[yoga] Ensure get_requests_for_local_unit doesn't fail on incomplete relation

This is a rebuild/make sync for charms to pickup the fix in charmhelpers to fix any inadvertant accesses of ['ca'] in the relation data before it is available from vault in the certificates relation. Fix in charmhelpers is in [1]. [1] https://github.com/juju/charm-helpers/pull/827 Closes-Bug: #2028683 Change-Id: I26c4b6dbee9ce6bb620c270000b9e26bf303d2c8
2023-08-15 15:13:22 +01:00 · 2023-08-15 15:13:22 +01:00 · 554f2d44bb
parent 9d9f0c59fe
commit 554f2d44bb
12 changed files with 106 additions and 49 deletions
--- a/hooks/charmhelpers/contrib/hahelpers/cluster.py
+++ b/hooks/charmhelpers/contrib/hahelpers/cluster.py
@ -221,6 +221,13 @@ def https():
        return True
    if config_get('ssl_cert') and config_get('ssl_key'):
        return True
+    # Local import to avoid ciruclar dependency.
+    import charmhelpers.contrib.openstack.cert_utils as cert_utils
+    if (
+        cert_utils.get_certificate_request() and not
+        cert_utils.get_requests_for_local_unit("certificates")
+    ):
+        return False
    for r_id in relation_ids('certificates'):
        for unit in relation_list(r_id):
            ca = relation_get('ca', rid=r_id, unit=unit)
@ -324,7 +331,7 @@ def valid_hacluster_config():
    '''
    vip = config_get('vip')
    dns = config_get('dns-ha')
-    if not(bool(vip) ^ bool(dns)):
+    if not (bool(vip) ^ bool(dns)):
        msg = ('HA: Either vip or dns-ha must be set but not both in order to '
               'use high availability')
        status_set('blocked', msg)
--- a/hooks/charmhelpers/contrib/network/ip.py
+++ b/hooks/charmhelpers/contrib/network/ip.py
@ -467,7 +467,7 @@ def ns_query(address):

    try:
        answers = dns.resolver.query(address, rtype)
-    except dns.resolver.NXDOMAIN:
+    except (dns.resolver.NXDOMAIN, dns.resolver.NoNameservers):
        return None

    if answers:
@ -539,7 +539,7 @@ def port_has_listener(address, port):
    """
    cmd = ['nc', '-z', address, str(port)]
    result = subprocess.call(cmd)
-    return not(bool(result))
+    return not (bool(result))


 def assert_charm_supports_ipv6():
--- a/hooks/charmhelpers/contrib/openstack/cert_utils.py
+++ b/hooks/charmhelpers/contrib/openstack/cert_utils.py
@ -409,13 +409,33 @@ def get_requests_for_local_unit(relation_name=None):
    relation_name = relation_name or 'certificates'
    bundles = []
    for rid in relation_ids(relation_name):
+        sent = relation_get(rid=rid, unit=local_unit())
+        legacy_keys = ['certificate_name', 'common_name']
+        is_legacy_request = set(sent).intersection(legacy_keys)
        for unit in related_units(rid):
            data = relation_get(rid=rid, unit=unit)
-            if data.get(raw_certs_key):
-                bundles.append({
-                    'ca': data['ca'],
-                    'chain': data.get('chain'),
-                    'certs': json.loads(data[raw_certs_key])})
+            # Note: Bug#2028683 - data may not be available if the certificates
+            # relation hasn't been populated by the providing charm. If no 'ca'
+            # in the data then don't attempt the bundle at all.
+            if data.get('ca'):
+                if data.get(raw_certs_key):
+                    bundles.append({
+                        'ca': data['ca'],
+                        'chain': data.get('chain'),
+                        'certs': json.loads(data[raw_certs_key])
+                    })
+                elif is_legacy_request:
+                    bundles.append({
+                        'ca': data['ca'],
+                        'chain': data.get('chain'),
+                        'certs': {
+                            sent['common_name']: {
+                                'cert': data.get(local_name + '.server.cert'),
+                                'key': data.get(local_name + '.server.key')
+                            }
+                        }
+                    })
+
    return bundles


--- a/hooks/charmhelpers/contrib/openstack/context.py
+++ b/hooks/charmhelpers/contrib/openstack/context.py
@ -450,6 +450,7 @@ class IdentityServiceContext(OSContextGenerator):
                int_host = format_ipv6_addr(int_host) or int_host
                svc_protocol = rdata.get('service_protocol') or 'http'
                auth_protocol = rdata.get('auth_protocol') or 'http'
+                admin_role = rdata.get('admin_role') or 'Admin'
                int_protocol = rdata.get('internal_protocol') or 'http'
                api_version = rdata.get('api_version') or '2.0'
                ctxt.update({'service_port': rdata.get('service_port'),
@ -461,6 +462,7 @@ class IdentityServiceContext(OSContextGenerator):
                             'admin_tenant_name': rdata.get('service_tenant'),
                             'admin_user': rdata.get('service_username'),
                             'admin_password': rdata.get('service_password'),
+                             'admin_role': admin_role,
                             'service_protocol': svc_protocol,
                             'auth_protocol': auth_protocol,
                             'internal_protocol': int_protocol,
@ -2560,14 +2562,18 @@ class OVSDPDKDeviceContext(OSContextGenerator):
        :rtype: List[int]
        """
        cores = []
-        ranges = cpulist.split(',')
-        for cpu_range in ranges:
-            if "-" in cpu_range:
-                cpu_min_max = cpu_range.split('-')
-                cores += range(int(cpu_min_max[0]),
-                               int(cpu_min_max[1]) + 1)
-            else:
-                cores.append(int(cpu_range))
+        if cpulist and re.match(r"^[0-9,\-^]*$", cpulist):
+            ranges = cpulist.split(',')
+            for cpu_range in ranges:
+                if "-" in cpu_range:
+                    cpu_min_max = cpu_range.split('-')
+                    cores += range(int(cpu_min_max[0]),
+                                   int(cpu_min_max[1]) + 1)
+                elif "^" in cpu_range:
+                    cpu_rm = cpu_range.split('^')
+                    cores.remove(int(cpu_rm[1]))
+                else:
+                    cores.append(int(cpu_range))
        return cores

    def _numa_node_cores(self):
@ -2586,36 +2592,32 @@ class OVSDPDKDeviceContext(OSContextGenerator):

    def cpu_mask(self):
        """Get hex formatted CPU mask
-
        The mask is based on using the first config:dpdk-socket-cores
        cores of each NUMA node in the unit.
        :returns: hex formatted CPU mask
        :rtype: str
        """
-        return self.cpu_masks()['dpdk_lcore_mask']
-
-    def cpu_masks(self):
-        """Get hex formatted CPU masks
-
-        The mask is based on using the first config:dpdk-socket-cores
-        cores of each NUMA node in the unit, followed by the
-        next config:pmd-socket-cores
-
-        :returns: Dict of hex formatted CPU masks
-        :rtype: Dict[str, str]
-        """
-        num_lcores = config('dpdk-socket-cores')
-        pmd_cores = config('pmd-socket-cores')
-        lcore_mask = 0
-        pmd_mask = 0
+        num_cores = config('dpdk-socket-cores')
+        mask = 0
        for cores in self._numa_node_cores().values():
-            for core in cores[:num_lcores]:
-                lcore_mask = lcore_mask | 1 << core
-            for core in cores[num_lcores:][:pmd_cores]:
-                pmd_mask = pmd_mask | 1 << core
-        return {
-            'pmd_cpu_mask': format(pmd_mask, '#04x'),
-            'dpdk_lcore_mask': format(lcore_mask, '#04x')}
+            for core in cores[:num_cores]:
+                mask = mask | 1 << core
+        return format(mask, '#04x')
+
+    @classmethod
+    def pmd_cpu_mask(cls):
+        """Get hex formatted pmd CPU mask
+
+        The mask is based on config:pmd-cpu-set.
+        :returns: hex formatted CPU mask
+        :rtype: str
+        """
+        mask = 0
+        cpu_list = cls._parse_cpu_list(config('pmd-cpu-set'))
+        if cpu_list:
+            for core in cpu_list:
+                mask = mask | 1 << core
+        return format(mask, '#x')

    def socket_memory(self):
        """Formatted list of socket memory configuration per socket.
@ -2694,6 +2696,7 @@ class OVSDPDKDeviceContext(OSContextGenerator):
            ctxt['device_whitelist'] = self.device_whitelist()
            ctxt['socket_memory'] = self.socket_memory()
            ctxt['cpu_mask'] = self.cpu_mask()
+            ctxt['pmd_cpu_mask'] = self.pmd_cpu_mask()
        return ctxt


--- a/hooks/charmhelpers/contrib/openstack/ssh_migrations.py
+++ b/hooks/charmhelpers/contrib/openstack/ssh_migrations.py
@ -310,7 +310,7 @@ def ssh_known_hosts_lines(application_name, user=None):
        for hosts_line in hosts:
            if hosts_line.rstrip():
                known_hosts_list.append(hosts_line.rstrip())
-    return(known_hosts_list)
+    return known_hosts_list


 def ssh_authorized_keys_lines(application_name, user=None):
@ -327,7 +327,7 @@ def ssh_authorized_keys_lines(application_name, user=None):
        for authkey_line in keys:
            if authkey_line.rstrip():
                authorized_keys_list.append(authkey_line.rstrip())
-    return(authorized_keys_list)
+    return authorized_keys_list


 def ssh_compute_remove(public_key, application_name, user=None):
--- a/hooks/charmhelpers/contrib/openstack/templates/section-keystone-authtoken
+++ b/hooks/charmhelpers/contrib/openstack/templates/section-keystone-authtoken
@ -12,4 +12,6 @@ signing_dir = {{ signing_dir }}
 {% if service_type -%}
 service_type = {{ service_type }}
 {% endif -%}
+service_token_roles = {{ admin_role }}
+service_token_roles_required = True
 {% endif -%}
--- a/hooks/charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka
+++ b/hooks/charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka
@ -22,4 +22,6 @@ signing_dir = {{ signing_dir }}
 {% if use_memcache == true %}
 memcached_servers = {{ memcache_url }}
 {% endif -%}
+service_token_roles = {{ admin_role }}
+service_token_roles_required = True
 {% endif -%}
--- a/hooks/charmhelpers/contrib/openstack/templates/section-service-user
+++ b/hooks/charmhelpers/contrib/openstack/templates/section-service-user
@ -0,0 +1,11 @@
+{% if auth_host -%}
+[service_user]
+send_service_user_token = true
+auth_type = password
+auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
+project_domain_name = service_domain
+user_domain_name = service_domain
+project_name = {{ admin_tenant_name }}
+username = {{ admin_user }}
+password = {{ admin_password }}
+{% endif -%}
--- a/hooks/charmhelpers/contrib/openstack/utils.py
+++ b/hooks/charmhelpers/contrib/openstack/utils.py
@ -1323,7 +1323,7 @@ def _check_listening_on_services_ports(services, test=False):
    @param test: default=False, if False, test for closed, otherwise open.
    @returns OrderedDict(service: [port-not-open, ...]...), [boolean]
    """
-    test = not(not(test))  # ensure test is True or False
+    test = not (not (test))  # ensure test is True or False
    all_ports = list(itertools.chain(*services.values()))
    ports_states = [port_has_listener('0.0.0.0', p) for p in all_ports]
    map_ports = OrderedDict()
@ -1579,7 +1579,7 @@ def is_unit_paused_set():
        with unitdata.HookData()() as t:
            kv = t[0]
            # transform something truth-y into a Boolean.
-            return not(not(kv.get('unit-paused')))
+            return not (not (kv.get('unit-paused')))
    except Exception:
        return False

@ -2177,7 +2177,7 @@ def is_unit_upgrading_set():
        with unitdata.HookData()() as t:
            kv = t[0]
            # transform something truth-y into a Boolean.
-            return not(not(kv.get('unit-upgrading')))
+            return not (not (kv.get('unit-upgrading')))
    except Exception:
        return False

--- a/hooks/charmhelpers/core/host.py
+++ b/hooks/charmhelpers/core/host.py
@ -952,7 +952,7 @@ def pwgen(length=None):
    random_generator = random.SystemRandom()
    random_chars = [
        random_generator.choice(alphanumeric_chars) for _ in range(length)]
-    return(''.join(random_chars))
+    return ''.join(random_chars)


 def is_phy_iface(interface):
--- a/hooks/charmhelpers/fetch/ubuntu.py
+++ b/hooks/charmhelpers/fetch/ubuntu.py
@ -222,6 +222,10 @@ CLOUD_ARCHIVE_POCKETS = {
    'yoga/proposed': 'focal-proposed/yoga',
    'focal-yoga/proposed': 'focal-proposed/yoga',
    'focal-proposed/yoga': 'focal-proposed/yoga',
+
+    # OVN
+    'focal-ovn-22.03': 'focal-updates/ovn-22.03',
+    'focal-ovn-22.03/proposed': 'focal-proposed/ovn-22.03',
 }


@ -677,6 +681,7 @@ def add_source(source, key=None, fail_invalid=False):
        (r"^cloud-archive:(.*)$", _add_apt_repository),
        (r"^((?:deb |http:|https:|ppa:).*)$", _add_apt_repository),
        (r"^cloud:(.*)-(.*)\/staging$", _add_cloud_staging),
+        (r"^cloud:(.*)-(ovn-.*)$", _add_cloud_distro_check),
        (r"^cloud:(.*)-(.*)$", _add_cloud_distro_check),
        (r"^cloud:(.*)$", _add_cloud_pocket),
        (r"^snap:.*-(.*)-(.*)$", _add_cloud_distro_check),
@ -740,6 +745,11 @@ def _add_apt_repository(spec):
                      )


+def __write_sources_list_d_actual_pocket(file, actual_pocket):
+    with open('/etc/apt/sources.list.d/{}'.format(file), 'w') as apt:
+        apt.write(CLOUD_ARCHIVE.format(actual_pocket))
+
+
 def _add_cloud_pocket(pocket):
    """Add a cloud pocket as /etc/apt/sources.d/cloud-archive.list

@ -759,8 +769,9 @@ def _add_cloud_pocket(pocket):
            'Unsupported cloud: source option %s' %
            pocket)
    actual_pocket = CLOUD_ARCHIVE_POCKETS[pocket]
-    with open('/etc/apt/sources.list.d/cloud-archive.list', 'w') as apt:
-        apt.write(CLOUD_ARCHIVE.format(actual_pocket))
+    __write_sources_list_d_actual_pocket(
+        'cloud-archive{}.list'.format('' if 'ovn' not in pocket else '-ovn'),
+        actual_pocket)


 def _add_cloud_staging(cloud_archive_release, openstack_release):
--- a/tox.ini
+++ b/tox.ini
@ -84,7 +84,8 @@ commands = stestr run --slowest {posargs}
 [testenv:pep8]
 basepython = python3
 deps = flake8==3.9.2
-       charm-tools==2.8.3
+       PyYAML==6.0.1
+       charm-tools==2.8.6
 commands = flake8 {posargs} hooks unit_tests tests actions lib files
           charm-proof