← Back to branch summary

~hopem/charms/trusty/keystone/charm-helpers-sync-precise-ipv6-haproxy

« back to all changes in this revision

Viewing changes to hooks/keystone_utils.py

  • Committer: Liam Young
  • Date: 2014-07-29 08:05:41 UTC
  • mfrom: (68.2.24 keystone)
  • Revision ID: liam.young@canonical.com-20140729080541-8twej4w7c1sv1vka
[jamespage,r=gnuoy] Add support for multiple network configuration.

Show diffs side-by-side

added added

removed removed

Lines of Context:
hooks/keystone_utils.py
16
16
)
17
17
 
18
18
from charmhelpers.contrib.openstack import context, templating
 
19
from charmhelpers.contrib.network.ip import (
 
20
    is_ipv6
 
21
)
 
22
 
 
23
from charmhelpers.contrib.openstack.ip import (
 
24
    resolve_address,
 
25
    PUBLIC,
 
26
    INTERNAL,
 
27
    ADMIN
 
28
)
19
29
 
20
30
from charmhelpers.contrib.openstack.utils import (
21
31
    configure_installation_source,
31
41
    log,
32
42
    relation_get,
33
43
    relation_set,
34
 
    unit_private_ip,
35
44
    INFO,
36
45
)
37
46
 
91
100
 
92
101
SSL_DIR = '/var/lib/keystone/juju_ssl/'
93
102
SSL_CA_NAME = 'Ubuntu Cloud'
94
 
CLUSTER_RES = 'res_ks_vip'
 
103
CLUSTER_RES = 'grp_ks_vips'
95
104
SSH_USER = 'juju_keystone'
96
105
 
97
106
BASE_RESOURCE_MAP = OrderedDict([
480
489
    create_role("KeystoneServiceAdmin", config("admin-user"), 'admin')
481
490
    create_service_entry("keystone", "identity", "Keystone Identity Service")
482
491
 
483
 
    if is_clustered():
484
 
        log("Creating endpoint for clustered configuration")
485
 
        service_host = auth_host = config("vip")
486
 
    else:
487
 
        log("Creating standard endpoint")
488
 
        service_host = auth_host = unit_private_ip()
489
 
 
490
492
    for region in config('region').split():
491
 
        create_keystone_endpoint(service_host=service_host,
 
493
        create_keystone_endpoint(public_ip=resolve_address(PUBLIC),
492
494
                                 service_port=config("service-port"),
493
 
                                 auth_host=auth_host,
 
495
                                 internal_ip=resolve_address(INTERNAL),
 
496
                                 admin_ip=resolve_address(ADMIN),
494
497
                                 auth_port=config("admin-port"),
495
498
                                 region=region)
496
499
 
497
500
 
498
 
def create_keystone_endpoint(service_host, service_port,
499
 
                             auth_host, auth_port, region):
 
501
def create_keystone_endpoint(public_ip, service_port,
 
502
                             internal_ip, admin_ip, auth_port, region):
500
503
    proto = 'http'
501
504
    if https():
502
505
        log("Setting https keystone endpoint")
503
506
        proto = 'https'
504
 
    public_url = "%s://%s:%s/v2.0" % (proto, service_host, service_port)
505
 
    admin_url = "%s://%s:%s/v2.0" % (proto, auth_host, auth_port)
506
 
    internal_url = "%s://%s:%s/v2.0" % (proto, service_host, service_port)
 
507
 
 
508
    if is_ipv6(public_ip):
 
509
        public_ip = "[{}]".format(public_ip)
 
510
    if is_ipv6(internal_ip):
 
511
        internal_ip = "[{}]".format(internal_ip)
 
512
    if is_ipv6(admin_ip):
 
513
        admin_ip = "[{}]".format(admin_ip)
 
514
 
 
515
    public_url = "%s://%s:%s/v2.0" % (proto, public_ip, service_port)
 
516
    admin_url = "%s://%s:%s/v2.0" % (proto, admin_ip, auth_port)
 
517
    internal_url = "%s://%s:%s/v2.0" % (proto, internal_ip, service_port)
507
518
    create_endpoint_template(region, "keystone", public_url,
508
519
                             admin_url, internal_url)
509
520
 
589
600
        # SSL_DIR is synchronized via all peers over unison+ssh, need
590
601
        # to ensure permissions.
591
602
        subprocess.check_output(['chown', '-R', '%s.%s' % (user, group),
592
 
                                '%s' % SSL_DIR])
 
603
                                 '%s' % SSL_DIR])
593
604
        subprocess.check_output(['chmod', '-R', 'g+rwx', '%s' % SSL_DIR])
594
605
        CA.append(ca)
595
606
    return CA[0]
622
633
            # hook execution to update auth strategy.
623
634
            relation_data = {}
624
635
            # Check if clustered and use vip + haproxy ports if so
625
 
            if is_clustered():
626
 
                relation_data["auth_host"] = config('vip')
627
 
                relation_data["service_host"] = config('vip')
628
 
            else:
629
 
                relation_data["auth_host"] = unit_private_ip()
630
 
                relation_data["service_host"] = unit_private_ip()
 
636
            relation_data["auth_host"] = resolve_address(ADMIN)
 
637
            relation_data["service_host"] = resolve_address(PUBLIC)
631
638
            if https():
632
639
                relation_data["auth_protocol"] = "https"
633
640
                relation_data["service_protocol"] = "https"
734
741
    service_tenant = config('service-tenant')
735
742
    relation_data = {
736
743
        "admin_token": token,
737
 
        "service_host": unit_private_ip(),
 
744
        "service_host": resolve_address(PUBLIC),
738
745
        "service_port": config("service-port"),
739
 
        "auth_host": unit_private_ip(),
 
746
        "auth_host": resolve_address(ADMIN),
740
747
        "auth_port": config("admin-port"),
741
748
        "service_username": service_username,
742
749
        "service_password": service_password,
748
755
        "ca_cert": ""
749
756
    }
750
757
 
751
 
    # Check if clustered and use vip + haproxy ports if so
752
 
    if is_clustered():
753
 
        relation_data["auth_host"] = config('vip')
754
 
        relation_data["service_host"] = config('vip')
 
758
    # Check if https is enabled
755
759
    if https():
756
760
        relation_data["auth_protocol"] = "https"
757
761
        relation_data["service_protocol"] = "https"