Tidyup mojo cert unseal

zaza/openstack/charm_tests/series_upgrade/tests.py

@@ -83,12 +83,14 @@ class SeriesUpgradeTest(unittest.TestCase):
                 pause_non_leader_primary = False
                 pause_non_leader_subordinate = False
             if "vault" in applications[application]["charm"]:
+                origin = None
+                pause_non_leader_primary = False
+                pause_non_leader_subordinate = True
                 post_upgrade_functions = [
                     ('zaza.openstack.charm_tests.vault.setup.'
-                     'basic_unseal_mojo_cacert')]
-            if ("mongodb" in applications[application]["charm"] or
-                    "vault" in applications[application]["charm"]):
-                # Mongodb and vault need to run series upgrade
+                     'mojo_unseal_by_unit')]
+            if "mongodb" in applications[application]["charm"]:
+                # Mongodb needs to run series upgrade
                 # on its secondaries first.
                 generic_utils.series_upgrade_non_leaders_first(
                     application,

zaza/openstack/charm_tests/vault/setup.py

@@ -15,7 +15,6 @@
 """Run configuration phase."""
 
 import functools
-import os
 import requests
 import tempfile
 
@@ -24,6 +23,7 @@ import zaza.openstack.charm_tests.vault.utils as vault_utils
 import zaza.model
 import zaza.openstack.utilities.cert
 import zaza.openstack.utilities.openstack
+import zaza.openstack.utilities.generic
 
 
 def basic_setup(cacert=None, unseal_and_authorize=False):
@@ -52,21 +52,17 @@ def basic_setup_and_unseal(cacert=None):
         zaza.model.run_on_unit(unit.name, './hooks/update-status')
 
 
-def basic_unseal_mojo_cacert():
-    """Unseal Vault and search for cacert to use.
-
-    This is designed to be used from a mojo spec where certs are stored in the
-    $MOJO_LOCAL directory.
-    """
-    try:
-        cert_dir = os.environ['MOJO_LOCAL_DIR']
-    except KeyError:
-        raise Exception("Could not find cacert.pem, MOJO_LOCAL unset")
-    cacert = os.path.join(cert_dir, 'cacert.pem')
-    if os.path.exists(cacert):
-        basic_setup_and_unseal(cacert=cacert)
-    else:
-        raise Exception("Could not find cacert.pem")
+def mojo_unseal_by_unit():
+    """Unseal any units reported as sealed using mojo cacert."""
+    cacert = zaza.openstack.utilities.generic.get_mojo_cacert()
+    vault_creds = vault_utils.get_credentails()
+    for client in vault_utils.get_clients(cacert=cacert):
+        if client.hvac_client.is_sealed():
+            client.hvac_client.unseal(vault_creds['keys'][0])
+            unit_name = zaza.utilities.juju.get_unit_name_from_ip_address(
+                client.addr,
+                'vault')
+            zaza.model.run_on_unit(unit_name, './hooks/update-status')
 
 
 def auto_initialize(cacert=None, validation_application='keystone'):

zaza/openstack/charm_tests/vault/utils.py

@@ -55,10 +55,6 @@ class VaultFacade:
         self.vip_client = get_vip_client(cacert=cacert)
         if self.vip_client:
             self.unseal_client = self.vip_client
-            try:
-                self.unseal_client.hvac_client.is_initialized()
-            except requests.exceptions.ConnectionError:
-                self.unseal_client = self.clients[0]
         else:
             self.unseal_client = self.clients[0]
         self.initialized = is_initialized(self.unseal_client)

zaza/openstack/utilities/exceptions.py

@@ -184,3 +184,9 @@ class PolicydError(Exception):
     """Policyd override failed."""
 
     pass
+
+
+class CACERTNotFound(Exception):
+    """Could not find cacert."""
+
+    pass

zaza/openstack/utilities/generic.py

@@ -850,3 +850,22 @@ def systemctl(unit, service, command="restart"):
         unit.entity_id, cmd)
     assert int(result['Code']) == 0, (
         "{} of {} on {} failed".format(command, service, unit.entity_id))
+
+
+def get_mojo_cacert():
+    """Retrieve cacert from Mojo storage location.
+
+    :returns: Pathh to cacert
+    :rtype: str
+    :raises: zaza_exceptions.CACERTNotFound
+    """
+    try:
+        cert_dir = os.environ['MOJO_LOCAL_DIR']
+    except KeyError:
+        raise zaza_exceptions.CACERTNotFound(
+            "Could not find cacert.pem, MOJO_LOCAL_DIR unset")
+    cacert = os.path.join(cert_dir, 'cacert.pem')
+    if os.path.exists(cacert):
+        return cacert
+    else:
+        raise zaza_exceptions.CACERTNotFound("Could not find cacert.pem")