From 9f5d3429c834b25491bacafa852d5f8a901b5bd9 Mon Sep 17 00:00:00 2001 From: Tilman Baumann Date: Tue, 3 Apr 2018 15:56:43 +0200 Subject: [PATCH] Reload OSD when AppArmor policies are changed When AppArmor profiles are updated, the OSD processes need to be restarted as well to make the new polocy effective. Policy files can change on charm upgrade. Change-Id: Ib0dbcfd11949451e3abc0b2b7477a5f474bae234 Partial-Bug: 1755823 --- hooks/ceph_hooks.py | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/hooks/ceph_hooks.py b/hooks/ceph_hooks.py index 3bf94587..2d3bf9f1 100755 --- a/hooks/ceph_hooks.py +++ b/hooks/ceph_hooks.py @@ -135,8 +135,23 @@ def tune_network_adapters(): ceph.tune_nic(interface) -@restart_on_change({'/etc/apparmor.d/usr.bin.ceph-osd': ['apparmor']}, - restart_functions={'apparmor': service_reload}) +def aa_profile_changed(service_name='ceph-osd-all'): + """ + Reload AA profie and restart OSD processes. + """ + log("Loading new AppArmor profile") + service_reload('apparmor') + log("Restarting ceph-osd services with new AppArmor profile") + if ceph.systemd(): + for osd_id in ceph.get_local_osd_ids(): + service_restart('ceph-osd@{}'.format(osd_id)) + else: + service_restart(service_name) + + +@restart_on_change({ + '/etc/apparmor.d/usr.bin.ceph-osd': ['ceph-osd-all']}, + restart_functions={'ceph-osd-all': aa_profile_changed}) def copy_profile_into_place(): """ Copy the apparmor profiles included with the charm @@ -175,12 +190,7 @@ def install_apparmor_profile(): if config().changed('aa-profile-mode'): aa_context = CephOsdAppArmorContext() aa_context.setup_aa_profile() - service_reload('apparmor') - if ceph.systemd(): - for osd_id in ceph.get_local_osd_ids(): - service_restart('ceph-osd@{}'.format(osd_id)) - else: - service_restart('ceph-osd-all') + aa_profile_changed() @hooks.hook('install.real')