← Back to branch summary

~hopem/charms/trusty/keystone/fix-ssl-inject

« back to all changes in this revision

Viewing changes to hooks/keystone_hooks.py

[hopem,r=gnuoy]

Fixes db migration (keystone-manage db-sync) races but preventing
database access/usage until the database is ready and has been
initialised.

Show diffs side-by-side

added added

removed removed

Lines of Context:
hooks/keystone_hooks.py
4
4
import os
5
5
import stat
6
6
import sys
7
 
import time
8
7
 
9
8
from subprocess import check_call
10
9
 
72
71
    is_ssl_cert_master,
73
72
    is_db_ready,
74
73
    clear_ssl_synced_units,
 
74
    is_db_initialised,
75
75
)
76
76
 
77
77
from charmhelpers.contrib.hahelpers.cluster import (
198
198
            level=INFO)
199
199
        return
200
200
 
201
 
    try:
202
 
        migrate_database()
203
 
    except Exception as exc:
204
 
        log("Database initialisation failed (%s) - db not ready?" % (exc),
205
 
            level=WARNING)
206
 
    else:
 
201
    if not is_db_initialised():
 
202
        log("Database not yet initialised - deferring identity-relation "
 
203
            "updates", level=INFO)
 
204
        return
 
205
 
 
206
    if is_elected_leader(CLUSTER_RES):
207
207
        ensure_initial_admin(config)
208
 
        log('Firing identity_changed hook for all related services.')
209
 
        for rid in relation_ids('identity-service'):
210
 
                for unit in related_units(rid):
211
 
                    identity_changed(relation_id=rid, remote_unit=unit)
 
208
 
 
209
    log('Firing identity_changed hook for all related services.')
 
210
    for rid in relation_ids('identity-service'):
 
211
            for unit in related_units(rid):
 
212
                identity_changed(relation_id=rid, remote_unit=unit)
212
213
 
213
214
 
214
215
@synchronize_ca_if_changed(force=True)
233
234
                    level=INFO)
234
235
                return
235
236
 
 
237
            migrate_database()
236
238
            # Ensure any existing service entries are updated in the
237
 
            # new database backend
 
239
            # new database backend. Also avoid duplicate db ready check.
238
240
            update_all_identity_relation_units(check_db_ready=False)
239
241
 
240
242
 
247
249
    else:
248
250
        CONFIGS.write(KEYSTONE_CONF)
249
251
        if is_elected_leader(CLUSTER_RES):
 
252
            if not is_db_ready(use_current_context=True):
 
253
                log('Allowed_units list provided and this unit not present',
 
254
                    level=INFO)
 
255
                return
 
256
 
 
257
            migrate_database()
250
258
            # Ensure any existing service entries are updated in the
251
 
            # new database backend
252
 
            update_all_identity_relation_units()
 
259
            # new database backend. Also avoid duplicate db ready check.
 
260
            update_all_identity_relation_units(check_db_ready=False)
253
261
 
254
262
 
255
263
@hooks.hook('identity-service-relation-changed')
265
273
                "ready - deferring until db ready", level=WARNING)
266
274
            return
267
275
 
 
276
        if not is_db_initialised():
 
277
            log("Database not yet initialised - deferring identity-relation "
 
278
                "updates", level=INFO)
 
279
            return
 
280
 
268
281
        add_service_to_keystone(relation_id, remote_unit)
269
282
        settings = relation_get(rid=relation_id, unit=remote_unit)
270
283
        service = settings.get('service', None)
394
407
    # NOTE(jamespage) re-echo passwords for peer storage
395
408
    echo_whitelist, overrides = \
396
409
        apply_echo_filters(settings, ['_passwd', 'identity-service:',
397
 
                                      'ssl-cert-master'])
 
410
                                      'ssl-cert-master', 'db-initialised'])
398
411
    log("Peer echo overrides: %s" % (overrides), level=DEBUG)
399
412
    relation_set(**overrides)
400
413
    if echo_whitelist:
487
500
 
488
501
    clustered = relation_get('clustered')
489
502
    if clustered and is_elected_leader(CLUSTER_RES):
490
 
        if not is_db_ready():
491
 
                log('Allowed_units list provided and this unit not present',
492
 
                    level=INFO)
493
 
                return
494
 
 
495
 
        ensure_initial_admin(config)
496
503
        log('Cluster configured, notifying other services and updating '
497
504
            'keystone endpoint configuration')
498
 
 
499
505
        update_all_identity_relation_units()
500
506
 
501
507
 
546
552
    if is_elected_leader(CLUSTER_RES):
547
553
        log('Cluster leader - ensuring endpoint configuration is up to '
548
554
            'date', level=DEBUG)
549
 
        time.sleep(10)
550
555
        update_all_identity_relation_units()
551
556
 
552
557