Juju Charms Collection
percona-cluster package

Merge lp:~james-page/charms/trusty/percona-cluster/1497527 into lp:~openstack-charmers-archive/charms/trusty/percona-cluster/next

  1. Trusty Tahr (14.04)
  2. 1497527
  3. Merge into next
Proposed by James Page
Status: Merged
Merged at revision: 75
Proposed branch: lp:~james-page/charms/trusty/percona-cluster/1497527
Merge into: lp:~openstack-charmers-archive/charms/trusty/percona-cluster/next
Diff against target: 56 lines (+22/-3)
1 file modified
hooks/percona_hooks.py (+22/-3)
To merge this branch: bzr merge lp:~james-page/charms/trusty/percona-cluster/1497527
Reviewer Review Type Date Requested Status
OpenStack Charmers Pending
Review via email: mp+271772@code.launchpad.net

Description of the change

This change ensures that for configurations using access-network, access is only granted to IP addresses within the access-network CIDR, avoiding race conditions where the db_host presented to remote units get switch to the local access-network IP address for the PXC unit, allowed_hosts containers all remote unit names, but access has not been granted for all remote units for access-network IP addresses.

The old behaviour would grant access for any presented address, and then upgrade the grants to the new IP address once the remote units changed the 'hostname' relation data.

To post a comment you must log in.
lp:~james-page/charms/trusty/percona-cluster/1497527 updated
76. By James Page

Switch to using get_host_ip

77. By James Page

Tidy lint

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_lint_check #10403 percona-cluster-next for james-page mp271772
    LINT OK: passed

Build: http://10.245.162.77:8080/job/charm_lint_check/10403/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_unit_test #9549 percona-cluster-next for james-page mp271772
    UNIT OK: passed

Build: http://10.245.162.77:8080/job/charm_unit_test/9549/

Revision history for this message
uosci-testing-bot (uosci-testing-bot) wrote :

charm_amulet_test #6545 percona-cluster-next for james-page mp271772
    AMULET OK: passed

Build: http://10.245.162.77:8080/job/charm_amulet_test/6545/

Revision history for this message
Liam Young (gnuoy) wrote :

Tested with one glance node and one percona node.

Juju deployment network: 172.16.0.0/24
OS Access Network: 10.10.0.0/24

http://paste.ubuntu.com/12513262/

LGTM

Revision history for this message
Edward Hope-Morley (hopem) wrote :

LGTM +1

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/percona_hooks.py'
--- hooks/percona_hooks.py 2015-09-11 22:42:14 +0000
+++ hooks/percona_hooks.py 2015-09-21 07:57:49 +0000
@@ -429,6 +429,9 @@
429 access_network = config('access-network')429 access_network = config('access-network')
430 db_helper = get_db_helper()430 db_helper = get_db_helper()
431431
432 peer_store_and_set(relation_id=relation_id,
433 relation_settings={'access-network': access_network})
434
432 singleset = set(['database', 'username', 'hostname'])435 singleset = set(['database', 'username', 'hostname'])
433 if singleset.issubset(settings):436 if singleset.issubset(settings):
434 # Process a single database configuration437 # Process a single database configuration
@@ -436,6 +439,15 @@
436 database = settings['database']439 database = settings['database']
437 username = settings['username']440 username = settings['username']
438441
442 normalized_address = get_host_ip(hostname)
443 if access_network and not is_address_in_network(access_network,
444 normalized_address):
445 # NOTE: for configurations using access-network, only setup
446 # database access if remote unit has presented a
447 # hostname or ip address thats within the configured
448 # network cidr
449 return
450
439 # NOTE: do this before querying access grants451 # NOTE: do this before querying access grants
440 password = configure_db_for_hosts(hostname, database, username,452 password = configure_db_for_hosts(hostname, database, username,
441 db_helper)453 db_helper)
@@ -485,6 +497,16 @@
485 hostname = databases[db]['hostname']497 hostname = databases[db]['hostname']
486 username = databases[db]['username']498 username = databases[db]['username']
487499
500 normalized_address = get_host_ip(hostname)
501 if (access_network and
502 not is_address_in_network(access_network,
503 normalized_address)):
504 # NOTE: for configurations using access-network,
505 # only setup database access if remote unit
506 # has presented a hostname or ip address
507 # thats within the configured network cidr
508 return
509
488 # NOTE: do this before querying access grants510 # NOTE: do this before querying access grants
489 password = configure_db_for_hosts(hostname, database, username,511 password = configure_db_for_hosts(hostname, database, username,
490 db_helper)512 db_helper)
@@ -509,9 +531,6 @@
509 else:531 else:
510 log("No return data - not setting relation settings", level=DEBUG)532 log("No return data - not setting relation settings", level=DEBUG)
511533
512 peer_store_and_set(relation_id=relation_id,
513 relation_settings={'access-network': access_network})
514
515534
516@hooks.hook('ha-relation-joined')535@hooks.hook('ha-relation-joined')
517def ha_relation_joined():536def ha_relation_joined():

Subscribers

People subscribed via source and target branches