Merge "Fix generation of configs that contain password files" into stable/rocky

2019-02-11 16:22:27 +00:00 · 2019-02-11 16:22:27 +00:00 · 47245b40bd
parent 4b6b7ab0db c8b4fd25fa
commit 47245b40bd
1 changed files with 10 additions and 10 deletions
--- a/docker/docker-puppet.py
+++ b/docker/docker-puppet.py
@ -273,18 +273,15 @@ with open(sh_script, 'w') as script_file:
        # they need the old password to achieve that.
        # For those services, we update the config hash to notify
        # paunch that a restart is needed, but we do not update the
-        # password file in docker-puppet and let the service
-        # regenerate it instead.
-        action=$(hiera -c /etc/puppet/hiera.yaml stack_action)
-        if [ "x$action" = "xUPDATE" ];then
-            password_files="/root/.my.cnf"
-        else
-            password_files=""
-        fi
+        # password file in docker-puppet if the file already existed
+        # before and let the service regenerate it instead.
+        password_files="/root/.my.cnf"

        exclude_files=""
        for p in $password_files; do
-            exclude_files+=" --exclude=$p"
+            if [ -f "$p" -a -f "/var/lib/config-data/${NAME}$p" ]; then
+                exclude_files+=" --exclude=$p"
+            fi
        done
        rsync -a -R --delay-updates --delete-after $exclude_files $rsync_srcs /var/lib/config-data/${NAME}

@ -302,14 +299,17 @@ with open(sh_script, 'w') as script_file:
        # note: while being excluded from the output, password files
        # are still included in checksum computation
        additional_checksum_files=""
+        excluded_original_passwords=""
        for p in $password_files; do
            if [ -f "$p" ]; then
                additional_checksum_files+=" $p"
+                excluded_original_passwords+=" --exclude=/var/lib/config-data/*${p}"
            fi
        done
+
        # We need to exclude the swift rings and their backup as those change over time and
        # containers do not need to restart if they change
-        EXCLUDE=--exclude='*/etc/swift/backups/*'\ --exclude='*/etc/swift/*.ring.gz'\ --exclude='*/etc/swift/*.builder'\ --exclude='*/etc/libvirt/passwd.db'
+        EXCLUDE=--exclude='*/etc/swift/backups/*'\ --exclude='*/etc/swift/*.ring.gz'\ --exclude='*/etc/swift/*.builder'\ --exclude='*/etc/libvirt/passwd.db'\ ${excluded_original_passwords}
        # We need to repipe the tar command through 'tar xO' to force text
        # output because otherwise the sed command cannot work. The sed is
        # needed because puppet puts timestamps as comments in cron and