charms.openstack

TLS configuration helpers applicable to non-API services

Bug #1840899 reported by Frode Nordahl
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack API Layer
Triaged
Medium
Unassigned
OpenStack Base Layer
Triaged
Medium
Unassigned
charms.openstack
Fix Released
Undecided
Unassigned

Bug Description

The TLS configuration helpers are a property of the ``OpenStackCharm`` class which is appropriate and make them available to non-API OpenStack services such as ``ceilometer`` and ``neutron-dynamic-routing`` as well as not strictly speaking OpenStack services such as ``rabbitmq`` and others.

However, they were originally in the ``HAOpenStackCharm`` class and later moved [0], and unfortunately the helpers carried over assumptions about placement of certificate files.

I think the move was appropriate but the helpers could have been adapted to their new home by providing configurability of certificate placement in the ``OpenStackCharm`` helper and then overriding that to the present defaults in the inherited helper in ``HAOpenStackCharm``.

0: https://review.opendev.org/#/c/623295/

See original description
Frode Nordahl (fnordahl)
description: updated
description: updated
Frode Nordahl (fnordahl)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charms.openstack (master)

Reviewed: https://review.opendev.org/678598
Committed: https://git.openstack.org/cgit/openstack/charms.openstack/commit/?id=954bbf623d932c7e181b1c4d472f61ca7a4cf643
Submitter: Zuul
Branch: master

commit 954bbf623d932c7e181b1c4d472f61ca7a4cf643
Author: Frode Nordahl <email address hidden>
Date: Mon Aug 26 10:20:45 2019 +0200

    Move TLS related helpers to ``OpenStackCharm`` base class

    TLS configuration is applicable to non-API services too.

    Retains compability with the existing usage pattern by extending
    the helpers with current defaults in the ``HAOpenStackCharm``
    class.

    Deprecates references to the Keystone interface as a source of
    certificate data. This has been removed from the Keystone charm:
    openstack/charm-keystone/commit/17b24e7fde8e4c8c276a4f392cbae0d1d0ed2615

    Reactive handling counterparts:
    Depends-On: I007275c041ca5465664a6b5d441e56c0316c405d
    Depends-On: I12f45236632b608e07fdd35d31b90b84ca92eb1f

    Change-Id: I8a72acd451dd21e1b042b7f71f6d98e164737ac1
    Closes-Bug: #1840899

Changed in charms.openstack:
status: New → Fix Released
Alex Kavanagh (ajkavanagh)
Changed in layer-openstack:
status: New → Triaged
importance: Undecided → Medium
Changed in layer-openstack-api:
status: New → Triaged
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.