Juju Charms Collection
glance package

Merge lp:~ivoks/charms/precise/glance/tls-ha into lp:~charmers/charms/precise/glance/trunk

  1. Precise Pangolin (12.04)
  2. tls-ha
  3. Merge into trunk
Proposed by Ante Karamatić
Status: Merged
Merged at revision: 45
Proposed branch: lp:~ivoks/charms/precise/glance/tls-ha
Merge into: lp:~charmers/charms/precise/glance/trunk
Diff against target: 202 lines (+50/-30)
7 files modified
hooks/charmhelpers/contrib/hahelpers/cluster.py (+7/-0)
hooks/charmhelpers/contrib/openstack/context.py (+4/-6)
hooks/charmhelpers/core/host.py (+9/-3)
hooks/glance_contexts.py (+4/-3)
hooks/glance_relations.py (+3/-2)
templates/haproxy.cfg (+2/-3)
unit_tests/test_glance_contexts.py (+21/-13)
To merge this branch: bzr merge lp:~ivoks/charms/precise/glance/tls-ha
Reviewer Review Type Date Requested Status
charmers Pending
Review via email: mp+206633@code.launchpad.net

Description of the change

As part of changing OpenStack charm to provide better SSL experience, we need to put HAproxy in front of the Apache. Apache then does SSL termination on destination host, and HAproxy balances TCP traffic instead of HTTP. This allows us to keep all outside server traffic - crypted.

In addition, we stop and start services, instead of restarting. This avoids TCP port conflicts.

Depends on charm-helpers from: lp:~ivoks/charm-helpers/new-ssl

To post a comment you must log in.
lp:~ivoks/charms/precise/glance/tls-ha updated
47. By Ante Karamatić

[hopem] Fix unit test

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/charmhelpers/contrib/hahelpers/cluster.py'
2--- hooks/charmhelpers/contrib/hahelpers/cluster.py 2013-08-17 00:29:10 +0000
3+++ hooks/charmhelpers/contrib/hahelpers/cluster.py 2014-02-18 11:51:52 +0000
4@@ -126,6 +126,13 @@
5 return public_port - (i * 10)
6
7
8+def determine_apache_port(public_port):
9+ i = 0
10+ if len(peer_units()) > 0 or is_clustered():
11+ i += 1
12+ return public_port - (i * 10)
13+
14+
15 def determine_haproxy_port(public_port):
16 '''
17 Description: Determine correct proxy listening port based on public IP +
18
19=== modified file 'hooks/charmhelpers/contrib/openstack/context.py'
20--- hooks/charmhelpers/contrib/openstack/context.py 2014-02-14 13:41:38 +0000
21+++ hooks/charmhelpers/contrib/openstack/context.py 2014-02-18 11:51:52 +0000
22@@ -26,8 +26,8 @@
23 )
24
25 from charmhelpers.contrib.hahelpers.cluster import (
26+ determine_apache_port,
27 determine_api_port,
28- determine_haproxy_port,
29 https,
30 is_clustered,
31 peer_units,
32@@ -380,11 +380,9 @@
33 'private_address': unit_get('private-address'),
34 'endpoints': []
35 }
36- for ext_port in self.external_ports:
37- if peer_units() or is_clustered():
38- int_port = determine_haproxy_port(ext_port)
39- else:
40- int_port = determine_api_port(ext_port)
41+ for api_port in self.external_ports:
42+ ext_port = determine_apache_port(api_port)
43+ int_port = determine_api_port(api_port)
44 portmap = (int(ext_port), int(int_port))
45 ctxt['endpoints'].append(portmap)
46 return ctxt
47
48=== modified file 'hooks/charmhelpers/core/host.py'
49--- hooks/charmhelpers/core/host.py 2014-02-14 13:41:38 +0000
50+++ hooks/charmhelpers/core/host.py 2014-02-18 11:51:52 +0000
51@@ -194,7 +194,7 @@
52 return None
53
54
55-def restart_on_change(restart_map):
56+def restart_on_change(restart_map, stopstart=False):
57 """Restart services based on configuration files changing
58
59 This function is used a decorator, for example
60@@ -219,8 +219,14 @@
61 for path in restart_map:
62 if checksums[path] != file_hash(path):
63 restarts += restart_map[path]
64- for service_name in list(OrderedDict.fromkeys(restarts)):
65- service('restart', service_name)
66+ services_list = list(OrderedDict.fromkeys(restarts))
67+ if not stopstart:
68+ for service_name in services_list:
69+ service('restart', service_name)
70+ else:
71+ for action in ['stop', 'start']:
72+ for service_name in services_list:
73+ service(action, service_name)
74 return wrapped_f
75 return wrap
76
77
78=== modified file 'hooks/glance_contexts.py'
79--- hooks/glance_contexts.py 2014-02-14 13:41:38 +0000
80+++ hooks/glance_contexts.py 2014-02-18 11:51:52 +0000
81@@ -11,8 +11,8 @@
82 )
83
84 from charmhelpers.contrib.hahelpers.cluster import (
85+ determine_apache_port,
86 determine_api_port,
87- determine_haproxy_port,
88 )
89
90
91@@ -59,11 +59,12 @@
92 specific to this charm.
93 Also used to extend glance-api.conf context with correct bind_port
94 '''
95- haproxy_port = determine_haproxy_port(9292)
96+ haproxy_port = 9292
97+ apache_port = determine_apache_port(9292)
98 api_port = determine_api_port(9292)
99
100 ctxt = {
101- 'service_ports': {'glance_api': [haproxy_port, api_port]},
102+ 'service_ports': {'glance_api': [haproxy_port, apache_port]},
103 'bind_port': api_port,
104 }
105 return ctxt
106
107=== modified file 'hooks/glance_relations.py'
108--- hooks/glance_relations.py 2013-10-22 23:20:32 +0000
109+++ hooks/glance_relations.py 2014-02-18 11:51:52 +0000
110@@ -207,7 +207,7 @@
111
112
113 @hooks.hook('config-changed')
114-@restart_on_change(restart_map())
115+@restart_on_change(restart_map(), stopstart=True)
116 def config_changed():
117 if openstack_upgrade_available('glance-common'):
118 juju_log('Upgrading OpenStack release')
119@@ -223,8 +223,9 @@
120
121
122 @hooks.hook('cluster-relation-changed')
123-@restart_on_change(restart_map())
124+@restart_on_change(restart_map(), stopstart=True)
125 def cluster_changed():
126+ configure_https()
127 CONFIGS.write(GLANCE_API_CONF)
128 CONFIGS.write(HAPROXY_CONF)
129
130
131=== modified file 'templates/haproxy.cfg'
132--- templates/haproxy.cfg 2013-07-01 19:01:13 +0000
133+++ templates/haproxy.cfg 2014-02-18 11:51:52 +0000
134@@ -8,8 +8,8 @@
135
136 defaults
137 log global
138- mode http
139- option httplog
140+ mode tcp
141+ option tcplog
142 option dontlognull
143 retries 3
144 timeout queue 1000
145@@ -29,7 +29,6 @@
146 {% for service, ports in service_ports.iteritems() -%}
147 listen {{ service }} 0.0.0.0:{{ ports[0] }}
148 balance roundrobin
149- option tcplog
150 {% for unit, address in units.iteritems() -%}
151 server {{ unit }} {{ address }}:{{ ports[1] }} check
152 {% endfor %}
153
154=== modified file 'unit_tests/test_glance_contexts.py'
155--- unit_tests/test_glance_contexts.py 2013-11-08 01:34:39 +0000
156+++ unit_tests/test_glance_contexts.py 2014-02-18 11:51:52 +0000
157@@ -9,7 +9,7 @@
158 'relation_ids',
159 'is_relation_made',
160 'service_name',
161- 'determine_haproxy_port',
162+ 'determine_apache_port',
163 'determine_api_port',
164 ]
165
166@@ -41,16 +41,24 @@
167 {'rbd_pool': service,
168 'rbd_user': service})
169
170- def test_haproxy_configuration(self):
171- self.determine_haproxy_port.return_value = 9292
172- self.determine_api_port.return_value = 9282
173- self.assertEquals(
174- contexts.HAProxyContext()(),
175- {'service_ports': {'glance_api': [9292, 9282]},
176- 'bind_port': 9282})
177-
178+ @patch('charmhelpers.contrib.openstack.context.determine_apache_port')
179+ @patch('charmhelpers.contrib.openstack.context.determine_api_port')
180+ @patch('charmhelpers.contrib.openstack.context.unit_get')
181 @patch('charmhelpers.contrib.openstack.context.https')
182- def test_apache_ssl_context_service_enabled(self,
183- https):
184- https.return_value = False
185- self.assertEquals(contexts.ApacheSSLContext()(), {})
186+ def test_apache_ssl_context_service_enabled(self, mock_https,
187+ mock_unit_get,
188+ mock_determine_api_port,
189+ mock_determine_apache_port):
190+ mock_https.return_value = True
191+ mock_unit_get.return_value = '1.2.3.4'
192+ mock_determine_api_port.return_value = '12'
193+ mock_determine_apache_port.return_value = '34'
194+
195+ ctxt = contexts.ApacheSSLContext()
196+ with patch.object(ctxt, 'enable_modules') as mock_enable_modules:
197+ with patch.object(ctxt, 'configure_cert') as mock_configure_cert:
198+ self.assertEquals(ctxt(), {'endpoints': [(34, 12)],
199+ 'private_address': '1.2.3.4',
200+ 'namespace': 'glance'})
201+ self.assertTrue(mock_https.called)
202+ mock_unit_get.assert_called_with('private-address')

Subscribers

People subscribed via source and target branches