Juju Charms Collection
contrail-webui package

Merge lp:~ivoks/charms/trusty/contrail-webui/openstack-ssl into lp:~sdn-charmers/charms/trusty/contrail-webui/trunk

  1. Trusty Tahr (14.04)
  2. openstack-ssl
  3. Merge into trunk
Proposed by Ante Karamatić
Status: Merged
Merged at revision: 39
Proposed branch: lp:~ivoks/charms/trusty/contrail-webui/openstack-ssl
Merge into: lp:~sdn-charmers/charms/trusty/contrail-webui/trunk
Diff against target: 210 lines (+139/-2)
7 files modified
charm-helpers-sync.yaml (+1/-0)
config.yaml (+6/-0)
hooks/charmhelpers/contrib/__init__.py (+13/-0)
hooks/charmhelpers/contrib/hahelpers/__init__.py (+13/-0)
hooks/charmhelpers/contrib/hahelpers/apache.py (+95/-0)
hooks/services.py (+10/-1)
templates/config.global.js.j2 (+1/-1)
To merge this branch: bzr merge lp:~ivoks/charms/trusty/contrail-webui/openstack-ssl
Reviewer Review Type Date Requested Status
Robert Ayres (community) Approve
Review via email: mp+316005@code.launchpad.net

Description of the change

This patch allows contrail-webui to connect to OpenStack services using TLS/SSL protocol.

To post a comment you must log in.
Revision history for this message
Robert Ayres (robert-ayres) wrote :

Apologies for the delay. I am actively reviewing/testing some modifications to this patch.

Revision history for this message
Robert Ayres (robert-ayres) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'charm-helpers-sync.yaml'
--- charm-helpers-sync.yaml 2016-10-10 21:00:20 +0000
+++ charm-helpers-sync.yaml 2017-01-31 13:12:03 +0000
@@ -3,4 +3,5 @@
3include:3include:
4 - core4 - core
5 - fetch5 - fetch
6 - contrib.hahelpers.apache
6 - osplatform7 - osplatform
78
=== modified file 'config.yaml'
--- config.yaml 2015-12-17 20:29:12 +0000
+++ config.yaml 2017-01-31 13:12:03 +0000
@@ -50,3 +50,9 @@
50 NOTE: it will get downloaded and cached every time50 NOTE: it will get downloaded and cached every time
51 the config is updated. If empty, the default will51 the config is updated. If empty, the default will
52 be used.52 be used.
53 ssl_ca:
54 type: string
55 default:
56 description: |
57 SSL CA used to sign certificates of OpenStack services. It should be
58 provided in base64 format.
5359
=== added directory 'hooks/charmhelpers/contrib'
=== added file 'hooks/charmhelpers/contrib/__init__.py'
--- hooks/charmhelpers/contrib/__init__.py 1970-01-01 00:00:00 +0000
+++ hooks/charmhelpers/contrib/__init__.py 2017-01-31 13:12:03 +0000
@@ -0,0 +1,13 @@
1# Copyright 2014-2015 Canonical Limited.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
014
=== added directory 'hooks/charmhelpers/contrib/hahelpers'
=== added file 'hooks/charmhelpers/contrib/hahelpers/__init__.py'
--- hooks/charmhelpers/contrib/hahelpers/__init__.py 1970-01-01 00:00:00 +0000
+++ hooks/charmhelpers/contrib/hahelpers/__init__.py 2017-01-31 13:12:03 +0000
@@ -0,0 +1,13 @@
1# Copyright 2014-2015 Canonical Limited.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
014
=== added file 'hooks/charmhelpers/contrib/hahelpers/apache.py'
--- hooks/charmhelpers/contrib/hahelpers/apache.py 1970-01-01 00:00:00 +0000
+++ hooks/charmhelpers/contrib/hahelpers/apache.py 2017-01-31 13:12:03 +0000
@@ -0,0 +1,95 @@
1# Copyright 2014-2015 Canonical Limited.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15#
16# Copyright 2012 Canonical Ltd.
17#
18# This file is sourced from lp:openstack-charm-helpers
19#
20# Authors:
21# James Page <james.page@ubuntu.com>
22# Adam Gandelman <adamg@ubuntu.com>
23#
24
25import os
26import subprocess
27
28from charmhelpers.core.hookenv import (
29 config as config_get,
30 relation_get,
31 relation_ids,
32 related_units as relation_list,
33 log,
34 INFO,
35)
36
37
38def get_cert(cn=None):
39 # TODO: deal with multiple https endpoints via charm config
40 cert = config_get('ssl_cert')
41 key = config_get('ssl_key')
42 if not (cert and key):
43 log("Inspecting identity-service relations for SSL certificate.",
44 level=INFO)
45 cert = key = None
46 if cn:
47 ssl_cert_attr = 'ssl_cert_{}'.format(cn)
48 ssl_key_attr = 'ssl_key_{}'.format(cn)
49 else:
50 ssl_cert_attr = 'ssl_cert'
51 ssl_key_attr = 'ssl_key'
52 for r_id in relation_ids('identity-service'):
53 for unit in relation_list(r_id):
54 if not cert:
55 cert = relation_get(ssl_cert_attr,
56 rid=r_id, unit=unit)
57 if not key:
58 key = relation_get(ssl_key_attr,
59 rid=r_id, unit=unit)
60 return (cert, key)
61
62
63def get_ca_cert():
64 ca_cert = config_get('ssl_ca')
65 if ca_cert is None:
66 log("Inspecting identity-service relations for CA SSL certificate.",
67 level=INFO)
68 for r_id in relation_ids('identity-service'):
69 for unit in relation_list(r_id):
70 if ca_cert is None:
71 ca_cert = relation_get('ca_cert',
72 rid=r_id, unit=unit)
73 return ca_cert
74
75
76def retrieve_ca_cert(cert_file):
77 cert = None
78 if os.path.isfile(cert_file):
79 with open(cert_file, 'r') as crt:
80 cert = crt.read()
81 return cert
82
83
84def install_ca_cert(ca_cert):
85 if ca_cert:
86 cert_file = ('/usr/local/share/ca-certificates/'
87 'keystone_juju_ca_cert.crt')
88 old_cert = retrieve_ca_cert(cert_file)
89 if old_cert and old_cert == ca_cert:
90 log("CA cert is the same as installed version", level=INFO)
91 else:
92 log("Installing new CA cert", level=INFO)
93 with open(cert_file, 'w') as crt:
94 crt.write(ca_cert)
95 subprocess.check_call(['update-ca-certificates', '--fresh'])
096
=== modified file 'hooks/services.py'
--- hooks/services.py 2016-11-14 20:48:45 +0000
+++ hooks/services.py 2017-01-31 13:12:03 +0000
@@ -6,6 +6,12 @@
6import yaml6import yaml
77
8import actions8import actions
9
10from charmhelpers.contrib.hahelpers.apache import (
11 get_ca_cert,
12 install_ca_cert
13)
14
9from charmhelpers.core import hookenv15from charmhelpers.core import hookenv
10from charmhelpers.core import services16from charmhelpers.core import services
11from charmhelpers.core import templating17from charmhelpers.core import templating
@@ -43,7 +49,7 @@
43 name = 'identity_admin'49 name = 'identity_admin'
44 interface = 'keystone-admin'50 interface = 'keystone-admin'
45 required_keys = ['service_hostname', 'service_port', 'service_username',51 required_keys = ['service_hostname', 'service_port', 'service_username',
46 'service_tenant_name', 'service_password']52 'service_tenant_name', 'service_password', 'service_protocol']
4753
4854
49class RedisRelation(services.RelationContext):55class RedisRelation(services.RelationContext):
@@ -150,6 +156,9 @@
150156
151class SSLConfig(services.ManagerCallback):157class SSLConfig(services.ManagerCallback):
152 def __call__(self, manager, service_name, event_name):158 def __call__(self, manager, service_name, event_name):
159 CAcert = get_ca_cert()
160 if CAcert is not None:
161 install_ca_cert(CAcert)
153 if hookenv.is_leader():162 if hookenv.is_leader():
154 config = hookenv.config()163 config = hookenv.config()
155 cert = config.get('ssl-cert')164 cert = config.get('ssl-cert')
156165
=== modified file 'templates/config.global.js.j2'
--- templates/config.global.js.j2 2016-11-14 20:48:45 +0000
+++ templates/config.global.js.j2 2017-01-31 13:12:03 +0000
@@ -28,7 +28,7 @@
28config.identityManager = {};28config.identityManager = {};
29config.identityManager.ip = '{{ identity_admin[0]['service_hostname'] }}';29config.identityManager.ip = '{{ identity_admin[0]['service_hostname'] }}';
30config.identityManager.port = '{{ identity_admin[0]['service_port'] }}';30config.identityManager.port = '{{ identity_admin[0]['service_port'] }}';
31config.identityManager.authProtocol = 'http';31config.identityManager.authProtocol = '{{ identity_admin[0]['service_protocol'] }}';
32config.identityManager.apiVersion = ['v2.0'];32config.identityManager.apiVersion = ['v2.0'];
33config.identityManager.strictSSL = false;33config.identityManager.strictSSL = false;
34config.identityManager.ca = '';34config.identityManager.ca = '';

Subscribers

People subscribed via source and target branches