The related bug indicated that the Fernet keys could get out of sync
between the leader and non-leader units. This patchset assumes that
hooks fail, or that units are off-line when the rotation occurs. Thus
it tries hard to ensure that the keys are in sync. It still uses juju
to 'send' the keys from the leader to the subordinate units, so in that
sense, it is not a fix to the related bug, but it does make it more
robust.
Change-Id: Id40a3ccbe565bd742e3fdbd5190deb6b21204a82
Related-Bug: #1849519
Major changes:
* decoupling the hooks/manager.py file from the charm. It is now a
script that is called from hooks/keystone_utils.py as it has to use
the same Python version/libraries as the installed keystone payload
software. keystone_utils.py and manager.py communicate via a Unix
Domain Socket using json, encoded to base64.
* As Python3 requires absolute imports, the charmhelpers symlink has
been removed from hooks, and the hooks and charmhelpers symlinks have
been removed from the actions directory. Instead, the path is
adjusted so that the modules can be found.
Change-Id: I18996e15d2d08b1dacf0533132eae880cbb9aa32
This patchset adds more Fernet token implementation:
1. Adds a cron job to rotate / sync keys to other units.
2. Adds additional tests around gating on config.
3. Adds rotation / syncing with more robust key handling.
Change-Id: Ied021ad83c241f241dbb5f9acdede9045e43a8a3
Alex Kavanagh