Merge ssl-everywhere
This commit is contained in:
commit
c13404061e
16
config.yaml
16
config.yaml
|
@ -40,3 +40,19 @@ options:
|
|||
description: |
|
||||
By default, all services will log into their corresponding log files.
|
||||
Setting this to True will force all services to log to the syslog.
|
||||
ssl_cert:
|
||||
type: string
|
||||
description: |
|
||||
SSL certificate to install and use for API ports. Setting this value
|
||||
and ssl_key will enable reverse proxying, point Ceilometer's entry in the
|
||||
Keystone catalog to use https, and override any certficiate and key
|
||||
issued by Keystone (if it is configured to do so).
|
||||
ssl_key:
|
||||
type: string
|
||||
description: SSL key to use with certificate specified as ssl_cert.
|
||||
ssl_ca:
|
||||
type: string
|
||||
description: |
|
||||
SSL CA to use with the certificate and key provided - this is only
|
||||
required if you are providing a privately signed ssl_cert and ssl_key.
|
||||
|
||||
|
|
|
@ -9,7 +9,8 @@ from charmhelpers.core.hookenv import (
|
|||
|
||||
from charmhelpers.contrib.openstack.context import (
|
||||
OSContextGenerator,
|
||||
context_complete
|
||||
context_complete,
|
||||
ApacheSSLContext as SSLContext,
|
||||
)
|
||||
|
||||
CEILOMETER_DB = 'ceilometer'
|
||||
|
@ -72,3 +73,10 @@ class CeilometerServiceContext(OSContextGenerator):
|
|||
if context_complete(conf):
|
||||
return conf
|
||||
return {}
|
||||
|
||||
|
||||
class ApacheSSLContext(SSLContext):
|
||||
|
||||
service_namespace = "ceilometer"
|
||||
|
||||
external_ports = [CEILOMETER_PORT+100]
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import base64
|
||||
import sys
|
||||
from charmhelpers.fetch import (
|
||||
apt_install, filter_installed_packages,
|
||||
|
@ -110,6 +111,11 @@ def keystone_joined():
|
|||
def ceilometer_joined():
|
||||
# Pass local context data onto related agent services
|
||||
context = get_ceilometer_context()
|
||||
# This value gets tranformed to a path by the context we need to
|
||||
# pass the data to agents.
|
||||
if 'rabbit_ssl_ca' in context:
|
||||
with open(context['rabbit_ssl_ca']) as fh:
|
||||
context['rabbit_ssl_ca'] = base64.b64encode(fh.read())
|
||||
for relid in relation_ids('ceilometer-service'):
|
||||
relation_set(relid, context)
|
||||
|
||||
|
|
|
@ -1,11 +1,16 @@
|
|||
import os
|
||||
|
||||
from collections import OrderedDict
|
||||
|
||||
from charmhelpers.contrib.openstack import (
|
||||
templating,
|
||||
context,
|
||||
)
|
||||
from ceilometer_contexts import (
|
||||
ApacheSSLContext,
|
||||
LoggingConfigContext,
|
||||
MongoDBContext,
|
||||
CeilometerContext
|
||||
CeilometerContext,
|
||||
)
|
||||
from charmhelpers.contrib.openstack.utils import (
|
||||
get_os_codename_package,
|
||||
|
@ -15,7 +20,11 @@ from charmhelpers.contrib.openstack.utils import (
|
|||
from charmhelpers.core.hookenv import config, log
|
||||
from charmhelpers.fetch import apt_update, apt_install
|
||||
|
||||
CEILOMETER_CONF = "/etc/ceilometer/ceilometer.conf"
|
||||
CEILOMETER_CONF_DIR = "/etc/ceilometer"
|
||||
CEILOMETER_CONF = "%s/ceilometer.conf" % CEILOMETER_CONF_DIR
|
||||
HTTPS_APACHE_CONF = "/etc/apache2/sites-available/openstack_https_frontend"
|
||||
HTTPS_APACHE_24_CONF = "/etc/apache2/sites-available/" \
|
||||
"openstack_https_frontend.conf"
|
||||
|
||||
CEILOMETER_SERVICES = [
|
||||
'ceilometer-agent-central',
|
||||
|
@ -27,11 +36,13 @@ CEILOMETER_DB = "ceilometer"
|
|||
CEILOMETER_SERVICE = "ceilometer"
|
||||
|
||||
CEILOMETER_PACKAGES = [
|
||||
'apache2',
|
||||
'ceilometer-agent-central',
|
||||
'ceilometer-collector',
|
||||
'ceilometer-api'
|
||||
]
|
||||
|
||||
|
||||
CEILOMETER_ROLE = "ResellerAdmin"
|
||||
|
||||
#NOVA_CONF = "/etc/nova/nova.conf"
|
||||
|
@ -41,17 +52,26 @@ CEILOMETER_ROLE = "ResellerAdmin"
|
|||
# ('DEFAULT', 'notification_driver', 'ceilometer.compute.nova_notifier')
|
||||
#]
|
||||
|
||||
CONFIG_FILES = {
|
||||
CEILOMETER_CONF: {
|
||||
|
||||
CONFIG_FILES = OrderedDict([
|
||||
(CEILOMETER_CONF, {
|
||||
'hook_contexts': [context.IdentityServiceContext(),
|
||||
context.AMQPContext(),
|
||||
context.AMQPContext(ssl_dir=CEILOMETER_CONF_DIR),
|
||||
LoggingConfigContext(),
|
||||
MongoDBContext(),
|
||||
CeilometerContext(),
|
||||
context.SyslogContext()],
|
||||
'services': CEILOMETER_SERVICES
|
||||
}
|
||||
}
|
||||
}),
|
||||
(HTTPS_APACHE_CONF, {
|
||||
'hook_contexts': [ApacheSSLContext()],
|
||||
'services': ['apache2'],
|
||||
}),
|
||||
(HTTPS_APACHE_24_CONF, {
|
||||
'hook_contexts': [ApacheSSLContext()],
|
||||
'services': ['apache2'],
|
||||
})
|
||||
])
|
||||
|
||||
TEMPLATES = 'templates'
|
||||
|
||||
|
@ -73,6 +93,12 @@ def register_configs():
|
|||
for conf in CONFIG_FILES:
|
||||
configs.register(conf, CONFIG_FILES[conf]['hook_contexts'])
|
||||
|
||||
if os.path.exists('/etc/apache2/conf-available'):
|
||||
configs.register(HTTPS_APACHE_24_CONF,
|
||||
CONFIG_FILES[HTTPS_APACHE_24_CONF]['hook_contexts'])
|
||||
else:
|
||||
configs.register(HTTPS_APACHE_CONF,
|
||||
CONFIG_FILES[HTTPS_APACHE_CONF]['hook_contexts'])
|
||||
return configs
|
||||
|
||||
|
||||
|
|
|
@ -7,6 +7,8 @@
|
|||
[DEFAULT]
|
||||
debug = {{ debug }}
|
||||
verbose = {{ verbose }}
|
||||
use_syslog = {{ use_syslog }}
|
||||
|
||||
{% if rabbitmq_host or rabbitmq_hosts -%}
|
||||
{% if rabbitmq_hosts -%}
|
||||
rabbit_hosts = {{ rabbitmq_hosts }}
|
||||
|
@ -20,8 +22,14 @@ rabbit_host = {{ rabbitmq_host }}
|
|||
rabbit_userid = {{ rabbitmq_user }}
|
||||
rabbit_password = {{ rabbitmq_password }}
|
||||
rabbit_virtual_host = {{ rabbitmq_virtual_host }}
|
||||
{% endif -%}
|
||||
use_syslog = {{ use_syslog }}
|
||||
{% if rabbit_ssl_port %}
|
||||
rabbit_use_ssl=True
|
||||
rabbit_port={{ rabbit_ssl_port }}
|
||||
{% if rabbit_ssl_ca %}
|
||||
kombu_ssl_ca_certs={{rabbit_ssl_ca}}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
|
||||
[api]
|
||||
port = {{ port }}
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
{% if endpoints %}
|
||||
{% for ext, int in endpoints %}
|
||||
Listen {{ ext }}
|
||||
NameVirtualHost *:{{ ext }}
|
||||
<VirtualHost *:{{ ext }}>
|
||||
ServerName {{ private_address }}
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/apache2/ssl/{{ namespace }}/cert
|
||||
SSLCertificateKeyFile /etc/apache2/ssl/{{ namespace }}/key
|
||||
ProxyPass / http://localhost:{{ int }}/
|
||||
ProxyPassReverse / http://localhost:{{ int }}/
|
||||
ProxyPreserveHost on
|
||||
</VirtualHost>
|
||||
<Proxy *>
|
||||
Order deny,allow
|
||||
Allow from all
|
||||
</Proxy>
|
||||
<Location />
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Location>
|
||||
{% endfor %}
|
||||
{% endif %}
|
|
@ -0,0 +1 @@
|
|||
openstack_https_frontend
|
|
@ -38,14 +38,22 @@ class CeilometerUtilsTest(CharmTestCase):
|
|||
|
||||
def test_restart_map(self):
|
||||
restart_map = utils.restart_map()
|
||||
self.assertEquals(restart_map,
|
||||
{'/etc/ceilometer/ceilometer.conf': [
|
||||
'ceilometer-agent-central',
|
||||
'ceilometer-collector',
|
||||
'ceilometer-api']})
|
||||
self.assertEquals(
|
||||
restart_map,
|
||||
{'/etc/ceilometer/ceilometer.conf': [
|
||||
'ceilometer-agent-central',
|
||||
'ceilometer-collector',
|
||||
'ceilometer-api'],
|
||||
"/etc/apache2/sites-available/openstack_https_frontend": [
|
||||
'apache2'],
|
||||
"/etc/apache2/sites-available/openstack_https_frontend.conf": [
|
||||
'apache2']
|
||||
}
|
||||
)
|
||||
|
||||
def test_get_ceilometer_conf(self):
|
||||
class TestContext():
|
||||
|
||||
def __call__(self):
|
||||
return {'data': 'test'}
|
||||
with patch.dict(utils.CONFIG_FILES,
|
||||
|
|
Loading…
Reference in New Issue