ef84890798
The IPA ramdisk and kernel images may be built or downloaded via a URL. If the latter option is used, any images previously downloaded to $KOLLA_CONFIG_PATH/config/ironic/ironic-agent.* would previously not be updated if the image contents change. This change introduces variables for setting a URL to a file containing checksums for the images. The algorithm used to compute the checksum is also configurable (default sha256). This allows us to ensure we are using the correct version of the image, while avoiding an expensive few hundred megabyte image download just to check. If a checksum is not specified, the image will be downloaded every time to ensure that it is up to date. Change-Id: I8120518ed98d61f3652f5205ce7ec9f798ab2aa1 Story: 2001660 Task: 6693
130 lines
4.8 KiB
YAML
130 lines
4.8 KiB
YAML
---
|
|
- name: Ensure image download directory exists
|
|
file:
|
|
path: "{{ ipa_images_cache_path }}"
|
|
state: directory
|
|
owner: "{{ ansible_user_uid }}"
|
|
group: "{{ ansible_user_gid }}"
|
|
become: True
|
|
|
|
- name: Ensure Ironic Python Agent (IPA) images are present
|
|
vars:
|
|
image_download_url: "{{ item.url }}"
|
|
image_download_checksum_url: "{{ item.checksum_url }}"
|
|
image_download_checksum_algorithm: "{{ item.checksum_algorithm }}"
|
|
image_download_dest: "{{ item.dest }}"
|
|
include_role:
|
|
name: image-download
|
|
with_items:
|
|
- url: "{{ ipa_images_kernel_url }}"
|
|
checksum_url: "{{ ipa_images_kernel_checksum_url }}"
|
|
checksum_algorithm: "{{ ipa_images_kernel_checksum_algorithm }}"
|
|
dest: "{{ ipa_images_cache_path }}/{{ ipa_images_kernel_name }}"
|
|
- url: "{{ ipa_images_ramdisk_url }}"
|
|
checksum_url: "{{ ipa_images_ramdisk_checksum_url }}"
|
|
checksum_algorithm: "{{ ipa_images_ramdisk_checksum_algorithm }}"
|
|
dest: "{{ ipa_images_cache_path }}/{{ ipa_images_ramdisk_name }}"
|
|
when: item.url is not none
|
|
loop_control:
|
|
label: "{{ item.dest }}"
|
|
|
|
- name: Compute the MD5 checksum of the Ironic Python Agent (IPA) images
|
|
stat:
|
|
path: "{{ ipa_images_cache_path }}/{{ item }}"
|
|
get_checksum: True
|
|
checksum_algorithm: md5
|
|
mime: False
|
|
with_items:
|
|
- "{{ ipa_images_kernel_name }}"
|
|
- "{{ ipa_images_ramdisk_name }}"
|
|
register: ipa_images_checksum
|
|
|
|
- name: Fail if an image does not exist
|
|
fail:
|
|
msg: "{{ item.path }} does not exist"
|
|
with_items:
|
|
- path: "{{ ipa_images_cache_path }}/{{ ipa_images_kernel_name }}"
|
|
exists: "{{ ipa_images_checksum.results[0].stat.exists | bool }}"
|
|
- path: "{{ ipa_images_cache_path }}/{{ ipa_images_ramdisk_name }}"
|
|
exists: "{{ ipa_images_checksum.results[1].stat.exists | bool }}"
|
|
when:
|
|
- not item.exists
|
|
|
|
- name: Activate the virtualenv
|
|
include_role:
|
|
name: activate-virtualenv
|
|
vars:
|
|
activate_virtualenv_path: "{{ ipa_images_venv }}"
|
|
|
|
- name: Ensure we have python-ironicclient installed
|
|
pip:
|
|
name: python-ironicclient
|
|
virtualenv: "{{ ipa_images_venv }}"
|
|
|
|
# To support updating the IPA image, we check the MD5 sum of the cached image
|
|
# files, and compare with the images in Glance (if there are any).
|
|
|
|
- name: Gather facts about Ironic Python Agent (IPA) kernel image
|
|
os_image_facts:
|
|
auth_type: "{{ ipa_images_openstack_auth_type }}"
|
|
auth: "{{ ipa_images_openstack_auth }}"
|
|
image: "{{ ipa_images_kernel_name }}"
|
|
|
|
- name: Set a fact containing the Ironic Python Agent (IPA) kernel image
|
|
set_fact:
|
|
ipa_images_kernel_openstack_image: "{{ openstack_image if openstack_image else {} }}"
|
|
|
|
- name: Gather facts about Ironic Python Agent (IPA) ramdisk image
|
|
os_image_facts:
|
|
auth_type: "{{ ipa_images_openstack_auth_type }}"
|
|
auth: "{{ ipa_images_openstack_auth }}"
|
|
image: "{{ ipa_images_ramdisk_name }}"
|
|
|
|
- name: Set a fact containing the Ironic Python Agent (IPA) ramdisk image
|
|
set_fact:
|
|
ipa_images_ramdisk_openstack_image: "{{ openstack_image if openstack_image else {} }}"
|
|
|
|
# The os_image module will get confused if there are multiple images with the
|
|
# same name, so rename the old images. They will still be accessible via UUID.
|
|
- name: Ensure old Ironic Python Agent (IPA) images are renamed
|
|
command: >
|
|
{{ ipa_images_venv }}/bin/openstack image set {{ item.name }} --name {{ item.name }}.{{ extension }}
|
|
vars:
|
|
extension: "{{ item.created_at | replace(':', '-') }}~"
|
|
with_items:
|
|
- name: "{{ ipa_images_kernel_name }}"
|
|
created_at: "{{ ipa_images_kernel_openstack_image.created_at | default }}"
|
|
checksum: "{{ ipa_images_checksum.results[0].stat.checksum }}"
|
|
glance_checksum: "{{ ipa_images_kernel_openstack_image.checksum | default }}"
|
|
- name: "{{ ipa_images_ramdisk_name }}"
|
|
created_at: "{{ ipa_images_ramdisk_openstack_image.created_at | default }}"
|
|
checksum: "{{ ipa_images_checksum.results[1].stat.checksum }}"
|
|
glance_checksum: "{{ ipa_images_ramdisk_openstack_image.checksum | default }}"
|
|
when:
|
|
- item.glance_checksum
|
|
- item.checksum != item.glance_checksum
|
|
environment: "{{ ipa_images_openstack_auth_env }}"
|
|
|
|
- name: Ensure Ironic Python Agent (IPA) images are registered with Glance
|
|
os_image:
|
|
auth_type: "{{ ipa_images_openstack_auth_type }}"
|
|
auth: "{{ ipa_images_openstack_auth }}"
|
|
name: "{{ item.name }}"
|
|
container_format: "{{ item.format }}"
|
|
disk_format: "{{ item.format }}"
|
|
state: present
|
|
filename: "{{ ipa_images_cache_path }}/{{ item.name }}"
|
|
with_items:
|
|
- name: "{{ ipa_images_kernel_name }}"
|
|
format: aki
|
|
- name: "{{ ipa_images_ramdisk_name }}"
|
|
format: ari
|
|
register: ipa_images_new_images
|
|
|
|
- include_tasks: set-driver-info.yml
|
|
when: ipa_images_update_ironic_nodes | bool
|
|
|
|
- name: Deactivate the virtualenv
|
|
include_role:
|
|
name: deactivate-virtualenv
|