Juju Charms Collection
owncloud package

Merge lp:~jose/charms/precise/owncloud/port-change+repo+ssl-support into lp:charms/owncloud

Proposed by José Antonio Rey on 2014-04-12

Status:

Merged

Merged at revision:

Proposed branch:

lp:~jose/charms/precise/owncloud/port-change+repo+ssl-support

Merge into:

lp:charms/owncloud

Diff against target:

2050 lines (+1592/-251)

18 files modified

README.md (+110/-33)
charm-helpers.yaml (+5/-0)
config.yaml (+28/-0)
hooks/charmhelpers/contrib/ssl/__init__.py (+78/-0)
hooks/charmhelpers/contrib/ssl/service.py (+267/-0)
hooks/charmhelpers/core/hookenv.py (+401/-0)
hooks/charmhelpers/core/host.py (+297/-0)
hooks/config-changed (+153/-9)
hooks/db-relation-changed (+9/-0)
hooks/db-relation-departed (+13/-0)
hooks/install (+45/-23)
hooks/ssl (+19/-0)
hooks/start (+6/-2)
hooks/upgrade-charm (+43/-39)
hooks/website-relation-joined (+1/-2)
metadata.yaml (+1/-1)
tests/100-deploy.py (+116/-0)
tests/100_deploy.test (+0/-142)

To merge this branch:

bzr merge lp:~jose/charms/precise/owncloud/port-change+repo+ssl-support

Related bugs:

Bug #1161894: Install and upgrade with deb package	Medium	Fix Released
Bug #1306756: If a different port is set after deployment, it doesn't change	High	Fix Released
Bug #1310164: Support SSL Connections	Undecided	Fix Released
Bug #1315047: The owncloud admin user and password are immutable.	High	Fix Released
Bug #1315091: juju remove-relation mysql owncloud does not work.	Undecided	Fix Released
Bug #1318097: ownCloud charm tests fail after upgrade	Medium	Fix Released
Bug #1346051: Failed to deploy owncloud-13 charm	High	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Charles Butler (community)	2014-05-16	Approve on 2014-07-22
Matt Bruzek (community)	2014-04-12	Needs Fixing on 2014-06-20
Review via email: mp+215527@code.launchpad.net

Commit message

Added port changing and repository install support, as well as SSL support by default.

Description of the change

These are fixes to bug #1161894, bug #1306756, bug #1310164 and bug #1315091.

Support has been added considering that it will not break previous installs of ownCloud: if a person has an older version and upgrade-charm's the instance(s) will not break.

Revision history for this message

Matt Bruzek (mbruzek) wrote on 2014-05-01:

Download full text (3.2 KiB)

José,

Thanks for working on adding ssh to the Owncloud charm! This is my first experience with Owncloud and I am really excited about this charm!

The command “charm proof” passes with no errors! That is excellent, but I have come to understand that you pay attention to details like that.

I see you added charmhelpers to generate the selfsigned certificate. That all looks good to me.

The README.md file was updated, it looks very good but I found a few small errors:

“If you do not know what it is, execute `juju status` to find out the public DNS.”

The command “juju status” does not return a Domain Name Server (DNS). What you might have meant “... to find out the public domain name of the deployed unit.”

“This password will be used in case you want to deo a setup of Shared Instances. If not provided, it will be randomly generated when a DB relation is joined.”
The word “do” is misspelled here.

The readme file asserts that the charm will not be set up without setting the domain configuration option, which is fine. I tested the server address before setting domain and got the default page:

  It works!
  This is the default web page for this server.
  The web server software is running but no content has been added, yet.

I understand this is the default apache page has not been disabled at this point. What would be really awesome if the default page could provide the user with instructions on what needs to be done. The hook could write a small index.html to the www root that tells the user what is needed before the charm will set up and configure. Something like:

The owncloud service is not fully configured. Set the domain value in Juju to configure owncloud.

Bugs found unrelated to this merge proposal:

The admin user name and password are immutable, even after adding a mysql database. I realize this is not a bug introduced by this merge proposal so I created a bug here:
https://bugs.launchpad.net/charms/+source/owncloud/+bug/1315047

We can track that topic separately on that bug report.

Removing the database relation generates the following error:

[1044] SQLSTATE[42000] [1044] Access denied for user 'paethaicieniaju'@'%' to database 'owncloud'

I opened a bug here:
https://bugs.launchpad.net/charms/+source/owncloud/+bug/1315091

I am really excited to see that the charm included tests! That is outstanding not many merge propoals have tests. However the test that I ran did not work.

$ ./tests/100_deploy.test
Traceback (most recent call last):
File "./tests/100_deploy.test", line 25, in <module>
domain = d.sentry.unit['haproxy/0'].info['public-address']
AttributeError: 'NoneType' object has no attribute 'unit'

I took a look at the test and it looks like an error in the amulet test code. The sentry objects are not created until after d.setup(...). You should move that domain and d.configure() to after the d.setup(...) call.

Thank you so much for your submission! Based on this test failure I have moved this bug to Incomplete. Once you have addressed the issues above either with code changes or comments, and wish to have another review, simply move the bug back to either "New" or "Fix Committed" to have it ad...

José,

Thanks for working on adding ssh to the Owncloud charm!  This is my first experience with Owncloud and I am really excited about this charm!

The command “charm proof” passes with no errors!  That is excellent, but I have come to understand that you pay attention to details like that.

I see you added charmhelpers to generate the selfsigned certificate.  That all looks good to me.

The README.md file was updated, it looks very good but I found a few small errors:

“If you do not know what it is, execute `juju status` to find out the public DNS.”

The command “juju status” does not return a Domain Name Server (DNS).  What you might have meant “... to find out the public domain name of the deployed unit.”

The readme file asserts that the charm will not be set up without setting the domain configuration option, which is fine.  I tested the server address before setting domain and got the default page:

It works!
  This is the default web page for this server.
  The web server software is running but no content has been added, yet.

I understand this is the default apache page has not been disabled at this point.  What would be really awesome if the default page could provide the user with instructions on what needs to be done.  The hook could write a small index.html to the www root that tells the user what is needed before the charm will set up and configure.  Something like:

The owncloud service is not fully configured.  Set the domain value in Juju to configure owncloud.

Bugs found unrelated to this merge proposal:

The admin user name and password are immutable, even after adding a mysql database.  I realize this is not a bug introduced by this merge proposal so I created a bug here:
https://bugs.launchpad.net/charms/+source/owncloud/+bug/1315047

We can track that topic separately on that bug report.

Removing the database relation generates the following error:

[1044] SQLSTATE[42000] [1044] Access denied for user 'paethaicieniaju'@'%' to database 'owncloud'

I opened a bug here:
https://bugs.launchpad.net/charms/+source/owncloud/+bug/1315091

I am really excited to see that the charm included tests!  That is outstanding not many merge propoals have tests.  However the test that I ran did not work.

$ ./tests/100_deploy.test 
Traceback (most recent call last):
  File "./tests/100_deploy.test", line 25, in <module>
    domain = d.sentry.unit['haproxy/0'].info['public-address']
AttributeError: 'NoneType' object has no attribute 'unit'

I took a look at the test and it looks like an error in the amulet test code.  The sentry objects are not created until after d.setup(...).  You should move that domain and d.configure() to after the d.setup(...) call.

Thank you so much for your submission! Based on this test failure I have moved this bug to Incomplete.  Once you have addressed the issues above either with code changes or comments, and wish to have another review, simply move the bug back to either "New" or "Fix Committed" to have it added back to the review queue.

Revision history for this message

Matt Bruzek (mbruzek) wrote on 2014-05-01:

The 100_deploy.test fails.

review: Needs Fixing

Revision history for this message

José Antonio Rey (jose) wrote on 2014-05-09:

As revision 24 was merged in, tests no longer work due to many different factors. There is currently an open bug for it as they need to be updated.

Revision history for this message

Ted Gould (ted) wrote on 2014-05-16:

Not sure what is blocking this MR from the comments. I'd really like to use these features in the owncloud charm, any chance it could get included? Thanks!

Revision history for this message

José Antonio Rey (jose) wrote on 2014-05-16:

Ted,

Tests are blocking this MP from being approved. I'll be talking to the person in charge of them to see what can I do to speed up the process. Rest assured that this will be in the Charm Store soon.

Revision history for this message

Matt Bruzek (mbruzek) wrote on 2014-05-16:

José,

Thank you for following up with the Owncloud charm. Your fixes since my last review have noted and for the most part are great! Keep up the excellent work.

I took some time to review this Merge Proposal again today. Here is what I found.

The Amulet tests still do not pass but since the tests did not pass before this MP that is OK. The tests should pass eventually, so I created a bug to track that work here: https://bugs.launchpad.net/charms/+source/owncloud/+bug/1320324

I am still concerned about the immutable configuration options user and password that was not changed by this MP so the bug can be found here: https://bugs.launchpad.net/charms/+source/owncloud/+bug/1315047

hooks/website-relation-joined

There is an invalid bash variable in there $80. I assume you meant to always set the port to 80. Since the port is a configuration option I think you want to call config-get port to get the port and set it properly for the website relation.

Based on the error in the hook I can not approve this change at this time. Hopefully it is an easy fix and we can move to the next step quickly, as I am genuinely interested in getting owncloud in the charm store!

Thank you so much for the work here, and being patient with the review process. I have moved this proposal to incomplete as a result of the review. Once you have addressed the issue and want another review please set this proposal back to “needs review” and it will be added to the review queue.

review: Needs Fixing

Revision history for this message

Matt Bruzek (mbruzek) wrote on 2014-05-16:

The final paragraph of my last statement was incorrect. My apologies on this.

Once the problem has been addressed, lick on the “Request another review” link on this merge proposal. That way it will be added to the review queue properly.

If you have any questions/comments/concerns about the review contact us
in #juju on irc.freenode.net or email the mailing list
<email address hidden>

Revision history for this message

Matt Bruzek (mbruzek) wrote on 2014-06-17:

I took some time to review the latest submission. The amulet test failed with the error message “Unable to validate NFS config 10.0.3.163” on my local system. The tests need to run without errors before we can accept the merge proposal.

The upgrade-charm code needs some improvements. Please use https:// when ever possible with wget, that verifies the identity of the server that you are downloading binaries from. Please change or add https to all wget statements where possible.

The while loop in updgrade-charm has a couple of issues that we would like to see fixed. If you are hardcoding the version of owncloud, you should hardcode the md5sum in the charm code, this prevents Man In the Middle attacks from faking a payload and generating an md5sum with the right hash value of the payload. Also it is possible that the while loop would never exit if the md5 sum was incorrect or if the download was unavailable. The code should fail if wget fails to download the tar file, not loop forever.

In the config-changed hook it appears that the if-elif only sets the user OR the password not both. For instance if the user equals the contents of .admin the password code can not be executed. Please revisit this code and fix the either or situation.

Thanks again for the submission. I am going to put this MP to "needs fixing" and when you are ready for another review please click the "Request another review" button in the upper right hand corner of the commit message.

review: Needs Fixing

lp:~jose/charms/precise/owncloud/port-change+repo+ssl-support updated on 2014-06-17

38. By José Antonio Rey on 2014-06-17: Fixed various bugs

Revision history for this message

José Antonio Rey (jose) wrote on 2014-06-17:

Matt,

All the issues have now been fixed, except the NFS one. This is due to NFS failing on the local provider, it's not test-specific.

On the other hand, I added a section on the README specifying to which websites and ports the charm needs to connect in order to successfully deploy, as this is not a fat charm.

Revision history for this message

Matt Bruzek (mbruzek) wrote on 2014-06-20:

José,

Thank you for your submission for owncloud! Your continued dedication to the owncloud charm is very much appreciated.

I took some time to review the latest submission. The amulet test failed on hp-cloud with the error message:

HTTPSConnectionPool(host='15.125.126.129', port=443): Max retries exceeded with url: /index.php

We spoke about this and I understand this is because the 'domain' configuration value is not set after the deployment. We should try to set that and re-run the tests.

The tests/00_setup.sh tests need the executable flag.

Thank you for fixing the bugs I pointed out in the previous review. Also I really like the way you wrote the README.md with the Internet Connection Requirements section! Very well done sir, I think this will be a model for future charm README files.

config-changed:

I noticed something very strange in the config-changed hook:
sed -i 's/;upload_max_filesize/;upload_max_filesize/g' /etc/php5/apache2/php.ini

This seems to be searching for a term and replacing the exact same term. I believe this to be a mistake and it should be searching for '^upload_max_filesize” and replacing with the commented out version.

I realize this is not in your MP but please fix this problem.

Thanks for your time and work on this owncloud submission! I am going to put this MP to "needs fixing" and when you are ready for another review please click the "Request another review" button in the upper right hand corner of the commit message.

review: Needs Fixing

lp:~jose/charms/precise/owncloud/port-change+repo+ssl-support updated on 2014-06-20

39. By José Antonio Rey on 2014-06-20: Fixed default behaviour when domain wasn't set and made setup test +x

Revision history for this message

José Antonio Rey (jose) wrote on 2014-06-20:

Hey Matt,

All of this has been fixed as of the latest revision of the branch.

lp:~jose/charms/precise/owncloud/port-change+repo+ssl-support updated on 2014-07-21

40. By José Antonio Rey on 2014-06-20: Updated the author's email address
41. By José Antonio Rey on 2014-07-21: Updated Release key sha1sum, updated source to version 6.0.4
42. By José Antonio Rey on 2014-07-21: Updated README, fixed idempotency on src option

Revision history for this message

Charles Butler (lazypower) wrote on 2014-07-22:

hey Jose,

Thanks for the continued effort on getting this merge prepared for the charm store.

I've had a chance to review, and per our feedback in IRC i see that you've added configuration options when using the deploy from source option. This will help aleviate additional stress on you as the charm maintainer when users want to run from more recent copies upstream, and the deployment routine hasn't changed.

I've taken some time to grease the wheels and deploy owncloud in it's various configurations. Ideally I'd like to see more tests against this charm with those various deployment models, such as generating SSH keys post deployment, deploying with SSH keys as a config option, and switching up the deployment model from DEBS to SOURCE, and back post deployment.

Otherwise I've run several deployments and they all came back good for me on my MAAS host and AWS.

I'm going to approve this, but caution you to break up future merges into smaller digestable chunks as this was a fairly large review that ultimately delayed the merge from happening as quickly as we would like.

Thanks again for such dedication and great work.

+1 LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

José Antonio Rey

charmers

to status/vote changes:

Xander Maas

 === modified file 'README.md'
 --- README.md	2014-04-11 13:44:05 +0000
 +++ README.md	2014-07-21 22:01:08 +0000
@@ -1,7 +1,7 @@
  # OwnCloud
--- Author: Atul Jha <atul.jha@csscorp.com>
--- Maintainer: Nathan Williams <nathan@nathanewilliams.com>
++- Author: Atul Jha <koolhead17@gmail.com>
++- Maintainer: José Antonio Rey <jose@ubuntu.com>
  # Overview
@@ -14,32 +14,76 @@
  sqlite as a standalone server. Provides relationship hooks with NFS file
  storage, MySQL Databases, and HAProxy reverse proxy charms.
--## Preparation:
--
--1. the charm comes with port, user, password configuration options.
--
--   if no user is provided, the administrator will be "owncloud".
--
--   if no password is provided, a random one is chosen during the
--   db-relation-joined hook. if you do this, you can obtain the auth
--   credentials from the juju logs.
--
--# Usage:
--
--#### 1. Install
++# Configuration
++
++This charm comes with different configuration options. Optional configuration
++options include:
++
++`domain`: This is the domain or IP address for your ownCloud instance. If you
++do not know what it is, execute `juju status` to find out the public address. If
++not provided, the charm will refuse to configure.
++
++`downloadurl`: This is the download URL that the charm will use in case the src
++option is set to `source`. It defaults to the 6.0.4 URL.
++
++`sha1sum`: This is the SHA1SUM for the `downloadurl` file. It defaults to the
++SHA1SUM for the 6.0.4 file.
++
++`port`: This is the alias port that will be used for the ownCloud instance. It
++will redirect to 443, which is the HTTPS port. It defaults to 80.
++
++`src`: This is the source from which the package will be installed. You can
++choose between `repo`, which will install it from a repository built by
++ownCloud, or `source`, which will download the tarball and extract it. It
++defaults to `repo`.
++
++`customssl`: This charm provides default SSL support for ownCloud. This means
++that if you do not provide a custom SSL key and certificate, a self-signed one
++will be auto-generated for you. If you want to use a custom SSL certificate,
++please set this option to `true`. It defaults to `false`.
++
++`sslkey`: If `customssl` is set to true, this is the SSL key that will be used.
++If not provided and `customssl` is true, the charm will refuse to configure.
++
++`sslcert`: If `customssl` is set to true, this is the SSL cert that will be
++used. If not provided and `customssl` is true, the charm will refuse to
++configure.
++
++`user`: This user will be used in case you want to do a setup of Shared
++Instances. If not provided, it will be defaulted to `ownCloud`.
++
++`password`: This password will be used in case you want to do a setup of
++Shared Instances. If not provided, it will be randomly generated when a DB
++relation is joined.
++
++You can put any of this options in a config.yaml file and specify it at the
++moment of deploying. Otherwise, you can change them by executing:
++
++    juju set owncloud [option]=[value]
++
++# Usage
++
++## Standalone Instance
++
++First, bootstrap your environment:
++
++    juju bootstrap
++
++Then, deploy ownCloud by executing the following command:
      juju deploy owncloud
--#### 2. Expose
++Finally, expose the service:
      juju expose owncloud
--#### 3a. Standalone Instance
--
--   Access OwnCloud service directly, and complete the setup, providing user
--   credentials and initializing sqlite database.
--
--#### 3b. Shared Instances
++Access OwnCloud service directly, and complete the setup, providing user
++credentials and initializing sqlite database.
++
++## Shared Instances
++
++If you want to deploy shared instances, execute the following commands after
++doing a Standalone Instance setup:
      juju deploy mysql
      juju add-relation mysql owncloud
@@ -47,15 +91,14 @@
      juju deploy nfs
      juju add-relation nfs owncloud
--#### 4. Access
--
--http://$owncloud-machine-addr/.  To find out the public address of ownCloud,
--look for it in the output of the `juju status` command.
--
--
--## Scale out Usage
--
--
++We're now done! To find out the address for your ownCloud instance, execute
++`juju status` and navigate to it.
++
++# Scale out Usage
++
++In order to do a scalabe deploy of ownCloud, execute the following commands
++
++    juju bootstrap
      juju deploy owncloud
      juju deploy mysql
      juju deploy haproxy
@@ -63,13 +106,47 @@
      juju add-relation haproxy owncloud
      juju add-unit owncloud
--
--## Known Limitations
++# Internet Connection Requirements
++
++This charm downloads files from the Internet, and requires Internet connectivity
++in order to properly install. The requirements vary for each setup type.
++
++## When installing from the source
++
++When installing from the source packages available for download, this charm will
++connect to the following Internet sites:
++
++ * download.owncloud.org with port 443
++ * The Ubuntu repositories or a private mirror of them
++
++## When installing from the repository
++
++ownCloud offers the option to install from a repository. This is the default
++configuration value for the charm. With this, the charm will connect to the
++following Internet sites:
++
++ * download.opensuse.org with port 80
++ * download.opensuse.org as a repository
++ * The Ubuntu repositories or a private mirror of them
++
++# Known Limitations
  If you have been using a standalone instance and want to migrate to a shared
  instance, please note that adding the mysql relation will not preserve the file
  structure in the database. This means that your file listing will not be
  available. Make sure to have this in mind when doing the migration.
++Also, if you leave the `customssl` option set to false or provide a self-signed
++SSL certificate, ownCloud will throw a WebDAV error after creating the admin
++username and password. Ignore this error as it does not affect the working of
++ownCloud (it is silently fixed), and enter your website again.
++
++If port is different than 80, it looks like the instance throws an SSL
++error when connecting. Recommendation is to set the `port` value to 80 to avoid
++problems.
++
++Finally, on the tests side, the tests will fail on the local provider due to
++NFS not being able to deploy correctly (this is an NFS-related issue).
++
  #TODO
  Genericize shared-fs-relation-* for non-nfs shared-fs providers
 === added file 'charm-helpers.yaml'
 --- charm-helpers.yaml	1970-01-01 00:00:00 +0000
 +++ charm-helpers.yaml	2014-07-21 22:01:08 +0000
@@ -0,0 +1,5 @@
++destination: hooks/charmhelpers
++branch: lp:charm-helpers
++include:
++  - contrib.ssl
++  - core
 === modified file 'config.yaml'
 --- config.yaml	2014-01-28 15:41:38 +0000
 +++ config.yaml	2014-07-21 22:01:08 +0000
@@ -1,4 +1,16 @@
  options:
++  domain:
++    type: string
++    default: ""
++    description: the domain name for your owncloud server
++  downloadurl:
++    type: string
++    default: "https://download.owncloud.org/community/owncloud-6.0.4.tar.bz2"
++    description: url from which owncloud will be downloaded
++  sha1sum:
++    type: string
++    default: "6e341aeba2cf99416de009c7862bf03d90d1b058"
++    description: the sha1sum for the file in the download link
    port:
      type: int
      default: 80
@@ -11,3 +23,19 @@
      type: string
      default: ""
      description: default administrative password
++  src:
++    type: string
++    default: "repo"
++    description: source from where the charm will install the package
++  customssl:
++    type: boolean
++    default: false
++    description: option to set if custom ssl certificates are going to be used
++  sslcert:
++    type: string
++    default: ""
++    description: ssl cert to be used if custom is on
++  sslkey:
++    type: string
++    default: ""
++    description: ssl key to be used if custom is on
 === added directory 'hooks/charmhelpers'
 === added file 'hooks/charmhelpers/__init__.py'
 === added directory 'hooks/charmhelpers/contrib'
 === added file 'hooks/charmhelpers/contrib/__init__.py'
 === added directory 'hooks/charmhelpers/contrib/ssl'
 === added file 'hooks/charmhelpers/contrib/ssl/__init__.py'
 --- hooks/charmhelpers/contrib/ssl/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/ssl/__init__.py	2014-07-21 22:01:08 +0000
@@ -0,0 +1,78 @@
++import subprocess
++from charmhelpers.core import hookenv
++
++
++def generate_selfsigned(keyfile, certfile, keysize="1024", config=None, subject=None, cn=None):
++    """Generate selfsigned SSL keypair
++
++    You must provide one of the 3 optional arguments:
++    config, subject or cn
++    If more than one is provided the leftmost will be used
++
++    Arguments:
++    keyfile -- (required) full path to the keyfile to be created
++    certfile -- (required) full path to the certfile to be created
++    keysize -- (optional) SSL key length
++    config -- (optional) openssl configuration file
++    subject -- (optional) dictionary with SSL subject variables
++    cn -- (optional) cerfificate common name
++
++    Required keys in subject dict:
++    cn -- Common name (eq. FQDN)
++
++    Optional keys in subject dict
++    country -- Country Name (2 letter code)
++    state -- State or Province Name (full name)
++    locality -- Locality Name (eg, city)
++    organization -- Organization Name (eg, company)
++    organizational_unit -- Organizational Unit Name (eg, section)
++    email -- Email Address
++    """
++
++    cmd = []
++    if config:
++        cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
++               "rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
++               "-keyout", keyfile,
++               "-out", certfile, "-config", config]
++    elif subject:
++        ssl_subject = ""
++        if "country" in subject:
++            ssl_subject = ssl_subject + "/C={}".format(subject["country"])
++        if "state" in subject:
++            ssl_subject = ssl_subject + "/ST={}".format(subject["state"])
++        if "locality" in subject:
++            ssl_subject = ssl_subject + "/L={}".format(subject["locality"])
++        if "organization" in subject:
++            ssl_subject = ssl_subject + "/O={}".format(subject["organization"])
++        if "organizational_unit" in subject:
++            ssl_subject = ssl_subject + "/OU={}".format(subject["organizational_unit"])
++        if "cn" in subject:
++            ssl_subject = ssl_subject + "/CN={}".format(subject["cn"])
++        else:
++            hookenv.log("When using \"subject\" argument you must "
++                        "provide \"cn\" field at very least")
++            return False
++        if "email" in subject:
++            ssl_subject = ssl_subject + "/emailAddress={}".format(subject["email"])
++
++        cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
++               "rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
++               "-keyout", keyfile,
++               "-out", certfile, "-subj", ssl_subject]
++    elif cn:
++        cmd = ["/usr/bin/openssl", "req", "-new", "-newkey",
++               "rsa:{}".format(keysize), "-days", "365", "-nodes", "-x509",
++               "-keyout", keyfile,
++               "-out", certfile, "-subj", "/CN={}".format(cn)]
++
++    if not cmd:
++        hookenv.log("No config, subject or cn provided,"
++                    "unable to generate self signed SSL certificates")
++        return False
++    try:
++        subprocess.check_call(cmd)
++        return True
++    except Exception as e:
++        print "Execution of openssl command failed:\n{}".format(e)
++        return False
 === added file 'hooks/charmhelpers/contrib/ssl/service.py'
 --- hooks/charmhelpers/contrib/ssl/service.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/ssl/service.py	2014-07-21 22:01:08 +0000
@@ -0,0 +1,267 @@
++import logging
++import os
++from os.path import join as path_join
++from os.path import exists
++import subprocess
++
++
++log = logging.getLogger("service_ca")
++
++logging.basicConfig(level=logging.DEBUG)
++
++STD_CERT = "standard"
++
++# Mysql server is fairly picky about cert creation
++# and types, spec its creation separately for now.
++MYSQL_CERT = "mysql"
++
++
++class ServiceCA(object):
++
++    default_expiry = str(365 * 2)
++    default_ca_expiry = str(365 * 6)
++
++    def __init__(self, name, ca_dir, cert_type=STD_CERT):
++        self.name = name
++        self.ca_dir = ca_dir
++        self.cert_type = cert_type
++
++    ###############
++    # Hook Helper API
++    @staticmethod
++    def get_ca(type=STD_CERT):
++        service_name = os.environ['JUJU_UNIT_NAME'].split('/')[0]
++        ca_path = os.path.join(os.environ['CHARM_DIR'], 'ca')
++        ca = ServiceCA(service_name, ca_path, type)
++        ca.init()
++        return ca
++
++    @classmethod
++    def get_service_cert(cls, type=STD_CERT):
++        service_name = os.environ['JUJU_UNIT_NAME'].split('/')[0]
++        ca = cls.get_ca()
++        crt, key = ca.get_or_create_cert(service_name)
++        return crt, key, ca.get_ca_bundle()
++
++    ###############
++
++    def init(self):
++        log.debug("initializing service ca")
++        if not exists(self.ca_dir):
++            self._init_ca_dir(self.ca_dir)
++            self._init_ca()
++
++    @property
++    def ca_key(self):
++        return path_join(self.ca_dir, 'private', 'cacert.key')
++
++    @property
++    def ca_cert(self):
++        return path_join(self.ca_dir, 'cacert.pem')
++
++    @property
++    def ca_conf(self):
++        return path_join(self.ca_dir, 'ca.cnf')
++
++    @property
++    def signing_conf(self):
++        return path_join(self.ca_dir, 'signing.cnf')
++
++    def _init_ca_dir(self, ca_dir):
++        os.mkdir(ca_dir)
++        for i in ['certs', 'crl', 'newcerts', 'private']:
++            sd = path_join(ca_dir, i)
++            if not exists(sd):
++                os.mkdir(sd)
++
++        if not exists(path_join(ca_dir, 'serial')):
++            with open(path_join(ca_dir, 'serial'), 'wb') as fh:
++                fh.write('02\n')
++
++        if not exists(path_join(ca_dir, 'index.txt')):
++            with open(path_join(ca_dir, 'index.txt'), 'wb') as fh:
++                fh.write('')
++
++    def _init_ca(self):
++        """Generate the root ca's cert and key.
++        """
++        if not exists(path_join(self.ca_dir, 'ca.cnf')):
++            with open(path_join(self.ca_dir, 'ca.cnf'), 'wb') as fh:
++                fh.write(
++                    CA_CONF_TEMPLATE % (self.get_conf_variables()))
++
++        if not exists(path_join(self.ca_dir, 'signing.cnf')):
++            with open(path_join(self.ca_dir, 'signing.cnf'), 'wb') as fh:
++                fh.write(
++                    SIGNING_CONF_TEMPLATE % (self.get_conf_variables()))
++
++        if exists(self.ca_cert) or exists(self.ca_key):
++            raise RuntimeError("Initialized called when CA already exists")
++        cmd = ['openssl', 'req', '-config', self.ca_conf,
++               '-x509', '-nodes', '-newkey', 'rsa',
++               '-days', self.default_ca_expiry,
++               '-keyout', self.ca_key, '-out', self.ca_cert,
++               '-outform', 'PEM']
++        output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
++        log.debug("CA Init:\n %s", output)
++
++    def get_conf_variables(self):
++        return dict(
++            org_name="juju",
++            org_unit_name="%s service" % self.name,
++            common_name=self.name,
++            ca_dir=self.ca_dir)
++
++    def get_or_create_cert(self, common_name):
++        if common_name in self:
++            return self.get_certificate(common_name)
++        return self.create_certificate(common_name)
++
++    def create_certificate(self, common_name):
++        if common_name in self:
++            return self.get_certificate(common_name)
++        key_p = path_join(self.ca_dir, "certs", "%s.key" % common_name)
++        crt_p = path_join(self.ca_dir, "certs", "%s.crt" % common_name)
++        csr_p = path_join(self.ca_dir, "certs", "%s.csr" % common_name)
++        self._create_certificate(common_name, key_p, csr_p, crt_p)
++        return self.get_certificate(common_name)
++
++    def get_certificate(self, common_name):
++        if not common_name in self:
++            raise ValueError("No certificate for %s" % common_name)
++        key_p = path_join(self.ca_dir, "certs", "%s.key" % common_name)
++        crt_p = path_join(self.ca_dir, "certs", "%s.crt" % common_name)
++        with open(crt_p) as fh:
++            crt = fh.read()
++        with open(key_p) as fh:
++            key = fh.read()
++        return crt, key
++
++    def __contains__(self, common_name):
++        crt_p = path_join(self.ca_dir, "certs", "%s.crt" % common_name)
++        return exists(crt_p)
++
++    def _create_certificate(self, common_name, key_p, csr_p, crt_p):
++        template_vars = self.get_conf_variables()
++        template_vars['common_name'] = common_name
++        subj = '/O=%(org_name)s/OU=%(org_unit_name)s/CN=%(common_name)s' % (
++            template_vars)
++
++        log.debug("CA Create Cert %s", common_name)
++        cmd = ['openssl', 'req', '-sha1', '-newkey', 'rsa:2048',
++               '-nodes', '-days', self.default_expiry,
++               '-keyout', key_p, '-out', csr_p, '-subj', subj]
++        subprocess.check_call(cmd)
++        cmd = ['openssl', 'rsa', '-in', key_p, '-out', key_p]
++        subprocess.check_call(cmd)
++
++        log.debug("CA Sign Cert %s", common_name)
++        if self.cert_type == MYSQL_CERT:
++            cmd = ['openssl', 'x509', '-req',
++                   '-in', csr_p, '-days', self.default_expiry,
++                   '-CA', self.ca_cert, '-CAkey', self.ca_key,
++                   '-set_serial', '01', '-out', crt_p]
++        else:
++            cmd = ['openssl', 'ca', '-config', self.signing_conf,
++                   '-extensions', 'req_extensions',
++                   '-days', self.default_expiry, '-notext',
++                   '-in', csr_p, '-out', crt_p, '-subj', subj, '-batch']
++        log.debug("running %s", " ".join(cmd))
++        subprocess.check_call(cmd)
++
++    def get_ca_bundle(self):
++        with open(self.ca_cert) as fh:
++            return fh.read()
++
++
++CA_CONF_TEMPLATE = """
++[ ca ]
++default_ca = CA_default
++
++[ CA_default ]
++dir                     = %(ca_dir)s
++policy                  = policy_match
++database                = $dir/index.txt
++serial                  = $dir/serial
++certs                   = $dir/certs
++crl_dir                 = $dir/crl
++new_certs_dir           = $dir/newcerts
++certificate             = $dir/cacert.pem
++private_key             = $dir/private/cacert.key
++RANDFILE                = $dir/private/.rand
++default_md              = default
++
++[ req ]
++default_bits            = 1024
++default_md              = sha1
++
++prompt                  = no
++distinguished_name      = ca_distinguished_name
++
++x509_extensions         = ca_extensions
++
++[ ca_distinguished_name ]
++organizationName        = %(org_name)s
++organizationalUnitName  = %(org_unit_name)s Certificate Authority
++
++
++[ policy_match ]
++countryName             = optional
++stateOrProvinceName     = optional
++organizationName        = match
++organizationalUnitName  = optional
++commonName              = supplied
++
++[ ca_extensions ]
++basicConstraints        = critical,CA:true
++subjectKeyIdentifier    = hash
++authorityKeyIdentifier  = keyid:always, issuer
++keyUsage                = cRLSign, keyCertSign
++"""
++
++
++SIGNING_CONF_TEMPLATE = """
++[ ca ]
++default_ca = CA_default
++
++[ CA_default ]
++dir                     = %(ca_dir)s
++policy                  = policy_match
++database                = $dir/index.txt
++serial                  = $dir/serial
++certs                   = $dir/certs
++crl_dir                 = $dir/crl
++new_certs_dir           = $dir/newcerts
++certificate             = $dir/cacert.pem
++private_key             = $dir/private/cacert.key
++RANDFILE                = $dir/private/.rand
++default_md              = default
++
++[ req ]
++default_bits            = 1024
++default_md              = sha1
++
++prompt                  = no
++distinguished_name      = req_distinguished_name
++
++x509_extensions         = req_extensions
++
++[ req_distinguished_name ]
++organizationName        = %(org_name)s
++organizationalUnitName  = %(org_unit_name)s machine resources
++commonName              = %(common_name)s
++
++[ policy_match ]
++countryName             = optional
++stateOrProvinceName     = optional
++organizationName        = match
++organizationalUnitName  = optional
++commonName              = supplied
++
++[ req_extensions ]
++basicConstraints        = CA:false
++subjectKeyIdentifier    = hash
++authorityKeyIdentifier  = keyid:always, issuer
++keyUsage                = digitalSignature, keyEncipherment, keyAgreement
++extendedKeyUsage        = serverAuth, clientAuth
++"""
 === added directory 'hooks/charmhelpers/core'
 === added file 'hooks/charmhelpers/core/__init__.py'
 === added file 'hooks/charmhelpers/core/hookenv.py'
 --- hooks/charmhelpers/core/hookenv.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/core/hookenv.py	2014-07-21 22:01:08 +0000
@@ -0,0 +1,401 @@
++"Interactions with the Juju environment"
++# Copyright 2013 Canonical Ltd.
++#
++# Authors:
++#  Charm Helpers Developers <juju@lists.ubuntu.com>
++
++import os
++import json
++import yaml
++import subprocess
++import sys
++import UserDict
++from subprocess import CalledProcessError
++
++CRITICAL = "CRITICAL"
++ERROR = "ERROR"
++WARNING = "WARNING"
++INFO = "INFO"
++DEBUG = "DEBUG"
++MARKER = object()
++
++cache = {}
++
++
++def cached(func):
++    """Cache return values for multiple executions of func + args
++
++    For example:
++
++        @cached
++        def unit_get(attribute):
++            pass
++
++        unit_get('test')
++
++    will cache the result of unit_get + 'test' for future calls.
++    """
++    def wrapper(*args, **kwargs):
++        global cache
++        key = str((func, args, kwargs))
++        try:
++            return cache[key]
++        except KeyError:
++            res = func(*args, **kwargs)
++            cache[key] = res
++            return res
++    return wrapper
++
++
++def flush(key):
++    """Flushes any entries from function cache where the
++    key is found in the function+args """
++    flush_list = []
++    for item in cache:
++        if key in item:
++            flush_list.append(item)
++    for item in flush_list:
++        del cache[item]
++
++
++def log(message, level=None):
++    """Write a message to the juju log"""
++    command = ['juju-log']
++    if level:
++        command += ['-l', level]
++    command += [message]
++    subprocess.call(command)
++
++
++class Serializable(UserDict.IterableUserDict):
++    """Wrapper, an object that can be serialized to yaml or json"""
++
++    def __init__(self, obj):
++        # wrap the object
++        UserDict.IterableUserDict.__init__(self)
++        self.data = obj
++
++    def __getattr__(self, attr):
++        # See if this object has attribute.
++        if attr in ("json", "yaml", "data"):
++            return self.__dict__[attr]
++        # Check for attribute in wrapped object.
++        got = getattr(self.data, attr, MARKER)
++        if got is not MARKER:
++            return got
++        # Proxy to the wrapped object via dict interface.
++        try:
++            return self.data[attr]
++        except KeyError:
++            raise AttributeError(attr)
++
++    def __getstate__(self):
++        # Pickle as a standard dictionary.
++        return self.data
++
++    def __setstate__(self, state):
++        # Unpickle into our wrapper.
++        self.data = state
++
++    def json(self):
++        """Serialize the object to json"""
++        return json.dumps(self.data)
++
++    def yaml(self):
++        """Serialize the object to yaml"""
++        return yaml.dump(self.data)
++
++
++def execution_environment():
++    """A convenient bundling of the current execution context"""
++    context = {}
++    context['conf'] = config()
++    if relation_id():
++        context['reltype'] = relation_type()
++        context['relid'] = relation_id()
++        context['rel'] = relation_get()
++    context['unit'] = local_unit()
++    context['rels'] = relations()
++    context['env'] = os.environ
++    return context
++
++
++def in_relation_hook():
++    """Determine whether we're running in a relation hook"""
++    return 'JUJU_RELATION' in os.environ
++
++
++def relation_type():
++    """The scope for the current relation hook"""
++    return os.environ.get('JUJU_RELATION', None)
++
++
++def relation_id():
++    """The relation ID for the current relation hook"""
++    return os.environ.get('JUJU_RELATION_ID', None)
++
++
++def local_unit():
++    """Local unit ID"""
++    return os.environ['JUJU_UNIT_NAME']
++
++
++def remote_unit():
++    """The remote unit for the current relation hook"""
++    return os.environ['JUJU_REMOTE_UNIT']
++
++
++def service_name():
++    """The name service group this unit belongs to"""
++    return local_unit().split('/')[0]
++
++
++def hook_name():
++    """The name of the currently executing hook"""
++    return os.path.basename(sys.argv[0])
++
++
++@cached
++def config(scope=None):
++    """Juju charm configuration"""
++    config_cmd_line = ['config-get']
++    if scope is not None:
++        config_cmd_line.append(scope)
++    config_cmd_line.append('--format=json')
++    try:
++        return json.loads(subprocess.check_output(config_cmd_line))
++    except ValueError:
++        return None
++
++
++@cached
++def relation_get(attribute=None, unit=None, rid=None):
++    """Get relation information"""
++    _args = ['relation-get', '--format=json']
++    if rid:
++        _args.append('-r')
++        _args.append(rid)
++    _args.append(attribute or '-')
++    if unit:
++        _args.append(unit)
++    try:
++        return json.loads(subprocess.check_output(_args))
++    except ValueError:
++        return None
++    except CalledProcessError, e:
++        if e.returncode == 2:
++            return None
++        raise
++
++
++def relation_set(relation_id=None, relation_settings={}, **kwargs):
++    """Set relation information for the current unit"""
++    relation_cmd_line = ['relation-set']
++    if relation_id is not None:
++        relation_cmd_line.extend(('-r', relation_id))
++    for k, v in (relation_settings.items() + kwargs.items()):
++        if v is None:
++            relation_cmd_line.append('{}='.format(k))
++        else:
++            relation_cmd_line.append('{}={}'.format(k, v))
++    subprocess.check_call(relation_cmd_line)
++    # Flush cache of any relation-gets for local unit
++    flush(local_unit())
++
++
++@cached
++def relation_ids(reltype=None):
++    """A list of relation_ids"""
++    reltype = reltype or relation_type()
++    relid_cmd_line = ['relation-ids', '--format=json']
++    if reltype is not None:
++        relid_cmd_line.append(reltype)
++        return json.loads(subprocess.check_output(relid_cmd_line)) or []
++    return []
++
++
++@cached
++def related_units(relid=None):
++    """A list of related units"""
++    relid = relid or relation_id()
++    units_cmd_line = ['relation-list', '--format=json']
++    if relid is not None:
++        units_cmd_line.extend(('-r', relid))
++    return json.loads(subprocess.check_output(units_cmd_line)) or []
++
++
++@cached
++def relation_for_unit(unit=None, rid=None):
++    """Get the json represenation of a unit's relation"""
++    unit = unit or remote_unit()
++    relation = relation_get(unit=unit, rid=rid)
++    for key in relation:
++        if key.endswith('-list'):
++            relation[key] = relation[key].split()
++    relation['__unit__'] = unit
++    return relation
++
++
++@cached
++def relations_for_id(relid=None):
++    """Get relations of a specific relation ID"""
++    relation_data = []
++    relid = relid or relation_ids()
++    for unit in related_units(relid):
++        unit_data = relation_for_unit(unit, relid)
++        unit_data['__relid__'] = relid
++        relation_data.append(unit_data)
++    return relation_data
++
++
++@cached
++def relations_of_type(reltype=None):
++    """Get relations of a specific type"""
++    relation_data = []
++    reltype = reltype or relation_type()
++    for relid in relation_ids(reltype):
++        for relation in relations_for_id(relid):
++            relation['__relid__'] = relid
++            relation_data.append(relation)
++    return relation_data
++
++
++@cached
++def relation_types():
++    """Get a list of relation types supported by this charm"""
++    charmdir = os.environ.get('CHARM_DIR', '')
++    mdf = open(os.path.join(charmdir, 'metadata.yaml'))
++    md = yaml.safe_load(mdf)
++    rel_types = []
++    for key in ('provides', 'requires', 'peers'):
++        section = md.get(key)
++        if section:
++            rel_types.extend(section.keys())
++    mdf.close()
++    return rel_types
++
++
++@cached
++def relations():
++    """Get a nested dictionary of relation data for all related units"""
++    rels = {}
++    for reltype in relation_types():
++        relids = {}
++        for relid in relation_ids(reltype):
++            units = {local_unit(): relation_get(unit=local_unit(), rid=relid)}
++            for unit in related_units(relid):
++                reldata = relation_get(unit=unit, rid=relid)
++                units[unit] = reldata
++            relids[relid] = units
++        rels[reltype] = relids
++    return rels
++
++
++@cached
++def is_relation_made(relation, keys='private-address'):
++    '''
++    Determine whether a relation is established by checking for
++    presence of key(s).  If a list of keys is provided, they
++    must all be present for the relation to be identified as made
++    '''
++    if isinstance(keys, str):
++        keys = [keys]
++    for r_id in relation_ids(relation):
++        for unit in related_units(r_id):
++            context = {}
++            for k in keys:
++                context[k] = relation_get(k, rid=r_id,
++                                          unit=unit)
++            if None not in context.values():
++                return True
++    return False
++
++
++def open_port(port, protocol="TCP"):
++    """Open a service network port"""
++    _args = ['open-port']
++    _args.append('{}/{}'.format(port, protocol))
++    subprocess.check_call(_args)
++
++
++def close_port(port, protocol="TCP"):
++    """Close a service network port"""
++    _args = ['close-port']
++    _args.append('{}/{}'.format(port, protocol))
++    subprocess.check_call(_args)
++
++
++@cached
++def unit_get(attribute):
++    """Get the unit ID for the remote unit"""
++    _args = ['unit-get', '--format=json', attribute]
++    try:
++        return json.loads(subprocess.check_output(_args))
++    except ValueError:
++        return None
++
++
++def unit_private_ip():
++    """Get this unit's private IP address"""
++    return unit_get('private-address')
++
++
++class UnregisteredHookError(Exception):
++    """Raised when an undefined hook is called"""
++    pass
++
++
++class Hooks(object):
++    """A convenient handler for hook functions.
++
++    Example:
++        hooks = Hooks()
++
++        # register a hook, taking its name from the function name
++        @hooks.hook()
++        def install():
++            ...
++
++        # register a hook, providing a custom hook name
++        @hooks.hook("config-changed")
++        def config_changed():
++            ...
++
++        if __name__ == "__main__":
++            # execute a hook based on the name the program is called by
++            hooks.execute(sys.argv)
++    """
++
++    def __init__(self):
++        super(Hooks, self).__init__()
++        self._hooks = {}
++
++    def register(self, name, function):
++        """Register a hook"""
++        self._hooks[name] = function
++
++    def execute(self, args):
++        """Execute a registered hook based on args[0]"""
++        hook_name = os.path.basename(args[0])
++        if hook_name in self._hooks:
++            self._hooks[hook_name]()
++        else:
++            raise UnregisteredHookError(hook_name)
++
++    def hook(self, *hook_names):
++        """Decorator, registering them as hooks"""
++        def wrapper(decorated):
++            for hook_name in hook_names:
++                self.register(hook_name, decorated)
++            else:
++                self.register(decorated.__name__, decorated)
++                if '_' in decorated.__name__:
++                    self.register(
++                        decorated.__name__.replace('_', '-'), decorated)
++            return decorated
++        return wrapper
++
++
++def charm_dir():
++    """Return the root directory of the current charm"""
++    return os.environ.get('CHARM_DIR')
 === added file 'hooks/charmhelpers/core/host.py'
 --- hooks/charmhelpers/core/host.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/core/host.py	2014-07-21 22:01:08 +0000
@@ -0,0 +1,297 @@
++"""Tools for working with the host system"""
++# Copyright 2012 Canonical Ltd.
++#
++# Authors:
++#  Nick Moffitt <nick.moffitt@canonical.com>
++#  Matthew Wedgwood <matthew.wedgwood@canonical.com>
++
++import os
++import pwd
++import grp
++import random
++import string
++import subprocess
++import hashlib
++
++from collections import OrderedDict
++
++from hookenv import log
++
++
++def service_start(service_name):
++    """Start a system service"""
++    return service('start', service_name)
++
++
++def service_stop(service_name):
++    """Stop a system service"""
++    return service('stop', service_name)
++
++
++def service_restart(service_name):
++    """Restart a system service"""
++    return service('restart', service_name)
++
++
++def service_reload(service_name, restart_on_failure=False):
++    """Reload a system service, optionally falling back to restart if reload fails"""
++    service_result = service('reload', service_name)
++    if not service_result and restart_on_failure:
++        service_result = service('restart', service_name)
++    return service_result
++
++
++def service(action, service_name):
++    """Control a system service"""
++    cmd = ['service', service_name, action]
++    return subprocess.call(cmd) == 0
++
++
++def service_running(service):
++    """Determine whether a system service is running"""
++    try:
++        output = subprocess.check_output(['service', service, 'status'])
++    except subprocess.CalledProcessError:
++        return False
++    else:
++        if ("start/running" in output or "is running" in output):
++            return True
++        else:
++            return False
++
++
++def adduser(username, password=None, shell='/bin/bash', system_user=False):
++    """Add a user to the system"""
++    try:
++        user_info = pwd.getpwnam(username)
++        log('user {0} already exists!'.format(username))
++    except KeyError:
++        log('creating user {0}'.format(username))
++        cmd = ['useradd']
++        if system_user or password is None:
++            cmd.append('--system')
++        else:
++            cmd.extend([
++                '--create-home',
++                '--shell', shell,
++                '--password', password,
++            ])
++        cmd.append(username)
++        subprocess.check_call(cmd)
++        user_info = pwd.getpwnam(username)
++    return user_info
++
++
++def add_user_to_group(username, group):
++    """Add a user to a group"""
++    cmd = [
++        'gpasswd', '-a',
++        username,
++        group
++    ]
++    log("Adding user {} to group {}".format(username, group))
++    subprocess.check_call(cmd)
++
++
++def rsync(from_path, to_path, flags='-r', options=None):
++    """Replicate the contents of a path"""
++    options = options or ['--delete', '--executability']
++    cmd = ['/usr/bin/rsync', flags]
++    cmd.extend(options)
++    cmd.append(from_path)
++    cmd.append(to_path)
++    log(" ".join(cmd))
++    return subprocess.check_output(cmd).strip()
++
++
++def symlink(source, destination):
++    """Create a symbolic link"""
++    log("Symlinking {} as {}".format(source, destination))
++    cmd = [
++        'ln',
++        '-sf',
++        source,
++        destination,
++    ]
++    subprocess.check_call(cmd)
++
++
++def mkdir(path, owner='root', group='root', perms=0555, force=False):
++    """Create a directory"""
++    log("Making dir {} {}:{} {:o}".format(path, owner, group,
++                                          perms))
++    uid = pwd.getpwnam(owner).pw_uid
++    gid = grp.getgrnam(group).gr_gid
++    realpath = os.path.abspath(path)
++    if os.path.exists(realpath):
++        if force and not os.path.isdir(realpath):
++            log("Removing non-directory file {} prior to mkdir()".format(path))
++            os.unlink(realpath)
++    else:
++        os.makedirs(realpath, perms)
++    os.chown(realpath, uid, gid)
++
++
++def write_file(path, content, owner='root', group='root', perms=0444):
++    """Create or overwrite a file with the contents of a string"""
++    log("Writing file {} {}:{} {:o}".format(path, owner, group, perms))
++    uid = pwd.getpwnam(owner).pw_uid
++    gid = grp.getgrnam(group).gr_gid
++    with open(path, 'w') as target:
++        os.fchown(target.fileno(), uid, gid)
++        os.fchmod(target.fileno(), perms)
++        target.write(content)
++
++
++def mount(device, mountpoint, options=None, persist=False):
++    """Mount a filesystem at a particular mountpoint"""
++    cmd_args = ['mount']
++    if options is not None:
++        cmd_args.extend(['-o', options])
++    cmd_args.extend([device, mountpoint])
++    try:
++        subprocess.check_output(cmd_args)
++    except subprocess.CalledProcessError, e:
++        log('Error mounting {} at {}\n{}'.format(device, mountpoint, e.output))
++        return False
++    if persist:
++        # TODO: update fstab
++        pass
++    return True
++
++
++def umount(mountpoint, persist=False):
++    """Unmount a filesystem"""
++    cmd_args = ['umount', mountpoint]
++    try:
++        subprocess.check_output(cmd_args)
++    except subprocess.CalledProcessError, e:
++        log('Error unmounting {}\n{}'.format(mountpoint, e.output))
++        return False
++    if persist:
++        # TODO: update fstab
++        pass
++    return True
++
++
++def mounts():
++    """Get a list of all mounted volumes as [[mountpoint,device],[...]]"""
++    with open('/proc/mounts') as f:
++        # [['/mount/point','/dev/path'],[...]]
++        system_mounts = [m[1::-1] for m in [l.strip().split()
++                                            for l in f.readlines()]]
++    return system_mounts
++
++
++def file_hash(path):
++    """Generate a md5 hash of the contents of 'path' or None if not found """
++    if os.path.exists(path):
++        h = hashlib.md5()
++        with open(path, 'r') as source:
++            h.update(source.read())  # IGNORE:E1101 - it does have update
++        return h.hexdigest()
++    else:
++        return None
++
++
++def restart_on_change(restart_map, stopstart=False):
++    """Restart services based on configuration files changing
++
++    This function is used a decorator, for example
++
++        @restart_on_change({
++            '/etc/ceph/ceph.conf': [ 'cinder-api', 'cinder-volume' ]
++            })
++        def ceph_client_changed():
++            ...
++
++    In this example, the cinder-api and cinder-volume services
++    would be restarted if /etc/ceph/ceph.conf is changed by the
++    ceph_client_changed function.
++    """
++    def wrap(f):
++        def wrapped_f(*args):
++            checksums = {}
++            for path in restart_map:
++                checksums[path] = file_hash(path)
++            f(*args)
++            restarts = []
++            for path in restart_map:
++                if checksums[path] != file_hash(path):
++                    restarts += restart_map[path]
++            services_list = list(OrderedDict.fromkeys(restarts))
++            if not stopstart:
++                for service_name in services_list:
++                    service('restart', service_name)
++            else:
++                for action in ['stop', 'start']:
++                    for service_name in services_list:
++                        service(action, service_name)
++        return wrapped_f
++    return wrap
++
++
++def lsb_release():
++    """Return /etc/lsb-release in a dict"""
++    d = {}
++    with open('/etc/lsb-release', 'r') as lsb:
++        for l in lsb:
++            k, v = l.split('=')
++            d[k.strip()] = v.strip()
++    return d
++
++
++def pwgen(length=None):
++    """Generate a random pasword."""
++    if length is None:
++        length = random.choice(range(35, 45))
++    alphanumeric_chars = [
++        l for l in (string.letters + string.digits)
++        if l not in 'l0QD1vAEIOUaeiou']
++    random_chars = [
++        random.choice(alphanumeric_chars) for _ in range(length)]
++    return(''.join(random_chars))
++
++
++def list_nics(nic_type):
++    '''Return a list of nics of given type(s)'''
++    if isinstance(nic_type, basestring):
++        int_types = [nic_type]
++    else:
++        int_types = nic_type
++    interfaces = []
++    for int_type in int_types:
++        cmd = ['ip', 'addr', 'show', 'label', int_type + '*']
++        ip_output = subprocess.check_output(cmd).split('\n')
++        ip_output = (line for line in ip_output if line)
++        for line in ip_output:
++            if line.split()[1].startswith(int_type):
++                interfaces.append(line.split()[1].replace(":", ""))
++    return interfaces
++
++
++def set_nic_mtu(nic, mtu):
++    '''Set MTU on a network interface'''
++    cmd = ['ip', 'link', 'set', nic, 'mtu', mtu]
++    subprocess.check_call(cmd)
++
++
++def get_nic_mtu(nic):
++    cmd = ['ip', 'addr', 'show', nic]
++    ip_output = subprocess.check_output(cmd).split('\n')
++    mtu = ""
++    for line in ip_output:
++        words = line.split()
++        if 'mtu' in words:
++            mtu = words[words.index("mtu") + 1]
++    return mtu
++
++
++def get_nic_hwaddr(nic):
++    cmd = ['ip', '-o', '-0', 'addr', 'show', nic]
++    ip_output = subprocess.check_output(cmd)
++    hwaddr = ""
++    words = ip_output.split()
++    if 'link/ether' in words:
++        hwaddr = words[words.index('link/ether') + 1]
++    return hwaddr
 === modified file 'hooks/config-changed'
 --- hooks/config-changed	2012-07-21 19:08:52 +0000
 +++ hooks/config-changed	2014-07-21 22:01:08 +0000
@@ -1,25 +1,153 @@
  #!/bin/bash
--set -e
++set -ex
++
++DOMAIN=`config-get domain`
++
++if [ -z "$DOMAIN" ]; then
++    DOMAIN=`unit-get public-address`
++fi
++
++if [ `cat .src` != `config-get src` ]; then
++    if [ `cat .src` == source ]; then
++        apt-get remove charm-helper-sh apache2 libapache2-mod-php5 php5-gd php5-mysql php5-sqlite curl libcurl3 php5-curl rpcbind nfs-common mysql-client -y
++    elif [ `cat .src` == repo ]; then
++        apt-get remove owncloud mysql-client -y
++        apt-get autoremove -y
++    fi
++    hooks/install
++fi
++
++if [ `config-get customssl` == True ] && [ -z `config-get sslkey` ]; then
++    juju-log "If you want to use a custom SSL cert, the key needs to be set. Exiting silently."
++    exit 0
++elif [ `config-get customssl` == True ] && [ -z `config-get sslcert` ]; then
++    juju-log "If you want to use a custom SSL cert, the cert needs to be set. Exiting silently."
++    exit 0
++fi
++
  # Write the apache config
  owncloud_vhost="/etc/apache2/sites-available/owncloud"
  port=`config-get port`
  juju-log "Writing apache config file: ${owncloud_vhost}"
  cat > $owncloud_vhost <<EOF
--<VirtualHost *:$port>
--  DocumentRoot /var/www/owncloud
--  Options All
--  ErrorLog /var/log/apache2/owncloud-error.log
--  TransferLog /var/log/apache2/owncloud-access.log
--  RewriteEngine On
--</VirtualHost>
++<VirtualHost *:$port>
++RewriteEngine on
++ReWriteCond %{SERVER_PORT} !^443$
++RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
++DocumentRoot /var/www/owncloud/
++<Directory /var/www/owncloud>
++    Options Indexes FollowSymLinks MultiViews
++    AllowOverride All
++</Directory>
++</VirtualHost>
++
++<VirtualHost *:443>
++SSLEngine on
++SSLCertificateFile /home/ubuntu/$DOMAIN.cert
++SSLCertificateKeyFile /home/ubuntu/$DOMAIN.key
++DocumentRoot /var/www/owncloud/
++<Directory /var/www/owncloud>
++    Options Indexes FollowSymLinks MultiViews
++    AllowOverride All
++</Directory>
++RewriteEngine on
++</VirtualHost>
++
  EOF
++if [ -f .customssl ] && [ `cat .customssl` != `config-get customssl` ]; then
++    rm /home/ubuntu/*.cert
++    rm /home/ubuntu/*.key
++    rm .customssl
++fi
++
++if [ -f .domain ] && [ `cat .domain` != "$DOMAIN" ]; then
++    rm /home/ubuntu/*.cert
++    rm /home/ubuntu/*.key
++    rm .customssl
++fi
++
++if [ ! -f .customssl ] && [ `config-get customssl` == "False" ]; then
++    hooks/ssl
++    echo "False" > .customssl
++elif [ `config-get customssl` == "True" ]; then
++    CERT=`config-get sslcert`
++    KEY=`config-get sslkey`
++    echo "$CERT" > /home/ubuntu/$DOMAIN.cert
++    echo "$KEY" > /home/ubuntu/$DOMAIN.key
++    echo "True" > .customssl
++fi
++
++echo "$DOMAIN" > .domain
++
++
  chmod 0644 $owncloud_vhost
++if [ "$port" != "80" ] && [ ! -f .not80 ]; then
++    sed -i "s/NameVirtualHost\ \*\:80/NameVirtualHost\ \*\:$port/" /etc/apache2/ports.conf
++    sed -i "s/Listen\ 80/Listen\ $port/" /etc/apache2/ports.conf
++    echo "$port" > .not80
++elif [ "$port" != "80" ] && [ -f .not80 ]; then
++    not=`cat .not80`
++    sed -i "s/NameVirtualHost\ \*\:$not/NameVirtualHost\ \*\:$port/" /etc/apache2/ports.conf
++    sed -i "s/Listen\ $not/Listen\ $port/" /etc/apache2/ports.conf
++    echo "$port" > .not80
++elif [ "$port" == 80 ] && [ -f .not80 ]; then
++    not=`cat .not80`
++    sed -i "s/NameVirtualHost\ \*\:$not/NameVirtualHost\ \*\:80/" /etc/apache2/ports.conf
++    sed -i "s/Listen\ $not/Listen\ 80/" /etc/apache2/ports.conf
++    rm .not80
++fi
++
++if [ -f .port ] && [ `cat .port` != "$port" ]; then
++    currentport=`cat .port`
++    juju-log "Closing old port, opening new port"
++    close-port "$currentport"/tcp
++    open-port "$port"/tcp
++    echo "$port" > .port
++elif [ ! -f .port ]; then
++    open-port $port/tcp
++    echo "$port" > .port
++fi
++
++if [ -f .dbset ]; then
++    USER=`cat .user`
++    PASSWORD=`cat .password`
++    HOST=`cat .host`
++    DB=`cat .database`
++    if [ `cat .admin` != `config-get user` ]; then
++        OLDADMIN=`cat .admin`
++        ADMIN=`config-get user`
++        mysql -u $USER -p$PASSWORD -h $HOST $DB -e "UPDATE oc_users SET uid = '$ADMIN' WHERE uid = '$OLDADMIN';"
++        mv /var/www/owncloud/data/$OLDADMIN /var/www/owncloud/data/$ADMIN
++        echo "$ADMIN" > .admin
++    fi
++    if [ `cat .adm_pass` != `config-get password` ]; then
++        NEWPASS=`config-get password`
++        OCUSER=`config-get user`
++        if [ ! -f .passwordchanged ]; then
++            SALT=`cat /var/www/owncloud/config/config.php | grep passwordsalt | awk '{print $3}'`
++            sed -i "s/$t_hasher = new PasswordHash(8, FALSE)/$t_hasher = new PasswordHash(8, CRYPT_BLOWFISH!=1)/" /var/www/owncloud/3rdparty/phpass/test.php
++            sed -i "s/'test12345';/'$NEWPASS'.$SALT/" /var/www/owncloud/3rdparty/phpass/test.php
++            sed -i "s/',/';/" /var/www/owncloud/3rdparty/phpass/test.php
++            HASH=`php /var/www/owncloud/3rdparty/phpass/test.php | awk 'NR<2{ print $2 }'`
++            mysql -u $USER -p$PASSWORD -h $HOST $DB -e "UPDATE oc_users SET password = '$HASH' WHERE uid = '$OCUSER';"
++            echo "$NEWPASS" > .adm_pass
++            touch .passwordchanged
++        else
++            OLDPASS=`cat .adm_pass`
++            sed -i "s/'$OLDPASS'./'$NEWPASS'./" /var/www/owncloud/3rdparty/phpass/test.php
++            HASH=`php /var/www/owncloud/3rdparty/phpass/test.php | awk 'NR<2{ print $2 }'`
++            mysql -u $USER -p$PASSWORD -h $HOST $DB -e "UPDATE oc_users SET password = '$HASH' WHERE uid = '$OCUSER';"
++            echo "$NEWPASS" > .adm_pass
++        fi
++    fi
++fi
++
++
  # Optimize PHP for large files
  juju-log "Increasing upload limit and maximum POST size"
--sed -i 's/;upload_max_filesize/;upload_max_filesize/g' /etc/php5/apache2/php.ini
  sed -i 's/^post_max_size/;post_max_size/g' /etc/php5/apache2/php.ini
  cat > /etc/php5/conf.d/owncloud.ini <<EOF
@@ -31,6 +159,7 @@
  juju-log "Enabling Apache modules: rewrite, headers, vhost_alias"
  a2enmod rewrite
  a2enmod headers
++a2enmod ssl
  # Enable Apache vhost
  juju-log "Enabling ownCloud Apache vhost"
@@ -40,3 +169,18 @@
  juju-log "Reloading Apache configuration"
  service apache2 start || :
  service apache2 reload
++
++
++
++if [ ! -f .443 ]; then
++    open-port 443
++    touch .443
++fi
++
++if [ ! -f .configured ]; then
++    touch .configured
++fi
++
++if [ ! -f .started ]; then
++    hooks/start
++fi
 === modified file 'hooks/db-relation-changed'
 --- hooks/db-relation-changed	2012-07-21 16:20:15 +0000
 +++ hooks/db-relation-changed	2014-07-21 22:01:08 +0000
@@ -12,6 +12,11 @@
  password=`relation-get password`
  host=`relation-get private-address`
++echo "$database" > .database
++echo "$password" > .password
++echo "$user" > .user
++echo "$host" > .host
++
  # Prepare for sqlite->mysql migration if configured
  if [ -f "/var/www/owncloud/config/config.php" ]; then
      if grep -qs "sqlite" /var/www/owncloud/config/config.php; then
@@ -35,6 +40,9 @@
      adm_pass=`cat /dev/urandom | tr -dc [:alnum:] | head -c 10`
  fi
++echo "$admin" > .admin
++echo "$adm_pass" > .adm_pass
++
  if [ -f "/var/www/owncloud/config/config.php" ]; then
      # Update config settings
      cat > /var/www/owncloud/config/config.php <<EOF
@@ -80,3 +88,4 @@
  fi
  chmod 0644 /var/www/owncloud/config/*
++touch .dbset
 === added file 'hooks/db-relation-departed'
 --- hooks/db-relation-departed	1970-01-01 00:00:00 +0000
 +++ hooks/db-relation-departed	2014-07-21 22:01:08 +0000
@@ -0,0 +1,13 @@
++#!/bin/bash
++
++set -eux
++
++mv /var/www/owncloud/config/config.php{,.bakmysql}
++
++if [ -f "/var/www/owncloud/config/config.bak" ]; then
++    if grep -qs "mysql" /var/www/owncloud/config/config.bak; then
++        mv /var/www/owncloud/config/config.bak{,.php}
++    fi
++fi
++
++chmod 0644 /var/www/owncloud/config/*
 === modified file 'hooks/install'
 --- hooks/install	2014-04-11 03:48:08 +0000
 +++ hooks/install	2014-07-21 22:01:08 +0000
@@ -1,30 +1,52 @@
  #!/bin/bash
--set -eu # -x for verbose logging to ensemble debug-log
++set -eu
  juju-log "Installing all components"
--add-apt-repository -y ppa:charmers/charm-helpers
--apt-get update
--apt-get install -qqy charm-helper-sh apache2 libapache2-mod-php5 \
--                     php5-gd php5-mysql php5-sqlite curl libcurl3 \
--                     php5-curl rpcbind nfs-common
--
--juju-log "Downloading and validating ownCloud"
--# Load charm helper and download owncloud
--. /usr/share/charm-helper/sh/net.sh
--LURL="http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2"
--
--LHASH="a5a194ad07fca7cbf158b660cc098c6364590bdd15d086069221faf4386b713f"
--source_file=`ch_get_file $LURL $LHASH`
--
--juju-log "Downloaded"
--
--# Prepare files
--juju-log "Creating ownCloud DocRoot"
--tar -xjf $source_file --directory /var/www
++if [ `config-get src` == "source" ]; then
++
++    add-apt-repository -y ppa:charmers/charm-helpers
++    apt-get update
++    apt-get install -qqy charm-helper-sh apache2 libapache2-mod-php5 php5-gd php5-mysql php5-sqlite curl libcurl3 php5-curl rpcbind nfs-common mysql-client
++
++    juju-log "Downloading and validating ownCloud"
++    # Load charm helper and download owncloud
++    . /usr/share/charm-helper/sh/net.sh
++    LURL=`config-get downloadurl`
++
++    LHASH=`config-get sha1sum`
++    source_file=`ch_get_file $LURL $LHASH`
++
++    juju-log "Downloaded"
++
++    # Prepare files
++    juju-log "Creating ownCloud DocRoot"
++    tar -xjf $source_file --directory /var/www
++
++elif [ `config-get src` == "repo" ]; then
++
++    apt-get install -y mysql-client
++
++    sh -c "echo 'deb http://download.opensuse.org/repositories/isv:/ownCloud:/community/xUbuntu_12.04/ /' >> /etc/apt/sources.list.d/owncloud.list"
++    wget http://download.opensuse.org/repositories/isv:/ownCloud:/community/xUbuntu_12.04/Release.key
++
++    if [ `sha1sum Release.key | awk '{print $1}'` != "c76c49ca044d9547648f1d8313777ed7d55df6b2" ]; then
++        juju-log "Apt key verification failed, failing hook."
++        exit 1
++    fi
++
++    apt-key add - < Release.key
++    apt-get update
++    apt-get install -y owncloud
++
++fi
++
  chown www-data:www-data -R /var/www/owncloud
--#Make ownCloud publicly visible
--port=`config-get port`
--open-port $port/tcp
++sed -i "s/        \$curlSettings = array(/        \$curlSettings = array(\n            CURLOPT_SSL_VERIFYPEER => 0,\n            CURLOPT_SSL_VERIFYHOST => 0,/" /var/www/owncloud/3rdparty/Sabre/DAV/Client.php
++
++SRC=`config-get src`
++echo $SRC > .src
++
++service apache2 restart
 === added file 'hooks/ssl'
 --- hooks/ssl	1970-01-01 00:00:00 +0000
 +++ hooks/ssl	2014-07-21 22:01:08 +0000
@@ -0,0 +1,19 @@
++#!/usr/bin/python
++
++import os
++import sys
++
++sys.path.insert(0, os.environ['CHARM_DIR'])
++
++from charmhelpers.contrib import ssl
++from charmhelpers.core import hookenv
++from charmhelpers.core.hookenv import unit_get
++
++DOMAIN = hookenv.config('domain')
++
++if DOMAIN == "":
++    DOMAIN = unit_get('public-address')
++
++key_file = '/home/ubuntu/' + DOMAIN + '.key'
++cert_file = '/home/ubuntu/' + DOMAIN + '.cert'
++ssl.generate_selfsigned(key_file, cert_file, cn=DOMAIN)
 === modified file 'hooks/start'
 --- hooks/start	2012-07-21 00:54:38 +0000
 +++ hooks/start	2014-07-21 22:01:08 +0000
@@ -1,4 +1,8 @@
  #!/bin/bash
  set -eu
--juju-log "Starting apache for owncloud"
--service apache2 start || service apache2 restart
++
++if [ -f .configured ]; then
++    juju-log "Starting apache for owncloud"
++    service apache2 start || service apache2 restart
++    touch .started
++fi
 === modified file 'hooks/upgrade-charm'
 --- hooks/upgrade-charm	2014-04-11 03:47:03 +0000
 +++ hooks/upgrade-charm	2014-07-21 22:01:08 +0000
@@ -5,43 +5,47 @@
  # Pause during upgrade
  hooks/stop
--#we are under active migration, dont do anything more than once
--if [ ! -f $CHARM_DIR/.migrating ]; then
--
--    # Excise old installation data
--    find /var/www -mindepth 2 -maxdepth 2 -type d -name 'data'\
--     -exec mv {} /var/tmp/ \;
--    find /var/www -mindepth 2 -maxdepth 2 -type d -name 'config'\
--     -exec mv {} /var/tmp/ \;
--    touch $CHARM_DIR/.migrating
--
++if [ -f /usr/share/charm-helper/sh/net.sh ]; then
++    #we are under active migration, dont do anything more than once
++    if [ ! -f $CHARM_DIR/.migrating ]; then
++
++        # Excise old installation data
++        find /var/www -mindepth 2 -maxdepth 2 -type d -name 'data'\
++        -exec mv {} /var/tmp/ \;
++        find /var/www -mindepth 2 -maxdepth 2 -type d -name 'config'\
++         -exec mv {} /var/tmp/ \;
++        touch $CHARM_DIR/.migrating
++
++    fi
++
++    # Deleting all traces of the old ownCloud install
++    rm -rf /var/www/owncloud/
++
++    cd /var/www/
++
++    # Getting new ownCloud version and MD5 checking it
++    wget download.owncloud.org/community/owncloud-6.0.3.tar.bz2
++
++    if [ `sha1sum owncloud-6.0.3.tar.bz2 | awk '{print $1}'` != "df1e272c208376117a8c00619079cee25a22f784" ]; then
++        juju-log "Download verification failed. Exiting."
++        exit 1
++    fi
++
++    tar xfj owncloud-6.0.3.tar.bz2
++    cd $CHARM_DIR
++
++    # Migrating data
++    mkdir /var/www/owncloud/data
++    rm -rf /var/www/owncloud/config
++    mkdir /var/www/owncloud/config
++    cp -pr /var/tmp/data/* /var/www/owncloud/data/
++    cp -pr /var/tmp/config/* /var/www/owncloud/config/
++    sudo chown -R www-data:www-data /var/www/owncloud
++    rm $CHARM_DIR/.migrating
++
++    # Finish upgrade
++    hooks/config-changed
++else
++    apt-get update
++    apt-get upgrade -y
  fi
--
--# Deleting all traces of the old ownCloud install
--rm -rf /var/www/owncloud/
--cd /var/www/
--
--# Getting new ownCloud version and MD5 checking it
--wget download.owncloud.org/community/owncloud-6.0.2.tar.bz2
--wget download.owncloud.org/community/owncloud-6.0.2.tar.bz2.md5
--
--while [ `md5sum owncloud-6.0.2.tar.bz2 | awk '{print $1}'` != `cat owncloud-6.0.2.tar.bz2.md5 | awk '{print $1}'` ]; do
--    rm owncloud-6.0.2.tar.bz2
--    wget download.owncloud.org/community/owncloud-6.0.2.tar.bz2
--done
--
--tar xfj owncloud-6.0.2.tar.bz2
--cd $CHARM_DIR
--
--# Migrating data
--mkdir /var/www/owncloud/data
--rm -rf /var/www/owncloud/config
--mkdir /var/www/owncloud/config
--cp -pr /var/tmp/data/* /var/www/owncloud/data/
--cp -pr /var/tmp/config/* /var/www/owncloud/config/
--sudo chown -R www-data:www-data /var/www/owncloud
--
--# Finish upgrade
--hooks/config-changed
--
--rm $CHARM_DIR/.migrating
 === modified file 'hooks/website-relation-joined'
 --- hooks/website-relation-joined	2012-07-21 16:20:15 +0000
 +++ hooks/website-relation-joined	2014-07-21 22:01:08 +0000
@@ -1,4 +1,3 @@
  #!/bin/sh
--port=`config-get port`
  pub_addr=`unit-get private-address`
--relation-set port=$port hostname=$pub_addr
++relation-set port=443 hostname=$pub_addr
 === modified file 'metadata.yaml'
 --- metadata.yaml	2014-01-24 16:01:17 +0000
 +++ metadata.yaml	2014-07-21 22:01:08 +0000
@@ -6,7 +6,7 @@
   storage, MySQL Databases, and HAProxy reverse proxy charms.
  categories:
      - file-servers
--maintainer: "Nathan Williams <nathan@nathanewilliams.com>"
++maintainer: "Jose Antonio Rey <jose@ubuntu.com>"
  requires:
    db:
      interface: mysql
 === modified file 'tests/00_setup.sh' (properties changed: -x to +x)
 === added file 'tests/100-deploy.py'
 --- tests/100-deploy.py	1970-01-01 00:00:00 +0000
 +++ tests/100-deploy.py	2014-07-21 22:01:08 +0000
@@ -0,0 +1,116 @@
++#!/usr/bin/env python3
++# The format of this test was shamelessly ripped from Cory Johns awesome
++# tests that resemble nosetests in the Apache Allura charm. <3
++# http://bazaar.launchpad.net/~johnsca/charms/precise/apache-allura/
++
++import amulet
++import requests
++
++
++class TestDeploy(object):
++
++    def __init__(self, time=2500):
++        # Attempt to load the deployment topology from a bundle.
++        self.deploy = amulet.Deployment()
++
++        # If something errored out, attempt to continue by
++        # manually specifying a standalone deployment
++        self.deploy.add('owncloud')
++        self.deploy.add('mysql')
++        self.deploy.add('nfs')
++        self.deploy.configure('owncloud', {'user': 'tom',
++                                           'password': 'swordfish'})
++        self.deploy.relate('owncloud:db', 'mysql:db')
++        self.deploy.relate('owncloud:shared-fs', 'nfs:nfs')
++        self.deploy.expose('owncloud')
++
++        try:
++            self.deploy.setup(time)
++            self.deploy.sentry.wait(time)
++        except:
++            amulet.raise_status(amulet.FAIL, msg="Environment standup timeout")
++        sentry = self.deploy.sentry
++
++        self.domain = sentry.unit['owncloud/0'].info['public-address']
++        self.mysql_unit = self.deploy.sentry.unit['mysql/0']
++        self.nfs_unit = self.deploy.sentry.unit['nfs/0']
++        self.app_unit = self.deploy.sentry.unit['owncloud/0']
++
++    def run(self):
++        for test in dir(self):
++            if test.startswith('test_'):
++                getattr(self, test)()
++
++    def test_standalone_http(self):
++
++        # r = requests.get("http://%s/" % domain, data, headers=h)
++        r = requests.get("https://%s/index.php" % self.domain, verify=False)
++        r.raise_for_status()
++
++        search_string = 'web services under your control'
++        if r.text.find(search_string) is -1:
++            amulet.raise_status(amulet.FAIL, msg="Unable to verify login page")
++
++    def test_database_relationship(self):
++
++        sent_config = self.mysql_unit.relation('db', 'owncloud:db')
++        # I'm sorry this is gross, and repeats itself. This is a dirty hack
++        # around owncloud not normalizing quotations, and field names.
++        try:
++            filepath = "/var/www/owncloud/config/autoconfig.php"
++            cfg = self.deploy.sentry.unit['owncloud/0'].file_contents(filepath)
++            cfg_to_check = {'dbuser': 'user', 'dbpass': 'password',
++                            'dbhost': 'host'}
++            for c_key, j_key in cfg_to_check.items():
++                if cfg.find('"%s" => "%s"' % (c_key, sent_config[j_key])) == -1:
++                    amulet.raise_status(amulet.FAIL,
++                                        msg="Unable to validate db cfg %s" % j_key)
++        except:
++            filepath = "/var/www/owncloud/config/config.php"
++            cfg = self.deploy.sentry.unit['owncloud/0'].file_contents(filepath)
++            cfg_to_check = {'dbuser': 'user', 'dbpassword': 'password',
++                            'dbhost': 'host'}
++            for c_key, j_key in cfg_to_check.items():
++                if cfg.find("'%s' => '%s'" % (c_key, sent_config[j_key])) == -1:
++                    amulet.raise_status(amulet.FAIL,
++                                        msg="Unable to validate db cfg %s" % j_key)
++
++    def term_search(self, output, term):
++        if output.find(term) == -1:
++            amulet.raise_status(amulet.FAIL,
++                                msg="Unable to validate NFS config %s" % term)
++
++    def test_nfs_relationship(self):
++        # Cache Relationship details
++        nfs_relation = self.nfs_unit.relation('nfs', 'owncloud:shared-fs')
++
++        # Leverage Amulet's exception handling if directory doesnt exist
++        # to check for the directory, as a cheap quick fail test.
++        try:
++            self.app_unit.directory('/var/lib/owncloud')
++        except:
++            amulet.raise_status(amulet.FAIL, msg="NFS Directory not found")
++
++        #Fetch the contents of mtab for data validation
++        mtab_contents = self.app_unit.file_contents('/etc/mtab')
++
++        self.term_search(mtab_contents, nfs_relation['private-address'])
++        self.term_search(mtab_contents, nfs_relation['fstype'])
++        self.term_search(mtab_contents, nfs_relation['mountpoint'])
++        self.term_search(mtab_contents, nfs_relation['options'])
++
++    def test_nfs_write_pipeline(self):
++        # Validate file write pipeline
++        #Build a $block_size file, and ship it via NFS
++        cmd_builder = "dd if=/dev/zero of=/var/lib/owncloud/amulet-file-test bs=8M count=1"
++        self.app_unit.run(cmd_builder)
++
++        filepath = '/srv/data/relation-sentry/amulet-file-test'
++        file_test = self.nfs_unit.file(filepath)
++        if file_test['size'] < 8000000:
++            amulet.raise_status(amulet.FAIL, 'File size constraint not met')
++
++
++if __name__ == '__main__':
++    runner = TestDeploy()
++    runner.run()
 === removed file 'tests/100_deploy.test'
 --- tests/100_deploy.test	2014-02-10 21:49:21 +0000
 +++ tests/100_deploy.test	1970-01-01 00:00:00 +0000
@@ -1,142 +0,0 @@
--#!/usr/bin/env python3
--
--import amulet
--import requests
--
--##########################################
--# Config Options
--##########################################
--scale = 2
--seconds = 1200
--user = 'tom'
--password = 'swordfish'
--block_size = "8M"
--verify_size = 8000000
--
--###########################################################
--#Deployment Setup
--############################################################
--d = amulet.Deployment()
--
--d.add('owncloud', units=scale)
--d.add('mysql')
--d.add('haproxy')
--d.add('nfs')
--d.configure('owncloud', {'user': user, 'password': password})
--d.relate('owncloud:db', 'mysql:db')
--d.relate('owncloud:website', 'haproxy:reverseproxy')
--d.relate('owncloud:shared-fs', 'nfs:nfs')
--d.expose('owncloud')
--d.expose('haproxy')
--
--
--#perform deployment
--try:
--    d.setup(timeout=seconds)
--except amulet.helpers.TimeoutError:
--    message = 'The environment did not setup in %d seconds.', seconds
--    amulet.raise_status(amulet.SKIP, msg=message)
--except:
--    raise
--
--
--#############################################################
--# Check presence of HTTP services
--#############################################################
--def validate_status_interface():
--    h = {'User-Agent': 'Mozilla/5.0 Gecko/20100101 Firefox/12.0',
--         'Content-Type': 'application/x-www-form-urlencoded',
--         'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*',
--         'Accept-Encoding': 'gzip, deflate'}
--
--    data = {'user': 'tom', 'password': 'swordfish'}
--
--    #validate the Owncloud login screen is present
--    r = requests.post("http://{}".format(
--        d.sentry.unit['owncloud/0'].info['public-address']),
--        data, headers=h)
--    r.raise_for_status()
--
--    #validate the HAProxy daemon is forwarding as expected
--    r = requests.get("http://{}".format(
--        d.sentry.unit['haproxy/0'].info['public-address']))
--    r.raise_for_status
--
--
--#############################################################
--# Validate that each service is running
--#############################################################
--def validate_running_services():
--    output, code = d.sentry.unit['owncloud/0'].run('service apache2 status')
--    if code != 0:
--        message = "Failed to find running Apache instance on host owncloud/0"
--        amulet.raise_status(amulet.SKIP, msg=message)
--    output, code = d.sentry.unit['mysql/0'].run('service mysql status')
--    if code != 0:
--        message = "Failed to find running MYSQL instance on host mysql/0"
--        amulet.raise_status(amulet.SKIP, msg=message)
--
--
--#############################################################
--# Validate that each service is running
--#############################################################
--def validate_owncloud_files():
--    index_status = d.sentry.unit['owncloud/0'].file_stat('/var/www/owncloud/index.php')
--    if index_status['size'] <= 0:
--        message = "Failed to find owncloud index.php"
--        amulet.raise_status(amulet.SKIP, msg=message)
--
--
--#############################################################
--# Validate database relationship
--#############################################################
--def validate_database_relationship():
--    #Connect to the sentrys and fetch the transmitted details
--    sent_config = d.sentry.unit['mysql/0'].relation('db', 'owncloud:db')
--    #Connect to owncloud's sentry and read the configuration PHP file
--    prod_config = d.sentry.unit['owncloud/0'].file_contents('/var/www/owncloud/config/config.php')
--    cfg_to_check = {'dbuser': 'user', 'dbpassword': 'password', 'dbhost': 'host'}
--
--    #Search the return string of the config for the transmit values
--    for cfg_file_key, juju_cfg_key in cfg_to_check.items():
--        if prod_config.find("'%s' => '%s'" % (cfg_file_key, sent_config[juju_cfg_key])) == -1:
--                amulet.raise_status(amulet.SKIP, msg="Unable to validate db sent %s" % juju_cfg_key)
--
--
--# Utility Method for searching output
--def nfs_term_search(output, term):
--    if output.find(term) == -1:
--        amulet.raise_status(amulet.FAIL, msg="Unable to validate NFS export mounted with %s" % term)
--
--
--###########################################################
--# Validate NFS FileSystem Existence
--###########################################################
--def validate_nfs_relationship():
--    # Cache Relationship details
--    nfs_relation = d.sentry.unit['nfs/0'].relation('nfs', 'owncloud:shared-fs')
--    # Raises an error if the directory does not exist
--    d.sentry.unit['owncloud/0'].directory('/var/lib/owncloud')
--    #Fetch the contents of mtab for data validation
--    mtab_contents = d.sentry.unit['owncloud/0'].file_contents('/etc/mtab')
--
--    nfs_term_search(mtab_contents, nfs_relation['private-address'])
--    nfs_term_search(mtab_contents, nfs_relation['fstype'])
--    nfs_term_search(mtab_contents, nfs_relation['mountpoint'])
--    nfs_term_search(mtab_contents, nfs_relation['options'])
--
--    # Validate file write pipeline
--    #Build a $block_size file, and ship it via NFS
--    cmd_builder = "dd if=/dev/zero of=/var/lib/owncloud/amulet-file-test bs=%s count=1" % block_size
--    d.sentry.unit['owncloud/0'].run(cmd_builder)
--
--    file_test = d.sentry.unit['nfs/0'].file('/srv/data/relation-sentry/amulet-file-test')
--    if file_test['size'] < verify_size:
--        amulet.raise_status(amulet.FAIL, 'File size constraint not met')
--
--
--validate_status_interface()
--validate_running_services()
--validate_owncloud_files()
--validate_database_relationship()
--validate_nfs_relationship()

Juju Charms Collectionowncloud package

Merge lp:~jose/charms/precise/owncloud/port-change+repo+ssl-support into lp:charms/owncloud

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
owncloud package