Distribute cipher file when upgrade and expand.

script/impl/expansion/ExpansionImpl.py

@@ -456,6 +456,7 @@ class ExpansionImpl():
         self.setGucConfig()
         self.addTrust()
         self.generateGRPCCert()
+        self.distributeCipherFile()
         self.buildStandbyHosts()
         self.generateClusterStaticFile()
 
@@ -597,6 +598,34 @@ gs_guc set -D {dn} -c "available_zone='{azName}'"
             self.context.createGrpcCa(needGRPCHosts)
         self.logger.debug("End to generate GRPC cert.")
 
+    def distributeCipherFile(self):
+        """
+        distribute cipher file to new host
+        """
+        hostList = []
+        for host in self.expansionSuccess:
+            if self.expansionSuccess[host]:
+                hostList.append(host)
+
+        if (len(hostList) == 0):
+            return
+
+        self.logger.debug("Start to distribute cipher file.")
+        cipherFileList = ["datasource.key.cipher",
+                      "datasource.key.rand",
+                      "usermapping.key.cipher",
+                      "usermapping.key.rand"]
+
+        sshTool = SshTool(hostList)
+        appPath = self.context.clusterInfoDict["appPath"]
+        filePath = os.path.join(appPath, "bin")
+        for cipherFile in cipherFileList:
+            scpFile = os.path.join(filePath, "%s" % cipherFile)
+            self.logger.debug("try to send file: %s" % scpFile)
+            if os.path.exists(scpFile):
+                sshTool.scpFiles(scpFile, filePath, hostList)
+        self.logger.debug("End to distribute cipher file.")
+
     def reloadPrimaryConf(self, user=""):
         """
         """

script/impl/upgrade/UpgradeImpl.py

@@ -4691,6 +4691,8 @@ class UpgradeImpl:
         #    server.key.rand
         #    datasource.key.cipher
         #    datasource.key.rand
+        #    usermapping.key.cipher
+        #    usermapping.key.rand
         #    utilslib
         #    /share/sslsert/ca.key
         #    /share/sslsert/etcdca.crt

script/local/UpgradeUtility.py

@@ -1345,7 +1345,8 @@ def backupConfig():
         DefaultValue.execCommandLocally(cmd)
 
         # backup obsserver.key.cipher/obsserver.key.rand and server.key.
-        # cipher/server.key.rand and datasource.key.cipher/datasource.key.rand
+        # cipher/server.key.rand and datasource.key.cipher/datasource.key.rand.
+        # usermapping.key.cipher/usermapping.key.rand
         OBS_cipher_key_bak_file = \
             "%s/bin/obsserver.key.cipher" % clusterAppPath
         cmd = "(if [ -f '%s' ];then cp -f -p '%s' '%s';fi)" % (
@@ -1382,6 +1383,12 @@ def backupConfig():
         datasource_rand = "%s/bin/datasource.key.rand" % clusterAppPath
         cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s';fi)" % (
             datasource_rand, datasource_rand, bakPath)
+        usermapping_cipher = "%s/bin/usermapping.key.cipher" % clusterAppPath
+        cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s';fi)" % (
+            usermapping_cipher, usermapping_cipher, bakPath)
+        usermapping_rand = "%s/bin/usermapping.key.rand" % clusterAppPath
+        cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s';fi)" % (
+            usermapping_rand, usermapping_rand, bakPath)
         tde_key_cipher = "%s/bin/gs_tde_keys.cipher" % clusterAppPath
         cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s';fi)" % (
             tde_key_cipher, tde_key_cipher, bakPath)
@@ -1570,6 +1577,7 @@ def restoreConfig():
         # restore obsserver.key.cipher/obsserver.key.rand
         # and server.key.cipher/server.key.rand
         # and datasource.key.cipher/datasource.key.rand
+        # and usermapping.key.cipher/usermapping.key.rand
         OBS_cipher_key_bak_file = "%s/obsserver.key.cipher" % bakPath
         cmd = "(if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
             OBS_cipher_key_bak_file, OBS_cipher_key_bak_file, clusterAppPath)
@@ -1604,6 +1612,12 @@ def restoreConfig():
         datasource_rand = "%s/datasource.key.rand" % bakPath
         cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
             datasource_rand, datasource_rand, clusterAppPath)
+        usermapping_cipher = "%s/usermapping.key.cipher" % bakPath
+        cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
+            usermapping_cipher, usermapping_cipher, clusterAppPath)
+        usermapping_rand = "%s/usermapping.key.rand" % bakPath
+        cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
+            usermapping_rand, usermapping_rand, clusterAppPath)
         tde_key_cipher = "%s/gs_tde_keys.cipher" % bakPath
         cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
             tde_key_cipher, tde_key_cipher, clusterAppPath)
@@ -3430,6 +3444,7 @@ def greyUpgradeSyncConfig():
     # sync obsserver.key.cipher/obsserver.key.rand and
     #  server.key.cipher/server.key.rand and
     # datasource.key.cipher/datasource.key.rand
+    # usermapping.key.cipher/usermapping.key.rand
     OBS_cipher_key_bak_file = "%s/bin/obsserver.key.cipher" % srcDir
     cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
         OBS_cipher_key_bak_file, OBS_cipher_key_bak_file, destDir)
@@ -3472,6 +3487,12 @@ def greyUpgradeSyncConfig():
     datasource_rand = "%s/bin/datasource.key.rand" % srcDir
     cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
         datasource_rand, datasource_rand, destDir)
+    usermapping_cipher = "%s/bin/usermapping.key.cipher" % srcDir
+    cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
+        usermapping_cipher, usermapping_cipher, destDir)
+    usermapping_rand = "%s/bin/usermapping.key.rand" % srcDir
+    cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
+        usermapping_rand, usermapping_rand, destDir)
     tde_key_cipher = "%s/bin/gs_tde_keys.cipher" % srcDir
     cmd += " && (if [ -f '%s' ];then cp -f -p '%s' '%s/bin/';fi)" % (
         tde_key_cipher, tde_key_cipher, destDir)