Restore swift storage directory permissions after upgrade

Any update or reinstall glance-common package triggers its postinst action with following command: chown glance:glance -R /var/lib/glance/ /etc/glance/ We use /var/lib/glance/node by default as swift storage folder http://goo.gl/97VJG2, and reinstallation of glance-common breaks swift user access to it, so swift services stop working. So, we need to fix /var/lib/glance/node folder permissions right after upgrade command. Also, the case of adding new controller node for already updated cluster is covered. This workaround is applied on when swift is enabled. Closes-bug: #1618553 Related-bug: #1619282 Change-Id: Iea6ce51d6ed9fe42bba1b26b58ba43268a7f880c
2016-08-31 20:10:19 +03:00 · 2016-08-31 20:10:19 +03:00 · 1e520c05ee
parent 25b362b004
commit 1e520c05ee
1 changed files with 33 additions and 0 deletions
--- a/deployment/puppet/osnailyfacter/manifests/upgrade/pkg_upgrade.pp
+++ b/deployment/puppet/osnailyfacter/manifests/upgrade/pkg_upgrade.pp
@ -37,4 +37,37 @@ class osnailyfacter::upgrade::pkg_upgrade {
      require => Exec['remove_policy']
    })
  }
+
+  if roles_include(['controller', 'primary-controller']) {
+    $storage_hash = hiera_hash('storage', {})
+    if (!$storage_hash['images_ceph'] and !$storage_hash['objects_ceph'] and !$storage_hash['images_vcenter']) {
+      # Glance package update changes permissions for /var/lib/glance and makes
+      # it and its subdirectories owned by glance:glance (it executes in postinst stage).
+      # We use /var/lib/glance/node as swift storage, and we need to allow
+      # swift user to write into this directory. We should update all subdirectories
+      # in /var/lib/glance/node to be owned by swift:swift. This should be applied right
+      # after glance package update to decrease swift service downtime to minimum.
+      # Swift services restart isn't required.
+
+      $swift_partition = hiera('swift_partition', '/var/lib/glance/node')
+
+      if $swift_partition =~ /\/var\/lib\/glance\// {
+        # We can't use 'file' resource because we need to be sure that swift user and
+        # group exist. They could be absent in case of adding new controller node
+        # for already upgraded environment.
+        exec { '/var/lib/glance/':
+          command   => 'chgrp swift /var/lib/glance/',
+          onlyif    => 'getent group swift && test -d /var/lib/glance/',
+          path      => ['/bin/', '/usr/bin/'],
+          logoutput => 'on_failure',
+        } ->
+        exec { $swift_partition:
+          command   => "chown -R swift:swift ${swift_partition}",
+          onlyif    => "getent passwd swift && test -d ${swift_partition}",
+          path      => ['/bin/', '/usr/bin/'],
+          logoutput => 'on_failure',
+        }
+      }
+    }
+  }
 }