Setup CA when >= queens

When >= queens ceilometer uses the identity-credentials relation rather than the identity-service relation. When using HTTPS ceilometer still needs the CA certificate from keystone. This change sets up the CA when using the identity-credentials relation. Please merge https://github.com/juju/charm-helpers/pull/124 first. Change-Id: I7c6ca1d913ad8b8123685a064933031f322869df
2018-03-06 11:01:02 +00:00 · 2018-03-06 11:01:02 +00:00 · efb951b682
parent b12ccd189a
commit efb951b682
2 changed files with 7 additions and 1 deletions
--- a/charmhelpers/contrib/hahelpers/apache.py
+++ b/charmhelpers/contrib/hahelpers/apache.py
@ -65,7 +65,8 @@ def get_ca_cert():
    if ca_cert is None:
        log("Inspecting identity-service relations for CA SSL certificate.",
            level=INFO)
-        for r_id in relation_ids('identity-service'):
+        for r_id in (relation_ids('identity-service') +
+                     relation_ids('identity-credentials')):
            for unit in relation_list(r_id):
                if ca_cert is None:
                    ca_cert = relation_get('ca_cert',
--- a/hooks/ceilometer_hooks.py
+++ b/hooks/ceilometer_hooks.py
@ -55,6 +55,9 @@ from charmhelpers.contrib.openstack.utils import (
 from charmhelpers.contrib.openstack.ha.utils import (
    update_dns_ha_resource_params,
 )
+from ceilometer_utils import (
+    ApacheSSLContext,
+)
 from ceilometer_utils import (
    disable_package_apache_site,
    get_packages,
@ -184,6 +187,8 @@ def configure_https():
    cmp_codename = CompareOpenStackReleases(
        get_os_codename_install_source(config('openstack-origin')))
    if cmp_codename >= 'queens':
+        ssl = ApacheSSLContext()
+        ssl.configure_ca()
        return
    CONFIGS.write_all()
    if 'https' in CONFIGS.complete_contexts():