openstack
/
charm-nova-cloud-controller
Code Issues Proposed changes

Use service_domain in [service_user] section 

Sync from charm-helpers to update [service_user] config to use the
service domain.

The keystone charm currently creates two service users, one for the
service domain (for v3 authentication), and the other for the default
domain (for v2 authentication). The [service_user] config needs to
use the service domain.

Closes-Bug: #2026202
Change-Id: I3a5f61c39ce1d3f663f5f5c9d9f4ac19d1fc6886
This commit is contained in:
Corey Bryant 2023-07-05 16:01:09 -04:00
parent fd810f9afd
commit 1c1ab7658e
8 changed files with 47 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
charmhelpers/contrib/openstack/cert_utils.py
View File

@ -409,6 +409,9 @@ def get_requests_for_local_unit(relation_name=None):
relation_name = relation_name or 'certificates'
bundles = []
for rid in relation_ids(relation_name):
sent = relation_get(rid=rid, unit=local_unit())
legacy_keys = ['certificate_name', 'common_name']
is_legacy_request = set(sent).intersection(legacy_keys)
for unit in related_units(rid):
data = relation_get(rid=rid, unit=unit)
if data.get(raw_certs_key):
@ -416,6 +419,14 @@ def get_requests_for_local_unit(relation_name=None):
'ca': data['ca'],
'chain': data.get('chain'),
'certs': json.loads(data[raw_certs_key])})
elif is_legacy_request:
bundles.append({
'ca': data['ca'],
'chain': data.get('chain'),
'certs': {sent['common_name']:
{'cert': data.get(local_name + '.server.cert'),
'key': data.get(local_name + '.server.key')}}})
return bundles

4
charmhelpers/contrib/openstack/context.py
View File

@ -1748,6 +1748,9 @@ class WSGIWorkerConfigContext(WorkerConfigContext):
def __call__(self):
total_processes = _calculate_workers()
enable_wsgi_rotation = config('wsgi-rotation')
if enable_wsgi_rotation is None:
enable_wsgi_rotation = True
ctxt = {
"service_name": self.service_name,
"user": self.user,
@ -1761,6 +1764,7 @@ class WSGIWorkerConfigContext(WorkerConfigContext):
"public_processes": int(math.ceil(self.public_process_weight *
total_processes)),
"threads": 1,
"wsgi_rotation": enable_wsgi_rotation,
}
return ctxt

2
charmhelpers/contrib/openstack/templates/section-keystone-authtoken
View File

@ -12,6 +12,8 @@ signing_dir = {{ signing_dir }}
{% if service_type -%}
service_type = {{ service_type }}
{% endif -%}
{% if admin_role -%}
service_token_roles = {{ admin_role }}
service_token_roles_required = True
{% endif -%}
{% endif -%}

2
charmhelpers/contrib/openstack/templates/section-keystone-authtoken-mitaka
View File

@ -22,6 +22,8 @@ signing_dir = {{ signing_dir }}
{% if use_memcache == true %}
memcached_servers = {{ memcache_url }}
{% endif -%}
{% if admin_role -%}
service_token_roles = {{ admin_role }}
service_token_roles_required = True
{% endif -%}
{% endif -%}

4
charmhelpers/contrib/openstack/templates/section-service-user
View File

@ -3,8 +3,8 @@
send_service_user_token = true
auth_type = password
auth_url = {{ auth_protocol }}://{{ auth_host }}:{{ auth_port }}
project_domain_id = default
user_domain_id = default
project_domain_name = service_domain
user_domain_name = service_domain
project_name = {{ admin_tenant_name }}
username = {{ admin_user }}
password = {{ admin_password }}

6
charmhelpers/contrib/openstack/templates/wsgi-openstack-api.conf
View File

@ -12,6 +12,12 @@ Listen {{ admin_port }}
Listen {{ public_port }}
{% endif -%}
{% if wsgi_rotation -%}
WSGISocketRotation On
{% else -%}
WSGISocketRotation Off
{% endif -%}
{% if port -%}
<VirtualHost *:{{ port }}>
WSGIDaemonProcess {{ service_name }} processes={{ processes }} threads={{ threads }} user={{ user }} group={{ group }} \

6
charmhelpers/contrib/openstack/templates/wsgi-openstack-metadata.conf
View File

@ -12,6 +12,12 @@ Listen {{ admin_port }}
Listen {{ public_port }}
{% endif -%}
{% if wsgi_rotation -%}
WSGISocketRotation On
{% else -%}
WSGISocketRotation Off
{% endif -%}
{% if port -%}
<VirtualHost *:{{ port }}>
WSGIDaemonProcess {{ service_name }} processes={{ processes }} threads={{ threads }} user={{ user }} group={{ group }} \

36
charmhelpers/fetch/ubuntu_apt_pkg.py
View File

@ -122,13 +122,12 @@ class Cache(object):
:raises: subprocess.CalledProcessError
"""
pkgs = {}
cmd = ['dpkg-query', '--list']
cmd = [
'dpkg-query', '--show',
'--showformat',
r'${db:Status-Abbrev}\t${Package}\t${Version}\t${Architecture}\t${binary:Summary}\n'
]
cmd.extend(packages)
if locale.getlocale() == (None, None):
# subprocess calls out to locale.getpreferredencoding(False) to
# determine encoding. Workaround for Trusty where the
# environment appears to not be set up correctly.
locale.setlocale(locale.LC_ALL, 'en_US.UTF-8')
try:
output = subprocess.check_output(cmd,
stderr=subprocess.STDOUT,
@ -140,24 +139,17 @@ class Cache(object):
if cp.returncode != 1:
raise
output = cp.output
headings = []
for line in output.splitlines():
if line.startswith('||/'):
headings = line.split()
headings.pop(0)
# only process lines for successfully installed packages
if not (line.startswith('ii ') or line.startswith('hi ')):
continue
elif (line.startswith('|') or line.startswith('+') or
line.startswith('dpkg-query:')):
continue
else:
data = line.split(None, 4)
status = data.pop(0)
if status not in ('ii', 'hi'):
continue
pkg = {}
pkg.update({k.lower(): v for k, v in zip(headings, data)})
if 'name' in pkg:
pkgs.update({pkg['name']: pkg})
status, name, version, arch, desc = line.split('\t', 4)
pkgs[name] = {
'name': name,
'version': version,
'architecture': arch,
'description': desc,
}
return pkgs
def _apt_cache_show(self, packages):