1
=== modified file 'hooks/keystone_hooks.py'
2
--- hooks/keystone_hooks.py	2015-02-16 13:35:14 +0000
3
+++ hooks/keystone_hooks.py	2015-02-17 00:12:48 +0000
4
@@ -4,7 +4,6 @@
5
4
import os
4
import os
6
5
import stat
5
import stat
7
6
import sys
6
import sys
8
7
import time
9
8
7
10
9
from subprocess import check_call
8
from subprocess import check_call
11
10
9
12
@@ -72,6 +71,7 @@
13
72
    is_ssl_cert_master,
71
    is_ssl_cert_master,
14
73
    is_db_ready,
72
    is_db_ready,
15
74
    clear_ssl_synced_units,
73
    clear_ssl_synced_units,
16
74
    is_db_initialised,
17
75
)
75
)
18
76
76
19
77
from charmhelpers.contrib.hahelpers.cluster import (
77
from charmhelpers.contrib.hahelpers.cluster import (
20
@@ -198,17 +198,18 @@
21
198
            level=INFO)
198
            level=INFO)
22
199
        return
199
        return
23
200
200
30
201
    try:
201
    if not is_db_initialised():
31
202
        migrate_database()
202
        log("Database not yet initialised - deferring identity-relation "
32
203
    except Exception as exc:
203
            "updates", level=INFO)
33
204
        log("Database initialisation failed (%s) - db not ready?" % (exc),
204
        return
34
205
            level=WARNING)
205
35
206
    else:
206
    if is_elected_leader(CLUSTER_RES):
36
207
        ensure_initial_admin(config)
207
        ensure_initial_admin(config)
41
208
        log('Firing identity_changed hook for all related services.')
208
42
209
        for rid in relation_ids('identity-service'):
209
    log('Firing identity_changed hook for all related services.')
43
210
                for unit in related_units(rid):
210
    for rid in relation_ids('identity-service'):
44
211
                    identity_changed(relation_id=rid, remote_unit=unit)
211
            for unit in related_units(rid):
45
212
                identity_changed(relation_id=rid, remote_unit=unit)
46
212
213
47
213
214
48
214
@synchronize_ca_if_changed(force=True)
215
@synchronize_ca_if_changed(force=True)
49
@@ -233,8 +234,10 @@
50
233
                    level=INFO)
234
                    level=INFO)
51
234
                return
235
                return
52
235
236
53
237
            migrate_database()
54
238
55
236
            # Ensure any existing service entries are updated in the
239
            # Ensure any existing service entries are updated in the
57
237
            # new database backend
240
            # new database backend. Also avoid duplicate db ready check.
58
238
            update_all_identity_relation_units(check_db_ready=False)
241
            update_all_identity_relation_units(check_db_ready=False)
59
239
242
60
240
243
61
@@ -247,9 +250,15 @@
62
247
    else:
250
    else:
63
248
        CONFIGS.write(KEYSTONE_CONF)
251
        CONFIGS.write(KEYSTONE_CONF)
64
249
        if is_elected_leader(CLUSTER_RES):
252
        if is_elected_leader(CLUSTER_RES):
65
253
            if not is_db_ready(use_current_context=True):
66
254
                log('Allowed_units list provided and this unit not present',
67
255
                    level=INFO)
68
256
                return
69
257
70
258
            migrate_database()
71
250
            # Ensure any existing service entries are updated in the
259
            # Ensure any existing service entries are updated in the
74
251
            # new database backend
260
            # new database backend. Also avoid duplicate db ready check.
75
252
            update_all_identity_relation_units()
261
            update_all_identity_relation_units(check_db_ready=False)
76
253
262
77
254
263
78
255
@hooks.hook('identity-service-relation-changed')
264
@hooks.hook('identity-service-relation-changed')
79
@@ -265,6 +274,11 @@
80
265
                "ready - deferring until db ready", level=WARNING)
274
                "ready - deferring until db ready", level=WARNING)
81
266
            return
275
            return
82
267
276
83
277
        if not is_db_initialised():
84
278
            log("Database not yet initialised - deferring identity-relation "
85
279
                "updates", level=INFO)
86
280
            return
87
281
88
268
        add_service_to_keystone(relation_id, remote_unit)
282
        add_service_to_keystone(relation_id, remote_unit)
89
269
        settings = relation_get(rid=relation_id, unit=remote_unit)
283
        settings = relation_get(rid=relation_id, unit=remote_unit)
90
270
        service = settings.get('service', None)
284
        service = settings.get('service', None)
91
@@ -394,7 +408,7 @@
92
394
    # NOTE(jamespage) re-echo passwords for peer storage
408
    # NOTE(jamespage) re-echo passwords for peer storage
93
395
    echo_whitelist, overrides = \
409
    echo_whitelist, overrides = \
94
396
        apply_echo_filters(settings, ['_passwd', 'identity-service:',
410
        apply_echo_filters(settings, ['_passwd', 'identity-service:',
96
397
                                      'ssl-cert-master'])
411
                                      'ssl-cert-master', 'db-initialised'])
97
398
    log("Peer echo overrides: %s" % (overrides), level=DEBUG)
412
    log("Peer echo overrides: %s" % (overrides), level=DEBUG)
98
399
    relation_set(**overrides)
413
    relation_set(**overrides)
99
400
    if echo_whitelist:
414
    if echo_whitelist:
100
@@ -487,15 +501,8 @@
101
487
501
102
488
    clustered = relation_get('clustered')
502
    clustered = relation_get('clustered')
103
489
    if clustered and is_elected_leader(CLUSTER_RES):
503
    if clustered and is_elected_leader(CLUSTER_RES):
104
490
        if not is_db_ready():
105
491
                log('Allowed_units list provided and this unit not present',
106
492
                    level=INFO)
107
493
                return
108
494
109
495
        ensure_initial_admin(config)
110
496
        log('Cluster configured, notifying other services and updating '
504
        log('Cluster configured, notifying other services and updating '
111
497
            'keystone endpoint configuration')
505
            'keystone endpoint configuration')
112
498
113
499
        update_all_identity_relation_units()
506
        update_all_identity_relation_units()
114
500
507
115
501
508
116
@@ -546,7 +553,6 @@
117
546
    if is_elected_leader(CLUSTER_RES):
553
    if is_elected_leader(CLUSTER_RES):
118
547
        log('Cluster leader - ensuring endpoint configuration is up to '
554
        log('Cluster leader - ensuring endpoint configuration is up to '
119
548
            'date', level=DEBUG)
555
            'date', level=DEBUG)
120
549
        time.sleep(10)
121
550
        update_all_identity_relation_units()
556
        update_all_identity_relation_units()
122
551
557
123
552
558
124
553
559
125
=== modified file 'hooks/keystone_utils.py'
126
--- hooks/keystone_utils.py	2015-02-16 14:48:02 +0000
127
+++ hooks/keystone_utils.py	2015-02-17 00:12:48 +0000
128
@@ -314,7 +314,32 @@
129
314
    configs.write_all()
314
    configs.write_all()
130
315
315
131
316
    if is_elected_leader(CLUSTER_RES):
316
    if is_elected_leader(CLUSTER_RES):
133
317
        migrate_database()
317
        if is_db_ready():
134
318
            migrate_database()
135
319
        else:
136
320
            log("Database not ready - deferring to shared-db relation",
137
321
                level=INFO)
138
322
            return
139
323
140
324
141
325
def set_db_initialised():
142
326
    for rid in relation_ids('cluster'):
143
327
        relation_set(relation_settings={'db-initialised': 'True'},
144
328
                     relation_id=rid)
145
329
146
330
147
331
def is_db_initialised():
148
332
    for rid in relation_ids('cluster'):
149
333
        units = related_units(rid) + [local_unit()]
150
334
        for unit in units:
151
335
            db_initialised = relation_get(attribute='db-initialised',
152
336
                                          unit=unit, rid=rid)
153
337
            if db_initialised:
154
338
                log("Database is initialised", level=DEBUG)
155
339
                return True
156
340
157
341
    log("Database is NOT initialised", level=DEBUG)
158
342
    return False
159
318
343
160
319
344
161
320
def migrate_database():
345
def migrate_database():
162
@@ -328,10 +353,11 @@
163
328
    subprocess.check_output(cmd)
353
    subprocess.check_output(cmd)
164
329
    service_start('keystone')
354
    service_start('keystone')
165
330
    time.sleep(10)
355
    time.sleep(10)
167
331
356
    set_db_initialised()
168
332
357
169
333
# OLD
358
# OLD
170
334
359
171
360
172
335
def get_local_endpoint():
361
def get_local_endpoint():
173
336
    """Returns the URL for the local end-point bypassing haproxy/ssl"""
362
    """Returns the URL for the local end-point bypassing haproxy/ssl"""
174
337
    if config('prefer-ipv6'):
363
    if config('prefer-ipv6'):
175
338
364
176
=== modified file 'unit_tests/test_keystone_hooks.py'
177
--- unit_tests/test_keystone_hooks.py	2015-02-05 17:48:25 +0000
178
+++ unit_tests/test_keystone_hooks.py	2015-02-17 00:12:48 +0000
179
@@ -63,7 +63,6 @@
180
63
    'execd_preinstall',
63
    'execd_preinstall',
181
64
    'mkdir',
64
    'mkdir',
182
65
    'os',
65
    'os',
183
66
    'time',
184
67
    # ip
66
    # ip
185
68
    'get_iface_for_address',
67
    'get_iface_for_address',
186
69
    'get_netmask_for_address',
68
    'get_netmask_for_address',
187
@@ -203,6 +202,7 @@
188
203
        configs.write = MagicMock()
202
        configs.write = MagicMock()
189
204
        hooks.pgsql_db_changed()
203
        hooks.pgsql_db_changed()
190
205
204
191
205
    @patch.object(hooks, 'is_db_initialised')
192
206
    @patch.object(hooks, 'is_db_ready')
206
    @patch.object(hooks, 'is_db_ready')
193
207
    @patch('keystone_utils.log')
207
    @patch('keystone_utils.log')
194
208
    @patch('keystone_utils.ensure_ssl_cert_master')
208
    @patch('keystone_utils.ensure_ssl_cert_master')
195
@@ -210,7 +210,9 @@
196
210
    @patch.object(hooks, 'identity_changed')
210
    @patch.object(hooks, 'identity_changed')
197
211
    def test_db_changed_allowed(self, identity_changed, configs,
211
    def test_db_changed_allowed(self, identity_changed, configs,
198
212
                                mock_ensure_ssl_cert_master,
212
                                mock_ensure_ssl_cert_master,
200
213
                                mock_log, mock_is_db_ready):
213
                                mock_log, mock_is_db_ready,
201
214
                                mock_is_db_initialised):
202
215
        mock_is_db_initialised.return_value = True
203
214
        mock_is_db_ready.return_value = True
216
        mock_is_db_ready.return_value = True
204
215
        mock_ensure_ssl_cert_master.return_value = False
217
        mock_ensure_ssl_cert_master.return_value = False
205
216
        self.relation_ids.return_value = ['identity-service:0']
218
        self.relation_ids.return_value = ['identity-service:0']
206
@@ -247,12 +249,14 @@
207
247
249
208
248
    @patch('keystone_utils.log')
250
    @patch('keystone_utils.log')
209
249
    @patch('keystone_utils.ensure_ssl_cert_master')
251
    @patch('keystone_utils.ensure_ssl_cert_master')
210
252
    @patch.object(hooks, 'is_db_initialised')
211
250
    @patch.object(hooks, 'is_db_ready')
253
    @patch.object(hooks, 'is_db_ready')
212
251
    @patch.object(hooks, 'CONFIGS')
254
    @patch.object(hooks, 'CONFIGS')
213
252
    @patch.object(hooks, 'identity_changed')
255
    @patch.object(hooks, 'identity_changed')
214
253
    def test_postgresql_db_changed(self, identity_changed, configs,
256
    def test_postgresql_db_changed(self, identity_changed, configs,
216
254
                                   mock_is_db_ready,
257
                                   mock_is_db_ready, mock_is_db_initialised,
217
255
                                   mock_ensure_ssl_cert_master, mock_log):
258
                                   mock_ensure_ssl_cert_master, mock_log):
218
259
        mock_is_db_initialised.return_value = True
219
256
        mock_is_db_ready.return_value = True
260
        mock_is_db_ready.return_value = True
220
257
        mock_ensure_ssl_cert_master.return_value = False
261
        mock_ensure_ssl_cert_master.return_value = False
221
258
        self.relation_ids.return_value = ['identity-service:0']
262
        self.relation_ids.return_value = ['identity-service:0']
222
@@ -269,6 +273,7 @@
223
269
273
224
270
    @patch('keystone_utils.log')
274
    @patch('keystone_utils.log')
225
271
    @patch('keystone_utils.ensure_ssl_cert_master')
275
    @patch('keystone_utils.ensure_ssl_cert_master')
226
276
    @patch.object(hooks, 'is_db_initialised')
227
272
    @patch.object(hooks, 'is_db_ready')
277
    @patch.object(hooks, 'is_db_ready')
228
273
    @patch.object(hooks, 'peer_units')
278
    @patch.object(hooks, 'peer_units')
229
274
    @patch.object(hooks, 'ensure_permissions')
279
    @patch.object(hooks, 'ensure_permissions')
230
@@ -283,8 +288,9 @@
231
283
            self, configure_https, identity_changed,
288
            self, configure_https, identity_changed,
232
284
            configs, get_homedir, ensure_user, cluster_joined,
289
            configs, get_homedir, ensure_user, cluster_joined,
233
285
            admin_relation_changed, ensure_permissions, mock_peer_units,
290
            admin_relation_changed, ensure_permissions, mock_peer_units,
235
286
            mock_is_db_ready,
291
            mock_is_db_ready, mock_is_db_initialised,
236
287
            mock_ensure_ssl_cert_master, mock_log):
292
            mock_ensure_ssl_cert_master, mock_log):
237
293
        mock_is_db_initialised.return_value = True
238
288
        mock_is_db_ready.return_value = True
294
        mock_is_db_ready.return_value = True
239
289
        self.openstack_upgrade_available.return_value = False
295
        self.openstack_upgrade_available.return_value = False
240
290
        self.is_elected_leader.return_value = True
296
        self.is_elected_leader.return_value = True
241
@@ -302,7 +308,6 @@
242
302
        configure_https.assert_called_with()
308
        configure_https.assert_called_with()
243
303
        self.assertTrue(configs.write_all.called)
309
        self.assertTrue(configs.write_all.called)
244
304
310
245
305
        self.migrate_database.assert_called_with()
246
306
        self.assertTrue(self.ensure_initial_admin.called)
311
        self.assertTrue(self.ensure_initial_admin.called)
247
307
        self.log.assert_called_with(
312
        self.log.assert_called_with(
248
308
            'Firing identity_changed hook for all related services.')
313
            'Firing identity_changed hook for all related services.')
249
@@ -343,6 +348,7 @@
250
343
348
251
344
    @patch('keystone_utils.log')
349
    @patch('keystone_utils.log')
252
345
    @patch('keystone_utils.ensure_ssl_cert_master')
350
    @patch('keystone_utils.ensure_ssl_cert_master')
253
351
    @patch.object(hooks, 'is_db_initialised')
254
346
    @patch.object(hooks, 'is_db_ready')
352
    @patch.object(hooks, 'is_db_ready')
255
347
    @patch.object(hooks, 'peer_units')
353
    @patch.object(hooks, 'peer_units')
256
348
    @patch.object(hooks, 'ensure_permissions')
354
    @patch.object(hooks, 'ensure_permissions')
257
@@ -361,9 +367,11 @@
258
361
                                                   ensure_permissions,
367
                                                   ensure_permissions,
259
362
                                                   mock_peer_units,
368
                                                   mock_peer_units,
260
363
                                                   mock_is_db_ready,
369
                                                   mock_is_db_ready,
261
370
                                                   mock_is_db_initialised,
262
364
                                                   mock_ensure_ssl_cert_master,
371
                                                   mock_ensure_ssl_cert_master,
263
365
                                                   mock_log):
372
                                                   mock_log):
264
366
        mock_is_db_ready.return_value = True
373
        mock_is_db_ready.return_value = True
265
374
        mock_is_db_initialised.return_value = True
266
367
        self.openstack_upgrade_available.return_value = True
375
        self.openstack_upgrade_available.return_value = True
267
368
        self.is_elected_leader.return_value = True
376
        self.is_elected_leader.return_value = True
268
369
        # avoid having to mock syncer
377
        # avoid having to mock syncer
269
@@ -382,7 +390,6 @@
270
382
        configure_https.assert_called_with()
390
        configure_https.assert_called_with()
271
383
        self.assertTrue(configs.write_all.called)
391
        self.assertTrue(configs.write_all.called)
272
384
392
273
385
        self.migrate_database.assert_called_with()
274
386
        self.assertTrue(self.ensure_initial_admin.called)
393
        self.assertTrue(self.ensure_initial_admin.called)
275
387
        self.log.assert_called_with(
394
        self.log.assert_called_with(
276
388
            'Firing identity_changed hook for all related services.')
395
            'Firing identity_changed hook for all related services.')
277
@@ -391,6 +398,7 @@
278
391
            remote_unit='unit/0')
398
            remote_unit='unit/0')
279
392
        admin_relation_changed.assert_called_with('identity-service:0')
399
        admin_relation_changed.assert_called_with('identity-service:0')
280
393
400
281
401
    @patch.object(hooks, 'is_db_initialised')
282
394
    @patch.object(hooks, 'is_db_ready')
402
    @patch.object(hooks, 'is_db_ready')
283
395
    @patch('keystone_utils.log')
403
    @patch('keystone_utils.log')
284
396
    @patch('keystone_utils.ensure_ssl_cert_master')
404
    @patch('keystone_utils.ensure_ssl_cert_master')
285
@@ -398,7 +406,9 @@
286
398
    @patch.object(hooks, 'send_notifications')
406
    @patch.object(hooks, 'send_notifications')
287
399
    def test_identity_changed_leader(self, mock_send_notifications,
407
    def test_identity_changed_leader(self, mock_send_notifications,
288
400
                                     mock_hashlib, mock_ensure_ssl_cert_master,
408
                                     mock_hashlib, mock_ensure_ssl_cert_master,
290
401
                                     mock_log, mock_is_db_ready):
409
                                     mock_log, mock_is_db_ready,
291
410
                                     mock_is_db_initialised):
292
411
        mock_is_db_initialised.return_value = True
293
402
        mock_is_db_ready.return_value = True
412
        mock_is_db_ready.return_value = True
294
403
        mock_ensure_ssl_cert_master.return_value = False
413
        mock_ensure_ssl_cert_master.return_value = False
295
404
        hooks.identity_changed(
414
        hooks.identity_changed(
296
@@ -557,13 +567,16 @@
297
557
    @patch('keystone_utils.log')
567
    @patch('keystone_utils.log')
298
558
    @patch('keystone_utils.ensure_ssl_cert_master')
568
    @patch('keystone_utils.ensure_ssl_cert_master')
299
559
    @patch.object(hooks, 'is_db_ready')
569
    @patch.object(hooks, 'is_db_ready')
300
570
    @patch.object(hooks, 'is_db_initialised')
301
560
    @patch.object(hooks, 'identity_changed')
571
    @patch.object(hooks, 'identity_changed')
302
561
    @patch.object(hooks, 'CONFIGS')
572
    @patch.object(hooks, 'CONFIGS')
303
562
    def test_ha_relation_changed_clustered_leader(self, configs,
573
    def test_ha_relation_changed_clustered_leader(self, configs,
304
563
                                                  identity_changed,
574
                                                  identity_changed,
305
575
                                                  mock_is_db_initialised,
306
564
                                                  mock_is_db_ready,
576
                                                  mock_is_db_ready,
307
565
                                                  mock_ensure_ssl_cert_master,
577
                                                  mock_ensure_ssl_cert_master,
308
566
                                                  mock_log):
578
                                                  mock_log):
309
579
        mock_is_db_initialised.return_value = True
310
567
        mock_is_db_ready.return_value = True
580
        mock_is_db_ready.return_value = True
311
568
        mock_ensure_ssl_cert_master.return_value = False
581
        mock_ensure_ssl_cert_master.return_value = False
312
569
        self.relation_get.return_value = True
582
        self.relation_get.return_value = True
313
@@ -610,6 +623,8 @@
314
610
        cmd = ['a2dissite', 'openstack_https_frontend']
623
        cmd = ['a2dissite', 'openstack_https_frontend']
315
611
        self.check_call.assert_called_with(cmd)
624
        self.check_call.assert_called_with(cmd)
316
612
625
317
626
    @patch.object(hooks, 'is_db_ready')
318
627
    @patch.object(hooks, 'is_db_initialised')
319
613
    @patch('keystone_utils.log')
628
    @patch('keystone_utils.log')
320
614
    @patch('keystone_utils.relation_ids')
629
    @patch('keystone_utils.relation_ids')
321
615
    @patch('keystone_utils.is_elected_leader')
630
    @patch('keystone_utils.is_elected_leader')
322
@@ -623,7 +638,11 @@
323
623
                                  mock_ensure_ssl_cert_master,
638
                                  mock_ensure_ssl_cert_master,
324
624
                                  mock_is_elected_leader,
639
                                  mock_is_elected_leader,
325
625
                                  mock_relation_ids,
640
                                  mock_relation_ids,
327
626
                                  mock_log):
641
                                  mock_log,
328
642
                                  mock_is_db_ready,
329
643
                                  mock_is_db_initialised):
330
644
        mock_is_db_initialised.return_value = True
331
645
        mock_is_db_ready.return_value = True
332
627
        mock_is_elected_leader.return_value = False
646
        mock_is_elected_leader.return_value = False
333
628
        mock_relation_ids.return_value = []
647
        mock_relation_ids.return_value = []
334
629
        mock_ensure_ssl_cert_master.return_value = True
648
        mock_ensure_ssl_cert_master.return_value = True
Status:	Merged
Merged at revision:	121
Proposed branch:	lp:~hopem/charms/trusty/keystone/fix-db-migrate-race
Merge into:	lp:~openstack-charmers-archive/charms/trusty/keystone/next
Diff against target:	334 lines (+84/-33) 3 files modified hooks/keystone_hooks.py (+29/-23) hooks/keystone_utils.py (+28/-2) unit_tests/test_keystone_hooks.py (+27/-8)
To merge this branch:	bzr merge lp:~hopem/charms/trusty/keystone/fix-db-migrate-race
Related bugs:	Link a bug report
Reviewer	Review Type	Date Requested	Status
Liam Young (community)		2015-02-17	Approve on 2015-02-17
Review via email: mp+249904@code.launchpad.net
1	=== modified file 'hooks/keystone_hooks.py'
2	--- hooks/keystone_hooks.py 2015-02-16 13:35:14 +0000
3	+++ hooks/keystone_hooks.py 2015-02-17 00:12:48 +0000
4	@@ -4,7 +4,6 @@
5	4	import os	4	import os
6	5	import stat	5	import stat
7	6	import sys	6	import sys
8	7	import time
9	8		7
10	9	from subprocess import check_call	8	from subprocess import check_call
11	10		9
12	@@ -72,6 +71,7 @@
13	72	is_ssl_cert_master,	71	is_ssl_cert_master,
14	73	is_db_ready,	72	is_db_ready,
15	74	clear_ssl_synced_units,	73	clear_ssl_synced_units,
16			74	is_db_initialised,
17	75	)	75	)
18	76		76
19	77	from charmhelpers.contrib.hahelpers.cluster import (	77	from charmhelpers.contrib.hahelpers.cluster import (
20	@@ -198,17 +198,18 @@
21	198	level=INFO)	198	level=INFO)
22	199	return	199	return
23	200		200
30	201	try:	201	if not is_db_initialised():
31	202	migrate_database()	202	log("Database not yet initialised - deferring identity-relation "
32	203	except Exception as exc:	203	"updates", level=INFO)
33	204	log("Database initialisation failed (%s) - db not ready?" % (exc),	204	return
34	205	level=WARNING)	205
35	206	else:	206	if is_elected_leader(CLUSTER_RES):
36	207	ensure_initial_admin(config)	207	ensure_initial_admin(config)
41	208	log('Firing identity_changed hook for all related services.')	208
42	209	for rid in relation_ids('identity-service'):	209	log('Firing identity_changed hook for all related services.')
43	210	for unit in related_units(rid):	210	for rid in relation_ids('identity-service'):
44	211	identity_changed(relation_id=rid, remote_unit=unit)	211	for unit in related_units(rid):
45			212	identity_changed(relation_id=rid, remote_unit=unit)
46	212		213
47	213		214
48	214	@synchronize_ca_if_changed(force=True)	215	@synchronize_ca_if_changed(force=True)
49	@@ -233,8 +234,10 @@
50	233	level=INFO)	234	level=INFO)
51	234	return	235	return
52	235		236
53			237	migrate_database()
54			238
55	236	# Ensure any existing service entries are updated in the	239	# Ensure any existing service entries are updated in the
57	237	# new database backend	240	# new database backend. Also avoid duplicate db ready check.
58	238	update_all_identity_relation_units(check_db_ready=False)	241	update_all_identity_relation_units(check_db_ready=False)
59	239		242
60	240		243
61	@@ -247,9 +250,15 @@
62	247	else:	250	else:
63	248	CONFIGS.write(KEYSTONE_CONF)	251	CONFIGS.write(KEYSTONE_CONF)
64	249	if is_elected_leader(CLUSTER_RES):	252	if is_elected_leader(CLUSTER_RES):
65			253	if not is_db_ready(use_current_context=True):
66			254	log('Allowed_units list provided and this unit not present',
67			255	level=INFO)
68			256	return
69			257
70			258	migrate_database()
71	250	# Ensure any existing service entries are updated in the	259	# Ensure any existing service entries are updated in the
74	251	# new database backend	260	# new database backend. Also avoid duplicate db ready check.
75	252	update_all_identity_relation_units()	261	update_all_identity_relation_units(check_db_ready=False)
76	253		262
77	254		263
78	255	@hooks.hook('identity-service-relation-changed')	264	@hooks.hook('identity-service-relation-changed')
79	@@ -265,6 +274,11 @@
80	265	"ready - deferring until db ready", level=WARNING)	274	"ready - deferring until db ready", level=WARNING)
81	266	return	275	return
82	267		276
83			277	if not is_db_initialised():
84			278	log("Database not yet initialised - deferring identity-relation "
85			279	"updates", level=INFO)
86			280	return
87			281
88	268	add_service_to_keystone(relation_id, remote_unit)	282	add_service_to_keystone(relation_id, remote_unit)
89	269	settings = relation_get(rid=relation_id, unit=remote_unit)	283	settings = relation_get(rid=relation_id, unit=remote_unit)
90	270	service = settings.get('service', None)	284	service = settings.get('service', None)
91	@@ -394,7 +408,7 @@
92	394	# NOTE(jamespage) re-echo passwords for peer storage	408	# NOTE(jamespage) re-echo passwords for peer storage
93	395	echo_whitelist, overrides = \	409	echo_whitelist, overrides = \
94	396	apply_echo_filters(settings, ['_passwd', 'identity-service:',	410	apply_echo_filters(settings, ['_passwd', 'identity-service:',
96	397	'ssl-cert-master'])	411	'ssl-cert-master', 'db-initialised'])
97	398	log("Peer echo overrides: %s" % (overrides), level=DEBUG)	412	log("Peer echo overrides: %s" % (overrides), level=DEBUG)
98	399	relation_set(**overrides)	413	relation_set(**overrides)
99	400	if echo_whitelist:	414	if echo_whitelist:
100	@@ -487,15 +501,8 @@
101	487		501
102	488	clustered = relation_get('clustered')	502	clustered = relation_get('clustered')
103	489	if clustered and is_elected_leader(CLUSTER_RES):	503	if clustered and is_elected_leader(CLUSTER_RES):
104	490	if not is_db_ready():
105	491	log('Allowed_units list provided and this unit not present',
106	492	level=INFO)
107	493	return
108	494
109	495	ensure_initial_admin(config)
110	496	log('Cluster configured, notifying other services and updating '	504	log('Cluster configured, notifying other services and updating '
111	497	'keystone endpoint configuration')	505	'keystone endpoint configuration')
112	498
113	499	update_all_identity_relation_units()	506	update_all_identity_relation_units()
114	500		507
115	501		508
116	@@ -546,7 +553,6 @@
117	546	if is_elected_leader(CLUSTER_RES):	553	if is_elected_leader(CLUSTER_RES):
118	547	log('Cluster leader - ensuring endpoint configuration is up to '	554	log('Cluster leader - ensuring endpoint configuration is up to '
119	548	'date', level=DEBUG)	555	'date', level=DEBUG)
120	549	time.sleep(10)
121	550	update_all_identity_relation_units()	556	update_all_identity_relation_units()
122	551		557
123	552		558
124	553		559
125	=== modified file 'hooks/keystone_utils.py'
126	--- hooks/keystone_utils.py 2015-02-16 14:48:02 +0000
127	+++ hooks/keystone_utils.py 2015-02-17 00:12:48 +0000
128	@@ -314,7 +314,32 @@
129	314	configs.write_all()	314	configs.write_all()
130	315		315
131	316	if is_elected_leader(CLUSTER_RES):	316	if is_elected_leader(CLUSTER_RES):
133	317	migrate_database()	317	if is_db_ready():
134			318	migrate_database()
135			319	else:
136			320	log("Database not ready - deferring to shared-db relation",
137			321	level=INFO)
138			322	return
139			323
140			324
141			325	def set_db_initialised():
142			326	for rid in relation_ids('cluster'):
143			327	relation_set(relation_settings={'db-initialised': 'True'},
144			328	relation_id=rid)
145			329
146			330
147			331	def is_db_initialised():
148			332	for rid in relation_ids('cluster'):
149			333	units = related_units(rid) + [local_unit()]
150			334	for unit in units:
151			335	db_initialised = relation_get(attribute='db-initialised',
152			336	unit=unit, rid=rid)
153			337	if db_initialised:
154			338	log("Database is initialised", level=DEBUG)
155			339	return True
156			340
157			341	log("Database is NOT initialised", level=DEBUG)
158			342	return False
159	318		343
160	319		344
161	320	def migrate_database():	345	def migrate_database():
162	@@ -328,10 +353,11 @@
163	328	subprocess.check_output(cmd)	353	subprocess.check_output(cmd)
164	329	service_start('keystone')	354	service_start('keystone')
165	330	time.sleep(10)	355	time.sleep(10)
167	331		356	set_db_initialised()
168	332		357
169	333	# OLD	358	# OLD
170	334		359
171			360
172	335	def get_local_endpoint():	361	def get_local_endpoint():
173	336	"""Returns the URL for the local end-point bypassing haproxy/ssl"""	362	"""Returns the URL for the local end-point bypassing haproxy/ssl"""
174	337	if config('prefer-ipv6'):	363	if config('prefer-ipv6'):
175	338		364
176	=== modified file 'unit_tests/test_keystone_hooks.py'
177	--- unit_tests/test_keystone_hooks.py 2015-02-05 17:48:25 +0000
178	+++ unit_tests/test_keystone_hooks.py 2015-02-17 00:12:48 +0000
179	@@ -63,7 +63,6 @@
180	63	'execd_preinstall',	63	'execd_preinstall',
181	64	'mkdir',	64	'mkdir',
182	65	'os',	65	'os',
183	66	'time',
184	67	# ip	66	# ip
185	68	'get_iface_for_address',	67	'get_iface_for_address',
186	69	'get_netmask_for_address',	68	'get_netmask_for_address',
187	@@ -203,6 +202,7 @@
188	203	configs.write = MagicMock()	202	configs.write = MagicMock()
189	204	hooks.pgsql_db_changed()	203	hooks.pgsql_db_changed()
190	205		204
191			205	@patch.object(hooks, 'is_db_initialised')
192	206	@patch.object(hooks, 'is_db_ready')	206	@patch.object(hooks, 'is_db_ready')
193	207	@patch('keystone_utils.log')	207	@patch('keystone_utils.log')
194	208	@patch('keystone_utils.ensure_ssl_cert_master')	208	@patch('keystone_utils.ensure_ssl_cert_master')
195	@@ -210,7 +210,9 @@
196	210	@patch.object(hooks, 'identity_changed')	210	@patch.object(hooks, 'identity_changed')
197	211	def test_db_changed_allowed(self, identity_changed, configs,	211	def test_db_changed_allowed(self, identity_changed, configs,
198	212	mock_ensure_ssl_cert_master,	212	mock_ensure_ssl_cert_master,
200	213	mock_log, mock_is_db_ready):	213	mock_log, mock_is_db_ready,
201			214	mock_is_db_initialised):
202			215	mock_is_db_initialised.return_value = True
203	214	mock_is_db_ready.return_value = True	216	mock_is_db_ready.return_value = True
204	215	mock_ensure_ssl_cert_master.return_value = False	217	mock_ensure_ssl_cert_master.return_value = False
205	216	self.relation_ids.return_value = ['identity-service:0']	218	self.relation_ids.return_value = ['identity-service:0']
206	@@ -247,12 +249,14 @@
207	247		249
208	248	@patch('keystone_utils.log')	250	@patch('keystone_utils.log')
209	249	@patch('keystone_utils.ensure_ssl_cert_master')	251	@patch('keystone_utils.ensure_ssl_cert_master')
210			252	@patch.object(hooks, 'is_db_initialised')
211	250	@patch.object(hooks, 'is_db_ready')	253	@patch.object(hooks, 'is_db_ready')
212	251	@patch.object(hooks, 'CONFIGS')	254	@patch.object(hooks, 'CONFIGS')
213	252	@patch.object(hooks, 'identity_changed')	255	@patch.object(hooks, 'identity_changed')
214	253	def test_postgresql_db_changed(self, identity_changed, configs,	256	def test_postgresql_db_changed(self, identity_changed, configs,
216	254	mock_is_db_ready,	257	mock_is_db_ready, mock_is_db_initialised,
217	255	mock_ensure_ssl_cert_master, mock_log):	258	mock_ensure_ssl_cert_master, mock_log):
218			259	mock_is_db_initialised.return_value = True
219	256	mock_is_db_ready.return_value = True	260	mock_is_db_ready.return_value = True
220	257	mock_ensure_ssl_cert_master.return_value = False	261	mock_ensure_ssl_cert_master.return_value = False
221	258	self.relation_ids.return_value = ['identity-service:0']	262	self.relation_ids.return_value = ['identity-service:0']
222	@@ -269,6 +273,7 @@
223	269		273
224	270	@patch('keystone_utils.log')	274	@patch('keystone_utils.log')
225	271	@patch('keystone_utils.ensure_ssl_cert_master')	275	@patch('keystone_utils.ensure_ssl_cert_master')
226			276	@patch.object(hooks, 'is_db_initialised')
227	272	@patch.object(hooks, 'is_db_ready')	277	@patch.object(hooks, 'is_db_ready')
228	273	@patch.object(hooks, 'peer_units')	278	@patch.object(hooks, 'peer_units')
229	274	@patch.object(hooks, 'ensure_permissions')	279	@patch.object(hooks, 'ensure_permissions')
230	@@ -283,8 +288,9 @@
231	283	self, configure_https, identity_changed,	288	self, configure_https, identity_changed,
232	284	configs, get_homedir, ensure_user, cluster_joined,	289	configs, get_homedir, ensure_user, cluster_joined,
233	285	admin_relation_changed, ensure_permissions, mock_peer_units,	290	admin_relation_changed, ensure_permissions, mock_peer_units,
235	286	mock_is_db_ready,	291	mock_is_db_ready, mock_is_db_initialised,
236	287	mock_ensure_ssl_cert_master, mock_log):	292	mock_ensure_ssl_cert_master, mock_log):
237			293	mock_is_db_initialised.return_value = True
238	288	mock_is_db_ready.return_value = True	294	mock_is_db_ready.return_value = True
239	289	self.openstack_upgrade_available.return_value = False	295	self.openstack_upgrade_available.return_value = False
240	290	self.is_elected_leader.return_value = True	296	self.is_elected_leader.return_value = True
241	@@ -302,7 +308,6 @@
242	302	configure_https.assert_called_with()	308	configure_https.assert_called_with()
243	303	self.assertTrue(configs.write_all.called)	309	self.assertTrue(configs.write_all.called)
244	304		310
245	305	self.migrate_database.assert_called_with()
246	306	self.assertTrue(self.ensure_initial_admin.called)	311	self.assertTrue(self.ensure_initial_admin.called)
247	307	self.log.assert_called_with(	312	self.log.assert_called_with(
248	308	'Firing identity_changed hook for all related services.')	313	'Firing identity_changed hook for all related services.')
249	@@ -343,6 +348,7 @@
250	343		348
251	344	@patch('keystone_utils.log')	349	@patch('keystone_utils.log')
252	345	@patch('keystone_utils.ensure_ssl_cert_master')	350	@patch('keystone_utils.ensure_ssl_cert_master')
253			351	@patch.object(hooks, 'is_db_initialised')
254	346	@patch.object(hooks, 'is_db_ready')	352	@patch.object(hooks, 'is_db_ready')
255	347	@patch.object(hooks, 'peer_units')	353	@patch.object(hooks, 'peer_units')
256	348	@patch.object(hooks, 'ensure_permissions')	354	@patch.object(hooks, 'ensure_permissions')
257	@@ -361,9 +367,11 @@
258	361	ensure_permissions,	367	ensure_permissions,
259	362	mock_peer_units,	368	mock_peer_units,
260	363	mock_is_db_ready,	369	mock_is_db_ready,
261			370	mock_is_db_initialised,
262	364	mock_ensure_ssl_cert_master,	371	mock_ensure_ssl_cert_master,
263	365	mock_log):	372	mock_log):
264	366	mock_is_db_ready.return_value = True	373	mock_is_db_ready.return_value = True
265			374	mock_is_db_initialised.return_value = True
266	367	self.openstack_upgrade_available.return_value = True	375	self.openstack_upgrade_available.return_value = True
267	368	self.is_elected_leader.return_value = True	376	self.is_elected_leader.return_value = True
268	369	# avoid having to mock syncer	377	# avoid having to mock syncer
269	@@ -382,7 +390,6 @@
270	382	configure_https.assert_called_with()	390	configure_https.assert_called_with()
271	383	self.assertTrue(configs.write_all.called)	391	self.assertTrue(configs.write_all.called)
272	384		392
273	385	self.migrate_database.assert_called_with()
274	386	self.assertTrue(self.ensure_initial_admin.called)	393	self.assertTrue(self.ensure_initial_admin.called)
275	387	self.log.assert_called_with(	394	self.log.assert_called_with(
276	388	'Firing identity_changed hook for all related services.')	395	'Firing identity_changed hook for all related services.')
277	@@ -391,6 +398,7 @@
278	391	remote_unit='unit/0')	398	remote_unit='unit/0')
279	392	admin_relation_changed.assert_called_with('identity-service:0')	399	admin_relation_changed.assert_called_with('identity-service:0')
280	393		400
281			401	@patch.object(hooks, 'is_db_initialised')
282	394	@patch.object(hooks, 'is_db_ready')	402	@patch.object(hooks, 'is_db_ready')
283	395	@patch('keystone_utils.log')	403	@patch('keystone_utils.log')
284	396	@patch('keystone_utils.ensure_ssl_cert_master')	404	@patch('keystone_utils.ensure_ssl_cert_master')
285	@@ -398,7 +406,9 @@
286	398	@patch.object(hooks, 'send_notifications')	406	@patch.object(hooks, 'send_notifications')
287	399	def test_identity_changed_leader(self, mock_send_notifications,	407	def test_identity_changed_leader(self, mock_send_notifications,
288	400	mock_hashlib, mock_ensure_ssl_cert_master,	408	mock_hashlib, mock_ensure_ssl_cert_master,
290	401	mock_log, mock_is_db_ready):	409	mock_log, mock_is_db_ready,
291			410	mock_is_db_initialised):
292			411	mock_is_db_initialised.return_value = True
293	402	mock_is_db_ready.return_value = True	412	mock_is_db_ready.return_value = True
294	403	mock_ensure_ssl_cert_master.return_value = False	413	mock_ensure_ssl_cert_master.return_value = False
295	404	hooks.identity_changed(	414	hooks.identity_changed(
296	@@ -557,13 +567,16 @@
297	557	@patch('keystone_utils.log')	567	@patch('keystone_utils.log')
298	558	@patch('keystone_utils.ensure_ssl_cert_master')	568	@patch('keystone_utils.ensure_ssl_cert_master')
299	559	@patch.object(hooks, 'is_db_ready')	569	@patch.object(hooks, 'is_db_ready')
300			570	@patch.object(hooks, 'is_db_initialised')
301	560	@patch.object(hooks, 'identity_changed')	571	@patch.object(hooks, 'identity_changed')
302	561	@patch.object(hooks, 'CONFIGS')	572	@patch.object(hooks, 'CONFIGS')
303	562	def test_ha_relation_changed_clustered_leader(self, configs,	573	def test_ha_relation_changed_clustered_leader(self, configs,
304	563	identity_changed,	574	identity_changed,
305			575	mock_is_db_initialised,
306	564	mock_is_db_ready,	576	mock_is_db_ready,
307	565	mock_ensure_ssl_cert_master,	577	mock_ensure_ssl_cert_master,
308	566	mock_log):	578	mock_log):
309			579	mock_is_db_initialised.return_value = True
310	567	mock_is_db_ready.return_value = True	580	mock_is_db_ready.return_value = True
311	568	mock_ensure_ssl_cert_master.return_value = False	581	mock_ensure_ssl_cert_master.return_value = False
312	569	self.relation_get.return_value = True	582	self.relation_get.return_value = True
313	@@ -610,6 +623,8 @@
314	610	cmd = ['a2dissite', 'openstack_https_frontend']	623	cmd = ['a2dissite', 'openstack_https_frontend']
315	611	self.check_call.assert_called_with(cmd)	624	self.check_call.assert_called_with(cmd)
316	612		625
317			626	@patch.object(hooks, 'is_db_ready')
318			627	@patch.object(hooks, 'is_db_initialised')
319	613	@patch('keystone_utils.log')	628	@patch('keystone_utils.log')
320	614	@patch('keystone_utils.relation_ids')	629	@patch('keystone_utils.relation_ids')
321	615	@patch('keystone_utils.is_elected_leader')	630	@patch('keystone_utils.is_elected_leader')
322	@@ -623,7 +638,11 @@
323	623	mock_ensure_ssl_cert_master,	638	mock_ensure_ssl_cert_master,
324	624	mock_is_elected_leader,	639	mock_is_elected_leader,
325	625	mock_relation_ids,	640	mock_relation_ids,
327	626	mock_log):	641	mock_log,
328			642	mock_is_db_ready,
329			643	mock_is_db_initialised):
330			644	mock_is_db_initialised.return_value = True
331			645	mock_is_db_ready.return_value = True
332	627	mock_is_elected_leader.return_value = False	646	mock_is_elected_leader.return_value = False
333	628	mock_relation_ids.return_value = []	647	mock_relation_ids.return_value = []
334	629	mock_ensure_ssl_cert_master.return_value = True	648	mock_ensure_ssl_cert_master.return_value = True