From 6642a60830c0e7aaef0cd3e977c9d26f5ab7daa1 Mon Sep 17 00:00:00 2001 From: Ricardo Rocha Date: Thu, 10 Oct 2019 10:00:48 +0200 Subject: [PATCH] Set db_auto_create default to False Change the default value for the db_auto_create option to False. This is vital as the flag is managing upgrades as well if the databases already exist. It will prevent production deployments from having their databases impacted if an API daemon is started for any reason pointing to a production database. Change-Id: Id7eac78737af76afe628deeca7c15c2ac969d47e --- barbican/common/config.py | 2 +- doc/source/contributor/database_migrations.rst | 4 ---- doc/source/install/common_configure.rst | 10 ++++------ .../update-autodbcreate-default-31b5a86063b91444.yaml | 8 ++++++++ 4 files changed, 13 insertions(+), 11 deletions(-) create mode 100644 releasenotes/notes/update-autodbcreate-default-31b5a86063b91444.yaml diff --git a/barbican/common/config.py b/barbican/common/config.py index 5dd02a206..7ba23e25f 100644 --- a/barbican/common/config.py +++ b/barbican/common/config.py @@ -89,7 +89,7 @@ db_opts = [ cfg.IntOpt('sql_retry_interval', default=1, help=u._("Interval between retries of opening a SQL " "connection.")), - cfg.BoolOpt('db_auto_create', default=True, + cfg.BoolOpt('db_auto_create', default=False, help=u._("Create the Barbican database on service startup.")), cfg.IntOpt('max_limit_paging', default=100, help=u._("Maximum page size for the 'limit' paging URL " diff --git a/doc/source/contributor/database_migrations.rst b/doc/source/contributor/database_migrations.rst index 5b42dc3ee..9cc17b144 100644 --- a/doc/source/contributor/database_migrations.rst +++ b/doc/source/contributor/database_migrations.rst @@ -12,10 +12,6 @@ Database migrations can be optionally enabled during the API startup process. Corollaries for this are that a new deployment should begin with only one node to avoid migration race conditions. -Alternatively, the automatic update startup behavior can be disabled, forcing -the use of the migration script. This latter mode is probably safer to use in -production environments. - Policy ------- diff --git a/doc/source/install/common_configure.rst b/doc/source/install/common_configure.rst index 27184c378..bb8339119 100644 --- a/doc/source/install/common_configure.rst +++ b/doc/source/install/common_configure.rst @@ -51,12 +51,10 @@ #. Populate the Key Manager service database: - The Key Manager service database will be automatically populated - when the service is first started. To prevent this, and run the - database sync manually, edit the ``/etc/barbican/barbican.conf`` file - and set db_auto_create in the ``[DEFAULT]`` section to False. - - Then populate the database as below: + If you wish the Key Manager service to automatically populate the + database when the service is first started, set db_auto_create to + True in the ``[DEFAULT]`` section. By default this will not be active + and you can populate the database manually as below: .. code-block:: console diff --git a/releasenotes/notes/update-autodbcreate-default-31b5a86063b91444.yaml b/releasenotes/notes/update-autodbcreate-default-31b5a86063b91444.yaml new file mode 100644 index 000000000..4942f1f73 --- /dev/null +++ b/releasenotes/notes/update-autodbcreate-default-31b5a86063b91444.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + Default for auto_db_create has been changed to False (was True). This is a + change compared to the previous behavior, but required to protect + production deployments from performing upgrades without control. If you + wish to keep the auto db creation/upgrade behavior, change this to True + in your configuration.