launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/lp-signing:charm-log-hosts into lp-signing:master

To: mp+381596@xxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Thu, 02 Apr 2020 17:08:29 -0000
Reply-to: mp+381596@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/lp-signing:charm-log-hosts into lp-signing:master.

Commit message:
Support log_hosts_allow charm config option

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/lp-signing/+git/lp-signing/+merge/381596

This sets up an rsync module allowing the configured hosts to fetch logs.  It's in line with what we do in turnip.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/lp-signing:charm-log-hosts into lp-signing:master.

diff --git a/charm/lp-signing/config.yaml b/charm/lp-signing/config.yaml
index 54d5f45..384473d 100644
--- a/charm/lp-signing/config.yaml
+++ b/charm/lp-signing/config.yaml
@@ -6,3 +6,9 @@ options:
       A JSON-encoded list of base64-encoded private service keys.  The first
       key in the list is the preferred one; older keys may follow,
       permitting rollover.
+  log_hosts_allow:
+    type: string
+    default: ""
+    description: >
+      Hosts that should be allowed to rsync logs. Note that this relies on
+      basenode.
diff --git a/charm/lp-signing/reactive/lp-signing.py b/charm/lp-signing/reactive/lp-signing.py
index ec512aa..5c1114c 100644
--- a/charm/lp-signing/reactive/lp-signing.py
+++ b/charm/lp-signing/reactive/lp-signing.py
@@ -10,6 +10,7 @@ from urllib.parse import (
 
 from charmhelpers.core import (
     hookenv,
+    host,
     templating,
     )
 from charms.reactive import (
@@ -32,6 +33,18 @@ def stormify_db_uri(uri):
     return urlunparse((scheme, *parsed_uri[1:]))
 
 
+def configure_rsync():
+    config = hookenv.config()
+    if config['log_hosts_allow']:
+        rsync_config = dict(config)
+        rsync_config['base_dir'] = base.base_dir()
+        templating.render(
+            'lp-signing-rsync.j2', '/etc/rsync-juju.d/010-lp-signing.conf',
+            rsync_config, perms=0o644)
+        if not host.service_restart('rsync'):
+            raise RuntimeError('Failed to restart rsync')
+
+
 @when('ols.configured', 'db.master.available')
 def configure(pgsql):
     config = hookenv.config()
@@ -48,6 +61,8 @@ def configure(pgsql):
         'service.conf.j2', config_path, svc_config,
         owner='root', group=base.user(), perms=0o440)
 
+    configure_rsync()
+
     set_state('service.configured')
 
 
diff --git a/charm/lp-signing/templates/lp-signing-rsync.j2 b/charm/lp-signing/templates/lp-signing-rsync.j2
new file mode 100644
index 0000000..97d85fe
--- /dev/null
+++ b/charm/lp-signing/templates/lp-signing-rsync.j2
@@ -0,0 +1,8 @@
+
+[lp-signing-logs]
+  path = {{ base_dir }}/logs
+  comment = LP Signing Logs
+  list = false
+  read only = true
+  hosts allow = {{ log_hosts_allow }}
+