4 # Wrapper script to rotate keystone fernet keys on active controller only
6 KEYSTONE_KEYS_ROTATE_INFO="/var/run/keystone-keys-rotate.info"
7 KEYSTONE_KEYS_ROTATE_CMD="/usr/bin/nice -n 2 /usr/bin/keystone-manage fernet_rotate --keystone-user keystone --keystone-group keystone"
9 function is_active_pgserver()
11 # Determine whether we're running on the same controller as the service.
12 local service=postgres
13 local enabledactive=$(/usr/bin/sm-query service $service| grep enabled-active)
14 if [ "x$enabledactive" == "x" ]
16 # enabled-active not found for that service on this controller
19 # enabled-active found for that resource
26 if [ ! -f ${KEYSTONE_KEYS_ROTATE_INFO} ]
28 echo delay_count=0 > ${KEYSTONE_KEYS_ROTATE_INFO}
31 source ${KEYSTONE_KEYS_ROTATE_INFO}
32 sudo -u postgres psql -d sysinv -c "SELECT alarm_id, entity_instance_id from i_alarm;" | grep -P "^(?=.*100.101)(?=.*${HOSTNAME})" &>/dev/null
35 source /etc/platform/platform.conf
36 if [ "${system_type}" = "All-in-one" ]
38 source /etc/init.d/task_affinity_functions.sh
39 idle_core=$(get_most_idle_core)
40 if [ "$idle_core" -ne "0" ]
42 sh -c "exec taskset -c $idle_core ${KEYSTONE_KEYS_ROTATE_CMD}"
43 sed -i "/delay_count/s/=.*/=0/" ${KEYSTONE_KEYS_ROTATE_INFO}
48 if [ "$delay_count" -lt "3" ]
50 newval=$(($delay_count+1))
51 sed -i "/delay_count/s/=.*/=$newval/" ${KEYSTONE_KEYS_ROTATE_INFO}
52 (sleep 3600; /usr/bin/keystone-fernet-keys-rotate-active) &
58 eval ${KEYSTONE_KEYS_ROTATE_CMD}
59 sed -i "/delay_count/s/=.*/=0/" ${KEYSTONE_KEYS_ROTATE_INFO}
Code Review / pti / rtp.git / blob