4
4
import lib.openstack_common as openstack
5
import lib.utils as utils
6
import lib.haproxy_utils as haproxy
7
import lib.apache_utils as apache
8
import lib.cluster_utils as cluster
10
from base64 import b64encode
7
13
# Various config files that are managed via templating.
8
SWIFT_HASH_FILE='/var/lib/juju/swift-hash-path.conf'
14
SWIFT_HASH_FILE = '/var/lib/juju/swift-hash-path.conf'
9
15
SWIFT_CONF = '/etc/swift/swift.conf'
10
16
SWIFT_PROXY_CONF = '/etc/swift/proxy-server.conf'
11
17
SWIFT_CONF_DIR = os.path.dirname(SWIFT_CONF)
105
116
if os.path.isfile(SWIFT_HASH_FILE):
106
117
with open(SWIFT_HASH_FILE, 'r') as hashfile:
107
118
swift_hash = hashfile.read().strip()
119
elif utils.config_get('swift-hash'):
120
swift_hash = utils.config_get('swift-hash')
121
with open(SWIFT_HASH_FILE, 'w') as hashfile:
122
hashfile.write(swift_hash)
109
124
cmd = ['od', '-t', 'x8', '-N', '8', '-A', 'n']
110
125
rand = open('/dev/random', 'r')
148
163
'keystone_host': utils.relation_get('auth_host',
150
165
'auth_port': utils.relation_get('auth_port', unit, relid),
151
'service_user': utils.relation_get('service_username', unit, relid),
152
'service_password': utils.relation_get('service_password', unit, relid),
153
'service_tenant': utils.relation_get('service_tenant', unit, relid),
154
'service_port': utils.relation_get('service_port', unit, relid),
155
'admin_token': utils.relation_get('admin_token', unit, relid),
166
'service_user': utils.relation_get('service_username',
168
'service_password': utils.relation_get('service_password',
170
'service_tenant': utils.relation_get('service_tenant',
172
'service_port': utils.relation_get('service_port',
174
'admin_token': utils.relation_get('admin_token',
157
177
if None not in ks_auth.itervalues():
167
187
import multiprocessing
168
188
workers = multiprocessing.cpu_count()
190
env_vars = {'OPENSTACK_SERVICE_SWIFT': 'proxy-server',
191
'OPENSTACK_PORT_API': bind_port,
192
'OPENSTACK_PORT_MEMCACHED': 11211}
193
openstack.save_script_rc(**env_vars)
171
196
'proxy_ip': utils.get_host_ip(),
172
'bind_port': bind_port,
197
'bind_port': cluster.determine_api_port(bind_port),
173
198
'workers': workers,
174
'operator_roles': utils.config_get('operator-roles')
199
'operator_roles': utils.config_get('operator-roles'),
200
'delay_auth_decision': utils.config_get('delay-auth-decision')
177
if utils.config_get('use-https') == 'no':
181
ctxt['ssl_cert'] = SSL_CERT
182
ctxt['ssl_key'] = SSL_KEY
184
205
ks_auth = get_keystone_auth()
193
214
proxy_control('restart')
194
215
subprocess.check_call(['open-port', str(bind_port)])
197
# this should be expanded to cover setting up user-specified certificates
198
if (utils.config_get('use-https') == 'yes' and
199
not os.path.isfile(SSL_CERT) and
200
not os.path.isfile(SSL_KEY)):
201
subj = '/C=%s/ST=%s/L=%s/CN=%s' %\
202
(utils.config_get('country'), utils.config_get('state'),
203
utils.config_get('locale'), utils.config_get('common-name'))
204
cmd = ['openssl', 'req', '-new', '-x509', '-nodes',
205
'-out', SSL_CERT, '-keyout', SSL_KEY,
207
subprocess.check_call(cmd)
210
218
def _load_builder(path):
211
219
# lifted straight from /usr/bin/swift-ring-builder
212
from swift.common.ring import RingBuilder, Ring
220
from swift.common.ring import RingBuilder
213
221
import cPickle as pickle
215
223
builder = pickle.load(open(path, 'rb'))
218
226
builder = RingBuilder(1, 1, 1)
219
227
builder.copy_from(builder_dict)
220
228
except ImportError: # Happens with really old builder pickles
221
modules['swift.ring_builder'] = \
222
modules['swift.common.ring.builder']
223
229
builder = RingBuilder(1, 1, 1)
224
builder.copy_from(pickle.load(open(argv[1], 'rb')))
230
builder.copy_from(pickle.load(open(path, 'rb')))
225
231
for dev in builder.devs:
226
232
if dev and 'meta' not in dev:
379
384
host = utils.relation_get('private-address', unit, relid)
380
385
allowed_hosts.append(utils.get_host_ip(host))
382
ctxt = { 'www_dir': WWW_DIR, 'allowed_hosts': allowed_hosts }
389
'allowed_hosts': allowed_hosts
383
391
with open(APACHE_CONF, 'w') as conf:
384
392
conf.write(render_config(APACHE_CONF, ctxt))
385
subprocess.check_call(['service', 'apache2', 'reload'])
393
utils.reload('apache2')
398
Generates a self signed certificate and key using the
399
provided charm configuration data.
401
returns: tuple of (cert, key)
403
CERT = '/etc/swift/ssl.cert'
404
KEY = '/etc/swift/ssl.key'
405
if (not os.path.exists(CERT) and
406
not os.path.exists(KEY)):
407
subj = '/C=%s/ST=%s/L=%s/CN=%s' %\
408
(utils.config_get('country'), utils.config_get('state'),
409
utils.config_get('locale'), utils.config_get('common-name'))
410
cmd = ['openssl', 'req', '-new', '-x509', '-nodes',
411
'-out', CERT, '-keyout', KEY,
413
subprocess.check_call(cmd)
415
# Slurp as base64 encoded - makes handling easier up the stack
416
with open(CERT, 'r') as cfile:
417
ssl_cert = b64encode(cfile.read())
418
with open(KEY, 'r') as kfile:
419
ssl_key = b64encode(kfile.read())
420
return (ssl_cert, ssl_key)
423
def configure_haproxy():
424
api_port = utils.config_get('bind-port')
427
cluster.determine_haproxy_port(api_port),
428
cluster.determine_api_port(api_port)
432
haproxy.configure_haproxy(service_ports)
435
def configure_https():
437
api_port = utils.config_get('bind-port')
438
if (len(cluster.peer_units()) > 0 or
439
cluster.is_clustered()):
440
target_port = cluster.determine_haproxy_port(api_port)
443
target_port = cluster.determine_api_port(api_port)
445
cert, key = apache.get_cert()
446
if None in (cert, key):
447
cert, key = generate_cert()
448
ca_cert = apache.get_ca_cert()
449
apache.setup_https(namespace="swift",
450
port_maps={api_port: target_port},
451
cert=cert, key=key, ca_cert=ca_cert)
454
def do_openstack_upgrade(source, packages):
455
openstack.configure_installation_source(source)
456
os.environ['DEBIAN_FRONTEND'] = 'noninteractive'
457
subprocess.check_call(['apt-get', 'update'])
458
cmd = ['apt-get', '--option', 'Dpkg::Options::=--force-confnew', '-y',
459
'install'] + packages
460
subprocess.check_call(cmd)