ironic upgrade: change ownership for ironic-dbsync.log

Commit bf00e67901 broke upgrades of existing
ironic deployments, as it tries running ironic-dbsync from "ironic" user,
while the existing ironic-dbsync.log file is owned by root.

This change adds creating a file resource with the correct ACLs before
running ironic-dbsync.

Change-Id: Ia3e8b7d8add933cd8a53f1c4e92dc3c4479009eb

manifests/db/sync.pp

@@ -15,6 +15,17 @@ class ironic::db::sync(
   include ::ironic::deps
   include ::ironic::params
 
+  # NOTE(dtantsur): previous ironic-dbsync was run as root. it will fail to run
+  # as "ironic" user, if there is an old log file owned by root. Let's fix it.
+  # To be removed in Rocky.
+  file { '/var/log/ironic/ironic-dbsync.log':
+    ensure  => 'present',
+    owner   => 'ironic',
+    group   => 'ironic',
+    # /var/log/ironic comes from ironic-common
+    require => Anchor['ironic::install::end']
+  }
+
   exec { 'ironic-dbsync':
     command     => "${::ironic::params::dbsync_command} ${extra_params}",
     path        => '/usr/bin',
@@ -29,5 +40,6 @@ class ironic::db::sync(
       Anchor['ironic::dbsync::begin']
     ],
     notify      => Anchor['ironic::dbsync::end'],
+    require     => File['/var/log/ironic/ironic-dbsync.log'],
   }
 }

releasenotes/notes/ironic-dbsync-3816e081122eb137.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes ownership of ``/var/log/ironic/ironic-dbsync.log`` before trying
+    to run ``ironic-dbsync``. This file was owned by *root* previously.

spec/classes/ironic_db_sync_spec.rb

@@ -18,6 +18,12 @@ describe 'ironic::db::sync' do
                          'Anchor[ironic::dbsync::begin]'],
         :notify      => 'Anchor[ironic::dbsync::end]',
       )
+
+      is_expected.to contain_file('/var/log/ironic/ironic-dbsync.log').with(
+        :ensure  => 'present',
+        :owner   => 'ironic',
+        :group   => 'ironic',
+      )
     end
 
     describe "overriding extra_params" do