more

2015-02-16 23:56:01 +00:00 · 2015-02-16 23:56:01 +00:00 · e092465fe4
commit e092465fe4
parent 717d6776b9
3 changed files with 61 additions and 49 deletions
--- a/hooks/keystone_hooks.py
+++ b/hooks/keystone_hooks.py
@ -4,7 +4,6 @@ import json
 import os
 import stat
 import sys
-import time

 from subprocess import check_call

@ -72,6 +71,7 @@ from keystone_utils import (
    is_ssl_cert_master,
    is_db_ready,
    clear_ssl_synced_units,
+    is_db_initialised,
 )

 from charmhelpers.contrib.hahelpers.cluster import (
@ -146,17 +146,10 @@ def config_changed():
    update_nrpe_config()
    CONFIGS.write_all()

-    if is_elected_leader(CLUSTER_RES):
-        if not is_db_ready():
-            log("Database not ready - skipping db migration and "
-                "identity-relation updates", level=INFO)
-        else:
-            migrate_database(force=True)
-            # Update relations since SSL may have been configured. If we have
-            # peer units we can rely on the sync to do this in cluster
-            # relation.
-            if not peer_units():
-                update_all_identity_relation_units()
+    # Update relations since SSL may have been configured. If we have peer
+    # units we can rely on the sync to do this in cluster relation.
+    if is_elected_leader(CLUSTER_RES) and not peer_units():
+        update_all_identity_relation_units()

    for rid in relation_ids('identity-admin'):
        admin_relation_changed(rid)
@ -205,8 +198,14 @@ def update_all_identity_relation_units(check_db_ready=True):
            level=INFO)
        return

-    migrate_database()
-    ensure_initial_admin(config)
+    if not is_db_initialised():
+        log("Database not yet initialised - deferring identity-relation "
+            "updates", level=INFO)
+        return
+
+    if is_elected_leader(CLUSTER_RES):
+        ensure_initial_admin(config)
+
    log('Firing identity_changed hook for all related services.')
    for rid in relation_ids('identity-service'):
            for unit in related_units(rid):
@ -235,6 +234,8 @@ def db_changed():
                    level=INFO)
                return

+            migrate_database()
+
            # Ensure any existing service entries are updated in the
            # new database backend. Also avoid duplicate db ready check.
            update_all_identity_relation_units(check_db_ready=False)
@ -249,9 +250,15 @@ def pgsql_db_changed():
    else:
        CONFIGS.write(KEYSTONE_CONF)
        if is_elected_leader(CLUSTER_RES):
+            if not is_db_ready(use_current_context=True):
+                log('Allowed_units list provided and this unit not present',
+                    level=INFO)
+                return
+
+            migrate_database()
            # Ensure any existing service entries are updated in the
-            # new database backend
-            update_all_identity_relation_units()
+            # new database backend. Also avoid duplicate db ready check.
+            update_all_identity_relation_units(check_db_ready=False)


@hooks.hook('identity-service-relation-changed')
@ -267,7 +274,11 @@ def identity_changed(relation_id=None, remote_unit=None):
                "ready - deferring until db ready", level=WARNING)
            return

-        migrate_database()
+        if not is_db_initialised():
+            log("Database not yet initialised - deferring identity-relation "
+                "updates", level=INFO)
+            return
+
        add_service_to_keystone(relation_id, remote_unit)
        settings = relation_get(rid=relation_id, unit=remote_unit)
        service = settings.get('service', None)
@ -490,16 +501,8 @@ def ha_changed():

    clustered = relation_get('clustered')
    if clustered and is_elected_leader(CLUSTER_RES):
-        if not is_db_ready():
-                log('Allowed_units list provided and this unit not present',
-                    level=INFO)
-                return
-
-        migrate_database()
-        ensure_initial_admin(config)
        log('Cluster configured, notifying other services and updating '
            'keystone endpoint configuration')
-
        update_all_identity_relation_units()


@ -550,14 +553,6 @@ def upgrade_charm():
    if is_elected_leader(CLUSTER_RES):
        log('Cluster leader - ensuring endpoint configuration is up to '
            'date', level=DEBUG)
-
-        if not is_db_ready():
-            log("Database not ready - deferring to shared-db relation",
-                level=INFO)
-            return
-
-        migrate_database(force=True)
-        time.sleep(10)
        update_all_identity_relation_units()


--- a/hooks/keystone_utils.py
+++ b/hooks/keystone_utils.py
@ -315,7 +315,7 @@ def do_openstack_upgrade(configs):

    if is_elected_leader(CLUSTER_RES):
        if is_db_ready():
-            migrate_database(force=True)
+            migrate_database()
        else:
            log("Database not ready - deferring to shared-db relation",
                level=INFO)
@ -335,18 +335,16 @@ def is_db_initialised():
            db_initialised = relation_get(attribute='db-initialised',
                                          unit=unit, rid=rid)
            if db_initialised:
+                log("Database is initialised", level=DEBUG)
                return True

+    log("Database is NOT initialised", level=DEBUG)
    return False


-def migrate_database(force=False):
+def migrate_database():
    """Runs keystone-manage to initialize a new database or migrate existing"""
-    if not force and is_db_initialised():
-        log('Keystone DB already migrated - skipping', level=INFO)
-        return
-
-    log('Migrating the keystone database. (force=%s)' % force, level=INFO)
+    log('Migrating the keystone database.', level=INFO)
    service_stop('keystone')
    # NOTE(jamespage) > icehouse creates a log file as root so use
    # sudo to execute as keystone otherwise keystone won't start
@ -354,8 +352,8 @@ def migrate_database(force=False):
    cmd = ['sudo', '-u', 'keystone', 'keystone-manage', 'db_sync']
    subprocess.check_output(cmd)
    service_start('keystone')
-    set_db_initialised()
    time.sleep(10)
+    set_db_initialised()

 # OLD

--- a/unit_tests/test_keystone_hooks.py
+++ b/unit_tests/test_keystone_hooks.py
@ -63,7 +63,6 @@ TO_PATCH = [
    'execd_preinstall',
    'mkdir',
    'os',
-    'time',
    # ip
    'get_iface_for_address',
    'get_netmask_for_address',
@ -203,6 +202,7 @@ class KeystoneRelationTests(CharmTestCase):
        configs.write = MagicMock()
        hooks.pgsql_db_changed()

+    @patch.object(hooks, 'is_db_initialised')
    @patch.object(hooks, 'is_db_ready')
    @patch('keystone_utils.log')
    @patch('keystone_utils.ensure_ssl_cert_master')
@ -210,7 +210,9 @@ class KeystoneRelationTests(CharmTestCase):
    @patch.object(hooks, 'identity_changed')
    def test_db_changed_allowed(self, identity_changed, configs,
                                mock_ensure_ssl_cert_master,
-                                mock_log, mock_is_db_ready):
+                                mock_log, mock_is_db_ready,
+                                mock_is_db_initialised):
+        mock_is_db_initialised.return_value = True
        mock_is_db_ready.return_value = True
        mock_ensure_ssl_cert_master.return_value = False
        self.relation_ids.return_value = ['identity-service:0']
@ -247,12 +249,14 @@ class KeystoneRelationTests(CharmTestCase):

    @patch('keystone_utils.log')
    @patch('keystone_utils.ensure_ssl_cert_master')
+    @patch.object(hooks, 'is_db_initialised')
    @patch.object(hooks, 'is_db_ready')
    @patch.object(hooks, 'CONFIGS')
    @patch.object(hooks, 'identity_changed')
    def test_postgresql_db_changed(self, identity_changed, configs,
-                                   mock_is_db_ready,
+                                   mock_is_db_ready, mock_is_db_initialised,
                                   mock_ensure_ssl_cert_master, mock_log):
+        mock_is_db_initialised.return_value = True
        mock_is_db_ready.return_value = True
        mock_ensure_ssl_cert_master.return_value = False
        self.relation_ids.return_value = ['identity-service:0']
@ -269,6 +273,7 @@ class KeystoneRelationTests(CharmTestCase):

    @patch('keystone_utils.log')
    @patch('keystone_utils.ensure_ssl_cert_master')
+    @patch.object(hooks, 'is_db_initialised')
    @patch.object(hooks, 'is_db_ready')
    @patch.object(hooks, 'peer_units')
    @patch.object(hooks, 'ensure_permissions')
@ -283,8 +288,9 @@ class KeystoneRelationTests(CharmTestCase):
            self, configure_https, identity_changed,
            configs, get_homedir, ensure_user, cluster_joined,
            admin_relation_changed, ensure_permissions, mock_peer_units,
-            mock_is_db_ready,
+            mock_is_db_ready, mock_is_db_initialised,
            mock_ensure_ssl_cert_master, mock_log):
+        mock_is_db_initialised.return_value = True
        mock_is_db_ready.return_value = True
        self.openstack_upgrade_available.return_value = False
        self.is_elected_leader.return_value = True
@ -302,7 +308,6 @@ class KeystoneRelationTests(CharmTestCase):
        configure_https.assert_called_with()
        self.assertTrue(configs.write_all.called)

-        self.migrate_database.assert_called_with()
        self.assertTrue(self.ensure_initial_admin.called)
        self.log.assert_called_with(
            'Firing identity_changed hook for all related services.')
@ -343,6 +348,7 @@ class KeystoneRelationTests(CharmTestCase):

    @patch('keystone_utils.log')
    @patch('keystone_utils.ensure_ssl_cert_master')
+    @patch.object(hooks, 'is_db_initialised')
    @patch.object(hooks, 'is_db_ready')
    @patch.object(hooks, 'peer_units')
    @patch.object(hooks, 'ensure_permissions')
@ -361,9 +367,11 @@ class KeystoneRelationTests(CharmTestCase):
                                                   ensure_permissions,
                                                   mock_peer_units,
                                                   mock_is_db_ready,
+                                                   mock_is_db_initialised,
                                                   mock_ensure_ssl_cert_master,
                                                   mock_log):
        mock_is_db_ready.return_value = True
+        mock_is_db_initialised.return_value = True
        self.openstack_upgrade_available.return_value = True
        self.is_elected_leader.return_value = True
        # avoid having to mock syncer
@ -382,7 +390,6 @@ class KeystoneRelationTests(CharmTestCase):
        configure_https.assert_called_with()
        self.assertTrue(configs.write_all.called)

-        self.migrate_database.assert_called_with()
        self.assertTrue(self.ensure_initial_admin.called)
        self.log.assert_called_with(
            'Firing identity_changed hook for all related services.')
@ -391,6 +398,7 @@ class KeystoneRelationTests(CharmTestCase):
            remote_unit='unit/0')
        admin_relation_changed.assert_called_with('identity-service:0')

+    @patch.object(hooks, 'is_db_initialised')
    @patch.object(hooks, 'is_db_ready')
    @patch('keystone_utils.log')
    @patch('keystone_utils.ensure_ssl_cert_master')
@ -398,7 +406,9 @@ class KeystoneRelationTests(CharmTestCase):
    @patch.object(hooks, 'send_notifications')
    def test_identity_changed_leader(self, mock_send_notifications,
                                     mock_hashlib, mock_ensure_ssl_cert_master,
-                                     mock_log, mock_is_db_ready):
+                                     mock_log, mock_is_db_ready,
+                                     mock_is_db_initialised):
+        mock_is_db_initialised.return_value = True
        mock_is_db_ready.return_value = True
        mock_ensure_ssl_cert_master.return_value = False
        hooks.identity_changed(
@ -557,13 +567,16 @@ class KeystoneRelationTests(CharmTestCase):
    @patch('keystone_utils.log')
    @patch('keystone_utils.ensure_ssl_cert_master')
    @patch.object(hooks, 'is_db_ready')
+    @patch.object(hooks, 'is_db_initialised')
    @patch.object(hooks, 'identity_changed')
    @patch.object(hooks, 'CONFIGS')
    def test_ha_relation_changed_clustered_leader(self, configs,
                                                  identity_changed,
+                                                  mock_is_db_initialised,
                                                  mock_is_db_ready,
                                                  mock_ensure_ssl_cert_master,
                                                  mock_log):
+        mock_is_db_initialised.return_value = True
        mock_is_db_ready.return_value = True
        mock_ensure_ssl_cert_master.return_value = False
        self.relation_get.return_value = True
@ -610,6 +623,8 @@ class KeystoneRelationTests(CharmTestCase):
        cmd = ['a2dissite', 'openstack_https_frontend']
        self.check_call.assert_called_with(cmd)

+    @patch.object(hooks, 'is_db_ready')
+    @patch.object(hooks, 'is_db_initialised')
    @patch('keystone_utils.log')
    @patch('keystone_utils.relation_ids')
    @patch('keystone_utils.is_elected_leader')
@ -623,7 +638,11 @@ class KeystoneRelationTests(CharmTestCase):
                                  mock_ensure_ssl_cert_master,
                                  mock_is_elected_leader,
                                  mock_relation_ids,
-                                  mock_log):
+                                  mock_log,
+                                  mock_is_db_ready,
+                                  mock_is_db_initialised):
+        mock_is_db_initialised.return_value = True
+        mock_is_db_ready.return_value = True
        mock_is_elected_leader.return_value = False
        mock_relation_ids.return_value = []
        mock_ensure_ssl_cert_master.return_value = True