Change the order in which fernet keys are synced
currently there is a small window during the fernet keys distribution
after their rotation on primary node where the fernet key repository
is completely misiing any file with content of current primary key
on primary controller.
This happens due to default order of operations performed by rsync,
which is "delete not needed files, copy new/changed files in alphanum
order".
Unfortunetaly there seems to be no way to affect in which order rsync
copies new/changed files, so to fix this issue two rsync are needed:
- copy all new/changed files excluding the file 0 (staged key), do not
delete any files
- sync again with file deletion after copying (which will effectively
copy only 0 file)
This will imitate the order in which files are changed during rotation
also during their distribution.
Change-Id: I473cc9db0c335ef7d806e8702381831b55b2113b
Related-Issue: https://mirantis.jira.com/browse/DEVCLOUD-262
diff --git a/keystone/files/keystone_keys_rotate.sh b/keystone/files/keystone_keys_rotate.sh
index d71eaff..ccec5ff 100644
--- a/keystone/files/keystone_keys_rotate.sh
+++ b/keystone/files/keystone_keys_rotate.sh
@@ -87,7 +87,8 @@
run_rsync () {
local sync_dir=$1
local sync_node=$2
- rsync -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' -avz --delete ${sync_dir} keystone@${sync_node}:${sync_dir}
+ rsync -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' -avz --exclude 0 ${sync_dir} keystone@${sync_node}:${sync_dir}
+ rsync -e 'ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no' -avz --delete-after ${sync_dir} keystone@${sync_node}:${sync_dir}
}
run_keystone () {