diff --git a/hooks/ceilometer_hooks.py b/hooks/ceilometer_hooks.py index 0ba8a13..6a40bc7 100755 --- a/hooks/ceilometer_hooks.py +++ b/hooks/ceilometer_hooks.py @@ -25,20 +25,22 @@ from charmhelpers.fetch import ( filter_installed_packages, ) from charmhelpers.core.hookenv import ( - open_port, - close_port, - relation_get, - relation_set, - relation_ids, - config, - Hooks, UnregisteredHookError, - log, - status_set, - WARNING, DEBUG, + Hooks, + UnregisteredHookError, + WARNING, + close_port, + config, is_leader, leader_get, leader_set, + log, + open_port, + related_units, + relation_get, + relation_ids, + relation_set, + status_set, ) from charmhelpers.core.host import ( service_restart, @@ -46,6 +48,7 @@ from charmhelpers.core.host import ( mkdir, init_is_systemd, ) +import charmhelpers.contrib.openstack.cert_utils as cert_utils from charmhelpers.contrib.openstack.context import ADDRESS_TYPES from charmhelpers.contrib.openstack.utils import ( configure_installation_source, @@ -170,6 +173,9 @@ def metric_service_joined(): @restart_on_change(restart_map()) def any_changed(): CONFIGS.write_all() + for r_id in relation_ids('certificates'): + for unit in related_units(r_id): + certs_changed(r_id, unit) configure_https() for rid in relation_ids('identity-service'): keystone_joined(relid=rid) @@ -231,6 +237,10 @@ def config_changed(): else: close_port(CEILOMETER_PORT) + # Refire certificates relations for VIP changes + for r_id in relation_ids('certificates'): + certs_joined(r_id) + configure_https() # NOTE(jamespage): Iterate identity-{service,credentials} relations @@ -445,6 +455,22 @@ def post_series_upgrade(): resume_unit_helper, CONFIGS) +@hooks.hook('certificates-relation-joined') +def certs_joined(relation_id=None): + relation_set( + relation_id=relation_id, + relation_settings=cert_utils.get_certificate_request()) + + +@hooks.hook('certificates-relation-changed') +def certs_changed(relation_id=None, unit=None): + @restart_on_change(restart_map()) + def _certs_changed(): + cert_utils.process_certificates('ceilometer-api', relation_id, unit) + configure_https() + _certs_changed() + + if __name__ == '__main__': try: hooks.execute(sys.argv) diff --git a/hooks/certificates-relation-broken b/hooks/certificates-relation-broken new file mode 120000 index 0000000..c948469 --- /dev/null +++ b/hooks/certificates-relation-broken @@ -0,0 +1 @@ +ceilometer_hooks.py \ No newline at end of file diff --git a/hooks/certificates-relation-changed b/hooks/certificates-relation-changed new file mode 120000 index 0000000..c948469 --- /dev/null +++ b/hooks/certificates-relation-changed @@ -0,0 +1 @@ +ceilometer_hooks.py \ No newline at end of file diff --git a/hooks/certificates-relation-departed b/hooks/certificates-relation-departed new file mode 120000 index 0000000..c948469 --- /dev/null +++ b/hooks/certificates-relation-departed @@ -0,0 +1 @@ +ceilometer_hooks.py \ No newline at end of file diff --git a/hooks/certificates-relation-joined b/hooks/certificates-relation-joined new file mode 120000 index 0000000..c948469 --- /dev/null +++ b/hooks/certificates-relation-joined @@ -0,0 +1 @@ +ceilometer_hooks.py \ No newline at end of file diff --git a/metadata.yaml b/metadata.yaml index 2d3a371..f641ba8 100644 --- a/metadata.yaml +++ b/metadata.yaml @@ -47,6 +47,8 @@ requires: interface: gnocchi event-service: interface: event-service + certificates: + interface: tls-certificates peers: cluster: interface: ceilometer-ha diff --git a/tests/basic_deployment.py b/tests/basic_deployment.py index a2da927..b205937 100644 --- a/tests/basic_deployment.py +++ b/tests/basic_deployment.py @@ -99,6 +99,7 @@ class CeilometerBasicDeployment(OpenStackAmuletDeployment): 'keystone:shared-db': 'percona-cluster:shared-db', 'ceilometer:ceilometer-service': 'ceilometer-agent:' 'ceilometer-service', + 'ceilometer-agent:amqp': 'rabbitmq-server:amqp', 'nova-compute:nova-ceilometer': 'ceilometer-agent:nova-ceilometer', 'nova-compute:amqp': 'rabbitmq-server:amqp', 'glance:identity-service': 'keystone:identity-service', diff --git a/unit_tests/test_ceilometer_hooks.py b/unit_tests/test_ceilometer_hooks.py index b515e3b..ce29076 100644 --- a/unit_tests/test_ceilometer_hooks.py +++ b/unit_tests/test_ceilometer_hooks.py @@ -140,15 +140,20 @@ class CeilometerHooksTest(CharmTestCase): self.relation_set.assert_called_with( ceilometer_database='ceilometer') + @patch.object(hooks, 'certs_changed') + @patch.object(hooks, 'related_units') @patch.object(hooks, 'keystone_joined') @patch('charmhelpers.core.hookenv.config') @patch.object(hooks, 'ceilometer_joined') def test_any_changed(self, ceilometer_joined, mock_config, - keystone_joined): - self.relation_ids.return_value = ['identity-service:1'] + keystone_joined, _related_units, _certs_changed): + self.relation_ids.side_effect = [ + ['certificates:42'], ['identity-service:1']] + _related_units.return_value = ['vault/0'] hooks.hooks.execute(['hooks/shared-db-relation-changed']) self.assertTrue(self.CONFIGS.write_all.called) self.assertTrue(ceilometer_joined.called) + _certs_changed.assert_called_once_with('certificates:42', 'vault/0') keystone_joined.assert_called_with(relid='identity-service:1') self.configure_https.assert_called_once() @@ -426,3 +431,20 @@ class CeilometerHooksTest(CharmTestCase): ) self.apt_install.assert_called_with(['python3-gnocchiclient'], fatal=True) + + @patch.object(hooks.cert_utils, 'get_certificate_request') + @patch.object(hooks, 'relation_set') + def test_certs_joined(self, _relation_set, _get_certificate_request): + hooks.hooks.execute(['hooks/certificates-relation-joined']) + _get_certificate_request.assert_called_once_with() + _relation_set.assert_called_once_with( + relation_id=None, + relation_settings=_get_certificate_request()) + + @patch.object(hooks, 'configure_https') + @patch.object(hooks.cert_utils, 'process_certificates') + def test_certs_changed(self, _process_certificates, _configure_https): + hooks.hooks.execute(['hooks/certificates-relation-changed']) + _process_certificates.assert_called_once_with( + 'ceilometer-api', None, None) + _configure_https.assert_called_once_with()