18
18
from charmhelpers.contrib.openstack import context, templating
19
from charmhelpers.contrib.network.ip import (
23
from charmhelpers.contrib.openstack.ip import (
20
30
from charmhelpers.contrib.openstack.utils import (
21
31
configure_installation_source,
92
101
SSL_DIR = '/var/lib/keystone/juju_ssl/'
93
102
SSL_CA_NAME = 'Ubuntu Cloud'
94
CLUSTER_RES = 'res_ks_vip'
103
CLUSTER_RES = 'grp_ks_vips'
95
104
SSH_USER = 'juju_keystone'
97
106
BASE_RESOURCE_MAP = OrderedDict([
480
489
create_role("KeystoneServiceAdmin", config("admin-user"), 'admin')
481
490
create_service_entry("keystone", "identity", "Keystone Identity Service")
484
log("Creating endpoint for clustered configuration")
485
service_host = auth_host = config("vip")
487
log("Creating standard endpoint")
488
service_host = auth_host = unit_private_ip()
490
492
for region in config('region').split():
491
create_keystone_endpoint(service_host=service_host,
493
create_keystone_endpoint(public_ip=resolve_address(PUBLIC),
492
494
service_port=config("service-port"),
495
internal_ip=resolve_address(INTERNAL),
496
admin_ip=resolve_address(ADMIN),
494
497
auth_port=config("admin-port"),
498
def create_keystone_endpoint(service_host, service_port,
499
auth_host, auth_port, region):
501
def create_keystone_endpoint(public_ip, service_port,
502
internal_ip, admin_ip, auth_port, region):
502
505
log("Setting https keystone endpoint")
504
public_url = "%s://%s:%s/v2.0" % (proto, service_host, service_port)
505
admin_url = "%s://%s:%s/v2.0" % (proto, auth_host, auth_port)
506
internal_url = "%s://%s:%s/v2.0" % (proto, service_host, service_port)
508
if is_ipv6(public_ip):
509
public_ip = "[{}]".format(public_ip)
510
if is_ipv6(internal_ip):
511
internal_ip = "[{}]".format(internal_ip)
512
if is_ipv6(admin_ip):
513
admin_ip = "[{}]".format(admin_ip)
515
public_url = "%s://%s:%s/v2.0" % (proto, public_ip, service_port)
516
admin_url = "%s://%s:%s/v2.0" % (proto, admin_ip, auth_port)
517
internal_url = "%s://%s:%s/v2.0" % (proto, internal_ip, service_port)
507
518
create_endpoint_template(region, "keystone", public_url,
508
519
admin_url, internal_url)
589
600
# SSL_DIR is synchronized via all peers over unison+ssh, need
590
601
# to ensure permissions.
591
602
subprocess.check_output(['chown', '-R', '%s.%s' % (user, group),
593
604
subprocess.check_output(['chmod', '-R', 'g+rwx', '%s' % SSL_DIR])
622
633
# hook execution to update auth strategy.
623
634
relation_data = {}
624
635
# Check if clustered and use vip + haproxy ports if so
626
relation_data["auth_host"] = config('vip')
627
relation_data["service_host"] = config('vip')
629
relation_data["auth_host"] = unit_private_ip()
630
relation_data["service_host"] = unit_private_ip()
636
relation_data["auth_host"] = resolve_address(ADMIN)
637
relation_data["service_host"] = resolve_address(PUBLIC)
632
639
relation_data["auth_protocol"] = "https"
633
640
relation_data["service_protocol"] = "https"
734
741
service_tenant = config('service-tenant')
735
742
relation_data = {
736
743
"admin_token": token,
737
"service_host": unit_private_ip(),
744
"service_host": resolve_address(PUBLIC),
738
745
"service_port": config("service-port"),
739
"auth_host": unit_private_ip(),
746
"auth_host": resolve_address(ADMIN),
740
747
"auth_port": config("admin-port"),
741
748
"service_username": service_username,
742
749
"service_password": service_password,
751
# Check if clustered and use vip + haproxy ports if so
753
relation_data["auth_host"] = config('vip')
754
relation_data["service_host"] = config('vip')
758
# Check if https is enabled
756
760
relation_data["auth_protocol"] = "https"
757
761
relation_data["service_protocol"] = "https"