Beispiel #1
0
def cluster_changed():
    unison.ssh_authorized_peers(user=SSH_USER, group="juju_keystone", peer_interface="cluster", ensure_local_user=True)
    # NOTE(jamespage) re-echo passwords for peer storage
    echo_whitelist = ["_passwd", "identity-service:", "ssl-cert-master", "db-initialised", "ssl-cert-available-updates"]
    log("Peer echo whitelist: %s" % (echo_whitelist), level=DEBUG)
    peer_echo(includes=echo_whitelist, force=True)

    check_peer_actions()

    initialise_pki()

    # Figure out if we need to mandate a sync
    units = get_ssl_sync_request_units()
    synced_units = relation_get(attribute="ssl-synced-units", unit=local_unit())
    diff = None
    if synced_units:
        synced_units = json.loads(synced_units)
        diff = set(units).symmetric_difference(set(synced_units))

    if units and (not synced_units or diff):
        log("New peers joined and need syncing - %s" % (", ".join(units)), level=DEBUG)
        update_all_identity_relation_units_force_sync()
    else:
        update_all_identity_relation_units()

    if not is_elected_leader(CLUSTER_RES) and is_ssl_cert_master():
        # Force and sync and trigger a sync master re-election since we are not
        # leader anymore.
        force_ssl_sync()
    else:
        CONFIGS.write_all()
Beispiel #2
0
def cluster_changed():
    unison.ssh_authorized_peers(user=SSH_USER,
                                group=SSH_USER,
                                peer_interface='cluster',
                                ensure_local_user=True)
    # NOTE(jamespage) re-echo passwords for peer storage
    echo_whitelist = [
        '_passwd', 'identity-service:', 'db-initialised',
        'ssl-cert-available-updates'
    ]
    # Don't echo if leader since a re-election may be in progress.
    if not is_leader():
        echo_whitelist.append('ssl-cert-master')

    log("Peer echo whitelist: %s" % (echo_whitelist), level=DEBUG)
    peer_echo(includes=echo_whitelist, force=True)

    check_peer_actions()

    initialise_pki()

    if is_leader():
        # Figure out if we need to mandate a sync
        units = get_ssl_sync_request_units()
        synced_units = relation_get_and_migrate(attribute='ssl-synced-units',
                                                unit=local_unit())
        diff = None
        if synced_units:
            synced_units = json.loads(synced_units)
            diff = set(units).symmetric_difference(set(synced_units))
    else:
        units = None

    if units and (not synced_units or diff):
        log("New peers joined and need syncing - %s" % (', '.join(units)),
            level=DEBUG)
        update_all_identity_relation_units_force_sync()
    else:
        update_all_identity_relation_units()

    if not is_leader() and is_ssl_cert_master():
        # Force and sync and trigger a sync master re-election since we are not
        # leader anymore.
        force_ssl_sync()
    else:
        CONFIGS.write_all()