Check Apache ssl dir when determining restart map
If the certificates change then services needs to be restarted. This change adds the SSL directory to the restart map to ensure any certificate changes trigger a restart. Also, if the certificates change we need to pass those on to nova-compute. Change-Id: I4cb2f760c26f0804d3cb7466c8aa741d5e0ec314 Closes-Bug: 1828530
This commit is contained in:
parent
3f8827b927
commit
822daf2794
|
@ -1009,6 +1009,8 @@ def certs_joined(relation_id=None):
|
|||
def certs_changed(relation_id=None, unit=None):
|
||||
cert_utils.process_certificates('nova', relation_id, unit, group='nova')
|
||||
configure_https()
|
||||
for rid in hookenv.relation_ids('cloud-compute'):
|
||||
compute_joined(rid=rid, remote_restart=False)
|
||||
|
||||
|
||||
@hooks.hook('amqp-cell-relation-joined')
|
||||
|
|
|
@ -104,6 +104,7 @@ NOVA_API_PASTE = '%s/api-paste.ini' % NOVA_CONF_DIR
|
|||
HAPROXY_CONF = '/etc/haproxy/haproxy.cfg'
|
||||
APACHE_CONF = '/etc/apache2/sites-available/openstack_https_frontend'
|
||||
APACHE_24_CONF = '/etc/apache2/sites-available/openstack_https_frontend.conf'
|
||||
APACHE_SSL_DIR = '/etc/apache2/ssl/nova'
|
||||
MEMCACHED_CONF = '/etc/memcached.conf'
|
||||
WSGI_NOVA_PLACEMENT_API_CONF = \
|
||||
'/etc/apache2/sites-enabled/wsgi-placement-api.conf'
|
||||
|
@ -348,10 +349,15 @@ def restart_map(actual_services=True):
|
|||
unit (ie. apache2) or the services defined in BASE_SERVICES
|
||||
(ie.nova-placement-api).
|
||||
'''
|
||||
return collections.OrderedDict(
|
||||
services = resource_map(actual_services)
|
||||
restart_map = collections.OrderedDict(
|
||||
[(cfg, v['services'])
|
||||
for cfg, v in resource_map(actual_services).items()
|
||||
for cfg, v in services.items()
|
||||
if v['services']])
|
||||
if os.path.isdir(APACHE_SSL_DIR):
|
||||
_restart_svcs = services[NOVA_CONF]['services'] + ['apache2']
|
||||
restart_map['{}/*'.format(APACHE_SSL_DIR)] = _restart_svcs
|
||||
return restart_map
|
||||
|
||||
|
||||
def services():
|
||||
|
|
|
@ -982,3 +982,19 @@ class NovaCCHooksTests(CharmTestCase):
|
|||
relation_id=None,
|
||||
relation_settings={'private-address': 'foo'})
|
||||
hooks.memcached_joined()
|
||||
|
||||
@patch.object(utils, 'resource_map')
|
||||
@patch.object(hooks, 'compute_joined')
|
||||
@patch.object(hooks, 'configure_https')
|
||||
@patch.object(hooks.cert_utils, 'process_certificates')
|
||||
def test_certs_changed(self, process_certificates, configure_https,
|
||||
compute_joined, resource_map):
|
||||
resource_map.return_value = {}
|
||||
self.os_release.return_value = 'rocky'
|
||||
self.relation_ids.return_value = ['relid']
|
||||
hooks.certs_changed()
|
||||
process_certificates.assert_called_once_with('nova', None, None,
|
||||
group='nova')
|
||||
configure_https.assert_called_once_with()
|
||||
compute_joined.assert_called_once_with(remote_restart=False,
|
||||
rid='relid')
|
||||
|
|
|
@ -382,7 +382,7 @@ class NovaCCUtilsTests(CharmTestCase):
|
|||
@patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext')
|
||||
@patch('os.path.exists')
|
||||
def test_restart_map_apache24(self, _exists, subcontext):
|
||||
_exists.return_Value = True
|
||||
_exists.return_value = True
|
||||
self.os_release.return_value = 'diablo'
|
||||
_map = utils.restart_map()
|
||||
self.assertTrue('/etc/apache2/sites-available/'
|
||||
|
@ -390,6 +390,19 @@ class NovaCCUtilsTests(CharmTestCase):
|
|||
self.assertTrue('/etc/apache2/sites-available/'
|
||||
'openstack_https_frontend' not in _map)
|
||||
|
||||
@patch('charmhelpers.contrib.openstack.context.SubordinateConfigContext')
|
||||
@patch('os.path.exists')
|
||||
@patch('os.path.isdir')
|
||||
def test_restart_map_ssl(self, _isdir, _exists, subcontext):
|
||||
_exists.return_value = True
|
||||
_isdir.return_value = True
|
||||
self.os_release.return_value = 'diablo'
|
||||
_map = utils.restart_map()
|
||||
self.assertTrue('/etc/apache2/ssl/nova/*' in _map)
|
||||
_isdir.return_value = False
|
||||
_map = utils.restart_map()
|
||||
self.assertTrue('/etc/apache2/ssl/nova/*' not in _map)
|
||||
|
||||
def test_console_attributes_spice(self):
|
||||
_proto = utils.common.console_attributes('protocol', proto='spice')
|
||||
self.assertEqual(_proto, 'spice')
|
||||
|
|
Loading…
Reference in New Issue