Remove the secret key from the database when the setup fails

This will force `.configured?` to false the next time `.start` is run allowing us to retry the configuration. Before this change, users would have to blank the SECRET_KEY file on the filesystem to force a retry. https://bugzilla.redhat.com/show_bug.cgi?id=1439783 https://bugzilla.redhat.com/show_bug.cgi?id=1458886
ManageIQ · Jun 6, 2017 · f80e6dd · f80e6dd
1 parent 42eb2f8
commit f80e6dd
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/lib/embedded_ansible.rb b/lib/embedded_ansible.rb
@@ -99,6 +99,10 @@ def self.run_setup_script(exclude_tags)
       }
       AwesomeSpawn.run!(SETUP_SCRIPT, :params => params)
     end
+  rescue AwesomeSpawn::CommandResultError => e
+    _log.error("EmbeddedAnsible setup script failed with: #{e.message}")
+    miq_database.ansible_secret_key = nil
+    raise
   end
   private_class_method :run_setup_script
 

diff --git a/spec/lib/embedded_ansible_spec.rb b/spec/lib/embedded_ansible_spec.rb
@@ -262,10 +262,10 @@
       before do
         expect(described_class).to receive(:configured?).and_return(false)
         expect(described_class).to receive(:configure_secret_key)
-        expect(described_class).to receive(:alive?).and_return(true)
       end
 
       it "generates new passwords with no passwords set" do
+        expect(described_class).to receive(:alive?).and_return(true)
         expect(described_class).to receive(:generate_database_authentication).and_return(double(:userid => "awx", :password => "databasepassword"))
         expect(AwesomeSpawn).to receive(:run!) do |script_path, options|
           params                  = options[:params]
@@ -290,6 +290,7 @@
       end
 
       it "uses the existing passwords when they are set in the database" do
+        expect(described_class).to receive(:alive?).and_return(true)
         miq_database.set_ansible_admin_authentication(:password => "adminpassword")
         miq_database.set_ansible_rabbitmq_authentication(:userid => "rabbituser", :password => "rabbitpassword")
         miq_database.set_ansible_database_authentication(:userid => "databaseuser", :password => "databasepassword")
@@ -312,6 +313,15 @@
 
         described_class.start
       end
+
+      it "removes the secret key from the database when setup fails" do
+        miq_database.ansible_secret_key = "supersecretkey"
+        expect(described_class).to receive(:generate_database_authentication).and_return(double(:userid => "awx", :password => "databasepassword"))
+
+        expect(AwesomeSpawn).to receive(:run!).and_raise(AwesomeSpawn::CommandResultError.new("error", 1))
+        expect { described_class.start }.to raise_error(AwesomeSpawn::CommandResultError)
+        expect(miq_database.reload.ansible_secret_key).not_to be_present
+      end
     end
 
     describe ".generate_database_authentication (private)" do