Landscape Charm

Merge lp://qastaging/~danilo/landscape-charm/pppa-proxy-haproxy-rules into lp://qastaging/~landscape/landscape-charm/trunk

  1. pppa-proxy-haproxy-rules
  2. Merge into trunk
Proposed by Данило Шеган
Status: Merged
Approved by: Данило Шеган
Approved revision: 384
Merged at revision: 373
Proposed branch: lp://qastaging/~danilo/landscape-charm/pppa-proxy-haproxy-rules
Merge into: lp://qastaging/~landscape/landscape-charm/trunk
Prerequisite: lp://qastaging/~danilo/landscape-charm/gpg-options
Diff against target: 406 lines (+185/-23)
4 files modified
dev/ubuntu-deps (+2/-2)
lib/relations/haproxy.py (+50/-6)
lib/relations/tests/test_haproxy.py (+128/-13)
lib/services.py (+5/-2)
To merge this branch: bzr merge lp://qastaging/~danilo/landscape-charm/pppa-proxy-haproxy-rules
Reviewer Review Type Date Requested Status
Chris Glass (community) Approve
🤖 Landscape Builder test results Approve
Free Ekanayaka (community) Approve
Review via email: mp+309484@code.qastaging.launchpad.net

Commit message

Introduce haproxy rules to expose pppa-proxy with charmed Landscape

Since "option httpchk" is applied globally, and pppa-proxy requires authentication even on "HEAD /" HTTP request, that has been commented out for the time being.

If root-url is set on the landscape-server charm, we expose the service using "archive.<root-hostname>" domain name, and if it's not defined, we expose it using a relative path "/archive".

We are not doing anything special for SSL certificates to cover both domains, which might be needed, but could be solved with either wildcard or altSubjectName certs as well.

Description of the change

Introduce haproxy rules to expose pppa-proxy with charmed Landscape

Since "option httpchk" is applied globally, and pppa-proxy requires authentication even on "HEAD /" HTTP request, that has been commented out for t he time being.

If root-url is set on the landscape-server charm, we expose the service using "archive.<root-hostname>" domain name, and if it's not defined, we expose it using a relative path "/archive".

I am not doing anything special for SSL certificates to cover both domains, which might be needed, but could be solved with either wildcard or altSubjectName certs as well.

Testing instructions:

1. Deploy a full bundle including landscape-hosted (following instructions from https://code.launchpad.net/~danilo/landscape-hosted-charm/gpg-options/+merge/309107 can get you most of the way there, just replace the landscape charm with this version which includes gpg-options)

2. Browse to haproxy-IP/archive (use username and password you get from "how-to-get-dedicated" page in step 1)

3. Set root-url:

   juju set landscape-server root-url=https://landscape.dev/

4. Eg. edit /etc/hosts to point archive.landscape.dev to haproxy IP

5. Browse to https://archive.landscape.dev/ and make sure that works too

To post a comment you must log in.
Revision history for this message
🤖 Landscape Builder (landscape-builder) :
review: Abstain (executing tests)
Revision history for this message
🤖 Landscape Builder (landscape-builder) wrote :

Command: make ci-test
Result: Fail
Revno: 380
Branch: lp:~danilo/landscape-charm/pppa-proxy-haproxy-rules
Jenkins: https://ci.lscape.net/job/latch-test-trusty/15/

review: Needs Fixing (test results)
lp://qastaging/~danilo/landscape-charm/pppa-proxy-haproxy-rules updated
381. By Данило Шеган

Fix python3 import of urlparse for tests.

Revision history for this message
🤖 Landscape Builder (landscape-builder) :
review: Abstain (executing tests)
Revision history for this message
🤖 Landscape Builder (landscape-builder) wrote :

Command: make ci-test
Result: Success
Revno: 381
Branch: lp:~danilo/landscape-charm/pppa-proxy-haproxy-rules
Jenkins: https://ci.lscape.net/job/latch-test-trusty/16/

review: Approve (test results)
Revision history for this message
Free Ekanayaka (free.ekanayaka) wrote :

Looks good to me, I just have a few questions/points I'd like to get answered on.

review: Needs Information
lp://qastaging/~danilo/landscape-charm/pppa-proxy-haproxy-rules updated
382. By Данило Шеган

Switch to python-six for urlparse import (review by Free).

Revision history for this message
🤖 Landscape Builder (landscape-builder) :
review: Abstain (executing tests)
Revision history for this message
🤖 Landscape Builder (landscape-builder) wrote :

Command: make ci-test
Result: Success
Revno: 382
Branch: lp:~danilo/landscape-charm/pppa-proxy-haproxy-rules
Jenkins: https://ci.lscape.net/job/latch-test-trusty/19/

review: Approve (test results)
Revision history for this message
Данило Шеган (danilo) wrote :

Addressed your questions, Free. I am splitting out the pppa-proxy backends addition from get_https.

lp://qastaging/~danilo/landscape-charm/pppa-proxy-haproxy-rules updated
383. By Данило Шеган

Split out _add_pppa_proxy_backends() out of _get_https() method.

Revision history for this message
🤖 Landscape Builder (landscape-builder) :
review: Abstain (executing tests)
Revision history for this message
🤖 Landscape Builder (landscape-builder) wrote :

Command: make ci-test
Result: Success
Revno: 383
Branch: lp:~danilo/landscape-charm/pppa-proxy-haproxy-rules
Jenkins: https://ci.lscape.net/job/latch-test-trusty/20/

review: Approve (test results)
Revision history for this message
Данило Шеган (danilo) :
Revision history for this message
Данило Шеган (danilo) :
Revision history for this message
Free Ekanayaka (free.ekanayaka) wrote :

+1 with a few notes

review: Approve
Revision history for this message
Free Ekanayaka (free.ekanayaka) :
Revision history for this message
Данило Шеган (danilo) :
Revision history for this message
🤖 Landscape Builder (landscape-builder) :
review: Abstain (executing tests)
Revision history for this message
🤖 Landscape Builder (landscape-builder) wrote :

Command: make ci-test
Result: Success
Revno: 384
Branch: lp:~danilo/landscape-charm/pppa-proxy-haproxy-rules
Jenkins: https://ci.lscape.net/job/latch-test-trusty/21/

review: Approve (test results)
lp://qastaging/~danilo/landscape-charm/pppa-proxy-haproxy-rules updated
384. By Данило Шеган

Drop _has_ppa_proxy helper method..

Revision history for this message
David Britton (dpb) wrote :

On Fri, Oct 28, 2016 at 01:42:29PM -0000, Free Ekanayaka wrote:
>
> As wish. From a technical point of view I remain that the better fix
> would to make the pppa-proxy service support the same HTTP HEAD
> request that all our services support for haproxy-related health
> checks. Changing the charm to support per-backend options sounds a
> good feature on its own, but I'd say not one we should need at the
> moment, since we are in control of the pppa-proxy code and we should
> be able to implement a uniform HTTP check interface across all our
> services.
>
> If share this point of view, I could give it a try, as said.

+1, sounds like a much more sane approach.

--
David Britton <email address hidden>

Revision history for this message
🤖 Landscape Builder (landscape-builder) :
review: Abstain (executing tests)
Revision history for this message
🤖 Landscape Builder (landscape-builder) wrote :

Command: make ci-test
Result: Success
Revno: 384
Branch: lp:~danilo/landscape-charm/pppa-proxy-haproxy-rules
Jenkins: https://ci.lscape.net/job/latch-test-trusty/22/

review: Approve (test results)
Revision history for this message
Chris Glass (tribaal) wrote :

+1!

Sorry it took so long, I wanted to try it out.

review: Approve
Revision history for this message
Данило Шеган (danilo) wrote :

Not at all, thanks for being diligent!

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches