 2017-03-04 02:21:16 +0000 |
977 | @@ -1,15 +1,13 @@ |
978 | # Copyright 2014-2015 Canonical Limited. |
979 | # |
980 | -# This file is part of charm-helpers. |
981 | -# |
982 | -# charm-helpers is free software: you can redistribute it and/or modify |
983 | -# it under the terms of the GNU Lesser General Public License version 3 as |
984 | -# published by the Free Software Foundation. |
985 | -# |
986 | -# charm-helpers is distributed in the hope that it will be useful, |
987 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
988 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
989 | -# GNU Lesser General Public License for more details. |
990 | -# |
991 | -# You should have received a copy of the GNU Lesser General Public License |
992 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
993 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
994 | +# you may not use this file except in compliance with the License. |
995 | +# You may obtain a copy of the License at |
996 | +# |
997 | +# http://www.apache.org/licenses/LICENSE-2.0 |
998 | +# |
999 | +# Unless required by applicable law or agreed to in writing, software |
1000 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1001 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1002 | +# See the License for the specific language governing permissions and |
1003 | +# limitations under the License. |
1004 | |
1005 | === modified file 'charmhelpers/contrib/openstack/amulet/deployment.py' |
1006 | --- charmhelpers/contrib/openstack/amulet/deployment.py 2015-09-28 20:09:02 +0000 |
1007 | +++ charmhelpers/contrib/openstack/amulet/deployment.py 2017-03-04 02:21:16 +0000 |
1008 | @@ -1,25 +1,29 @@ |
1009 | # Copyright 2014-2015 Canonical Limited. |
1010 | # |
1011 | -# This file is part of charm-helpers. |
1012 | -# |
1013 | -# charm-helpers is free software: you can redistribute it and/or modify |
1014 | -# it under the terms of the GNU Lesser General Public License version 3 as |
1015 | -# published by the Free Software Foundation. |
1016 | -# |
1017 | -# charm-helpers is distributed in the hope that it will be useful, |
1018 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
1019 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
1020 | -# GNU Lesser General Public License for more details. |
1021 | -# |
1022 | -# You should have received a copy of the GNU Lesser General Public License |
1023 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
1024 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
1025 | +# you may not use this file except in compliance with the License. |
1026 | +# You may obtain a copy of the License at |
1027 | +# |
1028 | +# http://www.apache.org/licenses/LICENSE-2.0 |
1029 | +# |
1030 | +# Unless required by applicable law or agreed to in writing, software |
1031 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1032 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1033 | +# See the License for the specific language governing permissions and |
1034 | +# limitations under the License. |
1035 | |
1036 | +import logging |
1037 | +import re |
1038 | +import sys |
1039 | import six |
1040 | from collections import OrderedDict |
1041 | from charmhelpers.contrib.amulet.deployment import ( |
1042 | AmuletDeployment |
1043 | ) |
1044 | |
1045 | +DEBUG = logging.DEBUG |
1046 | +ERROR = logging.ERROR |
1047 | + |
1048 | |
1049 | class OpenStackAmuletDeployment(AmuletDeployment): |
1050 | """OpenStack amulet deployment. |
1051 | @@ -28,15 +32,31 @@ |
1052 | that is specifically for use by OpenStack charms. |
1053 | """ |
1054 | |
1055 | - def __init__(self, series=None, openstack=None, source=None, stable=True): |
1056 | + def __init__(self, series=None, openstack=None, source=None, |
1057 | + stable=True, log_level=DEBUG): |
1058 | """Initialize the deployment environment.""" |
1059 | super(OpenStackAmuletDeployment, self).__init__(series) |
1060 | + self.log = self.get_logger(level=log_level) |
1061 | + self.log.info('OpenStackAmuletDeployment: init') |
1062 | self.openstack = openstack |
1063 | self.source = source |
1064 | self.stable = stable |
1065 | - # Note(coreycb): this needs to be changed when new next branches come |
1066 | - # out. |
1067 | - self.current_next = "trusty" |
1068 | + |
1069 | + def get_logger(self, name="deployment-logger", level=logging.DEBUG): |
1070 | + """Get a logger object that will log to stdout.""" |
1071 | + log = logging |
1072 | + logger = log.getLogger(name) |
1073 | + fmt = log.Formatter("%(asctime)s %(funcName)s " |
1074 | + "%(levelname)s: %(message)s") |
1075 | + |
1076 | + handler = log.StreamHandler(stream=sys.stdout) |
1077 | + handler.setLevel(level) |
1078 | + handler.setFormatter(fmt) |
1079 | + |
1080 | + logger.addHandler(handler) |
1081 | + logger.setLevel(level) |
1082 | + |
1083 | + return logger |
1084 | |
1085 | def _determine_branch_locations(self, other_services): |
1086 | """Determine the branch locations for the other services. |
1087 | @@ -45,43 +65,82 @@ |
1088 | stable or next (dev) branch, and based on this, use the corresonding |
1089 | stable or next branches for the other_services.""" |
1090 | |
1091 | - # Charms outside the lp:~openstack-charmers namespace |
1092 | - base_charms = ['mysql', 'mongodb', 'nrpe'] |
1093 | - |
1094 | - # Force these charms to current series even when using an older series. |
1095 | - # ie. Use trusty/nrpe even when series is precise, as the P charm |
1096 | - # does not possess the necessary external master config and hooks. |
1097 | - force_series_current = ['nrpe'] |
1098 | - |
1099 | - if self.series in ['precise', 'trusty']: |
1100 | - base_series = self.series |
1101 | - else: |
1102 | - base_series = self.current_next |
1103 | + self.log.info('OpenStackAmuletDeployment: determine branch locations') |
1104 | + |
1105 | + # Charms outside the ~openstack-charmers |
1106 | + base_charms = { |
1107 | + 'mysql': ['trusty'], |
1108 | + 'mongodb': ['trusty'], |
1109 | + 'nrpe': ['trusty', 'xenial'], |
1110 | + } |
1111 | |
1112 | for svc in other_services: |
1113 | - if svc['name'] in force_series_current: |
1114 | - base_series = self.current_next |
1115 | # If a location has been explicitly set, use it |
1116 | if svc.get('location'): |
1117 | continue |
1118 | - if self.stable: |
1119 | - temp = 'lp:charms/{}/{}' |
1120 | - svc['location'] = temp.format(base_series, |
1121 | - svc['name']) |
1122 | + if svc['name'] in base_charms: |
1123 | + # NOTE: not all charms have support for all series we |
1124 | + # want/need to test against, so fix to most recent |
1125 | + # that each base charm supports |
1126 | + target_series = self.series |
1127 | + if self.series not in base_charms[svc['name']]: |
1128 | + target_series = base_charms[svc['name']][-1] |
1129 | + svc['location'] = 'cs:{}/{}'.format(target_series, |
1130 | + svc['name']) |
1131 | + elif self.stable: |
1132 | + svc['location'] = 'cs:{}/{}'.format(self.series, |
1133 | + svc['name']) |
1134 | else: |
1135 | - if svc['name'] in base_charms: |
1136 | - temp = 'lp:charms/{}/{}' |
1137 | - svc['location'] = temp.format(base_series, |
1138 | - svc['name']) |
1139 | - else: |
1140 | - temp = 'lp:~openstack-charmers/charms/{}/{}/next' |
1141 | - svc['location'] = temp.format(self.current_next, |
1142 | - svc['name']) |
1143 | + svc['location'] = 'cs:~openstack-charmers-next/{}/{}'.format( |
1144 | + self.series, |
1145 | + svc['name'] |
1146 | + ) |
1147 | |
1148 | return other_services |
1149 | |
1150 | - def _add_services(self, this_service, other_services): |
1151 | - """Add services to the deployment and set openstack-origin/source.""" |
1152 | + def _add_services(self, this_service, other_services, use_source=None, |
1153 | + no_origin=None): |
1154 | + """Add services to the deployment and optionally set |
1155 | + openstack-origin/source. |
1156 | + |
1157 | + :param this_service dict: Service dictionary describing the service |
1158 | + whose amulet tests are being run |
1159 | + :param other_services dict: List of service dictionaries describing |
1160 | + the services needed to support the target |
1161 | + service |
1162 | + :param use_source list: List of services which use the 'source' config |
1163 | + option rather than 'openstack-origin' |
1164 | + :param no_origin list: List of services which do not support setting |
1165 | + the Cloud Archive. |
1166 | + Service Dict: |
1167 | + { |
1168 | + 'name': str charm-name, |
1169 | + 'units': int number of units, |
1170 | + 'constraints': dict of juju constraints, |
1171 | + 'location': str location of charm, |
1172 | + } |
1173 | + eg |
1174 | + this_service = { |
1175 | + 'name': 'openvswitch-odl', |
1176 | + 'constraints': {'mem': '8G'}, |
1177 | + } |
1178 | + other_services = [ |
1179 | + { |
1180 | + 'name': 'nova-compute', |
1181 | + 'units': 2, |
1182 | + 'constraints': {'mem': '4G'}, |
1183 | + 'location': cs:~bob/xenial/nova-compute |
1184 | + }, |
1185 | + { |
1186 | + 'name': 'mysql', |
1187 | + 'constraints': {'mem': '2G'}, |
1188 | + }, |
1189 | + {'neutron-api-odl'}] |
1190 | + use_source = ['mysql'] |
1191 | + no_origin = ['neutron-api-odl'] |
1192 | + """ |
1193 | + self.log.info('OpenStackAmuletDeployment: adding services') |
1194 | + |
1195 | other_services = self._determine_branch_locations(other_services) |
1196 | |
1197 | super(OpenStackAmuletDeployment, self)._add_services(this_service, |
1198 | @@ -90,12 +149,22 @@ |
1199 | services = other_services |
1200 | services.append(this_service) |
1201 | |
1202 | + use_source = use_source or [] |
1203 | + no_origin = no_origin or [] |
1204 | + |
1205 | # Charms which should use the source config option |
1206 | - use_source = ['mysql', 'mongodb', 'rabbitmq-server', 'ceph', |
1207 | - 'ceph-osd', 'ceph-radosgw'] |
1208 | + use_source = list(set( |
1209 | + use_source + ['mysql', 'mongodb', 'rabbitmq-server', 'ceph', |
1210 | + 'ceph-osd', 'ceph-radosgw', 'ceph-mon', |
1211 | + 'ceph-proxy', 'percona-cluster', 'lxd'])) |
1212 | |
1213 | # Charms which can not use openstack-origin, ie. many subordinates |
1214 | - no_origin = ['cinder-ceph', 'hacluster', 'neutron-openvswitch', 'nrpe'] |
1215 | + no_origin = list(set( |
1216 | + no_origin + ['cinder-ceph', 'hacluster', 'neutron-openvswitch', |
1217 | + 'nrpe', 'openvswitch-odl', 'neutron-api-odl', |
1218 | + 'odl-controller', 'cinder-backup', 'nexentaedge-data', |
1219 | + 'nexentaedge-iscsi-gw', 'nexentaedge-swift-gw', |
1220 | + 'cinder-nexentaedge', 'nexentaedge-mgmt'])) |
1221 | |
1222 | if self.openstack: |
1223 | for svc in services: |
1224 | @@ -111,9 +180,79 @@ |
1225 | |
1226 | def _configure_services(self, configs): |
1227 | """Configure all of the services.""" |
1228 | + self.log.info('OpenStackAmuletDeployment: configure services') |
1229 | for service, config in six.iteritems(configs): |
1230 | self.d.configure(service, config) |
1231 | |
1232 | + def _auto_wait_for_status(self, message=None, exclude_services=None, |
1233 | + include_only=None, timeout=1800): |
1234 | + """Wait for all units to have a specific extended status, except |
1235 | + for any defined as excluded. Unless specified via message, any |
1236 | + status containing any case of 'ready' will be considered a match. |
1237 | + |
1238 | + Examples of message usage: |
1239 | + |
1240 | + Wait for all unit status to CONTAIN any case of 'ready' or 'ok': |
1241 | + message = re.compile('.*ready.*|.*ok.*', re.IGNORECASE) |
1242 | + |
1243 | + Wait for all units to reach this status (exact match): |
1244 | + message = re.compile('^Unit is ready and clustered$') |
1245 | + |
1246 | + Wait for all units to reach any one of these (exact match): |
1247 | + message = re.compile('Unit is ready|OK|Ready') |
1248 | + |
1249 | + Wait for at least one unit to reach this status (exact match): |
1250 | + message = {'ready'} |
1251 | + |
1252 | + See Amulet's sentry.wait_for_messages() for message usage detail. |
1253 | + https://github.com/juju/amulet/blob/master/amulet/sentry.py |
1254 | + |
1255 | + :param message: Expected status match |
1256 | + :param exclude_services: List of juju service names to ignore, |
1257 | + not to be used in conjuction with include_only. |
1258 | + :param include_only: List of juju service names to exclusively check, |
1259 | + not to be used in conjuction with exclude_services. |
1260 | + :param timeout: Maximum time in seconds to wait for status match |
1261 | + :returns: None. Raises if timeout is hit. |
1262 | + """ |
1263 | + self.log.info('Waiting for extended status on units...') |
1264 | + |
1265 | + all_services = self.d.services.keys() |
1266 | + |
1267 | + if exclude_services and include_only: |
1268 | + raise ValueError('exclude_services can not be used ' |
1269 | + 'with include_only') |
1270 | + |
1271 | + if message: |
1272 | + if isinstance(message, re._pattern_type): |
1273 | + match = message.pattern |
1274 | + else: |
1275 | + match = message |
1276 | + |
1277 | + self.log.debug('Custom extended status wait match: ' |
1278 | + '{}'.format(match)) |
1279 | + else: |
1280 | + self.log.debug('Default extended status wait match: contains ' |
1281 | + 'READY (case-insensitive)') |
1282 | + message = re.compile('.*ready.*', re.IGNORECASE) |
1283 | + |
1284 | + if exclude_services: |
1285 | + self.log.debug('Excluding services from extended status match: ' |
1286 | + '{}'.format(exclude_services)) |
1287 | + else: |
1288 | + exclude_services = [] |
1289 | + |
1290 | + if include_only: |
1291 | + services = include_only |
1292 | + else: |
1293 | + services = list(set(all_services) - set(exclude_services)) |
1294 | + |
1295 | + self.log.debug('Waiting up to {}s for extended status on services: ' |
1296 | + '{}'.format(timeout, services)) |
1297 | + service_messages = {service: message for service in services} |
1298 | + self.d.sentry.wait_for_messages(service_messages, timeout=timeout) |
1299 | + self.log.info('OK') |
1300 | + |
1301 | def _get_openstack_release(self): |
1302 | """Get openstack release. |
1303 | |
1304 | @@ -121,25 +260,21 @@ |
1305 | release. |
1306 | """ |
1307 | # Must be ordered by OpenStack release (not by Ubuntu release): |
1308 | - (self.precise_essex, self.precise_folsom, self.precise_grizzly, |
1309 | - self.precise_havana, self.precise_icehouse, |
1310 | - self.trusty_icehouse, self.trusty_juno, self.utopic_juno, |
1311 | - self.trusty_kilo, self.vivid_kilo, self.trusty_liberty, |
1312 | - self.wily_liberty) = range(12) |
1313 | + (self.trusty_icehouse, self.trusty_kilo, self.trusty_liberty, |
1314 | + self.trusty_mitaka, self.xenial_mitaka, self.xenial_newton, |
1315 | + self.yakkety_newton, self.xenial_ocata, self.zesty_ocata) = range(9) |
1316 | |
1317 | releases = { |
1318 | - ('precise', None): self.precise_essex, |
1319 | - ('precise', 'cloud:precise-folsom'): self.precise_folsom, |
1320 | - ('precise', 'cloud:precise-grizzly'): self.precise_grizzly, |
1321 | - ('precise', 'cloud:precise-havana'): self.precise_havana, |
1322 | - ('precise', 'cloud:precise-icehouse'): self.precise_icehouse, |
1323 | ('trusty', None): self.trusty_icehouse, |
1324 | - ('trusty', 'cloud:trusty-juno'): self.trusty_juno, |
1325 | ('trusty', 'cloud:trusty-kilo'): self.trusty_kilo, |
1326 | ('trusty', 'cloud:trusty-liberty'): self.trusty_liberty, |
1327 | - ('utopic', None): self.utopic_juno, |
1328 | - ('vivid', None): self.vivid_kilo, |
1329 | - ('wily', None): self.wily_liberty} |
1330 | + ('trusty', 'cloud:trusty-mitaka'): self.trusty_mitaka, |
1331 | + ('xenial', None): self.xenial_mitaka, |
1332 | + ('xenial', 'cloud:xenial-newton'): self.xenial_newton, |
1333 | + ('xenial', 'cloud:xenial-ocata'): self.xenial_ocata, |
1334 | + ('yakkety', None): self.yakkety_newton, |
1335 | + ('zesty', None): self.zesty_ocata, |
1336 | + } |
1337 | return releases[(self.series, self.openstack)] |
1338 | |
1339 | def _get_openstack_release_string(self): |
1340 | @@ -148,14 +283,10 @@ |
1341 | Return a string representing the openstack release. |
1342 | """ |
1343 | releases = OrderedDict([ |
1344 | - ('precise', 'essex'), |
1345 | - ('quantal', 'folsom'), |
1346 | - ('raring', 'grizzly'), |
1347 | - ('saucy', 'havana'), |
1348 | ('trusty', 'icehouse'), |
1349 | - ('utopic', 'juno'), |
1350 | - ('vivid', 'kilo'), |
1351 | - ('wily', 'liberty'), |
1352 | + ('xenial', 'mitaka'), |
1353 | + ('yakkety', 'newton'), |
1354 | + ('zesty', 'ocata'), |
1355 | ]) |
1356 | if self.openstack: |
1357 | os_origin = self.openstack.split(':')[1] |
1358 | |
1359 | === modified file 'charmhelpers/contrib/openstack/amulet/utils.py' |
1360 | --- charmhelpers/contrib/openstack/amulet/utils.py 2015-09-28 20:38:07 +0000 |
1361 | +++ charmhelpers/contrib/openstack/amulet/utils.py 2017-03-04 02:21:16 +0000 |
1362 | @@ -1,42 +1,51 @@ |
1363 | # Copyright 2014-2015 Canonical Limited. |
1364 | # |
1365 | -# This file is part of charm-helpers. |
1366 | -# |
1367 | -# charm-helpers is free software: you can redistribute it and/or modify |
1368 | -# it under the terms of the GNU Lesser General Public License version 3 as |
1369 | -# published by the Free Software Foundation. |
1370 | -# |
1371 | -# charm-helpers is distributed in the hope that it will be useful, |
1372 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
1373 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
1374 | -# GNU Lesser General Public License for more details. |
1375 | -# |
1376 | -# You should have received a copy of the GNU Lesser General Public License |
1377 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
1378 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
1379 | +# you may not use this file except in compliance with the License. |
1380 | +# You may obtain a copy of the License at |
1381 | +# |
1382 | +# http://www.apache.org/licenses/LICENSE-2.0 |
1383 | +# |
1384 | +# Unless required by applicable law or agreed to in writing, software |
1385 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1386 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1387 | +# See the License for the specific language governing permissions and |
1388 | +# limitations under the License. |
1389 | |
1390 | import amulet |
1391 | import json |
1392 | import logging |
1393 | import os |
1394 | +import re |
1395 | import six |
1396 | import time |
1397 | import urllib |
1398 | +import urlparse |
1399 | |
1400 | import cinderclient.v1.client as cinder_client |
1401 | import glanceclient.v1.client as glance_client |
1402 | import heatclient.v1.client as heat_client |
1403 | import keystoneclient.v2_0 as keystone_client |
1404 | -import novaclient.v1_1.client as nova_client |
1405 | +from keystoneclient.auth.identity import v3 as keystone_id_v3 |
1406 | +from keystoneclient import session as keystone_session |
1407 | +from keystoneclient.v3 import client as keystone_client_v3 |
1408 | +from novaclient import exceptions |
1409 | + |
1410 | +import novaclient.client as nova_client |
1411 | +import novaclient |
1412 | import pika |
1413 | import swiftclient |
1414 | |
1415 | from charmhelpers.contrib.amulet.utils import ( |
1416 | AmuletUtils |
1417 | ) |
1418 | +from charmhelpers.core.decorators import retry_on_exception |
1419 | |
1420 | DEBUG = logging.DEBUG |
1421 | ERROR = logging.ERROR |
1422 | |
1423 | +NOVA_CLIENT_VERSION = "2" |
1424 | + |
1425 | |
1426 | class OpenStackAmuletUtils(AmuletUtils): |
1427 | """OpenStack amulet utilities. |
1428 | @@ -78,6 +87,56 @@ |
1429 | if not found: |
1430 | return 'endpoint not found' |
1431 | |
1432 | + def validate_v3_endpoint_data(self, endpoints, admin_port, internal_port, |
1433 | + public_port, expected): |
1434 | + """Validate keystone v3 endpoint data. |
1435 | + |
1436 | + Validate the v3 endpoint data which has changed from v2. The |
1437 | + ports are used to find the matching endpoint. |
1438 | + |
1439 | + The new v3 endpoint data looks like: |
1440 | + |
1441 | + [<Endpoint enabled=True, |
1442 | + id=0432655fc2f74d1e9fa17bdaa6f6e60b, |
1443 | + interface=admin, |
1444 | + links={u'self': u'<RESTful URL of this endpoint>'}, |
1445 | + region=RegionOne, |
1446 | + region_id=RegionOne, |
1447 | + service_id=17f842a0dc084b928e476fafe67e4095, |
1448 | + url=http://10.5.6.5:9312>, |
1449 | + <Endpoint enabled=True, |
1450 | + id=6536cb6cb92f4f41bf22b079935c7707, |
1451 | + interface=admin, |
1452 | + links={u'self': u'<RESTful url of this endpoint>'}, |
1453 | + region=RegionOne, |
1454 | + region_id=RegionOne, |
1455 | + service_id=72fc8736fb41435e8b3584205bb2cfa3, |
1456 | + url=http://10.5.6.6:35357/v3>, |
1457 | + ... ] |
1458 | + """ |
1459 | + self.log.debug('Validating v3 endpoint data...') |
1460 | + self.log.debug('actual: {}'.format(repr(endpoints))) |
1461 | + found = [] |
1462 | + for ep in endpoints: |
1463 | + self.log.debug('endpoint: {}'.format(repr(ep))) |
1464 | + if ((admin_port in ep.url and ep.interface == 'admin') or |
1465 | + (internal_port in ep.url and ep.interface == 'internal') or |
1466 | + (public_port in ep.url and ep.interface == 'public')): |
1467 | + found.append(ep.interface) |
1468 | + # note we ignore the links member. |
1469 | + actual = {'id': ep.id, |
1470 | + 'region': ep.region, |
1471 | + 'region_id': ep.region_id, |
1472 | + 'interface': self.not_null, |
1473 | + 'url': ep.url, |
1474 | + 'service_id': ep.service_id, } |
1475 | + ret = self._validate_dict_data(expected, actual) |
1476 | + if ret: |
1477 | + return 'unexpected endpoint data - {}'.format(ret) |
1478 | + |
1479 | + if len(found) != 3: |
1480 | + return 'Unexpected number of endpoints found' |
1481 | + |
1482 | def validate_svc_catalog_endpoint_data(self, expected, actual): |
1483 | """Validate service catalog endpoint data. |
1484 | |
1485 | @@ -95,6 +154,72 @@ |
1486 | return "endpoint {} does not exist".format(k) |
1487 | return ret |
1488 | |
1489 | + def validate_v3_svc_catalog_endpoint_data(self, expected, actual): |
1490 | + """Validate the keystone v3 catalog endpoint data. |
1491 | + |
1492 | + Validate a list of dictinaries that make up the keystone v3 service |
1493 | + catalogue. |
1494 | + |
1495 | + It is in the form of: |
1496 | + |
1497 | + |
1498 | + {u'identity': [{u'id': u'48346b01c6804b298cdd7349aadb732e', |
1499 | + u'interface': u'admin', |
1500 | + u'region': u'RegionOne', |
1501 | + u'region_id': u'RegionOne', |
1502 | + u'url': u'http://10.5.5.224:35357/v3'}, |
1503 | + {u'id': u'8414f7352a4b47a69fddd9dbd2aef5cf', |
1504 | + u'interface': u'public', |
1505 | + u'region': u'RegionOne', |
1506 | + u'region_id': u'RegionOne', |
1507 | + u'url': u'http://10.5.5.224:5000/v3'}, |
1508 | + {u'id': u'd5ca31440cc24ee1bf625e2996fb6a5b', |
1509 | + u'interface': u'internal', |
1510 | + u'region': u'RegionOne', |
1511 | + u'region_id': u'RegionOne', |
1512 | + u'url': u'http://10.5.5.224:5000/v3'}], |
1513 | + u'key-manager': [{u'id': u'68ebc17df0b045fcb8a8a433ebea9e62', |
1514 | + u'interface': u'public', |
1515 | + u'region': u'RegionOne', |
1516 | + u'region_id': u'RegionOne', |
1517 | + u'url': u'http://10.5.5.223:9311'}, |
1518 | + {u'id': u'9cdfe2a893c34afd8f504eb218cd2f9d', |
1519 | + u'interface': u'internal', |
1520 | + u'region': u'RegionOne', |
1521 | + u'region_id': u'RegionOne', |
1522 | + u'url': u'http://10.5.5.223:9311'}, |
1523 | + {u'id': u'f629388955bc407f8b11d8b7ca168086', |
1524 | + u'interface': u'admin', |
1525 | + u'region': u'RegionOne', |
1526 | + u'region_id': u'RegionOne', |
1527 | + u'url': u'http://10.5.5.223:9312'}]} |
1528 | + |
1529 | + Note, that an added complication is that the order of admin, public, |
1530 | + internal against 'interface' in each region. |
1531 | + |
1532 | + Thus, the function sorts the expected and actual lists using the |
1533 | + interface key as a sort key, prior to the comparison. |
1534 | + """ |
1535 | + self.log.debug('Validating v3 service catalog endpoint data...') |
1536 | + self.log.debug('actual: {}'.format(repr(actual))) |
1537 | + for k, v in six.iteritems(expected): |
1538 | + if k in actual: |
1539 | + l_expected = sorted(v, key=lambda x: x['interface']) |
1540 | + l_actual = sorted(actual[k], key=lambda x: x['interface']) |
1541 | + if len(l_actual) != len(l_expected): |
1542 | + return ("endpoint {} has differing number of interfaces " |
1543 | + " - expected({}), actual({})" |
1544 | + .format(k, len(l_expected), len(l_actual))) |
1545 | + for i_expected, i_actual in zip(l_expected, l_actual): |
1546 | + self.log.debug("checking interface {}" |
1547 | + .format(i_expected['interface'])) |
1548 | + ret = self._validate_dict_data(i_expected, i_actual) |
1549 | + if ret: |
1550 | + return self.endpoint_error(k, ret) |
1551 | + else: |
1552 | + return "endpoint {} does not exist".format(k) |
1553 | + return ret |
1554 | + |
1555 | def validate_tenant_data(self, expected, actual): |
1556 | """Validate tenant data. |
1557 | |
1558 | @@ -138,7 +263,7 @@ |
1559 | return "role {} does not exist".format(e['name']) |
1560 | return ret |
1561 | |
1562 | - def validate_user_data(self, expected, actual): |
1563 | + def validate_user_data(self, expected, actual, api_version=None): |
1564 | """Validate user data. |
1565 | |
1566 | Validate a list of actual user data vs a list of expected user |
1567 | @@ -149,10 +274,15 @@ |
1568 | for e in expected: |
1569 | found = False |
1570 | for act in actual: |
1571 | - a = {'enabled': act.enabled, 'name': act.name, |
1572 | - 'email': act.email, 'tenantId': act.tenantId, |
1573 | - 'id': act.id} |
1574 | - if e['name'] == a['name']: |
1575 | + if e['name'] == act.name: |
1576 | + a = {'enabled': act.enabled, 'name': act.name, |
1577 | + 'email': act.email, 'id': act.id} |
1578 | + if api_version == 3: |
1579 | + a['default_project_id'] = getattr(act, |
1580 | + 'default_project_id', |
1581 | + 'none') |
1582 | + else: |
1583 | + a['tenantId'] = act.tenantId |
1584 | found = True |
1585 | ret = self._validate_dict_data(e, a) |
1586 | if ret: |
1587 | @@ -176,34 +306,115 @@ |
1588 | self.log.debug('Checking if tenant exists ({})...'.format(tenant)) |
1589 | return tenant in [t.name for t in keystone.tenants.list()] |
1590 | |
1591 | + @retry_on_exception(5, base_delay=10) |
1592 | + def keystone_wait_for_propagation(self, sentry_relation_pairs, |
1593 | + api_version): |
1594 | + """Iterate over list of sentry and relation tuples and verify that |
1595 | + api_version has the expected value. |
1596 | + |
1597 | + :param sentry_relation_pairs: list of sentry, relation name tuples used |
1598 | + for monitoring propagation of relation |
1599 | + data |
1600 | + :param api_version: api_version to expect in relation data |
1601 | + :returns: None if successful. Raise on error. |
1602 | + """ |
1603 | + for (sentry, relation_name) in sentry_relation_pairs: |
1604 | + rel = sentry.relation('identity-service', |
1605 | + relation_name) |
1606 | + self.log.debug('keystone relation data: {}'.format(rel)) |
1607 | + if rel['api_version'] != str(api_version): |
1608 | + raise Exception("api_version not propagated through relation" |
1609 | + " data yet ('{}' != '{}')." |
1610 | + "".format(rel['api_version'], api_version)) |
1611 | + |
1612 | + def keystone_configure_api_version(self, sentry_relation_pairs, deployment, |
1613 | + api_version): |
1614 | + """Configure preferred-api-version of keystone in deployment and |
1615 | + monitor provided list of relation objects for propagation |
1616 | + before returning to caller. |
1617 | + |
1618 | + :param sentry_relation_pairs: list of sentry, relation tuples used for |
1619 | + monitoring propagation of relation data |
1620 | + :param deployment: deployment to configure |
1621 | + :param api_version: value preferred-api-version will be set to |
1622 | + :returns: None if successful. Raise on error. |
1623 | + """ |
1624 | + self.log.debug("Setting keystone preferred-api-version: '{}'" |
1625 | + "".format(api_version)) |
1626 | + |
1627 | + config = {'preferred-api-version': api_version} |
1628 | + deployment.d.configure('keystone', config) |
1629 | + self.keystone_wait_for_propagation(sentry_relation_pairs, api_version) |
1630 | + |
1631 | def authenticate_cinder_admin(self, keystone_sentry, username, |
1632 | password, tenant): |
1633 | """Authenticates admin user with cinder.""" |
1634 | # NOTE(beisner): cinder python client doesn't accept tokens. |
1635 | - service_ip = \ |
1636 | - keystone_sentry.relation('shared-db', |
1637 | - 'mysql:shared-db')['private-address'] |
1638 | - ept = "http://{}:5000/v2.0".format(service_ip.strip().decode('utf-8')) |
1639 | + keystone_ip = keystone_sentry.info['public-address'] |
1640 | + ept = "http://{}:5000/v2.0".format(keystone_ip.strip().decode('utf-8')) |
1641 | return cinder_client.Client(username, password, tenant, ept) |
1642 | |
1643 | + def authenticate_keystone(self, keystone_ip, username, password, |
1644 | + api_version=False, admin_port=False, |
1645 | + user_domain_name=None, domain_name=None, |
1646 | + project_domain_name=None, project_name=None): |
1647 | + """Authenticate with Keystone""" |
1648 | + self.log.debug('Authenticating with keystone...') |
1649 | + port = 5000 |
1650 | + if admin_port: |
1651 | + port = 35357 |
1652 | + base_ep = "http://{}:{}".format(keystone_ip.strip().decode('utf-8'), |
1653 | + port) |
1654 | + if not api_version or api_version == 2: |
1655 | + ep = base_ep + "/v2.0" |
1656 | + return keystone_client.Client(username=username, password=password, |
1657 | + tenant_name=project_name, |
1658 | + auth_url=ep) |
1659 | + else: |
1660 | + ep = base_ep + "/v3" |
1661 | + auth = keystone_id_v3.Password( |
1662 | + user_domain_name=user_domain_name, |
1663 | + username=username, |
1664 | + password=password, |
1665 | + domain_name=domain_name, |
1666 | + project_domain_name=project_domain_name, |
1667 | + project_name=project_name, |
1668 | + auth_url=ep |
1669 | + ) |
1670 | + return keystone_client_v3.Client( |
1671 | + session=keystone_session.Session(auth=auth) |
1672 | + ) |
1673 | + |
1674 | def authenticate_keystone_admin(self, keystone_sentry, user, password, |
1675 | - tenant): |
1676 | + tenant=None, api_version=None, |
1677 | + keystone_ip=None): |
1678 | """Authenticates admin user with the keystone admin endpoint.""" |
1679 | self.log.debug('Authenticating keystone admin...') |
1680 | - unit = keystone_sentry |
1681 | - service_ip = unit.relation('shared-db', |
1682 | - 'mysql:shared-db')['private-address'] |
1683 | - ep = "http://{}:35357/v2.0".format(service_ip.strip().decode('utf-8')) |
1684 | - return keystone_client.Client(username=user, password=password, |
1685 | - tenant_name=tenant, auth_url=ep) |
1686 | + if not keystone_ip: |
1687 | + keystone_ip = keystone_sentry.info['public-address'] |
1688 | + |
1689 | + user_domain_name = None |
1690 | + domain_name = None |
1691 | + if api_version == 3: |
1692 | + user_domain_name = 'admin_domain' |
1693 | + domain_name = user_domain_name |
1694 | + |
1695 | + return self.authenticate_keystone(keystone_ip, user, password, |
1696 | + project_name=tenant, |
1697 | + api_version=api_version, |
1698 | + user_domain_name=user_domain_name, |
1699 | + domain_name=domain_name, |
1700 | + admin_port=True) |
1701 | |
1702 | def authenticate_keystone_user(self, keystone, user, password, tenant): |
1703 | """Authenticates a regular user with the keystone public endpoint.""" |
1704 | self.log.debug('Authenticating keystone user ({})...'.format(user)) |
1705 | ep = keystone.service_catalog.url_for(service_type='identity', |
1706 | endpoint_type='publicURL') |
1707 | - return keystone_client.Client(username=user, password=password, |
1708 | - tenant_name=tenant, auth_url=ep) |
1709 | + keystone_ip = urlparse.urlparse(ep).hostname |
1710 | + |
1711 | + return self.authenticate_keystone(keystone_ip, user, password, |
1712 | + project_name=tenant) |
1713 | |
1714 | def authenticate_glance_admin(self, keystone): |
1715 | """Authenticates admin user with glance.""" |
1716 | @@ -224,8 +435,14 @@ |
1717 | self.log.debug('Authenticating nova user ({})...'.format(user)) |
1718 | ep = keystone.service_catalog.url_for(service_type='identity', |
1719 | endpoint_type='publicURL') |
1720 | - return nova_client.Client(username=user, api_key=password, |
1721 | - project_id=tenant, auth_url=ep) |
1722 | + if novaclient.__version__[0] >= "7": |
1723 | + return nova_client.Client(NOVA_CLIENT_VERSION, |
1724 | + username=user, password=password, |
1725 | + project_name=tenant, auth_url=ep) |
1726 | + else: |
1727 | + return nova_client.Client(NOVA_CLIENT_VERSION, |
1728 | + username=user, api_key=password, |
1729 | + project_id=tenant, auth_url=ep) |
1730 | |
1731 | def authenticate_swift_user(self, keystone, user, password, tenant): |
1732 | """Authenticates a regular user with swift api.""" |
1733 | @@ -238,6 +455,16 @@ |
1734 | tenant_name=tenant, |
1735 | auth_version='2.0') |
1736 | |
1737 | + def create_flavor(self, nova, name, ram, vcpus, disk, flavorid="auto", |
1738 | + ephemeral=0, swap=0, rxtx_factor=1.0, is_public=True): |
1739 | + """Create the specified flavor.""" |
1740 | + try: |
1741 | + nova.flavors.find(name=name) |
1742 | + except (exceptions.NotFound, exceptions.NoUniqueMatch): |
1743 | + self.log.debug('Creating flavor ({})'.format(name)) |
1744 | + nova.flavors.create(name, ram, vcpus, disk, flavorid, |
1745 | + ephemeral, swap, rxtx_factor, is_public) |
1746 | + |
1747 | def create_cirros_image(self, glance, image_name): |
1748 | """Download the latest cirros image and upload it to glance, |
1749 | validate and return a resource pointer. |
1750 | @@ -604,7 +831,22 @@ |
1751 | '{}'.format(sample_type, samples)) |
1752 | return None |
1753 | |
1754 | -# rabbitmq/amqp specific helpers: |
1755 | + # rabbitmq/amqp specific helpers: |
1756 | + |
1757 | + def rmq_wait_for_cluster(self, deployment, init_sleep=15, timeout=1200): |
1758 | + """Wait for rmq units extended status to show cluster readiness, |
1759 | + after an optional initial sleep period. Initial sleep is likely |
1760 | + necessary to be effective following a config change, as status |
1761 | + message may not instantly update to non-ready.""" |
1762 | + |
1763 | + if init_sleep: |
1764 | + time.sleep(init_sleep) |
1765 | + |
1766 | + message = re.compile('^Unit is ready and clustered$') |
1767 | + deployment._auto_wait_for_status(message=message, |
1768 | + timeout=timeout, |
1769 | + include_only=['rabbitmq-server']) |
1770 | + |
1771 | def add_rmq_test_user(self, sentry_units, |
1772 | username="testuser1", password="changeme"): |
1773 | """Add a test user via the first rmq juju unit, check connection as |
1774 | @@ -805,7 +1047,10 @@ |
1775 | if port: |
1776 | config['ssl_port'] = port |
1777 | |
1778 | - deployment.configure('rabbitmq-server', config) |
1779 | + deployment.d.configure('rabbitmq-server', config) |
1780 | + |
1781 | + # Wait for unit status |
1782 | + self.rmq_wait_for_cluster(deployment) |
1783 | |
1784 | # Confirm |
1785 | tries = 0 |
1786 | @@ -832,7 +1077,10 @@ |
1787 | |
1788 | # Disable RMQ SSL |
1789 | config = {'ssl': 'off'} |
1790 | - deployment.configure('rabbitmq-server', config) |
1791 | + deployment.d.configure('rabbitmq-server', config) |
1792 | + |
1793 | + # Wait for unit status |
1794 | + self.rmq_wait_for_cluster(deployment) |
1795 | |
1796 | # Confirm |
1797 | tries = 0 |
1798 | @@ -881,7 +1129,8 @@ |
1799 | retry_delay=5, |
1800 | socket_timeout=1) |
1801 | connection = pika.BlockingConnection(parameters) |
1802 | - assert connection.server_properties['product'] == 'RabbitMQ' |
1803 | + assert connection.is_open is True |
1804 | + assert connection.is_closing is False |
1805 | self.log.debug('Connect OK') |
1806 | return connection |
1807 | except Exception as e: |
1808 | @@ -961,3 +1210,70 @@ |
1809 | else: |
1810 | msg = 'No message retrieved.' |
1811 | amulet.raise_status(amulet.FAIL, msg) |
1812 | + |
1813 | + def validate_memcache(self, sentry_unit, conf, os_release, |
1814 | + earliest_release=5, section='keystone_authtoken', |
1815 | + check_kvs=None): |
1816 | + """Check Memcache is running and is configured to be used |
1817 | + |
1818 | + Example call from Amulet test: |
1819 | + |
1820 | + def test_110_memcache(self): |
1821 | + u.validate_memcache(self.neutron_api_sentry, |
1822 | + '/etc/neutron/neutron.conf', |
1823 | + self._get_openstack_release()) |
1824 | + |
1825 | + :param sentry_unit: sentry unit |
1826 | + :param conf: OpenStack config file to check memcache settings |
1827 | + :param os_release: Current OpenStack release int code |
1828 | + :param earliest_release: Earliest Openstack release to check int code |
1829 | + :param section: OpenStack config file section to check |
1830 | + :param check_kvs: Dict of settings to check in config file |
1831 | + :returns: None |
1832 | + """ |
1833 | + if os_release < earliest_release: |
1834 | + self.log.debug('Skipping memcache checks for deployment. {} <' |
1835 | + 'mitaka'.format(os_release)) |
1836 | + return |
1837 | + _kvs = check_kvs or {'memcached_servers': 'inet6:[::1]:11211'} |
1838 | + self.log.debug('Checking memcached is running') |
1839 | + ret = self.validate_services_by_name({sentry_unit: ['memcached']}) |
1840 | + if ret: |
1841 | + amulet.raise_status(amulet.FAIL, msg='Memcache running check' |
1842 | + 'failed {}'.format(ret)) |
1843 | + else: |
1844 | + self.log.debug('OK') |
1845 | + self.log.debug('Checking memcache url is configured in {}'.format( |
1846 | + conf)) |
1847 | + if self.validate_config_data(sentry_unit, conf, section, _kvs): |
1848 | + message = "Memcache config error in: {}".format(conf) |
1849 | + amulet.raise_status(amulet.FAIL, msg=message) |
1850 | + else: |
1851 | + self.log.debug('OK') |
1852 | + self.log.debug('Checking memcache configuration in ' |
1853 | + '/etc/memcached.conf') |
1854 | + contents = self.file_contents_safe(sentry_unit, '/etc/memcached.conf', |
1855 | + fatal=True) |
1856 | + ubuntu_release, _ = self.run_cmd_unit(sentry_unit, 'lsb_release -cs') |
1857 | + if ubuntu_release <= 'trusty': |
1858 | + memcache_listen_addr = 'ip6-localhost' |
1859 | + else: |
1860 | + memcache_listen_addr = '::1' |
1861 | + expected = { |
1862 | + '-p': '11211', |
1863 | + '-l': memcache_listen_addr} |
1864 | + found = [] |
1865 | + for key, value in expected.items(): |
1866 | + for line in contents.split('\n'): |
1867 | + if line.startswith(key): |
1868 | + self.log.debug('Checking {} is set to {}'.format( |
1869 | + key, |
1870 | + value)) |
1871 | + assert value == line.split()[-1] |
1872 | + self.log.debug(line.split()[-1]) |
1873 | + found.append(key) |
1874 | + if sorted(found) == sorted(expected.keys()): |
1875 | + self.log.debug('OK') |
1876 | + else: |
1877 | + message = "Memcache config error in: /etc/memcached.conf" |
1878 | + amulet.raise_status(amulet.FAIL, msg=message) |
1879 | |
1880 | === modified file 'charmhelpers/contrib/openstack/context.py' |
1881 | --- charmhelpers/contrib/openstack/context.py 2015-09-28 20:09:02 +0000 |
1882 | +++ charmhelpers/contrib/openstack/context.py 2017-03-04 02:21:16 +0000 |
1883 | @@ -1,29 +1,27 @@ |
1884 | # Copyright 2014-2015 Canonical Limited. |
1885 | # |
1886 | -# This file is part of charm-helpers. |
1887 | -# |
1888 | -# charm-helpers is free software: you can redistribute it and/or modify |
1889 | -# it under the terms of the GNU Lesser General Public License version 3 as |
1890 | -# published by the Free Software Foundation. |
1891 | -# |
1892 | -# charm-helpers is distributed in the hope that it will be useful, |
1893 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
1894 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
1895 | -# GNU Lesser General Public License for more details. |
1896 | -# |
1897 | -# You should have received a copy of the GNU Lesser General Public License |
1898 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
1899 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
1900 | +# you may not use this file except in compliance with the License. |
1901 | +# You may obtain a copy of the License at |
1902 | +# |
1903 | +# http://www.apache.org/licenses/LICENSE-2.0 |
1904 | +# |
1905 | +# Unless required by applicable law or agreed to in writing, software |
1906 | +# distributed under the License is distributed on an "AS IS" BASIS, |
1907 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
1908 | +# See the License for the specific language governing permissions and |
1909 | +# limitations under the License. |
1910 | |
1911 | import glob |
1912 | import json |
1913 | +import math |
1914 | import os |
1915 | import re |
1916 | import time |
1917 | from base64 import b64decode |
1918 | -from subprocess import check_call |
1919 | +from subprocess import check_call, CalledProcessError |
1920 | |
1921 | import six |
1922 | -import yaml |
1923 | |
1924 | from charmhelpers.fetch import ( |
1925 | apt_install, |
1926 | @@ -45,10 +43,12 @@ |
1927 | INFO, |
1928 | WARNING, |
1929 | ERROR, |
1930 | + status_set, |
1931 | ) |
1932 | |
1933 | from charmhelpers.core.sysctl import create as sysctl_create |
1934 | from charmhelpers.core.strutils import bool_from_string |
1935 | +from charmhelpers.contrib.openstack.exceptions import OSContextError |
1936 | |
1937 | from charmhelpers.core.host import ( |
1938 | get_bond_master, |
1939 | @@ -57,6 +57,8 @@ |
1940 | get_nic_hwaddr, |
1941 | mkdir, |
1942 | write_file, |
1943 | + pwgen, |
1944 | + lsb_release, |
1945 | ) |
1946 | from charmhelpers.contrib.hahelpers.cluster import ( |
1947 | determine_apache_port, |
1948 | @@ -86,15 +88,28 @@ |
1949 | is_address_in_network, |
1950 | is_bridge_member, |
1951 | ) |
1952 | -from charmhelpers.contrib.openstack.utils import get_host_ip |
1953 | +from charmhelpers.contrib.openstack.utils import ( |
1954 | + config_flags_parser, |
1955 | + get_host_ip, |
1956 | + git_determine_usr_bin, |
1957 | + git_determine_python_path, |
1958 | + enable_memcache, |
1959 | +) |
1960 | +from charmhelpers.core.unitdata import kv |
1961 | + |
1962 | +try: |
1963 | + import psutil |
1964 | +except ImportError: |
1965 | + if six.PY2: |
1966 | + apt_install('python-psutil', fatal=True) |
1967 | + else: |
1968 | + apt_install('python3-psutil', fatal=True) |
1969 | + import psutil |
1970 | + |
1971 | CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt' |
1972 | ADDRESS_TYPES = ['admin', 'internal', 'public'] |
1973 | |
1974 | |
1975 | -class OSContextError(Exception): |
1976 | - pass |
1977 | - |
1978 | - |
1979 | def ensure_packages(packages): |
1980 | """Install but do not upgrade required plugin packages.""" |
1981 | required = filter_installed_packages(packages) |
1982 | @@ -115,83 +130,6 @@ |
1983 | return True |
1984 | |
1985 | |
1986 | -def config_flags_parser(config_flags): |
1987 | - """Parses config flags string into dict. |
1988 | - |
1989 | - This parsing method supports a few different formats for the config |
1990 | - flag values to be parsed: |
1991 | - |
1992 | - 1. A string in the simple format of key=value pairs, with the possibility |
1993 | - of specifying multiple key value pairs within the same string. For |
1994 | - example, a string in the format of 'key1=value1, key2=value2' will |
1995 | - return a dict of: |
1996 | - |
1997 | - {'key1': 'value1', |
1998 | - 'key2': 'value2'}. |
1999 | - |
2000 | - 2. A string in the above format, but supporting a comma-delimited list |
2001 | - of values for the same key. For example, a string in the format of |
2002 | - 'key1=value1, key2=value3,value4,value5' will return a dict of: |
2003 | - |
2004 | - {'key1', 'value1', |
2005 | - 'key2', 'value2,value3,value4'} |
2006 | - |
2007 | - 3. A string containing a colon character (:) prior to an equal |
2008 | - character (=) will be treated as yaml and parsed as such. This can be |
2009 | - used to specify more complex key value pairs. For example, |
2010 | - a string in the format of 'key1: subkey1=value1, subkey2=value2' will |
2011 | - return a dict of: |
2012 | - |
2013 | - {'key1', 'subkey1=value1, subkey2=value2'} |
2014 | - |
2015 | - The provided config_flags string may be a list of comma-separated values |
2016 | - which themselves may be comma-separated list of values. |
2017 | - """ |
2018 | - # If we find a colon before an equals sign then treat it as yaml. |
2019 | - # Note: limit it to finding the colon first since this indicates assignment |
2020 | - # for inline yaml. |
2021 | - colon = config_flags.find(':') |
2022 | - equals = config_flags.find('=') |
2023 | - if colon > 0: |
2024 | - if colon < equals or equals < 0: |
2025 | - return yaml.safe_load(config_flags) |
2026 | - |
2027 | - if config_flags.find('==') >= 0: |
2028 | - log("config_flags is not in expected format (key=value)", level=ERROR) |
2029 | - raise OSContextError |
2030 | - |
2031 | - # strip the following from each value. |
2032 | - post_strippers = ' ,' |
2033 | - # we strip any leading/trailing '=' or ' ' from the string then |
2034 | - # split on '='. |
2035 | - split = config_flags.strip(' =').split('=') |
2036 | - limit = len(split) |
2037 | - flags = {} |
2038 | - for i in range(0, limit - 1): |
2039 | - current = split[i] |
2040 | - next = split[i + 1] |
2041 | - vindex = next.rfind(',') |
2042 | - if (i == limit - 2) or (vindex < 0): |
2043 | - value = next |
2044 | - else: |
2045 | - value = next[:vindex] |
2046 | - |
2047 | - if i == 0: |
2048 | - key = current |
2049 | - else: |
2050 | - # if this not the first entry, expect an embedded key. |
2051 | - index = current.rfind(',') |
2052 | - if index < 0: |
2053 | - log("Invalid config value(s) at index %s" % (i), level=ERROR) |
2054 | - raise OSContextError |
2055 | - key = current[index + 1:] |
2056 | - |
2057 | - # Add to collection. |
2058 | - flags[key.strip(post_strippers)] = value.rstrip(post_strippers) |
2059 | - |
2060 | - return flags |
2061 | - |
2062 | - |
2063 | class OSContextGenerator(object): |
2064 | """Base class for all context generators.""" |
2065 | interfaces = [] |
2066 | @@ -401,6 +339,7 @@ |
2067 | auth_host = format_ipv6_addr(auth_host) or auth_host |
2068 | svc_protocol = rdata.get('service_protocol') or 'http' |
2069 | auth_protocol = rdata.get('auth_protocol') or 'http' |
2070 | + api_version = rdata.get('api_version') or '2.0' |
2071 | ctxt.update({'service_port': rdata.get('service_port'), |
2072 | 'service_host': serv_host, |
2073 | 'auth_host': auth_host, |
2074 | @@ -409,7 +348,12 @@ |
2075 | 'admin_user': rdata.get('service_username'), |
2076 | 'admin_password': rdata.get('service_password'), |
2077 | 'service_protocol': svc_protocol, |
2078 | - 'auth_protocol': auth_protocol}) |
2079 | + 'auth_protocol': auth_protocol, |
2080 | + 'api_version': api_version}) |
2081 | + |
2082 | + if float(api_version) > 2: |
2083 | + ctxt.update({'admin_domain_name': |
2084 | + rdata.get('service_domain')}) |
2085 | |
2086 | if self.context_complete(ctxt): |
2087 | # NOTE(jamespage) this is required for >= icehouse |
2088 | @@ -451,16 +395,20 @@ |
2089 | for rid in relation_ids(self.rel_name): |
2090 | ha_vip_only = False |
2091 | self.related = True |
2092 | + transport_hosts = None |
2093 | + rabbitmq_port = '5672' |
2094 | for unit in related_units(rid): |
2095 | if relation_get('clustered', rid=rid, unit=unit): |
2096 | ctxt['clustered'] = True |
2097 | vip = relation_get('vip', rid=rid, unit=unit) |
2098 | vip = format_ipv6_addr(vip) or vip |
2099 | ctxt['rabbitmq_host'] = vip |
2100 | + transport_hosts = [vip] |
2101 | else: |
2102 | host = relation_get('private-address', rid=rid, unit=unit) |
2103 | host = format_ipv6_addr(host) or host |
2104 | ctxt['rabbitmq_host'] = host |
2105 | + transport_hosts = [host] |
2106 | |
2107 | ctxt.update({ |
2108 | 'rabbitmq_user': username, |
2109 | @@ -472,6 +420,7 @@ |
2110 | ssl_port = relation_get('ssl_port', rid=rid, unit=unit) |
2111 | if ssl_port: |
2112 | ctxt['rabbit_ssl_port'] = ssl_port |
2113 | + rabbitmq_port = ssl_port |
2114 | |
2115 | ssl_ca = relation_get('ssl_ca', rid=rid, unit=unit) |
2116 | if ssl_ca: |
2117 | @@ -509,6 +458,20 @@ |
2118 | rabbitmq_hosts.append(host) |
2119 | |
2120 | ctxt['rabbitmq_hosts'] = ','.join(sorted(rabbitmq_hosts)) |
2121 | + transport_hosts = rabbitmq_hosts |
2122 | + |
2123 | + if transport_hosts: |
2124 | + transport_url_hosts = '' |
2125 | + for host in transport_hosts: |
2126 | + if transport_url_hosts: |
2127 | + format_string = ",{}:{}@{}:{}" |
2128 | + else: |
2129 | + format_string = "{}:{}@{}:{}" |
2130 | + transport_url_hosts += format_string.format( |
2131 | + ctxt['rabbitmq_user'], ctxt['rabbitmq_password'], |
2132 | + host, rabbitmq_port) |
2133 | + ctxt['transport_url'] = "rabbit://{}/{}".format( |
2134 | + transport_url_hosts, vhost) |
2135 | |
2136 | oslo_messaging_flags = conf.get('oslo-messaging-flags', None) |
2137 | if oslo_messaging_flags: |
2138 | @@ -540,13 +503,16 @@ |
2139 | ctxt['auth'] = relation_get('auth', rid=rid, unit=unit) |
2140 | if not ctxt.get('key'): |
2141 | ctxt['key'] = relation_get('key', rid=rid, unit=unit) |
2142 | - ceph_pub_addr = relation_get('ceph-public-address', rid=rid, |
2143 | + |
2144 | + ceph_addrs = relation_get('ceph-public-address', rid=rid, |
2145 | + unit=unit) |
2146 | + if ceph_addrs: |
2147 | + for addr in ceph_addrs.split(' '): |
2148 | + mon_hosts.append(format_ipv6_addr(addr) or addr) |
2149 | + else: |
2150 | + priv_addr = relation_get('private-address', rid=rid, |
2151 | unit=unit) |
2152 | - unit_priv_addr = relation_get('private-address', rid=rid, |
2153 | - unit=unit) |
2154 | - ceph_addr = ceph_pub_addr or unit_priv_addr |
2155 | - ceph_addr = format_ipv6_addr(ceph_addr) or ceph_addr |
2156 | - mon_hosts.append(ceph_addr) |
2157 | + mon_hosts.append(format_ipv6_addr(priv_addr) or priv_addr) |
2158 | |
2159 | ctxt['mon_hosts'] = ' '.join(sorted(mon_hosts)) |
2160 | |
2161 | @@ -626,15 +592,28 @@ |
2162 | if config('haproxy-client-timeout'): |
2163 | ctxt['haproxy_client_timeout'] = config('haproxy-client-timeout') |
2164 | |
2165 | + if config('haproxy-queue-timeout'): |
2166 | + ctxt['haproxy_queue_timeout'] = config('haproxy-queue-timeout') |
2167 | + |
2168 | + if config('haproxy-connect-timeout'): |
2169 | + ctxt['haproxy_connect_timeout'] = config('haproxy-connect-timeout') |
2170 | + |
2171 | if config('prefer-ipv6'): |
2172 | ctxt['ipv6'] = True |
2173 | ctxt['local_host'] = 'ip6-localhost' |
2174 | ctxt['haproxy_host'] = '::' |
2175 | - ctxt['stat_port'] = ':::8888' |
2176 | else: |
2177 | ctxt['local_host'] = '127.0.0.1' |
2178 | ctxt['haproxy_host'] = '0.0.0.0' |
2179 | - ctxt['stat_port'] = ':8888' |
2180 | + |
2181 | + ctxt['stat_port'] = '8888' |
2182 | + |
2183 | + db = kv() |
2184 | + ctxt['stat_password'] = db.get('stat-password') |
2185 | + if not ctxt['stat_password']: |
2186 | + ctxt['stat_password'] = db.set('stat-password', |
2187 | + pwgen(32)) |
2188 | + db.flush() |
2189 | |
2190 | for frontend in cluster_hosts: |
2191 | if (len(cluster_hosts[frontend]['backends']) > 1 or |
2192 | @@ -698,7 +677,7 @@ |
2193 | service_namespace = None |
2194 | |
2195 | def enable_modules(self): |
2196 | - cmd = ['a2enmod', 'ssl', 'proxy', 'proxy_http'] |
2197 | + cmd = ['a2enmod', 'ssl', 'proxy', 'proxy_http', 'headers'] |
2198 | check_call(cmd) |
2199 | |
2200 | def configure_cert(self, cn=None): |
2201 | @@ -952,6 +931,19 @@ |
2202 | 'config': config} |
2203 | return ovs_ctxt |
2204 | |
2205 | + def midonet_ctxt(self): |
2206 | + driver = neutron_plugin_attribute(self.plugin, 'driver', |
2207 | + self.network_manager) |
2208 | + midonet_config = neutron_plugin_attribute(self.plugin, 'config', |
2209 | + self.network_manager) |
2210 | + mido_ctxt = {'core_plugin': driver, |
2211 | + 'neutron_plugin': 'midonet', |
2212 | + 'neutron_security_groups': self.neutron_security_groups, |
2213 | + 'local_ip': unit_private_ip(), |
2214 | + 'config': midonet_config} |
2215 | + |
2216 | + return mido_ctxt |
2217 | + |
2218 | def __call__(self): |
2219 | if self.network_manager not in ['quantum', 'neutron']: |
2220 | return {} |
2221 | @@ -973,6 +965,8 @@ |
2222 | ctxt.update(self.nuage_ctxt()) |
2223 | elif self.plugin == 'plumgrid': |
2224 | ctxt.update(self.pg_ctxt()) |
2225 | + elif self.plugin == 'midonet': |
2226 | + ctxt.update(self.midonet_ctxt()) |
2227 | |
2228 | alchemy_flags = config('neutron-alchemy-flags') |
2229 | if alchemy_flags: |
2230 | @@ -1073,6 +1067,20 @@ |
2231 | config_flags_parser(config_flags)} |
2232 | |
2233 | |
2234 | +class LibvirtConfigFlagsContext(OSContextGenerator): |
2235 | + """ |
2236 | + This context provides support for extending |
2237 | + the libvirt section through user-defined flags. |
2238 | + """ |
2239 | + def __call__(self): |
2240 | + ctxt = {} |
2241 | + libvirt_flags = config('libvirt-flags') |
2242 | + if libvirt_flags: |
2243 | + ctxt['libvirt_flags'] = config_flags_parser( |
2244 | + libvirt_flags) |
2245 | + return ctxt |
2246 | + |
2247 | + |
2248 | class SubordinateConfigContext(OSContextGenerator): |
2249 | |
2250 | """ |
2251 | @@ -1105,7 +1113,7 @@ |
2252 | |
2253 | ctxt = { |
2254 | ... other context ... |
2255 | - 'subordinate_config': { |
2256 | + 'subordinate_configuration': { |
2257 | 'DEFAULT': { |
2258 | 'key1': 'value1', |
2259 | }, |
2260 | @@ -1146,22 +1154,23 @@ |
2261 | try: |
2262 | sub_config = json.loads(sub_config) |
2263 | except: |
2264 | - log('Could not parse JSON from subordinate_config ' |
2265 | - 'setting from %s' % rid, level=ERROR) |
2266 | + log('Could not parse JSON from ' |
2267 | + 'subordinate_configuration setting from %s' |
2268 | + % rid, level=ERROR) |
2269 | continue |
2270 | |
2271 | for service in self.services: |
2272 | if service not in sub_config: |
2273 | - log('Found subordinate_config on %s but it contained' |
2274 | - 'nothing for %s service' % (rid, service), |
2275 | - level=INFO) |
2276 | + log('Found subordinate_configuration on %s but it ' |
2277 | + 'contained nothing for %s service' |
2278 | + % (rid, service), level=INFO) |
2279 | continue |
2280 | |
2281 | sub_config = sub_config[service] |
2282 | if self.config_file not in sub_config: |
2283 | - log('Found subordinate_config on %s but it contained' |
2284 | - 'nothing for %s' % (rid, self.config_file), |
2285 | - level=INFO) |
2286 | + log('Found subordinate_configuration on %s but it ' |
2287 | + 'contained nothing for %s' |
2288 | + % (rid, self.config_file), level=INFO) |
2289 | continue |
2290 | |
2291 | sub_config = sub_config[self.config_file] |
2292 | @@ -1212,17 +1221,55 @@ |
2293 | |
2294 | @property |
2295 | def num_cpus(self): |
2296 | - try: |
2297 | - from psutil import NUM_CPUS |
2298 | - except ImportError: |
2299 | - apt_install('python-psutil', fatal=True) |
2300 | - from psutil import NUM_CPUS |
2301 | - |
2302 | - return NUM_CPUS |
2303 | + # NOTE: use cpu_count if present (16.04 support) |
2304 | + if hasattr(psutil, 'cpu_count'): |
2305 | + return psutil.cpu_count() |
2306 | + else: |
2307 | + return psutil.NUM_CPUS |
2308 | |
2309 | def __call__(self): |
2310 | multiplier = config('worker-multiplier') or 0 |
2311 | - ctxt = {"workers": self.num_cpus * multiplier} |
2312 | + count = int(self.num_cpus * multiplier) |
2313 | + if multiplier > 0 and count == 0: |
2314 | + count = 1 |
2315 | + ctxt = {"workers": count} |
2316 | + return ctxt |
2317 | + |
2318 | + |
2319 | +class WSGIWorkerConfigContext(WorkerConfigContext): |
2320 | + |
2321 | + def __init__(self, name=None, script=None, admin_script=None, |
2322 | + public_script=None, process_weight=1.00, |
2323 | + admin_process_weight=0.75, public_process_weight=0.25): |
2324 | + self.service_name = name |
2325 | + self.user = name |
2326 | + self.group = name |
2327 | + self.script = script |
2328 | + self.admin_script = admin_script |
2329 | + self.public_script = public_script |
2330 | + self.process_weight = process_weight |
2331 | + self.admin_process_weight = admin_process_weight |
2332 | + self.public_process_weight = public_process_weight |
2333 | + |
2334 | + def __call__(self): |
2335 | + multiplier = config('worker-multiplier') or 1 |
2336 | + total_processes = self.num_cpus * multiplier |
2337 | + ctxt = { |
2338 | + "service_name": self.service_name, |
2339 | + "user": self.user, |
2340 | + "group": self.group, |
2341 | + "script": self.script, |
2342 | + "admin_script": self.admin_script, |
2343 | + "public_script": self.public_script, |
2344 | + "processes": int(math.ceil(self.process_weight * total_processes)), |
2345 | + "admin_processes": int(math.ceil(self.admin_process_weight * |
2346 | + total_processes)), |
2347 | + "public_processes": int(math.ceil(self.public_process_weight * |
2348 | + total_processes)), |
2349 | + "threads": 1, |
2350 | + "usr_bin": git_determine_usr_bin(), |
2351 | + "python_path": git_determine_python_path(), |
2352 | + } |
2353 | return ctxt |
2354 | |
2355 | |
2356 | @@ -1364,7 +1411,7 @@ |
2357 | normalized.update({port: port for port in resolved |
2358 | if port in ports}) |
2359 | if resolved: |
2360 | - return {bridge: normalized[port] for port, bridge in |
2361 | + return {normalized[port]: bridge for port, bridge in |
2362 | six.iteritems(portmap) if port in normalized.keys()} |
2363 | |
2364 | return None |
2365 | @@ -1375,8 +1422,8 @@ |
2366 | def __call__(self): |
2367 | ctxt = {} |
2368 | mappings = super(PhyNICMTUContext, self).__call__() |
2369 | - if mappings and mappings.values(): |
2370 | - ports = mappings.values() |
2371 | + if mappings and mappings.keys(): |
2372 | + ports = sorted(mappings.keys()) |
2373 | napi_settings = NeutronAPIContext()() |
2374 | mtu = napi_settings.get('network_device_mtu') |
2375 | all_ports = set() |
2376 | @@ -1421,7 +1468,146 @@ |
2377 | rdata.get('service_protocol') or 'http', |
2378 | 'auth_protocol': |
2379 | rdata.get('auth_protocol') or 'http', |
2380 | + 'api_version': |
2381 | + rdata.get('api_version') or '2.0', |
2382 | } |
2383 | if self.context_complete(ctxt): |
2384 | return ctxt |
2385 | return {} |
2386 | + |
2387 | + |
2388 | +class InternalEndpointContext(OSContextGenerator): |
2389 | + """Internal endpoint context. |
2390 | + |
2391 | + This context provides the endpoint type used for communication between |
2392 | + services e.g. between Nova and Cinder internally. Openstack uses Public |
2393 | + endpoints by default so this allows admins to optionally use internal |
2394 | + endpoints. |
2395 | + """ |
2396 | + def __call__(self): |
2397 | + return {'use_internal_endpoints': config('use-internal-endpoints')} |
2398 | + |
2399 | + |
2400 | +class AppArmorContext(OSContextGenerator): |
2401 | + """Base class for apparmor contexts.""" |
2402 | + |
2403 | + def __init__(self, profile_name=None): |
2404 | + self._ctxt = None |
2405 | + self.aa_profile = profile_name |
2406 | + self.aa_utils_packages = ['apparmor-utils'] |
2407 | + |
2408 | + @property |
2409 | + def ctxt(self): |
2410 | + if self._ctxt is not None: |
2411 | + return self._ctxt |
2412 | + self._ctxt = self._determine_ctxt() |
2413 | + return self._ctxt |
2414 | + |
2415 | + def _determine_ctxt(self): |
2416 | + """ |
2417 | + Validate aa-profile-mode settings is disable, enforce, or complain. |
2418 | + |
2419 | + :return ctxt: Dictionary of the apparmor profile or None |
2420 | + """ |
2421 | + if config('aa-profile-mode') in ['disable', 'enforce', 'complain']: |
2422 | + ctxt = {'aa_profile_mode': config('aa-profile-mode'), |
2423 | + 'ubuntu_release': lsb_release()['DISTRIB_RELEASE']} |
2424 | + if self.aa_profile: |
2425 | + ctxt['aa_profile'] = self.aa_profile |
2426 | + else: |
2427 | + ctxt = None |
2428 | + return ctxt |
2429 | + |
2430 | + def __call__(self): |
2431 | + return self.ctxt |
2432 | + |
2433 | + def install_aa_utils(self): |
2434 | + """ |
2435 | + Install packages required for apparmor configuration. |
2436 | + """ |
2437 | + log("Installing apparmor utils.") |
2438 | + ensure_packages(self.aa_utils_packages) |
2439 | + |
2440 | + def manually_disable_aa_profile(self): |
2441 | + """ |
2442 | + Manually disable an apparmor profile. |
2443 | + |
2444 | + If aa-profile-mode is set to disabled (default) this is required as the |
2445 | + template has been written but apparmor is yet unaware of the profile |
2446 | + and aa-disable aa-profile fails. Without this the profile would kick |
2447 | + into enforce mode on the next service restart. |
2448 | + |
2449 | + """ |
2450 | + profile_path = '/etc/apparmor.d' |
2451 | + disable_path = '/etc/apparmor.d/disable' |
2452 | + if not os.path.lexists(os.path.join(disable_path, self.aa_profile)): |
2453 | + os.symlink(os.path.join(profile_path, self.aa_profile), |
2454 | + os.path.join(disable_path, self.aa_profile)) |
2455 | + |
2456 | + def setup_aa_profile(self): |
2457 | + """ |
2458 | + Setup an apparmor profile. |
2459 | + The ctxt dictionary will contain the apparmor profile mode and |
2460 | + the apparmor profile name. |
2461 | + Makes calls out to aa-disable, aa-complain, or aa-enforce to setup |
2462 | + the apparmor profile. |
2463 | + """ |
2464 | + self() |
2465 | + if not self.ctxt: |
2466 | + log("Not enabling apparmor Profile") |
2467 | + return |
2468 | + self.install_aa_utils() |
2469 | + cmd = ['aa-{}'.format(self.ctxt['aa_profile_mode'])] |
2470 | + cmd.append(self.ctxt['aa_profile']) |
2471 | + log("Setting up the apparmor profile for {} in {} mode." |
2472 | + "".format(self.ctxt['aa_profile'], self.ctxt['aa_profile_mode'])) |
2473 | + try: |
2474 | + check_call(cmd) |
2475 | + except CalledProcessError as e: |
2476 | + # If aa-profile-mode is set to disabled (default) manual |
2477 | + # disabling is required as the template has been written but |
2478 | + # apparmor is yet unaware of the profile and aa-disable aa-profile |
2479 | + # fails. If aa-disable learns to read profile files first this can |
2480 | + # be removed. |
2481 | + if self.ctxt['aa_profile_mode'] == 'disable': |
2482 | + log("Manually disabling the apparmor profile for {}." |
2483 | + "".format(self.ctxt['aa_profile'])) |
2484 | + self.manually_disable_aa_profile() |
2485 | + return |
2486 | + status_set('blocked', "Apparmor profile {} failed to be set to {}." |
2487 | + "".format(self.ctxt['aa_profile'], |
2488 | + self.ctxt['aa_profile_mode'])) |
2489 | + raise e |
2490 | + |
2491 | + |
2492 | +class MemcacheContext(OSContextGenerator): |
2493 | + """Memcache context |
2494 | + |
2495 | + This context provides options for configuring a local memcache client and |
2496 | + server |
2497 | + """ |
2498 | + |
2499 | + def __init__(self, package=None): |
2500 | + """ |
2501 | + @param package: Package to examine to extrapolate OpenStack release. |
2502 | + Used when charms have no openstack-origin config |
2503 | + option (ie subordinates) |
2504 | + """ |
2505 | + self.package = package |
2506 | + |
2507 | + def __call__(self): |
2508 | + ctxt = {} |
2509 | + ctxt['use_memcache'] = enable_memcache(package=self.package) |
2510 | + if ctxt['use_memcache']: |
2511 | + # Trusty version of memcached does not support ::1 as a listen |
2512 | + # address so use host file entry instead |
2513 | + if lsb_release()['DISTRIB_CODENAME'].lower() > 'trusty': |
2514 | + ctxt['memcache_server'] = '::1' |
2515 | + else: |
2516 | + ctxt['memcache_server'] = 'ip6-localhost' |
2517 | + ctxt['memcache_server_formatted'] = '[::1]' |
2518 | + ctxt['memcache_port'] = '11211' |
2519 | + ctxt['memcache_url'] = 'inet6:{}:{}'.format( |
2520 | + ctxt['memcache_server_formatted'], |
2521 | + ctxt['memcache_port']) |
2522 | + return ctxt |
2523 | |
2524 | === added file 'charmhelpers/contrib/openstack/exceptions.py' |
2525 | --- charmhelpers/contrib/openstack/exceptions.py 1970-01-01 00:00:00 +0000 |
2526 | +++ charmhelpers/contrib/openstack/exceptions.py 2017-03-04 02:21:16 +0000 |
2527 | @@ -0,0 +1,21 @@ |
2528 | +# Copyright 2016 Canonical Ltd |
2529 | +# |
2530 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
2531 | +# you may not use this file except in compliance with the License. |
2532 | +# You may obtain a copy of the License at |
2533 | +# |
2534 | +# http://www.apache.org/licenses/LICENSE-2.0 |
2535 | +# |
2536 | +# Unless required by applicable law or agreed to in writing, software |
2537 | +# distributed under the License is distributed on an "AS IS" BASIS, |
2538 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
2539 | +# See the License for the specific language governing permissions and |
2540 | +# limitations under the License. |
2541 | + |
2542 | + |
2543 | +class OSContextError(Exception): |
2544 | + """Raised when an error occurs during context generation. |
2545 | + |
2546 | + This exception is principally used in contrib.openstack.context |
2547 | + """ |
2548 | + pass |
2549 | |
2550 | === modified file 'charmhelpers/contrib/openstack/files/__init__.py' |
2551 | --- charmhelpers/contrib/openstack/files/__init__.py 2015-09-28 20:09:02 +0000 |
2552 | +++ charmhelpers/contrib/openstack/files/__init__.py 2017-03-04 02:21:16 +0000 |
2553 | @@ -1,18 +1,16 @@ |
2554 | # Copyright 2014-2015 Canonical Limited. |
2555 | # |
2556 | -# This file is part of charm-helpers. |
2557 | -# |
2558 | -# charm-helpers is free software: you can redistribute it and/or modify |
2559 | -# it under the terms of the GNU Lesser General Public License version 3 as |
2560 | -# published by the Free Software Foundation. |
2561 | -# |
2562 | -# charm-helpers is distributed in the hope that it will be useful, |
2563 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
2564 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
2565 | -# GNU Lesser General Public License for more details. |
2566 | -# |
2567 | -# You should have received a copy of the GNU Lesser General Public License |
2568 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
2569 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
2570 | +# you may not use this file except in compliance with the License. |
2571 | +# You may obtain a copy of the License at |
2572 | +# |
2573 | +# http://www.apache.org/licenses/LICENSE-2.0 |
2574 | +# |
2575 | +# Unless required by applicable law or agreed to in writing, software |
2576 | +# distributed under the License is distributed on an "AS IS" BASIS, |
2577 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
2578 | +# See the License for the specific language governing permissions and |
2579 | +# limitations under the License. |
2580 | |
2581 | # dummy __init__.py to fool syncer into thinking this is a syncable python |
2582 | # module |
2583 | |
2584 | === modified file 'charmhelpers/contrib/openstack/files/check_haproxy.sh' |
2585 | --- charmhelpers/contrib/openstack/files/check_haproxy.sh 2015-09-28 20:09:02 +0000 |
2586 | +++ charmhelpers/contrib/openstack/files/check_haproxy.sh 2017-03-04 02:21:16 +0000 |
2587 | @@ -9,15 +9,17 @@ |
2588 | CRITICAL=0 |
2589 | NOTACTIVE='' |
2590 | LOGFILE=/var/log/nagios/check_haproxy.log |
2591 | -AUTH=$(grep -r "stats auth" /etc/haproxy | head -1 | awk '{print $4}') |
2592 | +AUTH=$(grep -r "stats auth" /etc/haproxy | awk 'NR=1{print $4}') |
2593 | |
2594 | -for appserver in $(grep ' server' /etc/haproxy/haproxy.cfg | awk '{print $2'}); |
2595 | +typeset -i N_INSTANCES=0 |
2596 | +for appserver in $(awk '/^\s+server/{print $2}' /etc/haproxy/haproxy.cfg) |
2597 | do |
2598 | - output=$(/usr/lib/nagios/plugins/check_http -a ${AUTH} -I 127.0.0.1 -p 8888 --regex="class=\"(active|backup)(2|3).*${appserver}" -e ' 200 OK') |
2599 | + N_INSTANCES=N_INSTANCES+1 |
2600 | + output=$(/usr/lib/nagios/plugins/check_http -a ${AUTH} -I 127.0.0.1 -p 8888 -u '/;csv' --regex=",${appserver},.*,UP.*" -e ' 200 OK') |
2601 | if [ $? != 0 ]; then |
2602 | date >> $LOGFILE |
2603 | echo $output >> $LOGFILE |
2604 | - /usr/lib/nagios/plugins/check_http -a ${AUTH} -I 127.0.0.1 -p 8888 -v | grep $appserver >> $LOGFILE 2>&1 |
2605 | + /usr/lib/nagios/plugins/check_http -a ${AUTH} -I 127.0.0.1 -p 8888 -u '/;csv' -v | grep ",${appserver}," >> $LOGFILE 2>&1 |
2606 | CRITICAL=1 |
2607 | NOTACTIVE="${NOTACTIVE} $appserver" |
2608 | fi |
2609 | @@ -28,5 +30,5 @@ |
2610 | exit 2 |
2611 | fi |
2612 | |
2613 | -echo "OK: All haproxy instances looking good" |
2614 | +echo "OK: All haproxy instances ($N_INSTANCES) looking good" |
2615 | exit 0 |
2616 | |
2617 | === added directory 'charmhelpers/contrib/openstack/ha' |
2618 | === added file 'charmhelpers/contrib/openstack/ha/__init__.py' |
2619 | --- charmhelpers/contrib/openstack/ha/__init__.py 1970-01-01 00:00:00 +0000 |
2620 | +++ charmhelpers/contrib/openstack/ha/__init__.py 2017-03-04 02:21:16 +0000 |
2621 | @@ -0,0 +1,13 @@ |
2622 | +# Copyright 2016 Canonical Ltd |
2623 | +# |
2624 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
2625 | +# you may not use this file except in compliance with the License. |
2626 | +# You may obtain a copy of the License at |
2627 | +# |
2628 | +# http://www.apache.org/licenses/LICENSE-2.0 |
2629 | +# |
2630 | +# Unless required by applicable law or agreed to in writing, software |
2631 | +# distributed under the License is distributed on an "AS IS" BASIS, |
2632 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
2633 | +# See the License for the specific language governing permissions and |
2634 | +# limitations under the License. |
2635 | |
2636 | === added file 'charmhelpers/contrib/openstack/ha/utils.py' |
2637 | --- charmhelpers/contrib/openstack/ha/utils.py 1970-01-01 00:00:00 +0000 |
2638 | +++ charmhelpers/contrib/openstack/ha/utils.py 2017-03-04 02:21:16 +0000 |
2639 | @@ -0,0 +1,139 @@ |
2640 | +# Copyright 2014-2016 Canonical Limited. |
2641 | +# |
2642 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
2643 | +# you may not use this file except in compliance with the License. |
2644 | +# You may obtain a copy of the License at |
2645 | +# |
2646 | +# http://www.apache.org/licenses/LICENSE-2.0 |
2647 | +# |
2648 | +# Unless required by applicable law or agreed to in writing, software |
2649 | +# distributed under the License is distributed on an "AS IS" BASIS, |
2650 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
2651 | +# See the License for the specific language governing permissions and |
2652 | +# limitations under the License. |
2653 | + |
2654 | +# |
2655 | +# Copyright 2016 Canonical Ltd. |
2656 | +# |
2657 | +# Authors: |
2658 | +# Openstack Charmers < |
2659 | +# |
2660 | + |
2661 | +""" |
2662 | +Helpers for high availability. |
2663 | +""" |
2664 | + |
2665 | +import re |
2666 | + |
2667 | +from charmhelpers.core.hookenv import ( |
2668 | + log, |
2669 | + relation_set, |
2670 | + charm_name, |
2671 | + config, |
2672 | + status_set, |
2673 | + DEBUG, |
2674 | +) |
2675 | + |
2676 | +from charmhelpers.core.host import ( |
2677 | + lsb_release |
2678 | +) |
2679 | + |
2680 | +from charmhelpers.contrib.openstack.ip import ( |
2681 | + resolve_address, |
2682 | +) |
2683 | + |
2684 | + |
2685 | +class DNSHAException(Exception): |
2686 | + """Raised when an error occurs setting up DNS HA |
2687 | + """ |
2688 | + |
2689 | + pass |
2690 | + |
2691 | + |
2692 | +def update_dns_ha_resource_params(resources, resource_params, |
2693 | + relation_id=None, |
2694 | + crm_ocf='ocf:maas:dns'): |
2695 | + """ Check for os-*-hostname settings and update resource dictionaries for |
2696 | + the HA relation. |
2697 | + |
2698 | + @param resources: Pointer to dictionary of resources. |
2699 | + Usually instantiated in ha_joined(). |
2700 | + @param resource_params: Pointer to dictionary of resource parameters. |
2701 | + Usually instantiated in ha_joined() |
2702 | + @param relation_id: Relation ID of the ha relation |
2703 | + @param crm_ocf: Corosync Open Cluster Framework resource agent to use for |
2704 | + DNS HA |
2705 | + """ |
2706 | + |
2707 | + # Validate the charm environment for DNS HA |
2708 | + assert_charm_supports_dns_ha() |
2709 | + |
2710 | + settings = ['os-admin-hostname', 'os-internal-hostname', |
2711 | + 'os-public-hostname', 'os-access-hostname'] |
2712 | + |
2713 | + # Check which DNS settings are set and update dictionaries |
2714 | + hostname_group = [] |
2715 | + for setting in settings: |
2716 | + hostname = config(setting) |
2717 | + if hostname is None: |
2718 | + log('DNS HA: Hostname setting {} is None. Ignoring.' |
2719 | + ''.format(setting), |
2720 | + DEBUG) |
2721 | + continue |
2722 | + m = re.search('os-(.+?)-hostname', setting) |
2723 | + if m: |
2724 | + networkspace = m.group(1) |
2725 | + else: |
2726 | + msg = ('Unexpected DNS hostname setting: {}. ' |
2727 | + 'Cannot determine network space name' |
2728 | + ''.format(setting)) |
2729 | + status_set('blocked', msg) |
2730 | + raise DNSHAException(msg) |
2731 | + |
2732 | + hostname_key = 'res_{}_{}_hostname'.format(charm_name(), networkspace) |
2733 | + if hostname_key in hostname_group: |
2734 | + log('DNS HA: Resource {}: {} already exists in ' |
2735 | + 'hostname group - skipping'.format(hostname_key, hostname), |
2736 | + DEBUG) |
2737 | + continue |
2738 | + |
2739 | + hostname_group.append(hostname_key) |
2740 | + resources[hostname_key] = crm_ocf |
2741 | + resource_params[hostname_key] = ( |
2742 | + 'params fqdn="{}" ip_address="{}" ' |
2743 | + ''.format(hostname, resolve_address(endpoint_type=networkspace, |
2744 | + override=False))) |
2745 | + |
2746 | + if len(hostname_group) >= 1: |
2747 | + log('DNS HA: Hostname group is set with {} as members. ' |
2748 | + 'Informing the ha relation'.format(' '.join(hostname_group)), |
2749 | + DEBUG) |
2750 | + relation_set(relation_id=relation_id, groups={ |
2751 | + 'grp_{}_hostnames'.format(charm_name()): ' '.join(hostname_group)}) |
2752 | + else: |
2753 | + msg = 'DNS HA: Hostname group has no members.' |
2754 | + status_set('blocked', msg) |
2755 | + raise DNSHAException(msg) |
2756 | + |
2757 | + |
2758 | +def assert_charm_supports_dns_ha(): |
2759 | + """Validate prerequisites for DNS HA |
2760 | + The MAAS client is only available on Xenial or greater |
2761 | + """ |
2762 | + if lsb_release().get('DISTRIB_RELEASE') < '16.04': |
2763 | + msg = ('DNS HA is only supported on 16.04 and greater ' |
2764 | + 'versions of Ubuntu.') |
2765 | + status_set('blocked', msg) |
2766 | + raise DNSHAException(msg) |
2767 | + return True |
2768 | + |
2769 | + |
2770 | +def expect_ha(): |
2771 | + """ Determine if the unit expects to be in HA |
2772 | + |
2773 | + Check for VIP or dns-ha settings which indicate the unit should expect to |
2774 | + be related to hacluster. |
2775 | + |
2776 | + @returns boolean |
2777 | + """ |
2778 | + return config('vip') or config('dns-ha') |
2779 | |
2780 | === modified file 'charmhelpers/contrib/openstack/ip.py' |
2781 | --- charmhelpers/contrib/openstack/ip.py 2015-09-28 20:09:02 +0000 |
2782 | +++ charmhelpers/contrib/openstack/ip.py 2017-03-04 02:21:16 +0000 |
2783 | @@ -1,52 +1,62 @@ |
2784 | # Copyright 2014-2015 Canonical Limited. |
2785 | # |
2786 | -# This file is part of charm-helpers. |
2787 | -# |
2788 | -# charm-helpers is free software: you can redistribute it and/or modify |
2789 | -# it under the terms of the GNU Lesser General Public License version 3 as |
2790 | -# published by the Free Software Foundation. |
2791 | -# |
2792 | -# charm-helpers is distributed in the hope that it will be useful, |
2793 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
2794 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
2795 | -# GNU Lesser General Public License for more details. |
2796 | -# |
2797 | -# You should have received a copy of the GNU Lesser General Public License |
2798 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
2799 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
2800 | +# you may not use this file except in compliance with the License. |
2801 | +# You may obtain a copy of the License at |
2802 | +# |
2803 | +# http://www.apache.org/licenses/LICENSE-2.0 |
2804 | +# |
2805 | +# Unless required by applicable law or agreed to in writing, software |
2806 | +# distributed under the License is distributed on an "AS IS" BASIS, |
2807 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
2808 | +# See the License for the specific language governing permissions and |
2809 | +# limitations under the License. |
2810 | |
2811 | from charmhelpers.core.hookenv import ( |
2812 | config, |
2813 | unit_get, |
2814 | service_name, |
2815 | + network_get_primary_address, |
2816 | ) |
2817 | from charmhelpers.contrib.network.ip import ( |
2818 | get_address_in_network, |
2819 | is_address_in_network, |
2820 | is_ipv6, |
2821 | get_ipv6_addr, |
2822 | + resolve_network_cidr, |
2823 | ) |
2824 | from charmhelpers.contrib.hahelpers.cluster import is_clustered |
2825 | |
2826 | PUBLIC = 'public' |
2827 | INTERNAL = 'int' |
2828 | ADMIN = 'admin' |
2829 | +ACCESS = 'access' |
2830 | |
2831 | ADDRESS_MAP = { |
2832 | PUBLIC: { |
2833 | + 'binding': 'public', |
2834 | 'config': 'os-public-network', |
2835 | 'fallback': 'public-address', |
2836 | 'override': 'os-public-hostname', |
2837 | }, |
2838 | INTERNAL: { |
2839 | + 'binding': 'internal', |
2840 | 'config': 'os-internal-network', |
2841 | 'fallback': 'private-address', |
2842 | 'override': 'os-internal-hostname', |
2843 | }, |
2844 | ADMIN: { |
2845 | + 'binding': 'admin', |
2846 | 'config': 'os-admin-network', |
2847 | 'fallback': 'private-address', |
2848 | 'override': 'os-admin-hostname', |
2849 | - } |
2850 | + }, |
2851 | + ACCESS: { |
2852 | + 'binding': 'access', |
2853 | + 'config': 'access-network', |
2854 | + 'fallback': 'private-address', |
2855 | + 'override': 'os-access-hostname', |
2856 | + }, |
2857 | } |
2858 | |
2859 | |
2860 | @@ -103,20 +113,23 @@ |
2861 | return addr_override.format(service_name=service_name()) |
2862 | |
2863 | |
2864 | -def resolve_address(endpoint_type=PUBLIC): |
2865 | +def resolve_address(endpoint_type=PUBLIC, override=True): |
2866 | """Return unit address depending on net config. |
2867 | |
2868 | If unit is clustered with vip(s) and has net splits defined, return vip on |
2869 | correct network. If clustered with no nets defined, return primary vip. |
2870 | |
2871 | If not clustered, return unit address ensuring address is on configured net |
2872 | - split if one is configured. |
2873 | + split if one is configured, or a Juju 2.0 extra-binding has been used. |
2874 | |
2875 | :param endpoint_type: Network endpoing type |
2876 | + :param override: Accept hostname overrides or not |
2877 | """ |
2878 | - resolved_address = _get_address_override(endpoint_type) |
2879 | - if resolved_address: |
2880 | - return resolved_address |
2881 | + resolved_address = None |
2882 | + if override: |
2883 | + resolved_address = _get_address_override(endpoint_type) |
2884 | + if resolved_address: |
2885 | + return resolved_address |
2886 | |
2887 | vips = config('vip') |
2888 | if vips: |
2889 | @@ -125,23 +138,45 @@ |
2890 | net_type = ADDRESS_MAP[endpoint_type]['config'] |
2891 | net_addr = config(net_type) |
2892 | net_fallback = ADDRESS_MAP[endpoint_type]['fallback'] |
2893 | + binding = ADDRESS_MAP[endpoint_type]['binding'] |
2894 | clustered = is_clustered() |
2895 | - if clustered: |
2896 | - if not net_addr: |
2897 | - # If no net-splits defined, we expect a single vip |
2898 | - resolved_address = vips[0] |
2899 | - else: |
2900 | + |
2901 | + if clustered and vips: |
2902 | + if net_addr: |
2903 | for vip in vips: |
2904 | if is_address_in_network(net_addr, vip): |
2905 | resolved_address = vip |
2906 | break |
2907 | + else: |
2908 | + # NOTE: endeavour to check vips against network space |
2909 | + # bindings |
2910 | + try: |
2911 | + bound_cidr = resolve_network_cidr( |
2912 | + network_get_primary_address(binding) |
2913 | + ) |
2914 | + for vip in vips: |
2915 | + if is_address_in_network(bound_cidr, vip): |
2916 | + resolved_address = vip |
2917 | + break |
2918 | + except NotImplementedError: |
2919 | + # If no net-splits configured and no support for extra |
2920 | + # bindings/network spaces so we expect a single vip |
2921 | + resolved_address = vips[0] |
2922 | else: |
2923 | if config('prefer-ipv6'): |
2924 | fallback_addr = get_ipv6_addr(exc_list=vips)[0] |
2925 | else: |
2926 | fallback_addr = unit_get(net_fallback) |
2927 | |
2928 | - resolved_address = get_address_in_network(net_addr, fallback_addr) |
2929 | + if net_addr: |
2930 | + resolved_address = get_address_in_network(net_addr, fallback_addr) |
2931 | + else: |
2932 | + # NOTE: only try to use extra bindings if legacy network |
2933 | + # configuration is not in use |
2934 | + try: |
2935 | + resolved_address = network_get_primary_address(binding) |
2936 | + except NotImplementedError: |
2937 | + resolved_address = fallback_addr |
2938 | |
2939 | if resolved_address is None: |
2940 | raise ValueError("Unable to resolve a suitable IP address based on " |
2941 | |
2942 | === added file 'charmhelpers/contrib/openstack/keystone.py' |
2943 | --- charmhelpers/contrib/openstack/keystone.py 1970-01-01 00:00:00 +0000 |
2944 | +++ charmhelpers/contrib/openstack/keystone.py 2017-03-04 02:21:16 +0000 |
2945 | @@ -0,0 +1,178 @@ |
2946 | +#!/usr/bin/python |
2947 | +# |
2948 | +# Copyright 2017 Canonical Ltd |
2949 | +# |
2950 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
2951 | +# you may not use this file except in compliance with the License. |
2952 | +# You may obtain a copy of the License at |
2953 | +# |
2954 | +# http://www.apache.org/licenses/LICENSE-2.0 |
2955 | +# |
2956 | +# Unless required by applicable law or agreed to in writing, software |
2957 | +# distributed under the License is distributed on an "AS IS" BASIS, |
2958 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
2959 | +# See the License for the specific language governing permissions and |
2960 | +# limitations under the License. |
2961 | + |
2962 | +import six |
2963 | +from charmhelpers.fetch import apt_install |
2964 | +from charmhelpers.contrib.openstack.context import IdentityServiceContext |
2965 | +from charmhelpers.core.hookenv import ( |
2966 | + log, |
2967 | + ERROR, |
2968 | +) |
2969 | + |
2970 | + |
2971 | +def get_api_suffix(api_version): |
2972 | + """Return the formatted api suffix for the given version |
2973 | + @param api_version: version of the keystone endpoint |
2974 | + @returns the api suffix formatted according to the given api |
2975 | + version |
2976 | + """ |
2977 | + return 'v2.0' if api_version in (2, "2.0") else 'v3' |
2978 | + |
2979 | + |
2980 | +def format_endpoint(schema, addr, port, api_version): |
2981 | + """Return a formatted keystone endpoint |
2982 | + @param schema: http or https |
2983 | + @param addr: ipv4/ipv6 host of the keystone service |
2984 | + @param port: port of the keystone service |
2985 | + @param api_version: 2 or 3 |
2986 | + @returns a fully formatted keystone endpoint |
2987 | + """ |
2988 | + return '{}://{}:{}/{}/'.format(schema, addr, port, |
2989 | + get_api_suffix(api_version)) |
2990 | + |
2991 | + |
2992 | +def get_keystone_manager(endpoint, api_version, **kwargs): |
2993 | + """Return a keystonemanager for the correct API version |
2994 | + |
2995 | + @param endpoint: the keystone endpoint to point client at |
2996 | + @param api_version: version of the keystone api the client should use |
2997 | + @param kwargs: token or username/tenant/password information |
2998 | + @returns keystonemanager class used for interrogating keystone |
2999 | + """ |
3000 | + if api_version == 2: |
3001 | + return KeystoneManager2(endpoint, **kwargs) |
3002 | + if api_version == 3: |
3003 | + return KeystoneManager3(endpoint, **kwargs) |
3004 | + raise ValueError('No manager found for api version {}'.format(api_version)) |
3005 | + |
3006 | + |
3007 | +def get_keystone_manager_from_identity_service_context(): |
3008 | + """Return a keystonmanager generated from a |
3009 | + instance of charmhelpers.contrib.openstack.context.IdentityServiceContext |
3010 | + @returns keystonamenager instance |
3011 | + """ |
3012 | + context = IdentityServiceContext()() |
3013 | + if not context: |
3014 | + msg = "Identity service context cannot be generated" |
3015 | + log(msg, level=ERROR) |
3016 | + raise ValueError(msg) |
3017 | + |
3018 | + endpoint = format_endpoint(context['service_protocol'], |
3019 | + context['service_host'], |
3020 | + context['service_port'], |
3021 | + context['api_version']) |
3022 | + |
3023 | + if context['api_version'] in (2, "2.0"): |
3024 | + api_version = 2 |
3025 | + else: |
3026 | + api_version = 3 |
3027 | + |
3028 | + return get_keystone_manager(endpoint, api_version, |
3029 | + username=context['admin_user'], |
3030 | + password=context['admin_password'], |
3031 | + tenant_name=context['admin_tenant_name']) |
3032 | + |
3033 | + |
3034 | +class KeystoneManager(object): |
3035 | + |
3036 | + def resolve_service_id(self, service_name=None, service_type=None): |
3037 | + """Find the service_id of a given service""" |
3038 | + services = [s._info for s in self.api.services.list()] |
3039 | + |
3040 | + service_name = service_name.lower() |
3041 | + for s in services: |
3042 | + name = s['name'].lower() |
3043 | + if service_type and service_name: |
3044 | + if (service_name == name and service_type == s['type']): |
3045 | + return s['id'] |
3046 | + elif service_name and service_name == name: |
3047 | + return s['id'] |
3048 | + elif service_type and service_type == s['type']: |
3049 | + return s['id'] |
3050 | + return None |
3051 | + |
3052 | + def service_exists(self, service_name=None, service_type=None): |
3053 | + """Determine if the given service exists on the service list""" |
3054 | + return self.resolve_service_id(service_name, service_type) is not None |
3055 | + |
3056 | + |
3057 | +class KeystoneManager2(KeystoneManager): |
3058 | + |
3059 | + def __init__(self, endpoint, **kwargs): |
3060 | + try: |
3061 | + from keystoneclient.v2_0 import client |
3062 | + from keystoneclient.auth.identity import v2 |
3063 | + from keystoneclient import session |
3064 | + except ImportError: |
3065 | + if six.PY2: |
3066 | + apt_install(["python-keystoneclient"], fatal=True) |
3067 | + else: |
3068 | + apt_install(["python3-keystoneclient"], fatal=True) |
3069 | + |
3070 | + from keystoneclient.v2_0 import client |
3071 | + from keystoneclient.auth.identity import v2 |
3072 | + from keystoneclient import session |
3073 | + |
3074 | + self.api_version = 2 |
3075 | + |
3076 | + token = kwargs.get("token", None) |
3077 | + if token: |
3078 | + api = client.Client(endpoint=endpoint, token=token) |
3079 | + else: |
3080 | + auth = v2.Password(username=kwargs.get("username"), |
3081 | + password=kwargs.get("password"), |
3082 | + tenant_name=kwargs.get("tenant_name"), |
3083 | + auth_url=endpoint) |
3084 | + sess = session.Session(auth=auth) |
3085 | + api = client.Client(session=sess) |
3086 | + |
3087 | + self.api = api |
3088 | + |
3089 | + |
3090 | +class KeystoneManager3(KeystoneManager): |
3091 | + |
3092 | + def __init__(self, endpoint, **kwargs): |
3093 | + try: |
3094 | + from keystoneclient.v3 import client |
3095 | + from keystoneclient.auth import token_endpoint |
3096 | + from keystoneclient import session |
3097 | + from keystoneclient.auth.identity import v3 |
3098 | + except ImportError: |
3099 | + if six.PY2: |
3100 | + apt_install(["python-keystoneclient"], fatal=True) |
3101 | + else: |
3102 | + apt_install(["python3-keystoneclient"], fatal=True) |
3103 | + |
3104 | + from keystoneclient.v3 import client |
3105 | + from keystoneclient.auth import token_endpoint |
3106 | + from keystoneclient import session |
3107 | + from keystoneclient.auth.identity import v3 |
3108 | + |
3109 | + self.api_version = 3 |
3110 | + |
3111 | + token = kwargs.get("token", None) |
3112 | + if token: |
3113 | + auth = token_endpoint.Token(endpoint=endpoint, |
3114 | + token=token) |
3115 | + sess = session.Session(auth=auth) |
3116 | + else: |
3117 | + auth = v3.Password(auth_url=endpoint, |
3118 | + user_id=kwargs.get("username"), |
3119 | + password=kwargs.get("password"), |
3120 | + project_id=kwargs.get("tenant_name")) |
3121 | + sess = session.Session(auth=auth) |
3122 | + |
3123 | + self.api = client.Client(session=sess) |
3124 | |
3125 | === modified file 'charmhelpers/contrib/openstack/neutron.py' |
3126 | --- charmhelpers/contrib/openstack/neutron.py 2015-09-28 20:09:02 +0000 |
3127 | +++ charmhelpers/contrib/openstack/neutron.py 2017-03-04 02:21:16 +0000 |
3128 | @@ -1,18 +1,16 @@ |
3129 | # Copyright 2014-2015 Canonical Limited. |
3130 | # |
3131 | -# This file is part of charm-helpers. |
3132 | -# |
3133 | -# charm-helpers is free software: you can redistribute it and/or modify |
3134 | -# it under the terms of the GNU Lesser General Public License version 3 as |
3135 | -# published by the Free Software Foundation. |
3136 | -# |
3137 | -# charm-helpers is distributed in the hope that it will be useful, |
3138 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
3139 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3140 | -# GNU Lesser General Public License for more details. |
3141 | -# |
3142 | -# You should have received a copy of the GNU Lesser General Public License |
3143 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
3144 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
3145 | +# you may not use this file except in compliance with the License. |
3146 | +# You may obtain a copy of the License at |
3147 | +# |
3148 | +# http://www.apache.org/licenses/LICENSE-2.0 |
3149 | +# |
3150 | +# Unless required by applicable law or agreed to in writing, software |
3151 | +# distributed under the License is distributed on an "AS IS" BASIS, |
3152 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
3153 | +# See the License for the specific language governing permissions and |
3154 | +# limitations under the License. |
3155 | |
3156 | # Various utilies for dealing with Neutron and the renaming from Quantum. |
3157 | |
3158 | @@ -34,6 +32,7 @@ |
3159 | kver = check_output(['uname', '-r']).decode('UTF-8').strip() |
3160 | return 'linux-headers-%s' % kver |
3161 | |
3162 | + |
3163 | QUANTUM_CONF_DIR = '/etc/quantum' |
3164 | |
3165 | |
3166 | @@ -50,7 +49,7 @@ |
3167 | if kernel_version() >= (3, 13): |
3168 | return [] |
3169 | else: |
3170 | - return ['openvswitch-datapath-dkms'] |
3171 | + return [headers_package(), 'openvswitch-datapath-dkms'] |
3172 | |
3173 | |
3174 | # legacy |
3175 | @@ -70,7 +69,7 @@ |
3176 | relation_prefix='neutron', |
3177 | ssl_dir=QUANTUM_CONF_DIR)], |
3178 | 'services': ['quantum-plugin-openvswitch-agent'], |
3179 | - 'packages': [[headers_package()] + determine_dkms_package(), |
3180 | + 'packages': [determine_dkms_package(), |
3181 | ['quantum-plugin-openvswitch-agent']], |
3182 | 'server_packages': ['quantum-server', |
3183 | 'quantum-plugin-openvswitch'], |
3184 | @@ -93,6 +92,7 @@ |
3185 | } |
3186 | } |
3187 | |
3188 | + |
3189 | NEUTRON_CONF_DIR = '/etc/neutron' |
3190 | |
3191 | |
3192 | @@ -111,7 +111,7 @@ |
3193 | relation_prefix='neutron', |
3194 | ssl_dir=NEUTRON_CONF_DIR)], |
3195 | 'services': ['neutron-plugin-openvswitch-agent'], |
3196 | - 'packages': [[headers_package()] + determine_dkms_package(), |
3197 | + 'packages': [determine_dkms_package(), |
3198 | ['neutron-plugin-openvswitch-agent']], |
3199 | 'server_packages': ['neutron-server', |
3200 | 'neutron-plugin-openvswitch'], |
3201 | @@ -155,7 +155,7 @@ |
3202 | relation_prefix='neutron', |
3203 | ssl_dir=NEUTRON_CONF_DIR)], |
3204 | 'services': [], |
3205 | - 'packages': [[headers_package()] + determine_dkms_package(), |
3206 | + 'packages': [determine_dkms_package(), |
3207 | ['neutron-plugin-cisco']], |
3208 | 'server_packages': ['neutron-server', |
3209 | 'neutron-plugin-cisco'], |
3210 | @@ -174,7 +174,7 @@ |
3211 | 'neutron-dhcp-agent', |
3212 | 'nova-api-metadata', |
3213 | 'etcd'], |
3214 | - 'packages': [[headers_package()] + determine_dkms_package(), |
3215 | + 'packages': [determine_dkms_package(), |
3216 | ['calico-compute', |
3217 | 'bird', |
3218 | 'neutron-dhcp-agent', |
3219 | @@ -204,11 +204,25 @@ |
3220 | database=config('database'), |
3221 | ssl_dir=NEUTRON_CONF_DIR)], |
3222 | 'services': [], |
3223 | - 'packages': [['plumgrid-lxc'], |
3224 | - ['iovisor-dkms']], |
3225 | + 'packages': ['plumgrid-lxc', |
3226 | + 'iovisor-dkms'], |
3227 | 'server_packages': ['neutron-server', |
3228 | 'neutron-plugin-plumgrid'], |
3229 | 'server_services': ['neutron-server'] |
3230 | + }, |
3231 | + 'midonet': { |
3232 | + 'config': '/etc/neutron/plugins/midonet/midonet.ini', |
3233 | + 'driver': 'midonet.neutron.plugin.MidonetPluginV2', |
3234 | + 'contexts': [ |
3235 | + context.SharedDBContext(user=config('neutron-database-user'), |
3236 | + database=config('neutron-database'), |
3237 | + relation_prefix='neutron', |
3238 | + ssl_dir=NEUTRON_CONF_DIR)], |
3239 | + 'services': [], |
3240 | + 'packages': [determine_dkms_package()], |
3241 | + 'server_packages': ['neutron-server', |
3242 | + 'python-neutron-plugin-midonet'], |
3243 | + 'server_services': ['neutron-server'] |
3244 | } |
3245 | } |
3246 | if release >= 'icehouse': |
3247 | @@ -219,6 +233,26 @@ |
3248 | 'neutron-plugin-ml2'] |
3249 | # NOTE: patch in vmware renames nvp->nsx for icehouse onwards |
3250 | plugins['nvp'] = plugins['nsx'] |
3251 | + if release >= 'kilo': |
3252 | + plugins['midonet']['driver'] = ( |
3253 | + 'neutron.plugins.midonet.plugin.MidonetPluginV2') |
3254 | + if release >= 'liberty': |
3255 | + plugins['midonet']['driver'] = ( |
3256 | + 'midonet.neutron.plugin_v1.MidonetPluginV2') |
3257 | + plugins['midonet']['server_packages'].remove( |
3258 | + 'python-neutron-plugin-midonet') |
3259 | + plugins['midonet']['server_packages'].append( |
3260 | + 'python-networking-midonet') |
3261 | + plugins['plumgrid']['driver'] = ( |
3262 | + 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2') |
3263 | + plugins['plumgrid']['server_packages'].remove( |
3264 | + 'neutron-plugin-plumgrid') |
3265 | + if release >= 'mitaka': |
3266 | + plugins['nsx']['server_packages'].remove('neutron-plugin-vmware') |
3267 | + plugins['nsx']['server_packages'].append('python-vmware-nsx') |
3268 | + plugins['nsx']['config'] = '/etc/neutron/nsx.ini' |
3269 | + plugins['vsp']['driver'] = ( |
3270 | + 'nuage_neutron.plugins.nuage.plugin.NuagePlugin') |
3271 | return plugins |
3272 | |
3273 | |
3274 | @@ -310,10 +344,10 @@ |
3275 | def parse_data_port_mappings(mappings, default_bridge='br-data'): |
3276 | """Parse data port mappings. |
3277 | |
3278 | - Mappings must be a space-delimited list of port:bridge mappings. |
3279 | + Mappings must be a space-delimited list of bridge:port. |
3280 | |
3281 | - Returns dict of the form {port:bridge} where port may be an mac address or |
3282 | - interface name. |
3283 | + Returns dict of the form {port:bridge} where ports may be mac addresses or |
3284 | + interface names. |
3285 | """ |
3286 | |
3287 | # NOTE(dosaboy): we use rvalue for key to allow multiple values to be |
3288 | |
3289 | === modified file 'charmhelpers/contrib/openstack/templates/__init__.py' |
3290 | --- charmhelpers/contrib/openstack/templates/__init__.py 2015-09-28 20:09:02 +0000 |
3291 | +++ charmhelpers/contrib/openstack/templates/__init__.py 2017-03-04 02:21:16 +0000 |
3292 | @@ -1,18 +1,16 @@ |
3293 | # Copyright 2014-2015 Canonical Limited. |
3294 | # |
3295 | -# This file is part of charm-helpers. |
3296 | -# |
3297 | -# charm-helpers is free software: you can redistribute it and/or modify |
3298 | -# it under the terms of the GNU Lesser General Public License version 3 as |
3299 | -# published by the Free Software Foundation. |
3300 | -# |
3301 | -# charm-helpers is distributed in the hope that it will be useful, |
3302 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
3303 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3304 | -# GNU Lesser General Public License for more details. |
3305 | -# |
3306 | -# You should have received a copy of the GNU Lesser General Public License |
3307 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
3308 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
3309 | +# you may not use this file except in compliance with the License. |
3310 | +# You may obtain a copy of the License at |
3311 | +# |
3312 | +# http://www.apache.org/licenses/LICENSE-2.0 |
3313 | +# |
3314 | +# Unless required by applicable law or agreed to in writing, software |
3315 | +# distributed under the License is distributed on an "AS IS" BASIS, |
3316 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
3317 | +# See the License for the specific language governing permissions and |
3318 | +# limitations under the License. |
3319 | |
3320 | # dummy __init__.py to fool syncer into thinking this is a syncable python |
3321 | # module |
3322 | |
3323 | === modified file 'charmhelpers/contrib/openstack/templates/haproxy.cfg' |
3324 | --- charmhelpers/contrib/openstack/templates/haproxy.cfg 2015-09-28 20:09:02 +0000 |
3325 | +++ charmhelpers/contrib/openstack/templates/haproxy.cfg 2017-03-04 02:21:16 +0000 |
3326 | @@ -12,27 +12,35 @@ |
3327 | option tcplog |
3328 | option dontlognull |
3329 | retries 3 |
3330 | - timeout queue 1000 |
3331 | - timeout connect 1000 |
3332 | -{% if haproxy_client_timeout -%} |
3333 | +{%- if haproxy_queue_timeout %} |
3334 | + timeout queue {{ haproxy_queue_timeout }} |
3335 | +{%- else %} |
3336 | + timeout queue 5000 |
3337 | +{%- endif %} |
3338 | +{%- if haproxy_connect_timeout %} |
3339 | + timeout connect {{ haproxy_connect_timeout }} |
3340 | +{%- else %} |
3341 | + timeout connect 5000 |
3342 | +{%- endif %} |
3343 | +{%- if haproxy_client_timeout %} |
3344 | timeout client {{ haproxy_client_timeout }} |
3345 | -{% else -%} |
3346 | +{%- else %} |
3347 | timeout client 30000 |
3348 | -{% endif -%} |
3349 | - |
3350 | -{% if haproxy_server_timeout -%} |
3351 | +{%- endif %} |
3352 | +{%- if haproxy_server_timeout %} |
3353 | timeout server {{ haproxy_server_timeout }} |
3354 | -{% else -%} |
3355 | +{%- else %} |
3356 | timeout server 30000 |
3357 | -{% endif -%} |
3358 | +{%- endif %} |
3359 | |
3360 | -listen stats {{ stat_port }} |
3361 | +listen stats |
3362 | + bind {{ local_host }}:{{ stat_port }} |
3363 | mode http |
3364 | stats enable |
3365 | stats hide-version |
3366 | stats realm Haproxy\ Statistics |
3367 | stats uri / |
3368 | - stats auth admin:password |
3369 | + stats auth admin:{{ stat_password }} |
3370 | |
3371 | {% if frontends -%} |
3372 | {% for service, ports in service_ports.items() -%} |
3373 | |
3374 | === added file 'charmhelpers/contrib/openstack/templates/memcached.conf' |
3375 | --- charmhelpers/contrib/openstack/templates/memcached.conf 1970-01-01 00:00:00 +0000 |
3376 | +++ charmhelpers/contrib/openstack/templates/memcached.conf 2017-03-04 02:21:16 +0000 |
3377 | @@ -0,0 +1,53 @@ |
3378 | +############################################################################### |
3379 | +# [ WARNING ] |
3380 | +# memcached configuration file maintained by Juju |
3381 | +# local changes may be overwritten. |
3382 | +############################################################################### |
3383 | + |
3384 | +# memcached default config file |
3385 | +# 2003 - Jay Bonci <jaybonci@debian.org> |
3386 | +# This configuration file is read by the start-memcached script provided as |
3387 | +# part of the Debian GNU/Linux distribution. |
3388 | + |
3389 | +# Run memcached as a daemon. This command is implied, and is not needed for the |
3390 | +# daemon to run. See the README.Debian that comes with this package for more |
3391 | +# information. |
3392 | +-d |
3393 | + |
3394 | +# Log memcached's output to /var/log/memcached |
3395 | +logfile /var/log/memcached.log |
3396 | + |
3397 | +# Be verbose |
3398 | +# -v |
3399 | + |
3400 | +# Be even more verbose (print client commands as well) |
3401 | +# -vv |
3402 | + |
3403 | +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default |
3404 | +# Note that the daemon will grow to this size, but does not start out holding this much |
3405 | +# memory |
3406 | +-m 64 |
3407 | + |
3408 | +# Default connection port is 11211 |
3409 | +-p {{ memcache_port }} |
3410 | + |
3411 | +# Run the daemon as root. The start-memcached will default to running as root if no |
3412 | +# -u command is present in this config file |
3413 | +-u memcache |
3414 | + |
3415 | +# Specify which IP address to listen on. The default is to listen on all IP addresses |
3416 | +# This parameter is one of the only security measures that memcached has, so make sure |
3417 | +# it's listening on a firewalled interface. |
3418 | +-l {{ memcache_server }} |
3419 | + |
3420 | +# Limit the number of simultaneous incoming connections. The daemon default is 1024 |
3421 | +# -c 1024 |
3422 | + |
3423 | +# Lock down all paged memory. Consult with the README and homepage before you do this |
3424 | +# -k |
3425 | + |
3426 | +# Return error when memory is exhausted (rather than removing items) |
3427 | +# -M |
3428 | + |
3429 | +# Maximize core file limit |
3430 | +# -r |
3431 | |
3432 | === modified file 'charmhelpers/contrib/openstack/templates/openstack_https_frontend' |
3433 | --- charmhelpers/contrib/openstack/templates/openstack_https_frontend 2015-09-28 20:09:02 +0000 |
3434 | +++ charmhelpers/contrib/openstack/templates/openstack_https_frontend 2017-03-04 02:21:16 +0000 |
3435 | @@ -6,11 +6,16 @@ |
3436 | <VirtualHost {{ address }}:{{ ext }}> |
3437 | ServerName {{ endpoint }} |
3438 | SSLEngine on |
3439 | + SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 |
3440 | + SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM |
3441 | SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }} |
3442 | + # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8 |
3443 | + SSLCertificateChainFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }} |
3444 | SSLCertificateKeyFile /etc/apache2/ssl/{{ namespace }}/key_{{ endpoint }} |
3445 | ProxyPass / http://localhost:{{ int }}/ |
3446 | ProxyPassReverse / http://localhost:{{ int }}/ |
3447 | ProxyPreserveHost on |
3448 | + RequestHeader set X-Forwarded-Proto "https" |
3449 | </VirtualHost> |
3450 | {% endfor -%} |
3451 | <Proxy *> |
3452 | |
3453 | === modified file 'charmhelpers/contrib/openstack/templates/openstack_https_frontend.conf' |
3454 | --- charmhelpers/contrib/openstack/templates/openstack_https_frontend.conf 2015-09-28 20:09:02 +0000 |
3455 | +++ charmhelpers/contrib/openstack/templates/openstack_https_frontend.conf 2017-03-04 02:21:16 +0000 |
3456 | @@ -6,11 +6,16 @@ |
3457 | <VirtualHost {{ address }}:{{ ext }}> |
3458 | ServerName {{ endpoint }} |
3459 | SSLEngine on |
3460 | + SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 |
3461 | + SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM |
3462 | SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }} |
3463 | + # See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8 |
3464 | + SSLCertificateChainFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }} |
3465 | SSLCertificateKeyFile /etc/apache2/ssl/{{ namespace }}/key_{{ endpoint }} |
3466 | ProxyPass / http://localhost:{{ int }}/ |
3467 | ProxyPassReverse / http://localhost:{{ int }}/ |
3468 | ProxyPreserveHost on |
3469 | + RequestHeader set X-Forwarded-Proto "https" |
3470 | </VirtualHost> |
3471 | {% endfor -%} |
3472 | <Proxy *> |
3473 | |
3474 | === modified file 'charmhelpers/contrib/openstack/templates/section-keystone-authtoken' |
3475 | --- charmhelpers/contrib/openstack/templates/section-keystone-authtoken 2015-09-28 20:09:02 +0000 |
3476 | +++ charmhelpers/contrib/openstack/templates/section-keystone-authtoken 2017-03-04 02:21:16 +0000 |
3477 | @@ -1,9 +1,12 @@ |
3478 | {% if auth_host -%} |
3479 | [keystone_authtoken] |
3480 | -identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/{{ auth_admin_prefix }} |
3481 | -auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/{{ service_admin_prefix }} |
3482 | -admin_tenant_name = {{ admin_tenant_name }} |
3483 | -admin_user = {{ admin_user }} |
3484 | -admin_password = {{ admin_password }} |
3485 | +auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }} |
3486 | +auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} |
3487 | +auth_plugin = password |
3488 | +project_domain_id = default |
3489 | +user_domain_id = default |
3490 | +project_name = {{ admin_tenant_name }} |
3491 | +username = {{ admin_user }} |
3492 | +password = {{ admin_password }} |
3493 | signing_dir = {{ signing_dir }} |
3494 | {% endif -%} |
3495 | |
3496 | === added file 'charmhelpers/contrib/openstack/templates/section-keystone-authtoken-legacy' |
3497 | --- charmhelpers/contrib/openstack/templates/section-keystone-authtoken-legacy 1970-01-01 00:00:00 +0000 |
3498 | +++ charmhelpers/contrib/openstack/templates/section-keystone-authtoken-legacy 2017-03-04 02:21:16 +0000 |
3499 | @@ -0,0 +1,10 @@ |
3500 | +{% if auth_host -%} |
3501 | +[keystone_authtoken] |
3502 | +# Juno specific config (Bug #1557223) |
3503 | +auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/{{ service_admin_prefix }} |
3504 | +identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} |
3505 | +admin_tenant_name = {{ admin_tenant_name }} |
3506 | +admin_user = {{ admin_user }} |
3507 | +admin_password = {{ admin_password }} |
3508 | +signing_dir = {{ signing_dir }} |
3509 | +{% endif -%} |
3510 | |
3511 | === added file 'charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka' |
3512 | --- charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka 1970-01-01 00:00:00 +0000 |
3513 | +++ charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka 2017-03-04 02:21:16 +0000 |
3514 | @@ -0,0 +1,20 @@ |
3515 | +{% if auth_host -%} |
3516 | +[keystone_authtoken] |
3517 | +auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }} |
3518 | +auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }} |
3519 | +auth_type = password |
3520 | +{% if api_version == "3" -%} |
3521 | +project_domain_name = {{ admin_domain_name }} |
3522 | +user_domain_name = {{ admin_domain_name }} |
3523 | +{% else -%} |
3524 | +project_domain_name = default |
3525 | +user_domain_name = default |
3526 | +{% endif -%} |
3527 | +project_name = {{ admin_tenant_name }} |
3528 | +username = {{ admin_user }} |
3529 | +password = {{ admin_password }} |
3530 | +signing_dir = {{ signing_dir }} |
3531 | +{% if use_memcache == true %} |
3532 | +memcached_servers = {{ memcache_url }} |
3533 | +{% endif -%} |
3534 | +{% endif -%} |
3535 | |
3536 | === added file 'charmhelpers/contrib/openstack/templates/wsgi-openstack-api.conf' |
3537 | --- charmhelpers/contrib/openstack/templates/wsgi-openstack-api.conf 1970-01-01 00:00:00 +0000 |
3538 | +++ charmhelpers/contrib/openstack/templates/wsgi-openstack-api.conf 2017-03-04 02:21:16 +0000 |
3539 | @@ -0,0 +1,100 @@ |
3540 | +# Configuration file maintained by Juju. Local changes may be overwritten. |
3541 | + |
3542 | +{% if port -%} |
3543 | +Listen {{ port }} |
3544 | +{% endif -%} |
3545 | + |
3546 | +{% if admin_port -%} |
3547 | +Listen {{ admin_port }} |
3548 | +{% endif -%} |
3549 | + |
3550 | +{% if public_port -%} |
3551 | +Listen {{ public_port }} |
3552 | +{% endif -%} |
3553 | + |
3554 | +{% if port -%} |
3555 | +<VirtualHost *:{{ port }}> |
3556 | + WSGIDaemonProcess {{ service_name }} processes={{ processes }} threads={{ threads }} user={{ service_name }} group={{ service_name }} \ |
3557 | +{% if python_path -%} |
3558 | + python-path={{ python_path }} \ |
3559 | +{% endif -%} |
3560 | + display-name=%{GROUP} |
3561 | + WSGIProcessGroup {{ service_name }} |
3562 | + WSGIScriptAlias / {{ script }} |
3563 | + WSGIApplicationGroup %{GLOBAL} |
3564 | + WSGIPassAuthorization On |
3565 | + <IfVersion >= 2.4> |
3566 | + ErrorLogFormat "%{cu}t %M" |
3567 | + </IfVersion> |
3568 | + ErrorLog /var/log/apache2/{{ service_name }}_error.log |
3569 | + CustomLog /var/log/apache2/{{ service_name }}_access.log combined |
3570 | + |
3571 | + <Directory {{ usr_bin }}> |
3572 | + <IfVersion >= 2.4> |
3573 | + Require all granted |
3574 | + </IfVersion> |
3575 | + <IfVersion < 2.4> |
3576 | + Order allow,deny |
3577 | + Allow from all |
3578 | + </IfVersion> |
3579 | + </Directory> |
3580 | +</VirtualHost> |
3581 | +{% endif -%} |
3582 | + |
3583 | +{% if admin_port -%} |
3584 | +<VirtualHost *:{{ admin_port }}> |
3585 | + WSGIDaemonProcess {{ service_name }}-admin processes={{ admin_processes }} threads={{ threads }} user={{ service_name }} group={{ service_name }} \ |
3586 | +{% if python_path -%} |
3587 | + python-path={{ python_path }} \ |
3588 | +{% endif -%} |
3589 | + display-name=%{GROUP} |
3590 | + WSGIProcessGroup {{ service_name }}-admin |
3591 | + WSGIScriptAlias / {{ admin_script }} |
3592 | + WSGIApplicationGroup %{GLOBAL} |
3593 | + WSGIPassAuthorization On |
3594 | + <IfVersion >= 2.4> |
3595 | + ErrorLogFormat "%{cu}t %M" |
3596 | + </IfVersion> |
3597 | + ErrorLog /var/log/apache2/{{ service_name }}_error.log |
3598 | + CustomLog /var/log/apache2/{{ service_name }}_access.log combined |
3599 | + |
3600 | + <Directory {{ usr_bin }}> |
3601 | + <IfVersion >= 2.4> |
3602 | + Require all granted |
3603 | + </IfVersion> |
3604 | + <IfVersion < 2.4> |
3605 | + Order allow,deny |
3606 | + Allow from all |
3607 | + </IfVersion> |
3608 | + </Directory> |
3609 | +</VirtualHost> |
3610 | +{% endif -%} |
3611 | + |
3612 | +{% if public_port -%} |
3613 | +<VirtualHost *:{{ public_port }}> |
3614 | + WSGIDaemonProcess {{ service_name }}-public processes={{ public_processes }} threads={{ threads }} user={{ service_name }} group={{ service_name }} \ |
3615 | +{% if python_path -%} |
3616 | + python-path={{ python_path }} \ |
3617 | +{% endif -%} |
3618 | + display-name=%{GROUP} |
3619 | + WSGIProcessGroup {{ service_name }}-public |
3620 | + WSGIScriptAlias / {{ public_script }} |
3621 | + WSGIApplicationGroup %{GLOBAL} |
3622 | + WSGIPassAuthorization On |
3623 | + <IfVersion >= 2.4> |
3624 | + ErrorLogFormat "%{cu}t %M" |
3625 | + </IfVersion> |
3626 | + ErrorLog /var/log/apache2/{{ service_name }}_error.log |
3627 | + CustomLog /var/log/apache2/{{ service_name }}_access.log combined |
3628 | + |
3629 | + <Directory {{ usr_bin }}> |
3630 | + <IfVersion >= 2.4> |
3631 | + Require all granted |
3632 | + </IfVersion> |
3633 | + <IfVersion < 2.4> |
3634 | + Order allow,deny |
3635 | + Allow from all |
3636 | + </IfVersion> |
3637 | + </Directory> |
3638 | +</VirtualHost> |
3639 | +{% endif -%} |
3640 | |
3641 | === modified file 'charmhelpers/contrib/openstack/templating.py' |
3642 | --- charmhelpers/contrib/openstack/templating.py 2015-09-28 20:09:02 +0000 |
3643 | +++ charmhelpers/contrib/openstack/templating.py 2017-03-04 02:21:16 +0000 |
3644 | @@ -1,18 +1,16 @@ |
3645 | # Copyright 2014-2015 Canonical Limited. |
3646 | # |
3647 | -# This file is part of charm-helpers. |
3648 | -# |
3649 | -# charm-helpers is free software: you can redistribute it and/or modify |
3650 | -# it under the terms of the GNU Lesser General Public License version 3 as |
3651 | -# published by the Free Software Foundation. |
3652 | -# |
3653 | -# charm-helpers is distributed in the hope that it will be useful, |
3654 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
3655 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3656 | -# GNU Lesser General Public License for more details. |
3657 | -# |
3658 | -# You should have received a copy of the GNU Lesser General Public License |
3659 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
3660 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
3661 | +# you may not use this file except in compliance with the License. |
3662 | +# You may obtain a copy of the License at |
3663 | +# |
3664 | +# http://www.apache.org/licenses/LICENSE-2.0 |
3665 | +# |
3666 | +# Unless required by applicable law or agreed to in writing, software |
3667 | +# distributed under the License is distributed on an "AS IS" BASIS, |
3668 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
3669 | +# See the License for the specific language governing permissions and |
3670 | +# limitations under the License. |
3671 | |
3672 | import os |
3673 | |
3674 | @@ -30,7 +28,10 @@ |
3675 | from jinja2 import FileSystemLoader, ChoiceLoader, Environment, exceptions |
3676 | except ImportError: |
3677 | apt_update(fatal=True) |
3678 | - apt_install('python-jinja2', fatal=True) |
3679 | + if six.PY2: |
3680 | + apt_install('python-jinja2', fatal=True) |
3681 | + else: |
3682 | + apt_install('python3-jinja2', fatal=True) |
3683 | from jinja2 import FileSystemLoader, ChoiceLoader, Environment, exceptions |
3684 | |
3685 | |
3686 | @@ -209,7 +210,10 @@ |
3687 | # if this code is running, the object is created pre-install hook. |
3688 | # jinja2 shouldn't get touched until the module is reloaded on next |
3689 | # hook execution, with proper jinja2 bits successfully imported. |
3690 | - apt_install('python-jinja2') |
3691 | + if six.PY2: |
3692 | + apt_install('python-jinja2') |
3693 | + else: |
3694 | + apt_install('python3-jinja2') |
3695 | |
3696 | def register(self, config_file, contexts): |
3697 | """ |
3698 | |
3699 | === modified file 'charmhelpers/contrib/openstack/utils.py' |
3700 | --- charmhelpers/contrib/openstack/utils.py 2015-09-28 20:09:02 +0000 |
3701 | +++ charmhelpers/contrib/openstack/utils.py 2017-03-04 02:21:16 +0000 |
3702 | @@ -1,18 +1,16 @@ |
3703 | # Copyright 2014-2015 Canonical Limited. |
3704 | # |
3705 | -# This file is part of charm-helpers. |
3706 | -# |
3707 | -# charm-helpers is free software: you can redistribute it and/or modify |
3708 | -# it under the terms of the GNU Lesser General Public License version 3 as |
3709 | -# published by the Free Software Foundation. |
3710 | -# |
3711 | -# charm-helpers is distributed in the hope that it will be useful, |
3712 | -# but WITHOUT ANY WARRANTY; without even the implied warranty of |
3713 | -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3714 | -# GNU Lesser General Public License for more details. |
3715 | -# |
3716 | -# You should have received a copy of the GNU Lesser General Public License |
3717 | -# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>. |
3718 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
3719 | +# you may not use this file except in compliance with the License. |
3720 | +# You may obtain a copy of the License at |
3721 | +# |
3722 | +# http://www.apache.org/licenses/LICENSE-2.0 |
3723 | +# |
3724 | +# Unless required by applicable law or agreed to in writing, software |
3725 | +# distributed under the License is distributed on an "AS IS" BASIS, |
3726 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
3727 | +# See the License for the specific language governing permissions and |
3728 | +# limitations under the License. |
3729 | |
3730 | # Common python helper functions used for OpenStack charms. |
3731 | from collections import OrderedDict |
3732 | @@ -23,9 +21,14 @@ |
3733 | import os |
3734 | import sys |
3735 | import re |
3736 | +import itertools |
3737 | +import functools |
3738 | +import shutil |
3739 | |
3740 | import six |
3741 | +import tempfile |
3742 | import traceback |
3743 | +import uuid |
3744 | import yaml |
3745 | |
3746 | from charmhelpers.contrib.network import ip |
3747 | @@ -40,11 +43,16 @@ |
3748 | config, |
3749 | log as juju_log, |
3750 | charm_dir, |
3751 | + DEBUG, |
3752 | INFO, |
3753 | + ERROR, |
3754 | + related_units, |
3755 | relation_ids, |
3756 | relation_set, |
3757 | + service_name, |
3758 | status_set, |
3759 | - hook_name |
3760 | + hook_name, |
3761 | + application_version_set, |
3762 | ) |
3763 | |
3764 | from charmhelpers.contrib.storage.linux.lvm import ( |
3765 | @@ -56,6 +64,7 @@ |
3766 | from charmhelpers.contrib.network.ip import ( |
3767 | get_ipv6_addr, |
3768 | is_ipv6, |
3769 | + port_has_listener, |
3770 | ) |
3771 | |
3772 | from charmhelpers.contrib.python.packages import ( |
3773 | @@ -63,10 +72,24 @@ |
3774 | pip_install, |
3775 | ) |
3776 | |
3777 | -from charmhelpers.core.host import lsb_release, mounts, umount |
3778 | -from charmhelpers.fetch import apt_install, apt_cache, install_remote |
3779 | +from charmhelpers.core.host import ( |
3780 | + lsb_release, |
3781 | + mounts, |
3782 | + umount, |
3783 | + service_running, |
3784 | + service_pause, |
3785 | + service_resume, |
3786 | + restart_on_change_helper, |
3787 | +) |
3788 | +from charmhelpers.fetch import ( |
3789 | + apt_install, |
3790 | + apt_cache, |
3791 | + install_remote, |
3792 | + get_upstream_version |
3793 | +) |
3794 | from charmhelpers.contrib.storage.linux.utils import is_block_device, zap_disk |
3795 | from charmhelpers.contrib.storage.linux.loopback import ensure_loopback_device |
3796 | +from charmhelpers.contrib.openstack.exceptions import OSContextError |
3797 | |
3798 | CLOUD_ARCHIVE_URL = "http://ubuntu-cloud.archive.canonical.com/ubuntu" |
3799 | CLOUD_ARCHIVE_KEY_ID = '5EDB1B62EC4926EA' |
3800 | @@ -84,6 +107,9 @@ |
3801 | ('utopic', 'juno'), |
3802 | ('vivid', 'kilo'), |
3803 | ('wily', 'liberty'), |
3804 | + ('xenial', 'mitaka'), |
3805 | + ('yakkety', 'newton'), |
3806 | + ('zesty', 'ocata'), |
3807 | ]) |
3808 | |
3809 | |
3810 | @@ -97,63 +123,118 @@ |
3811 | ('2014.2', 'juno'), |
3812 | ('2015.1', 'kilo'), |
3813 | ('2015.2', 'liberty'), |
3814 | + ('2016.1', 'mitaka'), |
3815 | + ('2016.2', 'newton'), |
3816 | + ('2017.1', 'ocata'), |
3817 | ]) |
3818 | |
3819 | -# The ugly duckling |
3820 | +# The ugly duckling - must list releases oldest to newest |
3821 | SWIFT_CODENAMES = OrderedDict([ |
3822 | - ('1.4.3', 'diablo'), |
3823 | - ('1.4.8', 'essex'), |
3824 | - ('1.7.4', 'folsom'), |
3825 | - ('1.8.0', 'grizzly'), |
3826 | - ('1.7.7', 'grizzly'), |
3827 | - ('1.7.6', 'grizzly'), |
3828 | - ('1.10.0', 'havana'), |
3829 | - ('1.9.1', 'havana'), |
3830 | - ('1.9.0', 'havana'), |
3831 | - ('1.13.1', 'icehouse'), |
3832 | - ('1.13.0', 'icehouse'), |
3833 | - ('1.12.0', 'icehouse'), |
3834 | - ('1.11.0', 'icehouse'), |
3835 | - ('2.0.0', 'juno'), |
3836 | - ('2.1.0', 'juno'), |
3837 | - ('2.2.0', 'juno'), |
3838 | - ('2.2.1', 'kilo'), |
3839 | - ('2.2.2', 'kilo'), |
3840 | - ('2.3.0', 'liberty'), |
3841 | - ('2.4.0', 'liberty'), |
3842 | + ('diablo', |
3843 | + ['1.4.3']), |
3844 | + ('essex', |
3845 | + ['1.4.8']), |
3846 | + ('folsom', |
3847 | + ['1.7.4']), |
3848 | + ('grizzly', |
3849 | + ['1.7.6', '1.7.7', '1.8.0']), |
3850 | + ('havana', |
3851 | + ['1.9.0', '1.9.1', '1.10.0']), |
3852 | + ('icehouse', |
3853 | + ['1.11.0', '1.12.0', '1.13.0', '1.13.1']), |
3854 | + ('juno', |
3855 | + ['2.0.0', '2.1.0', '2.2.0']), |
3856 | + ('kilo', |
3857 | + ['2.2.1', '2.2.2']), |
3858 | + ('liberty', |
3859 | + ['2.3.0', '2.4.0', '2.5.0']), |
3860 | + ('mitaka', |
3861 | + ['2.5.0', '2.6.0', '2.7.0']), |
3862 | + ('newton', |
3863 | + ['2.8.0', '2.9.0', '2.10.0']), |
3864 | + ('ocata', |
3865 | + ['2.11.0', '2.12.0', '2.13.0']), |
3866 | ]) |
3867 | |
3868 | # >= Liberty version->codename mapping |
3869 | PACKAGE_CODENAMES = { |
3870 | 'nova-common': OrderedDict([ |
3871 | - ('12.0.0', 'liberty'), |
3872 | + ('12', 'liberty'), |
3873 | + ('13', 'mitaka'), |
3874 | + ('14', 'newton'), |
3875 | + ('15', 'ocata'), |
3876 | ]), |
3877 | 'neutron-common': OrderedDict([ |
3878 | - ('7.0.0', 'liberty'), |
3879 | + ('7', 'liberty'), |
3880 | + ('8', 'mitaka'), |
3881 | + ('9', 'newton'), |
3882 | + ('10', 'ocata'), |
3883 | ]), |
3884 | 'cinder-common': OrderedDict([ |
3885 | - ('7.0.0', 'liberty'), |
3886 | + ('7', 'liberty'), |
3887 | + ('8', 'mitaka'), |
3888 | + ('9', 'newton'), |
3889 | + ('10', 'ocata'), |
3890 | ]), |
3891 | 'keystone': OrderedDict([ |
3892 | - ('8.0.0', 'liberty'), |
3893 | + ('8', 'liberty'), |
3894 | + ('9', 'mitaka'), |
3895 | + ('10', 'newton'), |
3896 | + ('11', 'ocata'), |
3897 | ]), |
3898 | 'horizon-common': OrderedDict([ |
3899 | - ('8.0.0', 'liberty'), |
3900 | + ('8', 'liberty'), |
3901 | + ('9', 'mitaka'), |
3902 | + ('10', 'newton'), |
3903 | + ('11', 'ocata'), |
3904 | ]), |
3905 | 'ceilometer-common': OrderedDict([ |
3906 | - ('5.0.0', 'liberty'), |
3907 | + ('5', 'liberty'), |
3908 | + ('6', 'mitaka'), |
3909 | + ('7', 'newton'), |
3910 | + ('8', 'ocata'), |
3911 | ]), |
3912 | 'heat-common': OrderedDict([ |
3913 | - ('5.0.0', 'liberty'), |
3914 | + ('5', 'liberty'), |
3915 | + ('6', 'mitaka'), |
3916 | + ('7', 'newton'), |
3917 | + ('8', 'ocata'), |
3918 | ]), |
3919 | 'glance-common': OrderedDict([ |
3920 | - ('11.0.0', 'liberty'), |
3921 | + ('11', 'liberty'), |
3922 | + ('12', 'mitaka'), |
3923 | + ('13', 'newton'), |
3924 | + ('14', 'ocata'), |
3925 | ]), |
3926 | 'openstack-dashboard': OrderedDict([ |
3927 | - ('8.0.0', 'liberty'), |
3928 | + ('8', 'liberty'), |
3929 | + ('9', 'mitaka'), |
3930 | + ('10', 'newton'), |
3931 | + ('11', 'ocata'), |
3932 | ]), |
3933 | } |
3934 | |
3935 | +GIT_DEFAULT_REPOS = { |
3936 | + 'requirements': 'git://github.com/openstack/requirements', |
3937 | + 'cinder': 'git://github.com/openstack/cinder', |
3938 | + 'glance': 'git://github.com/openstack/glance', |
3939 | + 'horizon': 'git://github.com/openstack/horizon', |
3940 | + 'keystone': 'git://github.com/openstack/keystone', |
3941 | + 'networking-hyperv': 'git://github.com/openstack/networking-hyperv', |
3942 | + 'neutron': 'git://github.com/openstack/neutron', |
3943 | + 'neutron-fwaas': 'git://github.com/openstack/neutron-fwaas', |
3944 | + 'neutron-lbaas': 'git://github.com/openstack/neutron-lbaas', |
3945 | + 'neutron-vpnaas': 'git://github.com/openstack/neutron-vpnaas', |
3946 | + 'nova': 'git://github.com/openstack/nova', |
3947 | +} |
3948 | + |
3949 | +GIT_DEFAULT_BRANCHES = { |
3950 | + 'liberty': 'stable/liberty', |
3951 | + 'mitaka': 'stable/mitaka', |
3952 | + 'newton': 'stable/newton', |
3953 | + 'master': 'master', |
3954 | +} |
3955 | + |
3956 | DEFAULT_LOOPBACK_SIZE = '5G' |
3957 | |
3958 | |
3959 | @@ -213,6 +294,44 @@ |
3960 | error_out(e) |
3961 | |
3962 | |
3963 | +def get_os_version_codename_swift(codename): |
3964 | + '''Determine OpenStack version number of swift from codename.''' |
3965 | + for k, v in six.iteritems(SWIFT_CODENAMES): |
3966 | + if k == codename: |
3967 | + return v[-1] |
3968 | + e = 'Could not derive swift version for '\ |
3969 | + 'codename: %s' % codename |
3970 | + error_out(e) |
3971 | + |
3972 | + |
3973 | +def get_swift_codename(version): |
3974 | + '''Determine OpenStack codename that corresponds to swift version.''' |
3975 | + codenames = [k for k, v in six.iteritems(SWIFT_CODENAMES) if version in v] |
3976 | + |
3977 | + if len(codenames) > 1: |
3978 | + # If more than one release codename contains this version we determine |
3979 | + # the actual codename based on the highest available install source. |
3980 | + for codename in reversed(codenames): |
3981 | + releases = UBUNTU_OPENSTACK_RELEASE |
3982 | + release = [k for k, v in six.iteritems(releases) if codename in v] |
3983 | + ret = subprocess.check_output(['apt-cache', 'policy', 'swift']) |
3984 | + if codename in ret or release[0] in ret: |
3985 | + return codename |
3986 | + elif len(codenames) == 1: |
3987 | + return codenames[0] |
3988 | + |
3989 | + # NOTE: fallback - attempt to match with just major.minor version |
3990 | + match = re.match('^(\d+)\.(\d+)', version) |
3991 | + if match: |
3992 | + major_minor_version = match.group(0) |
3993 | + for codename, versions in six.iteritems(SWIFT_CODENAMES): |
3994 | + for release_version in versions: |
3995 | + if release_version.startswith(major_minor_version): |
3996 | + return codename |
3997 | + |
3998 | + return None |
3999 | + |
4000 | + |
4001 | def get_os_codename_package(package, fatal=True): |
4002 | '''Derive OpenStack release codename from an installed package.''' |
4003 | import apt_pkg as apt |
4004 | @@ -237,25 +356,30 @@ |
4005 | error_out(e) |
4006 | |
4007 | vers = apt.upstream_version(pkg.current_ver.ver_str) |
4008 | - match = re.match('^(\d+)\.(\d+)\.(\d+)', vers) |
4009 | + if 'swift' in pkg.name: |
4010 | + # Fully x.y.z match for swift versions |
4011 | + match = re.match('^(\d+)\.(\d+)\.(\d+)', vers) |
4012 | + else: |
4013 | + # x.y match only for 20XX.X |
4014 | + # and ignore patch level for other packages |
4015 | + match = re.match('^(\d+)\.(\d+)', vers) |
4016 | + |
4017 | if match: |
4018 | vers = match.group(0) |
4019 | |
4020 | + # Generate a major version number for newer semantic |
4021 | + # versions of openstack projects |
4022 | + major_vers = vers.split('.')[0] |
4023 | # >= Liberty independent project versions |
4024 | if (package in PACKAGE_CODENAMES and |
4025 | - vers in PACKAGE_CODENAMES[package]): |
4026 | - return PACKAGE_CODENAMES[package][vers] |
4027 | + major_vers in PACKAGE_CODENAMES[package]): |
4028 | + return PACKAGE_CODENAMES[package][major_vers] |
4029 | else: |
4030 | # < Liberty co-ordinated project versions |
4031 | try: |
4032 | if 'swift' in pkg.name: |
4033 | - swift_vers = vers[:5] |
4034 | - if swift_vers not in SWIFT_CODENAMES: |
4035 | - # Deal with 1.10.0 upward |
4036 | - swift_vers = vers[:6] |
4037 | - return SWIFT_CODENAMES[swift_vers] |
4038 | + return get_swift_codename(vers) |
4039 | else: |
4040 | - vers = vers[:6] |
4041 | return OPENSTACK_CODENAMES[vers] |
4042 | except KeyError: |
4043 | if not fatal: |
4044 | @@ -273,12 +397,14 @@ |
4045 | |
4046 | if 'swift' in pkg: |
4047 | vers_map = SWIFT_CODENAMES |
4048 | + for cname, version in six.iteritems(vers_map): |
4049 | + if cname == codename: |
4050 | + return version[-1] |
4051 | else: |
4052 | vers_map = OPENSTACK_CODENAMES |
4053 | - |
4054 | - for version, cname in six.iteritems(vers_map): |
4055 | - if cname == codename: |
4056 | - return version |
4057 | + for version, cname in six.iteritems(vers_map): |
4058 | + if cname == codename: |
4059 | + return version |
4060 | # e = "Could not determine OpenStack version for package: %s" % pkg |
4061 | # error_out(e) |
4062 | |
4063 | @@ -286,29 +412,72 @@ |
4064 | os_rel = None |
4065 | |
4066 | |
4067 | -def os_release(package, base='essex'): |
4068 | +def reset_os_release(): |
4069 | + '''Unset the cached os_release version''' |
4070 | + global os_rel |
4071 | + os_rel = None |
4072 | + |
4073 | + |
4074 | +def os_release(package, base='essex', reset_cache=False): |
4075 | ''' |
4076 | Returns OpenStack release codename from a cached global. |
4077 | + |
4078 | + If reset_cache then unset the cached os_release version and return the |
4079 | + freshly determined version. |
4080 | + |
4081 | If the codename can not be determined from either an installed package or |
4082 | the installation source, the earliest release supported by the charm should |
4083 | be returned. |
4084 | ''' |
4085 | global os_rel |
4086 | + if reset_cache: |
4087 | + reset_os_release() |
4088 | if os_rel: |
4089 | return os_rel |
4090 | - os_rel = (get_os_codename_package(package, fatal=False) or |
4091 | + os_rel = (git_os_codename_install_source(config('openstack-origin-git')) or |
4092 | + get_os_codename_package(package, fatal=False) or |
4093 | get_os_codename_install_source(config('openstack-origin')) or |
4094 | base) |
4095 | return os_rel |
4096 | |
4097 | |
4098 | def import_key(keyid): |
4099 | - cmd = "apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 " \ |
4100 | - "--recv-keys %s" % keyid |
4101 | - try: |
4102 | - subprocess.check_call(cmd.split(' ')) |
4103 | - except subprocess.CalledProcessError: |
4104 | - error_out("Error importing repo key %s" % keyid) |
4105 | + key = keyid.strip() |
4106 | + if (key.startswith('-----BEGIN PGP PUBLIC KEY BLOCK-----') and |
4107 | + key.endswith('-----END PGP PUBLIC KEY BLOCK-----')): |
4108 | + juju_log("PGP key found (looks like ASCII Armor format)", level=DEBUG) |
4109 | + juju_log("Importing ASCII Armor PGP key", level=DEBUG) |
4110 | + with tempfile.NamedTemporaryFile() as keyfile: |
4111 | + with open(keyfile.name, 'w') as fd: |
4112 | + fd.write(key) |
4113 | + fd.write("\n") |
4114 | + |
4115 | + cmd = ['apt-key', 'add', keyfile.name] |
4116 | + try: |
4117 | + subprocess.check_call(cmd) |
4118 | + except subprocess.CalledProcessError: |
4119 | + error_out("Error importing PGP key '%s'" % key) |
4120 | + else: |
4121 | + juju_log("PGP key found (looks like Radix64 format)", level=DEBUG) |
4122 | + juju_log("Importing PGP key from keyserver", level=DEBUG) |
4123 | + cmd = ['apt-key', 'adv', '--keyserver', |
4124 | + 'hkp://keyserver.ubuntu.com:80', '--recv-keys', key] |
4125 | + try: |
4126 | + subprocess.check_call(cmd) |
4127 | + except subprocess.CalledProcessError: |
4128 | + error_out("Error importing PGP key '%s'" % key) |
4129 | + |
4130 | + |
4131 | +def get_source_and_pgp_key(input): |
4132 | + """Look for a pgp key ID or ascii-armor key in the given input.""" |
4133 | + index = input.strip() |
4134 | + index = input.rfind('|') |
4135 | + if index < 0: |
4136 | + return input, None |
4137 | + |
4138 | + key = input[index + 1:].strip('|') |
4139 | + source = input[:index] |
4140 | + return source, key |
4141 | |
4142 | |
4143 | def configure_installation_source(rel): |
4144 | @@ -320,16 +489,16 @@ |
4145 | with open('/etc/apt/sources.list.d/juju_deb.list', 'w') as f: |
4146 | f.write(DISTRO_PROPOSED % ubuntu_rel) |
4147 | elif rel[:4] == "ppa:": |
4148 | - src = rel |
4149 | + src, key = get_source_and_pgp_key(rel) |
4150 | + if key: |
4151 | + import_key(key) |
4152 | + |
4153 | subprocess.check_call(["add-apt-repository", "-y", src]) |
4154 | elif rel[:3] == "deb": |
4155 | - l = len(rel.split('|')) |
4156 | - if l == 2: |
4157 | - src, key = rel.split('|') |
4158 | - juju_log("Importing PPA key from keyserver for %s" % src) |
4159 | + src, key = get_source_and_pgp_key(rel) |
4160 | + if key: |
4161 | import_key(key) |
4162 | - elif l == 1: |
4163 | - src = rel |
4164 | + |
4165 | with open('/etc/apt/sources.list.d/juju_deb.list', 'w') as f: |
4166 | f.write(src) |
4167 | elif rel[:6] == 'cloud:': |
4168 | @@ -374,6 +543,15 @@ |
4169 | 'liberty': 'trusty-updates/liberty', |
4170 | 'liberty/updates': 'trusty-updates/liberty', |
4171 | 'liberty/proposed': 'trusty-proposed/liberty', |
4172 | + 'mitaka': 'trusty-updates/mitaka', |
4173 | + 'mitaka/updates': 'trusty-updates/mitaka', |
4174 | + 'mitaka/proposed': 'trusty-proposed/mitaka', |
4175 | + 'newton': 'xenial-updates/newton', |
4176 | + 'newton/updates': 'xenial-updates/newton', |
4177 | + 'newton/proposed': 'xenial-proposed/newton', |
4178 | + 'ocata': 'xenial-updates/ocata', |
4179 | + 'ocata/updates': 'xenial-updates/ocata', |
4180 | + 'ocata/proposed': 'xenial-proposed/ocata', |
4181 | } |
4182 | |
4183 | try: |
4184 | @@ -441,11 +619,16 @@ |
4185 | cur_vers = get_os_version_package(package) |
4186 | if "swift" in package: |
4187 | codename = get_os_codename_install_source(src) |
4188 | - available_vers = get_os_version_codename(codename, SWIFT_CODENAMES) |
4189 | + avail_vers = get_os_version_codename_swift(codename) |
4190 | else: |
4191 | - available_vers = get_os_version_install_source(src) |
4192 | + avail_vers = get_os_version_install_source(src) |
4193 | apt.init() |
4194 | - return apt.version_compare(available_vers, cur_vers) == 1 |
4195 | + if "swift" in package: |
4196 | + major_cur_vers = cur_vers.split('.', 1)[0] |
4197 | + major_avail_vers = avail_vers.split('.', 1)[0] |
4198 | + major_diff = apt.version_compare(major_avail_vers, major_cur_vers) |
4199 | + return avail_vers > cur_vers and (major_diff == 1 or major_diff == 0) |
4200 | + return apt.version_compare(avail_vers, cur_vers) == 1 |
4201 | |
4202 | |
4203 | def ensure_block_device(block_device): |
4204 | @@ -502,6 +685,7 @@ |
4205 | else: |
4206 | zap_disk(block_device) |
4207 | |
4208 | + |
4209 | is_ip = ip.is_ip |
4210 | ns_query = ip.ns_query |
4211 | get_host_ip = ip.get_host_ip |
4212 | @@ -561,7 +745,86 @@ |
4213 | return config('openstack-origin-git') is not None |
4214 | |
4215 | |
4216 | -requirements_dir = None |
4217 | +def git_os_codename_install_source(projects_yaml): |
4218 | + """ |
4219 | + Returns OpenStack codename of release being installed from source. |
4220 | + """ |
4221 | + if git_install_requested(): |
4222 | + projects = _git_yaml_load(projects_yaml) |
4223 | + |
4224 | + if projects in GIT_DEFAULT_BRANCHES.keys(): |
4225 | + if projects == 'master': |
4226 | + return 'ocata' |
4227 | + return projects |
4228 | + |
4229 | + if 'release' in projects: |
4230 | + if projects['release'] == 'master': |
4231 | + return 'ocata' |
4232 | + return projects['release'] |
4233 | + |
4234 | + return None |
4235 | + |
4236 | + |
4237 | +def git_default_repos(projects_yaml): |
4238 | + """ |
4239 | + Returns default repos if a default openstack-origin-git value is specified. |
4240 | + """ |
4241 | + service = service_name() |
4242 | + core_project = service |
4243 | + |
4244 | + for default, branch in GIT_DEFAULT_BRANCHES.iteritems(): |
4245 | + if projects_yaml == default: |
4246 | + |
4247 | + # add the requirements repo first |
4248 | + repo = { |
4249 | + 'name': 'requirements', |
4250 | + 'repository': GIT_DEFAULT_REPOS['requirements'], |
4251 | + 'branch': branch, |
4252 | + } |
4253 | + repos = [repo] |
4254 | + |
4255 | + # neutron-* and nova-* charms require some additional repos |
4256 | + if service in ['neutron-api', 'neutron-gateway', |
4257 | + 'neutron-openvswitch']: |
4258 | + core_project = 'neutron' |
4259 | + if service == 'neutron-api': |
4260 | + repo = { |
4261 | + 'name': 'networking-hyperv', |
4262 | + 'repository': GIT_DEFAULT_REPOS['networking-hyperv'], |
4263 | + 'branch': branch, |
4264 | + } |
4265 | + repos.append(repo) |
4266 | + for project in ['neutron-fwaas', 'neutron-lbaas', |
4267 | + 'neutron-vpnaas', 'nova']: |
4268 | + repo = { |
4269 | + 'name': project, |
4270 | + 'repository': GIT_DEFAULT_REPOS[project], |
4271 | + 'branch': branch, |
4272 | + } |
4273 | + repos.append(repo) |
4274 | + |
4275 | + elif service in ['nova-cloud-controller', 'nova-compute']: |
4276 | + core_project = 'nova' |
4277 | + repo = { |
4278 | + 'name': 'neutron', |
4279 | + 'repository': GIT_DEFAULT_REPOS['neutron'], |
4280 | + 'branch': branch, |
4281 | + } |
4282 | + repos.append(repo) |
4283 | + elif service == 'openstack-dashboard': |
4284 | + core_project = 'horizon' |
4285 | + |
4286 | + # finally add the current service's core project repo |
4287 | + repo = { |
4288 | + 'name': core_project, |
4289 | + 'repository': GIT_DEFAULT_REPOS[core_project], |
4290 | + 'branch': branch, |
4291 | + } |
4292 | + repos.append(repo) |
4293 | + |
4294 | + return yaml.dump(dict(repositories=repos, release=default)) |
4295 | + |
4296 | + return projects_yaml |
4297 | |
4298 | |
4299 | def _git_yaml_load(projects_yaml): |
4300 | @@ -574,7 +837,10 @@ |
4301 | return yaml.load(projects_yaml) |
4302 | |
4303 | |
4304 | -def git_clone_and_install(projects_yaml, core_project, depth=1): |
4305 | +requirements_dir = None |
4306 | + |
4307 | + |
4308 | +def git_clone_and_install(projects_yaml, core_project): |
4309 | """ |
4310 | Clone/install all specified OpenStack repositories. |
4311 | |
4312 | @@ -621,18 +887,31 @@ |
4313 | pip_install(p, upgrade=True, proxy=http_proxy, |
4314 | venv=os.path.join(parent_dir, 'venv')) |
4315 | |
4316 | + constraints = None |
4317 | for p in projects['repositories']: |
4318 | repo = p['repository'] |
4319 | branch = p['branch'] |
4320 | + depth = '1' |
4321 | + if 'depth' in p.keys(): |
4322 | + depth = p['depth'] |
4323 | if p['name'] == 'requirements': |
4324 | repo_dir = _git_clone_and_install_single(repo, branch, depth, |
4325 | parent_dir, http_proxy, |
4326 | update_requirements=False) |
4327 | requirements_dir = repo_dir |
4328 | + constraints = os.path.join(repo_dir, "upper-constraints.txt") |
4329 | + # upper-constraints didn't exist until after icehouse |
4330 | + if not os.path.isfile(constraints): |
4331 | + constraints = None |
4332 | + # use constraints unless project yaml sets use_constraints to false |
4333 | + if 'use_constraints' in projects.keys(): |
4334 | + if not projects['use_constraints']: |
4335 | + constraints = None |
4336 | else: |
4337 | repo_dir = _git_clone_and_install_single(repo, branch, depth, |
4338 | parent_dir, http_proxy, |
4339 | - update_requirements=True) |
4340 | + update_requirements=True, |
4341 | + constraints=constraints) |
4342 | |
4343 | os.environ = old_environ |
4344 | |
4345 | @@ -654,6 +933,8 @@ |
4346 | if projects['repositories'][-1]['name'] != core_project: |
4347 | error_out('{} git repo must be specified last'.format(core_project)) |
4348 | |
4349 | + _git_ensure_key_exists('release', projects) |
4350 | + |
4351 | |
4352 | def _git_ensure_key_exists(key, keys): |
4353 | """ |
4354 | @@ -664,23 +945,18 @@ |
4355 | |
4356 | |
4357 | def _git_clone_and_install_single(repo, branch, depth, parent_dir, http_proxy, |
4358 | - update_requirements): |
4359 | + update_requirements, constraints=None): |
4360 | """ |
4361 | Clone and install a single git repository. |
4362 | """ |
4363 | - dest_dir = os.path.join(parent_dir, os.path.basename(repo)) |
4364 | - |
4365 | if not os.path.exists(parent_dir): |
4366 | juju_log('Directory already exists at {}. ' |
4367 | 'No need to create directory.'.format(parent_dir)) |
4368 | os.mkdir(parent_dir) |
4369 | |
4370 | - if not os.path.exists(dest_dir): |
4371 | - juju_log('Cloning git repo: {}, branch: {}'.format(repo, branch)) |
4372 | - repo_dir = install_remote(repo, dest=parent_dir, branch=branch, |
4373 | - depth=depth) |
4374 | - else: |
4375 | - repo_dir = dest_dir |
4376 | + juju_log('Cloning git repo: {}, branch: {}'.format(repo, branch)) |
4377 | + repo_dir = install_remote( |
4378 | + repo, dest=parent_dir, branch=branch, depth=depth) |
4379 | |
4380 | venv = os.path.join(parent_dir, 'venv') |
4381 | |
4382 | @@ -692,9 +968,10 @@ |
4383 | |
4384 | juju_log('Installing git repo from dir: {}'.format(repo_dir)) |
4385 | if http_proxy: |
4386 | - pip_install(repo_dir, proxy=http_proxy, venv=venv) |
4387 | + pip_install(repo_dir, proxy=http_proxy, venv=venv, |
4388 | + constraints=constraints) |
4389 | else: |
4390 | - pip_install(repo_dir, venv=venv) |
4391 | + pip_install(repo_dir, venv=venv, constraints=constraints) |
4392 | |
4393 | return repo_dir |
4394 | |
4395 | @@ -763,6 +1040,114 @@ |
4396 | return None |
4397 | |
4398 | |
4399 | +def git_generate_systemd_init_files(templates_dir): |
4400 | + """ |
4401 | + Generate systemd init files. |
4402 | + |
4403 | + Generates and installs systemd init units and script files based on the |
4404 | + *.init.in files contained in the templates_dir directory. |
4405 | + |
4406 | + This code is based on the openstack-pkg-tools package and its init |
4407 | + script generation, which is used by the OpenStack packages. |
4408 | + """ |
4409 | + for f in os.listdir(templates_dir): |
4410 | + # Create the init script and systemd unit file from the template |
4411 | + if f.endswith(".init.in"): |
4412 | + init_in_file = f |
4413 | + init_file = f[:-8] |
4414 | + service_file = "{}.service".format(init_file) |
4415 | + |
4416 | + init_in_source = os.path.join(templates_dir, init_in_file) |
4417 | + init_source = os.path.join(templates_dir, init_file) |
4418 | + service_source = os.path.join(templates_dir, service_file) |
4419 | + |
4420 | + init_dest = os.path.join('/etc/init.d', init_file) |
4421 | + service_dest = os.path.join('/lib/systemd/system', service_file) |
4422 | + |
4423 | + shutil.copyfile(init_in_source, init_source) |
4424 | + with open(init_source, 'a') as outfile: |
4425 | + template = '/usr/share/openstack-pkg-tools/init-script-template' |
4426 | + with open(template) as infile: |
4427 | + outfile.write('\n\n{}'.format(infile.read())) |
4428 | + |
4429 | + cmd = ['pkgos-gen-systemd-unit', init_in_source] |
4430 | + subprocess.check_call(cmd) |
4431 | + |
4432 | + if os.path.exists(init_dest): |
4433 | + os.remove(init_dest) |
4434 | + if os.path.exists(service_dest): |
4435 | + os.remove(service_dest) |
4436 | + shutil.copyfile(init_source, init_dest) |
4437 | + shutil.copyfile(service_source, service_dest) |
4438 | + os.chmod(init_dest, 0o755) |
4439 | + |
4440 | + for f in os.listdir(templates_dir): |
4441 | + # If there's a service.in file, use it instead of the generated one |
4442 | + if f.endswith(".service.in"): |
4443 | + service_in_file = f |
4444 | + service_file = f[:-3] |
4445 | + |
4446 | + service_in_source = os.path.join(templates_dir, service_in_file) |
4447 | + service_source = os.path.join(templates_dir, service_file) |
4448 | + service_dest = os.path.join('/lib/systemd/system', service_file) |
4449 | + |
4450 | + shutil.copyfile(service_in_source, service_source) |
4451 | + |
4452 | + if os.path.exists(service_dest): |
4453 | + os.remove(service_dest) |
4454 | + shutil.copyfile(service_source, service_dest) |
4455 | + |
4456 | + for f in os.listdir(templates_dir): |
4457 | + # Generate the systemd unit if there's no existing .service.in |
4458 | + if f.endswith(".init.in"): |
4459 | + init_in_file = f |
4460 | + init_file = f[:-8] |
4461 | + service_in_file = "{}.service.in".format(init_file) |
4462 | + service_file = "{}.service".format(init_file) |
4463 | + |
4464 | + init_in_source = os.path.join(templates_dir, init_in_file) |
4465 | + service_in_source = os.path.join(templates_dir, service_in_file) |
4466 | + service_source = os.path.join(templates_dir, service_file) |
4467 | + service_dest = os.path.join('/lib/systemd/system', service_file) |
4468 | + |
4469 | + if not os.path.exists(service_in_source): |
4470 | + cmd = ['pkgos-gen-systemd-unit', init_in_source] |
4471 | + subprocess.check_call(cmd) |
4472 | + |
4473 | + if os.path.exists(service_dest): |
4474 | + os.remove(service_dest) |
4475 | + shutil.copyfile(service_source, service_dest) |
4476 | + |
4477 | + |
4478 | +def git_determine_usr_bin(): |
4479 | + """Return the /usr/bin path for Apache2 config. |
4480 | + |
4481 | + The /usr/bin path will be located in the virtualenv if the charm |
4482 | + is configured to deploy from source. |
4483 | + """ |
4484 | + if git_install_requested(): |
4485 | + projects_yaml = config('openstack-origin-git') |
4486 | + projects_yaml = git_default_repos(projects_yaml) |
4487 | + return os.path.join(git_pip_venv_dir(projects_yaml), 'bin') |
4488 | + else: |
4489 | + return '/usr/bin' |
4490 | + |
4491 | + |
4492 | +def git_determine_python_path(): |
4493 | + """Return the python-path for Apache2 config. |
4494 | + |
4495 | + Returns 'None' unless the charm is configured to deploy from source, |
4496 | + in which case the path of the virtualenv's site-packages is returned. |
4497 | + """ |
4498 | + if git_install_requested(): |
4499 | + projects_yaml = config('openstack-origin-git') |
4500 | + projects_yaml = git_default_repos(projects_yaml) |
4501 | + return os.path.join(git_pip_venv_dir(projects_yaml), |
4502 | + 'lib/python2.7/site-packages') |
4503 | + else: |
4504 | + return None |
4505 | + |
4506 | + |
4507 | def os_workload_status(configs, required_interfaces, charm_func=None): |
4508 | """ |
4509 | Decorator to set workload status based on complete contexts |
4510 | @@ -779,56 +1164,155 @@ |
4511 | return wrap |
4512 | |
4513 | |
4514 | -def set_os_workload_status(configs, required_interfaces, charm_func=None): |
4515 | - """ |
4516 | - Set workload status based on complete contexts. |
4517 | - status-set missing or incomplete contexts |
4518 | - and juju-log details of missing required data. |
4519 | - charm_func is a charm specific function to run checking |
4520 | - for charm specific requirements such as a VIP setting. |
4521 | - """ |
4522 | - incomplete_rel_data = incomplete_relation_data(configs, required_interfaces) |
4523 | - state = 'active' |
4524 | - missing_relations = [] |
4525 | - incomplete_relations = [] |
4526 | +def set_os_workload_status(configs, required_interfaces, charm_func=None, |
4527 | + services=None, ports=None): |
4528 | + """Set the state of the workload status for the charm. |
4529 | + |
4530 | + This calls _determine_os_workload_status() to get the new state, message |
4531 | + and sets the status using status_set() |
4532 | + |
4533 | + @param configs: a templating.OSConfigRenderer() object |
4534 | + @param required_interfaces: {generic: [specific, specific2, ...]} |
4535 | + @param charm_func: a callable function that returns state, message. The |
4536 | + signature is charm_func(configs) -> (state, message) |
4537 | + @param services: list of strings OR dictionary specifying services/ports |
4538 | + @param ports: OPTIONAL list of port numbers. |
4539 | + @returns state, message: the new workload status, user message |
4540 | + """ |
4541 | + state, message = _determine_os_workload_status( |
4542 | + configs, required_interfaces, charm_func, services, ports) |
4543 | + status_set(state, message) |
4544 | + |
4545 | + |
4546 | +def _determine_os_workload_status( |
4547 | + configs, required_interfaces, charm_func=None, |
4548 | + services=None, ports=None): |
4549 | + """Determine the state of the workload status for the charm. |
4550 | + |
4551 | + This function returns the new workload status for the charm based |
4552 | + on the state of the interfaces, the paused state and whether the |
4553 | + services are actually running and any specified ports are open. |
4554 | + |
4555 | + This checks: |
4556 | + |
4557 | + 1. if the unit should be paused, that it is actually paused. If so the |
4558 | + state is 'maintenance' + message, else 'broken'. |
4559 | + 2. that the interfaces/relations are complete. If they are not then |
4560 | + it sets the state to either 'broken' or 'waiting' and an appropriate |
4561 | + message. |
4562 | + 3. If all the relation data is set, then it checks that the actual |
4563 | + services really are running. If not it sets the state to 'broken'. |
4564 | + |
4565 | + If everything is okay then the state returns 'active'. |
4566 | + |
4567 | + @param configs: a templating.OSConfigRenderer() object |
4568 | + @param required_interfaces: {generic: [specific, specific2, ...]} |
4569 | + @param charm_func: a callable function that returns state, message. The |
4570 | + signature is charm_func(configs) -> (state, message) |
4571 | + @param services: list of strings OR dictionary specifying services/ports |
4572 | + @param ports: OPTIONAL list of port numbers. |
4573 | + @returns state, message: the new workload status, user message |
4574 | + """ |
4575 | + state, message = _ows_check_if_paused(services, ports) |
4576 | + |
4577 | + if state is None: |
4578 | + state, message = _ows_check_generic_interfaces( |
4579 | + configs, required_interfaces) |
4580 | + |
4581 | + if state != 'maintenance' and charm_func: |
4582 | + # _ows_check_charm_func() may modify the state, message |
4583 | + state, message = _ows_check_charm_func( |
4584 | + state, message, lambda: charm_func(configs)) |
4585 | + |
4586 | + if state is None: |
4587 | + state, message = _ows_check_services_running(services, ports) |
4588 | + |
4589 | + if state is None: |
4590 | + state = 'active' |
4591 | + message = "Unit is ready" |
4592 | + juju_log(message, 'INFO') |
4593 | + |
4594 | + return state, message |
4595 | + |
4596 | + |
4597 | +def _ows_check_if_paused(services=None, ports=None): |
4598 | + """Check if the unit is supposed to be paused, and if so check that the |
4599 | + services/ports (if passed) are actually stopped/not being listened to. |
4600 | + |
4601 | + if the unit isn't supposed to be paused, just return None, None |
4602 | + |
4603 | + @param services: OPTIONAL services spec or list of service names. |
4604 | + @param ports: OPTIONAL list of port numbers. |
4605 | + @returns state, message or None, None |
4606 | + """ |
4607 | + if is_unit_paused_set(): |
4608 | + state, message = check_actually_paused(services=services, |
4609 | + ports=ports) |
4610 | + if state is None: |
4611 | + # we're paused okay, so set maintenance and return |
4612 | + state = "maintenance" |
4613 | + message = "Paused. Use 'resume' action to resume normal service." |
4614 | + return state, message |
4615 | + return None, None |
4616 | + |
4617 | + |
4618 | +def _ows_check_generic_interfaces(configs, required_interfaces): |
4619 | + """Check the complete contexts to determine the workload status. |
4620 | + |
4621 | + - Checks for missing or incomplete contexts |
4622 | + - juju log details of missing required data. |
4623 | + - determines the correct workload status |
4624 | + - creates an appropriate message for status_set(...) |
4625 | + |
4626 | + if there are no problems then the function returns None, None |
4627 | + |
4628 | + @param configs: a templating.OSConfigRenderer() object |
4629 | + @params required_interfaces: {generic_interface: [specific_interface], } |
4630 | + @returns state, message or None, None |
4631 | + """ |
4632 | + incomplete_rel_data = incomplete_relation_data(configs, |
4633 | + required_interfaces) |
4634 | + state = None |
4635 | message = None |
4636 | - charm_state = None |
4637 | - charm_message = None |
4638 | + missing_relations = set() |
4639 | + incomplete_relations = set() |
4640 | |
4641 | - for generic_interface in incomplete_rel_data.keys(): |
4642 | + for generic_interface, relations_states in incomplete_rel_data.items(): |
4643 | related_interface = None |
4644 | missing_data = {} |
4645 | # Related or not? |
4646 | - for interface in incomplete_rel_data[generic_interface]: |
4647 | - if incomplete_rel_data[generic_interface][interface].get('related'): |
4648 | + for interface, relation_state in relations_states.items(): |
4649 | + if relation_state.get('related'): |
4650 | related_interface = interface |
4651 | - missing_data = incomplete_rel_data[generic_interface][interface].get('missing_data') |
4652 | - # No relation ID for the generic_interface |
4653 | + missing_data = relation_state.get('missing_data') |
4654 | + break |
4655 | + # No relation ID for the generic_interface? |
4656 | if not related_interface: |
4657 | juju_log("{} relation is missing and must be related for " |
4658 | "functionality. ".format(generic_interface), 'WARN') |
4659 | state = 'blocked' |
4660 | - if generic_interface not in missing_relations: |
4661 | - missing_relations.append(generic_interface) |
4662 | + missing_relations.add(generic_interface) |
4663 | else: |
4664 | - # Relation ID exists but no related unit |
4665 | + # Relation ID eists but no related unit |
4666 | if not missing_data: |
4667 | - # Edge case relation ID exists but departing |
4668 | - if ('departed' in hook_name() or 'broken' in hook_name()) \ |
4669 | - and related_interface in hook_name(): |
4670 | + # Edge case - relation ID exists but departings |
4671 | + _hook_name = hook_name() |
4672 | + if (('departed' in _hook_name or 'broken' in _hook_name) and |
4673 | + related_interface in _hook_name): |
4674 | state = 'blocked' |
4675 | - if generic_interface not in missing_relations: |
4676 | - missing_relations.append(generic_interface) |
4677 | + missing_relations.add(generic_interface) |
4678 | juju_log("{} relation's interface, {}, " |
4679 | "relationship is departed or broken " |
4680 | "and is required for functionality." |
4681 | - "".format(generic_interface, related_interface), "WARN") |
4682 | + "".format(generic_interface, related_interface), |
4683 | + "WARN") |
4684 | # Normal case relation ID exists but no related unit |
4685 | # (joining) |
4686 | else: |
4687 | - juju_log("{} relations's interface, {}, is related but has " |
4688 | - "no units in the relation." |
4689 | - "".format(generic_interface, related_interface), "INFO") |
4690 | + juju_log("{} relations's interface, {}, is related but has" |
4691 | + " no units in the relation." |
4692 | + "".format(generic_interface, related_interface), |
4693 | + "INFO") |
4694 | # Related unit exists and data missing on the relation |
4695 | else: |
4696 | juju_log("{} relation's interface, {}, is related awaiting " |
4697 | @@ -837,9 +1321,8 @@ |
4698 | ", ".join(missing_data)), "INFO") |
4699 | if state != 'blocked': |
4700 | state = 'waiting' |
4701 | - if generic_interface not in incomplete_relations \ |
4702 | - and generic_interface not in missing_relations: |
4703 | - incomplete_relations.append(generic_interface) |
4704 | + if generic_interface not in missing_relations: |
4705 | + incomplete_relations.add(generic_interface) |
4706 | |
4707 | if missing_relations: |
4708 | message = "Missing relations: {}".format(", ".join(missing_relations)) |
4709 | @@ -852,22 +1335,175 @@ |
4710 | "".format(", ".join(incomplete_relations)) |
4711 | state = 'waiting' |
4712 | |
4713 | - # Run charm specific checks |
4714 | - if charm_func: |
4715 | - charm_state, charm_message = charm_func(configs) |
4716 | + return state, message |
4717 | + |
4718 | + |
4719 | +def _ows_check_charm_func(state, message, charm_func_with_configs): |
4720 | + """Run a custom check function for the charm to see if it wants to |
4721 | + change the state. This is only run if not in 'maintenance' and |
4722 | + tests to see if the new state is more important that the previous |
4723 | + one determined by the interfaces/relations check. |
4724 | + |
4725 | + @param state: the previously determined state so far. |
4726 | + @param message: the user orientated message so far. |
4727 | + @param charm_func: a callable function that returns state, message |
4728 | + @returns state, message strings. |
4729 | + """ |
4730 | + if charm_func_with_configs: |
4731 | + charm_state, charm_message = charm_func_with_configs() |
4732 | if charm_state != 'active' and charm_state != 'unknown': |
4733 | state = workload_state_compare(state, charm_state) |
4734 | if message: |
4735 | - message = "{} {}".format(message, charm_message) |
4736 | + charm_message = charm_message.replace("Incomplete relations: ", |
4737 | + "") |
4738 | + message = "{}, {}".format(message, charm_message) |
4739 | else: |
4740 | message = charm_message |
4741 | - |
4742 | - # Set to active if all requirements have been met |
4743 | - if state == 'active': |
4744 | - message = "Unit is ready" |
4745 | - juju_log(message, "INFO") |
4746 | - |
4747 | - status_set(state, message) |
4748 | + return state, message |
4749 | + |
4750 | + |
4751 | +def _ows_check_services_running(services, ports): |
4752 | + """Check that the services that should be running are actually running |
4753 | + and that any ports specified are being listened to. |
4754 | + |
4755 | + @param services: list of strings OR dictionary specifying services/ports |
4756 | + @param ports: list of ports |
4757 | + @returns state, message: strings or None, None |
4758 | + """ |
4759 | + messages = [] |
4760 | + state = None |
4761 | + if services is not None: |
4762 | + services = _extract_services_list_helper(services) |
4763 | + services_running, running = _check_running_services(services) |
4764 | + if not all(running): |
4765 | + messages.append( |
4766 | + "Services not running that should be: {}" |
4767 | + .format(", ".join(_filter_tuples(services_running, False)))) |
4768 | + state = 'blocked' |
4769 | + # also verify that the ports that should be open are open |
4770 | + # NB, that ServiceManager objects only OPTIONALLY have ports |
4771 | + map_not_open, ports_open = ( |
4772 | + _check_listening_on_services_ports(services)) |
4773 | + if not all(ports_open): |
4774 | + # find which service has missing ports. They are in service |
4775 | + # order which makes it a bit easier. |
4776 | + message_parts = {service: ", ".join([str(v) for v in open_ports]) |
4777 | + for service, open_ports in map_not_open.items()} |
4778 | + message = ", ".join( |
4779 | + ["{}: [{}]".format(s, sp) for s, sp in message_parts.items()]) |
4780 | + messages.append( |
4781 | + "Services with ports not open that should be: {}" |
4782 | + .format(message)) |
4783 | + state = 'blocked' |
4784 | + |
4785 | + if ports is not None: |
4786 | + # and we can also check ports which we don't know the service for |
4787 | + ports_open, ports_open_bools = _check_listening_on_ports_list(ports) |
4788 | + if not all(ports_open_bools): |
4789 | + messages.append( |
4790 | + "Ports which should be open, but are not: {}" |
4791 | + .format(", ".join([str(p) for p, v in ports_open |
4792 | + if not v]))) |
4793 | + state = 'blocked' |
4794 | + |
4795 | + if state is not None: |
4796 | + message = "; ".join(messages) |
4797 | + return state, message |
4798 | + |
4799 | + return None, None |
4800 | + |
4801 | + |
4802 | +def _extract_services_list_helper(services): |
4803 | + """Extract a OrderedDict of {service: [ports]} of the supplied services |
4804 | + for use by the other functions. |
4805 | + |
4806 | + The services object can either be: |
4807 | + - None : no services were passed (an empty dict is returned) |
4808 | + - a list of strings |
4809 | + - A dictionary (optionally OrderedDict) {service_name: {'service': ..}} |
4810 | + - An array of [{'service': service_name, ...}, ...] |
4811 | + |
4812 | + @param services: see above |
4813 | + @returns OrderedDict(service: [ports], ...) |
4814 | + """ |
4815 | + if services is None: |
4816 | + return {} |
4817 | + if isinstance(services, dict): |
4818 | + services = services.values() |
4819 | + # either extract the list of services from the dictionary, or if |
4820 | + # it is a simple string, use that. i.e. works with mixed lists. |
4821 | + _s = OrderedDict() |
4822 | + for s in services: |
4823 | + if isinstance(s, dict) and 'service' in s: |
4824 | + _s[s['service']] = s.get('ports', []) |
4825 | + if isinstance(s, str): |
4826 | + _s[s] = [] |
4827 | + return _s |
4828 | + |
4829 | + |
4830 | +def _check_running_services(services): |
4831 | + """Check that the services dict provided is actually running and provide |
4832 | + a list of (service, boolean) tuples for each service. |
4833 | + |
4834 | + Returns both a zipped list of (service, boolean) and a list of booleans |
4835 | + in the same order as the services. |
4836 | + |
4837 | + @param services: OrderedDict of strings: [ports], one for each service to |
4838 | + check. |
4839 | + @returns [(service, boolean), ...], : results for checks |
4840 | + [boolean] : just the result of the service checks |
4841 | + """ |
4842 | + services_running = [service_running(s) for s in services] |
4843 | + return list(zip(services, services_running)), services_running |
4844 | + |
4845 | + |
4846 | +def _check_listening_on_services_ports(services, test=False): |
4847 | + """Check that the unit is actually listening (has the port open) on the |
4848 | + ports that the service specifies are open. If test is True then the |
4849 | + function returns the services with ports that are open rather than |
4850 | + closed. |
4851 | + |
4852 | + Returns an OrderedDict of service: ports and a list of booleans |
4853 | + |
4854 | + @param services: OrderedDict(service: [port, ...], ...) |
4855 | + @param test: default=False, if False, test for closed, otherwise open. |
4856 | + @returns OrderedDict(service: [port-not-open, ...]...), [boolean] |
4857 | + """ |
4858 | + test = not(not(test)) # ensure test is True or False |
4859 | + all_ports = list(itertools.chain(*services.values())) |
4860 | + ports_states = [port_has_listener('0.0.0.0', p) for p in all_ports] |
4861 | + map_ports = OrderedDict() |
4862 | + matched_ports = [p for p, opened in zip(all_ports, ports_states) |
4863 | + if opened == test] # essentially opened xor test |
4864 | + for service, ports in services.items(): |
4865 | + set_ports = set(ports).intersection(matched_ports) |
4866 | + if set_ports: |
4867 | + map_ports[service] = set_ports |
4868 | + return map_ports, ports_states |
4869 | + |
4870 | + |
4871 | +def _check_listening_on_ports_list(ports): |
4872 | + """Check that the ports list given are being listened to |
4873 | + |
4874 | + Returns a list of ports being listened to and a list of the |
4875 | + booleans. |
4876 | + |
4877 | + @param ports: LIST or port numbers. |
4878 | + @returns [(port_num, boolean), ...], [boolean] |
4879 | + """ |
4880 | + ports_open = [port_has_listener('0.0.0.0', p) for p in ports] |
4881 | + return zip(ports, ports_open), ports_open |
4882 | + |
4883 | + |
4884 | +def _filter_tuples(services_states, state): |
4885 | + """Return a simple list from a list of tuples according to the condition |
4886 | + |
4887 | + @param services_states: LIST of (string, boolean): service and running |
4888 | + state. |
4889 | + @param state: Boolean to match the tuple against. |
4890 | + @returns [LIST of strings] that matched the tuple RHS. |
4891 | + """ |
4892 | + return [s for s, b in services_states if b == state] |
4893 | |
4894 | |
4895 | def workload_state_compare(current_workload_state, workload_state): |
4896 | @@ -892,8 +1528,7 @@ |
4897 | |
4898 | |
4899 | def incomplete_relation_data(configs, required_interfaces): |
4900 | - """ |
4901 | - Check complete contexts against required_interfaces |
4902 | + """Check complete contexts against required_interfaces |
4903 | Return dictionary of incomplete relation data. |
4904 | |
4905 | configs is an OSConfigRenderer object with configs registered |
4906 | @@ -918,19 +1553,13 @@ |
4907 | 'shared-db': {'related': True}}} |
4908 | """ |
4909 | complete_ctxts = configs.complete_contexts() |
4910 | - incomplete_relations = [] |
4911 | - for svc_type in required_interfaces.keys(): |
4912 | - # Avoid duplicates |
4913 | - found_ctxt = False |
4914 | - for interface in required_interfaces[svc_type]: |
4915 | - if interface in complete_ctxts: |
4916 | - found_ctxt = True |
4917 | - if not found_ctxt: |
4918 | - incomplete_relations.append(svc_type) |
4919 | - incomplete_context_data = {} |
4920 | - for i in incomplete_relations: |
4921 | - incomplete_context_data[i] = configs.get_incomplete_context_data(required_interfaces[i]) |
4922 | - return incomplete_context_data |
4923 | + incomplete_relations = [ |
4924 | + svc_type |
4925 | + for svc_type, interfaces in required_interfaces.items() |
4926 | + if not set(interfaces).intersection(complete_ctxts)] |
4927 | + return { |
4928 | + i: configs.get_incomplete_context_data(required_interfaces[i]) |
4929 | + for i in incomplete_relations} |
4930 | |
4931 | |
4932 | def do_action_openstack_upgrade(package, upgrade_callback, configs): |
4933 | @@ -975,3 +1604,386 @@ |
4934 | action_set({'outcome': 'no upgrade available.'}) |
4935 | |
4936 | return ret |
4937 | + |
4938 | + |
4939 | +def remote_restart(rel_name, remote_service=None): |
4940 | + trigger = { |
4941 | + 'restart-trigger': str(uuid.uuid4()), |
4942 | + } |
4943 | + if remote_service: |
4944 | + trigger['remote-service'] = remote_service |
4945 | + for rid in relation_ids(rel_name): |
4946 | + # This subordinate can be related to two seperate services using |
4947 | + # different subordinate relations so only issue the restart if |
4948 | + # the principle is conencted down the relation we think it is |
4949 | + if related_units(relid=rid): |
4950 | + relation_set(relation_id=rid, |
4951 | + relation_settings=trigger, |
4952 | + ) |
4953 | + |
4954 | + |
4955 | +def check_actually_paused(services=None, ports=None): |
4956 | + """Check that services listed in the services object and and ports |
4957 | + are actually closed (not listened to), to verify that the unit is |
4958 | + properly paused. |
4959 | + |
4960 | + @param services: See _extract_services_list_helper |
4961 | + @returns status, : string for status (None if okay) |
4962 | + message : string for problem for status_set |
4963 | + """ |
4964 | + state = None |
4965 | + message = None |
4966 | + messages = [] |
4967 | + if services is not None: |
4968 | + services = _extract_services_list_helper(services) |
4969 | + services_running, services_states = _check_running_services(services) |
4970 | + if any(services_states): |
4971 | + # there shouldn't be any running so this is a problem |
4972 | + messages.append("these services running: {}" |
4973 | + .format(", ".join( |
4974 | + _filter_tuples(services_running, True)))) |
4975 | + state = "blocked" |
4976 | + ports_open, ports_open_bools = ( |
4977 | + _check_listening_on_services_ports(services, True)) |
4978 | + if any(ports_open_bools): |
4979 | + message_parts = {service: ", ".join([str(v) for v in open_ports]) |
4980 | + for service, open_ports in ports_open.items()} |
4981 | + message = ", ".join( |
4982 | + ["{}: [{}]".format(s, sp) for s, sp in message_parts.items()]) |
4983 | + messages.append( |
4984 | + "these service:ports are open: {}".format(message)) |
4985 | + state = 'blocked' |
4986 | + if ports is not None: |
4987 | + ports_open, bools = _check_listening_on_ports_list(ports) |
4988 | + if any(bools): |
4989 | + messages.append( |
4990 | + "these ports which should be closed, but are open: {}" |
4991 | + .format(", ".join([str(p) for p, v in ports_open if v]))) |
4992 | + state = 'blocked' |
4993 | + if messages: |
4994 | + message = ("Services should be paused but {}" |
4995 | + .format(", ".join(messages))) |
4996 | + return state, message |
4997 | + |
4998 | + |
4999 | +def set_unit_paused(): |
5000 | + """Set the unit to a paused state in the local kv() store. |
The diff has been truncated for viewing.