Call sync secret store on db-sync

Due to race conditions when doing the secret store sync in the code, we
opted for requiring the command to be explicitly called. This reflects
the new requirement by adding the secret store sync in the db-sync
manifest.

Change-Id: I61544d2defa3fd7f28c312ce94a753f36a2b7d30
Related-Bug: #1738863
This commit is contained in:
Juan Antonio Osorio Robles 2018-03-20 10:48:56 +02:00
parent f296ab3bf3
commit a51b1e0d66
2 changed files with 54 additions and 3 deletions

View File

@ -8,8 +8,14 @@
# to the barbican-db-manage command.
# Defaults to undef
#
# [*secret_store_extra_params*]
# (optional) String of extra command line parameters to append
# to the barbican-db-manage command.
# Defaults to undef
#
class barbican::db::sync(
$extra_params = undef,
$extra_params = undef,
$secret_store_extra_params = undef,
) {
include ::barbican::deps
@ -27,8 +33,24 @@ class barbican::db::sync(
Anchor['barbican::config::end'],
Anchor['barbican::dbsync::begin']
],
notify => Anchor['barbican::dbsync::end'],
notify => Exec['barbican-db-manage sync secret stores'],
tag => 'openstack-db',
}
exec { 'barbican-db-manage sync secret stores':
command => "barbican-manage db sync_secret_stores ${secret_store_extra_params}",
path => ['/bin', '/usr/bin', ],
user => 'barbican',
refreshonly => true,
try_sleep => 5,
tries => 10,
logoutput => on_failure,
subscribe => [
Anchor['barbican::install::end'],
Anchor['barbican::config::end'],
Anchor['barbican::dbsync::begin']
],
notify => Anchor['barbican::dbsync::end'],
tag => 'openstack-db',
}
}

View File

@ -13,6 +13,20 @@ describe 'barbican::db::sync' do
:try_sleep => 5,
:tries => 10,
:logoutput => 'on_failure',
:subscribe => ['Anchor[barbican::install::end]',
'Anchor[barbican::config::end]',
'Anchor[barbican::dbsync::begin]'],
:notify => 'Exec[barbican-db-manage sync secret stores]',
:tag => 'openstack-db',
)
is_expected.to contain_exec('barbican-db-manage sync secret stores').with(
:command => 'barbican-manage db sync_secret_stores ',
:user => 'barbican',
:path => ['/bin','/usr/bin'],
:refreshonly => 'true',
:try_sleep => 5,
:tries => 10,
:logoutput => 'on_failure',
:subscribe => ['Anchor[barbican::install::end]',
'Anchor[barbican::config::end]',
'Anchor[barbican::dbsync::begin]'],
@ -24,7 +38,8 @@ describe 'barbican::db::sync' do
describe "overriding extra_params" do
let :params do
{
:extra_params => '--config-file /etc/barbican/barbican.conf',
:extra_params => '--config-file /etc/barbican/barbican.conf',
:secret_store_extra_params => '--config-file /etc/barbican/barbican.conf',
}
end
@ -40,6 +55,20 @@ describe 'barbican::db::sync' do
:subscribe => ['Anchor[barbican::install::end]',
'Anchor[barbican::config::end]',
'Anchor[barbican::dbsync::begin]'],
:notify => 'Exec[barbican-db-manage sync secret stores]',
:tag => 'openstack-db',
)
is_expected.to contain_exec('barbican-db-manage sync secret stores').with(
:command => 'barbican-manage db sync_secret_stores --config-file /etc/barbican/barbican.conf',
:user => 'barbican',
:path => ['/bin','/usr/bin'],
:refreshonly => 'true',
:try_sleep => 5,
:tries => 10,
:logoutput => 'on_failure',
:subscribe => ['Anchor[barbican::install::end]',
'Anchor[barbican::config::end]',
'Anchor[barbican::dbsync::begin]'],
:notify => 'Anchor[barbican::dbsync::end]',
:tag => 'openstack-db',
)