openstack
/
charm-nova-cloud-controller
Code Issues Proposed changes

Check Apache ssl dir when determining restart map 

If the certificates change then services needs to be restarted. This
change adds the SSL directory to the restart map to ensure any
certificate changes trigger a restart.

Also, if the certificates change we need to pass those on to
nova-compute.

Change-Id: I4cb2f760c26f0804d3cb7466c8aa741d5e0ec314
Closes-Bug: 1828530
This commit is contained in:
Liam Young 2019-05-10 15:01:04 +00:00
parent 3f8827b927
commit 822daf2794
4 changed files with 40 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hooks/nova_cc_hooks.py
View File

@ -1009,6 +1009,8 @@ def certs_joined(relation_id=None):
def certs_changed(relation_id=None, unit=None):
cert_utils.process_certificates('nova', relation_id, unit, group='nova')
configure_https()
for rid in hookenv.relation_ids('cloud-compute'):
compute_joined(rid=rid, remote_restart=False)
@hooks.hook('amqp-cell-relation-joined')

10
hooks/nova_cc_utils.py
View File

@ -104,6 +104,7 @@ NOVA_API_PASTE = '%s/api-paste.ini' % NOVA_CONF_DIR
HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf'
APACHE_SSL_DIR = '/etc/apache2/ssl/nova'
MEMCACHED_CONF = '/etc/memcached.conf'
WSGI_NOVA_PLACEMENT_API_CONF = \
'/etc/apache2/sites-enabled/wsgi-placement-api.conf'
@ -348,10 +349,15 @@ def restart_map(actual_services=True):
unit (ie. apache2) or the services defined in BASE_SERVICES
(ie.nova-placement-api).
'''
return collections.OrderedDict(
services = resource_map(actual_services)
restart_map = collections.OrderedDict(
[(cfg, v['services'])
for cfg, v in resource_map(actual_services).items()
for cfg, v in services.items()
if v['services']])
if os.path.isdir(APACHE_SSL_DIR):
_restart_svcs = services[NOVA_CONF]['services'] + ['apache2']
restart_map['{}/*'.format(APACHE_SSL_DIR)] = _restart_svcs
return restart_map
def services():

16
unit_tests/test_nova_cc_hooks.py
View File

@ -982,3 +982,19 @@ class NovaCCHooksTests(CharmTestCase):
relation_id=None,
relation_settings={'private-address': 'foo'})
hooks.memcached_joined()
@patch.object(utils, 'resource_map')
@patch.object(hooks, 'compute_joined')
@patch.object(hooks, 'configure_https')
@patch.object(hooks.cert_utils, 'process_certificates')
def test_certs_changed(self, process_certificates, configure_https,
compute_joined, resource_map):
resource_map.return_value = {}
self.os_release.return_value = 'rocky'
self.relation_ids.return_value = ['relid']
hooks.certs_changed()
process_certificates.assert_called_once_with('nova', None, None,
group='nova')
configure_https.assert_called_once_with()
compute_joined.assert_called_once_with(remote_restart=False,
rid='relid')

15
unit_tests/test_nova_cc_utils.py
View File

@ -382,7 +382,7 @@ class NovaCCUtilsTests(CharmTestCase):
@patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext')
@patch('os.path.exists')
def test_restart_map_apache24(self, _exists, subcontext):
_exists.return_Value = True
_exists.return_value = True
self.os_release.return_value = 'diablo'
_map = utils.restart_map()
self.assertTrue('/etc/apache2/sites-available/'
@ -390,6 +390,19 @@ class NovaCCUtilsTests(CharmTestCase):
self.assertTrue('/etc/apache2/sites-available/'
'openstack_https_frontend' not in _map)
@patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext')
@patch('os.path.exists')
@patch('os.path.isdir')
def test_restart_map_ssl(self, _isdir, _exists, subcontext):
_exists.return_value = True
_isdir.return_value = True
self.os_release.return_value = 'diablo'
_map = utils.restart_map()
self.assertTrue('/etc/apache2/ssl/nova/*' in _map)
_isdir.return_value = False
_map = utils.restart_map()
self.assertTrue('/etc/apache2/ssl/nova/*' not in _map)
def test_console_attributes_spice(self):
_proto = utils.common.console_attributes('protocol', proto='spice')
self.assertEqual(_proto, 'spice')