« back to all changes in this revision
Viewing changes to hooks/utils.py
- browse files at revision 57
- compare with another revision
- download diff
- download tarball
- view history from revision 57
- Committer: James Page
- Date: 2013-03-11 09:10:47 UTC
- mfrom: (50.1.10 keystone)
- Revision ID: james.page@canonical.com-20130311091047-3t8xmo74fucxomie
SSH based hook syncing
- files added:
- hooks/cluster-relation-joined
- files modified:
- config.yaml
added
removed
hooks/utils.py
4
4
import sys
5
5
import json
6
6
import os
7
import tarfile
8
import tempfile
7
9
import time
8
10
9
11
from lib.openstack_common import *
10
12
13
import keystone_ssl as ssl
14
import lib.unison as unison
15
11
16
keystone_conf = "/etc/keystone/keystone.conf"
12
17
stored_passwd = "/var/lib/keystone/keystone.passwd"
13
18
stored_token = "/var/lib/keystone/keystone.token"
14
19
SERVICE_PASSWD_PATH = '/var/lib/keystone/services.passwd'
15
20
21
SSL_DIR = '/var/lib/keystone/juju_ssl/'
22
SSL_CA_NAME = 'Ubuntu Cloud'
23
24
SSH_USER='juju_keystone'
25
16
26
def execute(cmd, die=False, echo=False):
17
27
""" Executes a command
18
28
95
105
cmd += args
96
106
subprocess.check_call(cmd)
97
107
108
109
def unit_get(attribute):
110
cmd = [
111
'unit-get',
112
attribute
113
]
114
value = subprocess.check_output(cmd).strip() # IGNORE:E1103
115
if value == "":
116
return None
117
else:
118
return value
119
120
98
121
def relation_get(relation_data):
99
122
""" Obtain all current relation data
100
123
relation_data is a list of options to query from the relation
356
379
create_role("KeystoneAdmin", config["admin-user"], 'admin')
357
380
create_role("KeystoneServiceAdmin", config["admin-user"], 'admin')
358
381
create_service_entry("keystone", "identity", "Keystone Identity Service")
359
# following documentation here, perhaps we should be using juju
360
# public/private addresses for public/internal urls.
382
361
383
if is_clustered():
362
384
juju_log("Creating endpoint for clustered configuration")
363
385
for region in config['region'].split():
543
565
Broadcast service credentials to peers or consume those that have been
544
566
broadcasted by peer, depending on hook context.
545
567
'''
546
if os.path.basename(sys.argv[0]) == 'cluster-relation-changed':
547
r_data = relation_get_dict()
548
if 'service_credentials' in r_data:
549
juju_log('Saving service passwords from peer.')
550
save_stored_passwords(**json.loads(r_data['service_credentials']))
551
return
552
553
creds = load_stored_passwords()
554
if not creds:
568
if (not eligible_leader() or
569
not os.path.isfile(SERVICE_PASSWD_PATH)):
555
570
return
556
571
juju_log('Synchronizing service passwords to all peers.')
557
creds = json.dumps(creds)
558
for r_id in (relation_ids('cluster') or []):
559
relation_set_2(rid=r_id, service_credentials=creds)
572
unison.sync_to_peers(peer_interface='cluster',
573
paths=[SERVICE_PASSWD_PATH], user=SSH_USER,
574
verbose=True)
575
576
CA = []
577
def get_ca(user='keystone', group='keystone'):
578
"""
579
Initialize a new CA object if one hasn't already been loaded.
580
This will create a new CA or load an existing one.
581
"""
582
if not CA:
583
if not os.path.isdir(SSL_DIR):
584
os.mkdir(SSL_DIR)
585
d_name = '_'.join(SSL_CA_NAME.lower().split(' '))
586
ca = ssl.JujuCA(name=SSL_CA_NAME, user=user, group=group,
587
ca_dir=os.path.join(SSL_DIR,
588
'%s_intermediate_ca' % d_name),
589
root_ca_dir=os.path.join(SSL_DIR,
590
'%s_root_ca' % d_name))
591
# SSL_DIR is synchronized via all peers over unison+ssh, need
592
# to ensure permissions.
593
execute('chown -R %s.%s %s' % (user, group, SSL_DIR))
594
execute('chmod -R g+rwx %s' % SSL_DIR)
595
CA.append(ca)
596
return CA[0]
Loggerhead is a web-based interface for Breezy
Version: 2.0.1