From 1e520c05ee221955adcf545b5a43b046d2e80233 Mon Sep 17 00:00:00 2001
From: iberezovskiy <iberezovskiy@mirantis.com>
Date: Wed, 31 Aug 2016 20:10:19 +0300
Subject: [PATCH] Restore swift storage directory permissions after upgrade

Any update or reinstall glance-common package triggers
its postinst action with following command:
chown glance:glance -R /var/lib/glance/ /etc/glance/
We use /var/lib/glance/node by default as swift storage
folder http://goo.gl/97VJG2, and reinstallation of
glance-common breaks swift user access to it, so swift
services stop working. So, we need to fix /var/lib/glance/node
folder permissions right after upgrade command.
Also, the case of adding new controller node for already
updated cluster is covered.
This workaround is applied on when swift is enabled.

Closes-bug: #1618553
Related-bug: #1619282

Change-Id: Iea6ce51d6ed9fe42bba1b26b58ba43268a7f880c
---
 .../manifests/upgrade/pkg_upgrade.pp          | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/deployment/puppet/osnailyfacter/manifests/upgrade/pkg_upgrade.pp b/deployment/puppet/osnailyfacter/manifests/upgrade/pkg_upgrade.pp
index 1e4c1d65ab..a21fb92051 100644
--- a/deployment/puppet/osnailyfacter/manifests/upgrade/pkg_upgrade.pp
+++ b/deployment/puppet/osnailyfacter/manifests/upgrade/pkg_upgrade.pp
@@ -37,4 +37,37 @@ class osnailyfacter::upgrade::pkg_upgrade {
       require => Exec['remove_policy']
     })
   }
+
+  if roles_include(['controller', 'primary-controller']) {
+    $storage_hash = hiera_hash('storage', {})
+    if (!$storage_hash['images_ceph'] and !$storage_hash['objects_ceph'] and !$storage_hash['images_vcenter']) {
+      # Glance package update changes permissions for /var/lib/glance and makes
+      # it and its subdirectories owned by glance:glance (it executes in postinst stage).
+      # We use /var/lib/glance/node as swift storage, and we need to allow
+      # swift user to write into this directory. We should update all subdirectories
+      # in /var/lib/glance/node to be owned by swift:swift. This should be applied right
+      # after glance package update to decrease swift service downtime to minimum.
+      # Swift services restart isn't required.
+
+      $swift_partition = hiera('swift_partition', '/var/lib/glance/node')
+
+      if $swift_partition =~ /\/var\/lib\/glance\// {
+        # We can't use 'file' resource because we need to be sure that swift user and
+        # group exist. They could be absent in case of adding new controller node
+        # for already upgraded environment.
+        exec { '/var/lib/glance/':
+          command   => 'chgrp swift /var/lib/glance/',
+          onlyif    => 'getent group swift && test -d /var/lib/glance/',
+          path      => ['/bin/', '/usr/bin/'],
+          logoutput => 'on_failure',
+        } ->
+        exec { $swift_partition:
+          command   => "chown -R swift:swift ${swift_partition}",
+          onlyif    => "getent passwd swift && test -d ${swift_partition}",
+          path      => ['/bin/', '/usr/bin/'],
+          logoutput => 'on_failure',
+        }
+      }
+    }
+  }
 }