more

hooks/keystone_hooks.py

@@ -4,7 +4,6 @@ import json
 import os
 import stat
 import sys
-import time
 
 from subprocess import check_call
 
@@ -72,6 +71,7 @@ from keystone_utils import (
     is_ssl_cert_master,
     is_db_ready,
     clear_ssl_synced_units,
+    is_db_initialised,
 )
 
 from charmhelpers.contrib.hahelpers.cluster import (
@@ -146,17 +146,10 @@ def config_changed():
     update_nrpe_config()
     CONFIGS.write_all()
 
-    if is_elected_leader(CLUSTER_RES):
+    # Update relations since SSL may have been configured. If we have peer
-        if not is_db_ready():
+    # units we can rely on the sync to do this in cluster relation.
-            log("Database not ready - skipping db migration and "
+    if is_elected_leader(CLUSTER_RES) and not peer_units():
-                "identity-relation updates", level=INFO)
+        update_all_identity_relation_units()
-        else:
-            migrate_database(force=True)
-            # Update relations since SSL may have been configured. If we have
-            # peer units we can rely on the sync to do this in cluster
-            # relation.
-            if not peer_units():
-                update_all_identity_relation_units()
 
     for rid in relation_ids('identity-admin'):
         admin_relation_changed(rid)
@@ -205,8 +198,14 @@ def update_all_identity_relation_units(check_db_ready=True):
             level=INFO)
         return
 
-    migrate_database()
+    if not is_db_initialised():
-    ensure_initial_admin(config)
+        log("Database not yet initialised - deferring identity-relation "
+            "updates", level=INFO)
+        return
+
+    if is_elected_leader(CLUSTER_RES):
+        ensure_initial_admin(config)
+
     log('Firing identity_changed hook for all related services.')
     for rid in relation_ids('identity-service'):
             for unit in related_units(rid):
@@ -235,6 +234,8 @@ def db_changed():
                     level=INFO)
                 return
 
+            migrate_database()
+
             # Ensure any existing service entries are updated in the
             # new database backend. Also avoid duplicate db ready check.
             update_all_identity_relation_units(check_db_ready=False)
@@ -249,9 +250,15 @@ def pgsql_db_changed():
     else:
         CONFIGS.write(KEYSTONE_CONF)
         if is_elected_leader(CLUSTER_RES):
+            if not is_db_ready(use_current_context=True):
+                log('Allowed_units list provided and this unit not present',
+                    level=INFO)
+                return
+
+            migrate_database()
             # Ensure any existing service entries are updated in the
-            # new database backend
+            # new database backend. Also avoid duplicate db ready check.
-            update_all_identity_relation_units()
+            update_all_identity_relation_units(check_db_ready=False)
 
 
 @hooks.hook('identity-service-relation-changed')
@@ -267,7 +274,11 @@ def identity_changed(relation_id=None, remote_unit=None):
                 "ready - deferring until db ready", level=WARNING)
             return
 
-        migrate_database()
+        if not is_db_initialised():
+            log("Database not yet initialised - deferring identity-relation "
+                "updates", level=INFO)
+            return
+
         add_service_to_keystone(relation_id, remote_unit)
         settings = relation_get(rid=relation_id, unit=remote_unit)
         service = settings.get('service', None)
@@ -490,16 +501,8 @@ def ha_changed():
 
     clustered = relation_get('clustered')
     if clustered and is_elected_leader(CLUSTER_RES):
-        if not is_db_ready():
-                log('Allowed_units list provided and this unit not present',
-                    level=INFO)
-                return
-
-        migrate_database()
-        ensure_initial_admin(config)
         log('Cluster configured, notifying other services and updating '
             'keystone endpoint configuration')
-
         update_all_identity_relation_units()
 
 
@@ -550,14 +553,6 @@ def upgrade_charm():
     if is_elected_leader(CLUSTER_RES):
         log('Cluster leader - ensuring endpoint configuration is up to '
             'date', level=DEBUG)
-
-        if not is_db_ready():
-            log("Database not ready - deferring to shared-db relation",
-                level=INFO)
-            return
-
-        migrate_database(force=True)
-        time.sleep(10)
         update_all_identity_relation_units()
 
 

hooks/keystone_utils.py

@@ -315,7 +315,7 @@ def do_openstack_upgrade(configs):
 
     if is_elected_leader(CLUSTER_RES):
         if is_db_ready():
-            migrate_database(force=True)
+            migrate_database()
         else:
             log("Database not ready - deferring to shared-db relation",
                 level=INFO)
@@ -335,18 +335,16 @@ def is_db_initialised():
             db_initialised = relation_get(attribute='db-initialised',
                                           unit=unit, rid=rid)
             if db_initialised:
+                log("Database is initialised", level=DEBUG)
                 return True
 
+    log("Database is NOT initialised", level=DEBUG)
     return False
 
 
-def migrate_database(force=False):
+def migrate_database():
     """Runs keystone-manage to initialize a new database or migrate existing"""
-    if not force and is_db_initialised():
+    log('Migrating the keystone database.', level=INFO)
-        log('Keystone DB already migrated - skipping', level=INFO)
-        return
-
-    log('Migrating the keystone database. (force=%s)' % force, level=INFO)
     service_stop('keystone')
     # NOTE(jamespage) > icehouse creates a log file as root so use
     # sudo to execute as keystone otherwise keystone won't start
@@ -354,8 +352,8 @@ def migrate_database(force=False):
     cmd = ['sudo', '-u', 'keystone', 'keystone-manage', 'db_sync']
     subprocess.check_output(cmd)
     service_start('keystone')
-    set_db_initialised()
     time.sleep(10)
+    set_db_initialised()
 
 # OLD
 

unit_tests/test_keystone_hooks.py

@@ -63,7 +63,6 @@ TO_PATCH = [
     'execd_preinstall',
     'mkdir',
     'os',
-    'time',
     # ip
     'get_iface_for_address',
     'get_netmask_for_address',
@@ -203,6 +202,7 @@ class KeystoneRelationTests(CharmTestCase):
         configs.write = MagicMock()
         hooks.pgsql_db_changed()
 
+    @patch.object(hooks, 'is_db_initialised')
     @patch.object(hooks, 'is_db_ready')
     @patch('keystone_utils.log')
     @patch('keystone_utils.ensure_ssl_cert_master')
@@ -210,7 +210,9 @@ class KeystoneRelationTests(CharmTestCase):
     @patch.object(hooks, 'identity_changed')
     def test_db_changed_allowed(self, identity_changed, configs,
                                 mock_ensure_ssl_cert_master,
-                                mock_log, mock_is_db_ready):
+                                mock_log, mock_is_db_ready,
+                                mock_is_db_initialised):
+        mock_is_db_initialised.return_value = True
         mock_is_db_ready.return_value = True
         mock_ensure_ssl_cert_master.return_value = False
         self.relation_ids.return_value = ['identity-service:0']
@@ -247,12 +249,14 @@ class KeystoneRelationTests(CharmTestCase):
 
     @patch('keystone_utils.log')
     @patch('keystone_utils.ensure_ssl_cert_master')
+    @patch.object(hooks, 'is_db_initialised')
     @patch.object(hooks, 'is_db_ready')
     @patch.object(hooks, 'CONFIGS')
     @patch.object(hooks, 'identity_changed')
     def test_postgresql_db_changed(self, identity_changed, configs,
-                                   mock_is_db_ready,
+                                   mock_is_db_ready, mock_is_db_initialised,
                                    mock_ensure_ssl_cert_master, mock_log):
+        mock_is_db_initialised.return_value = True
         mock_is_db_ready.return_value = True
         mock_ensure_ssl_cert_master.return_value = False
         self.relation_ids.return_value = ['identity-service:0']
@@ -269,6 +273,7 @@ class KeystoneRelationTests(CharmTestCase):
 
     @patch('keystone_utils.log')
     @patch('keystone_utils.ensure_ssl_cert_master')
+    @patch.object(hooks, 'is_db_initialised')
     @patch.object(hooks, 'is_db_ready')
     @patch.object(hooks, 'peer_units')
     @patch.object(hooks, 'ensure_permissions')
@@ -283,8 +288,9 @@ class KeystoneRelationTests(CharmTestCase):
             self, configure_https, identity_changed,
             configs, get_homedir, ensure_user, cluster_joined,
             admin_relation_changed, ensure_permissions, mock_peer_units,
-            mock_is_db_ready,
+            mock_is_db_ready, mock_is_db_initialised,
             mock_ensure_ssl_cert_master, mock_log):
+        mock_is_db_initialised.return_value = True
         mock_is_db_ready.return_value = True
         self.openstack_upgrade_available.return_value = False
         self.is_elected_leader.return_value = True
@@ -302,7 +308,6 @@ class KeystoneRelationTests(CharmTestCase):
         configure_https.assert_called_with()
         self.assertTrue(configs.write_all.called)
 
-        self.migrate_database.assert_called_with()
         self.assertTrue(self.ensure_initial_admin.called)
         self.log.assert_called_with(
             'Firing identity_changed hook for all related services.')
@@ -343,6 +348,7 @@ class KeystoneRelationTests(CharmTestCase):
 
     @patch('keystone_utils.log')
     @patch('keystone_utils.ensure_ssl_cert_master')
+    @patch.object(hooks, 'is_db_initialised')
     @patch.object(hooks, 'is_db_ready')
     @patch.object(hooks, 'peer_units')
     @patch.object(hooks, 'ensure_permissions')
@@ -361,9 +367,11 @@ class KeystoneRelationTests(CharmTestCase):
                                                    ensure_permissions,
                                                    mock_peer_units,
                                                    mock_is_db_ready,
+                                                   mock_is_db_initialised,
                                                    mock_ensure_ssl_cert_master,
                                                    mock_log):
         mock_is_db_ready.return_value = True
+        mock_is_db_initialised.return_value = True
         self.openstack_upgrade_available.return_value = True
         self.is_elected_leader.return_value = True
         # avoid having to mock syncer
@@ -382,7 +390,6 @@ class KeystoneRelationTests(CharmTestCase):
         configure_https.assert_called_with()
         self.assertTrue(configs.write_all.called)
 
-        self.migrate_database.assert_called_with()
         self.assertTrue(self.ensure_initial_admin.called)
         self.log.assert_called_with(
             'Firing identity_changed hook for all related services.')
@@ -391,6 +398,7 @@ class KeystoneRelationTests(CharmTestCase):
             remote_unit='unit/0')
         admin_relation_changed.assert_called_with('identity-service:0')
 
+    @patch.object(hooks, 'is_db_initialised')
     @patch.object(hooks, 'is_db_ready')
     @patch('keystone_utils.log')
     @patch('keystone_utils.ensure_ssl_cert_master')
@@ -398,7 +406,9 @@ class KeystoneRelationTests(CharmTestCase):
     @patch.object(hooks, 'send_notifications')
     def test_identity_changed_leader(self, mock_send_notifications,
                                      mock_hashlib, mock_ensure_ssl_cert_master,
-                                     mock_log, mock_is_db_ready):
+                                     mock_log, mock_is_db_ready,
+                                     mock_is_db_initialised):
+        mock_is_db_initialised.return_value = True
         mock_is_db_ready.return_value = True
         mock_ensure_ssl_cert_master.return_value = False
         hooks.identity_changed(
@@ -557,13 +567,16 @@ class KeystoneRelationTests(CharmTestCase):
     @patch('keystone_utils.log')
     @patch('keystone_utils.ensure_ssl_cert_master')
     @patch.object(hooks, 'is_db_ready')
+    @patch.object(hooks, 'is_db_initialised')
     @patch.object(hooks, 'identity_changed')
     @patch.object(hooks, 'CONFIGS')
     def test_ha_relation_changed_clustered_leader(self, configs,
                                                   identity_changed,
+                                                  mock_is_db_initialised,
                                                   mock_is_db_ready,
                                                   mock_ensure_ssl_cert_master,
                                                   mock_log):
+        mock_is_db_initialised.return_value = True
         mock_is_db_ready.return_value = True
         mock_ensure_ssl_cert_master.return_value = False
         self.relation_get.return_value = True
@@ -610,6 +623,8 @@ class KeystoneRelationTests(CharmTestCase):
         cmd = ['a2dissite', 'openstack_https_frontend']
         self.check_call.assert_called_with(cmd)
 
+    @patch.object(hooks, 'is_db_ready')
+    @patch.object(hooks, 'is_db_initialised')
     @patch('keystone_utils.log')
     @patch('keystone_utils.relation_ids')
     @patch('keystone_utils.is_elected_leader')
@@ -623,7 +638,11 @@ class KeystoneRelationTests(CharmTestCase):
                                   mock_ensure_ssl_cert_master,
                                   mock_is_elected_leader,
                                   mock_relation_ids,
-                                  mock_log):
+                                  mock_log,
+                                  mock_is_db_ready,
+                                  mock_is_db_initialised):
+        mock_is_db_initialised.return_value = True
+        mock_is_db_ready.return_value = True
         mock_is_elected_leader.return_value = False
         mock_relation_ids.return_value = []
         mock_ensure_ssl_cert_master.return_value = True