Ensure that a valid entry point is used for the uuid token
backend, resolving compatibility with later OpenStack releases.

Change-Id: I566e6a2e9c0aa1fc1afe02dbc9f899cfb0c7a9f6
Closes-Bug: 1722909

We are currently seeing amulet test runs fail due
to keystone ports not being open. This is a result
of haproxy not being restarted once its config has
been setup. This patch fixes this issue by catching
more cases where haproxy config can be changed.

Change-Id: I1d6aa20ba0415cb8bf37b07fd1b128f20a0f8720

The current charm design is to perform a sweep of all units
related on the identity-service interface to ensure that
they have all the correct setting values applied. If the
leader unit is deleted and a new one is elected this will
not happen until some event e.g. config-changed occurs. This
can result in remote units malfunctioning since they think they
are not configured. We resolve this by always doing a sweep when
the leader-elected hook fires.

Also fixes infinite loop edge case when ssl-cert-master switches
as a result of leader switch.

Change-Id: Icd68cc70d81d7d518c918e831056f686dbc7db1e
Closes-Bug: 1721269

Commit 01816c84 forgot to mock out calls to
service_start() and service_stop() that were
added to the install hook which causes test runs
to fail if not run as root.

Change-Id: I07e17242356a80e32c43c289b94c650a299e16b3

Install OpenStack using snaps. By setting openstack-origin to
snap:track/channel or snap:track the charm will use snaps to
install rather than debs. If channel is left off it defaults to
stable. For example: snap:ocata/edge will install the edge version of
Ocata and snap:pike will install the stable version of Pike.

Charm helpers sync for snap related helpers.

Change-Id: I6e3540e4ffe081540404f91061e5c9b7039b3eac

When using Keystone v3, the relation data set by
add_credentials_to_keystone now includes a 'domain'.

Change-Id: I2a4ff4d7c20d4f274479dfe0615dd00940e64d8b
Closes-Bug: 1719751

Change-Id: If150318a81c2415f9e327ef3b9cda577d6f20305

Change-Id: I60eabd566d204c784229ae109a2566dbc501d6a2

Change-Id: If2b71a1f7224ed3837fcfe8b4a0b8ef858e1f842

According to http://docs.python.org/2/library/unittest.html
assert(Not)Equals is a deprecated alias of assert(Not)Equal.

Change-Id: I90c835b3c7cdae6dceb5da061e5ed42bcfd77f4b
Closes-Bug: #1329757

Reset the os_release cache during the OpenStack upgrade process,
ensuring that any post dist-upgrade operations are made in the
context of the new OpenStack release, not the old one.

Change-Id: I3d3584dd8e97f85e16c38e1143f627b03fa63bd0
Closes-Bug: 1715624

The cluster-change-departed hook is tied to the cluster-changed
hook. In the cluster changed hook, there is logic to ensure the
initial admin exists which makes calls to the keystone service.
If the remote database has already been removed (as seen in recent
CI runs), then this will cause the hook to fail execution.

This is safe to remove as the primary purpose of the cluster-changed
hook is to sync the SSL keys and update identity relation units.
There should be no need to sync the keys when a unit is departing
the cluster relation. Likewise, the update of the identity relations
are not needed either as the VIP is used for access to the keystone
services by remote units and the access credentials won't change.

Change-Id: Id8fed284557f67f5676189ec8951b778cf506c97
Closes-Bug: #1713108

Change-Id: I9bd7bf8f07690e89e1f6f9acaafa7ed1a1458526

Change-Id: Ide22dd42fcdc1969c988cdc6eb1a37f6e3c05c0e

Unconfigured keystone service listening on ports destined for haproxy
race with start of haproxy service.

Change-Id: I9f601344e72bd67738429f82151f9683f5ecf8e4
Closes-Bug: #1648396

The code relies on a undocumented (and probably unstable) feature
of CPython to close a file when the reference is GCed.  However,
it's pretty poor practice to do so, so this patchset replaces them
with "with ..." statements to ensure that the files are closed
when no longer being used.

Change-Id: I6f24bc042a820ddd0147247267ee159753cfc1fb

Merge "Modify tests.yaml which specifies bundletester config params with the following key:value pairs:"

Enable dual stack IPv4 and IPv6 VIPs on the same interface.
HAProxy always listens on both IPv4 and IPv6 allowing connectivity
on either protocol.

Update edge cases for is_ssl_cert_master for Bug #1709356.

Update amulet tests for keystoneauth1 tests.

charm-helpers sync for HAProxy template changes.

Closes-Bug: #1709356

Change-Id: I401071fcdd66252f389475d45e8136fc68c474f1

Only enable the [signing] section of the keystone configuration
if PKI token format is in use; other token formats don't have
support for token revocation retrieval.

Note that PKI format tokens are no longer supported >= Pike.

Change-Id: I8179ecc5d37d866588147f639ebc77a870408dfe
Closes-Bug: 1709189

with the following key:value pairs:

- reset_timeout: 600

Change-Id: I7bbb42430bfef4ab658901f86db120ab162de560

Add Panko service to the supported services to support Panko charm
deployment.

Change-Id: Ief1829768bfd9db20923d5684ce621095832e3db

Add gnocchi service to catalog of supported service types
to support gnocchi charm deployment.

Change-Id: I9946374ed42eeb3b580d4b66fc00d16b72da12eb

Use the 'uuid' entry point for token configuration; this has been
supported for some time and future proofs the charm against changes
in the internals of keystone.

Change-Id: I9f16a4b38487069379069c698d713f5b498eb718

Change-Id: I62d6452cf1372afeb99a1e1d9fb8d90adaf8909d

Update charm icon with new version that fits with new circular
design for Juju GUI.

Change-Id: I679de2a437dfb13c3f9cb824ab52b5aaf5787c6b
Closes-Bug: 1686947

Resync charmhelpers for pike version support.

Add pike tests but leave disabled until all charms support pike.

Add support for volumev3 service type for Cinder.

Skip execution of PKI setup for >= pike as its been dropped from
keystone.

Change-Id: I9a4e452cc7b1b90126d1885c37f5a64b8241479d

Use the get_relation_ip function for selecting addresses for the
cluster relationship. Including overrides for the admin, internal,
and public config settings or extra bindings.

Change-Id: I6d92523be1707549751d7153cd395f7bae217952
Partial-Bug: #1687439

- Turn on Zesty-Ocata Amulet test definitions.
- Standardize test-requirements.txt
- Sync charm helpers for various fixes

Change-Id: Ia86ed2cf9557d9eb11f577d641eb3e6920ff9e3e

- sync charmhelpers with fix-alpha helpers
- fix up code where the alpha comparisons are done
- fix tests which assumed mocks would just work on os_release()

Change-Id: I9f4a3b15e53c757c2ae5ffb2eb45b6cdaecf4c8e
Related-Bug: #1659575

When the percona-cluster charm sets an access-network but the default
unit-get address is not on that network extra shared-db relations get
executed. This is specifically a problem when running upgrades and
trying to avoid API downtime.

The root cause is that the access-network is not checked until the
SharedDBContext is consulted. But then db_joined function will
change it back to the wrong ip on subsequent runs.

This change adds a check for access-network on the relation during
the db_joined function and pushes IP selection off to
get_relation_ip.

Charm helpers sync to pull in changes to get_relation_ip.

Change-Id: If1246bbe68d231df0aefea45598dc8c7cd904b87
Partial-bug: #1677647