fix: avoid reset of security.json if get fails (#659) #660
Conversation
|
adapted the expected setup-zk command and tested locally |
|
@smoldenhauer-ish your PR is from an organizational fork, so I'm unable to push a changelog entry, but can you merge - kind: fixed
description: Avoid reset of security.json if get request fails
links:
- name: Github Issue
url: https://github.com/apache/solr-operator/issues/659
- name: Github PR
url: https://github.com/apache/solr-operator/pull/660I'll be good to merge this after you do that! |
|
Added the changes entry - The 'edit by maintainers' is only available to private owned forks? |
| @@ -238,7 +238,7 @@ func addHostHeaderToProbe(httpGet *corev1.HTTPGetAction, host string) { | |||
|
|
|||
| func cmdToPutSecurityJsonInZk() string { | |||
| scriptsDir := "/opt/solr/server/scripts/cloud-scripts" | |||
| cmd := " ZK_SECURITY_JSON=$(%s/zkcli.sh -zkhost ${ZK_HOST} -cmd get /security.json); " | |||
| cmd := " ZK_SECURITY_JSON=$(%s/zkcli.sh -zkhost ${ZK_HOST} -cmd get /security.json || echo 'failed-to-get-security.json'); " | |||
There was a problem hiding this comment.
@HoustonPutman
This change appears to cause SolrCloud pods to be restarted upon upgrade of the operator. Should this be expected for a patch release; it's not mentioned in the release notes at https://apache.github.io/solr-operator/docs/upgrade-notes.html ?
2024-04-18T14:04:15Z INFO Update required because field changed {"controller": "solrcloud", "controllerGroup": "solr.apache.org", "controllerKind": "SolrCloud", "SolrCloud": {"name":"solrcloud-test-2","namespace":"solrcloud-test-2"}, "namespace": "solrcloud-test-2", "name": "solrcloud-test-2", "reconcileID": "8e7b7ebc-4536-4c7e-828a-2c65142f77b9", "statefulSet": "solrcloud-test-2-solrcloud", "kind": "statefulSet", "field": "Spec.Template.Spec.InitContainers[1].Command",
"from": ["sh", "-c", " ZK_SECURITY_JSON=$(/opt/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost ${ZK_HOST} -cmd get /security.json); if [ ${#ZK_SECURITY_JSON} -lt 3 ]; then echo $SECURITY_JSON > /tmp/security.json; /opt/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost ${ZK_HOST} -cmd putfile /security.json /tmp/security.json; echo \"put security.json in ZK\"; fi"],
"to": ["sh", "-c", " ZK_SECURITY_JSON=$(/opt/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost ${ZK_HOST} -cmd get /security.json || echo 'failed-to-get-security.json'); if [ ${#ZK_SECURITY_JSON} -lt 3 ]; then echo $SECURITY_JSON > /tmp/security.json; /opt/solr/server/scripts/cloud-scripts/zkcli.sh -zkhost ${ZK_HOST} -cmd putfile /security.json /tmp/security.json; echo \"put security.json in ZK\"; fi"]}
There was a problem hiding this comment.
So generally we try to avoid pod updates for patch versions, however for security fixes or bad bugs, then it becomes necessary. There was a security fix that required a pod template update, so this bug fix seemed like a good idea to include as well. Sorry for the confusion though. I do remember writing docs somewhere that security fixes might necessitate pod upgrades on a patch fix, but I can't seem to find it.
There was a problem hiding this comment.
Thanks for the update; much appreciated.
No description provided.