Juju Charms Collection
hwcert-pxe-server package

Merge lp:~pwlars/charms/wily/hwcert-pxe-server/init-pxe-server into lp:~canonical-hw-cert/charms/wily/hwcert-pxe-server/trunk

Proposed by Paul Larson on 2016-01-25

Status:	Merged
Approved by:	Paul Larson on 2016-01-29
Approved revision:	1
Merged at revision:	1
Proposed branch:	lp:~pwlars/charms/wily/hwcert-pxe-server/init-pxe-server
Merge into:	lp:~canonical-hw-cert/charms/wily/hwcert-pxe-server/trunk
Diff against target:	11628 lines (+11223/-0) 73 files modified README (+14/-0) config.yaml (+5/-0) hooks/actions.py (+113/-0) hooks/charmhelpers/__init__.py (+38/-0) hooks/charmhelpers/contrib/__init__.py (+15/-0) hooks/charmhelpers/contrib/amulet/__init__.py (+15/-0) hooks/charmhelpers/contrib/amulet/deployment.py (+93/-0) hooks/charmhelpers/contrib/amulet/utils.py (+194/-0) hooks/charmhelpers/contrib/ansible/__init__.py (+190/-0) hooks/charmhelpers/contrib/charmhelpers/__init__.py (+208/-0) hooks/charmhelpers/contrib/charmsupport/__init__.py (+15/-0) hooks/charmhelpers/contrib/charmsupport/nrpe.py (+324/-0) hooks/charmhelpers/contrib/charmsupport/volumes.py (+175/-0) hooks/charmhelpers/contrib/database/mysql.py (+372/-0) hooks/charmhelpers/contrib/hahelpers/__init__.py (+15/-0) hooks/charmhelpers/contrib/hahelpers/apache.py (+82/-0) hooks/charmhelpers/contrib/hahelpers/cluster.py (+268/-0) hooks/charmhelpers/contrib/network/__init__.py (+15/-0) hooks/charmhelpers/contrib/network/ip.py (+367/-0) hooks/charmhelpers/contrib/network/ovs/__init__.py (+96/-0) hooks/charmhelpers/contrib/network/ufw.py (+276/-0) hooks/charmhelpers/contrib/openstack/__init__.py (+15/-0) hooks/charmhelpers/contrib/openstack/alternatives.py (+33/-0) hooks/charmhelpers/contrib/openstack/amulet/__init__.py (+15/-0) hooks/charmhelpers/contrib/openstack/amulet/deployment.py (+108/-0) hooks/charmhelpers/contrib/openstack/amulet/utils.py (+294/-0) hooks/charmhelpers/contrib/openstack/context.py (+1054/-0) hooks/charmhelpers/contrib/openstack/ip.py (+109/-0) hooks/charmhelpers/contrib/openstack/neutron.py (+239/-0) hooks/charmhelpers/contrib/openstack/templates/__init__.py (+18/-0) hooks/charmhelpers/contrib/openstack/templating.py (+295/-0) hooks/charmhelpers/contrib/openstack/utils.py (+641/-0) hooks/charmhelpers/contrib/peerstorage/__init__.py (+148/-0) hooks/charmhelpers/contrib/python/__init__.py (+15/-0) hooks/charmhelpers/contrib/python/debug.py (+56/-0) hooks/charmhelpers/contrib/python/packages.py (+96/-0) hooks/charmhelpers/contrib/python/rpdb.py (+58/-0) hooks/charmhelpers/contrib/python/version.py (+34/-0) hooks/charmhelpers/contrib/saltstack/__init__.py (+118/-0) hooks/charmhelpers/contrib/ssl/__init__.py (+94/-0) hooks/charmhelpers/contrib/ssl/service.py (+283/-0) hooks/charmhelpers/contrib/storage/__init__.py (+15/-0) hooks/charmhelpers/contrib/storage/linux/__init__.py (+15/-0) hooks/charmhelpers/contrib/storage/linux/ceph.py (+444/-0) hooks/charmhelpers/contrib/storage/linux/loopback.py (+78/-0) hooks/charmhelpers/contrib/storage/linux/lvm.py (+105/-0) hooks/charmhelpers/contrib/storage/linux/utils.py (+70/-0) hooks/charmhelpers/contrib/templating/__init__.py (+15/-0) hooks/charmhelpers/contrib/templating/contexts.py (+134/-0) hooks/charmhelpers/contrib/templating/jinja.py (+39/-0) hooks/charmhelpers/contrib/templating/pyformat.py (+29/-0) hooks/charmhelpers/contrib/unison/__init__.py (+297/-0) hooks/charmhelpers/core/__init__.py (+15/-0) hooks/charmhelpers/core/decorators.py (+57/-0) hooks/charmhelpers/core/fstab.py (+134/-0) hooks/charmhelpers/core/hookenv.py (+568/-0) hooks/charmhelpers/core/host.py (+446/-0) hooks/charmhelpers/core/services/__init__.py (+18/-0) hooks/charmhelpers/core/services/base.py (+329/-0) hooks/charmhelpers/core/services/helpers.py (+259/-0) hooks/charmhelpers/core/sysctl.py (+56/-0) hooks/charmhelpers/core/templating.py (+68/-0) hooks/charmhelpers/core/unitdata.py (+477/-0) hooks/charmhelpers/fetch/__init__.py (+439/-0) hooks/charmhelpers/fetch/archiveurl.py (+161/-0) hooks/charmhelpers/fetch/bzrurl.py (+78/-0) hooks/charmhelpers/fetch/giturl.py (+71/-0) hooks/charmhelpers/payload/__init__.py (+17/-0) hooks/charmhelpers/payload/archive.py (+73/-0) hooks/charmhelpers/payload/execd.py (+66/-0) hooks/hooks.py (+3/-0) hooks/services.py (+27/-0) metadata.yaml (+7/-0)
To merge this branch:	bzr merge lp:~pwlars/charms/wily/hwcert-pxe-server/init-pxe-server
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Paul Larson			Approve on 2016-01-29
Review via email: mp+283880@code.launchpad.net

Description of the change

small charm to implement pxe/netboot server. It seems to work much better with wily, I had a lot of issues getting it working with trusty. This should hopefully give a shorter path to xenial too though, which we should definitely be looking to transition to.

Revision history for this message

Paul Larson (pwlars) on 2016-01-29:

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches

to all changes:

Canonical Hardware Certification

Paul Larson

 === added file 'README'
 --- README	1970-01-01 00:00:00 +0000
 +++ README	2016-01-25 23:33:21 +0000
@@ -0,0 +1,14 @@
++Overview
++--------
++
++This charm provisions a basic server for netbooting with PXE/TFTP
++
++Configuration
++-------------
++
++There is only one config option for this charm:
++
++ * authorized_keys: String containing additional authorized ssh keys
++
++Any additional boot files needed for your specific implementation
++will need to be manually added after installation.
 === added file 'config.yaml'
 --- config.yaml	1970-01-01 00:00:00 +0000
 +++ config.yaml	2016-01-25 23:33:21 +0000
@@ -0,0 +1,5 @@
++options:
++  authorized_keys:
++    type: string
++    default: ""
++    description: String containing additional authorized ssh keys
 === added directory 'hooks'
 === added file 'hooks/actions.py'
 --- hooks/actions.py	1970-01-01 00:00:00 +0000
 +++ hooks/actions.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,113 @@
++import os
++import pwd
++import shutil
++
++from charmhelpers import fetch
++from charmhelpers.core import hookenv
++from charmhelpers.core.host import write_file
++from charmhelpers.payload import execd
++
++SERVICE_NAME = hookenv.service_name()
++REQUIRED_PACKAGES = [
++    'tftpd-hpa', 'pxe', 'pxelinux', 'syslinux'
++]
++
++DEFAULT_USER = 'ubuntu'
++
++config = hookenv.config()
++
++
++def _service_dir():
++    # This is dir where the provisioning kit will live after extraction
++    # The tarball needs to extract to snappy-device-agents and we
++    # extract it from one level up
++    template = '/srv/snappy-device-agents/{}/snappy-device-agents'
++    return template.format(SERVICE_NAME)
++
++
++def _agent_dir():
++    # This is the dir where the SPI Agent will live after extraction
++    template = '{}/spi-agent'
++    return template.format(_service_dir())
++
++
++def basenode(service_name):
++    hookenv.log('Executing basenode')
++    execd.execd_preinstall()
++
++
++def log_start(service_name):
++    hookenv.log('%s starting', SERVICE_NAME)
++
++
++def install_packages(service_name):
++    hookenv.log('Installing dependencies...')
++    fetch.configure_sources(update=True)
++    fetch.apt_install(REQUIRED_PACKAGES, fatal=True)
++
++
++def _create_tftpd_config():
++    tftpd_path = '/etc/default/tftpd-hpa'
++    tftpd_config = """
++# /etc/default/tftpd-hpa
++
++TFTP_USERNAME="tftp"
++TFTP_DIRECTORY="/var/lib/tftpboot"
++TFTP_ADDRESS="0.0.0.0:69"
++TFTP_OPTIONS="--secure"
++    """
++    write_file(tftpd_path, tftpd_config, 'root', 'root', 0o644)
++
++
++def _copy_pxe_support_files():
++    shutil.copyfile('/usr/lib/PXELINUX/pxelinux.0',
++                    '/var/lib/tftpboot/pxelinux.0')
++    srcdir = '/usr/lib/syslinux/modules/bios'
++    dstdir = '/var/lib/tftpboot'
++    for srcfile in os.listdir(srcdir):
++        if os.path.isfile(os.path.join(srcdir, srcfile)):
++            shutil.copyfile(os.path.join(srcdir, srcfile),
++                            os.path.join(dstdir, srcfile))
++
++
++def _make_default_pxe_config():
++    config_path = '/var/lib/tftpboot/pxelinux.cfg'
++    config_file = '/var/lib/tftpboot/pxelinux.cfg/default'
++    try:
++        os.makedirs(config_path)
++    except OSError:
++        pass
++    default_config = """DEFAULT hd
++
++LABEL hd
++    COM32 chain.c32
++    APPEND hd0
++"""
++    write_file(config_file, default_config, 'root', 'root', 0o644)
++
++
++def setup_tftpd(service_name):
++    """One-time setup needed for tftpd and netboot to work"""
++
++    _create_tftpd_config()
++    _copy_pxe_support_files()
++    _make_default_pxe_config()
++
++
++def update_config(service_name):
++    if config.changed('authorized_keys'):
++        hookenv.log('Updating ssh-keys')
++        ssh_path = os.path.join('/home', DEFAULT_USER, '.ssh')
++        try:
++            os.makedirs(ssh_path, mode=0o700)
++        except:
++            pass
++        file_content = config['authorized_keys']
++        if file_content == "":
++            return
++        file_path = os.path.join(ssh_path, 'authorized_keys')
++        with open(file_path, 'a') as f:
++            f.write(file_content)
++            f.write('\n')
++        os.chown(file_path, pwd.getpwnam(DEFAULT_USER).pw_uid, -1)
++        os.chmod(file_path, 0o600)
 === added directory 'hooks/charmhelpers'
 === added file 'hooks/charmhelpers/__init__.py'
 --- hooks/charmhelpers/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,38 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++# Bootstrap charm-helpers, installing its dependencies if necessary using
++# only standard libraries.
++import subprocess
++import sys
++
++try:
++    import six  # flake8: noqa
++except ImportError:
++    if sys.version_info.major == 2:
++        subprocess.check_call(['apt-get', 'install', '-y', 'python-six'])
++    else:
++        subprocess.check_call(['apt-get', 'install', '-y', 'python3-six'])
++    import six  # flake8: noqa
++
++try:
++    import yaml  # flake8: noqa
++except ImportError:
++    if sys.version_info.major == 2:
++        subprocess.check_call(['apt-get', 'install', '-y', 'python-yaml'])
++    else:
++        subprocess.check_call(['apt-get', 'install', '-y', 'python3-yaml'])
++    import yaml  # flake8: noqa
 === added directory 'hooks/charmhelpers/contrib'
 === added file 'hooks/charmhelpers/contrib/__init__.py'
 --- hooks/charmhelpers/contrib/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,15 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
 === added directory 'hooks/charmhelpers/contrib/amulet'
 === added file 'hooks/charmhelpers/contrib/amulet/__init__.py'
 --- hooks/charmhelpers/contrib/amulet/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/amulet/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,15 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
 === added file 'hooks/charmhelpers/contrib/amulet/deployment.py'
 --- hooks/charmhelpers/contrib/amulet/deployment.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/amulet/deployment.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,93 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++import amulet
++import os
++import six
++
++
++class AmuletDeployment(object):
++    """Amulet deployment.
++
++       This class provides generic Amulet deployment and test runner
++       methods.
++       """
++
++    def __init__(self, series=None):
++        """Initialize the deployment environment."""
++        self.series = None
++
++        if series:
++            self.series = series
++            self.d = amulet.Deployment(series=self.series)
++        else:
++            self.d = amulet.Deployment()
++
++    def _add_services(self, this_service, other_services):
++        """Add services.
++
++           Add services to the deployment where this_service is the local charm
++           that we're testing and other_services are the other services that
++           are being used in the local amulet tests.
++           """
++        if this_service['name'] != os.path.basename(os.getcwd()):
++            s = this_service['name']
++            msg = "The charm's root directory name needs to be {}".format(s)
++            amulet.raise_status(amulet.FAIL, msg=msg)
++
++        if 'units' not in this_service:
++            this_service['units'] = 1
++
++        self.d.add(this_service['name'], units=this_service['units'])
++
++        for svc in other_services:
++            if 'location' in svc:
++                branch_location = svc['location']
++            elif self.series:
++                branch_location = 'cs:{}/{}'.format(self.series, svc['name']),
++            else:
++                branch_location = None
++
++            if 'units' not in svc:
++                svc['units'] = 1
++
++            self.d.add(svc['name'], charm=branch_location, units=svc['units'])
++
++    def _add_relations(self, relations):
++        """Add all of the relations for the services."""
++        for k, v in six.iteritems(relations):
++            self.d.relate(k, v)
++
++    def _configure_services(self, configs):
++        """Configure all of the services."""
++        for service, config in six.iteritems(configs):
++            self.d.configure(service, config)
++
++    def _deploy(self):
++        """Deploy environment and wait for all hooks to finish executing."""
++        try:
++            self.d.setup(timeout=900)
++            self.d.sentry.wait(timeout=900)
++        except amulet.helpers.TimeoutError:
++            amulet.raise_status(amulet.FAIL, msg="Deployment timed out")
++        except Exception:
++            raise
++
++    def run_tests(self):
++        """Run all of the methods that are prefixed with 'test_'."""
++        for test in dir(self):
++            if test.startswith('test_'):
++                getattr(self, test)()
 === added file 'hooks/charmhelpers/contrib/amulet/utils.py'
 --- hooks/charmhelpers/contrib/amulet/utils.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/amulet/utils.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,194 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++import ConfigParser
++import io
++import logging
++import re
++import sys
++import time
++
++import six
++
++
++class AmuletUtils(object):
++    """Amulet utilities.
++
++       This class provides common utility functions that are used by Amulet
++       tests.
++       """
++
++    def __init__(self, log_level=logging.ERROR):
++        self.log = self.get_logger(level=log_level)
++
++    def get_logger(self, name="amulet-logger", level=logging.DEBUG):
++        """Get a logger object that will log to stdout."""
++        log = logging
++        logger = log.getLogger(name)
++        fmt = log.Formatter("%(asctime)s %(funcName)s "
++                            "%(levelname)s: %(message)s")
++
++        handler = log.StreamHandler(stream=sys.stdout)
++        handler.setLevel(level)
++        handler.setFormatter(fmt)
++
++        logger.addHandler(handler)
++        logger.setLevel(level)
++
++        return logger
++
++    def valid_ip(self, ip):
++        if re.match(r"^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$", ip):
++            return True
++        else:
++            return False
++
++    def valid_url(self, url):
++        p = re.compile(
++            r'^(?:http|ftp)s?://'
++            r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+(?:[A-Z]{2,6}\.?|[A-Z0-9-]{2,}\.?)|'  # noqa
++            r'localhost|'
++            r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})'
++            r'(?::\d+)?'
++            r'(?:/?|[/?]\S+)$',
++            re.IGNORECASE)
++        if p.match(url):
++            return True
++        else:
++            return False
++
++    def validate_services(self, commands):
++        """Validate services.
++
++           Verify the specified services are running on the corresponding
++           service units.
++           """
++        for k, v in six.iteritems(commands):
++            for cmd in v:
++                output, code = k.run(cmd)
++                if code != 0:
++                    return "command `{}` returned {}".format(cmd, str(code))
++        return None
++
++    def _get_config(self, unit, filename):
++        """Get a ConfigParser object for parsing a unit's config file."""
++        file_contents = unit.file_contents(filename)
++        config = ConfigParser.ConfigParser()
++        config.readfp(io.StringIO(file_contents))
++        return config
++
++    def validate_config_data(self, sentry_unit, config_file, section,
++                             expected):
++        """Validate config file data.
++
++           Verify that the specified section of the config file contains
++           the expected option key:value pairs.
++           """
++        config = self._get_config(sentry_unit, config_file)
++
++        if section != 'DEFAULT' and not config.has_section(section):
++            return "section [{}] does not exist".format(section)
++
++        for k in expected.keys():
++            if not config.has_option(section, k):
++                return "section [{}] is missing option {}".format(section, k)
++            if config.get(section, k) != expected[k]:
++                return "section [{}] {}:{} != expected {}:{}".format(
++                       section, k, config.get(section, k), k, expected[k])
++        return None
++
++    def _validate_dict_data(self, expected, actual):
++        """Validate dictionary data.
++
++           Compare expected dictionary data vs actual dictionary data.
++           The values in the 'expected' dictionary can be strings, bools, ints,
++           longs, or can be a function that evaluate a variable and returns a
++           bool.
++           """
++        for k, v in six.iteritems(expected):
++            if k in actual:
++                if (isinstance(v, six.string_types) or
++                        isinstance(v, bool) or
++                        isinstance(v, six.integer_types)):
++                    if v != actual[k]:
++                        return "{}:{}".format(k, actual[k])
++                elif not v(actual[k]):
++                    return "{}:{}".format(k, actual[k])
++            else:
++                return "key '{}' does not exist".format(k)
++        return None
++
++    def validate_relation_data(self, sentry_unit, relation, expected):
++        """Validate actual relation data based on expected relation data."""
++        actual = sentry_unit.relation(relation[0], relation[1])
++        self.log.debug('actual: {}'.format(repr(actual)))
++        return self._validate_dict_data(expected, actual)
++
++    def _validate_list_data(self, expected, actual):
++        """Compare expected list vs actual list data."""
++        for e in expected:
++            if e not in actual:
++                return "expected item {} not found in actual list".format(e)
++        return None
++
++    def not_null(self, string):
++        if string is not None:
++            return True
++        else:
++            return False
++
++    def _get_file_mtime(self, sentry_unit, filename):
++        """Get last modification time of file."""
++        return sentry_unit.file_stat(filename)['mtime']
++
++    def _get_dir_mtime(self, sentry_unit, directory):
++        """Get last modification time of directory."""
++        return sentry_unit.directory_stat(directory)['mtime']
++
++    def _get_proc_start_time(self, sentry_unit, service, pgrep_full=False):
++        """Get process' start time.
++
++           Determine start time of the process based on the last modification
++           time of the /proc/pid directory. If pgrep_full is True, the process
++           name is matched against the full command line.
++           """
++        if pgrep_full:
++            cmd = 'pgrep -o -f {}'.format(service)
++        else:
++            cmd = 'pgrep -o {}'.format(service)
++        proc_dir = '/proc/{}'.format(sentry_unit.run(cmd)[0].strip())
++        return self._get_dir_mtime(sentry_unit, proc_dir)
++
++    def service_restarted(self, sentry_unit, service, filename,
++                          pgrep_full=False, sleep_time=20):
++        """Check if service was restarted.
++
++           Compare a service's start time vs a file's last modification time
++           (such as a config file for that service) to determine if the service
++           has been restarted.
++           """
++        time.sleep(sleep_time)
++        if (self._get_proc_start_time(sentry_unit, service, pgrep_full) >=
++                self._get_file_mtime(sentry_unit, filename)):
++            return True
++        else:
++            return False
++
++    def relation_error(self, name, data):
++        return 'unexpected relation data in {} - {}'.format(name, data)
++
++    def endpoint_error(self, name, data):
++        return 'unexpected endpoint data in {} - {}'.format(name, data)
 === added directory 'hooks/charmhelpers/contrib/ansible'
 === added file 'hooks/charmhelpers/contrib/ansible/__init__.py'
 --- hooks/charmhelpers/contrib/ansible/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/ansible/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,190 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++# Copyright 2013 Canonical Ltd.
++#
++# Authors:
++#  Charm Helpers Developers <juju@lists.ubuntu.com>
++"""Charm Helpers ansible - declare the state of your machines.
++
++This helper enables you to declare your machine state, rather than
++program it procedurally (and have to test each change to your procedures).
++Your install hook can be as simple as::
++
++    {{{
++    import charmhelpers.contrib.ansible
++
++
++    def install():
++        charmhelpers.contrib.ansible.install_ansible_support()
++        charmhelpers.contrib.ansible.apply_playbook('playbooks/install.yaml')
++    }}}
++
++and won't need to change (nor will its tests) when you change the machine
++state.
++
++All of your juju config and relation-data are available as template
++variables within your playbooks and templates. An install playbook looks
++something like::
++
++    {{{
++    ---
++    - hosts: localhost
++      user: root
++
++      tasks:
++        - name: Add private repositories.
++          template:
++            src: ../templates/private-repositories.list.jinja2
++            dest: /etc/apt/sources.list.d/private.list
++
++        - name: Update the cache.
++          apt: update_cache=yes
++
++        - name: Install dependencies.
++          apt: pkg={{ item }}
++          with_items:
++            - python-mimeparse
++            - python-webob
++            - sunburnt
++
++        - name: Setup groups.
++          group: name={{ item.name }} gid={{ item.gid }}
++          with_items:
++            - { name: 'deploy_user', gid: 1800 }
++            - { name: 'service_user', gid: 1500 }
++
++      ...
++    }}}
++
++Read more online about `playbooks`_ and standard ansible `modules`_.
++
++.. _playbooks: http://www.ansibleworks.com/docs/playbooks.html
++.. _modules: http://www.ansibleworks.com/docs/modules.html
++
++"""
++import os
++import subprocess
++
++import charmhelpers.contrib.templating.contexts
++import charmhelpers.core.host
++import charmhelpers.core.hookenv
++import charmhelpers.fetch
++
++
++charm_dir = os.environ.get('CHARM_DIR', '')
++ansible_hosts_path = '/etc/ansible/hosts'
++# Ansible will automatically include any vars in the following
++# file in its inventory when run locally.
++ansible_vars_path = '/etc/ansible/host_vars/localhost'
++
++
++def install_ansible_support(from_ppa=True, ppa_location='ppa:rquillo/ansible'):
++    """Installs the ansible package.
++
++    By default it is installed from the `PPA`_ linked from
++    the ansible `website`_ or from a ppa specified by a charm config..
++
++    .. _PPA: https://launchpad.net/~rquillo/+archive/ansible
++    .. _website: http://docs.ansible.com/intro_installation.html#latest-releases-via-apt-ubuntu
++
++    If from_ppa is empty, you must ensure that the package is available
++    from a configured repository.
++    """
++    if from_ppa:
++        charmhelpers.fetch.add_source(ppa_location)
++        charmhelpers.fetch.apt_update(fatal=True)
++    charmhelpers.fetch.apt_install('ansible')
++    with open(ansible_hosts_path, 'w+') as hosts_file:
++        hosts_file.write('localhost ansible_connection=local')
++
++
++def apply_playbook(playbook, tags=None):
++    tags = tags or []
++    tags = ",".join(tags)
++    charmhelpers.contrib.templating.contexts.juju_state_to_yaml(
++        ansible_vars_path, namespace_separator='__',
++        allow_hyphens_in_keys=False)
++    # we want ansible's log output to be unbuffered
++    env = os.environ.copy()
++    env['PYTHONUNBUFFERED'] = "1"
++    call = [
++        'ansible-playbook',
++        '-c',
++        'local',
++        playbook,
++    ]
++    if tags:
++        call.extend(['--tags', '{}'.format(tags)])
++    subprocess.check_call(call, env=env)
++
++
++class AnsibleHooks(charmhelpers.core.hookenv.Hooks):
++    """Run a playbook with the hook-name as the tag.
++
++    This helper builds on the standard hookenv.Hooks helper,
++    but additionally runs the playbook with the hook-name specified
++    using --tags (ie. running all the tasks tagged with the hook-name).
++
++    Example::
++
++        hooks = AnsibleHooks(playbook_path='playbooks/my_machine_state.yaml')
++
++        # All the tasks within my_machine_state.yaml tagged with 'install'
++        # will be run automatically after do_custom_work()
++        @hooks.hook()
++        def install():
++            do_custom_work()
++
++        # For most of your hooks, you won't need to do anything other
++        # than run the tagged tasks for the hook:
++        @hooks.hook('config-changed', 'start', 'stop')
++        def just_use_playbook():
++            pass
++
++        # As a convenience, you can avoid the above noop function by specifying
++        # the hooks which are handled by ansible-only and they'll be registered
++        # for you:
++        # hooks = AnsibleHooks(
++        #     'playbooks/my_machine_state.yaml',
++        #     default_hooks=['config-changed', 'start', 'stop'])
++
++        if __name__ == "__main__":
++            # execute a hook based on the name the program is called by
++            hooks.execute(sys.argv)
++
++    """
++
++    def __init__(self, playbook_path, default_hooks=None):
++        """Register any hooks handled by ansible."""
++        super(AnsibleHooks, self).__init__()
++
++        self.playbook_path = playbook_path
++
++        default_hooks = default_hooks or []
++
++        def noop(*args, **kwargs):
++            pass
++
++        for hook in default_hooks:
++            self.register(hook, noop)
++
++    def execute(self, args):
++        """Execute the hook followed by the playbook using the hook as tag."""
++        super(AnsibleHooks, self).execute(args)
++        hook_name = os.path.basename(args[0])
++        charmhelpers.contrib.ansible.apply_playbook(
++            self.playbook_path, tags=[hook_name])
 === added directory 'hooks/charmhelpers/contrib/charmhelpers'
 === added file 'hooks/charmhelpers/contrib/charmhelpers/__init__.py'
 --- hooks/charmhelpers/contrib/charmhelpers/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/charmhelpers/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,208 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++# Copyright 2012 Canonical Ltd.  This software is licensed under the
++# GNU Affero General Public License version 3 (see the file LICENSE).
++
++import warnings
++warnings.warn("contrib.charmhelpers is deprecated", DeprecationWarning)  # noqa
++
++import operator
++import tempfile
++import time
++import yaml
++import subprocess
++
++import six
++if six.PY3:
++    from urllib.request import urlopen
++    from urllib.error import (HTTPError, URLError)
++else:
++    from urllib2 import (urlopen, HTTPError, URLError)
++
++"""Helper functions for writing Juju charms in Python."""
++
++__metaclass__ = type
++__all__ = [
++    # 'get_config',             # core.hookenv.config()
++    # 'log',                    # core.hookenv.log()
++    # 'log_entry',              # core.hookenv.log()
++    # 'log_exit',               # core.hookenv.log()
++    # 'relation_get',           # core.hookenv.relation_get()
++    # 'relation_set',           # core.hookenv.relation_set()
++    # 'relation_ids',           # core.hookenv.relation_ids()
++    # 'relation_list',          # core.hookenv.relation_units()
++    # 'config_get',             # core.hookenv.config()
++    # 'unit_get',               # core.hookenv.unit_get()
++    # 'open_port',              # core.hookenv.open_port()
++    # 'close_port',             # core.hookenv.close_port()
++    # 'service_control',        # core.host.service()
++    'unit_info',              # client-side, NOT IMPLEMENTED
++    'wait_for_machine',       # client-side, NOT IMPLEMENTED
++    'wait_for_page_contents',  # client-side, NOT IMPLEMENTED
++    'wait_for_relation',      # client-side, NOT IMPLEMENTED
++    'wait_for_unit',          # client-side, NOT IMPLEMENTED
++]
++
++
++SLEEP_AMOUNT = 0.1
++
++
++# We create a juju_status Command here because it makes testing much,
++# much easier.
++def juju_status():
++    subprocess.check_call(['juju', 'status'])
++
++# re-implemented as charmhelpers.fetch.configure_sources()
++# def configure_source(update=False):
++#    source = config_get('source')
++#    if ((source.startswith('ppa:') or
++#         source.startswith('cloud:') or
++#         source.startswith('http:'))):
++#        run('add-apt-repository', source)
++#    if source.startswith("http:"):
++#        run('apt-key', 'import', config_get('key'))
++#    if update:
++#        run('apt-get', 'update')
++
++
++# DEPRECATED: client-side only
++def make_charm_config_file(charm_config):
++    charm_config_file = tempfile.NamedTemporaryFile(mode='w+')
++    charm_config_file.write(yaml.dump(charm_config))
++    charm_config_file.flush()
++    # The NamedTemporaryFile instance is returned instead of just the name
++    # because we want to take advantage of garbage collection-triggered
++    # deletion of the temp file when it goes out of scope in the caller.
++    return charm_config_file
++
++
++# DEPRECATED: client-side only
++def unit_info(service_name, item_name, data=None, unit=None):
++    if data is None:
++        data = yaml.safe_load(juju_status())
++    service = data['services'].get(service_name)
++    if service is None:
++        # XXX 2012-02-08 gmb:
++        #     This allows us to cope with the race condition that we
++        #     have between deploying a service and having it come up in
++        #     `juju status`. We could probably do with cleaning it up so
++        #     that it fails a bit more noisily after a while.
++        return ''
++    units = service['units']
++    if unit is not None:
++        item = units[unit][item_name]
++    else:
++        # It might seem odd to sort the units here, but we do it to
++        # ensure that when no unit is specified, the first unit for the
++        # service (or at least the one with the lowest number) is the
++        # one whose data gets returned.
++        sorted_unit_names = sorted(units.keys())
++        item = units[sorted_unit_names[0]][item_name]
++    return item
++
++
++# DEPRECATED: client-side only
++def get_machine_data():
++    return yaml.safe_load(juju_status())['machines']
++
++
++# DEPRECATED: client-side only
++def wait_for_machine(num_machines=1, timeout=300):
++    """Wait `timeout` seconds for `num_machines` machines to come up.
++
++    This wait_for... function can be called by other wait_for functions
++    whose timeouts might be too short in situations where only a bare
++    Juju setup has been bootstrapped.
++
++    :return: A tuple of (num_machines, time_taken). This is used for
++             testing.
++    """
++    # You may think this is a hack, and you'd be right. The easiest way
++    # to tell what environment we're working in (LXC vs EC2) is to check
++    # the dns-name of the first machine. If it's localhost we're in LXC
++    # and we can just return here.
++    if get_machine_data()[0]['dns-name'] == 'localhost':
++        return 1, 0
++    start_time = time.time()
++    while True:
++        # Drop the first machine, since it's the Zookeeper and that's
++        # not a machine that we need to wait for. This will only work
++        # for EC2 environments, which is why we return early above if
++        # we're in LXC.
++        machine_data = get_machine_data()
++        non_zookeeper_machines = [
++            machine_data[key] for key in list(machine_data.keys())[1:]]
++        if len(non_zookeeper_machines) >= num_machines:
++            all_machines_running = True
++            for machine in non_zookeeper_machines:
++                if machine.get('instance-state') != 'running':
++                    all_machines_running = False
++                    break
++            if all_machines_running:
++                break
++        if time.time() - start_time >= timeout:
++            raise RuntimeError('timeout waiting for service to start')
++        time.sleep(SLEEP_AMOUNT)
++    return num_machines, time.time() - start_time
++
++
++# DEPRECATED: client-side only
++def wait_for_unit(service_name, timeout=480):
++    """Wait `timeout` seconds for a given service name to come up."""
++    wait_for_machine(num_machines=1)
++    start_time = time.time()
++    while True:
++        state = unit_info(service_name, 'agent-state')
++        if 'error' in state or state == 'started':
++            break
++        if time.time() - start_time >= timeout:
++            raise RuntimeError('timeout waiting for service to start')
++        time.sleep(SLEEP_AMOUNT)
++    if state != 'started':
++        raise RuntimeError('unit did not start, agent-state: ' + state)
++
++
++# DEPRECATED: client-side only
++def wait_for_relation(service_name, relation_name, timeout=120):
++    """Wait `timeout` seconds for a given relation to come up."""
++    start_time = time.time()
++    while True:
++        relation = unit_info(service_name, 'relations').get(relation_name)
++        if relation is not None and relation['state'] == 'up':
++            break
++        if time.time() - start_time >= timeout:
++            raise RuntimeError('timeout waiting for relation to be up')
++        time.sleep(SLEEP_AMOUNT)
++
++
++# DEPRECATED: client-side only
++def wait_for_page_contents(url, contents, timeout=120, validate=None):
++    if validate is None:
++        validate = operator.contains
++    start_time = time.time()
++    while True:
++        try:
++            stream = urlopen(url)
++        except (HTTPError, URLError):
++            pass
++        else:
++            page = stream.read()
++            if validate(page, contents):
++                return page
++        if time.time() - start_time >= timeout:
++            raise RuntimeError('timeout waiting for contents of ' + url)
++        time.sleep(SLEEP_AMOUNT)
 === added directory 'hooks/charmhelpers/contrib/charmsupport'
 === added file 'hooks/charmhelpers/contrib/charmsupport/__init__.py'
 --- hooks/charmhelpers/contrib/charmsupport/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/charmsupport/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,15 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
 === added file 'hooks/charmhelpers/contrib/charmsupport/nrpe.py'
 --- hooks/charmhelpers/contrib/charmsupport/nrpe.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/charmsupport/nrpe.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,324 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++"""Compatibility with the nrpe-external-master charm"""
++# Copyright 2012 Canonical Ltd.
++#
++# Authors:
++#  Matthew Wedgwood <matthew.wedgwood@canonical.com>
++
++import subprocess
++import pwd
++import grp
++import os
++import re
++import shlex
++import yaml
++
++from charmhelpers.core.hookenv import (
++    config,
++    local_unit,
++    log,
++    relation_ids,
++    relation_set,
++    relations_of_type,
++)
++
++from charmhelpers.core.host import service
++
++# This module adds compatibility with the nrpe-external-master and plain nrpe
++# subordinate charms. To use it in your charm:
++#
++# 1. Update metadata.yaml
++#
++#   provides:
++#     (...)
++#     nrpe-external-master:
++#       interface: nrpe-external-master
++#       scope: container
++#
++#   and/or
++#
++#   provides:
++#     (...)
++#     local-monitors:
++#       interface: local-monitors
++#       scope: container
++
++#
++# 2. Add the following to config.yaml
++#
++#    nagios_context:
++#      default: "juju"
++#      type: string
++#      description: |
++#        Used by the nrpe subordinate charms.
++#        A string that will be prepended to instance name to set the host name
++#        in nagios. So for instance the hostname would be something like:
++#            juju-myservice-0
++#        If you're running multiple environments with the same services in them
++#        this allows you to differentiate between them.
++#    nagios_servicegroups:
++#      default: ""
++#      type: string
++#      description: |
++#        A comma-separated list of nagios servicegroups.
++#        If left empty, the nagios_context will be used as the servicegroup
++#
++# 3. Add custom checks (Nagios plugins) to files/nrpe-external-master
++#
++# 4. Update your hooks.py with something like this:
++#
++#    from charmsupport.nrpe import NRPE
++#    (...)
++#    def update_nrpe_config():
++#        nrpe_compat = NRPE()
++#        nrpe_compat.add_check(
++#            shortname = "myservice",
++#            description = "Check MyService",
++#            check_cmd = "check_http -w 2 -c 10 http://localhost"
++#            )
++#        nrpe_compat.add_check(
++#            "myservice_other",
++#            "Check for widget failures",
++#            check_cmd = "/srv/myapp/scripts/widget_check"
++#            )
++#        nrpe_compat.write()
++#
++#    def config_changed():
++#        (...)
++#        update_nrpe_config()
++#
++#    def nrpe_external_master_relation_changed():
++#        update_nrpe_config()
++#
++#    def local_monitors_relation_changed():
++#        update_nrpe_config()
++#
++# 5. ln -s hooks.py nrpe-external-master-relation-changed
++#    ln -s hooks.py local-monitors-relation-changed
++
++
++class CheckException(Exception):
++    pass
++
++
++class Check(object):
++    shortname_re = '[A-Za-z0-9-_]+$'
++    service_template = ("""
++#---------------------------------------------------
++# This file is Juju managed
++#---------------------------------------------------
++define service {{
++    use                             active-service
++    host_name                       {nagios_hostname}
++    service_description             {nagios_hostname}[{shortname}] """
++                        """{description}
++    check_command                   check_nrpe!{command}
++    servicegroups                   {nagios_servicegroup}
++}}
++""")
++
++    def __init__(self, shortname, description, check_cmd):
++        super(Check, self).__init__()
++        # XXX: could be better to calculate this from the service name
++        if not re.match(self.shortname_re, shortname):
++            raise CheckException("shortname must match {}".format(
++                Check.shortname_re))
++        self.shortname = shortname
++        self.command = "check_{}".format(shortname)
++        # Note: a set of invalid characters is defined by the
++        # Nagios server config
++        # The default is: illegal_object_name_chars=`~!$%^&*"|'<>?,()=
++        self.description = description
++        self.check_cmd = self._locate_cmd(check_cmd)
++
++    def _locate_cmd(self, check_cmd):
++        search_path = (
++            '/usr/lib/nagios/plugins',
++            '/usr/local/lib/nagios/plugins',
++        )
++        parts = shlex.split(check_cmd)
++        for path in search_path:
++            if os.path.exists(os.path.join(path, parts[0])):
++                command = os.path.join(path, parts[0])
++                if len(parts) > 1:
++                    command += " " + " ".join(parts[1:])
++                return command
++        log('Check command not found: {}'.format(parts[0]))
++        return ''
++
++    def write(self, nagios_context, hostname, nagios_servicegroups=None):
++        nrpe_check_file = '/etc/nagios/nrpe.d/{}.cfg'.format(
++            self.command)
++        with open(nrpe_check_file, 'w') as nrpe_check_config:
++            nrpe_check_config.write("# check {}\n".format(self.shortname))
++            nrpe_check_config.write("command[{}]={}\n".format(
++                self.command, self.check_cmd))
++
++        if not os.path.exists(NRPE.nagios_exportdir):
++            log('Not writing service config as {} is not accessible'.format(
++                NRPE.nagios_exportdir))
++        else:
++            self.write_service_config(nagios_context, hostname,
++                                      nagios_servicegroups)
++
++    def write_service_config(self, nagios_context, hostname,
++                             nagios_servicegroups=None):
++        for f in os.listdir(NRPE.nagios_exportdir):
++            if re.search('.*{}.cfg'.format(self.command), f):
++                os.remove(os.path.join(NRPE.nagios_exportdir, f))
++
++        if not nagios_servicegroups:
++            nagios_servicegroups = nagios_context
++
++        templ_vars = {
++            'nagios_hostname': hostname,
++            'nagios_servicegroup': nagios_servicegroups,
++            'description': self.description,
++            'shortname': self.shortname,
++            'command': self.command,
++        }
++        nrpe_service_text = Check.service_template.format(**templ_vars)
++        nrpe_service_file = '{}/service__{}_{}.cfg'.format(
++            NRPE.nagios_exportdir, hostname, self.command)
++        with open(nrpe_service_file, 'w') as nrpe_service_config:
++            nrpe_service_config.write(str(nrpe_service_text))
++
++    def run(self):
++        subprocess.call(self.check_cmd)
++
++
++class NRPE(object):
++    nagios_logdir = '/var/log/nagios'
++    nagios_exportdir = '/var/lib/nagios/export'
++    nrpe_confdir = '/etc/nagios/nrpe.d'
++
++    def __init__(self, hostname=None):
++        super(NRPE, self).__init__()
++        self.config = config()
++        self.nagios_context = self.config['nagios_context']
++        if 'nagios_servicegroups' in self.config:
++            self.nagios_servicegroups = self.config['nagios_servicegroups']
++        else:
++            self.nagios_servicegroups = 'juju'
++        self.unit_name = local_unit().replace('/', '-')
++        if hostname:
++            self.hostname = hostname
++        else:
++            self.hostname = "{}-{}".format(self.nagios_context, self.unit_name)
++        self.checks = []
++
++    def add_check(self, *args, **kwargs):
++        self.checks.append(Check(*args, **kwargs))
++
++    def write(self):
++        try:
++            nagios_uid = pwd.getpwnam('nagios').pw_uid
++            nagios_gid = grp.getgrnam('nagios').gr_gid
++        except:
++            log("Nagios user not set up, nrpe checks not updated")
++            return
++
++        if not os.path.exists(NRPE.nagios_logdir):
++            os.mkdir(NRPE.nagios_logdir)
++            os.chown(NRPE.nagios_logdir, nagios_uid, nagios_gid)
++
++        nrpe_monitors = {}
++        monitors = {"monitors": {"remote": {"nrpe": nrpe_monitors}}}
++        for nrpecheck in self.checks:
++            nrpecheck.write(self.nagios_context, self.hostname,
++                            self.nagios_servicegroups)
++            nrpe_monitors[nrpecheck.shortname] = {
++                "command": nrpecheck.command,
++            }
++
++        service('restart', 'nagios-nrpe-server')
++
++        for rid in relation_ids("local-monitors"):
++            relation_set(relation_id=rid, monitors=yaml.dump(monitors))
++
++
++def get_nagios_hostcontext(relation_name='nrpe-external-master'):
++    """
++    Query relation with nrpe subordinate, return the nagios_host_context
++
++    :param str relation_name: Name of relation nrpe sub joined to
++    """
++    for rel in relations_of_type(relation_name):
++        if 'nagios_hostname' in rel:
++            return rel['nagios_host_context']
++
++
++def get_nagios_hostname(relation_name='nrpe-external-master'):
++    """
++    Query relation with nrpe subordinate, return the nagios_hostname
++
++    :param str relation_name: Name of relation nrpe sub joined to
++    """
++    for rel in relations_of_type(relation_name):
++        if 'nagios_hostname' in rel:
++            return rel['nagios_hostname']
++
++
++def get_nagios_unit_name(relation_name='nrpe-external-master'):
++    """
++    Return the nagios unit name prepended with host_context if needed
++
++    :param str relation_name: Name of relation nrpe sub joined to
++    """
++    host_context = get_nagios_hostcontext(relation_name)
++    if host_context:
++        unit = "%s:%s" % (host_context, local_unit())
++    else:
++        unit = local_unit()
++    return unit
++
++
++def add_init_service_checks(nrpe, services, unit_name):
++    """
++    Add checks for each service in list
++
++    :param NRPE nrpe: NRPE object to add check to
++    :param list services: List of services to check
++    :param str unit_name: Unit name to use in check description
++    """
++    for svc in services:
++        upstart_init = '/etc/init/%s.conf' % svc
++        sysv_init = '/etc/init.d/%s' % svc
++        if os.path.exists(upstart_init):
++            nrpe.add_check(
++                shortname=svc,
++                description='process check {%s}' % unit_name,
++                check_cmd='check_upstart_job %s' % svc
++            )
++        elif os.path.exists(sysv_init):
++            cronpath = '/etc/cron.d/nagios-service-check-%s' % svc
++            cron_file = ('*/5 * * * * root '
++                         '/usr/local/lib/nagios/plugins/check_exit_status.pl '
++                         '-s /etc/init.d/%s status > '
++                         '/var/lib/nagios/service-check-%s.txt\n' % (svc,
++                                                                     svc)
++                         )
++            f = open(cronpath, 'w')
++            f.write(cron_file)
++            f.close()
++            nrpe.add_check(
++                shortname=svc,
++                description='process check {%s}' % unit_name,
++                check_cmd='check_status_file.py -f '
++                          '/var/lib/nagios/service-check-%s.txt' % svc,
++            )
 === added file 'hooks/charmhelpers/contrib/charmsupport/volumes.py'
 --- hooks/charmhelpers/contrib/charmsupport/volumes.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/charmsupport/volumes.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,175 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++'''
++Functions for managing volumes in juju units. One volume is supported per unit.
++Subordinates may have their own storage, provided it is on its own partition.
++
++Configuration stanzas::
++
++  volume-ephemeral:
++    type: boolean
++    default: true
++    description: >
++      If false, a volume is mounted as sepecified in "volume-map"
++      If true, ephemeral storage will be used, meaning that log data
++         will only exist as long as the machine. YOU HAVE BEEN WARNED.
++  volume-map:
++    type: string
++    default: {}
++    description: >
++      YAML map of units to device names, e.g:
++        "{ rsyslog/0: /dev/vdb, rsyslog/1: /dev/vdb }"
++      Service units will raise a configure-error if volume-ephemeral
++      is 'true' and no volume-map value is set. Use 'juju set' to set a
++      value and 'juju resolved' to complete configuration.
++
++Usage::
++
++    from charmsupport.volumes import configure_volume, VolumeConfigurationError
++    from charmsupport.hookenv import log, ERROR
++    def post_mount_hook():
++        stop_service('myservice')
++    def post_mount_hook():
++        start_service('myservice')
++
++    if __name__ == '__main__':
++        try:
++            configure_volume(before_change=pre_mount_hook,
++                             after_change=post_mount_hook)
++        except VolumeConfigurationError:
++            log('Storage could not be configured', ERROR)
++
++'''
++
++# XXX: Known limitations
++# - fstab is neither consulted nor updated
++
++import os
++from charmhelpers.core import hookenv
++from charmhelpers.core import host
++import yaml
++
++
++MOUNT_BASE = '/srv/juju/volumes'
++
++
++class VolumeConfigurationError(Exception):
++    '''Volume configuration data is missing or invalid'''
++    pass
++
++
++def get_config():
++    '''Gather and sanity-check volume configuration data'''
++    volume_config = {}
++    config = hookenv.config()
++
++    errors = False
++
++    if config.get('volume-ephemeral') in (True, 'True', 'true', 'Yes', 'yes'):
++        volume_config['ephemeral'] = True
++    else:
++        volume_config['ephemeral'] = False
++
++    try:
++        volume_map = yaml.safe_load(config.get('volume-map', '{}'))
++    except yaml.YAMLError as e:
++        hookenv.log("Error parsing YAML volume-map: {}".format(e),
++                    hookenv.ERROR)
++        errors = True
++    if volume_map is None:
++        # probably an empty string
++        volume_map = {}
++    elif not isinstance(volume_map, dict):
++        hookenv.log("Volume-map should be a dictionary, not {}".format(
++            type(volume_map)))
++        errors = True
++
++    volume_config['device'] = volume_map.get(os.environ['JUJU_UNIT_NAME'])
++    if volume_config['device'] and volume_config['ephemeral']:
++        # asked for ephemeral storage but also defined a volume ID
++        hookenv.log('A volume is defined for this unit, but ephemeral '
++                    'storage was requested', hookenv.ERROR)
++        errors = True
++    elif not volume_config['device'] and not volume_config['ephemeral']:
++        # asked for permanent storage but did not define volume ID
++        hookenv.log('Ephemeral storage was requested, but there is no volume '
++                    'defined for this unit.', hookenv.ERROR)
++        errors = True
++
++    unit_mount_name = hookenv.local_unit().replace('/', '-')
++    volume_config['mountpoint'] = os.path.join(MOUNT_BASE, unit_mount_name)
++
++    if errors:
++        return None
++    return volume_config
++
++
++def mount_volume(config):
++    if os.path.exists(config['mountpoint']):
++        if not os.path.isdir(config['mountpoint']):
++            hookenv.log('Not a directory: {}'.format(config['mountpoint']))
++            raise VolumeConfigurationError()
++    else:
++        host.mkdir(config['mountpoint'])
++    if os.path.ismount(config['mountpoint']):
++        unmount_volume(config)
++    if not host.mount(config['device'], config['mountpoint'], persist=True):
++        raise VolumeConfigurationError()
++
++
++def unmount_volume(config):
++    if os.path.ismount(config['mountpoint']):
++        if not host.umount(config['mountpoint'], persist=True):
++            raise VolumeConfigurationError()
++
++
++def managed_mounts():
++    '''List of all mounted managed volumes'''
++    return filter(lambda mount: mount[0].startswith(MOUNT_BASE), host.mounts())
++
++
++def configure_volume(before_change=lambda: None, after_change=lambda: None):
++    '''Set up storage (or don't) according to the charm's volume configuration.
++       Returns the mount point or "ephemeral". before_change and after_change
++       are optional functions to be called if the volume configuration changes.
++    '''
++
++    config = get_config()
++    if not config:
++        hookenv.log('Failed to read volume configuration', hookenv.CRITICAL)
++        raise VolumeConfigurationError()
++
++    if config['ephemeral']:
++        if os.path.ismount(config['mountpoint']):
++            before_change()
++            unmount_volume(config)
++            after_change()
++        return 'ephemeral'
++    else:
++        # persistent storage
++        if os.path.ismount(config['mountpoint']):
++            mounts = dict(managed_mounts())
++            if mounts.get(config['mountpoint']) != config['device']:
++                before_change()
++                unmount_volume(config)
++                mount_volume(config)
++                after_change()
++        else:
++            before_change()
++            mount_volume(config)
++            after_change()
++        return config['mountpoint']
 === added directory 'hooks/charmhelpers/contrib/database'
 === added file 'hooks/charmhelpers/contrib/database/__init__.py'
 === added file 'hooks/charmhelpers/contrib/database/mysql.py'
 --- hooks/charmhelpers/contrib/database/mysql.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/database/mysql.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,372 @@
++"""Helper for working with a MySQL database"""
++import json
++import socket
++import re
++import sys
++import platform
++import os
++import glob
++
++from string import upper
++
++from charmhelpers.core.host import (
++    mkdir,
++    pwgen,
++    write_file
++)
++from charmhelpers.core.hookenv import (
++    relation_get,
++    related_units,
++    unit_get,
++    log,
++    DEBUG,
++    INFO,
++)
++from charmhelpers.core.hookenv import config as config_get
++from charmhelpers.fetch import (
++    apt_install,
++    apt_update,
++    filter_installed_packages,
++)
++from charmhelpers.contrib.peerstorage import (
++    peer_store,
++    peer_retrieve,
++)
++
++try:
++    import MySQLdb
++except ImportError:
++    apt_update(fatal=True)
++    apt_install(filter_installed_packages(['python-mysqldb']), fatal=True)
++    import MySQLdb
++
++
++class MySQLHelper(object):
++
++    def __init__(self, rpasswdf_template, upasswdf_template, host='localhost'):
++        self.host = host
++        # Password file path templates
++        self.root_passwd_file_template = rpasswdf_template
++        self.user_passwd_file_template = upasswdf_template
++
++    def connect(self, user='root', password=None):
++        self.connection = MySQLdb.connect(user=user, host=self.host,
++                                          passwd=password)
++
++    def database_exists(self, db_name):
++        cursor = self.connection.cursor()
++        try:
++            cursor.execute("SHOW DATABASES")
++            databases = [i[0] for i in cursor.fetchall()]
++        finally:
++            cursor.close()
++
++        return db_name in databases
++
++    def create_database(self, db_name):
++        cursor = self.connection.cursor()
++        try:
++            cursor.execute("CREATE DATABASE {} CHARACTER SET UTF8"
++                           .format(db_name))
++        finally:
++            cursor.close()
++
++    def grant_exists(self, db_name, db_user, remote_ip):
++        cursor = self.connection.cursor()
++        priv_string = "GRANT ALL PRIVILEGES ON `{}`.* " \
++                      "TO '{}'@'{}'".format(db_name, db_user, remote_ip)
++        try:
++            cursor.execute("SHOW GRANTS for '{}'@'{}'".format(db_user,
++                                                              remote_ip))
++            grants = [i[0] for i in cursor.fetchall()]
++        except MySQLdb.OperationalError:
++            return False
++        finally:
++            cursor.close()
++
++        # TODO: review for different grants
++        return priv_string in grants
++
++    def create_grant(self, db_name, db_user, remote_ip, password):
++        cursor = self.connection.cursor()
++        try:
++            # TODO: review for different grants
++            cursor.execute("GRANT ALL PRIVILEGES ON {}.* TO '{}'@'{}' "
++                           "IDENTIFIED BY '{}'".format(db_name,
++                                                       db_user,
++                                                       remote_ip,
++                                                       password))
++        finally:
++            cursor.close()
++
++    def create_admin_grant(self, db_user, remote_ip, password):
++        cursor = self.connection.cursor()
++        try:
++            cursor.execute("GRANT ALL PRIVILEGES ON *.* TO '{}'@'{}' "
++                           "IDENTIFIED BY '{}'".format(db_user,
++                                                       remote_ip,
++                                                       password))
++        finally:
++            cursor.close()
++
++    def cleanup_grant(self, db_user, remote_ip):
++        cursor = self.connection.cursor()
++        try:
++            cursor.execute("DROP FROM mysql.user WHERE user='{}' "
++                           "AND HOST='{}'".format(db_user,
++                                                  remote_ip))
++        finally:
++            cursor.close()
++
++    def execute(self, sql):
++        """Execute arbitary SQL against the database."""
++        cursor = self.connection.cursor()
++        try:
++            cursor.execute(sql)
++        finally:
++            cursor.close()
++
++    def migrate_passwords_to_peer_relation(self):
++        """Migrate any passwords storage on disk to cluster peer relation."""
++        dirname = os.path.dirname(self.root_passwd_file_template)
++        path = os.path.join(dirname, '*.passwd')
++        for f in glob.glob(path):
++            _key = os.path.basename(f)
++            with open(f, 'r') as passwd:
++                _value = passwd.read().strip()
++
++            try:
++                peer_store(_key, _value)
++                os.unlink(f)
++            except ValueError:
++                # NOTE cluster relation not yet ready - skip for now
++                pass
++
++    def get_mysql_password_on_disk(self, username=None, password=None):
++        """Retrieve, generate or store a mysql password for the provided
++        username on disk."""
++        if username:
++            template = self.user_passwd_file_template
++            passwd_file = template.format(username)
++        else:
++            passwd_file = self.root_passwd_file_template
++
++        _password = None
++        if os.path.exists(passwd_file):
++            with open(passwd_file, 'r') as passwd:
++                _password = passwd.read().strip()
++        else:
++            mkdir(os.path.dirname(passwd_file), owner='root', group='root',
++                  perms=0o770)
++            # Force permissions - for some reason the chmod in makedirs fails
++            os.chmod(os.path.dirname(passwd_file), 0o770)
++            _password = password or pwgen(length=32)
++            write_file(passwd_file, _password, owner='root', group='root',
++                       perms=0o660)
++
++        return _password
++
++    def get_mysql_password(self, username=None, password=None):
++        """Retrieve, generate or store a mysql password for the provided
++        username using peer relation cluster."""
++        self.migrate_passwords_to_peer_relation()
++        if username:
++            _key = 'mysql-{}.passwd'.format(username)
++        else:
++            _key = 'mysql.passwd'
++
++        try:
++            _password = peer_retrieve(_key)
++            if _password is None:
++                _password = password or pwgen(length=32)
++                peer_store(_key, _password)
++        except ValueError:
++            # cluster relation is not yet started; use on-disk
++            _password = self.get_mysql_password_on_disk(username, password)
++
++        return _password
++
++    def get_mysql_root_password(self, password=None):
++        """Retrieve or generate mysql root password for service units."""
++        return self.get_mysql_password(username=None, password=password)
++
++    def get_allowed_units(self, database, username, relation_id=None):
++        """Get list of units with access grants for database with username.
++
++        This is typically used to provide shared-db relations with a list of
++        which units have been granted access to the given database.
++        """
++        self.connect(password=self.get_mysql_root_password())
++        allowed_units = set()
++        for unit in related_units(relation_id):
++            settings = relation_get(rid=relation_id, unit=unit)
++            # First check for setting with prefix, then without
++            for attr in ["%s_hostname" % (database), 'hostname']:
++                hosts = settings.get(attr, None)
++                if hosts:
++                    break
++
++            if hosts:
++                # hostname can be json-encoded list of hostnames
++                try:
++                    hosts = json.loads(hosts)
++                except ValueError:
++                    hosts = [hosts]
++            else:
++                hosts = [settings['private-address']]
++
++            if hosts:
++                for host in hosts:
++                    if self.grant_exists(database, username, host):
++                        log("Grant exists for host '%s' on db '%s'" %
++                            (host, database), level=DEBUG)
++                        if unit not in allowed_units:
++                            allowed_units.add(unit)
++                    else:
++                        log("Grant does NOT exist for host '%s' on db '%s'" %
++                            (host, database), level=DEBUG)
++            else:
++                log("No hosts found for grant check", level=INFO)
++
++        return allowed_units
++
++    def configure_db(self, hostname, database, username, admin=False):
++        """Configure access to database for username from hostname."""
++        if config_get('prefer-ipv6'):
++            remote_ip = hostname
++        elif hostname != unit_get('private-address'):
++            try:
++                remote_ip = socket.gethostbyname(hostname)
++            except Exception:
++                # socket.gethostbyname doesn't support ipv6
++                remote_ip = hostname
++        else:
++            remote_ip = '127.0.0.1'
++
++        self.connect(password=self.get_mysql_root_password())
++        if not self.database_exists(database):
++            self.create_database(database)
++
++        password = self.get_mysql_password(username)
++        if not self.grant_exists(database, username, remote_ip):
++            if not admin:
++                self.create_grant(database, username, remote_ip, password)
++            else:
++                self.create_admin_grant(username, remote_ip, password)
++
++        return password
++
++
++class PerconaClusterHelper(object):
++
++    # Going for the biggest page size to avoid wasted bytes. InnoDB page size is
++    # 16MB
++    DEFAULT_PAGE_SIZE = 16 * 1024 * 1024
++
++    def human_to_bytes(self, human):
++        """Convert human readable configuration options to bytes."""
++        num_re = re.compile('^[0-9]+$')
++        if num_re.match(human):
++            return human
++
++        factors = {
++            'K': 1024,
++            'M': 1048576,
++            'G': 1073741824,
++            'T': 1099511627776
++        }
++        modifier = human[-1]
++        if modifier in factors:
++            return int(human[:-1]) * factors[modifier]
++
++        if modifier == '%':
++            total_ram = self.human_to_bytes(self.get_mem_total())
++            if self.is_32bit_system() and total_ram > self.sys_mem_limit():
++                total_ram = self.sys_mem_limit()
++            factor = int(human[:-1]) * 0.01
++            pctram = total_ram * factor
++            return int(pctram - (pctram % self.DEFAULT_PAGE_SIZE))
++
++        raise ValueError("Can only convert K,M,G, or T")
++
++    def is_32bit_system(self):
++        """Determine whether system is 32 or 64 bit."""
++        try:
++            return sys.maxsize < 2 ** 32
++        except OverflowError:
++            return False
++
++    def sys_mem_limit(self):
++        """Determine the default memory limit for the current service unit."""
++        if platform.machine() in ['armv7l']:
++            _mem_limit = self.human_to_bytes('2700M')  # experimentally determined
++        else:
++            # Limit for x86 based 32bit systems
++            _mem_limit = self.human_to_bytes('4G')
++
++        return _mem_limit
++
++    def get_mem_total(self):
++        """Calculate the total memory in the current service unit."""
++        with open('/proc/meminfo') as meminfo_file:
++            for line in meminfo_file:
++                key, mem = line.split(':', 2)
++                if key == 'MemTotal':
++                    mtot, modifier = mem.strip().split(' ')
++                    return '%s%s' % (mtot, upper(modifier[0]))
++
++    def parse_config(self):
++        """Parse charm configuration and calculate values for config files."""
++        config = config_get()
++        mysql_config = {}
++        if 'max-connections' in config:
++            mysql_config['max_connections'] = config['max-connections']
++
++        # Total memory available for dataset
++        dataset_bytes = self.human_to_bytes(config['dataset-size'])
++        mysql_config['dataset_bytes'] = dataset_bytes
++
++        if 'query-cache-type' in config:
++            # Query Cache Configuration
++            mysql_config['query_cache_size'] = config['query-cache-size']
++            if (config['query-cache-size'] == -1 and
++                    config['query-cache-type'] in ['ON', 'DEMAND']):
++                # Calculate the query cache size automatically
++                qcache_bytes = (dataset_bytes * 0.20)
++                qcache_bytes = int(qcache_bytes -
++                                   (qcache_bytes % self.DEFAULT_PAGE_SIZE))
++                mysql_config['query_cache_size'] = qcache_bytes
++                dataset_bytes -= qcache_bytes
++
++            # 5.5 allows the words, but not 5.1
++            if config['query-cache-type'] == 'ON':
++                mysql_config['query_cache_type'] = 1
++            elif config['query-cache-type'] == 'DEMAND':
++                mysql_config['query_cache_type'] = 2
++            else:
++                mysql_config['query_cache_type'] = 0
++
++        # Set a sane default key_buffer size
++        mysql_config['key_buffer'] = self.human_to_bytes('32M')
++
++        if 'preferred-storage-engine' in config:
++            # Storage engine configuration
++            preferred_engines = config['preferred-storage-engine'].split(',')
++            chunk_size = int(dataset_bytes / len(preferred_engines))
++            mysql_config['innodb_flush_log_at_trx_commit'] = 1
++            mysql_config['sync_binlog'] = 1
++            if 'InnoDB' in preferred_engines:
++                mysql_config['innodb_buffer_pool_size'] = chunk_size
++                if config['tuning-level'] == 'fast':
++                    mysql_config['innodb_flush_log_at_trx_commit'] = 2
++            else:
++                mysql_config['innodb_buffer_pool_size'] = 0
++
++            mysql_config['default_storage_engine'] = preferred_engines[0]
++            if 'MyISAM' in preferred_engines:
++                mysql_config['key_buffer'] = chunk_size
++
++            if config['tuning-level'] == 'fast':
++                mysql_config['sync_binlog'] = 0
++
++        return mysql_config
 === added directory 'hooks/charmhelpers/contrib/hahelpers'
 === added file 'hooks/charmhelpers/contrib/hahelpers/__init__.py'
 --- hooks/charmhelpers/contrib/hahelpers/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/hahelpers/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,15 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
 === added file 'hooks/charmhelpers/contrib/hahelpers/apache.py'
 --- hooks/charmhelpers/contrib/hahelpers/apache.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/hahelpers/apache.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,82 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++#
++# Copyright 2012 Canonical Ltd.
++#
++# This file is sourced from lp:openstack-charm-helpers
++#
++# Authors:
++#  James Page <james.page@ubuntu.com>
++#  Adam Gandelman <adamg@ubuntu.com>
++#
++
++import subprocess
++
++from charmhelpers.core.hookenv import (
++    config as config_get,
++    relation_get,
++    relation_ids,
++    related_units as relation_list,
++    log,
++    INFO,
++)
++
++
++def get_cert(cn=None):
++    # TODO: deal with multiple https endpoints via charm config
++    cert = config_get('ssl_cert')
++    key = config_get('ssl_key')
++    if not (cert and key):
++        log("Inspecting identity-service relations for SSL certificate.",
++            level=INFO)
++        cert = key = None
++        if cn:
++            ssl_cert_attr = 'ssl_cert_{}'.format(cn)
++            ssl_key_attr = 'ssl_key_{}'.format(cn)
++        else:
++            ssl_cert_attr = 'ssl_cert'
++            ssl_key_attr = 'ssl_key'
++        for r_id in relation_ids('identity-service'):
++            for unit in relation_list(r_id):
++                if not cert:
++                    cert = relation_get(ssl_cert_attr,
++                                        rid=r_id, unit=unit)
++                if not key:
++                    key = relation_get(ssl_key_attr,
++                                       rid=r_id, unit=unit)
++    return (cert, key)
++
++
++def get_ca_cert():
++    ca_cert = config_get('ssl_ca')
++    if ca_cert is None:
++        log("Inspecting identity-service relations for CA SSL certificate.",
++            level=INFO)
++        for r_id in relation_ids('identity-service'):
++            for unit in relation_list(r_id):
++                if ca_cert is None:
++                    ca_cert = relation_get('ca_cert',
++                                           rid=r_id, unit=unit)
++    return ca_cert
++
++
++def install_ca_cert(ca_cert):
++    if ca_cert:
++        with open('/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt',
++                  'w') as crt:
++            crt.write(ca_cert)
++        subprocess.check_call(['update-ca-certificates', '--fresh'])
 === added file 'hooks/charmhelpers/contrib/hahelpers/cluster.py'
 --- hooks/charmhelpers/contrib/hahelpers/cluster.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/hahelpers/cluster.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,268 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++#
++# Copyright 2012 Canonical Ltd.
++#
++# Authors:
++#  James Page <james.page@ubuntu.com>
++#  Adam Gandelman <adamg@ubuntu.com>
++#
++
++"""
++Helpers for clustering and determining "cluster leadership" and other
++clustering-related helpers.
++"""
++
++import subprocess
++import os
++
++from socket import gethostname as get_unit_hostname
++
++import six
++
++from charmhelpers.core.hookenv import (
++    log,
++    relation_ids,
++    related_units as relation_list,
++    relation_get,
++    config as config_get,
++    INFO,
++    ERROR,
++    WARNING,
++    unit_get,
++)
++from charmhelpers.core.decorators import (
++    retry_on_exception,
++)
++
++
++class HAIncompleteConfig(Exception):
++    pass
++
++
++class CRMResourceNotFound(Exception):
++    pass
++
++
++def is_elected_leader(resource):
++    """
++    Returns True if the charm executing this is the elected cluster leader.
++
++    It relies on two mechanisms to determine leadership:
++        1. If the charm is part of a corosync cluster, call corosync to
++        determine leadership.
++        2. If the charm is not part of a corosync cluster, the leader is
++        determined as being "the alive unit with the lowest unit numer". In
++        other words, the oldest surviving unit.
++    """
++    if is_clustered():
++        if not is_crm_leader(resource):
++            log('Deferring action to CRM leader.', level=INFO)
++            return False
++    else:
++        peers = peer_units()
++        if peers and not oldest_peer(peers):
++            log('Deferring action to oldest service unit.', level=INFO)
++            return False
++    return True
++
++
++def is_clustered():
++    for r_id in (relation_ids('ha') or []):
++        for unit in (relation_list(r_id) or []):
++            clustered = relation_get('clustered',
++                                     rid=r_id,
++                                     unit=unit)
++            if clustered:
++                return True
++    return False
++
++
++@retry_on_exception(5, base_delay=2, exc_type=CRMResourceNotFound)
++def is_crm_leader(resource, retry=False):
++    """
++    Returns True if the charm calling this is the elected corosync leader,
++    as returned by calling the external "crm" command.
++
++    We allow this operation to be retried to avoid the possibility of getting a
++    false negative. See LP #1396246 for more info.
++    """
++    cmd = ['crm', 'resource', 'show', resource]
++    try:
++        status = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
++        if not isinstance(status, six.text_type):
++            status = six.text_type(status, "utf-8")
++    except subprocess.CalledProcessError:
++        status = None
++
++    if status and get_unit_hostname() in status:
++        return True
++
++    if status and "resource %s is NOT running" % (resource) in status:
++        raise CRMResourceNotFound("CRM resource %s not found" % (resource))
++
++    return False
++
++
++def is_leader(resource):
++    log("is_leader is deprecated. Please consider using is_crm_leader "
++        "instead.", level=WARNING)
++    return is_crm_leader(resource)
++
++
++def peer_units(peer_relation="cluster"):
++    peers = []
++    for r_id in (relation_ids(peer_relation) or []):
++        for unit in (relation_list(r_id) or []):
++            peers.append(unit)
++    return peers
++
++
++def peer_ips(peer_relation='cluster', addr_key='private-address'):
++    '''Return a dict of peers and their private-address'''
++    peers = {}
++    for r_id in relation_ids(peer_relation):
++        for unit in relation_list(r_id):
++            peers[unit] = relation_get(addr_key, rid=r_id, unit=unit)
++    return peers
++
++
++def oldest_peer(peers):
++    """Determines who the oldest peer is by comparing unit numbers."""
++    local_unit_no = int(os.getenv('JUJU_UNIT_NAME').split('/')[1])
++    for peer in peers:
++        remote_unit_no = int(peer.split('/')[1])
++        if remote_unit_no < local_unit_no:
++            return False
++    return True
++
++
++def eligible_leader(resource):
++    log("eligible_leader is deprecated. Please consider using "
++        "is_elected_leader instead.", level=WARNING)
++    return is_elected_leader(resource)
++
++
++def https():
++    '''
++    Determines whether enough data has been provided in configuration
++    or relation data to configure HTTPS
++    .
++    returns: boolean
++    '''
++    if config_get('use-https') == "yes":
++        return True
++    if config_get('ssl_cert') and config_get('ssl_key'):
++        return True
++    for r_id in relation_ids('identity-service'):
++        for unit in relation_list(r_id):
++            # TODO - needs fixing for new helper as ssl_cert/key suffixes with CN
++            rel_state = [
++                relation_get('https_keystone', rid=r_id, unit=unit),
++                relation_get('ca_cert', rid=r_id, unit=unit),
++            ]
++            # NOTE: works around (LP: #1203241)
++            if (None not in rel_state) and ('' not in rel_state):
++                return True
++    return False
++
++
++def determine_api_port(public_port, singlenode_mode=False):
++    '''
++    Determine correct API server listening port based on
++    existence of HTTPS reverse proxy and/or haproxy.
++
++    public_port: int: standard public port for given service
++
++    singlenode_mode: boolean: Shuffle ports when only a single unit is present
++
++    returns: int: the correct listening port for the API service
++    '''
++    i = 0
++    if singlenode_mode:
++        i += 1
++    elif len(peer_units()) > 0 or is_clustered():
++        i += 1
++    if https():
++        i += 1
++    return public_port - (i * 10)
++
++
++def determine_apache_port(public_port, singlenode_mode=False):
++    '''
++    Description: Determine correct apache listening port based on public IP +
++    state of the cluster.
++
++    public_port: int: standard public port for given service
++
++    singlenode_mode: boolean: Shuffle ports when only a single unit is present
++
++    returns: int: the correct listening port for the HAProxy service
++    '''
++    i = 0
++    if singlenode_mode:
++        i += 1
++    elif len(peer_units()) > 0 or is_clustered():
++        i += 1
++    return public_port - (i * 10)
++
++
++def get_hacluster_config(exclude_keys=None):
++    '''
++    Obtains all relevant configuration from charm configuration required
++    for initiating a relation to hacluster:
++
++        ha-bindiface, ha-mcastport, vip
++
++    param: exclude_keys: list of setting key(s) to be excluded.
++    returns: dict: A dict containing settings keyed by setting name.
++    raises: HAIncompleteConfig if settings are missing.
++    '''
++    settings = ['ha-bindiface', 'ha-mcastport', 'vip']
++    conf = {}
++    for setting in settings:
++        if exclude_keys and setting in exclude_keys:
++            continue
++
++        conf[setting] = config_get(setting)
++    missing = []
++    [missing.append(s) for s, v in six.iteritems(conf) if v is None]
++    if missing:
++        log('Insufficient config data to configure hacluster.', level=ERROR)
++        raise HAIncompleteConfig
++    return conf
++
++
++def canonical_url(configs, vip_setting='vip'):
++    '''
++    Returns the correct HTTP URL to this host given the state of HTTPS
++    configuration and hacluster.
++
++    :configs    : OSTemplateRenderer: A config tempating object to inspect for
++                                      a complete https context.
++
++    :vip_setting:                str: Setting in charm config that specifies
++                                      VIP address.
++    '''
++    scheme = 'http'
++    if 'https' in configs.complete_contexts():
++        scheme = 'https'
++    if is_clustered():
++        addr = config_get(vip_setting)
++    else:
++        addr = unit_get('private-address')
++    return '%s://%s' % (scheme, addr)
 === added directory 'hooks/charmhelpers/contrib/network'
 === added file 'hooks/charmhelpers/contrib/network/__init__.py'
 --- hooks/charmhelpers/contrib/network/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/network/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,15 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
 === added file 'hooks/charmhelpers/contrib/network/ip.py'
 --- hooks/charmhelpers/contrib/network/ip.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/network/ip.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,367 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++import glob
++import re
++import subprocess
++
++from functools import partial
++
++from charmhelpers.core.hookenv import unit_get
++from charmhelpers.fetch import apt_install
++from charmhelpers.core.hookenv import (
++    log
++)
++
++try:
++    import netifaces
++except ImportError:
++    apt_install('python-netifaces')
++    import netifaces
++
++try:
++    import netaddr
++except ImportError:
++    apt_install('python-netaddr')
++    import netaddr
++
++
++def _validate_cidr(network):
++    try:
++        netaddr.IPNetwork(network)
++    except (netaddr.core.AddrFormatError, ValueError):
++        raise ValueError("Network (%s) is not in CIDR presentation format" %
++                         network)
++
++
++def no_ip_found_error_out(network):
++    errmsg = ("No IP address found in network: %s" % network)
++    raise ValueError(errmsg)
++
++
++def get_address_in_network(network, fallback=None, fatal=False):
++    """Get an IPv4 or IPv6 address within the network from the host.
++
++    :param network (str): CIDR presentation format. For example,
++        '192.168.1.0/24'.
++    :param fallback (str): If no address is found, return fallback.
++    :param fatal (boolean): If no address is found, fallback is not
++        set and fatal is True then exit(1).
++    """
++    if network is None:
++        if fallback is not None:
++            return fallback
++
++        if fatal:
++            no_ip_found_error_out(network)
++        else:
++            return None
++
++    _validate_cidr(network)
++    network = netaddr.IPNetwork(network)
++    for iface in netifaces.interfaces():
++        addresses = netifaces.ifaddresses(iface)
++        if network.version == 4 and netifaces.AF_INET in addresses:
++            addr = addresses[netifaces.AF_INET][0]['addr']
++            netmask = addresses[netifaces.AF_INET][0]['netmask']
++            cidr = netaddr.IPNetwork("%s/%s" % (addr, netmask))
++            if cidr in network:
++                return str(cidr.ip)
++
++        if network.version == 6 and netifaces.AF_INET6 in addresses:
++            for addr in addresses[netifaces.AF_INET6]:
++                if not addr['addr'].startswith('fe80'):
++                    cidr = netaddr.IPNetwork("%s/%s" % (addr['addr'],
++                                                        addr['netmask']))
++                    if cidr in network:
++                        return str(cidr.ip)
++
++    if fallback is not None:
++        return fallback
++
++    if fatal:
++        no_ip_found_error_out(network)
++
++    return None
++
++
++def is_ipv6(address):
++    """Determine whether provided address is IPv6 or not."""
++    try:
++        address = netaddr.IPAddress(address)
++    except netaddr.AddrFormatError:
++        # probably a hostname - so not an address at all!
++        return False
++
++    return address.version == 6
++
++
++def is_address_in_network(network, address):
++    """
++    Determine whether the provided address is within a network range.
++
++    :param network (str): CIDR presentation format. For example,
++        '192.168.1.0/24'.
++    :param address: An individual IPv4 or IPv6 address without a net
++        mask or subnet prefix. For example, '192.168.1.1'.
++    :returns boolean: Flag indicating whether address is in network.
++    """
++    try:
++        network = netaddr.IPNetwork(network)
++    except (netaddr.core.AddrFormatError, ValueError):
++        raise ValueError("Network (%s) is not in CIDR presentation format" %
++                         network)
++
++    try:
++        address = netaddr.IPAddress(address)
++    except (netaddr.core.AddrFormatError, ValueError):
++        raise ValueError("Address (%s) is not in correct presentation format" %
++                         address)
++
++    if address in network:
++        return True
++    else:
++        return False
++
++
++def _get_for_address(address, key):
++    """Retrieve an attribute of or the physical interface that
++    the IP address provided could be bound to.
++
++    :param address (str): An individual IPv4 or IPv6 address without a net
++        mask or subnet prefix. For example, '192.168.1.1'.
++    :param key: 'iface' for the physical interface name or an attribute
++        of the configured interface, for example 'netmask'.
++    :returns str: Requested attribute or None if address is not bindable.
++    """
++    address = netaddr.IPAddress(address)
++    for iface in netifaces.interfaces():
++        addresses = netifaces.ifaddresses(iface)
++        if address.version == 4 and netifaces.AF_INET in addresses:
++            addr = addresses[netifaces.AF_INET][0]['addr']
++            netmask = addresses[netifaces.AF_INET][0]['netmask']
++            network = netaddr.IPNetwork("%s/%s" % (addr, netmask))
++            cidr = network.cidr
++            if address in cidr:
++                if key == 'iface':
++                    return iface
++                else:
++                    return addresses[netifaces.AF_INET][0][key]
++
++        if address.version == 6 and netifaces.AF_INET6 in addresses:
++            for addr in addresses[netifaces.AF_INET6]:
++                if not addr['addr'].startswith('fe80'):
++                    network = netaddr.IPNetwork("%s/%s" % (addr['addr'],
++                                                           addr['netmask']))
++                    cidr = network.cidr
++                    if address in cidr:
++                        if key == 'iface':
++                            return iface
++                        elif key == 'netmask' and cidr:
++                            return str(cidr).split('/')[1]
++                        else:
++                            return addr[key]
++
++    return None
++
++
++get_iface_for_address = partial(_get_for_address, key='iface')
++
++
++get_netmask_for_address = partial(_get_for_address, key='netmask')
++
++
++def format_ipv6_addr(address):
++    """If address is IPv6, wrap it in '[]' otherwise return None.
++
++    This is required by most configuration files when specifying IPv6
++    addresses.
++    """
++    if is_ipv6(address):
++        return "[%s]" % address
++
++    return None
++
++
++def get_iface_addr(iface='eth0', inet_type='AF_INET', inc_aliases=False,
++                   fatal=True, exc_list=None):
++    """Return the assigned IP address for a given interface, if any."""
++    # Extract nic if passed /dev/ethX
++    if '/' in iface:
++        iface = iface.split('/')[-1]
++
++    if not exc_list:
++        exc_list = []
++
++    try:
++        inet_num = getattr(netifaces, inet_type)
++    except AttributeError:
++        raise Exception("Unknown inet type '%s'" % str(inet_type))
++
++    interfaces = netifaces.interfaces()
++    if inc_aliases:
++        ifaces = []
++        for _iface in interfaces:
++            if iface == _iface or _iface.split(':')[0] == iface:
++                ifaces.append(_iface)
++
++        if fatal and not ifaces:
++            raise Exception("Invalid interface '%s'" % iface)
++
++        ifaces.sort()
++    else:
++        if iface not in interfaces:
++            if fatal:
++                raise Exception("Interface '%s' not found " % (iface))
++            else:
++                return []
++
++        else:
++            ifaces = [iface]
++
++    addresses = []
++    for netiface in ifaces:
++        net_info = netifaces.ifaddresses(netiface)
++        if inet_num in net_info:
++            for entry in net_info[inet_num]:
++                if 'addr' in entry and entry['addr'] not in exc_list:
++                    addresses.append(entry['addr'])
++
++    if fatal and not addresses:
++        raise Exception("Interface '%s' doesn't have any %s addresses." %
++                        (iface, inet_type))
++
++    return sorted(addresses)
++
++
++get_ipv4_addr = partial(get_iface_addr, inet_type='AF_INET')
++
++
++def get_iface_from_addr(addr):
++    """Work out on which interface the provided address is configured."""
++    for iface in netifaces.interfaces():
++        addresses = netifaces.ifaddresses(iface)
++        for inet_type in addresses:
++            for _addr in addresses[inet_type]:
++                _addr = _addr['addr']
++                # link local
++                ll_key = re.compile("(.+)%.*")
++                raw = re.match(ll_key, _addr)
++                if raw:
++                    _addr = raw.group(1)
++
++                if _addr == addr:
++                    log("Address '%s' is configured on iface '%s'" %
++                        (addr, iface))
++                    return iface
++
++    msg = "Unable to infer net iface on which '%s' is configured" % (addr)
++    raise Exception(msg)
++
++
++def sniff_iface(f):
++    """Ensure decorated function is called with a value for iface.
++
++    If no iface provided, inject net iface inferred from unit private address.
++    """
++    def iface_sniffer(*args, **kwargs):
++        if not kwargs.get('iface', None):
++            kwargs['iface'] = get_iface_from_addr(unit_get('private-address'))
++
++        return f(*args, **kwargs)
++
++    return iface_sniffer
++
++
++@sniff_iface
++def get_ipv6_addr(iface=None, inc_aliases=False, fatal=True, exc_list=None,
++                  dynamic_only=True):
++    """Get assigned IPv6 address for a given interface.
++
++    Returns list of addresses found. If no address found, returns empty list.
++
++    If iface is None, we infer the current primary interface by doing a reverse
++    lookup on the unit private-address.
++
++    We currently only support scope global IPv6 addresses i.e. non-temporary
++    addresses. If no global IPv6 address is found, return the first one found
++    in the ipv6 address list.
++    """
++    addresses = get_iface_addr(iface=iface, inet_type='AF_INET6',
++                               inc_aliases=inc_aliases, fatal=fatal,
++                               exc_list=exc_list)
++
++    if addresses:
++        global_addrs = []
++        for addr in addresses:
++            key_scope_link_local = re.compile("^fe80::..(.+)%(.+)")
++            m = re.match(key_scope_link_local, addr)
++            if m:
++                eui_64_mac = m.group(1)
++                iface = m.group(2)
++            else:
++                global_addrs.append(addr)
++
++        if global_addrs:
++            # Make sure any found global addresses are not temporary
++            cmd = ['ip', 'addr', 'show', iface]
++            out = subprocess.check_output(cmd).decode('UTF-8')
++            if dynamic_only:
++                key = re.compile("inet6 (.+)/[0-9]+ scope global dynamic.*")
++            else:
++                key = re.compile("inet6 (.+)/[0-9]+ scope global.*")
++
++            addrs = []
++            for line in out.split('\n'):
++                line = line.strip()
++                m = re.match(key, line)
++                if m and 'temporary' not in line:
++                    # Return the first valid address we find
++                    for addr in global_addrs:
++                        if m.group(1) == addr:
++                            if not dynamic_only or \
++                                    m.group(1).endswith(eui_64_mac):
++                                addrs.append(addr)
++
++            if addrs:
++                return addrs
++
++    if fatal:
++        raise Exception("Interface '%s' does not have a scope global "
++                        "non-temporary ipv6 address." % iface)
++
++    return []
++
++
++def get_bridges(vnic_dir='/sys/devices/virtual/net'):
++    """Return a list of bridges on the system."""
++    b_regex = "%s/*/bridge" % vnic_dir
++    return [x.replace(vnic_dir, '').split('/')[1] for x in glob.glob(b_regex)]
++
++
++def get_bridge_nics(bridge, vnic_dir='/sys/devices/virtual/net'):
++    """Return a list of nics comprising a given bridge on the system."""
++    brif_regex = "%s/%s/brif/*" % (vnic_dir, bridge)
++    return [x.split('/')[-1] for x in glob.glob(brif_regex)]
++
++
++def is_bridge_member(nic):
++    """Check if a given nic is a member of a bridge."""
++    for bridge in get_bridges():
++        if nic in get_bridge_nics(bridge):
++            return True
++
++    return False
 === added directory 'hooks/charmhelpers/contrib/network/ovs'
 === added file 'hooks/charmhelpers/contrib/network/ovs/__init__.py'
 --- hooks/charmhelpers/contrib/network/ovs/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/network/ovs/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,96 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++''' Helpers for interacting with OpenvSwitch '''
++import subprocess
++import os
++from charmhelpers.core.hookenv import (
++    log, WARNING
++)
++from charmhelpers.core.host import (
++    service
++)
++
++
++def add_bridge(name):
++    ''' Add the named bridge to openvswitch '''
++    log('Creating bridge {}'.format(name))
++    subprocess.check_call(["ovs-vsctl", "--", "--may-exist", "add-br", name])
++
++
++def del_bridge(name):
++    ''' Delete the named bridge from openvswitch '''
++    log('Deleting bridge {}'.format(name))
++    subprocess.check_call(["ovs-vsctl", "--", "--if-exists", "del-br", name])
++
++
++def add_bridge_port(name, port, promisc=False):
++    ''' Add a port to the named openvswitch bridge '''
++    log('Adding port {} to bridge {}'.format(port, name))
++    subprocess.check_call(["ovs-vsctl", "--", "--may-exist", "add-port",
++                           name, port])
++    subprocess.check_call(["ip", "link", "set", port, "up"])
++    if promisc:
++        subprocess.check_call(["ip", "link", "set", port, "promisc", "on"])
++    else:
++        subprocess.check_call(["ip", "link", "set", port, "promisc", "off"])
++
++
++def del_bridge_port(name, port):
++    ''' Delete a port from the named openvswitch bridge '''
++    log('Deleting port {} from bridge {}'.format(port, name))
++    subprocess.check_call(["ovs-vsctl", "--", "--if-exists", "del-port",
++                           name, port])
++    subprocess.check_call(["ip", "link", "set", port, "down"])
++    subprocess.check_call(["ip", "link", "set", port, "promisc", "off"])
++
++
++def set_manager(manager):
++    ''' Set the controller for the local openvswitch '''
++    log('Setting manager for local ovs to {}'.format(manager))
++    subprocess.check_call(['ovs-vsctl', 'set-manager',
++                           'ssl:{}'.format(manager)])
++
++
++CERT_PATH = '/etc/openvswitch/ovsclient-cert.pem'
++
++
++def get_certificate():
++    ''' Read openvswitch certificate from disk '''
++    if os.path.exists(CERT_PATH):
++        log('Reading ovs certificate from {}'.format(CERT_PATH))
++        with open(CERT_PATH, 'r') as cert:
++            full_cert = cert.read()
++            begin_marker = "-----BEGIN CERTIFICATE-----"
++            end_marker = "-----END CERTIFICATE-----"
++            begin_index = full_cert.find(begin_marker)
++            end_index = full_cert.rfind(end_marker)
++            if end_index == -1 or begin_index == -1:
++                raise RuntimeError("Certificate does not contain valid begin"
++                                   " and end markers.")
++            full_cert = full_cert[begin_index:(end_index + len(end_marker))]
++            return full_cert
++    else:
++        log('Certificate not found', level=WARNING)
++        return None
++
++
++def full_restart():
++    ''' Full restart and reload of openvswitch '''
++    if os.path.exists('/etc/init/openvswitch-force-reload-kmod.conf'):
++        service('start', 'openvswitch-force-reload-kmod')
++    else:
++        service('force-reload-kmod', 'openvswitch-switch')
 === added file 'hooks/charmhelpers/contrib/network/ufw.py'
 --- hooks/charmhelpers/contrib/network/ufw.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/network/ufw.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,276 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++"""
++This module contains helpers to add and remove ufw rules.
++
++Examples:
++
++- open SSH port for subnet 10.0.3.0/24:
++
++  >>> from charmhelpers.contrib.network import ufw
++  >>> ufw.enable()
++  >>> ufw.grant_access(src='10.0.3.0/24', dst='any', port='22', proto='tcp')
++
++- open service by name as defined in /etc/services:
++
++  >>> from charmhelpers.contrib.network import ufw
++  >>> ufw.enable()
++  >>> ufw.service('ssh', 'open')
++
++- close service by port number:
++
++  >>> from charmhelpers.contrib.network import ufw
++  >>> ufw.enable()
++  >>> ufw.service('4949', 'close')  # munin
++"""
++import re
++import os
++import subprocess
++from charmhelpers.core import hookenv
++
++__author__ = "Felipe Reyes <felipe.reyes@canonical.com>"
++
++
++class UFWError(Exception):
++    pass
++
++
++class UFWIPv6Error(UFWError):
++    pass
++
++
++def is_enabled():
++    """
++    Check if `ufw` is enabled
++
++    :returns: True if ufw is enabled
++    """
++    output = subprocess.check_output(['ufw', 'status'],
++                                     universal_newlines=True,
++                                     env={'LANG': 'en_US',
++                                          'PATH': os.environ['PATH']})
++
++    m = re.findall(r'^Status: active\n', output, re.M)
++
++    return len(m) >= 1
++
++
++def is_ipv6_ok(soft_fail=False):
++    """
++    Check if IPv6 support is present and ip6tables functional
++
++    :param soft_fail: If set to True and IPv6 support is broken, then reports
++                      that the host doesn't have IPv6 support, otherwise a
++                      UFWIPv6Error exception is raised.
++    :returns: True if IPv6 is working, False otherwise
++    """
++
++    # do we have IPv6 in the machine?
++    if os.path.isdir('/proc/sys/net/ipv6'):
++        # is ip6tables kernel module loaded?
++        lsmod = subprocess.check_output(['lsmod'], universal_newlines=True)
++        matches = re.findall('^ip6_tables[ ]+', lsmod, re.M)
++        if len(matches) == 0:
++            # ip6tables support isn't complete, let's try to load it
++            try:
++                subprocess.check_output(['modprobe', 'ip6_tables'],
++                                        universal_newlines=True)
++                # great, we could load the module
++                return True
++            except subprocess.CalledProcessError as ex:
++                hookenv.log("Couldn't load ip6_tables module: %s" % ex.output,
++                            level="WARN")
++                # we are in a world where ip6tables isn't working
++                if soft_fail:
++                    # so we inform that the machine doesn't have IPv6
++                    return False
++                else:
++                    raise UFWIPv6Error("IPv6 firewall support broken")
++        else:
++            # the module is present :)
++            return True
++
++    else:
++        # the system doesn't have IPv6
++        return False
++
++
++def disable_ipv6():
++    """
++    Disable ufw IPv6 support in /etc/default/ufw
++    """
++    exit_code = subprocess.call(['sed', '-i', 's/IPV6=.*/IPV6=no/g',
++                                 '/etc/default/ufw'])
++    if exit_code == 0:
++        hookenv.log('IPv6 support in ufw disabled', level='INFO')
++    else:
++        hookenv.log("Couldn't disable IPv6 support in ufw", level="ERROR")
++        raise UFWError("Couldn't disable IPv6 support in ufw")
++
++
++def enable(soft_fail=False):
++    """
++    Enable ufw
++
++    :param soft_fail: If set to True silently disables IPv6 support in ufw,
++                      otherwise a UFWIPv6Error exception is raised when IP6
++                      support is broken.
++    :returns: True if ufw is successfully enabled
++    """
++    if is_enabled():
++        return True
++
++    if not is_ipv6_ok(soft_fail):
++        disable_ipv6()
++
++    output = subprocess.check_output(['ufw', 'enable'],
++                                     universal_newlines=True,
++                                     env={'LANG': 'en_US',
++                                          'PATH': os.environ['PATH']})
++
++    m = re.findall('^Firewall is active and enabled on system startup\n',
++                   output, re.M)
++    hookenv.log(output, level='DEBUG')
++
++    if len(m) == 0:
++        hookenv.log("ufw couldn't be enabled", level='WARN')
++        return False
++    else:
++        hookenv.log("ufw enabled", level='INFO')
++        return True
++
++
++def disable():
++    """
++    Disable ufw
++
++    :returns: True if ufw is successfully disabled
++    """
++    if not is_enabled():
++        return True
++
++    output = subprocess.check_output(['ufw', 'disable'],
++                                     universal_newlines=True,
++                                     env={'LANG': 'en_US',
++                                          'PATH': os.environ['PATH']})
++
++    m = re.findall(r'^Firewall stopped and disabled on system startup\n',
++                   output, re.M)
++    hookenv.log(output, level='DEBUG')
++
++    if len(m) == 0:
++        hookenv.log("ufw couldn't be disabled", level='WARN')
++        return False
++    else:
++        hookenv.log("ufw disabled", level='INFO')
++        return True
++
++
++def modify_access(src, dst='any', port=None, proto=None, action='allow'):
++    """
++    Grant access to an address or subnet
++
++    :param src: address (e.g. 192.168.1.234) or subnet
++                (e.g. 192.168.1.0/24).
++    :param dst: destiny of the connection, if the machine has multiple IPs and
++                connections to only one of those have to accepted this is the
++                field has to be set.
++    :param port: destiny port
++    :param proto: protocol (tcp or udp)
++    :param action: `allow` or `delete`
++    """
++    if not is_enabled():
++        hookenv.log('ufw is disabled, skipping modify_access()', level='WARN')
++        return
++
++    if action == 'delete':
++        cmd = ['ufw', 'delete', 'allow']
++    else:
++        cmd = ['ufw', action]
++
++    if src is not None:
++        cmd += ['from', src]
++
++    if dst is not None:
++        cmd += ['to', dst]
++
++    if port is not None:
++        cmd += ['port', str(port)]
++
++    if proto is not None:
++        cmd += ['proto', proto]
++
++    hookenv.log('ufw {}: {}'.format(action, ' '.join(cmd)), level='DEBUG')
++    p = subprocess.Popen(cmd, stdout=subprocess.PIPE)
++    (stdout, stderr) = p.communicate()
++
++    hookenv.log(stdout, level='INFO')
++
++    if p.returncode != 0:
++        hookenv.log(stderr, level='ERROR')
++        hookenv.log('Error running: {}, exit code: {}'.format(' '.join(cmd),
++                                                              p.returncode),
++                    level='ERROR')
++
++
++def grant_access(src, dst='any', port=None, proto=None):
++    """
++    Grant access to an address or subnet
++
++    :param src: address (e.g. 192.168.1.234) or subnet
++                (e.g. 192.168.1.0/24).
++    :param dst: destiny of the connection, if the machine has multiple IPs and
++                connections to only one of those have to accepted this is the
++                field has to be set.
++    :param port: destiny port
++    :param proto: protocol (tcp or udp)
++    """
++    return modify_access(src, dst=dst, port=port, proto=proto, action='allow')
++
++
++def revoke_access(src, dst='any', port=None, proto=None):
++    """
++    Revoke access to an address or subnet
++
++    :param src: address (e.g. 192.168.1.234) or subnet
++                (e.g. 192.168.1.0/24).
++    :param dst: destiny of the connection, if the machine has multiple IPs and
++                connections to only one of those have to accepted this is the
++                field has to be set.
++    :param port: destiny port
++    :param proto: protocol (tcp or udp)
++    """
++    return modify_access(src, dst=dst, port=port, proto=proto, action='delete')
++
++
++def service(name, action):
++    """
++    Open/close access to a service
++
++    :param name: could be a service name defined in `/etc/services` or a port
++                 number.
++    :param action: `open` or `close`
++    """
++    if action == 'open':
++        subprocess.check_output(['ufw', 'allow', str(name)],
++                                universal_newlines=True)
++    elif action == 'close':
++        subprocess.check_output(['ufw', 'delete', 'allow', str(name)],
++                                universal_newlines=True)
++    else:
++        raise UFWError(("'{}' not supported, use 'allow' "
++                        "or 'delete'").format(action))
 === added directory 'hooks/charmhelpers/contrib/openstack'
 === added file 'hooks/charmhelpers/contrib/openstack/__init__.py'
 --- hooks/charmhelpers/contrib/openstack/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,15 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
 === added file 'hooks/charmhelpers/contrib/openstack/alternatives.py'
 --- hooks/charmhelpers/contrib/openstack/alternatives.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/alternatives.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,33 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++''' Helper for managing alternatives for file conflict resolution '''
++
++import subprocess
++import shutil
++import os
++
++
++def install_alternative(name, target, source, priority=50):
++    ''' Install alternative configuration '''
++    if (os.path.exists(target) and not os.path.islink(target)):
++        # Move existing file/directory away before installing
++        shutil.move(target, '{}.bak'.format(target))
++    cmd = [
++        'update-alternatives', '--force', '--install',
++        target, name, source, str(priority)
++    ]
++    subprocess.check_call(cmd)
 === added directory 'hooks/charmhelpers/contrib/openstack/amulet'
 === added file 'hooks/charmhelpers/contrib/openstack/amulet/__init__.py'
 --- hooks/charmhelpers/contrib/openstack/amulet/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/amulet/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,15 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
 === added file 'hooks/charmhelpers/contrib/openstack/amulet/deployment.py'
 --- hooks/charmhelpers/contrib/openstack/amulet/deployment.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/amulet/deployment.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,108 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++import six
++from charmhelpers.contrib.amulet.deployment import (
++    AmuletDeployment
++)
++
++
++class OpenStackAmuletDeployment(AmuletDeployment):
++    """OpenStack amulet deployment.
++
++       This class inherits from AmuletDeployment and has additional support
++       that is specifically for use by OpenStack charms.
++       """
++
++    def __init__(self, series=None, openstack=None, source=None, stable=True):
++        """Initialize the deployment environment."""
++        super(OpenStackAmuletDeployment, self).__init__(series)
++        self.openstack = openstack
++        self.source = source
++        self.stable = stable
++        # Note(coreycb): this needs to be changed when new next branches come
++        # out.
++        self.current_next = "trusty"
++
++    def _determine_branch_locations(self, other_services):
++        """Determine the branch locations for the other services.
++
++           Determine if the local branch being tested is derived from its
++           stable or next (dev) branch, and based on this, use the corresonding
++           stable or next branches for the other_services."""
++        base_charms = ['mysql', 'mongodb', 'rabbitmq-server']
++
++        if self.stable:
++            for svc in other_services:
++                temp = 'lp:charms/{}'
++                svc['location'] = temp.format(svc['name'])
++        else:
++            for svc in other_services:
++                if svc['name'] in base_charms:
++                    temp = 'lp:charms/{}'
++                    svc['location'] = temp.format(svc['name'])
++                else:
++                    temp = 'lp:~openstack-charmers/charms/{}/{}/next'
++                    svc['location'] = temp.format(self.current_next,
++                                                  svc['name'])
++        return other_services
++
++    def _add_services(self, this_service, other_services):
++        """Add services to the deployment and set openstack-origin/source."""
++        other_services = self._determine_branch_locations(other_services)
++
++        super(OpenStackAmuletDeployment, self)._add_services(this_service,
++                                                             other_services)
++
++        services = other_services
++        services.append(this_service)
++        use_source = ['mysql', 'mongodb', 'rabbitmq-server', 'ceph',
++                      'ceph-osd', 'ceph-radosgw']
++
++        if self.openstack:
++            for svc in services:
++                if svc['name'] not in use_source:
++                    config = {'openstack-origin': self.openstack}
++                    self.d.configure(svc['name'], config)
++
++        if self.source:
++            for svc in services:
++                if svc['name'] in use_source:
++                    config = {'source': self.source}
++                    self.d.configure(svc['name'], config)
++
++    def _configure_services(self, configs):
++        """Configure all of the services."""
++        for service, config in six.iteritems(configs):
++            self.d.configure(service, config)
++
++    def _get_openstack_release(self):
++        """Get openstack release.
++
++           Return an integer representing the enum value of the openstack
++           release.
++           """
++        (self.precise_essex, self.precise_folsom, self.precise_grizzly,
++         self.precise_havana, self.precise_icehouse,
++         self.trusty_icehouse) = range(6)
++        releases = {
++            ('precise', None): self.precise_essex,
++            ('precise', 'cloud:precise-folsom'): self.precise_folsom,
++            ('precise', 'cloud:precise-grizzly'): self.precise_grizzly,
++            ('precise', 'cloud:precise-havana'): self.precise_havana,
++            ('precise', 'cloud:precise-icehouse'): self.precise_icehouse,
++            ('trusty', None): self.trusty_icehouse}
++        return releases[(self.series, self.openstack)]
 === added file 'hooks/charmhelpers/contrib/openstack/amulet/utils.py'
 --- hooks/charmhelpers/contrib/openstack/amulet/utils.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/amulet/utils.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,294 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++import logging
++import os
++import time
++import urllib
++
++import glanceclient.v1.client as glance_client
++import keystoneclient.v2_0 as keystone_client
++import novaclient.v1_1.client as nova_client
++
++import six
++
++from charmhelpers.contrib.amulet.utils import (
++    AmuletUtils
++)
++
++DEBUG = logging.DEBUG
++ERROR = logging.ERROR
++
++
++class OpenStackAmuletUtils(AmuletUtils):
++    """OpenStack amulet utilities.
++
++       This class inherits from AmuletUtils and has additional support
++       that is specifically for use by OpenStack charms.
++       """
++
++    def __init__(self, log_level=ERROR):
++        """Initialize the deployment environment."""
++        super(OpenStackAmuletUtils, self).__init__(log_level)
++
++    def validate_endpoint_data(self, endpoints, admin_port, internal_port,
++                               public_port, expected):
++        """Validate endpoint data.
++
++           Validate actual endpoint data vs expected endpoint data. The ports
++           are used to find the matching endpoint.
++           """
++        found = False
++        for ep in endpoints:
++            self.log.debug('endpoint: {}'.format(repr(ep)))
++            if (admin_port in ep.adminurl and
++                    internal_port in ep.internalurl and
++                    public_port in ep.publicurl):
++                found = True
++                actual = {'id': ep.id,
++                          'region': ep.region,
++                          'adminurl': ep.adminurl,
++                          'internalurl': ep.internalurl,
++                          'publicurl': ep.publicurl,
++                          'service_id': ep.service_id}
++                ret = self._validate_dict_data(expected, actual)
++                if ret:
++                    return 'unexpected endpoint data - {}'.format(ret)
++
++        if not found:
++            return 'endpoint not found'
++
++    def validate_svc_catalog_endpoint_data(self, expected, actual):
++        """Validate service catalog endpoint data.
++
++           Validate a list of actual service catalog endpoints vs a list of
++           expected service catalog endpoints.
++           """
++        self.log.debug('actual: {}'.format(repr(actual)))
++        for k, v in six.iteritems(expected):
++            if k in actual:
++                ret = self._validate_dict_data(expected[k][0], actual[k][0])
++                if ret:
++                    return self.endpoint_error(k, ret)
++            else:
++                return "endpoint {} does not exist".format(k)
++        return ret
++
++    def validate_tenant_data(self, expected, actual):
++        """Validate tenant data.
++
++           Validate a list of actual tenant data vs list of expected tenant
++           data.
++           """
++        self.log.debug('actual: {}'.format(repr(actual)))
++        for e in expected:
++            found = False
++            for act in actual:
++                a = {'enabled': act.enabled, 'description': act.description,
++                     'name': act.name, 'id': act.id}
++                if e['name'] == a['name']:
++                    found = True
++                    ret = self._validate_dict_data(e, a)
++                    if ret:
++                        return "unexpected tenant data - {}".format(ret)
++            if not found:
++                return "tenant {} does not exist".format(e['name'])
++        return ret
++
++    def validate_role_data(self, expected, actual):
++        """Validate role data.
++
++           Validate a list of actual role data vs a list of expected role
++           data.
++           """
++        self.log.debug('actual: {}'.format(repr(actual)))
++        for e in expected:
++            found = False
++            for act in actual:
++                a = {'name': act.name, 'id': act.id}
++                if e['name'] == a['name']:
++                    found = True
++                    ret = self._validate_dict_data(e, a)
++                    if ret:
++                        return "unexpected role data - {}".format(ret)
++            if not found:
++                return "role {} does not exist".format(e['name'])
++        return ret
++
++    def validate_user_data(self, expected, actual):
++        """Validate user data.
++
++           Validate a list of actual user data vs a list of expected user
++           data.
++           """
++        self.log.debug('actual: {}'.format(repr(actual)))
++        for e in expected:
++            found = False
++            for act in actual:
++                a = {'enabled': act.enabled, 'name': act.name,
++                     'email': act.email, 'tenantId': act.tenantId,
++                     'id': act.id}
++                if e['name'] == a['name']:
++                    found = True
++                    ret = self._validate_dict_data(e, a)
++                    if ret:
++                        return "unexpected user data - {}".format(ret)
++            if not found:
++                return "user {} does not exist".format(e['name'])
++        return ret
++
++    def validate_flavor_data(self, expected, actual):
++        """Validate flavor data.
++
++           Validate a list of actual flavors vs a list of expected flavors.
++           """
++        self.log.debug('actual: {}'.format(repr(actual)))
++        act = [a.name for a in actual]
++        return self._validate_list_data(expected, act)
++
++    def tenant_exists(self, keystone, tenant):
++        """Return True if tenant exists."""
++        return tenant in [t.name for t in keystone.tenants.list()]
++
++    def authenticate_keystone_admin(self, keystone_sentry, user, password,
++                                    tenant):
++        """Authenticates admin user with the keystone admin endpoint."""
++        unit = keystone_sentry
++        service_ip = unit.relation('shared-db',
++                                   'mysql:shared-db')['private-address']
++        ep = "http://{}:35357/v2.0".format(service_ip.strip().decode('utf-8'))
++        return keystone_client.Client(username=user, password=password,
++                                      tenant_name=tenant, auth_url=ep)
++
++    def authenticate_keystone_user(self, keystone, user, password, tenant):
++        """Authenticates a regular user with the keystone public endpoint."""
++        ep = keystone.service_catalog.url_for(service_type='identity',
++                                              endpoint_type='publicURL')
++        return keystone_client.Client(username=user, password=password,
++                                      tenant_name=tenant, auth_url=ep)
++
++    def authenticate_glance_admin(self, keystone):
++        """Authenticates admin user with glance."""
++        ep = keystone.service_catalog.url_for(service_type='image',
++                                              endpoint_type='adminURL')
++        return glance_client.Client(ep, token=keystone.auth_token)
++
++    def authenticate_nova_user(self, keystone, user, password, tenant):
++        """Authenticates a regular user with nova-api."""
++        ep = keystone.service_catalog.url_for(service_type='identity',
++                                              endpoint_type='publicURL')
++        return nova_client.Client(username=user, api_key=password,
++                                  project_id=tenant, auth_url=ep)
++
++    def create_cirros_image(self, glance, image_name):
++        """Download the latest cirros image and upload it to glance."""
++        http_proxy = os.getenv('AMULET_HTTP_PROXY')
++        self.log.debug('AMULET_HTTP_PROXY: {}'.format(http_proxy))
++        if http_proxy:
++            proxies = {'http': http_proxy}
++            opener = urllib.FancyURLopener(proxies)
++        else:
++            opener = urllib.FancyURLopener()
++
++        f = opener.open("http://download.cirros-cloud.net/version/released")
++        version = f.read().strip()
++        cirros_img = "cirros-{}-x86_64-disk.img".format(version)
++        local_path = os.path.join('tests', cirros_img)
++
++        if not os.path.exists(local_path):
++            cirros_url = "http://{}/{}/{}".format("download.cirros-cloud.net",
++                                                  version, cirros_img)
++            opener.retrieve(cirros_url, local_path)
++        f.close()
++
++        with open(local_path) as f:
++            image = glance.images.create(name=image_name, is_public=True,
++                                         disk_format='qcow2',
++                                         container_format='bare', data=f)
++        count = 1
++        status = image.status
++        while status != 'active' and count < 10:
++            time.sleep(3)
++            image = glance.images.get(image.id)
++            status = image.status
++            self.log.debug('image status: {}'.format(status))
++            count += 1
++
++        if status != 'active':
++            self.log.error('image creation timed out')
++            return None
++
++        return image
++
++    def delete_image(self, glance, image):
++        """Delete the specified image."""
++        num_before = len(list(glance.images.list()))
++        glance.images.delete(image)
++
++        count = 1
++        num_after = len(list(glance.images.list()))
++        while num_after != (num_before - 1) and count < 10:
++            time.sleep(3)
++            num_after = len(list(glance.images.list()))
++            self.log.debug('number of images: {}'.format(num_after))
++            count += 1
++
++        if num_after != (num_before - 1):
++            self.log.error('image deletion timed out')
++            return False
++
++        return True
++
++    def create_instance(self, nova, image_name, instance_name, flavor):
++        """Create the specified instance."""
++        image = nova.images.find(name=image_name)
++        flavor = nova.flavors.find(name=flavor)
++        instance = nova.servers.create(name=instance_name, image=image,
++                                       flavor=flavor)
++
++        count = 1
++        status = instance.status
++        while status != 'ACTIVE' and count < 60:
++            time.sleep(3)
++            instance = nova.servers.get(instance.id)
++            status = instance.status
++            self.log.debug('instance status: {}'.format(status))
++            count += 1
++
++        if status != 'ACTIVE':
++            self.log.error('instance creation timed out')
++            return None
++
++        return instance
++
++    def delete_instance(self, nova, instance):
++        """Delete the specified instance."""
++        num_before = len(list(nova.servers.list()))
++        nova.servers.delete(instance)
++
++        count = 1
++        num_after = len(list(nova.servers.list()))
++        while num_after != (num_before - 1) and count < 10:
++            time.sleep(3)
++            num_after = len(list(nova.servers.list()))
++            self.log.debug('number of instances: {}'.format(num_after))
++            count += 1
++
++        if num_after != (num_before - 1):
++            self.log.error('instance deletion timed out')
++            return False
++
++        return True
 === added file 'hooks/charmhelpers/contrib/openstack/context.py'
 --- hooks/charmhelpers/contrib/openstack/context.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/context.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,1054 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++import json
++import os
++import time
++from base64 import b64decode
++from subprocess import check_call
++
++import six
++
++from charmhelpers.fetch import (
++    apt_install,
++    filter_installed_packages,
++)
++from charmhelpers.core.hookenv import (
++    config,
++    is_relation_made,
++    local_unit,
++    log,
++    relation_get,
++    relation_ids,
++    related_units,
++    relation_set,
++    unit_get,
++    unit_private_ip,
++    charm_name,
++    DEBUG,
++    INFO,
++    WARNING,
++    ERROR,
++)
++
++from charmhelpers.core.sysctl import create as sysctl_create
++
++from charmhelpers.core.host import (
++    mkdir,
++    write_file,
++)
++from charmhelpers.contrib.hahelpers.cluster import (
++    determine_apache_port,
++    determine_api_port,
++    https,
++    is_clustered,
++)
++from charmhelpers.contrib.hahelpers.apache import (
++    get_cert,
++    get_ca_cert,
++    install_ca_cert,
++)
++from charmhelpers.contrib.openstack.neutron import (
++    neutron_plugin_attribute,
++)
++from charmhelpers.contrib.network.ip import (
++    get_address_in_network,
++    get_ipv6_addr,
++    get_netmask_for_address,
++    format_ipv6_addr,
++    is_address_in_network,
++)
++from charmhelpers.contrib.openstack.utils import get_host_ip
++
++CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'
++ADDRESS_TYPES = ['admin', 'internal', 'public']
++
++
++class OSContextError(Exception):
++    pass
++
++
++def ensure_packages(packages):
++    """Install but do not upgrade required plugin packages."""
++    required = filter_installed_packages(packages)
++    if required:
++        apt_install(required, fatal=True)
++
++
++def context_complete(ctxt):
++    _missing = []
++    for k, v in six.iteritems(ctxt):
++        if v is None or v == '':
++            _missing.append(k)
++
++    if _missing:
++        log('Missing required data: %s' % ' '.join(_missing), level=INFO)
++        return False
++
++    return True
++
++
++def config_flags_parser(config_flags):
++    """Parses config flags string into dict.
++
++    The provided config_flags string may be a list of comma-separated values
++    which themselves may be comma-separated list of values.
++    """
++    if config_flags.find('==') >= 0:
++        log("config_flags is not in expected format (key=value)", level=ERROR)
++        raise OSContextError
++
++    # strip the following from each value.
++    post_strippers = ' ,'
++    # we strip any leading/trailing '=' or ' ' from the string then
++    # split on '='.
++    split = config_flags.strip(' =').split('=')
++    limit = len(split)
++    flags = {}
++    for i in range(0, limit - 1):
++        current = split[i]
++        next = split[i + 1]
++        vindex = next.rfind(',')
++        if (i == limit - 2) or (vindex < 0):
++            value = next
++        else:
++            value = next[:vindex]
++
++        if i == 0:
++            key = current
++        else:
++            # if this not the first entry, expect an embedded key.
++            index = current.rfind(',')
++            if index < 0:
++                log("Invalid config value(s) at index %s" % (i), level=ERROR)
++                raise OSContextError
++            key = current[index + 1:]
++
++        # Add to collection.
++        flags[key.strip(post_strippers)] = value.rstrip(post_strippers)
++
++    return flags
++
++
++class OSContextGenerator(object):
++    """Base class for all context generators."""
++    interfaces = []
++
++    def __call__(self):
++        raise NotImplementedError
++
++
++class SharedDBContext(OSContextGenerator):
++    interfaces = ['shared-db']
++
++    def __init__(self,
++                 database=None, user=None, relation_prefix=None, ssl_dir=None):
++        """Allows inspecting relation for settings prefixed with
++        relation_prefix. This is useful for parsing access for multiple
++        databases returned via the shared-db interface (eg, nova_password,
++        quantum_password)
++        """
++        self.relation_prefix = relation_prefix
++        self.database = database
++        self.user = user
++        self.ssl_dir = ssl_dir
++
++    def __call__(self):
++        self.database = self.database or config('database')
++        self.user = self.user or config('database-user')
++        if None in [self.database, self.user]:
++            log("Could not generate shared_db context. Missing required charm "
++                "config options. (database name and user)", level=ERROR)
++            raise OSContextError
++
++        ctxt = {}
++
++        # NOTE(jamespage) if mysql charm provides a network upon which
++        # access to the database should be made, reconfigure relation
++        # with the service units local address and defer execution
++        access_network = relation_get('access-network')
++        if access_network is not None:
++            if self.relation_prefix is not None:
++                hostname_key = "{}_hostname".format(self.relation_prefix)
++            else:
++                hostname_key = "hostname"
++            access_hostname = get_address_in_network(access_network,
++                                                     unit_get('private-address'))
++            set_hostname = relation_get(attribute=hostname_key,
++                                        unit=local_unit())
++            if set_hostname != access_hostname:
++                relation_set(relation_settings={hostname_key: access_hostname})
++                return ctxt  # Defer any further hook execution for now....
++
++        password_setting = 'password'
++        if self.relation_prefix:
++            password_setting = self.relation_prefix + '_password'
++
++        for rid in relation_ids('shared-db'):
++            for unit in related_units(rid):
++                rdata = relation_get(rid=rid, unit=unit)
++                host = rdata.get('db_host')
++                host = format_ipv6_addr(host) or host
++                ctxt = {
++                    'database_host': host,
++                    'database': self.database,
++                    'database_user': self.user,
++                    'database_password': rdata.get(password_setting),
++                    'database_type': 'mysql'
++                }
++                if context_complete(ctxt):
++                    db_ssl(rdata, ctxt, self.ssl_dir)
++                    return ctxt
++        return {}
++
++
++class PostgresqlDBContext(OSContextGenerator):
++    interfaces = ['pgsql-db']
++
++    def __init__(self, database=None):
++        self.database = database
++
++    def __call__(self):
++        self.database = self.database or config('database')
++        if self.database is None:
++            log('Could not generate postgresql_db context. Missing required '
++                'charm config options. (database name)', level=ERROR)
++            raise OSContextError
++
++        ctxt = {}
++        for rid in relation_ids(self.interfaces[0]):
++            for unit in related_units(rid):
++                rel_host = relation_get('host', rid=rid, unit=unit)
++                rel_user = relation_get('user', rid=rid, unit=unit)
++                rel_passwd = relation_get('password', rid=rid, unit=unit)
++                ctxt = {'database_host': rel_host,
++                        'database': self.database,
++                        'database_user': rel_user,
++                        'database_password': rel_passwd,
++                        'database_type': 'postgresql'}
++                if context_complete(ctxt):
++                    return ctxt
++
++        return {}
++
++
++def db_ssl(rdata, ctxt, ssl_dir):
++    if 'ssl_ca' in rdata and ssl_dir:
++        ca_path = os.path.join(ssl_dir, 'db-client.ca')
++        with open(ca_path, 'w') as fh:
++            fh.write(b64decode(rdata['ssl_ca']))
++
++        ctxt['database_ssl_ca'] = ca_path
++    elif 'ssl_ca' in rdata:
++        log("Charm not setup for ssl support but ssl ca found", level=INFO)
++        return ctxt
++
++    if 'ssl_cert' in rdata:
++        cert_path = os.path.join(
++            ssl_dir, 'db-client.cert')
++        if not os.path.exists(cert_path):
++            log("Waiting 1m for ssl client cert validity", level=INFO)
++            time.sleep(60)
++
++        with open(cert_path, 'w') as fh:
++            fh.write(b64decode(rdata['ssl_cert']))
++
++        ctxt['database_ssl_cert'] = cert_path
++        key_path = os.path.join(ssl_dir, 'db-client.key')
++        with open(key_path, 'w') as fh:
++            fh.write(b64decode(rdata['ssl_key']))
++
++        ctxt['database_ssl_key'] = key_path
++
++    return ctxt
++
++
++class IdentityServiceContext(OSContextGenerator):
++    interfaces = ['identity-service']
++
++    def __call__(self):
++        log('Generating template context for identity-service', level=DEBUG)
++        ctxt = {}
++        for rid in relation_ids('identity-service'):
++            for unit in related_units(rid):
++                rdata = relation_get(rid=rid, unit=unit)
++                serv_host = rdata.get('service_host')
++                serv_host = format_ipv6_addr(serv_host) or serv_host
++                auth_host = rdata.get('auth_host')
++                auth_host = format_ipv6_addr(auth_host) or auth_host
++                svc_protocol = rdata.get('service_protocol') or 'http'
++                auth_protocol = rdata.get('auth_protocol') or 'http'
++                ctxt = {'service_port': rdata.get('service_port'),
++                        'service_host': serv_host,
++                        'auth_host': auth_host,
++                        'auth_port': rdata.get('auth_port'),
++                        'admin_tenant_name': rdata.get('service_tenant'),
++                        'admin_user': rdata.get('service_username'),
++                        'admin_password': rdata.get('service_password'),
++                        'service_protocol': svc_protocol,
++                        'auth_protocol': auth_protocol}
++                if context_complete(ctxt):
++                    # NOTE(jamespage) this is required for >= icehouse
++                    # so a missing value just indicates keystone needs
++                    # upgrading
++                    ctxt['admin_tenant_id'] = rdata.get('service_tenant_id')
++                    return ctxt
++
++        return {}
++
++
++class AMQPContext(OSContextGenerator):
++
++    def __init__(self, ssl_dir=None, rel_name='amqp', relation_prefix=None):
++        self.ssl_dir = ssl_dir
++        self.rel_name = rel_name
++        self.relation_prefix = relation_prefix
++        self.interfaces = [rel_name]
++
++    def __call__(self):
++        log('Generating template context for amqp', level=DEBUG)
++        conf = config()
++        if self.relation_prefix:
++            user_setting = '%s-rabbit-user' % (self.relation_prefix)
++            vhost_setting = '%s-rabbit-vhost' % (self.relation_prefix)
++        else:
++            user_setting = 'rabbit-user'
++            vhost_setting = 'rabbit-vhost'
++
++        try:
++            username = conf[user_setting]
++            vhost = conf[vhost_setting]
++        except KeyError as e:
++            log('Could not generate shared_db context. Missing required charm '
++                'config options: %s.' % e, level=ERROR)
++            raise OSContextError
++
++        ctxt = {}
++        for rid in relation_ids(self.rel_name):
++            ha_vip_only = False
++            for unit in related_units(rid):
++                if relation_get('clustered', rid=rid, unit=unit):
++                    ctxt['clustered'] = True
++                    vip = relation_get('vip', rid=rid, unit=unit)
++                    vip = format_ipv6_addr(vip) or vip
++                    ctxt['rabbitmq_host'] = vip
++                else:
++                    host = relation_get('private-address', rid=rid, unit=unit)
++                    host = format_ipv6_addr(host) or host
++                    ctxt['rabbitmq_host'] = host
++
++                ctxt.update({
++                    'rabbitmq_user': username,
++                    'rabbitmq_password': relation_get('password', rid=rid,
++                                                      unit=unit),
++                    'rabbitmq_virtual_host': vhost,
++                })
++
++                ssl_port = relation_get('ssl_port', rid=rid, unit=unit)
++                if ssl_port:
++                    ctxt['rabbit_ssl_port'] = ssl_port
++
++                ssl_ca = relation_get('ssl_ca', rid=rid, unit=unit)
++                if ssl_ca:
++                    ctxt['rabbit_ssl_ca'] = ssl_ca
++
++                if relation_get('ha_queues', rid=rid, unit=unit) is not None:
++                    ctxt['rabbitmq_ha_queues'] = True
++
++                ha_vip_only = relation_get('ha-vip-only',
++                                           rid=rid, unit=unit) is not None
++
++                if context_complete(ctxt):
++                    if 'rabbit_ssl_ca' in ctxt:
++                        if not self.ssl_dir:
++                            log("Charm not setup for ssl support but ssl ca "
++                                "found", level=INFO)
++                            break
++
++                        ca_path = os.path.join(
++                            self.ssl_dir, 'rabbit-client-ca.pem')
++                        with open(ca_path, 'w') as fh:
++                            fh.write(b64decode(ctxt['rabbit_ssl_ca']))
++                            ctxt['rabbit_ssl_ca'] = ca_path
++
++                    # Sufficient information found = break out!
++                    break
++
++            # Used for active/active rabbitmq >= grizzly
++            if (('clustered' not in ctxt or ha_vip_only) and
++                    len(related_units(rid)) > 1):
++                rabbitmq_hosts = []
++                for unit in related_units(rid):
++                    host = relation_get('private-address', rid=rid, unit=unit)
++                    host = format_ipv6_addr(host) or host
++                    rabbitmq_hosts.append(host)
++
++                ctxt['rabbitmq_hosts'] = ','.join(sorted(rabbitmq_hosts))
++
++        if not context_complete(ctxt):
++            return {}
++
++        return ctxt
++
++
++class CephContext(OSContextGenerator):
++    """Generates context for /etc/ceph/ceph.conf templates."""
++    interfaces = ['ceph']
++
++    def __call__(self):
++        if not relation_ids('ceph'):
++            return {}
++
++        log('Generating template context for ceph', level=DEBUG)
++        mon_hosts = []
++        auth = None
++        key = None
++        use_syslog = str(config('use-syslog')).lower()
++        for rid in relation_ids('ceph'):
++            for unit in related_units(rid):
++                auth = relation_get('auth', rid=rid, unit=unit)
++                key = relation_get('key', rid=rid, unit=unit)
++                ceph_pub_addr = relation_get('ceph-public-address', rid=rid,
++                                             unit=unit)
++                unit_priv_addr = relation_get('private-address', rid=rid,
++                                              unit=unit)
++                ceph_addr = ceph_pub_addr or unit_priv_addr
++                ceph_addr = format_ipv6_addr(ceph_addr) or ceph_addr
++                mon_hosts.append(ceph_addr)
++
++        ctxt = {'mon_hosts': ' '.join(sorted(mon_hosts)),
++                'auth': auth,
++                'key': key,
++                'use_syslog': use_syslog}
++
++        if not os.path.isdir('/etc/ceph'):
++            os.mkdir('/etc/ceph')
++
++        if not context_complete(ctxt):
++            return {}
++
++        ensure_packages(['ceph-common'])
++        return ctxt
++
++
++class HAProxyContext(OSContextGenerator):
++    """Provides half a context for the haproxy template, which describes
++    all peers to be included in the cluster.  Each charm needs to include
++    its own context generator that describes the port mapping.
++    """
++    interfaces = ['cluster']
++
++    def __init__(self, singlenode_mode=False):
++        self.singlenode_mode = singlenode_mode
++
++    def __call__(self):
++        if not relation_ids('cluster') and not self.singlenode_mode:
++            return {}
++
++        if config('prefer-ipv6'):
++            addr = get_ipv6_addr(exc_list=[config('vip')])[0]
++        else:
++            addr = get_host_ip(unit_get('private-address'))
++
++        l_unit = local_unit().replace('/', '-')
++        cluster_hosts = {}
++
++        # NOTE(jamespage): build out map of configured network endpoints
++        # and associated backends
++        for addr_type in ADDRESS_TYPES:
++            cfg_opt = 'os-{}-network'.format(addr_type)
++            laddr = get_address_in_network(config(cfg_opt))
++            if laddr:
++                netmask = get_netmask_for_address(laddr)
++                cluster_hosts[laddr] = {'network': "{}/{}".format(laddr,
++                                                                  netmask),
++                                        'backends': {l_unit: laddr}}
++                for rid in relation_ids('cluster'):
++                    for unit in related_units(rid):
++                        _laddr = relation_get('{}-address'.format(addr_type),
++                                              rid=rid, unit=unit)
++                        if _laddr:
++                            _unit = unit.replace('/', '-')
++                            cluster_hosts[laddr]['backends'][_unit] = _laddr
++
++        # NOTE(jamespage) add backend based on private address - this
++        # with either be the only backend or the fallback if no acls
++        # match in the frontend
++        cluster_hosts[addr] = {}
++        netmask = get_netmask_for_address(addr)
++        cluster_hosts[addr] = {'network': "{}/{}".format(addr, netmask),
++                               'backends': {l_unit: addr}}
++        for rid in relation_ids('cluster'):
++            for unit in related_units(rid):
++                _laddr = relation_get('private-address',
++                                      rid=rid, unit=unit)
++                if _laddr:
++                    _unit = unit.replace('/', '-')
++                    cluster_hosts[addr]['backends'][_unit] = _laddr
++
++        ctxt = {
++            'frontends': cluster_hosts,
++            'default_backend': addr
++        }
++
++        if config('haproxy-server-timeout'):
++            ctxt['haproxy_server_timeout'] = config('haproxy-server-timeout')
++
++        if config('haproxy-client-timeout'):
++            ctxt['haproxy_client_timeout'] = config('haproxy-client-timeout')
++
++        if config('prefer-ipv6'):
++            ctxt['ipv6'] = True
++            ctxt['local_host'] = 'ip6-localhost'
++            ctxt['haproxy_host'] = '::'
++            ctxt['stat_port'] = ':::8888'
++        else:
++            ctxt['local_host'] = '127.0.0.1'
++            ctxt['haproxy_host'] = '0.0.0.0'
++            ctxt['stat_port'] = ':8888'
++
++        for frontend in cluster_hosts:
++            if (len(cluster_hosts[frontend]['backends']) > 1 or
++                    self.singlenode_mode):
++                # Enable haproxy when we have enough peers.
++                log('Ensuring haproxy enabled in /etc/default/haproxy.',
++                    level=DEBUG)
++                with open('/etc/default/haproxy', 'w') as out:
++                    out.write('ENABLED=1\n')
++
++                return ctxt
++
++        log('HAProxy context is incomplete, this unit has no peers.',
++            level=INFO)
++        return {}
++
++
++class ImageServiceContext(OSContextGenerator):
++    interfaces = ['image-service']
++
++    def __call__(self):
++        """Obtains the glance API server from the image-service relation.
++        Useful in nova and cinder (currently).
++        """
++        log('Generating template context for image-service.', level=DEBUG)
++        rids = relation_ids('image-service')
++        if not rids:
++            return {}
++
++        for rid in rids:
++            for unit in related_units(rid):
++                api_server = relation_get('glance-api-server',
++                                          rid=rid, unit=unit)
++                if api_server:
++                    return {'glance_api_servers': api_server}
++
++        log("ImageService context is incomplete. Missing required relation "
++            "data.", level=INFO)
++        return {}
++
++
++class ApacheSSLContext(OSContextGenerator):
++    """Generates a context for an apache vhost configuration that configures
++    HTTPS reverse proxying for one or many endpoints.  Generated context
++    looks something like::
++
++        {
++            'namespace': 'cinder',
++            'private_address': 'iscsi.mycinderhost.com',
++            'endpoints': [(8776, 8766), (8777, 8767)]
++        }
++
++    The endpoints list consists of a tuples mapping external ports
++    to internal ports.
++    """
++    interfaces = ['https']
++
++    # charms should inherit this context and set external ports
++    # and service namespace accordingly.
++    external_ports = []
++    service_namespace = None
++
++    def enable_modules(self):
++        cmd = ['a2enmod', 'ssl', 'proxy', 'proxy_http']
++        check_call(cmd)
++
++    def configure_cert(self, cn=None):
++        ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace)
++        mkdir(path=ssl_dir)
++        cert, key = get_cert(cn)
++        if cn:
++            cert_filename = 'cert_{}'.format(cn)
++            key_filename = 'key_{}'.format(cn)
++        else:
++            cert_filename = 'cert'
++            key_filename = 'key'
++
++        write_file(path=os.path.join(ssl_dir, cert_filename),
++                   content=b64decode(cert))
++        write_file(path=os.path.join(ssl_dir, key_filename),
++                   content=b64decode(key))
++
++    def configure_ca(self):
++        ca_cert = get_ca_cert()
++        if ca_cert:
++            install_ca_cert(b64decode(ca_cert))
++
++    def canonical_names(self):
++        """Figure out which canonical names clients will access this service.
++        """
++        cns = []
++        for r_id in relation_ids('identity-service'):
++            for unit in related_units(r_id):
++                rdata = relation_get(rid=r_id, unit=unit)
++                for k in rdata:
++                    if k.startswith('ssl_key_'):
++                        cns.append(k.lstrip('ssl_key_'))
++
++        return sorted(list(set(cns)))
++
++    def get_network_addresses(self):
++        """For each network configured, return corresponding address and vip
++           (if available).
++
++        Returns a list of tuples of the form:
++
++            [(address_in_net_a, vip_in_net_a),
++             (address_in_net_b, vip_in_net_b),
++             ...]
++
++            or, if no vip(s) available:
++
++            [(address_in_net_a, address_in_net_a),
++             (address_in_net_b, address_in_net_b),
++             ...]
++        """
++        addresses = []
++        if config('vip'):
++            vips = config('vip').split()
++        else:
++            vips = []
++
++        for net_type in ['os-internal-network', 'os-admin-network',
++                         'os-public-network']:
++            addr = get_address_in_network(config(net_type),
++                                          unit_get('private-address'))
++            if len(vips) > 1 and is_clustered():
++                if not config(net_type):
++                    log("Multiple networks configured but net_type "
++                        "is None (%s)." % net_type, level=WARNING)
++                    continue
++
++                for vip in vips:
++                    if is_address_in_network(config(net_type), vip):
++                        addresses.append((addr, vip))
++                        break
++
++            elif is_clustered() and config('vip'):
++                addresses.append((addr, config('vip')))
++            else:
++                addresses.append((addr, addr))
++
++        return sorted(addresses)
++
++    def __call__(self):
++        if isinstance(self.external_ports, six.string_types):
++            self.external_ports = [self.external_ports]
++
++        if not self.external_ports or not https():
++            return {}
++
++        self.configure_ca()
++        self.enable_modules()
++
++        ctxt = {'namespace': self.service_namespace,
++                'endpoints': [],
++                'ext_ports': []}
++
++        for cn in self.canonical_names():
++            self.configure_cert(cn)
++
++        addresses = self.get_network_addresses()
++        for address, endpoint in sorted(set(addresses)):
++            for api_port in self.external_ports:
++                ext_port = determine_apache_port(api_port,
++                                                 singlenode_mode=True)
++                int_port = determine_api_port(api_port, singlenode_mode=True)
++                portmap = (address, endpoint, int(ext_port), int(int_port))
++                ctxt['endpoints'].append(portmap)
++                ctxt['ext_ports'].append(int(ext_port))
++
++        ctxt['ext_ports'] = sorted(list(set(ctxt['ext_ports'])))
++        return ctxt
++
++
++class NeutronContext(OSContextGenerator):
++    interfaces = []
++
++    @property
++    def plugin(self):
++        return None
++
++    @property
++    def network_manager(self):
++        return None
++
++    @property
++    def packages(self):
++        return neutron_plugin_attribute(self.plugin, 'packages',
++                                        self.network_manager)
++
++    @property
++    def neutron_security_groups(self):
++        return None
++
++    def _ensure_packages(self):
++        for pkgs in self.packages:
++            ensure_packages(pkgs)
++
++    def _save_flag_file(self):
++        if self.network_manager == 'quantum':
++            _file = '/etc/nova/quantum_plugin.conf'
++        else:
++            _file = '/etc/nova/neutron_plugin.conf'
++
++        with open(_file, 'wb') as out:
++            out.write(self.plugin + '\n')
++
++    def ovs_ctxt(self):
++        driver = neutron_plugin_attribute(self.plugin, 'driver',
++                                          self.network_manager)
++        config = neutron_plugin_attribute(self.plugin, 'config',
++                                          self.network_manager)
++        ovs_ctxt = {'core_plugin': driver,
++                    'neutron_plugin': 'ovs',
++                    'neutron_security_groups': self.neutron_security_groups,
++                    'local_ip': unit_private_ip(),
++                    'config': config}
++
++        return ovs_ctxt
++
++    def nvp_ctxt(self):
++        driver = neutron_plugin_attribute(self.plugin, 'driver',
++                                          self.network_manager)
++        config = neutron_plugin_attribute(self.plugin, 'config',
++                                          self.network_manager)
++        nvp_ctxt = {'core_plugin': driver,
++                    'neutron_plugin': 'nvp',
++                    'neutron_security_groups': self.neutron_security_groups,
++                    'local_ip': unit_private_ip(),
++                    'config': config}
++
++        return nvp_ctxt
++
++    def n1kv_ctxt(self):
++        driver = neutron_plugin_attribute(self.plugin, 'driver',
++                                          self.network_manager)
++        n1kv_config = neutron_plugin_attribute(self.plugin, 'config',
++                                               self.network_manager)
++        n1kv_user_config_flags = config('n1kv-config-flags')
++        restrict_policy_profiles = config('n1kv-restrict-policy-profiles')
++        n1kv_ctxt = {'core_plugin': driver,
++                     'neutron_plugin': 'n1kv',
++                     'neutron_security_groups': self.neutron_security_groups,
++                     'local_ip': unit_private_ip(),
++                     'config': n1kv_config,
++                     'vsm_ip': config('n1kv-vsm-ip'),
++                     'vsm_username': config('n1kv-vsm-username'),
++                     'vsm_password': config('n1kv-vsm-password'),
++                     'restrict_policy_profiles': restrict_policy_profiles}
++
++        if n1kv_user_config_flags:
++            flags = config_flags_parser(n1kv_user_config_flags)
++            n1kv_ctxt['user_config_flags'] = flags
++
++        return n1kv_ctxt
++
++    def calico_ctxt(self):
++        driver = neutron_plugin_attribute(self.plugin, 'driver',
++                                          self.network_manager)
++        config = neutron_plugin_attribute(self.plugin, 'config',
++                                          self.network_manager)
++        calico_ctxt = {'core_plugin': driver,
++                       'neutron_plugin': 'Calico',
++                       'neutron_security_groups': self.neutron_security_groups,
++                       'local_ip': unit_private_ip(),
++                       'config': config}
++
++        return calico_ctxt
++
++    def neutron_ctxt(self):
++        if https():
++            proto = 'https'
++        else:
++            proto = 'http'
++
++        if is_clustered():
++            host = config('vip')
++        else:
++            host = unit_get('private-address')
++
++        ctxt = {'network_manager': self.network_manager,
++                'neutron_url': '%s://%s:%s' % (proto, host, '9696')}
++        return ctxt
++
++    def __call__(self):
++        self._ensure_packages()
++
++        if self.network_manager not in ['quantum', 'neutron']:
++            return {}
++
++        if not self.plugin:
++            return {}
++
++        ctxt = self.neutron_ctxt()
++
++        if self.plugin == 'ovs':
++            ctxt.update(self.ovs_ctxt())
++        elif self.plugin in ['nvp', 'nsx']:
++            ctxt.update(self.nvp_ctxt())
++        elif self.plugin == 'n1kv':
++            ctxt.update(self.n1kv_ctxt())
++        elif self.plugin == 'Calico':
++            ctxt.update(self.calico_ctxt())
++
++        alchemy_flags = config('neutron-alchemy-flags')
++        if alchemy_flags:
++            flags = config_flags_parser(alchemy_flags)
++            ctxt['neutron_alchemy_flags'] = flags
++
++        self._save_flag_file()
++        return ctxt
++
++
++class OSConfigFlagContext(OSContextGenerator):
++    """Provides support for user-defined config flags.
++
++    Users can define a comma-seperated list of key=value pairs
++    in the charm configuration and apply them at any point in
++    any file by using a template flag.
++
++    Sometimes users might want config flags inserted within a
++    specific section so this class allows users to specify the
++    template flag name, allowing for multiple template flags
++    (sections) within the same context.
++
++    NOTE: the value of config-flags may be a comma-separated list of
++          key=value pairs and some Openstack config files support
++          comma-separated lists as values.
++    """
++
++    def __init__(self, charm_flag='config-flags',
++                 template_flag='user_config_flags'):
++        """
++        :param charm_flag: config flags in charm configuration.
++        :param template_flag: insert point for user-defined flags in template
++                              file.
++        """
++        super(OSConfigFlagContext, self).__init__()
++        self._charm_flag = charm_flag
++        self._template_flag = template_flag
++
++    def __call__(self):
++        config_flags = config(self._charm_flag)
++        if not config_flags:
++            return {}
++
++        return {self._template_flag:
++                config_flags_parser(config_flags)}
++
++
++class SubordinateConfigContext(OSContextGenerator):
++
++    """
++    Responsible for inspecting relations to subordinates that
++    may be exporting required config via a json blob.
++
++    The subordinate interface allows subordinates to export their
++    configuration requirements to the principle for multiple config
++    files and multiple serivces.  Ie, a subordinate that has interfaces
++    to both glance and nova may export to following yaml blob as json::
++
++        glance:
++            /etc/glance/glance-api.conf:
++                sections:
++                    DEFAULT:
++                        - [key1, value1]
++            /etc/glance/glance-registry.conf:
++                    MYSECTION:
++                        - [key2, value2]
++        nova:
++            /etc/nova/nova.conf:
++                sections:
++                    DEFAULT:
++                        - [key3, value3]
++
++
++    It is then up to the principle charms to subscribe this context to
++    the service+config file it is interestd in.  Configuration data will
++    be available in the template context, in glance's case, as::
++
++        ctxt = {
++            ... other context ...
++            'subordinate_config': {
++                'DEFAULT': {
++                    'key1': 'value1',
++                },
++                'MYSECTION': {
++                    'key2': 'value2',
++                },
++            }
++        }
++    """
++
++    def __init__(self, service, config_file, interface):
++        """
++        :param service     : Service name key to query in any subordinate
++                             data found
++        :param config_file : Service's config file to query sections
++        :param interface   : Subordinate interface to inspect
++        """
++        self.service = service
++        self.config_file = config_file
++        self.interface = interface
++
++    def __call__(self):
++        ctxt = {'sections': {}}
++        for rid in relation_ids(self.interface):
++            for unit in related_units(rid):
++                sub_config = relation_get('subordinate_configuration',
++                                          rid=rid, unit=unit)
++                if sub_config and sub_config != '':
++                    try:
++                        sub_config = json.loads(sub_config)
++                    except:
++                        log('Could not parse JSON from subordinate_config '
++                            'setting from %s' % rid, level=ERROR)
++                        continue
++
++                    if self.service not in sub_config:
++                        log('Found subordinate_config on %s but it contained'
++                            'nothing for %s service' % (rid, self.service),
++                            level=INFO)
++                        continue
++
++                    sub_config = sub_config[self.service]
++                    if self.config_file not in sub_config:
++                        log('Found subordinate_config on %s but it contained'
++                            'nothing for %s' % (rid, self.config_file),
++                            level=INFO)
++                        continue
++
++                    sub_config = sub_config[self.config_file]
++                    for k, v in six.iteritems(sub_config):
++                        if k == 'sections':
++                            for section, config_dict in six.iteritems(v):
++                                log("adding section '%s'" % (section),
++                                    level=DEBUG)
++                                ctxt[k][section] = config_dict
++                        else:
++                            ctxt[k] = v
++
++        log("%d section(s) found" % (len(ctxt['sections'])), level=DEBUG)
++        return ctxt
++
++
++class LogLevelContext(OSContextGenerator):
++
++    def __call__(self):
++        ctxt = {}
++        ctxt['debug'] = \
++            False if config('debug') is None else config('debug')
++        ctxt['verbose'] = \
++            False if config('verbose') is None else config('verbose')
++
++        return ctxt
++
++
++class SyslogContext(OSContextGenerator):
++
++    def __call__(self):
++        ctxt = {'use_syslog': config('use-syslog')}
++        return ctxt
++
++
++class BindHostContext(OSContextGenerator):
++
++    def __call__(self):
++        if config('prefer-ipv6'):
++            return {'bind_host': '::'}
++        else:
++            return {'bind_host': '0.0.0.0'}
++
++
++class WorkerConfigContext(OSContextGenerator):
++
++    @property
++    def num_cpus(self):
++        try:
++            from psutil import NUM_CPUS
++        except ImportError:
++            apt_install('python-psutil', fatal=True)
++            from psutil import NUM_CPUS
++
++        return NUM_CPUS
++
++    def __call__(self):
++        multiplier = config('worker-multiplier') or 0
++        ctxt = {"workers": self.num_cpus * multiplier}
++        return ctxt
++
++
++class ZeroMQContext(OSContextGenerator):
++    interfaces = ['zeromq-configuration']
++
++    def __call__(self):
++        ctxt = {}
++        if is_relation_made('zeromq-configuration', 'host'):
++            for rid in relation_ids('zeromq-configuration'):
++                    for unit in related_units(rid):
++                        ctxt['zmq_nonce'] = relation_get('nonce', unit, rid)
++                        ctxt['zmq_host'] = relation_get('host', unit, rid)
++
++        return ctxt
++
++
++class NotificationDriverContext(OSContextGenerator):
++
++    def __init__(self, zmq_relation='zeromq-configuration',
++                 amqp_relation='amqp'):
++        """
++        :param zmq_relation: Name of Zeromq relation to check
++        """
++        self.zmq_relation = zmq_relation
++        self.amqp_relation = amqp_relation
++
++    def __call__(self):
++        ctxt = {'notifications': 'False'}
++        if is_relation_made(self.amqp_relation):
++            ctxt['notifications'] = "True"
++
++        return ctxt
++
++
++class SysctlContext(OSContextGenerator):
++    """This context check if the 'sysctl' option exists on configuration
++    then creates a file with the loaded contents"""
++    def __call__(self):
++        sysctl_dict = config('sysctl')
++        if sysctl_dict:
++            sysctl_create(sysctl_dict,
++                          '/etc/sysctl.d/50-{0}.conf'.format(charm_name()))
++        return {'sysctl': sysctl_dict}
 === added file 'hooks/charmhelpers/contrib/openstack/ip.py'
 --- hooks/charmhelpers/contrib/openstack/ip.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/ip.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,109 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++from charmhelpers.core.hookenv import (
++    config,
++    unit_get,
++)
++from charmhelpers.contrib.network.ip import (
++    get_address_in_network,
++    is_address_in_network,
++    is_ipv6,
++    get_ipv6_addr,
++)
++from charmhelpers.contrib.hahelpers.cluster import is_clustered
++
++PUBLIC = 'public'
++INTERNAL = 'int'
++ADMIN = 'admin'
++
++ADDRESS_MAP = {
++    PUBLIC: {
++        'config': 'os-public-network',
++        'fallback': 'public-address'
++    },
++    INTERNAL: {
++        'config': 'os-internal-network',
++        'fallback': 'private-address'
++    },
++    ADMIN: {
++        'config': 'os-admin-network',
++        'fallback': 'private-address'
++    }
++}
++
++
++def canonical_url(configs, endpoint_type=PUBLIC):
++    """Returns the correct HTTP URL to this host given the state of HTTPS
++    configuration, hacluster and charm configuration.
++
++    :param configs: OSTemplateRenderer config templating object to inspect
++                    for a complete https context.
++    :param endpoint_type: str endpoint type to resolve.
++    :param returns: str base URL for services on the current service unit.
++    """
++    scheme = 'http'
++    if 'https' in configs.complete_contexts():
++        scheme = 'https'
++    address = resolve_address(endpoint_type)
++    if is_ipv6(address):
++        address = "[{}]".format(address)
++    return '%s://%s' % (scheme, address)
++
++
++def resolve_address(endpoint_type=PUBLIC):
++    """Return unit address depending on net config.
++
++    If unit is clustered with vip(s) and has net splits defined, return vip on
++    correct network. If clustered with no nets defined, return primary vip.
++
++    If not clustered, return unit address ensuring address is on configured net
++    split if one is configured.
++
++    :param endpoint_type: Network endpoing type
++    """
++    resolved_address = None
++    vips = config('vip')
++    if vips:
++        vips = vips.split()
++
++    net_type = ADDRESS_MAP[endpoint_type]['config']
++    net_addr = config(net_type)
++    net_fallback = ADDRESS_MAP[endpoint_type]['fallback']
++    clustered = is_clustered()
++    if clustered:
++        if not net_addr:
++            # If no net-splits defined, we expect a single vip
++            resolved_address = vips[0]
++        else:
++            for vip in vips:
++                if is_address_in_network(net_addr, vip):
++                    resolved_address = vip
++                    break
++    else:
++        if config('prefer-ipv6'):
++            fallback_addr = get_ipv6_addr(exc_list=vips)[0]
++        else:
++            fallback_addr = unit_get(net_fallback)
++
++        resolved_address = get_address_in_network(net_addr, fallback_addr)
++
++    if resolved_address is None:
++        raise ValueError("Unable to resolve a suitable IP address based on "
++                         "charm state and configuration. (net_type=%s, "
++                         "clustered=%s)" % (net_type, clustered))
++
++    return resolved_address
 === added file 'hooks/charmhelpers/contrib/openstack/neutron.py'
 --- hooks/charmhelpers/contrib/openstack/neutron.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/neutron.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,239 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++# Various utilies for dealing with Neutron and the renaming from Quantum.
++
++from subprocess import check_output
++
++from charmhelpers.core.hookenv import (
++    config,
++    log,
++    ERROR,
++)
++
++from charmhelpers.contrib.openstack.utils import os_release
++
++
++def headers_package():
++    """Ensures correct linux-headers for running kernel are installed,
++    for building DKMS package"""
++    kver = check_output(['uname', '-r']).decode('UTF-8').strip()
++    return 'linux-headers-%s' % kver
++
++QUANTUM_CONF_DIR = '/etc/quantum'
++
++
++def kernel_version():
++    """ Retrieve the current major kernel version as a tuple e.g. (3, 13) """
++    kver = check_output(['uname', '-r']).decode('UTF-8').strip()
++    kver = kver.split('.')
++    return (int(kver[0]), int(kver[1]))
++
++
++def determine_dkms_package():
++    """ Determine which DKMS package should be used based on kernel version """
++    # NOTE: 3.13 kernels have support for GRE and VXLAN native
++    if kernel_version() >= (3, 13):
++        return []
++    else:
++        return ['openvswitch-datapath-dkms']
++
++
++# legacy
++
++
++def quantum_plugins():
++    from charmhelpers.contrib.openstack import context
++    return {
++        'ovs': {
++            'config': '/etc/quantum/plugins/openvswitch/'
++                      'ovs_quantum_plugin.ini',
++            'driver': 'quantum.plugins.openvswitch.ovs_quantum_plugin.'
++                      'OVSQuantumPluginV2',
++            'contexts': [
++                context.SharedDBContext(user=config('neutron-database-user'),
++                                        database=config('neutron-database'),
++                                        relation_prefix='neutron',
++                                        ssl_dir=QUANTUM_CONF_DIR)],
++            'services': ['quantum-plugin-openvswitch-agent'],
++            'packages': [[headers_package()] + determine_dkms_package(),
++                         ['quantum-plugin-openvswitch-agent']],
++            'server_packages': ['quantum-server',
++                                'quantum-plugin-openvswitch'],
++            'server_services': ['quantum-server']
++        },
++        'nvp': {
++            'config': '/etc/quantum/plugins/nicira/nvp.ini',
++            'driver': 'quantum.plugins.nicira.nicira_nvp_plugin.'
++                      'QuantumPlugin.NvpPluginV2',
++            'contexts': [
++                context.SharedDBContext(user=config('neutron-database-user'),
++                                        database=config('neutron-database'),
++                                        relation_prefix='neutron',
++                                        ssl_dir=QUANTUM_CONF_DIR)],
++            'services': [],
++            'packages': [],
++            'server_packages': ['quantum-server',
++                                'quantum-plugin-nicira'],
++            'server_services': ['quantum-server']
++        }
++    }
++
++NEUTRON_CONF_DIR = '/etc/neutron'
++
++
++def neutron_plugins():
++    from charmhelpers.contrib.openstack import context
++    release = os_release('nova-common')
++    plugins = {
++        'ovs': {
++            'config': '/etc/neutron/plugins/openvswitch/'
++                      'ovs_neutron_plugin.ini',
++            'driver': 'neutron.plugins.openvswitch.ovs_neutron_plugin.'
++                      'OVSNeutronPluginV2',
++            'contexts': [
++                context.SharedDBContext(user=config('neutron-database-user'),
++                                        database=config('neutron-database'),
++                                        relation_prefix='neutron',
++                                        ssl_dir=NEUTRON_CONF_DIR)],
++            'services': ['neutron-plugin-openvswitch-agent'],
++            'packages': [[headers_package()] + determine_dkms_package(),
++                         ['neutron-plugin-openvswitch-agent']],
++            'server_packages': ['neutron-server',
++                                'neutron-plugin-openvswitch'],
++            'server_services': ['neutron-server']
++        },
++        'nvp': {
++            'config': '/etc/neutron/plugins/nicira/nvp.ini',
++            'driver': 'neutron.plugins.nicira.nicira_nvp_plugin.'
++                      'NeutronPlugin.NvpPluginV2',
++            'contexts': [
++                context.SharedDBContext(user=config('neutron-database-user'),
++                                        database=config('neutron-database'),
++                                        relation_prefix='neutron',
++                                        ssl_dir=NEUTRON_CONF_DIR)],
++            'services': [],
++            'packages': [],
++            'server_packages': ['neutron-server',
++                                'neutron-plugin-nicira'],
++            'server_services': ['neutron-server']
++        },
++        'nsx': {
++            'config': '/etc/neutron/plugins/vmware/nsx.ini',
++            'driver': 'vmware',
++            'contexts': [
++                context.SharedDBContext(user=config('neutron-database-user'),
++                                        database=config('neutron-database'),
++                                        relation_prefix='neutron',
++                                        ssl_dir=NEUTRON_CONF_DIR)],
++            'services': [],
++            'packages': [],
++            'server_packages': ['neutron-server',
++                                'neutron-plugin-vmware'],
++            'server_services': ['neutron-server']
++        },
++        'n1kv': {
++            'config': '/etc/neutron/plugins/cisco/cisco_plugins.ini',
++            'driver': 'neutron.plugins.cisco.network_plugin.PluginV2',
++            'contexts': [
++                context.SharedDBContext(user=config('neutron-database-user'),
++                                        database=config('neutron-database'),
++                                        relation_prefix='neutron',
++                                        ssl_dir=NEUTRON_CONF_DIR)],
++            'services': [],
++            'packages': [[headers_package()] + determine_dkms_package(),
++                         ['neutron-plugin-cisco']],
++            'server_packages': ['neutron-server',
++                                'neutron-plugin-cisco'],
++            'server_services': ['neutron-server']
++        },
++        'Calico': {
++            'config': '/etc/neutron/plugins/ml2/ml2_conf.ini',
++            'driver': 'neutron.plugins.ml2.plugin.Ml2Plugin',
++            'contexts': [
++                context.SharedDBContext(user=config('neutron-database-user'),
++                                        database=config('neutron-database'),
++                                        relation_prefix='neutron',
++                                        ssl_dir=NEUTRON_CONF_DIR)],
++            'services': ['calico-felix',
++                         'bird',
++                         'neutron-dhcp-agent',
++                         'nova-api-metadata'],
++            'packages': [[headers_package()] + determine_dkms_package(),
++                         ['calico-compute',
++                          'bird',
++                          'neutron-dhcp-agent',
++                          'nova-api-metadata']],
++            'server_packages': ['neutron-server', 'calico-control'],
++            'server_services': ['neutron-server']
++        }
++    }
++    if release >= 'icehouse':
++        # NOTE: patch in ml2 plugin for icehouse onwards
++        plugins['ovs']['config'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
++        plugins['ovs']['driver'] = 'neutron.plugins.ml2.plugin.Ml2Plugin'
++        plugins['ovs']['server_packages'] = ['neutron-server',
++                                             'neutron-plugin-ml2']
++        # NOTE: patch in vmware renames nvp->nsx for icehouse onwards
++        plugins['nvp'] = plugins['nsx']
++    return plugins
++
++
++def neutron_plugin_attribute(plugin, attr, net_manager=None):
++    manager = net_manager or network_manager()
++    if manager == 'quantum':
++        plugins = quantum_plugins()
++    elif manager == 'neutron':
++        plugins = neutron_plugins()
++    else:
++        log("Network manager '%s' does not support plugins." % (manager),
++            level=ERROR)
++        raise Exception
++
++    try:
++        _plugin = plugins[plugin]
++    except KeyError:
++        log('Unrecognised plugin for %s: %s' % (manager, plugin), level=ERROR)
++        raise Exception
++
++    try:
++        return _plugin[attr]
++    except KeyError:
++        return None
++
++
++def network_manager():
++    '''
++    Deals with the renaming of Quantum to Neutron in H and any situations
++    that require compatability (eg, deploying H with network-manager=quantum,
++    upgrading from G).
++    '''
++    release = os_release('nova-common')
++    manager = config('network-manager').lower()
++
++    if manager not in ['quantum', 'neutron']:
++        return manager
++
++    if release in ['essex']:
++        # E does not support neutron
++        log('Neutron networking not supported in Essex.', level=ERROR)
++        raise Exception
++    elif release in ['folsom', 'grizzly']:
++        # neutron is named quantum in F and G
++        return 'quantum'
++    else:
++        # ensure accurate naming for all releases post-H
++        return 'neutron'
 === added directory 'hooks/charmhelpers/contrib/openstack/templates'
 === added file 'hooks/charmhelpers/contrib/openstack/templates/__init__.py'
 --- hooks/charmhelpers/contrib/openstack/templates/__init__.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/templates/__init__.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,18 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++# dummy __init__.py to fool syncer into thinking this is a syncable python
++# module
 === added file 'hooks/charmhelpers/contrib/openstack/templating.py'
 --- hooks/charmhelpers/contrib/openstack/templating.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/contrib/openstack/templating.py	2016-01-25 23:33:21 +0000
@@ -0,0 +1,295 @@
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++import os
++
++import six
++
++from charmhelpers.fetch import apt_install
++from charmhelpers.core.hookenv import (
++    log,
++    ERROR,
++    INFO
++)
++from charmhelpers.contrib.openstack.utils import OPENSTACK_CODENAMES
++
++try:
++    from jinja2 import FileSystemLoader, ChoiceLoader, Environment, exceptions
++except ImportError:
++    # python-jinja2 may not be installed yet, or we're running unittests.
++    FileSystemLoader = ChoiceLoader = Environment = exceptions = None
++
++
++class OSConfigException(Exception):
++    pass
++
++
++def get_loader(templates_dir, os_release):
++    """
++    Create a jinja2.ChoiceLoader containing template dirs up to
++    and including os_release.  If directory template directory
++    is missing at templates_dir, it will be omitted from the loader.
++    templates_dir is added to the bottom of the search list as a base
++    loading dir.
++
++    A charm may also ship a templates dir with this module
++    and it will be appended to the bottom of the search list, eg::
++
++        hooks/charmhelpers/contrib/openstack/templates
++
++    :param templates_dir (str): Base template directory containing release
++        sub-directories.
++    :param os_release (str): OpenStack release codename to construct template
++        loader.

Juju Charms Collectionhwcert-pxe-server package

Merge lp:~pwlars/charms/wily/hwcert-pxe-server/init-pxe-server into lp:~canonical-hw-cert/charms/wily/hwcert-pxe-server/trunk

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
hwcert-pxe-server package