Juju Charms Collection
nova-cloud-controller package

Merge lp:~ivoks/charms/precise/nova-cloud-controller/tls-ha into lp:~charmers/charms/precise/nova-cloud-controller/trunk

  1. Precise Pangolin (12.04)
  2. tls-ha
  3. Merge into trunk
Proposed by Ante Karamatić
Status: Merged
Merged at revision: 63
Proposed branch: lp:~ivoks/charms/precise/nova-cloud-controller/tls-ha
Merge into: lp:~charmers/charms/precise/nova-cloud-controller/trunk
Diff against target: 253 lines (+54/-34)
8 files modified
hooks/charmhelpers/contrib/hahelpers/cluster.py (+4/-4)
hooks/charmhelpers/contrib/openstack/context.py (+21/-7)
hooks/charmhelpers/contrib/openstack/templates/haproxy.cfg (+2/-3)
hooks/charmhelpers/core/host.py (+9/-3)
hooks/nova_cc_context.py (+13/-14)
hooks/nova_cc_hooks.py (+2/-2)
revision (+1/-1)
templates/folsom/nova.conf (+2/-0)
To merge this branch: bzr merge lp:~ivoks/charms/precise/nova-cloud-controller/tls-ha
Reviewer Review Type Date Requested Status
Edward Hope-Morley Needs Fixing
charmers Pending
Review via email: mp+206634@code.launchpad.net

Description of the change

As part of changing OpenStack charm to provide better SSL experience, we need to put HAproxy in front of the Apache. Apache then does SSL termination on destination host, and HAproxy balances TCP traffic instead of HTTP. This allows us to keep all outside server traffic - crypted.

In addition, we stop and start services, instead of restarting. This avoids TCP port conflicts.

Depends on charm-helpers from: lp:~ivoks/charm-helpers/new-ssl

To post a comment you must log in.
lp:~ivoks/charms/precise/nova-cloud-controller/tls-ha updated
67. By Ante Karamatić

Support for neutron_url in nova.conf

68. By Ante Karamatić

Update charm-helpers

Revision history for this message
Edward Hope-Morley (hopem) wrote :

The status of this MP has been set to Merged but this has not been merged. Also it contains a bug, is out-of-sync with the corresponding cham-helpers patch and is target at the wrong branch.

review: Needs Fixing
Revision history for this message
Edward Hope-Morley (hopem) wrote :

This is now supersceded by https://code.launchpad.net/~hopem/charms/precise/nova-cloud-controller/lp1273469

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'hooks/charmhelpers/contrib/hahelpers/cluster.py'
2--- hooks/charmhelpers/contrib/hahelpers/cluster.py 2013-08-14 16:14:10 +0000
3+++ hooks/charmhelpers/contrib/hahelpers/cluster.py 2014-02-17 12:10:56 +0000
4@@ -126,17 +126,17 @@
5 return public_port - (i * 10)
6
7
8-def determine_haproxy_port(public_port):
9+def determine_apache_port(public_port):
10 '''
11- Description: Determine correct proxy listening port based on public IP +
12- existence of HTTPS reverse proxy.
13+ Description: Determine correct apache listening port based on public IP +
14+ state of the cluster.
15
16 public_port: int: standard public port for given service
17
18 returns: int: the correct listening port for the HAProxy service
19 '''
20 i = 0
21- if https():
22+ if len(peer_units()) > 0 or is_clustered():
23 i += 1
24 return public_port - (i * 10)
25
26
27=== modified file 'hooks/charmhelpers/contrib/openstack/context.py'
28--- hooks/charmhelpers/contrib/openstack/context.py 2013-12-18 14:57:37 +0000
29+++ hooks/charmhelpers/contrib/openstack/context.py 2014-02-17 12:10:56 +0000
30@@ -27,8 +27,8 @@
31 )
32
33 from charmhelpers.contrib.hahelpers.cluster import (
34+ determine_apache_port,
35 determine_api_port,
36- determine_haproxy_port,
37 https,
38 is_clustered,
39 peer_units,
40@@ -341,11 +341,9 @@
41 'private_address': unit_get('private-address'),
42 'endpoints': []
43 }
44- for ext_port in self.external_ports:
45- if peer_units() or is_clustered():
46- int_port = determine_haproxy_port(ext_port)
47- else:
48- int_port = determine_api_port(ext_port)
49+ for api_port in self.external_ports:
50+ ext_port = determine_apache_port(api_port)
51+ int_port = determine_api_port(api_port)
52 portmap = (int(ext_port), int(int_port))
53 ctxt['endpoints'].append(portmap)
54 return ctxt
55@@ -412,6 +410,22 @@
56
57 return nvp_ctxt
58
59+ def neutron_ctxt(self):
60+ if https():
61+ proto = 'https'
62+ else:
63+ proto = 'http'
64+ if is_clustered():
65+ host = config()['vip']
66+ else:
67+ host = unit_get('private-address')
68+ url = proto + '://' + host + ':9696'
69+ ctxt = {
70+ 'network_manager': self.network_manager,
71+ 'neutron_url': url,
72+ }
73+ return ctxt
74+
75 def __call__(self):
76 self._ensure_packages()
77
78@@ -421,7 +435,7 @@
79 if not self.plugin:
80 return {}
81
82- ctxt = {'network_manager': self.network_manager}
83+ ctxt = self.neutron_ctxt()
84
85 if self.plugin == 'ovs':
86 ctxt.update(self.ovs_ctxt())
87
88=== modified file 'hooks/charmhelpers/contrib/openstack/templates/haproxy.cfg'
89--- hooks/charmhelpers/contrib/openstack/templates/haproxy.cfg 2013-08-02 03:42:16 +0000
90+++ hooks/charmhelpers/contrib/openstack/templates/haproxy.cfg 2014-02-17 12:10:56 +0000
91@@ -8,8 +8,8 @@
92
93 defaults
94 log global
95- mode http
96- option httplog
97+ mode tcp
98+ option tcplog
99 option dontlognull
100 retries 3
101 timeout queue 1000
102@@ -29,7 +29,6 @@
103 {% for service, ports in service_ports.iteritems() -%}
104 listen {{ service }} 0.0.0.0:{{ ports[0] }}
105 balance roundrobin
106- option tcplog
107 {% for unit, address in units.iteritems() -%}
108 server {{ unit }} {{ address }}:{{ ports[1] }} check
109 {% endfor %}
110
111=== modified file 'hooks/charmhelpers/core/host.py'
112--- hooks/charmhelpers/core/host.py 2013-10-22 23:01:40 +0000
113+++ hooks/charmhelpers/core/host.py 2014-02-17 12:10:56 +0000
114@@ -194,7 +194,7 @@
115 return None
116
117
118-def restart_on_change(restart_map):
119+def restart_on_change(restart_map, stopstart=False):
120 """Restart services based on configuration files changing
121
122 This function is used a decorator, for example
123@@ -219,8 +219,14 @@
124 for path in restart_map:
125 if checksums[path] != file_hash(path):
126 restarts += restart_map[path]
127- for service_name in list(OrderedDict.fromkeys(restarts)):
128- service('restart', service_name)
129+ services_list = list(OrderedDict.fromkeys(restarts))
130+ if not stopstart:
131+ for service_name in services_list:
132+ service('restart', service_name)
133+ else:
134+ for action in ['stop', 'start']:
135+ for service_name in services_list:
136+ service(action, service_name)
137 return wrapped_f
138 return wrap
139
140
141=== modified file 'hooks/nova_cc_context.py'
142--- hooks/nova_cc_context.py 2013-10-16 10:47:19 +0000
143+++ hooks/nova_cc_context.py 2014-02-17 12:10:56 +0000
144@@ -6,7 +6,7 @@
145 from charmhelpers.contrib.openstack import context, neutron, utils
146
147 from charmhelpers.contrib.hahelpers.cluster import (
148- determine_api_port, determine_haproxy_port)
149+ determine_apache_port, determine_api_port)
150
151
152 class ApacheSSLContext(context.ApacheSSLContext):
153@@ -67,6 +67,13 @@
154 nvol_api = determine_api_port(api_port('nova-api-os-volume'))
155 neutron_api = determine_api_port(api_port('neutron-server'))
156
157+ # Apache ports
158+ a_compute_api = determine_apache_port(api_port('nova-api-os-compute'))
159+ a_ec2_api = determine_apache_port(api_port('nova-api-ec2'))
160+ a_s3_api = determine_apache_port(api_port('nova-objectstore'))
161+ a_nvol_api = determine_apache_port(api_port('nova-api-os-volume'))
162+ a_neutron_api = determine_apache_port(api_port('neutron-server'))
163+
164 # to be set in nova.conf accordingly.
165 listen_ports = {
166 'osapi_compute_listen_port': compute_api,
167@@ -76,32 +83,24 @@
168
169 port_mapping = {
170 'nova-api-os-compute': [
171- determine_haproxy_port(api_port('nova-api-os-compute')),
172- compute_api,
173- ],
174+ api_port('nova-api-os-compute'), a_compute_api],
175 'nova-api-ec2': [
176- determine_haproxy_port(api_port('nova-api-ec2')),
177- ec2_api,
178- ],
179+ api_port('nova-api-ec2'), a_ec2_api],
180 'nova-objectstore': [
181- determine_haproxy_port(api_port('nova-objectstore')),
182- s3_api,
183- ],
184+ api_port('nova-objectstore'), a_s3_api],
185 }
186
187 if relation_ids('nova-volume-service'):
188 port_mapping.update({
189 'nova-api-ec2': [
190- determine_haproxy_port(api_port('nova-api-ec2')),
191- nvol_api],
192+ api_port('nova-api-ec2'), a_nvol_api],
193 })
194 listen_ports['osapi_volume_listen_port'] = nvol_api
195
196 if neutron.network_manager() in ['neutron', 'quantum']:
197 port_mapping.update({
198 'neutron-server': [
199- determine_haproxy_port(api_port('neutron-server')),
200- neutron_api]
201+ api_port('neutron-server'), a_neutron_api]
202 })
203 # quantum/neutron.conf listening port, set separte from nova's.
204 ctxt['neutron_bind_port'] = neutron_api
205
206=== modified file 'hooks/nova_cc_hooks.py'
207--- hooks/nova_cc_hooks.py 2013-12-16 10:09:36 +0000
208+++ hooks/nova_cc_hooks.py 2014-02-17 12:10:56 +0000
209@@ -94,7 +94,7 @@
210
211
212 @hooks.hook('config-changed')
213-@restart_on_change(restart_map())
214+@restart_on_change(restart_map(), stopstart=True)
215 def config_changed():
216 if openstack_upgrade_available('nova-common'):
217 do_openstack_upgrade(configs=CONFIGS)
218@@ -333,7 +333,7 @@
219
220 @hooks.hook('cluster-relation-changed',
221 'cluster-relation-departed')
222-@restart_on_change(restart_map())
223+@restart_on_change(restart_map(), stopstart=True)
224 def cluster_changed():
225 CONFIGS.write_all()
226
227
228=== modified file 'revision'
229--- revision 2013-12-02 18:01:11 +0000
230+++ revision 2014-02-17 12:10:56 +0000
231@@ -1,1 +1,1 @@
232-312
233+313
234
235=== modified file 'templates/folsom/nova.conf'
236--- templates/folsom/nova.conf 2014-02-03 13:32:52 +0000
237+++ templates/folsom/nova.conf 2014-02-17 12:10:56 +0000
238@@ -73,6 +73,7 @@
239
240 {% if network_manager and network_manager == 'quantum' -%}
241 network_api_class = nova.network.quantumv2.api.API
242+quantum_url = {{ neutron_url }}
243 {% if auth_host -%}
244 quantum_auth_strategy = keystone
245 quantum_admin_tenant_name = {{ admin_tenant_name }}
246@@ -82,6 +83,7 @@
247 {% endif -%}
248 {% elif network_manager and network_manager == 'neutron' -%}
249 network_api_class = nova.network.neutronv2.api.API
250+neutron_url = {{ neutron_url }}
251 {% if auth_host -%}
252 neutron_auth_strategy = keystone
253 neutron_admin_tenant_name = {{ admin_tenant_name }}

Subscribers

People subscribed via source and target branches