Charm Helpers

Merge lp:~ivoks/charm-helpers/new-ssl into lp:charm-helpers

  1. new-ssl
  2. Merge into devel
Proposed by Ante Karamatić
Status: Merged
Merged at revision: 117
Proposed branch: lp:~ivoks/charm-helpers/new-ssl
Merge into: lp:charm-helpers
Diff against target: 163 lines (+30/-24)
6 files modified
charmhelpers/contrib/hahelpers/cluster.py (+4/-4)
charmhelpers/contrib/openstack/context.py (+4/-6)
charmhelpers/contrib/openstack/templates/haproxy.cfg (+2/-3)
charmhelpers/core/host.py (+9/-3)
tests/contrib/hahelpers/test_cluster_utils.py (+7/-5)
tests/contrib/openstack/test_os_contexts.py (+4/-3)
To merge this branch: bzr merge lp:~ivoks/charm-helpers/new-ssl
Reviewer Review Type Date Requested Status
James Page Approve
Review via email: mp+206629@code.launchpad.net

Description of the change

As part of changing OpenStack charm to provide better SSL experience, we need to put HAproxy in front of the Apache. Apache then does SSL termination on destination host, and HAproxy balances TCP traffic instead of HTTP. This allows us to keep all outside server traffic - crypted.

In addition, this branch extends restart_on_change() to provide stop/start in addition to restart. This is required when restarting services that might switch TCP ports, depending on changes in relation.

To post a comment you must log in.
lp:~ivoks/charm-helpers/new-ssl updated
119. By Ante Karamatić

Fix tests

120. By Ante Karamatić

Remove determine_haproxy_port()

Revision history for this message
James Page (james-page) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'charmhelpers/contrib/hahelpers/cluster.py'
--- charmhelpers/contrib/hahelpers/cluster.py 2013-08-13 23:18:10 +0000
+++ charmhelpers/contrib/hahelpers/cluster.py 2014-02-17 11:34:17 +0000
@@ -126,17 +126,17 @@
126 return public_port - (i * 10)126 return public_port - (i * 10)
127127
128128
129def determine_haproxy_port(public_port):129def determine_apache_port(public_port):
130 '''130 '''
131 Description: Determine correct proxy listening port based on public IP +131 Description: Determine correct apache listening port based on public IP +
132 existence of HTTPS reverse proxy.132 state of the cluster.
133133
134 public_port: int: standard public port for given service134 public_port: int: standard public port for given service
135135
136 returns: int: the correct listening port for the HAProxy service136 returns: int: the correct listening port for the HAProxy service
137 '''137 '''
138 i = 0138 i = 0
139 if https():139 if len(peer_units()) > 0 or is_clustered():
140 i += 1140 i += 1
141 return public_port - (i * 10)141 return public_port - (i * 10)
142142
143143
=== modified file 'charmhelpers/contrib/openstack/context.py'
--- charmhelpers/contrib/openstack/context.py 2014-02-12 14:57:24 +0000
+++ charmhelpers/contrib/openstack/context.py 2014-02-17 11:34:17 +0000
@@ -26,8 +26,8 @@
26)26)
2727
28from charmhelpers.contrib.hahelpers.cluster import (28from charmhelpers.contrib.hahelpers.cluster import (
29 determine_apache_port,
29 determine_api_port,30 determine_api_port,
30 determine_haproxy_port,
31 https,31 https,
32 is_clustered,32 is_clustered,
33 peer_units,33 peer_units,
@@ -380,11 +380,9 @@
380 'private_address': unit_get('private-address'),380 'private_address': unit_get('private-address'),
381 'endpoints': []381 'endpoints': []
382 }382 }
383 for ext_port in self.external_ports:383 for api_port in self.external_ports:
384 if peer_units() or is_clustered():384 ext_port = determine_apache_port(api_port)
385 int_port = determine_haproxy_port(ext_port)385 int_port = determine_api_port(api_port)
386 else:
387 int_port = determine_api_port(ext_port)
388 portmap = (int(ext_port), int(int_port))386 portmap = (int(ext_port), int(int_port))
389 ctxt['endpoints'].append(portmap)387 ctxt['endpoints'].append(portmap)
390 return ctxt388 return ctxt
391389
=== modified file 'charmhelpers/contrib/openstack/templates/haproxy.cfg'
--- charmhelpers/contrib/openstack/templates/haproxy.cfg 2013-07-19 23:31:35 +0000
+++ charmhelpers/contrib/openstack/templates/haproxy.cfg 2014-02-17 11:34:17 +0000
@@ -8,8 +8,8 @@
88
9defaults9defaults
10 log global10 log global
11 mode http11 mode tcp
12 option httplog12 option tcplog
13 option dontlognull13 option dontlognull
14 retries 314 retries 3
15 timeout queue 100015 timeout queue 1000
@@ -29,7 +29,6 @@
29{% for service, ports in service_ports.iteritems() -%}29{% for service, ports in service_ports.iteritems() -%}
30listen {{ service }} 0.0.0.0:{{ ports[0] }}30listen {{ service }} 0.0.0.0:{{ ports[0] }}
31 balance roundrobin31 balance roundrobin
32 option tcplog
33 {% for unit, address in units.iteritems() -%}32 {% for unit, address in units.iteritems() -%}
34 server {{ unit }} {{ address }}:{{ ports[1] }} check33 server {{ unit }} {{ address }}:{{ ports[1] }} check
35 {% endfor %}34 {% endfor %}
3635
=== modified file 'charmhelpers/core/host.py'
--- charmhelpers/core/host.py 2013-11-29 11:08:56 +0000
+++ charmhelpers/core/host.py 2014-02-17 11:34:17 +0000
@@ -194,7 +194,7 @@
194 return None194 return None
195195
196196
197def restart_on_change(restart_map):197def restart_on_change(restart_map, stopstart=False):
198 """Restart services based on configuration files changing198 """Restart services based on configuration files changing
199199
200 This function is used a decorator, for example200 This function is used a decorator, for example
@@ -219,8 +219,14 @@
219 for path in restart_map:219 for path in restart_map:
220 if checksums[path] != file_hash(path):220 if checksums[path] != file_hash(path):
221 restarts += restart_map[path]221 restarts += restart_map[path]
222 for service_name in list(OrderedDict.fromkeys(restarts)):222 services_list = list(OrderedDict.fromkeys(restarts))
223 service('restart', service_name)223 if not stopstart:
224 for service_name in services_list:
225 service('restart', service_name)
226 else:
227 for action in ['stop', 'start']:
228 for service_name in services_list:
229 service(action, service_name)
224 return wrapped_f230 return wrapped_f
225 return wrap231 return wrap
226232
227233
=== modified file 'tests/contrib/hahelpers/test_cluster_utils.py'
--- tests/contrib/hahelpers/test_cluster_utils.py 2013-07-23 11:50:28 +0000
+++ tests/contrib/hahelpers/test_cluster_utils.py 2014-02-17 11:34:17 +0000
@@ -187,16 +187,18 @@
187 self.assertEquals(9676, cluster_utils.determine_api_port(9696))187 self.assertEquals(9676, cluster_utils.determine_api_port(9696))
188188
189 @patch.object(cluster_utils, 'https')189 @patch.object(cluster_utils, 'https')
190 def test_determine_haproxy_port_https(self, https):190 def test_determine_apache_port_https(self, https):
191 '''It determines haproxy port with https enabled'''191 '''It determines haproxy port with https enabled'''
192 https.return_value = True192 https.return_value = True
193 self.assertEquals(9686, cluster_utils.determine_haproxy_port(9696))193 self.assertEquals(9696, cluster_utils.determine_apache_port(9696))
194194
195 @patch.object(cluster_utils, 'https')195 @patch.object(cluster_utils, 'https')
196 def test_determine_haproxy_port_no_https(self, https):196 @patch.object(cluster_utils, 'is_clustered')
197 def test_determine_apache_port_clustered(self, https, is_clustered):
197 '''It determines haproxy port with https disabled'''198 '''It determines haproxy port with https disabled'''
198 https.return_value = False199 https.return_value = True
199 self.assertEquals(9696, cluster_utils.determine_haproxy_port(9696))200 is_clustered.return_value = True
201 self.assertEquals(9686, cluster_utils.determine_apache_port(9696))
200202
201 def test_get_hacluster_config_complete(self):203 def test_get_hacluster_config_complete(self):
202 '''It fetches all hacluster charm config'''204 '''It fetches all hacluster charm config'''
203205
=== modified file 'tests/contrib/openstack/test_os_contexts.py'
--- tests/contrib/openstack/test_os_contexts.py 2014-02-12 16:08:44 +0000
+++ tests/contrib/openstack/test_os_contexts.py 2014-02-17 11:34:17 +0000
@@ -176,7 +176,7 @@
176 'unit_get',176 'unit_get',
177 'https',177 'https',
178 'determine_api_port',178 'determine_api_port',
179 'determine_haproxy_port',179 'determine_apache_port',
180 'peer_units',180 'peer_units',
181 'is_clustered',181 'is_clustered',
182]182]
@@ -470,11 +470,12 @@
470 def _test_https_context(self, apache, is_clustered, peer_units):470 def _test_https_context(self, apache, is_clustered, peer_units):
471 self.https.return_value = True471 self.https.return_value = True
472472
473 if is_clustered or peer_units:473 if is_clustered:
474 self.determine_api_port.return_value = 8756474 self.determine_api_port.return_value = 8756
475 self.determine_haproxy_port.return_value = 8766475 self.determine_apache_port.return_value = 8766
476 else:476 else:
477 self.determine_api_port.return_value = 8766477 self.determine_api_port.return_value = 8766
478 self.determine_apache_port.return_value = 8776
478479
479 self.unit_get.return_value = 'cinderhost1'480 self.unit_get.return_value = 'cinderhost1'
480 self.is_clustered.return_value = is_clustered481 self.is_clustered.return_value = is_clustered

Subscribers

People subscribed via source and target branches