Merge pull request #48958 from wwwtyro/rye/charm-load-balancer-port

Automatic merge from submit-queue (batch tested with PRs 48578, 48895, 48958)

use port configuration

**What this PR does / why we need it**: Uses the `port` config option in the kubeapi-load-balancer charm.

**Release note**:
```release-note
Uses the port config option in the kubeapi-load-balancer charm.
```
This commit is contained in:
Kubernetes Submit Queue 2017-07-14 13:45:55 -07:00 committed by GitHub
commit 60c3dd1bf7
2 changed files with 17 additions and 3 deletions

View File

@ -29,6 +29,7 @@ from charms.layer import nginx
from subprocess import Popen from subprocess import Popen
from subprocess import PIPE from subprocess import PIPE
from subprocess import STDOUT from subprocess import STDOUT
from subprocess import CalledProcessError
@when('certificates.available') @when('certificates.available')
@ -49,6 +50,16 @@ def request_server_certificates(tls):
tls.request_server_cert(common_name, sans, certificate_name) tls.request_server_cert(common_name, sans, certificate_name)
@when('config.changed.port')
def close_old_port():
config = hookenv.config()
old_port = config.previous('port')
try:
hookenv.close_port(old_port)
except CalledProcessError:
hookenv.log('Port %d already closed, skipping.' % old_port)
@when('nginx.available', 'apiserver.available', @when('nginx.available', 'apiserver.available',
'certificates.server.cert.available') 'certificates.server.cert.available')
def install_load_balancer(apiserver, tls): def install_load_balancer(apiserver, tls):
@ -63,20 +74,23 @@ def install_load_balancer(apiserver, tls):
if cert_exists and key_exists: if cert_exists and key_exists:
# At this point the cert and key exist, and they are owned by root. # At this point the cert and key exist, and they are owned by root.
chown = ['chown', 'www-data:www-data', server_cert_path] chown = ['chown', 'www-data:www-data', server_cert_path]
# Change the owner to www-data so the nginx process can read the cert. # Change the owner to www-data so the nginx process can read the cert.
subprocess.call(chown) subprocess.call(chown)
chown = ['chown', 'www-data:www-data', server_key_path] chown = ['chown', 'www-data:www-data', server_key_path]
# Change the owner to www-data so the nginx process can read the key. # Change the owner to www-data so the nginx process can read the key.
subprocess.call(chown) subprocess.call(chown)
hookenv.open_port(hookenv.config('port')) port = hookenv.config('port')
hookenv.open_port(port)
services = apiserver.services() services = apiserver.services()
nginx.configure_site( nginx.configure_site(
'apilb', 'apilb',
'apilb.conf', 'apilb.conf',
server_name='_', server_name='_',
services=services, services=services,
port=hookenv.config('port'), port=port,
server_certificate=server_cert_path, server_certificate=server_cert_path,
server_key=server_key_path, server_key=server_key_path,
) )

View File

@ -8,7 +8,7 @@ upstream target_service {
server { server {
listen 443 ssl http2; listen {{ port }} ssl http2;
server_name {{ server_name }}; server_name {{ server_name }};
access_log /var/log/nginx.access.log; access_log /var/log/nginx.access.log;