Always ensure that the local lxc cache file matches the upstream image

Ansible 1.9x only actually checks whether there's a local file - it never checks whether the local file matches the given sha256sum. We therefore need to set 'force:yes' to ensure that Ansible does the following: - download the file to a temporary location, checking its sha256sum against the given value - check the sha256sum of the existing file and the downloaded file - if the sha256sums match, then throw away the temp file - if the sha256sums do not match, replace the existing file In order to also provide the ability to forcibly delete any existing lxc cache which was previously prepared (successfully or unsuccessfully), the boolean variable 'lxc_container_base_delete' has been added. Change-Id: I988940892c89679edea887716851314fc1cf13b5 Closes-Bug: #1539236
2016-03-07 13:35:08 +00:00 · 2016-03-07 13:35:08 +00:00 · 45beccf508
parent ad8908a153
commit 45beccf508
2 changed files with 33 additions and 3 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -56,6 +56,9 @@ lxc_container_template_options: >
  --user {{ lxc_container_user_name }}
  --password {{ lxc_container_user_password }}

+# Set this boolean value to remove any previously prepared base image
+lxc_container_base_delete: no
+
 lxc_container_template_main_apt_repo: "https://mirror.rackspace.com/ubuntu"
 lxc_container_template_security_apt_repo: "https://mirror.rackspace.com/ubuntu"
 lxc_container_template_apt_components:
--- a/tasks/lxc_cache.yml
+++ b/tasks/lxc_cache.yml
@ -13,30 +13,57 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

+# TODO(odyssey4me)
+#  Ansible 1.9x only actually checks whether there's a local file - it never
+#  checks whether the local file matches the given sha256sum. Ansible 2.x
+#  fixes this, so once we move to Ansible 2.x we can pass this a sha256sum
+#  which will:
+#       a) allow us to remove force: yes
+#       b) allow the module to calculate the checksum of dest file which would
+#          result in file being downloaded only if provided and dest sha256sum
+#          checksums differ
+# Currently 'force:yes' will always download the file, then do a sha256sum
+# comparison between the downloaded file and the existing file, then replace
+# the existing file if it doesn't match.
+
 - name: Download lxc cache(s)
  get_url:
    url: "{{ item.url }}"
    dest: "/var/cache/lxc_{{ item.name }}"
    mode: "0644"
-    force: no
+    force: yes
    sha256sum: "{{ item.sha256sum }}"
    validate_certs: "{{ lxc_cache_validate_certs }}"
  register: cache_download
  retries: 3
  delay: 10
-  until: cache_download|success
+  until: cache_download | success
  with_items: lxc_container_caches
  tags:
    - lxc-cache
    - lxc-cache-download

+- name: Remove existing lxc cached images
+  file:
+    path: "{{ lxc_container_cache_path }}/{{ item.chroot_path }}"
+    state: absent
+  with_items: lxc_container_caches
+  when: >
+    cache_download | changed or
+    lxc_container_base_delete | bool
+  tags:
+    - lxc-cache
+    - lxc-cache-existing-remove
+
 - name: Move lxc cached image into place
  unarchive:
    src: "/var/cache/lxc_{{ item.name }}"
    dest: "{{ lxc_container_cache_path }}/"
    copy: "no"
  with_items: lxc_container_caches
-  when: cache_download|changed
+  when: >
+    cache_download | changed or
+    lxc_container_base_delete | bool
  tags:
    - lxc-cache
    - lxc-cache-unarchive