openstack
/
puppet-glance
Code Issues Proposed changes

Add support for db purge cron jobs 

This patch introduces the following 2 classes to manage cron jobs to
purge deleted records from database.
 - glance::cron::db_purge
 - glance::cron::db_purge_images_table

Note that purging the images table can cause a security risk. Users
should read and understand the implications of OSSN-0075[1] before they
use the glance::cron::db_purge_images_table class.
 [1] https://wiki.openstack.org/wiki/OSSN/OSSN-0075

Change-Id: I53f0d0b5cbbb2361d34927800b5b3dcf8a0dc326
This commit is contained in:
Takashi Kajinami 2020-08-17 17:05:39 +09:00
parent 789065b481
commit 43f08226c3
5 changed files with 332 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
manifests/cron/db_purge.pp Normal file
View File

@ -0,0 +1,95 @@
#
# Copyright (C) 2020 Red Hat Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: glance::cron::db_purge
#
# Remove deleted records from database
#
# === Parameters
#
# [*minute*]
# (optional) Defaults to '1'.
#
# [*hour*]
# (optional) Defaults to '0'.
#
# [*monthday*]
# (optional) Defaults to '*'.
#
# [*month*]
# (optional) Defaults to '*'.
#
# [*weekday*]
# (optional) Defaults to '*'.
#
# [*user*]
# (optional) User with access to glance files.
# Defaults to 'glance'.
#
# [*age*]
# (optional) Number of days prior to today for deletion,
# e.g. value 60 means to purge deleted rows that have the "deleted_at"
# column greater than 60 days ago.
# Defaults to 30
#
# [*max_rows*]
# (optional) Maximum number of deleted rows to purge
# Defaults to 100.
#
# [*destination*]
# (optional) Path to file to which rows should be archived
# Defaults to '/var/log/glance/glance-rowsflush.log'.
#
# [*maxdelay*]
# (optional) In Seconds. Should be a positive integer.
# Induces a random delay before running the cronjob to avoid running
# all cron jobs at the same time on all hosts this job is configured.
# Defaults to 0.
#
class glance::cron::db_purge (
$minute = 1,
$hour = 0,
$monthday = '*',
$month = '*',
$weekday = '*',
$user = 'glance',
$age = 30,
$max_rows = 100,
$destination = '/var/log/glance/glance-rowsflush.log',
$maxdelay = 0
) {
include glance::deps
if $maxdelay == 0 {
$sleep = ''
} else {
$sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; "
}
$opts = "--age_in_days ${age} --max_rows ${max_rows}"
cron { 'glance-manage db purge':
command => "${sleep}glance-manage db purge ${opts} >>${destination} 2>&1",
environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
user => $user,
minute => $minute,
hour => $hour,
monthday => $monthday,
month => $month,
weekday => $weekday,
require => Anchor['glance::install::end'],
}
}

95
manifests/cron/db_purge_images_table.pp Normal file
View File

@ -0,0 +1,95 @@
#
# Copyright (C) 2020 Red Hat Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: glance::cron::db_purge_images_table
#
# Remove deleted image records from database
#
# === Parameters
#
# [*minute*]
# (optional) Defaults to '1'.
#
# [*hour*]
# (optional) Defaults to '0'.
#
# [*monthday*]
# (optional) Defaults to '*'.
#
# [*month*]
# (optional) Defaults to '*'.
#
# [*weekday*]
# (optional) Defaults to '*'.
#
# [*user*]
# (optional) User with access to glance files.
# Defaults to 'glance'.
#
# [*age*]
# (optional) Number of days prior to today for deletion,
# e.g. value 60 means to purge deleted image rows that have the "deleted_at"
# column greater than 60 days ago.
# Defaults to 30
#
# [*max_rows*]
# (optional) Maximum number of deleted rows to purge
# Defaults to 100.
#
# [*destination*]
# (optional) Path to file to which rows should be archived
# Defaults to '/var/log/glance/glance-images-rowsflush.log'.
#
# [*maxdelay*]
# (optional) In Seconds. Should be a positive integer.
# Induces a random delay before running the cronjob to avoid running
# all cron jobs at the same time on all hosts this job is configured.
# Defaults to 0.
#
class glance::cron::db_purge_images_table (
$minute = 1,
$hour = 0,
$monthday = '*',
$month = '*',
$weekday = '*',
$user = 'glance',
$age = 30,
$max_rows = 100,
$destination = '/var/log/glance/glance-images-rowsflush.log',
$maxdelay = 0
) {
include glance::deps
if $maxdelay == 0 {
$sleep = ''
} else {
$sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; "
}
$opts = "--age_in_days ${age} --max_rows ${max_rows}"
cron { 'glance-manage db purge_images_table':
command => "${sleep}glance-manage db purge_images_table ${opts} >>${destination} 2>&1",
environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
user => $user,
minute => $minute,
hour => $hour,
monthday => $monthday,
month => $month,
weekday => $weekday,
require => Anchor['glance::install::end'],
}
}

10
releasenotes/notes/cron-db_purge-bbb2a1adb325e3b5.yaml Normal file
View File

@ -0,0 +1,10 @@
---
features:
- |
The new ``glance::cron::db_purge`` class has been added. This class manages
a cron job to run ``glance db purge`` command periodically.
- |
The new ``glance::cron::db_purge_images_table`` class has been added. This
class manages a cron job to run ``glance db purge_images_table`` command
periodically.

66
spec/classes/glance_cron_db_purge_images_table_spec.rb Normal file
View File

@ -0,0 +1,66 @@
require 'spec_helper'
describe 'glance::cron::db_purge_images_table' do
let :params do
{
:minute => 1,
:hour => 0,
:monthday => '*',
:month => '*',
:weekday => '*',
:user => 'glance',
:age => '30',
:max_rows => 100,
:maxdelay => 0,
:destination => '/var/log/glance/glance-images-rowsflush.log'
}
end
shared_examples 'glance::cron::db_purge_images_table' do
context 'with required parameters' do
it { is_expected.to contain_cron('glance-manage db purge_images_table').with(
:command => "glance-manage db purge_images_table --age_in_days #{params[:age]} --max_rows #{params[:max_rows]} >>#{params[:destination]} 2>&1",
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
:user => params[:user],
:minute => params[:minute],
:hour => params[:hour],
:monthday => params[:monthday],
:month => params[:month],
:weekday => params[:weekday],
:require => 'Anchor[glance::install::end]'
)}
end
context 'with required parameters with max delay enabled' do
before :each do
params.merge!(
:maxdelay => 600
)
end
it { should contain_cron('glance-manage db purge_images_table').with(
:command => "sleep `expr ${RANDOM} \\% #{params[:maxdelay]}`; glance-manage db purge_images_table --age_in_days #{params[:age]} --max_rows #{params[:max_rows]} >>#{params[:destination]} 2>&1",
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
:user => params[:user],
:minute => params[:minute],
:hour => params[:hour],
:monthday => params[:monthday],
:month => params[:month],
:weekday => params[:weekday],
:require => 'Anchor[glance::install::end]'
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'glance::cron::db_purge_images_table'
end
end
end

66
spec/classes/glance_cron_db_purge_spec.rb Normal file
View File

@ -0,0 +1,66 @@
require 'spec_helper'
describe 'glance::cron::db_purge' do
let :params do
{
:minute => 1,
:hour => 0,
:monthday => '*',
:month => '*',
:weekday => '*',
:user => 'glance',
:age => '30',
:max_rows => 100,
:maxdelay => 0,
:destination => '/var/log/glance/glance-rowsflush.log'
}
end
shared_examples 'glance::cron::db_purge' do
context 'with required parameters' do
it { is_expected.to contain_cron('glance-manage db purge').with(
:command => "glance-manage db purge --age_in_days #{params[:age]} --max_rows #{params[:max_rows]} >>#{params[:destination]} 2>&1",
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
:user => params[:user],
:minute => params[:minute],
:hour => params[:hour],
:monthday => params[:monthday],
:month => params[:month],
:weekday => params[:weekday],
:require => 'Anchor[glance::install::end]'
)}
end
context 'with required parameters with max delay enabled' do
before :each do
params.merge!(
:maxdelay => 600
)
end
it { should contain_cron('glance-manage db purge').with(
:command => "sleep `expr ${RANDOM} \\% #{params[:maxdelay]}`; glance-manage db purge --age_in_days #{params[:age]} --max_rows #{params[:max_rows]} >>#{params[:destination]} 2>&1",
:environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
:user => params[:user],
:minute => params[:minute],
:hour => params[:hour],
:monthday => params[:monthday],
:month => params[:month],
:weekday => params[:weekday],
:require => 'Anchor[glance::install::end]'
)}
end
end
on_supported_os({
:supported_os => OSDefaults.get_supported_os
}).each do |os,facts|
context "on #{os}" do
let (:facts) do
facts.merge!(OSDefaults.get_facts())
end
it_behaves_like 'glance::cron::db_purge'
end
end
end