Release sync for 20.08
- Classic charms: sync charm-helpers. - Classic ceph based charms: also sync charms.ceph - Reactive charms: trigger a rebuild - sync tox.ini - sync requirements.txt and test-requirements.txt - fix PEP8 issues from new W504 param Change-Id: I3d1ea2cea971b364001a53d35f2b3bbcaed8361d
This commit is contained in:
parent
29e9aead25
commit
d566af19a2
|
@ -49,7 +49,8 @@ __deprecated_functions = {}
|
||||||
|
|
||||||
def deprecate(warning, date=None, log=None):
|
def deprecate(warning, date=None, log=None):
|
||||||
"""Add a deprecation warning the first time the function is used.
|
"""Add a deprecation warning the first time the function is used.
|
||||||
The date, which is a string in semi-ISO8660 format indicate the year-month
|
|
||||||
|
The date which is a string in semi-ISO8660 format indicates the year-month
|
||||||
that the function is officially going to be removed.
|
that the function is officially going to be removed.
|
||||||
|
|
||||||
usage:
|
usage:
|
||||||
|
@ -62,10 +63,11 @@ def deprecate(warning, date=None, log=None):
|
||||||
The reason for passing the logging function (log) is so that hookenv.log
|
The reason for passing the logging function (log) is so that hookenv.log
|
||||||
can be used for a charm if needed.
|
can be used for a charm if needed.
|
||||||
|
|
||||||
:param warning: String to indicat where it has moved ot.
|
:param warning: String to indicate what is to be used instead.
|
||||||
:param date: optional sting, in YYYY-MM format to indicate when the
|
:param date: Optional string in YYYY-MM format to indicate when the
|
||||||
function will definitely (probably) be removed.
|
function will definitely (probably) be removed.
|
||||||
:param log: The log function to call to log. If not, logs to stdout
|
:param log: The log function to call in order to log. If None, logs to
|
||||||
|
stdout
|
||||||
"""
|
"""
|
||||||
def wrap(f):
|
def wrap(f):
|
||||||
|
|
||||||
|
|
|
@ -18,14 +18,14 @@
|
||||||
# Authors:
|
# Authors:
|
||||||
# Matthew Wedgwood <matthew.wedgwood@canonical.com>
|
# Matthew Wedgwood <matthew.wedgwood@canonical.com>
|
||||||
|
|
||||||
import subprocess
|
import glob
|
||||||
import pwd
|
|
||||||
import grp
|
import grp
|
||||||
import os
|
import os
|
||||||
import glob
|
import pwd
|
||||||
import shutil
|
|
||||||
import re
|
import re
|
||||||
import shlex
|
import shlex
|
||||||
|
import shutil
|
||||||
|
import subprocess
|
||||||
import yaml
|
import yaml
|
||||||
|
|
||||||
from charmhelpers.core.hookenv import (
|
from charmhelpers.core.hookenv import (
|
||||||
|
@ -265,6 +265,11 @@ class NRPE(object):
|
||||||
relation_set(relation_id=rid, relation_settings={'primary': self.primary})
|
relation_set(relation_id=rid, relation_settings={'primary': self.primary})
|
||||||
self.remove_check_queue = set()
|
self.remove_check_queue = set()
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def does_nrpe_conf_dir_exist(cls):
|
||||||
|
"""Return True if th nrpe_confdif directory exists."""
|
||||||
|
return os.path.isdir(cls.nrpe_confdir)
|
||||||
|
|
||||||
def add_check(self, *args, **kwargs):
|
def add_check(self, *args, **kwargs):
|
||||||
shortname = None
|
shortname = None
|
||||||
if kwargs.get('shortname') is None:
|
if kwargs.get('shortname') is None:
|
||||||
|
@ -310,6 +315,12 @@ class NRPE(object):
|
||||||
|
|
||||||
nrpe_monitors = {}
|
nrpe_monitors = {}
|
||||||
monitors = {"monitors": {"remote": {"nrpe": nrpe_monitors}}}
|
monitors = {"monitors": {"remote": {"nrpe": nrpe_monitors}}}
|
||||||
|
|
||||||
|
# check that the charm can write to the conf dir. If not, then nagios
|
||||||
|
# probably isn't installed, and we can defer.
|
||||||
|
if not self.does_nrpe_conf_dir_exist():
|
||||||
|
return
|
||||||
|
|
||||||
for nrpecheck in self.checks:
|
for nrpecheck in self.checks:
|
||||||
nrpecheck.write(self.nagios_context, self.hostname,
|
nrpecheck.write(self.nagios_context, self.hostname,
|
||||||
self.nagios_servicegroups)
|
self.nagios_servicegroups)
|
||||||
|
@ -400,7 +411,7 @@ def add_init_service_checks(nrpe, services, unit_name, immediate_check=True):
|
||||||
upstart_init = '/etc/init/%s.conf' % svc
|
upstart_init = '/etc/init/%s.conf' % svc
|
||||||
sysv_init = '/etc/init.d/%s' % svc
|
sysv_init = '/etc/init.d/%s' % svc
|
||||||
|
|
||||||
if host.init_is_systemd():
|
if host.init_is_systemd(service_name=svc):
|
||||||
nrpe.add_check(
|
nrpe.add_check(
|
||||||
shortname=svc,
|
shortname=svc,
|
||||||
description='process check {%s}' % unit_name,
|
description='process check {%s}' % unit_name,
|
||||||
|
|
|
@ -6,8 +6,14 @@ Listen {{ ext_port }}
|
||||||
<VirtualHost {{ address }}:{{ ext }}>
|
<VirtualHost {{ address }}:{{ ext }}>
|
||||||
ServerName {{ endpoint }}
|
ServerName {{ endpoint }}
|
||||||
SSLEngine on
|
SSLEngine on
|
||||||
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
|
|
||||||
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
# This section is based on Mozilla's recommendation
|
||||||
|
# as the "intermediate" profile as of July 7th, 2020.
|
||||||
|
# https://wiki.mozilla.org/Security/Server_Side_TLS
|
||||||
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
SSLHonorCipherOrder off
|
||||||
|
|
||||||
SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }}
|
SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }}
|
||||||
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
|
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
|
||||||
SSLCertificateChainFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }}
|
SSLCertificateChainFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }}
|
||||||
|
|
|
@ -6,8 +6,14 @@ Listen {{ ext_port }}
|
||||||
<VirtualHost {{ address }}:{{ ext }}>
|
<VirtualHost {{ address }}:{{ ext }}>
|
||||||
ServerName {{ endpoint }}
|
ServerName {{ endpoint }}
|
||||||
SSLEngine on
|
SSLEngine on
|
||||||
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
|
|
||||||
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
|
# This section is based on Mozilla's recommendation
|
||||||
|
# as the "intermediate" profile as of July 7th, 2020.
|
||||||
|
# https://wiki.mozilla.org/Security/Server_Side_TLS
|
||||||
|
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||||
|
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
SSLHonorCipherOrder off
|
||||||
|
|
||||||
SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }}
|
SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }}
|
||||||
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
|
# See LP 1484489 - this is to support <= 2.4.7 and >= 2.4.8
|
||||||
SSLCertificateChainFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }}
|
SSLCertificateChainFile /etc/apache2/ssl/{{ namespace }}/cert_{{ endpoint }}
|
||||||
|
|
|
@ -2241,10 +2241,13 @@ def inform_peers_unit_state(state, relation_name='cluster'):
|
||||||
if state not in UNIT_STATES:
|
if state not in UNIT_STATES:
|
||||||
raise ValueError(
|
raise ValueError(
|
||||||
"Setting invalid state {} for unit".format(state))
|
"Setting invalid state {} for unit".format(state))
|
||||||
|
this_unit = local_unit()
|
||||||
for r_id in relation_ids(relation_name):
|
for r_id in relation_ids(relation_name):
|
||||||
|
juju_log('Telling peer behind relation {} that {} is {}'.format(
|
||||||
|
r_id, this_unit, state), 'DEBUG')
|
||||||
relation_set(relation_id=r_id,
|
relation_set(relation_id=r_id,
|
||||||
relation_settings={
|
relation_settings={
|
||||||
get_peer_key(local_unit()): state})
|
get_peer_key(this_unit): state})
|
||||||
|
|
||||||
|
|
||||||
def get_peers_unit_state(relation_name='cluster'):
|
def get_peers_unit_state(relation_name='cluster'):
|
||||||
|
@ -2276,8 +2279,10 @@ def are_peers_ready(relation_name='cluster'):
|
||||||
:returns: Whether all units are ready.
|
:returns: Whether all units are ready.
|
||||||
:rtype: bool
|
:rtype: bool
|
||||||
"""
|
"""
|
||||||
unit_states = get_peers_unit_state(relation_name)
|
unit_states = get_peers_unit_state(relation_name).values()
|
||||||
return all(v == UNIT_READY for v in unit_states.values())
|
juju_log('{} peers are in the following states: {}'.format(
|
||||||
|
relation_name, unit_states), 'DEBUG')
|
||||||
|
return all(state == UNIT_READY for state in unit_states)
|
||||||
|
|
||||||
|
|
||||||
def inform_peers_if_ready(check_unit_ready_func, relation_name='cluster'):
|
def inform_peers_if_ready(check_unit_ready_func, relation_name='cluster'):
|
||||||
|
@ -2360,7 +2365,9 @@ def get_api_application_status():
|
||||||
app_state, msg = get_api_unit_status()
|
app_state, msg = get_api_unit_status()
|
||||||
if app_state == WORKLOAD_STATES.ACTIVE:
|
if app_state == WORKLOAD_STATES.ACTIVE:
|
||||||
if are_peers_ready():
|
if are_peers_ready():
|
||||||
return WORKLOAD_STATES.ACTIVE, 'Application Ready'
|
msg = 'Application Ready'
|
||||||
else:
|
else:
|
||||||
return WORKLOAD_STATES.WAITING, 'Some units are not ready'
|
app_state = WORKLOAD_STATES.WAITING
|
||||||
|
msg = 'Some units are not ready'
|
||||||
|
juju_log(msg, 'DEBUG')
|
||||||
return app_state, msg
|
return app_state, msg
|
||||||
|
|
|
@ -193,7 +193,7 @@ def service_pause(service_name, init_dir="/etc/init", initd_dir="/etc/init.d",
|
||||||
stopped = service_stop(service_name, **kwargs)
|
stopped = service_stop(service_name, **kwargs)
|
||||||
upstart_file = os.path.join(init_dir, "{}.conf".format(service_name))
|
upstart_file = os.path.join(init_dir, "{}.conf".format(service_name))
|
||||||
sysv_file = os.path.join(initd_dir, service_name)
|
sysv_file = os.path.join(initd_dir, service_name)
|
||||||
if init_is_systemd():
|
if init_is_systemd(service_name=service_name):
|
||||||
service('disable', service_name)
|
service('disable', service_name)
|
||||||
service('mask', service_name)
|
service('mask', service_name)
|
||||||
elif os.path.exists(upstart_file):
|
elif os.path.exists(upstart_file):
|
||||||
|
@ -227,7 +227,7 @@ def service_resume(service_name, init_dir="/etc/init",
|
||||||
"""
|
"""
|
||||||
upstart_file = os.path.join(init_dir, "{}.conf".format(service_name))
|
upstart_file = os.path.join(init_dir, "{}.conf".format(service_name))
|
||||||
sysv_file = os.path.join(initd_dir, service_name)
|
sysv_file = os.path.join(initd_dir, service_name)
|
||||||
if init_is_systemd():
|
if init_is_systemd(service_name=service_name):
|
||||||
service('unmask', service_name)
|
service('unmask', service_name)
|
||||||
service('enable', service_name)
|
service('enable', service_name)
|
||||||
elif os.path.exists(upstart_file):
|
elif os.path.exists(upstart_file):
|
||||||
|
@ -257,7 +257,7 @@ def service(action, service_name, **kwargs):
|
||||||
:param **kwargs: additional params to be passed to the service command in
|
:param **kwargs: additional params to be passed to the service command in
|
||||||
the form of key=value.
|
the form of key=value.
|
||||||
"""
|
"""
|
||||||
if init_is_systemd():
|
if init_is_systemd(service_name=service_name):
|
||||||
cmd = ['systemctl', action, service_name]
|
cmd = ['systemctl', action, service_name]
|
||||||
else:
|
else:
|
||||||
cmd = ['service', service_name, action]
|
cmd = ['service', service_name, action]
|
||||||
|
@ -281,7 +281,7 @@ def service_running(service_name, **kwargs):
|
||||||
units (e.g. service ceph-osd status id=2). The kwargs
|
units (e.g. service ceph-osd status id=2). The kwargs
|
||||||
are ignored in systemd services.
|
are ignored in systemd services.
|
||||||
"""
|
"""
|
||||||
if init_is_systemd():
|
if init_is_systemd(service_name=service_name):
|
||||||
return service('is-active', service_name)
|
return service('is-active', service_name)
|
||||||
else:
|
else:
|
||||||
if os.path.exists(_UPSTART_CONF.format(service_name)):
|
if os.path.exists(_UPSTART_CONF.format(service_name)):
|
||||||
|
@ -311,8 +311,14 @@ def service_running(service_name, **kwargs):
|
||||||
SYSTEMD_SYSTEM = '/run/systemd/system'
|
SYSTEMD_SYSTEM = '/run/systemd/system'
|
||||||
|
|
||||||
|
|
||||||
def init_is_systemd():
|
def init_is_systemd(service_name=None):
|
||||||
"""Return True if the host system uses systemd, False otherwise."""
|
"""
|
||||||
|
Returns whether the host uses systemd for the specified service.
|
||||||
|
|
||||||
|
@param Optional[str] service_name: specific name of service
|
||||||
|
"""
|
||||||
|
if str(service_name).startswith("snap."):
|
||||||
|
return True
|
||||||
if lsb_release()['DISTRIB_CODENAME'] == 'trusty':
|
if lsb_release()['DISTRIB_CODENAME'] == 'trusty':
|
||||||
return False
|
return False
|
||||||
return os.path.isdir(SYSTEMD_SYSTEM)
|
return os.path.isdir(SYSTEMD_SYSTEM)
|
||||||
|
|
|
@ -227,8 +227,8 @@ class PolicydContext(OSContextGenerator):
|
||||||
:returns: The context to help set vars in the localsettings.
|
:returns: The context to help set vars in the localsettings.
|
||||||
:rtype: Dict[str, ANY]
|
:rtype: Dict[str, ANY]
|
||||||
"""
|
"""
|
||||||
activated = (config('use-policyd-override')
|
activated = (config('use-policyd-override') and
|
||||||
and policyd.is_policy_success_file_set())
|
policyd.is_policy_success_file_set())
|
||||||
|
|
||||||
if activated:
|
if activated:
|
||||||
return {
|
return {
|
||||||
|
|
|
@ -185,8 +185,8 @@ def config_changed():
|
||||||
else:
|
else:
|
||||||
localhost = 'localhost'
|
localhost = 'localhost'
|
||||||
|
|
||||||
if (os_release('openstack-dashboard') == 'icehouse'
|
if (os_release('openstack-dashboard') == 'icehouse' and
|
||||||
and config('offline-compression') in ['no', 'False']):
|
config('offline-compression') in ['no', 'False']):
|
||||||
apt_install(filter_installed_packages(['python-lesscpy']),
|
apt_install(filter_installed_packages(['python-lesscpy']),
|
||||||
fatal=True)
|
fatal=True)
|
||||||
|
|
||||||
|
@ -436,8 +436,8 @@ def websso_trusted_dashboard_changed():
|
||||||
return
|
return
|
||||||
|
|
||||||
# TODO: check for vault relation in order to determine url scheme
|
# TODO: check for vault relation in order to determine url scheme
|
||||||
tls_configured = (relation_ids('certificates')
|
tls_configured = (relation_ids('certificates') or
|
||||||
or config('ssl-key') or config('enforce-ssl'))
|
config('ssl-key') or config('enforce-ssl'))
|
||||||
scheme = 'https://' if tls_configured else 'http://'
|
scheme = 'https://' if tls_configured else 'http://'
|
||||||
|
|
||||||
hostname = resolve_address(endpoint_type=PUBLIC, override=True)
|
hostname = resolve_address(endpoint_type=PUBLIC, override=True)
|
||||||
|
|
|
@ -216,8 +216,8 @@ def register_configs():
|
||||||
HAPROXY_CONF,
|
HAPROXY_CONF,
|
||||||
PORTS_CONF]
|
PORTS_CONF]
|
||||||
|
|
||||||
if (CompareOpenStackReleases(release) >= 'queens'
|
if (CompareOpenStackReleases(release) >= 'queens' and
|
||||||
and CompareOpenStackReleases(release) <= 'stein'):
|
CompareOpenStackReleases(release) <= 'stein'):
|
||||||
configs.register(
|
configs.register(
|
||||||
CONSISTENCY_GROUP_POLICY,
|
CONSISTENCY_GROUP_POLICY,
|
||||||
CONFIG_FILES[CONSISTENCY_GROUP_POLICY]['hook_contexts'])
|
CONFIG_FILES[CONSISTENCY_GROUP_POLICY]['hook_contexts'])
|
||||||
|
@ -743,8 +743,8 @@ def setup_ipv6():
|
||||||
# Need haproxy >= 1.5.3 for ipv6 so for Trusty if we are <= Kilo we need to
|
# Need haproxy >= 1.5.3 for ipv6 so for Trusty if we are <= Kilo we need to
|
||||||
# use trusty-backports otherwise we can use the UCA.
|
# use trusty-backports otherwise we can use the UCA.
|
||||||
_os_release = os_release('openstack-dashboard')
|
_os_release = os_release('openstack-dashboard')
|
||||||
if (ubuntu_rel == 'trusty'
|
if (ubuntu_rel == 'trusty' and
|
||||||
and CompareOpenStackReleases(_os_release) < 'liberty'):
|
CompareOpenStackReleases(_os_release) < 'liberty'):
|
||||||
add_source('deb http://archive.ubuntu.com/ubuntu trusty-backports '
|
add_source('deb http://archive.ubuntu.com/ubuntu trusty-backports '
|
||||||
'main')
|
'main')
|
||||||
apt_update()
|
apt_update()
|
||||||
|
|
|
@ -13,5 +13,9 @@ netifaces>=0.10.4
|
||||||
netaddr>=0.7.12,!=0.7.16
|
netaddr>=0.7.12,!=0.7.16
|
||||||
Jinja2>=2.6 # BSD License (3 clause)
|
Jinja2>=2.6 # BSD License (3 clause)
|
||||||
six>=1.9.0
|
six>=1.9.0
|
||||||
dnspython>=1.12.0
|
|
||||||
|
# dnspython 2.0.0 dropped py3.5 support
|
||||||
|
dnspython<2.0.0; python_version < '3.6'
|
||||||
|
dnspython; python_version >= '3.6'
|
||||||
|
|
||||||
psutil>=1.1.1,<2.0.0
|
psutil>=1.1.1,<2.0.0
|
||||||
|
|
Loading…
Reference in New Issue