Sync charm-helpers for Stein release
As a part of the Stein release, we need to ensure that charmhelpers is up to date. Change-Id: Id89a61116a92f56e7faac1a48c11003547e169b7
This commit is contained in:
parent
634e1b31b1
commit
a349d69354
|
@ -180,13 +180,17 @@ def create_ip_cert_links(ssl_dir, custom_hostname_link=None):
|
||||||
os.symlink(hostname_key, custom_key)
|
os.symlink(hostname_key, custom_key)
|
||||||
|
|
||||||
|
|
||||||
def install_certs(ssl_dir, certs, chain=None):
|
def install_certs(ssl_dir, certs, chain=None, user='root', group='root'):
|
||||||
"""Install the certs passed into the ssl dir and append the chain if
|
"""Install the certs passed into the ssl dir and append the chain if
|
||||||
provided.
|
provided.
|
||||||
|
|
||||||
:param ssl_dir: str Directory to create symlinks in
|
:param ssl_dir: str Directory to create symlinks in
|
||||||
:param certs: {} {'cn': {'cert': 'CERT', 'key': 'KEY'}}
|
:param certs: {} {'cn': {'cert': 'CERT', 'key': 'KEY'}}
|
||||||
:param chain: str Chain to be appended to certs
|
:param chain: str Chain to be appended to certs
|
||||||
|
:param user: (Optional) Owner of certificate files. Defaults to 'root'
|
||||||
|
:type user: str
|
||||||
|
:param group: (Optional) Group of certificate files. Defaults to 'root'
|
||||||
|
:type group: str
|
||||||
"""
|
"""
|
||||||
for cn, bundle in certs.items():
|
for cn, bundle in certs.items():
|
||||||
cert_filename = 'cert_{}'.format(cn)
|
cert_filename = 'cert_{}'.format(cn)
|
||||||
|
@ -197,21 +201,25 @@ def install_certs(ssl_dir, certs, chain=None):
|
||||||
# trust certs signed by an intermediate in the chain
|
# trust certs signed by an intermediate in the chain
|
||||||
cert_data = cert_data + os.linesep + chain
|
cert_data = cert_data + os.linesep + chain
|
||||||
write_file(
|
write_file(
|
||||||
path=os.path.join(ssl_dir, cert_filename),
|
path=os.path.join(ssl_dir, cert_filename), owner=user, group=group,
|
||||||
content=cert_data, perms=0o640)
|
content=cert_data, perms=0o640)
|
||||||
write_file(
|
write_file(
|
||||||
path=os.path.join(ssl_dir, key_filename),
|
path=os.path.join(ssl_dir, key_filename), owner=user, group=group,
|
||||||
content=bundle['key'], perms=0o640)
|
content=bundle['key'], perms=0o640)
|
||||||
|
|
||||||
|
|
||||||
def process_certificates(service_name, relation_id, unit,
|
def process_certificates(service_name, relation_id, unit,
|
||||||
custom_hostname_link=None):
|
custom_hostname_link=None, user='root', group='root'):
|
||||||
"""Process the certificates supplied down the relation
|
"""Process the certificates supplied down the relation
|
||||||
|
|
||||||
:param service_name: str Name of service the certifcates are for.
|
:param service_name: str Name of service the certifcates are for.
|
||||||
:param relation_id: str Relation id providing the certs
|
:param relation_id: str Relation id providing the certs
|
||||||
:param unit: str Unit providing the certs
|
:param unit: str Unit providing the certs
|
||||||
:param custom_hostname_link: str Name of custom link to create
|
:param custom_hostname_link: str Name of custom link to create
|
||||||
|
:param user: (Optional) Owner of certificate files. Defaults to 'root'
|
||||||
|
:type user: str
|
||||||
|
:param group: (Optional) Group of certificate files. Defaults to 'root'
|
||||||
|
:type group: str
|
||||||
"""
|
"""
|
||||||
data = relation_get(rid=relation_id, unit=unit)
|
data = relation_get(rid=relation_id, unit=unit)
|
||||||
ssl_dir = os.path.join('/etc/apache2/ssl/', service_name)
|
ssl_dir = os.path.join('/etc/apache2/ssl/', service_name)
|
||||||
|
@ -223,7 +231,7 @@ def process_certificates(service_name, relation_id, unit,
|
||||||
if certs:
|
if certs:
|
||||||
certs = json.loads(certs)
|
certs = json.loads(certs)
|
||||||
install_ca_cert(ca.encode())
|
install_ca_cert(ca.encode())
|
||||||
install_certs(ssl_dir, certs, chain)
|
install_certs(ssl_dir, certs, chain, user=user, group=group)
|
||||||
create_ip_cert_links(
|
create_ip_cert_links(
|
||||||
ssl_dir,
|
ssl_dir,
|
||||||
custom_hostname_link=custom_hostname_link)
|
custom_hostname_link=custom_hostname_link)
|
||||||
|
|
|
@ -792,6 +792,7 @@ class ApacheSSLContext(OSContextGenerator):
|
||||||
# and service namespace accordingly.
|
# and service namespace accordingly.
|
||||||
external_ports = []
|
external_ports = []
|
||||||
service_namespace = None
|
service_namespace = None
|
||||||
|
user = group = 'root'
|
||||||
|
|
||||||
def enable_modules(self):
|
def enable_modules(self):
|
||||||
cmd = ['a2enmod', 'ssl', 'proxy', 'proxy_http', 'headers']
|
cmd = ['a2enmod', 'ssl', 'proxy', 'proxy_http', 'headers']
|
||||||
|
@ -810,9 +811,11 @@ class ApacheSSLContext(OSContextGenerator):
|
||||||
key_filename = 'key'
|
key_filename = 'key'
|
||||||
|
|
||||||
write_file(path=os.path.join(ssl_dir, cert_filename),
|
write_file(path=os.path.join(ssl_dir, cert_filename),
|
||||||
content=b64decode(cert), perms=0o640)
|
content=b64decode(cert), owner=self.user,
|
||||||
|
group=self.group, perms=0o640)
|
||||||
write_file(path=os.path.join(ssl_dir, key_filename),
|
write_file(path=os.path.join(ssl_dir, key_filename),
|
||||||
content=b64decode(key), perms=0o640)
|
content=b64decode(key), owner=self.user,
|
||||||
|
group=self.group, perms=0o640)
|
||||||
|
|
||||||
def configure_ca(self):
|
def configure_ca(self):
|
||||||
ca_cert = get_ca_cert()
|
ca_cert = get_ca_cert()
|
||||||
|
@ -1932,3 +1935,30 @@ class VersionsContext(OSContextGenerator):
|
||||||
return {
|
return {
|
||||||
'openstack_release': ostack,
|
'openstack_release': ostack,
|
||||||
'operating_system_release': osystem}
|
'operating_system_release': osystem}
|
||||||
|
|
||||||
|
|
||||||
|
class LogrotateContext(OSContextGenerator):
|
||||||
|
"""Common context generator for logrotate."""
|
||||||
|
|
||||||
|
def __init__(self, location, interval, count):
|
||||||
|
"""
|
||||||
|
:param location: Absolute path for the logrotate config file
|
||||||
|
:type location: str
|
||||||
|
:param interval: The interval for the rotations. Valid values are
|
||||||
|
'daily', 'weekly', 'monthly', 'yearly'
|
||||||
|
:type interval: str
|
||||||
|
:param count: The logrotate count option configures the 'count' times
|
||||||
|
the log files are being rotated before being
|
||||||
|
:type count: int
|
||||||
|
"""
|
||||||
|
self.location = location
|
||||||
|
self.interval = interval
|
||||||
|
self.count = 'rotate {}'.format(count)
|
||||||
|
|
||||||
|
def __call__(self):
|
||||||
|
ctxt = {
|
||||||
|
'logrotate_logs_location': self.location,
|
||||||
|
'logrotate_interval': self.interval,
|
||||||
|
'logrotate_count': self.count,
|
||||||
|
}
|
||||||
|
return ctxt
|
||||||
|
|
|
@ -0,0 +1,9 @@
|
||||||
|
/var/log/{{ logrotate_logs_location }}/*.log {
|
||||||
|
{{ logrotate_interval }}
|
||||||
|
{{ logrotate_count }}
|
||||||
|
compress
|
||||||
|
delaycompress
|
||||||
|
missingok
|
||||||
|
notifempty
|
||||||
|
copytruncate
|
||||||
|
}
|
Loading…
Reference in New Issue