openstack
/
charm-nova-compute-proxy
Code Issues Proposed changes

Enable Zesty-Ocata Amulet Tests 

- Turn on Zesty-Ocata Amulet test definitions.
- Standardize test-requirements.txt
- Sync charm helpers for various fixes

Change-Id: Ia0f4a99a5dc9e4b67bf51402a2f1f4bf9b1015d6
This commit is contained in:
David Ames 2017-04-27 11:27:50 -07:00
parent 7f59c00a59
commit b71c237741
28 changed files with 460 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hooks/charmhelpers/contrib/charmsupport/nrpe.py
View File

@ -373,7 +373,7 @@ def add_init_service_checks(nrpe, services, unit_name, immediate_check=True):
checkpath = '%s/service-check-%s.txt' % (nrpe.homedir, svc) checkpath = '%s/service-check-%s.txt' % (nrpe.homedir, svc)
croncmd = ( croncmd = (
'/usr/local/lib/nagios/plugins/check_exit_status.pl ' '/usr/local/lib/nagios/plugins/check_exit_status.pl '
'-s /etc/init.d/%s status' % svc '-e -s /etc/init.d/%s status' % svc
) )
cron_file = '*/5 * * * * root %s > %s\n' % (croncmd, checkpath) cron_file = '*/5 * * * * root %s > %s\n' % (croncmd, checkpath)
f = open(cronpath, 'w') f = open(cronpath, 'w')

10
hooks/charmhelpers/contrib/hardening/apache/checks/config.py
View File

@ -26,6 +26,7 @@ from charmhelpers.contrib.hardening.audits.file import (
DirectoryPermissionAudit, DirectoryPermissionAudit,
NoReadWriteForOther, NoReadWriteForOther,
TemplatedFile, TemplatedFile,
DeletedFile
) )
from charmhelpers.contrib.hardening.audits.apache import DisabledModuleAudit from charmhelpers.contrib.hardening.audits.apache import DisabledModuleAudit
from charmhelpers.contrib.hardening.apache import TEMPLATES_DIR from charmhelpers.contrib.hardening.apache import TEMPLATES_DIR
@ -52,13 +53,13 @@ def get_audits():
'mods-available/alias.conf'), 'mods-available/alias.conf'),
context, context,
TEMPLATES_DIR, TEMPLATES_DIR,
mode=0o0755, mode=0o0640,
user='root', user='root',
service_actions=[{'service': 'apache2', service_actions=[{'service': 'apache2',
'actions': ['restart']}]), 'actions': ['restart']}]),
TemplatedFile(os.path.join(settings['common']['apache_dir'], TemplatedFile(os.path.join(settings['common']['apache_dir'],
'conf-enabled/hardening.conf'), 'conf-enabled/99-hardening.conf'),
context, context,
TEMPLATES_DIR, TEMPLATES_DIR,
mode=0o0640, mode=0o0640,
@ -69,11 +70,13 @@ def get_audits():
DirectoryPermissionAudit(settings['common']['apache_dir'], DirectoryPermissionAudit(settings['common']['apache_dir'],
user='root', user='root',
group='root', group='root',
mode=0o640), mode=0o0750),
DisabledModuleAudit(settings['hardening']['modules_to_disable']), DisabledModuleAudit(settings['hardening']['modules_to_disable']),
NoReadWriteForOther(settings['common']['apache_dir']), NoReadWriteForOther(settings['common']['apache_dir']),
DeletedFile(['/var/www/html/index.html'])
] ]
return audits return audits
@ -94,5 +97,4 @@ class ApacheConfContext(object):
ctxt['apache_version'] = re.search(r'.+version: Apache/(.+?)\s.+', ctxt['apache_version'] = re.search(r'.+version: Apache/(.+?)\s.+',
out).group(1) out).group(1)
ctxt['apache_icondir'] = '/usr/share/apache2/icons/' ctxt['apache_icondir'] = '/usr/share/apache2/icons/'
ctxt['traceenable'] = settings['hardening']['traceenable']
return ctxt return ctxt

14
hooks/charmhelpers/contrib/hardening/apache/templates/hardening.conf → hooks/charmhelpers/contrib/hardening/apache/templates/99-hardening.conf
View File

@ -15,4 +15,18 @@
</LimitExcept> </LimitExcept>
</Location> </Location>
<Directory />
Options -Indexes -FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options -Indexes -FollowSymLinks
AllowOverride None
</Directory>
TraceEnable {{ traceenable }} TraceEnable {{ traceenable }}
ServerTokens {{ servertokens }}
SSLHonorCipherOrder {{ honor_cipher_order }}
SSLCipherSuite {{ cipher_suite }}

11
hooks/charmhelpers/contrib/hardening/audits/__init__.py
View File

@ -49,13 +49,6 @@ class BaseAudit(object): # NO-QA
# Invoke the callback if there is one. # Invoke the callback if there is one.
if hasattr(self.unless, '__call__'): if hasattr(self.unless, '__call__'):
results = self.unless() return not self.unless()
if results:
return False
else:
return True
if self.unless: return not self.unless
return False
else:
return True

3
hooks/charmhelpers/contrib/hardening/defaults/apache.yaml
View File

@ -11,3 +11,6 @@ hardening:
traceenable: 'off' traceenable: 'off'
allowed_http_methods: "GET POST" allowed_http_methods: "GET POST"
modules_to_disable: [ cgi, cgid ] modules_to_disable: [ cgi, cgid ]
servertokens: 'Prod'
honor_cipher_order: 'on'
cipher_suite: 'ALL:+MEDIUM:+HIGH:!LOW:!MD5:!RC4:!eNULL:!aNULL:!3DES'

3
hooks/charmhelpers/contrib/hardening/defaults/apache.yaml.schema
View File

@ -7,3 +7,6 @@ common:
hardening: hardening:
allowed_http_methods: allowed_http_methods:
modules_to_disable: modules_to_disable:
servertokens:
honor_cipher_order:
cipher_suite:

1
hooks/charmhelpers/contrib/hardening/defaults/os.yaml
View File

@ -58,6 +58,7 @@ security:
rsync rsync
kernel_enable_module_loading: True # (type:boolean) kernel_enable_module_loading: True # (type:boolean)
kernel_enable_core_dump: False # (type:boolean) kernel_enable_core_dump: False # (type:boolean)
ssh_tmout: 300
sysctl: sysctl:
kernel_secure_sysrq: 244 # 4 + 16 + 32 + 64 + 128 kernel_secure_sysrq: 244 # 4 + 16 + 32 + 64 + 128

1
hooks/charmhelpers/contrib/hardening/defaults/os.yaml.schema
View File

@ -34,6 +34,7 @@ security:
packages_list: packages_list:
kernel_enable_module_loading: kernel_enable_module_loading:
kernel_enable_core_dump: kernel_enable_core_dump:
ssh_tmout:
sysctl: sysctl:
kernel_secure_sysrq: kernel_secure_sysrq:
kernel_enable_sysrq: kernel_enable_sysrq:

10
hooks/charmhelpers/contrib/hardening/host/checks/profile.py
View File

@ -25,7 +25,6 @@ def get_audits():
audits = [] audits = []
settings = utils.get_settings('os') settings = utils.get_settings('os')
# If core dumps are not enabled, then don't allow core dumps to be # If core dumps are not enabled, then don't allow core dumps to be
# created as they may contain sensitive information. # created as they may contain sensitive information.
if not settings['security']['kernel_enable_core_dump']: if not settings['security']['kernel_enable_core_dump']:
@ -33,11 +32,18 @@ def get_audits():
ProfileContext(), ProfileContext(),
template_dir=TEMPLATES_DIR, template_dir=TEMPLATES_DIR,
mode=0o0755, user='root', group='root')) mode=0o0755, user='root', group='root'))
if settings['security']['ssh_tmout']:
audits.append(TemplatedFile('/etc/profile.d/99-hardening.sh',
ProfileContext(),
template_dir=TEMPLATES_DIR,
mode=0o0644, user='root', group='root'))
return audits return audits
class ProfileContext(object): class ProfileContext(object):
def __call__(self): def __call__(self):
ctxt = {} settings = utils.get_settings('os')
ctxt = {'ssh_tmout':
settings['security']['ssh_tmout']}
return ctxt return ctxt

5
hooks/charmhelpers/contrib/hardening/host/templates/99-hardening.sh Normal file
View File

@ -0,0 +1,5 @@
TMOUT={{ tmout }}
readonly TMOUT
export TMOUT
readonly HISTFILE

20
hooks/charmhelpers/contrib/hardening/ssh/checks/config.py
View File

@ -27,7 +27,10 @@ from charmhelpers.fetch import (
apt_install, apt_install,
apt_update, apt_update,
) )
from charmhelpers.core.host import lsb_release from charmhelpers.core.host import (
lsb_release,
CompareHostReleases,
)
from charmhelpers.contrib.hardening.audits.file import ( from charmhelpers.contrib.hardening.audits.file import (
TemplatedFile, TemplatedFile,
FileContentAudit, FileContentAudit,
@ -68,7 +71,8 @@ class SSHConfigContext(object):
'weak': default + ',hmac-sha1'} 'weak': default + ',hmac-sha1'}
# Use newer ciphers on Ubuntu Trusty and above # Use newer ciphers on Ubuntu Trusty and above
if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty': _release = lsb_release()['DISTRIB_CODENAME'].lower()
if CompareHostReleases(_release) >= 'trusty':
log("Detected Ubuntu 14.04 or newer, using new macs", level=DEBUG) log("Detected Ubuntu 14.04 or newer, using new macs", level=DEBUG)
macs = macs_66 macs = macs_66
@ -96,7 +100,8 @@ class SSHConfigContext(object):
'weak': weak} 'weak': weak}
# Use newer kex on Ubuntu Trusty and above # Use newer kex on Ubuntu Trusty and above
if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty': _release = lsb_release()['DISTRIB_CODENAME'].lower()
if CompareHostReleases(_release) >= 'trusty':
log('Detected Ubuntu 14.04 or newer, using new key exchange ' log('Detected Ubuntu 14.04 or newer, using new key exchange '
'algorithms', level=DEBUG) 'algorithms', level=DEBUG)
kex = kex_66 kex = kex_66
@ -119,7 +124,8 @@ class SSHConfigContext(object):
'weak': default + ',aes256-cbc,aes192-cbc,aes128-cbc'} 'weak': default + ',aes256-cbc,aes192-cbc,aes128-cbc'}
# Use newer ciphers on ubuntu Trusty and above # Use newer ciphers on ubuntu Trusty and above
if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty': _release = lsb_release()['DISTRIB_CODENAME'].lower()
if CompareHostReleases(_release) >= 'trusty':
log('Detected Ubuntu 14.04 or newer, using new ciphers', log('Detected Ubuntu 14.04 or newer, using new ciphers',
level=DEBUG) level=DEBUG)
cipher = ciphers_66 cipher = ciphers_66
@ -291,7 +297,8 @@ class SSHConfigFileContentAudit(FileContentAudit):
self.fail_cases = [] self.fail_cases = []
settings = utils.get_settings('ssh') settings = utils.get_settings('ssh')
if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty': _release = lsb_release()['DISTRIB_CODENAME'].lower()
if CompareHostReleases(_release) >= 'trusty':
if not settings['server']['weak_hmac']: if not settings['server']['weak_hmac']:
self.pass_cases.append(r'^MACs.+,hmac-ripemd160$') self.pass_cases.append(r'^MACs.+,hmac-ripemd160$')
else: else:
@ -364,7 +371,8 @@ class SSHDConfigFileContentAudit(FileContentAudit):
self.fail_cases = [] self.fail_cases = []
settings = utils.get_settings('ssh') settings = utils.get_settings('ssh')
if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty': _release = lsb_release()['DISTRIB_CODENAME'].lower()
if CompareHostReleases(_release) >= 'trusty':
if not settings['server']['weak_hmac']: if not settings['server']['weak_hmac']:
self.pass_cases.append(r'^MACs.+,hmac-ripemd160$') self.pass_cases.append(r'^MACs.+,hmac-ripemd160$')
else: else:

91
hooks/charmhelpers/contrib/network/ip.py
View File

@ -31,6 +31,7 @@ from charmhelpers.core.hookenv import (
from charmhelpers.core.host import ( from charmhelpers.core.host import (
lsb_release, lsb_release,
CompareHostReleases,
) )
try: try:
@ -67,6 +68,24 @@ def no_ip_found_error_out(network):
raise ValueError(errmsg) raise ValueError(errmsg)
def _get_ipv6_network_from_address(address):
"""Get an netaddr.IPNetwork for the given IPv6 address
:param address: a dict as returned by netifaces.ifaddresses
:returns netaddr.IPNetwork: None if the address is a link local or loopback
address
"""
if address['addr'].startswith('fe80') or address['addr'] == "::1":
return None
prefix = address['netmask'].split("/")
if len(prefix) > 1:
netmask = prefix[1]
else:
netmask = address['netmask']
return netaddr.IPNetwork("%s/%s" % (address['addr'],
netmask))
def get_address_in_network(network, fallback=None, fatal=False): def get_address_in_network(network, fallback=None, fatal=False):
"""Get an IPv4 or IPv6 address within the network from the host. """Get an IPv4 or IPv6 address within the network from the host.
@ -92,18 +111,16 @@ def get_address_in_network(network, fallback=None, fatal=False):
for iface in netifaces.interfaces(): for iface in netifaces.interfaces():
addresses = netifaces.ifaddresses(iface) addresses = netifaces.ifaddresses(iface)
if network.version == 4 and netifaces.AF_INET in addresses: if network.version == 4 and netifaces.AF_INET in addresses:
addr = addresses[netifaces.AF_INET][0]['addr'] for addr in addresses[netifaces.AF_INET]:
netmask = addresses[netifaces.AF_INET][0]['netmask'] cidr = netaddr.IPNetwork("%s/%s" % (addr['addr'],
cidr = netaddr.IPNetwork("%s/%s" % (addr, netmask)) addr['netmask']))
if cidr in network: if cidr in network:
return str(cidr.ip) return str(cidr.ip)
if network.version == 6 and netifaces.AF_INET6 in addresses: if network.version == 6 and netifaces.AF_INET6 in addresses:
for addr in addresses[netifaces.AF_INET6]: for addr in addresses[netifaces.AF_INET6]:
if not addr['addr'].startswith('fe80'): cidr = _get_ipv6_network_from_address(addr)
cidr = netaddr.IPNetwork("%s/%s" % (addr['addr'], if cidr and cidr in network:
addr['netmask']))
if cidr in network:
return str(cidr.ip) return str(cidr.ip)
if fallback is not None: if fallback is not None:
@ -180,9 +197,10 @@ def _get_for_address(address, key):
if address.version == 6 and netifaces.AF_INET6 in addresses: if address.version == 6 and netifaces.AF_INET6 in addresses:
for addr in addresses[netifaces.AF_INET6]: for addr in addresses[netifaces.AF_INET6]:
if not addr['addr'].startswith('fe80'): network = _get_ipv6_network_from_address(addr)
network = netaddr.IPNetwork("%s/%s" % (addr['addr'], if not network:
addr['netmask'])) continue
cidr = network.cidr cidr = network.cidr
if address in cidr: if address in cidr:
if key == 'iface': if key == 'iface':
@ -191,7 +209,6 @@ def _get_for_address(address, key):
return str(cidr).split('/')[1] return str(cidr).split('/')[1]
else: else:
return addr[key] return addr[key]
return None return None
@ -222,6 +239,16 @@ def format_ipv6_addr(address):
return None return None
def is_ipv6_disabled():
try:
result = subprocess.check_output(
['sysctl', 'net.ipv6.conf.all.disable_ipv6'],
stderr=subprocess.STDOUT)
return "net.ipv6.conf.all.disable_ipv6 = 1" in result
except subprocess.CalledProcessError:
return True
def get_iface_addr(iface='eth0', inet_type='AF_INET', inc_aliases=False, def get_iface_addr(iface='eth0', inet_type='AF_INET', inc_aliases=False,
fatal=True, exc_list=None): fatal=True, exc_list=None):
"""Return the assigned IP address for a given interface, if any. """Return the assigned IP address for a given interface, if any.
@ -521,36 +548,44 @@ def port_has_listener(address, port):
def assert_charm_supports_ipv6(): def assert_charm_supports_ipv6():
"""Check whether we are able to support charms ipv6.""" """Check whether we are able to support charms ipv6."""
if lsb_release()['DISTRIB_CODENAME'].lower() < "trusty": release = lsb_release()['DISTRIB_CODENAME'].lower()
if CompareHostReleases(release) < "trusty":
raise Exception("IPv6 is not supported in the charms for Ubuntu " raise Exception("IPv6 is not supported in the charms for Ubuntu "
"versions less than Trusty 14.04") "versions less than Trusty 14.04")
def get_relation_ip(interface, config_override=None): def get_relation_ip(interface, cidr_network=None):
"""Return this unit's IP for the given relation. """Return this unit's IP for the given interface.
Allow for an arbitrary interface to use with network-get to select an IP. Allow for an arbitrary interface to use with network-get to select an IP.
Handle all address selection options including configuration parameter Handle all address selection options including passed cidr network and
override and IPv6. IPv6.
Usage: get_relation_ip('amqp', config_override='access-network') Usage: get_relation_ip('amqp', cidr_network='10.0.0.0/8')
@param interface: string name of the relation. @param interface: string name of the relation.
@param config_override: string name of the config option for network @param cidr_network: string CIDR Network to select an address from.
override. Supports legacy network override configuration parameters.
@raises Exception if prefer-ipv6 is configured but IPv6 unsupported. @raises Exception if prefer-ipv6 is configured but IPv6 unsupported.
@returns IPv6 or IPv4 address @returns IPv6 or IPv4 address
""" """
# Select the interface address first
# For possible use as a fallback bellow with get_address_in_network
try:
# Get the interface specific IP
address = network_get_primary_address(interface)
except NotImplementedError:
# If network-get is not available
address = get_host_ip(unit_get('private-address'))
fallback = get_host_ip(unit_get('private-address'))
if config('prefer-ipv6'): if config('prefer-ipv6'):
# Currently IPv6 has priority, eventually we want IPv6 to just be
# another network space.
assert_charm_supports_ipv6() assert_charm_supports_ipv6()
return get_ipv6_addr()[0] return get_ipv6_addr()[0]
elif config_override and config(config_override): elif cidr_network:
return get_address_in_network(config(config_override), # If a specific CIDR network is passed get the address from that
fallback) # network.
else: return get_address_in_network(cidr_network, address)
try:
return network_get_primary_address(interface) # Return the interface address
except NotImplementedError: return address
return fallback

5
hooks/charmhelpers/contrib/openstack/amulet/utils.py
View File

@ -40,6 +40,7 @@ from charmhelpers.contrib.amulet.utils import (
AmuletUtils AmuletUtils
) )
from charmhelpers.core.decorators import retry_on_exception from charmhelpers.core.decorators import retry_on_exception
from charmhelpers.core.host import CompareHostReleases
DEBUG = logging.DEBUG DEBUG = logging.DEBUG
ERROR = logging.ERROR ERROR = logging.ERROR
@ -546,7 +547,7 @@ class OpenStackAmuletUtils(AmuletUtils):
"""Create the specified instance.""" """Create the specified instance."""
self.log.debug('Creating instance ' self.log.debug('Creating instance '
'({}|{}|{})'.format(instance_name, image_name, flavor)) '({}|{}|{})'.format(instance_name, image_name, flavor))
image = nova.images.find(name=image_name) image = nova.glance.find_image(image_name)
flavor = nova.flavors.find(name=flavor) flavor = nova.flavors.find(name=flavor)
instance = nova.servers.create(name=instance_name, image=image, instance = nova.servers.create(name=instance_name, image=image,
flavor=flavor) flavor=flavor)
@ -1255,7 +1256,7 @@ class OpenStackAmuletUtils(AmuletUtils):
contents = self.file_contents_safe(sentry_unit, '/etc/memcached.conf', contents = self.file_contents_safe(sentry_unit, '/etc/memcached.conf',
fatal=True) fatal=True)
ubuntu_release, _ = self.run_cmd_unit(sentry_unit, 'lsb_release -cs') ubuntu_release, _ = self.run_cmd_unit(sentry_unit, 'lsb_release -cs')
if ubuntu_release <= 'trusty': if CompareHostReleases(ubuntu_release) <= 'trusty':
memcache_listen_addr = 'ip6-localhost' memcache_listen_addr = 'ip6-localhost'
else: else:
memcache_listen_addr = '::1' memcache_listen_addr = '::1'

114
hooks/charmhelpers/contrib/openstack/context.py
View File

@ -59,6 +59,8 @@ from charmhelpers.core.host import (
write_file, write_file,
pwgen, pwgen,
lsb_release, lsb_release,
CompareHostReleases,
is_container,
) )
from charmhelpers.contrib.hahelpers.cluster import ( from charmhelpers.contrib.hahelpers.cluster import (
determine_apache_port, determine_apache_port,
@ -87,6 +89,7 @@ from charmhelpers.contrib.network.ip import (
format_ipv6_addr, format_ipv6_addr,
is_address_in_network, is_address_in_network,
is_bridge_member, is_bridge_member,
is_ipv6_disabled,
) )
from charmhelpers.contrib.openstack.utils import ( from charmhelpers.contrib.openstack.utils import (
config_flags_parser, config_flags_parser,
@ -108,6 +111,7 @@ except ImportError:
CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt' CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'
ADDRESS_TYPES = ['admin', 'internal', 'public'] ADDRESS_TYPES = ['admin', 'internal', 'public']
HAPROXY_RUN_DIR = '/var/run/haproxy/'
def ensure_packages(packages): def ensure_packages(packages):
@ -155,7 +159,8 @@ class OSContextGenerator(object):
if self.missing_data: if self.missing_data:
self.complete = False self.complete = False
log('Missing required data: %s' % ' '.join(self.missing_data), level=INFO) log('Missing required data: %s' % ' '.join(self.missing_data),
level=INFO)
else: else:
self.complete = True self.complete = True
return self.complete return self.complete
@ -213,7 +218,8 @@ class SharedDBContext(OSContextGenerator):
hostname_key = "{}_hostname".format(self.relation_prefix) hostname_key = "{}_hostname".format(self.relation_prefix)
else: else:
hostname_key = "hostname" hostname_key = "hostname"
access_hostname = get_address_in_network(access_network, access_hostname = get_address_in_network(
access_network,
unit_get('private-address')) unit_get('private-address'))
set_hostname = relation_get(attribute=hostname_key, set_hostname = relation_get(attribute=hostname_key,
unit=local_unit()) unit=local_unit())
@ -308,7 +314,10 @@ def db_ssl(rdata, ctxt, ssl_dir):
class IdentityServiceContext(OSContextGenerator): class IdentityServiceContext(OSContextGenerator):
def __init__(self, service=None, service_user=None, rel_name='identity-service'): def __init__(self,
service=None,
service_user=None,
rel_name='identity-service'):
self.service = service self.service = service
self.service_user = service_user self.service_user = service_user
self.rel_name = rel_name self.rel_name = rel_name
@ -457,19 +466,17 @@ class AMQPContext(OSContextGenerator):
host = format_ipv6_addr(host) or host host = format_ipv6_addr(host) or host
rabbitmq_hosts.append(host) rabbitmq_hosts.append(host)
ctxt['rabbitmq_hosts'] = ','.join(sorted(rabbitmq_hosts)) rabbitmq_hosts = sorted(rabbitmq_hosts)
ctxt['rabbitmq_hosts'] = ','.join(rabbitmq_hosts)
transport_hosts = rabbitmq_hosts transport_hosts = rabbitmq_hosts
if transport_hosts: if transport_hosts:
transport_url_hosts = '' transport_url_hosts = ','.join([
for host in transport_hosts: "{}:{}@{}:{}".format(ctxt['rabbitmq_user'],
if transport_url_hosts: ctxt['rabbitmq_password'],
format_string = ",{}:{}@{}:{}" host_,
else: rabbitmq_port)
format_string = "{}:{}@{}:{}" for host_ in transport_hosts])
transport_url_hosts += format_string.format(
ctxt['rabbitmq_user'], ctxt['rabbitmq_password'],
host, rabbitmq_port)
ctxt['transport_url'] = "rabbit://{}/{}".format( ctxt['transport_url'] = "rabbit://{}/{}".format(
transport_url_hosts, vhost) transport_url_hosts, vhost)
@ -530,6 +537,8 @@ class HAProxyContext(OSContextGenerator):
"""Provides half a context for the haproxy template, which describes """Provides half a context for the haproxy template, which describes
all peers to be included in the cluster. Each charm needs to include all peers to be included in the cluster. Each charm needs to include
its own context generator that describes the port mapping. its own context generator that describes the port mapping.
:side effect: mkdir is called on HAPROXY_RUN_DIR
""" """
interfaces = ['cluster'] interfaces = ['cluster']
@ -537,6 +546,8 @@ class HAProxyContext(OSContextGenerator):
self.singlenode_mode = singlenode_mode self.singlenode_mode = singlenode_mode
def __call__(self): def __call__(self):
if not os.path.isdir(HAPROXY_RUN_DIR):
mkdir(path=HAPROXY_RUN_DIR)
if not relation_ids('cluster') and not self.singlenode_mode: if not relation_ids('cluster') and not self.singlenode_mode:
return {} return {}
@ -1217,22 +1228,54 @@ class BindHostContext(OSContextGenerator):
return {'bind_host': '0.0.0.0'} return {'bind_host': '0.0.0.0'}
class WorkerConfigContext(OSContextGenerator): MAX_DEFAULT_WORKERS = 4
DEFAULT_MULTIPLIER = 2
@property
def num_cpus(self):
# NOTE: use cpu_count if present (16.04 support)
if hasattr(psutil, 'cpu_count'):
return psutil.cpu_count()
else:
return psutil.NUM_CPUS
def __call__(self): def _calculate_workers():
multiplier = config('worker-multiplier') or 0 '''
count = int(self.num_cpus * multiplier) Determine the number of worker processes based on the CPU
count of the unit containing the application.
Workers will be limited to MAX_DEFAULT_WORKERS in
container environments where no worker-multipler configuration
option been set.
@returns int: number of worker processes to use
'''
multiplier = config('worker-multiplier') or DEFAULT_MULTIPLIER
count = int(_num_cpus() * multiplier)
if multiplier > 0 and count == 0: if multiplier > 0 and count == 0:
count = 1 count = 1
ctxt = {"workers": count}
if config('worker-multiplier') is None and is_container():
# NOTE(jamespage): Limit unconfigured worker-multiplier
# to MAX_DEFAULT_WORKERS to avoid insane
# worker configuration in LXD containers
# on large servers
# Reference: https://pad.lv/1665270
count = min(count, MAX_DEFAULT_WORKERS)
return count
def _num_cpus():
'''
Compatibility wrapper for calculating the number of CPU's
a unit has.
@returns: int: number of CPU cores detected
'''
try:
return psutil.cpu_count()
except AttributeError:
return psutil.NUM_CPUS
class WorkerConfigContext(OSContextGenerator):
def __call__(self):
ctxt = {"workers": _calculate_workers()}
return ctxt return ctxt
@ -1240,7 +1283,7 @@ class WSGIWorkerConfigContext(WorkerConfigContext):
def __init__(self, name=None, script=None, admin_script=None, def __init__(self, name=None, script=None, admin_script=None,
public_script=None, process_weight=1.00, public_script=None, process_weight=1.00,
admin_process_weight=0.75, public_process_weight=0.25): admin_process_weight=0.25, public_process_weight=0.75):
self.service_name = name self.service_name = name
self.user = name self.user = name
self.group = name self.group = name
@ -1252,8 +1295,7 @@ class WSGIWorkerConfigContext(WorkerConfigContext):
self.public_process_weight = public_process_weight self.public_process_weight = public_process_weight
def __call__(self): def __call__(self):
multiplier = config('worker-multiplier') or 1 total_processes = _calculate_workers()
total_processes = self.num_cpus * multiplier
ctxt = { ctxt = {
"service_name": self.service_name, "service_name": self.service_name,
"user": self.user, "user": self.user,
@ -1584,7 +1626,7 @@ class MemcacheContext(OSContextGenerator):
"""Memcache context """Memcache context
This context provides options for configuring a local memcache client and This context provides options for configuring a local memcache client and
server server for both IPv4 and IPv6
""" """
def __init__(self, package=None): def __init__(self, package=None):
@ -1601,7 +1643,19 @@ class MemcacheContext(OSContextGenerator):
if ctxt['use_memcache']: if ctxt['use_memcache']:
# Trusty version of memcached does not support ::1 as a listen # Trusty version of memcached does not support ::1 as a listen
# address so use host file entry instead # address so use host file entry instead
if lsb_release()['DISTRIB_CODENAME'].lower() > 'trusty': release = lsb_release()['DISTRIB_CODENAME'].lower()
if is_ipv6_disabled():
if CompareHostReleases(release) > 'trusty':
ctxt['memcache_server'] = '127.0.0.1'
else:
ctxt['memcache_server'] = 'localhost'
ctxt['memcache_server_formatted'] = '127.0.0.1'
ctxt['memcache_port'] = '11211'
ctxt['memcache_url'] = '{}:{}'.format(
ctxt['memcache_server_formatted'],
ctxt['memcache_port'])
else:
if CompareHostReleases(release) > 'trusty':
ctxt['memcache_server'] = '::1' ctxt['memcache_server'] = '::1'
else: else:
ctxt['memcache_server'] = 'ip6-localhost' ctxt['memcache_server'] = 'ip6-localhost'

19
hooks/charmhelpers/contrib/openstack/neutron.py
View File

@ -23,7 +23,10 @@ from charmhelpers.core.hookenv import (
ERROR, ERROR,
) )
from charmhelpers.contrib.openstack.utils import os_release from charmhelpers.contrib.openstack.utils import (
os_release,
CompareOpenStackReleases,
)
def headers_package(): def headers_package():
@ -198,7 +201,8 @@ def neutron_plugins():
}, },
'plumgrid': { 'plumgrid': {
'config': '/etc/neutron/plugins/plumgrid/plumgrid.ini', 'config': '/etc/neutron/plugins/plumgrid/plumgrid.ini',
'driver': 'neutron.plugins.plumgrid.plumgrid_plugin.plumgrid_plugin.NeutronPluginPLUMgridV2', 'driver': ('neutron.plugins.plumgrid.plumgrid_plugin'
'.plumgrid_plugin.NeutronPluginPLUMgridV2'),
'contexts': [ 'contexts': [
context.SharedDBContext(user=config('database-user'), context.SharedDBContext(user=config('database-user'),
database=config('database'), database=config('database'),
@ -225,7 +229,7 @@ def neutron_plugins():
'server_services': ['neutron-server'] 'server_services': ['neutron-server']
} }
} }
if release >= 'icehouse': if CompareOpenStackReleases(release) >= 'icehouse':
# NOTE: patch in ml2 plugin for icehouse onwards # NOTE: patch in ml2 plugin for icehouse onwards
plugins['ovs']['config'] = '/etc/neutron/plugins/ml2/ml2_conf.ini' plugins['ovs']['config'] = '/etc/neutron/plugins/ml2/ml2_conf.ini'
plugins['ovs']['driver'] = 'neutron.plugins.ml2.plugin.Ml2Plugin' plugins['ovs']['driver'] = 'neutron.plugins.ml2.plugin.Ml2Plugin'
@ -233,10 +237,10 @@ def neutron_plugins():
'neutron-plugin-ml2'] 'neutron-plugin-ml2']
# NOTE: patch in vmware renames nvp->nsx for icehouse onwards # NOTE: patch in vmware renames nvp->nsx for icehouse onwards
plugins['nvp'] = plugins['nsx'] plugins['nvp'] = plugins['nsx']
if release >= 'kilo': if CompareOpenStackReleases(release) >= 'kilo':
plugins['midonet']['driver'] = ( plugins['midonet']['driver'] = (
'neutron.plugins.midonet.plugin.MidonetPluginV2') 'neutron.plugins.midonet.plugin.MidonetPluginV2')
if release >= 'liberty': if CompareOpenStackReleases(release) >= 'liberty':
plugins['midonet']['driver'] = ( plugins['midonet']['driver'] = (
'midonet.neutron.plugin_v1.MidonetPluginV2') 'midonet.neutron.plugin_v1.MidonetPluginV2')
plugins['midonet']['server_packages'].remove( plugins['midonet']['server_packages'].remove(
@ -244,10 +248,11 @@ def neutron_plugins():
plugins['midonet']['server_packages'].append( plugins['midonet']['server_packages'].append(
'python-networking-midonet') 'python-networking-midonet')
plugins['plumgrid']['driver'] = ( plugins['plumgrid']['driver'] = (
'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2') 'networking_plumgrid.neutron.plugins'
'.plugin.NeutronPluginPLUMgridV2')
plugins['plumgrid']['server_packages'].remove( plugins['plumgrid']['server_packages'].remove(
'neutron-plugin-plumgrid') 'neutron-plugin-plumgrid')
if release >= 'mitaka': if CompareOpenStackReleases(release) >= 'mitaka':
plugins['nsx']['server_packages'].remove('neutron-plugin-vmware') plugins['nsx']['server_packages'].remove('neutron-plugin-vmware')
plugins['nsx']['server_packages'].append('python-vmware-nsx') plugins['nsx']['server_packages'].append('python-vmware-nsx')
plugins['nsx']['config'] = '/etc/neutron/nsx.ini' plugins['nsx']['config'] = '/etc/neutron/nsx.ini'

11
hooks/charmhelpers/contrib/openstack/templates/haproxy.cfg
View File

@ -5,6 +5,8 @@ global
user haproxy user haproxy
group haproxy group haproxy
spread-checks 0 spread-checks 0
stats socket /var/run/haproxy/admin.sock mode 600 level admin
stats timeout 2m
defaults defaults
log global log global
@ -58,6 +60,15 @@ frontend tcp-in_{{ service }}
{% for frontend in frontends -%} {% for frontend in frontends -%}
backend {{ service }}_{{ frontend }} backend {{ service }}_{{ frontend }}
balance leastconn balance leastconn
{% if backend_options -%}
{% if backend_options[service] -%}
{% for option in backend_options[service] -%}
{% for key, value in option.items() -%}
{{ key }} {{ value }}
{% endfor -%}
{% endfor -%}
{% endif -%}
{% endif -%}
{% for unit, address in frontends[frontend]['backends'].items() -%} {% for unit, address in frontends[frontend]['backends'].items() -%}
server {{ unit }} {{ address }}:{{ ports[1] }} check server {{ unit }} {{ address }}:{{ ports[1] }} check
{% endfor %} {% endfor %}

40
hooks/charmhelpers/contrib/openstack/utils.py
View File

@ -33,9 +33,7 @@ import yaml
from charmhelpers.contrib.network import ip from charmhelpers.contrib.network import ip
from charmhelpers.core import ( from charmhelpers.core import unitdata
unitdata,
)
from charmhelpers.core.hookenv import ( from charmhelpers.core.hookenv import (
action_fail, action_fail,
@ -55,6 +53,8 @@ from charmhelpers.core.hookenv import (
application_version_set, application_version_set,
) )
from charmhelpers.core.strutils import BasicStringComparator
from charmhelpers.contrib.storage.linux.lvm import ( from charmhelpers.contrib.storage.linux.lvm import (
deactivate_lvm_volume_group, deactivate_lvm_volume_group,
is_lvm_physical_volume, is_lvm_physical_volume,
@ -97,6 +97,22 @@ CLOUD_ARCHIVE_KEY_ID = '5EDB1B62EC4926EA'
DISTRO_PROPOSED = ('deb http://archive.ubuntu.com/ubuntu/ %s-proposed ' DISTRO_PROPOSED = ('deb http://archive.ubuntu.com/ubuntu/ %s-proposed '
'restricted main multiverse universe') 'restricted main multiverse universe')
OPENSTACK_RELEASES = (
'diablo',
'essex',
'folsom',
'grizzly',
'havana',
'icehouse',
'juno',
'kilo',
'liberty',
'mitaka',
'newton',
'ocata',
'pike',
)
UBUNTU_OPENSTACK_RELEASE = OrderedDict([ UBUNTU_OPENSTACK_RELEASE = OrderedDict([
('oneiric', 'diablo'), ('oneiric', 'diablo'),
('precise', 'essex'), ('precise', 'essex'),
@ -238,6 +254,17 @@ GIT_DEFAULT_BRANCHES = {
DEFAULT_LOOPBACK_SIZE = '5G' DEFAULT_LOOPBACK_SIZE = '5G'
class CompareOpenStackReleases(BasicStringComparator):
"""Provide comparisons of OpenStack releases.
Use in the form of
if CompareOpenStackReleases(release) > 'mitaka':
# do something with mitaka
"""
_list = OPENSTACK_RELEASES
def error_out(msg): def error_out(msg):
juju_log("FATAL ERROR: %s" % msg, level='ERROR') juju_log("FATAL ERROR: %s" % msg, level='ERROR')
sys.exit(1) sys.exit(1)
@ -1066,7 +1093,8 @@ def git_generate_systemd_init_files(templates_dir):
shutil.copyfile(init_in_source, init_source) shutil.copyfile(init_in_source, init_source)
with open(init_source, 'a') as outfile: with open(init_source, 'a') as outfile:
template = '/usr/share/openstack-pkg-tools/init-script-template' template = ('/usr/share/openstack-pkg-tools/'
'init-script-template')
with open(template) as infile: with open(template) as infile:
outfile.write('\n\n{}'.format(infile.read())) outfile.write('\n\n{}'.format(infile.read()))
@ -1971,9 +1999,7 @@ def enable_memcache(source=None, release=None, package=None):
if not _release: if not _release:
_release = get_os_codename_install_source(source) _release = get_os_codename_install_source(source)
# TODO: this should be changed to a numeric comparison using a known list return CompareOpenStackReleases(_release) >= 'mitaka'
# of releases and comparing by index.
return _release >= 'mitaka'
def token_cache_pkgs(source=None, release=None): def token_cache_pkgs(source=None, release=None):

8
hooks/charmhelpers/contrib/storage/linux/ceph.py
View File

@ -987,13 +987,15 @@ def ensure_ceph_storage(service, pool, rbd_img, sizemb, mount_point,
service_start(svc) service_start(svc)
def ensure_ceph_keyring(service, user=None, group=None, relation='ceph'): def ensure_ceph_keyring(service, user=None, group=None,
relation='ceph', key=None):
"""Ensures a ceph keyring is created for a named service and optionally """Ensures a ceph keyring is created for a named service and optionally
ensures user and group ownership. ensures user and group ownership.
Returns False if no ceph key is available in relation state. @returns boolean: Flag to indicate whether a key was successfully written
to disk based on either relation data or a supplied key
""" """
key = None if not key:
for rid in relation_ids(relation): for rid in relation_ids(relation):
for unit in related_units(rid): for unit in related_units(rid):
key = relation_get('key', rid=rid, unit=unit) key = relation_get('key', rid=rid, unit=unit)

6
hooks/charmhelpers/core/host.py
View File

@ -45,6 +45,7 @@ if __platform__ == "ubuntu":
add_new_group, add_new_group,
lsb_release, lsb_release,
cmp_pkgrevno, cmp_pkgrevno,
CompareHostReleases,
) # flake8: noqa -- ignore F401 for this import ) # flake8: noqa -- ignore F401 for this import
elif __platform__ == "centos": elif __platform__ == "centos":
from charmhelpers.core.host_factory.centos import ( from charmhelpers.core.host_factory.centos import (
@ -52,6 +53,7 @@ elif __platform__ == "centos":
add_new_group, add_new_group,
lsb_release, lsb_release,
cmp_pkgrevno, cmp_pkgrevno,
CompareHostReleases,
) # flake8: noqa -- ignore F401 for this import ) # flake8: noqa -- ignore F401 for this import
UPDATEDB_PATH = '/etc/updatedb.conf' UPDATEDB_PATH = '/etc/updatedb.conf'
@ -189,7 +191,7 @@ def service_pause(service_name, init_dir="/etc/init", initd_dir="/etc/init.d",
upstart_file = os.path.join(init_dir, "{}.conf".format(service_name)) upstart_file = os.path.join(init_dir, "{}.conf".format(service_name))
sysv_file = os.path.join(initd_dir, service_name) sysv_file = os.path.join(initd_dir, service_name)
if init_is_systemd(): if init_is_systemd():
service('disable', service_name) service('mask', service_name)
elif os.path.exists(upstart_file): elif os.path.exists(upstart_file):
override_path = os.path.join( override_path = os.path.join(
init_dir, '{}.override'.format(service_name)) init_dir, '{}.override'.format(service_name))
@ -222,7 +224,7 @@ def service_resume(service_name, init_dir="/etc/init",
upstart_file = os.path.join(init_dir, "{}.conf".format(service_name)) upstart_file = os.path.join(init_dir, "{}.conf".format(service_name))
sysv_file = os.path.join(initd_dir, service_name) sysv_file = os.path.join(initd_dir, service_name)
if init_is_systemd(): if init_is_systemd():
service('enable', service_name) service('unmask', service_name)
elif os.path.exists(upstart_file): elif os.path.exists(upstart_file):
override_path = os.path.join( override_path = os.path.join(
init_dir, '{}.override'.format(service_name)) init_dir, '{}.override'.format(service_name))

16
hooks/charmhelpers/core/host_factory/centos.py
View File

@ -2,6 +2,22 @@ import subprocess
import yum import yum
import os import os
from charmhelpers.core.strutils import BasicStringComparator
class CompareHostReleases(BasicStringComparator):
"""Provide comparisons of Host releases.
Use in the form of
if CompareHostReleases(release) > 'trusty':
# do something with mitaka
"""
def __init__(self, item):
raise NotImplementedError(
"CompareHostReleases() is not implemented for CentOS")
def service_available(service_name): def service_available(service_name):
# """Determine whether a system service is available.""" # """Determine whether a system service is available."""

32
hooks/charmhelpers/core/host_factory/ubuntu.py
View File

@ -1,5 +1,37 @@
import subprocess import subprocess
from charmhelpers.core.strutils import BasicStringComparator
UBUNTU_RELEASES = (
'lucid',
'maverick',
'natty',
'oneiric',
'precise',
'quantal',
'raring',
'saucy',
'trusty',
'utopic',
'vivid',
'wily',
'xenial',
'yakkety',
'zesty',
)
class CompareHostReleases(BasicStringComparator):
"""Provide comparisons of Ubuntu releases.
Use in the form of
if CompareHostReleases(release) > 'trusty':
# do something with mitaka
"""
_list = UBUNTU_RELEASES
def service_available(service_name): def service_available(service_name):
"""Determine whether a system service is available""" """Determine whether a system service is available"""

53
hooks/charmhelpers/core/strutils.py
View File

@ -68,3 +68,56 @@ def bytes_from_string(value):
msg = "Unable to interpret string value '%s' as bytes" % (value) msg = "Unable to interpret string value '%s' as bytes" % (value)
raise ValueError(msg) raise ValueError(msg)
return int(matches.group(1)) * (1024 ** BYTE_POWER[matches.group(2)]) return int(matches.group(1)) * (1024 ** BYTE_POWER[matches.group(2)])
class BasicStringComparator(object):
"""Provides a class that will compare strings from an iterator type object.
Used to provide > and < comparisons on strings that may not necessarily be
alphanumerically ordered. e.g. OpenStack or Ubuntu releases AFTER the
z-wrap.
"""
_list = None
def __init__(self, item):
if self._list is None:
raise Exception("Must define the _list in the class definition!")
try:
self.index = self._list.index(item)
except Exception:
raise KeyError("Item '{}' is not in list '{}'"
.format(item, self._list))
def __eq__(self, other):
assert isinstance(other, str) or isinstance(other, self.__class__)
return self.index == self._list.index(other)
def __ne__(self, other):
return not self.__eq__(other)
def __lt__(self, other):
assert isinstance(other, str) or isinstance(other, self.__class__)
return self.index < self._list.index(other)
def __ge__(self, other):
return not self.__lt__(other)
def __gt__(self, other):
assert isinstance(other, str) or isinstance(other, self.__class__)
return self.index > self._list.index(other)
def __le__(self, other):
return not self.__gt__(other)
def __str__(self):
"""Always give back the item at the index so it can be used in
comparisons like:
s_mitaka = CompareOpenStack('mitaka')
s_newton = CompareOpenstack('newton')
assert s_newton > s_mitaka
@returns: <string>
"""
return self._list[self.index]

3
metadata.yaml
View File

@ -12,8 +12,9 @@ tags:
- openstack - openstack
series: series:
- xenial - xenial
- zesty
- trusty - trusty
- yakkety
- zesty
provides: provides:
cloud-compute: cloud-compute:
interface: nova-compute interface: nova-compute

16
requirements.txt
View File

@ -1,2 +1,14 @@
# Place all python test dependencies in test-requirements.txt. # The order of packages is significant, because pip processes them in the order
# This is intentionally blank. # of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
pbr>=1.8.0,<1.9.0
PyYAML>=3.1.0
simplejson>=2.2.0
netifaces>=0.10.4
netaddr>=0.7.12,!=0.7.16
Jinja2>=2.6 # BSD License (3 clause)
six>=1.9.0
dnspython>=1.12.0
psutil>=1.1.1,<2.0.0
bzr+lp:charm-helpers#egg=charmhelpers
juju-wait==2.5.0

32
test-requirements.txt
View File

@ -1,37 +1,27 @@
# The order of packages is significant, because pip processes them in the order # The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration # of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later. # process, which may cause wedges in the gate later.
pbr>=1.8.0,<1.9.0
pyyaml>=3.1.0
simplejson>=2.2.0
netifaces>=0.10.4
netaddr>=0.7.12,!=0.7.16
Jinja2>=2.6 # BSD License (3 clause)
six>=1.9.0
dnspython>=1.12.0
psutil>=1.1.1,<2.0.0
coverage>=3.6 coverage>=3.6
mock>=1.2 mock>=1.2
flake8>=2.2.4,<=2.4.1 flake8>=2.2.4,<=2.4.1
os-testr>=0.4.1 os-testr>=0.4.1
charm-tools>=2.0.0 charm-tools>=2.0.0
requests==2.6.0 requests==2.6.0
bzr+lp:charm-helpers#egg=charmhelpers
# BEGIN: Amulet OpenStack Charm Helper Requirements # BEGIN: Amulet OpenStack Charm Helper Requirements
# Liberty client lower constraints # Liberty client lower constraints
amulet>=1.14.3,<2.0 amulet>=1.14.3,<2.0
bundletester>=0.6.1,<1.0 bundletester>=0.6.1,<1.0
python-ceilometerclient>=1.5.0,<2.0 python-ceilometerclient>=1.5.0
python-cinderclient>=1.4.0,<2.0 python-cinderclient>=1.4.0
python-glanceclient>=1.1.0,<2.0 python-glanceclient>=1.1.0
python-heatclient>=0.8.0,<1.0 python-heatclient>=0.8.0
python-keystoneclient>=1.7.1,<2.0 python-keystoneclient>=1.7.1
python-neutronclient>=3.1.0,<4.0 python-neutronclient>=3.1.0
python-novaclient>=2.30.1,<3.0 python-novaclient>=2.30.1
python-openstackclient>=1.7.0,<2.0 python-openstackclient>=1.7.0
python-swiftclient>=2.6.0,<3.0 python-swiftclient>=2.6.0
pika>=0.10.0,<1.0 pika>=0.10.0,<1.0
distro-info distro-info
# END: Amulet OpenStack Charm Helper Requirements # END: Amulet OpenStack Charm Helper Requirements
#git+https://git.launchpad.net/juju-wait#egg=juju_wait # NOTE: workaround for 14.04 pip/tox
juju-wait pytz

35
tests/basic_deployment.py
View File

@ -13,10 +13,11 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
import os
import subprocess
import amulet import amulet
import juju_wait import juju_wait
import os
import subprocess
import yaml
from charmhelpers.contrib.openstack.amulet.deployment import ( from charmhelpers.contrib.openstack.amulet.deployment import (
OpenStackAmuletDeployment OpenStackAmuletDeployment
@ -72,6 +73,11 @@ class NovaBasicDeployment(OpenStackAmuletDeployment):
self._initialize_tests() self._initialize_tests()
def _get_status(self):
get_status_cmd = ['juju', 'status', '--format', 'yaml']
self.status = yaml.load(subprocess.check_output(get_status_cmd))
return self.status
def _pre_deploy_remote_compute(self): def _pre_deploy_remote_compute(self):
"""Add a simulated remote machine ahead of the actual deployment. """Add a simulated remote machine ahead of the actual deployment.
This is done outside of Amulet because Amulet only supports one This is done outside of Amulet because Amulet only supports one
@ -88,18 +94,25 @@ class NovaBasicDeployment(OpenStackAmuletDeployment):
if not compute_deployed: if not compute_deployed:
u.log.debug('Pre-deploying a simulated remote-compute unit') u.log.debug('Pre-deploying a simulated remote-compute unit')
cmd = ['juju', 'deploy', 'ubuntu', 'remote-compute'] cmd = ['juju', 'deploy', 'cs:ubuntu', 'remote-compute']
subprocess.check_call(cmd) subprocess.check_call(cmd)
u.log.debug('Using juju_wait to wait for remote-compute deployment') u.log.debug('Using juju_wait to wait for remote-compute '
'deployment')
juju_wait.wait(max_wait=900) juju_wait.wait(max_wait=900)
self.remote_compute = (self._get_status()['applications']
['remote-compute']['units'].keys()[0])
u.log.debug('Simulated remote compute: '
'{}'.format(self.remote_compute))
# Discover IP address of remote-compute unit # Discover IP address of remote-compute unit
cmd = ['juju', 'run', '--service', cmd = ['juju', 'run', '--application',
'remote-compute', 'unit-get public-address'] 'remote-compute', 'unit-get public-address']
self.compute_addr = \ self.compute_addr = (
subprocess.check_output(cmd).decode('UTF-8').strip() subprocess.check_output(cmd).decode('UTF-8').strip())
u.log.debug('Simulated remote compute address: ' u.log.debug('Simulated remote compute address: '
'{}'.format(self.compute_addr)) '{}'.format(self.compute_addr))
@ -134,21 +147,21 @@ class NovaBasicDeployment(OpenStackAmuletDeployment):
auth_file = os.path.join(os.sep, 'home', 'ubuntu', auth_file = os.path.join(os.sep, 'home', 'ubuntu',
'.ssh', 'authorized_keys') '.ssh', 'authorized_keys')
cmd = ['juju', 'scp', src_file, cmd = ['juju', 'scp', src_file,
'ubuntu@{}:{}'.format(self.compute_addr, dst_file)] '{}:{}'.format(self.remote_compute, dst_file)]
subprocess.check_call(cmd) subprocess.check_call(cmd)
u.log.debug('Adding pub key to authorized_hosts on the simulated ' u.log.debug('Adding pub key to authorized_hosts on the simulated '
'remote-compute host') 'remote-compute host')
cmd = ['juju', 'ssh', 'ubuntu@{}'.format(self.compute_addr), cmd = ['juju', 'ssh', '{}'.format(self.remote_compute),
'cat {} >> {}'.format(dst_file, auth_file)] 'cat {} >> {}'.format(dst_file, auth_file)]
subprocess.check_call(cmd) subprocess.check_call(cmd)
u.log.debug('Installing and enabling yum on remote compute host') u.log.debug('Installing and enabling yum on remote compute host')
cmd = ['juju', 'ssh', 'ubuntu@{}'.format(self.compute_addr), cmd = ['juju', 'ssh', '{}'.format(self.remote_compute),
'sudo apt-get install yum yum-utils -y'] 'sudo apt-get install yum yum-utils -y']
subprocess.check_call(cmd) subprocess.check_call(cmd)
cmd = ['juju', 'ssh', 'ubuntu@{}'.format(self.compute_addr), cmd = ['juju', 'ssh', '{}'.format(self.remote_compute),
'sudo yum-config-manager --enable'] 'sudo yum-config-manager --enable']
subprocess.check_call(cmd) subprocess.check_call(cmd)

0
tests/gate-basic-zesty-ocata Normal file → Executable file
View File

8
tox.ini
View File

@ -14,11 +14,15 @@ install_command =
pip install --allow-unverified python-apt {opts} {packages} pip install --allow-unverified python-apt {opts} {packages}
commands = ostestr {posargs} commands = ostestr {posargs}
whitelist_externals = juju whitelist_externals = juju
passenv = HOME TERM AMULET_* passenv = HOME TERM AMULET_* CS_API_*
[testenv:py27] [testenv:py27]
basepython = python2.7 basepython = python2.7
whitelist_externals = echo deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
[testenv:py35]
basepython = python3.5
deps = -r{toxinidir}/requirements.txt deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt -r{toxinidir}/test-requirements.txt