openstack/openstack-ansible-repo_server
Code Issues Proposed changes
8ae6540d0b
openstack-ansible-repo_server/releasenotes/notes/disable_slave_repo_during_sync-2aaabf90698221e3.yaml
Hugh Saunders b457f3bda6 Disable slave repo servers while syncing 
Currently there is a race between the repo servers syncing and the first
role that attempts to install a pip package. This change ensures that
only the primary repo server is accessible until the slaves are synced.

This is achieved by adding a hook into lsyncd that allows a command to
be run before and after each sync. This command is an ssh command to
connect to the relevant secondary container and stop/start nginx. As the
nginx user is unprivileged, a sudoers file is added to allow nginx to be
stopped and started.

Notes on adding the hook into lsyncd:
 * There is an existing script in lsyncd/examples for postcmd. This
   works at a higher level by adding an event onto the stack for executing a
   command once the sync has finished. I experimented with that but
   events dont get fired for the initial recursive sync, only on
   subsequent changes. As it is the initial sync that causes the problem
   that this patch is addressing, I had to look at a lower level.

 * The lsync lua C lib has an exec function, but it is hidden from
   config scripts except through the spawn(...) function. However spawn
   requires an event so can't be used for the initial sync.

 * I ended up going outside the lsync framework and using lua's own
   os.execute() function for pre/post cmds.

While this looks like a big patch, its actually a relatively small
change to the default rsync script. See
https://github.com/hughsaunders/lsyncd/compare/master...hughsaunders:rsync_prepost
for a comparison.

Bug: #1543146
Change-Id: I045a4a6bf722d6f1e01d21fbbec733872acb87a5
2016-03-16 07:19:20 +00:00

9 lines
595 B
YAML
Raw Blame History

---
fixes:
- In order to ensure that the appropriate data is delivered to requesters from the repo servers,
the slave repo_server web servers are taken offline during the synchronisation process. This
ensures that the right data is always delivered to the requesters through the load balancer.
security:
- A sudoers entry has been added to the repo_servers in order to allow the nginx user to stop and
start nginx via the init script. This is implemented in order to ensure that the repo sync
process can shut off nginx while synchronising data from the master to the slaves.
View Git Blame Copy Permalink