Add a post migration step to support rolling upgrades

Registered by Henry Nash

In order to support rolling upgrades (i.e. upgrading a multi-node keystone one node at a time while still running the service), some migration scripts cannot leave the database in the state they would ideally like. By adding a keystone-manage "migration complete" command, we allow this to be resolved once all nodes have been migrated. This is in line with the general approach for rolling upgrades being supported cross project.

Blueprint information

Status:
Complete
Approver:
Steve Martinelli
Priority:
High
Drafter:
Henry Nash
Direction:
Approved
Assignee:
Henry Nash
Definition:
New
Series goal:
Accepted for newton
Implementation:
Implemented
Milestone target:
milestone icon newton-3
Started by
Steve Martinelli
Completed by
Steve Martinelli

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/manage-migration,n,z

Addressed by: https://review.openstack.org/337680
    Add migration-complete step to keystone-manage

Addressed by: https://review.openstack.org/349703
    Add the migration phase status table

Addressed by: https://review.openstack.org/349716
    WIP Add support for rolling upgrades to keystone-manage

Addressed by: https://review.openstack.org/349939
    WIP - Add contract migrations to keystone-manage

Addressed by: https://review.openstack.org/350341
    Add basic upgrade documentation

Addressed by: https://review.openstack.org/350793
    Add rolling upgrade documentation

Gerrit topic: https://review.openstack.org/#q,topic:349700,n,z

Addressed by: https://review.openstack.org/349700
    Introduce read-only mode for the database

Addressed by: https://review.openstack.org/353753
    Add migration helper logic for rolling upgrades

Gerrit topic: https://review.openstack.org/#q,topic:bug/1596500,n,z

Addressed by: https://review.openstack.org/356053
    Make KeyRepository shareable

Addressed by: https://review.openstack.org/354495
    Add conf to support credential encryption

Addressed by: https://review.openstack.org/355618
    Add key_hash and encrypted_blob to credential table

Addressed by: https://review.openstack.org/355056
    Add create and update methods to credential Manager

Addressed by: https://review.openstack.org/354496
    Create a fernet credential provider

Addressed by: https://review.openstack.org/354497
    Document the fernet credential provider

Addressed by: https://review.openstack.org/358083
    Add key repository uniqueness check to doctor

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.