resilience: do not compute signatures in pbs instance

As now the signature is parameterized (in the case of the webrunner), computing the signature may require not-webrunner-based tools (like a binary belonging to the SR. Then it can only be done on the export and the import.

resilience: do not compute signatures in pbs instance
As now the signature is parameterized (in the case of the webrunner), computing the signature may require not-webrunner-based tools (like a binary belonging to the SR. Then it can only be done on the export and the import.
8af349f7 · Nicolas Wavrant · 2f17cfdf · 8af349f7 · 8af349f7 · 8af349f7
Commit 8af349f7 authored Nov 07, 2018 by Nicolas Wavrant
Showing with 1 addition and 57 deletions

slapos/recipe/pbs.py slapos/recipe/pbs.py +0 -15

stack/resilient/buildout.hash.cfg stack/resilient/buildout.hash.cfg +1 -1

stack/resilient/instance-pull-backup.cfg.in stack/resilient/instance-pull-backup.cfg.in +0 -41

No files found.
--- a/slapos/recipe/pbs.py
+++ b/slapos/recipe/pbs.py
@@ -179,26 +179,11 @@ class Recipe(GenericSlapRecipe, Notify, Callback):
            $RDIFF_BACKUP --remove-older-than %(remove_backup_older_than)s --force $BACKUP_DIR
        fi
-        SUCCEEDED=true
-        if [ -e %(backup_signature)s ]; then
-          cd $BACKUP_DIR
-          find -type f ! -name backup.signature ! -wholename "./rdiff-backup-data/*" -print0 | xargs -0 sha256sum  | LC_ALL=C sort -k 66 > ../proof.signature
-          cmp backup.signature ../proof.signature || SUCCEEDED=false
-          diff -ruw backup.signature ../proof.signature > ../backup.diff
-          # XXX If there is a difference on the backup, we should publish the
-          # failure and ask the equeue, re-run this script again,
-          # instead do a push it to the clone.
-        fi
-        $SUCCEEDED || find $BACKUP_DIR -name rdiff-backup.tmp.* -exec rm -rf {} \;
        """)
    template_dict = {
      'rdiffbackup_binary': shlex.quote(self.options['rdiffbackup-binary']),
      'rdiff_backup_data': shlex.quote(os.path.join(local_dir, 'rdiff-backup-data')),
-      'backup_signature': shlex.quote(os.path.join(local_dir, 'backup.signature')),
      'remote_schema': shlex.quote(remote_schema),
      'remote_dir': shlex.quote(remote_dir),
      'local_dir': shlex.quote(local_dir),

--- a/stack/resilient/buildout.hash.cfg
+++ b/stack/resilient/buildout.hash.cfg
@@ -26,7 +26,7 @@ md5sum = c6c11db5372150019debb1ce519b907d
 [template-pull-backup]
 filename = instance-pull-backup.cfg.in
-md5sum = cda4bbedb3ec014ba0311629dd003b3a
+md5sum = 98d7e7c60e090dd3a460ca0410a194ec
 [template-replicated]
 filename = template-replicated.cfg.in

--- a/stack/resilient/instance-pull-backup.cfg.in
+++ b/stack/resilient/instance-pull-backup.cfg.in
@@ -9,10 +9,8 @@ parts =
  cron-entry-logrotate
  pbs-sshkeys-authority
  sshkeys-openssh
-  backup-checksum-integrity-promise
  resilient-genstatrss-wrapper
  pbs-push-history-log
-  backup-signature-link
  cron-pbs-status-feed
  pull-push-stalled-promise
  notifier-feed-status-promise
@@ -273,41 +271,6 @@ monitor-username = admin
 #--
 #-- Resiliency promises.
-[backup-checksum-integrity-promise]
-recipe = slapos.recipe.template:jinja2
-template = inline:
-  #!${dash:location}/bin/dash
-  # only check integrity if pull is not running
-  latest_item=$(ls -t $${pbs:status-item-directory} | head -n1)
-  if [ ! -z "$latest_item" ]; then
-    pbs_result=$(cat "$${pbs:status-item-directory}/$latest_item" | python -c "import sys, json; print json.load(sys.stdin)['title']" 2>/dev/null)
-    if [ "$?" -eq 0 ]; then
-      echo $pbs_result | egrep "pull_raw\s*:\s*STARTED" > /dev/null
-      if [ "$?" -eq 0 ]; then
-        echo "Skipped, PBS pull is running.";
-        exit 0;
-      fi
-    fi
-  fi
-  # Raise an error if signatures are different
-  # Error cannot be deduced if files do not exist
-  cd $${directory:pbs-backup}
-  if [ ! -f "proof.signature" ]; then exit 0; fi
-  backup_signature=$(find . -maxdepth 2 -name backup.signature -not -path "./tmp/*")
-  if [ -z "$backup_signature" ]; then
-    exit 0;
-  else
-    diff -q "proof.signature" "$backup_signature";
-    if [ "$?" -eq 0 ]; then
-      exit 0;
-    else
-      echo "Signature file is not the same before and after transfer"
-      exit 1
-    fi
-  fi
-rendered = $${basedirectory:promises}/backup-checksum-integrity
-mode = 700
 [resilient-genstatrss-wrapper]
 recipe = slapos.cookbook:wrapper
 # XXX - hard-coded Urls
@@ -318,10 +281,6 @@ wrapper-path = $${directory:bin}/resilient-genstatrss.py
 recipe = cns.recipe.symlink
 symlink = $${pbs:rdiff-backup-data-folder}/restore.log = $${basedirectory:log}/pbs-push-history-log
-[backup-signature-link]
-recipe = cns.recipe.symlink
-symlink = $${directory:pbs-backup}/proof.signature = $${directory:monitor-resilient}/backup.signature
 [pull-push-stalled-promise]
 recipe = slapos.cookbook:wrapper
 # # time-buffer is 24h (+1h of latitude)