Merge lp:~gandelman-a/charms/precise/nova-compute/https_endpoint into lp:~openstack-charmers/charms/precise/nova-compute/ha-support
- Precise Pangolin (12.04)
- https_endpoint
- Merge into ha-support
Proposed by
Adam Gandelman
Status: | Merged |
---|---|
Merged at revision: | 48 |
Proposed branch: | lp:~gandelman-a/charms/precise/nova-compute/https_endpoint |
Merge into: | lp:~openstack-charmers/charms/precise/nova-compute/ha-support |
Diff against target: |
383 lines (+231/-20) 4 files modified
hooks/lib/openstack-common (+219/-18) hooks/nova-compute-common (+1/-1) hooks/nova-compute-relations (+10/-0) revision (+1/-1) |
To merge this branch: | bzr merge lp:~gandelman-a/charms/precise/nova-compute/https_endpoint |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
James Page | Approve | ||
Review via email: mp+150381@code.launchpad.net |
Commit message
Description of the change
Required nova-compute changes for HTTPS support.
To post a comment you must log in.
- 52. By Adam Gandelman
-
Rebase against current ha-support branch.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | === modified file 'hooks/lib/openstack-common' | |||
2 | --- hooks/lib/openstack-common 2013-03-08 21:13:57 +0000 | |||
3 | +++ hooks/lib/openstack-common 2013-03-08 21:37:22 +0000 | |||
4 | @@ -321,7 +321,6 @@ | |||
5 | 321 | 321 | ||
6 | 322 | HAPROXY_CFG=/etc/haproxy/haproxy.cfg | 322 | HAPROXY_CFG=/etc/haproxy/haproxy.cfg |
7 | 323 | HAPROXY_DEFAULT=/etc/default/haproxy | 323 | HAPROXY_DEFAULT=/etc/default/haproxy |
8 | 324 | |||
9 | 325 | ########################################################################## | 324 | ########################################################################## |
10 | 326 | # Description: Configures HAProxy services for Openstack API's | 325 | # Description: Configures HAProxy services for Openstack API's |
11 | 327 | # Parameters: | 326 | # Parameters: |
12 | @@ -330,9 +329,8 @@ | |||
13 | 330 | # assumes the name of the peer relation is 'cluster' and that every | 329 | # assumes the name of the peer relation is 'cluster' and that every |
14 | 331 | # service unit in the peer relation is running the same services. | 330 | # service unit in the peer relation is running the same services. |
15 | 332 | # | 331 | # |
19 | 333 | # The HAProxy service will listen on port + 10000. | 332 | # Example |
20 | 334 | # Example: | 333 | # configure_haproxy cinder_api:8776:8756i nova_api:8774:8764 |
18 | 335 | # configure_haproxy cinder_api:12345 nova_api:9999 | ||
21 | 336 | ########################################################################## | 334 | ########################################################################## |
22 | 337 | configure_haproxy() { | 335 | configure_haproxy() { |
23 | 338 | local address=`unit-get private-address` | 336 | local address=`unit-get private-address` |
24 | @@ -368,14 +366,18 @@ | |||
25 | 368 | EOF | 366 | EOF |
26 | 369 | for service in $@; do | 367 | for service in $@; do |
27 | 370 | local service_name=$(echo $service | cut -d : -f 1) | 368 | local service_name=$(echo $service | cut -d : -f 1) |
30 | 371 | local api_listen_port=$(echo $service | cut -d : -f 2) | 369 | local haproxy_listen_port=$(echo $service | cut -d : -f 2) |
31 | 372 | local haproxy_listen_port=$(($api_listen_port + 10000)) | 370 | local api_listen_port=$(echo $service | cut -d : -f 3) |
32 | 371 | juju-log "Adding haproxy configuration entry for $service "\ | ||
33 | 372 | "($haproxy_listen_port -> $api_listen_port)" | ||
34 | 373 | cat >> $HAPROXY_CFG << EOF | 373 | cat >> $HAPROXY_CFG << EOF |
35 | 374 | listen $service_name 0.0.0.0:$haproxy_listen_port | 374 | listen $service_name 0.0.0.0:$haproxy_listen_port |
36 | 375 | balance roundrobin | 375 | balance roundrobin |
37 | 376 | option tcplog | 376 | option tcplog |
38 | 377 | server $name $address:$api_listen_port check | 377 | server $name $address:$api_listen_port check |
39 | 378 | EOF | 378 | EOF |
40 | 379 | local r_id="" | ||
41 | 380 | local unit="" | ||
42 | 379 | for r_id in `relation-ids cluster`; do | 381 | for r_id in `relation-ids cluster`; do |
43 | 380 | for unit in `relation-list -r $r_id`; do | 382 | for unit in `relation-list -r $r_id`; do |
44 | 381 | local unit_name=${unit////-} | 383 | local unit_name=${unit////-} |
45 | @@ -388,6 +390,7 @@ | |||
46 | 388 | done | 390 | done |
47 | 389 | done | 391 | done |
48 | 390 | echo "ENABLED=1" > $HAPROXY_DEFAULT | 392 | echo "ENABLED=1" > $HAPROXY_DEFAULT |
49 | 393 | service haproxy restart | ||
50 | 391 | } | 394 | } |
51 | 392 | 395 | ||
52 | 393 | ########################################################################## | 396 | ########################################################################## |
53 | @@ -395,18 +398,20 @@ | |||
54 | 395 | # Returns: 0 if configured, 1 if not configured | 398 | # Returns: 0 if configured, 1 if not configured |
55 | 396 | ########################################################################## | 399 | ########################################################################## |
56 | 397 | is_clustered() { | 400 | is_clustered() { |
57 | 401 | local r_id="" | ||
58 | 402 | local unit="" | ||
59 | 398 | for r_id in $(relation-ids ha); do | 403 | for r_id in $(relation-ids ha); do |
60 | 399 | if [ -n "$r_id" ]; then | 404 | if [ -n "$r_id" ]; then |
61 | 400 | for unit in $(relation-list -r $r_id); do | 405 | for unit in $(relation-list -r $r_id); do |
62 | 401 | clustered=$(relation-get -r $r_id clustered $unit) | 406 | clustered=$(relation-get -r $r_id clustered $unit) |
63 | 402 | if [ -n "$clustered" ]; then | 407 | if [ -n "$clustered" ]; then |
65 | 403 | echo "Unit is clustered" | 408 | juju-log "Unit is haclustered" |
66 | 404 | return 0 | 409 | return 0 |
67 | 405 | fi | 410 | fi |
68 | 406 | done | 411 | done |
69 | 407 | fi | 412 | fi |
70 | 408 | done | 413 | done |
72 | 409 | echo "Unit is not clustered" | 414 | juju-log "Unit is not haclustered" |
73 | 410 | return 1 | 415 | return 1 |
74 | 411 | } | 416 | } |
75 | 412 | 417 | ||
76 | @@ -415,6 +420,7 @@ | |||
77 | 415 | ########################################################################## | 420 | ########################################################################## |
78 | 416 | peer_units() { | 421 | peer_units() { |
79 | 417 | local peers="" | 422 | local peers="" |
80 | 423 | local r_id="" | ||
81 | 418 | for r_id in $(relation-ids cluster); do | 424 | for r_id in $(relation-ids cluster); do |
82 | 419 | peers="$peers $(relation-list -r $r_id)" | 425 | peers="$peers $(relation-list -r $r_id)" |
83 | 420 | done | 426 | done |
84 | @@ -433,11 +439,11 @@ | |||
85 | 433 | echo "Comparing $JUJU_UNIT_NAME with peers: $peers" | 439 | echo "Comparing $JUJU_UNIT_NAME with peers: $peers" |
86 | 434 | local r_unit_no=$(echo $peer | cut -d / -f 2) | 440 | local r_unit_no=$(echo $peer | cut -d / -f 2) |
87 | 435 | if (($r_unit_no<$l_unit_no)); then | 441 | if (($r_unit_no<$l_unit_no)); then |
89 | 436 | echo "Not oldest peer; deferring" | 442 | juju-log "Not oldest peer; deferring" |
90 | 437 | return 1 | 443 | return 1 |
91 | 438 | fi | 444 | fi |
92 | 439 | done | 445 | done |
94 | 440 | echo "Oldest peer; might take charge?" | 446 | juju-log "Oldest peer; might take charge?" |
95 | 441 | return 0 | 447 | return 0 |
96 | 442 | } | 448 | } |
97 | 443 | 449 | ||
98 | @@ -451,13 +457,13 @@ | |||
99 | 451 | eligible_leader() { | 457 | eligible_leader() { |
100 | 452 | if is_clustered; then | 458 | if is_clustered; then |
101 | 453 | if ! is_leader $1; then | 459 | if ! is_leader $1; then |
103 | 454 | echo 'Deferring action to CRM leader' | 460 | juju-log 'Deferring action to CRM leader' |
104 | 455 | return 1 | 461 | return 1 |
105 | 456 | fi | 462 | fi |
106 | 457 | else | 463 | else |
107 | 458 | peers=$(peer_units) | 464 | peers=$(peer_units) |
108 | 459 | if [ -n "$peers" ] && ! oldest_peer "$peers"; then | 465 | if [ -n "$peers" ] && ! oldest_peer "$peers"; then |
110 | 460 | echo 'Deferring action to oldest service unit.' | 466 | juju-log 'Deferring action to oldest service unit.' |
111 | 461 | return 1 | 467 | return 1 |
112 | 462 | fi | 468 | fi |
113 | 463 | fi | 469 | fi |
114 | @@ -469,14 +475,14 @@ | |||
115 | 469 | # Returns: 0 if peered, 1 if not peered | 475 | # Returns: 0 if peered, 1 if not peered |
116 | 470 | ########################################################################## | 476 | ########################################################################## |
117 | 471 | is_peered() { | 477 | is_peered() { |
119 | 472 | r_id=$(relation-ids cluster) | 478 | local r_id=$(relation-ids cluster) |
120 | 473 | if [ -n "$r_id" ]; then | 479 | if [ -n "$r_id" ]; then |
121 | 474 | if [ -n "$(relation-list -r $r_id)" ]; then | 480 | if [ -n "$(relation-list -r $r_id)" ]; then |
123 | 475 | echo "Unit peered" | 481 | juju-log "Unit peered" |
124 | 476 | return 0 | 482 | return 0 |
125 | 477 | fi | 483 | fi |
126 | 478 | fi | 484 | fi |
128 | 479 | echo "Unit not peered" | 485 | juju-log "Unit not peered" |
129 | 480 | return 1 | 486 | return 1 |
130 | 481 | } | 487 | } |
131 | 482 | 488 | ||
132 | @@ -489,12 +495,207 @@ | |||
133 | 489 | hostname=`hostname` | 495 | hostname=`hostname` |
134 | 490 | if [ -x /usr/sbin/crm ]; then | 496 | if [ -x /usr/sbin/crm ]; then |
135 | 491 | if crm resource show $1 | grep -q $hostname; then | 497 | if crm resource show $1 | grep -q $hostname; then |
137 | 492 | echo "$hostname is cluster leader" | 498 | juju-log "$hostname is cluster leader." |
138 | 493 | return 0 | 499 | return 0 |
139 | 494 | fi | 500 | fi |
140 | 495 | fi | 501 | fi |
143 | 496 | echo "$hostname is not cluster leader" | 502 | juju-log "$hostname is not cluster leader." |
144 | 497 | return 1 | 503 | return 1 |
145 | 504 | } | ||
146 | 505 | |||
147 | 506 | ########################################################################## | ||
148 | 507 | # Description: Determines whether enough data has been provided in | ||
149 | 508 | # configuration or relation data to configure HTTPS. | ||
150 | 509 | # Parameters: None | ||
151 | 510 | # Returns: 0 if HTTPS can be configured, 1 if not. | ||
152 | 511 | ########################################################################## | ||
153 | 512 | https() { | ||
154 | 513 | local r_id="" | ||
155 | 514 | if [[ -n "$(config-get ssl_cert)" ]] && | ||
156 | 515 | [[ -n "$(config-get ssl_key)" ]] ; then | ||
157 | 516 | return 0 | ||
158 | 517 | fi | ||
159 | 518 | for r_id in $(relation-ids identity-service) ; do | ||
160 | 519 | for unit in $(relation-list -r $r_id) ; do | ||
161 | 520 | if [[ "$(relation-get -r $r_id https_keystone $unit)" == "True" ]] && | ||
162 | 521 | [[ -n "$(relation-get -r $r_id ssl_cert $unit)" ]] && | ||
163 | 522 | [[ -n "$(relation-get -r $r_id ssl_key $unit)" ]] && | ||
164 | 523 | [[ -n "$(relation-get -r $r_id ca_cert $unit)" ]] ; then | ||
165 | 524 | return 0 | ||
166 | 525 | fi | ||
167 | 526 | done | ||
168 | 527 | done | ||
169 | 528 | return 1 | ||
170 | 529 | } | ||
171 | 530 | |||
172 | 531 | ########################################################################## | ||
173 | 532 | # Description: For a given number of port mappings, configures apache2 | ||
174 | 533 | # HTTPs local reverse proxying using certficates and keys provided in | ||
175 | 534 | # either configuration data (preferred) or relation data. Assumes ports | ||
176 | 535 | # are not in use (calling charm should ensure that). | ||
177 | 536 | # Parameters: Variable number of proxy port mappings as | ||
178 | 537 | # $internal:$external. | ||
179 | 538 | # Returns: 0 if reverse proxy(s) have been configured, 0 if not. | ||
180 | 539 | ########################################################################## | ||
181 | 540 | enable_https() { | ||
182 | 541 | local port_maps="$@" | ||
183 | 542 | local http_restart="" | ||
184 | 543 | juju-log "Enabling HTTPS for port mappings: $port_maps." | ||
185 | 544 | |||
186 | 545 | # allow overriding of keystone provided certs with those set manually | ||
187 | 546 | # in config. | ||
188 | 547 | local cert=$(config-get ssl_cert) | ||
189 | 548 | local key=$(config-get ssl_key) | ||
190 | 549 | local ca_cert="" | ||
191 | 550 | if [[ -z "$cert" ]] || [[ -z "$key" ]] ; then | ||
192 | 551 | juju-log "Inspecting identity-service relations for SSL certificate." | ||
193 | 552 | local r_id="" | ||
194 | 553 | cert="" | ||
195 | 554 | key="" | ||
196 | 555 | ca_cert="" | ||
197 | 556 | for r_id in $(relation-ids identity-service) ; do | ||
198 | 557 | for unit in $(relation-list -r $r_id) ; do | ||
199 | 558 | [[ -z "$cert" ]] && cert="$(relation-get -r $r_id ssl_cert $unit)" | ||
200 | 559 | [[ -z "$key" ]] && key="$(relation-get -r $r_id ssl_key $unit)" | ||
201 | 560 | [[ -z "$ca_cert" ]] && ca_cert="$(relation-get -r $r_id ca_cert $unit)" | ||
202 | 561 | done | ||
203 | 562 | done | ||
204 | 563 | [[ -n "$cert" ]] && cert=$(echo $cert | base64 -di) | ||
205 | 564 | [[ -n "$key" ]] && key=$(echo $key | base64 -di) | ||
206 | 565 | [[ -n "$ca_cert" ]] && ca_cert=$(echo $ca_cert | base64 -di) | ||
207 | 566 | else | ||
208 | 567 | juju-log "Using SSL certificate provided in service config." | ||
209 | 568 | fi | ||
210 | 569 | |||
211 | 570 | [[ -z "$cert" ]] || [[ -z "$key" ]] && | ||
212 | 571 | juju-log "Expected but could not find SSL certificate data, not "\ | ||
213 | 572 | "configuring HTTPS!" && return 1 | ||
214 | 573 | |||
215 | 574 | apt-get -y install apache2 | ||
216 | 575 | a2enmod ssl proxy proxy_http | grep -v "To activate the new configuration" && | ||
217 | 576 | http_restart=1 | ||
218 | 577 | |||
219 | 578 | mkdir -p /etc/apache2/ssl/$CHARM | ||
220 | 579 | echo "$cert" >/etc/apache2/ssl/$CHARM/cert | ||
221 | 580 | echo "$key" >/etc/apache2/ssl/$CHARM/key | ||
222 | 581 | if [[ -n "$ca_cert" ]] ; then | ||
223 | 582 | juju-log "Installing Keystone supplied CA cert." | ||
224 | 583 | echo "$ca_cert" >/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt | ||
225 | 584 | update-ca-certificates --fresh | ||
226 | 585 | |||
227 | 586 | # XXX TODO: Find a better way of exporting this? | ||
228 | 587 | if [[ "$CHARM" == "nova-cloud-controller" ]] ; then | ||
229 | 588 | [[ -e /var/www/keystone_juju_ca_cert.crt ]] && | ||
230 | 589 | rm -rf /var/www/keystone_juju_ca_cert.crt | ||
231 | 590 | ln -s /usr/local/share/ca-certificates/keystone_juju_ca_cert.crt \ | ||
232 | 591 | /var/www/keystone_juju_ca_cert.crt | ||
233 | 592 | fi | ||
234 | 593 | |||
235 | 594 | fi | ||
236 | 595 | for port_map in $port_maps ; do | ||
237 | 596 | local ext_port=$(echo $port_map | cut -d: -f1) | ||
238 | 597 | local int_port=$(echo $port_map | cut -d: -f2) | ||
239 | 598 | juju-log "Creating apache2 reverse proxy vhost for $port_map." | ||
240 | 599 | cat >/etc/apache2/sites-available/${CHARM}_${ext_port} <<END | ||
241 | 600 | Listen $ext_port | ||
242 | 601 | NameVirtualHost *:$ext_port | ||
243 | 602 | <VirtualHost *:$ext_port> | ||
244 | 603 | ServerName $(unit-get private-address) | ||
245 | 604 | SSLEngine on | ||
246 | 605 | SSLCertificateFile /etc/apache2/ssl/$CHARM/cert | ||
247 | 606 | SSLCertificateKeyFile /etc/apache2/ssl/$CHARM/key | ||
248 | 607 | ProxyPass / http://localhost:$int_port/ | ||
249 | 608 | ProxyPassReverse / http://localhost:$int_port/ | ||
250 | 609 | ProxyPreserveHost on | ||
251 | 610 | </VirtualHost> | ||
252 | 611 | <Proxy *> | ||
253 | 612 | Order deny,allow | ||
254 | 613 | Allow from all | ||
255 | 614 | </Proxy> | ||
256 | 615 | <Location /> | ||
257 | 616 | Order allow,deny | ||
258 | 617 | Allow from all | ||
259 | 618 | </Location> | ||
260 | 619 | END | ||
261 | 620 | a2ensite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" && | ||
262 | 621 | http_restart=1 | ||
263 | 622 | done | ||
264 | 623 | if [[ -n "$http_restart" ]] ; then | ||
265 | 624 | service apache2 restart | ||
266 | 625 | fi | ||
267 | 626 | } | ||
268 | 627 | |||
269 | 628 | ########################################################################## | ||
270 | 629 | # Description: Ensure HTTPS reverse proxying is disabled for given port | ||
271 | 630 | # mappings. | ||
272 | 631 | # Parameters: Variable number of proxy port mappings as | ||
273 | 632 | # $internal:$external. | ||
274 | 633 | # Returns: 0 if reverse proxy is not active for all portmaps, 1 on error. | ||
275 | 634 | ########################################################################## | ||
276 | 635 | disable_https() { | ||
277 | 636 | local port_maps="$@" | ||
278 | 637 | local http_restart="" | ||
279 | 638 | juju-log "Ensuring HTTPS disabled for $port_maps." | ||
280 | 639 | ( [[ ! -d /etc/apache2 ]] || [[ ! -d /etc/apache2/ssl/$CHARM ]] ) && return 0 | ||
281 | 640 | for port_map in $port_maps ; do | ||
282 | 641 | local ext_port=$(echo $port_map | cut -d: -f1) | ||
283 | 642 | local int_port=$(echo $port_map | cut -d: -f2) | ||
284 | 643 | if [[ -e /etc/apache2/sites-available/${CHARM}_${ext_port} ]] ; then | ||
285 | 644 | juju-log "Disabling HTTPS reverse proxy for $CHARM $port_map." | ||
286 | 645 | a2dissite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" && | ||
287 | 646 | http_restart=1 | ||
288 | 647 | fi | ||
289 | 648 | done | ||
290 | 649 | if [[ -n "$http_restart" ]] ; then | ||
291 | 650 | service apache2 restart | ||
292 | 651 | fi | ||
293 | 652 | } | ||
294 | 653 | |||
295 | 654 | |||
296 | 655 | ########################################################################## | ||
297 | 656 | # Description: Ensures HTTPS is either enabled or disabled for given port | ||
298 | 657 | # mapping. | ||
299 | 658 | # Parameters: Variable number of proxy port mappings as | ||
300 | 659 | # $internal:$external. | ||
301 | 660 | # Returns: 0 if HTTPS reverse proxy is in place, 1 if it is not. | ||
302 | 661 | ########################################################################## | ||
303 | 662 | setup_https() { | ||
304 | 663 | # configure https via apache reverse proxying either | ||
305 | 664 | # using certs provided by config or keystone. | ||
306 | 665 | [[ -z "$CHARM" ]] && | ||
307 | 666 | error_out "setup_https(): CHARM not set." | ||
308 | 667 | if ! https ; then | ||
309 | 668 | disable_https $@ | ||
310 | 669 | else | ||
311 | 670 | enable_https $@ | ||
312 | 671 | fi | ||
313 | 672 | } | ||
314 | 673 | |||
315 | 674 | ########################################################################## | ||
316 | 675 | # Description: Determine correct API server listening port based on | ||
317 | 676 | # existence of HTTPS reverse proxy and/or haproxy. | ||
318 | 677 | # Paremeters: The standard public port for given service. | ||
319 | 678 | # Returns: The correct listening port for API service. | ||
320 | 679 | ########################################################################## | ||
321 | 680 | determine_api_port() { | ||
322 | 681 | local public_port="$1" | ||
323 | 682 | local i=0 | ||
324 | 683 | ( [[ -n "$(peer_units)" ]] || is_clustered >/dev/null 2>&1 ) && i=$[$i + 1] | ||
325 | 684 | https >/dev/null 2>&1 && i=$[$i + 1] | ||
326 | 685 | echo $[$public_port - $[$i * 10]] | ||
327 | 686 | } | ||
328 | 687 | |||
329 | 688 | ########################################################################## | ||
330 | 689 | # Description: Determine correct proxy listening port based on public IP + | ||
331 | 690 | # existence of HTTPS reverse proxy. | ||
332 | 691 | # Paremeters: The standard public port for given service. | ||
333 | 692 | # Returns: The correct listening port for haproxy service public address. | ||
334 | 693 | ########################################################################## | ||
335 | 694 | determine_haproxy_port() { | ||
336 | 695 | local public_port="$1" | ||
337 | 696 | local i=0 | ||
338 | 697 | https >/dev/null 2>&1 && i=$[$i + 1] | ||
339 | 698 | echo $[$public_port - $[$i * 10]] | ||
340 | 498 | } | 699 | } |
341 | 499 | 700 | ||
342 | 500 | ########################################################################## | 701 | ########################################################################## |
343 | 501 | 702 | ||
344 | === modified file 'hooks/nova-compute-common' | |||
345 | --- hooks/nova-compute-common 2013-01-18 12:37:32 +0000 | |||
346 | +++ hooks/nova-compute-common 2013-03-08 21:37:22 +0000 | |||
347 | @@ -130,7 +130,7 @@ | |||
348 | 130 | && exit 0 | 130 | && exit 0 |
349 | 131 | set_or_update "network_api_class" "nova.network.quantumv2.api.API" | 131 | set_or_update "network_api_class" "nova.network.quantumv2.api.API" |
350 | 132 | set_or_update "quantum_auth_strategy" "keystone" | 132 | set_or_update "quantum_auth_strategy" "keystone" |
352 | 133 | set_or_update "quantum_url" "http://$(relation-get quantum_host):9696" | 133 | set_or_update "quantum_url" "$(relation-get quantum_url)" |
353 | 134 | set_or_update "quantum_admin_tenant_name" "$(relation-get service_tenant)" | 134 | set_or_update "quantum_admin_tenant_name" "$(relation-get service_tenant)" |
354 | 135 | set_or_update "quantum_admin_username" "$(relation-get service_username)" | 135 | set_or_update "quantum_admin_username" "$(relation-get service_username)" |
355 | 136 | set_or_update "quantum_admin_password" "$(relation-get service_password)" | 136 | set_or_update "quantum_admin_password" "$(relation-get service_password)" |
356 | 137 | 137 | ||
357 | === modified file 'hooks/nova-compute-relations' | |||
358 | --- hooks/nova-compute-relations 2013-01-25 15:19:57 +0000 | |||
359 | +++ hooks/nova-compute-relations 2013-03-08 21:37:22 +0000 | |||
360 | @@ -217,6 +217,16 @@ | |||
361 | 217 | esac | 217 | esac |
362 | 218 | fi | 218 | fi |
363 | 219 | 219 | ||
364 | 220 | # If Keytone is configured manage SSL certs, nova-compute needs a copy | ||
365 | 221 | # of its CA installed. | ||
366 | 222 | local ca_cert="$(relation-get ca_cert)" | ||
367 | 223 | if [[ -n "$ca_cert" ]] ; then | ||
368 | 224 | juju-log "Installing Keystone CA certificate." | ||
369 | 225 | ca_cert="$(echo $ca_cert | base64 -di)" | ||
370 | 226 | echo "$ca_cert" >/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt | ||
371 | 227 | update-ca-certificates | ||
372 | 228 | fi | ||
373 | 229 | |||
374 | 220 | # restart on all changed events. nova-c-c may send out a uuid to trigger | 230 | # restart on all changed events. nova-c-c may send out a uuid to trigger |
375 | 221 | # remote restarts of services here (after db migrations, for instance) | 231 | # remote restarts of services here (after db migrations, for instance) |
376 | 222 | service_ctl all restart | 232 | service_ctl all restart |
377 | 223 | 233 | ||
378 | === modified file 'revision' | |||
379 | --- revision 2013-03-05 17:25:32 +0000 | |||
380 | +++ revision 2013-03-08 21:37:22 +0000 | |||
381 | @@ -1,1 +1,1 @@ | |||
383 | 1 | 84 | 1 | 86 |
Works for me!