Juju Charms Collection
ceph-radosgw package

Merge lp:~hopem/charms/trusty/ceph-radosgw/lp1520339 into lp:~openstack-charmers-archive/charms/trusty/ceph-radosgw/next

  1. Trusty Tahr (14.04)
  2. lp1520339
  3. Merge into next
Proposed by Edward Hope-Morley
Status: Superseded
Proposed branch: lp:~hopem/charms/trusty/ceph-radosgw/lp1520339
Merge into: lp:~openstack-charmers-archive/charms/trusty/ceph-radosgw/next
Diff against target: 298 lines (+141/-11)
4 files modified
hooks/ceph_radosgw_context.py (+7/-0)
hooks/hooks.py (+118/-5)
templates/ceph.conf (+3/-1)
unit_tests/test_hooks.py (+13/-5)
To merge this branch: bzr merge lp:~hopem/charms/trusty/ceph-radosgw/lp1520339
Reviewer Review Type Date Requested Status
Ryan Beisner (community) Needs Fixing
OpenStack Charmers Pending
Review via email: mp+279006@code.launchpad.net

This proposal has been superseded by a proposal from 2015-12-27.

To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #14695 ceph-radosgw-next for hopem mp279006
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/14695/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #13702 ceph-radosgw-next for hopem mp279006
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/13702/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #8067 ceph-radosgw-next for hopem mp279006
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/13600857/
Build: http://10.245.162.77:8080/job/charm_amulet_test/8067/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #15039 ceph-radosgw-next for hopem mp279006
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/15039/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #14027 ceph-radosgw-next for hopem mp279006
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/14027/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #8204 ceph-radosgw-next for hopem mp279006
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/13797560/
Build: http://10.245.162.77:8080/job/charm_amulet_test/8204/

Revision history for this message
Ryan Beisner (1chb1n) wrote :

FYI:

19:43:42 unit: ceph-radosgw/0: machine: 4 agent-state: error details: hook failed: "identity-service-relation-joined"

review: Needs Fixing
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #8217 ceph-radosgw-next for hopem mp279006
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/13828846/
Build: http://10.245.162.77:8080/job/charm_amulet_test/8217/

Revision history for this message
Ryan Beisner (1chb1n) wrote :

^ Just reconfirming hook error with 2nd run. Indeed:
19:43:42 unit: ceph-radosgw/0: machine: 4 agent-state: error details: hook failed: "identity-service-relation-joined"

Revision history for this message
Edward Hope-Morley (hopem) wrote :

@1chb1n this seems to be a dep issue i.e. for some reason python-six in that env is not compatible with python-keystoneclient.

Revision history for this message
Ryan Beisner (1chb1n) wrote :

@hopem, that message is from the juju unit, so all pkgs present are installed by either Juju or by the charm.

Revision history for this message
Ryan Beisner (1chb1n) wrote :

Here is the ceph-radosgw/0 unit log trace:

http://paste.ubuntu.com/14006955/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #15771 ceph-radosgw-next for hopem mp279006
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/15771/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #14719 ceph-radosgw-next for hopem mp279006
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/14719/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #8385 ceph-radosgw-next for hopem mp279006
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/14132892/
Build: http://10.245.162.77:8080/job/charm_amulet_test/8385/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #15877 ceph-radosgw-next for hopem mp279006
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/15877/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #14819 ceph-radosgw-next for hopem mp279006
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/14819/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #8387 ceph-radosgw-next for hopem mp279006
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/14167062/
Build: http://10.245.162.77:8080/job/charm_amulet_test/8387/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #15878 ceph-radosgw-next for hopem mp279006
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/15878/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #14820 ceph-radosgw-next for hopem mp279006
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/14820/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #8388 ceph-radosgw-next for hopem mp279006
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/14168158/
Build: http://10.245.162.77:8080/job/charm_amulet_test/8388/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #16036 ceph-radosgw-next for hopem mp279006
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/16036/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #14969 ceph-radosgw-next for hopem mp279006
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/14969/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #8390 ceph-radosgw-next for hopem mp279006
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [functional_test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/14210644/
Build: http://10.245.162.77:8080/job/charm_amulet_test/8390/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #14970 ceph-radosgw-next for hopem mp279006
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/14970/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #16037 ceph-radosgw-next for hopem mp279006
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/16037/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #8391 ceph-radosgw-next for hopem mp279006
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/8391/

lp:~hopem/charms/trusty/ceph-radosgw/lp1520339 updated
52. By Edward Hope-Morley

[hopem,r=]

Configure rados gateway nss with CA and signing certs
from keystone so that it can decrypt revoked token
list from keystone.

Partially-Closes-Bug: 1520339

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #16090 ceph-radosgw-next for hopem mp279006
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/16090/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #15020 ceph-radosgw-next for hopem mp279006
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/15020/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #8392 ceph-radosgw-next for hopem mp279006
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/8392/

Unmerged revisions

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/ceph_radosgw_context.py'
--- hooks/ceph_radosgw_context.py 2015-11-26 16:20:26 +0000
+++ hooks/ceph_radosgw_context.py 2015-12-27 00:21:39 +0000
@@ -13,6 +13,7 @@
13 relation_get,13 relation_get,
14 unit_get,14 unit_get,
15)15)
16import os
16import socket17import socket
17import dns.resolver18import dns.resolver
1819
@@ -102,6 +103,12 @@
102 'loglevel': config('loglevel'),103 'loglevel': config('loglevel'),
103 }104 }
104105
106 certs_path = '/var/lib/ceph/nss'
107 paths = [os.path.join(certs_path, 'ca.pem'),
108 os.path.join(certs_path, 'signing_certificate.pem')]
109 if all([os.path.isfile(p) for p in paths]):
110 ctxt['cms'] = True
111
105 if self.context_complete(ctxt):112 if self.context_complete(ctxt):
106 return ctxt113 return ctxt
107114
108115
=== modified file 'hooks/hooks.py'
--- hooks/hooks.py 2015-10-08 12:13:08 +0000
+++ hooks/hooks.py 2015-12-27 00:21:39 +0000
@@ -13,14 +13,19 @@
13import glob13import glob
14import os14import os
15import ceph15import ceph
16
16from charmhelpers.core.hookenv import (17from charmhelpers.core.hookenv import (
17 relation_get,18 relation_get,
18 relation_ids,19 relation_ids,
20 related_units,
19 config,21 config,
20 unit_get,22 unit_get,
21 open_port,23 open_port,
22 relation_set,24 relation_set,
23 log, ERROR,25 log,
26 DEBUG,
27 WARNING,
28 ERROR,
24 Hooks, UnregisteredHookError,29 Hooks, UnregisteredHookError,
25 status_set,30 status_set,
26)31)
@@ -43,9 +48,11 @@
43 REQUIRED_INTERFACES,48 REQUIRED_INTERFACES,
44 check_optional_relations,49 check_optional_relations,
45)50)
46
47from charmhelpers.payload.execd import execd_preinstall51from charmhelpers.payload.execd import execd_preinstall
48from charmhelpers.core.host import cmp_pkgrevno52from charmhelpers.core.host import (
53 cmp_pkgrevno,
54 mkdir,
55)
4956
50from charmhelpers.contrib.network.ip import (57from charmhelpers.contrib.network.ip import (
51 get_iface_for_address,58 get_iface_for_address,
@@ -89,6 +96,11 @@
89 'radosgw',96 'radosgw',
90 'ntp',97 'ntp',
91 'haproxy',98 'haproxy',
99 'libnss3-tools',
100 'python-keystoneclient',
101 'python-six', # Ensures correct version is installed for precise
102 # since python-keystoneclient does not pull in icehouse
103 # version
92]104]
93105
94APACHE_PACKAGES = [106APACHE_PACKAGES = [
@@ -155,6 +167,99 @@
155 shutil.copy('files/ports.conf', '/etc/apache2/ports.conf')167 shutil.copy('files/ports.conf', '/etc/apache2/ports.conf')
156168
157169
170def setup_keystone_certs(unit=None, rid=None):
171 """
172 Get CA and signing certs from Keystone used to decrypt revoked token list.
173 """
174 import requests
175 try:
176 # Kilo and newer
177 from keystoneclient.exceptions import ConnectionRefused
178 except ImportError:
179 # Juno and older
180 from keystoneclient.exceptions import ConnectionError as \
181 ConnectionRefused
182
183 from keystoneclient.v2_0 import client
184
185 certs_path = '/var/lib/ceph/nss'
186 mkdir(certs_path)
187
188 rdata = relation_get(unit=unit, rid=rid)
189 auth_protocol = rdata.get('auth_protocol', 'http')
190
191 required_keys = ['admin_token', 'auth_host', 'auth_port']
192 settings = {}
193 for key in required_keys:
194 settings[key] = rdata.get(key)
195
196 if not all(settings.values()):
197 log("Missing relation settings (%s) - skipping cert setup" %
198 (', '.join([k for k in settings.keys() if not settings[k]])),
199 level=DEBUG)
200 return
201
202 auth_endpoint = "%s://%s:%s/v2.0" % (auth_protocol, settings['auth_host'],
203 settings['auth_port'])
204 keystone = client.Client(token=settings['admin_token'],
205 endpoint=auth_endpoint)
206
207 # CA
208 try:
209 # Kilo and newer
210 ca_cert = keystone.certificates.get_ca_certificate()
211 except AttributeError:
212 # Juno and older
213 ca_cert = requests.request('GET', auth_endpoint +
214 '/certificates/ca').text
215 except ConnectionRefused:
216 log("Error connecting to keystone - skipping ca/signing cert setup",
217 level=WARNING)
218 return
219
220 if ca_cert:
221 log("Updating ca cert from keystone", level=DEBUG)
222 ca = os.path.join(certs_path, 'ca.pem')
223 with open(ca, 'w') as fd:
224 fd.write(ca_cert)
225
226 out = subprocess.check_output(['openssl', 'x509', '-in', ca,
227 '-pubkey'])
228 p = subprocess.Popen(['certutil', '-d', certs_path, '-A', '-n', 'ca',
229 '-t', 'TCu,Cu,Tuw'], stdin=subprocess.PIPE)
230 p.communicate(out)
231 else:
232 log("No ca cert available from keystone", level=DEBUG)
233
234 # Signing cert
235 try:
236 # Kilo and newer
237 signing_cert = keystone.certificates.get_signing_certificate()
238 except AttributeError:
239 # Juno and older
240 signing_cert = requests.request('GET', auth_endpoint +
241 '/certificates/signing').text
242 except ConnectionRefused:
243 log("Error connecting to keystone - skipping ca/signing cert setup",
244 level=WARNING)
245 return
246
247 if signing_cert:
248 log("Updating signing cert from keystone", level=DEBUG)
249 signing_cert_path = os.path.join(certs_path, 'signing_certificate.pem')
250 with open(signing_cert_path, 'w') as fd:
251 fd.write(signing_cert)
252
253 out = subprocess.check_output(['openssl', 'x509', '-in',
254 signing_cert_path, '-pubkey'])
255 p = subprocess.Popen(['certutil', '-A', '-d', certs_path, '-n',
256 'signing_cert', '-t', 'P,P,P'],
257 stdin=subprocess.PIPE)
258 p.communicate(out)
259 else:
260 log("No signing cert available from keystone", level=DEBUG)
261
262
158@hooks.hook('upgrade-charm',263@hooks.hook('upgrade-charm',
159 'config-changed')264 'config-changed')
160@restart_on_change({'/etc/ceph/ceph.conf': ['radosgw'],265@restart_on_change({'/etc/ceph/ceph.conf': ['radosgw'],
@@ -170,8 +275,9 @@
170 apache_modules()275 apache_modules()
171 apache_ports()276 apache_ports()
172 apache_reload()277 apache_reload()
278
173 for r_id in relation_ids('identity-service'):279 for r_id in relation_ids('identity-service'):
174 identity_joined(relid=r_id)280 identity_changed(relid=r_id)
175281
176282
177@hooks.hook('mon-relation-departed',283@hooks.hook('mon-relation-departed',
@@ -225,10 +331,17 @@
225 requested_roles=config('operator-roles'),331 requested_roles=config('operator-roles'),
226 relation_id=relid)332 relation_id=relid)
227333
334 if relid:
335 for unit in related_units(relid):
336 setup_keystone_certs(unit=unit, rid=relid)
337 else:
338 setup_keystone_certs()
339
228340
229@hooks.hook('identity-service-relation-changed')341@hooks.hook('identity-service-relation-changed')
230@restart_on_change({'/etc/ceph/ceph.conf': ['radosgw']})342@restart_on_change({'/etc/ceph/ceph.conf': ['radosgw']})
231def identity_changed():343def identity_changed(relid=None):
344 identity_joined(relid)
232 CONFIGS.write_all()345 CONFIGS.write_all()
233 restart()346 restart()
234347
235348
=== modified file 'templates/ceph.conf'
--- templates/ceph.conf 2015-11-26 16:20:26 +0000
+++ templates/ceph.conf 2015-12-27 00:21:39 +0000
@@ -31,5 +31,7 @@
31rgw keystone token cache size = {{ cache_size }}31rgw keystone token cache size = {{ cache_size }}
32rgw keystone revocation interval = {{ revocation_check_interval }}32rgw keystone revocation interval = {{ revocation_check_interval }}
33rgw s3 auth use keystone = true33rgw s3 auth use keystone = true
34#nss db path = /var/lib/ceph/nss34{% if cms -%}
35nss db path = /var/lib/ceph/nss
36{% endif %}
35{% endif %}37{% endif %}
3638
=== modified file 'unit_tests/test_hooks.py'
--- unit_tests/test_hooks.py 2015-11-03 11:58:54 +0000
+++ unit_tests/test_hooks.py 2015-12-27 00:21:39 +0000
@@ -43,6 +43,7 @@
43 'relation_ids',43 'relation_ids',
44 'relation_set',44 'relation_set',
45 'relation_get',45 'relation_get',
46 'related_units',
46 'render_template',47 'render_template',
47 'shutil',48 'shutil',
48 'status_set',49 'status_set',
@@ -108,9 +109,8 @@
108 self.add_source.assert_called_with('distro', 'secretkey')109 self.add_source.assert_called_with('distro', 'secretkey')
109 self.assertTrue(self.apt_update.called)110 self.assertTrue(self.apt_update.called)
110 self.assertFalse(_install_packages.called)111 self.assertFalse(_install_packages.called)
111 self.apt_install.assert_called_with(['radosgw',112 self.apt_install.assert_called_with(ceph_hooks.PACKAGES,
112 'ntp',113 fatal=True)
113 'haproxy'], fatal=True)
114 self.apt_purge.assert_called_with(['libapache2-mod-fastcgi',114 self.apt_purge.assert_called_with(['libapache2-mod-fastcgi',
115 'apache2'])115 'apache2'])
116116
@@ -167,6 +167,7 @@
167 ]167 ]
168 self.subprocess.call.assert_has_calls(calls)168 self.subprocess.call.assert_has_calls(calls)
169169
170 @patch.object(ceph_hooks, 'mkdir', lambda *args: None)
170 def test_config_changed(self):171 def test_config_changed(self):
171 _install_packages = self.patch('install_packages')172 _install_packages = self.patch('install_packages')
172 _emit_apacheconf = self.patch('emit_apacheconf')173 _emit_apacheconf = self.patch('emit_apacheconf')
@@ -221,12 +222,15 @@
221 cmd = ['service', 'radosgw', 'restart']222 cmd = ['service', 'radosgw', 'restart']
222 self.subprocess.call.assert_called_with(cmd)223 self.subprocess.call.assert_called_with(cmd)
223224
225 @patch.object(ceph_hooks, 'setup_keystone_certs')
224 @patch('charmhelpers.contrib.openstack.ip.service_name',226 @patch('charmhelpers.contrib.openstack.ip.service_name',
225 lambda *args: 'ceph-radosgw')227 lambda *args: 'ceph-radosgw')
226 @patch('charmhelpers.contrib.openstack.ip.config')228 @patch('charmhelpers.contrib.openstack.ip.config')
227 def test_identity_joined_early_version(self, _config):229 def test_identity_joined_early_version(self, _config,
230 mock_setup_keystone_certs):
228 self.cmp_pkgrevno.return_value = -1231 self.cmp_pkgrevno.return_value = -1
229 ceph_hooks.identity_joined()232 ceph_hooks.identity_joined()
233 self.assertTrue(mock_setup_keystone_certs.called)
230 self.sys.exit.assert_called_with(1)234 self.sys.exit.assert_called_with(1)
231235
232 @patch('charmhelpers.contrib.openstack.ip.service_name',236 @patch('charmhelpers.contrib.openstack.ip.service_name',
@@ -234,6 +238,7 @@
234 @patch('charmhelpers.contrib.openstack.ip.resolve_address')238 @patch('charmhelpers.contrib.openstack.ip.resolve_address')
235 @patch('charmhelpers.contrib.openstack.ip.config')239 @patch('charmhelpers.contrib.openstack.ip.config')
236 def test_identity_joined(self, _config, _resolve_address):240 def test_identity_joined(self, _config, _resolve_address):
241 self.related_units = ['unit/0']
237 self.cmp_pkgrevno.return_value = 1242 self.cmp_pkgrevno.return_value = 1
238 _resolve_address.return_value = 'myserv'243 _resolve_address.return_value = 'myserv'
239 _config.side_effect = self.test_config.get244 _config.side_effect = self.test_config.get
@@ -257,6 +262,7 @@
257 @patch('charmhelpers.contrib.openstack.ip.config')262 @patch('charmhelpers.contrib.openstack.ip.config')
258 def test_identity_joined_public_name(self, _config, _unit_get,263 def test_identity_joined_public_name(self, _config, _unit_get,
259 _is_clustered):264 _is_clustered):
265 self.related_units = ['unit/0']
260 _config.side_effect = self.test_config.get266 _config.side_effect = self.test_config.get
261 self.test_config.set('os-public-hostname', 'files.example.com')267 self.test_config.set('os-public-hostname', 'files.example.com')
262 _unit_get.return_value = 'myserv'268 _unit_get.return_value = 'myserv'
@@ -271,11 +277,13 @@
271 relation_id='rid',277 relation_id='rid',
272 admin_url='http://myserv:80/swift')278 admin_url='http://myserv:80/swift')
273279
274 def test_identity_changed(self):280 @patch.object(ceph_hooks, 'identity_joined')
281 def test_identity_changed(self, mock_identity_joined):
275 _restart = self.patch('restart')282 _restart = self.patch('restart')
276 ceph_hooks.identity_changed()283 ceph_hooks.identity_changed()
277 self.CONFIGS.write_all.assert_called_with()284 self.CONFIGS.write_all.assert_called_with()
278 self.assertTrue(_restart.called)285 self.assertTrue(_restart.called)
286 self.assertTrue(mock_identity_joined.called)
279287
280 @patch('charmhelpers.contrib.openstack.ip.is_clustered')288 @patch('charmhelpers.contrib.openstack.ip.is_clustered')
281 @patch('charmhelpers.contrib.openstack.ip.unit_get')289 @patch('charmhelpers.contrib.openstack.ip.unit_get')

Subscribers

People subscribed via source and target branches