Skip to content

Commit

Permalink
Update certificates offered over ovsdb-subordinate relation.
Browse files Browse the repository at this point in the history
When OVN is reconfigured with a new set of certificates, those need to
be updated over the ovsdb-subordinate relation "chassis-certificates"
key. This allows the principle charm (e.g. Octavia charm) to reconfigure
itself with the new certificates.

Closes-Bug: #1952279
  • Loading branch information
freyes committed Nov 26, 2021
1 parent 412e098 commit 91210db
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 3 deletions.
1 change: 1 addition & 0 deletions lib/charms/ovn_charm.py
Original file line number Diff line number Diff line change
Expand Up @@ -593,6 +593,7 @@ def configure_tls(self, certificates_interface=None):
tls_object['cert'],
tls_object['key'],
cn='host')
reactive.set_flag('ovn.certs.changed')
break
else:
ch_core.hookenv.log('No certificate with CN matching hostname '
Expand Down
7 changes: 5 additions & 2 deletions reactive/ovn_chassis_charm_handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ def configure_nrpe():
@reactive.when_none('charm.paused', 'is-update-status-hook')
@reactive.when(OVN_CHASSIS_ENABLE_HANDLERS_FLAG,
'ovsdb-subordinate.available',
'certificates.available')
'ovn.certs.changed')
def provide_chassis_certificates_to_principal():
ovsdb_subordinate = reactive.endpoint_from_flag(
'ovsdb-subordinate.available')
Expand All @@ -156,4 +156,7 @@ def provide_chassis_certificates_to_principal():
ovn_key.read())
except OSError as e:
ch_core.hookenv.log('Unable to provide principal with '
'chassis certificates: "{}"'.format(str(e)))
'chassis certificates: "{}"'.format(str(e)),
level=ch_core.hookenv.WARNING)

reactive.clear_flag('ovn.certs.changed')
2 changes: 1 addition & 1 deletion unit_tests/test_reactive_ovn_chassis_charm_handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ def test_hooks(self):
'provide_chassis_certificates_to_principal': (
handlers.OVN_CHASSIS_ENABLE_HANDLERS_FLAG,
'ovsdb-subordinate.available',
'certificates.available'),
'ovn.certs.changed'),
},
'when_none': {
'amqp_connection': ('charm.paused', 'is-update-status-hook'),
Expand Down

0 comments on commit 91210db

Please sign in to comment.