From 572648f6fd91494bc4d134b0f9ede629ad7e507a Mon Sep 17 00:00:00 2001 From: Neha Oudin Date: Fri, 6 Dec 2024 10:34:56 +0100 Subject: [PATCH] fix: restart charm and correct secrets --- single_kernel_mongo/events/sharding.py | 11 +++-------- single_kernel_mongo/managers/config.py | 2 +- single_kernel_mongo/managers/sharding.py | 17 ++++++++++------- 3 files changed, 14 insertions(+), 16 deletions(-) diff --git a/single_kernel_mongo/events/sharding.py b/single_kernel_mongo/events/sharding.py index 93ba99fa..69335581 100644 --- a/single_kernel_mongo/events/sharding.py +++ b/single_kernel_mongo/events/sharding.py @@ -41,8 +41,6 @@ logger = logging.getLogger(__name__) -logger = logging.getLogger(__name__) - class ConfigServerEventHandler(Object): """Event Handler for managing config server side events.""" @@ -110,10 +108,7 @@ def __init__(self, dependent: MongoDBOperator): self.charm.on[self.relation_name].relation_created, self._on_relation_created ) self.framework.observe( - self.database_require_events.on.database_created, self._on_relation_changed - ) - self.framework.observe( - self.charm.on[self.relation_name].relation_changed, self._on_relation_changed + self.database_require_events.on.database_created, self._on_database_created ) self.framework.observe( @@ -132,9 +127,9 @@ def __init__(self, dependent: MongoDBOperator): def _on_relation_created(self, event: RelationCreatedEvent): self.manager.relation_created() - def _on_relation_changed(self, event: RelationChangedEvent | DatabaseCreatedEvent): + def _on_database_created(self, event: DatabaseCreatedEvent): try: - self.manager.relation_changed(event.relation) + self.manager.on_database_created(event.relation) except ( DeferrableFailedHookChecksError, WaitingForSecretsError, diff --git a/single_kernel_mongo/managers/config.py b/single_kernel_mongo/managers/config.py index 49e3bd98..42ff3d00 100644 --- a/single_kernel_mongo/managers/config.py +++ b/single_kernel_mongo/managers/config.py @@ -100,7 +100,7 @@ def connect(self): self.workload.stop() self.set_environment() # Avoid restart errors on PBM. - time.sleep(2) + time.sleep(5) self.workload.start() except WorkloadServiceError as e: logger.error(f"Failed to restart {self.workload.service}: {e}") diff --git a/single_kernel_mongo/managers/sharding.py b/single_kernel_mongo/managers/sharding.py index d731a92d..9b546cbc 100644 --- a/single_kernel_mongo/managers/sharding.py +++ b/single_kernel_mongo/managers/sharding.py @@ -467,7 +467,7 @@ def relation_created(self): self.state.unit_peer_data.drained = False self.charm.status_manager.to_maintenance("Adding shard to config-server") - def relation_changed(self, relation: Relation, leaving: bool = False): + def on_database_created(self, relation: Relation, leaving: bool = False): """Retrieves secrets from config-server and updates them within the shard.""" try: self.assert_pass_hook_checks(relation=relation, is_leaving=leaving) @@ -478,7 +478,7 @@ def relation_changed(self, relation: Relation, leaving: bool = False): keyfile = self.state.shard_state.keyfile tls_ca = self.state.shard_state.internal_ca_secret - if keyfile is None and tls_ca is None: + if keyfile is None: logger.info("Waiting for secrets from config-server") raise WaitingForSecretsError @@ -517,6 +517,8 @@ def handle_secret_changed(self, secret_label: str | None): return if not (relation := self.state.shard_relation): return + if self.data_requirer.fetch_my_relation_field(relation.id, "auth-updated") != "true": + return # many secret changed events occur, only listen to those related to our interface with the # config-server @@ -546,10 +548,9 @@ def relation_broken(self, relation: Relation) -> None: self.charm.status_manager.to_active("Shard drained from cluster, ready for removal") - def update_member_auth(self, keyfile: str | None, tls_ca: str | None): + def update_member_auth(self, keyfile: str, tls_ca: str | None): """Updates the shard to have the same membership auth as the config-server.""" cluster_auth_tls = tls_ca is not None - cluster_auth_keyfile = keyfile is not None tls_integrated = self.state.tls_relation is not None # Edge case: shard has TLS enabled before having connected to the config-server. For TLS in @@ -560,14 +561,16 @@ def update_member_auth(self, keyfile: str | None, tls_ca: str | None): logger.info("Cluster implements internal membership auth via certificates") self.dependent.tls_manager.generate_certificate_request(param=None, internal=True) self.dependent.tls_manager.generate_certificate_request(param=None, internal=False) - elif cluster_auth_keyfile and not cluster_auth_tls and not tls_integrated: + else: logger.info("Cluster implements internal membership auth via keyFile") # Copy over keyfile regardless of whether the cluster uses TLS or or KeyFile for internal # membership authentication. If TLS is disabled on the cluster this enables the cluster to # have the correct cluster KeyFile readily available. - if keyfile: - self.workload.write(path=self.workload.paths.keyfile, content=keyfile) + self.workload.write(path=self.workload.paths.keyfile, content=keyfile) + self.dependent.restart_charm_services() + if self.charm.unit.is_leader(): + self.state.app_peer_data.keyfile = keyfile def sync_cluster_passwords(self, operator_password: str, backup_password: str) -> None: """Update shared cluster passwords."""