Updates for testing period for 20.01 release
Includes updates to charmhelpers/charms.openstack for cert_utils and unit-get for the install hook error on Juju 2.9 * charm-helpers sync for classic charms * rebuild for reactive charms * ensure tox.ini is from release-tools * ensure requirements.txt files are from release-tools * On reactive charms: - ensure master branch for charms.openstack - ensure master branch for charm-helpers * Include fix for local_address() Change-Id: Ie7d5df9d44f687303898d2568205285e645a6fcd
This commit is contained in:
parent
7f7f387483
commit
bd40cf2d9a
|
@ -30,7 +30,6 @@ from charmhelpers.core.hookenv import (
|
|||
relation_get,
|
||||
relation_ids,
|
||||
remote_service_name,
|
||||
unit_get,
|
||||
NoNetworkBinding,
|
||||
log,
|
||||
WARNING,
|
||||
|
@ -41,6 +40,7 @@ from charmhelpers.contrib.openstack.ip import (
|
|||
get_vip_in_network,
|
||||
ADDRESS_MAP,
|
||||
get_default_api_bindings,
|
||||
local_address,
|
||||
)
|
||||
from charmhelpers.contrib.network.ip import (
|
||||
get_relation_ip,
|
||||
|
@ -81,7 +81,7 @@ class CertRequest(object):
|
|||
|
||||
def add_hostname_cn(self):
|
||||
"""Add a request for the hostname of the machine"""
|
||||
ip = unit_get('private-address')
|
||||
ip = local_address(unit_get_fallback='private-address')
|
||||
addresses = [ip]
|
||||
# If a vip is being used without os-hostname config or
|
||||
# network spaces then we need to ensure the local units
|
||||
|
@ -134,38 +134,46 @@ def get_certificate_request(json_encode=True, bindings=None):
|
|||
"""
|
||||
if bindings:
|
||||
# Add default API bindings to bindings list
|
||||
bindings = set(bindings + get_default_api_bindings())
|
||||
bindings = list(bindings + get_default_api_bindings())
|
||||
else:
|
||||
# Use default API bindings
|
||||
bindings = get_default_api_bindings()
|
||||
req = CertRequest(json_encode=json_encode)
|
||||
req.add_hostname_cn()
|
||||
# Add os-hostname entries
|
||||
_sans = get_certificate_sans()
|
||||
_sans = get_certificate_sans(bindings=bindings)
|
||||
|
||||
# Handle specific hostnames per binding
|
||||
for binding in bindings:
|
||||
hostname_override = config(ADDRESS_MAP[binding]['override'])
|
||||
try:
|
||||
net_addr = resolve_address(endpoint_type=binding)
|
||||
ip = network_get_primary_address(
|
||||
ADDRESS_MAP[binding]['binding'])
|
||||
hostname_override = config(ADDRESS_MAP[binding]['override'])
|
||||
except KeyError:
|
||||
hostname_override = None
|
||||
try:
|
||||
try:
|
||||
net_addr = resolve_address(endpoint_type=binding)
|
||||
except KeyError:
|
||||
net_addr = None
|
||||
ip = network_get_primary_address(binding)
|
||||
addresses = [net_addr, ip]
|
||||
vip = get_vip_in_network(resolve_network_cidr(ip))
|
||||
if vip:
|
||||
addresses.append(vip)
|
||||
|
||||
# Clear any Nones or duplicates
|
||||
addresses = list(set([i for i in addresses if i]))
|
||||
# Add hostname certificate request
|
||||
if hostname_override:
|
||||
req.add_entry(
|
||||
binding,
|
||||
hostname_override,
|
||||
addresses)
|
||||
# Remove hostname specific addresses from _sans
|
||||
for addr in addresses:
|
||||
try:
|
||||
_sans.remove(addr)
|
||||
except (ValueError, KeyError):
|
||||
pass
|
||||
# Remove hostname specific addresses from _sans
|
||||
for addr in addresses:
|
||||
try:
|
||||
_sans.remove(addr)
|
||||
except (ValueError, KeyError):
|
||||
pass
|
||||
|
||||
except NoNetworkBinding:
|
||||
log("Skipping request for certificate for ip in {} space, no "
|
||||
|
@ -179,11 +187,17 @@ def get_certificate_request(json_encode=True, bindings=None):
|
|||
|
||||
def get_certificate_sans(bindings=None):
|
||||
"""Get all possible IP addresses for certificate SANs.
|
||||
|
||||
:param bindings: List of bindings to check in addition to default api
|
||||
bindings.
|
||||
:type bindings: list of strings
|
||||
:returns: List of binding string names
|
||||
:rtype: List[str]
|
||||
"""
|
||||
_sans = [unit_get('private-address')]
|
||||
_sans = [local_address(unit_get_fallback='private-address')]
|
||||
if bindings:
|
||||
# Add default API bindings to bindings list
|
||||
bindings = set(bindings + get_default_api_bindings())
|
||||
bindings = list(bindings + get_default_api_bindings())
|
||||
else:
|
||||
# Use default API bindings
|
||||
bindings = get_default_api_bindings()
|
||||
|
@ -197,25 +211,39 @@ def get_certificate_sans(bindings=None):
|
|||
net_config = None
|
||||
# Using resolve_address is likely redundant. Keeping it here in
|
||||
# case there is an edge case it handles.
|
||||
net_addr = resolve_address(endpoint_type=binding)
|
||||
try:
|
||||
net_addr = resolve_address(endpoint_type=binding)
|
||||
except KeyError:
|
||||
net_addr = None
|
||||
ip = get_relation_ip(binding, cidr_network=net_config)
|
||||
_sans = _sans + [net_addr, ip]
|
||||
vip = get_vip_in_network(resolve_network_cidr(ip))
|
||||
if vip:
|
||||
_sans.append(vip)
|
||||
return set(_sans)
|
||||
# Clear any Nones and duplicates
|
||||
return list(set([i for i in _sans if i]))
|
||||
|
||||
|
||||
def create_ip_cert_links(ssl_dir, custom_hostname_link=None):
|
||||
def create_ip_cert_links(ssl_dir, custom_hostname_link=None, bindings=None):
|
||||
"""Create symlinks for SAN records
|
||||
|
||||
:param ssl_dir: str Directory to create symlinks in
|
||||
:param custom_hostname_link: str Additional link to be created
|
||||
:param bindings: List of bindings to check in addition to default api
|
||||
bindings.
|
||||
:type bindings: list of strings
|
||||
"""
|
||||
|
||||
if bindings:
|
||||
# Add default API bindings to bindings list
|
||||
bindings = list(bindings + get_default_api_bindings())
|
||||
else:
|
||||
# Use default API bindings
|
||||
bindings = get_default_api_bindings()
|
||||
|
||||
# This includes the hostname cert and any specific bindng certs:
|
||||
# admin, internal, public
|
||||
req = get_certificate_request(json_encode=False)["cert_requests"]
|
||||
req = get_certificate_request(json_encode=False, bindings=bindings)["cert_requests"]
|
||||
# Specific certs
|
||||
for cert_req in req.keys():
|
||||
requested_cert = os.path.join(
|
||||
|
@ -232,7 +260,7 @@ def create_ip_cert_links(ssl_dir, custom_hostname_link=None):
|
|||
os.symlink(requested_key, key)
|
||||
|
||||
# Handle custom hostnames
|
||||
hostname = get_hostname(unit_get('private-address'))
|
||||
hostname = get_hostname(local_address(unit_get_fallback='private-address'))
|
||||
hostname_cert = os.path.join(
|
||||
ssl_dir,
|
||||
'cert_{}'.format(hostname))
|
||||
|
@ -306,7 +334,8 @@ def _manage_ca_certs(ca, cert_relation_id):
|
|||
|
||||
|
||||
def process_certificates(service_name, relation_id, unit,
|
||||
custom_hostname_link=None, user='root', group='root'):
|
||||
custom_hostname_link=None, user='root', group='root',
|
||||
bindings=None):
|
||||
"""Process the certificates supplied down the relation
|
||||
|
||||
:param service_name: str Name of service the certifcates are for.
|
||||
|
@ -317,9 +346,19 @@ def process_certificates(service_name, relation_id, unit,
|
|||
:type user: str
|
||||
:param group: (Optional) Group of certificate files. Defaults to 'root'
|
||||
:type group: str
|
||||
:param bindings: List of bindings to check in addition to default api
|
||||
bindings.
|
||||
:type bindings: list of strings
|
||||
:returns: True if certificates processed for local unit or False
|
||||
:rtype: bool
|
||||
"""
|
||||
if bindings:
|
||||
# Add default API bindings to bindings list
|
||||
bindings = list(bindings + get_default_api_bindings())
|
||||
else:
|
||||
# Use default API bindings
|
||||
bindings = get_default_api_bindings()
|
||||
|
||||
data = relation_get(rid=relation_id, unit=unit)
|
||||
ssl_dir = os.path.join('/etc/apache2/ssl/', service_name)
|
||||
mkdir(path=ssl_dir)
|
||||
|
@ -333,7 +372,8 @@ def process_certificates(service_name, relation_id, unit,
|
|||
install_certs(ssl_dir, certs, chain, user=user, group=group)
|
||||
create_ip_cert_links(
|
||||
ssl_dir,
|
||||
custom_hostname_link=custom_hostname_link)
|
||||
custom_hostname_link=custom_hostname_link,
|
||||
bindings=bindings)
|
||||
return True
|
||||
return False
|
||||
|
||||
|
|
|
@ -49,7 +49,6 @@ from charmhelpers.core.hookenv import (
|
|||
relation_ids,
|
||||
related_units,
|
||||
relation_set,
|
||||
unit_get,
|
||||
unit_private_ip,
|
||||
charm_name,
|
||||
DEBUG,
|
||||
|
@ -98,6 +97,7 @@ from charmhelpers.contrib.openstack.ip import (
|
|||
ADMIN,
|
||||
PUBLIC,
|
||||
ADDRESS_MAP,
|
||||
local_address,
|
||||
)
|
||||
from charmhelpers.contrib.network.ip import (
|
||||
get_address_in_network,
|
||||
|
@ -247,7 +247,7 @@ class SharedDBContext(OSContextGenerator):
|
|||
hostname_key = "hostname"
|
||||
access_hostname = get_address_in_network(
|
||||
access_network,
|
||||
unit_get('private-address'))
|
||||
local_address(unit_get_fallback='private-address'))
|
||||
set_hostname = relation_get(attribute=hostname_key,
|
||||
unit=local_unit())
|
||||
if set_hostname != access_hostname:
|
||||
|
@ -1088,7 +1088,7 @@ class ApacheSSLContext(OSContextGenerator):
|
|||
# NOTE(jamespage): Fallback must always be private address
|
||||
# as this is used to bind services on the
|
||||
# local unit.
|
||||
fallback = unit_get("private-address")
|
||||
fallback = local_address(unit_get_fallback="private-address")
|
||||
if net_config:
|
||||
addr = get_address_in_network(net_config,
|
||||
fallback)
|
||||
|
@ -1260,7 +1260,7 @@ class NeutronContext(OSContextGenerator):
|
|||
if is_clustered():
|
||||
host = config('vip')
|
||||
else:
|
||||
host = unit_get('private-address')
|
||||
host = local_address(unit_get_fallback='private-address')
|
||||
|
||||
ctxt = {'network_manager': self.network_manager,
|
||||
'neutron_url': '%s://%s:%s' % (proto, host, '9696')}
|
||||
|
|
|
@ -123,6 +123,28 @@ def _get_address_override(endpoint_type=PUBLIC):
|
|||
return addr_override.format(service_name=service_name())
|
||||
|
||||
|
||||
def local_address(unit_get_fallback='public-address'):
|
||||
"""Return a network address for this unit.
|
||||
|
||||
Attempt to retrieve a 'default' IP address for this unit
|
||||
from network-get. If this is running with an old version of Juju then
|
||||
fallback to unit_get.
|
||||
|
||||
Note on juju < 2.9 the binding to juju-info may not exist, so fall back to
|
||||
the unit-get.
|
||||
|
||||
:param unit_get_fallback: Either 'public-address' or 'private-address'.
|
||||
Only used with old versions of Juju.
|
||||
:type unit_get_fallback: str
|
||||
:returns: IP Address
|
||||
:rtype: str
|
||||
"""
|
||||
try:
|
||||
return network_get_primary_address('juju-info')
|
||||
except (NotImplementedError, NoNetworkBinding):
|
||||
return unit_get(unit_get_fallback)
|
||||
|
||||
|
||||
def resolve_address(endpoint_type=PUBLIC, override=True):
|
||||
"""Return unit address depending on net config.
|
||||
|
||||
|
@ -176,7 +198,7 @@ def resolve_address(endpoint_type=PUBLIC, override=True):
|
|||
if config('prefer-ipv6'):
|
||||
fallback_addr = get_ipv6_addr(exc_list=vips)[0]
|
||||
else:
|
||||
fallback_addr = unit_get(net_fallback)
|
||||
fallback_addr = local_address(unit_get_fallback=net_fallback)
|
||||
|
||||
if net_addr:
|
||||
resolved_address = get_address_in_network(net_addr, fallback_addr)
|
||||
|
|
|
@ -90,13 +90,16 @@ from charmhelpers.core.host import (
|
|||
service_start,
|
||||
restart_on_change_helper,
|
||||
)
|
||||
|
||||
from charmhelpers.fetch import (
|
||||
apt_cache,
|
||||
apt_install,
|
||||
import_key as fetch_import_key,
|
||||
add_source as fetch_add_source,
|
||||
SourceConfigError,
|
||||
GPGKeyError,
|
||||
get_upstream_version,
|
||||
filter_installed_packages,
|
||||
filter_missing_packages,
|
||||
ubuntu_apt_pkg as apt,
|
||||
)
|
||||
|
@ -480,9 +483,14 @@ def get_swift_codename(version):
|
|||
return None
|
||||
|
||||
|
||||
@deprecate("moved to charmhelpers.contrib.openstack.utils.get_installed_os_version()", "2021-01", log=juju_log)
|
||||
def get_os_codename_package(package, fatal=True):
|
||||
'''Derive OpenStack release codename from an installed package.'''
|
||||
|
||||
codename = get_installed_os_version()
|
||||
if codename:
|
||||
return codename
|
||||
|
||||
if snap_install_requested():
|
||||
cmd = ['snap', 'list', package]
|
||||
try:
|
||||
|
@ -570,6 +578,28 @@ def get_os_version_package(pkg, fatal=True):
|
|||
# error_out(e)
|
||||
|
||||
|
||||
def get_installed_os_version():
|
||||
apt_install(filter_installed_packages(['openstack-release']), fatal=False)
|
||||
print("OpenStack Release: {}".format(openstack_release()))
|
||||
return openstack_release().get('OPENSTACK_CODENAME')
|
||||
|
||||
|
||||
@cached
|
||||
def openstack_release():
|
||||
"""Return /etc/os-release in a dict."""
|
||||
d = {}
|
||||
try:
|
||||
with open('/etc/openstack-release', 'r') as lsb:
|
||||
for l in lsb:
|
||||
s = l.split('=')
|
||||
if len(s) != 2:
|
||||
continue
|
||||
d[s[0].strip()] = s[1].strip()
|
||||
except FileNotFoundError:
|
||||
pass
|
||||
return d
|
||||
|
||||
|
||||
# Module local cache variable for the os_release.
|
||||
_os_rel = None
|
||||
|
||||
|
|
|
@ -129,7 +129,7 @@ class Cache(object):
|
|||
else:
|
||||
data = line.split(None, 4)
|
||||
status = data.pop(0)
|
||||
if status != 'ii':
|
||||
if status not in ('ii', 'hi'):
|
||||
continue
|
||||
pkg = {}
|
||||
pkg.update({k.lower(): v for k, v in zip(headings, data)})
|
||||
|
|
|
@ -37,6 +37,8 @@ importlib-resources<3.0.0; python_version < '3.6'
|
|||
# dropped support for python 3.5:
|
||||
osprofiler<2.7.0;python_version<'3.6'
|
||||
stevedore<1.31.0;python_version<'3.6'
|
||||
debtcollector<1.22.0;python_version<'3.6'
|
||||
oslo.utils<=3.41.0;python_version<'3.6'
|
||||
|
||||
coverage>=4.5.2
|
||||
pyudev # for ceph-* charm unit tests (need to fix the ceph-* charm unit tests/mocking)
|
||||
|
|
Loading…
Reference in New Issue