openstack
/
tripleo-common
Code Issues Proposed changes

Add work_dir for some actions 

The Ansible actions and DownloadConfig actions both relied on a tmp path
for the working files they saved. This is less than ideal as some of
this data could be sensitive so it should not be stored in /tmp.

Also, the path was unpredictable, making things more difficult from a
user perspective.

This patch adds a work_dir input to these actions and makes use of that
input from the config-download-deploy workflow. The default behavior
when this input is not supplied is the previous behavior to use a
generated path under /tmp.

Change-Id: I89b17d0c4f035705fd5230caad06d331fd5b5e76
implements: blueprint ansible-config-download
This commit is contained in:
James Slagle 2017-10-24 14:27:10 -04:00
parent 10daf31842
commit 84644a1a1e
4 changed files with 32 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tripleo_common/actions/ansible.py
View File

@ -37,6 +37,10 @@ def write_default_ansible_cfg(work_dir,
config.set('defaults', 'log_path',
os.path.join(work_dir, 'ansible.log'))
# mistral user has no home dir set, so no place to save a known hosts file
config.set('ssh_connection', 'ssh_args',
'-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no')
with open(ansible_config_path, 'w') as configfile:
config.write(configfile)
@ -252,7 +256,8 @@ class AnsiblePlaybookAction(actions.Action):
self.extra_env_variables = self._kwargs_for_run.pop(
'extra_env_variables', None)
self._work_dir = None
self._work_dir = self._kwargs_for_run.pop(
'work_dir', None)
@property
def work_dir(self):
@ -425,9 +430,12 @@ class AnsiblePlaybookAction(actions.Action):
class AnsibleGenerateInventoryAction(actions.Action):
"""Executes tripleo-ansible-inventory to generate an inventory"""
def __init__(self, ansible_ssh_user):
self.ansible_ssh_user = ansible_ssh_user
self._work_dir = None
def __init__(self, **kwargs):
self._kwargs_for_run = kwargs
self.ansible_ssh_user = self._kwargs_for_run.pop(
'ansible_ssh_user', 'tripleo-admin')
self._work_dir = self._kwargs_for_run.pop(
'work_dir', None)
@property
def work_dir(self):

14
tripleo_common/actions/config.py
View File

@ -67,13 +67,17 @@ class DownloadConfigAction(templates.ProcessTemplatesAction):
:param container: name of the Swift container / plan name
"""
def __init__(self, container_config=constants.CONFIG_CONTAINER_NAME):
def __init__(self, container_config=constants.CONFIG_CONTAINER_NAME,
work_dir=None):
super(DownloadConfigAction, self).__init__(container_config)
self.container_config = container_config
self.work_dir = work_dir
if not self.work_dir:
self.work_dir = tempfile.mkdtemp(
prefix='tripleo-', suffix='-config')
def run(self, context):
swift = self.get_object_client(context)
tmp_dir = tempfile.mkdtemp(prefix='tripleo-',
suffix='-config')
swiftutils.download_container(swift, self.container_config, tmp_dir)
return tmp_dir
swiftutils.download_container(swift, self.container_config,
self.work_dir)
return self.work_dir

1
tripleo_common/tests/actions/test_ansible.py
View File

@ -117,6 +117,7 @@ class CopyConfigFileTest(base.TestCase):
work_dir = tempfile.mkdtemp(prefix='ansible-mistral-action-test')
# Needed for the configparser to be able to read this file.
ansible_cfg_file.write(b'[defaults]\n')
ansible_cfg_file.write(b'[ssh_connection]\n')
ansible_cfg_file.flush()
resulting_ansible_config = ansible.write_default_ansible_cfg(

17
workbooks/deployment.yaml
View File

@ -257,6 +257,7 @@ workflows:
input:
- timeout: 240
- queue_name: tripleo
- work_dir: /var/lib/mistral
tags:
- tripleo-common-managed
@ -273,8 +274,8 @@ workflows:
download_config:
action: tripleo.config.download_config
publish:
tmp_path: <% task(download_config).result %>
input:
work_dir: <% $.get('work_dir') %>/<% execution().id %>
on-success: send_msg_config_download
on-error: send_message
publish-on-error:
@ -290,7 +291,7 @@ workflows:
type: tripleo.deployment.v1.config_download
payload:
status: <% $.get('status', 'RUNNING') %>
message: Config downloaded at <% $.get('tmp_path') %>
message: Config downloaded at <% $.get('work_dir') %>/<% execution().id %>
execution: <% execution() %>
on-success: get_private_key
@ -308,6 +309,7 @@ workflows:
action: tripleo.ansible-generate-inventory
input:
ansible_ssh_user: tripleo-admin
work_dir: <% $.get('work_dir') %>/<% execution().id %>
publish:
inventory: <% task().result %>
on-success: send_msg_generate_inventory
@ -339,8 +341,8 @@ workflows:
payload:
status: <% $.get('status', 'RUNNING') %>
message: >
Running ansible playbook at <% $.get('work_dir') %>/deploy_steps_playbook.yaml.
See log file at <% $.get('work_dir') %>/ansible.log for progress.
Running ansible playbook at <% $.get('work_dir') %>/<% execution().id %>/deploy_steps_playbook.yaml.
See log file at <% $.get('work_dir') %>/<% execution().id %>/ansible.log for progress.
...
execution: <% execution() %>
on-success: run_ansible
@ -349,7 +351,7 @@ workflows:
action: tripleo.ansible-playbook
input:
inventory: <% $.inventory %>
playbook: <% $.get('tmp_path') %>/deploy_steps_playbook.yaml
playbook: <% $.get('work_dir') %>/<% execution().id %>/deploy_steps_playbook.yaml
remote_user: tripleo-admin
ssh_extra_args: '-o StrictHostKeyChecking=no'
ssh_private_key: <% $.private_key %>
@ -357,13 +359,14 @@ workflows:
verbosity: 1
become: true
timeout: <% $.timeout %>
work_dir: <% $.get('work_dir') %>/<% execution().id %>
publish:
log_path: <% task(run_ansible).result.get('log_path') %>
on-success: send_message
on-error: send_message
publish-on-error:
status: FAILED
message: Ansible failed, check log at <% $.get('log_path') %>.
message: Ansible failed, check log at <% $.get('work_dir') %>/<% execution().id %>/ansible.log.
send_message:
action: zaqar.queue_post