981b86a3a1
Update the keystone authtoken template section to explicitly specify v3 API when it is in use. This prevents errors that result in "Could not find versioned identity endpoints when attempting to authenticate". Along with this change we remove the tests that verify the keystone_authtoken section as it's generally agreed that functional testing should catch issues with this config. Also update requirements to fix pyyaml dep of charm-tools. Finally get glance v1 client for icehouse. Previously the image virt type was qemu and the compute node virt type was kvm. This works for deployments prior to rocky but in rocky this causes the image type filter to return no valid hosts. An update to charmhelpers has removed the default behaviour of setting the virt type to 'qemu' by default. Due to a bug in icehouse updating glance image properties using the v2 api fails (See Bug #1371559) so for icehouse deploys get a v1 client. Change-Id: I4ca604c674bda5d5f7daca6a3e9d13c8b4bd4efa Closes-Bug: #1794637
87 lines
2.6 KiB
Python
87 lines
2.6 KiB
Python
# Copyright 2014-2015 Canonical Limited.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
#
|
|
# Copyright 2012 Canonical Ltd.
|
|
#
|
|
# This file is sourced from lp:openstack-charm-helpers
|
|
#
|
|
# Authors:
|
|
# James Page <james.page@ubuntu.com>
|
|
# Adam Gandelman <adamg@ubuntu.com>
|
|
#
|
|
|
|
import os
|
|
|
|
from charmhelpers.core import host
|
|
from charmhelpers.core.hookenv import (
|
|
config as config_get,
|
|
relation_get,
|
|
relation_ids,
|
|
related_units as relation_list,
|
|
log,
|
|
INFO,
|
|
)
|
|
|
|
|
|
def get_cert(cn=None):
|
|
# TODO: deal with multiple https endpoints via charm config
|
|
cert = config_get('ssl_cert')
|
|
key = config_get('ssl_key')
|
|
if not (cert and key):
|
|
log("Inspecting identity-service relations for SSL certificate.",
|
|
level=INFO)
|
|
cert = key = None
|
|
if cn:
|
|
ssl_cert_attr = 'ssl_cert_{}'.format(cn)
|
|
ssl_key_attr = 'ssl_key_{}'.format(cn)
|
|
else:
|
|
ssl_cert_attr = 'ssl_cert'
|
|
ssl_key_attr = 'ssl_key'
|
|
for r_id in relation_ids('identity-service'):
|
|
for unit in relation_list(r_id):
|
|
if not cert:
|
|
cert = relation_get(ssl_cert_attr,
|
|
rid=r_id, unit=unit)
|
|
if not key:
|
|
key = relation_get(ssl_key_attr,
|
|
rid=r_id, unit=unit)
|
|
return (cert, key)
|
|
|
|
|
|
def get_ca_cert():
|
|
ca_cert = config_get('ssl_ca')
|
|
if ca_cert is None:
|
|
log("Inspecting identity-service relations for CA SSL certificate.",
|
|
level=INFO)
|
|
for r_id in (relation_ids('identity-service') +
|
|
relation_ids('identity-credentials')):
|
|
for unit in relation_list(r_id):
|
|
if ca_cert is None:
|
|
ca_cert = relation_get('ca_cert',
|
|
rid=r_id, unit=unit)
|
|
return ca_cert
|
|
|
|
|
|
def retrieve_ca_cert(cert_file):
|
|
cert = None
|
|
if os.path.isfile(cert_file):
|
|
with open(cert_file, 'rb') as crt:
|
|
cert = crt.read()
|
|
return cert
|
|
|
|
|
|
def install_ca_cert(ca_cert):
|
|
host.install_ca_cert(ca_cert, 'keystone_juju_ca_cert')
|