Juju Charms Collection
heat package

Merge lp:~james-page/charms/trusty/heat/liberty-fixes into lp:~openstack-charmers-archive/charms/trusty/heat/next

  1. Trusty Tahr (14.04)
  2. liberty-fixes
  3. Merge into next
Proposed by James Page
Status: Merged
Merged at revision: 68
Proposed branch: lp:~james-page/charms/trusty/heat/liberty-fixes
Merge into: lp:~openstack-charmers-archive/charms/trusty/heat/next
Diff against target: 426 lines (+169/-56)
11 files modified
README.md (+9/-2)
actions.yaml (+3/-0)
actions/domain-setup (+21/-0)
hooks/heat_context.py (+5/-3)
hooks/heat_relations.py (+15/-0)
hooks/heat_utils.py (+10/-4)
templates/admin-openrc-v3 (+10/-0)
templates/kilo/heat.conf (+18/-42)
templates/liberty/heat.conf (+69/-0)
unit_tests/test_heat_context.py (+7/-3)
unit_tests/test_heat_relations.py (+2/-2)
To merge this branch: bzr merge lp:~james-page/charms/trusty/heat/liberty-fixes
Reviewer Review Type Date Requested Status
Liam Young (community) Approve
Review via email: mp+285606@code.launchpad.net

Description of the change

Lots of fixes for kilo and liberty support:

1) new template for liberty heat

2) generation of openrc file with credentials and setup for keystone v3

3) new action to configure required domains and accounts for heat stacks.

This change requires leader election - the charm will error out on older juju versions.

To post a comment you must log in.
Revision history for this message
James Page (james-page) wrote :

Re-testing on kilo as well

Revision history for this message
James Page (james-page) wrote :

Tested OK on Kilo; needs a different template for heat...

Revision history for this message
Liam Young (gnuoy) wrote :

lgtm

review: Approve
Revision history for this message
Ryan Beisner (1chb1n) wrote :

FYI - this broke the amulet tests @ Kilo.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'README.md'
2--- README.md 2013-11-29 15:36:45 +0000
3+++ README.md 2016-02-10 14:39:12 +0000
4@@ -1,8 +1,8 @@
5 Overview
6 ========
7
8-Heat is the main project in the OpenStack Orchestration program. It implements
9-an orchestration engine to launch multiple composite cloud applications based
10+Heat is the main project in the OpenStack Orchestration program. It implements
11+an orchestration engine to launch multiple composite cloud applications based
12 on templates in the form of text files that can be treated like code.
13
14 This charm deploys the Heat infrastructure.
15@@ -15,6 +15,13 @@
16 nova-cloud-controller. The following assumes these services have already
17 been deployed.
18
19+After deployment of the cloud, the domain-setup action must be run to configure
20+required domains, roles and users in the cloud for Heat stacks:
21+
22+ juju action do heat/0 domain-setup
23+
24+This is only required for >= OpenStack Kilo.
25+
26 Contact Information
27 ===================
28
29
30=== modified file 'actions.yaml'
31--- actions.yaml 2015-09-21 19:35:41 +0000
32+++ actions.yaml 2016-02-10 14:39:12 +0000
33@@ -2,3 +2,6 @@
34 description:
35 Perform openstack upgrades. Config option action-managed-upgrade must be
36 set to True.
37+domain-setup:
38+ description:
39+ Setup the keystone domains, roles and user required for Heat to operate. Only required for OpenStack >= Kilo.
40
41=== added file 'actions/domain-setup'
42--- actions/domain-setup 1970-01-01 00:00:00 +0000
43+++ actions/domain-setup 2016-02-10 14:39:12 +0000
44@@ -0,0 +1,21 @@
45+#!/bin/bash
46+
47+set -e
48+
49+. /root/admin-openrc-v3
50+
51+dpkg -l | grep python-openstackclient || apt-get install -y python-openstackclient
52+
53+openstack domain show heat || {
54+ openstack domain create --description "Stack projects and users" heat
55+}
56+
57+openstack user show heat_domain_admin || {
58+ openstack user create --domain heat --password `leader-get heat-domain-admin-passwd` heat_domain_admin
59+}
60+
61+openstack role add --domain heat --user heat_domain_admin admin || :
62+
63+openstack role show heat_stack_user || {
64+ openstack role create heat_stack_user
65+}
66
67=== modified file 'hooks/heat_context.py'
68--- hooks/heat_context.py 2015-05-06 14:03:04 +0000
69+++ hooks/heat_context.py 2016-02-10 14:39:12 +0000
70@@ -1,7 +1,7 @@
71 import os
72
73 from charmhelpers.contrib.openstack import context
74-from charmhelpers.core.hookenv import config
75+from charmhelpers.core.hookenv import config, leader_get
76 from charmhelpers.core.host import pwgen
77 from charmhelpers.contrib.hahelpers.cluster import (
78 determine_apache_port,
79@@ -32,6 +32,7 @@
80 ctxt['service_host'],
81 ctxt['service_port'])
82 ctxt['keystone_ec2_url'] = ec2_tokens
83+ ctxt['region'] = config('region')
84 return ctxt
85
86
87@@ -53,14 +54,15 @@
88 return encryption
89
90
91-class EncryptionContext(context.OSContextGenerator):
92+class HeatSecurityContext(context.OSContextGenerator):
93
94 def __call__(self):
95 ctxt = {}
96-
97 # check if we have stored encryption key
98 encryption = get_encryption_key()
99 ctxt['encryption_key'] = encryption
100+ ctxt['heat_domain_admin_passwd'] = \
101+ leader_get('heat-domain-admin-passwd')
102 return ctxt
103
104
105
106=== modified file 'hooks/heat_relations.py'
107--- hooks/heat_relations.py 2015-10-30 11:22:56 +0000
108+++ hooks/heat_relations.py 2016-02-10 14:39:12 +0000
109@@ -23,11 +23,15 @@
110 open_port,
111 unit_get,
112 status_set,
113+ leader_get,
114+ leader_set,
115+ is_leader,
116 )
117
118 from charmhelpers.core.host import (
119 restart_on_change,
120 service_reload,
121+ pwgen,
122 )
123
124 from charmhelpers.fetch import (
125@@ -109,6 +113,11 @@
126 configure_https()
127
128
129+@hooks.hook('upgrade-charm')
130+def upgrade_charm():
131+ leader_elected()
132+
133+
134 @hooks.hook('amqp-relation-joined')
135 def amqp_joined(relation_id=None):
136 relation_set(relation_id=relation_id,
137@@ -216,6 +225,12 @@
138 CONFIGS.write_all()
139
140
141+@hooks.hook('leader-elected')
142+def leader_elected():
143+ if is_leader() and not leader_get('heat-domain-admin-passwd'):
144+ leader_set({'heat-domain-admin-passwd': pwgen(32)})
145+
146+
147 def main():
148 try:
149 hooks.execute(sys.argv)
150
151=== modified file 'hooks/heat_utils.py'
152--- hooks/heat_utils.py 2015-12-02 15:50:33 +0000
153+++ hooks/heat_utils.py 2016-02-10 14:39:12 +0000
154@@ -37,7 +37,7 @@
155 from heat_context import (
156 API_PORTS,
157 HeatIdentityServiceContext,
158- EncryptionContext,
159+ HeatSecurityContext,
160 InstanceUserContext,
161 HeatApacheSSLContext,
162 HeatHAProxyContext,
163@@ -76,6 +76,7 @@
164 HTTPS_APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
165 HTTPS_APACHE_24_CONF = os.path.join('/etc/apache2/sites-available',
166 'openstack_https_frontend.conf')
167+ADMIN_OPENRC = '/root/admin-openrc-v3'
168
169 CONFIG_FILES = OrderedDict([
170 (HEAT_CONF, {
171@@ -86,7 +87,7 @@
172 context.OSConfigFlagContext(),
173 HeatIdentityServiceContext(service=SVC, service_user=SVC),
174 HeatHAProxyContext(),
175- EncryptionContext(),
176+ HeatSecurityContext(),
177 InstanceUserContext(),
178 context.SyslogContext(),
179 context.LogLevelContext(),
180@@ -108,7 +109,12 @@
181 (HTTPS_APACHE_24_CONF, {
182 'contexts': [HeatApacheSSLContext()],
183 'services': ['apache2'],
184- })
185+ }),
186+ (ADMIN_OPENRC, {
187+ 'contexts': [HeatIdentityServiceContext(service=SVC,
188+ service_user=SVC)],
189+ 'services': []
190+ }),
191 ])
192
193
194@@ -117,7 +123,7 @@
195 configs = templating.OSConfigRenderer(templates_dir=TEMPLATES,
196 openstack_release=release)
197
198- confs = [HEAT_CONF, HEAT_API_PASTE, HAPROXY_CONF]
199+ confs = [HEAT_CONF, HEAT_API_PASTE, HAPROXY_CONF, ADMIN_OPENRC]
200 for conf in confs:
201 configs.register(conf, CONFIG_FILES[conf]['contexts'])
202
203
204=== added symlink 'hooks/leader-elected'
205=== target is u'heat_relations.py'
206=== added file 'templates/admin-openrc-v3'
207--- templates/admin-openrc-v3 1970-01-01 00:00:00 +0000
208+++ templates/admin-openrc-v3 2016-02-10 14:39:12 +0000
209@@ -0,0 +1,10 @@
210+# Service credentials for Keystone v3
211+export OS_REGION_NAME={{ region }}
212+export OS_PASSWORD={{ admin_password }}
213+export OS_AUTH_URL={{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/v3
214+export OS_USERNAME={{ admin_user }}
215+export OS_TENANT_NAME={{ admin_tenant_name }}
216+export OS_PROJECT_DOMAIN_ID=default
217+export OS_USER_DOMAIN_ID=default
218+export OS_PROJECT_NAME={{ admin_tenant_name }}
219+export OS_IDENTITY_API_VERSION=3
220
221=== modified file 'templates/kilo/heat.conf'
222--- templates/kilo/heat.conf 2015-12-02 16:06:55 +0000
223+++ templates/kilo/heat.conf 2016-02-10 14:39:12 +0000
224@@ -1,64 +1,37 @@
225 [DEFAULT]
226 use_syslog = {{ use_syslog }}
227-debug = False
228-verbose = False
229+debug = {{ debug }}
230+verbose = {{ verbose }}
231 log_dir = /var/log/heat
232-instance_user={{ instance_user }}
233-instance_driver=heat.engine.nova
234-plugin_dirs=/usr/lib64/heat,/usr/lib/heat
235-environment_dir=/etc/heat/environment.d
236-deferred_auth_method=password
237-host=heat
238-auth_encryption_key={{ encryption_key }}
239-
240-{% if database_host -%}
241-# < Icehouse db config
242-sql_connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
243-{% endif %}
244-
245-{% if rabbitmq_host or rabbitmq_hosts -%}
246-rabbit_userid = {{ rabbitmq_user }}
247-rabbit_virtual_host = {{ rabbitmq_virtual_host }}
248-rabbit_password = {{ rabbitmq_password }}
249-{% if rabbitmq_hosts -%}
250-rabbit_hosts = {{ rabbitmq_hosts }}
251-{% if rabbitmq_ha_queues -%}
252-rabbit_ha_queues = True
253-rabbit_durable_queues = False
254-{% endif -%}
255-{% else -%}
256-rabbit_host = {{ rabbitmq_host }}
257-{% endif -%}
258-{% if rabbit_ssl_port -%}
259-rabbit_use_ssl = True
260-rabbit_port = {{ rabbit_ssl_port }}
261-{% if rabbit_ssl_ca -%}
262-kombu_ssl_ca_certs = {{ rabbit_ssl_ca }}
263-{% endif -%}
264-{% endif -%}
265-{% endif %}
266+instance_user = {{ instance_user }}
267+instance_driver = heat.engine.nova
268+plugin_dirs = /usr/lib64/heat,/usr/lib/heat
269+environment_dir = /etc/heat/environment.d
270+host = heat
271+auth_encryption_key = {{ encryption_key }}
272+deferred_auth_method = trusts
273+stack_domain_admin = heat_domain_admin
274+stack_domain_admin_password = {{ heat_domain_admin_passwd }}
275+stack_user_domain_name = heat
276
277 {% if auth_host -%}
278 [keystone_authtoken]
279-identity_uri = {{ service_protocol }}://{{ service_host }}:{{ auth_port }}
280+identity_uri = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
281 auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0
282-auth_host = {{ auth_host }}
283-auth_port = {{ auth_port }}
284-auth_protocol = {{ auth_protocol }}
285 admin_tenant_name = {{ admin_tenant_name }}
286 admin_user = {{ admin_user }}
287 admin_password = {{ admin_password }}
288 signing_dir = {{ signing_dir }}
289-{% endif %}
290
291 [ec2_authtoken]
292 auth_uri = {{service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0
293 keystone_ec2_uri = {{service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0/ec2tokens
294+{% endif %}
295
296 {% if database_host -%}
297 [database]
298 connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
299-{% endif -%}
300+{% endif %}
301
302 [paste_deploy]
303 api_paste_config=/etc/heat/api-paste.ini
304@@ -78,3 +51,6 @@
305 {% else -%}
306 bind_port=8000
307 {% endif %}
308+
309+{% include "section-rabbitmq-oslo" %}
310+
311
312=== added directory 'templates/liberty'
313=== added file 'templates/liberty/heat.conf'
314--- templates/liberty/heat.conf 1970-01-01 00:00:00 +0000
315+++ templates/liberty/heat.conf 2016-02-10 14:39:12 +0000
316@@ -0,0 +1,69 @@
317+[DEFAULT]
318+use_syslog = {{ use_syslog }}
319+debug = {{ debug }}
320+verbose = {{ verbose }}
321+log_dir = /var/log/heat
322+instance_user = {{ instance_user }}
323+instance_driver = heat.engine.nova
324+plugin_dirs = /usr/lib64/heat,/usr/lib/heat
325+environment_dir = /etc/heat/environment.d
326+host = heat
327+auth_encryption_key = {{ encryption_key }}
328+deferred_auth_method = trusts
329+stack_domain_admin = heat_domain_admin
330+stack_domain_admin_password = {{ heat_domain_admin_passwd }}
331+stack_user_domain_name = heat
332+
333+{% if auth_host -%}
334+[keystone_authtoken]
335+auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
336+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
337+auth_plugin = password
338+project_domain_id = default
339+user_domain_id = default
340+project_name = {{ admin_tenant_name }}
341+username = {{ admin_user }}
342+password = {{ admin_password }}
343+signing_dir = {{ signing_dir }}
344+
345+[trustee]
346+auth_plugin = password
347+auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
348+username = {{ admin_user }}
349+password = {{ admin_password }}
350+user_domain_id = default
351+
352+[clients_keystone]
353+auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
354+
355+[ec2_authtoken]
356+auth_uri = {{service_protocol }}://{{ service_host }}:{{ service_port }}
357+keystone_ec2_uri = {{service_protocol }}://{{ service_host }}:{{ service_port }}/v2.0/ec2tokens
358+{% endif %}
359+
360+{% if database_host -%}
361+[database]
362+connection = {{ database_type }}://{{ database_user }}:{{ database_password }}@{{ database_host }}/{{ database }}{% if database_ssl_ca %}?ssl_ca={{ database_ssl_ca }}{% if database_ssl_cert %}&ssl_cert={{ database_ssl_cert }}&ssl_key={{ database_ssl_key }}{% endif %}{% endif %}
363+{% endif %}
364+
365+[paste_deploy]
366+api_paste_config=/etc/heat/api-paste.ini
367+
368+[heat_api]
369+bind_host = {{ bind_host }}
370+{% if api_listen_port -%}
371+bind_port={{ api_listen_port }}
372+{% else -%}
373+bind_port=8004
374+{% endif %}
375+
376+[heat_api_cfn]
377+bind_host = {{ bind_host }}
378+{% if api_cfn_listen_port -%}
379+bind_port={{ api_cfn_listen_port }}
380+{% else -%}
381+bind_port=8000
382+{% endif %}
383+
384+{% include "section-rabbitmq-oslo" %}
385+
386
387=== modified file 'unit_tests/test_heat_context.py'
388--- unit_tests/test_heat_context.py 2015-05-06 14:03:04 +0000
389+++ unit_tests/test_heat_context.py 2016-02-10 14:39:12 +0000
390@@ -5,7 +5,8 @@
391 TO_PATCH = [
392 'get_encryption_key',
393 'generate_ec2_tokens',
394- 'config'
395+ 'config',
396+ 'leader_get',
397 ]
398
399
400@@ -16,9 +17,12 @@
401
402 def test_encryption_configuration(self):
403 self.get_encryption_key.return_value = 'key'
404+ self.leader_get.return_value = 'password'
405 self.assertEquals(
406- heat_context.EncryptionContext()(),
407- {'encryption_key': 'key'})
408+ heat_context.HeatSecurityContext()(),
409+ {'encryption_key': 'key',
410+ 'heat_domain_admin_passwd': 'password'})
411+ self.leader_get.assert_called_with('heat-domain-admin-passwd')
412
413 def test_instance_user_empty_configuration(self):
414 self.config.return_value = None
415
416=== modified file 'unit_tests/test_heat_relations.py'
417--- unit_tests/test_heat_relations.py 2015-11-16 09:14:33 +0000
418+++ unit_tests/test_heat_relations.py 2016-02-10 14:39:12 +0000
419@@ -240,5 +240,5 @@
420 self.sync_db_with_multi_ipv6_addresses.return_value = MagicMock()
421 self.test_config.set('prefer-ipv6', True)
422 relations.db_joined()
423- self.sync_db_with_multi_ipv6_addresses.assert_called_with_once(
424- 'heat', 'heat')
425+ self.sync_db_with_multi_ipv6_addresses.assert_called_with(
426+ 'heat', 'heat', relation_prefix='heat')

Subscribers

People subscribed via source and target branches