Add work_dir for some actions
The Ansible actions and DownloadConfig actions both relied on a tmp path for the working files they saved. This is less than ideal as some of this data could be sensitive so it should not be stored in /tmp. Also, the path was unpredictable, making things more difficult from a user perspective. This patch adds a work_dir input to these actions and makes use of that input from the config-download-deploy workflow. The default behavior when this input is not supplied is the previous behavior to use a generated path under /tmp. Change-Id: I89b17d0c4f035705fd5230caad06d331fd5b5e76 implements: blueprint ansible-config-download
This commit is contained in:
parent
10daf31842
commit
84644a1a1e
|
@ -37,6 +37,10 @@ def write_default_ansible_cfg(work_dir,
|
|||
config.set('defaults', 'log_path',
|
||||
os.path.join(work_dir, 'ansible.log'))
|
||||
|
||||
# mistral user has no home dir set, so no place to save a known hosts file
|
||||
config.set('ssh_connection', 'ssh_args',
|
||||
'-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no')
|
||||
|
||||
with open(ansible_config_path, 'w') as configfile:
|
||||
config.write(configfile)
|
||||
|
||||
|
@ -252,7 +256,8 @@ class AnsiblePlaybookAction(actions.Action):
|
|||
self.extra_env_variables = self._kwargs_for_run.pop(
|
||||
'extra_env_variables', None)
|
||||
|
||||
self._work_dir = None
|
||||
self._work_dir = self._kwargs_for_run.pop(
|
||||
'work_dir', None)
|
||||
|
||||
@property
|
||||
def work_dir(self):
|
||||
|
@ -425,9 +430,12 @@ class AnsiblePlaybookAction(actions.Action):
|
|||
class AnsibleGenerateInventoryAction(actions.Action):
|
||||
"""Executes tripleo-ansible-inventory to generate an inventory"""
|
||||
|
||||
def __init__(self, ansible_ssh_user):
|
||||
self.ansible_ssh_user = ansible_ssh_user
|
||||
self._work_dir = None
|
||||
def __init__(self, **kwargs):
|
||||
self._kwargs_for_run = kwargs
|
||||
self.ansible_ssh_user = self._kwargs_for_run.pop(
|
||||
'ansible_ssh_user', 'tripleo-admin')
|
||||
self._work_dir = self._kwargs_for_run.pop(
|
||||
'work_dir', None)
|
||||
|
||||
@property
|
||||
def work_dir(self):
|
||||
|
|
|
@ -67,13 +67,17 @@ class DownloadConfigAction(templates.ProcessTemplatesAction):
|
|||
:param container: name of the Swift container / plan name
|
||||
"""
|
||||
|
||||
def __init__(self, container_config=constants.CONFIG_CONTAINER_NAME):
|
||||
def __init__(self, container_config=constants.CONFIG_CONTAINER_NAME,
|
||||
work_dir=None):
|
||||
super(DownloadConfigAction, self).__init__(container_config)
|
||||
self.container_config = container_config
|
||||
self.work_dir = work_dir
|
||||
if not self.work_dir:
|
||||
self.work_dir = tempfile.mkdtemp(
|
||||
prefix='tripleo-', suffix='-config')
|
||||
|
||||
def run(self, context):
|
||||
swift = self.get_object_client(context)
|
||||
tmp_dir = tempfile.mkdtemp(prefix='tripleo-',
|
||||
suffix='-config')
|
||||
swiftutils.download_container(swift, self.container_config, tmp_dir)
|
||||
return tmp_dir
|
||||
swiftutils.download_container(swift, self.container_config,
|
||||
self.work_dir)
|
||||
return self.work_dir
|
||||
|
|
|
@ -117,6 +117,7 @@ class CopyConfigFileTest(base.TestCase):
|
|||
work_dir = tempfile.mkdtemp(prefix='ansible-mistral-action-test')
|
||||
# Needed for the configparser to be able to read this file.
|
||||
ansible_cfg_file.write(b'[defaults]\n')
|
||||
ansible_cfg_file.write(b'[ssh_connection]\n')
|
||||
ansible_cfg_file.flush()
|
||||
|
||||
resulting_ansible_config = ansible.write_default_ansible_cfg(
|
||||
|
|
|
@ -257,6 +257,7 @@ workflows:
|
|||
input:
|
||||
- timeout: 240
|
||||
- queue_name: tripleo
|
||||
- work_dir: /var/lib/mistral
|
||||
|
||||
tags:
|
||||
- tripleo-common-managed
|
||||
|
@ -273,8 +274,8 @@ workflows:
|
|||
|
||||
download_config:
|
||||
action: tripleo.config.download_config
|
||||
publish:
|
||||
tmp_path: <% task(download_config).result %>
|
||||
input:
|
||||
work_dir: <% $.get('work_dir') %>/<% execution().id %>
|
||||
on-success: send_msg_config_download
|
||||
on-error: send_message
|
||||
publish-on-error:
|
||||
|
@ -290,7 +291,7 @@ workflows:
|
|||
type: tripleo.deployment.v1.config_download
|
||||
payload:
|
||||
status: <% $.get('status', 'RUNNING') %>
|
||||
message: Config downloaded at <% $.get('tmp_path') %>
|
||||
message: Config downloaded at <% $.get('work_dir') %>/<% execution().id %>
|
||||
execution: <% execution() %>
|
||||
on-success: get_private_key
|
||||
|
||||
|
@ -308,6 +309,7 @@ workflows:
|
|||
action: tripleo.ansible-generate-inventory
|
||||
input:
|
||||
ansible_ssh_user: tripleo-admin
|
||||
work_dir: <% $.get('work_dir') %>/<% execution().id %>
|
||||
publish:
|
||||
inventory: <% task().result %>
|
||||
on-success: send_msg_generate_inventory
|
||||
|
@ -339,8 +341,8 @@ workflows:
|
|||
payload:
|
||||
status: <% $.get('status', 'RUNNING') %>
|
||||
message: >
|
||||
Running ansible playbook at <% $.get('work_dir') %>/deploy_steps_playbook.yaml.
|
||||
See log file at <% $.get('work_dir') %>/ansible.log for progress.
|
||||
Running ansible playbook at <% $.get('work_dir') %>/<% execution().id %>/deploy_steps_playbook.yaml.
|
||||
See log file at <% $.get('work_dir') %>/<% execution().id %>/ansible.log for progress.
|
||||
...
|
||||
execution: <% execution() %>
|
||||
on-success: run_ansible
|
||||
|
@ -349,7 +351,7 @@ workflows:
|
|||
action: tripleo.ansible-playbook
|
||||
input:
|
||||
inventory: <% $.inventory %>
|
||||
playbook: <% $.get('tmp_path') %>/deploy_steps_playbook.yaml
|
||||
playbook: <% $.get('work_dir') %>/<% execution().id %>/deploy_steps_playbook.yaml
|
||||
remote_user: tripleo-admin
|
||||
ssh_extra_args: '-o StrictHostKeyChecking=no'
|
||||
ssh_private_key: <% $.private_key %>
|
||||
|
@ -357,13 +359,14 @@ workflows:
|
|||
verbosity: 1
|
||||
become: true
|
||||
timeout: <% $.timeout %>
|
||||
work_dir: <% $.get('work_dir') %>/<% execution().id %>
|
||||
publish:
|
||||
log_path: <% task(run_ansible).result.get('log_path') %>
|
||||
on-success: send_message
|
||||
on-error: send_message
|
||||
publish-on-error:
|
||||
status: FAILED
|
||||
message: Ansible failed, check log at <% $.get('log_path') %>.
|
||||
message: Ansible failed, check log at <% $.get('work_dir') %>/<% execution().id %>/ansible.log.
|
||||
|
||||
send_message:
|
||||
action: zaqar.queue_post
|
||||
|
|
Loading…
Reference in New Issue