Juju Charms Collection
nova-cloud-controller package

Merge lp:~xianghui/charms/trusty/nova-cloud-controller/live_migration into lp:~openstack-charmers-archive/charms/trusty/nova-cloud-controller/next

Proposed by Xiang Hui on 2015-08-06

Status:

Merged

Merged at revision:

189

Proposed branch:

lp:~xianghui/charms/trusty/nova-cloud-controller/live_migration

Merge into:

lp:~openstack-charmers-archive/charms/trusty/nova-cloud-controller/next

Diff against target:

2135 lines (+1496/-110)

15 files modified

hooks/charmhelpers/contrib/network/ip.py (+5/-3)
hooks/charmhelpers/contrib/openstack/amulet/deployment.py (+13/-6)
hooks/charmhelpers/contrib/openstack/amulet/utils.py (+359/-0)
hooks/charmhelpers/contrib/openstack/context.py (+60/-16)
hooks/charmhelpers/contrib/openstack/templating.py (+29/-2)
hooks/charmhelpers/contrib/openstack/utils.py (+221/-1)
hooks/charmhelpers/contrib/storage/linux/ceph.py (+226/-13)
hooks/charmhelpers/core/host.py (+3/-4)
hooks/charmhelpers/core/kernel.py (+68/-0)
hooks/charmhelpers/core/strutils.py (+30/-0)
hooks/nova_cc_utils.py (+17/-5)
tests/charmhelpers/contrib/amulet/deployment.py (+4/-2)
tests/charmhelpers/contrib/amulet/utils.py (+96/-52)
tests/charmhelpers/contrib/openstack/amulet/utils.py (+359/-0)
unit_tests/test_nova_cc_utils.py (+6/-6)

To merge this branch:

bzr merge lp:~xianghui/charms/trusty/nova-cloud-controller/live_migration

Medium

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
Billy Olsen		2015-08-06	Approve on 2015-09-23
Review via email: mp+267132@code.launchpad.net

Description of the change

Fix live-migration failed when re-add nova-compute unit.

Revision history for this message

uosci-testing-bot (uosci-testing-bot) wrote on 2015-08-06:

charm_lint_check #7609 nova-cloud-controller-next for xianghui mp267132
LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/7609/

Revision history for this message

uosci-testing-bot (uosci-testing-bot) wrote on 2015-08-06:

charm_unit_test #7047 nova-cloud-controller-next for xianghui mp267132
UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/7047/

Revision history for this message

uosci-testing-bot (uosci-testing-bot) wrote on 2015-08-06:

charm_amulet_test #5646 nova-cloud-controller-next for xianghui mp267132
AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/12011951/
Build: http://10.245.162.77:8080/job/charm_amulet_test/5646/

lp:~xianghui/charms/trusty/nova-cloud-controller/live_migration updated on 2015-09-22

183. By Xiang Hui on 2015-09-22: Merge lp:charm-helpers.
184. By Xiang Hui on 2015-09-22: Fix conflicts.

Revision history for this message

uosci-testing-bot (uosci-testing-bot) wrote on 2015-09-22:

charm_lint_check #10420 nova-cloud-controller-next for xianghui mp267132
LINT FAIL: lint-test failed

LINT Results (max last 2 lines):
make: *** [lint] Error 1
ERROR:root:Make target returned non-zero.

Full lint test output: http://paste.ubuntu.com/12519228/
Build: http://10.245.162.77:8080/job/charm_lint_check/10420/

Revision history for this message

uosci-testing-bot (uosci-testing-bot) wrote on 2015-09-22:

charm_unit_test #9617 nova-cloud-controller-next for xianghui mp267132
UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/9617/

Revision history for this message

uosci-testing-bot (uosci-testing-bot) wrote on 2015-09-22:

charm_amulet_test #6564 nova-cloud-controller-next for xianghui mp267132
AMULET FAIL: amulet-test failed

AMULET Results (max last 2 lines):
make: *** [test] Error 1
ERROR:root:Make target returned non-zero.

Full amulet test output: http://paste.ubuntu.com/12519253/
Build: http://10.245.162.77:8080/job/charm_amulet_test/6564/

lp:~xianghui/charms/trusty/nova-cloud-controller/live_migration updated on 2015-09-22

185. By Xiang Hui on 2015-09-22: Fix lint error

Revision history for this message

uosci-testing-bot (uosci-testing-bot) wrote on 2015-09-22:

charm_lint_check #10428 nova-cloud-controller-next for xianghui mp267132
LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/10428/

Revision history for this message

uosci-testing-bot (uosci-testing-bot) wrote on 2015-09-22:

charm_unit_test #9619 nova-cloud-controller-next for xianghui mp267132
UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/9619/

Revision history for this message

uosci-testing-bot (uosci-testing-bot) wrote on 2015-09-22:

charm_amulet_test #6571 nova-cloud-controller-next for xianghui mp267132
AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/6571/

Revision history for this message

Billy Olsen (billy-olsen) wrote on 2015-09-23:

LGTM, thanks Xiang Hui!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Nobuto Murata

OpenStack Charmers

Xiang Hui

 === modified file 'hooks/charmhelpers/contrib/network/ip.py'
 --- hooks/charmhelpers/contrib/network/ip.py	2015-09-03 09:39:34 +0000
 +++ hooks/charmhelpers/contrib/network/ip.py	2015-09-22 06:12:36 +0000
@@ -23,7 +23,7 @@
  from functools import partial
  from charmhelpers.core.hookenv import unit_get
--from charmhelpers.fetch import apt_install
++from charmhelpers.fetch import apt_install, apt_update
  from charmhelpers.core.hookenv import (
      log,
      WARNING,
@@ -32,13 +32,15 @@
  try:
      import netifaces
  except ImportError:
--    apt_install('python-netifaces')
++    apt_update(fatal=True)
++    apt_install('python-netifaces', fatal=True)
      import netifaces
  try:
      import netaddr
  except ImportError:
--    apt_install('python-netaddr')
++    apt_update(fatal=True)
++    apt_install('python-netaddr', fatal=True)
      import netaddr
 === modified file 'hooks/charmhelpers/contrib/openstack/amulet/deployment.py'
 --- hooks/charmhelpers/contrib/openstack/amulet/deployment.py	2015-08-18 17:34:35 +0000
 +++ hooks/charmhelpers/contrib/openstack/amulet/deployment.py	2015-09-22 06:12:36 +0000
@@ -51,13 +51,17 @@
          else:
              base_series = self.current_next
--        if self.stable:
--            for svc in other_services:
++        for svc in other_services:
++            if svc['name'] in force_series_current:
++                base_series = self.current_next
++            # If a location has been explicitly set, use it
++            if svc.get('location'):
++                continue
++            if self.stable:
                  temp = 'lp:charms/{}/{}'
                  svc['location'] = temp.format(base_series,
                                                svc['name'])
--        else:
--            for svc in other_services:
++            else:
                  if svc['name'] in base_charms:
                      temp = 'lp:charms/{}/{}'
                      svc['location'] = temp.format(base_series,
@@ -66,6 +70,7 @@
                      temp = 'lp:~openstack-charmers/charms/{}/{}/next'
                      svc['location'] = temp.format(self.current_next,
                                                    svc['name'])
++
          return other_services
      def _add_services(self, this_service, other_services):
@@ -77,6 +82,8 @@
          services = other_services
          services.append(this_service)
++
++        # Charms which should use the source config option
          use_source = ['mysql', 'mongodb', 'rabbitmq-server', 'ceph',
                        'ceph-osd', 'ceph-radosgw']
          # Most OpenStack subordinate charms do not expose an origin option
@@ -85,13 +92,13 @@
          if self.openstack:
              for svc in services:
--                if svc['name'] not in use_source + ignore:
++                if svc['name'] not in use_source + no_origin:
                      config = {'openstack-origin': self.openstack}
                      self.d.configure(svc['name'], config)
          if self.source:
              for svc in services:
--                if svc['name'] in use_source and svc['name'] not in ignore:
++                if svc['name'] in use_source and svc['name'] not in no_origin:
                      config = {'source': self.source}
                      self.d.configure(svc['name'], config)
 === modified file 'hooks/charmhelpers/contrib/openstack/amulet/utils.py'
 --- hooks/charmhelpers/contrib/openstack/amulet/utils.py	2015-07-16 20:18:38 +0000
 +++ hooks/charmhelpers/contrib/openstack/amulet/utils.py	2015-09-22 06:12:36 +0000
@@ -27,6 +27,7 @@
  import heatclient.v1.client as heat_client
  import keystoneclient.v2_0 as keystone_client
  import novaclient.v1_1.client as nova_client
++import pika
  import swiftclient
  from charmhelpers.contrib.amulet.utils import (
@@ -602,3 +603,361 @@
              self.log.debug('Ceph {} samples (OK): '
                             '{}'.format(sample_type, samples))
              return None
++
++# rabbitmq/amqp specific helpers:
++    def add_rmq_test_user(self, sentry_units,
++                          username="testuser1", password="changeme"):
++        """Add a test user via the first rmq juju unit, check connection as
++        the new user against all sentry units.
++
++        :param sentry_units: list of sentry unit pointers
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :returns: None if successful.  Raise on error.
++        """
++        self.log.debug('Adding rmq user ({})...'.format(username))
++
++        # Check that user does not already exist
++        cmd_user_list = 'rabbitmqctl list_users'
++        output, _ = self.run_cmd_unit(sentry_units[0], cmd_user_list)
++        if username in output:
++            self.log.warning('User ({}) already exists, returning '
++                             'gracefully.'.format(username))
++            return
++
++        perms = '".*" ".*" ".*"'
++        cmds = ['rabbitmqctl add_user {} {}'.format(username, password),
++                'rabbitmqctl set_permissions {} {}'.format(username, perms)]
++
++        # Add user via first unit
++        for cmd in cmds:
++            output, _ = self.run_cmd_unit(sentry_units[0], cmd)
++
++        # Check connection against the other sentry_units
++        self.log.debug('Checking user connect against units...')
++        for sentry_unit in sentry_units:
++            connection = self.connect_amqp_by_unit(sentry_unit, ssl=False,
++                                                   username=username,
++                                                   password=password)
++            connection.close()
++
++    def delete_rmq_test_user(self, sentry_units, username="testuser1"):
++        """Delete a rabbitmq user via the first rmq juju unit.
++
++        :param sentry_units: list of sentry unit pointers
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :returns: None if successful or no such user.
++        """
++        self.log.debug('Deleting rmq user ({})...'.format(username))
++
++        # Check that the user exists
++        cmd_user_list = 'rabbitmqctl list_users'
++        output, _ = self.run_cmd_unit(sentry_units[0], cmd_user_list)
++
++        if username not in output:
++            self.log.warning('User ({}) does not exist, returning '
++                             'gracefully.'.format(username))
++            return
++
++        # Delete the user
++        cmd_user_del = 'rabbitmqctl delete_user {}'.format(username)
++        output, _ = self.run_cmd_unit(sentry_units[0], cmd_user_del)
++
++    def get_rmq_cluster_status(self, sentry_unit):
++        """Execute rabbitmq cluster status command on a unit and return
++        the full output.
++
++        :param unit: sentry unit
++        :returns: String containing console output of cluster status command
++        """
++        cmd = 'rabbitmqctl cluster_status'
++        output, _ = self.run_cmd_unit(sentry_unit, cmd)
++        self.log.debug('{} cluster_status:\n{}'.format(
++            sentry_unit.info['unit_name'], output))
++        return str(output)
++
++    def get_rmq_cluster_running_nodes(self, sentry_unit):
++        """Parse rabbitmqctl cluster_status output string, return list of
++        running rabbitmq cluster nodes.
++
++        :param unit: sentry unit
++        :returns: List containing node names of running nodes
++        """
++        # NOTE(beisner): rabbitmqctl cluster_status output is not
++        # json-parsable, do string chop foo, then json.loads that.
++        str_stat = self.get_rmq_cluster_status(sentry_unit)
++        if 'running_nodes' in str_stat:
++            pos_start = str_stat.find("{running_nodes,") + 15
++            pos_end = str_stat.find("]},", pos_start) + 1
++            str_run_nodes = str_stat[pos_start:pos_end].replace("'", '"')
++            run_nodes = json.loads(str_run_nodes)
++            return run_nodes
++        else:
++            return []
++
++    def validate_rmq_cluster_running_nodes(self, sentry_units):
++        """Check that all rmq unit hostnames are represented in the
++        cluster_status output of all units.
++
++        :param host_names: dict of juju unit names to host names
++        :param units: list of sentry unit pointers (all rmq units)
++        :returns: None if successful, otherwise return error message
++        """
++        host_names = self.get_unit_hostnames(sentry_units)
++        errors = []
++
++        # Query every unit for cluster_status running nodes
++        for query_unit in sentry_units:
++            query_unit_name = query_unit.info['unit_name']
++            running_nodes = self.get_rmq_cluster_running_nodes(query_unit)
++
++            # Confirm that every unit is represented in the queried unit's
++            # cluster_status running nodes output.
++            for validate_unit in sentry_units:
++                val_host_name = host_names[validate_unit.info['unit_name']]
++                val_node_name = 'rabbit@{}'.format(val_host_name)
++
++                if val_node_name not in running_nodes:
++                    errors.append('Cluster member check failed on {}: {} not '
++                                  'in {}\n'.format(query_unit_name,
++                                                   val_node_name,
++                                                   running_nodes))
++        if errors:
++            return ''.join(errors)
++
++    def rmq_ssl_is_enabled_on_unit(self, sentry_unit, port=None):
++        """Check a single juju rmq unit for ssl and port in the config file."""
++        host = sentry_unit.info['public-address']
++        unit_name = sentry_unit.info['unit_name']
++
++        conf_file = '/etc/rabbitmq/rabbitmq.config'
++        conf_contents = str(self.file_contents_safe(sentry_unit,
++                                                    conf_file, max_wait=16))
++        # Checks
++        conf_ssl = 'ssl' in conf_contents
++        conf_port = str(port) in conf_contents
++
++        # Port explicitly checked in config
++        if port and conf_port and conf_ssl:
++            self.log.debug('SSL is enabled  @{}:{} '
++                           '({})'.format(host, port, unit_name))
++            return True
++        elif port and not conf_port and conf_ssl:
++            self.log.debug('SSL is enabled @{} but not on port {} '
++                           '({})'.format(host, port, unit_name))
++            return False
++        # Port not checked (useful when checking that ssl is disabled)
++        elif not port and conf_ssl:
++            self.log.debug('SSL is enabled  @{}:{} '
++                           '({})'.format(host, port, unit_name))
++            return True
++        elif not port and not conf_ssl:
++            self.log.debug('SSL not enabled @{}:{} '
++                           '({})'.format(host, port, unit_name))
++            return False
++        else:
++            msg = ('Unknown condition when checking SSL status @{}:{} '
++                   '({})'.format(host, port, unit_name))
++            amulet.raise_status(amulet.FAIL, msg)
++
++    def validate_rmq_ssl_enabled_units(self, sentry_units, port=None):
++        """Check that ssl is enabled on rmq juju sentry units.
++
++        :param sentry_units: list of all rmq sentry units
++        :param port: optional ssl port override to validate
++        :returns: None if successful, otherwise return error message
++        """
++        for sentry_unit in sentry_units:
++            if not self.rmq_ssl_is_enabled_on_unit(sentry_unit, port=port):
++                return ('Unexpected condition:  ssl is disabled on unit '
++                        '({})'.format(sentry_unit.info['unit_name']))
++        return None
++
++    def validate_rmq_ssl_disabled_units(self, sentry_units):
++        """Check that ssl is enabled on listed rmq juju sentry units.
++
++        :param sentry_units: list of all rmq sentry units
++        :returns: True if successful.  Raise on error.
++        """
++        for sentry_unit in sentry_units:
++            if self.rmq_ssl_is_enabled_on_unit(sentry_unit):
++                return ('Unexpected condition:  ssl is enabled on unit '
++                        '({})'.format(sentry_unit.info['unit_name']))
++        return None
++
++    def configure_rmq_ssl_on(self, sentry_units, deployment,
++                             port=None, max_wait=60):
++        """Turn ssl charm config option on, with optional non-default
++        ssl port specification.  Confirm that it is enabled on every
++        unit.
++
++        :param sentry_units: list of sentry units
++        :param deployment: amulet deployment object pointer
++        :param port: amqp port, use defaults if None
++        :param max_wait: maximum time to wait in seconds to confirm
++        :returns: None if successful.  Raise on error.
++        """
++        self.log.debug('Setting ssl charm config option:  on')
++
++        # Enable RMQ SSL
++        config = {'ssl': 'on'}
++        if port:
++            config['ssl_port'] = port
++
++        deployment.configure('rabbitmq-server', config)
++
++        # Confirm
++        tries = 0
++        ret = self.validate_rmq_ssl_enabled_units(sentry_units, port=port)
++        while ret and tries < (max_wait / 4):
++            time.sleep(4)
++            self.log.debug('Attempt {}: {}'.format(tries, ret))
++            ret = self.validate_rmq_ssl_enabled_units(sentry_units, port=port)
++            tries += 1
++
++        if ret:
++            amulet.raise_status(amulet.FAIL, ret)
++
++    def configure_rmq_ssl_off(self, sentry_units, deployment, max_wait=60):
++        """Turn ssl charm config option off, confirm that it is disabled
++        on every unit.
++
++        :param sentry_units: list of sentry units
++        :param deployment: amulet deployment object pointer
++        :param max_wait: maximum time to wait in seconds to confirm
++        :returns: None if successful.  Raise on error.
++        """
++        self.log.debug('Setting ssl charm config option:  off')
++
++        # Disable RMQ SSL
++        config = {'ssl': 'off'}
++        deployment.configure('rabbitmq-server', config)
++
++        # Confirm
++        tries = 0
++        ret = self.validate_rmq_ssl_disabled_units(sentry_units)
++        while ret and tries < (max_wait / 4):
++            time.sleep(4)
++            self.log.debug('Attempt {}: {}'.format(tries, ret))
++            ret = self.validate_rmq_ssl_disabled_units(sentry_units)
++            tries += 1
++
++        if ret:
++            amulet.raise_status(amulet.FAIL, ret)
++
++    def connect_amqp_by_unit(self, sentry_unit, ssl=False,
++                             port=None, fatal=True,
++                             username="testuser1", password="changeme"):
++        """Establish and return a pika amqp connection to the rabbitmq service
++        running on a rmq juju unit.
++
++        :param sentry_unit: sentry unit pointer
++        :param ssl: boolean, default to False
++        :param port: amqp port, use defaults if None
++        :param fatal: boolean, default to True (raises on connect error)
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :returns: pika amqp connection pointer or None if failed and non-fatal
++        """
++        host = sentry_unit.info['public-address']
++        unit_name = sentry_unit.info['unit_name']
++
++        # Default port logic if port is not specified
++        if ssl and not port:
++            port = 5671
++        elif not ssl and not port:
++            port = 5672
++
++        self.log.debug('Connecting to amqp on {}:{} ({}) as '
++                       '{}...'.format(host, port, unit_name, username))
++
++        try:
++            credentials = pika.PlainCredentials(username, password)
++            parameters = pika.ConnectionParameters(host=host, port=port,
++                                                   credentials=credentials,
++                                                   ssl=ssl,
++                                                   connection_attempts=3,
++                                                   retry_delay=5,
++                                                   socket_timeout=1)
++            connection = pika.BlockingConnection(parameters)
++            assert connection.server_properties['product'] == 'RabbitMQ'
++            self.log.debug('Connect OK')
++            return connection
++        except Exception as e:
++            msg = ('amqp connection failed to {}:{} as '
++                   '{} ({})'.format(host, port, username, str(e)))
++            if fatal:
++                amulet.raise_status(amulet.FAIL, msg)
++            else:
++                self.log.warn(msg)
++                return None
++
++    def publish_amqp_message_by_unit(self, sentry_unit, message,
++                                     queue="test", ssl=False,
++                                     username="testuser1",
++                                     password="changeme",
++                                     port=None):
++        """Publish an amqp message to a rmq juju unit.
++
++        :param sentry_unit: sentry unit pointer
++        :param message: amqp message string
++        :param queue: message queue, default to test
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :param ssl: boolean, default to False
++        :param port: amqp port, use defaults if None
++        :returns: None.  Raises exception if publish failed.
++        """
++        self.log.debug('Publishing message to {} queue:\n{}'.format(queue,
++                                                                    message))
++        connection = self.connect_amqp_by_unit(sentry_unit, ssl=ssl,
++                                               port=port,
++                                               username=username,
++                                               password=password)
++
++        # NOTE(beisner): extra debug here re: pika hang potential:
++        #   https://github.com/pika/pika/issues/297
++        #   https://groups.google.com/forum/#!topic/rabbitmq-users/Ja0iyfF0Szw
++        self.log.debug('Defining channel...')
++        channel = connection.channel()
++        self.log.debug('Declaring queue...')
++        channel.queue_declare(queue=queue, auto_delete=False, durable=True)
++        self.log.debug('Publishing message...')
++        channel.basic_publish(exchange='', routing_key=queue, body=message)
++        self.log.debug('Closing channel...')
++        channel.close()
++        self.log.debug('Closing connection...')
++        connection.close()
++
++    def get_amqp_message_by_unit(self, sentry_unit, queue="test",
++                                 username="testuser1",
++                                 password="changeme",
++                                 ssl=False, port=None):
++        """Get an amqp message from a rmq juju unit.
++
++        :param sentry_unit: sentry unit pointer
++        :param queue: message queue, default to test
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :param ssl: boolean, default to False
++        :param port: amqp port, use defaults if None
++        :returns: amqp message body as string.  Raise if get fails.
++        """
++        connection = self.connect_amqp_by_unit(sentry_unit, ssl=ssl,
++                                               port=port,
++                                               username=username,
++                                               password=password)
++        channel = connection.channel()
++        method_frame, _, body = channel.basic_get(queue)
++
++        if method_frame:
++            self.log.debug('Retreived message from {} queue:\n{}'.format(queue,
++                                                                         body))
++            channel.basic_ack(method_frame.delivery_tag)
++            channel.close()
++            connection.close()
++            return body
++        else:
++            msg = 'No message retrieved.'
++            amulet.raise_status(amulet.FAIL, msg)
 === modified file 'hooks/charmhelpers/contrib/openstack/context.py'
 --- hooks/charmhelpers/contrib/openstack/context.py	2015-09-03 09:39:34 +0000
 +++ hooks/charmhelpers/contrib/openstack/context.py	2015-09-22 06:12:36 +0000
@@ -194,10 +194,50 @@
  class OSContextGenerator(object):
      """Base class for all context generators."""
      interfaces = []
++    related = False
++    complete = False
++    missing_data = []
      def __call__(self):
          raise NotImplementedError
++    def context_complete(self, ctxt):
++        """Check for missing data for the required context data.
++        Set self.missing_data if it exists and return False.
++        Set self.complete if no missing data and return True.
++        """
++        # Fresh start
++        self.complete = False
++        self.missing_data = []
++        for k, v in six.iteritems(ctxt):
++            if v is None or v == '':
++                if k not in self.missing_data:
++                    self.missing_data.append(k)
++
++        if self.missing_data:
++            self.complete = False
++            log('Missing required data: %s' % ' '.join(self.missing_data), level=INFO)
++        else:
++            self.complete = True
++        return self.complete
++
++    def get_related(self):
++        """Check if any of the context interfaces have relation ids.
++        Set self.related and return True if one of the interfaces
++        has relation ids.
++        """
++        # Fresh start
++        self.related = False
++        try:
++            for interface in self.interfaces:
++                if relation_ids(interface):
++                    self.related = True
++            return self.related
++        except AttributeError as e:
++            log("{} {}"
++                "".format(self, e), 'INFO')
++            return self.related
++
  class SharedDBContext(OSContextGenerator):
      interfaces = ['shared-db']
@@ -213,6 +253,7 @@
          self.database = database
          self.user = user
          self.ssl_dir = ssl_dir
++        self.rel_name = self.interfaces[0]
      def __call__(self):
          self.database = self.database or config('database')
@@ -246,6 +287,7 @@
              password_setting = self.relation_prefix + '_password'
          for rid in relation_ids(self.interfaces[0]):
++            self.related = True
              for unit in related_units(rid):
                  rdata = relation_get(rid=rid, unit=unit)
                  host = rdata.get('db_host')
@@ -257,7 +299,7 @@
                      'database_password': rdata.get(password_setting),
                      'database_type': 'mysql'
+                 }
--                if context_complete(ctxt):
++                if self.context_complete(ctxt):
                      db_ssl(rdata, ctxt, self.ssl_dir)
                      return ctxt
          return {}
@@ -278,6 +320,7 @@
          ctxt = {}
          for rid in relation_ids(self.interfaces[0]):
++            self.related = True
              for unit in related_units(rid):
                  rel_host = relation_get('host', rid=rid, unit=unit)
                  rel_user = relation_get('user', rid=rid, unit=unit)
@@ -287,7 +330,7 @@
                          'database_user': rel_user,
                          'database_password': rel_passwd,
                          'database_type': 'postgresql'}
--                if context_complete(ctxt):
++                if self.context_complete(ctxt):
                      return ctxt
          return {}
@@ -348,6 +391,7 @@
              ctxt['signing_dir'] = cachedir
          for rid in relation_ids(self.rel_name):
++            self.related = True
              for unit in related_units(rid):
                  rdata = relation_get(rid=rid, unit=unit)
                  serv_host = rdata.get('service_host')
@@ -366,7 +410,7 @@
                               'service_protocol': svc_protocol,
                               'auth_protocol': auth_protocol})
--                if context_complete(ctxt):
++                if self.context_complete(ctxt):
                      # NOTE(jamespage) this is required for >= icehouse
                      # so a missing value just indicates keystone needs
                      # upgrading
@@ -405,6 +449,7 @@
          ctxt = {}
          for rid in relation_ids(self.rel_name):
              ha_vip_only = False
++            self.related = True
              for unit in related_units(rid):
                  if relation_get('clustered', rid=rid, unit=unit):
                      ctxt['clustered'] = True
@@ -437,7 +482,7 @@
                  ha_vip_only = relation_get('ha-vip-only',
                                             rid=rid, unit=unit) is not None
--                if context_complete(ctxt):
++                if self.context_complete(ctxt):
                      if 'rabbit_ssl_ca' in ctxt:
                          if not self.ssl_dir:
                              log("Charm not setup for ssl support but ssl ca "
@@ -469,7 +514,7 @@
              ctxt['oslo_messaging_flags'] = config_flags_parser(
                  oslo_messaging_flags)
--        if not context_complete(ctxt):
++        if not self.complete:
              return {}
          return ctxt
@@ -485,13 +530,15 @@
          log('Generating template context for ceph', level=DEBUG)
          mon_hosts = []
--        auth = None
--        key = None
--        use_syslog = str(config('use-syslog')).lower()
++        ctxt = {
++            'use_syslog': str(config('use-syslog')).lower()
++        }
          for rid in relation_ids('ceph'):
              for unit in related_units(rid):
--                auth = relation_get('auth', rid=rid, unit=unit)
--                key = relation_get('key', rid=rid, unit=unit)
++                if not ctxt.get('auth'):
++                    ctxt['auth'] = relation_get('auth', rid=rid, unit=unit)
++                if not ctxt.get('key'):
++                    ctxt['key'] = relation_get('key', rid=rid, unit=unit)
                  ceph_pub_addr = relation_get('ceph-public-address', rid=rid,
                                               unit=unit)
                  unit_priv_addr = relation_get('private-address', rid=rid,
@@ -500,15 +547,12 @@
                  ceph_addr = format_ipv6_addr(ceph_addr) or ceph_addr
                  mon_hosts.append(ceph_addr)
--        ctxt = {'mon_hosts': ' '.join(sorted(mon_hosts)),
--                'auth': auth,
--                'key': key,
--                'use_syslog': use_syslog}
++        ctxt['mon_hosts'] = ' '.join(sorted(mon_hosts))
          if not os.path.isdir('/etc/ceph'):
              os.mkdir('/etc/ceph')
--        if not context_complete(ctxt):
++        if not self.context_complete(ctxt):
              return {}
          ensure_packages(['ceph-common'])
@@ -1367,6 +1411,6 @@
                      'auth_protocol':
                      rdata.get('auth_protocol') or 'http',
+                 }
--                if context_complete(ctxt):
++                if self.context_complete(ctxt):
                      return ctxt
          return {}
 === modified file 'hooks/charmhelpers/contrib/openstack/templating.py'
 --- hooks/charmhelpers/contrib/openstack/templating.py	2015-07-29 10:46:43 +0000
 +++ hooks/charmhelpers/contrib/openstack/templating.py	2015-09-22 06:12:36 +0000
@@ -18,7 +18,7 @@
  import six
--from charmhelpers.fetch import apt_install
++from charmhelpers.fetch import apt_install, apt_update
  from charmhelpers.core.hookenv import (
      log,
      ERROR,
@@ -112,7 +112,7 @@
      def complete_contexts(self):
          '''
--        Return a list of interfaces that have atisfied contexts.
++        Return a list of interfaces that have satisfied contexts.
          '''
          if self._complete_contexts:
              return self._complete_contexts
@@ -293,3 +293,30 @@
          [interfaces.extend(i.complete_contexts())
           for i in six.itervalues(self.templates)]
          return interfaces
++
++    def get_incomplete_context_data(self, interfaces):
++        '''
++        Return dictionary of relation status of interfaces and any missing
++        required context data. Example:
++            {'amqp': {'missing_data': ['rabbitmq_password'], 'related': True},
++             'zeromq-configuration': {'related': False}}
++        '''
++        incomplete_context_data = {}
++
++        for i in six.itervalues(self.templates):
++            for context in i.contexts:
++                for interface in interfaces:
++                    related = False
++                    if interface in context.interfaces:
++                        related = context.get_related()
++                        missing_data = context.missing_data
++                        if missing_data:
++                            incomplete_context_data[interface] = {'missing_data': missing_data}
++                        if related:
++                            if incomplete_context_data.get(interface):
++                                incomplete_context_data[interface].update({'related': True})
++                            else:
++                                incomplete_context_data[interface] = {'related': True}
++                        else:
++                            incomplete_context_data[interface] = {'related': False}
++        return incomplete_context_data
 === modified file 'hooks/charmhelpers/contrib/openstack/utils.py'
 --- hooks/charmhelpers/contrib/openstack/utils.py	2015-09-03 09:39:34 +0000
 +++ hooks/charmhelpers/contrib/openstack/utils.py	2015-09-22 06:12:36 +0000
@@ -25,6 +25,7 @@
  import re
  import six
++import traceback
  import yaml
  from charmhelpers.contrib.network import ip
@@ -34,12 +35,16 @@
+ )
  from charmhelpers.core.hookenv import (
++    action_fail,
++    action_set,
      config,
      log as juju_log,
      charm_dir,
      INFO,
      relation_ids,
--    relation_set
++    relation_set,
++    status_set,
++    hook_name
+ )
  from charmhelpers.contrib.storage.linux.lvm import (
@@ -114,6 +119,7 @@
      ('2.2.1', 'kilo'),
      ('2.2.2', 'kilo'),
      ('2.3.0', 'liberty'),
++    ('2.4.0', 'liberty'),
  ])
  # >= Liberty version->codename mapping
@@ -745,3 +751,217 @@
          return projects[key]
      return None
++
++
++def os_workload_status(configs, required_interfaces, charm_func=None):
++    """
++    Decorator to set workload status based on complete contexts
++    """
++    def wrap(f):
++        @wraps(f)
++        def wrapped_f(*args, **kwargs):
++            # Run the original function first
++            f(*args, **kwargs)
++            # Set workload status now that contexts have been
++            # acted on
++            set_os_workload_status(configs, required_interfaces, charm_func)
++        return wrapped_f
++    return wrap
++
++
++def set_os_workload_status(configs, required_interfaces, charm_func=None):
++    """
++    Set workload status based on complete contexts.
++    status-set missing or incomplete contexts
++    and juju-log details of missing required data.
++    charm_func is a charm specific function to run checking
++    for charm specific requirements such as a VIP setting.
++    """
++    incomplete_rel_data = incomplete_relation_data(configs, required_interfaces)
++    state = 'active'
++    missing_relations = []
++    incomplete_relations = []
++    message = None
++    charm_state = None
++    charm_message = None
++
++    for generic_interface in incomplete_rel_data.keys():
++        related_interface = None
++        missing_data = {}
++        # Related or not?
++        for interface in incomplete_rel_data[generic_interface]:
++            if incomplete_rel_data[generic_interface][interface].get('related'):
++                related_interface = interface
++                missing_data = incomplete_rel_data[generic_interface][interface].get('missing_data')
++        # No relation ID for the generic_interface
++        if not related_interface:
++            juju_log("{} relation is missing and must be related for "
++                     "functionality. ".format(generic_interface), 'WARN')
++            state = 'blocked'
++            if generic_interface not in missing_relations:
++                missing_relations.append(generic_interface)
++        else:
++            # Relation ID exists but no related unit
++            if not missing_data:
++                # Edge case relation ID exists but departing
++                if ('departed' in hook_name() or 'broken' in hook_name()) \
++                        and related_interface in hook_name():
++                    state = 'blocked'
++                    if generic_interface not in missing_relations:
++                        missing_relations.append(generic_interface)
++                    juju_log("{} relation's interface, {}, "
++                             "relationship is departed or broken "
++                             "and is required for functionality."
++                             "".format(generic_interface, related_interface), "WARN")
++                # Normal case relation ID exists but no related unit
++                # (joining)
++                else:
++                    juju_log("{} relations's interface, {}, is related but has "
++                             "no units in the relation."
++                             "".format(generic_interface, related_interface), "INFO")
++            # Related unit exists and data missing on the relation
++            else:
++                juju_log("{} relation's interface, {}, is related awaiting "
++                         "the following data from the relationship: {}. "
++                         "".format(generic_interface, related_interface,
++                                   ", ".join(missing_data)), "INFO")
++            if state != 'blocked':
++                state = 'waiting'
++            if generic_interface not in incomplete_relations \
++                    and generic_interface not in missing_relations:
++                incomplete_relations.append(generic_interface)
++
++    if missing_relations:
++        message = "Missing relations: {}".format(", ".join(missing_relations))
++        if incomplete_relations:
++            message += "; incomplete relations: {}" \
++                       "".format(", ".join(incomplete_relations))
++        state = 'blocked'
++    elif incomplete_relations:
++        message = "Incomplete relations: {}" \
++                  "".format(", ".join(incomplete_relations))
++        state = 'waiting'
++
++    # Run charm specific checks
++    if charm_func:
++        charm_state, charm_message = charm_func(configs)
++        if charm_state != 'active' and charm_state != 'unknown':
++            state = workload_state_compare(state, charm_state)
++            if message:
++                message = "{} {}".format(message, charm_message)
++            else:
++                message = charm_message
++
++    # Set to active if all requirements have been met
++    if state == 'active':
++        message = "Unit is ready"
++        juju_log(message, "INFO")
++
++    status_set(state, message)
++
++
++def workload_state_compare(current_workload_state, workload_state):
++    """ Return highest priority of two states"""
++    hierarchy = {'unknown': -1,
++                 'active': 0,
++                 'maintenance': 1,
++                 'waiting': 2,
++                 'blocked': 3,
++                 }
++
++    if hierarchy.get(workload_state) is None:
++        workload_state = 'unknown'
++    if hierarchy.get(current_workload_state) is None:
++        current_workload_state = 'unknown'
++
++    # Set workload_state based on hierarchy of statuses
++    if hierarchy.get(current_workload_state) > hierarchy.get(workload_state):
++        return current_workload_state
++    else:
++        return workload_state
++
++
++def incomplete_relation_data(configs, required_interfaces):
++    """
++    Check complete contexts against required_interfaces
++    Return dictionary of incomplete relation data.
++
++    configs is an OSConfigRenderer object with configs registered
++
++    required_interfaces is a dictionary of required general interfaces
++    with dictionary values of possible specific interfaces.
++    Example:
++    required_interfaces = {'database': ['shared-db', 'pgsql-db']}
++
++    The interface is said to be satisfied if anyone of the interfaces in the
++    list has a complete context.
++
++    Return dictionary of incomplete or missing required contexts with relation
++    status of interfaces and any missing data points. Example:
++        {'message':
++             {'amqp': {'missing_data': ['rabbitmq_password'], 'related': True},
++              'zeromq-configuration': {'related': False}},
++         'identity':
++             {'identity-service': {'related': False}},
++         'database':
++             {'pgsql-db': {'related': False},
++              'shared-db': {'related': True}}}
++    """
++    complete_ctxts = configs.complete_contexts()
++    incomplete_relations = []
++    for svc_type in required_interfaces.keys():
++        # Avoid duplicates
++        found_ctxt = False
++        for interface in required_interfaces[svc_type]:
++            if interface in complete_ctxts:
++                found_ctxt = True
++        if not found_ctxt:
++            incomplete_relations.append(svc_type)
++    incomplete_context_data = {}
++    for i in incomplete_relations:
++        incomplete_context_data[i] = configs.get_incomplete_context_data(required_interfaces[i])
++    return incomplete_context_data
++
++
++def do_action_openstack_upgrade(package, upgrade_callback, configs):
++    """Perform action-managed OpenStack upgrade.
++
++    Upgrades packages to the configured openstack-origin version and sets
++    the corresponding action status as a result.
++
++    If the charm was installed from source we cannot upgrade it.
++    For backwards compatibility a config flag (action-managed-upgrade) must
++    be set for this code to run, otherwise a full service level upgrade will
++    fire on config-changed.
++
++    @param package: package name for determining if upgrade available
++    @param upgrade_callback: function callback to charm's upgrade function
++    @param configs: templating object derived from OSConfigRenderer class
++
++    @return: True if upgrade successful; False if upgrade failed or skipped
++    """
++    ret = False
++
++    if git_install_requested():
++        action_set({'outcome': 'installed from source, skipped upgrade.'})
++    else:
++        if openstack_upgrade_available(package):
++            if config('action-managed-upgrade'):
++                juju_log('Upgrading OpenStack release')
++
++                try:
++                    upgrade_callback(configs=configs)
++                    action_set({'outcome': 'success, upgrade completed.'})
++                    ret = True
++                except:
++                    action_set({'outcome': 'upgrade failed, see traceback.'})
++                    action_set({'traceback': traceback.format_exc()})
++                    action_fail('do_openstack_upgrade resulted in an '
++                                'unexpected error')
++            else:
++                action_set({'outcome': 'action-managed-upgrade config is '
++                                       'False, skipped upgrade.'})
++        else:
++            action_set({'outcome': 'no upgrade available.'})
++
++    return ret
 === modified file 'hooks/charmhelpers/contrib/storage/linux/ceph.py'
 --- hooks/charmhelpers/contrib/storage/linux/ceph.py	2015-07-16 20:18:38 +0000
 +++ hooks/charmhelpers/contrib/storage/linux/ceph.py	2015-09-22 06:12:36 +0000
@@ -28,6 +28,7 @@
  import shutil
  import json
  import time
++import uuid
  from subprocess import (
      check_call,
@@ -35,8 +36,10 @@
      CalledProcessError,
+ )
  from charmhelpers.core.hookenv import (
++    local_unit,
      relation_get,
      relation_ids,
++    relation_set,
      related_units,
      log,
      DEBUG,
@@ -56,6 +59,8 @@
      apt_install,
+ )
++from charmhelpers.core.kernel import modprobe
++
  KEYRING = '/etc/ceph/ceph.client.{}.keyring'
  KEYFILE = '/etc/ceph/ceph.client.{}.key'
@@ -288,17 +293,6 @@
      os.chown(data_src_dst, uid, gid)
--# TODO: re-use
--def modprobe(module):
--    """Load a kernel module and configure for auto-load on reboot."""
--    log('Loading kernel module', level=INFO)
--    cmd = ['modprobe', module]
--    check_call(cmd)
--    with open('/etc/modules', 'r+') as modules:
--        if module not in modules.read():
--            modules.write(module)
--
--
  def copy_files(src, dst, symlinks=False, ignore=None):
      """Copy files from src to dst."""
      for item in os.listdir(src):
@@ -411,17 +405,52 @@
      The API is versioned and defaults to version 1.
      """
--    def __init__(self, api_version=1):
++    def __init__(self, api_version=1, request_id=None):
          self.api_version = api_version
++        if request_id:
++            self.request_id = request_id
++        else:
++            self.request_id = str(uuid.uuid1())
          self.ops = []
      def add_op_create_pool(self, name, replica_count=3):
          self.ops.append({'op': 'create-pool', 'name': name,
                           'replicas': replica_count})
++    def set_ops(self, ops):
++        """Set request ops to provided value.
++
++        Useful for injecting ops that come from a previous request
++        to allow comparisons to ensure validity.
++        """
++        self.ops = ops
++
      @property
      def request(self):
--        return json.dumps({'api-version': self.api_version, 'ops': self.ops})
++        return json.dumps({'api-version': self.api_version, 'ops': self.ops,
++                           'request-id': self.request_id})
++
++    def _ops_equal(self, other):
++        if len(self.ops) == len(other.ops):
++            for req_no in range(0, len(self.ops)):
++                for key in ['replicas', 'name', 'op']:
++                    if self.ops[req_no][key] != other.ops[req_no][key]:
++                        return False
++        else:
++            return False
++        return True
++
++    def __eq__(self, other):
++        if not isinstance(other, self.__class__):
++            return False
++        if self.api_version == other.api_version and \
++                self._ops_equal(other):
++            return True
++        else:
++            return False
++
++    def __ne__(self, other):
++        return not self.__eq__(other)
  class CephBrokerRsp(object):
@@ -431,14 +460,198 @@
      The API is versioned and defaults to version 1.
      """
++
      def __init__(self, encoded_rsp):
          self.api_version = None
          self.rsp = json.loads(encoded_rsp)
      @property
++    def request_id(self):
++        return self.rsp.get('request-id')
++
++    @property
      def exit_code(self):
          return self.rsp.get('exit-code')
      @property
      def exit_msg(self):
          return self.rsp.get('stderr')
++
++
++# Ceph Broker Conversation:
++# If a charm needs an action to be taken by ceph it can create a CephBrokerRq
++# and send that request to ceph via the ceph relation. The CephBrokerRq has a
++# unique id so that the client can identity which CephBrokerRsp is associated
++# with the request. Ceph will also respond to each client unit individually
++# creating a response key per client unit eg glance/0 will get a CephBrokerRsp
++# via key broker-rsp-glance-0
++#
++# To use this the charm can just do something like:
++#
++# from charmhelpers.contrib.storage.linux.ceph import (
++#     send_request_if_needed,
++#     is_request_complete,
++#     CephBrokerRq,
++# )
++#
++# @hooks.hook('ceph-relation-changed')
++# def ceph_changed():
++#     rq = CephBrokerRq()
++#     rq.add_op_create_pool(name='poolname', replica_count=3)
++#
++#     if is_request_complete(rq):
++#         <Request complete actions>
++#     else:
++#         send_request_if_needed(get_ceph_request())
++#
++# CephBrokerRq and CephBrokerRsp are serialized into JSON. Below is an example
++# of glance having sent a request to ceph which ceph has successfully processed
++#  'ceph:8': {
++#      'ceph/0': {
++#          'auth': 'cephx',
++#          'broker-rsp-glance-0': '{"request-id": "0bc7dc54", "exit-code": 0}',
++#          'broker_rsp': '{"request-id": "0da543b8", "exit-code": 0}',
++#          'ceph-public-address': '10.5.44.103',
++#          'key': 'AQCLDttVuHXINhAAvI144CB09dYchhHyTUY9BQ==',
++#          'private-address': '10.5.44.103',
++#      },
++#      'glance/0': {
++#          'broker_req': ('{"api-version": 1, "request-id": "0bc7dc54", '
++#                         '"ops": [{"replicas": 3, "name": "glance", '
++#                         '"op": "create-pool"}]}'),
++#          'private-address': '10.5.44.109',
++#      },
++#  }
++
++def get_previous_request(rid):
++    """Return the last ceph broker request sent on a given relation
++
++    @param rid: Relation id to query for request
++    """
++    request = None
++    broker_req = relation_get(attribute='broker_req', rid=rid,
++                              unit=local_unit())
++    if broker_req:
++        request_data = json.loads(broker_req)
++        request = CephBrokerRq(api_version=request_data['api-version'],
++                               request_id=request_data['request-id'])
++        request.set_ops(request_data['ops'])
++
++    return request
++
++
++def get_request_states(request):
++    """Return a dict of requests per relation id with their corresponding
++       completion state.
++
++    This allows a charm, which has a request for ceph, to see whether there is
++    an equivalent request already being processed and if so what state that
++    request is in.
++
++    @param request: A CephBrokerRq object
++    """
++    complete = []
++    requests = {}
++    for rid in relation_ids('ceph'):
++        complete = False
++        previous_request = get_previous_request(rid)
++        if request == previous_request:
++            sent = True
++            complete = is_request_complete_for_rid(previous_request, rid)
++        else:
++            sent = False
++            complete = False
++
++        requests[rid] = {
++            'sent': sent,
++            'complete': complete,
++        }
++
++    return requests
++
++
++def is_request_sent(request):
++    """Check to see if a functionally equivalent request has already been sent
++
++    Returns True if a similair request has been sent
++
++    @param request: A CephBrokerRq object
++    """
++    states = get_request_states(request)
++    for rid in states.keys():
++        if not states[rid]['sent']:
++            return False
++
++    return True
++
++
++def is_request_complete(request):
++    """Check to see if a functionally equivalent request has already been
++    completed
++
++    Returns True if a similair request has been completed
++
++    @param request: A CephBrokerRq object
++    """
++    states = get_request_states(request)
++    for rid in states.keys():
++        if not states[rid]['complete']:
++            return False
++
++    return True
++
++
++def is_request_complete_for_rid(request, rid):
++    """Check if a given request has been completed on the given relation
++
++    @param request: A CephBrokerRq object
++    @param rid: Relation ID
++    """
++    broker_key = get_broker_rsp_key()
++    for unit in related_units(rid):
++        rdata = relation_get(rid=rid, unit=unit)
++        if rdata.get(broker_key):
++            rsp = CephBrokerRsp(rdata.get(broker_key))
++            if rsp.request_id == request.request_id:
++                if not rsp.exit_code:
++                    return True
++        else:
++            # The remote unit sent no reply targeted at this unit so either the
++            # remote ceph cluster does not support unit targeted replies or it
++            # has not processed our request yet.
++            if rdata.get('broker_rsp'):
++                request_data = json.loads(rdata['broker_rsp'])
++                if request_data.get('request-id'):
++                    log('Ignoring legacy broker_rsp without unit key as remote '
++                        'service supports unit specific replies', level=DEBUG)
++                else:
++                    log('Using legacy broker_rsp as remote service does not '
++                        'supports unit specific replies', level=DEBUG)
++                    rsp = CephBrokerRsp(rdata['broker_rsp'])
++                    if not rsp.exit_code:
++                        return True
++
++    return False
++
++
++def get_broker_rsp_key():
++    """Return broker response key for this unit
++
++    This is the key that ceph is going to use to pass request status
++    information back to this unit
++    """
++    return 'broker-rsp-' + local_unit().replace('/', '-')
++
++
++def send_request_if_needed(request):
++    """Send broker request if an equivalent request has not already been sent
++
++    @param request: A CephBrokerRq object
++    """
++    if is_request_sent(request):
++        log('Request already sent but not complete, not sending new request',
++            level=DEBUG)
++    else:
++        for rid in relation_ids('ceph'):
++            log('Sending request {}'.format(request.request_id), level=DEBUG)
++            relation_set(relation_id=rid, broker_req=request.request)
 === modified file 'hooks/charmhelpers/core/host.py'
 --- hooks/charmhelpers/core/host.py	2015-08-19 13:48:32 +0000
 +++ hooks/charmhelpers/core/host.py	2015-09-22 06:12:36 +0000
@@ -63,12 +63,10 @@
      return service_result
--def service_pause(service_name, init_dir=None):
++def service_pause(service_name, init_dir="/etc/init", initd_dir="/etc/init.d"):
      """Pause a system service.
      Stop it, and prevent it from starting again at boot."""
--    if init_dir is None:
--        init_dir = "/etc/init"
      stopped = service_stop(service_name)
      # XXX: Support systemd too
      override_path = os.path.join(
@@ -78,7 +76,8 @@
      return stopped
--def service_resume(service_name, init_dir=None):
++def service_resume(service_name, init_dir="/etc/init",
++                   initd_dir="/etc/init.d"):
      """Resume a system service.
      Reenable starting again at boot. Start the service"""
 === added file 'hooks/charmhelpers/core/kernel.py'
 --- hooks/charmhelpers/core/kernel.py	1970-01-01 00:00:00 +0000
 +++ hooks/charmhelpers/core/kernel.py	2015-09-22 06:12:36 +0000
@@ -0,0 +1,68 @@
++#!/usr/bin/env python
++# -*- coding: utf-8 -*-
++
++# Copyright 2014-2015 Canonical Limited.
++#
++# This file is part of charm-helpers.
++#
++# charm-helpers is free software: you can redistribute it and/or modify
++# it under the terms of the GNU Lesser General Public License version 3 as
++# published by the Free Software Foundation.
++#
++# charm-helpers is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU Lesser General Public License for more details.
++#
++# You should have received a copy of the GNU Lesser General Public License
++# along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
++
++__author__ = "Jorge Niedbalski <jorge.niedbalski@canonical.com>"
++
++from charmhelpers.core.hookenv import (
++    log,
++    INFO
++)
++
++from subprocess import check_call, check_output
++import re
++
++
++def modprobe(module, persist=True):
++    """Load a kernel module and configure for auto-load on reboot."""
++    cmd = ['modprobe', module]
++
++    log('Loading kernel module %s' % module, level=INFO)
++
++    check_call(cmd)
++    if persist:
++        with open('/etc/modules', 'r+') as modules:
++            if module not in modules.read():
++                modules.write(module)
++
++
++def rmmod(module, force=False):
++    """Remove a module from the linux kernel"""
++    cmd = ['rmmod']
++    if force:
++        cmd.append('-f')
++    cmd.append(module)
++    log('Removing kernel module %s' % module, level=INFO)
++    return check_call(cmd)
++
++
++def lsmod():
++    """Shows what kernel modules are currently loaded"""
++    return check_output(['lsmod'],
++                        universal_newlines=True)
++
++
++def is_module_loaded(module):
++    """Checks if a kernel module is already loaded"""
++    matches = re.findall('^%s[ ]+' % module, lsmod(), re.M)
++    return len(matches) > 0
++
++
++def update_initramfs(version='all'):
++    """Updates an initramfs image"""
++    return check_call(["update-initramfs", "-k", version, "-u"])
 === modified file 'hooks/charmhelpers/core/strutils.py'
 --- hooks/charmhelpers/core/strutils.py	2015-04-14 01:15:40 +0000
 +++ hooks/charmhelpers/core/strutils.py	2015-09-22 06:12:36 +0000
@@ -18,6 +18,7 @@
  # along with charm-helpers.  If not, see <http://www.gnu.org/licenses/>.
  import six
++import re
  def bool_from_string(value):
@@ -40,3 +41,32 @@
      msg = "Unable to interpret string value '%s' as boolean" % (value)
      raise ValueError(msg)
++
++
++def bytes_from_string(value):
++    """Interpret human readable string value as bytes.
++
++    Returns int
++    """
++    BYTE_POWER = {
++        'K': 1,
++        'KB': 1,
++        'M': 2,
++        'MB': 2,
++        'G': 3,
++        'GB': 3,
++        'T': 4,
++        'TB': 4,
++        'P': 5,
++        'PB': 5,
++    }
++    if isinstance(value, six.string_types):
++        value = six.text_type(value)
++    else:
++        msg = "Unable to interpret non-string value '%s' as boolean" % (value)
++        raise ValueError(msg)
++    matches = re.match("([0-9]+)([a-zA-Z]+)", value)
++    if not matches:
++        msg = "Unable to interpret string value '%s' as bytes" % (value)
++        raise ValueError(msg)
++    return int(matches.group(1)) * (1024 ** BYTE_POWER[matches.group(2)])
 === modified file 'hooks/nova_cc_utils.py'
 --- hooks/nova_cc_utils.py	2015-07-22 12:01:24 +0000
 +++ hooks/nova_cc_utils.py	2015-09-22 06:12:36 +0000
@@ -724,7 +724,10 @@
  def ssh_known_host_key(host, unit=None, user=None):
      cmd = ['ssh-keygen', '-f', known_hosts(unit, user), '-H', '-F', host]
      try:
--        return subprocess.check_output(cmd).strip()
++        # The first line of output is like '# Host xx found: line 1 type RSA',
++        # which should be excluded.
++        output = subprocess.check_output(cmd).strip()
++        return output.split('\n')[1]
      except subprocess.CalledProcessError:
          return None
@@ -735,6 +738,16 @@
      subprocess.check_call(cmd)
++def is_same_key(key_1, key_2):
++    # The key format get will be like '|1|2rUumCavEXWVaVyB5uMl6m85pZo=|Cp'
++    # 'EL6l7VTY37T/fg/ihhNb/GPgs= ssh-rsa AAAAB', we only need to compare
++    # the part start with 'ssh-rsa' followed with '= ', because the hash
++    # value in the beginning will change each time.
++    k_1 = key_1.split('= ')[1]
++    k_2 = key_2.split('= ')[1]
++    return k_1 == k_2
++
++
  def add_known_host(host, unit=None, user=None):
      '''Add variations of host to a known hosts file.'''
      cmd = ['ssh-keyscan', '-H', '-t', 'rsa', host]
@@ -745,8 +758,8 @@
          raise e
      current_key = ssh_known_host_key(host, unit, user)
--    if current_key:
--        if remote_key == current_key:
++    if current_key and remote_key:
++        if is_same_key(remote_key, current_key):
              log('Known host key for compute host %s up to date.' % host)
              return
          else:
@@ -787,8 +800,7 @@
              hosts.append(hn.split('.')[0])
      for host in list(set(hosts)):
--        if not ssh_known_host_key(host, unit, user):
--            add_known_host(host, unit, user)
++        add_known_host(host, unit, user)
      if not ssh_authorized_key_exists(public_key, unit, user):
          log('Saving SSH authorized key for compute host at %s.' %
 === modified file 'tests/charmhelpers/contrib/amulet/deployment.py'
 --- tests/charmhelpers/contrib/amulet/deployment.py	2015-03-31 11:39:19 +0000
 +++ tests/charmhelpers/contrib/amulet/deployment.py	2015-09-22 06:12:36 +0000
@@ -51,7 +51,8 @@
          if 'units' not in this_service:
              this_service['units'] = 1
--        self.d.add(this_service['name'], units=this_service['units'])
++        self.d.add(this_service['name'], units=this_service['units'],
++                   constraints=this_service.get('constraints'))
          for svc in other_services:
              if 'location' in svc:
@@ -64,7 +65,8 @@
              if 'units' not in svc:
                  svc['units'] = 1
--            self.d.add(svc['name'], charm=branch_location, units=svc['units'])
++            self.d.add(svc['name'], charm=branch_location, units=svc['units'],
++                       constraints=svc.get('constraints'))
      def _add_relations(self, relations):
          """Add all of the relations for the services."""
 === modified file 'tests/charmhelpers/contrib/amulet/utils.py'
 --- tests/charmhelpers/contrib/amulet/utils.py	2015-08-18 17:34:35 +0000
 +++ tests/charmhelpers/contrib/amulet/utils.py	2015-09-22 06:12:36 +0000
@@ -114,7 +114,7 @@
          # /!\ DEPRECATION WARNING (beisner):
          # New and existing tests should be rewritten to use
          # validate_services_by_name() as it is aware of init systems.
--        self.log.warn('/!\\ DEPRECATION WARNING:  use '
++        self.log.warn('DEPRECATION WARNING:  use '
                        'validate_services_by_name instead of validate_services '
                        'due to init system differences.')
@@ -269,33 +269,52 @@
          """Get last modification time of directory."""
          return sentry_unit.directory_stat(directory)['mtime']
--    def _get_proc_start_time(self, sentry_unit, service, pgrep_full=False):
--        """Get process' start time.
--
--           Determine start time of the process based on the last modification
--           time of the /proc/pid directory. If pgrep_full is True, the process
--           name is matched against the full command line.
--           """
--        if pgrep_full:
--            cmd = 'pgrep -o -f {}'.format(service)
--        else:
--            cmd = 'pgrep -o {}'.format(service)
--        cmd = cmd + '  | grep  -v pgrep || exit 0'
--        cmd_out = sentry_unit.run(cmd)
--        self.log.debug('CMDout: ' + str(cmd_out))
--        if cmd_out[0]:
--            self.log.debug('Pid for %s %s' % (service, str(cmd_out[0])))
--            proc_dir = '/proc/{}'.format(cmd_out[0].strip())
--            return self._get_dir_mtime(sentry_unit, proc_dir)
++    def _get_proc_start_time(self, sentry_unit, service, pgrep_full=None):
++        """Get start time of a process based on the last modification time
++           of the /proc/pid directory.
++
++        :sentry_unit:  The sentry unit to check for the service on
++        :service:  service name to look for in process table
++        :pgrep_full:  [Deprecated] Use full command line search mode with pgrep
++        :returns:  epoch time of service process start
++        :param commands:  list of bash commands
++        :param sentry_units:  list of sentry unit pointers
++        :returns:  None if successful; Failure message otherwise
++        """
++        if pgrep_full is not None:
++            # /!\ DEPRECATION WARNING (beisner):
++            # No longer implemented, as pidof is now used instead of pgrep.
++            # https://bugs.launchpad.net/charm-helpers/+bug/1474030
++            self.log.warn('DEPRECATION WARNING:  pgrep_full bool is no '
++                          'longer implemented re: lp 1474030.')
++
++        pid_list = self.get_process_id_list(sentry_unit, service)
++        pid = pid_list[0]
++        proc_dir = '/proc/{}'.format(pid)
++        self.log.debug('Pid for {} on {}: {}'.format(
++            service, sentry_unit.info['unit_name'], pid))
++
++        return self._get_dir_mtime(sentry_unit, proc_dir)
      def service_restarted(self, sentry_unit, service, filename,
--                          pgrep_full=False, sleep_time=20):
++                          pgrep_full=None, sleep_time=20):
          """Check if service was restarted.
             Compare a service's start time vs a file's last modification time
             (such as a config file for that service) to determine if the service
             has been restarted.
             """
++        # /!\ DEPRECATION WARNING (beisner):
++        # This method is prone to races in that no before-time is known.
++        # Use validate_service_config_changed instead.
++
++        # NOTE(beisner) pgrep_full is no longer implemented, as pidof is now
++        # used instead of pgrep.  pgrep_full is still passed through to ensure
++        # deprecation WARNS.  lp1474030
++        self.log.warn('DEPRECATION WARNING:  use '
++                      'validate_service_config_changed instead of '
++                      'service_restarted due to known races.')
++
          time.sleep(sleep_time)
          if (self._get_proc_start_time(sentry_unit, service, pgrep_full) >=
                  self._get_file_mtime(sentry_unit, filename)):
@@ -304,15 +323,15 @@
              return False
      def service_restarted_since(self, sentry_unit, mtime, service,
--                                pgrep_full=False, sleep_time=20,
--                                retry_count=2):
++                                pgrep_full=None, sleep_time=20,
++                                retry_count=2, retry_sleep_time=30):
          """Check if service was been started after a given time.
          Args:
            sentry_unit (sentry): The sentry unit to check for the service on
            mtime (float): The epoch time to check against
            service (string): service name to look for in process table
--          pgrep_full (boolean): Use full command line search mode with pgrep
++          pgrep_full: [Deprecated] Use full command line search mode with pgrep
            sleep_time (int): Seconds to sleep before looking for process
            retry_count (int): If service is not found, how many times to retry
@@ -321,30 +340,44 @@
                  False if service is older than mtime or if service was
                  not found.
          """
--        self.log.debug('Checking %s restarted since %s' % (service, mtime))
++        # NOTE(beisner) pgrep_full is no longer implemented, as pidof is now
++        # used instead of pgrep.  pgrep_full is still passed through to ensure
++        # deprecation WARNS.  lp1474030
++
++        unit_name = sentry_unit.info['unit_name']
++        self.log.debug('Checking that %s service restarted since %s on '
++                       '%s' % (service, mtime, unit_name))
          time.sleep(sleep_time)
--        proc_start_time = self._get_proc_start_time(sentry_unit, service,
--                                                    pgrep_full)
--        while retry_count > 0 and not proc_start_time:
--            self.log.debug('No pid file found for service %s, will retry %i '
--                           'more times' % (service, retry_count))
--            time.sleep(30)
--            proc_start_time = self._get_proc_start_time(sentry_unit, service,
--                                                        pgrep_full)
--            retry_count = retry_count - 1
++        proc_start_time = None
++        tries = 0
++        while tries <= retry_count and not proc_start_time:
++            try:
++                proc_start_time = self._get_proc_start_time(sentry_unit,
++                                                            service,
++                                                            pgrep_full)
++                self.log.debug('Attempt {} to get {} proc start time on {} '
++                               'OK'.format(tries, service, unit_name))
++            except IOError:
++                # NOTE(beisner) - race avoidance, proc may not exist yet.
++                # https://bugs.launchpad.net/charm-helpers/+bug/1474030
++                self.log.debug('Attempt {} to get {} proc start time on {} '
++                               'failed'.format(tries, service, unit_name))
++                time.sleep(retry_sleep_time)
++                tries += 1
          if not proc_start_time:
              self.log.warn('No proc start time found, assuming service did '
                            'not start')
              return False
          if proc_start_time >= mtime:
--            self.log.debug('proc start time is newer than provided mtime'
--                           '(%s >= %s)' % (proc_start_time, mtime))
++            self.log.debug('Proc start time is newer than provided mtime'
++                           '(%s >= %s) on %s (OK)' % (proc_start_time,
++                                                      mtime, unit_name))
              return True
          else:
--            self.log.warn('proc start time (%s) is older than provided mtime '
--                          '(%s), service did not restart' % (proc_start_time,
--                                                             mtime))
++            self.log.warn('Proc start time (%s) is older than provided mtime '
++                          '(%s) on %s, service did not '
++                          'restart' % (proc_start_time, mtime, unit_name))
              return False
      def config_updated_since(self, sentry_unit, filename, mtime,
@@ -374,8 +407,9 @@
              return False
      def validate_service_config_changed(self, sentry_unit, mtime, service,
--                                        filename, pgrep_full=False,
--                                        sleep_time=20, retry_count=2):
++                                        filename, pgrep_full=None,
++                                        sleep_time=20, retry_count=2,
++                                        retry_sleep_time=30):
          """Check service and file were updated after mtime
          Args:
@@ -383,9 +417,10 @@
            mtime (float): The epoch time to check against
            service (string): service name to look for in process table
            filename (string): The file to check mtime of
--          pgrep_full (boolean): Use full command line search mode with pgrep
--          sleep_time (int): Seconds to sleep before looking for process
++          pgrep_full: [Deprecated] Use full command line search mode with pgrep
++          sleep_time (int): Initial sleep in seconds to pass to test helpers
            retry_count (int): If service is not found, how many times to retry
++          retry_sleep_time (int): Time in seconds to wait between retries
          Typical Usage:
              u = OpenStackAmuletUtils(ERROR)
@@ -402,15 +437,25 @@
                  mtime, False if service is older than mtime or if service was
                  not found or if filename was modified before mtime.
          """
--        self.log.debug('Checking %s restarted since %s' % (service, mtime))
--        time.sleep(sleep_time)
--        service_restart = self.service_restarted_since(sentry_unit, mtime,
--                                                       service,
--                                                       pgrep_full=pgrep_full,
--                                                       sleep_time=0,
--                                                       retry_count=retry_count)
--        config_update = self.config_updated_since(sentry_unit, filename, mtime,
--                                                  sleep_time=0)
++
++        # NOTE(beisner) pgrep_full is no longer implemented, as pidof is now
++        # used instead of pgrep.  pgrep_full is still passed through to ensure
++        # deprecation WARNS.  lp1474030
++
++        service_restart = self.service_restarted_since(
++            sentry_unit, mtime,
++            service,
++            pgrep_full=pgrep_full,
++            sleep_time=sleep_time,
++            retry_count=retry_count,
++            retry_sleep_time=retry_sleep_time)
++
++        config_update = self.config_updated_since(
++            sentry_unit,
++            filename,
++            mtime,
++            sleep_time=0)
++
          return service_restart and config_update
      def get_sentry_time(self, sentry_unit):
@@ -428,7 +473,6 @@
          """Return a list of all Ubuntu releases in order of release."""
          _d = distro_info.UbuntuDistroInfo()
          _release_list = _d.all
--        self.log.debug('Ubuntu release list: {}'.format(_release_list))
          return _release_list
      def file_to_url(self, file_rel_path):
 === modified file 'tests/charmhelpers/contrib/openstack/amulet/utils.py'
 --- tests/charmhelpers/contrib/openstack/amulet/utils.py	2015-07-16 20:18:38 +0000
 +++ tests/charmhelpers/contrib/openstack/amulet/utils.py	2015-09-22 06:12:36 +0000
@@ -27,6 +27,7 @@
  import heatclient.v1.client as heat_client
  import keystoneclient.v2_0 as keystone_client
  import novaclient.v1_1.client as nova_client
++import pika
  import swiftclient
  from charmhelpers.contrib.amulet.utils import (
@@ -602,3 +603,361 @@
              self.log.debug('Ceph {} samples (OK): '
                             '{}'.format(sample_type, samples))
              return None
++
++# rabbitmq/amqp specific helpers:
++    def add_rmq_test_user(self, sentry_units,
++                          username="testuser1", password="changeme"):
++        """Add a test user via the first rmq juju unit, check connection as
++        the new user against all sentry units.
++
++        :param sentry_units: list of sentry unit pointers
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :returns: None if successful.  Raise on error.
++        """
++        self.log.debug('Adding rmq user ({})...'.format(username))
++
++        # Check that user does not already exist
++        cmd_user_list = 'rabbitmqctl list_users'
++        output, _ = self.run_cmd_unit(sentry_units[0], cmd_user_list)
++        if username in output:
++            self.log.warning('User ({}) already exists, returning '
++                             'gracefully.'.format(username))
++            return
++
++        perms = '".*" ".*" ".*"'
++        cmds = ['rabbitmqctl add_user {} {}'.format(username, password),
++                'rabbitmqctl set_permissions {} {}'.format(username, perms)]
++
++        # Add user via first unit
++        for cmd in cmds:
++            output, _ = self.run_cmd_unit(sentry_units[0], cmd)
++
++        # Check connection against the other sentry_units
++        self.log.debug('Checking user connect against units...')
++        for sentry_unit in sentry_units:
++            connection = self.connect_amqp_by_unit(sentry_unit, ssl=False,
++                                                   username=username,
++                                                   password=password)
++            connection.close()
++
++    def delete_rmq_test_user(self, sentry_units, username="testuser1"):
++        """Delete a rabbitmq user via the first rmq juju unit.
++
++        :param sentry_units: list of sentry unit pointers
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :returns: None if successful or no such user.
++        """
++        self.log.debug('Deleting rmq user ({})...'.format(username))
++
++        # Check that the user exists
++        cmd_user_list = 'rabbitmqctl list_users'
++        output, _ = self.run_cmd_unit(sentry_units[0], cmd_user_list)
++
++        if username not in output:
++            self.log.warning('User ({}) does not exist, returning '
++                             'gracefully.'.format(username))
++            return
++
++        # Delete the user
++        cmd_user_del = 'rabbitmqctl delete_user {}'.format(username)
++        output, _ = self.run_cmd_unit(sentry_units[0], cmd_user_del)
++
++    def get_rmq_cluster_status(self, sentry_unit):
++        """Execute rabbitmq cluster status command on a unit and return
++        the full output.
++
++        :param unit: sentry unit
++        :returns: String containing console output of cluster status command
++        """
++        cmd = 'rabbitmqctl cluster_status'
++        output, _ = self.run_cmd_unit(sentry_unit, cmd)
++        self.log.debug('{} cluster_status:\n{}'.format(
++            sentry_unit.info['unit_name'], output))
++        return str(output)
++
++    def get_rmq_cluster_running_nodes(self, sentry_unit):
++        """Parse rabbitmqctl cluster_status output string, return list of
++        running rabbitmq cluster nodes.
++
++        :param unit: sentry unit
++        :returns: List containing node names of running nodes
++        """
++        # NOTE(beisner): rabbitmqctl cluster_status output is not
++        # json-parsable, do string chop foo, then json.loads that.
++        str_stat = self.get_rmq_cluster_status(sentry_unit)
++        if 'running_nodes' in str_stat:
++            pos_start = str_stat.find("{running_nodes,") + 15
++            pos_end = str_stat.find("]},", pos_start) + 1
++            str_run_nodes = str_stat[pos_start:pos_end].replace("'", '"')
++            run_nodes = json.loads(str_run_nodes)
++            return run_nodes
++        else:
++            return []
++
++    def validate_rmq_cluster_running_nodes(self, sentry_units):
++        """Check that all rmq unit hostnames are represented in the
++        cluster_status output of all units.
++
++        :param host_names: dict of juju unit names to host names
++        :param units: list of sentry unit pointers (all rmq units)
++        :returns: None if successful, otherwise return error message
++        """
++        host_names = self.get_unit_hostnames(sentry_units)
++        errors = []
++
++        # Query every unit for cluster_status running nodes
++        for query_unit in sentry_units:
++            query_unit_name = query_unit.info['unit_name']
++            running_nodes = self.get_rmq_cluster_running_nodes(query_unit)
++
++            # Confirm that every unit is represented in the queried unit's
++            # cluster_status running nodes output.
++            for validate_unit in sentry_units:
++                val_host_name = host_names[validate_unit.info['unit_name']]
++                val_node_name = 'rabbit@{}'.format(val_host_name)
++
++                if val_node_name not in running_nodes:
++                    errors.append('Cluster member check failed on {}: {} not '
++                                  'in {}\n'.format(query_unit_name,
++                                                   val_node_name,
++                                                   running_nodes))
++        if errors:
++            return ''.join(errors)
++
++    def rmq_ssl_is_enabled_on_unit(self, sentry_unit, port=None):
++        """Check a single juju rmq unit for ssl and port in the config file."""
++        host = sentry_unit.info['public-address']
++        unit_name = sentry_unit.info['unit_name']
++
++        conf_file = '/etc/rabbitmq/rabbitmq.config'
++        conf_contents = str(self.file_contents_safe(sentry_unit,
++                                                    conf_file, max_wait=16))
++        # Checks
++        conf_ssl = 'ssl' in conf_contents
++        conf_port = str(port) in conf_contents
++
++        # Port explicitly checked in config
++        if port and conf_port and conf_ssl:
++            self.log.debug('SSL is enabled  @{}:{} '
++                           '({})'.format(host, port, unit_name))
++            return True
++        elif port and not conf_port and conf_ssl:
++            self.log.debug('SSL is enabled @{} but not on port {} '
++                           '({})'.format(host, port, unit_name))
++            return False
++        # Port not checked (useful when checking that ssl is disabled)
++        elif not port and conf_ssl:
++            self.log.debug('SSL is enabled  @{}:{} '
++                           '({})'.format(host, port, unit_name))
++            return True
++        elif not port and not conf_ssl:
++            self.log.debug('SSL not enabled @{}:{} '
++                           '({})'.format(host, port, unit_name))
++            return False
++        else:
++            msg = ('Unknown condition when checking SSL status @{}:{} '
++                   '({})'.format(host, port, unit_name))
++            amulet.raise_status(amulet.FAIL, msg)
++
++    def validate_rmq_ssl_enabled_units(self, sentry_units, port=None):
++        """Check that ssl is enabled on rmq juju sentry units.
++
++        :param sentry_units: list of all rmq sentry units
++        :param port: optional ssl port override to validate
++        :returns: None if successful, otherwise return error message
++        """
++        for sentry_unit in sentry_units:
++            if not self.rmq_ssl_is_enabled_on_unit(sentry_unit, port=port):
++                return ('Unexpected condition:  ssl is disabled on unit '
++                        '({})'.format(sentry_unit.info['unit_name']))
++        return None
++
++    def validate_rmq_ssl_disabled_units(self, sentry_units):
++        """Check that ssl is enabled on listed rmq juju sentry units.
++
++        :param sentry_units: list of all rmq sentry units
++        :returns: True if successful.  Raise on error.
++        """
++        for sentry_unit in sentry_units:
++            if self.rmq_ssl_is_enabled_on_unit(sentry_unit):
++                return ('Unexpected condition:  ssl is enabled on unit '
++                        '({})'.format(sentry_unit.info['unit_name']))
++        return None
++
++    def configure_rmq_ssl_on(self, sentry_units, deployment,
++                             port=None, max_wait=60):
++        """Turn ssl charm config option on, with optional non-default
++        ssl port specification.  Confirm that it is enabled on every
++        unit.
++
++        :param sentry_units: list of sentry units
++        :param deployment: amulet deployment object pointer
++        :param port: amqp port, use defaults if None
++        :param max_wait: maximum time to wait in seconds to confirm
++        :returns: None if successful.  Raise on error.
++        """
++        self.log.debug('Setting ssl charm config option:  on')
++
++        # Enable RMQ SSL
++        config = {'ssl': 'on'}
++        if port:
++            config['ssl_port'] = port
++
++        deployment.configure('rabbitmq-server', config)
++
++        # Confirm
++        tries = 0
++        ret = self.validate_rmq_ssl_enabled_units(sentry_units, port=port)
++        while ret and tries < (max_wait / 4):
++            time.sleep(4)
++            self.log.debug('Attempt {}: {}'.format(tries, ret))
++            ret = self.validate_rmq_ssl_enabled_units(sentry_units, port=port)
++            tries += 1
++
++        if ret:
++            amulet.raise_status(amulet.FAIL, ret)
++
++    def configure_rmq_ssl_off(self, sentry_units, deployment, max_wait=60):
++        """Turn ssl charm config option off, confirm that it is disabled
++        on every unit.
++
++        :param sentry_units: list of sentry units
++        :param deployment: amulet deployment object pointer
++        :param max_wait: maximum time to wait in seconds to confirm
++        :returns: None if successful.  Raise on error.
++        """
++        self.log.debug('Setting ssl charm config option:  off')
++
++        # Disable RMQ SSL
++        config = {'ssl': 'off'}
++        deployment.configure('rabbitmq-server', config)
++
++        # Confirm
++        tries = 0
++        ret = self.validate_rmq_ssl_disabled_units(sentry_units)
++        while ret and tries < (max_wait / 4):
++            time.sleep(4)
++            self.log.debug('Attempt {}: {}'.format(tries, ret))
++            ret = self.validate_rmq_ssl_disabled_units(sentry_units)
++            tries += 1
++
++        if ret:
++            amulet.raise_status(amulet.FAIL, ret)
++
++    def connect_amqp_by_unit(self, sentry_unit, ssl=False,
++                             port=None, fatal=True,
++                             username="testuser1", password="changeme"):
++        """Establish and return a pika amqp connection to the rabbitmq service
++        running on a rmq juju unit.
++
++        :param sentry_unit: sentry unit pointer
++        :param ssl: boolean, default to False
++        :param port: amqp port, use defaults if None
++        :param fatal: boolean, default to True (raises on connect error)
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :returns: pika amqp connection pointer or None if failed and non-fatal
++        """
++        host = sentry_unit.info['public-address']
++        unit_name = sentry_unit.info['unit_name']
++
++        # Default port logic if port is not specified
++        if ssl and not port:
++            port = 5671
++        elif not ssl and not port:
++            port = 5672
++
++        self.log.debug('Connecting to amqp on {}:{} ({}) as '
++                       '{}...'.format(host, port, unit_name, username))
++
++        try:
++            credentials = pika.PlainCredentials(username, password)
++            parameters = pika.ConnectionParameters(host=host, port=port,
++                                                   credentials=credentials,
++                                                   ssl=ssl,
++                                                   connection_attempts=3,
++                                                   retry_delay=5,
++                                                   socket_timeout=1)
++            connection = pika.BlockingConnection(parameters)
++            assert connection.server_properties['product'] == 'RabbitMQ'
++            self.log.debug('Connect OK')
++            return connection
++        except Exception as e:
++            msg = ('amqp connection failed to {}:{} as '
++                   '{} ({})'.format(host, port, username, str(e)))
++            if fatal:
++                amulet.raise_status(amulet.FAIL, msg)
++            else:
++                self.log.warn(msg)
++                return None
++
++    def publish_amqp_message_by_unit(self, sentry_unit, message,
++                                     queue="test", ssl=False,
++                                     username="testuser1",
++                                     password="changeme",
++                                     port=None):
++        """Publish an amqp message to a rmq juju unit.
++
++        :param sentry_unit: sentry unit pointer
++        :param message: amqp message string
++        :param queue: message queue, default to test
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :param ssl: boolean, default to False
++        :param port: amqp port, use defaults if None
++        :returns: None.  Raises exception if publish failed.
++        """
++        self.log.debug('Publishing message to {} queue:\n{}'.format(queue,
++                                                                    message))
++        connection = self.connect_amqp_by_unit(sentry_unit, ssl=ssl,
++                                               port=port,
++                                               username=username,
++                                               password=password)
++
++        # NOTE(beisner): extra debug here re: pika hang potential:
++        #   https://github.com/pika/pika/issues/297
++        #   https://groups.google.com/forum/#!topic/rabbitmq-users/Ja0iyfF0Szw
++        self.log.debug('Defining channel...')
++        channel = connection.channel()
++        self.log.debug('Declaring queue...')
++        channel.queue_declare(queue=queue, auto_delete=False, durable=True)
++        self.log.debug('Publishing message...')
++        channel.basic_publish(exchange='', routing_key=queue, body=message)
++        self.log.debug('Closing channel...')
++        channel.close()
++        self.log.debug('Closing connection...')
++        connection.close()
++
++    def get_amqp_message_by_unit(self, sentry_unit, queue="test",
++                                 username="testuser1",
++                                 password="changeme",
++                                 ssl=False, port=None):
++        """Get an amqp message from a rmq juju unit.
++
++        :param sentry_unit: sentry unit pointer
++        :param queue: message queue, default to test
++        :param username: amqp user name, default to testuser1
++        :param password: amqp user password
++        :param ssl: boolean, default to False
++        :param port: amqp port, use defaults if None
++        :returns: amqp message body as string.  Raise if get fails.
++        """
++        connection = self.connect_amqp_by_unit(sentry_unit, ssl=ssl,
++                                               port=port,
++                                               username=username,
++                                               password=password)
++        channel = connection.channel()
++        method_frame, _, body = channel.basic_get(queue)
++
++        if method_frame:
++            self.log.debug('Retreived message from {} queue:\n{}'.format(queue,
++                                                                         body))
++            channel.basic_ack(method_frame.delivery_tag)
++            channel.close()
++            connection.close()
++            return body
++        else:
++            msg = 'No message retrieved.'
++            amulet.raise_status(amulet.FAIL, msg)
 === modified file 'unit_tests/test_nova_cc_utils.py'
 --- unit_tests/test_nova_cc_utils.py	2015-06-10 15:48:34 +0000
 +++ unit_tests/test_nova_cc_utils.py	2015-09-22 06:12:36 +0000
@@ -416,8 +416,8 @@
      @patch.object(utils, 'ssh_known_host_key')
      @patch('subprocess.check_output')
      def test_add_known_host_exists(self, check_output, host_key, rm):
--        check_output.return_value = 'fookey'
--        host_key.return_value = 'fookey'
++        check_output.return_value = '|1|= fookey'
++        host_key.return_value = '|1|= fookey'
          with patch_open() as (_open, _file):
              utils.add_known_host('foohost')
              self.assertFalse(rm.called)
@@ -429,8 +429,8 @@
      @patch('subprocess.check_output')
      def test_add_known_host_exists_outdated(
              self, check_output, host_key, rm, known_hosts):
--        check_output.return_value = 'fookey'
--        host_key.return_value = 'fookey_old'
++        check_output.return_value = '|1|= fookey'
++        host_key.return_value = '|1|= fookey_old'
          with patch_open() as (_open, _file):
              utils.add_known_host('foohost', None, None)
              rm.assert_called_with('foohost', None, None)
@@ -441,13 +441,13 @@
      @patch('subprocess.check_output')
      def test_add_known_host_exists_added(
              self, check_output, host_key, rm, known_hosts):
--        check_output.return_value = 'fookey'
++        check_output.return_value = '|1|= fookey'
          host_key.return_value = None
          with patch_open() as (_open, _file):
              _file.write = MagicMock()
              utils.add_known_host('foohost')
              self.assertFalse(rm.called)
--            _file.write.assert_called_with('fookey\n')
++            _file.write.assert_called_with('|1|= fookey\n')
      @patch('__builtin__.open')
      @patch('os.mkdir')

Juju Charms Collectionnova-cloud-controller package

Merge lp:~xianghui/charms/trusty/nova-cloud-controller/live_migration into lp:~openstack-charmers-archive/charms/trusty/nova-cloud-controller/next

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
nova-cloud-controller package