Fixup https reconfigure on config_changed
This commit is contained in:
James Page
parent
803b58a565
commit
acb60b0db0
@ -1,6 +1,5 @@
|
|||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
import os
|
|
||||||
import time
|
import time
|
||||||
import urlparse
|
import urlparse
|
||||||
|
|
||||||
@ -29,7 +28,6 @@ from keystone_utils import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
from lib.openstack_common import (
|
from lib.openstack_common import (
|
||||||
configure_installation_source,
|
|
||||||
get_os_codename_install_source,
|
get_os_codename_install_source,
|
||||||
get_os_codename_package,
|
get_os_codename_package,
|
||||||
get_os_version_codename,
|
get_os_version_codename,
|
||||||
@ -386,6 +384,17 @@ def config_changed():
|
|||||||
|
|
||||||
utils.restart('keystone')
|
utils.restart('keystone')
|
||||||
|
|
||||||
|
if cluster.eligible_leader(CLUSTER_RES):
|
||||||
|
utils.juju_log('INFO',
|
||||||
|
'Firing identity_changed hook'
|
||||||
|
' for all related services.')
|
||||||
|
# HTTPS may have been set - so fire all identity relations
|
||||||
|
# again
|
||||||
|
for r_id in utils.relation_ids('identity-service'):
|
||||||
|
for unit in utils.relation_list(r_id):
|
||||||
|
identity_changed(relation_id=r_id,
|
||||||
|
remote_unit=unit)
|
||||||
|
|
||||||
|
|
||||||
def upgrade_charm():
|
def upgrade_charm():
|
||||||
cluster_changed()
|
cluster_changed()
|
||||||
|
|||||||
@ -1,6 +1,5 @@
|
|||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
import base64
|
|
||||||
import os
|
import os
|
||||||
import shutil
|
import shutil
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|||||||
@ -82,6 +82,7 @@ def config_get():
|
|||||||
return config
|
return config
|
||||||
|
|
||||||
|
|
||||||
|
@utils.cached
|
||||||
def get_local_endpoint():
|
def get_local_endpoint():
|
||||||
""" Returns the URL for the local end-point bypassing haproxy/ssl """
|
""" Returns the URL for the local end-point bypassing haproxy/ssl """
|
||||||
local_endpoint = 'http://localhost:{}/v2.0/'.format(
|
local_endpoint = 'http://localhost:{}/v2.0/'.format(
|
||||||
@ -89,8 +90,6 @@ def get_local_endpoint():
|
|||||||
)
|
)
|
||||||
return local_endpoint
|
return local_endpoint
|
||||||
|
|
||||||
LOCAL_ENDPOINT = get_local_endpoint()
|
|
||||||
|
|
||||||
|
|
||||||
def set_admin_token(admin_token):
|
def set_admin_token(admin_token):
|
||||||
"""Set admin token according to deployment config or use a randomly
|
"""Set admin token according to deployment config or use a randomly
|
||||||
@ -123,14 +122,14 @@ def get_admin_token():
|
|||||||
"""Temporary utility to grab the admin token as configured in
|
"""Temporary utility to grab the admin token as configured in
|
||||||
keystone.conf
|
keystone.conf
|
||||||
"""
|
"""
|
||||||
f = open(keystone_conf, 'r+')
|
with open(keystone_conf, 'r') as f:
|
||||||
for l in open(keystone_conf, 'r+').readlines():
|
for l in f.readlines():
|
||||||
if l.split(' ')[0] == 'admin_token':
|
if l.split(' ')[0] == 'admin_token':
|
||||||
try:
|
try:
|
||||||
return l.split('=')[1].strip()
|
return l.split('=')[1].strip()
|
||||||
except:
|
except:
|
||||||
error_out('Could not parse admin_token line from %s' %
|
error_out('Could not parse admin_token line from %s' %
|
||||||
keystone_conf)
|
keystone_conf)
|
||||||
error_out('Could not find admin_token line in %s' % keystone_conf)
|
error_out('Could not find admin_token line in %s' % keystone_conf)
|
||||||
|
|
||||||
|
|
||||||
@ -159,7 +158,7 @@ def update_config_block(section, **kwargs):
|
|||||||
def create_service_entry(service_name, service_type, service_desc, owner=None):
|
def create_service_entry(service_name, service_type, service_desc, owner=None):
|
||||||
""" Add a new service entry to keystone if one does not already exist """
|
""" Add a new service entry to keystone if one does not already exist """
|
||||||
import manager
|
import manager
|
||||||
manager = manager.KeystoneManager(endpoint=LOCAL_ENDPOINT,
|
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
|
||||||
token=get_admin_token())
|
token=get_admin_token())
|
||||||
for service in [s._info for s in manager.api.services.list()]:
|
for service in [s._info for s in manager.api.services.list()]:
|
||||||
if service['name'] == service_name:
|
if service['name'] == service_name:
|
||||||
@ -178,7 +177,7 @@ def create_endpoint_template(region, service, publicurl, adminurl,
|
|||||||
""" Create a new endpoint template for service if one does not already
|
""" Create a new endpoint template for service if one does not already
|
||||||
exist matching name *and* region """
|
exist matching name *and* region """
|
||||||
import manager
|
import manager
|
||||||
manager = manager.KeystoneManager(endpoint=LOCAL_ENDPOINT,
|
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
|
||||||
token=get_admin_token())
|
token=get_admin_token())
|
||||||
service_id = manager.resolve_service_id(service)
|
service_id = manager.resolve_service_id(service)
|
||||||
for ep in [e._info for e in manager.api.endpoints.list()]:
|
for ep in [e._info for e in manager.api.endpoints.list()]:
|
||||||
@ -213,7 +212,7 @@ def create_endpoint_template(region, service, publicurl, adminurl,
|
|||||||
def create_tenant(name):
|
def create_tenant(name):
|
||||||
""" creates a tenant if it does not already exist """
|
""" creates a tenant if it does not already exist """
|
||||||
import manager
|
import manager
|
||||||
manager = manager.KeystoneManager(endpoint=LOCAL_ENDPOINT,
|
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
|
||||||
token=get_admin_token())
|
token=get_admin_token())
|
||||||
tenants = [t._info for t in manager.api.tenants.list()]
|
tenants = [t._info for t in manager.api.tenants.list()]
|
||||||
if not tenants or name not in [t['name'] for t in tenants]:
|
if not tenants or name not in [t['name'] for t in tenants]:
|
||||||
@ -227,7 +226,7 @@ def create_tenant(name):
|
|||||||
def create_user(name, password, tenant):
|
def create_user(name, password, tenant):
|
||||||
""" creates a user if it doesn't already exist, as a member of tenant """
|
""" creates a user if it doesn't already exist, as a member of tenant """
|
||||||
import manager
|
import manager
|
||||||
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
|
manager = manager.KeystoneManager(endpoint=get_local_endpoint()(),
|
||||||
token=get_admin_token())
|
token=get_admin_token())
|
||||||
users = [u._info for u in manager.api.users.list()]
|
users = [u._info for u in manager.api.users.list()]
|
||||||
if not users or name not in [u['name'] for u in users]:
|
if not users or name not in [u['name'] for u in users]:
|
||||||
@ -247,7 +246,7 @@ def create_user(name, password, tenant):
|
|||||||
def create_role(name, user=None, tenant=None):
|
def create_role(name, user=None, tenant=None):
|
||||||
""" creates a role if it doesn't already exist. grants role to user """
|
""" creates a role if it doesn't already exist. grants role to user """
|
||||||
import manager
|
import manager
|
||||||
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
|
manager = manager.KeystoneManager(endpoint=get_local_endpoint()(),
|
||||||
token=get_admin_token())
|
token=get_admin_token())
|
||||||
roles = [r._info for r in manager.api.roles.list()]
|
roles = [r._info for r in manager.api.roles.list()]
|
||||||
if not roles or name not in [r['name'] for r in roles]:
|
if not roles or name not in [r['name'] for r in roles]:
|
||||||
@ -274,7 +273,7 @@ def create_role(name, user=None, tenant=None):
|
|||||||
def grant_role(user, role, tenant):
|
def grant_role(user, role, tenant):
|
||||||
"""grant user+tenant a specific role"""
|
"""grant user+tenant a specific role"""
|
||||||
import manager
|
import manager
|
||||||
manager = manager.KeystoneManager(endpoint=LOCAL_ENDPOINT,
|
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
|
||||||
token=get_admin_token())
|
token=get_admin_token())
|
||||||
utils.juju_log('INFO', "Granting user '%s' role '%s' on tenant '%s'" % \
|
utils.juju_log('INFO', "Granting user '%s' role '%s' on tenant '%s'" % \
|
||||||
(user, role, tenant))
|
(user, role, tenant))
|
||||||
@ -298,7 +297,7 @@ def grant_role(user, role, tenant):
|
|||||||
def generate_admin_token(config):
|
def generate_admin_token(config):
|
||||||
""" generate and add an admin token """
|
""" generate and add an admin token """
|
||||||
import manager
|
import manager
|
||||||
manager = manager.KeystoneManager(endpoint=LOCAL_ENDPOINT,
|
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
|
||||||
token='ADMIN')
|
token='ADMIN')
|
||||||
if config["admin-token"] == "None":
|
if config["admin-token"] == "None":
|
||||||
import random
|
import random
|
||||||
@ -370,7 +369,7 @@ def create_keystone_endpoint(service_host, service_port,
|
|||||||
|
|
||||||
def update_user_password(username, password):
|
def update_user_password(username, password):
|
||||||
import manager
|
import manager
|
||||||
manager = manager.KeystoneManager(endpoint=LOCAL_ENDPOINT,
|
manager = manager.KeystoneManager(endpoint=get_local_endpoint(),
|
||||||
token=get_admin_token())
|
token=get_admin_token())
|
||||||
utils.juju_log('INFO', "Updating password for user '%s'" % username)
|
utils.juju_log('INFO', "Updating password for user '%s'" % username)
|
||||||
|
|
||||||
@ -521,3 +520,11 @@ def get_ca(user='keystone', group='keystone'):
|
|||||||
execute('chmod -R g+rwx %s' % SSL_DIR)
|
execute('chmod -R g+rwx %s' % SSL_DIR)
|
||||||
CA.append(ca)
|
CA.append(ca)
|
||||||
return CA[0]
|
return CA[0]
|
||||||
|
|
||||||
|
|
||||||
|
def https():
|
||||||
|
if (utils.config_get('https-service-endpoints') in ["yes", "true", "True"]
|
||||||
|
or cluster.https()):
|
||||||
|
return True
|
||||||
|
else:
|
||||||
|
return False
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user