Updates for liberty fixes

This commit is contained in:
James Page 2016-02-10 12:27:52 +00:00
parent a85b9648d7
commit 4e55e2f4c1
8 changed files with 42 additions and 11 deletions

11
domain-setup.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
set -e
openstack domain create --description "Stack projects and users" heat
openstack user create --domain heat --password `leader-get heat-domain-admin-passwd` heat_domain_admin
openstack role add --domain heat --user heat_domain_admin admin
openstack role create heat_stack_user

View File

@ -1,7 +1,7 @@
import os
from charmhelpers.contrib.openstack import context
from charmhelpers.core.hookenv import config
from charmhelpers.core.hookenv import config, leader_get
from charmhelpers.core.host import pwgen
from charmhelpers.contrib.hahelpers.cluster import (
determine_apache_port,
@ -53,14 +53,14 @@ def get_encryption_key():
return encryption
class EncryptionContext(context.OSContextGenerator):
class HeatSecurityContext(context.OSContextGenerator):
def __call__(self):
ctxt = {}
# check if we have stored encryption key
encryption = get_encryption_key()
ctxt['encryption_key'] = encryption
ctxt['heat_domain_admin_passwd'] = leader_get('heat-domain-admin-passwd')
return ctxt

View File

@ -23,11 +23,15 @@ from charmhelpers.core.hookenv import (
open_port,
unit_get,
status_set,
leader_get,
leader_set,
is_leader,
)
from charmhelpers.core.host import (
restart_on_change,
service_reload,
pwgen,
)
from charmhelpers.fetch import (
@ -216,6 +220,12 @@ def relation_broken():
CONFIGS.write_all()
@hooks.hook('leader-elected')
def leader_elected():
if is_leader() and not leader_get('heat-domain-admin-passwd'):
leader_set('heat-domain-admin-passwd', pwgen(32))
def main():
try:
hooks.execute(sys.argv)

View File

@ -37,7 +37,7 @@ from charmhelpers.core.host import (
from heat_context import (
API_PORTS,
HeatIdentityServiceContext,
EncryptionContext,
HeatSecurityContext,
InstanceUserContext,
HeatApacheSSLContext,
HeatHAProxyContext,
@ -86,7 +86,7 @@ CONFIG_FILES = OrderedDict([
context.OSConfigFlagContext(),
HeatIdentityServiceContext(service=SVC, service_user=SVC),
HeatHAProxyContext(),
EncryptionContext(),
HeatSecurityContext(),
InstanceUserContext(),
context.SyslogContext(),
context.LogLevelContext(),

1
hooks/leader-elected Symbolic link
View File

@ -0,0 +1 @@
heat_relations.py

View File

@ -7,10 +7,15 @@ instance_user={{ instance_user }}
instance_driver=heat.engine.nova
plugin_dirs=/usr/lib64/heat,/usr/lib/heat
environment_dir=/etc/heat/environment.d
deferred_auth_method=password
host=heat
auth_encryption_key={{ encryption_key }}
deferred_auth_method=trust
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = {{ heat_domain_admin_passwd }}
stack_user_domain_name = heat
{% if auth_host -%}
[keystone_authtoken]
identity_uri = {{ service_protocol }}://{{ service_host }}:{{ auth_port }}

View File

@ -5,7 +5,8 @@ from test_utils import CharmTestCase
TO_PATCH = [
'get_encryption_key',
'generate_ec2_tokens',
'config'
'config',
'leader_get',
]
@ -16,9 +17,12 @@ class TestHeatContext(CharmTestCase):
def test_encryption_configuration(self):
self.get_encryption_key.return_value = 'key'
self.leader_get.return_value = 'password'
self.assertEquals(
heat_context.EncryptionContext()(),
{'encryption_key': 'key'})
heat_context.HeatSecurityContext()(),
{'encryption_key': 'key',
'heat_domain_admin_passwd': 'password'})
self.leader_get.assert_called_with('heat-domain-admin-passwd')
def test_instance_user_empty_configuration(self):
self.config.return_value = None

View File

@ -240,5 +240,5 @@ class HeatRelationTests(CharmTestCase):
self.sync_db_with_multi_ipv6_addresses.return_value = MagicMock()
self.test_config.set('prefer-ipv6', True)
relations.db_joined()
self.sync_db_with_multi_ipv6_addresses.assert_called_with_once(
'heat', 'heat')
self.sync_db_with_multi_ipv6_addresses.assert_called_with(
'heat', 'heat', relation_prefix='heat')