Charm Helpers

Merge lp:~ivoks/charm-helpers/new-ssl into lp:charm-helpers

  1. new-ssl
  2. Merge into devel
Proposed by Ante Karamatić
Status: Merged
Merged at revision: 117
Proposed branch: lp:~ivoks/charm-helpers/new-ssl
Merge into: lp:charm-helpers
Diff against target: 163 lines (+30/-24)
6 files modified
charmhelpers/contrib/hahelpers/cluster.py (+4/-4)
charmhelpers/contrib/openstack/context.py (+4/-6)
charmhelpers/contrib/openstack/templates/haproxy.cfg (+2/-3)
charmhelpers/core/host.py (+9/-3)
tests/contrib/hahelpers/test_cluster_utils.py (+7/-5)
tests/contrib/openstack/test_os_contexts.py (+4/-3)
To merge this branch: bzr merge lp:~ivoks/charm-helpers/new-ssl
Reviewer Review Type Date Requested Status
James Page Approve
Review via email: mp+206629@code.launchpad.net

Description of the change

As part of changing OpenStack charm to provide better SSL experience, we need to put HAproxy in front of the Apache. Apache then does SSL termination on destination host, and HAproxy balances TCP traffic instead of HTTP. This allows us to keep all outside server traffic - crypted.

In addition, this branch extends restart_on_change() to provide stop/start in addition to restart. This is required when restarting services that might switch TCP ports, depending on changes in relation.

To post a comment you must log in.
lp:~ivoks/charm-helpers/new-ssl updated
119. By Ante Karamatić

Fix tests

120. By Ante Karamatić

Remove determine_haproxy_port()

Revision history for this message
James Page (james-page) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'charmhelpers/contrib/hahelpers/cluster.py'
2--- charmhelpers/contrib/hahelpers/cluster.py 2013-08-13 23:18:10 +0000
3+++ charmhelpers/contrib/hahelpers/cluster.py 2014-02-17 11:34:17 +0000
4@@ -126,17 +126,17 @@
5 return public_port - (i * 10)
6
7
8-def determine_haproxy_port(public_port):
9+def determine_apache_port(public_port):
10 '''
11- Description: Determine correct proxy listening port based on public IP +
12- existence of HTTPS reverse proxy.
13+ Description: Determine correct apache listening port based on public IP +
14+ state of the cluster.
15
16 public_port: int: standard public port for given service
17
18 returns: int: the correct listening port for the HAProxy service
19 '''
20 i = 0
21- if https():
22+ if len(peer_units()) > 0 or is_clustered():
23 i += 1
24 return public_port - (i * 10)
25
26
27=== modified file 'charmhelpers/contrib/openstack/context.py'
28--- charmhelpers/contrib/openstack/context.py 2014-02-12 14:57:24 +0000
29+++ charmhelpers/contrib/openstack/context.py 2014-02-17 11:34:17 +0000
30@@ -26,8 +26,8 @@
31 )
32
33 from charmhelpers.contrib.hahelpers.cluster import (
34+ determine_apache_port,
35 determine_api_port,
36- determine_haproxy_port,
37 https,
38 is_clustered,
39 peer_units,
40@@ -380,11 +380,9 @@
41 'private_address': unit_get('private-address'),
42 'endpoints': []
43 }
44- for ext_port in self.external_ports:
45- if peer_units() or is_clustered():
46- int_port = determine_haproxy_port(ext_port)
47- else:
48- int_port = determine_api_port(ext_port)
49+ for api_port in self.external_ports:
50+ ext_port = determine_apache_port(api_port)
51+ int_port = determine_api_port(api_port)
52 portmap = (int(ext_port), int(int_port))
53 ctxt['endpoints'].append(portmap)
54 return ctxt
55
56=== modified file 'charmhelpers/contrib/openstack/templates/haproxy.cfg'
57--- charmhelpers/contrib/openstack/templates/haproxy.cfg 2013-07-19 23:31:35 +0000
58+++ charmhelpers/contrib/openstack/templates/haproxy.cfg 2014-02-17 11:34:17 +0000
59@@ -8,8 +8,8 @@
60
61 defaults
62 log global
63- mode http
64- option httplog
65+ mode tcp
66+ option tcplog
67 option dontlognull
68 retries 3
69 timeout queue 1000
70@@ -29,7 +29,6 @@
71 {% for service, ports in service_ports.iteritems() -%}
72 listen {{ service }} 0.0.0.0:{{ ports[0] }}
73 balance roundrobin
74- option tcplog
75 {% for unit, address in units.iteritems() -%}
76 server {{ unit }} {{ address }}:{{ ports[1] }} check
77 {% endfor %}
78
79=== modified file 'charmhelpers/core/host.py'
80--- charmhelpers/core/host.py 2013-11-29 11:08:56 +0000
81+++ charmhelpers/core/host.py 2014-02-17 11:34:17 +0000
82@@ -194,7 +194,7 @@
83 return None
84
85
86-def restart_on_change(restart_map):
87+def restart_on_change(restart_map, stopstart=False):
88 """Restart services based on configuration files changing
89
90 This function is used a decorator, for example
91@@ -219,8 +219,14 @@
92 for path in restart_map:
93 if checksums[path] != file_hash(path):
94 restarts += restart_map[path]
95- for service_name in list(OrderedDict.fromkeys(restarts)):
96- service('restart', service_name)
97+ services_list = list(OrderedDict.fromkeys(restarts))
98+ if not stopstart:
99+ for service_name in services_list:
100+ service('restart', service_name)
101+ else:
102+ for action in ['stop', 'start']:
103+ for service_name in services_list:
104+ service(action, service_name)
105 return wrapped_f
106 return wrap
107
108
109=== modified file 'tests/contrib/hahelpers/test_cluster_utils.py'
110--- tests/contrib/hahelpers/test_cluster_utils.py 2013-07-23 11:50:28 +0000
111+++ tests/contrib/hahelpers/test_cluster_utils.py 2014-02-17 11:34:17 +0000
112@@ -187,16 +187,18 @@
113 self.assertEquals(9676, cluster_utils.determine_api_port(9696))
114
115 @patch.object(cluster_utils, 'https')
116- def test_determine_haproxy_port_https(self, https):
117+ def test_determine_apache_port_https(self, https):
118 '''It determines haproxy port with https enabled'''
119 https.return_value = True
120- self.assertEquals(9686, cluster_utils.determine_haproxy_port(9696))
121+ self.assertEquals(9696, cluster_utils.determine_apache_port(9696))
122
123 @patch.object(cluster_utils, 'https')
124- def test_determine_haproxy_port_no_https(self, https):
125+ @patch.object(cluster_utils, 'is_clustered')
126+ def test_determine_apache_port_clustered(self, https, is_clustered):
127 '''It determines haproxy port with https disabled'''
128- https.return_value = False
129- self.assertEquals(9696, cluster_utils.determine_haproxy_port(9696))
130+ https.return_value = True
131+ is_clustered.return_value = True
132+ self.assertEquals(9686, cluster_utils.determine_apache_port(9696))
133
134 def test_get_hacluster_config_complete(self):
135 '''It fetches all hacluster charm config'''
136
137=== modified file 'tests/contrib/openstack/test_os_contexts.py'
138--- tests/contrib/openstack/test_os_contexts.py 2014-02-12 16:08:44 +0000
139+++ tests/contrib/openstack/test_os_contexts.py 2014-02-17 11:34:17 +0000
140@@ -176,7 +176,7 @@
141 'unit_get',
142 'https',
143 'determine_api_port',
144- 'determine_haproxy_port',
145+ 'determine_apache_port',
146 'peer_units',
147 'is_clustered',
148 ]
149@@ -470,11 +470,12 @@
150 def _test_https_context(self, apache, is_clustered, peer_units):
151 self.https.return_value = True
152
153- if is_clustered or peer_units:
154+ if is_clustered:
155 self.determine_api_port.return_value = 8756
156- self.determine_haproxy_port.return_value = 8766
157+ self.determine_apache_port.return_value = 8766
158 else:
159 self.determine_api_port.return_value = 8766
160+ self.determine_apache_port.return_value = 8776
161
162 self.unit_get.return_value = 'cinderhost1'
163 self.is_clustered.return_value = is_clustered

Subscribers

People subscribed via source and target branches