~joeborg/charms/trusty/contrail-configuration/rbac-switch

« back to all changes in this revision

Viewing changes to hooks/charmhelpers/contrib/hahelpers/apache.py

  • Committer: Ante Karamatic
  • Date: 2017-01-31 12:51:09 UTC
  • mto: This revision was merged to the branch mainline in revision 65.
  • Revision ID: ante.karamatic@canonical.com-20170131125109-qwjbg96c10i2iixk
SSL support for contrail-configuration

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
# Copyright 2014-2015 Canonical Limited.
 
2
#
 
3
# Licensed under the Apache License, Version 2.0 (the "License");
 
4
# you may not use this file except in compliance with the License.
 
5
# You may obtain a copy of the License at
 
6
#
 
7
#  http://www.apache.org/licenses/LICENSE-2.0
 
8
#
 
9
# Unless required by applicable law or agreed to in writing, software
 
10
# distributed under the License is distributed on an "AS IS" BASIS,
 
11
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 
12
# See the License for the specific language governing permissions and
 
13
# limitations under the License.
 
14
 
 
15
#
 
16
# Copyright 2012 Canonical Ltd.
 
17
#
 
18
# This file is sourced from lp:openstack-charm-helpers
 
19
#
 
20
# Authors:
 
21
#  James Page <james.page@ubuntu.com>
 
22
#  Adam Gandelman <adamg@ubuntu.com>
 
23
#
 
24
 
 
25
import os
 
26
import subprocess
 
27
 
 
28
from charmhelpers.core.hookenv import (
 
29
    config as config_get,
 
30
    relation_get,
 
31
    relation_ids,
 
32
    related_units as relation_list,
 
33
    log,
 
34
    INFO,
 
35
)
 
36
 
 
37
 
 
38
def get_cert(cn=None):
 
39
    # TODO: deal with multiple https endpoints via charm config
 
40
    cert = config_get('ssl_cert')
 
41
    key = config_get('ssl_key')
 
42
    if not (cert and key):
 
43
        log("Inspecting identity-service relations for SSL certificate.",
 
44
            level=INFO)
 
45
        cert = key = None
 
46
        if cn:
 
47
            ssl_cert_attr = 'ssl_cert_{}'.format(cn)
 
48
            ssl_key_attr = 'ssl_key_{}'.format(cn)
 
49
        else:
 
50
            ssl_cert_attr = 'ssl_cert'
 
51
            ssl_key_attr = 'ssl_key'
 
52
        for r_id in relation_ids('identity-service'):
 
53
            for unit in relation_list(r_id):
 
54
                if not cert:
 
55
                    cert = relation_get(ssl_cert_attr,
 
56
                                        rid=r_id, unit=unit)
 
57
                if not key:
 
58
                    key = relation_get(ssl_key_attr,
 
59
                                       rid=r_id, unit=unit)
 
60
    return (cert, key)
 
61
 
 
62
 
 
63
def get_ca_cert():
 
64
    ca_cert = config_get('ssl_ca')
 
65
    if ca_cert is None:
 
66
        log("Inspecting identity-service relations for CA SSL certificate.",
 
67
            level=INFO)
 
68
        for r_id in relation_ids('identity-service'):
 
69
            for unit in relation_list(r_id):
 
70
                if ca_cert is None:
 
71
                    ca_cert = relation_get('ca_cert',
 
72
                                           rid=r_id, unit=unit)
 
73
    return ca_cert
 
74
 
 
75
 
 
76
def retrieve_ca_cert(cert_file):
 
77
    cert = None
 
78
    if os.path.isfile(cert_file):
 
79
        with open(cert_file, 'r') as crt:
 
80
            cert = crt.read()
 
81
    return cert
 
82
 
 
83
 
 
84
def install_ca_cert(ca_cert):
 
85
    if ca_cert:
 
86
        cert_file = ('/usr/local/share/ca-certificates/'
 
87
                     'keystone_juju_ca_cert.crt')
 
88
        old_cert = retrieve_ca_cert(cert_file)
 
89
        if old_cert and old_cert == ca_cert:
 
90
            log("CA cert is the same as installed version", level=INFO)
 
91
        else:
 
92
            log("Installing new CA cert", level=INFO)
 
93
            with open(cert_file, 'w') as crt:
 
94
                crt.write(ca_cert)
 
95
            subprocess.check_call(['update-ca-certificates', '--fresh'])