Juju Charms Collection
neutron-api package

Merge lp:~hopem/charms/trusty/neutron-api/pki-token-support into lp:~openstack-charmers-archive/charms/trusty/neutron-api/next

  1. Trusty Tahr (14.04)
  2. pki-token-support
  3. Merge into next
Proposed by Edward Hope-Morley
Status: Merged
Merged at revision: 84
Proposed branch: lp:~hopem/charms/trusty/neutron-api/pki-token-support
Merge into: lp:~openstack-charmers-archive/charms/trusty/neutron-api/next
Diff against target: 465 lines (+244/-24)
14 files modified
hooks/charmhelpers/contrib/charmsupport/nrpe.py (+41/-7)
hooks/charmhelpers/contrib/hahelpers/cluster.py (+5/-1)
hooks/charmhelpers/contrib/openstack/amulet/deployment.py (+5/-2)
hooks/charmhelpers/contrib/openstack/context.py (+26/-9)
hooks/charmhelpers/contrib/openstack/files/__init__.py (+18/-0)
hooks/charmhelpers/contrib/openstack/files/check_haproxy.sh (+32/-0)
hooks/charmhelpers/contrib/openstack/files/check_haproxy_queue_depth.sh (+30/-0)
hooks/charmhelpers/contrib/openstack/ip.py (+37/-0)
hooks/charmhelpers/contrib/openstack/utils.py (+1/-0)
hooks/charmhelpers/core/fstab.py (+2/-2)
hooks/charmhelpers/core/strutils.py (+42/-0)
hooks/neutron_api_utils.py (+3/-1)
templates/icehouse/neutron.conf (+1/-1)
templates/kilo/neutron.conf (+1/-1)
To merge this branch: bzr merge lp:~hopem/charms/trusty/neutron-api/pki-token-support
Reviewer Review Type Date Requested Status
Liam Young (community) Approve
Review via email: mp+250370@code.launchpad.net
To post a comment you must log in.
Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #2136 neutron-api-next for hopem mp250370
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/2136/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #1925 neutron-api-next for hopem mp250370
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/1925/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #2044 neutron-api-next for hopem mp250370
    AMULET FAIL: amulet-test missing

AMULET Results (max last 2 lines):
INFO:root:Search string not found in makefile target commands.
ERROR:root:No make target was executed.

Full amulet test output: http://paste.ubuntu.com/10325776/
Build: http://10.245.162.77:8080/job/charm_amulet_test/2044/

lp:~hopem/charms/trusty/neutron-api/pki-token-support updated
82. By Edward Hope-Morley

synced /next

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #2209 neutron-api-next for hopem mp250370
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/2209/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #1998 neutron-api-next for hopem mp250370
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/1998/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #2155 neutron-api-next for hopem mp250370
    AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
  ERROR subprocess encountered error code 1
  make: *** [test] Error 1

Full amulet test output: http://paste.ubuntu.com/10396393/
Build: http://10.245.162.77:8080/job/charm_amulet_test/2155/

Revision history for this message
Liam Young (gnuoy) wrote :

Approve

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/charmhelpers/contrib/charmsupport/nrpe.py'
2--- hooks/charmhelpers/contrib/charmsupport/nrpe.py 2015-01-26 09:44:26 +0000
3+++ hooks/charmhelpers/contrib/charmsupport/nrpe.py 2015-02-24 11:59:09 +0000
4@@ -24,6 +24,8 @@
5 import pwd
6 import grp
7 import os
8+import glob
9+import shutil
10 import re
11 import shlex
12 import yaml
13@@ -161,7 +163,7 @@
14 log('Check command not found: {}'.format(parts[0]))
15 return ''
16
17- def write(self, nagios_context, hostname, nagios_servicegroups=None):
18+ def write(self, nagios_context, hostname, nagios_servicegroups):
19 nrpe_check_file = '/etc/nagios/nrpe.d/{}.cfg'.format(
20 self.command)
21 with open(nrpe_check_file, 'w') as nrpe_check_config:
22@@ -177,14 +179,11 @@
23 nagios_servicegroups)
24
25 def write_service_config(self, nagios_context, hostname,
26- nagios_servicegroups=None):
27+ nagios_servicegroups):
28 for f in os.listdir(NRPE.nagios_exportdir):
29 if re.search('.*{}.cfg'.format(self.command), f):
30 os.remove(os.path.join(NRPE.nagios_exportdir, f))
31
32- if not nagios_servicegroups:
33- nagios_servicegroups = nagios_context
34-
35 templ_vars = {
36 'nagios_hostname': hostname,
37 'nagios_servicegroup': nagios_servicegroups,
38@@ -211,10 +210,10 @@
39 super(NRPE, self).__init__()
40 self.config = config()
41 self.nagios_context = self.config['nagios_context']
42- if 'nagios_servicegroups' in self.config:
43+ if 'nagios_servicegroups' in self.config and self.config['nagios_servicegroups']:
44 self.nagios_servicegroups = self.config['nagios_servicegroups']
45 else:
46- self.nagios_servicegroups = 'juju'
47+ self.nagios_servicegroups = self.nagios_context
48 self.unit_name = local_unit().replace('/', '-')
49 if hostname:
50 self.hostname = hostname
51@@ -322,3 +321,38 @@
52 check_cmd='check_status_file.py -f '
53 '/var/lib/nagios/service-check-%s.txt' % svc,
54 )
55+
56+
57+def copy_nrpe_checks():
58+ """
59+ Copy the nrpe checks into place
60+
61+ """
62+ NAGIOS_PLUGINS = '/usr/local/lib/nagios/plugins'
63+ nrpe_files_dir = os.path.join(os.getenv('CHARM_DIR'), 'hooks',
64+ 'charmhelpers', 'contrib', 'openstack',
65+ 'files')
66+
67+ if not os.path.exists(NAGIOS_PLUGINS):
68+ os.makedirs(NAGIOS_PLUGINS)
69+ for fname in glob.glob(os.path.join(nrpe_files_dir, "check_*")):
70+ if os.path.isfile(fname):
71+ shutil.copy2(fname,
72+ os.path.join(NAGIOS_PLUGINS, os.path.basename(fname)))
73+
74+
75+def add_haproxy_checks(nrpe, unit_name):
76+ """
77+ Add checks for each service in list
78+
79+ :param NRPE nrpe: NRPE object to add check to
80+ :param str unit_name: Unit name to use in check description
81+ """
82+ nrpe.add_check(
83+ shortname='haproxy_servers',
84+ description='Check HAProxy {%s}' % unit_name,
85+ check_cmd='check_haproxy.sh')
86+ nrpe.add_check(
87+ shortname='haproxy_queue',
88+ description='Check HAProxy queue depth {%s}' % unit_name,
89+ check_cmd='check_haproxy_queue_depth.sh')
90
91=== modified file 'hooks/charmhelpers/contrib/hahelpers/cluster.py'
92--- hooks/charmhelpers/contrib/hahelpers/cluster.py 2015-01-26 09:44:26 +0000
93+++ hooks/charmhelpers/contrib/hahelpers/cluster.py 2015-02-24 11:59:09 +0000
94@@ -48,6 +48,9 @@
95 from charmhelpers.core.decorators import (
96 retry_on_exception,
97 )
98+from charmhelpers.core.strutils import (
99+ bool_from_string,
100+)
101
102
103 class HAIncompleteConfig(Exception):
104@@ -164,7 +167,8 @@
105 .
106 returns: boolean
107 '''
108- if config_get('use-https') == "yes":
109+ use_https = config_get('use-https')
110+ if use_https and bool_from_string(use_https):
111 return True
112 if config_get('ssl_cert') and config_get('ssl_key'):
113 return True
114
115=== modified file 'hooks/charmhelpers/contrib/openstack/amulet/deployment.py'
116--- hooks/charmhelpers/contrib/openstack/amulet/deployment.py 2015-01-26 09:44:26 +0000
117+++ hooks/charmhelpers/contrib/openstack/amulet/deployment.py 2015-02-24 11:59:09 +0000
118@@ -71,16 +71,19 @@
119 services.append(this_service)
120 use_source = ['mysql', 'mongodb', 'rabbitmq-server', 'ceph',
121 'ceph-osd', 'ceph-radosgw']
122+ # Openstack subordinate charms do not expose an origin option as that
123+ # is controlled by the principle
124+ ignore = ['neutron-openvswitch']
125
126 if self.openstack:
127 for svc in services:
128- if svc['name'] not in use_source:
129+ if svc['name'] not in use_source + ignore:
130 config = {'openstack-origin': self.openstack}
131 self.d.configure(svc['name'], config)
132
133 if self.source:
134 for svc in services:
135- if svc['name'] in use_source:
136+ if svc['name'] in use_source and svc['name'] not in ignore:
137 config = {'source': self.source}
138 self.d.configure(svc['name'], config)
139
140
141=== modified file 'hooks/charmhelpers/contrib/openstack/context.py'
142--- hooks/charmhelpers/contrib/openstack/context.py 2015-01-26 09:44:26 +0000
143+++ hooks/charmhelpers/contrib/openstack/context.py 2015-02-24 11:59:09 +0000
144@@ -279,9 +279,25 @@
145 class IdentityServiceContext(OSContextGenerator):
146 interfaces = ['identity-service']
147
148+ def __init__(self, service=None, service_user=None):
149+ self.service = service
150+ self.service_user = service_user
151+
152 def __call__(self):
153 log('Generating template context for identity-service', level=DEBUG)
154 ctxt = {}
155+
156+ if self.service and self.service_user:
157+ # This is required for pki token signing if we don't want /tmp to
158+ # be used.
159+ cachedir = '/var/cache/%s' % (self.service)
160+ if not os.path.isdir(cachedir):
161+ log("Creating service cache dir %s" % (cachedir), level=DEBUG)
162+ mkdir(path=cachedir, owner=self.service_user,
163+ group=self.service_user, perms=0o700)
164+
165+ ctxt['signing_dir'] = cachedir
166+
167 for rid in relation_ids('identity-service'):
168 for unit in related_units(rid):
169 rdata = relation_get(rid=rid, unit=unit)
170@@ -291,15 +307,16 @@
171 auth_host = format_ipv6_addr(auth_host) or auth_host
172 svc_protocol = rdata.get('service_protocol') or 'http'
173 auth_protocol = rdata.get('auth_protocol') or 'http'
174- ctxt = {'service_port': rdata.get('service_port'),
175- 'service_host': serv_host,
176- 'auth_host': auth_host,
177- 'auth_port': rdata.get('auth_port'),
178- 'admin_tenant_name': rdata.get('service_tenant'),
179- 'admin_user': rdata.get('service_username'),
180- 'admin_password': rdata.get('service_password'),
181- 'service_protocol': svc_protocol,
182- 'auth_protocol': auth_protocol}
183+ ctxt.update({'service_port': rdata.get('service_port'),
184+ 'service_host': serv_host,
185+ 'auth_host': auth_host,
186+ 'auth_port': rdata.get('auth_port'),
187+ 'admin_tenant_name': rdata.get('service_tenant'),
188+ 'admin_user': rdata.get('service_username'),
189+ 'admin_password': rdata.get('service_password'),
190+ 'service_protocol': svc_protocol,
191+ 'auth_protocol': auth_protocol})
192+
193 if context_complete(ctxt):
194 # NOTE(jamespage) this is required for >= icehouse
195 # so a missing value just indicates keystone needs
196
197=== added directory 'hooks/charmhelpers/contrib/openstack/files'
198=== added file 'hooks/charmhelpers/contrib/openstack/files/__init__.py'
199--- hooks/charmhelpers/contrib/openstack/files/__init__.py 1970-01-01 00:00:00 +0000
200+++ hooks/charmhelpers/contrib/openstack/files/__init__.py 2015-02-24 11:59:09 +0000
201@@ -0,0 +1,18 @@
202+# Copyright 2014-2015 Canonical Limited.
203+#
204+# This file is part of charm-helpers.
205+#
206+# charm-helpers is free software: you can redistribute it and/or modify
207+# it under the terms of the GNU Lesser General Public License version 3 as
208+# published by the Free Software Foundation.
209+#
210+# charm-helpers is distributed in the hope that it will be useful,
211+# but WITHOUT ANY WARRANTY; without even the implied warranty of
212+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
213+# GNU Lesser General Public License for more details.
214+#
215+# You should have received a copy of the GNU Lesser General Public License
216+# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.
217+
218+# dummy __init__.py to fool syncer into thinking this is a syncable python
219+# module
220
221=== added file 'hooks/charmhelpers/contrib/openstack/files/check_haproxy.sh'
222--- hooks/charmhelpers/contrib/openstack/files/check_haproxy.sh 1970-01-01 00:00:00 +0000
223+++ hooks/charmhelpers/contrib/openstack/files/check_haproxy.sh 2015-02-24 11:59:09 +0000
224@@ -0,0 +1,32 @@
225+#!/bin/bash
226+#--------------------------------------------
227+# This file is managed by Juju
228+#--------------------------------------------
229+#
230+# Copyright 2009,2012 Canonical Ltd.
231+# Author: Tom Haddon
232+
233+CRITICAL=0
234+NOTACTIVE=''
235+LOGFILE=/var/log/nagios/check_haproxy.log
236+AUTH=$(grep -r "stats auth" /etc/haproxy | head -1 | awk '{print $4}')
237+
238+for appserver in $(grep ' server' /etc/haproxy/haproxy.cfg | awk '{print $2'});
239+do
240+ output=$(/usr/lib/nagios/plugins/check_http -a ${AUTH} -I 127.0.0.1 -p 8888 --regex="class=\"(active|backup)(2|3).*${appserver}" -e ' 200 OK')
241+ if [ $? != 0 ]; then
242+ date >> $LOGFILE
243+ echo $output >> $LOGFILE
244+ /usr/lib/nagios/plugins/check_http -a ${AUTH} -I 127.0.0.1 -p 8888 -v | grep $appserver >> $LOGFILE 2>&1
245+ CRITICAL=1
246+ NOTACTIVE="${NOTACTIVE} $appserver"
247+ fi
248+done
249+
250+if [ $CRITICAL = 1 ]; then
251+ echo "CRITICAL:${NOTACTIVE}"
252+ exit 2
253+fi
254+
255+echo "OK: All haproxy instances looking good"
256+exit 0
257
258=== added file 'hooks/charmhelpers/contrib/openstack/files/check_haproxy_queue_depth.sh'
259--- hooks/charmhelpers/contrib/openstack/files/check_haproxy_queue_depth.sh 1970-01-01 00:00:00 +0000
260+++ hooks/charmhelpers/contrib/openstack/files/check_haproxy_queue_depth.sh 2015-02-24 11:59:09 +0000
261@@ -0,0 +1,30 @@
262+#!/bin/bash
263+#--------------------------------------------
264+# This file is managed by Juju
265+#--------------------------------------------
266+#
267+# Copyright 2009,2012 Canonical Ltd.
268+# Author: Tom Haddon
269+
270+# These should be config options at some stage
271+CURRQthrsh=0
272+MAXQthrsh=100
273+
274+AUTH=$(grep -r "stats auth" /etc/haproxy | head -1 | awk '{print $4}')
275+
276+HAPROXYSTATS=$(/usr/lib/nagios/plugins/check_http -a ${AUTH} -I 127.0.0.1 -p 8888 -u '/;csv' -v)
277+
278+for BACKEND in $(echo $HAPROXYSTATS| xargs -n1 | grep BACKEND | awk -F , '{print $1}')
279+do
280+ CURRQ=$(echo "$HAPROXYSTATS" | grep $BACKEND | grep BACKEND | cut -d , -f 3)
281+ MAXQ=$(echo "$HAPROXYSTATS" | grep $BACKEND | grep BACKEND | cut -d , -f 4)
282+
283+ if [[ $CURRQ -gt $CURRQthrsh || $MAXQ -gt $MAXQthrsh ]] ; then
284+ echo "CRITICAL: queue depth for $BACKEND - CURRENT:$CURRQ MAX:$MAXQ"
285+ exit 2
286+ fi
287+done
288+
289+echo "OK: All haproxy queue depths looking good"
290+exit 0
291+
292
293=== modified file 'hooks/charmhelpers/contrib/openstack/ip.py'
294--- hooks/charmhelpers/contrib/openstack/ip.py 2015-01-26 09:44:26 +0000
295+++ hooks/charmhelpers/contrib/openstack/ip.py 2015-02-24 11:59:09 +0000
296@@ -26,6 +26,8 @@
297 )
298 from charmhelpers.contrib.hahelpers.cluster import is_clustered
299
300+from functools import partial
301+
302 PUBLIC = 'public'
303 INTERNAL = 'int'
304 ADMIN = 'admin'
305@@ -107,3 +109,38 @@
306 "clustered=%s)" % (net_type, clustered))
307
308 return resolved_address
309+
310+
311+def endpoint_url(configs, url_template, port, endpoint_type=PUBLIC,
312+ override=None):
313+ """Returns the correct endpoint URL to advertise to Keystone.
314+
315+ This method provides the correct endpoint URL which should be advertised to
316+ the keystone charm for endpoint creation. This method allows for the url to
317+ be overridden to force a keystone endpoint to have specific URL for any of
318+ the defined scopes (admin, internal, public).
319+
320+ :param configs: OSTemplateRenderer config templating object to inspect
321+ for a complete https context.
322+ :param url_template: str format string for creating the url template. Only
323+ two values will be passed - the scheme+hostname
324+ returned by the canonical_url and the port.
325+ :param endpoint_type: str endpoint type to resolve.
326+ :param override: str the name of the config option which overrides the
327+ endpoint URL defined by the charm itself. None will
328+ disable any overrides (default).
329+ """
330+ if override:
331+ # Return any user-defined overrides for the keystone endpoint URL.
332+ user_value = config(override)
333+ if user_value:
334+ return user_value.strip()
335+
336+ return url_template % (canonical_url(configs, endpoint_type), port)
337+
338+
339+public_endpoint = partial(endpoint_url, endpoint_type=PUBLIC)
340+
341+internal_endpoint = partial(endpoint_url, endpoint_type=INTERNAL)
342+
343+admin_endpoint = partial(endpoint_url, endpoint_type=ADMIN)
344
345=== modified file 'hooks/charmhelpers/contrib/openstack/utils.py'
346--- hooks/charmhelpers/contrib/openstack/utils.py 2015-01-26 09:44:26 +0000
347+++ hooks/charmhelpers/contrib/openstack/utils.py 2015-02-24 11:59:09 +0000
348@@ -103,6 +103,7 @@
349 ('2.1.0', 'juno'),
350 ('2.2.0', 'juno'),
351 ('2.2.1', 'kilo'),
352+ ('2.2.2', 'kilo'),
353 ])
354
355 DEFAULT_LOOPBACK_SIZE = '5G'
356
357=== modified file 'hooks/charmhelpers/core/fstab.py'
358--- hooks/charmhelpers/core/fstab.py 2015-02-17 07:10:15 +0000
359+++ hooks/charmhelpers/core/fstab.py 2015-02-24 11:59:09 +0000
360@@ -77,7 +77,7 @@
361 for line in self.readlines():
362 line = line.decode('us-ascii')
363 try:
364- if line.strip() and not line.startswith("#"):
365+ if line.strip() and not line.strip().startswith("#"):
366 yield self._hydrate_entry(line)
367 except ValueError:
368 pass
369@@ -104,7 +104,7 @@
370
371 found = False
372 for index, line in enumerate(lines):
373- if not line.startswith("#"):
374+ if line.strip() and not line.strip().startswith("#"):
375 if self._hydrate_entry(line) == entry:
376 found = True
377 break
378
379=== added file 'hooks/charmhelpers/core/strutils.py'
380--- hooks/charmhelpers/core/strutils.py 1970-01-01 00:00:00 +0000
381+++ hooks/charmhelpers/core/strutils.py 2015-02-24 11:59:09 +0000
382@@ -0,0 +1,42 @@
383+#!/usr/bin/env python
384+# -*- coding: utf-8 -*-
385+
386+# Copyright 2014-2015 Canonical Limited.
387+#
388+# This file is part of charm-helpers.
389+#
390+# charm-helpers is free software: you can redistribute it and/or modify
391+# it under the terms of the GNU Lesser General Public License version 3 as
392+# published by the Free Software Foundation.
393+#
394+# charm-helpers is distributed in the hope that it will be useful,
395+# but WITHOUT ANY WARRANTY; without even the implied warranty of
396+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
397+# GNU Lesser General Public License for more details.
398+#
399+# You should have received a copy of the GNU Lesser General Public License
400+# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.
401+
402+import six
403+
404+
405+def bool_from_string(value):
406+ """Interpret string value as boolean.
407+
408+ Returns True if value translates to True otherwise False.
409+ """
410+ if isinstance(value, six.string_types):
411+ value = six.text_type(value)
412+ else:
413+ msg = "Unable to interpret non-string value '%s' as boolean" % (value)
414+ raise ValueError(msg)
415+
416+ value = value.strip().lower()
417+
418+ if value in ['y', 'yes', 'true', 't']:
419+ return True
420+ elif value in ['n', 'no', 'false', 'f']:
421+ return False
422+
423+ msg = "Unable to interpret string value '%s' as boolean" % (value)
424+ raise ValueError(msg)
425
426=== modified file 'hooks/neutron_api_utils.py'
427--- hooks/neutron_api_utils.py 2015-02-17 11:43:13 +0000
428+++ hooks/neutron_api_utils.py 2015-02-24 11:59:09 +0000
429@@ -77,7 +77,9 @@
430 database=config('database'),
431 ssl_dir=NEUTRON_CONF_DIR),
432 context.PostgresqlDBContext(database=config('database')),
433- neutron_api_context.IdentityServiceContext(),
434+ neutron_api_context.IdentityServiceContext(
435+ service='neutron',
436+ service_user='neutron'),
437 neutron_api_context.NeutronCCContext(),
438 context.SyslogContext(),
439 context.BindHostContext(),
440
441=== modified file 'templates/icehouse/neutron.conf'
442--- templates/icehouse/neutron.conf 2014-10-22 16:31:29 +0000
443+++ templates/icehouse/neutron.conf 2015-02-24 11:59:09 +0000
444@@ -56,7 +56,7 @@
445 root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
446
447 [keystone_authtoken]
448-signing_dir = /var/lib/neutron/keystone-signing
449+signing_dir = {{ signing_dir }}
450 {% if service_host -%}
451 service_protocol = {{ service_protocol }}
452 service_host = {{ service_host }}
453
454=== modified file 'templates/kilo/neutron.conf'
455--- templates/kilo/neutron.conf 2015-01-20 14:15:55 +0000
456+++ templates/kilo/neutron.conf 2015-02-24 11:59:09 +0000
457@@ -56,7 +56,7 @@
458 root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
459
460 [keystone_authtoken]
461-signing_dir = /var/lib/neutron/keystone-signing
462+signing_dir = {{ signing_dir }}
463 {% if service_host -%}
464 service_protocol = {{ service_protocol }}
465 service_host = {{ service_host }}

Subscribers

People subscribed via source and target branches