Merge pull request #48958 from wwwtyro/rye/charm-load-balancer-port

Automatic merge from submit-queue (batch tested with PRs 48578, 48895, 48958)

use port configuration

**What this PR does / why we need it**: Uses the `port` config option in the kubeapi-load-balancer charm.

**Release note**:
```release-note
Uses the port config option in the kubeapi-load-balancer charm.
```
This commit is contained in:
Kubernetes Submit Queue 2017-07-14 13:45:55 -07:00 committed by GitHub
commit 60c3dd1bf7
2 changed files with 17 additions and 3 deletions

View File

@ -29,6 +29,7 @@ from charms.layer import nginx
from subprocess import Popen
from subprocess import PIPE
from subprocess import STDOUT
from subprocess import CalledProcessError
@when('certificates.available')
@ -49,6 +50,16 @@ def request_server_certificates(tls):
tls.request_server_cert(common_name, sans, certificate_name)
@when('config.changed.port')
def close_old_port():
config = hookenv.config()
old_port = config.previous('port')
try:
hookenv.close_port(old_port)
except CalledProcessError:
hookenv.log('Port %d already closed, skipping.' % old_port)
@when('nginx.available', 'apiserver.available',
'certificates.server.cert.available')
def install_load_balancer(apiserver, tls):
@ -63,20 +74,23 @@ def install_load_balancer(apiserver, tls):
if cert_exists and key_exists:
# At this point the cert and key exist, and they are owned by root.
chown = ['chown', 'www-data:www-data', server_cert_path]
# Change the owner to www-data so the nginx process can read the cert.
subprocess.call(chown)
chown = ['chown', 'www-data:www-data', server_key_path]
# Change the owner to www-data so the nginx process can read the key.
subprocess.call(chown)
hookenv.open_port(hookenv.config('port'))
port = hookenv.config('port')
hookenv.open_port(port)
services = apiserver.services()
nginx.configure_site(
'apilb',
'apilb.conf',
server_name='_',
services=services,
port=hookenv.config('port'),
port=port,
server_certificate=server_cert_path,
server_key=server_key_path,
)

View File

@ -8,7 +8,7 @@ upstream target_service {
server {
listen 443 ssl http2;
listen {{ port }} ssl http2;
server_name {{ server_name }};
access_log /var/log/nginx.access.log;