Adding granularity states for barbican upgrade
Change-Id: Ic3ef10aa4459282286ad0de0f11d0a90c8e6ea2d
Related-Prod: PROD-21934
diff --git a/barbican/db/offline_sync.sls b/barbican/db/offline_sync.sls
new file mode 100644
index 0000000..8183277
--- /dev/null
+++ b/barbican/db/offline_sync.sls
@@ -0,0 +1,12 @@
+{%- from "barbican/map.jinja" import server with context %}
+
+{%- if server.enabled %}
+
+barbican_syncdb:
+ cmd.run:
+ - name: barbican-db-manage upgrade
+ {%- if grains.get('noservices') or server.get('role', 'primary') == 'secondary' %}
+ - onlyif: /bin/false
+ {%- endif %}
+
+{%- endif %}
diff --git a/barbican/meta/salt.yml b/barbican/meta/salt.yml
new file mode 100644
index 0000000..7c2da1d
--- /dev/null
+++ b/barbican/meta/salt.yml
@@ -0,0 +1,5 @@
+orchestration:
+ upgrade:
+ applications:
+ barbican:
+ priority: 1400
diff --git a/barbican/server.sls b/barbican/server.sls
index 2891274..092468a 100644
--- a/barbican/server.sls
+++ b/barbican/server.sls
@@ -5,6 +5,7 @@
- apache
- barbican._ssl.mysql
- barbican._ssl.rabbitmq
+ - barbican.db.offline_sync
barbican_server_packages:
pkg.installed:
@@ -23,16 +24,8 @@
- pkg: barbican_server_packages
- sls: barbican._ssl.mysql
- sls: barbican._ssl.rabbitmq
-
-barbican_syncdb:
- cmd.run:
- - name: barbican-manage db upgrade
- {%- if grains.get('noservices') %}
- - onlyif: /bin/false
- {%- endif %}
- - require:
- - file: /etc/barbican/barbican.conf
- - pkg: barbican_server_packages
+ - require_in:
+ - sls: barbican.db.offline_sync
barbican_sync_secret_stores:
cmd.run:
@@ -44,7 +37,7 @@
- require:
- file: /etc/barbican/barbican.conf
- pkg: barbican_server_packages
- - cmd: barbican_syncdb
+ - sls: barbican.db.offline_sync
{%- for name, rule in server.get('policy', {}).items() %}
{%- if rule != None %}
@@ -90,7 +83,7 @@
- pkg: barbican_fluentd_logger_package
{%- endif %}
- require_in:
- - cmd: barbican_syncdb
+ - sls: barbican.db.offline_sync
- watch_in:
- service: barbican_server_services
diff --git a/barbican/upgrade/pkgs_latest.sls b/barbican/upgrade/pkgs_latest.sls
new file mode 100644
index 0000000..4863b65
--- /dev/null
+++ b/barbican/upgrade/pkgs_latest.sls
@@ -0,0 +1,35 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_task_pkgs_latest:
+ test.show_notification:
+ - name: "dump_message_pkgs_latest"
+ - text: "Running barbican.upgrade.pkg_latest"
+
+policy-rc.d_present:
+ file.managed:
+ - name: /usr/sbin/policy-rc.d
+ - mode: 755
+ - contents: |
+ #!/bin/sh
+ exit 101
+
+{%- set pkgs = [] %}
+{%- if server.get('enabled', false) %}
+ {%- do pkgs.extend(server.pkgs) %}
+{%- endif %}
+
+{%- if client.get('enabled', false) %}
+ {%- do pkgs.extend(client.pkgs) %}
+{%- endif %}
+
+barbican_packages:
+ pkg.latest:
+ - names: {{ pkgs|unique }}
+ - require:
+ - file: policy-rc.d_present
+ - require_in:
+ - file: policy-rc.d_absent
+
+policy-rc.d_absent:
+ file.absent:
+ - name: /usr/sbin/policy-rc.d
diff --git a/barbican/upgrade/post/init.sls b/barbican/upgrade/post/init.sls
new file mode 100644
index 0000000..bd9998f
--- /dev/null
+++ b/barbican/upgrade/post/init.sls
@@ -0,0 +1,10 @@
+{%- from "barbican/map.jinja" import server with context %}
+
+barbican_post:
+ test.show_notification:
+ - name: "dump_message_post-upgrade"
+ - text: "Running barbican.upgrade.post"
+
+keystone_os_client_config_absent:
+ file.absent:
+ - name: /etc/openstack/clouds.yml
diff --git a/barbican/upgrade/pre/init.sls b/barbican/upgrade/pre/init.sls
new file mode 100644
index 0000000..11fc75b
--- /dev/null
+++ b/barbican/upgrade/pre/init.sls
@@ -0,0 +1,23 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_pre:
+ test.show_notification:
+ - name: "dump_message_pre-upgrade_barbican"
+ - text: "Running barbican.upgrade.pre"
+
+python-os-client-config_package:
+ pkg.latest:
+ - name: python-os-client-config
+
+{%- set os_content = salt['mine.get']('I@keystone:client:os_client_config:enabled:true', 'keystone_os_client_config', 'compound').values()[0] %}
+keystone_os_client_config:
+ file.managed:
+ - name: /etc/openstack/clouds.yml
+ - contents: |
+ {{ os_content |yaml(False)|indent(8) }}
+ - user: 'root'
+ - group: 'root'
+ - makedirs: True
+ - unless: test -f /etc/openstack/clouds.yml
+ - require:
+ - pkg: python-os-client-config_package
diff --git a/barbican/upgrade/render_config.sls b/barbican/upgrade/render_config.sls
new file mode 100644
index 0000000..06614be
--- /dev/null
+++ b/barbican/upgrade/render_config.sls
@@ -0,0 +1,13 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_render_config:
+ test.show_notification:
+ - name: "dump_message_render_config_barbican"
+ - text: "Running barbican.upgrade.render_config"
+
+/etc/barbican/barbican.conf:
+ file.managed:
+ - source: salt://barbican/files/{{ server.version }}/barbican.conf.{{ grains.os_family }}
+ - template: jinja
+ - mode: 0640
+ - group: barbican
diff --git a/barbican/upgrade/service_running.sls b/barbican/upgrade/service_running.sls
new file mode 100644
index 0000000..dd5a822
--- /dev/null
+++ b/barbican/upgrade/service_running.sls
@@ -0,0 +1,26 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_task_service_running:
+ test.show_notification:
+ - name: "dump_message_service_running_barbican"
+ - text: "Running barbican.upgrade.service_running"
+
+{%- set bservices = [] %}
+{%- do bservices.extend(server.services) %}
+
+{%- if server.get('enabled') %}
+ {%- do bservices.append('apache2') %}
+{%- endif %}
+
+{%- if bservices|unique|length > 0 %}
+ {%- for service in bservices|unique %}
+barbican_service_running_{{ service }}:
+ service.running:
+ - enable: true
+ - name: {{ service }}
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ {%- endfor %}
+{%- endif %}
+
diff --git a/barbican/upgrade/service_stopped.sls b/barbican/upgrade/service_stopped.sls
new file mode 100644
index 0000000..1638c8c
--- /dev/null
+++ b/barbican/upgrade/service_stopped.sls
@@ -0,0 +1,26 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_task_service_stopped:
+ test.show_notification:
+ - name: "dump_message_service_stopped_barbican"
+ - text: "Running barbican.upgrade.service_stopped"
+
+{%- set bservices = [] %}
+{%- do bservices.extend(server.services) %}
+
+{%- if server.get('enabled') %}
+ {%- do bservices.append('apache2') %}
+{%- endif %}
+
+{%- if bservices|unique|length > 0 %}
+ {%- for service in bservices|unique %}
+barbican_service_stopped_{{ service }}:
+ service.dead:
+ - enable: false
+ - name: {{ service }}
+ {%- if grains.get('noservices') %}
+ - onlyif: /bin/false
+ {%- endif %}
+ {%- endfor %}
+{%- endif %}
+
diff --git a/barbican/upgrade/upgrade/init.sls b/barbican/upgrade/upgrade/init.sls
new file mode 100644
index 0000000..db53259
--- /dev/null
+++ b/barbican/upgrade/upgrade/init.sls
@@ -0,0 +1,13 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_upgrade:
+ test.show_notification:
+ - name: "dump_message_upgrade_barbican"
+ - text: "Running barbican.upgrade.upgrade"
+
+include:
+ - barbican.upgrade.service_stopped
+ - barbican.upgrade.pkgs_latest
+ - barbican.upgrade.render_config
+ - barbican.db.offline_sync
+ - barbican.upgrade.service_running
diff --git a/barbican/upgrade/upgrade/post.sls b/barbican/upgrade/upgrade/post.sls
new file mode 100644
index 0000000..b888c28
--- /dev/null
+++ b/barbican/upgrade/upgrade/post.sls
@@ -0,0 +1,6 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_upgrade_post:
+ test.show_notification:
+ - name: "dump_message_upgrade_barbican_post"
+ - text: "Running barbican.upgrade.upgrade.post"
diff --git a/barbican/upgrade/upgrade/pre.sls b/barbican/upgrade/upgrade/pre.sls
new file mode 100644
index 0000000..252f07e
--- /dev/null
+++ b/barbican/upgrade/upgrade/pre.sls
@@ -0,0 +1,6 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_upgrade_pre:
+ test.show_notification:
+ - name: "dump_message_upgrade_barbican_pre"
+ - text: "Running barbican.upgrade.upgrade.pre"
diff --git a/barbican/upgrade/verify/_api.sls b/barbican/upgrade/verify/_api.sls
new file mode 100644
index 0000000..ab3b237
--- /dev/null
+++ b/barbican/upgrade/verify/_api.sls
@@ -0,0 +1,35 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_upgrade_verify_api:
+ test.show_notification:
+ - name: "dump_message_verify_api_barbican"
+ - text: "Running barbican.upgrade.verify.api"
+
+{%- if server.enabled %}
+ {%- set secret_name = 'api_verify_secret_test' %}
+ {%- set secret_payload = salt['hashutil.base64_b64encode']('My_SaltTest_Payload') %}
+
+barbicanv1_secret_list:
+ module.run:
+ - name: barbicanv1.secret_list
+ - kwargs:
+ cloud_name: admin_identity
+
+barbican_secret_present:
+ barbicanv1.secret_present:
+ - cloud_name: admin_identity
+ - name: SaltTestSecret
+ - algorithm: RSA
+ - secret_type: certificate
+ - payload: {{ secret_payload }}
+ - payload_content_type: application/octet-stream
+ - payload_content_encoding: base64
+
+barbican_secret_absent:
+ barbicanv1.secret_absent:
+ - cloud_name: admin_identity
+ - name: SaltTestSecret
+ - require:
+ - barbican_secret_present
+
+{%- endif %}
diff --git a/barbican/upgrade/verify/_service.sls b/barbican/upgrade/verify/_service.sls
new file mode 100644
index 0000000..d5b9c8e
--- /dev/null
+++ b/barbican/upgrade/verify/_service.sls
@@ -0,0 +1,6 @@
+{%- from "barbican/map.jinja" import server, client with context %}
+
+barbican_task_uprade_verify_service:
+ test.show_notification:
+ - text: "Running barbican.upgrade.verify.service"
+
diff --git a/barbican/upgrade/verify/init.sls b/barbican/upgrade/verify/init.sls
new file mode 100644
index 0000000..f459c58
--- /dev/null
+++ b/barbican/upgrade/verify/init.sls
@@ -0,0 +1,8 @@
+barbican_upgrade_verify:
+ test.show_notification:
+ - name: "dump_message_upgrade_barbican_verify"
+ - text: "Running barbican.upgrade.verify"
+
+include:
+ - barbican.upgrade.verify._api
+ - barbican.upgrade.verify._service