Add support for db purge cron jobs
This patch introduces the following 2 classes to manage cron jobs to purge deleted records from database. - glance::cron::db_purge - glance::cron::db_purge_images_table Note that purging the images table can cause a security risk. Users should read and understand the implications of OSSN-0075[1] before they use the glance::cron::db_purge_images_table class. [1] https://wiki.openstack.org/wiki/OSSN/OSSN-0075 Change-Id: I53f0d0b5cbbb2361d34927800b5b3dcf8a0dc326
This commit is contained in:
parent
789065b481
commit
43f08226c3
|
@ -0,0 +1,95 @@
|
||||||
|
#
|
||||||
|
# Copyright (C) 2020 Red Hat Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
# == Class: glance::cron::db_purge
|
||||||
|
#
|
||||||
|
# Remove deleted records from database
|
||||||
|
#
|
||||||
|
# === Parameters
|
||||||
|
#
|
||||||
|
# [*minute*]
|
||||||
|
# (optional) Defaults to '1'.
|
||||||
|
#
|
||||||
|
# [*hour*]
|
||||||
|
# (optional) Defaults to '0'.
|
||||||
|
#
|
||||||
|
# [*monthday*]
|
||||||
|
# (optional) Defaults to '*'.
|
||||||
|
#
|
||||||
|
# [*month*]
|
||||||
|
# (optional) Defaults to '*'.
|
||||||
|
#
|
||||||
|
# [*weekday*]
|
||||||
|
# (optional) Defaults to '*'.
|
||||||
|
#
|
||||||
|
# [*user*]
|
||||||
|
# (optional) User with access to glance files.
|
||||||
|
# Defaults to 'glance'.
|
||||||
|
#
|
||||||
|
# [*age*]
|
||||||
|
# (optional) Number of days prior to today for deletion,
|
||||||
|
# e.g. value 60 means to purge deleted rows that have the "deleted_at"
|
||||||
|
# column greater than 60 days ago.
|
||||||
|
# Defaults to 30
|
||||||
|
#
|
||||||
|
# [*max_rows*]
|
||||||
|
# (optional) Maximum number of deleted rows to purge
|
||||||
|
# Defaults to 100.
|
||||||
|
#
|
||||||
|
# [*destination*]
|
||||||
|
# (optional) Path to file to which rows should be archived
|
||||||
|
# Defaults to '/var/log/glance/glance-rowsflush.log'.
|
||||||
|
#
|
||||||
|
# [*maxdelay*]
|
||||||
|
# (optional) In Seconds. Should be a positive integer.
|
||||||
|
# Induces a random delay before running the cronjob to avoid running
|
||||||
|
# all cron jobs at the same time on all hosts this job is configured.
|
||||||
|
# Defaults to 0.
|
||||||
|
#
|
||||||
|
class glance::cron::db_purge (
|
||||||
|
$minute = 1,
|
||||||
|
$hour = 0,
|
||||||
|
$monthday = '*',
|
||||||
|
$month = '*',
|
||||||
|
$weekday = '*',
|
||||||
|
$user = 'glance',
|
||||||
|
$age = 30,
|
||||||
|
$max_rows = 100,
|
||||||
|
$destination = '/var/log/glance/glance-rowsflush.log',
|
||||||
|
$maxdelay = 0
|
||||||
|
) {
|
||||||
|
|
||||||
|
include glance::deps
|
||||||
|
|
||||||
|
if $maxdelay == 0 {
|
||||||
|
$sleep = ''
|
||||||
|
} else {
|
||||||
|
$sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; "
|
||||||
|
}
|
||||||
|
|
||||||
|
$opts = "--age_in_days ${age} --max_rows ${max_rows}"
|
||||||
|
|
||||||
|
cron { 'glance-manage db purge':
|
||||||
|
command => "${sleep}glance-manage db purge ${opts} >>${destination} 2>&1",
|
||||||
|
environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
||||||
|
user => $user,
|
||||||
|
minute => $minute,
|
||||||
|
hour => $hour,
|
||||||
|
monthday => $monthday,
|
||||||
|
month => $month,
|
||||||
|
weekday => $weekday,
|
||||||
|
require => Anchor['glance::install::end'],
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,95 @@
|
||||||
|
#
|
||||||
|
# Copyright (C) 2020 Red Hat Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
#
|
||||||
|
# == Class: glance::cron::db_purge_images_table
|
||||||
|
#
|
||||||
|
# Remove deleted image records from database
|
||||||
|
#
|
||||||
|
# === Parameters
|
||||||
|
#
|
||||||
|
# [*minute*]
|
||||||
|
# (optional) Defaults to '1'.
|
||||||
|
#
|
||||||
|
# [*hour*]
|
||||||
|
# (optional) Defaults to '0'.
|
||||||
|
#
|
||||||
|
# [*monthday*]
|
||||||
|
# (optional) Defaults to '*'.
|
||||||
|
#
|
||||||
|
# [*month*]
|
||||||
|
# (optional) Defaults to '*'.
|
||||||
|
#
|
||||||
|
# [*weekday*]
|
||||||
|
# (optional) Defaults to '*'.
|
||||||
|
#
|
||||||
|
# [*user*]
|
||||||
|
# (optional) User with access to glance files.
|
||||||
|
# Defaults to 'glance'.
|
||||||
|
#
|
||||||
|
# [*age*]
|
||||||
|
# (optional) Number of days prior to today for deletion,
|
||||||
|
# e.g. value 60 means to purge deleted image rows that have the "deleted_at"
|
||||||
|
# column greater than 60 days ago.
|
||||||
|
# Defaults to 30
|
||||||
|
#
|
||||||
|
# [*max_rows*]
|
||||||
|
# (optional) Maximum number of deleted rows to purge
|
||||||
|
# Defaults to 100.
|
||||||
|
#
|
||||||
|
# [*destination*]
|
||||||
|
# (optional) Path to file to which rows should be archived
|
||||||
|
# Defaults to '/var/log/glance/glance-images-rowsflush.log'.
|
||||||
|
#
|
||||||
|
# [*maxdelay*]
|
||||||
|
# (optional) In Seconds. Should be a positive integer.
|
||||||
|
# Induces a random delay before running the cronjob to avoid running
|
||||||
|
# all cron jobs at the same time on all hosts this job is configured.
|
||||||
|
# Defaults to 0.
|
||||||
|
#
|
||||||
|
class glance::cron::db_purge_images_table (
|
||||||
|
$minute = 1,
|
||||||
|
$hour = 0,
|
||||||
|
$monthday = '*',
|
||||||
|
$month = '*',
|
||||||
|
$weekday = '*',
|
||||||
|
$user = 'glance',
|
||||||
|
$age = 30,
|
||||||
|
$max_rows = 100,
|
||||||
|
$destination = '/var/log/glance/glance-images-rowsflush.log',
|
||||||
|
$maxdelay = 0
|
||||||
|
) {
|
||||||
|
|
||||||
|
include glance::deps
|
||||||
|
|
||||||
|
if $maxdelay == 0 {
|
||||||
|
$sleep = ''
|
||||||
|
} else {
|
||||||
|
$sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; "
|
||||||
|
}
|
||||||
|
|
||||||
|
$opts = "--age_in_days ${age} --max_rows ${max_rows}"
|
||||||
|
|
||||||
|
cron { 'glance-manage db purge_images_table':
|
||||||
|
command => "${sleep}glance-manage db purge_images_table ${opts} >>${destination} 2>&1",
|
||||||
|
environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
||||||
|
user => $user,
|
||||||
|
minute => $minute,
|
||||||
|
hour => $hour,
|
||||||
|
monthday => $monthday,
|
||||||
|
month => $month,
|
||||||
|
weekday => $weekday,
|
||||||
|
require => Anchor['glance::install::end'],
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- |
|
||||||
|
The new ``glance::cron::db_purge`` class has been added. This class manages
|
||||||
|
a cron job to run ``glance db purge`` command periodically.
|
||||||
|
|
||||||
|
- |
|
||||||
|
The new ``glance::cron::db_purge_images_table`` class has been added. This
|
||||||
|
class manages a cron job to run ``glance db purge_images_table`` command
|
||||||
|
periodically.
|
|
@ -0,0 +1,66 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'glance::cron::db_purge_images_table' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:minute => 1,
|
||||||
|
:hour => 0,
|
||||||
|
:monthday => '*',
|
||||||
|
:month => '*',
|
||||||
|
:weekday => '*',
|
||||||
|
:user => 'glance',
|
||||||
|
:age => '30',
|
||||||
|
:max_rows => 100,
|
||||||
|
:maxdelay => 0,
|
||||||
|
:destination => '/var/log/glance/glance-images-rowsflush.log'
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples 'glance::cron::db_purge_images_table' do
|
||||||
|
context 'with required parameters' do
|
||||||
|
it { is_expected.to contain_cron('glance-manage db purge_images_table').with(
|
||||||
|
:command => "glance-manage db purge_images_table --age_in_days #{params[:age]} --max_rows #{params[:max_rows]} >>#{params[:destination]} 2>&1",
|
||||||
|
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
||||||
|
:user => params[:user],
|
||||||
|
:minute => params[:minute],
|
||||||
|
:hour => params[:hour],
|
||||||
|
:monthday => params[:monthday],
|
||||||
|
:month => params[:month],
|
||||||
|
:weekday => params[:weekday],
|
||||||
|
:require => 'Anchor[glance::install::end]'
|
||||||
|
)}
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with required parameters with max delay enabled' do
|
||||||
|
before :each do
|
||||||
|
params.merge!(
|
||||||
|
:maxdelay => 600
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_cron('glance-manage db purge_images_table').with(
|
||||||
|
:command => "sleep `expr ${RANDOM} \\% #{params[:maxdelay]}`; glance-manage db purge_images_table --age_in_days #{params[:age]} --max_rows #{params[:max_rows]} >>#{params[:destination]} 2>&1",
|
||||||
|
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
||||||
|
:user => params[:user],
|
||||||
|
:minute => params[:minute],
|
||||||
|
:hour => params[:hour],
|
||||||
|
:monthday => params[:monthday],
|
||||||
|
:month => params[:month],
|
||||||
|
:weekday => params[:weekday],
|
||||||
|
:require => 'Anchor[glance::install::end]'
|
||||||
|
)}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts())
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'glance::cron::db_purge_images_table'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,66 @@
|
||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
describe 'glance::cron::db_purge' do
|
||||||
|
let :params do
|
||||||
|
{
|
||||||
|
:minute => 1,
|
||||||
|
:hour => 0,
|
||||||
|
:monthday => '*',
|
||||||
|
:month => '*',
|
||||||
|
:weekday => '*',
|
||||||
|
:user => 'glance',
|
||||||
|
:age => '30',
|
||||||
|
:max_rows => 100,
|
||||||
|
:maxdelay => 0,
|
||||||
|
:destination => '/var/log/glance/glance-rowsflush.log'
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples 'glance::cron::db_purge' do
|
||||||
|
context 'with required parameters' do
|
||||||
|
it { is_expected.to contain_cron('glance-manage db purge').with(
|
||||||
|
:command => "glance-manage db purge --age_in_days #{params[:age]} --max_rows #{params[:max_rows]} >>#{params[:destination]} 2>&1",
|
||||||
|
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
||||||
|
:user => params[:user],
|
||||||
|
:minute => params[:minute],
|
||||||
|
:hour => params[:hour],
|
||||||
|
:monthday => params[:monthday],
|
||||||
|
:month => params[:month],
|
||||||
|
:weekday => params[:weekday],
|
||||||
|
:require => 'Anchor[glance::install::end]'
|
||||||
|
)}
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'with required parameters with max delay enabled' do
|
||||||
|
before :each do
|
||||||
|
params.merge!(
|
||||||
|
:maxdelay => 600
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
|
it { should contain_cron('glance-manage db purge').with(
|
||||||
|
:command => "sleep `expr ${RANDOM} \\% #{params[:maxdelay]}`; glance-manage db purge --age_in_days #{params[:age]} --max_rows #{params[:max_rows]} >>#{params[:destination]} 2>&1",
|
||||||
|
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
||||||
|
:user => params[:user],
|
||||||
|
:minute => params[:minute],
|
||||||
|
:hour => params[:hour],
|
||||||
|
:monthday => params[:monthday],
|
||||||
|
:month => params[:month],
|
||||||
|
:weekday => params[:weekday],
|
||||||
|
:require => 'Anchor[glance::install::end]'
|
||||||
|
)}
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
on_supported_os({
|
||||||
|
:supported_os => OSDefaults.get_supported_os
|
||||||
|
}).each do |os,facts|
|
||||||
|
context "on #{os}" do
|
||||||
|
let (:facts) do
|
||||||
|
facts.merge!(OSDefaults.get_facts())
|
||||||
|
end
|
||||||
|
|
||||||
|
it_behaves_like 'glance::cron::db_purge'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue