Merge "Restore swift storage directory permissions after upgrade"

deployment/puppet/osnailyfacter/manifests/upgrade/pkg_upgrade.pp

@@ -37,4 +37,37 @@ class osnailyfacter::upgrade::pkg_upgrade {
       require => Exec['remove_policy']
     })
   }
+
+  if roles_include(['controller', 'primary-controller']) {
+    $storage_hash = hiera_hash('storage', {})
+    if (!$storage_hash['images_ceph'] and !$storage_hash['objects_ceph'] and !$storage_hash['images_vcenter']) {
+      # Glance package update changes permissions for /var/lib/glance and makes
+      # it and its subdirectories owned by glance:glance (it executes in postinst stage).
+      # We use /var/lib/glance/node as swift storage, and we need to allow
+      # swift user to write into this directory. We should update all subdirectories
+      # in /var/lib/glance/node to be owned by swift:swift. This should be applied right
+      # after glance package update to decrease swift service downtime to minimum.
+      # Swift services restart isn't required.
+
+      $swift_partition = hiera('swift_partition', '/var/lib/glance/node')
+
+      if $swift_partition =~ /\/var\/lib\/glance\// {
+        # We can't use 'file' resource because we need to be sure that swift user and
+        # group exist. They could be absent in case of adding new controller node
+        # for already upgraded environment.
+        exec { '/var/lib/glance/':
+          command   => 'chgrp swift /var/lib/glance/',
+          onlyif    => 'getent group swift && test -d /var/lib/glance/',
+          path      => ['/bin/', '/usr/bin/'],
+          logoutput => 'on_failure',
+        } ->
+        exec { $swift_partition:
+          command   => "chown -R swift:swift ${swift_partition}",
+          onlyif    => "getent passwd swift && test -d ${swift_partition}",
+          path      => ['/bin/', '/usr/bin/'],
+          logoutput => 'on_failure',
+        }
+      }
+    }
+  }
 }