Setup CA when >= queens
When >= queens ceilometer uses the identity-credentials relation rather than the identity-service relation. When using HTTPS ceilometer still needs the CA certificate from keystone. This change sets up the CA when using the identity-credentials relation. Please merge https://github.com/juju/charm-helpers/pull/124 first. Change-Id: I7c6ca1d913ad8b8123685a064933031f322869df
This commit is contained in:
parent
b12ccd189a
commit
efb951b682
|
@ -65,7 +65,8 @@ def get_ca_cert():
|
||||||
if ca_cert is None:
|
if ca_cert is None:
|
||||||
log("Inspecting identity-service relations for CA SSL certificate.",
|
log("Inspecting identity-service relations for CA SSL certificate.",
|
||||||
level=INFO)
|
level=INFO)
|
||||||
for r_id in relation_ids('identity-service'):
|
for r_id in (relation_ids('identity-service') +
|
||||||
|
relation_ids('identity-credentials')):
|
||||||
for unit in relation_list(r_id):
|
for unit in relation_list(r_id):
|
||||||
if ca_cert is None:
|
if ca_cert is None:
|
||||||
ca_cert = relation_get('ca_cert',
|
ca_cert = relation_get('ca_cert',
|
||||||
|
|
|
@ -55,6 +55,9 @@ from charmhelpers.contrib.openstack.utils import (
|
||||||
from charmhelpers.contrib.openstack.ha.utils import (
|
from charmhelpers.contrib.openstack.ha.utils import (
|
||||||
update_dns_ha_resource_params,
|
update_dns_ha_resource_params,
|
||||||
)
|
)
|
||||||
|
from ceilometer_utils import (
|
||||||
|
ApacheSSLContext,
|
||||||
|
)
|
||||||
from ceilometer_utils import (
|
from ceilometer_utils import (
|
||||||
disable_package_apache_site,
|
disable_package_apache_site,
|
||||||
get_packages,
|
get_packages,
|
||||||
|
@ -184,6 +187,8 @@ def configure_https():
|
||||||
cmp_codename = CompareOpenStackReleases(
|
cmp_codename = CompareOpenStackReleases(
|
||||||
get_os_codename_install_source(config('openstack-origin')))
|
get_os_codename_install_source(config('openstack-origin')))
|
||||||
if cmp_codename >= 'queens':
|
if cmp_codename >= 'queens':
|
||||||
|
ssl = ApacheSSLContext()
|
||||||
|
ssl.configure_ca()
|
||||||
return
|
return
|
||||||
CONFIGS.write_all()
|
CONFIGS.write_all()
|
||||||
if 'https' in CONFIGS.complete_contexts():
|
if 'https' in CONFIGS.complete_contexts():
|
||||||
|
|
Loading…
Reference in New Issue