diff --git a/ansible/library/bslurp.py b/ansible/library/bslurp.py index 5d38f64bc3..a59c769c4c 100644 --- a/ansible/library/bslurp.py +++ b/ansible/library/bslurp.py @@ -58,6 +58,11 @@ options: - sha1 hash of the underlying data default: None type: bool + sha256: + description: + - sha256 hash of the underlying data + default: None + type: bool author: Sam Yaple ''' @@ -131,10 +136,12 @@ def copy_from_host(module): raw_data = f.read() sha1 = hashlib.sha1(raw_data).hexdigest() + sha256 = hashlib.sha256(raw_data).hexdigest() + data = zlib.compress(raw_data) if compress else raw_data - module.exit_json(content=base64.b64encode(data), sha1=sha1, mode=mode, - source=src) + module.exit_json(content=base64.b64encode(data), sha1=sha1, sha256=sha256, + mode=mode, source=src) def copy_to_host(module): @@ -142,12 +149,26 @@ def copy_to_host(module): dest = module.params.get('dest') mode = int(module.params.get('mode'), 0) sha1 = module.params.get('sha1') + sha256 = module.params.get('sha256') src = module.params.get('src') data = base64.b64decode(src) raw_data = zlib.decompress(data) if compress else data - if sha1: + if sha256: + if os.path.exists(dest): + if os.access(dest, os.R_OK): + with open(dest, 'rb') as f: + if hashlib.sha256(f.read()).hexdigest() == sha256: + module.exit_json(changed=False) + else: + module.exit_json(failed=True, changed=False, + msg='file is not accessible: {}'.format(dest)) + + if sha256 != hashlib.sha256(raw_data).hexdigest(): + module.exit_json(failed=True, changed=False, + msg='sha256 sum does not match data') + elif sha1: if os.path.exists(dest): if os.access(dest, os.R_OK): with open(dest, 'rb') as f: @@ -173,6 +194,7 @@ def main(): dest=dict(type='str'), mode=dict(default='0644', type='str'), sha1=dict(default=None, type='str'), + sha256=dict(default=None, type='str'), src=dict(required=True, type='str') ) module = AnsibleModule(argument_spec) diff --git a/ansible/roles/ceph/tasks/distribute_keyrings.yml b/ansible/roles/ceph/tasks/distribute_keyrings.yml index 1b87e1ada8..418ac6b547 100644 --- a/ansible/roles/ceph/tasks/distribute_keyrings.yml +++ b/ansible/roles/ceph/tasks/distribute_keyrings.yml @@ -17,7 +17,8 @@ bslurp: src: "{{ item.content }}" dest: "{{ node_config_directory }}/ceph-osd/{{ item.filename }}" - sha1: "{{ item.sha1 }}" + sha1: "{{ item.sha1 | default('')}}" + sha256: "{{ item.sha256 | default('')}}" mode: 0600 with_items: - "{{ ceph_files['ceph.client.admin.keyring'] }}" @@ -28,7 +29,8 @@ bslurp: src: "{{ item.content }}" dest: "{{ node_config_directory }}/ceph-mon/{{ item.filename }}" - sha1: "{{ item.sha1 }}" + sha1: "{{ item.sha1 | default('')}}" + sha256: "{{ item.sha256 | default('')}}" mode: 0600 with_items: - "{{ ceph_files['ceph.client.admin.keyring'] }}" @@ -42,7 +44,8 @@ bslurp: src: "{{ item.content }}" dest: "{{ node_config_directory }}/ceph-mgr/{{ item.filename }}" - sha1: "{{ item.sha1 }}" + sha1: "{{ item.sha1 | default('')}}" + sha256: "{{ item.sha256 | default('') }}" mode: 0600 with_items: - "{{ ceph_files['ceph.client.admin.keyring'] }}" @@ -53,7 +56,8 @@ bslurp: src: "{{ item.content }}" dest: "{{ node_config_directory }}/ceph-rgw/{{ item.filename }}" - sha1: "{{ item.sha1 }}" + sha1: "{{ item.sha1 | default('')}}" + sha256: "{{ item.sha256 | default('')}}" mode: 0600 with_items: - "{{ ceph_files['ceph.client.admin.keyring'] }}" @@ -65,7 +69,8 @@ bslurp: src: "{{ item.content }}" dest: "{{ node_config_directory }}/ceph-nfs/{{ item.filename }}" - sha1: "{{ item.sha1 }}" + sha1: "{{ item.sha1 | default('')}}" + sha256: "{{ item.sha256 | default('')}}" mode: 0600 with_items: - "{{ ceph_files['ceph.client.admin.keyring'] }}"