Backport support for access rules
This patch is a charm-helpers sync to get the fixes application credential access-rules. Change-Id: Id2e74e0e34edd82b288622780b13027d87bc7c96 Related-Bug: #1965967
This commit is contained in:
parent
5c30e13a26
commit
be2aacea4f
|
@ -434,6 +434,9 @@ class IdentityServiceContext(OSContextGenerator):
|
||||||
('password', ctxt.get('admin_password', '')),
|
('password', ctxt.get('admin_password', '')),
|
||||||
('signing_dir', ctxt.get('signing_dir', '')),))
|
('signing_dir', ctxt.get('signing_dir', '')),))
|
||||||
|
|
||||||
|
if ctxt.get('service_type'):
|
||||||
|
c.update((('service_type', ctxt.get('service_type')),))
|
||||||
|
|
||||||
return c
|
return c
|
||||||
|
|
||||||
def __call__(self):
|
def __call__(self):
|
||||||
|
@ -476,6 +479,9 @@ class IdentityServiceContext(OSContextGenerator):
|
||||||
'internal_protocol': int_protocol,
|
'internal_protocol': int_protocol,
|
||||||
'api_version': api_version})
|
'api_version': api_version})
|
||||||
|
|
||||||
|
if rdata.get('service_type'):
|
||||||
|
ctxt['service_type'] = rdata.get('service_type')
|
||||||
|
|
||||||
if float(api_version) > 2:
|
if float(api_version) > 2:
|
||||||
ctxt.update({
|
ctxt.update({
|
||||||
'admin_domain_name': rdata.get('service_domain'),
|
'admin_domain_name': rdata.get('service_domain'),
|
||||||
|
@ -547,6 +553,9 @@ class IdentityCredentialsContext(IdentityServiceContext):
|
||||||
'api_version': api_version
|
'api_version': api_version
|
||||||
})
|
})
|
||||||
|
|
||||||
|
if rdata.get('service_type'):
|
||||||
|
ctxt['service_type'] = rdata.get('service_type')
|
||||||
|
|
||||||
if float(api_version) > 2:
|
if float(api_version) > 2:
|
||||||
ctxt.update({'admin_domain_name':
|
ctxt.update({'admin_domain_name':
|
||||||
rdata.get('domain')})
|
rdata.get('domain')})
|
||||||
|
|
|
@ -22,6 +22,8 @@ Listen {{ ext_port }}
|
||||||
ProxyPassReverse / http://localhost:{{ int }}/
|
ProxyPassReverse / http://localhost:{{ int }}/
|
||||||
ProxyPreserveHost on
|
ProxyPreserveHost on
|
||||||
RequestHeader set X-Forwarded-Proto "https"
|
RequestHeader set X-Forwarded-Proto "https"
|
||||||
|
KeepAliveTimeout 75
|
||||||
|
MaxKeepAliveRequests 1000
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
<Proxy *>
|
<Proxy *>
|
||||||
|
|
|
@ -22,6 +22,8 @@ Listen {{ ext_port }}
|
||||||
ProxyPassReverse / http://localhost:{{ int }}/
|
ProxyPassReverse / http://localhost:{{ int }}/
|
||||||
ProxyPreserveHost on
|
ProxyPreserveHost on
|
||||||
RequestHeader set X-Forwarded-Proto "https"
|
RequestHeader set X-Forwarded-Proto "https"
|
||||||
|
KeepAliveTimeout 75
|
||||||
|
MaxKeepAliveRequests 1000
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
<Proxy *>
|
<Proxy *>
|
||||||
|
|
|
@ -9,4 +9,7 @@ project_name = {{ admin_tenant_name }}
|
||||||
username = {{ admin_user }}
|
username = {{ admin_user }}
|
||||||
password = {{ admin_password }}
|
password = {{ admin_password }}
|
||||||
signing_dir = {{ signing_dir }}
|
signing_dir = {{ signing_dir }}
|
||||||
|
{% if service_type -%}
|
||||||
|
service_type = {{ service_type }}
|
||||||
|
{% endif -%}
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
|
@ -6,6 +6,9 @@ auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}/v3
|
||||||
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/v3
|
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}/v3
|
||||||
project_domain_name = {{ admin_domain_name }}
|
project_domain_name = {{ admin_domain_name }}
|
||||||
user_domain_name = {{ admin_domain_name }}
|
user_domain_name = {{ admin_domain_name }}
|
||||||
|
{% if service_type -%}
|
||||||
|
service_type = {{ service_type }}
|
||||||
|
{% endif -%}
|
||||||
{% else -%}
|
{% else -%}
|
||||||
auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
|
auth_uri = {{ service_protocol }}://{{ service_host }}:{{ service_port }}
|
||||||
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
||||||
|
|
|
@ -20,6 +20,8 @@ Listen {{ public_port }}
|
||||||
WSGIScriptAlias / {{ script }}
|
WSGIScriptAlias / {{ script }}
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
|
KeepAliveTimeout 75
|
||||||
|
MaxKeepAliveRequests 1000
|
||||||
<IfVersion >= 2.4>
|
<IfVersion >= 2.4>
|
||||||
ErrorLogFormat "%{cu}t %M"
|
ErrorLogFormat "%{cu}t %M"
|
||||||
</IfVersion>
|
</IfVersion>
|
||||||
|
@ -46,6 +48,8 @@ Listen {{ public_port }}
|
||||||
WSGIScriptAlias / {{ admin_script }}
|
WSGIScriptAlias / {{ admin_script }}
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
|
KeepAliveTimeout 75
|
||||||
|
MaxKeepAliveRequests 1000
|
||||||
<IfVersion >= 2.4>
|
<IfVersion >= 2.4>
|
||||||
ErrorLogFormat "%{cu}t %M"
|
ErrorLogFormat "%{cu}t %M"
|
||||||
</IfVersion>
|
</IfVersion>
|
||||||
|
@ -72,6 +76,8 @@ Listen {{ public_port }}
|
||||||
WSGIScriptAlias / {{ public_script }}
|
WSGIScriptAlias / {{ public_script }}
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
|
KeepAliveTimeout 75
|
||||||
|
MaxKeepAliveRequests 1000
|
||||||
<IfVersion >= 2.4>
|
<IfVersion >= 2.4>
|
||||||
ErrorLogFormat "%{cu}t %M"
|
ErrorLogFormat "%{cu}t %M"
|
||||||
</IfVersion>
|
</IfVersion>
|
||||||
|
|
|
@ -20,6 +20,8 @@ Listen {{ public_port }}
|
||||||
WSGIScriptAlias / {{ script }}
|
WSGIScriptAlias / {{ script }}
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
|
KeepAliveTimeout 75
|
||||||
|
MaxKeepAliveRequests 1000
|
||||||
<IfVersion >= 2.4>
|
<IfVersion >= 2.4>
|
||||||
ErrorLogFormat "%{cu}t %M"
|
ErrorLogFormat "%{cu}t %M"
|
||||||
</IfVersion>
|
</IfVersion>
|
||||||
|
@ -46,6 +48,8 @@ Listen {{ public_port }}
|
||||||
WSGIScriptAlias / {{ admin_script }}
|
WSGIScriptAlias / {{ admin_script }}
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
|
KeepAliveTimeout 75
|
||||||
|
MaxKeepAliveRequests 1000
|
||||||
<IfVersion >= 2.4>
|
<IfVersion >= 2.4>
|
||||||
ErrorLogFormat "%{cu}t %M"
|
ErrorLogFormat "%{cu}t %M"
|
||||||
</IfVersion>
|
</IfVersion>
|
||||||
|
@ -72,6 +76,8 @@ Listen {{ public_port }}
|
||||||
WSGIScriptAlias / {{ public_script }}
|
WSGIScriptAlias / {{ public_script }}
|
||||||
WSGIApplicationGroup %{GLOBAL}
|
WSGIApplicationGroup %{GLOBAL}
|
||||||
WSGIPassAuthorization On
|
WSGIPassAuthorization On
|
||||||
|
KeepAliveTimeout 75
|
||||||
|
MaxKeepAliveRequests 1000
|
||||||
<IfVersion >= 2.4>
|
<IfVersion >= 2.4>
|
||||||
ErrorLogFormat "%{cu}t %M"
|
ErrorLogFormat "%{cu}t %M"
|
||||||
</IfVersion>
|
</IfVersion>
|
||||||
|
|
|
@ -1039,7 +1039,7 @@ def _determine_os_workload_status(
|
||||||
state, message, lambda: charm_func(configs))
|
state, message, lambda: charm_func(configs))
|
||||||
|
|
||||||
if state is None:
|
if state is None:
|
||||||
state, message = _ows_check_services_running(services, ports)
|
state, message = ows_check_services_running(services, ports)
|
||||||
|
|
||||||
if state is None:
|
if state is None:
|
||||||
state = 'active'
|
state = 'active'
|
||||||
|
@ -1213,7 +1213,12 @@ def _ows_check_charm_func(state, message, charm_func_with_configs):
|
||||||
return state, message
|
return state, message
|
||||||
|
|
||||||
|
|
||||||
|
@deprecate("use ows_check_services_running() instead", "2022-05", log=juju_log)
|
||||||
def _ows_check_services_running(services, ports):
|
def _ows_check_services_running(services, ports):
|
||||||
|
return ows_check_services_running(services, ports)
|
||||||
|
|
||||||
|
|
||||||
|
def ows_check_services_running(services, ports):
|
||||||
"""Check that the services that should be running are actually running
|
"""Check that the services that should be running are actually running
|
||||||
and that any ports specified are being listened to.
|
and that any ports specified are being listened to.
|
||||||
|
|
||||||
|
|
|
@ -813,8 +813,10 @@ def get_mon_map(service):
|
||||||
ceph command fails.
|
ceph command fails.
|
||||||
"""
|
"""
|
||||||
try:
|
try:
|
||||||
|
octopus_or_later = cmp_pkgrevno('ceph-common', '15.0.0') >= 0
|
||||||
|
mon_status_cmd = 'quorum_status' if octopus_or_later else 'mon_status'
|
||||||
mon_status = check_output(['ceph', '--id', service,
|
mon_status = check_output(['ceph', '--id', service,
|
||||||
'mon_status', '--format=json'])
|
mon_status_cmd, '--format=json'])
|
||||||
if six.PY3:
|
if six.PY3:
|
||||||
mon_status = mon_status.decode('UTF-8')
|
mon_status = mon_status.decode('UTF-8')
|
||||||
try:
|
try:
|
||||||
|
|
Loading…
Reference in New Issue