The glance swift store configuration requires use of the domain
id for the service domain; update data set for identity-service
relation to include service_domain_id.

Change-Id: Ie6e2733f34de10a4d34b18dbf1fd9ba623af0e18
Closes-Bug: 1752027

Change-Id: I28e9aa3687e24cacb70a2a54f1306f6be86f4c74

For Queens keystone v2 has been dropped. V3 is the only valid API
version. The charm has already made this change. This change is to
bring the amulet test up to match by creating a separate class.

Charm-helpers sync

Enlarging the amulet timeout value.

Change-Id: I822624bdf45bfb060dd75ba3b10e71984bc10e48

A trivial change to test gerrit setup.

Change-Id: I7883eb1edd53fd3bd29dc878c667397ba6b4506a

Notable issues resolved:

openstack_upgrade_available() broken for swift
https://bugs.launchpad.net/charm-swift-proxy/+bug/1743847

haproxy context doesn't consider bindings
https://bugs.launchpad.net/charm-helpers/+bug/1735421

regression in haproxy check
https://bugs.launchpad.net/charm-helpers/+bug/1743287

Change-Id: Ia65aadc4b024802826d81953dec1183f3785a0eb

Drop support for deployment from Git repositories, as deprecated
in the 17.02 charm release.  This feature is unmaintained and has
no known users.

Change-Id: Ic054e29ef55d8890a3130af16b48f105efcf8f6a

Whenm generating a username associated with multiple charm the
username was derived from the keys of an unordered dict making the
username liable to change. This patch sorts the keys and makes the
username stable.

Change-Id: I0f857d7c2d5c4abf4843bc3fe1a9848164048fe2
Closes-Bug: #1739409

Remove postgresql DB support; This feature is untested as part
of the charms, is not in use and was deprecated as part of
the 1708 charms release.

Change-Id: Ia57a7358fd3567fe0250c45f3e00c07fa83f329c

Keystone@Queens removes support for the v2 API; switch default
to v3 API from Queens onwards and ensure that charm users can
only provide 3 as via the preferred-api-version for >= Queens.

Change-Id: I58fcbaa7fc385bef77544be349c7d461e3e5559b

The default HAProxy timeout values are fairly strict. On a busy cloud
it is common to exceed one or more of these timeouts. The only
indication that HAProxy has exceeded a timeout and dropped the
connection is errors such as "BadStatusLine" or "EOF." These can be
very difficult to diagnose when intermittent.

This charm-helpers sync pulls in the change to update the default
timeout values to more real world settings. These values have been
extensively tested in ServerStack. Configured values will not be
overridden.

Partial Bug: #1736171

Change-Id: I973962a5c1538b0d9afbebea8cebf50d938ecfb5

Bionic, being the next LTS, is important to enable for dev
and test as early as possible ahead of 18.02.

Zesty goes EOL in Jan 2018. The next stable charms release (18.02)
will not provide Zesty series support, as it was an interim
(non-LTS) release.

Change-Id: I02e8eb5c3c2f7fb08a0b6556db12e09b300f3a95

Change-Id: Ic6469d4af7edd755c22d4e31b87d9a36937d3134

Make default func27-smoke xenial-pike
Charm-helpers sync

Change-Id: I289d38e4170d204fbf9b0281b28be28c9e847e65

There was a race where the https apache2 site,
openstack_https_frontend.conf, would be rendered in one hook, then
subsequently the config-changed hook would run and enable that site.
However, the subsequent config-changed hook would see the template as
having not changed and therefore it would fail to restart apache2.
This lead to apache2 failing to listen on the correct ports.

This was due to CONFIGS.write_all() being called but a2ensite not
being called. This change fixes this race and adds a call to
configure_https() to ensure the configuration completes and apache2
is restarted.

Change-Id: I229d25c707a0630c9d609fd20a962a0de2e42c77
Closes-Bug: #1723892

ssl_ca is not necessary when ssl_cert is signed by
a trusted CA, such as GeoTrust, because a trusted
cert chain is in the system already. Users can just
provide ssl_cert and ssl_key to enable SSL endpoint
in that case.

Closes-Bug: #1711354
Change-Id: I4a34df1a2c2bf5705e02b713d968a22f4bbf57cf

Change-Id: I5d4ec43dd7eb3c2512d330262cceceda4c3a55eb
Closes-Bug: #1721200

This change ensures that any password expiry has been removed from
the user that runs unison to synchronize data. The fix is entirely
in charm-helpers so this patch is a simple sync.

Change-Id: I75d6ac0e9be19a87efe16a1095b1afd44f41dc17
Closes-Bug: #1686085

Install and configure memcached on the keystone units and configure
keystone to use the cache. This should speed up token access for
existing tokens.

Change-Id: I26af0a97660e5bbe293a32e6b9e3d209338f905a
Closes-Bug: #1722541

Ensure that a valid entry point is used for the uuid token
backend, resolving compatibility with later OpenStack releases.

Change-Id: I566e6a2e9c0aa1fc1afe02dbc9f899cfb0c7a9f6
Closes-Bug: 1722909

We are currently seeing amulet test runs fail due
to keystone ports not being open. This is a result
of haproxy not being restarted once its config has
been setup. This patch fixes this issue by catching
more cases where haproxy config can be changed.

Change-Id: I1d6aa20ba0415cb8bf37b07fd1b128f20a0f8720

The current charm design is to perform a sweep of all units
related on the identity-service interface to ensure that
they have all the correct setting values applied. If the
leader unit is deleted and a new one is elected this will
not happen until some event e.g. config-changed occurs. This
can result in remote units malfunctioning since they think they
are not configured. We resolve this by always doing a sweep when
the leader-elected hook fires.

Also fixes infinite loop edge case when ssl-cert-master switches
as a result of leader switch.

Change-Id: Icd68cc70d81d7d518c918e831056f686dbc7db1e
Closes-Bug: 1721269

Commit 01816c84 forgot to mock out calls to
service_start() and service_stop() that were
added to the install hook which causes test runs
to fail if not run as root.

Change-Id: I07e17242356a80e32c43c289b94c650a299e16b3

Install OpenStack using snaps. By setting openstack-origin to
snap:track/channel or snap:track the charm will use snaps to
install rather than debs. If channel is left off it defaults to
stable. For example: snap:ocata/edge will install the edge version of
Ocata and snap:pike will install the stable version of Pike.

Charm helpers sync for snap related helpers.

Change-Id: I6e3540e4ffe081540404f91061e5c9b7039b3eac

When using Keystone v3, the relation data set by
add_credentials_to_keystone now includes a 'domain'.

Change-Id: I2a4ff4d7c20d4f274479dfe0615dd00940e64d8b
Closes-Bug: 1719751

Change-Id: If150318a81c2415f9e327ef3b9cda577d6f20305

Change-Id: I60eabd566d204c784229ae109a2566dbc501d6a2

Change-Id: If2b71a1f7224ed3837fcfe8b4a0b8ef858e1f842

According to http://docs.python.org/2/library/unittest.html
assert(Not)Equals is a deprecated alias of assert(Not)Equal.

Change-Id: I90c835b3c7cdae6dceb5da061e5ed42bcfd77f4b
Closes-Bug: #1329757

Reset the os_release cache during the OpenStack upgrade process,
ensuring that any post dist-upgrade operations are made in the
context of the new OpenStack release, not the old one.

Change-Id: I3d3584dd8e97f85e16c38e1143f627b03fa63bd0
Closes-Bug: 1715624

The cluster-change-departed hook is tied to the cluster-changed
hook. In the cluster changed hook, there is logic to ensure the
initial admin exists which makes calls to the keystone service.
If the remote database has already been removed (as seen in recent
CI runs), then this will cause the hook to fail execution.

This is safe to remove as the primary purpose of the cluster-changed
hook is to sync the SSL keys and update identity relation units.
There should be no need to sync the keys when a unit is departing
the cluster relation. Likewise, the update of the identity relations
are not needed either as the VIP is used for access to the keystone
services by remote units and the access credentials won't change.

Change-Id: Id8fed284557f67f5676189ec8951b778cf506c97
Closes-Bug: #1713108