+++ /dev/null
-#!/bin/bash
-
-#
-# Wrapper script to rotate keystone fernet keys on active controller only
-#
-KEYSTONE_KEYS_ROTATE_INFO="/var/run/keystone-keys-rotate.info"
-KEYSTONE_KEYS_ROTATE_CMD="/usr/bin/nice -n 2 /usr/bin/keystone-manage fernet_rotate --keystone-user keystone --keystone-group keystone"
-
-function is_active_pgserver()
-{
- # Determine whether we're running on the same controller as the service.
- local service=postgres
- local enabledactive=$(/usr/bin/sm-query service $service| grep enabled-active)
- if [ "x$enabledactive" == "x" ]
- then
- # enabled-active not found for that service on this controller
- return 1
- else
- # enabled-active found for that resource
- return 0
- fi
-}
-
-if is_active_pgserver
-then
- if [ ! -f ${KEYSTONE_KEYS_ROTATE_INFO} ]
- then
- echo delay_count=0 > ${KEYSTONE_KEYS_ROTATE_INFO}
- fi
-
- source ${KEYSTONE_KEYS_ROTATE_INFO}
- sudo -u postgres psql -d sysinv -c "SELECT alarm_id, entity_instance_id from i_alarm;" | grep -P "^(?=.*100.101)(?=.*${HOSTNAME})" &>/dev/null
- if [ $? -eq 0 ]
- then
- source /etc/platform/platform.conf
- if [ "${system_type}" = "All-in-one" ]
- then
- source /etc/init.d/task_affinity_functions.sh
- idle_core=$(get_most_idle_core)
- if [ "$idle_core" -ne "0" ]
- then
- sh -c "exec taskset -c $idle_core ${KEYSTONE_KEYS_ROTATE_CMD}"
- sed -i "/delay_count/s/=.*/=0/" ${KEYSTONE_KEYS_ROTATE_INFO}
- exit 0
- fi
- fi
-
- if [ "$delay_count" -lt "3" ]
- then
- newval=$(($delay_count+1))
- sed -i "/delay_count/s/=.*/=$newval/" ${KEYSTONE_KEYS_ROTATE_INFO}
- (sleep 3600; /usr/bin/keystone-fernet-keys-rotate-active) &
- exit 0
- fi
-
- fi
-
- eval ${KEYSTONE_KEYS_ROTATE_CMD}
- sed -i "/delay_count/s/=.*/=0/" ${KEYSTONE_KEYS_ROTATE_INFO}
-
-fi
-
-exit 0
-
Code Review / pti / rtp.git / blobdiff