Add support for tls-certificates relation

Add support for the charm to request and receive certificates from
the tls-certificates relation.

Add missing direct ``amqp`` relation between ``ceilometer-agent``
and ``rabbitmq-server``

Change-Id: I931f5d3fcbf28e85b1a8e3e7cf24d13cf741e4bd
Closes-Bug: #1818546
This commit is contained in:
Frode Nordahl 2019-03-18 14:04:43 +01:00
parent a6fa24941e
commit 7ca09a1793
No known key found for this signature in database
GPG Key ID: 6A5D59A3BA48373F
8 changed files with 67 additions and 12 deletions

View File

@ -25,20 +25,22 @@ from charmhelpers.fetch import (
filter_installed_packages,
)
from charmhelpers.core.hookenv import (
open_port,
close_port,
relation_get,
relation_set,
relation_ids,
config,
Hooks, UnregisteredHookError,
log,
status_set,
WARNING,
DEBUG,
Hooks,
UnregisteredHookError,
WARNING,
close_port,
config,
is_leader,
leader_get,
leader_set,
log,
open_port,
related_units,
relation_get,
relation_ids,
relation_set,
status_set,
)
from charmhelpers.core.host import (
service_restart,
@ -46,6 +48,7 @@ from charmhelpers.core.host import (
mkdir,
init_is_systemd,
)
import charmhelpers.contrib.openstack.cert_utils as cert_utils
from charmhelpers.contrib.openstack.context import ADDRESS_TYPES
from charmhelpers.contrib.openstack.utils import (
configure_installation_source,
@ -170,6 +173,9 @@ def metric_service_joined():
@restart_on_change(restart_map())
def any_changed():
CONFIGS.write_all()
for r_id in relation_ids('certificates'):
for unit in related_units(r_id):
certs_changed(r_id, unit)
configure_https()
for rid in relation_ids('identity-service'):
keystone_joined(relid=rid)
@ -231,6 +237,10 @@ def config_changed():
else:
close_port(CEILOMETER_PORT)
# Refire certificates relations for VIP changes
for r_id in relation_ids('certificates'):
certs_joined(r_id)
configure_https()
# NOTE(jamespage): Iterate identity-{service,credentials} relations
@ -445,6 +455,22 @@ def post_series_upgrade():
resume_unit_helper, CONFIGS)
@hooks.hook('certificates-relation-joined')
def certs_joined(relation_id=None):
relation_set(
relation_id=relation_id,
relation_settings=cert_utils.get_certificate_request())
@hooks.hook('certificates-relation-changed')
def certs_changed(relation_id=None, unit=None):
@restart_on_change(restart_map())
def _certs_changed():
cert_utils.process_certificates('ceilometer-api', relation_id, unit)
configure_https()
_certs_changed()
if __name__ == '__main__':
try:
hooks.execute(sys.argv)

View File

@ -0,0 +1 @@
ceilometer_hooks.py

View File

@ -0,0 +1 @@
ceilometer_hooks.py

View File

@ -0,0 +1 @@
ceilometer_hooks.py

View File

@ -0,0 +1 @@
ceilometer_hooks.py

View File

@ -47,6 +47,8 @@ requires:
interface: gnocchi
event-service:
interface: event-service
certificates:
interface: tls-certificates
peers:
cluster:
interface: ceilometer-ha

View File

@ -99,6 +99,7 @@ class CeilometerBasicDeployment(OpenStackAmuletDeployment):
'keystone:shared-db': 'percona-cluster:shared-db',
'ceilometer:ceilometer-service': 'ceilometer-agent:'
'ceilometer-service',
'ceilometer-agent:amqp': 'rabbitmq-server:amqp',
'nova-compute:nova-ceilometer': 'ceilometer-agent:nova-ceilometer',
'nova-compute:amqp': 'rabbitmq-server:amqp',
'glance:identity-service': 'keystone:identity-service',

View File

@ -140,15 +140,20 @@ class CeilometerHooksTest(CharmTestCase):
self.relation_set.assert_called_with(
ceilometer_database='ceilometer')
@patch.object(hooks, 'certs_changed')
@patch.object(hooks, 'related_units')
@patch.object(hooks, 'keystone_joined')
@patch('charmhelpers.core.hookenv.config')
@patch.object(hooks, 'ceilometer_joined')
def test_any_changed(self, ceilometer_joined, mock_config,
keystone_joined):
self.relation_ids.return_value = ['identity-service:1']
keystone_joined, _related_units, _certs_changed):
self.relation_ids.side_effect = [
['certificates:42'], ['identity-service:1']]
_related_units.return_value = ['vault/0']
hooks.hooks.execute(['hooks/shared-db-relation-changed'])
self.assertTrue(self.CONFIGS.write_all.called)
self.assertTrue(ceilometer_joined.called)
_certs_changed.assert_called_once_with('certificates:42', 'vault/0')
keystone_joined.assert_called_with(relid='identity-service:1')
self.configure_https.assert_called_once()
@ -426,3 +431,20 @@ class CeilometerHooksTest(CharmTestCase):
)
self.apt_install.assert_called_with(['python3-gnocchiclient'],
fatal=True)
@patch.object(hooks.cert_utils, 'get_certificate_request')
@patch.object(hooks, 'relation_set')
def test_certs_joined(self, _relation_set, _get_certificate_request):
hooks.hooks.execute(['hooks/certificates-relation-joined'])
_get_certificate_request.assert_called_once_with()
_relation_set.assert_called_once_with(
relation_id=None,
relation_settings=_get_certificate_request())
@patch.object(hooks, 'configure_https')
@patch.object(hooks.cert_utils, 'process_certificates')
def test_certs_changed(self, _process_certificates, _configure_https):
hooks.hooks.execute(['hooks/certificates-relation-changed'])
_process_certificates.assert_called_once_with(
'ceilometer-api', None, None)
_configure_https.assert_called_once_with()