From 4e55e2f4c1099c5050ac4c23bdd54d455e2e0d7d Mon Sep 17 00:00:00 2001 From: James Page Date: Wed, 10 Feb 2016 12:27:52 +0000 Subject: [PATCH] Updates for liberty fixes --- domain-setup.sh | 11 +++++++++++ hooks/heat_context.py | 6 +++--- hooks/heat_relations.py | 10 ++++++++++ hooks/heat_utils.py | 4 ++-- hooks/leader-elected | 1 + templates/liberty/heat.conf | 7 ++++++- unit_tests/test_heat_context.py | 10 +++++++--- unit_tests/test_heat_relations.py | 4 ++-- 8 files changed, 42 insertions(+), 11 deletions(-) create mode 100644 domain-setup.sh create mode 120000 hooks/leader-elected diff --git a/domain-setup.sh b/domain-setup.sh new file mode 100644 index 0000000..6e0cde9 --- /dev/null +++ b/domain-setup.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -e + +openstack domain create --description "Stack projects and users" heat + +openstack user create --domain heat --password `leader-get heat-domain-admin-passwd` heat_domain_admin + +openstack role add --domain heat --user heat_domain_admin admin + +openstack role create heat_stack_user diff --git a/hooks/heat_context.py b/hooks/heat_context.py index 20ab49b..6e8b43c 100644 --- a/hooks/heat_context.py +++ b/hooks/heat_context.py @@ -1,7 +1,7 @@ import os from charmhelpers.contrib.openstack import context -from charmhelpers.core.hookenv import config +from charmhelpers.core.hookenv import config, leader_get from charmhelpers.core.host import pwgen from charmhelpers.contrib.hahelpers.cluster import ( determine_apache_port, @@ -53,14 +53,14 @@ def get_encryption_key(): return encryption -class EncryptionContext(context.OSContextGenerator): +class HeatSecurityContext(context.OSContextGenerator): def __call__(self): ctxt = {} - # check if we have stored encryption key encryption = get_encryption_key() ctxt['encryption_key'] = encryption + ctxt['heat_domain_admin_passwd'] = leader_get('heat-domain-admin-passwd') return ctxt diff --git a/hooks/heat_relations.py b/hooks/heat_relations.py index 8a22963..3cfaaba 100755 --- a/hooks/heat_relations.py +++ b/hooks/heat_relations.py @@ -23,11 +23,15 @@ from charmhelpers.core.hookenv import ( open_port, unit_get, status_set, + leader_get, + leader_set, + is_leader, ) from charmhelpers.core.host import ( restart_on_change, service_reload, + pwgen, ) from charmhelpers.fetch import ( @@ -216,6 +220,12 @@ def relation_broken(): CONFIGS.write_all() +@hooks.hook('leader-elected') +def leader_elected(): + if is_leader() and not leader_get('heat-domain-admin-passwd'): + leader_set('heat-domain-admin-passwd', pwgen(32)) + + def main(): try: hooks.execute(sys.argv) diff --git a/hooks/heat_utils.py b/hooks/heat_utils.py index 92ef8bb..9254056 100644 --- a/hooks/heat_utils.py +++ b/hooks/heat_utils.py @@ -37,7 +37,7 @@ from charmhelpers.core.host import ( from heat_context import ( API_PORTS, HeatIdentityServiceContext, - EncryptionContext, + HeatSecurityContext, InstanceUserContext, HeatApacheSSLContext, HeatHAProxyContext, @@ -86,7 +86,7 @@ CONFIG_FILES = OrderedDict([ context.OSConfigFlagContext(), HeatIdentityServiceContext(service=SVC, service_user=SVC), HeatHAProxyContext(), - EncryptionContext(), + HeatSecurityContext(), InstanceUserContext(), context.SyslogContext(), context.LogLevelContext(), diff --git a/hooks/leader-elected b/hooks/leader-elected new file mode 120000 index 0000000..ab98840 --- /dev/null +++ b/hooks/leader-elected @@ -0,0 +1 @@ +heat_relations.py \ No newline at end of file diff --git a/templates/liberty/heat.conf b/templates/liberty/heat.conf index 07997c9..3f9ad14 100644 --- a/templates/liberty/heat.conf +++ b/templates/liberty/heat.conf @@ -7,10 +7,15 @@ instance_user={{ instance_user }} instance_driver=heat.engine.nova plugin_dirs=/usr/lib64/heat,/usr/lib/heat environment_dir=/etc/heat/environment.d -deferred_auth_method=password host=heat auth_encryption_key={{ encryption_key }} +deferred_auth_method=trust + +stack_domain_admin = heat_domain_admin +stack_domain_admin_password = {{ heat_domain_admin_passwd }} +stack_user_domain_name = heat + {% if auth_host -%} [keystone_authtoken] identity_uri = {{ service_protocol }}://{{ service_host }}:{{ auth_port }} diff --git a/unit_tests/test_heat_context.py b/unit_tests/test_heat_context.py index 9692d4d..f81aac4 100644 --- a/unit_tests/test_heat_context.py +++ b/unit_tests/test_heat_context.py @@ -5,7 +5,8 @@ from test_utils import CharmTestCase TO_PATCH = [ 'get_encryption_key', 'generate_ec2_tokens', - 'config' + 'config', + 'leader_get', ] @@ -16,9 +17,12 @@ class TestHeatContext(CharmTestCase): def test_encryption_configuration(self): self.get_encryption_key.return_value = 'key' + self.leader_get.return_value = 'password' self.assertEquals( - heat_context.EncryptionContext()(), - {'encryption_key': 'key'}) + heat_context.HeatSecurityContext()(), + {'encryption_key': 'key', + 'heat_domain_admin_passwd': 'password'}) + self.leader_get.assert_called_with('heat-domain-admin-passwd') def test_instance_user_empty_configuration(self): self.config.return_value = None diff --git a/unit_tests/test_heat_relations.py b/unit_tests/test_heat_relations.py index dfcd60d..534ba2e 100644 --- a/unit_tests/test_heat_relations.py +++ b/unit_tests/test_heat_relations.py @@ -240,5 +240,5 @@ class HeatRelationTests(CharmTestCase): self.sync_db_with_multi_ipv6_addresses.return_value = MagicMock() self.test_config.set('prefer-ipv6', True) relations.db_joined() - self.sync_db_with_multi_ipv6_addresses.assert_called_with_once( - 'heat', 'heat') + self.sync_db_with_multi_ipv6_addresses.assert_called_with( + 'heat', 'heat', relation_prefix='heat')