Restart keystone's apache2 if mysql passwd rotated

When the mysql password is changed via the shared-db relation, the shared-db hook handler needs to restart keystone's apache2 so that the password is picked up and used by keystone during the rest of the hook. Change-Id: I37ed94d5937a9abf46fd12cd6f230ddb5a298b0e
2023-03-27 11:46:52 +01:00 · 2023-03-27 11:46:52 +01:00 · 3ea0c428a2
parent 9bdc83792b
commit 3ea0c428a2
1 changed files with 13 additions and 1 deletions
--- a/hooks/keystone_hooks.py
+++ b/hooks/keystone_hooks.py
@ -410,7 +410,12 @@ def db_changed():
    if 'shared-db' not in CONFIGS.complete_contexts():
        log('shared-db relation incomplete. Peer not ready?')
    else:
-        CONFIGS.write(KEYSTONE_CONF)
+        # here we may need to restart keystone's apache2 if the database
+        # password has been rotated as otherwise the
+        # `update_all_identity_related_units()` function will fail as it need
+        # to use keystone to check the database.
+        _maybe_config_updated()
+
        leader_init_db_if_ready(use_current_context=True)
        if CompareOpenStackReleases(
                os_release('keystone')) >= 'liberty':
@ -419,6 +424,13 @@ def db_changed():
        inform_peers_if_ready(check_api_unit_ready)


+@restart_on_change(restart_map(),
+                   restart_functions=restart_function_map())
+def _maybe_config_updated():
+    """Restart the keystone service is the configs have been updated."""
+    CONFIGS.write(KEYSTONE_CONF)
+
+
@hooks.hook('shared-db-relation-departed',
            'shared-db-relation-broken')
 def db_departed_or_broken():