launchpad-reviewers team mailing list archive

[Colin Watson <mp+456105@xxxxxxxxxxxxxxxxxx>]

Colin Watson has proposed merging ~cjwatson/launchpad:preflight-juju-fragile-users into launchpad:master.

Commit message:
preflight: Add Juju-style user names to FRAGILE_USERS

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/456105

The preflight checks got a lot less useful when we switched to Juju deployments, because to simplify credentials management we connect as a per-charm user and then switch to the real target role after connecting, but `pg_stat_activity` only shows the original user name.  For safety, fail preflight checks if any of the Juju-style user names associated with publishers or upload processors are connected.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:preflight-juju-fragile-users into launchpad:master.

diff --git a/database/schema/preflight.py b/database/schema/preflight.py
index f5c42f6..6bf87be 100755
--- a/database/schema/preflight.py
+++ b/database/schema/preflight.py
@@ -35,6 +35,15 @@ SYSTEM_USERS = {"postgres", "slony", "nagios", "lagmon"}
 # connected, so these systems will need to be shut down manually before
 # a database update.
 FRAGILE_USERS = {
+    # With Juju, we switch to the target role after connecting;
+    # unfortunately pg_stat_activity only shows us the user as which we
+    # originally connected.  Until and unless we can devise a way to find
+    # the actual role, we need these more general entries.
+    "juju_launchpad-copy-archive-publisher",
+    "juju_launchpad-ftpmaster-publisher",
+    "juju_launchpad-ftpmaster-uploader",
+    "juju_launchpad-ppa-publisher",
+    "juju_launchpad-ppa-uploader",
     # process_accepted is fragile, but also fast so we likely shouldn't
     # need to ever manually shut it down.
     "process_accepted",