Juju Charms Collection
nova-compute package

Merge lp:~openstack-charmers/charms/precise/nova-compute/ha-support into lp:~charmers/charms/precise/nova-compute/trunk

Proposed by Adam Gandelman on 2013-05-29

Status:	Merged
Merged at revision:	44
Proposed branch:	lp:~openstack-charmers/charms/precise/nova-compute/ha-support
Merge into:	lp:~charmers/charms/precise/nova-compute/trunk
Diff against target:	1428 lines (+982/-86) 10 files modified config.yaml (+10/-0) hooks/lib/nova/essex (+3/-2) hooks/lib/nova/folsom (+4/-5) hooks/lib/nova/grizzly (+97/-0) hooks/lib/nova/nova-common (+39/-9) hooks/lib/openstack-common (+605/-26) hooks/nova-compute-common (+124/-19) hooks/nova-compute-relations (+96/-24) metadata.yaml (+3/-0) revision (+1/-1)
To merge this branch:	bzr merge lp:~openstack-charmers/charms/precise/nova-compute/ha-support
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
charmers		2013-05-29	Pending
Review via email: mp+166340@code.launchpad.net

Description of the change

* Updates for grizzly support.

* Adds ssh-based live migration among compute nodes, brokered by the nova-cloud-controller service.

* Various bug fixes and cleanup

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andreas Hasenack

Landscape

Nobuto Murata

OpenStack Charmers

charmers

 === modified file 'config.yaml'
 --- config.yaml	2013-03-01 22:10:38 +0000
 +++ config.yaml	2013-05-29 18:05:36 +0000
@@ -42,6 +42,16 @@
      default: "yes"
      type: string
      description: Whether to run nova-api and nova-network on the compute nodes.
++  enable-live-migration:
++    default: False
++    type: boolean
++    description: Configure libvirt for live migration.
++  migration-auth-type:
++    default: sasl
++    type: string
++    description: |
++      TCP authentication scheme for libvirt live migration.  Available options
++      include sasl or none.
    # needed if using flatmanager
    bridge-interface:
      default: br100
 === modified file 'hooks/lib/nova/essex'
 --- hooks/lib/nova/essex	2012-10-02 23:41:28 +0000
 +++ hooks/lib/nova/essex	2013-05-29 18:05:36 +0000
@@ -12,7 +12,7 @@
    local nova_conf=${NOVA_CONF:-/etc/nova/nova.conf}
    local api_conf=${API_CONF:-/etc/nova/api-paste.ini}
--
++  local libvirtd_conf=${LIBVIRTD_CONF:-/etc/libvirt/libvirtd.conf}
    [[ -z $key ]] && juju-log "$CHARM set_or_update: value $value missing key" && exit 1
    [[ -z $value ]] && juju-log "$CHARM set_or_update: key $key missing value" && exit 1
    [[ -z "$conf_file" ]] && conf_file=$nova_conf
@@ -22,7 +22,7 @@
                    pattern="--$key="
                    out=$pattern
                    ;;
--    "$api_conf") match="^$key = "
++    "$api_conf"|"$libvirtd_conf") match="^$key = "
                   pattern="$match"
                   out="$key = "
                   ;;
@@ -39,4 +39,5 @@
      juju-log "$CHARM: Setting new option $key=$value in $conf_file"
      echo "$out$value" >>$conf_file
    fi
++  CONFIG_CHANGED=True
+ }
 === modified file 'hooks/lib/nova/folsom'
 --- hooks/lib/nova/folsom	2012-12-03 11:18:59 +0000
 +++ hooks/lib/nova/folsom	2013-05-29 18:05:36 +0000
@@ -15,6 +15,7 @@
    local quantum_conf=${QUANTUM_CONF:-/etc/quantum/quantum.conf}
    local quantum_api_conf=${QUANTUM_API_CONF:-/etc/quantum/api-paste.ini}
    local quantum_plugin_conf=${QUANTUM_PLUGIN_CONF:-/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini}
++  local libvirtd_conf=${LIBVIRTD_CONF:-/etc/libvirt/libvirtd.conf}
    [[ -z $key ]] && juju-log "$CHARM: set_or_update: value $value missing key" && exit 1
    [[ -z $value ]] && juju-log "$CHARM: set_or_update: key $key missing value" && exit 1
@@ -27,11 +28,8 @@
                    pattern="$key="
                    out=$pattern
                    ;;
--    "$api_conf") match="^$key = "
--                 pattern="$match"
--                 out="$key = "
--                 ;;
--    "$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf")
++    "$api_conf"|"$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf"| \
++    "$libvirtd_conf")
                   match="^$key = "
                   pattern="$match"
                   out="$key = "
@@ -64,6 +62,7 @@
        fi
        ;;
    esac
++  CONFIG_CHANGED="True"
+ }
  # Upgrade Helpers
 === added file 'hooks/lib/nova/grizzly'
 --- hooks/lib/nova/grizzly	1970-01-01 00:00:00 +0000
 +++ hooks/lib/nova/grizzly	2013-05-29 18:05:36 +0000
@@ -0,0 +1,97 @@
++#!/bin/bash -e
++
++# Folsom-specific functions
++
++nova_set_or_update() {
++  # TODO: This needs to be shared among folsom, grizzly and beyond.
++  # Set a config option in nova.conf or api-paste.ini, depending
++  # Defaults to updating nova.conf
++  local key="$1"
++  local value="$2"
++  local conf_file="$3"
++  local section="${4:-DEFAULT}"
++
++  local nova_conf=${NOVA_CONF:-/etc/nova/nova.conf}
++  local api_conf=${API_CONF:-/etc/nova/api-paste.ini}
++  local quantum_conf=${QUANTUM_CONF:-/etc/quantum/quantum.conf}
++  local quantum_api_conf=${QUANTUM_API_CONF:-/etc/quantum/api-paste.ini}
++  local quantum_plugin_conf=${QUANTUM_PLUGIN_CONF:-/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini}
++  local libvirtd_conf=${LIBVIRTD_CONF:-/etc/libvirt/libvirtd.conf}
++
++  [[ -z $key ]] && juju-log "$CHARM: set_or_update: value $value missing key" && exit 1
++  [[ -z $value ]] && juju-log "$CHARM: set_or_update: key $key missing value" && exit 1
++
++  [[ -z "$conf_file" ]] && conf_file=$nova_conf
++
++  local pattern=""
++  case "$conf_file" in
++    "$nova_conf") match="^$key="
++                  pattern="$key="
++                  out=$pattern
++                  ;;
++    "$api_conf"|"$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf"| \
++    "$libvirtd_conf")
++                 match="^$key = "
++                 pattern="$match"
++                 out="$key = "
++                 ;;
++    *) juju-log "$CHARM ERROR: set_or_update: Invalid conf_file ($conf_file)"
++  esac
++
++  cat $conf_file | grep "$match$value" >/dev/null &&
++    juju-log "$CHARM: $key=$value already in set in $conf_file" \
++      && return 0
++
++  case $conf_file in
++    "$quantum_conf"|"$quantum_api_conf"|"$quantum_plugin_conf")
++        python -c "
++import ConfigParser
++config = ConfigParser.RawConfigParser()
++config.read('$conf_file')
++config.set('$section','$key','$value')
++with open('$conf_file', 'wb') as configfile:
++    config.write(configfile)
++"
++      ;;
++    *)
++      if cat $conf_file | grep "$match" >/dev/null ; then
++        juju-log "$CHARM: Updating $conf_file, $key=$value"
++        sed -i "s|\($pattern\).*|\1$value|" $conf_file
++      else
++        juju-log "$CHARM: Setting new option $key=$value in $conf_file"
++        echo "$out$value" >>$conf_file
++      fi
++      ;;
++  esac
++  CONFIG_CHANGED="True"
++}
++
++# Upgrade Helpers
++nova_pre_upgrade() {
++  # Pre-upgrade helper.  Caller should pass the version of OpenStack we are
++  # upgrading from.
++  return 0 # Nothing to do here, yet.
++}
++
++nova_post_upgrade() {
++  # Post-upgrade helper.  Caller should pass the version of OpenStack we are
++  # upgrading from.
++  local upgrade_from="$1"
++  juju-log "$CHARM: Running post-upgrade hook: $upgrade_from -> grizzly."
++  # We only support folsom -> grizzly, currently.
++  [[ "$upgrade_from" != "folsom" ]] &&
++    error_out "Unsupported upgrade: $upgrade_from -> grizzly"
++
++  # This may be dangerous, if we are upgrading a number of units at once
++  # and they all begin the same migration concurrently.  Migrate only from
++  # the cloud controller(s).
++  if [[ "$CHARM" == "nova-cloud-controller" ]] ; then
++    juju-log "$CHARM: Migrating nova database."
++    /usr/bin/nova-manage db sync
++
++    # Trigger a service restart on all other nova nodes.
++    trigger_remote_service_restarts
++  fi
++
++  juju-log "$CHARM: Post-upgrade hook complete: $upgrade_from -> grizzly."
++}
 === modified file 'hooks/lib/nova/nova-common'
 --- hooks/lib/nova/nova-common	2012-12-06 10:21:10 +0000
 +++ hooks/lib/nova/nova-common	2013-05-29 18:05:36 +0000
@@ -2,18 +2,21 @@
  # Common utility functions used across all nova charms.
++CONFIG_CHANGED=False
++HOOKS_DIR="$CHARM_DIR/hooks"
++
  # Load the common OpenStack helper library.
--if [[ -e $CHARM_DIR/lib/openstack-common ]] ; then
--  . $CHARM_DIR/lib/openstack-common
++if [[ -e $HOOKS_DIR/lib/openstack-common ]] ; then
++  . $HOOKS_DIR/lib/openstack-common
  else
--  juju-log "Couldn't load $CHARM_DIR/lib/opentack-common." && exit 1
++  juju-log "Couldn't load $HOOKS_DIR/lib/opentack-common." && exit 1
  fi
  set_or_update() {
    # Update config flags in nova.conf or api-paste.ini.
    # Config layout changed in Folsom, so this is now OpenStack release specific.
    local rel=$(get_os_codename_package "nova-common")
--  . $CHARM_DIR/lib/nova/$rel
++  . $HOOKS_DIR/lib/nova/$rel
    nova_set_or_update $@
+ }
@@ -32,9 +35,15 @@
  configure_volume_service() {
    local svc="$1"
++  local cur_vers="$(get_os_codename_package "nova-common")"
    case "$svc" in
--    "cinder") set_or_update "volume_api_class" "nova.volume.cinder.API" ;;
--    "nova-volume") set_or_update "volume_api_class" "nova.volume.api.API" ;;
++    "cinder")
++      set_or_update "volume_api_class" "nova.volume.cinder.API" ;;
++    "nova-volume")
++      # nova-volume only supported before grizzly.
++      [[ "$cur_vers" == "essex" ]] || [[ "$cur_vers" == "folsom" ]] &&
++        set_or_update "volume_api_class" "nova.volume.api.API"
++      ;;
      *) juju-log "$CHARM ERROR - configure_volume_service: Invalid service $svc"
         return 1 ;;
    esac
@@ -49,11 +58,32 @@
        ;;
      "FlatDHCPManager")
        set_or_update "network_manager" "nova.network.manager.FlatDHCPManager"
++
++      if [[ "$CHARM" == "nova-compute" ]] ; then
++        local flat_interface=$(config-get flat-interface)
++        local ec2_host=$(relation-get ec2_host)
++        set_or_update flat_inteface "$flat_interface"
++        set_or_update ec2_dmz_host "$ec2_host"
++
++        # Ensure flat_interface has link.
++        if ip link show $flat_interface >/dev/null 2>&1 ; then
++          ip link set $flat_interface up
++        fi
++
++        # work around (LP: #1035172)
++        if [[ -e /dev/vhost-net ]] ; then
++          iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM \
++            --checksum-fill
++        fi
++      fi
++
        ;;
      "Quantum")
        local local_ip=$(get_ip `unit-get private-address`)
--      [[ -n $local_ip ]] || juju-log "Unable to resolve local IP address" \
--        && exit 1
++      [[ -n $local_ip ]] || {
++        juju-log "Unable to resolve local IP address"
++        exit 1
++      }
        set_or_update "network_api_class" "nova.network.quantumv2.api.API"
        set_or_update "quantum_auth_strategy" "keystone"
        set_or_update "core_plugin" "$QUANTUM_CORE_PLUGIN" "$QUANTUM_CONF"
@@ -101,7 +131,7 @@
    # load the release helper library for pre/post upgrade hooks specific to the
    # release we are upgrading to.
--  . $CHARM_DIR/lib/nova/$new_rel
++  . $HOOKS_DIR/lib/nova/$new_rel
    # new release specific pre-upgrade hook
    nova_pre_upgrade "$orig_os_rel"
 === modified file 'hooks/lib/openstack-common'
 --- hooks/lib/openstack-common	2012-12-06 10:17:41 +0000
 +++ hooks/lib/openstack-common	2013-05-29 18:05:36 +0000
@@ -20,6 +20,9 @@
  function service_ctl {
    # control a specific service, or all (as defined by $SERVICES)
++  # service restarts will only occur depending on global $CONFIG_CHANGED,
++  # which should be updated in charm's set_or_update().
++  local config_changed=${CONFIG_CHANGED:-True}
    if [[ $1 == "all" ]] ; then
      ctl="$SERVICES"
    else
@@ -37,12 +40,21 @@
        "stop")
          service_ctl_status $i && service $i stop || return 0 ;;
        "restart")
--        service_ctl_status $i && service $i restart || service $i start ;;
++        if [[ "$config_changed" == "True" ]] ; then
++          service_ctl_status $i && service $i restart || service $i start
++        fi
++        ;;
      esac
      if [[ $? != 0 ]] ; then
        juju-log "$CHARM: service_ctl ERROR - Service $i failed to $action"
      fi
    done
++  # all configs should have been reloaded on restart of all services, reset
++  # flag if its being used.
++  if [[ "$action" == "restart" ]] && [[ -n "$CONFIG_CHANGED" ]] &&
++     [[ "$ctl" == "all" ]]; then
++    CONFIG_CHANGED="False"
++  fi
+ }
  function configure_install_source {
@@ -70,46 +82,62 @@
        # gpg key id tagged to end of url folloed by a |
        url=$(echo $src | cut -d'|' -f1)
        key=$(echo $src | cut -d'|' -f2)
--      if [[ -n "$key" ]] ; then
--        juju-log "$CHARM: Importing repository key: $key"
--        apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$key" || \
--          juju-log "$CHARM WARN: Could not import key from keyserver: $key"
--      else
--        juju-log "$CHARM No repository key specified"
--        url="$src"
--      fi
--      echo $url > /etc/apt/sources.list.d/juju_deb.list
++      juju-log "$CHARM: Importing repository key: $key"
++      apt-key adv --keyserver keyserver.ubuntu.com --recv-keys "$key" || \
++        juju-log "$CHARM WARN: Could not import key from keyserver: $key"
++    else
++      juju-log "$CHARM No repository key specified."
++      url="$src"
      fi
++    echo "$url" > /etc/apt/sources.list.d/juju_deb.list
      return 0
    fi
    # Cloud Archive
    if [[ "${src:0:6}" == "cloud:" ]] ; then
--    local archive_key="5EDB1B62EC4926EA"
--    local rel=$(echo $src | cut -d: -f2)
--    local u_rel=$(echo $rel | cut -d- -f1)
--    local ca_rel=$(echo $rel | cut -d- -f2)
++
++    # current os releases supported by the UCA.
++    local cloud_archive_versions="folsom grizzly"
++
++    local ca_rel=$(echo $src | cut -d: -f2)
++    local u_rel=$(echo $ca_rel | cut -d- -f1)
++    local os_rel=$(echo $ca_rel | cut -d- -f2 | cut -d/ -f1)
      [[ "$u_rel" != "$DISTRIB_CODENAME" ]] &&
        error_out "Cannot install from Cloud Archive pocket $src " \
                  "on this Ubuntu version ($DISTRIB_CODENAME)!"
--    if [[ "$ca_rel" == "folsom/staging" ]] ; then
--      # cloud archive staging is just a regular PPA.
--      add-apt-repository -y ppa:ubuntu-cloud-archive/folsom-staging
++    valid_release=""
++    for rel in $cloud_archive_versions ; do
++      if [[ "$os_rel" == "$rel" ]] ; then
++        valid_release=1
++        juju-log "Installing OpenStack ($os_rel) from the Ubuntu Cloud Archive."
++      fi
++    done
++    if [[ -z "$valid_release" ]] ; then
++      error_out "OpenStack release ($os_rel) not supported by "\
++                "the Ubuntu Cloud Archive."
++    fi
++
++    # CA staging repos are standard PPAs.
++    if echo $ca_rel | grep -q "staging" ; then
++      add-apt-repository -y ppa:ubuntu-cloud-archive/${os_rel}-staging
        return 0
      fi
++    # the others are LP-external deb repos.
      case "$ca_rel" in
--      "folsom"|"folsom/updates") pocket="precise-updates/folsom" ;;
--      "folsom/proposed") pocket="precise-proposed/folsom" ;;
++      "$u_rel-$os_rel"|"$u_rel-$os_rel/updates") pocket="$u_rel-updates/$os_rel" ;;
++      "$u_rel-$os_rel/proposed") pocket="$u_rel-proposed/$os_rel" ;;
++      "$u_rel-$os_rel"|"$os_rel/updates") pocket="$u_rel-updates/$os_rel" ;;
++      "$u_rel-$os_rel/proposed") pocket="$u_rel-proposed/$os_rel" ;;
        *) error_out "Invalid Cloud Archive repo specified: $src"
      esac
++    apt-get -y install ubuntu-cloud-keyring
      entry="deb http://ubuntu-cloud.archive.canonical.com/ubuntu $pocket main"
      echo "$entry" \
        >/etc/apt/sources.list.d/ubuntu-cloud-archive-$DISTRIB_CODENAME.list
--    apt-key  adv --keyserver keyserver.ubuntu.com --recv-keys $archive_key
      return 0
    fi
@@ -142,15 +170,16 @@
        case "$ca_rel" in
          "folsom"|"folsom/updates"|"folsom/proposed"|"folsom/staging")
            codename="folsom" ;;
--        "grizzly"|"grizzly/updates"|"grizzly/proposed"|"grizzy/staging")
--          codename="grizly" ;;
++        "grizzly"|"grizzly/updates"|"grizzly/proposed"|"grizzly/staging")
++          codename="grizzly" ;;
        esac
      fi
    fi
    # have a guess based on the deb string provided
--  if [[ "${rel:0:3}" == "deb" ]]; then
--    CODENAMES="diablo essex folsom grizzly"
++  if [[ "${rel:0:3}" == "deb" ]] || \
++     [[ "${rel:0:3}" == "ppa" ]] ; then
++    CODENAMES="diablo essex folsom grizzly havana"
      for cname in $CODENAMES; do
        if echo $rel | grep -q $cname; then
          codename=$cname
@@ -161,12 +190,14 @@
+ }
  get_os_codename_package() {
--  local pkg_vers=$(dpkg -l | grep "$1" | awk '{ print $3 }')
++  local pkg_vers=$(dpkg -l | grep "$1" | awk '{ print $3 }') || echo "none"
++  pkg_vers=$(echo $pkg_vers | cut -d: -f2) # epochs
    case "${pkg_vers:0:6}" in
      "2011.2") echo "diablo" ;;
      "2012.1") echo "essex" ;;
      "2012.2") echo "folsom" ;;
      "2013.1") echo "grizzly" ;;
++    "2013.2") echo "havana" ;;
    esac
+ }
@@ -175,7 +206,8 @@
      "diablo") echo "2011.2" ;;
      "essex") echo "2012.1" ;;
      "folsom") echo "2012.2" ;;
--    "grizzly") echo "2012.3" ;;
++    "grizzly") echo "2013.1" ;;
++    "havana") echo "2013.2" ;;
    esac
+ }
@@ -200,3 +232,550 @@
      pass
+ "
+ }
++
++# Common storage routines used by cinder, nova-volume and swift-storage.
++clean_storage() {
++  # if configured to overwrite existing storage, we unmount the block-dev
++  # if mounted and clear any previous pv signatures
++  local block_dev="$1"
++  juju-log "Cleaining storage '$block_dev'"
++  if grep -q "^$block_dev" /proc/mounts ; then
++    mp=$(grep "^$block_dev" /proc/mounts   | awk '{ print $2 }')
++    juju-log "Unmounting $block_dev from $mp"
++    umount "$mp" || error_out "ERROR: Could not unmount storage from $mp"
++  fi
++  if pvdisplay "$block_dev" >/dev/null 2>&1 ; then
++    juju-log "Removing existing LVM PV signatures from $block_dev"
++
++    # deactivate any volgroups that may be built on this dev
++    vg=$(pvdisplay $block_dev | grep "VG Name" | awk '{ print $3 }')
++    if [[ -n "$vg" ]] ; then
++      juju-log "Deactivating existing volume group: $vg"
++      vgchange -an "$vg" ||
++        error_out "ERROR: Could not deactivate volgroup $vg.  Is it in use?"
++    fi
++    echo "yes" | pvremove -ff "$block_dev" ||
++      error_out "Could not pvremove $block_dev"
++  else
++    juju-log "Zapping disk of all GPT and MBR structures"
++    sgdisk --zap-all $block_dev ||
++      error_out "Unable to zap $block_dev"
++  fi
++}
++
++function get_block_device() {
++  # given a string, return full path to the block device for that
++  # if input is not a block device, find a loopback device
++  local input="$1"
++
++  case "$input" in
++    /dev/*) [[ ! -b "$input" ]] && error_out "$input does not exist."
++            echo "$input"; return 0;;
++    /*) :;;
++    *)  [[ ! -b "/dev/$input" ]] && error_out "/dev/$input does not exist."
++        echo "/dev/$input"; return 0;;
++  esac
++
++  # this represents a file
++  # support "/path/to/file|5G"
++  local fpath size oifs="$IFS"
++  if [ "${input#*|}" != "${input}" ]; then
++    size=${input##*|}
++    fpath=${input%|*}
++  else
++    fpath=${input}
++    size=5G
++  fi
++
++  ## loop devices are not namespaced.  This is bad for containers.
++  ## it means that the output of 'losetup' may have the given $fpath
++  ## in it, but that may not represent this containers $fpath, but
++  ## another containers.  To address that, we really need to
++  ## allow some uniq container-id to be expanded within path.
++  ## TODO: find a unique container-id that will be consistent for
++  ##       this container throughout its lifetime and expand it
++  ##       in the fpath.
++  # fpath=${fpath//%{id}/$THAT_ID}
++
++  local found=""
++  # parse through 'losetup -a' output, looking for this file
++  # output is expected to look like:
++  #   /dev/loop0: [0807]:961814 (/tmp/my.img)
++  found=$(losetup -a |
++    awk 'BEGIN { found=0; }
++         $3 == f { sub(/:$/,"",$1); print $1; found=found+1; }
++         END { if( found == 0 || found == 1 ) { exit(0); }; exit(1); }' \
++         f="($fpath)")
++
++  if [ $? -ne 0 ]; then
++    echo "multiple devices found for $fpath: $found" 1>&2
++    return 1;
++  fi
++
++  [ -n "$found" -a -b "$found" ] && { echo "$found"; return 1; }
++
++  if [ -n "$found" ]; then
++    echo "confused, $found is not a block device for $fpath";
++    return 1;
++  fi
++
++  # no existing device was found, create one
++  mkdir -p "${fpath%/*}"
++  truncate --size "$size" "$fpath" ||
++    { echo "failed to create $fpath of size $size"; return 1; }
++
++  found=$(losetup --find --show "$fpath") ||
++    { echo "failed to setup loop device for $fpath" 1>&2; return 1; }
++
++  echo "$found"
++  return 0
++}
++
++HAPROXY_CFG=/etc/haproxy/haproxy.cfg
++HAPROXY_DEFAULT=/etc/default/haproxy
++##########################################################################
++# Description: Configures HAProxy services for Openstack API's
++# Parameters:
++#   Space delimited list of service:port:mode combinations for which
++#   haproxy service configuration should be generated for.  The function
++#   assumes the name of the peer relation is 'cluster' and that every
++#   service unit in the peer relation is running the same services.
++#
++#   Services that do not specify :mode in parameter will default to http.
++#
++# Example
++#   configure_haproxy cinder_api:8776:8756:tcp nova_api:8774:8764:http
++##########################################################################
++configure_haproxy() {
++  local address=`unit-get private-address`
++  local name=${JUJU_UNIT_NAME////-}
++  cat > $HAPROXY_CFG << EOF
++global
++  log 127.0.0.1 local0
++  log 127.0.0.1 local1 notice
++  maxconn 20000
++  user haproxy
++  group haproxy
++  spread-checks 0
++
++defaults
++  log global
++  mode http
++  option httplog
++  option dontlognull
++  retries 3
++  timeout queue 1000
++  timeout connect 1000
++  timeout client 30000
++  timeout server 30000
++
++listen stats :8888
++  mode http
++  stats enable
++  stats hide-version
++  stats realm Haproxy\ Statistics
++  stats uri /
++  stats auth admin:password
++
++EOF
++  for service in $@; do
++    local service_name=$(echo $service | cut -d : -f 1)
++    local haproxy_listen_port=$(echo $service | cut -d : -f 2)
++    local api_listen_port=$(echo $service | cut -d : -f 3)
++    local mode=$(echo $service | cut -d : -f 4)
++    [[ -z "$mode" ]] && mode="http"
++    juju-log "Adding haproxy configuration entry for $service "\
++             "($haproxy_listen_port -> $api_listen_port)"
++    cat >> $HAPROXY_CFG << EOF
++listen $service_name 0.0.0.0:$haproxy_listen_port
++  balance roundrobin
++  mode $mode
++  option ${mode}log
++  server $name $address:$api_listen_port check
++EOF
++    local r_id=""
++    local unit=""
++    for r_id in `relation-ids cluster`; do
++      for unit in `relation-list -r $r_id`; do
++        local unit_name=${unit////-}
++        local unit_address=`relation-get -r $r_id private-address $unit`
++        if [ -n "$unit_address" ]; then
++          echo "  server $unit_name $unit_address:$api_listen_port check" \
++            >> $HAPROXY_CFG
++        fi
++      done
++    done
++  done
++  echo "ENABLED=1" > $HAPROXY_DEFAULT
++  service haproxy restart
++}
++
++##########################################################################
++# Description: Query HA interface to determine is cluster is configured
++# Returns: 0 if configured, 1 if not configured
++##########################################################################
++is_clustered() {
++  local r_id=""
++  local unit=""
++  for r_id in $(relation-ids ha); do
++    if [ -n "$r_id" ]; then
++      for unit in $(relation-list -r $r_id); do
++         clustered=$(relation-get -r $r_id clustered $unit)
++         if [ -n "$clustered" ]; then
++           juju-log "Unit is haclustered"
++           return 0
++         fi
++      done
++    fi
++  done
++  juju-log "Unit is not haclustered"
++  return 1
++}
++
++##########################################################################
++# Description: Return a list of all peers in cluster relations
++##########################################################################
++peer_units() {
++  local peers=""
++  local r_id=""
++  for r_id in $(relation-ids cluster); do
++    peers="$peers $(relation-list -r $r_id)"
++  done
++  echo $peers
++}
++
++##########################################################################
++# Description: Determines whether the current unit is the oldest of all
++#              its peers - supports partial leader election
++# Returns: 0 if oldest, 1 if not
++##########################################################################
++oldest_peer() {
++  peers=$1
++  local l_unit_no=$(echo $JUJU_UNIT_NAME | cut -d / -f 2)
++  for peer in $peers; do
++    echo "Comparing $JUJU_UNIT_NAME with peers: $peers"
++    local r_unit_no=$(echo $peer | cut -d / -f 2)
++    if (($r_unit_no<$l_unit_no)); then
++        juju-log "Not oldest peer; deferring"
++        return 1
++    fi
++  done
++  juju-log "Oldest peer; might take charge?"
++  return 0
++}
++
++##########################################################################
++# Description: Determines whether the current service units is the
++#              leader within a) a cluster of its peers or b) across a
++#              set of unclustered peers.
++# Parameters: CRM resource to check ownership of if clustered
++# Returns: 0 if leader, 1 if not
++##########################################################################
++eligible_leader() {
++  if is_clustered; then
++    if ! is_leader $1; then
++      juju-log 'Deferring action to CRM leader'
++      return 1
++    fi
++  else
++    peers=$(peer_units)
++    if [ -n "$peers" ] && ! oldest_peer "$peers"; then
++      juju-log 'Deferring action to oldest service unit.'
++      return 1
++    fi
++  fi
++  return 0
++}
++
++##########################################################################
++# Description: Query Cluster peer interface to see if peered
++# Returns: 0 if peered, 1 if not peered
++##########################################################################
++is_peered() {
++  local r_id=$(relation-ids cluster)
++  if [ -n "$r_id" ]; then
++    if [ -n "$(relation-list -r $r_id)" ]; then
++      juju-log "Unit peered"
++      return 0
++    fi
++  fi
++  juju-log "Unit not peered"
++  return 1
++}
++
++##########################################################################
++# Description: Determines whether host is owner of clustered services
++# Parameters: Name of CRM resource to check ownership of
++# Returns: 0 if leader, 1 if not leader
++##########################################################################
++is_leader() {
++  hostname=`hostname`
++  if [ -x /usr/sbin/crm ]; then
++    if crm resource show $1 | grep -q $hostname; then
++      juju-log "$hostname is cluster leader."
++      return 0
++    fi
++  fi
++  juju-log "$hostname is not cluster leader."
++  return 1
++}
++
++##########################################################################
++# Description: Determines whether enough data has been provided in
++# configuration or relation data to configure HTTPS.
++# Parameters:  None
++# Returns: 0 if HTTPS can be configured, 1 if not.
++##########################################################################
++https() {
++  local r_id=""
++  if [[ -n "$(config-get ssl_cert)" ]] &&
++     [[ -n "$(config-get ssl_key)" ]] ; then
++    return 0
++  fi
++  for r_id in $(relation-ids identity-service) ; do
++    for unit in $(relation-list -r $r_id) ; do
++      if [[ "$(relation-get -r $r_id https_keystone $unit)" == "True" ]] &&
++         [[ -n "$(relation-get -r $r_id ssl_cert $unit)" ]] &&
++         [[ -n "$(relation-get -r $r_id ssl_key $unit)" ]] &&
++         [[ -n "$(relation-get -r $r_id ca_cert $unit)" ]] ; then
++          return 0
++      fi
++    done
++  done
++  return 1
++}
++
++##########################################################################
++# Description: For a given number of port mappings, configures apache2
++# HTTPs local reverse proxying using certficates and keys provided in
++# either configuration data (preferred) or relation data.  Assumes ports
++# are not in use (calling charm should ensure that).
++# Parameters:  Variable number of proxy port mappings as
++# $internal:$external.
++# Returns: 0 if reverse proxy(s) have been configured, 0 if not.
++##########################################################################
++enable_https() {
++  local port_maps="$@"
++  local http_restart=""
++  juju-log "Enabling HTTPS for port mappings: $port_maps."
++
++  # allow overriding of keystone provided certs with those set manually
++  # in config.
++  local cert=$(config-get ssl_cert)
++  local key=$(config-get ssl_key)
++  local ca_cert=""
++  if [[ -z "$cert" ]] || [[ -z "$key" ]] ; then
++    juju-log "Inspecting identity-service relations for SSL certificate."
++    local r_id=""
++    cert=""
++    key=""
++    ca_cert=""
++    for r_id in $(relation-ids identity-service) ; do
++      for unit in $(relation-list -r $r_id) ; do
++        [[ -z "$cert" ]] && cert="$(relation-get -r $r_id ssl_cert $unit)"
++        [[ -z "$key" ]] && key="$(relation-get -r $r_id ssl_key $unit)"
++        [[ -z "$ca_cert" ]] && ca_cert="$(relation-get -r $r_id ca_cert $unit)"
++      done
++    done
++    [[ -n "$cert" ]] && cert=$(echo $cert | base64 -di)
++    [[ -n "$key" ]] && key=$(echo $key | base64 -di)
++    [[ -n "$ca_cert" ]] && ca_cert=$(echo $ca_cert | base64 -di)
++  else
++    juju-log "Using SSL certificate provided in service config."
++  fi
++
++  [[ -z "$cert" ]] || [[ -z "$key" ]] &&
++    juju-log "Expected but could not find SSL certificate data, not "\
++             "configuring HTTPS!" && return 1
++
++  apt-get -y install apache2
++  a2enmod ssl proxy proxy_http | grep -v "To activate the new configuration" &&
++    http_restart=1
++
++  mkdir -p /etc/apache2/ssl/$CHARM
++  echo "$cert" >/etc/apache2/ssl/$CHARM/cert
++  echo "$key" >/etc/apache2/ssl/$CHARM/key
++  if [[ -n "$ca_cert" ]] ; then
++    juju-log "Installing Keystone supplied CA cert."
++    echo "$ca_cert" >/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt
++    update-ca-certificates --fresh
++
++    # XXX TODO: Find a better way of exporting this?
++    if [[ "$CHARM" == "nova-cloud-controller" ]] ; then
++      [[ -e /var/www/keystone_juju_ca_cert.crt ]] &&
++        rm -rf /var/www/keystone_juju_ca_cert.crt
++      ln -s  /usr/local/share/ca-certificates/keystone_juju_ca_cert.crt \
++             /var/www/keystone_juju_ca_cert.crt
++    fi
++
++  fi
++  for port_map in $port_maps ; do
++    local ext_port=$(echo $port_map | cut -d: -f1)
++    local int_port=$(echo $port_map | cut -d: -f2)
++    juju-log "Creating apache2 reverse proxy vhost for $port_map."
++    cat >/etc/apache2/sites-available/${CHARM}_${ext_port} <<END
++Listen $ext_port
++NameVirtualHost *:$ext_port
++<VirtualHost *:$ext_port>
++    ServerName $(unit-get private-address)
++    SSLEngine on
++    SSLCertificateFile /etc/apache2/ssl/$CHARM/cert
++    SSLCertificateKeyFile /etc/apache2/ssl/$CHARM/key
++    ProxyPass / http://localhost:$int_port/
++    ProxyPassReverse / http://localhost:$int_port/
++    ProxyPreserveHost on
++</VirtualHost>
++<Proxy *>
++    Order deny,allow
++    Allow from all
++</Proxy>
++<Location />
++    Order allow,deny
++    Allow from all
++</Location>
++END
++    a2ensite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" &&
++      http_restart=1
++  done
++  if [[ -n "$http_restart" ]] ; then
++    service apache2 restart
++  fi
++}
++
++##########################################################################
++# Description: Ensure HTTPS reverse proxying is disabled for given port
++# mappings.
++# Parameters:  Variable number of proxy port mappings as
++# $internal:$external.
++# Returns: 0 if reverse proxy is not active for all portmaps, 1 on error.
++##########################################################################
++disable_https() {
++  local port_maps="$@"
++  local http_restart=""
++  juju-log "Ensuring HTTPS disabled for $port_maps."
++  ( [[ ! -d /etc/apache2 ]] || [[ ! -d /etc/apache2/ssl/$CHARM ]] ) && return 0
++  for port_map in $port_maps ; do
++    local ext_port=$(echo $port_map | cut -d: -f1)
++    local int_port=$(echo $port_map | cut -d: -f2)
++    if [[ -e /etc/apache2/sites-available/${CHARM}_${ext_port} ]] ; then
++      juju-log "Disabling HTTPS reverse proxy for $CHARM $port_map."
++      a2dissite ${CHARM}_${ext_port} | grep -v "To activate the new configuration" &&
++        http_restart=1
++    fi
++  done
++  if [[ -n "$http_restart" ]] ; then
++    service apache2 restart
++  fi
++}
++
++
++##########################################################################
++# Description: Ensures HTTPS is either enabled or disabled for given port
++# mapping.
++# Parameters:  Variable number of proxy port mappings as
++# $internal:$external.
++# Returns: 0 if HTTPS reverse proxy is in place, 1 if it is not.
++##########################################################################
++setup_https() {
++  # configure https via apache reverse proxying either
++  # using certs provided by config or keystone.
++  [[ -z "$CHARM" ]] &&
++    error_out "setup_https(): CHARM not set."
++  if ! https ; then
++    disable_https $@
++  else
++    enable_https $@
++  fi
++}
++
++##########################################################################
++# Description: Determine correct API server listening port based on
++# existence of HTTPS reverse proxy and/or haproxy.
++# Paremeters: The standard public port for given service.
++# Returns: The correct listening port for API service.
++##########################################################################
++determine_api_port() {
++  local public_port="$1"
++  local i=0
++  ( [[ -n "$(peer_units)" ]] || is_clustered >/dev/null 2>&1 ) && i=$[$i + 1]
++  https >/dev/null 2>&1 && i=$[$i + 1]
++  echo $[$public_port - $[$i * 10]]
++}
++
++##########################################################################
++# Description: Determine correct proxy listening port based on public IP +
++# existence of HTTPS reverse proxy.
++# Paremeters: The standard public port for given service.
++# Returns: The correct listening port for haproxy service public address.
++##########################################################################
++determine_haproxy_port() {
++  local public_port="$1"
++  local i=0
++  https >/dev/null 2>&1 && i=$[$i + 1]
++  echo $[$public_port - $[$i * 10]]
++}
++
++##########################################################################
++# Description: Print the value for a given config option in an OpenStack
++# .ini style configuration file.
++# Parameters: File path, option to retrieve, optional
++# section name (default=DEFAULT)
++# Returns: Prints value if set, prints nothing otherwise.
++##########################################################################
++local_config_get() {
++  # return config values set in openstack .ini config files.
++  # default placeholders starting (eg, %AUTH_HOST%) treated as
++  # unset values.
++  local file="$1"
++  local option="$2"
++  local section="$3"
++  [[ -z "$section" ]] && section="DEFAULT"
++  python -c "
++import ConfigParser
++config = ConfigParser.RawConfigParser()
++config.read('$file')
++try:
++  value = config.get('$section', '$option')
++except:
++  print ''
++  exit(0)
++if value.startswith('%'): exit(0)
++print value
++"
++}
++
++##########################################################################
++# Description: Creates an rc file exporting environment variables to a
++# script_path local to the charm's installed directory.
++# Any charm scripts run outside the juju hook environment can source this
++# scriptrc to obtain updated config information necessary to perform health
++# checks or service changes
++#
++# Parameters:
++#   An array of '=' delimited  ENV_VAR:value combinations to export.
++#   If optional script_path key is not provided in the array, script_path
++#     defaults to scripts/scriptrc
++##########################################################################
++function save_script_rc {
++  if [ ! -n "$JUJU_UNIT_NAME" ]; then
++     echo "Error: Missing JUJU_UNIT_NAME environment variable"
++     exit 1
++  fi
++  # our default unit_path
++  unit_path="$CHARM_DIR/scripts/scriptrc"
++  echo $unit_path
++  tmp_rc="/tmp/${JUJU_UNIT_NAME/\//-}rc"
++
++  echo "#!/bin/bash" > $tmp_rc
++  for env_var in "${@}"
++  do
++    if `echo $env_var | grep -q script_path`; then
++       # well then we need to reset the new unit-local script path
++       unit_path="$CHARM_DIR/${env_var/script_path=/}"
++    else
++       echo "export $env_var" >> $tmp_rc
++    fi
++  done
++  chmod 755 $tmp_rc
++  mv $tmp_rc $unit_path
++}
 === modified file 'hooks/nova-compute-common'
 --- hooks/nova-compute-common	2013-03-04 19:58:18 +0000
 +++ hooks/nova-compute-common	2013-05-29 18:05:36 +0000
@@ -7,6 +7,8 @@
  NOVA_CONF=$(config-get nova-config)
  API_CONF="/etc/nova/api-paste.ini"
  QUANTUM_CONF="/etc/quantum/quantum.conf"
++LIBVIRTD_CONF="/etc/libvirt/libvirtd.conf"
++HOOKS_DIR="$CHARM_DIR/hooks"
  MULTI_HOST=$(config-get multi-host)
  if [ -f /etc/nova/nm.conf ]; then
@@ -35,10 +37,10 @@
      ;;
  esac
--if [[ -e $CHARM_DIR/lib/nova/nova-common ]] ; then
--  . $CHARM_DIR/lib/nova/nova-common
++if [[ -e $HOOKS_DIR/lib/nova/nova-common ]] ; then
++  . $HOOKS_DIR/lib/nova/nova-common
  else
--  juju-log "$CHARM: Couldn't load $CHARM_DIR/lib/nova-common" && exit 1
++  juju-log "$CHARM: Couldn't load $HOOKS_DIR/lib/nova-common" && exit 1
  fi
  determine_compute_package() {
@@ -52,7 +54,7 @@
      "xen") compute_pkg="nova-compute-xen";;
      "uml") compute_pkg="nova-compute-uml";;
      "lxc") compute_pkg="nova-compute-lxc";;
--    *) error_out" ERROR: Unsupported virt_type=$virt_type";;
++    *) error_out "ERROR: Unsupported virt_type=$virt_type";;
    esac
    echo "$compute_pkg"
+ }
@@ -98,17 +100,13 @@
      exit 1
+   }
--  # Store the network manager and quantum plugin
--  # for use in later hook invocations
--  [[ -n $net_manager ]] && echo $net_manager > /etc/nova/nm.conf
--  [[ -n $quantum_plugin ]] && echo $quantum_plugin > /etc/nova/quantum_plugin.conf
--
    case $net_manager in
      "FlatManager"|"FlatDHCPManager")
        if [[ "$MULTI_HOST" == "yes" ]] ; then
          apt-get -y install nova-api nova-network
          SERVICES="$SERVICES nova-api nova-network"
        fi
++      [[ -n $net_manager ]] && echo $net_manager > /etc/nova/nm.conf
        ;;&
      "FlatManager")
        local bridge_ip=$(config-get bridge-ip)
@@ -129,18 +127,39 @@
        set_or_update ec2_dmz_host $ec2_host
        ;;
      "Quantum")
--      local keystone_host=$(relation-get keystone_host)
--      [[ -z $keystone_host ]] && juju-log "nova-compute: Missing keystone host" \
--        && exit 0
++      local keystone_host="$(relation-get keystone_host)"
++      local auth_port="$(relation-get auth_port)"
++      local quantum_url="$(relation-get quantum_url)"
++      local quantum_admin_tenant_name="$(relation-get service_tenant)"
++      local quantum_admin_username="$(relation-get service_username)"
++      local quantum_admin_password="$(relation-get service_password)"
++
++      # might end up here before nova-c-c has processed keystone hooks
++      [[ -z "$keystone_host" ]] ||
++      [[ -z "$auth_port" ]] ||
++      [[ -z "$quantum_url" ]] ||
++      [[ -z "$quantum_admin_tenant_name" ]] ||
++      [[ -z "$quantum_admin_username" ]] ||
++      [[ -z "$quantum_admin_password" ]] &&
++        juju-log "nova-compute: Missing required data for Quantum config." &&
++          exit 0
        set_or_update "network_api_class" "nova.network.quantumv2.api.API"
        set_or_update "quantum_auth_strategy" "keystone"
--      set_or_update "quantum_url" "http://$(relation-get quantum_host):9696"
--      set_or_update "quantum_admin_tenant_name" "$(relation-get service_tenant)"
--      set_or_update "quantum_admin_username" "$(relation-get service_username)"
--      set_or_update "quantum_admin_password" "$(relation-get service_password)"
++      set_or_update "quantum_url" "$quantum_url"
++      set_or_update "quantum_admin_tenant_name" "$quantum_admin_tenant_name"
++      set_or_update "quantum_admin_username" "$quantum_admin_username"
++      set_or_update "quantum_admin_password" "$quantum_admin_password"
        set_or_update "quantum_admin_auth_url" \
--                    "http://$(relation-get keystone_host):$(relation-get auth_port)/v2.0"
--      set_or_update "force_config_drive" "True"
++                    "http://$keystone_host:$auth_port/v2.0"
++
++      local cur=$(get_os_codename_package "nova-common")
++      if dpkg --compare-versions $(get_os_version_codename $cur) gt '2012.2'; then
++        # Grizzly onwards supports metadata proxy so forcing use of config
++        # drive is not required.
++        set_or_update "force_config_drive" "False"
++      else
++        set_or_update "force_config_drive" "True"
++      fi
        case $quantum_plugin in
          "ovs")
            apt-get -y install openvswitch-datapath-dkms
@@ -157,6 +176,8 @@
            ;;
        esac
        set_or_update "bind_host" "0.0.0.0" "$QUANTUM_CONF"
++      [[ -n $net_manager ]] && echo $net_manager > /etc/nova/nm.conf
++      [[ -n $quantum_plugin ]] && echo $quantum_plugin > /etc/nova/quantum_plugin.conf
        ;;
      *) echo "ERROR: Invalid network manager $1" && exit 1 ;;
    esac
@@ -170,6 +191,83 @@
    fi
+ }
++function initialize_ssh_keys {
++  # generate ssh keypair for root if one does not exist or
++  # the pari is not complete.
++  local pub="/root/.ssh/id_rsa"
++  local priv="/root/.ssh/id_rsa.pub"
++  if [[ -e $pub ]] &&
++     [[ -e $priv ]] ; then
++    juju-log "$CHARM: SSH credentials already exist for root."
++    return 0
++  fi
++  juju-log "$CHARM: Initializing new SSH key pair for live migration."
++  [[ -e $pub ]] && mv $pub $pub.$(date +"%s")
++  [[ -e $priv ]] && mv $priv $priv.$(date +"%s")
++  local keyname=$(echo $JUJU_UNIT_NAME | sed -e 's,/,-,g')
++  echo -e "\n" | ssh-keygen -C "$keyname" -N ""
++}
++
++function libvirt_tcp_listening {
++  # toggle libvirtd's tcp listening in both /etc/default/libvirt-bin
++  # and /etc/libvirt/libvirtd.conf.
++  local toggle="$1"
++  juju-log "$CHARM: Configuring libvirt tcp listening: $toggle."
++  local cur_opts=$(grep "^libvirtd_opts" /etc/default/libvirt-bin |
++                   cut -d= -f2 |  sed -e 's/\"//g')
++  local new_opts=""
++
++  if [[ "$toggle" == "on" ]] ; then
++    if [[ -z "$cur_opts" ]] ; then
++      echo "libvirtd_opts=\"-d -l\"" >>/etc/default/libvirt-bin
++    elif ! echo "$cur_opts" | grep -q "\-l" ; then
++      new_opts="$cur_opts -l"
++      sed -i "s|\(libvirtd_opts=\).*|\1\"$new_opts\"|" /etc/default/libvirt-bin
++    fi
++    set_or_update "listen_tcp" 1 $LIBVIRTD_CONF
++  elif [[ "$toggle" == "off" ]] ; then
++    if echo "$cur_opts" | grep -q "\-l" ; then
++      new_opts=$(echo $cur_opts | sed -e 's/\-l//g')
++    fi
++    set_or_update "listen_tcp" 0  $LIBVIRTD_CONF
++  fi
++
++  [[ -n "$new_opts" ]] &&
++    sed -i "s|\(libvirtd_opts=\).*|\1\"$new_opts\"|" /etc/default/libvirt-bin
++
++  return 0
++}
++
++
++function configure_migration {
++  local enable_migration=$(config-get enable-live-migration)
++
++  if [[ "$enable_migration" != "True" ]] &&
++     [[ "$enable_migraiton" != "true" ]] ; then
++     libvirt_tcp_listening "off"
++     return $?
++  fi
++
++  libvirt_tcp_listening "on"
++
++  case "$(config-get migration-auth-type)" in
++    "none"|"None")
++      set_or_update "listen_tls" 0 $LIBVIRTD_CONF
++      set_or_update "auth_tcp" "\"none\"" $LIBVIRTD_CONF
++      ;;
++    "ssh")
++      set_or_update "listen_tls" 0 $LIBVIRTD_CONF
++      set_or_update "live_migration_uri" "qemu+ssh://%s/system" $NOVA_CONF
++      initialize_ssh_keys
++      # check in with nova-c-c and register our new key.
++      for id in $(relation-ids cloud-compute) ; do
++        compute_joined $id
++      done
++      service_ctl nova-compute restart ;;
++    "sasl") return 0 ;;
++  esac
++}
++
  function configure_libvirt {
    cat > /etc/libvirt/qemu.conf << EOF
  # File installed by Juju nova-compute charm
@@ -180,5 +278,12 @@
     "/dev/rtc", "/dev/hpet", "/dev/net/tun",
+ ]
  EOF
--  service libvirt-bin reload
++  configure_migration
++  service libvirt-bin restart
++}
++
++function migration_enabled {
++  local migration="$(config-get enable-live-migration)"
++  [[ "$migration" == "true" ]] || [[ "$migration" == "True" ]] && return 0
++  return 1
+ }
 === modified file 'hooks/nova-compute-relations'
 --- hooks/nova-compute-relations	2013-03-04 19:58:18 +0000
 +++ hooks/nova-compute-relations	2013-05-29 18:05:36 +0000
@@ -1,11 +1,11 @@
  #!/bin/bash -e
--CHARM_DIR=$(dirname $0)
++HOOKS_DIR="$CHARM_DIR/hooks"
  ARG0=${0##*/}
--if [[ -e $CHARM_DIR/nova-compute-common ]] ; then
--  . $CHARM_DIR/nova-compute-common
++if [[ -e $HOOKS_DIR/nova-compute-common ]] ; then
++  . $HOOKS_DIR/nova-compute-common
  else
--  juju-log "ERROR: Could not load nova-compute-common from $CHARM_DIR"
++  juju-log "ERROR: Could not load nova-compute-common from $HOOKS_DIR"
  fi
  function install_hook {
@@ -40,6 +40,11 @@
      do_openstack_upgrade "$install_src" $PACKAGES
    fi
++  # set this here until its fixed in grizzly packaging. (adam_g)
++  [[ "$cur" == "grizzly" ]] &&
++    set_or_update "compute_driver" "libvirt.LibvirtDriver"
++
++  configure_libvirt
    set_config_flags
    service_ctl all restart
+ }
@@ -67,6 +72,18 @@
        exit 0
    fi
++  # if the rabbitmq service is clustered among nodes with hacluster,
++  # point to its vip instead of its private-address.
++  local clustered=$(relation-get clustered)
++  if [[ -n "$clustered" ]] ; then
++    juju-log "$CHARM - ampq_changed: Configuring for "\
++             "access to haclustered rabbitmq service."
++    local vip=$(relation-get vip)
++    [[ -z "$vip" ]] && juju-log "$CHARM - amqp_changed: Clustered but no vip."\
++      && exit 0
++    rabbit_host="$vip"
++  fi
++
    local rabbit_user=$(config-get rabbit-user)
    local rabbit_vhost=$(config-get rabbit-vhost)
    juju-log "$CHARM - amqp_changed: Setting rabbit config in nova.conf: " \
@@ -101,7 +118,7 @@
+ }
  function db_changed {
--  local db_host=`relation-get private-address`
++  local db_host=`relation-get db_host`
    local db_password=`relation-get nova_password`
    if [[ -z $db_host ]] || [[ -z $db_password ]] ; then
@@ -125,15 +142,33 @@
+ }
  function image-service_changed {
--  GLANCE_API_SERVER=`relation-get glance-api-server`
--  if [[ -z $GLANCE_API_SERVER ]] ; then
--    echo "image-service_changed: GLANCE_API_SERVER not yet set. Exit 0 and retry"
++  local api_server=`relation-get glance-api-server`
++  if [[ -z $api_server ]] ; then
++    echo "image-service_changed: api_server not yet set. Exit 0 and retry"
      exit 0
    fi
--  set_or_update glance_api_servers $GLANCE_API_SERVER
++
++  if [[ "$(get_os_codename_package nova-common)" == "essex" ]] ; then
++    # essex needs glance_api_servers urls stripped of protocol.
++    api_server="$(echo $api_server | awk '{gsub(/http:\/\/|https:\/\//,"")}1')"
++  fi
++
++  set_or_update glance_api_servers $api_server
    service_ctl all restart
+ }
++function compute_joined {
++  migration_enabled || return 0
++  local relid="$1"
++  [[ -n "$relid" ]] && relid="-r $relid"
++  migration_auth="$(config-get migration-auth-type)"
++  case "$migration_auth" in
++    "none"|"None") return 0 ;;
++    "ssh") relation-set $relid ssh_public_key="$(cat /root/.ssh/id_rsa.pub)" ;;
++  esac
++  relation-set $relid migration_auth_type="$migration_auth"
++}
++
  function compute_changed {
    # nova-c-c will inform us of the configured network manager.  nova-compute
    # needs to configure itself accordingly.
@@ -154,21 +189,29 @@
        done
        # Rabbit MQ relation may also already be in place
        # shared vhost with nova so just grab settings and
--      # configure
++      # configure. need to be sure to use VIP if clustered.
++      local rabbit_clustered="" rabbit_vip="" rabbit_host="" rabbit_password=""
        r_ids="$(relation-ids amqp)"
        for id in $r_ids ; do
          for unit in $(relation-list -r $id) ; do
--          local rabbit_host=$(relation-get -r $id private-address $unit)
--          local rabbit_password=$(relation-get -r $id password $unit)
--          if [[ -n $rabbit_host ]] && \
--             [[ -n $rabbit_password ]]; then
--            set_or_update rabbit_host "$rabbit_host" "$QUANTUM_CONF"
--            set_or_update rabbit_userid "$(config-get rabbit-user)" "$QUANTUM_CONF"
--            set_or_update rabbit_password "$rabbit_password" "$QUANTUM_CONF"
--            set_or_update rabbit_virtual_host "$(config-get rabbit-vhost)" "$QUANTUM_CONF"
--          fi
--        done
++          [[ -z "$rabbit_clustered" ]] &&
++            rabbit_clustered=$(relation-get -r $id clustered $unit)
++          [[ -z "$rabbit_vip" ]] && rabbit_vip=$(relation-get -r $id vip $unit)
++          [[ -z "$rabbit_password" ]] &&
++            rabbit_password=$(relation-get -r $id password $unit)
++          rabbit_host=$(relation-get -r $id private-address $unit)
++       done
        done
++      if [[ -n "$rabbit_clustered" ]] ; then
++        rabbit_host="$rabbit_vip"
++      fi
++      if [[ -n $rabbit_host ]] && \
++         [[ -n $rabbit_password ]]; then
++        set_or_update rabbit_host "$rabbit_host" "$QUANTUM_CONF"
++        set_or_update rabbit_userid "$(config-get rabbit-user)" "$QUANTUM_CONF"
++        set_or_update rabbit_password "$rabbit_password" "$QUANTUM_CONF"
++        set_or_update rabbit_virtual_host "$(config-get rabbit-vhost)" "$QUANTUM_CONF"
++      fi
      else
        configure_network_manager "$network_manager"
      fi
@@ -178,6 +221,31 @@
    volume_service=`relation-get volume_service`
    [[ -n "$volume_service" ]] && configure_volume_service "$volume_service"
++  if migration_enabled ; then
++    case "$(config-get migration-auth-type)" in
++      "ssh")
++          local known_hosts="$(relation-get known_hosts)"
++          local authorized_keys="$(relation-get authorized_keys)"
++          if [[ -n "$known_hosts" ]] &&
++             [[ -n "$authorized_keys" ]] ; then
++            juju-log "$CHARM: Saving new known_hosts+authorized_keys file."
++            echo "$known_hosts" | base64 -di >/root/.ssh/known_hosts
++            echo "$authorized_keys" | base64 -di >/root/.ssh/authorized_keys
++          fi
++          ;;
++    esac
++  fi
++
++  # If Keytone is configured manage SSL certs, nova-compute needs a copy
++  # of its CA installed.
++  local ca_cert="$(relation-get ca_cert)"
++  if [[ -n "$ca_cert" ]] ; then
++    juju-log "Installing Keystone CA certificate."
++    ca_cert="$(echo $ca_cert | base64 -di)"
++    echo "$ca_cert" >/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt
++    update-ca-certificates
++  fi
++
    # restart on all changed events. nova-c-c may send out a uuid to trigger
    # remote restarts of services here (after db migrations, for instance)
    service_ctl all restart
@@ -218,8 +286,12 @@
  EOF
    if [ ! -f /etc/ceph/secret.xml ]; then
++    # This is just a label and it must be consistent across
++    # nova-compute nodes to support live migration.
++    UUID="514c9fca-8cbe-11e2-9c52-3bc8c7819472"
      cat > /etc/ceph/secret.xml << EOF
  <secret ephemeral='no' private='no'>
++   <uuid>$UUID</uuid>
     <usage type='ceph'>
       <name>client.$SERVICE_NAME secret</name>
     </usage>
@@ -228,10 +300,10 @@
      # Create secret for libvirt usage
      # note that this does limit ceph usage to
      # KVM only at this point in time.
--    uuid=$(virsh secret-define --file /etc/ceph/secret.xml | cut -d " " -f 2)
--    virsh secret-set-value --secret $uuid --base64 $KEY
++    virsh secret-define --file /etc/ceph/secret.xml
++    virsh secret-set-value --secret $UUID --base64 $KEY
      set_or_update rbd_user $SERVICE_NAME
--    set_or_update rbd_secret_uuid $uuid
++    set_or_update rbd_secret_uuid $UUID
      set_or_update rbd_pool nova
      service_ctl all restart
    fi
@@ -252,6 +324,6 @@
    "identity-service-relation-changed") exit 0 ;;
    "ceph-relation-joined") ceph_joined;;
    "ceph-relation-changed") ceph_changed;;
--  "cloud-compute-relation-joined" ) exit 0 ;;
++  "cloud-compute-relation-joined" ) compute_joined ;;
    "cloud-compute-relation-changed") compute_changed ;;
  esac
 === modified file 'metadata.yaml'
 --- metadata.yaml	2013-03-01 22:10:38 +0000
 +++ metadata.yaml	2013-05-29 18:05:36 +0000
@@ -20,3 +20,6 @@
      interface: glance
    ceph:
      interface: ceph-client
++peers:
++  compute-peer:
++    interface: nova
 === modified file 'revision'
 --- revision	2013-03-05 17:34:40 +0000
 +++ revision	2013-05-29 18:05:36 +0000
@@ -1,1 +1,1 @@
--81
++91

Juju Charms Collectionnova-compute package

Merge lp:~openstack-charmers/charms/precise/nova-compute/ha-support into lp:~charmers/charms/precise/nova-compute/trunk

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
nova-compute package