Remove postgresql DB support; This feature is untested as part
of the charms, is not in use and was deprecated as part of
the 1708 charms release.

Change-Id: Ia57a7358fd3567fe0250c45f3e00c07fa83f329c

The default HAProxy timeout values are fairly strict. On a busy cloud
it is common to exceed one or more of these timeouts. The only
indication that HAProxy has exceeded a timeout and dropped the
connection is errors such as "BadStatusLine" or "EOF." These can be
very difficult to diagnose when intermittent.

This charm-helpers sync pulls in the change to update the default
timeout values to more real world settings. These values have been
extensively tested in ServerStack. Configured values will not be
overridden.

Partial Bug: #1736171

Change-Id: I973962a5c1538b0d9afbebea8cebf50d938ecfb5

Bionic, being the next LTS, is important to enable for dev
and test as early as possible ahead of 18.02.

Zesty goes EOL in Jan 2018. The next stable charms release (18.02)
will not provide Zesty series support, as it was an interim
(non-LTS) release.

Change-Id: I02e8eb5c3c2f7fb08a0b6556db12e09b300f3a95

Change-Id: Ic6469d4af7edd755c22d4e31b87d9a36937d3134

Make default func27-smoke xenial-pike
Charm-helpers sync

Change-Id: I289d38e4170d204fbf9b0281b28be28c9e847e65

There was a race where the https apache2 site,
openstack_https_frontend.conf, would be rendered in one hook, then
subsequently the config-changed hook would run and enable that site.
However, the subsequent config-changed hook would see the template as
having not changed and therefore it would fail to restart apache2.
This lead to apache2 failing to listen on the correct ports.

This was due to CONFIGS.write_all() being called but a2ensite not
being called. This change fixes this race and adds a call to
configure_https() to ensure the configuration completes and apache2
is restarted.

Change-Id: I229d25c707a0630c9d609fd20a962a0de2e42c77
Closes-Bug: #1723892

ssl_ca is not necessary when ssl_cert is signed by
a trusted CA, such as GeoTrust, because a trusted
cert chain is in the system already. Users can just
provide ssl_cert and ssl_key to enable SSL endpoint
in that case.

Closes-Bug: #1711354
Change-Id: I4a34df1a2c2bf5705e02b713d968a22f4bbf57cf

Change-Id: I5d4ec43dd7eb3c2512d330262cceceda4c3a55eb
Closes-Bug: #1721200

This change ensures that any password expiry has been removed from
the user that runs unison to synchronize data. The fix is entirely
in charm-helpers so this patch is a simple sync.

Change-Id: I75d6ac0e9be19a87efe16a1095b1afd44f41dc17
Closes-Bug: #1686085

Install and configure memcached on the keystone units and configure
keystone to use the cache. This should speed up token access for
existing tokens.

Change-Id: I26af0a97660e5bbe293a32e6b9e3d209338f905a
Closes-Bug: #1722541

Ensure that a valid entry point is used for the uuid token
backend, resolving compatibility with later OpenStack releases.

Change-Id: I566e6a2e9c0aa1fc1afe02dbc9f899cfb0c7a9f6
Closes-Bug: 1722909

We are currently seeing amulet test runs fail due
to keystone ports not being open. This is a result
of haproxy not being restarted once its config has
been setup. This patch fixes this issue by catching
more cases where haproxy config can be changed.

Change-Id: I1d6aa20ba0415cb8bf37b07fd1b128f20a0f8720

The current charm design is to perform a sweep of all units
related on the identity-service interface to ensure that
they have all the correct setting values applied. If the
leader unit is deleted and a new one is elected this will
not happen until some event e.g. config-changed occurs. This
can result in remote units malfunctioning since they think they
are not configured. We resolve this by always doing a sweep when
the leader-elected hook fires.

Also fixes infinite loop edge case when ssl-cert-master switches
as a result of leader switch.

Change-Id: Icd68cc70d81d7d518c918e831056f686dbc7db1e
Closes-Bug: 1721269

Commit 01816c84 forgot to mock out calls to
service_start() and service_stop() that were
added to the install hook which causes test runs
to fail if not run as root.

Change-Id: I07e17242356a80e32c43c289b94c650a299e16b3

Install OpenStack using snaps. By setting openstack-origin to
snap:track/channel or snap:track the charm will use snaps to
install rather than debs. If channel is left off it defaults to
stable. For example: snap:ocata/edge will install the edge version of
Ocata and snap:pike will install the stable version of Pike.

Charm helpers sync for snap related helpers.

Change-Id: I6e3540e4ffe081540404f91061e5c9b7039b3eac

When using Keystone v3, the relation data set by
add_credentials_to_keystone now includes a 'domain'.

Change-Id: I2a4ff4d7c20d4f274479dfe0615dd00940e64d8b
Closes-Bug: 1719751

Change-Id: If150318a81c2415f9e327ef3b9cda577d6f20305

Change-Id: I60eabd566d204c784229ae109a2566dbc501d6a2

Change-Id: If2b71a1f7224ed3837fcfe8b4a0b8ef858e1f842

According to http://docs.python.org/2/library/unittest.html
assert(Not)Equals is a deprecated alias of assert(Not)Equal.

Change-Id: I90c835b3c7cdae6dceb5da061e5ed42bcfd77f4b
Closes-Bug: #1329757

Reset the os_release cache during the OpenStack upgrade process,
ensuring that any post dist-upgrade operations are made in the
context of the new OpenStack release, not the old one.

Change-Id: I3d3584dd8e97f85e16c38e1143f627b03fa63bd0
Closes-Bug: 1715624

The cluster-change-departed hook is tied to the cluster-changed
hook. In the cluster changed hook, there is logic to ensure the
initial admin exists which makes calls to the keystone service.
If the remote database has already been removed (as seen in recent
CI runs), then this will cause the hook to fail execution.

This is safe to remove as the primary purpose of the cluster-changed
hook is to sync the SSL keys and update identity relation units.
There should be no need to sync the keys when a unit is departing
the cluster relation. Likewise, the update of the identity relations
are not needed either as the VIP is used for access to the keystone
services by remote units and the access credentials won't change.

Change-Id: Id8fed284557f67f5676189ec8951b778cf506c97
Closes-Bug: #1713108

Change-Id: I9bd7bf8f07690e89e1f6f9acaafa7ed1a1458526

Change-Id: Ide22dd42fcdc1969c988cdc6eb1a37f6e3c05c0e

Unconfigured keystone service listening on ports destined for haproxy
race with start of haproxy service.

Change-Id: I9f601344e72bd67738429f82151f9683f5ecf8e4
Closes-Bug: #1648396

The code relies on a undocumented (and probably unstable) feature
of CPython to close a file when the reference is GCed.  However,
it's pretty poor practice to do so, so this patchset replaces them
with "with ..." statements to ensure that the files are closed
when no longer being used.

Change-Id: I6f24bc042a820ddd0147247267ee159753cfc1fb

Merge "Modify tests.yaml which specifies bundletester config params with the following key:value pairs:"

Enable dual stack IPv4 and IPv6 VIPs on the same interface.
HAProxy always listens on both IPv4 and IPv6 allowing connectivity
on either protocol.

Update edge cases for is_ssl_cert_master for Bug #1709356.

Update amulet tests for keystoneauth1 tests.

charm-helpers sync for HAProxy template changes.

Closes-Bug: #1709356

Change-Id: I401071fcdd66252f389475d45e8136fc68c474f1

Only enable the [signing] section of the keystone configuration
if PKI token format is in use; other token formats don't have
support for token revocation retrieval.

Note that PKI format tokens are no longer supported >= Pike.

Change-Id: I8179ecc5d37d866588147f639ebc77a870408dfe
Closes-Bug: 1709189

with the following key:value pairs:

- reset_timeout: 600

Change-Id: I7bbb42430bfef4ab658901f86db120ab162de560

Add Panko service to the supported services to support Panko charm
deployment.

Change-Id: Ief1829768bfd9db20923d5684ce621095832e3db

Add gnocchi service to catalog of supported service types
to support gnocchi charm deployment.

Change-Id: I9946374ed42eeb3b580d4b66fc00d16b72da12eb