commit c37081f441167ac1bd61140b9a3e263b09186e0c Author: Liam Young Date: Thu Sep 24 12:16:28 2020 +0000 Fix race in http <-> https switch If the charm switches the service from http to https (or vice versa) and the default identity-service handler has already run during this hook execution then keystone is not informed of the change until a subsequant hook execution. This subsequant hook could be update-status as the charm currently does not disable any of its methods during update-status hooks. Change-Id: I5f11c2439b74f893b757951cab3da4d49888375c diff --git a/src/reactive/placement_handlers.py b/src/reactive/placement_handlers.py index 75612ac..e3814af 100644 --- a/src/reactive/placement_handlers.py +++ b/src/reactive/placement_handlers.py @@ -16,6 +16,7 @@ import charms.reactive as reactive import charms_openstack.bus import charms_openstack.charm +import charmhelpers.core as ch_core charms_openstack.bus.discover() @@ -37,9 +38,22 @@ charms_openstack.charm.use_defaults( @reactive.when('identity-service.available') def render_config(*args): with charms_openstack.charm.provide_charm_instance() as placement_charm: + pre_ssl_enabled = placement_charm.get_state('ssl.enabled') placement_charm.configure_tls( certificates_interface=reactive.endpoint_from_flag( 'certificates.available')) + ssl_enabled = placement_charm.get_state('ssl.enabled') + if ssl_enabled != pre_ssl_enabled: + ch_core.hookenv.log(( + "Detected switch to ssl.enabled: {}. " + "Informing keystone.").format(ssl_enabled)) + keystone = reactive.endpoint_from_flag( + 'identity-service.available') + keystone.register_endpoints(placement_charm.service_type, + placement_charm.region, + placement_charm.public_url, + placement_charm.internal_url, + placement_charm.admin_url) placement_charm.upgrade_if_available(args) placement_charm.render_with_interfaces(args) placement_charm.assess_status()