Store nagios passwords locally only

2015-04-02 16:52:06 +01:00
parent bc40f843da
commit 3b50926d5c
2 changed files with 25 additions and 15 deletions
--- a/hooks/rabbit_utils.py
+++ b/hooks/rabbit_utils.py
@@ -51,6 +51,8 @@ LIB_PATH = '/var/lib/rabbitmq/'
 HOSTS_FILE = '/etc/hosts'

 _named_passwd = '/var/lib/charm/{}/{}.passwd'
+_local_named_passwd = '/var/lib/charm/{}/{}.local_passwd'
+

 # hook_contexts are used as a convenient mechanism to render templates
 # logically, consider building a hook_context for template rendering so
@@ -460,10 +462,15 @@ def execute(cmd, die=False, echo=False):
    return (stdout, stderr, rc)


-def get_rabbit_password_on_disk(username, password=None):
+def get_rabbit_password_on_disk(username, password=None, local=False):
    ''' Retrieve, generate or store a rabbit password for
    the provided username on disk'''
-    _passwd_file = _named_passwd.format(service_name(), username)
+    if local:
+        _password_file = _local_named_passwd.format(
+            service_name(), username)
+    else:
+        _passwd_file = _named_passwd.format(
+            service_name(), username)
    _password = None
    if os.path.exists(_passwd_file):
        with open(_passwd_file, 'r') as passwd:
@@ -492,20 +499,23 @@ def migrate_passwords_to_peer_relation():
            pass


-def get_rabbit_password(username, password=None):
+def get_rabbit_password(username, password=None, local=False):
    ''' Retrieve, generate or store a rabbit password for
    the provided username using peer relation cluster'''
-    migrate_passwords_to_peer_relation()
-    _key = '{}.passwd'.format(username)
-    try:
-        _password = peer_retrieve(_key)
-        if _password is None:
-            _password = password or pwgen(length=64)
-            peer_store(_key, _password)
-    except ValueError:
-        # cluster relation is not yet started, use on-disk
-        _password = get_rabbit_password_on_disk(username, password)
-    return _password
+    if local:
+        return get_rabbit_password_on_disk(username, password, local)
+    else:
+        migrate_passwords_to_peer_relation()
+        _key = '{}.passwd'.format(username)
+        try:
+            _password = peer_retrieve(_key)
+            if _password is None:
+                _password = password or pwgen(length=64)
+                peer_store(_key, _password)
+        except ValueError:
+            # cluster relation is not yet started, use on-disk
+            _password = get_rabbit_password_on_disk(username, password)
+        return _password


 def bind_ipv6_interface():
--- a/hooks/rabbitmq_server_relations.py
+++ b/hooks/rabbitmq_server_relations.py
@@ -487,7 +487,7 @@ def update_nrpe_checks():
    current_unit = local_unit().replace('/', '-')
    user = 'nagios-%s' % current_unit
    vhost = 'nagios-%s' % current_unit
-    password = rabbit.get_rabbit_password_on_disk(user)
+    password = rabbit.get_rabbit_password(user, local=True)

    rabbit.create_vhost(vhost)
    rabbit.create_user(user, password)