Use service_domain in [service_user] section
Sync from charm-helpers to update [service_user] config to use the service domain. The keystone charm currently creates two service users, one for the service domain (for v3 authentication), and the other for the default domain (for v2 authentication). The [service_user] config needs to use the service domain. Closes-Bug: #2026202 Change-Id: I3a5f61c39ce1d3f663f5f5c9d9f4ac19d1fc6886
This commit is contained in:
parent
fd810f9afd
commit
1c1ab7658e
@ -409,6 +409,9 @@ def get_requests_for_local_unit(relation_name=None):
|
||||
relation_name = relation_name or 'certificates'
|
||||
bundles = []
|
||||
for rid in relation_ids(relation_name):
|
||||
sent = relation_get(rid=rid, unit=local_unit())
|
||||
legacy_keys = ['certificate_name', 'common_name']
|
||||
is_legacy_request = set(sent).intersection(legacy_keys)
|
||||
for unit in related_units(rid):
|
||||
data = relation_get(rid=rid, unit=unit)
|
||||
if data.get(raw_certs_key):
|
||||
@ -416,6 +419,14 @@ def get_requests_for_local_unit(relation_name=None):
|
||||
'ca': data['ca'],
|
||||
'chain': data.get('chain'),
|
||||
'certs': json.loads(data[raw_certs_key])})
|
||||
elif is_legacy_request:
|
||||
bundles.append({
|
||||
'ca': data['ca'],
|
||||
'chain': data.get('chain'),
|
||||
'certs': {sent['common_name']:
|
||||
{'cert': data.get(local_name + '.server.cert'),
|
||||
'key': data.get(local_name + '.server.key')}}})
|
||||
|
||||
return bundles
|
||||
|
||||
|
||||
|
@ -1748,6 +1748,9 @@ class WSGIWorkerConfigContext(WorkerConfigContext):
|
||||
|
||||
def __call__(self):
|
||||
total_processes = _calculate_workers()
|
||||
enable_wsgi_rotation = config('wsgi-rotation')
|
||||
if enable_wsgi_rotation is None:
|
||||
enable_wsgi_rotation = True
|
||||
ctxt = {
|
||||
"service_name": self.service_name,
|
||||
"user": self.user,
|
||||
@ -1761,6 +1764,7 @@ class WSGIWorkerConfigContext(WorkerConfigContext):
|
||||
"public_processes": int(math.ceil(self.public_process_weight *
|
||||
total_processes)),
|
||||
"threads": 1,
|
||||
"wsgi_rotation": enable_wsgi_rotation,
|
||||
}
|
||||
return ctxt
|
||||
|
||||
|
@ -12,6 +12,8 @@ signing_dir = {{ signing_dir }}
|
||||
{% if service_type -%}
|
||||
service_type = {{ service_type }}
|
||||
{% endif -%}
|
||||
{% if admin_role -%}
|
||||
service_token_roles = {{ admin_role }}
|
||||
service_token_roles_required = True
|
||||
{% endif -%}
|
||||
{% endif -%}
|
||||
|
@ -22,6 +22,8 @@ signing_dir = {{ signing_dir }}
|
||||
{% if use_memcache == true %}
|
||||
memcached_servers = {{ memcache_url }}
|
||||
{% endif -%}
|
||||
{% if admin_role -%}
|
||||
service_token_roles = {{ admin_role }}
|
||||
service_token_roles_required = True
|
||||
{% endif -%}
|
||||
{% endif -%}
|
||||
|
@ -3,8 +3,8 @@
|
||||
send_service_user_token = true
|
||||
auth_type = password
|
||||
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
|
||||
project_domain_id = default
|
||||
user_domain_id = default
|
||||
project_domain_name = service_domain
|
||||
user_domain_name = service_domain
|
||||
project_name = {{ admin_tenant_name }}
|
||||
username = {{ admin_user }}
|
||||
password = {{ admin_password }}
|
||||
|
@ -12,6 +12,12 @@ Listen {{ admin_port }}
|
||||
Listen {{ public_port }}
|
||||
{% endif -%}
|
||||
|
||||
{% if wsgi_rotation -%}
|
||||
WSGISocketRotation On
|
||||
{% else -%}
|
||||
WSGISocketRotation Off
|
||||
{% endif -%}
|
||||
|
||||
{% if port -%}
|
||||
<VirtualHost *:{{ port }}>
|
||||
WSGIDaemonProcess {{ service_name }} processes={{ processes }} threads={{ threads }} user={{ user }} group={{ group }} \
|
||||
|
@ -12,6 +12,12 @@ Listen {{ admin_port }}
|
||||
Listen {{ public_port }}
|
||||
{% endif -%}
|
||||
|
||||
{% if wsgi_rotation -%}
|
||||
WSGISocketRotation On
|
||||
{% else -%}
|
||||
WSGISocketRotation Off
|
||||
{% endif -%}
|
||||
|
||||
{% if port -%}
|
||||
<VirtualHost *:{{ port }}>
|
||||
WSGIDaemonProcess {{ service_name }} processes={{ processes }} threads={{ threads }} user={{ user }} group={{ group }} \
|
||||
|
@ -122,13 +122,12 @@ class Cache(object):
|
||||
:raises: subprocess.CalledProcessError
|
||||
"""
|
||||
pkgs = {}
|
||||
cmd = ['dpkg-query', '--list']
|
||||
cmd = [
|
||||
'dpkg-query', '--show',
|
||||
'--showformat',
|
||||
r'${db:Status-Abbrev}\t${Package}\t${Version}\t${Architecture}\t${binary:Summary}\n'
|
||||
]
|
||||
cmd.extend(packages)
|
||||
if locale.getlocale() == (None, None):
|
||||
# subprocess calls out to locale.getpreferredencoding(False) to
|
||||
# determine encoding. Workaround for Trusty where the
|
||||
# environment appears to not be set up correctly.
|
||||
locale.setlocale(locale.LC_ALL, 'en_US.UTF-8')
|
||||
try:
|
||||
output = subprocess.check_output(cmd,
|
||||
stderr=subprocess.STDOUT,
|
||||
@ -140,24 +139,17 @@ class Cache(object):
|
||||
if cp.returncode != 1:
|
||||
raise
|
||||
output = cp.output
|
||||
headings = []
|
||||
for line in output.splitlines():
|
||||
if line.startswith('||/'):
|
||||
headings = line.split()
|
||||
headings.pop(0)
|
||||
# only process lines for successfully installed packages
|
||||
if not (line.startswith('ii ') or line.startswith('hi ')):
|
||||
continue
|
||||
elif (line.startswith('|') or line.startswith('+') or
|
||||
line.startswith('dpkg-query:')):
|
||||
continue
|
||||
else:
|
||||
data = line.split(None, 4)
|
||||
status = data.pop(0)
|
||||
if status not in ('ii', 'hi'):
|
||||
continue
|
||||
pkg = {}
|
||||
pkg.update({k.lower(): v for k, v in zip(headings, data)})
|
||||
if 'name' in pkg:
|
||||
pkgs.update({pkg['name']: pkg})
|
||||
status, name, version, arch, desc = line.split('\t', 4)
|
||||
pkgs[name] = {
|
||||
'name': name,
|
||||
'version': version,
|
||||
'architecture': arch,
|
||||
'description': desc,
|
||||
}
|
||||
return pkgs
|
||||
|
||||
def _apt_cache_show(self, packages):
|
||||
|
Loading…
x
Reference in New Issue
Block a user