charm-openstack-service-checks

Merge ~raychan96/charm-openstack-service-checks:bug_2003327 into charm-openstack-service-checks:master

  1. Git
  2. lp:~raychan96/charm-openstack-service-checks
  3. bug_2003327
  4. Merge into master
Proposed by Chi Wai CHAN
Status: Merged
Approved by: Eric Chen
Approved revision: 74ed23c665d0234e9b278c8e22e279e72ecb9d34
Merged at revision: b9c9b559fe92cb352145348dbbdcb14b9ee03bff
Proposed branch: ~raychan96/charm-openstack-service-checks:bug_2003327
Merge into: charm-openstack-service-checks:master
Diff against target: 68 lines (+10/-4)
3 files modified
src/README.md (+5/-2)
src/config.yaml (+4/-1)
src/reactive/openstack_service_checks.py (+1/-1)
Reviewer Review Type Date Requested Status
Eric Chen Approve
🤖 prod-jenkaas-bootstack (community) continuous-integration Approve
JamesLin Approve
BootStack Reviewers Pending
Review via email: mp+437653@code.launchpad.net

Commit message

The command update-ca-certificates should be used with --fresh to re-generate all symbolic links in /etc/ssl/certs. This can prevent mis-configuration of "trusted_ssl_ca", for example missing symlink to a .pem file because "trusted_ssl_ca" does not contain exactly one certificate or CRL, to be fixed by reconfiguration. Also updated the description for "trusted_ssl_ca" to clarify how to use it.

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
🤖 prod-jenkaas-bootstack (prod-jenkaas-bootstack) wrote :

FAILED: Continuous integration, rev:1ce52bbb504f16da76e15ea7100b8a711fc82e4f
https://jenkins.canonical.com/bootstack/job/lp-charm-openstack-service-checks-ci/1/
Executed test runs:
    FAILURE: https://jenkins.canonical.com/bootstack/job/lp-charm-test-functest/109/
    None: https://jenkins.canonical.com/bootstack/job/lp-update-mp/38/

Click here to trigger a rebuild:
https://jenkins.canonical.com/bootstack/job/lp-charm-openstack-service-checks-ci/1//rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
🤖 prod-jenkaas-bootstack (prod-jenkaas-bootstack) wrote :

FAILED: Continuous integration, rev:74ed23c665d0234e9b278c8e22e279e72ecb9d34
https://jenkins.canonical.com/bootstack/job/lp-charm-openstack-service-checks-ci/2/
Executed test runs:
    FAILURE: https://jenkins.canonical.com/bootstack/job/lp-charm-test-functest/110/
    None: https://jenkins.canonical.com/bootstack/job/lp-update-mp/39/

Click here to trigger a rebuild:
https://jenkins.canonical.com/bootstack/job/lp-charm-openstack-service-checks-ci/2//rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Chi Wai CHAN (raychan96) wrote :

Failing because of https://github.com/canonical/snap-mysqld-exporter/issues/4

Revision history for this message
JamesLin (jneo8) wrote :

LGTM. Wait for functional test pass.

review: Approve
Revision history for this message
🤖 prod-jenkaas-bootstack (prod-jenkaas-bootstack) wrote :

PASSED: Continuous integration, rev:74ed23c665d0234e9b278c8e22e279e72ecb9d34
https://jenkins.canonical.com/bootstack/job/lp-charm-openstack-service-checks-ci/6/
Executed test runs:
    SUCCESS: https://jenkins.canonical.com/bootstack/job/lp-charm-test-functest/126/
    None: https://jenkins.canonical.com/bootstack/job/lp-update-mp/54/

Click here to trigger a rebuild:
https://jenkins.canonical.com/bootstack/job/lp-charm-openstack-service-checks-ci/6//rebuild

review: Approve (continuous-integration)
Revision history for this message
Eric Chen (eric-chen) wrote :

LGTM

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision b9c9b559fe92cb352145348dbbdcb14b9ee03bff

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/src/README.md b/src/README.md
2index ab52a54..09361a1 100644
3--- a/src/README.md
4+++ b/src/README.md
5@@ -48,7 +48,7 @@ use of the following config items.
6 ### Course Grain
7
8 * `check-octavia`: `true` or `false` can enable or disable checks
9-
10+
11 ### Fine Grain
12
13 * `octavia-loadbalancers-ignored`
14@@ -57,7 +57,7 @@ use of the following config items.
15 * `octavia-image-ignored`
16
17 Each of these config items adds an ignore-list of keywords. Each keyword in
18-the ignore list will be blocked when it appears in the output of the check.
19+the ignore list will be blocked when it appears in the output of the check.
20
21 #### Examples
22
23@@ -180,6 +180,9 @@ juju run-action --wait vault/0 get-root-ca --format json \
24 juju config openstack-service-checks trusted_ssl_ca={}
25 ```
26
27+If you are using configuration options provided by the charm such as cinder, you
28+will need to provide the root CA certificate to the `trusted_ssl_ca`.
29+
30 # Contact information
31
32 Please contact Canonical's BootStack team via the "Submit a bug" link.
33diff --git a/src/config.yaml b/src/config.yaml
34index ffff1c3..3fb426a 100644
35--- a/src/config.yaml
36+++ b/src/config.yaml
37@@ -41,7 +41,7 @@ options:
38 type: boolean
39 description: |
40 Switch to turn on or off check for horizon connectivity and login.
41- A website relation with openstack-dashboard(horizon) is a prerequisite.
42+ A website relation with openstack-dashboard(horizon) is a prerequisite.
43 check-mysql-innodb-cluster:
44 default: False
45 type: boolean
46@@ -143,6 +143,9 @@ options:
47 default: ''
48 description: |
49 base64 encoded SSL ca cert to use for OpenStack API client connections.
50+ Note that it should only contain exactly one certificate, presumably the
51+ root certificate. For more information, you can refer to the man page of
52+ `update-ca-certificates` and `openssl rehash`.
53 skip-disabled:
54 type: boolean
55 default: false
56diff --git a/src/reactive/openstack_service_checks.py b/src/reactive/openstack_service_checks.py
57index e572128..d145f1f 100644
58--- a/src/reactive/openstack_service_checks.py
59+++ b/src/reactive/openstack_service_checks.py
60@@ -204,7 +204,7 @@ def render_config():
61 try:
62 with open(CERT_FILE, "w") as fd:
63 fd.write(cert_content)
64- subprocess.call(["/usr/sbin/update-ca-certificates"])
65+ subprocess.call(["/usr/sbin/update-ca-certificates", "--fresh"])
66
67 except subprocess.CalledProcessError as error:
68 hookenv.log(

Subscribers

People subscribed via source and target branches

to all changes: