Running deferred SQL upgrades from rpki-start-servers doesn't work,

dunno why, but putting it there was always a kludge.  Try moving it to
an explicit post-start action in platform-specific startup scripts.

Rewrite deferred upgrade script for [5678] to do up-down rekey and
revoke as well, since that seemed to work better in initial testing.

svn path=/branches/tk671/; revision=5724

4 files changed, 25 insertions, 10 deletions

diff --git a/buildtools/debian-skeleton/rpki-ca.upstart b/buildtools/debian-skeleton/rpki-ca.upstart
index 36a792ee..345ab284 100644
--- a/buildtools/debian-skeleton/rpki-ca.upstart
+++ b/buildtools/debian-skeleton/rpki-ca.upstart
@@ -42,6 +42,8 @@ pre-start script
     fi
 end script
 
+post-start exec /usr/sbin/rpki-sql-setup --apply-deferred-upgrades
+
 post-stop script
     for i in rpkid pubd irdbd rootd
     do
diff --git a/buildtools/freebsd-skeleton/rpki-ca/files/rpki-ca.in b/buildtools/freebsd-skeleton/rpki-ca/files/rpki-ca.in
index d6234a12..b10dec39 100644
--- a/buildtools/freebsd-skeleton/rpki-ca/files/rpki-ca.in
+++ b/buildtools/freebsd-skeleton/rpki-ca/files/rpki-ca.in
@@ -17,6 +17,7 @@ rcvar=rpkica_enable
 required_files="/usr/local/etc/rpki.conf"
 
 start_cmd="rpkica_start"
+start_postcmd="rpkica_poststart"
 stop_cmd="rpkica_stop"
 
 load_rc_config $name
@@ -32,6 +33,11 @@ rpkica_start()
 	return 0
 }
 
+rpkica_poststart()
+{
+	/usr/local/sbin/rpki-sql-setup --apply-deferred-upgrades
+}
+
 rpkica_stop()
 {
 	for i in rpkid pubd irdbd rootd
diff --git a/rpkid/rpki-start-servers b/rpkid/rpki-start-servers
index e1c42e62..edaffb2e 100755
--- a/rpkid/rpki-start-servers
+++ b/rpkid/rpki-start-servers
@@ -42,8 +42,6 @@ parser.add_argument("-d", "--debug", action = "store_true",
                     help = "enable debugging")
 parser.add_argument("--logdir", default = ".",
                     help = "where to write write log files when debugging")
-parser.add_argument("--dont-apply-deferred-upgrades", action = "store_true",
-                    help = "don't apply deferred upgrade actions after starting daemons")
 args = parser.parse_args()
 
 cfg = rpki.config.parser(args.config, "myrpki")
@@ -76,7 +74,3 @@ if cfg.getboolean("start_pubd",  cfg.getboolean("run_pubd",  False)):
 
 if cfg.getboolean("start_rootd", cfg.getboolean("run_rootd", False)):
   run("rootd")
-
-if not args.dont_apply_deferred_upgrades:
-  os.execl(os.path.join(rpki.autoconf.sbindir, "rpki-sql-setup"),
-           "--apply-deferred-upgrades")
diff --git a/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py b/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py
index b89ff500..a60464d8 100644
--- a/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py
+++ b/rpkid/upgrade-scripts/upgrade-irdbd-to-0.5678.py
@@ -39,14 +39,27 @@ import subprocess, time
 print "Pausing to let RPKI daemons start up"
 time.sleep(10)
 
+def rpkic(cmd):
+  subprocess.check_call(("rpkic", "-i", handle, cmd))
+
 handles = subprocess.check_output(("rpkic", "list_self_handles")).splitlines()
 
 for handle in handles:
 
-  print "Forcing reissuance for", handle
-  subprocess.check_call(("rpkic", "-i", handle, "force_reissue"))
+  print "Processing", handle
+
+  print "Asking parent to reissue with new key"
+  rpkic("up_down_rekey")
+
+  print "Asking parent to revoke old key"
+  rpkic("up_down_revoke")
+
+  print "Reissuing everything"
+  rpkic("force_reissue")
+
+  print "Forcing publication"
+  rpkic("force_publication")
 
-  print "Forcing publication for", handle
-  subprocess.check_call(("rpkic", "-i", handle, "force_publication"))
+del rpkic
 
 ''')