These updates, on the master branch, are to support testing the caracal
packages and support of the charms for caracal. They do NOT lock the charms
down, and don't change the testing branches to stable branches.
Change-Id: If3fd48454e7959fdd6e2e1708b80a97c76576063
Bug LP 1863232 introduced a new Apache configuration option called
WSGISocketRotation which allows users to disable wsgi socket
rotation. This patch makes this configurable with a new
wsgi-socket-rotation config option that defaults to the Apache
default and can optionally be set to False.
Closes-Bug: #2021550
Change-Id: Ia5852c3ebe84bd0355670f262cbe5e1cd433a08d
This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix
any inadvertant accesses of ['ca'] in the relation data before it is available
from vault in the certificates relation. Fix in charmhelpers is in [1].
[1] https://github.com/juju/charm-helpers/pull/824
Closes-Bug: #2028683
Change-Id: I3117e17bc89254031ac244842d868ed1ed5af9ba
The package-upgrade action performs package upgrades for the current
OpenStack release.
The code path used is similar to the openstack-upgrade action, with the
difference being that package-upgrade will not execute if an openstack
upgrade is available (based on the openstack-origin setting).
This change includes a charm-helpers sync.
Change-Id: Ifd99ea307a6e4d1d034d7c1e494e2cd8abd894e9
Sync charmhelpers to pull in fix to https() so it returns false
if there is a pending certificate request
Change-Id: I6e79570070fb3b6aa85485bbb40a820cb352c68e
Closes-Bug: #2015103
* sync charm-helpers to classic charms
* change openstack-origin/source default to zed
* align testing with zed
* add new zed bundles
* add zed bundles to tests.yaml
* add zed tests to osci.yaml and .zuul.yaml
* update build-on and run-on bases
* add bindep.txt for py310
* sync tox.ini and requirements.txt for ruamel
* use charmcraft_channel 2.0/stable
* drop reactive plugin overrides
* move interface/layer env vars to charmcraft.yaml
Change-Id: Idf4a6cd1e0888576f890b00aa5b343936900d6dd
Validates if the provided vip address(es) are in the subnet that the unit is in. If not, shows the message with invalid vips along with 'blocked' status.
Closes-Bug: #1958178
Change-Id: I6bb3e21f3934d6d2483564fba9216504a62d15dc
- add non-voting focal-xena bundle
- add non-voting impish-xena bundle
- charm-helpers sync for new charm-helpers changes
- update tox/pip.sh to ensure setuptools<50.0.0
- Note that this depends on I7f17acb4cc4a83fc15655bf6e15c8ff3b3fe92ff
to be able to land this as glance needs xena support to run in this
charms functional tests.
Change-Id: Ieaed39e06a7454f71b1422c46c4fccd72fbe04af
The 'hirsute' key in c-h/core/host_factory/ubuntu.py:
UBUNTU_RELEASES had been missed out, and is needed for
hirsute support in many of the charms. This sync is to
add just that key. See also [1]
Note that this sync is only for classic charms.
[1] https://github.com/juju/charm-helpers/pull/598
Change-Id: I448a2a01152e733068ddb3a2d9ccca6cf8ba780e
* charm-helpers sync for classic charms
* build.lock file for reactive charms
* ensure tox.ini is from release-tools
* ensure requirements.txt files are from release-tools
* On reactive charms:
- ensure stable/21.04 branch for charms.openstack
- ensure stable/21.04 branch for charm-helpers
Change-Id: Ie9e790547d9ec532677a6d94b0379798e2f09528
For principal - subordinate plugin type relations where the
principal Python payload imports code from packages managed by a
subordinate, upgrades can be problematic.
This change will allow a subordinate charm that have opted into the
feature to inform its principal about all implemented release -
packages combinations ahead of time. With this information in place
the principal can do the upgrade in one operation without risk of
charm relation RPC type processing at a critical moment.
Also sync c-h.
Closes-Bug: #1806111
Change-Id: I95567d5d047eb64842436e671b74a633e6f509f4
Includes updates to charmhelpers/charms.openstack for cert_utils
and unit-get for the install hook error on Juju 2.9
* charm-helpers sync for classic charms
* rebuild for reactive charms
* ensure tox.ini is from release-tools
* ensure requirements.txt files are from release-tools
* On reactive charms:
- ensure master branch for charms.openstack
- ensure master branch for charm-helpers
* Fixes to unit tests due to removal of unit_get from context.
Change-Id: I83f12c9e010468be34637056e645f2bfc732f2df
* charm-helpers sync for classic charms
* charms.ceph sync for ceph charms
* rebuild for reactive charms
* sync tox.ini files as needed
* sync requirements.txt files to sync to standard
Change-Id: I04b35ca8ba26c04d30a9d017b56cc700365c66a5
Sharing the admin password with peers over the 'cluster' relation
was needed in case the leader would die and the next leader would
then need that information. This was implemented years ago when
the leader DB didn't exist.
This led to a race condition described in the mentioned bug and
can now be safely removed.
Validated by deploying several keystone and glance units, then
removing the keystone leader, then adding a glance unit and
checking that this new unit gets its service credentials.
Also added useful traces, made linter happy and increased fernet
token expiration to avoid spurious test failures.
Closes-Bug: #1818113
Change-Id: I004903e50f51e190467d71691982de26518d7149
The checks that keystone was performing before emitting identity
data were applicable to any Openstack api charm so the check
definitions have been moved to charmhelpers so other charms can
use them. The checks as they were are encapsulated in
`check_api_unit_ready` *1
Bug 1818113 was caused by keystone emitting identity data
as soon as the leader was ready but ignoring the state of the
peer units. This is now covered by a new check
`check_api_application_ready` which performs all the local
unit checks and then checks that all peers have reported
as ready too.
In addition `check_api_unit_ready` is now used when
setting the units workload status and `check_api_application_ready`
is used when setting the application workload status.
*1 https://github.com/juju/charm-helpers/blob/master/charmhelpers/contrib/openstack/utils.py#L2289
*2 https://github.com/juju/charm-helpers/blob/master/charmhelpers/contrib/openstack/utils.py#L2330
Change-Id: I99830ab2c2482e8beef174424820907ce96fd5d7
Closes-Bug: #1818113
Switch to using get_managed_services_and_ports from charmhelpers.
Charmhelper sync included to bring in required
get_managed_services_and_ports method.
Change-Id: Ib2b1f3dead1dbb613591bdf3903ed56e8c14f45c
This patchset implements policy overrides for keystone. It uses the
code in charmhelpers.
Closed-Bug: #1741723
Change-Id: I187f4493392178d87ef7dbd67de841bbeae0c65d
When ``certificates-relation-changed`` hook is called before the
certificate data is present on the relation do not attempt to
configure apache.
Change-Id: If915451d4b0846023355edcf3a49f643e12c7522
Closes-Bug: #1822952
The latest audit updates allow Keystone to pass the
file-ownership and file-permissions audits.
Change-Id: Ib274ba7fcf8c4a299cda3509cc87a10bff990142
Func-Test-PR: https://github.com/openstack-charmers/zaza/pull/204
This charm adds the general ownership audits, as well
as keystone specific security checklist audits.
Change-Id: Iee093b36c54081f14a07c95e677ea08c72d72ca4
Using the new version of the sync tool which removes the charmhelpers
directory before syncing, run charm helpers sync to find any unexpected
missing dependencies.
Change-Id: I3ba0142a09966c3cf61bec547668db6d357a916e
Use the generate_ha_relation_data helper from charmhelpers to
generate the data to send down the relation to the hacluster
charm.
This results in a few changes in behaviour:
1) The charm will no longer specify a nic name to bind the vip. This
is because Pacemaker VIP resources are able to automatically
detect and configure correct iface and netmask parameters based
on local configuration of the unit.
2) The original iface named VIP resource will be stopped and deleted
prior to the creation of the new short hash named VIP resource.
Change-Id: I906e96ad8cbcf2ca2d1cdbfd091070c21427214c
Switch package install to Python 3 for OpenStack Rocky or later.
When upgrading, remove any python-* packages that were explicitly
installated and then autoremove --purge any dependencies that are
no longer required.
Also drop the python2 shebang from hooks/manager.py in favor of
specifying the interpreter on the subprocess call. The python
interpreter version must match the python version of the OpenStack
payload due to the keystoneclient library imports.
Depends-On: I18996e15d2d08b1dacf0533132eae880cbb9aa32
Change-Id: If973ebc2be3b32ee3ff2122b5874dad96cda9fec
At present the Keystone charm frequently initiates updates to its
relations before it has reached a stable state.
Make use information from ``juju goal-state`` to predict scale and gate
initial update of relations on having reached expected scale.
Depends-On: https://github.com/juju/charm-helpers/pull/226
Change-Id: I96d4aff7c4ec9fb9ea160c7e294581bab3103df8
Add a tactical change which is already merged into charm-helpers.
This needs to go into all charms to solve the chicken:egg issue
where cosmic is untestable until this change exists.
Reference:
4835c6c167
Change-Id: If4c1f27b7e5da8dbd8352aed629e9b483f67d8c1