Merge lp://qastaging/~lathiat/charms/trusty/glance-simplestreams-sync/trunk into lp://qastaging/charms/trusty/glance-simplestreams-sync

In my tests, this has worked with ceph/ceph deployment of Landscape Autopilot, but failed when swift/iscsi and swift/ceph were used due to Authorization errors.

A glance-simplestreams-sync.log is at http://paste.ubuntu.com/15806629/.

Btw, please respect the PEP-8 as well (80-character line length limit).

To expand on the above, the problem seems to be that the keystone catalog has an "admin" tenant ID in the object_store URL (/v1/AUTH_<admin-tenant-id>), whereas the old code had the "services" tenant ID.

However, if I use the more recent API ("openstack endpoint list") and then "openstack endpoint show <object-store-service-id>", I get:

+--------------+-------------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------------+
| adminurl | http://10.44.199.170:8080 |
| enabled | True |
| id | 69ff557520f24f27bf8d04761b5bf350 |
| internalurl | http://10.44.199.170:8080/v1/AUTH_$(tenant_id)s |
| publicurl | http://10.44.199.170:8080/v1/AUTH_$(tenant_id)s |
| region | region1 |
| service_id | e0d9101e28f24bb09cc101e8575c2df7 |
| service_name | swift |
| service_type | object-store |
+--------------+-------------------------------------------------+

What we need to do is to get those internalurl and publicurl values and replace $(tenant_id)s with "services" tenant ID in there. I am looking at how I get at this right now.

According to your log that was the services tenant_id:

"tenant": {"description": "Created by Juju", "enabled": true, "id": "a953d9d28c0d4e9cb014c50d425b7671", "name": "services"}

INFO * 04-13 08:56:17 [PID:9560] * swiftclient * REQ: curl -i http://10.44.199.160:8080/v1/AUTH_a953d9d28c0d4e9cb014c50d425b7671/simplestreams -X PUT -H "Content-Length: 0" -H "X-Auth-Token: b2b261223cc349328a01403b27a2b3c4" -H "X-Container-Read: .r:*,.rlistings"

INFO * 04-13 08:56:17 [PID:9560] * swiftclient * RESP STATUS: 401 Unauthorized

The auth token in use was also for services. Suspect something else is at play. Will test.

Ok, I was wrong above (too many things going on at once). This branch does work, but might hit a bit of a race with swift setup and thus hit the ClientException as above.

I've worked around that using https://pastebin.canonical.com/154167/ (mostly whitespace fixes, but also adding exception handling to keep the per-minute cronjob if swiftclient.ClientException is caught). In my last run, I haven't hit it, but as I said, it will sometimes happen with automated installs and sometimes not.