1
from charmhelpers.core.hookenv import (
2
config, unit_private_ip)
4
from charmhelpers.contrib.openstack import context
6
from charmhelpers.contrib.hahelpers.cluster import (
12
from subprocess import (
18
CA_CERT_PATH = '/usr/local/share/ca-certificates/keystone_juju_ca_cert.crt'
21
class ApacheSSLContext(context.ApacheSSLContext):
23
interfaces = ['https']
25
service_namespace = 'keystone'
28
# late import to work around circular dependency
29
from keystone_utils import determine_ports
30
self.external_ports = determine_ports()
31
return super(ApacheSSLContext, self).__call__()
33
def configure_cert(self):
34
#import keystone_ssl as ssl
35
from keystone_utils import SSH_USER, get_ca
36
if not os.path.isdir('/etc/apache2/ssl'):
37
os.mkdir('/etc/apache2/ssl')
38
ssl_dir = os.path.join('/etc/apache2/ssl/', self.service_namespace)
39
if not os.path.isdir(ssl_dir):
42
https_cn = config('vip')
44
https_cn = unit_private_ip()
45
ca = get_ca(user=SSH_USER)
46
cert, key = ca.get_cert_and_key(common_name=https_cn)
47
with open(os.path.join(ssl_dir, 'cert'), 'w') as cert_out:
49
with open(os.path.join(ssl_dir, 'key'), 'w') as key_out:
52
with open(CA_CERT_PATH, 'w') as ca_out:
53
ca_out.write(ca.get_ca_bundle())
54
check_call(['update-ca-certificates'])
57
class HAProxyContext(context.HAProxyContext):
62
Extends the main charmhelpers HAProxyContext with a port mapping
63
specific to this charm.
64
Also used to extend nova.conf context with correct api_listening_ports
66
from keystone_utils import api_port
67
ctxt = super(HAProxyContext, self).__call__()
69
# determine which port api processes should bind to, depending
70
# on existence of haproxy + apache frontends
72
listen_ports['admin_port'] = api_port('keystone-admin')
73
listen_ports['public_port'] = api_port('keystone-public')
76
a_admin_port = determine_apache_port(api_port('keystone-admin'))
77
a_public_port = determine_apache_port(api_port('keystone-public'))
81
api_port('keystone-admin'), a_admin_port],
83
api_port('keystone-public'), a_public_port],
87
ctxt['service_ports'] = port_mapping
89
ctxt['listen_ports'] = listen_ports
93
class KeystoneContext(context.OSContextGenerator):
97
from keystone_utils import api_port, set_admin_token
99
ctxt['token'] = set_admin_token()
100
ctxt['admin_port'] = determine_api_port(api_port('keystone-admin'))
101
ctxt['public_port'] = determine_api_port(api_port('keystone-public'))
102
ctxt['debug'] = config('debug') in ['yes', 'true', 'True']
103
ctxt['verbose'] = config('verbose') in ['yes', 'true', 'True']
104
if config('enable-pki') not in ['false', 'False', 'no', 'No']:
105
ctxt['signing'] = True