Charm-helpers sync
This change is a result of "make sync" for neutron-api charm.
Test changes also applied: removing an "charmhelpers/tests" sync
due to recent charm changes (see commit 8937059
for details) and
keystone auth_uri/auth_url removed from test since it has to been
checked later by functional tests.
Change-Id: I108497e50f28fc2a84e035f520fea4452edd91db
This commit is contained in:
parent
47a2b8fbb4
commit
5eee070465
1
Makefile
1
Makefile
@ -19,7 +19,6 @@ bin/charm_helpers_sync.py:
|
|||||||
|
|
||||||
sync: bin/charm_helpers_sync.py
|
sync: bin/charm_helpers_sync.py
|
||||||
@$(PYTHON) bin/charm_helpers_sync.py -c charm-helpers-hooks.yaml
|
@$(PYTHON) bin/charm_helpers_sync.py -c charm-helpers-hooks.yaml
|
||||||
@$(PYTHON) bin/charm_helpers_sync.py -c charm-helpers-tests.yaml
|
|
||||||
|
|
||||||
publish: lint test
|
publish: lint test
|
||||||
bzr push lp:charms/neutron-api
|
bzr push lp:charms/neutron-api
|
||||||
|
@ -1,8 +0,0 @@
|
|||||||
repo: https://github.com/juju/charm-helpers
|
|
||||||
destination: tests/charmhelpers
|
|
||||||
include:
|
|
||||||
- contrib.amulet
|
|
||||||
- osplatform
|
|
||||||
- contrib.openstack.amulet
|
|
||||||
- core
|
|
||||||
- osplatform
|
|
@ -23,8 +23,8 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import subprocess
|
|
||||||
|
|
||||||
|
from charmhelpers.core import host
|
||||||
from charmhelpers.core.hookenv import (
|
from charmhelpers.core.hookenv import (
|
||||||
config as config_get,
|
config as config_get,
|
||||||
relation_get,
|
relation_get,
|
||||||
@ -83,14 +83,4 @@ def retrieve_ca_cert(cert_file):
|
|||||||
|
|
||||||
|
|
||||||
def install_ca_cert(ca_cert):
|
def install_ca_cert(ca_cert):
|
||||||
if ca_cert:
|
host.install_ca_cert(ca_cert, 'keystone_juju_ca_cert')
|
||||||
cert_file = ('/usr/local/share/ca-certificates/'
|
|
||||||
'keystone_juju_ca_cert.crt')
|
|
||||||
old_cert = retrieve_ca_cert(cert_file)
|
|
||||||
if old_cert and old_cert == ca_cert:
|
|
||||||
log("CA cert is the same as installed version", level=INFO)
|
|
||||||
else:
|
|
||||||
log("Installing new CA cert", level=INFO)
|
|
||||||
with open(cert_file, 'wb') as crt:
|
|
||||||
crt.write(ca_cert)
|
|
||||||
subprocess.check_call(['update-ca-certificates', '--fresh'])
|
|
||||||
|
@ -14,6 +14,7 @@
|
|||||||
|
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
|
import six
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
|
|
||||||
@ -95,6 +96,8 @@ class ApacheConfContext(object):
|
|||||||
ctxt = settings['hardening']
|
ctxt = settings['hardening']
|
||||||
|
|
||||||
out = subprocess.check_output(['apache2', '-v'])
|
out = subprocess.check_output(['apache2', '-v'])
|
||||||
|
if six.PY3:
|
||||||
|
out = out.decode('utf-8')
|
||||||
ctxt['apache_version'] = re.search(r'.+version: Apache/(.+?)\s.+',
|
ctxt['apache_version'] = re.search(r'.+version: Apache/(.+?)\s.+',
|
||||||
out).group(1)
|
out).group(1)
|
||||||
ctxt['apache_icondir'] = '/usr/share/apache2/icons/'
|
ctxt['apache_icondir'] = '/usr/share/apache2/icons/'
|
||||||
|
@ -15,7 +15,7 @@
|
|||||||
import re
|
import re
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
from six import string_types
|
import six
|
||||||
|
|
||||||
from charmhelpers.core.hookenv import (
|
from charmhelpers.core.hookenv import (
|
||||||
log,
|
log,
|
||||||
@ -35,7 +35,7 @@ class DisabledModuleAudit(BaseAudit):
|
|||||||
def __init__(self, modules):
|
def __init__(self, modules):
|
||||||
if modules is None:
|
if modules is None:
|
||||||
self.modules = []
|
self.modules = []
|
||||||
elif isinstance(modules, string_types):
|
elif isinstance(modules, six.string_types):
|
||||||
self.modules = [modules]
|
self.modules = [modules]
|
||||||
else:
|
else:
|
||||||
self.modules = modules
|
self.modules = modules
|
||||||
@ -69,6 +69,8 @@ class DisabledModuleAudit(BaseAudit):
|
|||||||
def _get_loaded_modules():
|
def _get_loaded_modules():
|
||||||
"""Returns the modules which are enabled in Apache."""
|
"""Returns the modules which are enabled in Apache."""
|
||||||
output = subprocess.check_output(['apache2ctl', '-M'])
|
output = subprocess.check_output(['apache2ctl', '-M'])
|
||||||
|
if six.PY3:
|
||||||
|
output = output.decode('utf-8')
|
||||||
modules = []
|
modules = []
|
||||||
for line in output.splitlines():
|
for line in output.splitlines():
|
||||||
# Each line of the enabled module output looks like:
|
# Each line of the enabled module output looks like:
|
||||||
|
@ -618,12 +618,12 @@ class OpenStackAmuletUtils(AmuletUtils):
|
|||||||
return self.authenticate_keystone(keystone_ip, user, password,
|
return self.authenticate_keystone(keystone_ip, user, password,
|
||||||
project_name=tenant)
|
project_name=tenant)
|
||||||
|
|
||||||
def authenticate_glance_admin(self, keystone):
|
def authenticate_glance_admin(self, keystone, force_v1_client=False):
|
||||||
"""Authenticates admin user with glance."""
|
"""Authenticates admin user with glance."""
|
||||||
self.log.debug('Authenticating glance admin...')
|
self.log.debug('Authenticating glance admin...')
|
||||||
ep = keystone.service_catalog.url_for(service_type='image',
|
ep = keystone.service_catalog.url_for(service_type='image',
|
||||||
interface='adminURL')
|
interface='adminURL')
|
||||||
if keystone.session:
|
if not force_v1_client and keystone.session:
|
||||||
return glance_clientv2.Client("2", session=keystone.session)
|
return glance_clientv2.Client("2", session=keystone.session)
|
||||||
else:
|
else:
|
||||||
return glance_client.Client(ep, token=keystone.auth_token)
|
return glance_client.Client(ep, token=keystone.auth_token)
|
||||||
@ -680,18 +680,30 @@ class OpenStackAmuletUtils(AmuletUtils):
|
|||||||
nova.flavors.create(name, ram, vcpus, disk, flavorid,
|
nova.flavors.create(name, ram, vcpus, disk, flavorid,
|
||||||
ephemeral, swap, rxtx_factor, is_public)
|
ephemeral, swap, rxtx_factor, is_public)
|
||||||
|
|
||||||
def create_cirros_image(self, glance, image_name):
|
def glance_create_image(self, glance, image_name, image_url,
|
||||||
"""Download the latest cirros image and upload it to glance,
|
download_dir='tests',
|
||||||
validate and return a resource pointer.
|
hypervisor_type=None,
|
||||||
|
disk_format='qcow2',
|
||||||
|
architecture='x86_64',
|
||||||
|
container_format='bare'):
|
||||||
|
"""Download an image and upload it to glance, validate its status
|
||||||
|
and return an image object pointer. KVM defaults, can override for
|
||||||
|
LXD.
|
||||||
|
|
||||||
:param glance: pointer to authenticated glance connection
|
:param glance: pointer to authenticated glance api connection
|
||||||
:param image_name: display name for new image
|
:param image_name: display name for new image
|
||||||
|
:param image_url: url to retrieve
|
||||||
|
:param download_dir: directory to store downloaded image file
|
||||||
|
:param hypervisor_type: glance image hypervisor property
|
||||||
|
:param disk_format: glance image disk format
|
||||||
|
:param architecture: glance image architecture property
|
||||||
|
:param container_format: glance image container format
|
||||||
:returns: glance image pointer
|
:returns: glance image pointer
|
||||||
"""
|
"""
|
||||||
self.log.debug('Creating glance cirros image '
|
self.log.debug('Creating glance image ({}) from '
|
||||||
'({})...'.format(image_name))
|
'{}...'.format(image_name, image_url))
|
||||||
|
|
||||||
# Download cirros image
|
# Download image
|
||||||
http_proxy = os.getenv('AMULET_HTTP_PROXY')
|
http_proxy = os.getenv('AMULET_HTTP_PROXY')
|
||||||
self.log.debug('AMULET_HTTP_PROXY: {}'.format(http_proxy))
|
self.log.debug('AMULET_HTTP_PROXY: {}'.format(http_proxy))
|
||||||
if http_proxy:
|
if http_proxy:
|
||||||
@ -700,31 +712,34 @@ class OpenStackAmuletUtils(AmuletUtils):
|
|||||||
else:
|
else:
|
||||||
opener = urllib.FancyURLopener()
|
opener = urllib.FancyURLopener()
|
||||||
|
|
||||||
f = opener.open('http://download.cirros-cloud.net/version/released')
|
abs_file_name = os.path.join(download_dir, image_name)
|
||||||
version = f.read().strip()
|
if not os.path.exists(abs_file_name):
|
||||||
cirros_img = 'cirros-{}-x86_64-disk.img'.format(version)
|
opener.retrieve(image_url, abs_file_name)
|
||||||
local_path = os.path.join('tests', cirros_img)
|
|
||||||
|
|
||||||
if not os.path.exists(local_path):
|
|
||||||
cirros_url = 'http://{}/{}/{}'.format('download.cirros-cloud.net',
|
|
||||||
version, cirros_img)
|
|
||||||
opener.retrieve(cirros_url, local_path)
|
|
||||||
f.close()
|
|
||||||
|
|
||||||
# Create glance image
|
# Create glance image
|
||||||
|
glance_properties = {
|
||||||
|
'architecture': architecture,
|
||||||
|
}
|
||||||
|
if hypervisor_type:
|
||||||
|
glance_properties['hypervisor_type'] = hypervisor_type
|
||||||
|
# Create glance image
|
||||||
if float(glance.version) < 2.0:
|
if float(glance.version) < 2.0:
|
||||||
with open(local_path) as fimage:
|
with open(abs_file_name) as f:
|
||||||
image = glance.images.create(name=image_name, is_public=True,
|
image = glance.images.create(
|
||||||
disk_format='qcow2',
|
name=image_name,
|
||||||
container_format='bare',
|
is_public=True,
|
||||||
data=fimage)
|
disk_format=disk_format,
|
||||||
|
container_format=container_format,
|
||||||
|
properties=glance_properties,
|
||||||
|
data=f)
|
||||||
else:
|
else:
|
||||||
image = glance.images.create(
|
image = glance.images.create(
|
||||||
name=image_name,
|
name=image_name,
|
||||||
disk_format="qcow2",
|
|
||||||
visibility="public",
|
visibility="public",
|
||||||
container_format="bare")
|
disk_format=disk_format,
|
||||||
glance.images.upload(image.id, open(local_path, 'rb'))
|
container_format=container_format)
|
||||||
|
glance.images.upload(image.id, open(abs_file_name, 'rb'))
|
||||||
|
glance.images.update(image.id, **glance_properties)
|
||||||
|
|
||||||
# Wait for image to reach active status
|
# Wait for image to reach active status
|
||||||
img_id = image.id
|
img_id = image.id
|
||||||
@ -753,15 +768,54 @@ class OpenStackAmuletUtils(AmuletUtils):
|
|||||||
val_img_stat, val_img_cfmt, val_img_dfmt))
|
val_img_stat, val_img_cfmt, val_img_dfmt))
|
||||||
|
|
||||||
if val_img_name == image_name and val_img_stat == 'active' \
|
if val_img_name == image_name and val_img_stat == 'active' \
|
||||||
and val_img_pub is True and val_img_cfmt == 'bare' \
|
and val_img_pub is True and val_img_cfmt == container_format \
|
||||||
and val_img_dfmt == 'qcow2':
|
and val_img_dfmt == disk_format:
|
||||||
self.log.debug(msg_attr)
|
self.log.debug(msg_attr)
|
||||||
else:
|
else:
|
||||||
msg = ('Volume validation failed, {}'.format(msg_attr))
|
msg = ('Image validation failed, {}'.format(msg_attr))
|
||||||
amulet.raise_status(amulet.FAIL, msg=msg)
|
amulet.raise_status(amulet.FAIL, msg=msg)
|
||||||
|
|
||||||
return image
|
return image
|
||||||
|
|
||||||
|
def create_cirros_image(self, glance, image_name, hypervisor_type=None):
|
||||||
|
"""Download the latest cirros image and upload it to glance,
|
||||||
|
validate and return a resource pointer.
|
||||||
|
|
||||||
|
:param glance: pointer to authenticated glance connection
|
||||||
|
:param image_name: display name for new image
|
||||||
|
:param hypervisor_type: glance image hypervisor property
|
||||||
|
:returns: glance image pointer
|
||||||
|
"""
|
||||||
|
# /!\ DEPRECATION WARNING
|
||||||
|
self.log.warn('/!\\ DEPRECATION WARNING: use '
|
||||||
|
'glance_create_image instead of '
|
||||||
|
'create_cirros_image.')
|
||||||
|
|
||||||
|
self.log.debug('Creating glance cirros image '
|
||||||
|
'({})...'.format(image_name))
|
||||||
|
|
||||||
|
# Get cirros image URL
|
||||||
|
http_proxy = os.getenv('AMULET_HTTP_PROXY')
|
||||||
|
self.log.debug('AMULET_HTTP_PROXY: {}'.format(http_proxy))
|
||||||
|
if http_proxy:
|
||||||
|
proxies = {'http': http_proxy}
|
||||||
|
opener = urllib.FancyURLopener(proxies)
|
||||||
|
else:
|
||||||
|
opener = urllib.FancyURLopener()
|
||||||
|
|
||||||
|
f = opener.open('http://download.cirros-cloud.net/version/released')
|
||||||
|
version = f.read().strip()
|
||||||
|
cirros_img = 'cirros-{}-x86_64-disk.img'.format(version)
|
||||||
|
cirros_url = 'http://{}/{}/{}'.format('download.cirros-cloud.net',
|
||||||
|
version, cirros_img)
|
||||||
|
f.close()
|
||||||
|
|
||||||
|
return self.glance_create_image(
|
||||||
|
glance,
|
||||||
|
image_name,
|
||||||
|
cirros_url,
|
||||||
|
hypervisor_type=hypervisor_type)
|
||||||
|
|
||||||
def delete_image(self, glance, image):
|
def delete_image(self, glance, image):
|
||||||
"""Delete the specified image."""
|
"""Delete the specified image."""
|
||||||
|
|
||||||
|
@ -1534,10 +1534,15 @@ class NeutronAPIContext(OSContextGenerator):
|
|||||||
if 'l2-population' in rdata:
|
if 'l2-population' in rdata:
|
||||||
ctxt.update(self.get_neutron_options(rdata))
|
ctxt.update(self.get_neutron_options(rdata))
|
||||||
|
|
||||||
|
extension_drivers = []
|
||||||
|
|
||||||
if ctxt['enable_qos']:
|
if ctxt['enable_qos']:
|
||||||
ctxt['extension_drivers'] = 'qos'
|
extension_drivers.append('qos')
|
||||||
else:
|
|
||||||
ctxt['extension_drivers'] = ''
|
if ctxt['enable_nsg_logging']:
|
||||||
|
extension_drivers.append('log')
|
||||||
|
|
||||||
|
ctxt['extension_drivers'] = ','.join(extension_drivers)
|
||||||
|
|
||||||
return ctxt
|
return ctxt
|
||||||
|
|
||||||
@ -1907,3 +1912,23 @@ class EnsureDirContext(OSContextGenerator):
|
|||||||
def __call__(self):
|
def __call__(self):
|
||||||
mkdir(self.dirname, **self.kwargs)
|
mkdir(self.dirname, **self.kwargs)
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
|
|
||||||
|
class VersionsContext(OSContextGenerator):
|
||||||
|
"""Context to return the openstack and operating system versions.
|
||||||
|
|
||||||
|
"""
|
||||||
|
def __init__(self, pkg='python-keystone'):
|
||||||
|
"""Initialise context.
|
||||||
|
|
||||||
|
:param pkg: Package to extrapolate openstack version from.
|
||||||
|
:type pkg: str
|
||||||
|
"""
|
||||||
|
self.pkg = pkg
|
||||||
|
|
||||||
|
def __call__(self):
|
||||||
|
ostack = os_release(self.pkg, base='icehouse')
|
||||||
|
osystem = lsb_release()['DISTRIB_CODENAME'].lower()
|
||||||
|
return {
|
||||||
|
'openstack_release': ostack,
|
||||||
|
'operating_system_release': osystem}
|
||||||
|
@ -1,12 +1,14 @@
|
|||||||
{% if auth_host -%}
|
{% if auth_host -%}
|
||||||
[keystone_authtoken]
|
[keystone_authtoken]
|
||||||
auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
|
|
||||||
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
|
||||||
auth_type = password
|
auth_type = password
|
||||||
{% if api_version == "3" -%}
|
{% if api_version == "3" -%}
|
||||||
|
auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/v3
|
||||||
|
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/v3
|
||||||
project_domain_name = {{ admin_domain_name }}
|
project_domain_name = {{ admin_domain_name }}
|
||||||
user_domain_name = {{ admin_domain_name }}
|
user_domain_name = {{ admin_domain_name }}
|
||||||
{% else -%}
|
{% else -%}
|
||||||
|
auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
|
||||||
|
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
||||||
project_domain_name = default
|
project_domain_name = default
|
||||||
user_domain_name = default
|
user_domain_name = default
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
@ -34,7 +34,7 @@ import six
|
|||||||
|
|
||||||
from contextlib import contextmanager
|
from contextlib import contextmanager
|
||||||
from collections import OrderedDict
|
from collections import OrderedDict
|
||||||
from .hookenv import log, DEBUG, local_unit
|
from .hookenv import log, INFO, DEBUG, local_unit, charm_name
|
||||||
from .fstab import Fstab
|
from .fstab import Fstab
|
||||||
from charmhelpers.osplatform import get_platform
|
from charmhelpers.osplatform import get_platform
|
||||||
|
|
||||||
@ -1040,3 +1040,27 @@ def modulo_distribution(modulo=3, wait=30, non_zero_wait=False):
|
|||||||
return modulo * wait
|
return modulo * wait
|
||||||
else:
|
else:
|
||||||
return calculated_wait_time
|
return calculated_wait_time
|
||||||
|
|
||||||
|
|
||||||
|
def install_ca_cert(ca_cert, name=None):
|
||||||
|
"""
|
||||||
|
Install the given cert as a trusted CA.
|
||||||
|
|
||||||
|
The ``name`` is the stem of the filename where the cert is written, and if
|
||||||
|
not provided, it will default to ``juju-{charm_name}``.
|
||||||
|
|
||||||
|
If the cert is empty or None, or is unchanged, nothing is done.
|
||||||
|
"""
|
||||||
|
if not ca_cert:
|
||||||
|
return
|
||||||
|
if not isinstance(ca_cert, bytes):
|
||||||
|
ca_cert = ca_cert.encode('utf8')
|
||||||
|
if not name:
|
||||||
|
name = 'juju-{}'.format(charm_name())
|
||||||
|
cert_file = '/usr/local/share/ca-certificates/{}.crt'.format(name)
|
||||||
|
new_hash = hashlib.md5(ca_cert).hexdigest()
|
||||||
|
if file_hash(cert_file) == new_hash:
|
||||||
|
return
|
||||||
|
log("Installing new CA cert at: {}".format(cert_file), level=INFO)
|
||||||
|
write_file(cert_file, ca_cert)
|
||||||
|
subprocess.check_call(['update-ca-certificates', '--fresh'])
|
||||||
|
@ -444,24 +444,11 @@ class NeutronAPIBasicDeployment(OpenStackAmuletDeployment):
|
|||||||
'dns_domain': 'openstack.example.'
|
'dns_domain': 'openstack.example.'
|
||||||
})
|
})
|
||||||
|
|
||||||
auth_uri = '{}://{}:{}'.format(
|
|
||||||
rel_napi_ks['service_protocol'],
|
|
||||||
rel_napi_ks['service_host'],
|
|
||||||
rel_napi_ks['service_port']
|
|
||||||
)
|
|
||||||
auth_url = '{}://{}:{}'.format(
|
|
||||||
rel_napi_ks['auth_protocol'],
|
|
||||||
rel_napi_ks['auth_host'],
|
|
||||||
rel_napi_ks['auth_port']
|
|
||||||
)
|
|
||||||
|
|
||||||
if self._get_openstack_release() >= self.trusty_mitaka:
|
if self._get_openstack_release() >= self.trusty_mitaka:
|
||||||
expected['nova'] = {
|
expected['nova'] = {
|
||||||
'auth_section': 'keystone_authtoken',
|
'auth_section': 'keystone_authtoken',
|
||||||
}
|
}
|
||||||
expected['keystone_authtoken'] = {
|
expected['keystone_authtoken'] = {
|
||||||
'auth_uri': auth_uri.rstrip('/'),
|
|
||||||
'auth_url': auth_url.rstrip('/'),
|
|
||||||
'auth_type': 'password',
|
'auth_type': 'password',
|
||||||
'project_domain_name': 'default',
|
'project_domain_name': 'default',
|
||||||
'user_domain_name': 'default',
|
'user_domain_name': 'default',
|
||||||
@ -475,8 +462,6 @@ class NeutronAPIBasicDeployment(OpenStackAmuletDeployment):
|
|||||||
'auth_section': 'keystone_authtoken',
|
'auth_section': 'keystone_authtoken',
|
||||||
}
|
}
|
||||||
expected['keystone_authtoken'] = {
|
expected['keystone_authtoken'] = {
|
||||||
'auth_uri': auth_uri,
|
|
||||||
'auth_url': auth_url,
|
|
||||||
'auth_plugin': 'password',
|
'auth_plugin': 'password',
|
||||||
'project_domain_id': 'default',
|
'project_domain_id': 'default',
|
||||||
'user_domain_id': 'default',
|
'user_domain_id': 'default',
|
||||||
@ -487,8 +472,6 @@ class NeutronAPIBasicDeployment(OpenStackAmuletDeployment):
|
|||||||
}
|
}
|
||||||
elif self._get_openstack_release() == self.trusty_kilo:
|
elif self._get_openstack_release() == self.trusty_kilo:
|
||||||
expected['keystone_authtoken'] = {
|
expected['keystone_authtoken'] = {
|
||||||
'auth_uri': auth_uri + '/',
|
|
||||||
'identity_uri': auth_url,
|
|
||||||
'admin_tenant_name': rel_napi_ks['service_tenant'],
|
'admin_tenant_name': rel_napi_ks['service_tenant'],
|
||||||
'admin_user': 'neutron',
|
'admin_user': 'neutron',
|
||||||
'admin_password': rel_napi_ks['service_password'],
|
'admin_password': rel_napi_ks['service_password'],
|
||||||
|
Loading…
Reference in New Issue
Block a user