From 93db01848530f8e160509ecc78ea9520626df21f Mon Sep 17 00:00:00 2001 From: Frode Nordahl Date: Mon, 20 Aug 2018 09:37:09 +0200 Subject: [PATCH] Do not rotate keys when lead unit is paused Closes-Bug: #1787719 Change-Id: I0557803e90d8ec52271f01e5e7276d2db8338ce2 --- hooks/keystone_utils.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hooks/keystone_utils.py b/hooks/keystone_utils.py index 10244649..a02b0171 100644 --- a/hooks/keystone_utils.py +++ b/hooks/keystone_utils.py @@ -2050,6 +2050,10 @@ def fernet_keys_rotate_and_sync(log_func=log): """ if not keystone_context.fernet_enabled() or not is_leader(): return + if is_unit_paused_set(): + log_func("Fernet key rotation requested but unit is paused", + level=INFO) + return # now see if the keys need to be rotated try: last_rotation = os.stat(