Keystone DB sync - add fernet key repo reset API
This update adds fernet keys repo reset API to sysinv. This API will be
consumed by dcorch to reset fernet keys on subcloud when the subcloud
becomes unmanaged.
Story: 2002842
Task: 22787
Signed-off-by: Andy Ning <andy.ning@windriver.com>
(cherry picked from commit f4bd054b9d
)
Change-Id: I09f0bd5a8a7e3d5ade045a8c87bbb6dfccd6798f
This commit is contained in:
parent
c880860c59
commit
9aa9723105
|
@ -113,10 +113,12 @@ class FernetKeyController(rest.RestController):
|
|||
@cutils.synchronized(LOCK_NAME)
|
||||
@wsme_pecan.wsexpose(None, body=[FernetKey],
|
||||
status_code=http_client.CREATED)
|
||||
def post(self, keys):
|
||||
key_list = [k.as_dict() for k in keys]
|
||||
def post(self, keys=None):
|
||||
key_list = None
|
||||
if keys:
|
||||
key_list = [k.as_dict() for k in keys]
|
||||
try:
|
||||
pecan.request.rpcapi.update_fernet_keys(pecan.request.context,
|
||||
pecan.request.rpcapi.update_fernet_repo(pecan.request.context,
|
||||
key_list)
|
||||
except Exception as e:
|
||||
LOG.exception(e)
|
||||
|
@ -129,7 +131,7 @@ class FernetKeyController(rest.RestController):
|
|||
def put(self, keys):
|
||||
key_list = [k.as_dict() for k in keys]
|
||||
try:
|
||||
pecan.request.rpcapi.update_fernet_keys(pecan.request.context,
|
||||
pecan.request.rpcapi.update_fernet_repo(pecan.request.context,
|
||||
key_list)
|
||||
except Exception as e:
|
||||
LOG.exception(e)
|
||||
|
|
|
@ -5,6 +5,8 @@
|
|||
#
|
||||
|
||||
import os
|
||||
import shutil
|
||||
import subprocess
|
||||
from grp import getgrnam
|
||||
from pwd import getpwnam
|
||||
|
||||
|
@ -153,6 +155,29 @@ class FernetOperator(object):
|
|||
LOG.exception(msg)
|
||||
raise exception.SysinvException(msg)
|
||||
|
||||
def reset_fernet_keys(self):
|
||||
try:
|
||||
if os.path.isdir(self.key_repository):
|
||||
LOG.info("Remove fernet repo")
|
||||
shutil.rmtree(self.key_repository)
|
||||
except OSError as e:
|
||||
LOG.exception(e)
|
||||
|
||||
with open(os.devnull, "w") as fnull:
|
||||
try:
|
||||
LOG.info("Re-setup fernet repo")
|
||||
subprocess.check_call(['/usr/bin/keystone-manage',
|
||||
'fernet_setup',
|
||||
'--keystone-user',
|
||||
KEYSTONE_USER,
|
||||
'--keystone-group',
|
||||
KEYSTONE_GROUP],
|
||||
stdout=fnull, stderr=fnull)
|
||||
except subprocess.CalledProcessError as e:
|
||||
msg = _("Failed to setup fernet keys: %s") % e.message
|
||||
LOG.exception(msg)
|
||||
raise exception.SysinvException(msg)
|
||||
|
||||
def get_fernet_keys(self, key_id=None):
|
||||
keys = []
|
||||
if not self._validate_key_repository():
|
||||
|
|
|
@ -10669,14 +10669,18 @@ class ConductorManager(service.PeriodicService):
|
|||
rpcapi = agent_rpcapi.AgentAPI()
|
||||
rpcapi.update_host_memory(context, host.uuid)
|
||||
|
||||
def update_fernet_keys(self, context, keys):
|
||||
def update_fernet_repo(self, context, keys=None):
|
||||
"""Update the fernet repo with the new keys.
|
||||
|
||||
:param context: request context.
|
||||
:param keys: a list of keys
|
||||
:returns: nothing
|
||||
"""
|
||||
self._fernet.update_fernet_keys(keys)
|
||||
|
||||
if keys:
|
||||
self._fernet.update_fernet_keys(keys)
|
||||
else:
|
||||
self._fernet.reset_fernet_keys()
|
||||
|
||||
def get_fernet_keys(self, context, key_id=None):
|
||||
"""Get the keys from the fernet repo.
|
||||
|
|
|
@ -1723,13 +1723,13 @@ class ConductorAPI(sysinv.openstack.common.rpc.proxy.RpcProxy):
|
|||
return self.cast(context, self.make_msg('update_host_memory',
|
||||
host_uuid=host_uuid))
|
||||
|
||||
def update_fernet_keys(self, context, keys):
|
||||
def update_fernet_repo(self, context, keys=None):
|
||||
"""Synchronously, have the conductor update fernet keys.
|
||||
|
||||
:param context: request context.
|
||||
:param keys: a list of fernet keys
|
||||
"""
|
||||
return self.call(context, self.make_msg('update_fernet_keys',
|
||||
return self.call(context, self.make_msg('update_fernet_repo',
|
||||
keys=keys))
|
||||
|
||||
def get_fernet_keys(self, context, key_id=None):
|
||||
|
|
Loading…
Reference in New Issue