Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-4637

Lock out the puppetdb data user during migration

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PDB 6.10.0, PDB 5.2.14
    • Component/s: None
    • Labels:
      None
    • Template:
    • Team:
      HA
    • Story Points:
      1
    • Sprint:
      HA Team 2020-03-11, HA Team 2020-03-25, HA Team 2020-04-08, HA Team 2020-04-22 (SS 4/15), HA Team 2020-05-05
    • QA Risk Assessment:
      Needs Assessment

      Description

      When the puppetdb migrator is performing a migration it needs to ensure the data role is not connected to the database.

      The new migration workflow should look like

      • Lock the schema migration table with access exclusive
      • Check to see if migrations are needed, and if so,
      • Revoke connection access for data role,
      • Disconnect any in-flight connections
      • Perform migrations,
      • Commit transaction,
      • Reallow access for the data role

      To disconnect the data role's database connection(s)

      SELECT pg_terminate_backend(pid)
      FROM pg_stat_activity
      WHERE datname='<puppetdb/pe-puppetdb>'
            AND usename!='<puppetdb migrator role>';
      

        Attachments

          Activity

            People

            Assignee:
            rob.browning Rob Browning
            Reporter:
            austin.blatt Austin Blatt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support